source/class/discuz/discuz_application.php
- 350 private function _xss_check() {
- 351
- 352 static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
- 353
- 354 if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
- 355 system_error('request_tainting');
- 356 }
复制代码
|