From 096ccf875decef75d2f23421d7bf746ca6c64e7f Mon Sep 17 00:00:00 2001
From: Luke Towers <luke@luketowers.ca>
Date: Mon, 28 Oct 2019 12:58:07 -0600
Subject: [PATCH] Implement suggestions from @bennothommo

---
 modules/cms/classes/Controller.php                 | 8 ++++----
 modules/system/assets/js/framework-min.js          | 4 ++--
 modules/system/assets/js/framework.combined-min.js | 4 ++--
 modules/system/assets/js/framework.js              | 4 ++--
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/modules/cms/classes/Controller.php b/modules/cms/classes/Controller.php
index a07354a37..ae0198682 100644
--- a/modules/cms/classes/Controller.php
+++ b/modules/cms/classes/Controller.php
@@ -269,7 +269,7 @@ class Controller
         $response = Response::make($result, $this->statusCode);
 
         if (Config::get('cms.enableCsrfProtection')) {
-            $this->addCsrfCookie($response);
+            $this->addXsrfCookie($response);
         }
 
         return $response;
@@ -1595,9 +1595,9 @@ class Controller
     /**
      * Adds anti-CSRF cookie.
      * Adds a cookie with a token for CSRF checks to the response.
-     * @return void
+     * @return Response
      */
-    protected function addCsrfCookie(\Illuminate\Http\Response $response)
+    protected function addXsrfCookie(\Illuminate\Http\Response $response)
     {
         $config = Config::get('session');
 
@@ -1605,7 +1605,7 @@ class Controller
             new Cookie(
                 'XSRF-TOKEN',
                 Session::token(),
-                Carbon::now()->addSeconds(60 * $config['lifetime'])->getTimestamp(),
+                Carbon::now()->addMinutes((int) $config['lifetime'])->getTimestamp(),
                 $config['path'],
                 $config['domain'],
                 $config['secure'],
diff --git a/modules/system/assets/js/framework-min.js b/modules/system/assets/js/framework-min.js
index eb8f52fbc..acc69b4c4 100644
--- a/modules/system/assets/js/framework-min.js
+++ b/modules/system/assets/js/framework-min.js
@@ -14,7 +14,7 @@ useFiles=false}
 if($.type(loading)=='string'){loading=$(loading)}
 var requestHeaders={'X-OCTOBER-REQUEST-HANDLER':handler,'X-OCTOBER-REQUEST-PARTIALS':this.extractPartials(options.update)}
 if(useFlash){requestHeaders['X-OCTOBER-REQUEST-FLASH']=1}
-var csrfToken=getCSRFToken()
+var csrfToken=getXSRFToken()
 if(csrfToken){requestHeaders['X-XSRF-TOKEN']=csrfToken}
 var requestData,inputName,data={}
 $.each($el.parents('[data-request-data]').toArray().reverse(),function extendRequest(){$.extend(data,paramToObj('data-request-data',$(this).data('request-data')))})
@@ -114,7 +114,7 @@ function paramToObj(name,value){if(value===undefined)value=''
 if(typeof value=='object')return value
 try{return ocJSON("{"+value+"}")}
 catch(e){throw new Error('Error parsing the '+name+' attribute value. '+e)}}
-function getCSRFToken(){var cookieValue=null
+function getXSRFToken(){var cookieValue=null
 if(document.cookie&&document.cookie!=''){var cookies=document.cookie.split(';')
 for(var i=0;i<cookies.length;i++){var cookie=jQuery.trim(cookies[i])
 if(cookie.substring(0,11)==('XSRF-TOKEN'+'=')){cookieValue=decodeURIComponent(cookie.substring(11))
diff --git a/modules/system/assets/js/framework.combined-min.js b/modules/system/assets/js/framework.combined-min.js
index 3e4cf2850..fa795c15f 100644
--- a/modules/system/assets/js/framework.combined-min.js
+++ b/modules/system/assets/js/framework.combined-min.js
@@ -14,7 +14,7 @@ useFiles=false}
 if($.type(loading)=='string'){loading=$(loading)}
 var requestHeaders={'X-OCTOBER-REQUEST-HANDLER':handler,'X-OCTOBER-REQUEST-PARTIALS':this.extractPartials(options.update)}
 if(useFlash){requestHeaders['X-OCTOBER-REQUEST-FLASH']=1}
-var csrfToken=getCSRFToken()
+var csrfToken=getXSRFToken()
 if(csrfToken){requestHeaders['X-XSRF-TOKEN']=csrfToken}
 var requestData,inputName,data={}
 $.each($el.parents('[data-request-data]').toArray().reverse(),function extendRequest(){$.extend(data,paramToObj('data-request-data',$(this).data('request-data')))})
@@ -114,7 +114,7 @@ function paramToObj(name,value){if(value===undefined)value=''
 if(typeof value=='object')return value
 try{return ocJSON("{"+value+"}")}
 catch(e){throw new Error('Error parsing the '+name+' attribute value. '+e)}}
-function getCSRFToken(){var cookieValue=null
+function getXSRFToken(){var cookieValue=null
 if(document.cookie&&document.cookie!=''){var cookies=document.cookie.split(';')
 for(var i=0;i<cookies.length;i++){var cookie=jQuery.trim(cookies[i])
 if(cookie.substring(0,11)==('XSRF-TOKEN'+'=')){cookieValue=decodeURIComponent(cookie.substring(11))
diff --git a/modules/system/assets/js/framework.js b/modules/system/assets/js/framework.js
index 51aea9cee..39bc3e89c 100644
--- a/modules/system/assets/js/framework.js
+++ b/modules/system/assets/js/framework.js
@@ -68,7 +68,7 @@ if (window.jQuery.request !== undefined) {
             requestHeaders['X-OCTOBER-REQUEST-FLASH'] = 1
         }
 
-        var csrfToken = getCSRFToken()
+        var csrfToken = getXSRFToken()
         if (csrfToken) {
             requestHeaders['X-XSRF-TOKEN'] = csrfToken
         }
@@ -470,7 +470,7 @@ if (window.jQuery.request !== undefined) {
         }
     }
 
-    function getCSRFToken() {
+    function getXSRFToken() {
         var cookieValue = null
         if (document.cookie && document.cookie != '') {
             var cookies = document.cookie.split(';')