Commit 1cf3a533 authored by alexpott's avatar alexpott

Issue #2293541 by amitgoyal, marcingy: Remove *_token deprecated functions.

parent 2c75cf21
......@@ -1882,7 +1882,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$setting['ajaxPageState']['theme'] = $theme_key;
// Checks that the DB is available before filling theme_token.
if (!defined('MAINTENANCE_MODE')) {
$setting['ajaxPageState']['theme_token'] = drupal_get_token($theme_key);
$setting['ajaxPageState']['theme_token'] = \Drupal::csrfToken()->get($theme_key);
}
// Provide the page with information about the individual JavaScript files
......@@ -2524,53 +2524,6 @@ function drupal_json_decode($var) {
return Json::decode($var);
}
/**
* Generates a token based on $value, the user session, and the private key.
*
* @param string $value
* An additional value to base the token on.
*
* The generated token is based on the session ID of the current user. Normally,
* anonymous users do not have a session, so the generated token will be
* different on every page request. To generate a token for users without a
* session, manually start a session prior to calling this function.
*
* @return string
* A 43-character URL-safe token for validation, based on the user session ID,
* the hash salt provided from Settings::getHashSalt(), and the
* 'drupal_private_key' configuration variable.
*
* @see \Drupal\Core\Site\Settings::getHashSalt()
* @see \Drupal\Core\Access\CsrfTokenGenerator
* @see \Drupal\Core\Session\SessionManager::start()
*
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
* Use \Drupal::csrfToken()->get().
*/
function drupal_get_token($value = '') {
return \Drupal::csrfToken()->get($value);
}
/**
* Validates a token based on $value, the user session, and the private key.
*
* @param string $token
* The token to be validated.
* @param string $value
* An additional value to base the token on.
*
* @return bool
* True for a valid token, false for an invalid token.
*
* @see \Drupal\Core\Access\CsrfTokenGenerator
*
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
* Use return \Drupal::csrfToken()->validate().
*/
function drupal_valid_token($token, $value = '') {
return \Drupal::csrfToken()->validate($token, $value);
}
/**
* Stores the current page in the cache.
*
......
......@@ -26,7 +26,7 @@ public function __construct(Connection $connection) {
public function load($id) {
$batch = $this->connection->query("SELECT batch FROM {batch} WHERE bid = :bid AND token = :token", array(
':bid' => $id,
':token' => drupal_get_token($id),
':token' => \Drupal::csrfToken()->get($id),
))->fetchField();
if ($batch) {
return unserialize($batch);
......@@ -71,7 +71,7 @@ function create(array $batch) {
->fields(array(
'bid' => $batch['id'],
'timestamp' => REQUEST_TIME,
'token' => drupal_get_token($batch['id']),
'token' => \Drupal::csrfToken()->get($batch['id']),
'batch' => serialize($batch),
))
->execute();
......
......@@ -139,7 +139,7 @@ public function startLazy() {
else {
// Set a session identifier for this request. This is necessary because
// we lazily start sessions at the end of this request, and some
// processes (like drupal_get_token()) needs to know the future
// processes (like \Drupal::csrfToken()) needs to know the future
// session ID in advance.
$user = new AnonymousUserSession();
$this->setId(Crypt::randomBytesBase64());
......
......@@ -300,7 +300,7 @@ function color_palette_color_value($element, $input = FALSE, $form_state = array
// Start with the provided value for this textfield, and validate that if
// necessary, falling back on the default value.
$value = form_type_textfield_value($element, $input, $form_state);
if (!$value || !isset($form_state['complete form']['#token']) || color_valid_hexadecimal_string($value) || drupal_valid_token($form_state['values']['form_token'], $form_state['complete form']['#token'])) {
if (!$value || !isset($form_state['complete form']['#token']) || color_valid_hexadecimal_string($value) || \Drupal::csrfToken()->validate($form_state['values']['form_token'], $form_state['complete form']['#token'])) {
return $value;
}
else {
......
......@@ -52,7 +52,7 @@ protected function renderLink($data, ResultRow $values) {
$this->options['alter']['make_link'] = TRUE;
$this->options['alter']['path'] = "comment/" . $comment->id() . "/approve";
$this->options['alter']['query'] = drupal_get_destination() + array('token' => drupal_get_token($this->options['alter']['path']));
$this->options['alter']['query'] = drupal_get_destination() + array('token' => \Drupal::csrfToken()->get($this->options['alter']['path']));
return $text;
}
......
......@@ -64,7 +64,7 @@ public function access(Request $request, AccountInterface $account) {
&& $cookie
) {
$csrf_token = $request->headers->get('X-CSRF-Token');
if (!drupal_valid_token($csrf_token, 'rest')) {
if (!\Drupal::csrfToken()->validate($csrf_token, 'rest')) {
return static::KILL;
}
}
......
......@@ -117,6 +117,6 @@ public function handle(Request $request) {
* The response object.
*/
public function csrfToken() {
return new Response(drupal_get_token('rest'), 200, array('Content-Type' => 'text/plain'));
return new Response(\Drupal::csrfToken()->get('rest'), 200, array('Content-Type' => 'text/plain'));
}
}
......@@ -197,7 +197,7 @@ function update_info_page() {
$keyvalue->get('update')->deleteAll();
$keyvalue->get('update_available_release')->deleteAll();
$token = drupal_get_token('update');
$token = \Drupal::csrfToken()->get('update');
$output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/upgrade">upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
$output .= "<ol>\n";
$output .= "<li><strong>Back up your code</strong>. Hint: when backing up module code, do not leave that backup in the 'modules' or 'sites/*/modules' directories as this may confuse Drupal's auto-discovery mechanism.</li>\n";
......@@ -389,7 +389,7 @@ function update_task_list($active = NULL) {
case 'selection':
$token = $request->query->get('token');
if (isset($token) && drupal_valid_token($token, 'update')) {
if (isset($token) && \Drupal::csrfToken()->validate($token, 'update')) {
$regions['sidebar_first'] = update_task_list('select');
$output = update_selection_page();
break;
......@@ -397,7 +397,7 @@ function update_task_list($active = NULL) {
case 'Apply pending updates':
$token = $request->query->get('token');
if (isset($token) && drupal_valid_token($token, 'update')) {
if (isset($token) && \Drupal::csrfToken()->validate($token, 'update')) {
$regions['sidebar_first'] = update_task_list('run');
// Generate absolute URLs for the batch processing (using $base_root),
// since the batch API will pass them to url() which does not handle
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment