Mercurial > hg > isophonics-drupal-site
view core/lib/Drupal/Core/PrivateKey.php @ 13:5fb285c0d0e3
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've
been lucky to get away with this so far, as we don't support self-registration
which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5
was vulnerable to.
author | Chris Cannam |
---|---|
date | Mon, 23 Apr 2018 09:33:26 +0100 |
parents | 4c8ae668cc8c |
children |
line wrap: on
line source
<?php namespace Drupal\Core; use Drupal\Core\State\StateInterface; use Drupal\Component\Utility\Crypt; /** * Manages the Drupal private key. */ class PrivateKey { /** * The state service. * * @var \Drupal\Core\State\StateInterface */ protected $state; /** * Constructs the token generator. * * @param \Drupal\Core\State\StateInterface $state * The state service. */ public function __construct(StateInterface $state) { $this->state = $state; } /** * Gets the private key. * * @return string * The private key. */ public function get() { if (!$key = $this->state->get('system.private_key')) { $key = $this->create(); $this->set($key); } return $key; } /** * Sets the private key. * * @param string $key * The private key to set. */ public function set($key) { return $this->state->set('system.private_key', $key); } /** * Creates a new private key. * * @return string * The private key. */ protected function create() { return Crypt::randomBytesBase64(55); } }