Commit 8878f6b1 authored by alexpott's avatar alexpott

Issue #2286837 by ParisLiakos, damiankloip: Remove drupal_get_hash_salt().

parent 8074550d
...@@ -1043,19 +1043,6 @@ function drupal_get_user_timezone() { ...@@ -1043,19 +1043,6 @@ function drupal_get_user_timezone() {
} }
} }
/**
* Gets a salt useful for hardening against SQL injection.
*
* @return
* A salt based on information in settings.php, not in the database.
*
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0. Use
* \Drupal\Core\Site\Settings::getHashSalt() instead.
*/
function drupal_get_hash_salt() {
return Settings::getHashSalt();
}
/** /**
* Provides custom PHP error handling. * Provides custom PHP error handling.
* *
...@@ -1548,7 +1535,7 @@ function drupal_classloader($class_loader = NULL) { ...@@ -1548,7 +1535,7 @@ function drupal_classloader($class_loader = NULL) {
} }
if ($class_loader === 'apc') { if ($class_loader === 'apc') {
require_once __DIR__ . '/../vendor/symfony/class-loader/Symfony/Component/ClassLoader/ApcClassLoader.php'; require_once __DIR__ . '/../vendor/symfony/class-loader/Symfony/Component/ClassLoader/ApcClassLoader.php';
$apc_loader = new ApcClassLoader('drupal.' . drupal_get_hash_salt(), $loader); $apc_loader = new ApcClassLoader('drupal.' . Settings::getHashSalt(), $loader);
$loader->unregister(); $loader->unregister();
$apc_loader->register(); $apc_loader->register();
} }
......
...@@ -2569,10 +2569,10 @@ function drupal_get_private_key() { ...@@ -2569,10 +2569,10 @@ function drupal_get_private_key() {
* *
* @return string * @return string
* A 43-character URL-safe token for validation, based on the user session ID, * A 43-character URL-safe token for validation, based on the user session ID,
* the hash salt provided from drupal_get_hash_salt(), and the * the hash salt provided from Settings::getHashSalt(), and the
* 'drupal_private_key' configuration variable. * 'drupal_private_key' configuration variable.
* *
* @see drupal_get_hash_salt() * @see \Drupal\Core\Site\Settings::getHashSalt()
* @see \Drupal\Core\Access\CsrfTokenGenerator * @see \Drupal\Core\Access\CsrfTokenGenerator
* @see \Drupal\Core\Session\SessionManager::start() * @see \Drupal\Core\Session\SessionManager::start()
* *
......
...@@ -49,10 +49,10 @@ public function __construct(PrivateKey $private_key) { ...@@ -49,10 +49,10 @@ public function __construct(PrivateKey $private_key) {
* *
* @return string * @return string
* A 43-character URL-safe token for validation, based on the token seed, * A 43-character URL-safe token for validation, based on the token seed,
* the hash salt provided by drupal_get_hash_salt(), and the * the hash salt provided by Settings::getHashSalt(), and the
* 'drupal_private_key' configuration variable. * 'drupal_private_key' configuration variable.
* *
* @see drupal_get_hash_salt() * @see \Drupal\Core\Site\Settings::getHashSalt()
* @see \Drupal\Core\Session\SessionManager::start() * @see \Drupal\Core\Session\SessionManager::start()
*/ */
public function get($value = '') { public function get($value = '') {
...@@ -92,8 +92,10 @@ public function validate($token, $value = '') { ...@@ -92,8 +92,10 @@ public function validate($token, $value = '') {
* *
* @return string * @return string
* A 43-character URL-safe token for validation, based on the token seed, * A 43-character URL-safe token for validation, based on the token seed,
* the hash salt provided by drupal_get_hash_salt(), and the * the hash salt provided by Settings::getHashSalt(), and the
* 'drupal_private_key' configuration variable. * 'drupal_private_key' configuration variable.
*
* @see \Drupal\Core\Site\Settings::getHashSalt()
*/ */
protected function computeToken($seed, $value = '') { protected function computeToken($seed, $value = '') {
return Crypt::hmacBase64($value, $seed . $this->privateKey->get() . Settings::getHashSalt()); return Crypt::hmacBase64($value, $seed . $this->privateKey->get() . Settings::getHashSalt());
......
...@@ -44,7 +44,7 @@ static function get($name) { ...@@ -44,7 +44,7 @@ static function get($name) {
else { else {
$configuration = array( $configuration = array(
'class' => 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage', 'class' => 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage',
'secret' => drupal_get_hash_salt(), 'secret' => Settings::getHashSalt(),
); );
} }
$class = isset($configuration['class']) ? $configuration['class'] : 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage'; $class = isset($configuration['class']) ? $configuration['class'] : 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage';
......
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
use Drupal\Core\Entity\EntityStorageInterface; use Drupal\Core\Entity\EntityStorageInterface;
use Drupal\Core\Entity\EntityWithPluginBagsInterface; use Drupal\Core\Entity\EntityWithPluginBagsInterface;
use Drupal\Core\Routing\RequestHelper; use Drupal\Core\Routing\RequestHelper;
use Drupal\Core\Site\Settings;
use Drupal\image\ImageEffectBag; use Drupal\image\ImageEffectBag;
use Drupal\image\ImageEffectInterface; use Drupal\image\ImageEffectInterface;
use Drupal\image\ImageStyleInterface; use Drupal\image\ImageStyleInterface;
...@@ -308,7 +309,7 @@ public function transformDimensions(array &$dimensions) { ...@@ -308,7 +309,7 @@ public function transformDimensions(array &$dimensions) {
*/ */
public function getPathToken($uri) { public function getPathToken($uri) {
// Return the first 8 characters. // Return the first 8 characters.
return substr(Crypt::hmacBase64($this->id() . ':' . $uri, \Drupal::service('private_key')->get() . drupal_get_hash_salt()), 0, 8); return substr(Crypt::hmacBase64($this->id() . ':' . $uri, \Drupal::service('private_key')->get() . Settings::getHashSalt()), 0, 8);
} }
/** /**
......
