Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {6 c2 t ~ n |; b
0 z; t3 \4 @$ s* |' | E; u( g
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');% C9 A3 X% J# n; `7 i1 E
* b+ D5 C; s. b0 s+ Y2 j- b
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {/ N) {- i& Z1 d+ L
system_error('request_tainting');
: F" j) a) @, i5 ~ z! n
}$ v4 |9 v6 m7 |
, o8 N- W. Q/ I, o1 }
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {# v7 S& i, N1 j" w
$temp = $_SERVER['REQUEST_URI'];% _: c; k8 d* [
} elseif(empty ($_GET['formhash'])) {3 V9 f5 q: d) G* _% ~5 c
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
6 y& {) {1 C/ A( u
} else {
4 _7 U. l( l0 w7 i% q4 g. h
$temp = '';
; M A. m8 i6 f- Y+ G
}3 T0 L6 @6 I% d, K
5 R2 H( R' c/ u& |; K. U* y
if(!empty($temp)) {/ H7 ]; I% D" r# i# X8 S: l0 ~+ v
$temp = strtoupper(urldecode(urldecode($temp)));
' t* G" `) A, F
foreach ($check as $str) {; e! T- w, Y C: I! W
if(strpos($temp, $str) !== false) {
! O7 T! @6 f: N, Z/ G2 U: |! g/ @
system_error('request_tainting');6 ?9 q* Q w7 c! C8 z0 s' j
}
; d# D" q" c, l
} X, X' [0 _( _6 H V& q$ `
}" J: v2 q! T" k( H
1 F n+ D9 a" ^2 \
return true;

複製代碼

整段複製成:

private function _xss_check() {
$ `& @/ s* O* M; x2 K
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));3 U, D, W, z$ U% Y
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {7 V( q3 m# `% {3 Y
system_error('request_tainting');
% J% x0 p( K9 Y- B D+ O; k
}7 f0 j3 S9 F. z: O( d# a3 m# `: f' K
return true;% Y9 h/ k: y- K( ]# P( h
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]