修复PostController.class.php中的BUG

个人中心允许越权查看他人报告 issued by niliu
2016-01-25 15:36:23 +08:00
parent cccb3b6b6d
commit 99ec75a100
1 changed files with 2 additions and 2 deletions
--- a/Application/User/Controller/PostController.class.php
+++ b/Application/User/Controller/PostController.class.php
@@ -77,8 +77,8 @@ class PostController extends BaseController
 	public function view(){
 		$id = session('userId');
 		$rid = I('get.rid',0,'intval');
-	    $model = M("Post");
-        $post = $model->where('user_id='.$id)->where('id='.$rid)->find();
+	        $model = M("Post");
+                $post = $model->where(array('user_id'=>$id,'id'=>$rid))->find();
 		$tmodel= M('setting');
 		$title = $tmodel->where('id=1')->select();
 		$this->assign('title', $title);