Commit 1cf3a533 authored by alexpott's avatar alexpott

Issue #2293541 by amitgoyal, marcingy: Remove *_token deprecated functions.

parent 2c75cf21
...@@ -1882,7 +1882,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS ...@@ -1882,7 +1882,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$setting['ajaxPageState']['theme'] = $theme_key; $setting['ajaxPageState']['theme'] = $theme_key;
// Checks that the DB is available before filling theme_token. // Checks that the DB is available before filling theme_token.
if (!defined('MAINTENANCE_MODE')) { if (!defined('MAINTENANCE_MODE')) {
$setting['ajaxPageState']['theme_token'] = drupal_get_token($theme_key); $setting['ajaxPageState']['theme_token'] = \Drupal::csrfToken()->get($theme_key);
} }
// Provide the page with information about the individual JavaScript files // Provide the page with information about the individual JavaScript files
...@@ -2524,53 +2524,6 @@ function drupal_json_decode($var) { ...@@ -2524,53 +2524,6 @@ function drupal_json_decode($var) {
return Json::decode($var); return Json::decode($var);
} }
/**
* Generates a token based on $value, the user session, and the private key.
*
* @param string $value
* An additional value to base the token on.
*
* The generated token is based on the session ID of the current user. Normally,
* anonymous users do not have a session, so the generated token will be
* different on every page request. To generate a token for users without a
* session, manually start a session prior to calling this function.
*
* @return string
* A 43-character URL-safe token for validation, based on the user session ID,
* the hash salt provided from Settings::getHashSalt(), and the
* 'drupal_private_key' configuration variable.
*
* @see \Drupal\Core\Site\Settings::getHashSalt()
* @see \Drupal\Core\Access\CsrfTokenGenerator
* @see \Drupal\Core\Session\SessionManager::start()
*
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
* Use \Drupal::csrfToken()->get().
*/
function drupal_get_token($value = '') {
return \Drupal::csrfToken()->get($value);
}
/**
* Validates a token based on $value, the user session, and the private key.
*
* @param string $token
* The token to be validated.
* @param string $value
* An additional value to base the token on.
*
* @return bool
* True for a valid token, false for an invalid token.
*
* @see \Drupal\Core\Access\CsrfTokenGenerator
*
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
* Use return \Drupal::csrfToken()->validate().
*/
function drupal_valid_token($token, $value = '') {
return \Drupal::csrfToken()->validate($token, $value);
}
/** /**
* Stores the current page in the cache. * Stores the current page in the cache.
* *
......
...@@ -26,7 +26,7 @@ public function __construct(Connection $connection) { ...@@ -26,7 +26,7 @@ public function __construct(Connection $connection) {
public function load($id) { public function load($id) {
$batch = $this->connection->query("SELECT batch FROM {batch} WHERE bid = :bid AND token = :token", array( $batch = $this->connection->query("SELECT batch FROM {batch} WHERE bid = :bid AND token = :token", array(
':bid' => $id, ':bid' => $id,
':token' => drupal_get_token($id), ':token' => \Drupal::csrfToken()->get($id),
))->fetchField(); ))->fetchField();
if ($batch) { if ($batch) {
return unserialize($batch); return unserialize($batch);
...@@ -71,7 +71,7 @@ function create(array $batch) { ...@@ -71,7 +71,7 @@ function create(array $batch) {
->fields(array( ->fields(array(
'bid' => $batch['id'], 'bid' => $batch['id'],
'timestamp' => REQUEST_TIME, 'timestamp' => REQUEST_TIME,
'token' => drupal_get_token($batch['id']), 'token' => \Drupal::csrfToken()->get($batch['id']),
'batch' => serialize($batch), 'batch' => serialize($batch),
)) ))
->execute(); ->execute();
......
...@@ -139,7 +139,7 @@ public function startLazy() { ...@@ -139,7 +139,7 @@ public function startLazy() {
else { else {
// Set a session identifier for this request. This is necessary because // Set a session identifier for this request. This is necessary because
// we lazily start sessions at the end of this request, and some // we lazily start sessions at the end of this request, and some
// processes (like drupal_get_token()) needs to know the future // processes (like \Drupal::csrfToken()) needs to know the future
// session ID in advance. // session ID in advance.
$user = new AnonymousUserSession(); $user = new AnonymousUserSession();
$this->setId(Crypt::randomBytesBase64()); $this->setId(Crypt::randomBytesBase64());
......
...@@ -300,7 +300,7 @@ function color_palette_color_value($element, $input = FALSE, $form_state = array ...@@ -300,7 +300,7 @@ function color_palette_color_value($element, $input = FALSE, $form_state = array
// Start with the provided value for this textfield, and validate that if // Start with the provided value for this textfield, and validate that if
// necessary, falling back on the default value. // necessary, falling back on the default value.
