故障描述:
" v" p: o% S& ]7 O% v4 D退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
4 j$ B9 N; r3 p& l& x1 j3 T解决方法:
x X! D; N" @* x( @# ?+ U' S
打开 sourceclassdiscuzdiscuz_application.php 文件
0 H2 X3 J7 Y, O: u+ u找到
: V- x0 ?4 C7 |, m: ]private function _xss_check() {
5 S9 k& m) O+ d! ~+ h- f: G% ~ M$ e
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
+ b1 \1 [5 @2 V2 H4 n! K4 P0 z j* f3 N) s# k9 `
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
2 b" N7 N0 D6 ~2 B- S system_error('request_tainting');
% g* z4 l, G8 k1 N1 @( e* w }
& m! ]4 g2 ~- O: }) q- }
. F; [' D! a2 i9 s if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
- [1 c) b' P f3 l# u $temp = $_SERVER['REQUEST_URI'];
& O) t' L% f+ P" V } elseif(empty ($_GET['formhash'])) {
) [+ c, R1 K: _# ~) R! ]7 D $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
; X: F2 o3 E+ P( T
} else {
0 X$ N0 m3 Z1 q& j8 ]$ E. @
$temp = '';
1 F/ P R. r+ Y7 B- [1 b
}
" D" q0 l# Y9 R( }5 O- c8 m
; q: x5 u! E8 Y8 W, ~# U1 }( H6 {
if(!empty($temp)) {
& m4 h6 w+ I* O9 m! A
$temp = strtoupper(urldecode(urldecode($temp)));
/ w+ U/ {8 q! I) I% E9 g2 M foreach ($check as $str) {
1 h' C5 s* B% \! m+ d& m
if(strpos($temp, $str) !== false) {
* |% j- _$ f' F5 q( y
system_error('request_tainting');
5 e3 P. C! B8 J& l# T
}
+ {$ H, q3 M) {" F
}
$ u# B% x8 O* q% N6 O$ ?
}
: e! n1 ~ B8 B0 D# Q h
- \" Z7 f" f9 ? return true;
0 E, [( X2 }& ]4 K9 H _) ^/ B" Y
}
( Y% e' `" J2 ?& T# c3 }修改为
! o& Q7 n, V1 j# I* P# B- K$ eprivate function _xss_check() {
0 q* t& L4 x" F; H0 {9 u( Z1 G $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
( w3 D3 R+ S+ [* A
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
! M2 ~ j0 P$ ~
system_error('request_tainting');
+ j7 w" A2 k9 j! W3 ^ }
# |5 K5 k$ V; F8 Q* d0 b% `. {
return true;
- D* m+ i3 ^0 d) x4 h
}
4 A+ S" K- `! @# ?* `5 K