1.64b: param injection Wordpress improvements

2010-09-07 13:27:26 -04:00 · 2010-09-07 13:27:26 -04:00 · ce8e52b8fb
parent aed5e5bea0
commit ce8e52b8fb
4 changed files with 5 additions and 4 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-Version 1.63b:
+Version 1.64b:
 --------------

  - Changed param injection check slightly to work better with WordPress.
--- a/2
+++ b/2
@ -20,7 +20,7 @@
 #

 PROGNAME   = skipfish
-VERSION    = 1.63b
+VERSION    = 1.64b

 OBJFILES   = http_client.c database.c crawler.c analysis.c report.c
 INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \
--- a/config.h
+++ b/config.h
@ -245,6 +245,7 @@ static const char* form_suggestion[][2] = {
  { "desc"     , "skipfish" },
  { "title"    , "skipfish" },
  { "subject"  , "skipfish" },
+  { "message"  , "skipfish" },
  { NULL       , "1" }

 };
--- a/crawler.c
+++ b/crawler.c
@ -1130,14 +1130,14 @@ schedule_next:

  n = req_copy(RPREQ(req), req->pivot, 1);
  if (!is_num) SET_VECTOR(orig_state, n, "9 - 1");
-  else APPEND_VECTOR(orig_state, n, "- 0 - 0");
+  else APPEND_VECTOR(orig_state, n, " - 0 - 0");
  n->callback = inject_check7_callback;
  n->user_val = 6;
  async_request(n);

  n = req_copy(RPREQ(req), req->pivot, 1);
  if (!is_num) SET_VECTOR(orig_state, n, "9 1 -");
-  else APPEND_VECTOR(orig_state, n, "0 0 - -");
+  else APPEND_VECTOR(orig_state, n, " 0 0 - -");
  n->callback = inject_check7_callback;
  n->user_val = 7;
  async_request(n);