From 45b607d63279bd248c7736d6ca34b106b9b35ca8 Mon Sep 17 00:00:00 2001
From: wlx <wangliangxu@lzb.ac.cn>
Date: Fri, 16 Nov 2012 09:16:26 +0000
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=AE=89=E5=85=A8=E6=A3=80?=
 =?UTF-8?q?=E6=9F=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../default/controllers/HeiheController.php       | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/application/default/controllers/HeiheController.php b/application/default/controllers/HeiheController.php
index 87841de7..f76a804a 100644
--- a/application/default/controllers/HeiheController.php
+++ b/application/default/controllers/HeiheController.php
@@ -643,7 +643,20 @@ class HeiheController extends DataController
 				);
 				$this->jsonexit($data);
 				return true;
-			}
+			}
+			//安全检查: uuid必须是当前用户且为新建数据
+			$sql="select * from geonetworkmetadata where uuid=? and uuid not in (select uuid from metadata) and owner=?";
+			$sth=$this->db->prepare($sql);
+			$sth->execute(array($uuid,$u_id));
+			$row=$sth->fetch();
+			if (empty($row))
+			{
+				$data = array(
+					'error'=>"参数错误"
+				);
+				$this->jsonexit($data);
+				return true;
+			}			
 			
 			//ftp 用户名
 			$uname = 'heihe'.$u_id.'upload';