Fix zip slip lesson.

The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.

The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.

The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.

src/main/resources/lessons/pathtraversal/documentation/PathTraversal_zip_slip_assignment.adoc

@@ -2,11 +2,13 @@
 
 This time the developers only allow you to upload zip files. However, they made a programming mistake in uploading the zip file will extract it, but it will not replace your image. Can you find a way to overwrite your current image bypassing the programming mistake?
 
+To make the assignment a bit easier below you will find the location of the profile image you need to replace:
+
 |===
 |OS |Location
 
 |`operatingSystem:os[]`
-|`webGoatTempDir:temppath[]PathTraversal`
+|`webGoatTempDir:temppath[]PathTraversal/username:user[]/username:user[].jpg`
 
 |===
 

src/main/resources/lessons/pathtraversal/html/PathTraversal.html

@@ -229,8 +229,6 @@
                   enctype="multipart/form-data"
                   action="/WebGoat/PathTraversal/zip-slip">
                 <div class="preview text-center">
-                    <img  th:src="@{|~/WebGoat/PathTraversal/zip-slip/profile-image/${#authentication.name}|}" width="1"
-                         height="1" />
                     <img class="preview-img" th:src="@{/images/account.png}" alt="Preview Image" width="200"
                          height="200" id="previewZipSlip"/>
                     <div class="browse-button">