Make reporting the report page a 404

2022-07-19 23:20:13 +01:00 · 2022-07-19 23:20:13 +01:00 · 20411e6f81
parent 56298ed57f
commit 20411e6f81
2 changed files with 5 additions and 2 deletions
--- a/app/blueprints/report/init.py
+++ b/app/blueprints/report/init.py
@ -14,7 +14,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.

-from flask import Blueprint, request, render_template, url_for
+from flask import Blueprint, request, render_template, url_for, abort
 from flask_babel import lazy_gettext
 from flask_login import current_user
 from flask_wtf import FlaskForm
@ -41,6 +41,9 @@ def report():

 	url = request.args.get("url")
 	if url:
+		if url.startswith("/report/"):
+			abort(404)
+
 		url = abs_url_samesite(url)

 	form = ReportForm(formdata=request.form) if current_user.is_authenticated else None
--- a/app/templates/base.html
+++ b/app/templates/base.html
@ -234,7 +234,7 @@
 			<li class="list-inline-item"><a href="{{ url_for('flatpage', path='policy_and_guidance') }}">{{ _("Policy and Guidance") }}</a></li>
 			<li class="list-inline-item"><a href="{{ url_for('flatpage', path='help/api') }}">{{ _("API") }}</a></li>
 			<li class="list-inline-item"><a href="{{ url_for('flatpage', path='privacy_policy') }}">{{ _("Privacy Policy") }}</a></li>
-			{% if request.endpoint != "flatpage" %}
+			{% if request.endpoint != "flatpage" and request.endpoint != "report.report" %}
 				<li class="list-inline-item"><a href="{{ url_for('report.report', url=url_current()) }}">{{ _("Report") }}</a></li>
 			{% endif %}
 			<li class="list-inline-item"><a href="https://monitor.rubenwardy.com/d/3ELzFy3Wz/contentdb">{{ _("Stats / Monitoring") }}</a></li>