故障描述:
# j% d, g( r6 r) a: {; ~- i
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
% {2 L1 P0 @" N ~9 o0 [
解决方法:
( w8 o- q+ P# F7 T7 j打开 sourceclassdiscuzdiscuz_application.php 文件
7 N( f3 u3 R- N
找到
Y* x$ R# o7 Y8 N8 {' K
private function _xss_check() {
4 S, {7 P- `' ^8 N7 p! z
( r! D, c7 y4 `, r* J' T+ b
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
# u; m9 q: M4 a6 _
" U* M0 d% `. [) H( Z& ]. C' l1 N if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
1 V9 v4 l& n8 ^
system_error('request_tainting');
8 D9 P8 f: k1 _# @! ~+ {' k# r) X }
. t) o% R$ U* a2 v9 Y" O* [6 H' q& L
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
, V- t, h. U, Y7 h9 w $temp = $_SERVER['REQUEST_URI'];
* V4 r# ^! w v! a: {3 v } elseif(empty ($_GET['formhash'])) {
& D# L3 t6 ?* X# G $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
% }, b* t% R$ S$ h9 n/ t" V" F
} else {
6 E" T" s* _4 H2 \) O. l $temp = '';
$ A( [" {# j) w9 V; @; r
}
. H4 n6 Z" V. c. c$ N1 G+ M
* x/ J( C$ q& t4 k
if(!empty($temp)) {
3 b$ w& I# @9 I5 L- X' ^0 o $temp = strtoupper(urldecode(urldecode($temp)));
0 m6 U4 ]; a$ U, ^! a' N& I C foreach ($check as $str) {
8 G! y4 f! C$ |/ Q8 ]8 n$ M
if(strpos($temp, $str) !== false) {
' C# q% ^# U& z; H system_error('request_tainting');
! Z( G- p$ P4 e7 W }
z: H J* E; m$ | }
, r( j/ p/ P8 i4 H$ G: y }
7 ~/ q$ y4 Q g
1 q/ |' \+ `8 z3 l
return true;
( a4 V' c# \9 Y$ L, T% B}
6 {, d8 U% l( M0 M4 {* m% _5 P! f修改为
2 |9 {- X+ G% s) G+ x' f: Iprivate function _xss_check() {
) g2 Q" p! f: E9 }2 e
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
4 C0 R, h3 I9 O. x2 I1 F if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
+ p/ v# n9 I% i& b4 Z3 `9 D system_error('request_tainting');
5 B2 N1 t; q; g* T; R
}
1 \: {& ]7 Q6 _# A# W4 a) S# K+ o
return true;
! X2 y9 i( P* a1 j}
; k' O& u8 x- q) k7 o