Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {# Q, [1 a1 A W- O u' s
, ]+ L; z2 `! B
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');$ J& Q1 n, A3 D& X* t
" V, `# ^$ y6 a) |7 E) ?3 ?
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
, \' V6 d4 F# e) ]9 c& Y6 H6 l
system_error('request_tainting');4 V$ r6 f( |8 Q- X
}
! i9 J0 |- l4 g4 r
6 F- i6 P$ u7 b" k& q7 k& m4 c
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {7 c8 e: H8 q7 R% C
$temp = $_SERVER['REQUEST_URI'];
9 [) }3 e5 N \/ n f9 n4 A! T2 z
} elseif(empty ($_GET['formhash'])) {' H! f8 o: ?+ H' x5 j% g
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');# `9 {; }" {. [! L8 p6 X1 t
} else {
% K- }4 P% }3 [8 [0 c9 l/ ?
$temp = '';
7 M* H. E3 G$ r* I
}
4 B5 ?, Z1 |. u! @8 n$ ^
. S3 e( {* O' u4 @" m9 j( ^
if(!empty($temp)) {
+ |' j3 u% D' W3 h( W" q1 o
$temp = strtoupper(urldecode(urldecode($temp)));* q# h. a& Y" ~3 J5 D
foreach ($check as $str) {+ u5 S3 O8 k6 `' g5 A6 E p
if(strpos($temp, $str) !== false) {9 Z' a& d) D m- s: _
system_error('request_tainting');0 i, J3 ~0 j" l8 y7 P5 t. B6 S
}& W- [4 e* M/ L. [! A; d) G! p
}
* X T0 |" q; D, s+ U# o/ J
}
! E7 i3 q$ Y' I3 |& p2 F
; R+ m, M! ]2 H( |1 y+ I0 M
return true;

複製代碼

整段複製成:

private function _xss_check() {
& w8 ]2 Y; ?0 Z* O9 f3 a* A/ b- ~5 r
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));" l# p2 |5 c" M; c/ v i! s8 k4 |9 t
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
. ^7 q9 [6 I/ b( f; H
system_error('request_tainting');
3 C7 }' u" f7 k7 w, H. D! V+ a: |
}8 c% F# U' A* ?) o% k, C& I8 f
return true;
" C/ @6 ~" h5 ^1 c# q7 F
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]