故障描述:
' \( T: ~) B' M. P
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
4 v! { n( R; r* P X/ j解决方法:
7 C- H# v& H9 y$ t; g& ?打开 sourceclassdiscuzdiscuz_application.php 文件
?3 T7 j2 v; ~找到
$ `0 S. t7 {: a7 W) ?9 Jprivate function _xss_check() {
, ]: l, g# X3 |4 O8 U+ }, X2 _$ V. m0 ~
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
$ N" ?9 D# [& r8 w# x
' R! ^2 u7 G+ J% J3 X! a9 j& m% |
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
- c3 \; m) ^, U1 }
system_error('request_tainting');
/ l3 C! [- X9 W4 ` }
J2 c0 H" b0 y
# j: c, K+ J6 f6 D0 ~/ z# B0 o if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
/ U- A8 r# ^3 Q! h" W" ~/ U
$temp = $_SERVER['REQUEST_URI'];
! P& p" f9 k% \# F0 A& Q } elseif(empty ($_GET['formhash'])) {
; L9 T8 N) {! l9 k
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
( o B+ w" X M; } } else {
- z; f7 n: j* p( Y5 N
$temp = '';
2 e" f. ?1 s# _6 I) N0 S0 P$ h) g }
+ l& z7 X" d& A Y" j
' a! U# e$ d4 h: h4 s9 J$ j; R if(!empty($temp)) {
: l3 ?, e5 o" o
$temp = strtoupper(urldecode(urldecode($temp)));
7 d' d# n( v, M8 K, j# k foreach ($check as $str) {
6 R& X0 z; o* Y& b. t: r
if(strpos($temp, $str) !== false) {
: }6 @' x- u/ {5 ] N/ }) @/ `; f7 { system_error('request_tainting');
7 `- |4 ]3 p2 j. z$ B1 ~ h, N
}
. j9 l8 [6 ~$ b" w }
2 @3 _5 j N& p }
& Z$ N" u. s- c7 E: p% A# N7 z7 k- m; Q6 C8 f6 H
return true;
" u5 R) n% B$ t3 f- A, U}
, ^3 n6 U2 ]' X l7 f. \ Q修改为
: z( ]6 C" T, M6 `9 lprivate function _xss_check() {
2 I/ B' ^& m3 t. H9 L $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
: _$ z/ h: L: u$ s7 h6 w if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
8 m" c% y1 E1 s* J2 X1 f! W: {
system_error('request_tainting');
# w6 G9 F, D; P+ \# Y- U }
# L7 y( S* J% _6 q7 B V/ h( s7 Z
return true;
% w( T# b6 E& ^; v$ A}
l! d7 U% c6 f