123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 |
- <?php
- namespace Drupal\media;
- use Drupal\Component\Utility\Crypt;
- use Drupal\Core\PrivateKey;
- use Drupal\Core\Routing\RequestContext;
- use Drupal\Core\Site\Settings;
- /**
- * Providers helper functions for displaying oEmbed resources in an iFrame.
- *
- * @internal
- * This is an internal part of the oEmbed system and should only be used by
- * oEmbed-related code in Drupal core.
- */
- class IFrameUrlHelper {
- /**
- * The request context service.
- *
- * @var \Drupal\Core\Routing\RequestContext
- */
- protected $requestContext;
- /**
- * The private key service.
- *
- * @var \Drupal\Core\PrivateKey
- */
- protected $privateKey;
- /**
- * IFrameUrlHelper constructor.
- *
- * @param \Drupal\Core\Routing\RequestContext $request_context
- * The request context service.
- * @param \Drupal\Core\PrivateKey $private_key
- * The private key service.
- */
- public function __construct(RequestContext $request_context, PrivateKey $private_key) {
- $this->requestContext = $request_context;
- $this->privateKey = $private_key;
- }
- /**
- * Hashes an oEmbed resource URL.
- *
- * @param string $url
- * The resource URL.
- * @param int $max_width
- * (optional) The maximum width of the resource.
- * @param int $max_height
- * (optional) The maximum height of the resource.
- *
- * @return string
- * The hashed URL.
- */
- public function getHash($url, $max_width = NULL, $max_height = NULL) {
- return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt());
- }
- /**
- * Checks if an oEmbed URL can be securely displayed in an frame.
- *
- * @param string $url
- * The URL to check.
- *
- * @return bool
- * TRUE if the URL is considered secure, otherwise FALSE.
- */
- public function isSecure($url) {
- if (!$url) {
- return FALSE;
- }
- $url_host = parse_url($url, PHP_URL_HOST);
- $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST);
- // The URL is secure if its domain is not the same as the domain of the base
- // URL of the current request.
- return $url_host && $system_host && $url_host !== $system_host;
- }
- }
|