diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc index 43cc27e..af5ebff 100644 --- a/core/includes/bootstrap.inc +++ b/core/includes/bootstrap.inc @@ -2461,7 +2461,6 @@ function drupal_container(Container $reset = NULL) { * HMAC and timestamp. */ function drupal_valid_test_ua() { - global $drupal_hash_salt; // No reason to reset this. static $test_prefix; @@ -2475,7 +2474,7 @@ function drupal_valid_test_ua() { // We use the salt from settings.php to make the HMAC key, since // the database is not yet initialized and we can't access any Drupal variables. // The file properties add more entropy not easily accessible to others. - $key = $drupal_hash_salt . filectime(__FILE__) . fileinode(__FILE__); + $key = drupal_get_hash_salt() . filectime(__FILE__) . fileinode(__FILE__); $time_diff = REQUEST_TIME - $time; // Since we are making a local request a 5 second time window is allowed, // and the HMAC must match. @@ -2493,14 +2492,13 @@ function drupal_valid_test_ua() { * Generates a user agent string with a HMAC and timestamp for simpletest. */ function drupal_generate_test_ua($prefix) { - global $drupal_hash_salt; static $key; if (!isset($key)) { // We use the salt from settings.php to make the HMAC key, since // the database is not yet initialized and we can't access any Drupal variables. // The file properties add more entropy not easily accessible to others. - $key = $drupal_hash_salt . filectime(__FILE__) . fileinode(__FILE__); + $key = drupal_get_hash_salt() . filectime(__FILE__) . fileinode(__FILE__); } // Generate a moderately secure HMAC based on the database credentials. $salt = uniqid('', TRUE); @@ -3045,7 +3043,7 @@ function drupal_classloader() { case 'apc': if (function_exists('apc_store')) { require_once DRUPAL_ROOT . '/core/vendor/symfony/class-loader/Symfony/Component/ClassLoader/ApcUniversalClassLoader.php'; - $loader = new ApcUniversalClassLoader('drupal.' . $GLOBALS['drupal_hash_salt']); + $loader = new ApcUniversalClassLoader('drupal.' . drupal_get_hash_salt()); break; } // Fall through to the default loader if APC was not loaded, so that the @@ -3434,6 +3432,19 @@ function drupal_is_cli() { } /** + * Gets a salt useful for hardening against SQL injection. + * + * @return + * A salt based on information in settings.php, not in the database. + */ +function drupal_get_hash_salt() { + global $drupal_hash_salt, $databases; + // If the $drupal_hash_salt variable is empty, a hash of the serialized + // database credentials is used as a fallback salt. + return empty($drupal_hash_salt) ? hash('sha256', serialize($databases)) : $drupal_hash_salt; +} + +/** * Formats text for emphasized display in a placeholder inside a sentence. * * Used automatically by format_string(). @@ -3571,7 +3582,7 @@ function drupal_php_storage($name = 'default') { else { $configuration = array( 'class' => 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage', - 'secret' => $GLOBALS['drupal_hash_salt'], + 'secret' => drupal_get_hash_salt(), ); } $class = isset($configuration['class']) ? $configuration['class'] : 'Drupal\Component\PhpStorage\MTimeProtectedFileStorage'; diff --git a/core/includes/common.inc b/core/includes/common.inc index e3f405f..d06cb4a 100644 --- a/core/includes/common.inc +++ b/core/includes/common.inc @@ -4828,19 +4828,6 @@ function drupal_json_decode($var) { } /** - * Gets a salt useful for hardening against SQL injection. - * - * @return - * A salt based on information in settings.php, not in the database. - */ -function drupal_get_hash_salt() { - global $drupal_hash_salt, $databases; - // If the $drupal_hash_salt variable is empty, a hash of the serialized - // database credentials is used as a fallback salt. - return empty($drupal_hash_salt) ? hash('sha256', serialize($databases)) : $drupal_hash_salt; -} - -/** * Ensures the private key variable used to generate tokens is set. * * @return