By dawehner on
Change record status:
Published (View all published change records)
Project:
Introduced in branch:
8.x
Description:
In #2036351: Convert CSRF tokens to a service both drupal_get_private_key() and more important drupal_get_token() got replaced by a service. Also the optional $skip_anonymous parameter of drupal_valid_token() was removed in #2245117: Remove the optional $skip_anonymous parameter from CsrfTokenGenerator::validate and remove the dependency on current_user service.
Drupal 7
// Get the private key.
$private_key = drupal_get_private_key();
// Get a drupal CSRF token.
$token = drupal_get_token();
// Check that the token is valid.
if (drupal_valid_token($token)) {
}
Drupal 8
// Get the private key.
$private_key = Drupal::service('private_key')->get();
// Get a drupal CSRF token. (The actual service is called 'csrf_token').
$token_generator = \Drupal::csrfToken();
$token = $token_generator->get();
// Check that the token is valid.
if ($token_generator->validate($token)) {
}
Note: As always you should inject the dependencies into your objects, instead of calling procedural code.
Impacts:
Module developers
