Issue #2286837 by ParisLiakos, damiankloip: Remove drupal_get_hash_salt().

8878f6b1 · alexpott · 8074550d · 8878f6b1 · 8878f6b1 · 8878f6b1
Commit 8878f6b1 authored Jul 07, 2014 by alexpott
10 changed files
--- a/core/includes/bootstrap.inc
+++ b/core/includes/bootstrap.inc
@@ -1043,19 +1043,6 @@ function drupal_get_user_timezone() {
  }
 }

-/**
- * Gets a salt useful for hardening against SQL injection.
- *
- * @return
- *   A salt based on information in settings.php, not in the database.
- *
- * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0. Use
- *   \Drupal\Core\Site\Settings::getHashSalt() instead.
- */
-function drupal_get_hash_salt() {
-  return Settings::getHashSalt();
-}
-
 /**
 * Provides custom PHP error handling.
 *
@@ -1548,7 +1535,7 @@ function drupal_classloader($class_loader = NULL) {
    }
    if ($class_loader === 'apc') {
      require_once __DIR__ . '/../vendor/symfony/class-loader/Symfony/Component/ClassLoader/ApcClassLoader.php';
-      $apc_loader = new ApcClassLoader('drupal.' . drupal_get_hash_salt(), $loader);
+      $apc_loader = new ApcClassLoader('drupal.' . Settings::getHashSalt(), $loader);
      $loader->unregister();
      $apc_loader->register();
    }

--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -2569,10 +2569,10 @@ function drupal_get_private_key() {
 *
 * @return string
 *   A 43-character URL-safe token for validation, based on the user session ID,
- *   the hash salt provided from drupal_get_hash_salt(), and the
+ *   the hash salt provided from Settings::getHashSalt(), and the
 *   'drupal_private_key' configuration variable.
 *
- * @see drupal_get_hash_salt()
+ * @see \Drupal\Core\Site\Settings::getHashSalt()
 * @see \Drupal\Core\Access\CsrfTokenGenerator
 * @see \Drupal\Core\Session\SessionManager::start()
 *

--- a/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
+++ b/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
@@ -49,10 +49,10 @@ public function __construct(PrivateKey $private_key) {
   *
   * @return string
   *   A 43-character URL-safe token for validation, based on the token seed,
-   *   the hash salt provided by drupal_get_hash_salt(), and the
+   *   the hash salt provided by Settings::getHashSalt(), and the
   *   'drupal_private_key' configuration variable.
   *
-   * @see drupal_get_hash_salt()
+   * @see \Drupal\Core\Site\Settings::getHashSalt()
   * @see \Drupal\Core\Session\SessionManager::start()
   */
  public function get($value = '') {
@@ -92,8 +92,10 @@ public function validate($token, $value = '') {
   *
   * @return string
   *   A 43-character URL-safe token for validation, based on the token seed,
-   *   the hash salt provided by drupal_get_hash_salt(), and the
+   *   the hash salt provided by Settings::getHashSalt(), and the
   *   'drupal_private_key' configuration variable.
+   *
+   * @see \Drupal\Core\Site\Settings::getHashSalt()
   */
  protected function computeToken($seed, $value = '') {
    return Crypt::hmacBase64($value, $seed . $this->privateKey->get() . Settings::getHashSalt());

--- a/core/lib/Drupal/Core/PhpStorage/PhpStorageFactory.php
+++ b/core/lib/Drupal/Core/PhpStorage/PhpStorageFactory.php
@@ -44,7 +44,7 @@ static function get($name) {
    else {
      $configuration = array(
        'class' => 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage',
-        'secret' => drupal_get_hash_salt(),
+        'secret' => Settings::getHashSalt(),
      );
    }
    $class = isset($configuration['class']) ? $configuration['class'] : 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage';

--- a/core/modules/image/src/Entity/ImageStyle.php
+++ b/core/modules/image/src/Entity/ImageStyle.php
@@ -12,6 +12,7 @@
 use Drupal\Core\Entity\EntityStorageInterface;
 use Drupal\Core\Entity\EntityWithPluginBagsInterface;
 use Drupal\Core\Routing\RequestHelper;
+use Drupal\Core\Site\Settings;
 use Drupal\image\ImageEffectBag;
 use Drupal\image\ImageEffectInterface;
 use Drupal\image\ImageStyleInterface;
@@ -308,7 +309,7 @@ public function transformDimensions(array &$dimensions) {
   */
  public function getPathToken($uri) {
    // Return the first 8 characters.
-    return substr(Crypt::hmacBase64($this->id() . ':' . $uri, \Drupal::service('private_key')->get() . drupal_get_hash_salt()), 0, 8);
+    return substr(Crypt::hmacBase64($this->id() . ':' . $uri, \Drupal::service('private_key')->get() . Settings::getHashSalt()), 0, 8);
  }

