故障描述:
% d6 u) i% P- m# f+ S
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
! k( s+ `) ]! e3 ?2 k; U解决方法:
9 O1 q; j) j, c9 f& t
打开 sourceclassdiscuzdiscuz_application.php 文件
- o5 c2 S8 n# r- C0 E# m
找到
8 F- N7 g$ |# I' q j/ b; S" C' [
private function _xss_check() {
" f3 f# B! H2 S! _
& j8 C! w, r- ?) t) d$ E M, } static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
/ {- c: t7 N" n* g D/ w0 F5 s
" O% r; a% ^# j; _5 ]' P: Z' j
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
! v$ F# |/ @+ A1 F$ _ system_error('request_tainting');
. n( ~9 V# y6 J6 O ?4 \. o% E
}
# r Z/ t- |2 W8 L7 \) H2 p
: b- A& c9 i/ z3 u( R. o- q
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
1 o6 b! Y/ s# ~9 W1 N/ p5 o
$temp = $_SERVER['REQUEST_URI'];
1 q% ]6 e X0 K6 d4 o } elseif(empty ($_GET['formhash'])) {
* S( }4 M- z! q& O9 }: c $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
) y9 A& ^( Y& g4 f0 ^; [
} else {
7 [7 ?$ _2 |4 O/ c* d
$temp = '';
, ~. K! B& ?/ x8 B }
g1 y- u% Y3 B/ e# K* a* N f: d2 S; E( G
if(!empty($temp)) {
& O$ w- a) k! u- F0 j
$temp = strtoupper(urldecode(urldecode($temp)));
. W6 ]/ Z" s. r: `" C8 G' Y
foreach ($check as $str) {
7 R3 Y- l+ y8 Y- E: L$ r if(strpos($temp, $str) !== false) {
! q2 x; A, p" K
system_error('request_tainting');
# l( I! u9 G' y& g1 Y, ` }
! I$ s$ q& j3 T
}
4 e, X2 ^1 X% V3 o) [9 s2 g R& Q
}
2 J! V# k- ~% M# L& ]1 U
2 V- S+ ^/ z8 ]" o/ W1 H
return true;
# p. {# o% u% ^' L+ I}
2 |" i X' {4 |
修改为
* C% e7 X/ m W9 @! t. e+ @' N
private function _xss_check() {
f4 |" f' r5 S: B, f) i( j/ B" G
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
& M; U0 i. x3 Z' A3 _3 W8 `+ L6 Z& O
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
# J! t% j1 k+ v2 [5 F% c system_error('request_tainting');
# ]/ t) ~4 b( d4 f* P; I }
. F* ~6 X2 B* L( T return true;
9 Y7 g% o7 o. }0 C
}
$ s1 }+ O" h. w" i9 h2 ^) a