dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/ webgoat/main/project/WebContent/lessons/RoleBasedAccessControl/EditProfile.jsp
rogan.dawes 9ea97126b8 Use AbstractLesson.getLink() and getFormAction() more 
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-18 13:31:11 +00:00

137 lines
5.1 KiB
Plaintext
Raw Blame History

<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("RoleBasedAccessControl.Employee");
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
<div class="lesson_text">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<Table border="0" cellpadding="0" cellspacing="0">
<TR><TD width="110">
First Name:
</TD>
<TD width="193">
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.FIRST_NAME%>" type="text" value="<%=employee.getFirstName()%>"/>
</TD>
<TD width="110">
Last Name: </TD>
<TD width="196">
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.LAST_NAME%>" type="text" value="<%=employee.getLastName()%>"/>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.ADDRESS1%>" type="text" value="<%=employee.getAddress1()%>"/>
</TD>
<TD>
City/State:
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.ADDRESS2%>" type="text" value="<%=employee.getAddress2()%>"/>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.PHONE_NUMBER%>" type="text" value="<%=employee.getPhoneNumber()%>"/>
</TD>
<TD>
Start Date:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.START_DATE%>" type="text" value="<%=employee.getStartDate()%>"/>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.SSN%>" type="text" value="<%=employee.getSsn()%>"/>
</TD>
<TD>
Salary:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.SALARY%>" type="text" value="<%=employee.getSalary()%>"/>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.CCN%>" type="text" value="<%=employee.getCcn()%>"/>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.CCN_LIMIT%>" type="text" value="<%=employee.getCcnLimit()%>"/>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD colspan="3">
<input name="<%=RoleBasedAccessControl.DESCRIPTION%>" type="text" class="lesson_text_db" value="<%=employee.getPersonalDescription()%>" size="58"/>
</TD>
<TR>
<TD colspan="2">
Disciplinary Explanation:
</TD>
<TD>
Disc. Date:
</TD>
<TD>
<input class="lesson_text_db" name="<%=RoleBasedAccessControl.DISCIPLINARY_DATE%>" type="text" value="<%=employee.getDisciplinaryActionDate()%>"/>
</TD>
</TR>
<TR>
<TD colspan="4">
<textarea name="<%=RoleBasedAccessControl.DISCIPLINARY_NOTES%>" cols="53" rows="2" wrap="off" class="lesson_text_db" ><%=employee.getDisciplinaryActionNotes()%></textarea>
</TD>
</TR>
<TR>
<TD>
Manager:
</TD>
<TD>
<select class="lesson_text_db" name="<%=RoleBasedAccessControl.MANAGER%>">
<%
List employees = (List) session.getAttribute("RoleBasedAccessControl.Staff");
Iterator i = employees.iterator();
while (i.hasNext())
{
EmployeeStub stub = (EmployeeStub) i.next();
%>
<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()%></option>
<%}%>
</select>
</TD>
</TR>
</Table>
<BR>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="57">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.VIEWPROFILE_ACTION%>"/>
</td>
<td width="81">
<input name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" type="hidden" value="<%=employee.getId()%>">
<input name="<%=RoleBasedAccessControl.TITLE%>" type="hidden" value="<%=employee.getTitle()%>">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.UPDATEPROFILE_ACTION%>"/>
</td>
<td width="211"></td>
<td width="83">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGOUT_ACTION%>"/>
</td>
</tr>
</table>
</div></form>
</div>
Reference in New Issue View Git Blame Copy Permalink