Update to Drupal 8.2.4. For more information, see https://www.drupal.org/project/drupal/releases/8.2.4

2016-12-07 12:19:38 -08:00 · 2016-12-07 12:19:38 -08:00 · 8544b60b39
commit 8544b60b39
parent 0a95b8440e
284 changed files with 12980 additions and 3199 deletions
--- a/core/lib/Drupal/Core/Access/CsrfAccessCheck.php
+++ b/core/lib/Drupal/Core/Access/CsrfAccessCheck.php
@ -54,7 +54,7 @@ class CsrfAccessCheck implements RoutingAccessInterface {
      $path = str_replace("{{$param}}", $value, $path);
    }

-    if ($this->csrfToken->validate($request->query->get('token'), $path)) {
+    if ($this->csrfToken->validate($request->query->get('token', ''), $path)) {
      $result = AccessResult::allowed();
    }
    else {
--- a/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
+++ b/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php
@ -87,7 +87,7 @@ class CsrfTokenGenerator {
      return FALSE;
    }

-    return $token === $this->computeToken($seed, $value);
+    return Crypt::hashEquals($this->computeToken($seed, $value), $token);
  }

  /**