actionpack 1.13.6 → 2.0.0

data/lib/action_controller/cookies.rb

@@ -23,18 +23,19 @@ module ActionController #:nodoc:
   # * <tt>domain</tt> - the domain for which this cookie applies.
   # * <tt>expires</tt> - the time at which this cookie expires, as a +Time+ object.
   # * <tt>secure</tt> - whether this cookie is a secure cookie or not (default to false).
-  #   Secure cookies are only transmitted to HTTPS servers.
+  #                     Secure cookies are only transmitted to HTTPS servers.
+  # * <tt>http_only</tt> - whether this cookie is accessible via scripting or only HTTP (defaults to false).
+  
   module Cookies
+    def self.included(base)
+      base.helper_method :cookies
+    end
+
     protected
       # Returns the cookie container, which operates as described above.
       def cookies
         CookieJar.new(self)
       end
-
-      # Deprecated cookie writer method
-      def cookie(*options)
-        response.headers['cookie'] << CGI::Cookie.new(*options)
-      end
   end
 
   class CookieJar < Hash #:nodoc:
@@ -44,8 +45,8 @@ module ActionController #:nodoc:
       update(@cookies)
     end
 
-    # Returns the value of the cookie by +name+ -- or nil if no such cookie exists. You set new cookies using either the cookie method
-    # or cookies[]= (for simple name/value cookies without options).
+    # Returns the value of the cookie by +name+ -- or nil if no such cookie exists. You set new cookies using cookies[]=
+    # (for simple name/value cookies without options).
     def [](name)
       cookie = @cookies[name.to_s]
       if cookie && cookie.respond_to?(:value)
@@ -80,4 +81,4 @@ module ActionController #:nodoc:
         @controller.response.headers["cookie"] << cookie
       end
   end
-end
+end

