Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

tid=13874& 本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {) |0 B! v! W& N: b0 c/ _
* M$ T+ Y: s" c. h) Z
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');0 m# d3 ~9 `1 f" O- u2 o" u# a
7 W3 k& ]7 {, g( h! X
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {) n6 F- Y4 B; O+ x( Q
system_error('request_tainting');0 @8 C9 _8 T! f
}% O( [. B1 S& v c" G( r
6 G/ z, z: V8 M2 E$ m. W& ?
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
$ L) V6 A/ |1 m* n/ C
$temp = $_SERVER['REQUEST_URI'];( R a3 s+ i4 d# N3 H# c' t, [
} elseif(empty ($_GET['formhash'])) {7 H; g& K( U8 Z! t
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
7 b! p) {8 K, \
} else {- U! k% G! j4 ]. R
$temp = '';/ U3 k/ L% [$ T
}
4 K' b/ m& E! }" ?0 D+ S, [( W
( {* M. a& V1 \
if(!empty($temp)) {
+ L$ \% V! f% M
$temp = strtoupper(urldecode(urldecode($temp)));3 ?6 V1 ^9 {' \
foreach ($check as $str) {. I/ n" F& p8 o& u# [* _ k! l
if(strpos($temp, $str) !== false) {
& E8 E N# [! N C/ i
system_error('request_tainting');7 E, Y; M) K$ ?2 J k* n
}
' y- V9 S) H* B: f, I
}
8 n$ q }2 K5 K( r
}5 e+ G3 B: ~4 t2 u1 x- b
! p, _+ h) l1 P L8 U$ M
return true;

複製代碼

整段複製成:

private function _xss_check() { {$ Y4 x& r) @ l) u
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));4 X) l& ^& H* _' u% d
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {( f# R- K1 W2 ~/ v* [3 \+ v- O! r
system_error('request_tainting');
- A( a9 W9 N3 C7 n+ {
}7 K3 E# w0 [; v6 y, i9 n/ I! _
return true;4 L. i0 }* y! J J3 U& V
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]