diff --git a/app/controllers/exercise_controller.rb b/app/controllers/exercise_controller.rb
index 46bef8af4..c8e5bf27c 100644
--- a/app/controllers/exercise_controller.rb
+++ b/app/controllers/exercise_controller.rb
@@ -21,6 +21,10 @@ class ExerciseController < ApplicationController
   end
 
   def show
+    unless User.current.member_of_course?(@course)
+      render_403
+      return
+    end
     @exercise = Exercise.find params[:id]
     @is_teacher = User.current.allowed_to?(:as_teacher,@course) || User.current.admin?
     if @exercise.exercise_status != 2 && (!User.current.allowed_to?(:as_teacher,@course) || User.current.admin?)
@@ -485,16 +489,16 @@ class ExerciseController < ApplicationController
         # 问答题有多个答案
         if question.question_type == 3
           if standard_answer.include?(answer.first.answer_text)
-            score1 = score+ question.question_score unless question.question_score.nil?
+            score1 = score1+ question.question_score unless question.question_score.nil?
           end
         elsif question.question_type == 1
           if answer.first.exercise_choice.choice_position == standard_answer.exercise_choice_id
-            score2 = score + question.question_score unless question.question_score.nil?
+            score2 = score2 + question.question_score unless question.question_score.nil?
           end
         else
           arr = get_mulscore(question, user)
           if arr.to_i == standard_answer.exercise_choice_id
-            score3 = score + question.question_score unless question.question_score.nil?
+            score3 = score3 + question.question_score unless question.question_score.nil?
           end
           # ecs = ExerciseAnswer.where("user_id =? and exercise_question_id =?", user.id, question.id)
           # arr = []