diff --git a/core/lib/Drupal/Core/Access/CsrfAccessCheck.php b/core/lib/Drupal/Core/Access/CsrfAccessCheck.php index 8bb5037..0463831 100644 --- a/core/lib/Drupal/Core/Access/CsrfAccessCheck.php +++ b/core/lib/Drupal/Core/Access/CsrfAccessCheck.php @@ -30,7 +30,7 @@ public function applies(Route $route) { * {@inheritdoc} */ public function access(Route $route, Request $request) { - return drupal_get_token($route->getRequirement('_csrf')) == $request->query->get('csrf') ? static::ALLOW : static::KILL; + return \Drupal::csrfToken()->validate($request->query->get('csrf'), $route->getRequirement('_csrf')) ? static::ALLOW : static::KILL; } } diff --git a/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php b/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php index 2260b02..174b50e 100644 --- a/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php +++ b/core/tests/Drupal/Tests/Core/Access/CsrfAccessCheckTest.php @@ -22,8 +22,8 @@ class CsrfAccessCheckTest extends UnitTestCase { public static function getInfo() { return array( - 'name' => 'Tests the CSRF access checker.', - 'description' => 'Tests the access checker which deals with drupal_valid_token.', + 'name' => 'CSRF access checker.', + 'description' => 'Tests CSRF access control for routes.', 'group' => 'Routing', ); } @@ -32,6 +32,7 @@ public static function getInfo() { * Tests CsrfAccessCheck::applies(). */ public function testApplies() { + $this->assertTrue(FALSE); $applies_check = new CsrfAccessCheck(); $route = $this->getMockBuilder('Symfony\Component\Routing\Route')