It's Time to Play SPOT THE BUG!!
- Posted in:
- ASP.NET WebForm
- Bug
*cheer*
All right, ladies and gentlemen. I'm your host with the most, BuggyFixius. *cheer and clappings*
Today we have an exciting web bug for you. Let's see if you can... *altogether now* SPOT THE BUG!!
We have with us today, an ASP.NET website project *clappings*. The project contain a helper class like so:
using System.Web;
public class WebHelper
{
const string PARAM_USER_ID = "u";
static HttpRequest request;
static WebHelper()
{
request = HttpContext.Current.Request;
}
public static string GetUserId()
{
return getRequest(PARAM_USER_ID);
}
static string getRequest(string key)
{
string value = request[key];
return string.IsNullOrEmpty(value) ? string.Empty : value;
}
}
*Ooo, Aaaa and some gasps*
It also has a Default.aspx file containing a plain Label control
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" runat="server" />
</div>
</form>
</body>
</html>
and the following Page Load event handler:
using System;
using System.Web.UI.WebControls;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Label1.Text = WebHelper.GetUserId();
}
}
*Some more Ooo, Aaaa and some more gasps*
Contestants... it's time to *altogether now* SPOT THE BUG!!
Hints: open Default.aspx in the browser 2 or more times given a different u querystring. For example: http://localhost:34939/Default.aspx?u=3959 and then replace the url with http://localhost:34939/Default.aspx?u=4000.