From c0ceeda9042827e0ce2f221d98177b5deecfdcd2 Mon Sep 17 00:00:00 2001 From: Keith Mitchell Date: Wed, 26 Sep 2012 10:46:18 -0700 Subject: [PATCH] toolbar: Tighten restrictions on when it's usable /tb/ links are sadly used by spammers as a URL shortener. Since their primary benefit is giving users easy access to voting and the comments, it can be changed to only be shown to logged in users, and only if they've opted in to toolbar links. Other visitors of /tb/ will get directed to the comments for the link (providing easy access to the link itself, should they desire to continue) --- r2/r2/controllers/toolbar.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/r2/r2/controllers/toolbar.py b/r2/r2/controllers/toolbar.py index 49c2333af..7ce4de8c2 100644 --- a/r2/r2/controllers/toolbar.py +++ b/r2/r2/controllers/toolbar.py @@ -95,13 +95,18 @@ class ToolbarController(RedditController): @validate(link = VLink('id')) def GET_tb(self, link): + '''/tb/$id36, show a given link with the toolbar + If the user doesn't have the toolbar enabled, redirect to comments + page. + + ''' from r2.lib.media import thumbnail_url - - "/tb/$id36, show a given link with the toolbar" if not link: return self.abort404() elif link.is_self: return self.redirect(link.url) + elif not (c.user_is_loggedin and c.user.pref_frame): + return self.redirect(link.make_permalink_slow(force_domain=True)) # if the domain is shame-banned, bail out. if is_shamed_domain(link.url, request.ip)[0]: