From 1cf3a5338b438845d02a8c7f57d9431060da23a9 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Tue, 8 Jul 2014 11:51:37 +0100
Subject: [PATCH] Issue #2293541 by amitgoyal, marcingy: Remove *_token
 deprecated functions.

---
 core/includes/common.inc                      | 49 +------------------
 core/lib/Drupal/Core/Batch/BatchStorage.php   |  4 +-
 .../Drupal/Core/Session/SessionManager.php    |  2 +-
 core/modules/color/color.module               |  2 +-
 .../src/Plugin/views/field/LinkApprove.php    |  2 +-
 .../rest/src/Access/CSRFAccessCheck.php       |  2 +-
 core/modules/rest/src/RequestHandler.php      |  2 +-
 core/update.php                               |  6 +--
 8 files changed, 11 insertions(+), 58 deletions(-)

diff --git a/core/includes/common.inc b/core/includes/common.inc
index f8f669772c..e73924d7ea 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -1882,7 +1882,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
       $setting['ajaxPageState']['theme'] = $theme_key;
       // Checks that the DB is available before filling theme_token.
       if (!defined('MAINTENANCE_MODE')) {
-        $setting['ajaxPageState']['theme_token'] = drupal_get_token($theme_key);
+        $setting['ajaxPageState']['theme_token'] = \Drupal::csrfToken()->get($theme_key);
       }
 
       // Provide the page with information about the individual JavaScript files
@@ -2524,53 +2524,6 @@ function drupal_json_decode($var) {
   return Json::decode($var);
 }
 
-/**
- * Generates a token based on $value, the user session, and the private key.
- *
- * @param string $value
- *   An additional value to base the token on.
- *
- * The generated token is based on the session ID of the current user. Normally,
- * anonymous users do not have a session, so the generated token will be
- * different on every page request. To generate a token for users without a
- * session, manually start a session prior to calling this function.
- *
- * @return string
- *   A 43-character URL-safe token for validation, based on the user session ID,
- *   the hash salt provided from Settings::getHashSalt(), and the
- *   'drupal_private_key' configuration variable.
- *
- * @see \Drupal\Core\Site\Settings::getHashSalt()
- * @see \Drupal\Core\Access\CsrfTokenGenerator
- * @see \Drupal\Core\Session\SessionManager::start()
- *
- * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
- *   Use \Drupal::csrfToken()->get().
- */
-function drupal_get_token($value = '') {
-  return \Drupal::csrfToken()->get($value);
-}
-
-/**
- * Validates a token based on $value, the user session, and the private key.
- *
- * @param string $token
- *   The token to be validated.
- * @param string $value
- *   An additional value to base the token on.
- *
- * @return bool
- *   True for a valid token, false for an invalid token.
- *
- * @see \Drupal\Core\Access\CsrfTokenGenerator
- *
- * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
- *   Use return \Drupal::csrfToken()->validate().
- */
-function drupal_valid_token($token, $value = '') {
-  return \Drupal::csrfToken()->validate($token, $value);
-}
-
 /**
  * Stores the current page in the cache.
  *
diff --git a/core/lib/Drupal/Core/Batch/BatchStorage.php b/core/lib/Drupal/Core/Batch/BatchStorage.php
index 1de8819362..851fe00a1a 100644
--- a/core/lib/Drupal/Core/Batch/BatchStorage.php
+++ b/core/lib/Drupal/Core/Batch/BatchStorage.php
@@ -26,7 +26,7 @@ public function __construct(Connection $connection) {
   public function load($id) {
     $batch = $this->connection->query("SELECT batch FROM {batch} WHERE bid = :bid AND token = :token", array(
       ':bid' => $id,
-      ':token' => drupal_get_token($id),
+      ':token' => \Drupal::csrfToken()->get($id),
     ))->fetchField();
     if ($batch) {
       return unserialize($batch);
@@ -71,7 +71,7 @@ function create(array $batch) {
       ->fields(array(
         'bid' => $batch['id'],
         'timestamp' => REQUEST_TIME,
-        'token' => drupal_get_token($batch['id']),
+        'token' => \Drupal::csrfToken()->get($batch['id']),
         'batch' => serialize($batch),
       ))
       ->execute();
diff --git a/core/lib/Drupal/Core/Session/SessionManager.php b/core/lib/Drupal/Core/Session/SessionManager.php
index e8dc572c6c..df6cdee90b 100644
--- a/core/lib/Drupal/Core/Session/SessionManager.php
+++ b/core/lib/Drupal/Core/Session/SessionManager.php
@@ -139,7 +139,7 @@ public function startLazy() {
     else {
       // Set a session identifier for this request. This is necessary because
       // we lazily start sessions at the end of this request, and some
-      // processes (like drupal_get_token()) needs to know the future
+      // processes (like \Drupal::csrfToken()) needs to know the future
       // session ID in advance.
       $user = new AnonymousUserSession();
       $this->setId(Crypt::randomBytesBase64());
diff --git a/core/modules/color/color.module b/core/modules/color/color.module
index 8899d5a60a..c82e8d101e 100644
--- a/core/modules/color/color.module
+++ b/core/modules/color/color.module
@@ -300,7 +300,7 @@ function color_palette_color_value($element, $input = FALSE, $form_state = array
     // Start with the provided value for this textfield, and validate that if
     // necessary, falling back on the default value.
     $value = form_type_textfield_value($element, $input, $form_state);
-    if (!$value || !isset($form_state['complete form']['#token']) || color_valid_hexadecimal_string($value) || drupal_valid_token($form_state['values']['form_token'], $form_state['complete form']['#token'])) {
+    if (!$value || !isset($form_state['complete form']['#token']) || color_valid_hexadecimal_string($value) || \Drupal::csrfToken()->validate($form_state['values']['form_token'], $form_state['complete form']['#token'])) {
       return $value;
     }
     else {
diff --git a/core/modules/comment/src/Plugin/views/field/LinkApprove.php b/core/modules/comment/src/Plugin/views/field/LinkApprove.php
index 9fb8e00620..c44231794e 100644
--- a/core/modules/comment/src/Plugin/views/field/LinkApprove.php
+++ b/core/modules/comment/src/Plugin/views/field/LinkApprove.php
@@ -52,7 +52,7 @@ protected function renderLink($data, ResultRow $values) {
 
     $this->options['alter']['make_link'] = TRUE;
     $this->options['alter']['path'] = "comment/" . $comment->id() . "/approve";
-    $this->options['alter']['query'] = drupal_get_destination() + array('token' => drupal_get_token($this->options['alter']['path']));
+    $this->options['alter']['query'] = drupal_get_destination() + array('token' => \Drupal::csrfToken()->get($this->options['alter']['path']));
 
     return $text;
   }
diff --git a/core/modules/rest/src/Access/CSRFAccessCheck.php b/core/modules/rest/src/Access/CSRFAccessCheck.php
index 6d50ff0730..08667db803 100644
--- a/core/modules/rest/src/Access/CSRFAccessCheck.php
+++ b/core/modules/rest/src/Access/CSRFAccessCheck.php
@@ -64,7 +64,7 @@ public function access(Request $request, AccountInterface $account) {
       && $cookie
     ) {
       $csrf_token = $request->headers->get('X-CSRF-Token');
-      if (!drupal_valid_token($csrf_token, 'rest')) {
+      if (!\Drupal::csrfToken()->validate($csrf_token, 'rest')) {
         return static::KILL;
       }
     }
diff --git a/core/modules/rest/src/RequestHandler.php b/core/modules/rest/src/RequestHandler.php
index a5551b26fc..d917e41816 100644
--- a/core/modules/rest/src/RequestHandler.php
+++ b/core/modules/rest/src/RequestHandler.php
@@ -117,6 +117,6 @@ public function handle(Request $request) {
    *   The response object.
    */
   public function csrfToken() {
-    return new Response(drupal_get_token('rest'), 200, array('Content-Type' => 'text/plain'));
+    return new Response(\Drupal::csrfToken()->get('rest'), 200, array('Content-Type' => 'text/plain'));
   }
 }
diff --git a/core/update.php b/core/update.php
index f2be90de41..147168144a 100644
--- a/core/update.php
+++ b/core/update.php
@@ -197,7 +197,7 @@ function update_info_page() {
   $keyvalue->get('update')->deleteAll();
   $keyvalue->get('update_available_release')->deleteAll();
 
-  $token = drupal_get_token('update');
+  $token = \Drupal::csrfToken()->get('update');
   $output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/upgrade">upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
   $output .= "<ol>\n";
   $output .= "<li><strong>Back up your code</strong>. Hint: when backing up module code, do not leave that backup in the 'modules' or 'sites/*/modules' directories as this may confuse Drupal's auto-discovery mechanism.</li>\n";
@@ -389,7 +389,7 @@ function update_task_list($active = NULL) {
 
     case 'selection':
       $token = $request->query->get('token');
-      if (isset($token) && drupal_valid_token($token, 'update')) {
+      if (isset($token) && \Drupal::csrfToken()->validate($token, 'update')) {
         $regions['sidebar_first'] = update_task_list('select');
         $output = update_selection_page();
         break;
@@ -397,7 +397,7 @@ function update_task_list($active = NULL) {
 
     case 'Apply pending updates':
       $token = $request->query->get('token');
-      if (isset($token) && drupal_valid_token($token, 'update')) {
+      if (isset($token) && \Drupal::csrfToken()->validate($token, 'update')) {
         $regions['sidebar_first'] = update_task_list('run');
         // Generate absolute URLs for the batch processing (using $base_root),
         // since the batch API will pass them to url() which does not handle
-- 
GitLab