故障描述:
" H. X! X$ R/ t
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
0 B# S: v0 o& a4 M; H4 t( j解决方法:
+ T/ x9 f1 m8 Z+ S0 |3 J6 _! W打开 sourceclassdiscuzdiscuz_application.php 文件
6 [9 K" W! Z: w9 e7 j找到
. a' O( n5 j- b0 gprivate function _xss_check() {
7 ~0 a1 i/ w$ h( f7 D4 ]/ k
, m$ j6 X" h/ K7 [* j
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
. L; [8 c% Q+ U/ x# r0 \) o. g
+ n! a9 C% C8 R; m4 n) _ if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
0 `7 h1 y5 ~$ x# x9 Y. O system_error('request_tainting');
2 i& }6 K9 T& Z }
" U; Q" {4 G! d t
$ {* f# Q3 |, H. K; I) F( J0 ]' l if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
% s K! _+ F4 `8 ^* \4 }. ? $temp = $_SERVER['REQUEST_URI'];
5 w- G. p& V9 q5 ^# c7 ~
} elseif(empty ($_GET['formhash'])) {
. c7 h& n+ H) K $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
2 ?+ x! \6 T& L% Y P } else {
- A4 O- M$ [6 _$ U; H: @ $temp = '';
* F p# N9 H# U6 y* v6 V7 A0 _ }
. k0 L6 M5 S" w. z1 d. c1 I* c
% E9 c$ V. n9 i" t0 ~ \ if(!empty($temp)) {
; \3 v7 E7 w5 J0 A, j $temp = strtoupper(urldecode(urldecode($temp)));
. v4 Q+ I' `. p4 `$ q% o
foreach ($check as $str) {
7 N+ p2 ?/ Z3 r: m, U if(strpos($temp, $str) !== false) {
1 K$ b& X+ Z+ U" o' u* t! f3 m
system_error('request_tainting');
4 p, E; \7 S( @1 t }
+ ~6 _7 W. w4 Y2 k& v0 k2 v" F }
0 ]$ I+ M* T9 @- k0 P: ~. P8 T
}
$ z) k# B0 C2 G- b9 n7 ?4 H5 M/ } h$ W% W/ B
return true;
* ]5 w/ r& C. Q, \( Y
}
5 z. a2 [; }- p5 ~, A& \
修改为
% a' j2 ?3 Z! [& h! m
private function _xss_check() {
: G* _3 b9 w' \0 |! } $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
% j4 \+ A9 ` @" v% E* K1 }
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
6 ?" l/ T; m: J8 Y9 Y
system_error('request_tainting');
+ t* r4 r- |* S! l4 d! @3 H, ] }
* w3 q l7 m5 h. p, h4 [* C return true;
; q) ~+ q) o$ f: m7 y) R n}
6 G6 v/ q- m9 H