Commit 3ac058de authored by Oliver Bartsch's avatar Oliver Bartsch Committed by Christian Kuhn
Browse files

[TASK] Deprecate GeneralUtility::stdAuthCode

GeneralUtility::stdAuthCode is unused since at least
v9. As more appropriate methods for generating hashes,
e.g. GeneralUtility::hmac() exists nowadays, the method
is deprecated.

Resolves: #94309
Releases: master
Change-Id: I3d3678cd8c8c76462cc74b28f629b6679a4aea93

Tested-by: core-ci's avatarcore-ci <>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <>
Tested-by: Torben Hansen's avatarTorben Hansen <>
Tested-by: Christian Kuhn's avatarChristian Kuhn <>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <>
Reviewed-by: Torben Hansen's avatarTorben Hansen <>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <>
parent 0caa1cce
......@@ -3081,9 +3081,15 @@ class GeneralUtility
* @param string $fields List of fields from the record if that is given.
* @param int $codeLength Length of returned authentication code.
* @return string MD5 hash of 8 chars.
* @deprecated since v11, will be removed in v12.
public static function stdAuthCode($uid_or_record, $fields = '', $codeLength = 8)
'GeneralUtility::stdAuthCode() is deprecated and will be removed in v12.',
if (is_array($uid_or_record)) {
$recCopy_temp = [];
if ($fields) {
.. include:: ../../Includes.txt
Deprecation: #94309 - Deprecated GeneralUtility::stdAuthCode
See :issue:`94309`
The method :php:`GeneralUtility::stdAuthCode()` is unused within TYPO3
Core since at least v9. It internally fiddles with the `encryptionKey`
while using :php:`md5()`. Furthermore the default length of 8
chars could easily lead to hash collisions. TYPO3 Core already
provides :php:`GeneralUtility::hmac()` for such purposes, which
is using `sha1` with a length of 40. Therefore, :php:`stdAuthCode()`
has been deprecated and will be removed in TYPO3 v12.
Calling the method will log a deprecation warning and the method will
be dropped with TYPO3 v12.
Affected Installations
All TYPO3 installations calling this method in custom code. The extension
scanner will find all usages as strong match.
Replace all usages of the method in custom extension code by either using
:php:`GeneralUtility::hmac()` or by a custom implementation.
.. index:: PHP-API, FullyScanned, ext:core
......@@ -1079,4 +1079,11 @@ return [
'TYPO3\CMS\Core\Utility\GeneralUtility::stdAuthCode' => [
'numberOfMandatoryArguments' => 1,
'maximumNumberOfArguments' => 3,
'restFiles' => [
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment