From c65faceb1a76b235181ea07322ba5b2bf84020af Mon Sep 17 00:00:00 2001
From: "rogan.dawes" <rogan.dawes@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Wed, 18 Jul 2007 13:35:42 +0000
Subject: [PATCH] A recent change to AbstractLesson.getLink() broke visit
 tracking

Fix the lesson tracking to be more specific.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@196 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../org/owasp/webgoat/HammerHead.java         | 29 ++++++++-----------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java
index 52c2bd07e..0e3f8d6a9 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java	
@@ -154,23 +154,18 @@ public class HammerHead extends HttpServlet
 	    if (response.isCommitted())
 		return;
 
-	    // if the screen parameter exists, the screen was visited via
-	    // the menu categories,
-	    // we won't count these as visits. The user may be able to
-	    // manipulate the counts
-	    // by specifying the screen parameter using a proxy. Good for
-	    // them!
-	    String fromMenus = mySession.getParser().getRawParameter(
-		    WebSession.SCREEN, null);
-	    if (fromMenus == null)
-	    {
-		// if the show source parameter exists, don't add the visit
-		fromMenus = mySession.getParser().getRawParameter(
-			WebSession.SHOW, null);
-		if (fromMenus == null)
-		{
-		    screen.getLessonTracker(mySession).incrementNumVisits();
-		}
+	    // perform lesson-specific tracking activities
+	    if (screen instanceof AbstractLesson) {
+	    	AbstractLesson lesson = (AbstractLesson) screen;
+	    	
+		    // we do not count the initial display of the lesson screen as a visit
+		    if ("GET".equals(request.getMethod())) {
+		    	String uri = request.getRequestURI() + "?" + request.getQueryString();
+		    	if (! uri.endsWith(lesson.getLink()))
+		    		screen.getLessonTracker(mySession).incrementNumVisits();
+		    } else if ("POST".equals(request.getMethod()) && mySession.getPreviousScreen() == mySession.getCurrentScreen()) {
+			    screen.getLessonTracker(mySession).incrementNumVisits();
+		    }
 	    }
 
 	    // log the access to this screen for this user