/** * Determine if the url has a forged signature. * * @param \League\Url\UrlImmutable $url * * @return bool */ protected function hasValidSignature(UrlImmutable $url) { $query = $url->getQuery(); $expiration = $query[$this->expiresParameter]; $providedSignature = $query[$this->signatureParameter]; $intendedUrl = $this->getIntendedUrl($url); $validSignature = $this->createSignature($intendedUrl, $expiration); return $providedSignature === $validSignature; }