actionpack 2.0.2 → 2.0.4

data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb

@@ -107,7 +107,7 @@ module HTML
 
       # gauntlet
       if style !~ /^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*$/ ||
-          style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$))*$/
+          style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*$/
         return ''
       end
 
@@ -170,4 +170,4 @@ module HTML
       (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(%|%)3A/ && !allowed_protocols.include?(value.split(protocol_separator).first))
     end
   end
-end
+end

data/lib/action_controller/verification.rb

@@ -43,72 +43,88 @@ module ActionController #:nodoc:
       # the user is redirected to a different action. The +options+ parameter
       # is a hash consisting of the following key/value pairs:
       #
-      # * <tt>:params</tt> - a single key or an array of keys that must
-      #   be in the <tt>params</tt> hash in order for the action(s) to be safely
-      #   called.
-      # * <tt>:session</tt> - a single key or an array of keys that must
-      #   be in the <tt>session</tt> in order for the action(s) to be safely called.
-      # * <tt>:flash</tt> - a single key or an array of keys that must
-      #   be in the flash in order for the action(s) to be safely called.
-      # * <tt>:method</tt> - a single key or an array of keys--any one of which
-      #   must match the current request method in order for the action(s) to
-      #   be safely called. (The key should be a symbol: <tt>:get</tt> or
-      #   <tt>:post</tt>, for example.)
-      # * <tt>:xhr</tt> - true/false option to ensure that the request is coming
-      #   from an Ajax call or not. 
-      # * <tt>:add_flash</tt> - a hash of name/value pairs that should be merged
-      #   into the session's flash if the prerequisites cannot be satisfied.
-      # * <tt>:add_headers</tt> - a hash of name/value pairs that should be
-      #   merged into the response's headers hash if the prerequisites cannot
-      #   be satisfied.
-      # * <tt>:redirect_to</tt> - the redirection parameters to be used when
-      #   redirecting if the prerequisites cannot be satisfied. You can 
-      #   redirect either to named route or to the action in some controller.
-      # * <tt>:render</tt> - the render parameters to be used when
-      #   the prerequisites cannot be satisfied.
-      # * <tt>:only</tt> - only apply this verification to the actions specified
-      #   in the associated array (may also be a single value).
-      # * <tt>:except</tt> - do not apply this verification to the actions
-      #   specified in the associated array (may also be a single value).
+      # <tt>:params</tt>:: 
+      #   a single key or an array of keys that must be in the <tt>params</tt> 
+      #   hash in order for the action(s) to be safely called.
+      # <tt>:session</tt>:: 
+      #   a single key or an array of keys that must be in the <tt>session</tt> 
+      #   in order for the action(s) to be safely called.
+      # <tt>:flash</tt>:: 
+      #   a single key or an array of keys that must be in the flash in order 
+      #   for the action(s) to be safely called.
+      # <tt>:method</tt>:: 
+      #   a single key or an array of keys--any one of which must match the 
+      #   current request method in order for the action(s) to be safely called. 
+      #   (The key should be a symbol: <tt>:get</tt> or <tt>:post</tt>, for 
+      #   example.)
+      # <tt>:xhr</tt>:: 
+      #   true/false option to ensure that the request is coming from an Ajax 
+      #   call or not. 
+      # <tt>:add_flash</tt>:: 
+      #   a hash of name/value pairs that should be merged into the session's 
+      #   flash if the prerequisites cannot be satisfied.
+      # <tt>:add_headers</tt>:: 
+      #   a hash of name/value pairs that should be merged into the response's 
+      #   headers hash if the prerequisites cannot be satisfied.
+      # <tt>:redirect_to</tt>:: 
+      #   the redirection parameters to be used when redirecting if the 
+      #   prerequisites cannot be satisfied. You can redirect either to named 
+      #   route or to the action in some controller.
+      # <tt>:render</tt>:: 
+      #   the render parameters to be used when the prerequisites cannot be satisfied.
+      # <tt>:only</tt>:: 
+      #   only apply this verification to the actions specified in the associated 
+      #   array (may also be a single value).
+      # <tt>:except</tt>:: 
+      #   do not apply this verification to the actions specified in the associated 
+      #   array (may also be a single value).
       def verify(options={})
-        filter_opts = { :only => options[:only], :except => options[:except] }
-        before_filter(filter_opts) do |c|
+        before_filter :only => options[:only], :except => options[:except] do |c|
           c.send! :verify_action, options
         end
       end
     end
 
