Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {5 J: T3 L1 X: @! H" ~
4 z1 H& m" d! m6 s* n$ h6 |
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
k" [& d1 y3 ^; |( w2 q4 z
* F, C/ S e2 l" F
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
* g3 a8 M# R6 w% ?( z1 K
system_error('request_tainting');4 c V8 L1 @: t* p7 c
}
6 [: | H9 R5 t k
* p. q( q" X5 A L& G0 E
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
, [' a' S4 T& @( W1 F
$temp = $_SERVER['REQUEST_URI'];( b" B% G0 N% J) m7 Q! n5 \
} elseif(empty ($_GET['formhash'])) {
, B& K7 E: G2 |3 V$ E% q# u+ y
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
2 f" a$ e" v" Z
} else {
& j8 _( Z' d) p2 r ]
$temp = '';
3 s @, }, p C: X" u1 I
}
6 X" V% ]3 c$ X( t4 A
) P& R' B; o$ }8 i7 E" z% [
if(!empty($temp)) {8 \5 [: x% Y5 T. v
$temp = strtoupper(urldecode(urldecode($temp)));
2 u: I' T& j0 n! L4 L) M$ L4 v1 u
foreach ($check as $str) {* Q( l( p+ q j" p0 |
if(strpos($temp, $str) !== false) {4 ~/ x" S: }+ Y
system_error('request_tainting');
9 _5 y9 J. o' u' `, V- ]% T: U! R [
}
5 {$ q. r4 [/ S* p) H
}: q" F$ W& v, n+ d& {
}
0 Z$ G& D( j) Y; P% a* a) o6 @0 A
3 d* a. D: P: t: s e# b |& L& ?8 U) I
return true;

複製代碼

整段複製成:

private function _xss_check() {
; q6 L% P0 H0 }4 d
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));+ b! h0 z0 q- A& Z# @% K
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {5 |7 i7 T! N) [6 a t
system_error('request_tainting');% d3 |7 F# U# I$ `& @6 ]
}
7 C! k+ a, d: f: e/ W+ @$ n- j
return true;4 B& ]2 \4 r2 Q$ _4 @
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]