allthebest 發表於 2021-4-14 00:18:03

采集器:“您当前的访问请求当中含有非法字符"解决方案!

关于Discuz!中“您当前的访问请求当中含有非法字符,已经被系统拒绝”的问题,在添加或更新文章的时候经常出现,经测试发现出现这种情况更多的在使用工具(如火车头采集器)批量发布文章时出现,仔细分析发现,当发布的正文内容出现特殊符号(&amp;,/,&lt;,&gt;等)时出现这样的错误提示。<br /><br />出现这样的错误主要是因为Discuz!系统的_xss_check()函数原本的意义是为了论坛安全,防止XSS攻击,一般网站使用是不会出现什么问题的,但是有些网站要接入第三方接口,当第三方接口向本站post数据的时候就会报”您当前的访问请求当中含有非法字符,已经被系统拒绝”,本文介绍一种简单的修改方法避免此错误。<br /><br /><strong>解决方案如下:</strong><br /><br />\source\class\discuz的discuz_application.php<br /><br />查找如下代码(在360行左右),并替换<br /><br /><ol><li>private function _xss_check() {<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; static $check = array('&quot;', '&gt;', '&lt;', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; if(isset($_GET['formhash']) &amp;&amp; $_GET['formhash'] !== formhash()) {<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; system_error('request_tainting');<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; }<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; if($_SERVER['REQUEST_METHOD'] == 'GET' ) {<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $temp = $_SERVER['REQUEST_URI'];<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; } elseif(empty ($_GET['formhash'])) {<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; } else {<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $temp = '';<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; }<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; if(!empty($temp)) {<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $temp = strtoupper(urldecode(urldecode($temp)));<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; foreach ($check as $str) {<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if(strpos($temp, $str) !== false) {<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; system_error('request_tainting');<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; }<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; return true;<br /><li>}</ol><br /><br />替换为:<br /><br /><ol><li>private function _xss_check() {<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; if(strpos($temp, '&lt;') !== false || strpos($temp, '&quot;') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; system_error('request_tainting');<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; }<br /><li>&nbsp; &nbsp; &nbsp; &nbsp; return true;<br /><li>}</ol><br /><br />更新缓存<br />出现<em>, </em>当前<em>, </em>访问<em>, </em>请求<em>, </em>中含有

永远是第一次 發表於 2022-6-12 20:59:41

<br /><br />我的采集,里面的代码都被我替换掉了,依然发布会有:“您当前的访问请求当中含有非法字符",这是为什么?<br /><br />按照你的修改后,发布直接显示:返回的Header:错误<br />

allthebest 發表於 2022-6-12 21:35:48

<br />清空浏览器缓存或更换浏览器后再看看

永远是第一次 發表於 2022-6-12 21:43:27

<br />我用的火车头采集器!

neol 發表於 2022-6-15 09:09:58

<br />官网下的?好用吗?<br />
頁: [1]
查看完整版本: 采集器:“您当前的访问请求当中含有非法字符"解决方案!