Mercurial > hg > isophonics-drupal-site

view core/modules/media/src/IFrameUrlHelper.php @ 19:fa3358dc1485 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 129ea1e6d783
children
line wrap: on
line source
<?php

namespace Drupal\media;

use Drupal\Component\Utility\Crypt;
use Drupal\Core\PrivateKey;
use Drupal\Core\Routing\RequestContext;
use Drupal\Core\Site\Settings;

/**
 * Providers helper functions for displaying oEmbed resources in an iFrame.
 *
 * @internal
 *   This is an internal part of the oEmbed system and should only be used by
 *   oEmbed-related code in Drupal core.
 */
class IFrameUrlHelper {

  /**
   * The request context service.
   *
   * @var \Drupal\Core\Routing\RequestContext
   */
  protected $requestContext;

  /**
   * The private key service.
   *
   * @var \Drupal\Core\PrivateKey
   */
  protected $privateKey;

  /**
   * IFrameUrlHelper constructor.
   *
   * @param \Drupal\Core\Routing\RequestContext $request_context
   *   The request context service.
   * @param \Drupal\Core\PrivateKey $private_key
   *   The private key service.
   */
  public function __construct(RequestContext $request_context, PrivateKey $private_key) {
    $this->requestContext = $request_context;
    $this->privateKey = $private_key;
  }

  /**
   * Hashes an oEmbed resource URL.
   *
   * @param string $url
   *   The resource URL.
   * @param int $max_width
   *   (optional) The maximum width of the resource.
   * @param int $max_height
   *   (optional) The maximum height of the resource.
   *
   * @return string
   *   The hashed URL.
   */
  public function getHash($url, $max_width = NULL, $max_height = NULL) {
    return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt());
  }

  /**
   * Checks if an oEmbed URL can be securely displayed in an frame.
   *
   * @param string $url
   *   The URL to check.
   *
   * @return bool
   *   TRUE if the URL is considered secure, otherwise FALSE.
   */
  public function isSecure($url) {
    if (!$url) {
      return FALSE;
    }
    $url_host = parse_url($url, PHP_URL_HOST);
    $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST);

    // The URL is secure if its domain is not the same as the domain of the base
    // URL of the current request.
    return $url_host && $system_host && $url_host !== $system_host;
  }

}