Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {, \4 }( m4 ^, ^0 I) R
* k3 Y% x$ M% q' e% y
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
2 u! Q2 I0 F3 H7 A" r- h
0 C$ J3 @. H3 x# ]' d
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {7 X+ t* N; z- _% ]) I& }
system_error('request_tainting');
% j. z% G2 n' j0 i# g
}
8 u$ u" Z- ?! Q6 B7 r/ {- o
& T3 ?5 I3 F, Y" k
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {# J9 J5 C' y4 ]
$temp = $_SERVER['REQUEST_URI'];
: Y" j$ R( z$ ~5 Y1 y
} elseif(empty ($_GET['formhash'])) {6 { I' F. w+ y: M5 o9 ]
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
) ^' z5 F/ d+ w! w
} else {1 T- N9 }/ @/ A1 Y( L
$temp = '';
) [$ x! G) J; L0 h# s
}- c9 ~7 m4 ?3 F3 R( ~
1 l$ l, L0 ?+ y. f, l
if(!empty($temp)) {( P: @# ~1 q" [6 t' S( k
$temp = strtoupper(urldecode(urldecode($temp)));0 ]) Y: l9 g2 h, V$ W) `
foreach ($check as $str) {) ^, H' d- ^# o, g
if(strpos($temp, $str) !== false) {8 I" H4 L5 b& W$ d. ]$ Y. b# b
system_error('request_tainting');( E7 I( ~5 b' s; G B
}) b; a P, L8 D6 O! B ^, i2 K" k
}
0 K# E! ^, M1 g) @
}
2 e5 T5 ]" |: u6 _
. R' r1 p( p. z
return true;

複製代碼

整段複製成:

private function _xss_check() {
. G; r, t2 B3 ^
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
/ j, _8 Q0 y- F) S6 w7 O! B8 Z1 q( D, _
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {, ?9 b. B7 S; J) a; H
system_error('request_tainting');2 @# {! {+ d, W! H; n- a3 q
}
) C, p+ N" Q. |4 x4 z" o4 w
return true;# f. d& g8 Y" F
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]