From 2d2c6615124b2824fa82396f38ab8db2eeee5a2b Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Sun, 3 Sep 2023 11:07:47 +1000
Subject: [PATCH] Add code comment as per Coleman

---
 CRM/Contact/BAO/Contact.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CRM/Contact/BAO/Contact.php b/CRM/Contact/BAO/Contact.php
index acff69065c..f1de7ae4a0 100644
--- a/CRM/Contact/BAO/Contact.php
+++ b/CRM/Contact/BAO/Contact.php
@@ -1139,6 +1139,8 @@ WHERE     civicrm_contact.id = " . CRM_Utils_Type::escape($id, 'Integer');
     $cid = $cid ? $cid : $id;
     if ($action & CRM_Core_Action::DELETE) {
       if (CRM_Utils_Request::retrieve('confirmed', 'Boolean')) {
+        // $controller is not used at all but we need the CRM_Core_Controller object as in it's constructor
+        // It retrieves the qfKey from GET or POST and then passes it to CRM_Core_Key::validate the generated key and redirects to a standard error message if fails
         $controller = new CRM_Core_Controller_Simple($formName, ts('New Contact'), NULL, TRUE, FALSE);
         if (!CRM_Contact_BAO_Contact::_checkAccess('Contact', 'update', ['id' => $cid], NULL)) {
           CRM_Utils_System::permissionDenied();
-- 
2.25.1