False positive notifications with multiple comment types per node

Problem/Motivation

It's possible to have multiple comment types, and more than one comment field per node. comment_notify_get_watchers() currently filters by entity ID only, not comment type. If there are comments for more than one comment type for the same entity ID, the thread IDs may clash and 'Replies to my comment' notifications will be sent when they shouldn't be.

e.g. Alice and Bob are commenting on the same node (another insecure way for them to send messages to one another). Alice posts to comment type Foo, then Bob posts to comment type Bar, Bob's comment wasn't actually a reply to Alice, but it will trigger a notification for her should both of them share the same thread (e.g. if they're the very first comments in Foo and Bar for that node, they'll both have thread 01).

Steps to reproduce (deep breath):

• Create two comment types
• Add both to a content type - e.g. article
• Create a node in that content type for testing on
• Set available subscription modes to 'Replies to my comment' only, not all comments
• Create two users, e.g. Alice and Bob
• Have Alice leave a comment in the first comment type (double check her notifications are set to replies), then have Bob leave a comment in the second type. This should trigger the false positive comment notification for Alice.

Proposed resolution

The patch adds an extra WHERE clause to the SQL query in comment_notify_get_watchers in comment_notify.inc. This also necessitates first checking the comment type using the API, and passing this as an extra argument to the function.

Remaining tasks

Patch review by others.

User interface changes

None.

API changes

None.

Data model changes

None.

Release notes snippet

Prevent false positive notifications for 'Replies to my comment' where more than one comment type used per bundle.