故障描述:
9 H. G+ Y; ^) I; z8 d* @' `退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
+ M/ C, b+ D, v/ @* [1 D6 E. |4 |
解决方法:
' O3 r( |3 s: ]& @* l6 z* ^( G4 V
打开 sourceclassdiscuzdiscuz_application.php 文件
1 D) O. K: |0 ^" F/ \+ r找到
. @3 v/ N5 z. K$ I% R" I. kprivate function _xss_check() {
$ ~6 S* n/ |. [, T- d% A7 s- C" ~
3 h+ q/ F% d& Q: q; p4 D3 e: I static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
- V3 T" r4 K6 P' k& H$ S3 ~
5 q, f6 Q# F# E2 M$ c/ U if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
k% f* F5 u3 W5 ? \6 j* D/ { system_error('request_tainting');
5 T$ y& E' h" V' V0 ~: @
}
! E8 P9 F c4 T1 ^4 m
- L5 }+ ?+ ~5 g( W8 d if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
, U/ z7 w; j. M$ T
$temp = $_SERVER['REQUEST_URI'];
1 R+ x4 a0 U9 y: x: u } elseif(empty ($_GET['formhash'])) {
! o1 |' c, U7 m7 a2 Y $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
, s+ n3 R* Q8 M( D5 d! f9 l
} else {
H) i8 \& F* \) k& e1 t $temp = '';
' N% ~& b% ^( z( g
}
8 B3 {) h: O% i- c( R& E$ ~
) @; K4 E: y( x7 r- U
if(!empty($temp)) {
) t' a! s5 R# q& y( K' F* l* i g4 y $temp = strtoupper(urldecode(urldecode($temp)));
5 x4 u+ d. @) t: S7 X foreach ($check as $str) {
: L4 ~: s0 f1 O4 \% k3 c if(strpos($temp, $str) !== false) {
5 k* J% y( ~3 `
system_error('request_tainting');
& N9 }" D0 q; ]3 M; Q7 k. ~+ p
}
1 o1 G# t. w! ^7 t, {
}
( `0 z6 p6 @0 N4 e( ~1 G; g- ^ }
/ Y1 e" T7 t$ l2 Z" {8 ?2 f/ r; q8 @" Y7 h& U$ M
return true;
6 M! _0 l/ w7 H
}
# k' m: {/ n. w6 [
修改为
8 g) J. o) L3 B! l3 `' Uprivate function _xss_check() {
. z$ M# ~' t$ H7 t6 b7 R! l
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
Z% O/ K, @$ J2 o if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
6 [# r6 [7 H* i; |4 o system_error('request_tainting');
8 l+ Y9 t+ l9 B }
, p) m, V. u. a, x return true;
& J; t: L/ a/ P) F C
}
* C; Y5 u# L: q) u$ S' K