Mercurial > hg > isophonics-drupal-site

diff core/modules/media/src/IFrameUrlHelper.php @ 17:129ea1e6d783

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update, including to Drupal core 8.6.10
author Chris Cannam
date Thu, 28 Feb 2019 13:21:36 +0000
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/core/modules/media/src/IFrameUrlHelper.php	Thu Feb 28 13:21:36 2019 +0000
@@ -0,0 +1,84 @@
+<?php
+
+namespace Drupal\media;
+
+use Drupal\Component\Utility\Crypt;
+use Drupal\Core\PrivateKey;
+use Drupal\Core\Routing\RequestContext;
+use Drupal\Core\Site\Settings;
+
+/**
+ * Providers helper functions for displaying oEmbed resources in an iFrame.
+ *
+ * @internal
+ *   This is an internal part of the oEmbed system and should only be used by
+ *   oEmbed-related code in Drupal core.
+ */
+class IFrameUrlHelper {
+
+  /**
+   * The request context service.
+   *
+   * @var \Drupal\Core\Routing\RequestContext
+   */
+  protected $requestContext;
+
+  /**
+   * The private key service.
+   *
+   * @var \Drupal\Core\PrivateKey
+   */
+  protected $privateKey;
+
+  /**
+   * IFrameUrlHelper constructor.
+   *
+   * @param \Drupal\Core\Routing\RequestContext $request_context
+   *   The request context service.
+   * @param \Drupal\Core\PrivateKey $private_key
+   *   The private key service.
+   */
+  public function __construct(RequestContext $request_context, PrivateKey $private_key) {
+    $this->requestContext = $request_context;
+    $this->privateKey = $private_key;
+  }
+
+  /**
+   * Hashes an oEmbed resource URL.
+   *
+   * @param string $url
+   *   The resource URL.
+   * @param int $max_width
+   *   (optional) The maximum width of the resource.
+   * @param int $max_height
+   *   (optional) The maximum height of the resource.
+   *
+   * @return string
+   *   The hashed URL.
+   */
+  public function getHash($url, $max_width = NULL, $max_height = NULL) {
+    return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt());
+  }
+
+  /**
+   * Checks if an oEmbed URL can be securely displayed in an frame.
+   *
+   * @param string $url
+   *   The URL to check.
+   *
+   * @return bool
+   *   TRUE if the URL is considered secure, otherwise FALSE.
+   */
+  public function isSecure($url) {
+    if (!$url) {
+      return FALSE;
+    }
+    $url_host = parse_url($url, PHP_URL_HOST);
+    $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST);
+
+    // The URL is secure if its domain is not the same as the domain of the base
+    // URL of the current request.
+    return $url_host && $system_host && $url_host !== $system_host;
+  }
+
+}