From aecb2411d8d2893ce53117e9ce94beeec9b39f37 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Sat, 30 Jan 2021 23:10:16 -0500 Subject: [PATCH] Add check for parent comment. Fixes #1390 --- crates/api/src/comment.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/crates/api/src/comment.rs b/crates/api/src/comment.rs index 50fddf2b..56c0ce62 100644 --- a/crates/api/src/comment.rs +++ b/crates/api/src/comment.rs @@ -64,6 +64,19 @@ impl Perform for CreateComment { return Err(APIError::err("locked").into()); } + // If there's a parent_id, check to make sure that comment is in that post + if let Some(parent_id) = data.parent_id { + // Make sure the parent comment exists + let parent = + match blocking(context.pool(), move |conn| Comment::read(&conn, parent_id)).await? { + Ok(comment) => comment, + Err(_e) => return Err(APIError::err("couldnt_create_comment").into()), + }; + if parent.post_id != post_id { + return Err(APIError::err("couldnt_create_comment").into()); + } + } + let comment_form = CommentForm { content: content_slurs_removed, parent_id: data.parent_id.to_owned(), -- 2.44.1