def GET_tb(self, link): '''/tb/$id36, show a given link with the toolbar If the user doesn't have the toolbar enabled, redirect to comments page. ''' from r2.lib.media import thumbnail_url if not link: return self.abort404() elif link.is_self: return self.redirect(link.url) elif not (c.user_is_loggedin and c.user.pref_frame): return self.redirect(link.make_permalink_slow(force_domain=True)) # if the domain is shame-banned, bail out. if is_shamed_domain(link.url)[0]: self.abort404() if not link.subreddit_slow.can_view(c.user): self.abort403() if link.has_thumbnail: thumbnail = thumbnail_url(link) else: thumbnail = None res = Frame( title=link.title, url=match_current_reddit_subdomain(link.url), thumbnail=thumbnail, fullname=link._fullname, ) return spaceCompress(res.render())
def GET_tb(self, link): '''/tb/$id36, show a given link with the toolbar If the user doesn't have the toolbar enabled, redirect to comments page. ''' from r2.lib.media import thumbnail_url if not link: return self.abort404() elif not link.subreddit_slow.can_view(c.user): # don't disclose the subreddit/title of a post via the redirect url self.abort403() elif link.is_self: return self.redirect(link.url) elif not (c.user_is_loggedin and c.user.pref_frame): return self.redirect(link.make_permalink_slow(force_domain=True)) # if the domain is shame-banned, bail out. if is_shamed_domain(link.url)[0]: self.abort404() if link.has_thumbnail: thumbnail = thumbnail_url(link) else: thumbnail = None res = Frame( title=link.title, url=match_current_reddit_subdomain(link.url), thumbnail=thumbnail, fullname=link._fullname, ) return spaceCompress(res.render())
def GET_s(self, urloid): """/s/http://..., show a given URL with the toolbar. if it's submitted, redirect to /tb/$id36""" force_html() path = demangle_url(request.fullpath) if not path: # it was malformed self.abort404() # if the domain is shame-banned, bail out. if is_shamed_domain(path)[0]: self.abort404() listing = hot_links_by_url_listing(path, sr=c.site, num=1) link = listing.things[0] if listing.things else None if link: # we were able to find it, let's send them to the # toolbar (if enabled) or comments (if not) return self.redirect(add_sr("/tb/" + link._id36)) else: # It hasn't been submitted yet. Give them a chance to qs = utils.query_string({"url": path}) return self.redirect(add_sr("/submit" + qs))
def GET_tb(self, link): from r2.lib.media import thumbnail_url "/tb/$id36, show a given link with the toolbar" if not link: return self.abort404() elif link.is_self: return self.redirect(link.url) # if the domain is shame-banned, bail out. if is_shamed_domain(link.url, request.ip)[0]: self.abort404() if not link.subreddit_slow.can_view(c.user): self.abort403() if link.has_thumbnail: thumbnail = thumbnail_url(link) else: thumbnail = None res = Frame(title = link.title, url = link.url, thumbnail = thumbnail, fullname = link._fullname) return spaceCompress(res.render())
def GET_tb(self, link): from r2.lib.media import thumbnail_url "/tb/$id36, show a given link with the toolbar" if not link: return self.abort404() elif link.is_self: return self.redirect(link.url) # if the domain is shame-banned, bail out. if is_shamed_domain(link.url, request.ip)[0]: self.abort404() if not link.subreddit_slow.can_view(c.user): self.abort403() if link.has_thumbnail: thumbnail = thumbnail_url(link) else: thumbnail = None res = Frame(title=link.title, url=link.url, thumbnail=thumbnail, fullname=link._fullname) return spaceCompress(res.render())
def GET_s(self, rest): """/s/http://..., show a given URL with the toolbar. if it's submitted, redirect to /tb/$id36""" force_html() path = demangle_url(request.fullpath) if not path: # it was malformed self.abort404() # if the domain is shame-banned, bail out. if is_shamed_domain(path)[0]: self.abort404() listing = hot_links_by_url_listing(path, sr=c.site, num=1) link = listing.things[0] if listing.things else None if c.cname and not c.authorized_cname: # In this case, we make some bad guesses caused by the # cname frame on unauthorised cnames. # 1. User types http://foo.com/http://myurl?cheese=brie # (where foo.com is an unauthorised cname) # 2. We generate a frame that points to # http://www.reddit.com/r/foo/http://myurl?cnameframe=0.12345&cheese=brie # 3. Because we accept everything after the /r/foo/, and # we've now parsed, modified, and reconstituted that # URL to add cnameframe, we really can't make any good # assumptions about what we've done to a potentially # already broken URL, and we can't assume that we've # rebuilt it in the way that it was originally # submitted (if it was) # We could try to work around this with more guesses (by # having demangle_url try to remove that param, hoping # that it's not already a malformed URL, and that we # haven't re-ordered the GET params, removed # double-slashes, etc), but for now, we'll just refuse to # do this operation return self.abort404() if link: # we were able to find it, let's send them to the # link-id-based URL so that their URL is reusable return self.redirect(add_sr("/tb/" + link._id36)) title = utils.domain(path) res = Frame( title=title, url=match_current_reddit_subdomain(path), ) # we don't want clients to think that this URL is actually a # valid URL for search-indexing or the like request.environ['usable_error_content'] = spaceCompress(res.render()) abort(404)
