bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

修改了判断是否可以发表评审意见的逻辑,防止行为冒泡和表单伪造

This commit is contained in:
Li Jianxuan 2011-10-25 02:22:33 +00:00
parent 8c48284bc3
commit 961d6fab1b
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
application/default/controllers/ReviewController.php
View File

@ -44,9 +44,9 @@ class ReviewController extends Zend_Controller_Action
$this->_redirect('/account/login/?href=/review/myreview'); $this->_redirect('/account/login/?href=/review/myreview');
} }
$sql = "select md.title,md.uuid,md.id,md.description,s.status from metadata md left join mdstatus s on md.uuid=s.uuid $sql = "select md.title,md.uuid,md.id,md.description,s.status from metadata md left join mdstatus s on md.uuid=s.uuid
where md.uuid in (select uuid from mdexpertreview er where er.id=$uid where md.uuid in (select uuid from mdexpertreview er where er.id=$uid
union select uuid from mdreview r where r.userid=$uid)"; union select uuid from mdreview r where r.userid=$uid)";
if(!empty($keyword) && !empty($search)) if(!empty($keyword) && !empty($search))
{ {
@ -315,12 +315,12 @@ class ReviewController extends Zend_Controller_Action
$redirectlink='/review/review/uuid/'.$uuid.'/'; $redirectlink='/review/review/uuid/'.$uuid.'/';
if($md['status']==5) if($md['status']>5)
{ {
$this->messenger->addMessage('该数据已经通过评审,不能再发表评审意见,如需提交问题,请联系数据管理员'); $this->messenger->addMessage('该数据已经通过评审,不能再发表评审意见,如需提交问题,请联系数据管理员');
$this->_redirect($redirectlink); $this->_redirect($redirectlink);
} }
if($md['status']==0) if($md['status']<1)
{ {
$this->messenger->addMessage('已被数据中心接收的数据才可以进行评审'); $this->messenger->addMessage('已被数据中心接收的数据才可以进行评审');
$this->_redirect($redirectlink); $this->_redirect($redirectlink);