故障描述:
8 h1 b3 R+ z, z" ^/ x
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
( a' I5 |2 h4 F5 m
解决方法:
7 L8 K7 }- p' W5 Q( N
打开 sourceclassdiscuzdiscuz_application.php 文件
2 l; u1 A2 u, K/ L& _
找到
' w: L0 `) y+ w0 s6 X8 B0 F4 E) n
private function _xss_check() {
% A& x# S8 {+ I* Q9 @3 {$ k
\8 O0 ^' v3 U: b static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
8 D+ |% f% y. Z5 w
1 ~- S6 |% U3 j( {5 J& W* M; `9 r& c if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
* v7 B$ ?. j2 \5 U system_error('request_tainting');
. k, L) I! O! ?+ T1 X" A4 Z }
; q, [+ H8 h8 w7 s! y& D
) E, C7 l$ O7 j0 }- T! g8 N if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
" @, K. N$ `4 }# B. s! |
$temp = $_SERVER['REQUEST_URI'];
. [: ?4 V: [9 J, V5 N& S# q: i x1 R } elseif(empty ($_GET['formhash'])) {
: g. P5 f/ ?$ w6 e $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
/ x6 t: L9 S% D2 g3 c
} else {
2 q' m9 }. }0 ~; h7 w+ B $temp = '';
" s1 X- Q; [& {# U3 L, ] }
/ |+ L7 M! ?( _; ?6 s! o9 e0 w( q
7 |& N( r. r k8 T4 Y% [6 _ if(!empty($temp)) {
. T" C! s# ]- F3 _. s8 o0 r $temp = strtoupper(urldecode(urldecode($temp)));
" L% G. u. C7 g$ _8 c# a foreach ($check as $str) {
2 b Z3 e7 b3 N" ~
if(strpos($temp, $str) !== false) {
1 i2 p a+ W3 V8 {7 y7 } system_error('request_tainting');
+ `) r3 A% A; p
}
0 ~9 O* x$ w ~8 [* p2 J }
) m7 J5 C3 p& h- H6 G
}
2 q2 ]# F( z" x" p @) e' ^& T8 c1 q( v |, i
return true;
# e3 Q# G, y# K3 i, t) M1 O( j
}
4 Q# y6 _( m8 L4 D: u修改为
4 k& q/ p9 L3 n5 z# g- V. _& L
private function _xss_check() {
5 F7 T3 ~: d2 ~, _0 l
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
6 j: d1 u! g+ V1 K$ ~3 c4 `" X if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
2 G$ i7 P: Z A% |2 q" M/ ~
system_error('request_tainting');
! {" T% D1 E. [" m* i: P% x+ a# ~ }
) L, O( g% Z2 F# P$ q `9 z return true;
) ~) F5 a9 w: x' U1 x4 Q7 I2 U
}
, a3 Q/ V$ ?4 p