Discuz教程|系统错误,您当前的访问请求包含无效
Discuz!X3.1的正式版本包括最新版本[]。用户退出时,偶尔会提示以下错误,尤其是对于数据集成后的站点:
错误代码:
Discuz!系统错误您当前的访问请求包含无效字符,并且已被系统拒绝
PHP调试
[Line:0022]搜索拒绝。PHP(discuz_application-> INIT)
[Line:0071] sourceclassdiscuzdiscuz_application.php(discuz_application-> _ init_misc)
[Line:0552] sourceclassdiscuzdiscuz_application.php(discuz_application-> _ xss_check)
[Line:0355] sourceclassdiscuzdiscuz_application.php(SYSTEM_ERROR)
[Line:0017] sourcefunctionfunction_core.php(discuz_error:system_error)
[Line:0024] sourceclassdiscuzdiscuz_error.php(discuz_error:debug_backtrace)
临时解决方案:
修改source / class / discuz下discuz_application.php文件中第350行的私有函数_ xss_check()方法:
Private function _ xss_check (){
Static $ check = array ('"', '>', '<', ''', '(', ')', 'Content-TRANSFER-ENCODING ');
If (isset ($ _ GET ['formhash']) & $ _ GET ['formhash']! = Formhash ()){
System_error ('request _ tainting ');
}
If ($ _ SERVER ['request _ method'] = 'get '){
$ Temp = $ _ SERVER ['request _ URI '];
} Elseif (empty ($ _ GET ['formhash']) {
$ Temp = $ _ SERVER ['request _ URI ']. file_get_contents ('php: // input ');
} Else {
$ Temp = '';
}
If (! Empty ($ temp )){
$ Temp = strtoupper (urldecode ($ temp )));
Foreach ($ check as $ str ){
If (strpos ($ temp, $ str )! = False ){
System_error ('request _ tainting ');
}
}
}
Return true;
}
替换为
Private function _ xss_check (){
$ Temp = strtoupper (urldecode ($ _ SERVER ['request _ URI ']);
If (strpos ($ temp, '<')! = False | strpos ($ temp ,'"')! = False | strpos ($ temp, 'Content-TRANSFER-encoding ')! = False ){
System_error ('request _ tainting ');
}
Return true;
}
0条评论