Discuz! The official version of X3.1 includes the latest version []. When a user exits, the following error is occasionally prompted, especially for the site after data integration:
Error code:
Discuz! System Error your current access request contains invalid characters and has been rejected by the System
PHP Debug
[Line: 0022] search. php (discuz_application-> init)
[Line: 0071] sourceclassdiscuzdiscuz_application.php (discuz_application-> _ init_misc)
[Line: 0552] sourceclassdiscuzdiscuz_application.php (discuz_application-> _ xss_check)
[Line: 0355] sourceclassdiscuzdiscuz_application.php (system_error)
[Line: 0017] sourcefunctionfunction_core.php (discuz_error: system_error)
[Line: 0024] sourceclassdiscuzdiscuz_error.php (discuz_error: debug_backtrace)
Temporary solution:
Modify the private function _ xss_check () method of approximately 350th rows in the discuz_application.php file under sourceclassdiscuz:
The code is as follows: |
Copy code |
Private function _ xss_check (){ Static $ check = array ('"', '>', '<', ''', '(', ')', 'Content-TRANSFER-ENCODING '); If (isset ($ _ GET ['formhash']) & $ _ GET ['formhash']! = Formhash ()){ System_error ('request _ tainting '); } If ($ _ SERVER ['request _ method'] = 'get '){ $ Temp = $ _ SERVER ['request _ URI ']; } Elseif (empty ($ _ GET ['formhash']) { $ Temp = $ _ SERVER ['request _ URI ']. file_get_contents ('php: // input '); } Else { $ Temp = ''; } If (! Empty ($ temp )){ $ Temp = strtoupper (urldecode ($ temp ))); Foreach ($ check as $ str ){ If (strpos ($ temp, $ str )! = False ){ System_error ('request _ tainting '); } } } Return true; } Is Private function _ xss_check (){ $ Temp = strtoupper (urldecode ($ _ SERVER ['request _ URI ']); If (strpos ($ temp, '<')! = False | strpos ($ temp ,'"')! = False | strpos ($ temp, 'Content-TRANSFER-encoding ')! = False ){ System_error ('request _ tainting '); } Return true; } |