1.63b: WordPress param injection fixes

Changed param injection check slightly to work better with
WordPress.

ChangeLog

@@ -1,3 +1,8 @@
+Version 1.63b:
+--------------
+
+  - Changed param injection check slightly to work better with WordPress.
+
 Version 1.62b:
 --------------
 

Makefile

@@ -20,7 +20,7 @@
 #
 
 PROGNAME   = skipfish
-VERSION    = 1.62b
+VERSION    = 1.63b
 
 OBJFILES   = http_client.c database.c crawler.c analysis.c report.c
 INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \

config.h

@@ -96,6 +96,7 @@
 /* Crawler / probe constants: */
 
 #define BOGUS_FILE     "sfi9876"        /* Name that should not exist      */
+#define BOGUS_PARAM    "9876sfi"        /* Meaningless parameter           */
 #define MAX_404        4                /* Maximum number of 404 sigs      */
 #define PAR_MAX_DIGITS 6                /* Max digits in a fuzzable int    */
 #define PAR_INT_FUZZ   100              /* Fuzz by + / - this much         */

crawler.c

@@ -1504,7 +1504,7 @@ static void crawl_parametric_init(struct pivot_desc* pv) {
   for (i=0;i<BH_CHECKS;i++) {
     n = req_copy(pv->req, pv, 1);
     ck_free(TPAR(n));
-    TPAR(n) = ck_strdup((u8*)BOGUS_FILE);
+    TPAR(n) = ck_strdup((u8*)BOGUS_PARAM);
     n->callback = par_check_callback;
     n->user_val = i;
     async_request(n);