<', '\'', '(', ')', '‘', '’', '“', '”', ';', '<!--', '-->', '<?', '?>', '<%', '%>', 'eval', 'alert', 'confirm', 'prompt');
if($this->denyrequest && strpos($_SERVER['REQUEST_URI'], 'plugin.php?id=') === false) {
foreach ($_POST as $key => $value) {
$this->_xss_check_value($value);
}
foreach ($_GET as $key => $value) {
$this->_xss_check_value($value);
}
foreach ($_COOKIE as $key => $value) {
$this->_xss_check_value($value);
}
}
}
修改为:
private function _xss_check() {
// static $check = array('"', '>', '<', '\'', '(', ')', '‘', '’', '“', '”', ';', '<!--', '-->', '<?', '?>', '<%', '%>', 'eval', 'alert', 'confirm', 'prompt');
static $check = array();
if($this->denyrequest && strpos($_SERVER['REQUEST_URI'], 'plugin.php?id=') === false) {
foreach ($_POST as $key => $value) {
$this->_xss_check_value($value);
}
foreach ($_GET as $key => $value) {
$this->_xss_check_value($value);
}
foreach ($_COOKIE as $key => $value) {
$this->_xss_check_value($value);
}
}
}
此时,重新刷新页面,会发现“您当前的访问请求当中含有非法字符,已经被系统拒绝”的报错信息消失了。
-- 来源:OpenAI ****GPT |