Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]

IT_man · 發表於 2015-7-19 20:45:45

tid=13874& 本帖最後由 IT_man 於 2015-7-19 20:51 編輯

http://www.alexa.com/ 蜘蛛收錄會產生如下的問題

解決方法如下:
source\class\discuz的discuz_application.php找到

private function _xss_check() {
6 b3 e$ o( T, a b% [
" R2 E" r& d m: A, D
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');7 }; s, X( l. z: n$ S0 U4 W5 ^
, I+ V4 g' S# b9 D- h
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
2 v% @$ E. u3 S: z, W5 E' [
system_error('request_tainting');
- F8 ~7 t; m6 C& M" ]9 D
}
1 d* E. N% ~$ v+ V5 L J
7 [9 S8 D0 [% r% c0 h a) U) d
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
. \0 I w1 c/ B1 ]; z+ _" ?
$temp = $_SERVER['REQUEST_URI'];- d% p& n/ U8 m( D, k/ V9 H' d+ _
} elseif(empty ($_GET['formhash'])) {% x( N6 T$ {2 M6 `
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');5 {; m. k& g+ k
} else {
( ^* `2 \+ m: `2 ]
$temp = '';& U5 @! U, Y: v8 M0 c0 w! E
}
1 G; g9 l/ }1 G8 O
9 w: C( u) O* _/ a
if(!empty($temp)) {
9 z' M; ]' c, S6 {3 d/ g/ i* A) t' o
$temp = strtoupper(urldecode(urldecode($temp)));7 |) R% {( K: I0 m7 @2 o% H3 b3 _6 y
foreach ($check as $str) {
/ u, H# B2 b( d/ R
if(strpos($temp, $str) !== false) {
p* T# O* Q3 U% ]
system_error('request_tainting');
$ k; _. x5 I( M5 H; t# n; Q
}# j( f# O m4 N+ s
}$ y4 x& R7 y: L+ z( D
}/ }! i3 t$ X% x# _' W/ v
8 H3 ~: e; j" u2 L7 |: ]# E7 G+ b
return true;

複製代碼

整段複製成:

private function _xss_check() {- T1 n# i+ u$ {# M9 V) i; @
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));5 t6 t2 H. I6 |0 _* i% i6 d& j
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) { s( t, N7 P% G8 {
system_error('request_tainting');
- o: m* E' I2 a; o- ~: g. Y
}& T1 S" ^0 o8 `
return true;, l8 b' g7 |3 Q+ X2 q! _) S
}

複製代碼

		自動登錄	找回密碼
密碼			立即註冊

[Discuz X3.2] Discuz! System Error---您當前的訪問請求當中含有非法字符，已經被系統拒絕[含2張圖]