故障描述:
/ b8 D! C$ ]/ L" X退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
& \4 ^& b* ]/ O; ^9 M) T4 c1 b
解决方法:
( Y7 M1 \6 j2 J- l9 u打开 sourceclassdiscuzdiscuz_application.php 文件
2 i- a; S. Z) f$ P7 t, b找到
/ r% S' A8 C. kprivate function _xss_check() {
# s1 q7 n% g% M' n0 W' K- v) p' n* z
. ?+ C- h& C$ [1 v3 t
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
) {, u9 L& w! M `. x
( n: \% r6 b+ y
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
* X; T- P( D/ F# P0 W system_error('request_tainting');
$ ?/ k; d M \
}
U) L1 j9 h. A: ~
" W+ }; C+ a4 P' p( \6 r' W
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
- G, Y! ]) P8 v3 K% v) j& u& p $temp = $_SERVER['REQUEST_URI'];
! f! e- u/ {7 d# x' Z3 Z' P* ~ } elseif(empty ($_GET['formhash'])) {
/ F4 j$ a9 s4 O) r t $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
( z. W+ X% Y$ N6 d: u } else {
3 X5 O' n; d; |; p" c0 j4 a
$temp = '';
" S L/ h) ]# |! m4 f3 Z" Q( D9 P: q
}
8 P0 S& S! v6 [/ T
4 q! x6 @( }, Z8 ^8 }5 e if(!empty($temp)) {
2 ^! N; C4 w0 y! k" j $temp = strtoupper(urldecode(urldecode($temp)));
; `9 |1 w" e: l% t! v( x% C i
foreach ($check as $str) {
. g% D6 g% C* Z
if(strpos($temp, $str) !== false) {
; H4 D$ }; w5 y system_error('request_tainting');
9 O. x. P: S. O r }
( p; B/ e0 n4 C! c5 w }
% m0 z) i/ M) j }
0 D* a- i% G) @5 v
$ z" G2 f, A* Q3 b- R return true;
* V2 u; M0 f, k {& D
}
! c; _: T( k: A9 V
修改为
W; m$ t: Z- Q
private function _xss_check() {
2 `9 e( J \4 L9 r7 g $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
) w O9 u- w) q1 l
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
0 \4 m6 q, R n x% V& R4 ? system_error('request_tainting');
8 m6 u8 [ X& l: i }
/ \+ {+ i. w- _" ~8 D9 ] P
return true;
: v9 \5 {3 J4 l1 N; S2 G
}
' r* `( v5 a$ n
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
