Mercurial > hg > isophonics-drupal-site

comparison core/modules/contextual/src/ContextualController.php @ 17:129ea1e6d783

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update, including to Drupal core 8.6.10
author Chris Cannam
date Thu, 28 Feb 2019 13:21:36 +0000
parents 4c8ae668cc8c
children
comparison
equal deleted inserted replaced
16:c2387f117808 17:129ea1e6d783
1 <?php 1 <?php
2 2
3 namespace Drupal\contextual; 3 namespace Drupal\contextual;
4 4
5 use Drupal\Component\Utility\Crypt;
5 use Drupal\Core\DependencyInjection\ContainerInjectionInterface; 6 use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
6 use Drupal\Core\Render\RendererInterface; 7 use Drupal\Core\Render\RendererInterface;
8 use Drupal\Core\Site\Settings;
7 use Symfony\Component\DependencyInjection\ContainerInterface; 9 use Symfony\Component\DependencyInjection\ContainerInterface;
8 use Symfony\Component\HttpFoundation\JsonResponse; 10 use Symfony\Component\HttpFoundation\JsonResponse;
9 use Symfony\Component\HttpFoundation\Request; 11 use Symfony\Component\HttpFoundation\Request;
10 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; 12 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
11 13
14 */ 16 */
15 class ContextualController implements ContainerInjectionInterface { 17 class ContextualController implements ContainerInjectionInterface {
16 18
17 /** 19 /**
18 * The renderer. 20 * The renderer.
21 *
19 * @var \Drupal\Core\Render\RendererInterface 22 * @var \Drupal\Core\Render\RendererInterface
20 */ 23 */
21 protected $render; 24 protected $renderer;
22 25
23 /** 26 /**
24 * Constructors a new ContextualController 27 * Constructors a new ContextualController.
25 * 28 *
26 * @param \Drupal\Core\Render\RendererInterface $renderer 29 * @param \Drupal\Core\Render\RendererInterface $renderer
27 * The renderer. 30 * The renderer.
28 */ 31 */
29 public function __construct(RendererInterface $renderer) { 32 public function __construct(RendererInterface $renderer) {
43 * Returns the requested rendered contextual links. 46 * Returns the requested rendered contextual links.
44 * 47 *
45 * Given a list of contextual links IDs, render them. Hence this must be 48 * Given a list of contextual links IDs, render them. Hence this must be
46 * robust to handle arbitrary input. 49 * robust to handle arbitrary input.
47 * 50 *
48 * @see contextual_preprocess() 51 * @param \Symfony\Component\HttpFoundation\Request $request
52 * The Symfony request object.
49 * 53 *
50 * @return \Symfony\Component\HttpFoundation\JsonResponse 54 * @return \Symfony\Component\HttpFoundation\JsonResponse
51 * The JSON response. 55 * The JSON response.
56 *
57 * @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
58 * Thrown when the request contains no ids.
59 *
60 * @see contextual_preprocess()
52 */ 61 */
53 public function render(Request $request) { 62 public function render(Request $request) {
54 $ids = $request->request->get('ids'); 63 $ids = $request->request->get('ids');
55 if (!isset($ids)) { 64 if (!isset($ids)) {
56 throw new BadRequestHttpException(t('No contextual ids specified.')); 65 throw new BadRequestHttpException(t('No contextual ids specified.'));
57 } 66 }
58 67
68 $tokens = $request->request->get('tokens');
69 if (!isset($tokens)) {
70 throw new BadRequestHttpException(t('No contextual ID tokens specified.'));
71 }
72
59 $rendered = []; 73 $rendered = [];
60 foreach ($ids as $id) { 74 foreach ($ids as $key => $id) {
75 if (!isset($tokens[$key]) || !Crypt::hashEquals($tokens[$key], Crypt::hmacBase64($id, Settings::getHashSalt() . \Drupal::service('private_key')->get()))) {
76 throw new BadRequestHttpException('Invalid contextual ID specified.');
77 }
61 $element = [ 78 $element = [
62 '#type' => 'contextual_links', 79 '#type' => 'contextual_links',
63 '#contextual_links' => _contextual_id_to_links($id), 80 '#contextual_links' => _contextual_id_to_links($id),
64 ]; 81 ];
65 $rendered[$id] = $this->renderer->renderRoot($element); 82 $rendered[$id] = $this->renderer->renderRoot($element);