actionpack 1.11.2 → 1.12.0

data/lib/action_controller/pagination.rb

@@ -71,6 +71,7 @@ module ActionController
         :order      => nil,
         :join       => nil,
         :joins      => nil,
+        :count      => nil,
         :include    => nil,
         :select     => nil,
         :parameter  => 'page'
@@ -119,6 +120,10 @@ module ActionController
     #                        and Model.count
     # <tt>:include</tt>::    optional eager loading parameter passed to Model.find(:all, *params)
     #                        and Model.count
+    # <tt>:select</tt>::     :select parameter passed to Model.find(:all, *params)
+    #
+    # <tt>:count</tt>::      parameter passed as :select option to Model.count(*params)
+    #
     def paginate(collection_id, options={})
       Pagination.validate_options!(collection_id, options, true)
       paginator_and_collection_for(collection_id, options)
@@ -163,10 +168,13 @@ module ActionController
     # Returns the total number of items in the collection to be paginated for
     # the +model+ and given +conditions+. Override this method to implement a
     # custom counter.
-    def count_collection_for_pagination(model, conditions, joins)
-      model.count(conditions,joins)
+    def count_collection_for_pagination(model, options)
+      model.count(:conditions => options[:conditions],
+                  :joins => options[:join] || options[:joins],
+                  :include => options[:include],
+                  :select => options[:count])
     end
-  
+    
     # Returns a collection of items for the given +model+ and +options[conditions]+,
     # ordered by +options[order]+, for the current page in the given +paginator+.
     # Override this method to implement a custom finder.
@@ -185,12 +193,10 @@ module ActionController
     def paginator_and_collection_for(collection_id, options) #:nodoc:
       klass = options[:class_name].constantize
       page  = @params[options[:parameter]]
-      count = count_collection_for_pagination(klass, options[:conditions],
-                                              options[:join] || options[:joins])
-
+      count = count_collection_for_pagination(klass, options)
       paginator = Paginator.new(self, count, options[:per_page], page)
       collection = find_collection_for_pagination(klass, options, paginator)
-      
+    
       return paginator, collection 
     end
       

data/lib/action_controller/request.rb

@@ -3,14 +3,18 @@ module ActionController
   class AbstractRequest
     cattr_accessor :relative_url_root
 
+    # Returns the hash of environment variables for this request,
+    # such as { 'RAILS_ENV' => 'production' }.
+    attr_reader :env
+
     # Returns both GET and POST parameters in a single hash.
     def parameters
-      @parameters ||= request_parameters.merge(query_parameters).merge(path_parameters).with_indifferent_access
+      @parameters ||= request_parameters.update(query_parameters).update(path_parameters).with_indifferent_access
     end
 
     # Returns the HTTP request method as a lowercase symbol (:get, for example)
     def method
-      env['REQUEST_METHOD'].downcase.to_sym
+      @request_method ||= @env['REQUEST_METHOD'].downcase.to_sym
     end
 
     # Is this a GET request?  Equivalent to request.method == :get
@@ -38,51 +42,43 @@ module ActionController
       method == :head
     end
 
-    # Determine whether the body of a POST request is URL-encoded (default),
-    # XML, or YAML by checking the Content-Type HTTP header:
-    #
-    #   Content-Type        Post Format
-    #   application/xml     :xml
-    #   text/xml            :xml
-    #   application/x-yaml  :yaml
-    #   text/x-yaml         :yaml
-    #   *                   :url_encoded
+    # Determine whether the body of a HTTP call is URL-encoded (default)
+    # or matches one of the registered param_parsers. 
     #
     # For backward compatibility, the post format is extracted from the
     # X-Post-Data-Format HTTP header if present.
-    def post_format
-      @post_format ||=
-           if env['HTTP_X_POST_DATA_FORMAT']
-             env['HTTP_X_POST_DATA_FORMAT'].downcase.to_sym
-           else
-             case env['CONTENT_TYPE'].to_s.downcase
-             when 'application/xml', 'text/xml'        then :xml
-             when 'application/x-yaml', 'text/x-yaml'  then :yaml
-             else :url_encoded
-             end
-           end
-    end
-
-    # Is this a POST request formatted as XML or YAML?
-    def formatted_post?
-      post? && (post_format == :xml || post_format == :yaml)
-    end
-
-    # Is this a POST request formatted as XML?
-    def xml_post?
-      post? && post_format == :xml
+    def content_type
+      @content_type ||=
+        begin
+          content_type = @env['CONTENT_TYPE'].to_s.downcase
+          
+          if x_post_format = @env['HTTP_X_POST_DATA_FORMAT']
+            case x_post_format.to_s.downcase
+            when 'yaml'
+              content_type = 'application/x-yaml'
+            when 'xml'
+              content_type = 'application/xml'
+            end
+          end
+          
+          Mime::Type.lookup(content_type)
+        end
     end
 
-    # Is this a POST request formatted as YAML?
-    def yaml_post?
-      post? && post_format == :yaml
+    def accepts
+      @accepts ||=
+        if @env['HTTP_ACCEPT'].to_s.strip.empty?
+          [ content_type, Mime::ALL ]
+        else
+          Mime::Type.parse(@env['HTTP_ACCEPT'])
+        end
     end
 
     # Returns true if the request's "X-Requested-With" header contains
     # "XMLHttpRequest". (The Prototype Javascript library sends this header with
     # every Ajax request.)
     def xml_http_request?
-      not /XMLHttpRequest/i.match(env['HTTP_X_REQUESTED_WITH']).nil?
+      not /XMLHttpRequest/i.match(@env['HTTP_X_REQUESTED_WITH']).nil?
     end
     alias xhr? :xml_http_request?
 
@@ -93,17 +89,17 @@ module ActionController
     # delimited list in the case of multiple chained proxies; the first is
     # the originating IP.
     def remote_ip
-      return env['HTTP_CLIENT_IP'] if env.include? 'HTTP_CLIENT_IP'
+      return @env['HTTP_CLIENT_IP'] if @env.include? 'HTTP_CLIENT_IP'
 
-      if env.include? 'HTTP_X_FORWARDED_FOR' then
-        remote_ips = env['HTTP_X_FORWARDED_FOR'].split(',').reject do |ip|
+      if @env.include? 'HTTP_X_FORWARDED_FOR' then
+        remote_ips = @env['HTTP_X_FORWARDED_FOR'].split(',').reject do |ip|
             ip =~ /^unknown$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\./i
         end
 
         return remote_ips.first.strip unless remote_ips.empty?
       end
 
-      env['REMOTE_ADDR']
+      @env['REMOTE_ADDR']
     end
 
     # Returns the domain part of a host, such as rubyonrails.org in "www.rubyonrails.org". You can specify
@@ -127,19 +123,19 @@ module ActionController
     # This is useful for services such as REST, XMLRPC and SOAP
     # which communicate over HTTP POST but don't use the traditional parameter format.
     def raw_post
-      env['RAW_POST_DATA']
+      @env['RAW_POST_DATA']
     end
 
     # Returns the request URI correctly, taking into account the idiosyncracies
     # of the various servers.
     def request_uri
-      if uri = env['REQUEST_URI']
+      if uri = @env['REQUEST_URI']
         (%r{^\w+\://[^/]+(/.*|$)$} =~ uri) ? $1 : uri # Remove domain, which webrick puts into the request_uri.
       else  # REQUEST_URI is blank under IIS - get this from PATH_INFO and SCRIPT_NAME
-        script_filename = env['SCRIPT_NAME'].to_s.match(%r{[^/]+$})
-        uri = env['PATH_INFO']
+        script_filename = @env['SCRIPT_NAME'].to_s.match(%r{[^/]+$})
+        uri = @env['PATH_INFO']
         uri = uri.sub(/#{script_filename}\//, '') unless script_filename.nil?
-        unless (env_qs = env['QUERY_STRING']).nil? || env_qs.empty?
+        unless (env_qs = @env['QUERY_STRING']).nil? || env_qs.empty?
           uri << '?' << env_qs
         end
         uri
@@ -153,7 +149,7 @@ module ActionController
 
     # Is this an SSL request?
     def ssl?
-      env['HTTPS'] == 'on'
+      @env['HTTPS'] == 'on' || @env['HTTP_X_FORWARDED_PROTO'] == 'https'
     end
 
     # Returns the interpreted path to requested resource after all the installation directory of this application was taken into account
@@ -167,15 +163,23 @@ module ActionController
     end
 
     # Returns the path minus the web server relative installation directory.
-    # This method returns nil unless the web server is apache.
+    # This can be set with the environment variable RAILS_RELATIVE_URL_ROOT.
+    # It can be automatically extracted for Apache setups. If the server is not
+    # Apache, this method returns an empty string.
     def relative_url_root
-      @@relative_url_root ||= server_software == 'apache' ? env["SCRIPT_NAME"].to_s.sub(/\/dispatch\.(fcgi|rb|cgi)$/, '') : ''
-      
+      @@relative_url_root ||= case
+        when @env["RAILS_RELATIVE_URL_ROOT"]
+          @env["RAILS_RELATIVE_URL_ROOT"]
+        when server_software == 'apache'
+          @env["SCRIPT_NAME"].to_s.sub(/\/dispatch\.(fcgi|rb|cgi)$/, '')
+        else
+          ''
+      end
     end
 
     # Returns the port number of this request as an integer.
     def port
-      @port_as_int ||= env['SERVER_PORT'].to_i
+      @port_as_int ||= @env['SERVER_PORT'].to_i
     end
 
     # Returns the standard port number for this request's protocol
@@ -213,7 +217,7 @@ module ActionController
 
     # Returns the lowercase name of the HTTP server software.
     def server_software
-      (env['SERVER_SOFTWARE'] && /^([a-zA-Z]+)/ =~ env['SERVER_SOFTWARE']) ? $1.downcase : nil
+      (@env['SERVER_SOFTWARE'] && /^([a-zA-Z]+)/ =~ @env['SERVER_SOFTWARE']) ? $1.downcase : nil
     end
 
     #--
@@ -225,11 +229,6 @@ module ActionController
     def request_parameters #:nodoc:
     end
 
-    # Returns the hash of environment variables for this request,
-    # such as { 'RAILS_ENV' => 'production' }.
-    def env
-    end
-
     # Returns the host for this request, such as example.com.
     def host
     end
@@ -240,6 +239,10 @@ module ActionController
     def session #:nodoc:
     end
 
+    def session=(session) #:nodoc:
+      @session = session
+    end
+
     def reset_session #:nodoc:
     end
   end

data/lib/action_controller/rescue.rb

@@ -60,7 +60,7 @@ module ActionController #:nodoc:
       # the remote IP being 127.0.0.1. For example, this could include the IP of the developer machine when debugging
       # remotely.
       def local_request? #:doc:
-        @request.remote_addr == "127.0.0.1"
+        [@request.remote_addr, @request.remote_ip] == ["127.0.0.1"] * 2
       end
 
       # Renders a detailed diagnostics screen on action exceptions. 

data/lib/action_controller/routing.rb

@@ -100,6 +100,7 @@ module ActionController
     
       def initialize(key, options = {})
         @key = key.to_sym
+        @optional = false
         default, @condition = options[:default], options[:condition]
         self.default = default if options.key?(:default)
       end
@@ -214,26 +215,45 @@ module ActionController
   
       class << self
         def assign_controller(g, controller)
-          expr = "::Controllers::#{controller.split('/').collect {|c| c.camelize}.join('::')}Controller"
+          expr = "::#{controller.split('/').collect {|c| c.camelize}.join('::')}Controller"
           g.result :controller, expr, true
         end
 
         def traverse_to_controller(segments, start_at = 0)
-          mod = ::Controllers
+          mod = ::Object
           length = segments.length
           index = start_at
           mod_name = controller_name = segment = nil
-      
+          
           while index < length
             return nil unless /^[A-Za-z][A-Za-z\d_]*$/ =~ (segment = segments[index])
             index += 1
-        
+            
             mod_name = segment.camelize
             controller_name = "#{mod_name}Controller"
-        
-            return eval("mod::#{controller_name}", nil, 'routing.rb', __LINE__), (index - start_at) if mod.const_available?(controller_name)
-            return nil unless mod.const_available?(mod_name)
-            mod = eval("mod::#{mod_name}", nil, 'routing.rb', __LINE__)
+            
+            begin
+              # We use eval instead of const_get to avoid obtaining values from parent modules.
+              controller = eval("mod::#{controller_name}", nil, __FILE__, __LINE__)
+              expected_name = "#{mod.name}::#{controller_name}"
+              
+              # Detect the case when const_get returns an object from a parent namespace.
+              if controller.is_a?(Class) && controller.ancestors.include?(ActionController::Base) && (mod == Object || controller.name == expected_name)
+                return controller, (index - start_at)
+              end
+            rescue NameError => e
+              raise unless /^uninitialized constant .*#{controller_name}$/ =~ e.message                            
+            end
+            
+            begin
+              next_mod = eval("mod::#{mod_name}", nil, __FILE__, __LINE__)
+              # Check that we didn't get a module from a parent namespace
+              mod = (mod == Object || next_mod.name == "#{mod.name}::#{mod_name}") ? next_mod : nil
+            rescue NameError => e
+              raise unless /^uninitialized constant .*#{mod_name}$/ =~ e.message
+            end
+            
+            return nil unless mod
           end
         end
       end
@@ -442,7 +462,6 @@ module ActionController
           @generation_methods[controller.to_sym] = method_name
         end
         
-        
         code = generation_code_for('routes', 'generate_default_path').to_s
         eval(code, nil, 'generated_code/routing/generation.rb')
         
@@ -479,7 +498,7 @@ module ActionController
             route.write_recognition(g)
           end
         end
-    
+        
         eval g.to_s, nil, 'generated/routing/recognition.rb'
         return g.to_s
       end

data/lib/action_controller/scaffolding.rb

@@ -17,6 +17,9 @@ module ActionController
     # This tiny piece of code will add all of the following methods to the controller:
     #
     #  class WeblogController < ActionController::Base
+    #    verify :method => :post, :only => [ :destroy, :create, :update ],
+    #           :redirect_to => { :action => :list }
+    #
     #    def index
     #      list
     #    end
@@ -98,6 +101,11 @@ module ActionController
         end
         
         module_eval <<-"end_eval", __FILE__, __LINE__
+          
+          verify :method => :post, :only => [ :destroy#{suffix}, :create#{suffix}, :update#{suffix} ],
+                 :redirect_to => { :action => :list#{suffix} }
+          
+        
           def list#{suffix}
             @#{singular_name}_pages, @#{plural_name} = paginate :#{plural_name}, :per_page => 10
             render#{suffix}_scaffold "list#{suffix}"

data/lib/action_controller/session/active_record_store.rb

@@ -59,10 +59,8 @@ class CGI
         cattr_accessor :data_column_name
         self.data_column_name = 'data'
 
-        # Don't try to save if we haven't loaded the session.
-        before_update :loaded?
-        before_save   :marshal_data!
-        before_save   :raise_on_session_data_overflow!
+        before_save :marshal_data!
+        before_save :raise_on_session_data_overflow!
 
         class << self
           # Don't try to reload ARStore::Session in dev mode.
@@ -122,22 +120,24 @@ class CGI
           @data ||= self.class.unmarshal(read_attribute(@@data_column_name)) || {}
         end
 
+        # Has the session been loaded yet?
+        def loaded?
+          !! @data
+        end
+
         private
           attr_writer :data
 
           def marshal_data!
+            return false if !loaded?
             write_attribute(@@data_column_name, self.class.marshal(self.data))
           end
 
-          # Has the session been loaded yet?
-          def loaded?
-            !! @data
-          end
-
           # Ensures that the data about to be stored in the database is not
           # larger than the data storage column. Raises
           # ActionController::SessionOverflowError.
           def raise_on_session_data_overflow!
+            return false if !loaded?
             limit = self.class.data_column_size_limit
             if loaded? and limit and read_attribute(@@data_column_name).size > limit
               raise ActionController::SessionOverflowError
@@ -232,7 +232,12 @@ class CGI
           @data
         end
 
+        def loaded?
+          !! @data
+        end
+
         def save
+          return false if !loaded?
           marshaled_data = self.class.marshal(data)
 
           if @new_record
@@ -278,7 +283,9 @@ class CGI
             raise CGI::Session::NoSession, 'uninitialized session'
           end
           @session = @@session_class.new(:session_id => session_id, :data => {})
-          @session.save
+          # session saving can be lazy again, because of improved component implementation
+          # therefore next line gets commented out:
+          # @session.save
         end
       end
 
@@ -317,6 +324,10 @@ class CGI
         end
       end
 
+      protected
+        def logger
+          ActionController::Base.logger rescue nil
+        end
     end
   end
 end

data/lib/action_controller/session/mem_cache_store.rb

@@ -25,30 +25,38 @@ begin
 
         # Create a new CGI::Session::MemCache instance
         #
-        # This constructor is used internally by CGI::Session.  The
+        # This constructor is used internally by CGI::Session. The
         # user does not generally need to call it directly.
         #
         # +session+ is the session for which this instance is being
-        # created.  The session id must only contain alphanumeric
+        # created. The session id must only contain alphanumeric
         # characters; automatically generated session ids observe
         # this requirement.
         #
-        # +option+ is a hash of options for the initializer.  The
+        # +options+ is a hash of options for the initializer. The
         # following options are recognized:
         #
         # cache::  an instance of a MemCache client to use as the
         #      session cache.
         #
+        # expires:: an expiry time value to use for session entries in
+        #     the session cache. +expires+ is interpreted in seconds
+        #     relative to the current time if it�s less than 60*60*24*30
+        #     (30 days), or as an absolute Unix time (e.g., Time#to_i) if
+        #     greater. If +expires+ is +0+, or not passed on +options+,
+        #     the entry will never expire.
+        #
         # This session's memcache entry will be created if it does
         # not exist, or retrieved if it does.
         def initialize(session, options = {})
           id = session.session_id
           unless check_id(id)
             raise ArgumentError, "session_id '%s' is invalid" % id
-  	      end
+          end
           @cache = options['cache'] || MemCache.new('localhost')
-  	      @session_key = "session:#{id}"
-  	      @hash = {}
+          @expires = options['expires'] || 0
+          @session_key = "session:#{id}"
+          @session_data = {}
         end
 
         # Restore session state from the session's memcache entry.
@@ -56,18 +64,16 @@ begin
         # Returns the session state as a hash.
         def restore
           begin
-            @hash = @cache[@session_key]
+            @session_data = @cache[@session_key] || {}
           rescue
-            # Ignore session get failures.
+            @session_data = {}
           end
-          @hash = {} unless @hash
-  	      @hash
         end
 
         # Save session state to the session's memcache entry.
         def update
           begin
-            @cache[@session_key] = @hash
+            @cache.set(@session_key, @session_data, @expires)
           rescue
             # Ignore session update failures.
           end
@@ -85,7 +91,7 @@ begin
           rescue
             # Ignore session delete failures.
           end
-  	      @hash = {}
+          @session_data = {}
         end
       end
     end