Issue #3076259 by oknate, ThomasDik, phenaproxima: Media library does not...

Issue #3076259 by oknate, ThomasDik, phenaproxima: Media library does not enforce order which can lead to different hashes

Issue #3076259 by oknate, ThomasDik, phenaproxima: Media library does not...
5a2c58c4 · Alex Pott · 5b9bb165 · 5a2c58c4 · 5a2c58c4
Unverified Commit 5a2c58c4 authored 5 years ago by Alex Pott
--- a/core/modules/media_library/src/MediaLibraryState.php
+++ b/core/modules/media_library/src/MediaLibraryState.php
@@ -179,13 +179,19 @@ protected function validateRequiredParameters($opener_id, array $allowed_media_t
   */
  public function getHash() {
    // Create a hash from the required state parameters and the serialized
-    // optional opener-specific parameters.
+    // optional opener-specific parameters. Sort the allowed types and
+    // opener parameters so that differences in order do not result in
+    // different hashes.
+    $allowed_media_type_ids = array_values($this->getAllowedTypeIds());
+    sort($allowed_media_type_ids);
+    $opener_parameters = $this->getOpenerParameters();
+    ksort($opener_parameters);
    $hash = implode(':', [
      $this->getOpenerId(),
-      implode(':', $this->getAllowedTypeIds()),
+      implode(':', $allowed_media_type_ids),
      $this->getSelectedTypeId(),
      $this->getAvailableSlots(),
-      serialize($this->getOpenerParameters()),
+      serialize($opener_parameters),
    ]);

    return Crypt::hmacBase64($hash, \Drupal::service('private_key')->get() . Settings::getHashSalt());

--- a/core/modules/media_library/tests/src/Kernel/MediaLibraryStateTest.php
+++ b/core/modules/media_library/tests/src/Kernel/MediaLibraryStateTest.php
@@ -364,4 +364,28 @@ public function testOpenerParameters() {
    $this->assertSame(['foo' => 'baz'], $state->getOpenerParameters());
  }

+  /**
+   * Test that hash is unaffected by allowed media type order.
+   */
+  public function testHashUnaffectedByMediaTypeOrder() {
+    $state1 = MediaLibraryState::create('test', ['file', 'image'], 'image', 2);
+    $state2 = MediaLibraryState::create('test', ['image', 'file'], 'image', 2);
+    $this->assertSame($state1->getHash(), $state2->getHash());
+  }
+
+  /**
+   * Test that hash is unaffected by opener parameter order.
+   */
+  public function testHashUnaffectedByOpenerParamOrder() {
+    $state1 = MediaLibraryState::create('test', ['file'], 'file', -1, [
+      'foo' => 'baz',
+      'baz' => 'foo',
+    ]);
+    $state2 = MediaLibraryState::create('test', ['file'], 'file', -1, [
+      'baz' => 'foo',
+      'foo' => 'baz',
+    ]);
+    $this->assertSame($state1->getHash(), $state2->getHash());
+  }
+
 }