故障描述:
E5 e% \' ~. a' Y( c2 y7 L
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
! X5 t) A7 Z& T* ?; \9 R+ q& f解决方法:
- l: G$ g) ~2 R& v# y; ?打开 sourceclassdiscuzdiscuz_application.php 文件
n' e3 W, t8 S/ p5 ^
找到
5 l9 d. D6 G+ J% I" Mprivate function _xss_check() {
. W$ F' a0 h5 @+ Y
2 `$ J# Y* P* W5 J+ R) V static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
6 n3 f$ D. M$ `/ P" A$ m
; e6 [) z$ p6 Q6 p( d- k if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
L3 S/ Y' W- o5 y% P9 {& G6 W system_error('request_tainting');
& O# L7 X. e0 l. w/ I
}
% O O( i0 N4 G( h5 V
/ o) c2 a: @5 u if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
0 u. Z' p6 ^' e+ \" H0 d0 }
$temp = $_SERVER['REQUEST_URI'];
; X) M/ z# I0 O$ ?* \; z } elseif(empty ($_GET['formhash'])) {
0 x! ~# r7 t% b; z$ }: K& C $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
# N6 @# @2 t% X } else {
( h! D4 J9 M/ K, H/ {2 Q $temp = '';
+ i# K) ^ q( {: @% o" {; b }
+ ?- ^2 V& o7 p; e- b( r- o
/ I5 N d0 ^/ H* F6 o5 m9 D# x
if(!empty($temp)) {
8 _& p& [( }' \0 C
$temp = strtoupper(urldecode(urldecode($temp)));
) p0 c1 I: T# d! `% [( n5 O foreach ($check as $str) {
* A' c/ H" d5 ]( |. g if(strpos($temp, $str) !== false) {
2 F! x+ Z6 h" E a; q system_error('request_tainting');
& e. \( e8 v: _7 n Q ?5 i" ` }
' S: T+ D! I3 E; z
}
% g6 x+ S3 H/ H/ [0 X9 c2 T# N; l* V
}
y: [" L1 }& x. c# B
' I( g+ j% W3 Z" o& y8 `# U return true;
& G% H4 J! {# U0 }' R" N- U}
2 H+ Q( @# k6 c0 o) |修改为
8 A4 V% Q& R) A @
private function _xss_check() {
3 a4 @' q# q* Y5 l
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
* m/ L* Z( c6 Z- M
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
. W; h& _! Y. `$ z. p+ a/ ?/ N# D
system_error('request_tainting');
9 T! L3 w' G" d7 _5 t }
( a& b1 m9 y* j- I; F4 M- Z
return true;
i( C8 d: j) H7 X3 g
}
4 o0 j5 S P; l* N. Y4 {. Z8 E