Discuz! \u51fa\u73b0\u201cDiscuz! System Error \u60a8\u5f53\u524d\u7684\u8bbf\u95ee\u8bf7\u6c42\u5f53\u4e2d\u542b\u6709\u975e\u6cd5\u5b57\u7b26,\u5df2\u88ab\u7cfb\u7edf\u62d2\u7edd\u201c\u7684\u95ee\u9898<\/p>\n\n\n\n
\u65b9\u6cd5\/\u6b65\u9aa4
\u88c5\u597d\u7684Discuz! \u641c\u7d22\u65f6 \u51fa\u73b0\u201c\u60a8\u5f53\u524d\u7684\u8bbf\u95ee\u8bf7\u6c42\u5f53\u4e2d\u542b\u6709\u975e\u6cd5\u5b57\u7b26,\u5df2\u88ab\u7cfb\u7edf\u62d2\u7edd\u201c\u7684\u95ee\u9898.<\/p>\n\n\n\n
Discuz! \u60a8\u5f53\u524d\u7684\u8bbf\u95ee\u8bf7\u6c42\u5f53\u4e2d\u542b\u6709\u975e\u6cd5\u5b57\u7b26
\u5728\u4f60\u4e0b\u7684Discuz! \u5b89\u88c5\u7a0b\u5e8f\u6587\u4ef6\u5939 upload \u4e2d\u627e\u5230\u4e0b\u9762\u8fd9\u4e2a\u6587\u4ef6<\/p>\n\n\n\n
\\source\\class\\discuz\\discuz_application.php<\/p>\n\n\n\n
Discuz! \u60a8\u5f53\u524d\u7684\u8bbf\u95ee\u8bf7\u6c42\u5f53\u4e2d\u542b\u6709\u975e\u6cd5\u5b57\u7b26
Discuz! \u60a8\u5f53\u524d\u7684\u8bbf\u95ee\u8bf7\u6c42\u5f53\u4e2d\u542b\u6709\u975e\u6cd5\u5b57\u7b26
\u7528 \u8bb0\u4e8b\u672c \u65b9\u5f0f\u6253\u5f00discuz_application.php\u8fd9\u4e2a\u6587\u4ef6,<\/p>\n\n\n\n
\u627e\u5230\u4e0b\u9762\u8fd9\u6bb5\u4ee3\u7801<\/p>\n\n\n\n
private function _xss_check() {<\/p>\n\n\n\n
static $check = array('\"', '>', '<', '\\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');\n\n if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {\n\n system_error('request_tainting');\n\n }\n\n if($_SERVER['REQUEST_METHOD'] == 'GET' ) {\n\n $temp = $_SERVER['REQUEST_URI'];\n\n } elseif(empty ($_GET['formhash'])) {\n\n $temp = $_SERVER['REQUEST_URI'].file_get_contents('php:\/\/input');\n\n } else {\n\n $temp = '';\n\n }\n\n if(!empty($temp)) {\n\n $temp = strtoupper(urldecode(urldecode($temp)));\n\n foreach ($check as $str) {\n\n if(strpos($temp, $str) !== false) {\n\n system_error('request_tainting');\n\n }\n\n }\n\n }\n\n return true;\n\n }<\/code><\/pre>\n\n\n\n\u66ff\u6362\u6210\u4e0b\u9762\u8fd9\u6bb5\u4ee3\u7801<\/p>\n\n\n\n
private function _xss_check() {<\/p>\n\n\n\n
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));\n\n if(strpos($temp, '<') !== false || strpos($temp, '\"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {\n\n system_error('request_tainting');\n\n }\n\n return true;\n\n }<\/code><\/pre>\n\n\n\n\u66ff\u6362\u6210\u529f\u540e,\u4fdd\u5b58\u6587\u4ef6,\u518d\u628a\u8fd9\u4e2a\u6587\u4ef6\u4e0a\u4f20\u5230\u4f60\u5bf9\u7f51\u7ad9\u5bf9\u5e94\u6587\u4ef6\u5939\u66ff\u6362\u6210\u8fd9\u4e2a\u4fee\u6539\u597d\u7684\u6587\u4ef6,\u5c31\u80fd\u5b9e\u73b0\u6b63\u5e38\u641c\u7d22\u529f\u80fd\u4e86<\/p>\n","protected":false},"excerpt":{"rendered":"
