Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {
" |" J5 q6 w$ j( s% q5 ^" R" U2 y
9 E7 r/ f" ?% k/ V" `/ N
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');. V( ~, I! f" h _* j
! ~3 a$ S) @5 O# H% N; |
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
& N1 I; {5 [* r6 d6 m: ^" \ }
system_error('request_tainting');" U ?9 U- T3 v% b9 _
}
( F8 M7 m7 S- p
& `0 K x5 k) u+ j$ P. Y
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
; o8 k9 g) _$ a' A
$temp = $_SERVER['REQUEST_URI'];- {& J* M) Q/ }3 j
} elseif(empty ($_GET['formhash'])) {$ X+ k! j% i N1 ]7 s/ T1 H8 u
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');; _* f6 n" D* P" t2 z
} else {( d( ?/ x! H; k, R7 |2 Z
$temp = '';6 V$ S2 Q }! I) s1 e, S
}2 A L/ z4 j, m. r, q7 a" e
: F \# {& g4 `) ]% Q, {3 [
if(!empty($temp)) {
/ [! K# V+ W3 A6 G6 j
$temp = strtoupper(urldecode(urldecode($temp)));( h2 g* J( @ C# T$ P4 X; @% h+ i
foreach ($check as $str) {$ t# L. W6 S# Q4 y
if(strpos($temp, $str) !== false) {
, d) k& s& J0 ?" i( q
system_error('request_tainting');
5 {( o: m, p6 d, ?
}
0 H$ u+ u! W% e4 M5 h
}- h6 X' ^4 Z" v& s* s
}
2 ?( D2 I9 h/ k; ?! l' _: Y3 L- g
7 r, G# G$ N: h* Y
return true;

複製代碼

整段複製成:

private function _xss_check() {
1 k3 _% }3 i# _& }8 l
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));7 G6 D ~& i( M& T# a" R
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
* |8 V0 M( I" x9 S$ L4 F+ D; s C
system_error('request_tainting');
+ b& _4 p5 E7 d0 g
}, B) |" x. _5 m
return true;
+ e X `# i5 P, L% F
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]