浏览 9860 次 / [ 天下网闻 ] DISCUZ后台运行记录:您当前的访问请求当中含有非法字符
  • 发布时间 2017-10-12 19:42

    • DISCUZ X3.4  X3.3 X3.2 X3.1等版本后台>>工具>>运行记录>>系统记录>>系统错误,错误记录如下:
    1. 2017-10-12 19:00:51        您当前的访问请求当中含有非法字符,已经被系统拒绝
    2. PHP:home.php:0024 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    3. User: uid=97017; IP=58.32.48.4; RIP:58.32.48.4 Request: /home.php?mod=spacecp&ac=favorite&type=thread&id=16855&formhash=750eeda6&infloat=yes&handlekey=k_favorite&inajax=1&ajaxtarget=fwin_content_k_favorite
    4. 2017-10-12 18:56:55        您当前的访问请求当中含有非法字符,已经被系统拒绝
    5. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    6. User: uid=0; IP=123.249.17.35; RIP:123.249.17.35 Request: /member.php?mod=register&inajax=1
    7. 2017-10-12 18:51:31        您当前的访问请求当中含有非法字符,已经被系统拒绝
    8. PHP:search.php:0022 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    9. User: uid=97015; IP=222.243.89.187; RIP:222.243.89.187 Request: /search.php?searchsubmit=yes
    10. 2017-10-12 18:41:27        您当前的访问请求当中含有非法字符,已经被系统拒绝
    11. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    12. User: uid=0; IP=114.252.140.139; RIP:114.252.140.139 Request: /member.php?mod=register&inajax=1
    13. 2017-10-12 18:27:07        您当前的访问请求当中含有非法字符,已经被系统拒绝
    14. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    15. User: uid=0; IP=223.149.87.68; RIP:223.149.87.68 Request: /member.php?mod=register&inajax=1
    16. 2017-10-12 18:15:17        您当前的访问请求当中含有非法字符,已经被系统拒绝
    17. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    18. User: uid=0; IP=117.2.81.221; RIP:117.2.81.221 Request: /member.php?mod=logging&action=login&loginsubmit=yes&loginhash=LRdEV
    19. 2017-10-12 18:14:08        您当前的访问请求当中含有非法字符,已经被系统拒绝
    20. PHP:index.php:0130 -> forum.php:0057 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0371 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    21. User: uid=0; IP=112.51.46.124; RIP:112.51.46.124 Request: /index.php
    22. 2017-10-12 18:03:44        您当前的访问请求当中含有非法字符,已经被系统拒绝
    23. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    24. User: uid=0; IP=223.149.87.68; RIP:223.149.87.68 Request: /member.php?mod=register&inajax=1
    25. 2017-10-12 17:52:50        您当前的访问请求当中含有非法字符,已经被系统拒绝
    26. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    27. User: uid=0; IP=113.83.72.54; RIP:113.83.72.54 Request: /member.php?mod=register&inajax=1
    28. 2017-10-12 17:46:34        您当前的访问请求当中含有非法字符,已经被系统拒绝
    29. PHP:search.php:0022 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    30. User: uid=97011; IP=115.236.100.40; RIP:115.236.100.40 Request: /search.php?searchsubmit=yes
    31. 2017-10-12 17:40:41        您当前的访问请求当中含有非法字符,已经被系统拒绝
    32. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    33. User: uid=0; IP=223.149.87.68; RIP:223.149.87.68 Request: /member.php?mod=register&inajax=1
    34. 2017-10-12 17:40:35        您当前的访问请求当中含有非法字符,已经被系统拒绝
    35. PHP:home.php:0024 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    36. User: uid=96734; IP=223.74.151.58; RIP:223.74.151.58 Request: /home.php?mod=spacecp&ac=favorite&type=thread&id=27968&formhash=868a5428&infloat=yes&handlekey=k_favorite&inajax=1&ajaxtarget=fwin_content_k_favorite
    37. 2017-10-12 17:30:27        您当前的访问请求当中含有非法字符,已经被系统拒绝
    38. PHP:home.php:0024 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    39. User: uid=85953; IP=106.2.232.165; RIP:106.2.232.165 Request: /home.php?mod=spacecp&ac=favorite&type=thread&id=28122&formhash=95beeed5&infloat=yes&handlekey=k_favorite&inajax=1&ajaxtarget=fwin_content_k_favorite
    40. 2017-10-12 17:30:10        您当前的访问请求当中含有非法字符,已经被系统拒绝
    41. PHP:search.php:0022 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    42. User: uid=73970; IP=113.87.13.120; RIP:113.87.13.120 Request: /search.php?searchsubmit=yes
    43. 2017-10-12 17:29:11        您当前的访问请求当中含有非法字符,已经被系统拒绝
    44. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    45. User: uid=0; IP=218.98.33.14; RIP:218.98.33.14 Request: /member.php?mod=logging&action=logout&formhash=df01f7e4
    46. 2017-10-12 17:15:27        您当前的访问请求当中含有非法字符,已经被系统拒绝
    47. PHP:search.php:0022 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    48. User: uid=0; IP=112.115.94.71; RIP:112.115.94.71 Request: /search.php?searchsubmit=yes
    49. 2017-10-12 17:08:17        您当前的访问请求当中含有非法字符,已经被系统拒绝
    50. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    51. User: uid=0; IP=113.83.73.173; RIP:113.83.73.173 Request: /member.php?mod=register&inajax=1
    52. 2017-10-12 16:57:48        您当前的访问请求当中含有非法字符,已经被系统拒绝
    53. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    54. User: uid=0; IP=113.91.138.15; RIP:113.91.138.15 Request: /member.php?mod=logging&action=logout&formhash=164cc775
    55. 2017-10-12 16:48:23        您当前的访问请求当中含有非法字符,已经被系统拒绝
    56. PHP:search.php:0022 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    57. User: uid=97001; IP=59.63.249.233; RIP:59.63.249.233 Request: /search.php?searchsubmit=yes
    58. 2017-10-12 16:46:46        您当前的访问请求当中含有非法字符,已经被系统拒绝
    59. PHP:member.php:0026 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0555 -> source/class/discuz/discuz_application.php:0356 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024
    60. User: uid=0; IP=123.249.17.35; RIP:123.249.17.35 Request: /member.php?mod=register&inajax=1
    复制代码
    运行记录系统错误.png


    从2014年7月到2017年10有上万条错误记录。解决方法如下:

    \source\class\discuz的discuz_application.php
    查找:

    1. private function _xss_check() {

    3.                 static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');

    5.                 if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
    6.                         system_error('request_tainting');
    7.                 }

    9.                 if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
    10.                         $temp = $_SERVER['REQUEST_URI'];
    11.                 } elseif(empty ($_GET['formhash'])) {
    12.                         $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
    13.                 } else {
    14.                         $temp = '';
    15.                 }

    17.                 if(!empty($temp)) {
    18.                         $temp = strtoupper(urldecode(urldecode($temp)));
    19.                         foreach ($check as $str) {
    20.                                 if(strpos($temp, $str) !== false) {
    21.                                         system_error('request_tainting');
    22.                                 }
    23.                         }
    24.                 }

    26.                 return true;
    27.         }
    复制代码
    替换为:
    1.         private function _xss_check() {
    2.                 $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
    3.                 if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
    4.                         system_error('request_tainting');
    5.                 }
    6.                 return true;
    7.         }
    复制代码
    后台更新缓存。

    PS:可在/data/log/中删掉除index.htm之外的文件,以清空后台>>运行记录 中的各项记录。

    |2011-2026-版权声明|平台(网站)公约|DOOOOR 设计网 ( 吉ICP备2022003869号 )|吉公网安备 22240102000357号 |联系客服