def GET_s(self, rest): """/s/http://..., show a given URL with the toolbar. if it's submitted, redirect to /tb/$id36""" force_html() path = demangle_url(request.fullpath) if not path: # it was malformed self.abort404() # if the domain is shame-banned, bail out. if is_shamed_domain(path)[0]: self.abort404() link = utils.link_from_url(path, multiple=False) if c.cname and not c.authorized_cname: # In this case, we make some bad guesses caused by the # cname frame on unauthorised cnames. # 1. User types http://foo.com/http://myurl?cheese=brie # (where foo.com is an unauthorised cname) # 2. We generate a frame that points to # http://www.reddit.com/r/foo/http://myurl?cnameframe=0.12345&cheese=brie # 3. Because we accept everything after the /r/foo/, and # we've now parsed, modified, and reconstituted that # URL to add cnameframe, we really can't make any good # assumptions about what we've done to a potentially # already broken URL, and we can't assume that we've # rebuilt it in the way that it was originally # submitted (if it was) # We could try to work around this with more guesses (by # having demangle_url try to remove that param, hoping # that it's not already a malformed URL, and that we # haven't re-ordered the GET params, removed # double-slashes, etc), but for now, we'll just refuse to # do this operation return self.abort404() if link: # we were able to find it, let's send them to the # link-id-based URL so that their URL is reusable return self.redirect(add_sr("/tb/" + link._id36)) title = utils.domain(path) res = Frame( title=title, url=match_current_reddit_subdomain(path), ) # we don't want clients to think that this URL is actually a # valid URL for search-indexing or the like request.environ['usable_error_content'] = spaceCompress(res.render()) abort(404)
def GET_s(self, urloid): """/s/http://..., show a given URL with the toolbar. if it's submitted, redirect to /tb/$id36""" force_html() path = demangle_url(request.fullpath) if not path: # it was malformed self.abort404() # if the domain is shame-banned, bail out. if is_shamed_domain(path)[0]: self.abort404() listing = hot_links_by_url_listing(path, sr=c.site, num=1) link = listing.things[0] if listing.things else None if c.cname and not c.authorized_cname: # In this case, we make some bad guesses caused by the # cname frame on unauthorised cnames. # 1. User types http://foo.com/http://myurl?cheese=brie # (where foo.com is an unauthorised cname) # 2. We generate a frame that points to # http://www.reddit.com/r/foo/http://myurl?cnameframe=0.12345&cheese=brie # 3. Because we accept everything after the /r/foo/, and # we've now parsed, modified, and reconstituted that # URL to add cnameframe, we really can't make any good # assumptions about what we've done to a potentially # already broken URL, and we can't assume that we've # rebuilt it in the way that it was originally # submitted (if it was) # We could try to work around this with more guesses (by # having demangle_url try to remove that param, hoping # that it's not already a malformed URL, and that we # haven't re-ordered the GET params, removed # double-slashes, etc), but for now, we'll just refuse to # do this operation return self.abort404() if link: # we were able to find it, let's send them to the # toolbar (if enabled) or comments (if not) return self.redirect(add_sr("/tb/" + link._id36)) else: # It hasn't been submitted yet. Give them a chance to qs = utils.query_string({"url": path}) return self.redirect(add_sr("/submit?" + qs))
def GET_tb(self, link): '''/tb/$id36, show a given link with the toolbar If the user doesn't have the toolbar enabled, redirect to comments page. ''' from r2.lib.media import thumbnail_url redirect_url = None query_params = dict(request.GET) if not link: return self.abort404() elif not link.subreddit_slow.can_view(c.user): # don't disclose the subreddit/title of a post via the redirect url self.abort403() elif link.is_self: redirect_url = link.url elif not (c.user_is_loggedin and c.user.uses_toolbar): redirect_url = link.make_permalink_slow(force_domain=True) if redirect_url: if query_params: url = UrlParser(redirect_url) url.update_query(**query_params) redirect_url = url.unparse() return self.redirect(redirect_url) # if the domain is shame-banned, bail out. if is_shamed_domain(link.url)[0]: self.abort404() if link.has_thumbnail: thumbnail = thumbnail_url(link) else: thumbnail = None res = Frame( title=link.title, url=match_current_reddit_subdomain(link.url), thumbnail=thumbnail, fullname=link._fullname, ) return spaceCompress(res.render())