  /**

--- a/core/modules/system/src/Tests/DrupalKernel/DrupalKernelTest.php
+++ b/core/modules/system/src/Tests/DrupalKernel/DrupalKernelTest.php
@@ -42,7 +42,7 @@ function setUp() {
      'bin' => 'service_container',
      'class' => 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage',
      'directory' => DRUPAL_ROOT . '/' . $this->public_files_directory . '/php',
-      'secret' => drupal_get_hash_salt(),
+      'secret' => Settings::getHashSalt(),
    )));

    $this->classloader = drupal_classloader();

--- a/core/modules/update/update.module
+++ b/core/modules/update/update.module
@@ -658,7 +658,7 @@ function update_storage_clear() {
 function _update_manager_unique_identifier() {
  $id = &drupal_static(__FUNCTION__, '');
  if (empty($id)) {
-    $id = substr(hash('sha256', drupal_get_hash_salt()), 0, 8);
+    $id = substr(hash('sha256', Settings::getHashSalt()), 0, 8);
  }
  return $id;
 }

--- a/core/modules/user/src/PermissionsHash.php
+++ b/core/modules/user/src/PermissionsHash.php
@@ -11,6 +11,7 @@
 use Drupal\Core\PrivateKey;
 use Drupal\Core\Cache\Cache;
 use Drupal\Core\Cache\CacheBackendInterface;
+use Drupal\Core\Site\Settings;

 /**
 * Generates and caches the permissions hash for a user.
@@ -81,7 +82,7 @@ protected function doGenerate(array $roles) {
      sort($permissions);
      $permissions_by_role[$role] = $permissions;
    }
-    return hash('sha256', $this->privateKey->get() . drupal_get_hash_salt() . serialize($permissions_by_role));
+    return hash('sha256', $this->privateKey->get() . Settings::getHashSalt() . serialize($permissions_by_role));
  }

 }
--- a/core/modules/user/tests/src/PermissionsHashTest.php
+++ b/core/modules/user/tests/src/PermissionsHashTest.php
@@ -7,8 +7,9 @@

 namespace Drupal\user\Tests {

-use Drupal\Tests\UnitTestCase;
 use Drupal\Component\Utility\Crypt;
+use Drupal\Core\Site\Settings;
+use Drupal\Tests\UnitTestCase;
 use Drupal\user\PermissionsHash;


@@ -81,6 +82,8 @@ public static function getInfo() {
  protected function setUp() {
    parent::setUp();

+    new Settings(array('hash_salt' => 'test'));
+
    // Account 1: 'administrator' and 'authenticated' roles.
    $roles_1 = array('administrator', 'authenticated');
    $this->account_1 = $this->getMockBuilder('Drupal\user\Entity\User')
@@ -196,17 +199,4 @@ function user_role_permissions(array $roles) {
    }
  }

-  // @todo remove once drupal_get_hash_salt() can be injected.
-  if (!function_exists('drupal_get_hash_salt')) {
-    function drupal_get_hash_salt() {
-      static $salt;
-
-      if (!isset($salt)) {
-        $salt = Drupal\Component\Utility\Crypt::randomBytesBase64(55);
-      }
-
-      return $salt;
-    }
-  }
-
 }
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -9,6 +9,7 @@
 use Drupal\Core\Session\AnonymousUserSession;
 use \Drupal\Core\Entity\Display\EntityViewDisplayInterface;
 use Drupal\Core\Url;
+use Drupal\Core\Site\Settings;
 use Drupal\file\Entity\File;
 use Drupal\user\Entity\Role;
 use Drupal\user\Entity\User;
@@ -844,7 +845,7 @@ function user_cancel_url($account, $options = array()) {
 *   A string that is safe for use in URLs and SQL statements.
 */
 function user_pass_rehash($password, $timestamp, $login) {
-  return Crypt::hmacBase64($timestamp . $login, drupal_get_hash_salt() . $password);
+  return Crypt::hmacBase64($timestamp . $login, Settings::getHashSalt() . $password);
 }

 /**