故障描述:
1 ~3 _/ H# o1 l5 {2 C6 O" ?退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
H- k' K9 O( l" ?! K" l! }
解决方法:
0 m! ^' N, {- I& k打开 sourceclassdiscuzdiscuz_application.php 文件
( I2 j0 G) L. c5 g4 P
找到
0 ~: p- q R; i/ d& W/ `, f- tprivate function _xss_check() {
, { Y, {1 `# ^* M/ e; K) h
$ ^6 i" D- w* w' F5 ~$ g2 p static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
, v* D) j/ R0 z" q7 R: R0 A y
2 b7 z6 _( Y! m G5 H if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
( z7 Q8 b3 `0 h* J; o
system_error('request_tainting');
5 }/ |) ~* g1 E4 K! m& b& X, u
}
' _$ A# p; G% V
/ q6 z. l$ t! m8 @* Q( s if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
9 y# k2 l( r) @$ J* c5 l- b
$temp = $_SERVER['REQUEST_URI'];
1 L( _1 {6 ~. f4 p3 P
} elseif(empty ($_GET['formhash'])) {
. h T3 u& @' W. k% U $temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
6 q6 t5 [ _* j' |
} else {
8 k, v q* [3 \: [7 p! k; n $temp = '';
1 U/ ~) H5 P+ {' c& ~ }
- b9 C, ]& K4 S- k/ D1 @9 \
# d2 U8 U" y$ }0 F, K" h! r
if(!empty($temp)) {
$ g- _+ }; l ~* @4 Y $temp = strtoupper(urldecode(urldecode($temp)));
( j2 d: }0 @6 ~0 w+ S. M) D2 u foreach ($check as $str) {
' {/ E( a8 q# c
if(strpos($temp, $str) !== false) {
, A' {# P [2 C0 O# p$ Z& \
system_error('request_tainting');
4 b. d- m" b( b, C& _, B
}
- `8 z) g9 @( ~5 T O1 a
}
# s$ q& Y3 m- `% _$ ` }
/ z) t8 }! R$ i, c3 `, m3 N
0 W) I" W$ l! J3 e
return true;
: U, N6 w9 l% o- r7 m% f! Y
}
7 `- \* K, r7 k: \ K9 k+ f
修改为
0 e. @: G5 U5 x% zprivate function _xss_check() {
7 _; N/ x$ Y2 U $temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
) l& u% n: `. q) { if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
" x* C' [/ r$ v( u8 W+ f( @- Q! g system_error('request_tainting');
/ N1 R# {3 L9 k3 C* M }
1 p6 `4 U0 o* v8 o return true;
1 K; r/ j! |6 S}
( b+ b5 n# ^% o( X1 a