这是php的代码 0){showmessage('添加失败');}else{showmessage('添加失败');} }}?>
模板的 名称:
简介:
错误提示
discuz! system error
您当前的访问请求当中含有非法字符,已经被系统拒绝
php debug
[line: 0025]admin.php(discuz_application->init)
[line: 0071]source\class\discuz\discuz_application.php(discuz_application->_init_misc)
[line: 0552]source\class\discuz\discuz_application.php(discuz_application->_xss_check)
[line: 0355]source\class\discuz\discuz_application.php(system_error)
[line: 0023]source\function\function_core.php(discuz_error::system_error)
[line: 0024]source\class\discuz\discuz_error.php(discuz_error::debug_backtrace)
回复讨论(解决方案) 请贴出你提交后php页面获取的$_server['request_uri']
应该是有特殊字符,<,“,content-transfer-encoding
请贴出你提交后php页面获取的$_server['request_uri']
应该是有特殊字符,<,“,content-transfer-encoding
我在空表单上提交也是提示这个
这个说不清楚,只能看你的$_server['request_uri']这个值
抛出错误的位置在source\class\discuz\discuz_application.php,里面有个_xss_check()的私有方法,你自己看一下吧
$_server['request_uri']这个值
/admin.php?action=plugins&operation=config&do=23&identifier=baoming&pmod=fabu
x2.5测试没问题,请查看你的_xss_check()方法,在source\class\discuz\discuz_application.php
是否如下所示,若不是,请替换 private function _xss_check() { $temp = strtoupper(urldecode(urldecode($_server['request_uri']))); if(strpos($temp, '<') !== false || strpos($temp, '') !== false || strpos($temp, 'content-transfer-encoding') !== false) { system_error('request_tainting'); } return true; }