data/lib/action_controller/dispatcher.rb

@@ -0,0 +1,195 @@
+module ActionController
+  # Dispatches requests to the appropriate controller and takes care of
+  # reloading the app after each request when Dependencies.load? is true.
+  class Dispatcher
+    class << self
+      # Backward-compatible class method takes CGI-specific args. Deprecated
+      # in favor of Dispatcher.new(output, request, response).dispatch!
+      def dispatch(cgi = nil, session_options = CgiRequest::DEFAULT_SESSION_OPTIONS, output = $stdout)
+        new(output).dispatch_cgi(cgi, session_options)
+      end
+
+      # Declare a block to be called before each dispatch.
+      # Run in the order declared.
+      def before_dispatch(*method_names, &block)
+        callbacks[:before].concat method_names
+        callbacks[:before] << block if block_given?
+      end
+
+      # Declare a block to be called after each dispatch.
+      # Run in reverse of the order declared.
+      def after_dispatch(*method_names, &block)
+        callbacks[:after].concat method_names
+        callbacks[:after] << block if block_given?
+      end
+
+      # Add a preparation callback. Preparation callbacks are run before every
+      # request in development mode, and before the first request in production
+      # mode.
+      # 
+      # An optional identifier may be supplied for the callback. If provided,
+      # to_prepare may be called again with the same identifier to replace the
+      # existing callback. Passing an identifier is a suggested practice if the
+      # code adding a preparation block may be reloaded.
+      def to_prepare(identifier = nil, &block)
+        # Already registered: update the existing callback
+        if identifier
+          if callback = callbacks[:prepare].assoc(identifier)
+            callback[1] = block
+          else
+            callbacks[:prepare] << [identifier, block]
+          end
+        else
+          callbacks[:prepare] << block
+        end
+      end
+
+      # If the block raises, send status code as a last-ditch response.
+      def failsafe_response(fallback_output, status, originating_exception = nil)
+        yield
+      rescue Exception => exception
+        begin
+          log_failsafe_exception(status, originating_exception || exception)
+          body = failsafe_response_body(status)
+          fallback_output.write "Status: #{status}\r\nContent-Type: text/html\r\n\r\n#{body}"
+          nil
+        rescue Exception => failsafe_error # Logger or IO errors
+          $stderr.puts "Error during failsafe response: #{failsafe_error}"
+          $stderr.puts "(originally #{originating_exception})" if originating_exception
+        end
+      end
+
+      private
+        def failsafe_response_body(status)
+          error_path = "#{error_file_path}/#{status.to_s[0..3]}.html"
+
+          if File.exist?(error_path)
+            File.read(error_path)
+          else
+            "<html><body><h1>#{status}</h1></body></html>"
+          end
+        end
+
+        def log_failsafe_exception(status, exception)
+          message = "/!\\ FAILSAFE /!\\  #{Time.now}\n  Status: #{status}\n"
+          message << "  #{exception}\n    #{exception.backtrace.join("\n    ")}" if exception
+          failsafe_logger.fatal message
+        end
+
+        def failsafe_logger
+          if defined?(::RAILS_DEFAULT_LOGGER) && !::RAILS_DEFAULT_LOGGER.nil?
+            ::RAILS_DEFAULT_LOGGER
+          else
+            Logger.new($stderr)
+          end
+        end
+    end
+
+    cattr_accessor :error_file_path
+    self.error_file_path = "#{::RAILS_ROOT}/public" if defined? ::RAILS_ROOT
+
+    cattr_accessor :callbacks
+    self.callbacks = Hash.new { |h, k| h[k] = [] }
+
+    cattr_accessor :unprepared
+    self.unprepared = true
+
+
+    before_dispatch :reload_application
+    before_dispatch :prepare_application
+    after_dispatch :flush_logger
+    after_dispatch :cleanup_application
+
+    if defined? ActiveRecord
+      to_prepare :activerecord_instantiate_observers do
+        ActiveRecord::Base.instantiate_observers
+      end
+    end
+
+    def initialize(output, request = nil, response = nil)
+      @output, @request, @response = output, request, response
+    end
+
+    def dispatch
+      run_callbacks :before
+      handle_request
+    rescue Exception => exception
+      failsafe_rescue exception
+    ensure
+      run_callbacks :after, :reverse_each
+    end
+
+    def dispatch_cgi(cgi, session_options)
+      if cgi ||= self.class.failsafe_response(@output, '400 Bad Request') { CGI.new }
+        @request = CgiRequest.new(cgi, session_options)
+        @response = CgiResponse.new(cgi)
+        dispatch
+      end
+    rescue Exception => exception
+      failsafe_rescue exception
+    end
+
+    def reload_application
+      if Dependencies.load?
+        Routing::Routes.reload
+        self.unprepared = true
+      end
+    end
+
+    def prepare_application(force = false)
+      begin
+        require_dependency 'application' unless defined?(::ApplicationController)
+      rescue LoadError => error
+        raise unless error.message =~ /application\.rb/
+      end
+
+      ActiveRecord::Base.verify_active_connections! if defined?(ActiveRecord)
+
+      if unprepared || force
+        run_callbacks :prepare
+        self.unprepared = false
+      end
+    end
+
+    # Cleanup the application by clearing out loaded classes so they can
+    # be reloaded on the next request without restarting the server.
+    def cleanup_application(force = false)
+      if Dependencies.load? || force
+        ActiveRecord::Base.reset_subclasses if defined?(ActiveRecord)
+        Dependencies.clear
+        ActiveRecord::Base.clear_reloadable_connections! if defined?(ActiveRecord)
+      end
+    end
+
+    def flush_logger
+      RAILS_DEFAULT_LOGGER.flush if defined?(RAILS_DEFAULT_LOGGER) && RAILS_DEFAULT_LOGGER.respond_to?(:flush)
+    end
+
+    protected
+      def handle_request
+        @controller = Routing::Routes.recognize(@request)
+        @controller.process(@request, @response).out(@output)
+      end
+
+      def run_callbacks(kind, enumerator = :each)
+        callbacks[kind].send!(enumerator) do |callback|
+          case callback
+          when Proc; callback.call(self)
+          when String, Symbol; send!(callback)
+          when Array; callback[1].call(self)
+          else raise ArgumentError, "Unrecognized callback #{callback.inspect}"
+          end
+        end
+      end
+
+      def failsafe_rescue(exception)
+        self.class.failsafe_response(@output, '500 Internal Server Error', exception) do
+          if @controller ||= defined?(::ApplicationController) ? ::ApplicationController : Base
+            @controller.process_with_exception(@request, @response, exception).out(@output)
+          else
+            raise exception
+          end
+        end
+      end
+  end
+end

data/lib/action_controller/filters.rb

@@ -1,11 +1,13 @@
 module ActionController #:nodoc:
   module Filters #:nodoc:
     def self.included(base)
-      base.extend(ClassMethods)
-      base.send(:include, ActionController::Filters::InstanceMethods)
+      base.class_eval do
+        extend ClassMethods
+        include ActionController::Filters::InstanceMethods
+      end
     end
 
