遊客站內搜尋的錯誤[含1張圖]

IT_man · 發表於 2015-3-23 16:24:33

本帖最後由 IT_man 於 2015-3-23 16:27 編輯

遊客站內搜尋時出現 error message :

sol:
\source\class\discuz的discuz_application.php 約第350行
查找

private function _xss_check() {; j$ H3 L" P; ]! T. ~
2 h3 s+ [+ t/ U: ~# H$ ^
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');' b+ Y7 T# l6 u# `
# S, |0 n# m+ l6 d# j* ?9 k* L
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
6 k5 } @6 s5 \
system_error('request_tainting');9 d A/ y. R+ x. W+ V' e
}2 N0 v: {9 Z5 |$ O8 M( V- x- L
" Z, B( r4 R/ H4 b
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {0 e* A+ U) ^! n4 ~$ u. z
$temp = $_SERVER['REQUEST_URI'];4 B+ V0 D( e- o
} elseif(empty ($_GET['formhash'])) {2 V" s; |/ ^& M; t8 c4 E
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
; m& I! Q+ `! {4 b
} else {% _3 _+ p0 ]; F- @3 ^! l
$temp = '';3 {1 f* j! z4 x8 E! C) x
}9 B! P8 F- Z- v
; M1 u0 b0 Z6 O6 h0 w. H
if(!empty($temp)) {
0 {7 h7 I9 k( ^0 R) \8 D# p$ F9 V: p
$temp = strtoupper(urldecode(urldecode($temp)));1 W0 L8 l8 @, d0 X" H1 k
foreach ($check as $str) {: Q- v) {) w: E
if(strpos($temp, $str) !== false) {
$ t5 W9 _+ a# t* x2 f
system_error('request_tainting');4 D, C7 H% ?% x# G% C* L* R
}
) i7 S# g0 t: i' t K' C* H" {
}7 S! @& l2 }( j0 Y
}
; S9 e" L! g& R! N
5 h9 d: ]8 b2 e7 z# ]( _3 y
return true;
) V0 L- ]* {0 z; t K
}

複製代碼

替换为：

private function _xss_check() {
6 _: }5 g) ~0 f5 R Y& _. B- \" u
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));6 R" d0 V' S; }! Q
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
3 ], N( W1 E0 G9 y. P' [8 F) u
system_error('request_tainting');
. y- e9 _3 h$ x: w* O: y
}
% U$ }3 s7 L5 W7 w
return true;
' k3 L4 O8 W0 q) Y: t* D. Z
}

複製代碼

后台更新缓存 ===>ok
但有些 discuz代碼內容在搜索結果內顯示,曝露在外,是不正常(會員搜索無此問題) ,研究中

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] 遊客站內搜尋的錯誤[含1張圖]