Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {
$ l# z) e9 P/ e5 I( I. Z! O
# W# o' [- {* O5 n; L
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');+ t8 y$ p( b B- `/ d
( ^1 r" A( l1 c! B
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
! m7 Q# h l( o+ ^! i
system_error('request_tainting');, P- Y7 O( j4 ]0 i& G/ X( ^1 N x
}8 I, t" c7 L3 Q5 X5 F" d* o4 B3 D
" d0 g7 y9 }8 Y g# Q- D' k
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {" d. R) l1 `3 M2 G2 J5 T! X
$temp = $_SERVER['REQUEST_URI'];
3 [' F4 M( O+ z+ X
} elseif(empty ($_GET['formhash'])) { t4 l2 G$ l: |3 C2 W/ Y
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
9 w! |; i: _1 C+ ^0 x4 |% J
} else {7 {" }+ I% I/ \* b6 c2 y
$temp = '';
\7 m% r& q( c
}# c) P( \, P; `! ?. @4 _
. R. B: E5 X2 C! A- z/ E7 D9 k
if(!empty($temp)) {
$ V5 D* g: @; J( ^
$temp = strtoupper(urldecode(urldecode($temp)));
+ r6 a3 s! O+ P6 S
foreach ($check as $str) {$ `* \. p1 b7 V6 B4 D1 u1 p
if(strpos($temp, $str) !== false) {9 E6 h5 m! R. O1 ~
system_error('request_tainting');
, F, F9 t6 i8 e7 c
}+ U& @1 I% ]+ h% @0 Z- x
}
( |0 v) {7 u! J
}( S5 D$ A/ N/ Y, }0 x
+ t6 c9 P! b4 o$ i$ I# F' V% i
return true;

複製代碼

整段複製成:

private function _xss_check() {4 Z, ]/ q/ j6 P; L' v
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));7 |5 b+ s" K$ K! x# X
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {4 `( g0 T! N% C0 N5 @
system_error('request_tainting');( W- U' |- e: ~
}
' f5 N8 Y6 m1 a- J. R1 {* l
return true;
4 O5 Y* I" b& }- O( x7 _
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]