diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Challenge3.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Challenge3.java index d5f94e774..d1a92dd84 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Challenge3.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Challenge3.java @@ -50,8 +50,8 @@ public class Challenge3 extends AssignmentEndpoint { @RequestMapping(method = POST, consumes = ALL_VALUE, produces = APPLICATION_JSON_VALUE) @ResponseBody - public AttackResult createNewUser(@RequestBody String commentStr, @RequestHeader("Content-Type") String contentType) throws Exception { - Comment comment = new Comment(); + public AttackResult createNewComment(@RequestBody String commentStr, @RequestHeader("Content-Type") String contentType) throws Exception { + Comment comment = null; AttackResult attackResult = failed().build(); if (APPLICATION_JSON_VALUE.equals(contentType)) { comment = parseJson(commentStr); @@ -63,10 +63,13 @@ public class Challenge3 extends AssignmentEndpoint { comment.setDateTime(DateTime.now().toString()); comment.setUser(webSession.getUserName()); } - - if (checkSolution(comment)) { - attackResult = success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(2)).build(); + if (comment != null) { + comments.add(comment); + if (checkSolution(comment)) { + attackResult = success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(2)).build(); + } } + return attackResult; } diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html index c909915bf..0d0b0fe86 100644 --- a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html +++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html @@ -195,49 +195,6 @@ diff --git a/webgoat-lessons/challenge/src/main/resources/js/challenge3.js b/webgoat-lessons/challenge/src/main/resources/js/challenge3.js index 53d4c36a2..126edcd5f 100644 --- a/webgoat-lessons/challenge/src/main/resources/js/challenge3.js +++ b/webgoat-lessons/challenge/src/main/resources/js/challenge3.js @@ -1,15 +1,35 @@ $(document).ready(function () { - $("#postComment").on("blur", function () { - var comment = $("#commentInput").val(); - $.post("challenge3", function (result, status) { - var json; - json = '{' + - ' "comment":' + '"' + comment + '"' - '}'; - }) + $("#postComment").on("click", function () { + var commentInput = $("#commentInput").val(); + $.ajax({ + type: 'POST', + url: 'challenge/3', + data: JSON.stringify ({comment: commentInput}), + contentType: "application/json", + dataType: 'json' + }); }) + var html = '
  • ' + + '
    ' + + 'avatar' + + '
    ' + + '
    ' + + '
    ' + + '

    USER

    ' + + '
    DATETIME
    ' + + '
    ' + + '

    COMMENT

    ' + + '
    ' + + '
    • '; + $.get("challenge/3", function (result, status) { - alert("Hello"); - }) + for (var i = 0; i < result.length; i++) { + var comment = html.replace('USER', result[i].user); + comment = comment.replace('DATETIME', result[i].dateTime); + comment = comment.replace('COMMENT', result[i].comment); + $("#list").append(comment); + } + + }); }) \ No newline at end of file