2018-12-06 Discuz!-BUG反馈 退出网站清除

<caption>反馈BUG</caption>
| 程序版本: | Discuz! X3.1 |
| 浏览器: | IE6 <wbr>IE7 <wbr>IE8 <wbr>IE9 <wbr>IE10 <wbr>firefox <wbr>TT <wbr>360 <wbr>chrome <wbr>maxthon <wbr> |
| 版本状态: | 老版本升级 |
| 从哪个版本升级: | - |
| BUG地址: | http://www.discuz.net |
| BUG截图: | - |
| 测试用户名: | - |
| 测试密码: | - |

|

然后登陆Discuz网站,接着退出的时候点了下清除痕迹就报错如下：

Discuz! System Error您当前的访问请求当中含有非法字符，已经被系统拒绝 PHP Debug

|

• [Line: 0026]member.php(discuz_application->init)
• [Line: 0071]source/class/discuz/discuz_application.php(discuz_application->_init_misc)
• [Line: 0552]source/class/discuz/discuz_application.php(discuz_application->_xss_check)
• [Line: 0355]source/class/discuz/discuz_application.php(system_error)
• [Line: 0017]source/function/function_core.php(discuz_error::system_error)
• [Line: 0024]source/class/discuz/discuz_error.php(discuz_error::debug_backtrace)

|

www.discuz.net 已经将此出错信息详细记录, 由此给您带来的访问不便我们深感歉意.

解决方法：

131122 <wbr> <wbr>source\class\discuz\discuz_application.php <wbr> <wbr> private function _xss_check()

350行左右

1. private function _xss_check() {

2. static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');

3. if(isset(_GET['formhash'] !== formhash()) {

4. system_error('request_tainting');

5. }

6. if($_SERVER['REQUEST_METHOD'] == 'GET' ) {

7. _SERVER['REQUEST_URI'];

8. } elseif(empty ($_GET['formhash'])) {

9. _SERVER['REQUEST_URI'].file_get_contents('php://input');

10. } else {

11. $temp = '';

12. }

13. if(!empty($temp)) {

14. temp)));

15. foreach (str) {

16. if(strpos(str) !== false) {

17. system_error('request_tainting');

18. }

19. }

20. }

21. return true;

22. }

复制代码

131011 <wbr> <wbr>source\class\discuz\iscuz_application.php <wbr> <wbr> private function _xss_check()

350行左右

1. private function _xss_check() {

2. _SERVER['REQUEST_URI'])));

3. if(strpos(temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {

4. system_error('request_tainting');

5. }

6. return true;

7. }

复制代码

暂时修改回去就ok了

|