Mercurial > hg > isophonics-drupal-site
view core/lib/Drupal/Core/Session/MetadataBag.php @ 13:5fb285c0d0e3
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've
been lucky to get away with this so far, as we don't support self-registration
which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5
was vulnerable to.
author | Chris Cannam |
---|---|
date | Mon, 23 Apr 2018 09:33:26 +0100 |
parents | 4c8ae668cc8c |
children |
line wrap: on
line source
<?php namespace Drupal\Core\Session; use Drupal\Core\Site\Settings; use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag as SymfonyMetadataBag; /** * Provides a container for application specific session metadata. */ class MetadataBag extends SymfonyMetadataBag { /** * The key used to store the CSRF token seed in the session. */ const CSRF_TOKEN_SEED = 's'; /** * Constructs a new metadata bag instance. * * @param \Drupal\Core\Site\Settings $settings * The settings instance. */ public function __construct(Settings $settings) { $update_threshold = $settings->get('session_write_interval', 180); parent::__construct('_sf2_meta', $update_threshold); } /** * Set the CSRF token seed. * * @param string $csrf_token_seed * The per-session CSRF token seed. */ public function setCsrfTokenSeed($csrf_token_seed) { $this->meta[static::CSRF_TOKEN_SEED] = $csrf_token_seed; } /** * Get the CSRF token seed. * * @return string|null * The per-session CSRF token seed or null when no value is set. */ public function getCsrfTokenSeed() { if (isset($this->meta[static::CSRF_TOKEN_SEED])) { return $this->meta[static::CSRF_TOKEN_SEED]; } } /** * Clear the CSRF token seed. */ public function clearCsrfTokenSeed() { unset($this->meta[static::CSRF_TOKEN_SEED]); } }