Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {: h. E. b. s9 O7 s# M- g/ r
. _6 E% ?# t* m4 }3 h: ~
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');6 h& u. X7 w- G. P' A7 O
' B3 x$ y# q" p" c7 T
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {) n0 I1 g( H4 X/ @% F+ q2 J
system_error('request_tainting');
/ i! j6 Q# J- z8 r# R) M" g
}# g" {) ^! C8 P( B
M- T2 L) Q0 D4 C; ~3 W) L
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
# L2 J7 V6 K' l& D6 h; T
$temp = $_SERVER['REQUEST_URI'];
( K& `# [) |5 v4 Z9 B( C0 Z
} elseif(empty ($_GET['formhash'])) {
7 U) w3 Y* G6 J0 A2 d
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
; ?& } k- B6 ?! Y6 B' i
} else {7 R8 v( P+ L& h! O; p
$temp = '';4 p- v. n/ g$ s) M/ J/ H
}1 d' p8 u1 A" x
6 }. e* M8 R4 |9 \, x$ x& N4 B6 k
if(!empty($temp)) {) A1 i6 v0 i. [1 D+ o
$temp = strtoupper(urldecode(urldecode($temp)));. v7 G/ o; O+ }8 i
foreach ($check as $str) {1 r1 o' x8 N9 x3 F" Y5 S9 [
if(strpos($temp, $str) !== false) {
& p! s; R8 h& I! [* M/ j0 z/ i
system_error('request_tainting');; { O7 ?9 {* u% Y9 Z; T' @
}5 Z% @" d }: Y. r$ d
}
2 \% u/ x) B3 I b+ l+ G
}2 J' N0 e9 S9 n* `/ B" v$ R
; c0 G! t# X( `$ D) t% U1 F
return true;

複製代碼

整段複製成:

private function _xss_check() {6 g5 ^6 F% y' U0 M6 Z4 Y/ L
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));# t* `* ^# c# m' W
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {" Z* X3 R; W# [# n1 N5 X
system_error('request_tainting');% C# k. R9 I5 s8 x: U& N2 u
}0 O$ ]3 g$ w- n- Z- O
return true; j2 o9 v+ \# I
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