Skip to content
Snippets Groups Projects
Commit a251c2da authored by catch's avatar catch
Browse files

Issue #2830596 by pwolanin, YesCT, alexpott:... 

Issue #2830596 by pwolanin, YesCT, alexpott: MTimeProtectedFastFileStorage::getFullPath() creates really long filenames unnecessarily
parent 44adac7a
Branches
Tags
2 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
Hide whitespace changes
Inline Side-by-side
core/lib/Drupal/Component/PhpStorage/MTimeProtectedFastFileStorage.php
+ 4
2
View file @ a251c2da
......@@ -2,6 +2,8 @@
namespace Drupal\Component\PhpStorage;
use Drupal\Component\Utility\Crypt;
/**
* Stores PHP code in files with securely hashed names.
*
......@@ -130,7 +132,7 @@ public function getFullPath($name, &$directory = NULL, &$directory_mtime = NULL)
if (!isset($directory_mtime)) {
$directory_mtime = file_exists($directory) ? filemtime($directory) : 0;
}
return $directory . '/' . hash_hmac('sha256', $name, $this->secret . $directory_mtime) . '.php';
return $directory . '/' . Crypt::hmacBase64($name, $this->secret . $directory_mtime) . '.php';
}
/**
......@@ -225,7 +227,7 @@ protected function getUncachedMTime($directory) {
*/
protected function tempnam($directory, $prefix) {
do {
$path = $directory . '/' . $prefix . substr(str_shuffle(hash('sha256', microtime())), 0, 10);
$path = $directory . '/' . $prefix . Crypt::randomBytesBase64(20);
} while (file_exists($path));
return $path;
}
......
core/modules/system/system.post_update.php
+ 8
0
View file @ a251c2da
......@@ -57,3 +57,11 @@ function system_post_update_add_region_to_entity_displays() {
array_map($entity_save, EntityViewDisplay::loadMultiple());
array_map($entity_save, EntityFormDisplay::loadMultiple());
}
/**
* Force Twig PHP file cache to be cleared.
*/
function system_post_update_clear_twig_cache() {
// Empty post-update hook.
}
core/tests/Drupal/Tests/Component/PhpStorage/MTimeProtectedFileStorageBase.php
+ 3
1
View file @ a251c2da
......@@ -2,6 +2,8 @@
namespace Drupal\Tests\Component\PhpStorage;
use Drupal\Component\Utility\Crypt;
/**
* Base test class for MTime protected storage.
*/
......@@ -77,7 +79,7 @@ public function testSecurity() {
$expected_directory = $expected_root_directory . '/' . $name;
}
$directory_mtime = filemtime($expected_directory);
$expected_filename = $expected_directory . '/' . hash_hmac('sha256', $name, $this->secret . $directory_mtime) . '.php';
$expected_filename = $expected_directory . '/' . Crypt::hmacBase64($name, $this->secret . $directory_mtime) . '.php';
// Ensure the file exists and that it and the containing directory have
// minimal permissions. fileperms() can return high bits unrelated to
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment