Chris@17: <?php
Chris@17: 
Chris@17: namespace Drupal\media;
Chris@17: 
Chris@17: use Drupal\Component\Utility\Crypt;
Chris@17: use Drupal\Core\PrivateKey;
Chris@17: use Drupal\Core\Routing\RequestContext;
Chris@17: use Drupal\Core\Site\Settings;
Chris@17: 
Chris@17: /**
Chris@17:  * Providers helper functions for displaying oEmbed resources in an iFrame.
Chris@17:  *
Chris@17:  * @internal
Chris@17:  *   This is an internal part of the oEmbed system and should only be used by
Chris@17:  *   oEmbed-related code in Drupal core.
Chris@17:  */
Chris@17: class IFrameUrlHelper {
Chris@17: 
Chris@17:   /**
Chris@17:    * The request context service.
Chris@17:    *
Chris@17:    * @var \Drupal\Core\Routing\RequestContext
Chris@17:    */
Chris@17:   protected $requestContext;
Chris@17: 
Chris@17:   /**
Chris@17:    * The private key service.
Chris@17:    *
Chris@17:    * @var \Drupal\Core\PrivateKey
Chris@17:    */
Chris@17:   protected $privateKey;
Chris@17: 
Chris@17:   /**
Chris@17:    * IFrameUrlHelper constructor.
Chris@17:    *
Chris@17:    * @param \Drupal\Core\Routing\RequestContext $request_context
Chris@17:    *   The request context service.
Chris@17:    * @param \Drupal\Core\PrivateKey $private_key
Chris@17:    *   The private key service.
Chris@17:    */
Chris@17:   public function __construct(RequestContext $request_context, PrivateKey $private_key) {
Chris@17:     $this->requestContext = $request_context;
Chris@17:     $this->privateKey = $private_key;
Chris@17:   }
Chris@17: 
Chris@17:   /**
Chris@17:    * Hashes an oEmbed resource URL.
Chris@17:    *
Chris@17:    * @param string $url
Chris@17:    *   The resource URL.
Chris@17:    * @param int $max_width
Chris@17:    *   (optional) The maximum width of the resource.
Chris@17:    * @param int $max_height
Chris@17:    *   (optional) The maximum height of the resource.
Chris@17:    *
Chris@17:    * @return string
Chris@17:    *   The hashed URL.
Chris@17:    */
Chris@17:   public function getHash($url, $max_width = NULL, $max_height = NULL) {
Chris@17:     return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt());
Chris@17:   }
Chris@17: 
Chris@17:   /**
Chris@17:    * Checks if an oEmbed URL can be securely displayed in an frame.
Chris@17:    *
Chris@17:    * @param string $url
Chris@17:    *   The URL to check.
Chris@17:    *
Chris@17:    * @return bool
Chris@17:    *   TRUE if the URL is considered secure, otherwise FALSE.
Chris@17:    */
Chris@17:   public function isSecure($url) {
Chris@17:     if (!$url) {
Chris@17:       return FALSE;
Chris@17:     }
Chris@17:     $url_host = parse_url($url, PHP_URL_HOST);
Chris@17:     $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST);
Chris@17: 
Chris@17:     // The URL is secure if its domain is not the same as the domain of the base
Chris@17:     // URL of the current request.
Chris@17:     return $url_host && $system_host && $url_host !== $system_host;
Chris@17:   }
Chris@17: 
Chris@17: }