requestContext = $request_context; $this->privateKey = $private_key; } /** * Hashes an oEmbed resource URL. * * @param string $url * The resource URL. * @param int $max_width * (optional) The maximum width of the resource. * @param int $max_height * (optional) The maximum height of the resource. * * @return string * The hashed URL. */ public function getHash($url, $max_width = NULL, $max_height = NULL) { return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt()); } /** * Checks if an oEmbed URL can be securely displayed in an frame. * * @param string $url * The URL to check. * * @return bool * TRUE if the URL is considered secure, otherwise FALSE. */ public function isSecure($url) { if (!$url) { return FALSE; } $url_host = parse_url($url, PHP_URL_HOST); $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST); // The URL is secure if its domain is not the same as the domain of the base // URL of the current request. return $url_host && $system_host && $url_host !== $system_host; } }