Add abs_url_samesite

This commit is contained in:
rubenwardy 2022-01-21 14:23:27 +00:00
parent a32b63f932
commit 97e2e1c16e
2 changed files with 9 additions and 6 deletions

@ -19,14 +19,13 @@ from flask_babel import lazy_gettext
from flask_login import current_user from flask_login import current_user
from flask_wtf import FlaskForm from flask_wtf import FlaskForm
from werkzeug.utils import redirect from werkzeug.utils import redirect
from wtforms import TextAreaField, SubmitField, BooleanField from wtforms import TextAreaField, SubmitField
from wtforms.fields.html5 import URLField from wtforms.validators import InputRequired, Length
from wtforms.validators import InputRequired, Optional, Length
from app.models import User, UserRank from app.models import User, UserRank
from app.tasks.emails import send_user_email from app.tasks.emails import send_user_email
from app.tasks.webhooktasks import post_discord_webhook from app.tasks.webhooktasks import post_discord_webhook
from app.utils import isYes, isNo, abs_url from app.utils import isNo, abs_url_samesite
bp = Blueprint("report", __name__) bp = Blueprint("report", __name__)
@ -42,7 +41,7 @@ def report():
url = request.args.get("url") url = request.args.get("url")
if url: if url:
url = abs_url(url) url = abs_url_samesite(url)
form = ReportForm(formdata=request.form) form = ReportForm(formdata=request.form)
if form.validate_on_submit(): if form.validate_on_submit():

@ -15,7 +15,7 @@
# along with this program. If not, see <https://www.gnu.org/licenses/>. # along with this program. If not, see <https://www.gnu.org/licenses/>.
from urllib.parse import urljoin, urlparse from urllib.parse import urljoin, urlparse, urlunparse
import user_agents import user_agents
from flask import request, abort from flask import request, abort
@ -40,6 +40,10 @@ def abs_url_for(endpoint: str, **kwargs):
def abs_url(path): def abs_url(path):
return urljoin(app.config["BASE_URL"], path) return urljoin(app.config["BASE_URL"], path)
def abs_url_samesite(path):
base = urlparse(app.config["BASE_URL"])
return urlunparse(base._replace(path=path))
def url_current(abs=False): def url_current(abs=False):
args = MultiDict(request.args) args = MultiDict(request.args)
dargs = dict(args.lists()) dargs = dict(args.lists())