Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {
+ N m+ n+ Z* x
" X i# g& e+ j, a, _, Y
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
; f P3 S& T" t0 V
/ |5 w8 C5 {; K+ q' K9 u
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
) J _0 [& W- Z/ o/ u' c
system_error('request_tainting');
! a9 O& g/ C! [% J1 U
}
) ]1 _% N9 U' G2 v0 l- g0 W) g1 k
+ f( {& F5 B4 ]4 S+ O% X/ c
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {$ S' O# ~, ]; z; \
$temp = $_SERVER['REQUEST_URI'];% o' }9 j( `* o9 d) S
} elseif(empty ($_GET['formhash'])) {
9 I8 T& {% t, r7 W, ^7 n5 A& e/ a
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
: r5 E0 ]$ v( }: k ~' A. i' {; ^
} else {* @" H% p/ Q4 q' q
$temp = ''; H1 D1 a* C; g& R% b+ A# I+ r1 h
}
6 T' P+ Z+ K2 U J. T# H
7 ?* x I# d" ^9 `
if(!empty($temp)) {
: s8 H+ c L- }/ o4 J0 r- [5 u. E
$temp = strtoupper(urldecode(urldecode($temp)));
3 g0 N* `; v" A& K% k2 y4 W. E
foreach ($check as $str) {; [* L) [7 w8 b6 I" ?
if(strpos($temp, $str) !== false) {: J) v; e9 f! l
system_error('request_tainting');
9 q& k1 H6 }" {( p4 s- F
}
7 ~+ [9 C4 G* a- y7 \
}
4 U$ v& ^$ E% Q5 S$ k3 u7 s: p! W# I( R
}) _, I+ G( y. }$ G8 ], L* T
- F P5 K0 G, ?7 e9 e) ^
return true;

複製代碼

整段複製成:

private function _xss_check() {8 y$ K0 U W# k% F, V
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));9 V. a% v6 ~6 F* I
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {& Y: S5 F. c) `* x4 P
system_error('request_tainting');
) O) V m: O# K1 N$ R* w
}7 ^# h& l' U$ k! |; m( j' @
return true;/ m% j% V0 g9 a: |) \/ C# k
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]