|
Chris@17
|
1 <?php
|
|
Chris@17
|
2
|
|
Chris@17
|
3 namespace Drupal\media;
|
|
Chris@17
|
4
|
|
Chris@17
|
5 use Drupal\Component\Utility\Crypt;
|
|
Chris@17
|
6 use Drupal\Core\PrivateKey;
|
|
Chris@17
|
7 use Drupal\Core\Routing\RequestContext;
|
|
Chris@17
|
8 use Drupal\Core\Site\Settings;
|
|
Chris@17
|
9
|
|
Chris@17
|
10 /**
|
|
Chris@17
|
11 * Providers helper functions for displaying oEmbed resources in an iFrame.
|
|
Chris@17
|
12 *
|
|
Chris@17
|
13 * @internal
|
|
Chris@17
|
14 * This is an internal part of the oEmbed system and should only be used by
|
|
Chris@17
|
15 * oEmbed-related code in Drupal core.
|
|
Chris@17
|
16 */
|
|
Chris@17
|
17 class IFrameUrlHelper {
|
|
Chris@17
|
18
|
|
Chris@17
|
19 /**
|
|
Chris@17
|
20 * The request context service.
|
|
Chris@17
|
21 *
|
|
Chris@17
|
22 * @var \Drupal\Core\Routing\RequestContext
|
|
Chris@17
|
23 */
|
|
Chris@17
|
24 protected $requestContext;
|
|
Chris@17
|
25
|
|
Chris@17
|
26 /**
|
|
Chris@17
|
27 * The private key service.
|
|
Chris@17
|
28 *
|
|
Chris@17
|
29 * @var \Drupal\Core\PrivateKey
|
|
Chris@17
|
30 */
|
|
Chris@17
|
31 protected $privateKey;
|
|
Chris@17
|
32
|
|
Chris@17
|
33 /**
|
|
Chris@17
|
34 * IFrameUrlHelper constructor.
|
|
Chris@17
|
35 *
|
|
Chris@17
|
36 * @param \Drupal\Core\Routing\RequestContext $request_context
|
|
Chris@17
|
37 * The request context service.
|
|
Chris@17
|
38 * @param \Drupal\Core\PrivateKey $private_key
|
|
Chris@17
|
39 * The private key service.
|
|
Chris@17
|
40 */
|
|
Chris@17
|
41 public function __construct(RequestContext $request_context, PrivateKey $private_key) {
|
|
Chris@17
|
42 $this->requestContext = $request_context;
|
|
Chris@17
|
43 $this->privateKey = $private_key;
|
|
Chris@17
|
44 }
|
|
Chris@17
|
45
|
|
Chris@17
|
46 /**
|
|
Chris@17
|
47 * Hashes an oEmbed resource URL.
|
|
Chris@17
|
48 *
|
|
Chris@17
|
49 * @param string $url
|
|
Chris@17
|
50 * The resource URL.
|
|
Chris@17
|
51 * @param int $max_width
|
|
Chris@17
|
52 * (optional) The maximum width of the resource.
|
|
Chris@17
|
53 * @param int $max_height
|
|
Chris@17
|
54 * (optional) The maximum height of the resource.
|
|
Chris@17
|
55 *
|
|
Chris@17
|
56 * @return string
|
|
Chris@17
|
57 * The hashed URL.
|
|
Chris@17
|
58 */
|
|
Chris@17
|
59 public function getHash($url, $max_width = NULL, $max_height = NULL) {
|
|
Chris@17
|
60 return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt());
|
|
Chris@17
|
61 }
|
|
Chris@17
|
62
|
|
Chris@17
|
63 /**
|
|
Chris@17
|
64 * Checks if an oEmbed URL can be securely displayed in an frame.
|
|
Chris@17
|
65 *
|
|
Chris@17
|
66 * @param string $url
|
|
Chris@17
|
67 * The URL to check.
|
|
Chris@17
|
68 *
|
|
Chris@17
|
69 * @return bool
|
|
Chris@17
|
70 * TRUE if the URL is considered secure, otherwise FALSE.
|
|
Chris@17
|
71 */
|
|
Chris@17
|
72 public function isSecure($url) {
|
|
Chris@17
|
73 if (!$url) {
|
|
Chris@17
|
74 return FALSE;
|
|
Chris@17
|
75 }
|
|
Chris@17
|
76 $url_host = parse_url($url, PHP_URL_HOST);
|
|
Chris@17
|
77 $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST);
|
|
Chris@17
|
78
|
|
Chris@17
|
79 // The URL is secure if its domain is not the same as the domain of the base
|
|
Chris@17
|
80 // URL of the current request.
|
|
Chris@17
|
81 return $url_host && $system_host && $url_host !== $system_host;
|
|
Chris@17
|
82 }
|
|
Chris@17
|
83
|
|
Chris@17
|
84 }
|
