actionpack-rack-upgrade 2.3.14

data/lib/action_controller/caching.rb

@@ -0,0 +1,71 @@
+require 'fileutils'
+require 'uri'
+require 'set'
+
+module ActionController #:nodoc:
+  # Caching is a cheap way of speeding up slow applications by keeping the result of calculations, renderings, and database calls
+  # around for subsequent requests. Action Controller affords you three approaches in varying levels of granularity: Page, Action, Fragment.
+  #
+  # You can read more about each approach and the sweeping assistance by clicking the modules below.
+  #
+  # Note: To turn off all caching and sweeping, set Base.perform_caching = false.
+  #
+  #
+  # == Caching stores
+  #
+  # All the caching stores from ActiveSupport::Cache is available to be used as backends for Action Controller caching. This setting only
+  # affects action and fragment caching as page caching is always written to disk.
+  #
+  # Configuration examples (MemoryStore is the default):
+  #
+  #   ActionController::Base.cache_store = :memory_store
+  #   ActionController::Base.cache_store = :file_store, "/path/to/cache/directory"
+  #   ActionController::Base.cache_store = :drb_store, "druby://localhost:9192"
+  #   ActionController::Base.cache_store = :mem_cache_store, "localhost"
+  #   ActionController::Base.cache_store = :mem_cache_store, Memcached::Rails.new("localhost:11211")
+  #   ActionController::Base.cache_store = MyOwnStore.new("parameter")
+  module Caching
+    autoload :Actions, 'action_controller/caching/actions'
+    autoload :Fragments, 'action_controller/caching/fragments'
+    autoload :Pages, 'action_controller/caching/pages'
+    autoload :Sweeper, 'action_controller/caching/sweeper'
+    autoload :Sweeping, 'action_controller/caching/sweeping'
+
+    def self.included(base) #:nodoc:
+      base.class_eval do
+        @@cache_store = nil
+        cattr_reader :cache_store
+
+        # Defines the storage option for cached fragments
+        def self.cache_store=(store_option)
+          @@cache_store = ActiveSupport::Cache.lookup_store(store_option)
+        end
+
+        include Pages, Actions, Fragments
+        include Sweeping if defined?(ActiveRecord)
+
+        @@perform_caching = true
+        cattr_accessor :perform_caching
+
+        def self.cache_configured?
+          perform_caching && cache_store
+        end
+      end
+    end
+
+    protected
+      # Convenience accessor
+      def cache(key, options = {}, &block)
+        if cache_configured?
+          cache_store.fetch(ActiveSupport::Cache.expand_cache_key(key, :controller), options, &block)
+        else
+          yield
+        end
+      end
+
+    private
+      def cache_configured?
+        self.class.cache_configured?
+      end
+  end
+end

data/lib/action_controller/cgi_ext/cookie.rb

@@ -0,0 +1,112 @@
+require 'delegate'
+
+CGI.module_eval { remove_const "Cookie" }
+
+# TODO: document how this differs from stdlib CGI::Cookie
+class CGI #:nodoc:
+  class Cookie < DelegateClass(Array)
+    attr_accessor :name, :value, :path, :domain, :expires
+    attr_reader :secure, :http_only
+
+    # Creates a new CGI::Cookie object.
+    #
+    # The contents of the cookie can be specified as a +name+ and one
+    # or more +value+ arguments.  Alternatively, the contents can
+    # be specified as a single hash argument.  The possible keywords of
+    # this hash are as follows:
+    #
+    # * <tt>:name</tt> - The name of the cookie.  Required.
+    # * <tt>:value</tt> - The cookie's value or list of values.
+    # * <tt>:path</tt> - The path for which this cookie applies.  Defaults to the
+    #   base directory of the CGI script.
+    # * <tt>:domain</tt> - The domain for which this cookie applies.
+    # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object.
+    # * <tt>:secure</tt> - Whether this cookie is a secure cookie or not (defaults to
+    #   +false+). Secure cookies are only transmitted to HTTPS servers.
+    # * <tt>:http_only</tt> - Whether this cookie can be accessed by client side scripts (e.g. document.cookie) or only over HTTP.
+    #   More details in http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx. Defaults to +false+. 
+    #
+    # These keywords correspond to attributes of the cookie object.
+    def initialize(name = '', *value)
+      if name.kind_of?(String)
+        @name = name
+        @value = Array(value)
+        @domain = nil
+        @expires = nil
+        @secure = false
+        @http_only = false
+        @path = nil
+      else
+        @name = name['name']
+        @value = (name['value'].kind_of?(String) ? [name['value']] : Array(name['value'])).delete_if(&:blank?)
+        @domain = name['domain']
+        @expires = name['expires']
+        @secure = name['secure'] || false
+        @http_only = name['http_only'] || false
+        @path = name['path']
+      end
+
+      raise ArgumentError, "`name' required" unless @name
+
+      # simple support for IE
+      unless @path
+        %r|^(.*/)|.match(ENV['SCRIPT_NAME'])
+        @path = ($1 or '')
+      end
+
+      super(@value)
+    end
+
+    # Sets whether the Cookie is a secure cookie or not.
+    def secure=(val)
+      @secure = val == true
+    end
+
+    # Sets whether the Cookie is an HTTP only cookie or not.
+    def http_only=(val)
+      @http_only = val == true
+    end
+
+    # Converts the Cookie to its string representation.
+    def to_s
+      buf = ''
+      buf << @name << '='
+      buf << (@value.kind_of?(String) ? CGI::escape(@value) : @value.collect{|v| CGI::escape(v) }.join("&"))
+      buf << '; domain=' << @domain if @domain
+      buf << '; path=' << @path if @path
+      buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires
+      buf << '; secure' if @secure
+      buf << '; HttpOnly' if @http_only
+      buf
+    end
+
+    # FIXME: work around broken 1.8.7 DelegateClass#respond_to?
+    def respond_to?(method, include_private = false)
+      return true if super(method)
+      return __getobj__.respond_to?(method, include_private)
+    end
+
+    # Parses a raw cookie string into a hash of <tt>cookie-name => cookie-object</tt>
+    # pairs.
+    #
+    #   cookies = CGI::Cookie::parse("raw_cookie_string")
+    #     # => { "name1" => cookie1, "name2" => cookie2, ... }
+    #
+    def self.parse(raw_cookie)
+      cookies = Hash.new([])
+
+      if raw_cookie
+        raw_cookie.split(/;\s?/).each do |pairs|
+          name, value = pairs.split('=',2)
+          next unless name and value
+          name = CGI::unescape(name)
+          unless cookies.has_key?(name)
+            cookies[name] = new(name, CGI::unescape(value))
+          end
+        end
+      end
+
+      cookies
+    end
+  end # class Cookie
+end

data/lib/action_controller/cgi_ext/query_extension.rb

@@ -0,0 +1,22 @@
+require 'cgi'
+
+class CGI #:nodoc:
+  module QueryExtension
+    # Remove the old initialize_query method before redefining it.
+    remove_method :initialize_query
+
+    # Neuter CGI parameter parsing.
+    def initialize_query
+      # Fix some strange request environments.
+      env_table['REQUEST_METHOD'] ||= 'GET'
+
+      # POST assumes missing Content-Type is application/x-www-form-urlencoded.
+      if env_table['CONTENT_TYPE'].blank? && env_table['REQUEST_METHOD'] == 'POST'
+        env_table['CONTENT_TYPE'] = 'application/x-www-form-urlencoded'
+      end
+
+      @cookies = CGI::Cookie::parse(env_table['HTTP_COOKIE'] || env_table['COOKIE'])
+      @params = {}
+    end
+  end
+end

data/lib/action_controller/cgi_ext/stdinput.rb

@@ -0,0 +1,24 @@
+require 'cgi'
+
+module ActionController
+  module CgiExt
+    # Publicize the CGI's internal input stream so we can lazy-read
+    # request.body. Make it writable so we don't have to play $stdin games.
+    module Stdinput
+      def self.included(base)
+        base.class_eval do
+          remove_method :stdinput
+          attr_accessor :stdinput
+        end
+
+        base.alias_method_chain :initialize, :stdinput
+      end
+
+      def initialize_with_stdinput(type = nil, stdinput = $stdin)
+        @stdinput = stdinput
+        @stdinput.set_encoding(Encoding::BINARY) if @stdinput.respond_to?(:set_encoding)
+        initialize_without_stdinput(type || 'query')
+      end
+    end
+  end
+end

data/lib/action_controller/cgi_ext.rb

@@ -0,0 +1,15 @@
+require 'action_controller/cgi_ext/stdinput'
+require 'action_controller/cgi_ext/query_extension'
+require 'action_controller/cgi_ext/cookie'
+
+class CGI #:nodoc:
+  include ActionController::CgiExt::Stdinput
+
+  class << self
+    alias :escapeHTML_fail_on_nil :escapeHTML
+
+    def escapeHTML(string)
+      escapeHTML_fail_on_nil(string) unless string.nil?
+    end
+  end
+end

data/lib/action_controller/cgi_process.rb

@@ -0,0 +1,77 @@
+require 'action_controller/cgi_ext'
+
+module ActionController #:nodoc:
+  class CGIHandler
+    module ProperStream
+      def each
+        while line = gets
+          yield line
+        end
+      end
+
+      def read(*args)
+        if args.empty?
+          super || ""
+        else
+          super
+        end
+      end
+    end
+
+    def self.dispatch_cgi(app, cgi, out = $stdout)
+      env = cgi.__send__(:env_table)
+      env.delete "HTTP_CONTENT_LENGTH"
+
+      cgi.stdinput.extend ProperStream
+
+      env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/"
+
+      env.update({
+        "rack.version" => [0,1],
+        "rack.input" => cgi.stdinput,
+        "rack.errors" => $stderr,
+        "rack.multithread" => false,
+        "rack.multiprocess" => true,
+        "rack.run_once" => false,
+        "rack.url_scheme" => ["yes", "on", "1"].include?(env["HTTPS"]) ? "https" : "http"
+      })
+
+      env["QUERY_STRING"] ||= ""
+      env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
+      env["REQUEST_PATH"] ||= "/"
+      env.delete "PATH_INFO" if env["PATH_INFO"] == ""
+
+      status, headers, body = app.call(env)
+      begin
+        out.binmode if out.respond_to?(:binmode)
+        out.sync = false if out.respond_to?(:sync=)
+
+        headers['Status'] = status.to_s
+
+        if headers.include?('Set-Cookie')
+          headers['cookie'] = headers.delete('Set-Cookie').split("\n")
+        end
+
+        out.write(cgi.header(headers))
+
+        body.each { |part|
+          out.write part
+          out.flush if out.respond_to?(:flush)
+        }
+      ensure
+        body.close if body.respond_to?(:close)
+      end
+    end
+  end
+
+  class CgiRequest #:nodoc:
+    DEFAULT_SESSION_OPTIONS = {
+      :database_manager  => nil,
+      :prefix            => "ruby_sess.",
+      :session_path      => "/",
+      :session_key       => "_session_id",
+      :cookie_only       => true,
+      :session_http_only => true
+    }
+  end
+end

