Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {8 X9 Z0 @0 ^+ m
! j2 r) I ~9 m8 _
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');' e# b7 ^/ A8 i
$ r9 P( Z5 o9 I+ y6 q% n! q! ^2 c
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
# {; |# r- r P& v e8 Z4 O$ W
system_error('request_tainting');' M6 ^5 M/ R( S+ ~+ x+ d
}
# H$ a8 J3 M- g6 @' F/ @
# @& v( A) u; L
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {; f0 F) p: e$ B" ]; a8 L& |
$temp = $_SERVER['REQUEST_URI'];- h# i% j- X& s' c: p" C
} elseif(empty ($_GET['formhash'])) {
v" n7 |$ ?8 z& k
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');3 j* y, L* X! r$ [
} else {
! ^6 F! o5 Z% Z! r7 a6 a% A
$temp = '';
0 n, [) w( p2 N) \
}
1 K0 ]' y" I- @" e' l: D, t5 ]
' A/ O7 e$ c; u' U0 A6 h# ]* f
if(!empty($temp)) {
6 i9 L* p4 p. Y6 E5 d0 S2 Z
$temp = strtoupper(urldecode(urldecode($temp)));
# w' H1 w! N: I2 m4 s4 D3 y
foreach ($check as $str) {% T( `8 \$ o' O$ J% R. l6 P- c
if(strpos($temp, $str) !== false) {) L$ h" P% g3 ~7 V( i$ G
system_error('request_tainting');
7 @ m7 {; n# u5 b
}# [) ~* c6 r% \' u" ~
}
" q9 L$ _' O9 Z! J9 Z+ ~1 r7 i
}8 e" y5 q9 A* [
9 R5 ?0 I: T( H' @
return true;

複製代碼

整段複製成:

private function _xss_check() {& F* c9 M( f2 S, D
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
- X* J: E, O2 z$ i
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {" U4 E$ `- {# X* i* D/ R$ a
system_error('request_tainting');
' t: T. c$ E& V& s, ^2 m. O: _
}8 L; U( v5 ~) j. P _6 h
return true;* x5 N7 Y8 B9 N! i+ f' J
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]