Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {
7 B/ _ z0 i z8 o: T6 P; @
( s* ?3 A# D4 b0 j* _- F4 n6 K1 P
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');! x9 t) S; D B. N* W4 j) {4 T
& O$ d: \, U4 z" m) w( t
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
' c5 f5 a; u6 H, i) I1 v1 K9 b% g
system_error('request_tainting');
3 Y2 d. L: f( g# ] F
}; L7 A& u( ~8 G' c+ n' X
2 {, f E5 M4 T4 C+ I1 k4 c
if($_SERVER['REQUEST_METHOD'] == 'GET' ) { v; Q! s* e2 r" x) n5 p2 Z- E1 v
$temp = $_SERVER['REQUEST_URI'];
5 f* H% l* i" x& y9 W- I3 B
} elseif(empty ($_GET['formhash'])) { z$ I0 e- E: \; ~4 x
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
4 B6 Z. A3 [' k1 i1 y
} else {3 _% @3 l) X; u3 Z) k
$temp = '';
/ h5 r0 J8 B% O( I: G
}
. |) E, r# x6 B
a. D" j9 J% k
if(!empty($temp)) {+ U. |0 S! q5 b" J# H$ J
$temp = strtoupper(urldecode(urldecode($temp)));
1 s3 g3 @1 T+ c: |
foreach ($check as $str) {# u) Y) ^* v5 J2 A& v0 Y! W
if(strpos($temp, $str) !== false) {/ D7 k/ @7 I' C+ n
system_error('request_tainting');" s {7 y9 P" |2 o- V7 \
}1 R) D& u7 Q% ?* H. Y
}# l. m$ w6 S4 U. u! m& x: v% M
}( C) F4 W7 A7 X+ V# [' z
- U, l6 W( |% `, n# Z; v: l7 u T3 x
return true;

複製代碼

整段複製成:

private function _xss_check() {
" m" l3 t/ m( f: G- t. `
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));& q: w8 `* u" d' C
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
; G8 p# {, t, B' T
system_error('request_tainting');
1 F3 t, d4 k } N# n, W
}
. }- K B {; {
return true;
$ A) ?% d) i$ d- V$ r
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]