dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/ webgoat/main/project/WebContent/lessons/DBSQLInjection/ListStaff.jsp
rogan.dawes 9ea97126b8 Use AbstractLesson.getLink() and getFormAction() more 
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-18 13:31:11 +00:00

56 lines
2.1 KiB
Plaintext
Executable File
Raw Blame History

<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
int myUserId = webSession.getUserIdInLesson();
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
<br>
<br>
<br>
<p>Select from the list below </p>
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<table width="60%" border="0" cellpadding="3">
<tr>
<td> <label>
<select name="<%=DBSQLInjection.EMPLOYEE_ID%>" size="11">
<%
List employees = (List) session.getAttribute("DBSQLInjection." + DBSQLInjection.STAFF_ATTRIBUTE_KEY);
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
}%>
</select>
</label></td>
<td>
<input type="submit" name="action" value="<%=DBSQLInjection.SEARCHSTAFF_ACTION%>"/><br>
<input type="submit" name="action" value="<%=DBSQLInjection.VIEWPROFILE_ACTION%>"/><br>
<%
if (webSession.isAuthorizedInLesson(myUserId, DBSQLInjection.CREATEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=DBSQLInjection.CREATEPROFILE_ACTION%>"/><br>
<%
}
%>
<%
if (webSession.isAuthorizedInLesson(myUserId, DBSQLInjection.DELETEPROFILE_ACTION))
{
%>
<input type="submit" name="action" value="<%=DBSQLInjection.DELETEPROFILE_ACTION%>"/><br>
<%
}
%>
<br>
<input type="submit" name="action" value="<%=DBSQLInjection.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</form>
Reference in New Issue View Git Blame Copy Permalink