-    # Filters enable controllers to run shared pre and post processing code for its actions. These filters can be used to do
+    # Filters enable controllers to run shared pre- and post-processing code for its actions. These filters can be used to do
     # authentication, caching, or auditing before the intended action is performed. Or to do localization or output
     # compression after the action has been performed. Filters have access to the request, response, and all the instance
     # variables set by other filters in the chain or by the action (in the case of after filters).
@@ -34,7 +36,7 @@ module ActionController #:nodoc:
     #   end
     #
     # Now any actions performed on the BankController will have the audit method called before. On the VaultController,
-    # first the audit method is called, then the verify_credentials method. If the audit method returns false, then
+    # first the audit method is called, then the verify_credentials method. If the audit method renders or redirects, then
     # verify_credentials and the intended action are never called.
     #
     # == Filter types
@@ -63,7 +65,7 @@ module ActionController #:nodoc:
     # Or just as a quick test. It works like this:
     #
     #   class WeblogController < ActionController::Base
-    #     before_filter { |controller| false if controller.params["stop_action"] }
+    #     before_filter { |controller| head(400) if controller.params["stop_action"] }
     #   end
     #
     # As you can see, the block expects to be passed the controller after it has assigned the request to the internal variables.
@@ -88,7 +90,7 @@ module ActionController #:nodoc:
     #     prepend_before_filter :ensure_items_in_cart, :ensure_items_in_stock
     #
     # The filter chain for the CheckoutController is now <tt>:ensure_items_in_cart, :ensure_items_in_stock,</tt>
-    # <tt>:verify_open_shop</tt>. So if either of the ensure filters return false, we'll never get around to see if the shop
+    # <tt>:verify_open_shop</tt>. So if either of the ensure filters renders or redirects, we'll never get around to see if the shop
     # is open or not.
     #
     # You may pass multiple filter arguments of each type as well as a filter block.
@@ -140,23 +142,20 @@ module ActionController #:nodoc:
     #   around_filter Authorizer.new
     #
     #   class Authorizer
-    #     # This will run before the action. Returning false aborts the action.
+    #     # This will run before the action. Redirecting aborts the action.
     #     def before(controller)
-    #       if user.authorized?
-    #         return true
-    #       else
-    #         redirect_to login_url
-    #         return false
+    #       unless user.authorized?
+    #         redirect_to(login_url)
     #       end
     #     end
     #
-    #     # This will run after the action if and only if before returned true.
+    #     # This will run after the action if and only if before did not render or redirect.
     #     def after(controller)
     #     end
     #   end
     #
     # If the filter has before and after methods, the before method will be
-    # called before the action. If before returns false, the filter chain is
+    # called before the action. If before renders or redirects, the filter chain is
     # halted and after will not be run. See Filter Chain Halting below for
     # an example.
     #
@@ -216,8 +215,8 @@ module ActionController #:nodoc:
     # <tt>before_filter</tt> and <tt>around_filter</tt> may halt the request
     # before a controller action is run. This is useful, for example, to deny
     # access to unauthenticated users or to redirect from http to https.
-    # Simply return false from the filter or call render or redirect.
-    # After filters will not be executed if the filter chain is halted.
+    # Simply call render or redirect. After filters will not be executed if the filter 
+    # chain is halted.
     #
     # Around filters halt the request unless the action block is called.
     # Given these filters
@@ -242,9 +241,9 @@ module ActionController #:nodoc:
     #   #after (actual filter code is run, unless the around filter does not yield)
     #
     # If #around returns before yielding, #after will still not be run. The #before
-    # filter and controller action will not be run. If #before returns false,
+    # filter and controller action will not be run. If #before renders or redirects,
     # the second half of #around and will still run but #after and the
-    # action will not. If #around does not yield, #after will not be run.
+    # action will not. If #around fails to yield, #after will not be run.
     module ClassMethods
       # The passed <tt>filters</tt> will be appended to the filter_chain and
       # will execute before the action on this controller is performed.
@@ -439,8 +438,9 @@ module ActionController #:nodoc:
 
         def run(controller)
           # only filters returning false are halted.
-          if false == @filter.call(controller)
-            controller.send :halt_filter_chain, @filter, :returned_false
+          @filter.call(controller)
+          if controller.send!(:performed?)
+            controller.send!(:halt_filter_chain, @filter, :rendered_or_redirected)
           end
         end
 
