故障描述:
. ~; w4 \ p0 ~
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
/ I; E4 H" t0 s; s2 `. l
解决方法:
9 L- s5 J A. D
打开 sourceclassdiscuzdiscuz_application.php 文件
5 `1 @0 R5 h; c5 p& O8 g; g: |4 i
找到
2 N6 R& O6 V4 M9 X" b) Q
private function _xss_check() {
8 x# O0 N: Z, ]' H
, G- \: O6 A% h2 l
static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
6 x1 H! z* m8 b
2 [5 K* X2 }3 B) W0 |( h2 P if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
5 q- O K% E( B7 o( }/ ?
system_error('request_tainting');
) p" G, q) r, [9 S" k8 ^2 i3 _% ^ }
" V) y& F/ p& h& x3 R
% [3 N5 x4 ` }$ U- i9 L) X if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
: |- ]9 ?0 `8 y# Z
$temp = $_SERVER['REQUEST_URI'];
0 D$ G) w4 `( O
} elseif(empty ($_GET['formhash'])) {
. y( m& ?" H3 p) k1 ?
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
+ \! }. X. B! u2 ?3 M9 Y } else {
# U; i- @* B; q T' G* Y
$temp = '';
1 _; R* |: p1 n4 x$ ] }
9 Z- w8 f* h( ^6 ~$ M- I+ I( R
. Y6 E1 k0 K) |5 I) W% K if(!empty($temp)) {
: r6 ^$ L) B, N2 y; z
$temp = strtoupper(urldecode(urldecode($temp)));
9 N) k3 [: b) f8 _ foreach ($check as $str) {
- t3 N2 u* M" ?% H! i if(strpos($temp, $str) !== false) {
! e# W7 [+ U* ?$ `+ F2 K3 [ d" e
system_error('request_tainting');
( \( ~% b- }0 Q# h" j/ [* G }
1 |$ Q- w. d5 }" M }
1 x1 w+ H* W' v3 B) K/ S z8 x
}
+ B, i8 D/ J/ ^" q$ V2 Z
/ q* H, p [1 m return true;
: N" q9 z. O5 w' G}
& \0 W Z5 t5 ?修改为
7 @3 R% z" J: b- d
private function _xss_check() {
" {: m4 {* H: X- o $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
! C" L' v% O+ I5 X
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
' N2 e$ }' L3 }
system_error('request_tainting');
) [6 P& r' q( N2 F: p, }2 F3 p& R }
7 u5 C3 D& O6 y J return true;
0 y7 ~; E8 h, A, ]* y
}
' f# A5 ?! u3 R& X4 v! j& ~7 n