Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {* e1 t" c, m# e' z1 X5 f. F
+ B2 O) e" K( p" l1 j k j4 N1 b
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
: t7 w4 r* P7 t) M- R
+ L% Z5 ?4 X( C; d: X/ T7 H- C2 R) Y
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {& U& \0 w9 d5 V; A5 U3 ^3 \! F0 P
system_error('request_tainting');
" b9 G9 w$ D& `9 O' j+ X+ y
}( S! Q7 h. G3 A {, V. n
( z- {) `# N8 D* Q6 {
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
, `- ]3 X- V$ G8 s. h* K
$temp = $_SERVER['REQUEST_URI'];
8 S- `" M) Q& t9 P. D3 Q8 `: c2 j
} elseif(empty ($_GET['formhash'])) {
/ c) K3 p0 e! C Z* U
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');0 @( F6 W) I# [
} else {
: D* G/ ?: Z& I* I3 L
$temp = '';
( B" {+ G+ X+ [* i! |+ q$ e2 e
}
' W* x$ O# Y" H1 A+ {: [& j
8 _+ X' ^$ b% V6 J7 o$ T
if(!empty($temp)) {7 X% x4 t* X' C1 \% \, |7 u
$temp = strtoupper(urldecode(urldecode($temp)));: H, N7 b; e7 W. g
foreach ($check as $str) {
/ _: ^8 B! ~8 t' c8 y
if(strpos($temp, $str) !== false) {
6 v m: _; W" E! L- b5 F
system_error('request_tainting');$ v* X; U" B6 t' _
}
8 Q- S& d. x5 k. ?1 M5 s+ ?3 J
}* J: c* M, O" ?& y* N0 V
}% q6 b$ J0 f( R( o/ m8 V9 h
' u, P2 |: |( N$ V: ?, [ d0 b
return true;

複製代碼

整段複製成:

private function _xss_check() {! E8 |* p2 T l& K
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
# \5 ~6 E; D3 m0 A0 `2 W& B
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {$ I w3 y0 ~* ]1 j5 y
system_error('request_tainting');$ w$ }8 j3 P# J% V: x. K
}
: q9 F; e; o) C8 j* l0 W0 P$ k' ~
return true;
" Q9 S8 f+ `0 R3 h0 x
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]