故障描述:
/ v5 A8 c( d8 Z: i+ e* c/ L+ Z! @
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
5 d. C9 W) Y9 N5 b, }+ ?( r
解决方法:
k0 D. ]" k' P q0 P0 Q- B. T打开 sourceclassdiscuzdiscuz_application.php 文件
1 Y. N4 \. B* _" R- V7 ]
找到
' H" C" p' g0 Uprivate function _xss_check() {
q( x3 A$ L' t/ h. G) |+ r4 y/ o, J
% [- T7 t4 ^0 u
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
/ Q L! o/ G7 N$ e% B, t
! `( v0 J, m4 H0 e( W+ [ d) M$ Z if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
% Z$ f/ f3 f/ {. l: Q system_error('request_tainting');
8 @% _4 a0 T |+ c. ]: k }
" `( z9 U. m4 J# N. _
8 O: a$ T5 I: { r: L l" P; z
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
j" b/ Q( \# I; | $temp = $_SERVER['REQUEST_URI'];
$ |$ P2 p, [* i! m, L4 u' B
} elseif(empty ($_GET['formhash'])) {
( B+ i4 f- ?. {, N
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
. S3 `1 j# Q- T } else {
3 v5 ^4 o& d* t3 k" b; W $temp = '';
! X+ W9 Q/ o l) e- g# X }
a1 M9 g1 W, l1 t1 y
7 m& y' F, g6 D3 m6 G: ~
if(!empty($temp)) {
9 }+ n2 O' C, r: Q $temp = strtoupper(urldecode(urldecode($temp)));
0 T- r! z) D/ c2 |7 R foreach ($check as $str) {
( X% C/ b0 G1 B' C& J6 ?# F if(strpos($temp, $str) !== false) {
1 u& z: i0 z4 M, w! r6 g* w system_error('request_tainting');
' K; f- s. [# D/ @1 v1 z$ Q2 j
}
+ g: ^2 T. n% a. g3 r }
+ ?: p4 z4 V7 N2 U' {1 Z7 P }
( E9 G! v: d. R9 A) Y4 Y
2 E, A3 t# {& q1 V* @# N5 E9 w9 W: ~ return true;
; `2 i6 I( p, \, I0 \( {: V}
`: g$ \1 m% `. X修改为
! m% P3 ]$ x1 i' Z, s
private function _xss_check() {
; U3 b2 N7 E& ~& W
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
/ r3 d+ h( e( e: `
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
8 w+ v2 ]8 `# j8 ^2 z
system_error('request_tainting');
0 n8 O: U* X2 o% D
}
2 [ X+ O. Q; [
return true;
$ ~% ~( ?( E# q1 t/ L1 p( _
}
8 }" K8 u' _6 t7 m) K" B8 `8 i# Z3 T, r