故障描述:
% g/ N' `) N) r$ d V7 c" i
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
g; b* o- K6 @, C9 E
解决方法:
. E+ Y4 }/ s- h; x; g' q
打开 sourceclassdiscuzdiscuz_application.php 文件
( k+ C% B" f! b. W, v! P
找到
+ | F4 v) J9 q: H) Eprivate function _xss_check() {
( h/ {7 @# K# \; p9 g
3 v. \4 l; C2 ^4 p static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
# N2 r/ I' T+ i7 ^8 i3 D' i
, }2 J! ]1 N$ v0 v if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
4 h" _7 |' _# ]# ]4 s
system_error('request_tainting');
/ k$ t S6 V' {# m/ f }
6 O6 H; O6 h. Q3 `
5 ]0 X" L* d# j! t' V" n if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
7 A5 V, I, c1 c- }4 r, }- r5 X
$temp = $_SERVER['REQUEST_URI'];
: g j) u; f% F5 f6 x# |
} elseif(empty ($_GET['formhash'])) {
; n$ Z/ n, W+ T0 O# y& i- Y $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
! E R5 ]# @9 g; w# @7 @6 E: q, Y+ X } else {
s8 F" L1 G9 Y$ E. p9 t' \+ f
$temp = '';
2 h) {7 m% i$ p6 v; r x
}
; }) @, e* `+ C+ H# a8 D7 O3 q# f6 }5 l! J$ B5 l
if(!empty($temp)) {
4 p+ q; @( E: Z m1 G $temp = strtoupper(urldecode(urldecode($temp)));
+ ~* s1 I' x9 G v; J. R& N foreach ($check as $str) {
" K- W1 S9 D7 [5 s+ d2 ^) G7 Z
if(strpos($temp, $str) !== false) {
+ H4 |+ o) x% ~9 z; O+ k2 o. t system_error('request_tainting');
- O, |, U3 [6 e$ }+ r4 B" i
}
% Z0 y1 g" C- b% p. e% S+ @+ s5 B }
8 U6 ^' Z% q4 a. n
}
+ Z6 d" I1 `1 W; }
# X+ c6 V' L0 A8 D% S& M return true;
/ A+ R- p9 m2 [5 j9 ~2 L# C}
% v3 I4 b) s8 h
修改为
) {/ o- Z: E# U% X% Fprivate function _xss_check() {
5 j9 s/ R3 O1 O4 q- D3 J $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
/ I& Z ~& y9 w1 U `+ V if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
! q5 }" Y; @& L. h M( X system_error('request_tainting');
2 z! z0 {. Z' j; K0 w }
3 T, M$ c' K- U0 y4 _5 T
return true;
, J5 l& r! `; ^7 b}
5 I% @) W* h, Q, I- p6 ] F