故障描述:
E1 w2 X0 ^! j( z8 r退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
( z3 o5 t0 P: ?4 L4 ~: ?/ v N解决方法:
1 Q% M7 G, ^/ @7 d+ K打开 sourceclassdiscuzdiscuz_application.php 文件
/ t" `2 ~7 N+ x* A找到
$ |' G7 t8 `0 ]! [private function _xss_check() {
+ R: B5 ~& b- b( H, U
' _( Q4 r5 p$ o% H; k) E static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
7 z8 ^7 x3 P+ J5 U
" c- |$ J4 }2 S' ]. F if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
; h8 l' E% I1 ?: n) d, O system_error('request_tainting');
7 D6 R/ r+ B$ I }
% f' m" A( M$ b$ e% K
( E5 j6 `( g/ f& F& K/ T! |9 j, } if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
9 N& I) \) M5 j7 t# D8 a3 n+ n5 r
$temp = $_SERVER['REQUEST_URI'];
9 g' y i/ q S } elseif(empty ($_GET['formhash'])) {
/ \" f0 M8 y4 `8 A/ I0 H3 ` $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
4 R7 `; r. W' |* y" l) M: L
} else {
. Z2 J6 x1 W& O B! N7 O
$temp = '';
, L: b6 |9 @2 L8 t
}
& t. k. E; x8 e0 M6 [% W
; o' n% P$ S, O# a$ S if(!empty($temp)) {
v* p# h/ x1 ~" R
$temp = strtoupper(urldecode(urldecode($temp)));
1 s1 e0 M+ h& T$ Z foreach ($check as $str) {
/ R* A1 q: @' M% _- \/ Y if(strpos($temp, $str) !== false) {
! P/ {; L1 n1 }3 C2 p
system_error('request_tainting');
3 j# J/ `" z) B6 ?
}
0 D/ `& X0 `# e& z) d; N
}
( P; m% E. \: h r }
1 Y: c' o! V) s' @; D( e
1 F+ z: _: H; i9 W return true;
% y- c1 l# @' m+ `/ G
}
D! a3 ~, L% `4 q
修改为
2 E9 M/ R- x! d x. Z. J
private function _xss_check() {
0 l% z8 f( U" d+ F$ @; l $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
# \' F! W1 R& R' S$ Z: N5 N if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
" K5 V. M) v, o: {' ]
system_error('request_tainting');
% ^) b: c& W* ? }
9 n6 r2 U8 O+ d3 m9 P! @8 Z( n
return true;
1 V7 m' P1 P) M/ e, x}
0 L U6 h/ x( n. T; i& F9 h