故障描述:
! z6 z! P- m( ?5 u+ d/ G2 V+ ?
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
5 c8 E. O$ {! I9 V解决方法:
; d! Z# U" g; s' p* l
打开 sourceclassdiscuzdiscuz_application.php 文件
9 S0 j3 ^; u( p' {+ [找到
& x4 U0 f7 D5 j) i# K8 \
private function _xss_check() {
( |9 j* q. w9 k/ U* h- q% X9 F
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
7 k' M4 x' v6 K& n/ o7 d9 k9 C" p. U
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
, j! E1 G. @; q3 C5 p0 } system_error('request_tainting');
- r2 x( q' M, U- Y0 c! h8 {
}
, a3 `' u" H; X* E4 ]1 u2 J5 k7 ?' P; ]: D1 `8 F
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
- _" q* [/ a$ m0 ?$ P D$ T $temp = $_SERVER['REQUEST_URI'];
- s; r0 D' G) v! F/ X } elseif(empty ($_GET['formhash'])) {
0 R9 `2 g& Y7 _5 W6 [, a4 \$ u2 B: p $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
$ s! M" B e0 @ } else {
& ]1 m/ H, L& V" @7 M6 O $temp = '';
" G% ?% P: G( E/ w
}
- R! V; a! M$ w
& A8 Y% `% }( C6 G$ I, G if(!empty($temp)) {
: D/ M* P" g2 H- U3 I1 f $temp = strtoupper(urldecode(urldecode($temp)));
% C: E2 j! u4 I M foreach ($check as $str) {
8 p8 u' Y1 ]- N1 x: M" j9 ^/ {$ `: t4 E
if(strpos($temp, $str) !== false) {
; |5 k1 P7 L+ T, m2 v$ ?& | system_error('request_tainting');
3 m, \& M6 a' k& J0 e1 W }
7 e1 r8 S7 ~9 l+ t- M; j ~
}
% E9 P% y0 W3 |' b }
( K8 |1 j s5 C5 @) M! B. W- R% ]6 L
return true;
f# W# |! {5 q9 N; N
}
4 x9 B' j8 D2 g; }2 n5 R; b修改为
& C# B$ G# r6 \private function _xss_check() {
- M! v& b. T# l% Y9 j
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
8 ~+ x4 y* N* e
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
; R2 @8 P- [9 W2 G% G2 v0 P/ X
system_error('request_tainting');
0 y0 U0 {1 O: G
}
( ] v% s# Z0 C8 i2 u return true;
1 m" C3 r' f( j3 E}
/ t& P# @& R( `( u* M