修改了判断是否可以发表评审意见的逻辑，防止行为冒泡和表单伪造

application/default/controllers/ReviewController.php

@@ -44,9 +44,9 @@ class ReviewController extends Zend_Controller_Action
 				$this->_redirect('/account/login/?href=/review/myreview');
 			}
 			
-			$sql = "select md.title,md.uuid,md.id,md.description,s.status from metadata md left join mdstatus s on md.uuid=s.uuid 
-			where md.uuid in (select uuid from mdexpertreview er where er.id=$uid 
-			union select uuid from mdreview r where r.userid=$uid)"; 
+			$sql = "select md.title,md.uuid,md.id,md.description,s.status from metadata md left join mdstatus s on md.uuid=s.uuid 
+			where md.uuid in (select uuid from mdexpertreview er where er.id=$uid 
+			union select uuid from mdreview r where r.userid=$uid)"; 
 			
 			if(!empty($keyword) && !empty($search))
 			{
@@ -315,12 +315,12 @@ class ReviewController extends Zend_Controller_Action
 
 			$redirectlink='/review/review/uuid/'.$uuid.'/';
 			
-			if($md['status']==5)
+			if($md['status']>5)
 			{
 				$this->messenger->addMessage('该数据已经通过评审，不能再发表评审意见，如需提交问题，请联系数据管理员');
 				$this->_redirect($redirectlink);
 			}
-			if($md['status']==0)
+			if($md['status']<1)
 			{
 				$this->messenger->addMessage('已被数据中心接收的数据才可以进行评审');
 				$this->_redirect($redirectlink);