故障描述:
9 }: W+ Y8 X4 j4 v+ ^/ V* C0 u6 E, v
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
2 o* b& T9 W' H g解决方法:
* |! T' f( }1 T$ g" I ? Y' n打开 sourceclassdiscuzdiscuz_application.php 文件
) K/ `+ T( h5 \3 O7 T
找到
6 Z8 H0 \$ |4 m: e. Z/ h! ^ mprivate function _xss_check() {
& o& b- y: R# j4 t- W# ]
" ]+ \1 r& R; ~0 v( u' S static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
$ K' h" C: o) o3 y' F( S
2 y! p! {& S) s" Z! Z if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
9 ^! D: u4 Y, Y& ^2 n4 L) L
system_error('request_tainting');
' i1 U6 V# G% W
}
$ A o' I: Z3 s* z$ x, L V& t0 }
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
3 l) ]3 k: t: Z& p# J $temp = $_SERVER['REQUEST_URI'];
' x4 ?4 z* l) X9 M
} elseif(empty ($_GET['formhash'])) {
6 r* I5 p. O* n4 {
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
9 \4 E) d- z7 s, r% n: d
} else {
3 }# j& ?9 e- e3 u
$temp = '';
) T1 g% u) T( w# X1 \% N }
; t8 A. S2 ]6 q7 J
" q: b! v$ A, N9 \8 B4 l. e* l. s
if(!empty($temp)) {
1 O+ O1 J9 q7 `1 }
$temp = strtoupper(urldecode(urldecode($temp)));
% t9 l) B0 G' N0 n0 Z0 Y
foreach ($check as $str) {
1 S2 j4 @+ _0 p9 _
if(strpos($temp, $str) !== false) {
1 d& n q: F9 z/ m8 a5 [ system_error('request_tainting');
6 c- y3 t5 t; A2 V. Y, B3 j# C
}
9 u& R' j/ B; P }
7 U3 L. L0 P2 @* g! U9 _ }
4 F9 o& Z4 O: E" R
2 D0 P4 N$ k7 y" C+ t/ L7 N* @ return true;
9 B+ m" M! f% i% ?
}
+ B F* f# g# H0 ]& D
修改为
; t- q4 c! A! A6 c8 {
private function _xss_check() {
- q: M" u( B& V) Q9 a' s6 @& \ $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
3 P- }' H/ e+ h7 Y( U+ u4 ^
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
+ D7 d5 B A. s system_error('request_tainting');
; x6 b# N6 P' o Z
}
0 ~; N7 @5 p2 u5 O* f return true;
1 C. A, C9 @+ T+ W6 S
}
2 ]2 x- m9 c( O7 l3 f# k. R/ n5 ^