修复PostController.class.php中的BUG

个人中心允许越权查看他人报告 issued by niliu

Application/User/Controller/PostController.class.php

@@ -78,7 +78,7 @@ class PostController extends BaseController
 		$id = session('userId');
 		$rid = I('get.rid',0,'intval');
 	        $model = M("Post");
-        $post = $model->where('user_id='.$id)->where('id='.$rid)->find();
+                $post = $model->where(array('user_id'=>$id,'id'=>$rid))->find();
 		$tmodel= M('setting');
 		$title = $tmodel->where('id=1')->select();
 		$this->assign('title', $title);