Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {' X# i U& ]* h* z
' ]6 b- S; d& {% S
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
; V9 _1 I k; s8 n, s: _
* [ m2 I0 X1 H1 b L
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
$ z G. C0 X9 [3 ]
system_error('request_tainting');
0 s" `& @9 z4 Y; Z( Z4 }2 x+ K
}; V( h e8 n+ P* D
% B) Y# ^! J# b8 V+ [6 F1 S$ e8 T
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {2 V6 v! ~0 |* }- {; |
$temp = $_SERVER['REQUEST_URI'];
9 {0 a2 `5 j0 Z2 C- S
} elseif(empty ($_GET['formhash'])) {# B$ `1 u8 {/ \* e* y2 K+ z
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');$ W+ l' n' f1 |4 ?+ k5 K$ {
} else {& a3 q9 M2 _* h" C
$temp = '';) H* @ O1 h, ~3 q+ v- Q# T
}3 B4 ^$ [( ~& K, r
7 u; s8 C" V" f: ?2 e/ Q4 ~( X/ t
if(!empty($temp)) {0 r8 c% T# i: D+ m) B& P
$temp = strtoupper(urldecode(urldecode($temp)));
$ F! B4 X; z* |# h4 A% Q
foreach ($check as $str) {5 F5 g) @% L" o# {
if(strpos($temp, $str) !== false) {
" F9 d8 ]7 d' }' {2 N1 @
system_error('request_tainting');/ W+ o) L0 Y) ~& C8 _
}8 H8 y+ W5 M+ n2 e. F2 _
}5 }! T6 S$ K. m; l E& h
}
1 ~ B+ e p* b! H
7 H, @" J8 ]. \
return true;

複製代碼

整段複製成:

private function _xss_check() {6 x* G L+ A+ h# j4 F( F, K+ J
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));7 j' P- p) V; u, k; x6 L/ W& v
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {$ }. T1 T' {4 T8 p* e
system_error('request_tainting');. _& R1 _6 }+ U# }! {' R* W1 M
}. K& D+ W" a$ f! [1 ?: t S
return true;* V5 e3 p6 @7 K1 I/ m0 O: i) u
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]