@@ -466,7 +466,7 @@ module ActionController #:nodoc:
 
       class SymbolFilter < Filter #:nodoc:
         def call(controller, &block)
-          controller.send(@filter, &block)
+          controller.send!(@filter, &block)
         end
       end
 
@@ -601,7 +601,7 @@ module ActionController #:nodoc:
 
         def extract_conditions(*filters, &block) #:nodoc:
           filters.flatten!
-          conditions = filters.last.is_a?(Hash) ? filters.pop : {}
+          conditions = filters.extract_options!
           filters << block if block_given?
           return filters, conditions
         end
@@ -655,8 +655,10 @@ module ActionController #:nodoc:
         def proxy_before_and_after_filter(filter) #:nodoc:
           return filter unless filter_responds_to_before_and_after(filter)
           Proc.new do |controller, action|
-            if filter.before(controller) == false
-              controller.send :halt_filter_chain, filter, :returned_false
+            filter.before(controller)
+
+            if controller.send!(:performed?)
+              controller.send!(:halt_filter_chain, filter, :rendered_or_redirected)
             else
               begin
                 action.call
@@ -673,7 +675,6 @@ module ActionController #:nodoc:
         base.class_eval do
           alias_method_chain :perform_action, :filters
           alias_method_chain :process, :filters
-          alias_method_chain :process_cleanup, :filters
         end
       end
 
@@ -709,6 +710,7 @@ module ActionController #:nodoc:
         while chain[index]
           filter, index = skip_excluded_filters(chain, index)
           break unless filter # end of call chain reached
+
           case filter.type
           when :before
             filter.run(self)  # invoke before filter
@@ -716,25 +718,31 @@ module ActionController #:nodoc:
             break if @before_filter_chain_aborted
           when :around
             yielded = false
+
             filter.call(self) do
               yielded = true
               # all remaining before and around filters will be run in this call
               index = call_filters(chain, index.next, nesting.next)
             end
+
             halt_filter_chain(filter, :did_not_yield) unless yielded
+
             break
           else
             break  # no before or around filters left
           end
         end
+
         index
       end
 
       def run_after_filters(chain, index)
         seen_after_filter = false
+
         while chain[index]
           filter, index = skip_excluded_filters(chain, index)
           break unless filter # end of call chain reached
+
           case filter.type
           when :after
             seen_after_filter = true
@@ -743,23 +751,16 @@ module ActionController #:nodoc:
             # implementation error or someone has mucked with the filter chain
             raise ActionControllerError, "filter #{filter.inspect} was in the wrong place!" if seen_after_filter
           end
+
           index = index.next
         end
+
         index.next
       end
 
       def halt_filter_chain(filter, reason)
         @before_filter_chain_aborted = true
         logger.info "Filter chain halted as [#{filter.inspect}] #{reason}." if logger
-        false
-      end
-
-      def process_cleanup_with_filters
-        if @before_filter_chain_aborted
-          close_session
-        else
-          process_cleanup_without_filters
-        end
       end
     end
   end

