From c0d2d13e5aef4758ce5cb4f5dc6a532be70f4e23 Mon Sep 17 00:00:00 2001 From: mayhew64 Date: Fri, 21 Nov 2008 12:57:14 +0000 Subject: [PATCH] Reported by dwpoon, Yesterday (17 hours ago) I would like to submit the attached patch to avoid hard-coding "/WebGoat" as the webapp's context path, at least for the HTTP splitting lesson. This issue has also been reported in July 2007; see https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15 git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@366 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../org/owasp/webgoat/lessons/HttpSplitting.java | 4 ++-- main/project/WebContent/lessons/General/redirect.jsp | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java b/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java index 1b571c284..fba87584d 100644 --- a/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java +++ b/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java @@ -65,8 +65,8 @@ public class HttpSplitting extends SequentialLessonAdapter public void handleRequest(WebSession s) { // Setting a special action to be able to submit to redirect.jsp - Form form = new Form("/WebGoat/lessons/General/redirect.jsp?" + "Screen=" + String.valueOf(getScreenId()) - + "&menu=" + getDefaultCategory().getRanking().toString(), Form.POST).setName("form").setEncType(""); + Form form = new Form(s.getRequest().getContextPath() + "/lessons/General/redirect.jsp?" + "Screen=" + String.valueOf(getScreenId()) + + "&menu=" + getDefaultCategory().getRanking().toString(), Form.POST).setName("form").setEncType(""); form.addElement(createContent(s)); diff --git a/main/project/WebContent/lessons/General/redirect.jsp b/main/project/WebContent/lessons/General/redirect.jsp index 4160e56e5..41e9abef1 100644 --- a/main/project/WebContent/lessons/General/redirect.jsp +++ b/main/project/WebContent/lessons/General/redirect.jsp @@ -7,10 +7,10 @@ HTTP Splitting -<% response.sendRedirect("/WebGoat/attack?" + - "Screen=" + request.getParameter("Screen") + - "&menu=" + request.getParameter("menu") + - "&fromRedirect=yes&language=" + request.getParameter("language")); +<% response.sendRedirect(request.getContextPath() + "/attack?" + + "Screen=" + request.getParameter("Screen") + + "&menu=" + request.getParameter("menu") + + "&fromRedirect=yes&language=" + request.getParameter("language")); %> \ No newline at end of file