Discuz! \u51fa\u73b0\u201cDiscuz! System Error \u60a8\u5f53\u524d\u7684\u8bbf\u95ee\u8bf7\u6c42\u5f53\u4e2d\u542b\u6709\u975e\u6cd5\u5b57\u7b26,\u5df2\u88ab\u7cfb\u7edf\u62d2\u7edd\u201c\u7684\u95ee\u9898 \u65b9\u6cd5\/\u6b65\u9aa4\u88c5\u597d\u7684Discuz! \u641c\u7d22\u65f6 \u51fa\u73b0\u201c\u60a8\u5f53\u524d\u7684\u8bbf\u95ee\u8bf7\u6c42\u5f53\u4e2d\u542b\u6709\u975e\u6cd5\u5b57\u7b26,\u5df2\u88ab\u7cfb\u7edf\u62d2\u7edd\u201c\u7684\u95ee\u9898. Discuz! \u60a8\u5f53\u524d\u7684\u8bbf\u95ee\u8bf7\u6c42\u5f53\u4e2d\u542b\u6709\u975e\u6cd5\u5b57\u7b26\u5728\u4f60\u4e0b\u7684Discuz! \u5b89\u88c5\u7a0b\u5e8f\u6587\u4ef6\u5939 upload \u4e2d\u627e\u5230\u4e0b\u9762\u8fd9\u4e2a\u6587\u4ef6 \\source\\class\\discuz\\discuz_application.php Discuz! \u60a8\u5f53\u524d\u7684\u8bbf\u95ee\u8bf7\u6c42\u5f53\u4e2d\u542b\u6709\u975e\u6cd5\u5b57\u7b26Discuz! \u60a8\u5f53\u524d\u7684\u8bbf\u95ee\u8bf7\u6c42\u5f53\u4e2d\u542b\u6709\u975e\u6cd5\u5b57\u7b26\u7528 \u8bb0\u4e8b\u672c \u65b9\u5f0f\u6253\u5f00discuz_application.php\u8fd9\u4e2a\u6587\u4ef6, \u627e\u5230\u4e0b\u9762\u8fd9\u6bb5\u4ee3\u7801 private function _xss_check() { \u66ff\u6362\u6210\u4e0b\u9762\u8fd9\u6bb5\u4ee3\u7801 private function _xss_check() { \u66ff\u6362\u6210\u529f\u540e,\u4fdd\u5b58\u6587\u4ef6,\u518d\u628a\u8fd9\u4e2a\u6587\u4ef6\u4e0a\u4f20\u5230\u4f60\u5bf9\u7f51\u7ad9\u5bf9\u5e94\u6587\u4ef6\u5939\u66ff\u6362\u6210\u8fd9\u4e2a\u4fee\u6539\u597d\u7684\u6587\u4ef6,\u5c31\u80fd\u5b9e\u73b0\u6b63\u5e38\u641c\u7d22\u529f\u80fd\u4e86<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-723","post","type-post","status-publish","format-standard","hentry","category-discuz"],"_links":{"self":[{"href":"http:\/\/www.cnitw.com\/index.php?rest_route=\/wp\/v2\/posts\/723","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.cnitw.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.cnitw.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.cnitw.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.cnitw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=723"}],"version-history":[{"count":1,"href":"http:\/\/www.cnitw.com\/index.php?rest_route=\/wp\/v2\/posts\/723\/revisions"}],"predecessor-version":[{"id":724,"href":"http:\/\/www.cnitw.com\/index.php?rest_route=\/wp\/v2\/posts\/723\/revisions\/724"}],"wp:attachment":[{"href":"http:\/\/www.cnitw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.cnitw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=723"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.cnitw.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}