Page MenuHomePhabricator
Files F13196824

D16031.diff
No OneTemporary
Actions

D16031.diff
View Options

diff --git a/src/applications/differential/controller/DifferentialInlineCommentEditController.php b/src/applications/differential/controller/DifferentialInlineCommentEditController.php
--- a/src/applications/differential/controller/DifferentialInlineCommentEditController.php
+++ b/src/applications/differential/controller/DifferentialInlineCommentEditController.php
@@ -23,13 +23,34 @@
}
protected function createComment() {
- // Verify revision and changeset correspond to actual objects.
+ // Verify revision and changeset correspond to actual objects, and are
+ // connected to one another.
$changeset_id = $this->getChangesetID();
+ $viewer = $this->getViewer();
$revision = $this->loadRevision();
- if (!id(new DifferentialChangeset())->load($changeset_id)) {
- throw new Exception(pht('Invalid changeset ID!'));
+ $changeset = id(new DifferentialChangesetQuery())
+ ->setViewer($viewer)
+ ->withIDs(array($changeset_id))
+ ->executeOne();
+ if (!$changeset) {
+ throw new Exception(
+ pht(
+ 'Invalid changeset ID "%s"!',
+ $changeset_id));
+ }
+
+ $diff = $changeset->getDiff();
+ if ($diff->getRevisionID() != $revision->getID()) {
+ throw new Exception(
+ pht(
+ 'Changeset ID "%s" is part of diff ID "%s", but that diff '.
+ 'is attached to reivsion "%s", not revision "%s".',
+ $changeset_id,
+ $diff->getID(),
+ $diff->getRevisionID(),
+ $revision->getID()));
}
return id(new DifferentialInlineComment())

File Metadata

Mime Type
text/plain
Expires
Mon, May 13, 11:36 PM (2 w, 6 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6293997
Default Alt Text
D16031.diff (1 KB)

Event Timeline

Phabricator · Built by Phacility