Development DZ Plugin background hint error

This is the PHP code.

 
  0) {showmessage (' Add failed ');} Else{showmessage (' Add failed ');}}? >

of the template

Error hints
discuz! System Error

Your current access request contains illegal characters that have been rejected by the system
PHP Debug

[Line:0025]admin.php (Discuz_application->init)
[Line:0071]source\class\discuz\discuz_application.php (Discuz_application->_init_misc)
[Line:0552]source\class\discuz\discuz_application.php (Discuz_application->_xss_check)
[Line:0355]source\class\discuz\discuz_application.php (System_error)
[Line:0023]source\function\function_core.php (Discuz_error::system_error)
[Line:0024]source\class\discuz\discuz_error.php (discuz_error::d ebug_backtrace)

Reply to discussion (solution)

Please post the PHP page you submitted to get the $_server[' Request_uri '
There should be special characters, <, ", content-transfer-encoding

Please post the PHP page you submitted to get the $_server[' Request_uri '
There should be special characters, <, ", content-transfer-encoding

I submit on the blank form also prompt this

This is not clear, can only see your $_server[' Request_uri ' this value
Throw the wrong position in source\class\discuz\discuz_application.php, there is a _xss_check () Private method, you can see for yourself

$_server[' Request_uri '] this value

/admin.php?action=plugins&operation=config&do=23&identifier=baoming&pmod=fabu

X2.5 Test no problem, please check your _xss_check () method, in source\class\discuz\discuz_application.php
If not, replace as shown below

Private Function _xss_check () {$temp = Strtoupper (UrlDecode (UrlDecode ($_server[' Request_uri '))), if (Strpos ($temp, ' < ')!== false | | Strpos ($temp, ' "')!== false | | Strpos ($temp, ' content-transfer-encoding ')!== false) {system_error (' request_tainting ');} return true;}

It's not about this.

It's not about this.

I checked it out, it's all right.

Seems to be Formhash send said to accept there's a mistake

Should be a formhash problem, because the original _xss_check () method is to verify the Formhash

Private Function _xss_check () {Static $check = Array (' ' ', ' > ', ' < ', ' \ ', ' (', ') ', ' content-transfer-encoding '); Isset ($_get[' Formhash ')) && $_get[' Formhash ']!== formhash ()) {system_error (' request_tainting ');} if ($_server[' request_method ' = = ' GET ') {$temp = $_server[' Request_uri '];} elseif (Empty ($_get[' Formhash ')) {$temp = $_ server[' Request_uri '].file_get_contents (' php://input ');} else {$temp = ';} if (!empty ($temp)) {$temp = Strtoupper (UrlDecode (UrlDecode ($temp))), foreach ($check as $str) {if (Strpos ($temp, $STR)!== False) {System_error (' request_tainting ');}}} return true;}

So, let you try the _xss_check () method of X2.5 instead

At the front desk also have to verify Formhash, how can pass, to the backstage is not

Uh... Limited capacity, no research, no experience.
And, according to Discuz's error, I didn't find the code to execute _xss_check () in the _init_misc method of X2.5 discuz_application.php.
Don't know what your version is.
If the lower version will discuz_application.php this file cover a try

Hey! I was 3.2.

Anyway thank you very much jam00 knot to the points

I wipe, have not played so big on the version ... I came down and looked at it.

