Validate inline comment changeset IDs and revision IDs

Summary:
Historically, we had a bug at some point which caused inline comments to get
associated with changeset 0. Prevent that explicitly. See T108.

Test Plan:
Set "$changeset = 0" in the endpoint and got an exception.

Reviewed By: aran
Reviewers: aran
CC: aran
Differential Revision: 374

src/applications/differential/controller/inlinecommentedit/DifferentialInlineCommentEditController.php

@@ -115,6 +115,13 @@ class DifferentialInlineCommentEditController extends DifferentialController {
           return $this->buildEmptyResponse();
         }
 
+        // Verify revision and changeset correspond to actual objects.
+        $revision_obj = id(new DifferentialRevision())->load($this->revisionID);
+        $changeset_obj = id(new DifferentialChangeset())->load($changeset);
+        if (!$revision_obj || !$changeset_obj) {
+          throw new Exception("Invalid revision ID or changeset ID!");
+        }
+
         $inline = id(new DifferentialInlineComment())
           ->setRevisionID($this->revisionID)
           ->setChangesetID($changeset)

src/applications/differential/controller/inlinecommentedit/__init__.php

@@ -11,7 +11,9 @@ phutil_require_module('phabricator', 'aphront/response/ajax');
 phutil_require_module('phabricator', 'aphront/response/dialog');
 phutil_require_module('phabricator', 'applications/differential/controller/base');
 phutil_require_module('phabricator', 'applications/differential/parser/markup');
+phutil_require_module('phabricator', 'applications/differential/storage/changeset');
 phutil_require_module('phabricator', 'applications/differential/storage/inlinecomment');
+phutil_require_module('phabricator', 'applications/differential/storage/revision');
 phutil_require_module('phabricator', 'applications/differential/view/inlinecomment');
 phutil_require_module('phabricator', 'applications/phid/handle/data');
 phutil_require_module('phabricator', 'view/dialog');