It's Time to Play SPOT THE BUG!!
*cheer*
All right, ladies and gentlemen. I'm your host with the most, BuggyFixius. *cheer and clappings*
Today we have an exciting web bug for you. Let's see if you can... *altogether now* SPOT THE BUG!!
We have with us today, an ASP.NET website project *clappings*. The project contain a helper class like so:
1: using System.Web;
2:
3: public class WebHelper
4: { 5: const string PARAM_USER_ID = "u";
6:
7: static HttpRequest request;
8:
9: static WebHelper()
10: { 11: request = HttpContext.Current.Request;
12: }
13:
14: public static string GetUserId()
15: { 16: return getRequest(PARAM_USER_ID);
17: }
18:
19: static string getRequest(string key)
20: { 21: string value = request[key];
22: return string.IsNullOrEmpty(value) ? string.Empty : value;
23: }
24: }
*Ooo, Aaaa and some gasps*
It also has a Default.aspx file containing a plain Label control
1: <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
2:
3: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4:
5: <html xmlns="http://www.w3.org/1999/xhtml" >
6: <head runat="server">
7: <title>Untitled Page</title>
8: </head>
9: <body>
10: <form id="form1" runat="server">
11: <div>
12: <asp:Label ID="Label1" runat="server" />
13: </div>
14: </form>
15: </body>
16: </html>
and the following Page Load event handler:
1: using System;
2: using System.Web.UI.WebControls;
3:
4: public partial class _Default : System.Web.UI.Page
5: { 6: protected void Page_Load(object sender, EventArgs e)
7: { 8: Label1.Text = WebHelper.GetUserId();
9: }
10: }
*Some more Ooo, Aaaa and some more gasps*
Contestants... it's time to *altogether now* SPOT THE BUG!!
Hints: open Default.aspx in the browser 2 or more times given a different u querystring. For example: http://localhost:34939/Default.aspx?u=3959 and then replace the url with http://localhost:34939/Default.aspx?u=4000.