aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/db/models.py
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/db/models.py')
-rw-r--r--mediagoblin/db/models.py12
1 files changed, 11 insertions, 1 deletions
diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py
index c6424e71..b3f7e23d 100644
--- a/mediagoblin/db/models.py
+++ b/mediagoblin/db/models.py
@@ -683,8 +683,18 @@ class MediaComment(Base, MediaCommentMixin):
# Validate inReplyTo has ID
if "id" not in data["inReplyTo"]:
return False
+
+ # Validate that the ID is correct
+ try:
+ media_id = int(data["inReplyTo"]["id"])
+ except ValueError:
+ return False
+
+ media = MediaEntry.query.filter_by(id=media_id).first()
+ if media is None:
+ return False
- self.media_entry = data["inReplyTo"]["id"]
+ self.media_entry = media.id
self.content = data["content"]
return True
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 23:48:28 +0000