故障描述:
9 ~( _1 Y1 l3 C L
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
% G z3 E( s- q% v
解决方法:
5 f% ^- p3 a8 a: `0 J$ _5 p
打开 sourceclassdiscuzdiscuz_application.php 文件
0 i* y9 J9 [$ W/ l" j$ e找到
% s; o: J7 F% M% l8 _private function _xss_check() {
& e2 [5 a$ y/ u- L1 s$ i
( d* d4 R% F+ Z; p" ~ static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
. Z- X! u" ^# K5 c
6 n1 P% m% i8 e5 j7 l. C7 m5 _ if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
1 q8 Z" x7 {1 y% _% _$ k% x0 Q7 J system_error('request_tainting');
, m7 u6 V) w- D4 M/ l2 R }
2 F- J0 Z8 A& P3 N J( i
9 ?3 q$ }$ t0 {& Y6 j- @/ q if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
N3 P6 \( A/ Z, W( ` $temp = $_SERVER['REQUEST_URI'];
8 k& j2 b! B( P [( T } elseif(empty ($_GET['formhash'])) {
* U5 J* w. ]2 c) h; ] $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
( q5 ]8 b" v& u% }5 L2 U
} else {
% H$ E% m% m& h $temp = '';
( o' H9 O7 u3 h7 }& T( } }
5 e/ i6 u- G Q7 l {; \7 |; @% F- }3 j
if(!empty($temp)) {
+ u0 c i9 O! K3 I# T0 z( \ $temp = strtoupper(urldecode(urldecode($temp)));
: v* _# n& Z. ^2 S5 K& A foreach ($check as $str) {
1 j/ [% O) l, E9 O, ?$ m7 {. ?
if(strpos($temp, $str) !== false) {
* d! ]. d; }$ X) E: i. U" u system_error('request_tainting');
9 Z0 H3 c* \# W0 `0 K6 { }
l9 T" `0 l* n1 G i- h
}
6 a/ r; C6 B' R) M: K/ M }
+ D% ^% s4 ~2 F4 |- e+ X, F x: S$ l) c/ b1 N
return true;
* {- b; j- R. l( q}
+ T/ E5 p8 ` L
修改为
# M. F- y6 r9 P" m* Z
private function _xss_check() {
3 F+ P" i) V6 B3 z* p $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
9 M" a" ?: l6 e, I
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
* j4 N* B# Q. R9 k
system_error('request_tainting');
# V, x) U# B. j4 v' I
}
+ ]) E& M9 B) x' Q V, h return true;
9 [3 E" S; m! `
}
+ R6 z2 q! n7 i7 n1 r