遊客站內搜尋的錯誤[含1張圖]

IT_man · 發表於 2015-3-23 16:24:33

本帖最後由 IT_man 於 2015-3-23 16:27 編輯

遊客站內搜尋時出現 error message :

sol:
\source\class\discuz的discuz_application.php 約第350行
查找

private function _xss_check() {
6 N2 J/ q1 C- x6 P7 e% |1 R0 }
/ H1 p c" n6 C
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
6 s- I- `- C/ h1 d1 w8 w
9 l d6 t. a4 U1 B
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {6 X+ T$ A9 J& b% I
system_error('request_tainting');) e. e/ o6 `: N7 W
}
7 i* P. F5 P$ P) P) S* S# ]! c5 _
- B4 e& M. J8 n4 T* \4 R2 F
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {2 n: ~6 e" B+ `5 X+ J# J, ^
$temp = $_SERVER['REQUEST_URI'];
4 k1 X b2 D3 s, @5 m0 v' B
} elseif(empty ($_GET['formhash'])) {% }! P# Y9 d$ \4 c0 S7 p1 J
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');4 c1 v3 c8 ]" E' t7 B
} else {. Z2 p; g6 @/ }- u0 ]$ D
$temp = '';
, H" w9 c5 `% p/ W! U ~
}/ l: _% y8 e" x* u8 x
" ^! j3 V* N) b
if(!empty($temp)) {
- Y0 g1 M& `% R0 t2 O6 N9 a
$temp = strtoupper(urldecode(urldecode($temp)));+ G, g9 a; f) l
foreach ($check as $str) {, Z( j6 {0 s- r8 t6 c
if(strpos($temp, $str) !== false) {/ }: V5 E9 J- P1 x+ N" M
system_error('request_tainting');& [9 T K" r8 }9 S" v
}% o$ F* s o) s; d' {: Q
}
& J# D. Y# N0 N* S
}
- Y$ i3 w# \* p! |
& W, b0 o/ C) m' P! p! H* L+ a. h
return true;
5 x Y: y; F# U0 _
}

複製代碼

替换为：

private function _xss_check() {9 f- a1 [% v! |7 H# y
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
2 Y5 I$ N7 w& y3 v+ e$ Q+ V
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {6 g1 `( E8 Y0 g4 x( o& Q" T
system_error('request_tainting'); C3 c% d/ m# F& B
}2 P" u) I3 Y. B
return true;" ^+ D+ V9 {% N. Q; w& n5 z
}

複製代碼

后台更新缓存 ===>ok
但有些 discuz代碼內容在搜索結果內顯示,曝露在外,是不正常(會員搜索無此問題) ,研究中

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] 遊客站內搜尋的錯誤[含1張圖]