data/lib/action_controller/cookies.rb

@@ -0,0 +1,197 @@
+module ActionController #:nodoc:
+  # Cookies are read and written through ActionController#cookies.
+  #
+  # The cookies being read are the ones received along with the request, the cookies
+  # being written will be sent out with the response. Reading a cookie does not get
+  # the cookie object itself back, just the value it holds.
+  #
+  # Examples for writing:
+  #
+  #   # Sets a simple session cookie.
+  #   cookies[:user_name] = "david"
+  #
+  #   # Sets a cookie that expires in 1 hour.
+  #   cookies[:login] = { :value => "XJ-122", :expires => 1.hour.from_now }
+  #
+  # Examples for reading:
+  #
+  #   cookies[:user_name] # => "david"
+  #   cookies.size        # => 2
+  #
+  # Example for deleting:
+  #
+  #   cookies.delete :user_name
+  #
+  # Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
+  #
+  #  cookies[:key] = {
+  #    :value => 'a yummy cookie',
+  #    :expires => 1.year.from_now,
+  #    :domain => 'domain.com'
+  #  }
+  #
+  #  cookies.delete(:key, :domain => 'domain.com')
+  #
+  # The option symbols for setting cookies are:
+  #
+  # * <tt>:value</tt> - The cookie's value or list of values (as an array).
+  # * <tt>:path</tt> - The path for which this cookie applies.  Defaults to the root
+  #   of the application.
+  # * <tt>:domain</tt> - The domain for which this cookie applies.
+  # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object.
+  # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers.
+  #   Default is +false+.
+  # * <tt>:httponly</tt> - Whether this cookie is accessible via scripting or
+  #   only HTTP. Defaults to +false+.
+  module Cookies
+    def self.included(base)
+      base.helper_method :cookies
+      base.cattr_accessor :cookie_verifier_secret
+    end
+
+    protected
+      # Returns the cookie container, which operates as described above.
+      def cookies
+        @cookies ||= CookieJar.new(self)
+      end
+  end
+
+  class CookieJar < Hash #:nodoc:
+    attr_reader :controller
+    
+    def initialize(controller)
+      @controller, @cookies, @secure = controller, controller.request.cookies, controller.request.ssl?
+      super()
+      update(@cookies)
+    end
+
+    # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists.
+    def [](name)
+      super(name.to_s)
+    end
+
+    # Sets the cookie named +name+. The second argument may be the very cookie
+    # value, or a hash of options as documented above.
+    def []=(key, options)
+      if options.is_a?(Hash)
+        options.symbolize_keys!
+      else
+        options = { :value => options }
+      end
+
+      options[:path] = "/" unless options.has_key?(:path)
+      super(key.to_s, options[:value])
+      @controller.response.set_cookie(key, options) if write_cookie?(options)
+    end
+
+    # Removes the cookie on the client machine by setting the value to an empty string
+    # and setting its expiration date into the past. Like <tt>[]=</tt>, you can pass in
+    # an options hash to delete cookies with extra data such as a <tt>:path</tt>.
+    def delete(key, options = {})
+      options.symbolize_keys!
+      options[:path] = "/" unless options.has_key?(:path)
+      value = super(key.to_s)
+      @controller.response.delete_cookie(key, options)
+      value
+    end
+
+    # Returns a jar that'll automatically set the assigned cookies to have an expiration date 20 years from now. Example:
+    #
+    #   cookies.permanent[:prefers_open_id] = true
+    #   # => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
+    #
+    # This jar is only meant for writing. You'll read permanent cookies through the regular accessor.
+    #
+    # This jar allows chaining with the signed jar as well, so you can set permanent, signed cookies. Examples:
+    #
+    #   cookies.permanent.signed[:remember_me] = current_user.id
+    #   # => Set-Cookie: discount=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
+    def permanent
+      @permanent ||= PermanentCookieJar.new(self)
+    end
+    
+    # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
+    # the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
+    # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
+    # be raised.
+    #
+    # This jar requires that you set a suitable secret for the verification on ActionController::Base.cookie_verifier_secret.
+    #
+    # Example:
+    #
+    #   cookies.signed[:discount] = 45
+    #   # => Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/
+    #
+    #   cookies.signed[:discount] # => 45
+    def signed
+      @signed ||= SignedCookieJar.new(self)
+    end
+
+    private
+
+      def write_cookie?(cookie)
+        @secure || !cookie[:secure] || defined?(Rails.env) && Rails.env.development?
+      end
+  end
+  
+  class PermanentCookieJar < CookieJar #:nodoc:
+    def initialize(parent_jar)
+      @parent_jar = parent_jar
+    end
+
+    def []=(key, options)
+      if options.is_a?(Hash)
+        options.symbolize_keys!
+      else
+        options = { :value => options }
+      end
+      
+      options[:expires] = 20.years.from_now
+      @parent_jar[key] = options
+    end
+
+    def signed
+      @signed ||= SignedCookieJar.new(self)
+    end
+
+    def controller
+      @parent_jar.controller
+    end
+
+    def method_missing(method, *arguments, &block)
+      @parent_jar.send(method, *arguments, &block)
+    end
+  end
+  
+  class SignedCookieJar < CookieJar #:nodoc:
+    def initialize(parent_jar)
+      unless parent_jar.controller.class.cookie_verifier_secret
+        raise "You must set ActionController::Base.cookie_verifier_secret to use signed cookies"
+      end
+
+      @parent_jar = parent_jar
+      @verifier = ActiveSupport::MessageVerifier.new(@parent_jar.controller.class.cookie_verifier_secret)
+    end
+    
+    def [](name)
+      if value = @parent_jar[name]
+        @verifier.verify(value)
+      end
+    end
+    
+    def []=(key, options)
+      if options.is_a?(Hash)
+        options.symbolize_keys!
+        options[:value] = @verifier.generate(options[:value])
+      else
+        options = { :value => @verifier.generate(options) }
+      end
+      
+      @parent_jar[key] = options
+    end
+    
+    def method_missing(method, *arguments, &block)
+      @parent_jar.send(method, *arguments, &block)
+    end
+  end
+end

data/lib/action_controller/dispatcher.rb

@@ -0,0 +1,133 @@
+module ActionController
+  # Dispatches requests to the appropriate controller and takes care of
+  # reloading the app after each request when Dependencies.load? is true.
+  class Dispatcher
+    @@cache_classes = true
+
+    class << self
+      def define_dispatcher_callbacks(cache_classes)
+        @@cache_classes = cache_classes
+        unless cache_classes
+          ActionView::Helpers::AssetTagHelper.cache_asset_timestamps = false
+        end
+
+        if defined?(ActiveRecord)
+          to_prepare(:activerecord_instantiate_observers) { ActiveRecord::Base.instantiate_observers }
+        end
+
+        after_dispatch :flush_logger if Base.logger && Base.logger.respond_to?(:flush)
+
+        to_prepare do
+          I18n.reload!
+        end
+      end
+
+      # DEPRECATE: Remove CGI support
+      def dispatch(cgi = nil, session_options = CgiRequest::DEFAULT_SESSION_OPTIONS, output = $stdout)
+        new(output).dispatch_cgi(cgi, session_options)
+      end
+
+      # Add a preparation callback. Preparation callbacks are run before every
+      # request in development mode, and before the first request in production
+      # mode.
+      #
+      # An optional identifier may be supplied for the callback. If provided,
+      # to_prepare may be called again with the same identifier to replace the
+      # existing callback. Passing an identifier is a suggested practice if the
+      # code adding a preparation block may be reloaded.
+      def to_prepare(identifier = nil, &block)
+        @prepare_dispatch_callbacks ||= ActiveSupport::Callbacks::CallbackChain.new
+        callback = ActiveSupport::Callbacks::Callback.new(:prepare_dispatch, block, :identifier => identifier)
+        @prepare_dispatch_callbacks.replace_or_append!(callback)
+      end
+
+      def run_prepare_callbacks
+        if defined?(Rails) && Rails.logger
+          logger = Rails.logger
+        else
+          logger = Logger.new($stderr)
+        end
+
+        new(logger).send :run_callbacks, :prepare_dispatch
+      end
+
+      def reload_application
+        # Run prepare callbacks before every request in development mode
+        run_prepare_callbacks
+
+        Routing::Routes.reload
+      end
+
+      def cleanup_application
+        # Cleanup the application before processing the current request.
+        ActiveRecord::Base.reset_subclasses if defined?(ActiveRecord)
+        ActiveSupport::Dependencies.clear
+        ActiveRecord::Base.clear_reloadable_connections! if defined?(ActiveRecord)
+      end
+    end
+
+    cattr_accessor :middleware
+    self.middleware = MiddlewareStack.new do |middleware|
+      middlewares = File.join(File.dirname(__FILE__), "middlewares.rb")
+      middleware.instance_eval(File.read(middlewares))
+    end
+
+    include ActiveSupport::Callbacks
+    define_callbacks :prepare_dispatch, :before_dispatch, :after_dispatch
+
+    # DEPRECATE: Remove arguments, since they are only used by CGI
+    def initialize(output = $stdout, request = nil, response = nil)
+      @output = output
+      build_middleware_stack if @@cache_classes
+    end
+
+    def dispatch
+      begin
+        run_callbacks :before_dispatch
+        Routing::Routes.call(@env)
+      rescue Exception => exception
+        if controller ||= (::ApplicationController rescue Base)
+          controller.call_with_exception(@env, exception).to_a
+        else
+          raise exception
+        end
+      ensure
+        run_callbacks :after_dispatch, :enumerator => :reverse_each
+      end
+    end
+
+    # DEPRECATE: Remove CGI support
+    def dispatch_cgi(cgi, session_options)
+      CGIHandler.dispatch_cgi(self, cgi, @output)
+    end
+
+    def call(env)
+      if @@cache_classes
+        @app.call(env)
+      else
+        Reloader.run do
+          # When class reloading is turned on, we will want to rebuild the
+          # middleware stack every time we process a request. If we don't
+          # rebuild the middleware stack, then the stack may contain references
+          # to old classes metal classes, which will b0rk class reloading.
+          build_middleware_stack
+          @app.call(env)
+        end
+      end
+    end
+
+    def _call(env)
+      @env = env
+      dispatch
+    end
+
+    def flush_logger
+      Base.logger.flush
+    end
+
+    private
+      def build_middleware_stack
+        @app = @@middleware.build(lambda { |env| self.dup._call(env) })
+      end
+  end
+end