Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {/ o3 l3 A) B M! j2 D2 i
* t' ]6 D% @: K/ j, f
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
# s+ w" ~$ q. o" _" [
$ l* p/ }2 ?# r2 g* o: T8 b
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
+ b& Q, f4 w5 W b( E1 B6 N# z! g) G
system_error('request_tainting');( D, E' ^# l/ S' m8 b% O1 i I/ F5 \
}
- Q2 R# }5 j4 R
$ ?: w: H7 A" f) a8 d6 B! U% P
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {6 J+ B5 m; K7 g. w
$temp = $_SERVER['REQUEST_URI'];
T7 X6 G2 s: t1 F
} elseif(empty ($_GET['formhash'])) {
! I: E( Z2 u9 t( E! C
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
- f: v; k* r( L2 b1 G
} else {
; p: M( m; M% p7 n+ s
$temp = '';$ A7 l# Y. P; z2 Q C- P
}) a! d8 Y6 d u9 Q
5 e% O- n8 \) |5 j- R
if(!empty($temp)) { [& O- r( J; F$ L+ i0 x, i
$temp = strtoupper(urldecode(urldecode($temp)));+ r' B# m: ?# {5 E% v' U+ A
foreach ($check as $str) {/ v/ x( H% a1 b1 ]9 K
if(strpos($temp, $str) !== false) {/ C/ X1 L7 t1 Z" b9 l) |7 |
system_error('request_tainting');
5 S- \3 f8 Y P) K% I: t
}
& a" o* m2 R) U
}$ n6 {& e t1 k4 l: p) x0 h- @) p
}$ M* L# ^0 e- X( F6 H
, t7 ~ G2 D! ^7 \& r4 N7 j/ `
return true;

複製代碼

整段複製成:

private function _xss_check() {
0 A5 Y2 G# m s6 z1 ]7 q
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
' \1 G" n% x" C) d# W0 ?: q1 F$ b
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
3 y- n6 l/ v1 k0 y9 u& `
system_error('request_tainting');* u0 P7 H" ~$ `
}
: ~! u6 d- f" A$ _
return true;+ O7 v; E# ?* p+ r$ X' z" t: [
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]