From a32b63f932e05815f2045bf5c87c9717ad27f5e0 Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Fri, 21 Jan 2022 14:17:50 +0000
Subject: [PATCH] Use relative URLs in report, to ensure correct links

---
 app/blueprints/report/__init__.py | 16 +++++++---------
 app/templates/base.html           |  2 +-
 app/templates/packages/view.html  |  2 +-
 app/templates/report/index.html   |  2 --
 app/templates/users/profile.html  |  2 +-
 5 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/app/blueprints/report/__init__.py b/app/blueprints/report/__init__.py
index 5b5af47..6948c8f 100644
--- a/app/blueprints/report/__init__.py
+++ b/app/blueprints/report/__init__.py
@@ -26,13 +26,12 @@ from wtforms.validators import InputRequired, Optional, Length
 from app.models import User, UserRank
 from app.tasks.emails import send_user_email
 from app.tasks.webhooktasks import post_discord_webhook
-from app.utils import isYes, isNo
+from app.utils import isYes, isNo, abs_url
 
 bp = Blueprint("report", __name__)
 
 
 class ReportForm(FlaskForm):
-	url = URLField(lazy_gettext("URL"), [Optional()])
 	message = TextAreaField(lazy_gettext("Message"), [InputRequired(), Length(10, 10000)])
 	submit = SubmitField(lazy_gettext("Report"))
 
@@ -41,26 +40,25 @@ class ReportForm(FlaskForm):
 def report():
 	is_anon = not current_user.is_authenticated or not isNo(request.args.get("anon"))
 
-	form = ReportForm(formdata=request.form)
-	if request.method == "GET":
-		if "url" in request.args:
-			form.url.data = request.args["url"]
+	url = request.args.get("url")
+	if url:
+		url = abs_url(url)
 
+	form = ReportForm(formdata=request.form)
 	if form.validate_on_submit():
 		if current_user.is_authenticated:
 			user_info = f"{current_user.username}"
 		else:
 			user_info = request.headers.get("X-Forwarded-For") or request.remote_addr
 
-		url = request.args.get("url") or form.url.data or "?"
 		text = f"{url}\n\n{form.message.data}"
 
 		task = None
 		for admin in User.query.filter_by(rank=UserRank.ADMIN).all():
 			task = send_user_email.delay(admin.email, f"User report from {user_info}", text)
 
-		post_discord_webhook.delay(None if is_anon else current_user.username, f"**New Report**\n`{url}`\n\n{form.message.data}", True)
+		post_discord_webhook.delay(None if is_anon else current_user.username, f"**New Report**\n{url}\n\n{form.message.data}", True)
 
 		return redirect(url_for("tasks.check", id=task.id, r=url_for("homepage.home")))
 
-	return render_template("report/index.html", form=form, url=request.args.get("url"), is_anon=is_anon)
+	return render_template("report/index.html", form=form, url=url, is_anon=is_anon)
diff --git a/app/templates/base.html b/app/templates/base.html
index 7d50be0..9145479 100644
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -235,7 +235,7 @@
 			<li class="list-inline-item"><a href="{{ url_for('flatpage', path='help/api') }}">{{ _("API") }}</a></li>
 			<li class="list-inline-item"><a href="{{ url_for('flatpage', path='privacy_policy') }}">{{ _("Privacy Policy") }}</a></li>
 			{% if request.endpoint != "flatpage" %}
-				<li class="list-inline-item"><a href="{{ url_for('report.report', url=url_current(True)) }}">{{ _("Report") }}</a></li>
+				<li class="list-inline-item"><a href="{{ url_for('report.report', url=url_current()) }}">{{ _("Report") }}</a></li>
 			{% endif %}
 			<li class="list-inline-item"><a href="https://monitor.rubenwardy.com/d/3ELzFy3Wz/contentdb">{{ _("Stats / Monitoring") }}</a></li>
 			<li class="list-inline-item"><a href="{{ url_for('users.list_all') }}">{{ _("User List") }}</a></li>
diff --git a/app/templates/packages/view.html b/app/templates/packages/view.html
index 1533d80..8948aba 100644
--- a/app/templates/packages/view.html
+++ b/app/templates/packages/view.html
@@ -473,7 +473,7 @@
 
 				<p class="mt-3">
 					{% if package.approved and current_user != package.author %}
-						<a href="{{ url_for('report.report', url=url_current(True)) }}">
+						<a href="{{ url_for('report.report', url=url_current()) }}">
 							<i class="fas fa-flag mr-1"></i>
 							{{ _("Report") }}
 						</a>
diff --git a/app/templates/report/index.html b/app/templates/report/index.html
index 6749477..1de7fec 100644
--- a/app/templates/report/index.html
+++ b/app/templates/report/index.html
@@ -15,8 +15,6 @@
 		<p>
 			URL: <code>{{ url }}</code>
 		</p>
-	{% else %}
-		{{ render_field(form.url, hint=_("URL to the thing you're reporting")) }}
 	{% endif %}
 	{{ render_field(form.message, hint=_("What are you reporting? Why are you reporting it?")) }}
 	{{ render_submit_field(form.submit) }}
diff --git a/app/templates/users/profile.html b/app/templates/users/profile.html
index 4081b80..37cb424 100644
--- a/app/templates/users/profile.html
+++ b/app/templates/users/profile.html
@@ -23,7 +23,7 @@
 			</a>
 		{% endif %}
 
-		<a class="btn btn-secondary float-right mr-3" href="{{ url_for('report.report', url=url_current(True)) }}">
+		<a class="btn btn-secondary float-right mr-3" href="{{ url_for('report.report', url=url_current()) }}">
 			<i class="fas fa-flag mr-1"></i>
 			{{ _("Report") }}
 		</a>