Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 UTC on 18 March 2024, to get $100 off your ticket.
Problem/Motivation
Since we don't support PHP5 #3053363: Remove support for PHP 5 in Drupal 8.8 we no longer need to maintain \Drupal\Component\Utility\Crypt::hashEquals()
Proposed resolution
Deprecate the method for removal in Drupal 9.
Remaining tasks
Create change record
Add @deprecated to docblock
Add @trigger_error() to code
Remove all usages in core
Add legacy test to ensure we don;t break it for the remainder of Drupal 8 lifetime.
User interface changes
None
API changes
\Drupal\Component\Utility\Crypt::hashEquals()
is deprecated
Data model changes
None
Release notes snippet
N/a
Comment | File | Size | Author |
---|---|---|---|
#20 | interdiff-3053956-18-20.txt | 2 KB | voleger |
#20 | 3053956-20.patch | 13.71 KB | voleger |
#18 | 3053956-18.patch | 13.65 KB | alexpott |
#18 | 13-18-interdiff.txt | 3.62 KB | alexpott |
#13 | interdiff-11-13.txt | 533 bytes | aleevas |
Comments
Comment #2
neeravbm CreditAttribution: neeravbm at Red Crackle commentedI have attached the patch for the items #2, #3 and #4, i.e.
2) Add @deprecated to docblock
3) Add @trigger_error() to code
4) Remove all usages in core
I am new to core commits. Can you explain what do I need to do for #1 and #5?
Comment #3
cilefen CreditAttribution: cilefen commentedFor #1 there is a link in the sidebar. We may as well test this.
Comment #4
neeravbm CreditAttribution: neeravbm at Red Crackle commented@cliefen, I didn't understand your comment about link in the sidebar. Can you please elaborate a little more?
Comment #5
cilefen CreditAttribution: cilefen commented#1 Is to add a change record (aka notice). The link to do so is in the sidebar of this and every issue.
Comment #6
apadernoIt's the last of the links shown after the block on the right side.
Comment #7
alexpott@neeravbm thanks for the patch. I'm not sure how you generated the patch but unfortunately it can not be applied via using git and so the testbot and me can't test it. Perhaps the advice on https://www.drupal.org/node/707484 might help?
Also I'm sure that with this patch...
Can remove
use Drupal\Component\Utility\Crypt;
from these filesComment #8
alexpottThis should be postponed as hash_equals has only been around since PHP 5.6
Comment #9
neeravbm CreditAttribution: neeravbm at Red Crackle commented@alexpott I generated the patch using PHPStorm. I'll check with the link you mentioned and attempt to modify the patch. Will also remove unused file imports.
@cilefen and @kiamlaluno, thanks for your inputs. Here's the change record I created: https://www.drupal.org/node/3054488. This is my first change record creation so let me know if something needs to be improved.
Comment #10
neeravbm CreditAttribution: neeravbm at Red Crackle commentedI have attached the patch creating using "git diff" instead of PHPStorm. I have removed the unused use statements as well.
Comment #11
alexpottAdd change record and add a test that was interestingly missing - considering we had custom code for PHP5.
Comment #12
Berdirthe comment needs to be updated.
Comment #13
aleevasHello!
@berdir I updated the comment.
Hope I understood you right.
Comment #14
BerdirYes, exactly like that.
Comment #15
alexpottIt'd be great to get #3057314: Harden hash checking in core in first.
Comment #17
larowlanNeeds re-roll after #3057314: Harden hash checking in core
Comment #18
alexpottUpdated the patch to convert the new instances of Crypt::hashEquals()
Comment #19
amateescu CreditAttribution: amateescu for Pfizer, Inc. commentedLooks good to me.
Comment #20
volegerFixed CS issues with a deprecation message.
Comment #21
catchFixed this on commit:
Committed 17153a2 and pushed to 8.8.x. Thanks!
Comment #24
Krzysztof DomańskiPublished CR.