故障描述:
8 T) S" c/ T7 [$ b/ h9 q
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
$ b* n0 k2 ^7 f |5 F. c! z* \
解决方法:
" a$ H6 k) T, y) w6 W
打开 sourceclassdiscuzdiscuz_application.php 文件
, i% d+ T' v( z, u. Z! q( }找到
) S O& K0 V' N3 ^7 F
private function _xss_check() {
; g, v3 c0 s. H |5 `! {$ w
* y, p2 @5 ?' j1 h
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
* U4 f* R2 ?$ M% Q
- P" U% P+ w0 i2 Z. I% n A7 h9 v if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
+ ~5 w$ c1 I% j, C
system_error('request_tainting');
9 V8 T$ x+ [! P9 x: n2 p) d
}
% R) @ ~3 G( ~0 ^6 t, h. ?; ~ l: \: W
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
+ K' u5 @3 y; ^" o8 A* c
$temp = $_SERVER['REQUEST_URI'];
. P3 B4 O* T6 f: r' x. A+ K
} elseif(empty ($_GET['formhash'])) {
% L! b: K( D/ @6 j- ?
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
+ J! a% E( n% ] _& {9 P+ G6 y, M } else {
! u& i4 b$ F3 Y) ~$ g' l
$temp = '';
( M* I4 J' R& Z3 Z" W( G
}
. H5 ?7 b: K9 \: W* m- Z8 M
3 t' [6 K6 M# z/ ~ d) V8 U1 T- ?0 U if(!empty($temp)) {
( F, Z4 D F* t! P $temp = strtoupper(urldecode(urldecode($temp)));
( J0 |& h2 @0 h
foreach ($check as $str) {
8 A* H/ G) [% d- u, \ if(strpos($temp, $str) !== false) {
) i# O& I& p* N system_error('request_tainting');
8 y m. {0 |7 K0 s }
$ U+ f3 g9 ?3 s8 l
}
: P' R- m t1 d
}
$ Q, O q7 `2 _2 F6 p {6 f& P' p# @3 z+ s2 I$ v2 Q
return true;
3 @( o! N2 Z5 m8 W! J9 A}
5 Q! e: t' o7 E3 l
修改为
3 s) x7 @/ [7 @. Kprivate function _xss_check() {
% _/ p* k. t2 O+ \ $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
1 j9 E3 K2 y' ~6 r& _6 N3 U w
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
# Q7 x, A. o3 `( { system_error('request_tainting');
7 v. k# p$ `0 p! b+ q1 G7 `2 U
}
# L) c3 D+ M! D6 i2 y t& c return true;
" Z0 r! \+ G# U- d}
2 i- ]0 K# @$ [9 y) G; S