Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {/ Q- } ~# W S' u0 a
& _+ o& e" _, v4 L' K! F
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
3 o) b4 I& Q# n/ O: ]
i2 D/ @+ A/ c6 [
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
3 _4 o# Z) i B5 e' g
system_error('request_tainting'); ~) @; c0 c( A7 I
} k5 x( p( e8 j6 f! h- q5 F( V
) F9 g3 a' A$ u) Z: G
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
; |+ X4 W/ ^( {4 G' V# ~
$temp = $_SERVER['REQUEST_URI'];
`2 Y: M+ J4 b4 j7 D( F/ h
} elseif(empty ($_GET['formhash'])) {
# h; u7 J# j- i) L' `9 k* k5 V Q
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');& @ l; ]% Z; I8 i
} else {
* M# W2 ]% f0 n; s# m/ j* f
$temp = '';9 _0 w3 H" _7 x8 O: G
}
1 l" S' ]& }9 D7 s
e% M2 H2 T8 A$ Q& ^, S
if(!empty($temp)) {7 e* O4 b2 U& U* ~3 H& ` Q! j8 G
$temp = strtoupper(urldecode(urldecode($temp)));
$ j5 E. Z0 A% K/ l" a
foreach ($check as $str) {
+ ]( ^$ Y. {, y' n; N
if(strpos($temp, $str) !== false) {* y @) w' t$ F( M
system_error('request_tainting');+ W& c$ A o' q% P& v2 W5 K
}4 y. ]' j' ?) d2 H) M
}
1 G* e8 o8 V- t
}
8 K8 t% ^( K% v) b
1 t9 E. K% G! n# e" P9 S+ q
return true;

複製代碼

整段複製成:

private function _xss_check() {) B% m& {7 Y- B. E- _. d
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));4 B9 p% o. L- g( o- O) J
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
1 T1 K+ S0 b1 E) E
system_error('request_tainting');
) b- {+ i' j1 C* V9 Y5 z
}2 K: f& K% X! B, p/ Z; x0 |
return true;2 k9 }* H' R4 H9 R6 [# b
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]