From 4b569f3e90eade353edb458c12183e6bac4c11e8 Mon Sep 17 00:00:00 2001
From: Qiang Xue <qiang.xue@gmail.com>
Date: Fri, 27 Dec 2013 23:26:38 -0500
Subject: [PATCH] Fixed CSRF token masking issue.

---
 framework/yii/web/Request.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/framework/yii/web/Request.php b/framework/yii/web/Request.php
index aae2e3c..ee232f4 100644
--- a/framework/yii/web/Request.php
+++ b/framework/yii/web/Request.php
@@ -1039,7 +1039,8 @@ class Request extends \yii\base\Request
 		if ($this->_maskedCsrfToken === null) {
 			$token = $this->getCsrfToken();
 			$mask = Security::generateRandomKey(self::CSRF_MASK_LENGTH);
-			$this->_maskedCsrfToken = base64_encode($mask . $this->xorTokens($token, $mask));
+			// The + sign may be decoded as blank space later, which will fail the validation
+			$this->_maskedCsrfToken = str_replace('+', '.', base64_encode($mask . $this->xorTokens($token, $mask)));
 		}
 		return $this->_maskedCsrfToken;
 	}
@@ -1120,7 +1121,7 @@ class Request extends \yii\base\Request
 
 	private function validateCsrfTokenInternal($token, $trueToken)
 	{
-		$token = base64_decode($token);
+		$token = str_replace('.', '+', base64_decode($token));
 		$n = StringHelper::byteLength($token);
 		if ($n <= self::CSRF_MASK_LENGTH) {
 			return false;