遊客站內搜尋的錯誤[含1張圖]

IT_man · 發表於 2015-3-23 16:24:33

本帖最後由 IT_man 於 2015-3-23 16:27 編輯

遊客站內搜尋時出現 error message :

sol:
\source\class\discuz的discuz_application.php 約第350行
查找

private function _xss_check() {" J, g$ j6 y1 Q
' T, J$ x5 ?6 p4 L% `. b
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');* z- F m% @, u/ o8 S8 k
% x/ \. z' s% t H D
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {- a5 x! Y$ p4 p$ a! g
system_error('request_tainting');
0 g* r m% y& M4 k" R: w/ T
}) J$ m G: t8 |" E% Y4 ~" b
2 S2 u( v* P; Z1 f5 j
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {' H3 X9 f8 j" f9 e. |
$temp = $_SERVER['REQUEST_URI'];8 ~, K+ W+ S- [( c/ ~ T5 Z6 e
} elseif(empty ($_GET['formhash'])) {
/ r& M( x+ i* D. k
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
0 j3 v: L1 e3 A& s4 \8 Q; x8 B" R
} else {1 S8 V5 X @% H- |( Q" W
$temp = '';
( X J! K6 l. y' L
}& i7 ]. p- h7 a/ m
8 k z% h$ d# F! T" U2 }1 F
if(!empty($temp)) {
, m* l. L5 o' c" `# B! ]; P* G
$temp = strtoupper(urldecode(urldecode($temp)));
. N/ R) _$ _2 Y" J- x( H
foreach ($check as $str) {2 H |! g2 w0 ]
if(strpos($temp, $str) !== false) {' o+ R" C; ^$ W- n: {1 m
system_error('request_tainting');2 R M$ t* \# Z' a F
}
, B* ?3 Y+ g8 L/ _3 M- R
}1 H, A2 S- x0 j3 s
}" @0 [) A0 B0 j3 _
/ D8 M0 M( n$ }3 z6 F) v
return true;
/ V# e# m, A; d9 O
}

複製代碼

替换为：

private function _xss_check() {
4 o+ S' l& c* D' ^ Z
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));0 H: I6 ^; S/ k$ x" n* B! F
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {- u4 Z2 ]2 W& C; i8 S- U! A- H& P
system_error('request_tainting');: \' h- K. C: h. H
}; {" }2 G# Q% V6 P
return true;
$ z \# V# z3 m* s) T
}

複製代碼

后台更新缓存 ===>ok
但有些 discuz代碼內容在搜索結果內顯示,曝露在外,是不正常(會員搜索無此問題) ,研究中

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] 遊客站內搜尋的錯誤[含1張圖]