...@@ -42,7 +42,7 @@ function setUp() { ...@@ -42,7 +42,7 @@ function setUp() {
'bin' => 'service_container', 'bin' => 'service_container',
'class' => 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage', 'class' => 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage',
'directory' => DRUPAL_ROOT . '/' . $this->public_files_directory . '/php', 'directory' => DRUPAL_ROOT . '/' . $this->public_files_directory . '/php',
'secret' => drupal_get_hash_salt(), 'secret' => Settings::getHashSalt(),
))); )));
$this->classloader = drupal_classloader(); $this->classloader = drupal_classloader();
......
...@@ -658,7 +658,7 @@ function update_storage_clear() { ...@@ -658,7 +658,7 @@ function update_storage_clear() {
function _update_manager_unique_identifier() { function _update_manager_unique_identifier() {
$id = &drupal_static(__FUNCTION__, ''); $id = &drupal_static(__FUNCTION__, '');
if (empty($id)) { if (empty($id)) {
$id = substr(hash('sha256', drupal_get_hash_salt()), 0, 8); $id = substr(hash('sha256', Settings::getHashSalt()), 0, 8);
} }
return $id; return $id;
} }
......
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
use Drupal\Core\PrivateKey; use Drupal\Core\PrivateKey;
use Drupal\Core\Cache\Cache; use Drupal\Core\Cache\Cache;
use Drupal\Core\Cache\CacheBackendInterface; use Drupal\Core\Cache\CacheBackendInterface;
use Drupal\Core\Site\Settings;
/** /**
* Generates and caches the permissions hash for a user. * Generates and caches the permissions hash for a user.
...@@ -81,7 +82,7 @@ protected function doGenerate(array $roles) { ...@@ -81,7 +82,7 @@ protected function doGenerate(array $roles) {
sort($permissions); sort($permissions);
$permissions_by_role[$role] = $permissions; $permissions_by_role[$role] = $permissions;
} }
return hash('sha256', $this->privateKey->get() . drupal_get_hash_salt() . serialize($permissions_by_role)); return hash('sha256', $this->privateKey->get() . Settings::getHashSalt() . serialize($permissions_by_role));
} }
} }
...@@ -7,8 +7,9 @@ ...@@ -7,8 +7,9 @@
namespace Drupal\user\Tests { namespace Drupal\user\Tests {
use Drupal\Tests\UnitTestCase;
use Drupal\Component\Utility\Crypt; use Drupal\Component\Utility\Crypt;
use Drupal\Core\Site\Settings;
use Drupal\Tests\UnitTestCase;
use Drupal\user\PermissionsHash; use Drupal\user\PermissionsHash;
...@@ -81,6 +82,8 @@ public static function getInfo() { ...@@ -81,6 +82,8 @@ public static function getInfo() {
protected function setUp() { protected function setUp() {
parent::setUp(); parent::setUp();
new Settings(array('hash_salt' => 'test'));
// Account 1: 'administrator' and 'authenticated' roles. // Account 1: 'administrator' and 'authenticated' roles.
$roles_1 = array('administrator', 'authenticated'); $roles_1 = array('administrator', 'authenticated');
$this->account_1 = $this->getMockBuilder('Drupal\user\Entity\User') $this->account_1 = $this->getMockBuilder('Drupal\user\Entity\User')
...@@ -196,17 +199,4 @@ function user_role_permissions(array $roles) { ...@@ -196,17 +199,4 @@ function user_role_permissions(array $roles) {
} }
} }
// @todo remove once drupal_get_hash_salt() can be injected.
if (!function_exists('drupal_get_hash_salt')) {
function drupal_get_hash_salt() {
static $salt;
if (!isset($salt)) {
$salt = Drupal\Component\Utility\Crypt::randomBytesBase64(55);
}
return $salt;
}
}
} }
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
use Drupal\Core\Session\AnonymousUserSession; use Drupal\Core\Session\AnonymousUserSession;
use \Drupal\Core\Entity\Display\EntityViewDisplayInterface; use \Drupal\Core\Entity\Display\EntityViewDisplayInterface;
use Drupal\Core\Url; use Drupal\Core\Url;
use Drupal\Core\Site\Settings;
use Drupal\file\Entity\File; use Drupal\file\Entity\File;
use Drupal\user\Entity\Role; use Drupal\user\Entity\Role;
use Drupal\user\Entity\User; use Drupal\user\Entity\User;
...@@ -844,7 +845,7 @@ function user_cancel_url($account, $options = array()) { ...@@ -844,7 +845,7 @@ function user_cancel_url($account, $options = array()) {
* A string that is safe for use in URLs and SQL statements. * A string that is safe for use in URLs and SQL statements.
*/ */
function user_pass_rehash($password, $timestamp, $login) { function user_pass_rehash($password, $timestamp, $login) {
return Crypt::hmacBase64($timestamp . $login, drupal_get_hash_salt() . $password); return Crypt::hmacBase64($timestamp . $login, Settings::getHashSalt() . $password);
} }
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment