故障描述:
; y: r. e E6 p$ E* b) d( ?) |
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
' F$ A: s+ d0 Q1 J: z
解决方法:
$ f/ d8 z# N# u7 I6 ]+ ]5 r
打开 sourceclassdiscuzdiscuz_application.php 文件
1 T3 |$ z# Y+ I* m' j: E
找到
' ^9 r3 @4 p' a
private function _xss_check() {
* s2 x7 ~. ^$ p! N$ t# x+ B# n$ N, J+ }- L
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
8 x9 B, h# E" y' o5 A
3 n) p4 ]$ t- L) |, U' h
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
3 b$ x/ {7 v/ T5 Z3 Y
system_error('request_tainting');
L& k: z* K+ ~( z# _
}
5 N( e& f+ I* u2 V* T4 C& j8 l
* R9 K# D1 ~3 N1 k8 ~ if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
( }2 d1 l: o& | }; m $temp = $_SERVER['REQUEST_URI'];
0 h- H7 O: \, l5 f q- ] } elseif(empty ($_GET['formhash'])) {
. m+ g { ]6 d- ~. D( C, a $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
- T5 z! c4 Y: b3 d& O$ J
} else {
# P8 j( ~! s. i- |& C $temp = '';
. {. j1 `' z# A }
5 n) ^& u/ o# R3 l2 x/ |
9 E$ v/ U& O8 @- t# V1 q; e$ J; N if(!empty($temp)) {
; a& _) g# a4 H/ `4 _ $temp = strtoupper(urldecode(urldecode($temp)));
& e7 _# Y' @4 v foreach ($check as $str) {
) G a4 B1 h7 R6 \3 }0 e) g
if(strpos($temp, $str) !== false) {
! B9 ~$ E3 e8 H/ U. r& ~ system_error('request_tainting');
4 `* p( X) A2 Z, r0 E
}
$ C5 T' W2 p [! L4 {
}
- I6 d+ S# i# t* d
}
$ i" W! A8 g# S+ A d ?, W3 V( y9 D* m5 y. L t$ o: v2 d
return true;
% U- p0 a8 U/ d
}
3 G; d1 L2 L2 K5 c! q( b& z修改为
$ W7 @. M0 Z) [% \3 @. m: i3 j
private function _xss_check() {
5 O) P% I& u& n* ` $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
7 l& N" v# v: J, q2 m
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
2 x4 j0 F3 G! c6 }
system_error('request_tainting');
5 [! B Q1 ?; [4 X& S; ~# `9 |0 n }
6 ^- T2 ^* k% P( s% V+ F
return true;
# t# e# Q5 v/ u& g+ ~ T
}
8 P" ^: n6 X; v' P