故障描述:
# V% G! j. ?: ~5 G z/ P# W; n
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
# l4 w/ r8 @4 W9 C1 V8 w
解决方法:
9 E x @9 ^$ J/ ]& z( M+ @
打开 sourceclassdiscuzdiscuz_application.php 文件
/ ~- _5 J, g l0 r: Z
找到
- K. N8 [9 T2 L! R: `# r- B
private function _xss_check() {
. ^) I8 L0 ]& z. `/ w6 i0 J
( V8 _. {% N; e) b" o* e6 C/ ]
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
, M% a1 S7 | k$ s/ ~4 V; U3 w
5 X' F/ D5 i P7 j: J if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
% Z7 J8 h: n- h6 n
system_error('request_tainting');
: T/ p: I6 W( L6 o- l }
4 A1 f; }: f! Z- ^
% O/ [# Z( u" M7 W: V1 r if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
8 M8 x& J( M$ B3 J
$temp = $_SERVER['REQUEST_URI'];
}! D; B5 P' H0 N: f4 T! h } elseif(empty ($_GET['formhash'])) {
% |8 V$ V- Q8 l $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
( F5 K. Y. Z2 o$ n1 d. L } else {
5 T0 G$ X* k* [% \8 [! ]- G $temp = '';
- p+ z! z) ^2 A& y }
( A. F9 [/ `! C( G' s5 {
! o2 ^: J1 E; i) P4 _ if(!empty($temp)) {
9 f& u6 [9 ? x
$temp = strtoupper(urldecode(urldecode($temp)));
8 C; X& J0 k2 [$ R" C8 E
foreach ($check as $str) {
, r8 I* j% H! q3 v; b
if(strpos($temp, $str) !== false) {
. K. A/ l" H" F8 ^: d6 _7 g
system_error('request_tainting');
$ r5 Z4 h9 {" ]9 C6 X$ A
}
' ]1 U& t: e& s* S) C8 G/ B }
- v* w/ M( O0 k
}
* c9 a# d- w) O
% o9 D% Y3 i$ l% S* V8 y) W, k# n return true;
) f {3 x7 b& G$ b6 e! O3 q
}
& h% }1 }6 t* q9 P; C E: G
修改为
7 a, ]4 M0 {$ W7 ~ c6 Nprivate function _xss_check() {
) I/ J! a0 z$ b$ s- H F" ]
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
! z" o5 K2 Q6 Y) S$ d: ~3 r; | if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
2 n# ?9 z/ u! m3 V% G system_error('request_tainting');
- w# V, Q4 ?7 {: x- n& h+ M0 | }
0 U* y5 {. I/ W! @' Q
return true;
0 }$ U. E- f: B/ p3 x6 k, C
}
' D3 I5 K4 }6 D+ Y- V8 [. Z( T