Mercurial > hg > isophonics-drupal-site
view core/modules/media/src/IFrameUrlHelper.php @ 19:fa3358dc1485 tip
Add ndrum files
author | Chris Cannam |
---|---|
date | Wed, 28 Aug 2019 13:14:47 +0100 |
parents | 129ea1e6d783 |
children |
line wrap: on
line source
<?php namespace Drupal\media; use Drupal\Component\Utility\Crypt; use Drupal\Core\PrivateKey; use Drupal\Core\Routing\RequestContext; use Drupal\Core\Site\Settings; /** * Providers helper functions for displaying oEmbed resources in an iFrame. * * @internal * This is an internal part of the oEmbed system and should only be used by * oEmbed-related code in Drupal core. */ class IFrameUrlHelper { /** * The request context service. * * @var \Drupal\Core\Routing\RequestContext */ protected $requestContext; /** * The private key service. * * @var \Drupal\Core\PrivateKey */ protected $privateKey; /** * IFrameUrlHelper constructor. * * @param \Drupal\Core\Routing\RequestContext $request_context * The request context service. * @param \Drupal\Core\PrivateKey $private_key * The private key service. */ public function __construct(RequestContext $request_context, PrivateKey $private_key) { $this->requestContext = $request_context; $this->privateKey = $private_key; } /** * Hashes an oEmbed resource URL. * * @param string $url * The resource URL. * @param int $max_width * (optional) The maximum width of the resource. * @param int $max_height * (optional) The maximum height of the resource. * * @return string * The hashed URL. */ public function getHash($url, $max_width = NULL, $max_height = NULL) { return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt()); } /** * Checks if an oEmbed URL can be securely displayed in an frame. * * @param string $url * The URL to check. * * @return bool * TRUE if the URL is considered secure, otherwise FALSE. */ public function isSecure($url) { if (!$url) { return FALSE; } $url_host = parse_url($url, PHP_URL_HOST); $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST); // The URL is secure if its domain is not the same as the domain of the base // URL of the current request. return $url_host && $system_host && $url_host !== $system_host; } }