Commit 3ac058de authored by Oliver Bartsch's avatar Oliver Bartsch Committed by Christian Kuhn
Browse files

[TASK] Deprecate GeneralUtility::stdAuthCode

GeneralUtility::stdAuthCode is unused since at least
v9. As more appropriate methods for generating hashes,
e.g. GeneralUtility::hmac() exists nowadays, the method
is deprecated.

Resolves: #94309
Releases: master
Change-Id: I3d3678cd8c8c76462cc74b28f629b6679a4aea93
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69458


Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Torben Hansen's avatarTorben Hansen <derhansen@gmail.com>
Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Torben Hansen's avatarTorben Hansen <derhansen@gmail.com>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
parent 0caa1cce
......@@ -3081,9 +3081,15 @@ class GeneralUtility
* @param string $fields List of fields from the record if that is given.
* @param int $codeLength Length of returned authentication code.
* @return string MD5 hash of 8 chars.
* @deprecated since v11, will be removed in v12.
*/
public static function stdAuthCode($uid_or_record, $fields = '', $codeLength = 8)
{
trigger_error(
'GeneralUtility::stdAuthCode() is deprecated and will be removed in v12.',
E_USER_DEPRECATED
);
if (is_array($uid_or_record)) {
$recCopy_temp = [];
if ($fields) {
......
.. include:: ../../Includes.txt
============================================================
Deprecation: #94309 - Deprecated GeneralUtility::stdAuthCode
============================================================
See :issue:`94309`
Description
===========
The method :php:`GeneralUtility::stdAuthCode()` is unused within TYPO3
Core since at least v9. It internally fiddles with the `encryptionKey`
while using :php:`md5()`. Furthermore the default length of 8
chars could easily lead to hash collisions. TYPO3 Core already
provides :php:`GeneralUtility::hmac()` for such purposes, which
is using `sha1` with a length of 40. Therefore, :php:`stdAuthCode()`
has been deprecated and will be removed in TYPO3 v12.
Impact
======
Calling the method will log a deprecation warning and the method will
be dropped with TYPO3 v12.
Affected Installations
======================
All TYPO3 installations calling this method in custom code. The extension
scanner will find all usages as strong match.
Migration
=========
Replace all usages of the method in custom extension code by either using
:php:`GeneralUtility::hmac()` or by a custom implementation.
.. index:: PHP-API, FullyScanned, ext:core
......@@ -1079,4 +1079,11 @@ return [
'Deprecation-94252-DeprecatedGeneralUtilitycompileSelectedGetVarsFromArray.rst'
],
],
'TYPO3\CMS\Core\Utility\GeneralUtility::stdAuthCode' => [
'numberOfMandatoryArguments' => 1,
'maximumNumberOfArguments' => 3,
'restFiles' => [
'Deprecation-94309-DeprecatedGeneralUtilitystdAuthCode.rst'
],
],
];
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment