Discuz!X系列 点评权限存在绕过风险的bug修复

bug描述：用户可用模拟post提交数据的形式，绕过点评的前端权限判断，直接进行提交操作；危险级别：弱
修复方法：

打开source/include/post/post_newreply.php
搜索
if(!$post) {
    showmessage('post_nonexistence', NULL);
  }替换为if(!$post || !($_G['setting']['commentpostself'] || $post['authorid'] != $_G['uid']) || !(($post['first'] && $_G['setting']['commentfirstpost'] && in_array($_G['group']['allowcommentpost'], array(1, 3)) || (!$post['first'] && in_array($_G['group']['allowcommentpost'], array(2, 3)))))) {
    showmessage('postcomment_error');
  }保存覆盖上传即可