dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1b6789304c14dcf23c60bddcb40d585ea727c542
WebGoat/ webgoat/main/project/WebContent/lessons/SQLInjection/ListStaff.jsp
rogan.dawes 9ea97126b8 Use AbstractLesson.getLink() and getFormAction() more 
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-18 13:31:11 +00:00

56 lines
2.0 KiB
Plaintext
Raw Blame History

<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
int myUserId = webSession.getUserIdInLesson();
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
<br>
<br>
<br>
<p>Select from the list below </p>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<table width="60%" border="0" cellpadding="3">
<tr>
<td> <label>
<select name="<%=SQLInjection.EMPLOYEE_ID%>" size="11">
<%
List employees = (List) session.getAttribute("SQLInjection." + SQLInjection.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
}%>
</select>
</label></td>
<td>
<input type="submit" name="action" value="<%=SQLInjection.SEARCHSTAFF_ACTION%>"/><br>
<input type="submit" name="action" value="<%=SQLInjection.VIEWPROFILE_ACTION%>"/><br>
<%
if (webSession.isAuthorizedInLesson(myUserId, SQLInjection.CREATEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=SQLInjection.CREATEPROFILE_ACTION%>"/><br>
<%
}
%>
<%
if (webSession.isAuthorizedInLesson(myUserId, SQLInjection.DELETEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/><br>
<%
}
%>
<br>
<input type="submit" name="action" value="<%=SQLInjection.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</form>
Reference in New Issue View Git Blame Copy Permalink