diff --git a/website/templates/sitemap.html b/website/templates/sitemap.html
index ae8283602..306e6c22e 100644
--- a/website/templates/sitemap.html
+++ b/website/templates/sitemap.html
@@ -212,7 +212,7 @@ Sitemap
- Update Comment // 1
+ Update Comment // 1
diff --git a/website/views/issue.py b/website/views/issue.py
index a7298033c..41279fc58 100644
--- a/website/views/issue.py
+++ b/website/views/issue.py
@@ -1501,6 +1501,7 @@ def comment_on_content(request, content_pk):
content_type = request.POST.get("content_type")
content_type_obj = ContentType.objects.get(model=content_type)
content = content_type_obj.get_object_for_this_type(pk=content_pk)
+ VALID_CONTENT_TYPES = ["issue", "post"]
if request.method == "POST" and isinstance(request.user, User):
comment = escape(request.POST.get("comment", ""))
@@ -1515,6 +1516,10 @@ def comment_on_content(request, content_pk):
parent_comment = Comment.objects.filter(pk=replying_to_comment_id).first()
+ if content_type not in VALID_CONTENT_TYPES:
+ messages.error(request, "Invalid content type.")
+ return redirect("home")
+
if parent_comment is None:
messages.error(request, "Parent comment doesn't exist.")
return redirect(f"/{content_type}/{content_pk}")