From: Dessalines Date: Sun, 31 Jan 2021 04:10:16 +0000 (-0500) Subject: Add check for parent comment. Fixes #1390 X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%24%7B%60data:application/%22https:/hacktivis.me/%7Bthis.imageSrc.unwrap%28%29%7D?a=commitdiff_plain;h=aecb2411d8d2893ce53117e9ce94beeec9b39f37;p=lemmy.git Add check for parent comment. Fixes #1390 --- diff --git a/crates/api/src/comment.rs b/crates/api/src/comment.rs index 50fddf2b..56c0ce62 100644 --- a/crates/api/src/comment.rs +++ b/crates/api/src/comment.rs @@ -64,6 +64,19 @@ impl Perform for CreateComment { return Err(APIError::err("locked").into()); } + // If there's a parent_id, check to make sure that comment is in that post + if let Some(parent_id) = data.parent_id { + // Make sure the parent comment exists + let parent = + match blocking(context.pool(), move |conn| Comment::read(&conn, parent_id)).await? { + Ok(comment) => comment, + Err(_e) => return Err(APIError::err("couldnt_create_comment").into()), + }; + if parent.post_id != post_id { + return Err(APIError::err("couldnt_create_comment").into()); + } + } + let comment_form = CommentForm { content: content_slurs_removed, parent_id: data.parent_id.to_owned(),