故障描述:
5 W) D* I/ H5 @) j( A" w- W
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
7 ?% _0 f! h0 A( o e/ ]6 F. @解决方法:
. L1 z. Q" b/ g# h1 v& s
打开 sourceclassdiscuzdiscuz_application.php 文件
4 b" D# E2 j2 E找到
0 |: b$ z1 H( |* X! X0 N x5 U. iprivate function _xss_check() {
; w4 \# e2 {4 V& g4 U
* I3 X9 x" W( G7 f' q static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
! Z0 } g4 n. k4 g0 T8 t+ ?/ c q0 T
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
& T+ U6 a' O; s' F system_error('request_tainting');
w! a) A& y% b6 v, @% G0 W3 }; F5 x
}
- ^) }+ x3 @- \
+ w1 \" ~; } t+ t if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
; a9 o" K# u. {+ A0 L* G $temp = $_SERVER['REQUEST_URI'];
5 d" h h- M9 Y1 | } elseif(empty ($_GET['formhash'])) {
) }% @# \) y! ? $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
. L, h, H# {4 p6 H. J: i1 F } else {
4 w& ~( A% H% ? $temp = '';
^7 ~0 N- i7 \% O! b3 g }
% H* u& }( m. m r( r8 F q
0 S( h- l0 x$ o( a9 o$ d if(!empty($temp)) {
" w# f3 A- Z- j5 f Q+ Z $temp = strtoupper(urldecode(urldecode($temp)));
5 }. g! M$ Z) q6 v5 r( R# x foreach ($check as $str) {
( A" _8 S Y0 j9 @
if(strpos($temp, $str) !== false) {
8 Q3 j7 v) i+ U; s9 C
system_error('request_tainting');
- ]. J% o6 h4 H& b9 A }
/ c& s h! f/ u9 l" H1 {
}
3 h7 a% C3 m' V }
2 B$ v+ h& `8 T$ \
$ N0 C9 R1 b) ^- K0 o
return true;
3 |1 D/ u. n8 h, {5 u% u% d" A
}
- ], m' {# c/ h+ M2 o修改为
q. H8 W5 b, r7 jprivate function _xss_check() {
2 o- H' l( y) l9 X
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
# t( u" g9 i* {* u& n5 @; f if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
! u) L" ~3 W/ i# |) P system_error('request_tainting');
0 B& x) p A- f |2 s. }' G
}
/ e' u2 X y6 m0 q& C! w return true;
; T! e, s8 K* y
}
9 A/ K* x x! d" y) g U