故障描述:
- B9 t' W- a9 c' w退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
. x, @- u z: N- s6 T解决方法:
* d1 n* s4 @* m' g
打开 sourceclassdiscuzdiscuz_application.php 文件
, P7 y; g. l& e( {3 r; C) g
找到
Y% Z6 D: o' B5 K- Jprivate function _xss_check() {
6 F1 H8 @; g( P" d0 h& f) T& F. N2 @9 @" \6 c7 v1 d
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
, G, z& k: j7 C! ^
! s0 H8 P4 p: y
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
6 O8 M% K, ?& |' c% n5 ` system_error('request_tainting');
- o( Q* W/ C$ ~, x5 N! N4 P' A: x: n
}
2 Y# B! c, D/ G
4 Q. t+ p5 B# ~4 m& v. C% c! b1 a
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
" m. m8 g7 L8 D( H& _$ {6 E1 N+ T
$temp = $_SERVER['REQUEST_URI'];
7 U) b& s% A, V: ? }% @ x3 w } elseif(empty ($_GET['formhash'])) {
8 `3 U, o# u4 O( W! y $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
- t) h, \( L7 Q! Q. B( E8 A
} else {
3 z5 N! Z- z4 X& J
$temp = '';
. ~; B$ v7 H# V" E: x, k+ \ i }
' x$ D4 [7 f' J2 R/ A3 Q3 [$ `
2 o9 _& C* k- i; [ if(!empty($temp)) {
( j+ X% F; u p. C. i7 N! z
$temp = strtoupper(urldecode(urldecode($temp)));
4 v. y6 b- F8 C, ^
foreach ($check as $str) {
9 H, E1 q9 e9 _2 |7 A
if(strpos($temp, $str) !== false) {
& T7 X% ?/ z+ e, g5 P( H system_error('request_tainting');
9 u2 V( Z8 _2 B/ R6 D7 Q/ m
}
, Q& l7 P4 b k' s8 R# r/ x2 v8 T
}
( w( a2 U* X% u. b2 Q0 M& h. b! f }
, m/ |8 c: g9 K. F/ X
% b( S6 Z/ J9 s* v
return true;
/ e) G( J( ?( n
}
$ O! o8 d/ G6 t. l( n1 E) Q修改为
7 A% m. e1 B: z$ `2 K
private function _xss_check() {
4 @1 c L, m# n3 J! z8 e; A8 d$ ] $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
/ w e1 ~$ r9 o* ?' B( X1 ` if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
- ~: i" n, u1 d- q/ q U5 K
system_error('request_tainting');
' K# }' [+ K2 f' D }
/ j R, y% V) p: G, _ return true;
8 }4 ]3 z+ k) w' c}
" B; d% f3 ^- L, L- x" ] S