Home Explore Help
Sign In
bachir
/
edlp_d8
1
0
Fork 0
Files Issues 8 Pull Requests 0 Wiki
Tree: c20eb11db0
Branches Tags
edlp_d8
/
core
/
modules
/
media
/
src
/
IFrameUrlHelper.php

IFrameUrlHelper.php 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. <?php
    2. 

  2. 

  3. namespace Drupal\media;
    4. 

  4. 

  5. use Drupal\Component\Utility\Crypt;
    6. 

  6. use Drupal\Core\PrivateKey;
    7. 

  7. use Drupal\Core\Routing\RequestContext;
    8. 

  8. use Drupal\Core\Site\Settings;
    9. 

  9. 

  10. /**
    11. 

  11.  * Providers helper functions for displaying oEmbed resources in an iFrame.
    12. 

  12.  *
    13. 

  13.  * @internal
    14. 

  14.  *   This is an internal part of the oEmbed system and should only be used by
    15. 

  15.  *   oEmbed-related code in Drupal core.
    16. 

  16.  */
    17. 

  17. class IFrameUrlHelper {
    18. 

  18. 

  19.   /**
    20. 

  20.    * The request context service.
    21. 

  21.    *
    22. 

  22.    * @var \Drupal\Core\Routing\RequestContext
    23. 

  23.    */
    24. 

  24.   protected $requestContext;
    25. 

  25. 

  26.   /**
    27. 

  27.    * The private key service.
    28. 

  28.    *
    29. 

  29.    * @var \Drupal\Core\PrivateKey
    30. 

  30.    */
    31. 

  31.   protected $privateKey;
    32. 

  32. 

  33.   /**
    34. 

  34.    * IFrameUrlHelper constructor.
    35. 

  35.    *
    36. 

  36.    * @param \Drupal\Core\Routing\RequestContext $request_context
    37. 

  37.    *   The request context service.
    38. 

  38.    * @param \Drupal\Core\PrivateKey $private_key
    39. 

  39.    *   The private key service.
    40. 

  40.    */
    41. 

  41.   public function __construct(RequestContext $request_context, PrivateKey $private_key) {
    42. 

  42.     $this->requestContext = $request_context;
    43. 

  43.     $this->privateKey = $private_key;
    44. 

  44.   }
    45. 

  45. 

  46.   /**
    47. 

  47.    * Hashes an oEmbed resource URL.
    48. 

  48.    *
    49. 

  49.    * @param string $url
    50. 

  50.    *   The resource URL.
    51. 

  51.    * @param int $max_width
    52. 

  52.    *   (optional) The maximum width of the resource.
    53. 

  53.    * @param int $max_height
    54. 

  54.    *   (optional) The maximum height of the resource.
    55. 

  55.    *
    56. 

  56.    * @return string
    57. 

  57.    *   The hashed URL.
    58. 

  58.    */
    59. 

  59.   public function getHash($url, $max_width = NULL, $max_height = NULL) {
    60. 

  60.     return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt());
    61. 

  61.   }
    62. 

  62. 

  63.   /**
    64. 

  64.    * Checks if an oEmbed URL can be securely displayed in an frame.
    65. 

  65.    *
    66. 

  66.    * @param string $url
    67. 

  67.    *   The URL to check.
    68. 

  68.    *
    69. 

  69.    * @return bool
    70. 

  70.    *   TRUE if the URL is considered secure, otherwise FALSE.
    71. 

  71.    */
    72. 

  72.   public function isSecure($url) {
    73. 

  73.     if (!$url) {
    74. 

  74.       return FALSE;
    75. 

  75.     }
    76. 

  76.     $url_host = parse_url($url, PHP_URL_HOST);
    77. 

  77.     $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST);
    78. 

  78. 

  79.     // The URL is secure if its domain is not the same as the domain of the base
    80. 

  80.     // URL of the current request.
    81. 

  81.     return $url_host && $system_host && $url_host !== $system_host;
    82. 

  82.   }
    83. 

  83. 

  84. }
    85.