$value = form_type_textfield_value($element, $input, $form_state); $value = form_type_textfield_value($element, $input, $form_state);
if (!$value || !isset($form_state['complete form']['#token']) || color_valid_hexadecimal_string($value) || drupal_valid_token($form_state['values']['form_token'], $form_state['complete form']['#token'])) { if (!$value || !isset($form_state['complete form']['#token']) || color_valid_hexadecimal_string($value) || \Drupal::csrfToken()->validate($form_state['values']['form_token'], $form_state['complete form']['#token'])) {
return $value; return $value;
} }
else { else {
......
...@@ -52,7 +52,7 @@ protected function renderLink($data, ResultRow $values) { ...@@ -52,7 +52,7 @@ protected function renderLink($data, ResultRow $values) {
$this->options['alter']['make_link'] = TRUE; $this->options['alter']['make_link'] = TRUE;
$this->options['alter']['path'] = "comment/" . $comment->id() . "/approve"; $this->options['alter']['path'] = "comment/" . $comment->id() . "/approve";
$this->options['alter']['query'] = drupal_get_destination() + array('token' => drupal_get_token($this->options['alter']['path'])); $this->options['alter']['query'] = drupal_get_destination() + array('token' => \Drupal::csrfToken()->get($this->options['alter']['path']));
return $text; return $text;
} }
......
...@@ -64,7 +64,7 @@ public function access(Request $request, AccountInterface $account) { ...@@ -64,7 +64,7 @@ public function access(Request $request, AccountInterface $account) {
&& $cookie && $cookie
) { ) {
$csrf_token = $request->headers->get('X-CSRF-Token'); $csrf_token = $request->headers->get('X-CSRF-Token');
if (!drupal_valid_token($csrf_token, 'rest')) { if (!\Drupal::csrfToken()->validate($csrf_token, 'rest')) {
return static::KILL; return static::KILL;
} }
} }
......
...@@ -117,6 +117,6 @@ public function handle(Request $request) { ...@@ -117,6 +117,6 @@ public function handle(Request $request) {
* The response object. * The response object.
*/ */
public function csrfToken() { public function csrfToken() {
return new Response(drupal_get_token('rest'), 200, array('Content-Type' => 'text/plain')); return new Response(\Drupal::csrfToken()->get('rest'), 200, array('Content-Type' => 'text/plain'));
} }
} }
...@@ -197,7 +197,7 @@ function update_info_page() { ...@@ -197,7 +197,7 @@ function update_info_page() {
$keyvalue->get('update')->deleteAll(); $keyvalue->get('update')->deleteAll();
$keyvalue->get('update_available_release')->deleteAll(); $keyvalue->get('update_available_release')->deleteAll();
$token = drupal_get_token('update'); $token = \Drupal::csrfToken()->get('update');
$output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/upgrade">upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>'; $output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/upgrade">upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
$output .= "<ol>\n"; $output .= "<ol>\n";
$output .= "<li><strong>Back up your code</strong>. Hint: when backing up module code, do not leave that backup in the 'modules' or 'sites/*/modules' directories as this may confuse Drupal's auto-discovery mechanism.</li>\n"; $output .= "<li><strong>Back up your code</strong>. Hint: when backing up module code, do not leave that backup in the 'modules' or 'sites/*/modules' directories as this may confuse Drupal's auto-discovery mechanism.</li>\n";
...@@ -389,7 +389,7 @@ function update_task_list($active = NULL) { ...@@ -389,7 +389,7 @@ function update_task_list($active = NULL) {
case 'selection': case 'selection':
$token = $request->query->get('token'); $token = $request->query->get('token');
if (isset($token) && drupal_valid_token($token, 'update')) { if (isset($token) && \Drupal::csrfToken()->validate($token, 'update')) {
$regions['sidebar_first'] = update_task_list('select'); $regions['sidebar_first'] = update_task_list('select');
$output = update_selection_page(); $output = update_selection_page();
break; break;
...@@ -397,7 +397,7 @@ function update_task_list($active = NULL) { ...@@ -397,7 +397,7 @@ function update_task_list($active = NULL) {
case 'Apply pending updates': case 'Apply pending updates':
$token = $request->query->get('token'); $token = $request->query->get('token');
if (isset($token) && drupal_valid_token($token, 'update')) { if (isset($token) && \Drupal::csrfToken()->validate($token, 'update')) {
$regions['sidebar_first'] = update_task_list('run'); $regions['sidebar_first'] = update_task_list('run');
// Generate absolute URLs for the batch processing (using $base_root), // Generate absolute URLs for the batch processing (using $base_root),
// since the batch API will pass them to url() which does not handle // since the batch API will pass them to url() which does not handle
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment