故障描述:
, {6 N9 D' U& E
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
4 F% j8 ?4 m. X2 A: f, U8 b解决方法:
; p) i) s) M3 o. k/ V- D0 R- w9 Q打开 sourceclassdiscuzdiscuz_application.php 文件
: D$ K. M4 ~1 a$ P1 C
找到
, b4 I7 H+ A# J1 l; |private function _xss_check() {
5 @* a( L' Q$ q# H% w8 W- `. U9 l+ K4 k$ A& K% d. Z
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
. V8 w2 B- I: O2 ?5 w6 g k
* @6 K* |% r8 z p1 a( U6 K if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
# E! f* m l, }( P system_error('request_tainting');
2 s# K: W1 T% ^5 P- }
}
+ B f& ?: Q" L0 ~# m9 X' q
0 Y# q. F k. u7 d# V if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
9 B8 J5 m- G7 ^
$temp = $_SERVER['REQUEST_URI'];
6 i( t4 g5 f! Z) _9 C% ?8 [- d
} elseif(empty ($_GET['formhash'])) {
0 V9 `0 w' \: o2 C1 R, A- b $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
- Y9 {' x5 A9 Q/ x } else {
. y" ~% _) S( \$ | $temp = '';
* |5 N. ]0 m9 V5 ?6 o9 z/ l9 A y/ }. O }
/ ^7 t. F3 A. {, {7 c7 I, y
$ S- O8 [8 Y: M" U* @/ S5 }
if(!empty($temp)) {
8 }0 C" d; A' Q! b" x0 x $temp = strtoupper(urldecode(urldecode($temp)));
5 q# ^! Q1 b$ i. ^ B0 T" H foreach ($check as $str) {
, ?/ M# K" d( ^! h' P
if(strpos($temp, $str) !== false) {
! J5 A& m- m9 _8 P system_error('request_tainting');
$ }( p- o- s8 M }
$ g3 U M5 p( N3 t6 W }
2 q( B" B$ P( T7 D( d% V
}
& o. Y" Q x Q2 }2 O
* ~9 v0 Q: F$ X Y; B0 b return true;
% C/ L2 s+ N* o
}
+ M8 j3 B8 P. H7 y4 H修改为
% N# v e, {7 \
private function _xss_check() {
* h- g* w) e7 j4 R- {3 _+ H- a $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
" Y" f4 C" G) a- ?# q$ { if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
5 ?$ q+ W7 i) S( j, b* ?; U system_error('request_tainting');
5 p* y6 d0 Z5 _3 _6 ]2 W
}
6 O: I) z# K. U* W( l b
return true;
: |/ N) I2 }8 }, |1 d}
6 G& V: a# Q7 }