Commit 8878f6b1 authored by alexpott's avatar alexpott

Issue #2286837 by ParisLiakos, damiankloip: Remove drupal_get_hash_salt().

parent 8074550d
......@@ -1043,19 +1043,6 @@ function drupal_get_user_timezone() {
}
}
/**
* Gets a salt useful for hardening against SQL injection.
*
* @return
* A salt based on information in settings.php, not in the database.
*
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0. Use
* \Drupal\Core\Site\Settings::getHashSalt() instead.
*/
function drupal_get_hash_salt() {
return Settings::getHashSalt();
}
/**
* Provides custom PHP error handling.
*
......@@ -1548,7 +1535,7 @@ function drupal_classloader($class_loader = NULL) {
}
if ($class_loader === 'apc') {
require_once __DIR__ . '/../vendor/symfony/class-loader/Symfony/Component/ClassLoader/ApcClassLoader.php';
$apc_loader = new ApcClassLoader('drupal.' . drupal_get_hash_salt(), $loader);
$apc_loader = new ApcClassLoader('drupal.' . Settings::getHashSalt(), $loader);
$loader->unregister();
$apc_loader->register();
}
......
......@@ -2569,10 +2569,10 @@ function drupal_get_private_key() {
*
* @return string
* A 43-character URL-safe token for validation, based on the user session ID,
* the hash salt provided from drupal_get_hash_salt(), and the
* the hash salt provided from Settings::getHashSalt(), and the
* 'drupal_private_key' configuration variable.
*
* @see drupal_get_hash_salt()
* @see \Drupal\Core\Site\Settings::getHashSalt()
* @see \Drupal\Core\Access\CsrfTokenGenerator
* @see \Drupal\Core\Session\SessionManager::start()
*
......
......@@ -49,10 +49,10 @@ public function __construct(PrivateKey $private_key) {
*
* @return string
* A 43-character URL-safe token for validation, based on the token seed,
* the hash salt provided by drupal_get_hash_salt(), and the
* the hash salt provided by Settings::getHashSalt(), and the
* 'drupal_private_key' configuration variable.
*
* @see drupal_get_hash_salt()
* @see \Drupal\Core\Site\Settings::getHashSalt()
* @see \Drupal\Core\Session\SessionManager::start()
*/
public function get($value = '') {
......@@ -92,8 +92,10 @@ public function validate($token, $value = '') {
*
* @return string
* A 43-character URL-safe token for validation, based on the token seed,
* the hash salt provided by drupal_get_hash_salt(), and the
* the hash salt provided by Settings::getHashSalt(), and the
* 'drupal_private_key' configuration variable.
*
* @see \Drupal\Core\Site\Settings::getHashSalt()
*/
protected function computeToken($seed, $value = '') {
return Crypt::hmacBase64($value, $seed . $this->privateKey->get() . Settings::getHashSalt());
......
......@@ -44,7 +44,7 @@ static function get($name) {
else {
$configuration = array(
'class' => 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage',
'secret' => drupal_get_hash_salt(),
'secret' => Settings::getHashSalt(),
);
}
$class = isset($configuration['class']) ? $configuration['class'] : 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage';
......
......@@ -12,6 +12,7 @@
use Drupal\Core\Entity\EntityStorageInterface;
use Drupal\Core\Entity\EntityWithPluginBagsInterface;
use Drupal\Core\Routing\RequestHelper;
use Drupal\Core\Site\Settings;
use Drupal\image\ImageEffectBag;
use Drupal\image\ImageEffectInterface;
use Drupal\image\ImageStyleInterface;
......@@ -308,7 +309,7 @@ public function transformDimensions(array &$dimensions) {
*/
public function getPathToken($uri) {
// Return the first 8 characters.
return substr(Crypt::hmacBase64($this->id() . ':' . $uri, \Drupal::service('private_key')->get() . drupal_get_hash_salt()), 0, 8);
return substr(Crypt::hmacBase64($this->id() . ':' . $uri, \Drupal::service('private_key')->get() . Settings::getHashSalt()), 0, 8);
}
/**
......
......@@ -42,7 +42,7 @@ function setUp() {
'bin' => 'service_container',
'class' => 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage',
'directory' => DRUPAL_ROOT . '/' . $this->public_files_directory . '/php',
'secret' => drupal_get_hash_salt(),
'secret' => Settings::getHashSalt(),
)));
$this->classloader = drupal_classloader();
......
......@@ -658,7 +658,7 @@ function update_storage_clear() {
function _update_manager_unique_identifier() {
$id = &drupal_static(__FUNCTION__, '');
if (empty($id)) {
$id = substr(hash('sha256', drupal_get_hash_salt()), 0, 8);
$id = substr(hash('sha256', Settings::getHashSalt()), 0, 8);
}
return $id;
}
......
......@@ -11,6 +11,7 @@
use Drupal\Core\PrivateKey;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Cache\CacheBackendInterface;
use Drupal\Core\Site\Settings;
/**
* Generates and caches the permissions hash for a user.
......@@ -81,7 +82,7 @@ protected function doGenerate(array $roles) {
sort($permissions);
$permissions_by_role[$role] = $permissions;
}
return hash('sha256', $this->privateKey->get() . drupal_get_hash_salt() . serialize($permissions_by_role));
return hash('sha256', $this->privateKey->get() . Settings::getHashSalt() . serialize($permissions_by_role));
}
}
......@@ -7,8 +7,9 @@
namespace Drupal\user\Tests {
use Drupal\Tests\UnitTestCase;
use Drupal\Component\Utility\Crypt;
use Drupal\Core\Site\Settings;
use Drupal\Tests\UnitTestCase;
use Drupal\user\PermissionsHash;
......@@ -81,6 +82,8 @@ public static function getInfo() {
protected function setUp() {
parent::setUp();
new Settings(array('hash_salt' => 'test'));
// Account 1: 'administrator' and 'authenticated' roles.
$roles_1 = array('administrator', 'authenticated');
$this->account_1 = $this->getMockBuilder('Drupal\user\Entity\User')
......@@ -196,17 +199,4 @@ function user_role_permissions(array $roles) {
}
}
// @todo remove once drupal_get_hash_salt() can be injected.
if (!function_exists('drupal_get_hash_salt')) {
function drupal_get_hash_salt() {
static $salt;
if (!isset($salt)) {
$salt = Drupal\Component\Utility\Crypt::randomBytesBase64(55);
}
return $salt;
}
}
}
......@@ -9,6 +9,7 @@
use Drupal\Core\Session\AnonymousUserSession;
use \Drupal\Core\Entity\Display\EntityViewDisplayInterface;
use Drupal\Core\Url;
use Drupal\Core\Site\Settings;
use Drupal\file\Entity\File;
use Drupal\user\Entity\Role;
use Drupal\user\Entity\User;
......@@ -844,7 +845,7 @@ function user_cancel_url($account, $options = array()) {
* A string that is safe for use in URLs and SQL statements.
*/
function user_pass_rehash($password, $timestamp, $login) {
return Crypt::hmacBase64($timestamp . $login, drupal_get_hash_salt() . $password);
return Crypt::hmacBase64($timestamp . $login, Settings::getHashSalt() . $password);
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment