Renamed csrfParam back to csrfVar for consistency.

framework/assets/yii.js

@@ -60,7 +60,7 @@ yii = (function ($) {
 		/**
 		 * @return string|undefined the CSRF variable name. Undefined is returned if CSRF validation is not enabled.
 		 */
-		getCsrfParam: function () {
+		getCsrfVar: function () {
 			return $('meta[name=csrf-param]').prop('content');
 		},
 
@@ -130,9 +130,9 @@ yii = (function ($) {
 				if (!method.match(/(get|post)/i)) {
 					$form.append('<input name="_method" value="' + method + '" type="hidden">');
 				}
-				var csrfParam = pub.getCsrfParam();
-				if (csrfParam) {
-					$form.append('<input name="' + csrfParam + '" value="' + pub.getCsrfToken() + '" type="hidden">');
+				var csrfVar = pub.getCsrfVar();
+				if (csrfVar) {
+					$form.append('<input name="' + csrfVar + '" value="' + pub.getCsrfToken() + '" type="hidden">');
 				}
 				$form.hide().appendTo('body');
 			}
@@ -199,7 +199,7 @@ yii = (function ($) {
 	function initCsrfHandler() {
 		// automatically send CSRF token for all AJAX requests
 		$.ajaxPrefilter(function (options, originalOptions, xhr) {
-			if (!options.crossDomain && pub.getCsrfParam()) {
+			if (!options.crossDomain && pub.getCsrfVar()) {
 				xhr.setRequestHeader('X-CSRF-Token', pub.getCsrfToken());
 			}
 		});

framework/helpers/BaseHtml.php

@@ -244,7 +244,7 @@ class BaseHtml
 				$method = 'post';
 			}
 			if ($request->enableCsrfValidation && !strcasecmp($method, 'post')) {
-				$hiddenInputs[] = static::hiddenInput($request->csrfParam, $request->getCsrfToken());
+				$hiddenInputs[] = static::hiddenInput($request->csrfVar, $request->getCsrfToken());
 			}
 		}
 

framework/web/Request.php

@@ -95,10 +95,10 @@ class Request extends \yii\base\Request
 	 * from the same application. If not, a 400 HTTP exception will be raised.
 	 *
 	 * Note, this feature requires that the user client accepts cookie. Also, to use this feature,
-	 * forms submitted via POST method must contain a hidden input whose name is specified by [[csrfParam]].
+	 * forms submitted via POST method must contain a hidden input whose name is specified by [[csrfVar]].
 	 * You may use [[\yii\web\Html::beginForm()]] to generate his hidden input.
 	 *
-	 * In JavaScript, you may get the values of [[csrfParam]] and [[csrfToken]] via `yii.getCsrfParam()` and
+	 * In JavaScript, you may get the values of [[csrfVar]] and [[csrfToken]] via `yii.getCsrfParam()` and
 	 * `yii.getCsrfToken()`, respectively. The [[\yii\web\YiiAsset]] asset must be registered.
 	 *
 	 * @see Controller::enableCsrfValidation
@@ -109,7 +109,7 @@ class Request extends \yii\base\Request
 	 * @var string the name of the token used to prevent CSRF. Defaults to '_csrf'.
 	 * This property is used only when [[enableCsrfValidation]] is true.
 	 */
-	public $csrfParam = '_csrf';
+	public $csrfVar = '_csrf';
 	/**
 	 * @var array the configuration of the CSRF cookie. This property is used only when [[enableCsrfValidation]] is true.
 	 * @see Cookie
@@ -1103,7 +1103,7 @@ class Request extends \yii\base\Request
 	public function getRawCsrfToken()
 	{
 		if ($this->_csrfCookie === null) {
-			$this->_csrfCookie = $this->getCookies()->get($this->csrfParam);
+			$this->_csrfCookie = $this->getCookies()->get($this->csrfVar);
 			if ($this->_csrfCookie === null) {
 				$this->_csrfCookie = $this->createCsrfCookie();
 				Yii::$app->getResponse()->getCookies()->add($this->_csrfCookie);
@@ -1175,7 +1175,7 @@ class Request extends \yii\base\Request
 	protected function createCsrfCookie()
 	{
 		$options = $this->csrfCookie;
-		$options['name'] = $this->csrfParam;
+		$options['name'] = $this->csrfVar;
 		$options['value'] = Security::generateRandomKey();
 		return new Cookie($options);
 	}
@@ -1194,8 +1194,8 @@ class Request extends \yii\base\Request
 		if (!$this->enableCsrfValidation || in_array($method, ['GET', 'HEAD', 'OPTIONS'], true)) {
 			return true;
 		}
-		$trueToken = $this->getCookies()->getValue($this->csrfParam);
-		$token = $this->getBodyParam($this->csrfParam);
+		$trueToken = $this->getCookies()->getValue($this->csrfVar);
+		$token = $this->getBodyParam($this->csrfVar);
 		return $this->validateCsrfTokenInternal($token, $trueToken)
 			|| $this->validateCsrfTokenInternal($this->getCsrfTokenFromHeader(), $trueToken);
 	}

framework/web/View.php

@@ -454,7 +454,7 @@ class View extends \yii\base\View
 
 		$request = Yii::$app->getRequest();
 		if ($request instanceof \yii\web\Request && $request->enableCsrfValidation && !$request->getIsAjax()) {
-			$lines[] = Html::tag('meta', '', ['name' => 'csrf-param', 'content' => $request->csrfParam]);
+			$lines[] = Html::tag('meta', '', ['name' => 'csrf-param', 'content' => $request->csrfVar]);
 			$lines[] = Html::tag('meta', '', ['name' => 'csrf-token', 'content' => $request->getCsrfToken()]);
 		}