Split Security::salt() into getter/setter

src/Controller/Component/CookieComponent.php

@@ -118,7 +118,7 @@ class CookieComponent extends Component
     public function initialize(array $config)
     {
         if (!$this->_config['key']) {
-            $this->setConfig('key', Security::salt());
+            $this->setConfig('key', Security::getSalt());
         }
 
         $controller = $this->_registry->getController();

src/Controller/Component/SecurityComponent.php

@@ -382,7 +382,7 @@ protected function _hashParts(Controller $controller)
             $controller->request->here(),
             serialize($fieldList),
             $unlocked,
-            Security::salt()
+            Security::getSalt()
         ];
     }
 

src/Error/Debugger.php

@@ -928,7 +928,7 @@ public static function printVar($var, $location = [], $showHtml = null)
      */
     public static function checkSecurityKeys()
     {
-        if (Security::salt() === '__SALT__') {
+        if (Security::getSalt() === '__SALT__') {
             trigger_error(sprintf('Please change the value of %s in %s to a salt value specific to your application.', '\'Security.salt\'', 'ROOT/config/app.php'), E_USER_NOTICE);
         }
     }

src/Http/Cookie/CookieCryptTrait.php

@@ -112,7 +112,7 @@ public function setEncryptionKey($key)
     public function getEncryptionKey()
     {
         if ($this->encryptionKey === null) {
-            return Security::salt();
+            return Security::getSalt();
         }
 
         return $this->encryptionKey;

src/TestSuite/IntegrationTestCase.php

@@ -306,7 +306,7 @@ protected function _getCookieEncryptionKey()
             return $this->_cookieEncryptionKey;
         }
 
-        return Security::salt();
+        return Security::getSalt();
     }
 
     /**

src/Utility/Security.php

@@ -312,10 +312,34 @@ protected static function _constantEquals($hmac, $compare)
         return $result === 0;
     }
 
+    /**
+     * Gets the HMAC salt to be used for encryption/decryption
+     * routines.
+     *
+     * @return string The currently configured salt
+     */
+    public static function getSalt()
+    {
+        return static::$_salt;
+    }
+
+    /**
+     * Sets the HMAC salt to be used for encryption/decryption
+     * routines.
+     *
+     * @param string $salt The salt to use for encryption routines.
+     * @return void
+     */
+    public static function setSalt($salt)
+    {
+        static::$_salt = (string)$salt;
+    }
+
     /**
      * Gets or sets the HMAC salt to be used for encryption/decryption
      * routines.
      *
+     * @deprecated 3.5.0 Use getSalt()/setSalt() instead.
      * @param string|null $salt The salt to use for encryption routines. If null returns current salt.
      * @return string The currently configured salt
      */

src/View/Helper/SecureFieldTokenTrait.php

@@ -56,7 +56,7 @@ protected function _buildFieldToken($url, $fields, $unlockedFields = [])
             $url,
             serialize($fields),
             $unlocked,
-            Security::salt()
+            Security::getSalt()
         ];
         $fields = Security::hash(implode('', $hashParts), 'sha1');
 

tests/TestCase/Utility/SecurityTest.php

@@ -292,6 +292,17 @@ public function testSalt()
         $this->assertEquals('foobarbaz', Security::salt());
     }
 
+    /**
+     * Tests that the salt can be set and retrieved
+     *
+     * @return void
+     */
+    public function testGetSetSalt()
+    {
+        Security::setSalt('foobarbaz');
+        $this->assertEquals('foobarbaz', Security::getSalt());
+    }
+
     /**
      * Test the randomBytes method.
      *