From 06e4a0ac9d99861394f650a309c220c492810025 Mon Sep 17 00:00:00 2001 From: Laura Hausmann Date: Wed, 7 Feb 2024 20:47:25 +0100 Subject: [PATCH] [backend/masto-client] Don't silently drop invalid reply targets --- .../Controllers/Mastodon/MastodonStatusController.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Iceshrimp.Backend/Controllers/Mastodon/MastodonStatusController.cs b/Iceshrimp.Backend/Controllers/Mastodon/MastodonStatusController.cs index d415d481..48d13793 100644 --- a/Iceshrimp.Backend/Controllers/Mastodon/MastodonStatusController.cs +++ b/Iceshrimp.Backend/Controllers/Mastodon/MastodonStatusController.cs @@ -52,7 +52,8 @@ public class MastodonStatusController(DatabaseContext db, NoteRenderer noteRende var visibility = Status.DecodeVisibility(request.Visibility); var reply = request.ReplyId != null - ? await db.Notes.Where(p => p.Id == request.ReplyId).EnsureVisibleFor(user).FirstOrDefaultAsync() + ? await db.Notes.Where(p => p.Id == request.ReplyId).EnsureVisibleFor(user).FirstOrDefaultAsync() ?? + throw GracefulException.BadRequest("Reply target is nonexistent or inaccessible") : null; var note = await noteSvc.CreateNoteAsync(user, visibility, request.Text, request.Cw, reply);