故障描述:
# m/ m3 q- O+ c2 `! c
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
1 r" j$ a$ q- u( m; `
解决方法:
" x* n5 I3 h; e4 c( J
打开 sourceclassdiscuzdiscuz_application.php 文件
4 i5 x% s" V9 y) J! E2 }找到
1 H8 e; m' T; Q: b3 W
private function _xss_check() {
& T( f) D2 A! \- j# A; @
) ^1 C% R1 Z# e; l* H+ u
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
. F5 R! }4 O% l+ @5 q. e
/ Q8 K8 `- v+ p- c3 `* k7 _
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
6 f" Z$ Y5 d8 Y& z) y
system_error('request_tainting');
3 z }: p0 W* l4 V3 } }
3 v! }) z$ M! g
% Q$ \( ~* t' @+ M; f if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
" _3 q6 X W3 c) G4 G
$temp = $_SERVER['REQUEST_URI'];
5 l3 _) G% Q; g Y9 R, B U } elseif(empty ($_GET['formhash'])) {
3 n( y* t+ E1 @' k' O
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
" B* q* ?$ i' t4 b- [, [
} else {
% B( O; w* q) D; X) m
$temp = '';
2 N; c7 o y) J1 Y4 ~* O8 p" _6 o
}
, |8 c' P% N0 e7 E: B6 J
( C8 R4 G$ ~& S( Z if(!empty($temp)) {
$ R, Z0 |0 v9 R $temp = strtoupper(urldecode(urldecode($temp)));
: {; Z7 V( ^* m' ~; I
foreach ($check as $str) {
8 Z' Z2 \8 z- G" W" S: c* a: F- f
if(strpos($temp, $str) !== false) {
2 b5 W# J5 d7 v system_error('request_tainting');
9 V ?2 f& Y* Q% g5 A }
# {5 k# M4 z- }! d: l5 @& a
}
6 n9 ~' K5 `* ?1 s1 o }
* _+ P9 ^# q( j! B; I; g3 |. y
$ v- y$ Y; n2 y- o return true;
& v, I7 C$ g8 }# |+ p/ D}
( [' D; m9 r- d5 E" y修改为
- H% Q4 Y9 A8 K7 N$ h3 `! j
private function _xss_check() {
( U8 o' q5 B# t$ D
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
3 p. [# M& x0 `2 _& u% z if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
- o1 z' ~% Z. }! \7 Q7 I
system_error('request_tainting');
% t H# d( F# Q7 t }
" {9 d. m3 A: k! N) A, f7 b7 N return true;
1 Q$ a3 C$ p* I}
5 G& X* v9 _! h H