Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {7 F$ P6 {( ^4 |3 k0 l4 p
7 K$ @. E" E; k* T4 U* [0 G4 e9 f2 ~
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');" |- ~- i! a2 {& F$ Q
' x0 ^0 _9 E) u, x4 Q$ ?
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
$ c! t" _$ Y+ k+ {8 L
system_error('request_tainting');
+ Y3 i! R$ o& H _1 v4 y
}: b% u# M8 W% V; i- S' f& o- Z
9 d, }' b% y2 m, w7 Z* c% M- G
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {8 n; @& J6 j; N9 |
$temp = $_SERVER['REQUEST_URI'];
7 L! Z& w/ q; R' G* t, l, Y
} elseif(empty ($_GET['formhash'])) {
! y* D" z1 W) `1 S1 M4 \0 o# f# _
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
( h' z4 n6 n7 t* a; g
} else {
9 q7 O; }2 Z# T/ y) k& A2 o6 z
$temp = '';$ E( B3 a. W4 B. ] v: P! m f
}
: T' p2 ~0 v) e: P
+ p. z8 P# C6 [' e5 E' ^! B
if(!empty($temp)) {8 D u' E# [$ G4 z) y
$temp = strtoupper(urldecode(urldecode($temp)));
; a d: z' E( ]( E( M9 P1 F: r
foreach ($check as $str) {
" N* A; W _, C- \# F( Q
if(strpos($temp, $str) !== false) {
) j* k, \# C! \7 |& Q( g* D; c
system_error('request_tainting');
- z4 e4 ?* \0 @, c
}
# m1 K' u; q j* w$ A
}
: Z n2 \' \! J3 L
}
/ G. h/ l L; a0 Z4 E5 C7 D2 v
4 I+ i3 S0 M& `7 k0 i) z( m: Q( T
return true;

複製代碼

整段複製成:

private function _xss_check() {/ s7 E4 i9 X+ z; ~7 ^( w! C
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
; a4 f& h Y8 }) ?8 K- J
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {2 p! v b0 N2 |: `% V F7 b. i
system_error('request_tainting');+ @; [) y* @( y8 w' [5 W
}
8 b+ \( G( }( i
return true;6 l; B3 a& g4 U: Q0 _& `
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]