From 20411e6f81942b759cafe2958b9d1511e2092065 Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Tue, 19 Jul 2022 23:20:13 +0100 Subject: [PATCH] Make reporting the report page a 404 --- app/blueprints/report/__init__.py | 5 ++++- app/templates/base.html | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/app/blueprints/report/__init__.py b/app/blueprints/report/__init__.py index ef9f5956..58b1b94f 100644 --- a/app/blueprints/report/__init__.py +++ b/app/blueprints/report/__init__.py @@ -14,7 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -from flask import Blueprint, request, render_template, url_for +from flask import Blueprint, request, render_template, url_for, abort from flask_babel import lazy_gettext from flask_login import current_user from flask_wtf import FlaskForm @@ -41,6 +41,9 @@ def report(): url = request.args.get("url") if url: + if url.startswith("/report/"): + abort(404) + url = abs_url_samesite(url) form = ReportForm(formdata=request.form) if current_user.is_authenticated else None diff --git a/app/templates/base.html b/app/templates/base.html index 7a3c5b8a..3bd128d1 100644 --- a/app/templates/base.html +++ b/app/templates/base.html @@ -234,7 +234,7 @@
  • {{ _("Policy and Guidance") }}
  • {{ _("API") }}
  • {{ _("Privacy Policy") }}
    • - {% if request.endpoint != "flatpage" %} + {% if request.endpoint != "flatpage" and request.endpoint != "report.report" %}
  • {{ _("Report") }}
    • {% endif %}
  • {{ _("Stats / Monitoring") }}