遊客站內搜尋的錯誤[含1張圖]

IT_man · 發表於 2015-3-23 16:24:33

本帖最後由 IT_man 於 2015-3-23 16:27 編輯

遊客站內搜尋時出現 error message :

sol:
\source\class\discuz的discuz_application.php 約第350行
查找

private function _xss_check() {; n: Y9 F" G( V1 M
1 `! w) B% W- o1 k* N
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');* W- P2 J% q) ]. n% Y1 f: Y7 @( a
$ @ b7 p& R2 z9 G# ]5 g' h) i
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
! R4 X/ `' X1 Q( N6 v. d
system_error('request_tainting');
1 f. c- v3 H" D
}
) T) V' ~3 u( i
- L7 o% \2 U9 X" c8 I( p: c
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {# w$ |- K6 R g4 Z9 R
$temp = $_SERVER['REQUEST_URI'];
. v% x% k4 s# R; U- M& }% L0 U+ h
} elseif(empty ($_GET['formhash'])) {6 u) i3 u$ W; d" ^* {
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');7 r8 S, W, i1 J0 d
} else {
1 p4 O, d j0 u( ` [, H$ L E
$temp = '';0 ^ ]9 z+ N! g9 r7 L" L6 S. J
}
7 d# v7 h; D+ j6 y! B( \
. @+ h& t' Y" e2 r
if(!empty($temp)) {
3 j& D! T+ q `" X6 S2 {% U, K
$temp = strtoupper(urldecode(urldecode($temp)));
D- P7 n0 a! @$ b
foreach ($check as $str) {
5 v( |2 K3 j H8 ~3 c' P, }
if(strpos($temp, $str) !== false) {
# [* p X7 E* D& {9 I( @9 r. z
system_error('request_tainting');
0 ]$ ?7 N7 Y" U
}
, l( Y+ t4 M+ d) n0 B
}+ H- ~: g! q: j
}
' x" _6 p+ w. a L
* c) x' l2 I( S' S
return true;
. W2 Q" x- U j4 {! V- R
}

複製代碼

替换为：

private function _xss_check() {
' s a* T; [2 t. S, F+ `! |
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));* h8 ]+ D7 i4 }' k: z3 e
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {8 ]: [/ [" Y! z% k
system_error('request_tainting');
* o: L. Z' @4 R7 Q- O# J1 g% v
}- E! G# ^1 |) G1 j& V
return true;
" T1 Y5 i5 _2 w6 `7 k2 V
}

複製代碼

后台更新缓存 ===>ok
但有些 discuz代碼內容在搜索結果內顯示,曝露在外,是不正常(會員搜索無此問題) ,研究中

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] 遊客站內搜尋的錯誤[含1張圖]