做了个discuz3.1的采集发布规则,您当前的访问请求当中含...
本帖最后由 蓝呆 于 2015-7-23 14:35 编辑我做了个发布规则,可以登录获取到列表了,但是测试发布的时候显示下面内容,然后论坛没发布成功:
发布成功,成功标识码:
网页源代码:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>www.wulianzhen.cn - System Error</title>
<meta http-equiv="Content-Type" content="text/html; charset=gbk" />
<meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" />
<style type="text/css">
<!--
body { background-color: white; color: black; font: 9pt/11pt verdana, arial, sans-serif;}
#container { width: 1024px; }
#message { width: 1024px; color: black; }
.red{color: red;}
a:link { font: 9pt/11pt verdana, arial, sans-serif; color: red; }
a:visited{ font: 9pt/11pt verdana, arial, sans-serif; color: #4e4e4e; }
h1 { color: #FF0000; font: 18pt "Verdana"; margin-bottom: 0.5em;}
.bg1{ background-color: #FFFFCC;}
.bg2{ background-color: #EEEEEE;}
.table {background: #AAAAAA; font: 11pt Menlo,Consolas,"Lucida Console"}
.info {
background: none repeat scroll 0 0 #F3F3F3;
border: 0px solid #aaaaaa;
border-radius: 10px 10px 10px 10px;
color: #000000;
font-size: 11pt;
line-height: 160%;
margin-bottom: 1em;
padding: 1em;
}
.help {
background: #F3F3F3;
border-radius: 10px 10px 10px 10px;
font: 12px verdana, arial, sans-serif;
text-align: center;
line-height: 160%;
padding: 1em;
}
.sql {
background: none repeat scroll 0 0 #FFFFCC;
border: 1px solid #aaaaaa;
color: #000000;
font: arial, sans-serif;
font-size: 9pt;
line-height: 160%;
margin-top: 1em;
padding: 4px;
}
-->
</style>
</head>
<body>
<div id="container">
<h1>Discuz! System Error</h1>
<div class='info'><li>您当前的访问请求当中含有非法字符,已经被系统拒绝</li></div>
<div class="info"><p><strong>PHP Debug</strong></p><table cellpadding="5" cellspacing="1" width="100%" class="table"><tr><td><ul><li>forum.php(discuz_application->init)</li><li>source\class\discuz\discuz_application.php(discuz_application->_init_misc)</li><li>source\class\discuz\discuz_application.php(discuz_application->_xss_check)</li><li>source\class\discuz\discuz_application.php(system_error)</li><li>source\function\function_core.php(discuz_error::system_error)</li><li>source\class\discuz\discuz_error.php(discuz_error::debug_backtrace)</li></ul></td></tr></table></div><div class="help"><a >www.topzhubao.com</a> 已经将此出错信息详细记录, 由此给您带来的访问不便我们深感歉意. </div>
</div>
</body>
</html>
返回的Header:
HTTP/1.1 200 OK
Connection:close
Date:Thu, 24 Apr 2014 08:02:45 GMT
Server:Microsoft-IIS/6.0
X-Powered-By:ASP.NET,PHP/5.2.5
Content-Type:text/html; charset=gbk
Set-Cookie:ZgLR_f3b4_sid=ta8A3d; expires=Fri, 25-Apr-2014 08:02:45 GMT; path=/; domain=.wulianzhen.cn,ZgLR_f3b4_lip=14.154.169.46%2C1398326502; path=/; domain=.wulianzhen.cn
Content-Length:2600
请问是什么原因,求大神指点
噢yeah解决了哈哈哈 蓝呆 发表于 2014-4-24 16:37 static/image/common/back.gif
噢yeah解决了哈哈哈
可以给大家分享下你的解决方法{:4_180:} 解决方法:
FTP 进入网站根目录 找到 \source\class\discuz的discuz_application.php 编辑
查找
private function _xss_check() {
5 }2 o3 y' Dv5 j$ {, k& ] static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
: ^, c' c+ g( k6 N7 [ if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {f- |$ }: \& ]1 e! j! v/ G+ d
system_error('request_tainting');; v$ L, A0 _3 f6 q5 J% t
}
/ h! F7 G7 Y0 g8 U- y* z, | if($_SERVER['REQUEST_METHOD'] == 'GET' ) {' W* G) F2 a% J0 S# s: X' A
$temp = $_SERVER['REQUEST_URI'];( t, K}4 jS- Z
} elseif(empty ($_GET['formhash'])) {& f* {" v7 v6 }' j
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
$ f# R# Q- y. [ } else {
0 F% g4 U; e& t. {% V: j* |% sY% l$ G $temp = '';0 ]0 n/ S5 V" M" Rj
}9 _& P3 ~7 V" M
if(!empty($temp)) {' T$ R/ ~7 ?/ l5 pT- X: g* J
$temp = strtoupper(urldecode(urldecode($temp)));+ u+ R0 W, F! T/ g! x+ t
foreach ($check as $str) {9 E+ U9 j3 a% L* g
if(strpos($temp, $str) !== false) {8 ]$ z8 j( N3 }* ~% N- }: M
system_error('request_tainting');
# N% \1 q% T* ]% {+ C }
; D; V7 k# f% w }+ d. U1 U( `5 ]* r: ]" M
}
, L% l+ V( M) e( \ return true;
2 ^4 o) w+ c* p. E2 h, o }
替换为:
private function _xss_check() {
) A* [- x+ @! ]$ s( T $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));6 C; j# Z1 A6 r, ]; j; @3 ?6 _
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
) q+ g" H$ d- U" i system_error('request_tainting');6 \( z4 c8 K2 E
}
x' v; J4 z0 o" g! m& G return true;
9 o/ g; W3 l* c- x5 Y% j }
保存就OK了,解决了。 蓝呆 发表于 2014-4-26 13:13 static/image/common/back.gif
解决方法:
FTP 进入网站根目录 找到 \source\class\discuz的discuz_application.php 编辑
这修改了网站无法访问啊,是不是你代码错了? 下页~情殇 发表于 2014-6-21 17:14 static/image/common/back.gif
这修改了网站无法访问啊,是不是你代码错了?
查看:
http://www.luc.cn/how-to-resolve-discuz-error-related-to-xss_check.html /**
private function _xss_check() {
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
system_error('request_tainting');
}
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
$temp = $_SERVER['REQUEST_URI'];
} elseif(empty ($_GET['formhash'])) {
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
} else {
$temp = '';
}
if(!empty($temp)) {
$temp = strtoupper(urldecode(urldecode($temp)));
foreach ($check as $str) {
if(strpos($temp, $str) !== false) {
system_error('request_tainting');
}
}
}
return true;
}
*/
private function _xss_check() {
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
system_error('request_tainting');
}
return true;
}
页:
[1]