From f586bded4d8a724455e5f07ede58939cec9993e8 Mon Sep 17 00:00:00 2001
From: PhilippeSteinbach <steinbach.phil@gmail.com>
Date: Mon, 4 Feb 2019 14:24:03 +0100
Subject: [PATCH] assignment 3: display query string to user after success

---
 .../owasp/webgoat/plugin/introduction/SqlInjectionLesson3.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson3.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson3.java
index 0774de7bd..4df77b99a 100644
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson3.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson3.java
@@ -72,8 +72,9 @@ public class SqlInjectionLesson3 extends AssignmentEndpoint {
                 // user completes lesson if the department of Tobi Barnett now is 'Sales'
                 _results.first();
                 if (_results.getString("department").equals("Sales")) {
+                    output.append("<span class='feedback-positive'>" + _query + "</span>");
                     output.append(SqlInjectionLesson8.generateTable(_results));
-                    return trackProgress(success().feedbackArgs(output.toString()).build());
+                    return trackProgress(success().output(output.toString()).build());
                 } else {
                     return trackProgress(failed().output(output.toString()).build());
                 }