Updated Drupal to 8.6. This goes with the following updates because it's possible...

[yaffs-website] / web / core / modules / media / src / IFrameUrlHelper.php

diff --git a/web/core/modules/media/src/IFrameUrlHelper.php b/web/core/modules/media/src/IFrameUrlHelper.php
new file mode 100644 (file)
index 0000000..5da0959
--- /dev/null
+++ b/web/core/modules/media/src/IFrameUrlHelper.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace Drupal\media;
+
+use Drupal\Component\Utility\Crypt;
+use Drupal\Core\PrivateKey;
+use Drupal\Core\Routing\RequestContext;
+use Drupal\Core\Site\Settings;
+
+/**
+ * Providers helper functions for displaying oEmbed resources in an iFrame.
+ *
+ * @internal
+ *   This is an internal part of the oEmbed system and should only be used by
+ *   oEmbed-related code in Drupal core.
+ */
+class IFrameUrlHelper {
+
+  /**
+   * The request context service.
+   *
+   * @var \Drupal\Core\Routing\RequestContext
+   */
+  protected $requestContext;
+
+  /**
+   * The private key service.
+   *
+   * @var \Drupal\Core\PrivateKey
+   */
+  protected $privateKey;
+
+  /**
+   * IFrameUrlHelper constructor.
+   *
+   * @param \Drupal\Core\Routing\RequestContext $request_context
+   *   The request context service.
+   * @param \Drupal\Core\PrivateKey $private_key
+   *   The private key service.
+   */
+  public function __construct(RequestContext $request_context, PrivateKey $private_key) {
+    $this->requestContext = $request_context;
+    $this->privateKey = $private_key;
+  }
+
+  /**
+   * Hashes an oEmbed resource URL.
+   *
+   * @param string $url
+   *   The resource URL.
+   * @param int $max_width
+   *   (optional) The maximum width of the resource.
+   * @param int $max_height
+   *   (optional) The maximum height of the resource.
+   *
+   * @return string
+   *   The hashed URL.
+   */
+  public function getHash($url, $max_width = NULL, $max_height = NULL) {
+    return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt());
+  }
+
+  /**
+   * Checks if an oEmbed URL can be securely displayed in an frame.
+   *
+   * @param string $url
+   *   The URL to check.
+   *
+   * @return bool
+   *   TRUE if the URL is considered secure, otherwise FALSE.
+   */
+  public function isSecure($url) {
+    if (!$url) {
+      return FALSE;
+    }
+    $url_host = parse_url($url, PHP_URL_HOST);
+    $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST);
+
+    // The URL is secure if its domain is not the same as the domain of the base
+    // URL of the current request.
+    return $url_host && $system_host && $url_host !== $system_host;
+  }
+
+}