故障描述:
. |8 I1 F6 m0 z5 }& q) e" i5 b
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
3 i; n: J5 q% z9 H9 D
解决方法:
9 x% u9 q, C3 W) x打开 sourceclassdiscuzdiscuz_application.php 文件
0 ]8 N# K r8 ~! Q1 r/ D+ W找到
% \6 Z0 a: |+ h- z8 x ]% ?private function _xss_check() {
7 E, Q& v) ?8 X- g R+ a+ J" w! n- ]# ~- ^
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
: j8 c# x( u. L6 ~ s8 ^. {& A
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
8 j& y) Z3 l4 @/ E; O
system_error('request_tainting');
1 m/ }$ E+ H0 C& O' \, }; A
}
; ?2 L- h' P& ]" |! P6 Y) \- Z8 d' ^$ |& R1 j* X
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
( {8 U3 j7 {% d) H4 p3 G
$temp = $_SERVER['REQUEST_URI'];
( z2 ^' x4 q: r) j% q; R, I/ v } elseif(empty ($_GET['formhash'])) {
* g& J4 x; h% _9 P
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
& N. H4 s" u$ o } else {
4 W& T% z2 J3 Z# v; M6 R6 @- k ~
$temp = '';
2 j5 R' V0 c( q
}
( V- m- c) W, `" K
( d# U- W) B6 z if(!empty($temp)) {
7 W% q R9 T% r* r
$temp = strtoupper(urldecode(urldecode($temp)));
9 H# p! ?5 |2 N9 V) H+ c3 C3 n foreach ($check as $str) {
2 ~9 M. F; ^. A) o. u! d* r7 m
if(strpos($temp, $str) !== false) {
" ]6 n/ @7 m7 _ system_error('request_tainting');
( f0 f9 S }+ P" ?; N
}
- l2 Q% O* j) O% S
}
& l+ K" ?0 E; ` V( ^
}
, ~ {. K, N( {+ o }7 ?
' q. T9 l. w. p; l return true;
! P& g0 E0 T% p9 Z$ f" `
}
0 S8 L6 C; y0 L* U9 F; y& F
修改为
9 b: h9 [4 t, [5 \! ^* F K0 Uprivate function _xss_check() {
5 G, |9 O2 S1 ?
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
( c, Z! z) X$ m! K g
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
8 n, a7 b9 {6 d' w5 g system_error('request_tainting');
1 n: p2 Y5 R3 G( ~ }
& S4 r) C: P. C d
return true;
, s2 [7 ~4 C. O' f
}
" e8 U- W" J3 f/ R) g