Deprecation: #102763 - Extbase HashService
See forge#102763
Description
Internal class \TYPO3\
is deprecated in favor of \TYPO3\
,
which requires an additional secret to prevent re-using generated hashes in
different contexts.
Impact
Using class \TYPO3\
will
trigger a PHP deprecation warning.
Affected installations
TYPO3 installations with custom extensions using
\TYPO3\
.
Migration
Class \TYPO3\
must be used to migrate.
Before
$hashService = new \TYPO3\CMS\Extbase\Security\Cryptography\HashService();
$generatedHash = $hashService->generateHmac('123');
$isValidHash = $hashService->validateHmac('123', $generatedHash);
$stringWithAppendedHash = $hashService->appendHmac('123');
$validatedStringWithHashRemoved = $hashService->validateAndStripHmac($stringWithAppendedHash);
Copied!
After
$hashService = new \TYPO3\CMS\Core\Crypto\HashService();
$generatedHash = $hashService->hmac('123', 'myAdditionalSecret');
$isValidHash = $hashService->validateHmac('123', 'myAdditionalSecret', $generatedHash);
$stringWithAppendedHash = $hashService->appendHmac('123', 'myAdditionalSecret');
$validatedStringWithHashRemoved = $hashService->validateAndStripHmac($stringWithAppendedHash, 'myAdditionalSecret');
Copied!
Note, $additional
string must be unique per
context, so hashes for the same input are different depending on scope.