故障描述:
6 d% o) k, ?. e6 ]% e0 j
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
. J" h+ X. S3 L9 b; x解决方法:
$ p5 c9 D9 y5 E% N打开 sourceclassdiscuzdiscuz_application.php 文件
0 l5 S3 g3 j1 a' e# v$ G找到
* w9 f5 \, J* U) _! s0 |
private function _xss_check() {
# m2 i. ~% {: Y3 C' q' ^. _
0 Z& I, a- ?" ` m0 [
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
6 e; b5 c7 A2 F' |( H( M$ O$ A& R- F( {5 T1 P
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
+ ?4 B* [7 F2 |* T system_error('request_tainting');
( E/ u2 N. K7 b( c( p- f3 q }
' E; k \/ U' [( V0 I5 q4 _( P+ t4 _& p1 G
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
0 J& R% s+ ^ t& @/ _* ` $temp = $_SERVER['REQUEST_URI'];
- B+ A3 {+ D. Z6 {* U } elseif(empty ($_GET['formhash'])) {
/ {4 }2 [4 R, ]; o+ v9 P $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
! h- V$ I9 l! T k, O } else {
* p7 t+ r) b" U P
$temp = '';
( s+ w2 `( S1 W# M$ o5 }, Y/ r8 {' l% h
}
. q2 i8 k+ u- i& w# C7 `. O# q" H- Y& W; I x: z
if(!empty($temp)) {
0 W# s) ^6 a" l4 k0 a) u6 m $temp = strtoupper(urldecode(urldecode($temp)));
, q- k1 p, G2 n, |# n: L- }
foreach ($check as $str) {
. X: _, }5 C! f$ J8 ~
if(strpos($temp, $str) !== false) {
: A+ r6 ]! V" q3 w5 }2 u system_error('request_tainting');
) s; `! F$ [/ S- d
}
2 _* Y }& W, Y. N
}
) O; i: [3 n" f; [ }
* x% h1 q( U0 E( @" I. {
# X5 V% s" k* q) B3 I, k2 v return true;
1 {" R9 P; y' Z7 E7 ?8 q% F8 t}
9 f( z" E# d/ V1 n
修改为
7 Z; H: O9 Y6 U2 D8 y: ?2 c' Sprivate function _xss_check() {
7 K8 n9 |* W/ i4 T# o
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
& o: z+ c; f1 i D3 [ if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
: N5 P0 D- S% b# M! O* { g+ t system_error('request_tainting');
0 C0 k6 u0 c5 z9 [: }' v }
; f% z/ t8 p. j! }3 v return true;
5 b8 r m1 A' [* N) w7 d6 T* T}
5 {6 O2 V( @0 X" G/ S