Add check for parent comment. Fixes #1390

author Dessalines <tyhou13@gmx.com>

Sun, 31 Jan 2021 04:10:16 +0000 (23:10 -0500)

committer Dessalines <tyhou13@gmx.com>

Sun, 31 Jan 2021 04:10:16 +0000 (23:10 -0500)
author Dessalines <tyhou13@gmx.com>
Sun, 31 Jan 2021 04:10:16 +0000 (23:10 -0500)
committer Dessalines <tyhou13@gmx.com>
Sun, 31 Jan 2021 04:10:16 +0000 (23:10 -0500)
diff --git a/crates/api/src/comment.rs b/crates/api/src/comment.rs

index 50fddf2b1114a064ffd138a9c9ee211e12e29ed9..56c0ce62531f769e0fd3d7e6e91a526d3e8b21a3 100644 (file)
--- a/crates/api/src/comment.rs
+++ b/crates/api/src/comment.rs
@@ -64,6 +64,19 @@ impl Perform for CreateComment {
        return Err(APIError::err("locked").into());
      }
  
+    // If there's a parent_id, check to make sure that comment is in that post
+    if let Some(parent_id) = data.parent_id {
+      // Make sure the parent comment exists
+      let parent =
+        match blocking(context.pool(), move |conn| Comment::read(&conn, parent_id)).await? {
+          Ok(comment) => comment,
+          Err(_e) => return Err(APIError::err("couldnt_create_comment").into()),
+        };
+      if parent.post_id != post_id {
+        return Err(APIError::err("couldnt_create_comment").into());
+      }
+    }
+
      let comment_form = CommentForm {
        content: content_slurs_removed,
        parent_id: data.parent_id.to_owned(),
author	Dessalines <tyhou13@gmx.com>
	Sun, 31 Jan 2021 04:10:16 +0000 (23:10 -0500)
committer	Dessalines <tyhou13@gmx.com>
	Sun, 31 Jan 2021 04:10:16 +0000 (23:10 -0500)