data/lib/action_controller/flash.rb

@@ -1,8 +1,8 @@
 module ActionController #:nodoc:
   # The flash provides a way to pass temporary objects between actions. Anything you place in the flash will be exposed
-  # to the very next action and then cleared out. This is a great way of doing notices and alerts, such as a create action
-  # that sets <tt>flash[:notice] = "Successfully created"</tt> before redirecting to a display action that can then expose 
-  # the flash to its template. Actually, that exposure is automatically done. Example:
+  # to the very next action and then cleared out. This is a great way of doing notices and alerts, such as a create
+  # action that sets <tt>flash[:notice] = "Successfully created"</tt> before redirecting to a display action that can
+  # then expose the flash to its template. Actually, that exposure is automatically done. Example:
   #
   #   class WeblogController < ActionController::Base
   #     def create
@@ -16,18 +16,17 @@ module ActionController #:nodoc:
   #     end
   #   end
   #
-  #   display.rhtml
+  #   display.erb
   #     <% if flash[:notice] %><div class="notice"><%= flash[:notice] %></div><% end %>
   #
-  # This example just places a string in the flash, but you can put any object in there. And of course, you can put as many
-  # as you like at a time too. Just remember: They'll be gone by the time the next action has been performed.
+  # This example just places a string in the flash, but you can put any object in there. And of course, you can put as
+  # many as you like at a time too. Just remember: They'll be gone by the time the next action has been performed.
   #
   # See docs on the FlashHash class for more details about the flash.
   module Flash
     def self.included(base)
-      base.send :include, InstanceMethods
-
       base.class_eval do
+        include InstanceMethods
         alias_method_chain :assign_shortcuts, :flash
         alias_method_chain :process_cleanup,  :flash
         alias_method_chain :reset_session,    :flash
@@ -63,7 +62,7 @@ module ActionController #:nodoc:
       end
       
       def update(h) #:nodoc:
-        h.keys.each{ |k| discard(k) }
+        h.keys.each { |k| keep(k) }
         super
       end
       
@@ -85,7 +84,7 @@ module ActionController #:nodoc:
       #
       # Entries set via <tt>now</tt> are accessed the same way as standard entries: <tt>flash['my-key']</tt>.
       def now
-        FlashNow.new self
+        FlashNow.new(self)
       end
     
       # Keeps either the entire current flash or a specific flash entry available for the next action:
@@ -96,10 +95,10 @@ module ActionController #:nodoc:
         use(k, false)
       end
     
-      # Marks the entire flash or a single flash entry to be discarded by the end of the current action
+      # Marks the entire flash or a single flash entry to be discarded by the end of the current action:
       #
-      #     flash.keep                 # keep entire flash available for the next action
-      #     flash.discard(:warning)    # discard the "warning" entry (it'll still be available for the current action)
+      #     flash.discard              # discard the entire flash at the end of the current action
+      #     flash.discard(:warning)    # discard only the "warning" entry at the end of the current action
       def discard(k = nil)
         use(k)
       end
@@ -117,7 +116,8 @@ module ActionController #:nodoc:
           end
         end
 
-        (@used.keys - keys).each{|k| @used.delete k } # clean up after keys that could have been left over by calling reject! or shift on the flash
+        # clean up after keys that could have been left over by calling reject! or shift on the flash
+        (@used.keys - keys).each{ |k| @used.delete(k) }
       end
     
       private
@@ -130,29 +130,19 @@ module ActionController #:nodoc:
           unless k.nil?
             @used[k] = v
           else
-            keys.each{|key| use key, v }
+            keys.each{ |key| use(key, v) }
           end
         end
     end
 
     module InstanceMethods #:nodoc:
-      def assign_shortcuts_with_flash(request, response) #:nodoc:
-        assign_shortcuts_without_flash(request, response)
-        flash(:refresh)
-      end
-      
-      def process_cleanup_with_flash
-        flash.sweep if @_session
-        process_cleanup_without_flash
-      end
-
-      def reset_session_with_flash
-        reset_session_without_flash
-        remove_instance_variable(:@_flash)
-        flash(:refresh)
-      end
+      protected
+        def reset_session_with_flash
+          reset_session_without_flash
+          remove_instance_variable(:@_flash)
+          flash(:refresh)
+        end
       
-      protected 
         # Access the contents of the flash. Use <tt>flash["notice"]</tt> to read a notice you put there or 
         # <tt>flash["notice"] = "hello"</tt> to put a new one.
         # Note that if sessions are disabled only flash.now will work.
@@ -172,10 +162,15 @@ module ActionController #:nodoc:
           @_flash
         end
 
-        # deprecated. use <tt>flash.keep</tt> instead
-        def keep_flash #:doc:
-          ActiveSupport::Deprecation.warn 'keep_flash is deprecated; use flash.keep instead.', caller
-          flash.keep
+      private
+        def assign_shortcuts_with_flash(request, response) #:nodoc:
+          assign_shortcuts_without_flash(request, response)
+          flash(:refresh)
+        end
+    
+        def process_cleanup_with_flash
+          flash.sweep if @_session
+          process_cleanup_without_flash
         end
     end
   end