From 99ec75a1005bb16730f6368f9925a25508dbda6b Mon Sep 17 00:00:00 2001
From: Martin Zhou <1009465756@qq.com>
Date: Mon, 25 Jan 2016 15:36:23 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DPostController.class.php?=
 =?UTF-8?q?=E4=B8=AD=E7=9A=84BUG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

个人中心允许越权查看他人报告 issued by niliu
---
 Application/User/Controller/PostController.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Application/User/Controller/PostController.class.php b/Application/User/Controller/PostController.class.php
index 0a63d8a..2c2968b 100644
--- a/Application/User/Controller/PostController.class.php
+++ b/Application/User/Controller/PostController.class.php
@@ -77,8 +77,8 @@ class PostController extends BaseController
 	public function view(){
 		$id = session('userId');
 		$rid = I('get.rid',0,'intval');
-	    $model = M("Post");
-        $post = $model->where('user_id='.$id)->where('id='.$rid)->find();
+	        $model = M("Post");
+                $post = $model->where(array('user_id'=>$id,'id'=>$rid))->find();
 		$tmodel= M('setting');
 		$title = $tmodel->where('id=1')->select();
 		$this->assign('title', $title);