public function isValid($url)
{
$parts = parse_url($url);
if (isset($parts['query'])) {
$query = elgg_parse_str($parts['query']);
} else {
$query = [];
}
if (!isset($query[self::KEY_MAC])) {
// No signature found
return false;
}
$token = $query[self::KEY_MAC];
unset($query[self::KEY_MAC]);
if (isset($query[self::KEY_EXPIRES]) && $query[self::KEY_EXPIRES] < time()) {
// Signature has expired
return false;
}
ksort($query);
$parts['query'] = http_build_query($query);
$url = elgg_http_build_url($parts, false);
return elgg_build_hmac($url)->matchesToken($token);
}