10 years ago · 3653d54366
--- a/src/Controller/Component/CsrfComponent.php
+++ b/src/Controller/Component/CsrfComponent.php
@@ -16,6 +16,7 @@ namespace Cake\Controller\Component;
 
				 
			
 
				 use Cake\Controller\Component;
			
 
				 use Cake\Event\Event;
			
 
				+use Cake\I18n\Time;
			
 
				 use Cake\Network\Exception\InvalidCsrfTokenException;
			
 
				 use Cake\Network\Request;
			
 
				 use Cake\Network\Response;
			
@@ -120,12 +121,14 @@ class CsrfComponent extends Component
 
				      */
			
 
				     protected function _setCookie(Request $request, Response $response)
			
 
				     {
			
 
				+        $expires = new Time($this->_config['expiry']);
			
 
				         $value = Security::hash(Text::uuid(), 'sha1', true);
			
 
				+
			
 
				         $request->params['_csrfToken'] = $value;
			
 
				         $response->cookie([
			
 
				             'name' => $this->_config['cookieName'],
			
 
				             'value' => $value,
			
 
				-            'expire' => $this->_config['expiry'],
			
 
				+            'expire' => $expires->format('U'),
			
 
				             'path' => $request->webroot,
			
 
				             'secure' => $this->_config['secure'],
			
 
				         ]);
			
--- a/tests/TestCase/Controller/Component/CsrfComponentTest.php
+++ b/tests/TestCase/Controller/Component/CsrfComponentTest.php
@@ -17,6 +17,7 @@ namespace Cake\Test\TestCase\Controller\Component;
 
				 use Cake\Controller\ComponentRegistry;
			
 
				 use Cake\Controller\Component\CsrfComponent;
			
 
				 use Cake\Event\Event;
			
 
				+use Cake\I18n\Time;
			
 
				 use Cake\Network\Request;
			
 
				 use Cake\Network\Response;
			
 
				 use Cake\TestSuite\TestCase;
			
@@ -262,7 +263,7 @@ class CsrfComponentTest extends TestCase
 
				 
			
 
				         $component = new CsrfComponent($this->registry, [
			
 
				             'cookieName' => 'token',
			
 
				-            'expiry' => 90,
			
 
				+            'expiry' => '+1 hour',
			
 
				             'secure' => true
			
 
				         ]);
			
 
				 
			
@@ -273,7 +274,7 @@ class CsrfComponentTest extends TestCase
 
				         $cookie = $controller->response->cookie('token');
			
 
				         $this->assertNotEmpty($cookie, 'Should set a token.');
			
 
				         $this->assertRegExp('/^[a-f0-9]+$/', $cookie['value'], 'Should look like a hash.');
			
 
				-        $this->assertEquals(90, $cookie['expire'], 'session duration.');
			
 
				+        $this->assertWithinRange((new Time('+1 hour'))->format('U'), $cookie['expire'], 1);
			
 
				         $this->assertEquals('/dir/', $cookie['path'], 'session path.');
			
 
				         $this->assertTrue($cookie['secure'], 'cookie security flag missing');
			
 
				     }