故障描述:
2 W2 U# G j9 X0 G" a4 v% x) W8 v
退出登录时出现”您当前的访问请求当中含有非法字符,已经被系统拒绝“错误。
4 T% g8 V6 _% w2 m- H+ }
解决方法:
! ^* F% [/ d& k3 h0 X/ a M# i打开 sourceclassdiscuzdiscuz_application.php 文件
; l3 X3 c1 ?& q2 R$ c1 Q# R
找到
& c0 n+ I! K U5 N/ O- `
private function _xss_check() {
% a" y3 [" M% P6 H4 {" |$ z
, _- W. q- [. Y5 C( I) t static $check = array('"', '>', '<', ''', '(', ')', 'CONTENT-TRANSFER-ENCODING');
) I- \+ {5 Z' z* K' [) i# a, K7 Q V
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
# v9 S: y) I! ?) e7 d system_error('request_tainting');
% E5 L5 l& B5 |# y; E# `" } L }
7 i& v3 q6 e z8 _% q7 p5 n3 U# ~ R3 w, {9 I- c
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {
/ R" `9 i2 l8 `4 A $temp = $_SERVER['REQUEST_URI'];
# F) d0 c# `4 A- B6 g" l y" R
} elseif(empty ($_GET['formhash'])) {
9 c% w) u8 S6 J
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');
& g" a' }" j2 V9 ? } else {
. q: A+ z8 D; e8 P9 ] $temp = '';
8 \7 h1 k1 m" H6 j# x6 r
}
6 |+ l; d- X: C, n9 J
2 D! ]- ^/ T1 \5 @* b3 ` if(!empty($temp)) {
3 B) h/ s4 z$ l $temp = strtoupper(urldecode(urldecode($temp)));
% p! a3 d3 L( Z9 n8 B0 \
foreach ($check as $str) {
! H# t& Q) {# h) s1 ]0 C
if(strpos($temp, $str) !== false) {
& M! |. Z5 I1 g1 B* _ system_error('request_tainting');
7 x7 \/ d( y8 T; {" \- f! _ }
! x5 `6 S W+ E2 Z }
4 {! L3 C8 R+ l0 A4 N! F, t
}
& u1 B; k+ V% P- D
5 J1 z% x. X4 ?% _: V. V: P
return true;
. F/ ?& }8 H1 [0 [1 Z! N* y" r# x
}
8 w) F0 l" q! A# Y s修改为
' c, {# n" T" g1 Z9 n# `private function _xss_check() {
4 Q I: I1 m+ Z% D! q1 }/ Y
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
! g1 f6 @1 q( D' i0 ^8 Q' C
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {
( e4 U1 y8 a/ T6 H, `6 k3 A! P3 Q K
system_error('request_tainting');
- o" @* O- b$ V y
}
! T, q* y! K) ?6 Q8 V) ? return true;
9 m0 J$ V! E( d s; O9 R7 B$ v2 I}
. b$ s3 F* U p# N3 Q* n
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
