Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {
' _' x1 U' m" t5 h V3 ]! V
* m' [6 I' {( c& D
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
( `! M1 @5 {$ _0 z& F n
9 l, I4 x- X% K
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {& N" M3 W. f5 b
system_error('request_tainting');
# M0 z m7 @' f/ b
}1 w" @* o8 [# ]- C1 d4 _5 F
! M) U8 n* l2 _
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {. ]6 L- @" d! W
$temp = $_SERVER['REQUEST_URI'];
+ c4 O* Q0 _) Z9 F0 }0 c% R
} elseif(empty ($_GET['formhash'])) {
: s5 @5 x" }7 h4 n" [
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
3 p7 @+ F/ `5 F0 b8 L% [5 }
} else {% S; u$ F! ], X6 N7 S
$temp = '';* r. {4 E% H) `, G
}
% g" l9 W. w( S- ]5 O" q
- `3 s# k4 d, Q( m; Q9 r- p6 s+ ^; l
if(!empty($temp)) {
9 Y+ D+ l8 z# j% q8 g
$temp = strtoupper(urldecode(urldecode($temp)));
4 S7 _7 d( @% l3 b5 U- Z
foreach ($check as $str) {! F' K: R5 {8 |# G+ v) Q/ m
if(strpos($temp, $str) !== false) {- ], d8 Y: }5 v* E" w1 C8 ^( k
system_error('request_tainting');
/ Z' `% B! s) E8 i. b# q
}
& @0 F: w* ^8 G. X5 o
}
m# U, u0 F8 Z+ [ g3 o& z
}, a+ ^7 `. j9 p
8 f B. {2 E5 N' ?. \+ H, J
return true;

複製代碼

整段複製成:

private function _xss_check() {' e: V) x w% _
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));1 ^) u6 t( V1 K& ^
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
: J5 c$ b! t. F* p( c
system_error('request_tainting');" i9 I0 L- n/ W5 @# n! k6 X1 h8 z
}' ?4 y- h* H* f$ V n
return true;
1 U1 l( v$ d Y+ `1 t" h- d& f4 O
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]