4f9c4ff307396871893e3bc7d9f4afc5438bb95d,SecurityShepherdCore/src/servlets/module/challenge/BrokenCrypto4.java,BrokenCrypto4,doPost,#HttpServletRequest#HttpServletResponse#,54

Before Change


			out.print(getServletInfo());
			String htmlOutput = new String();
			String applicationRoot = getServletContext().getRealPath("");
			Encoder encoder = ESAPI.encoder();
			try
			{
				//Get and validate cart amounts
				int megustaAmount = validateAmount(Integer.parseInt(request.getParameter("megustaAmount")));
				log.debug("megustaAmount - " + megustaAmount);
				int trollAmount = validateAmount(Integer.parseInt(request.getParameter("trollAmount")));
				log.debug("trollAmount - " + trollAmount);
				int rageAmount = validateAmount(Integer.parseInt(request.getParameter("rageAmount")));
				log.debug("rageAmount - " + rageAmount);
				int notBadAmount = validateAmount(Integer.parseInt(request.getParameter("notBadAmount")));
				log.debug("notBadAmount - " + notBadAmount);
				String couponCode = request.getParameter("couponCode");
				log.debug("couponCode - " + couponCode);
				
				//Working out costs
				int megustaCost = megustaAmount * 30;
				int trollCost = trollAmount * 3000;
				int rageCost = rageAmount * 45;
				int notBadCost = notBadAmount * 15;
				int perCentOffMegusta = 0; // Will search for coupons in DB and update this int
				int perCentOffTroll = 0; // Will search for coupons in DB and update this int
				int perCentOffRage = 0; // Will search for coupons in DB and update this int
				int perCentOffNotBad = 0; // Will search for coupons in DB and update this int
				
				htmlOutput = new String();
				Connection conn = Database.getChallengeConnection(applicationRoot, "CryptoChallengeShop");
				log.debug("Looking for Coupons");
				PreparedStatement prepstmt = conn.prepareStatement("SELECT itemId, perCentOff FROM coupons WHERE couponCode = ?");
				prepstmt.setString(1, couponCode);
				ResultSet coupons = prepstmt.executeQuery();
				try
				{
					if(coupons.next())
					{
						if(coupons.getInt(1) == 1) // MeGusta
						{
							log.debug("Found coupon for %" + coupons.getInt(2) + " off MeGusta");
							perCentOffMegusta = coupons.getInt(2);
						}
						else if (coupons.getInt(1) == 2) // Troll
						{
							log.debug("Found coupon for %" + coupons.getInt(2) + " off Troll");
							perCentOffTroll = coupons.getInt(2);
						}
						else if (coupons.getInt(1) == 3) // Rage
						{
							log.debug("Found coupon for %" + coupons.getInt(2) + " off Rage");
							perCentOffRage = coupons.getInt(2);
						}
						else if (coupons.getInt(1) == 4) // NotBad
						{
							log.debug("Found coupon for %" + coupons.getInt(2) + " off NotBad");
							perCentOffNotBad = coupons.getInt(2);
						}
					}
					else
					{
						log.debug("Invalid Coupon Code");
					}
				}
				catch(Exception e)
				{
					log.debug("Could Not Find Coupon: " + e.toString());
				}
				conn.close();
				
				//Work Out Final Cost
				megustaCost = megustaCost - (megustaCost * (perCentOffMegusta/100));
				rageCost = rageCost - (rageCost * (perCentOffRage/100));
				notBadCost = notBadCost - (notBadCost * (perCentOffNotBad/100));
				trollCost = trollCost - (trollCost * (perCentOffTroll/100));
				int finalCost = megustaCost + rageCost + notBadAmount + trollCost;
				
				//Output Order
				htmlOutput = "<h3>Order Complete</h3>"
						+ "Your order has been made and has been sent to our magic shipping department that knows where you want this to be delivered via brain wave sniffing techniques.<br/><br/>"
						+ "Your order comes to a total of <a><strong>$" + finalCost + "</strong></a>";
				if (trollAmount > 0 && trollCost == 0)
				{
					htmlOutput += "<br><br>Trolls were free, Well Done - <a><b>" + encoder.encodeForHTML(Hash.generateUserSolution(Getter.getModuleResultFromHash(getServletContext().getRealPath(""), levelHash), (String)ses.getAttribute("userName"))) + "</b></a>";
				}
			}
			catch(Exception e)

After Change


						+ "<p>" + bundle.getString("insecureCyrptoStorage.4.totalCost") + " <a><strong>$" + finalCost + "</strong></a></p>";
				if (trollAmount > 0 && trollCost == 0)
				{
					htmlOutput += "<p>" + bundle.getString("insecureCyrptoStorage.4.freeTrolls") + " - " + Hash.generateUserSolution(Getter.getModuleResultFromHash(getServletContext().getRealPath(""), levelHash), (String)ses.getAttribute("userName")) + "</p>";
				}
			}
			catch(Exception e)