Mercurial > hg > isophonics-drupal-site
comparison core/modules/media/src/IFrameUrlHelper.php @ 17:129ea1e6d783
Update, including to Drupal core 8.6.10
| author | Chris Cannam |
|---|---|
| date | Thu, 28 Feb 2019 13:21:36 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 16:c2387f117808 | 17:129ea1e6d783 |
|---|---|
| 1 <?php | |
| 2 | |
| 3 namespace Drupal\media; | |
| 4 | |
| 5 use Drupal\Component\Utility\Crypt; | |
| 6 use Drupal\Core\PrivateKey; | |
| 7 use Drupal\Core\Routing\RequestContext; | |
| 8 use Drupal\Core\Site\Settings; | |
| 9 | |
| 10 /** | |
| 11 * Providers helper functions for displaying oEmbed resources in an iFrame. | |
| 12 * | |
| 13 * @internal | |
| 14 * This is an internal part of the oEmbed system and should only be used by | |
| 15 * oEmbed-related code in Drupal core. | |
| 16 */ | |
| 17 class IFrameUrlHelper { | |
| 18 | |
| 19 /** | |
| 20 * The request context service. | |
| 21 * | |
| 22 * @var \Drupal\Core\Routing\RequestContext | |
| 23 */ | |
| 24 protected $requestContext; | |
| 25 | |
| 26 /** | |
| 27 * The private key service. | |
| 28 * | |
| 29 * @var \Drupal\Core\PrivateKey | |
| 30 */ | |
| 31 protected $privateKey; | |
| 32 | |
| 33 /** | |
| 34 * IFrameUrlHelper constructor. | |
| 35 * | |
| 36 * @param \Drupal\Core\Routing\RequestContext $request_context | |
| 37 * The request context service. | |
| 38 * @param \Drupal\Core\PrivateKey $private_key | |
| 39 * The private key service. | |
| 40 */ | |
| 41 public function __construct(RequestContext $request_context, PrivateKey $private_key) { | |
| 42 $this->requestContext = $request_context; | |
| 43 $this->privateKey = $private_key; | |
| 44 } | |
| 45 | |
| 46 /** | |
| 47 * Hashes an oEmbed resource URL. | |
| 48 * | |
| 49 * @param string $url | |
| 50 * The resource URL. | |
| 51 * @param int $max_width | |
| 52 * (optional) The maximum width of the resource. | |
| 53 * @param int $max_height | |
| 54 * (optional) The maximum height of the resource. | |
| 55 * | |
| 56 * @return string | |
| 57 * The hashed URL. | |
| 58 */ | |
| 59 public function getHash($url, $max_width = NULL, $max_height = NULL) { | |
| 60 return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt()); | |
| 61 } | |
| 62 | |
| 63 /** | |
| 64 * Checks if an oEmbed URL can be securely displayed in an frame. | |
| 65 * | |
| 66 * @param string $url | |
| 67 * The URL to check. | |
| 68 * | |
| 69 * @return bool | |
| 70 * TRUE if the URL is considered secure, otherwise FALSE. | |
| 71 */ | |
| 72 public function isSecure($url) { | |
| 73 if (!$url) { | |
| 74 return FALSE; | |
| 75 } | |
| 76 $url_host = parse_url($url, PHP_URL_HOST); | |
| 77 $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST); | |
| 78 | |
| 79 // The URL is secure if its domain is not the same as the domain of the base | |
| 80 // URL of the current request. | |
| 81 return $url_host && $system_host && $url_host !== $system_host; | |
| 82 } | |
| 83 | |
| 84 } |