遊客站內搜尋的錯誤[含1張圖]

IT_man · 發表於 2015-3-23 16:24:33

本帖最後由 IT_man 於 2015-3-23 16:27 編輯

遊客站內搜尋時出現 error message :

sol:
\source\class\discuz的discuz_application.php 約第350行
查找

private function _xss_check() {( m# r$ L5 y$ _/ y( u
* f3 Y$ y: k4 O/ ]
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
, X f' ^4 X" T; H( ?$ c' ~
7 @' ?0 |) i8 D4 g8 S% i E+ u% ]
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
0 C" a7 N" X" `" u
system_error('request_tainting');% _) z; {& G2 |6 k& u7 ~. ~/ s
}8 K, d i" E8 y5 n0 i" {- c& H
+ }5 y0 E+ C8 ?6 z, Y
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {& E$ T3 ~' D/ M. h6 U
$temp = $_SERVER['REQUEST_URI'];
0 F+ o7 \7 d. R% D
} elseif(empty ($_GET['formhash'])) {
' I3 {: P5 T; @& I/ D- M6 s' R
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');4 H, U3 i2 Y3 [3 r& k/ J2 T
} else {
1 x0 x J8 I1 D. q
$temp = '';
3 |+ z0 I+ d G
}
( c) O% P4 A E1 }; g6 Q
; F% c8 p/ b+ I( _. z: h
if(!empty($temp)) {. D3 V8 X+ s( E) |, C. e: x% A
$temp = strtoupper(urldecode(urldecode($temp)));
2 l# Z, }0 e* _% q$ k' M* z
foreach ($check as $str) {
% N, z' i3 f. Y$ s/ t) I' T
if(strpos($temp, $str) !== false) {
+ V& k9 w) Z1 b q; ~
system_error('request_tainting');
5 f# B, ?/ ~9 @5 G5 x
}
! _' ?2 w5 |' U" \* M' d2 Z
}, h0 F* ^8 H! P+ h h6 ]! u) h
}: ?5 Z2 n& k+ [
$ K) l s" I* l5 }
return true;
( V5 J% g9 w1 {& C: ~* W' ^. \
}

複製代碼

替换为：

private function _xss_check() {3 v' f# a) e) f3 B
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));4 T1 g) F4 b; d! X$ u _
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
7 u7 ~: \5 A" J9 G
system_error('request_tainting');
+ l) m* ^- r& U& K' b; ^9 t
}2 Y5 P0 Y- w4 m8 ]* A k5 {2 f
return true;5 Z4 R3 l% ~6 e! V
}

複製代碼

后台更新缓存 ===>ok
但有些 discuz代碼內容在搜索結果內顯示,曝露在外,是不正常(會員搜索無此問題) ,研究中

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] 遊客站內搜尋的錯誤[含1張圖]