故障描述:
4 i% U2 i& f# ]- N" H* C) B
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
& Q4 q2 S1 }/ ], W" T
解决方法:
, m7 Y. |6 T' |3 \
打开 sourceclassdiscuzdiscuz_application.php 文件
; K# I$ P9 }! w2 G( B9 t找到
# \+ V% r. i2 W0 s8 T6 n% b3 E
private function _xss_check() {
+ G7 x* P' s6 @% `+ ~
9 `( P2 y6 p0 n5 f" H static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
9 y5 Q. W. u4 s+ X& f" D2 }3 r F& }* ]8 K9 C: P8 `
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
/ k: v/ i& h7 \ system_error('request_tainting');
, l& o4 X4 M! a1 n' m' v$ z }
9 s0 i* d# A" f6 S* v
9 p2 ]( d) `* a) j- ?( V3 H if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
! Y# q+ V0 e+ H9 K* x3 x+ x $temp = $_SERVER['REQUEST_URI'];
8 Z. |, s0 T6 A( J } elseif(empty ($_GET['formhash'])) {
7 }$ S9 I6 Z) [1 Z
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
: k% ?$ x. X! Z( Z3 x& X% n2 C- H
} else {
+ ^3 N8 j7 S9 f6 `) Q
$temp = '';
+ q5 K, h5 {# p
}
9 j5 F+ z3 _8 h4 Y. C: y) e
' X1 e1 k# {. K7 J/ {* K. H, b if(!empty($temp)) {
4 H% n1 |% {/ f" X9 z$ e" x& l $temp = strtoupper(urldecode(urldecode($temp)));
7 n, J3 M. V# l' V" V/ g; R K foreach ($check as $str) {
' G& \% V1 A& E: T) F7 u if(strpos($temp, $str) !== false) {
# n) p6 L4 j1 n* B- Z8 O system_error('request_tainting');
3 T o& i; _7 T5 g& L( N }
3 L; y/ ^3 w+ D, _; }4 U }
! ?$ h6 {& @; g/ |$ a: j
}
8 r/ [. ~5 C6 f9 I1 f- a- Y: y# z+ w
return true;
7 x( `& W; B% S4 @6 R
}
0 M7 S/ T! J& n! D" I! e
修改为
. a6 Y( P& V1 ?9 Q8 o4 G* aprivate function _xss_check() {
& v* {' v; J3 `/ X
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
3 W( z [# D" B- F" k# _3 } if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
) a6 d- m9 S9 F5 t7 R system_error('request_tainting');
' {2 u8 o6 J5 v" j( X6 y9 R
}
$ }5 N' e) H" ~; z; p6 V7 p return true;
) y% Y. P( a) Y4 h
}
1 c* u5 c% h- L. p
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
