Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {# y2 V7 c& J+ D5 r" O; v( j% |
' w& l) z- g' a& a
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
0 l- p4 V4 v6 M2 x% t* P$ Y' j
7 d$ Z/ i$ p, }! f |; l; [3 s- ?3 g
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
4 J) [8 v5 {( U# B! r8 n
system_error('request_tainting');' _% ~6 } v- F" }: r* h; J
}
! h( R; y% R0 X' n4 M
" g+ G, G9 B8 c5 p l* [% l( v: {
if($_SERVER['REQUEST_METHOD'] == 'GET' ) { R6 s% L8 N/ G7 @% `/ ]% ~# u
$temp = $_SERVER['REQUEST_URI'];" l6 l/ Q- L2 e$ }, t. y) `+ l
} elseif(empty ($_GET['formhash'])) {" w* S; w' S3 C
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');- A) Y& @1 X' d6 J5 f( n
} else {. N0 r m' n) T, G
$temp = '';# M/ _) ~; |9 l8 ]1 x# V6 ?
}; R* D8 N2 Z+ W. v+ a) X
3 f2 z X) X: R- l0 B
if(!empty($temp)) {
8 w" a9 {# L1 h- X( f6 e; P& {' m0 o
$temp = strtoupper(urldecode(urldecode($temp)));9 A e- X, `7 h3 \& e7 B' p
foreach ($check as $str) {
% M* |3 i) t4 V1 Y6 ]" {. _( |
if(strpos($temp, $str) !== false) {
6 s, K" g0 G; K
system_error('request_tainting');
7 L- e/ x2 Z& Z; e- F; J/ m
}' _8 m$ i- c1 z, b
}
/ T0 F2 [3 x: Q. K$ I; Z
}- \7 k, z; m! t& h
/ k& T2 H$ O; L7 z" `; z1 J
return true;

複製代碼

整段複製成:

private function _xss_check() {+ n6 S+ D* i8 b9 R% q
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));( t' h$ r6 f" ?
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {% Y# s% S2 q9 Z8 J8 U7 \7 l
system_error('request_tainting');* P, z+ E. ~4 Z9 e7 j, q& ?
}8 S$ n3 q# o, D* B0 \5 K
return true;
" c, t0 v3 x. k( n" Z! g! ]1 o
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]