Mercurial > hg > isophonics-drupal-site
comparison vendor/symfony/http-kernel/UriSigner.php @ 0:4c8ae668cc8c
Initial import (non-working)
| author | Chris Cannam |
|---|---|
| date | Wed, 29 Nov 2017 16:09:58 +0000 |
| parents | |
| children | 1fec387a4317 |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:4c8ae668cc8c |
|---|---|
| 1 <?php | |
| 2 | |
| 3 /* | |
| 4 * This file is part of the Symfony package. | |
| 5 * | |
| 6 * (c) Fabien Potencier <fabien@symfony.com> | |
| 7 * | |
| 8 * For the full copyright and license information, please view the LICENSE | |
| 9 * file that was distributed with this source code. | |
| 10 */ | |
| 11 | |
| 12 namespace Symfony\Component\HttpKernel; | |
| 13 | |
| 14 /** | |
| 15 * Signs URIs. | |
| 16 * | |
| 17 * @author Fabien Potencier <fabien@symfony.com> | |
| 18 */ | |
| 19 class UriSigner | |
| 20 { | |
| 21 private $secret; | |
| 22 | |
| 23 /** | |
| 24 * Constructor. | |
| 25 * | |
| 26 * @param string $secret A secret | |
| 27 */ | |
| 28 public function __construct($secret) | |
| 29 { | |
| 30 $this->secret = $secret; | |
| 31 } | |
| 32 | |
| 33 /** | |
| 34 * Signs a URI. | |
| 35 * | |
| 36 * The given URI is signed by adding a _hash query string parameter | |
| 37 * which value depends on the URI and the secret. | |
| 38 * | |
| 39 * @param string $uri A URI to sign | |
| 40 * | |
| 41 * @return string The signed URI | |
| 42 */ | |
| 43 public function sign($uri) | |
| 44 { | |
| 45 $url = parse_url($uri); | |
| 46 if (isset($url['query'])) { | |
| 47 parse_str($url['query'], $params); | |
| 48 } else { | |
| 49 $params = array(); | |
| 50 } | |
| 51 | |
| 52 $uri = $this->buildUrl($url, $params); | |
| 53 | |
| 54 return $uri.(false === strpos($uri, '?') ? '?' : '&').'_hash='.$this->computeHash($uri); | |
| 55 } | |
| 56 | |
| 57 /** | |
| 58 * Checks that a URI contains the correct hash. | |
| 59 * | |
| 60 * The _hash query string parameter must be the last one | |
| 61 * (as it is generated that way by the sign() method, it should | |
| 62 * never be a problem). | |
| 63 * | |
| 64 * @param string $uri A signed URI | |
| 65 * | |
| 66 * @return bool True if the URI is signed correctly, false otherwise | |
| 67 */ | |
| 68 public function check($uri) | |
| 69 { | |
| 70 $url = parse_url($uri); | |
| 71 if (isset($url['query'])) { | |
| 72 parse_str($url['query'], $params); | |
| 73 } else { | |
| 74 $params = array(); | |
| 75 } | |
| 76 | |
| 77 if (empty($params['_hash'])) { | |
| 78 return false; | |
| 79 } | |
| 80 | |
| 81 $hash = urlencode($params['_hash']); | |
| 82 unset($params['_hash']); | |
| 83 | |
| 84 return $this->computeHash($this->buildUrl($url, $params)) === $hash; | |
| 85 } | |
| 86 | |
| 87 private function computeHash($uri) | |
| 88 { | |
| 89 return urlencode(base64_encode(hash_hmac('sha256', $uri, $this->secret, true))); | |
| 90 } | |
| 91 | |
| 92 private function buildUrl(array $url, array $params = array()) | |
| 93 { | |
| 94 ksort($params, SORT_STRING); | |
| 95 $url['query'] = http_build_query($params, '', '&'); | |
| 96 | |
| 97 $scheme = isset($url['scheme']) ? $url['scheme'].'://' : ''; | |
| 98 $host = isset($url['host']) ? $url['host'] : ''; | |
| 99 $port = isset($url['port']) ? ':'.$url['port'] : ''; | |
| 100 $user = isset($url['user']) ? $url['user'] : ''; | |
| 101 $pass = isset($url['pass']) ? ':'.$url['pass'] : ''; | |
| 102 $pass = ($user || $pass) ? "$pass@" : ''; | |
| 103 $path = isset($url['path']) ? $url['path'] : ''; | |
| 104 $query = isset($url['query']) && $url['query'] ? '?'.$url['query'] : ''; | |
| 105 $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : ''; | |
| 106 | |
| 107 return $scheme.$user.$pass.$host.$port.$path.$query.$fragment; | |
| 108 } | |
| 109 } |