+  private
+
     def verify_action(options) #:nodoc:
-      prereqs_invalid =
-        [*options[:params] ].find { |v| params[v].nil?  } ||
-        [*options[:session]].find { |v| session[v].nil? } ||
-        [*options[:flash]  ].find { |v| flash[v].nil?   }
-      
-      if !prereqs_invalid && options[:method]
-        prereqs_invalid ||= 
-          [*options[:method]].all? { |v| request.method != v.to_sym }
-      end
-      
-      prereqs_invalid ||= (request.xhr? != options[:xhr]) unless options[:xhr].nil?
-      
-      if prereqs_invalid
-        flash.update(options[:add_flash]) if options[:add_flash]
+      if prereqs_invalid?(options)
+        flash.update(options[:add_flash])              if options[:add_flash]
         response.headers.update(options[:add_headers]) if options[:add_headers]
-
-        unless performed?
-          case
-          when options[:render]
-            render(options[:render])
-          when options[:redirect_to]
-            options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a?(Symbol)
-            redirect_to(options[:redirect_to])
-          else
-            head(:bad_request)
-          end
-        end
+        apply_remaining_actions(options)               unless performed?
+      end
+    end
+    
+    def prereqs_invalid?(options) # :nodoc:
+      verify_presence_of_keys_in_hash_flash_or_params(options) || 
+      verify_method(options) || 
+      verify_request_xhr_status(options)
+    end
+ 
+    def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc:
+      [*options[:params] ].find { |v| params[v].nil?  } ||
+      [*options[:session]].find { |v| session[v].nil? } ||
+      [*options[:flash]  ].find { |v| flash[v].nil?   }
+    end
+    
+    def verify_method(options) # :nodoc:
+      [*options[:method]].all? { |v| request.method != v.to_sym } if options[:method]
+    end
+    
+    def verify_request_xhr_status(options) # :nodoc:
+      request.xhr? != options[:xhr] unless options[:xhr].nil?
+    end
+    
+    def apply_redirect_to(redirect_to_option) # :nodoc:
+      redirect_to_option.is_a?(Symbol) ? self.send!(redirect_to_option) : redirect_to_option
+    end
+    
+    def apply_remaining_actions(options) # :nodoc:
+      case
+        when options[:render]      ; render(options[:render])
+        when options[:redirect_to] ; redirect_to(apply_redirect_to(options[:redirect_to]))
+        else head(:bad_request)
       end
     end
-
-    private :verify_action
   end
 end

data/lib/action_pack/version.rb

@@ -2,7 +2,7 @@ module ActionPack #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 2
     MINOR = 0
-    TINY  = 2
+    TINY  = 4
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/lib/action_view/base.rb

@@ -157,6 +157,8 @@ module ActionView #:nodoc:
     attr_reader :logger, :response, :headers
     attr_internal :cookies, :flash, :headers, :params, :request, :response, :session
     
+    delegate :logger, :action_name, :to => :controller
+    
     attr_writer :template_format
 
     # Specify trim mode for the ERB compiler. Defaults to '-'.
@@ -338,11 +340,13 @@ If you are rendering a subtemplate, you must now use controller-like partial syn
           path, partial_name = partial_pieces(options.delete(:layout))
 
           if block_given?
-            @content_for_layout = capture(&block)
-            concat(render(options.merge(:partial => "#{path}/#{partial_name}")), block.binding)
+            wrap_content_for_layout capture(&block) do 
+              concat(render(options.merge(:partial => "#{path}/#{partial_name}")), block.binding)
+            end
           else
-            @content_for_layout = render(options)
-            render(options.merge(:partial => "#{path}/#{partial_name}"))
+            wrap_content_for_layout render(options) do
+              render(options.merge(:partial => "#{path}/#{partial_name}"))
+            end
           end
         elsif options[:file]
           render_file(options[:file], options[:use_full_path], options[:locals])
@@ -441,6 +445,12 @@ If you are rendering a subtemplate, you must now use controller-like partial syn
     end
 
     private
+      def wrap_content_for_layout(content)
+        original_content_for_layout = @content_for_layout
+        @content_for_layout = content
+        returning(yield) { @content_for_layout = original_content_for_layout }
+      end
+  
       def find_full_template_path(template_path, extension)
         file_name = "#{template_path}.#{extension}"
         base_path = find_base_path_for(file_name)
@@ -516,10 +526,18 @@ If you are rendering a subtemplate, you must now use controller-like partial syn
       def template_handler_is_compilable?(handler)
         handler.new(self).respond_to?(:compile)
       end
-
+      
       # Assigns instance variables from the controller to the view.
       def assign_variables_from_controller
-        @assigns.each { |key, value| instance_variable_set("@#{key}", value) }
+        @assigns.each do |key, value|
+          if ['logger'].include?(key)
+            instance_variable_set("@#{key}", ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new(self, key.to_sym))
+          elsif ['action_name'].include?(key)
+            instance_variable_set("@#{key}", ActiveSupport::Deprecation::DeprecatedInstanceVariable.new(value, key))
+          else
+            instance_variable_set("@#{key}", value)
+          end
+        end
       end
 
 

data/lib/action_view/helpers/active_record_helper.rb

@@ -149,7 +149,7 @@ module ActionView
           options[:object_name] ||= params.first
           options[:header_message] = "#{pluralize(count, 'error')} prohibited this #{options[:object_name].to_s.gsub('_', ' ')} from being saved" unless options.include?(:header_message)
           options[:message] ||= 'There were problems with the following fields:' unless options.include?(:message)
-          error_messages = objects.map {|object| object.errors.full_messages.map {|msg| content_tag(:li, msg) } }
+          error_messages = objects.sum {|object| object.errors.full_messages.map {|msg| content_tag(:li, msg) } }.join
 
           contents = ''
           contents << content_tag(options[:header_tag] || :h2, options[:header_message]) unless options[:header_message].blank?

data/lib/action_view/helpers/asset_tag_helper.rb

@@ -217,7 +217,7 @@ module ActionView
       #     <script type="text/javascript" src="/javascripts/cart.js"></script>
       #     <script type="text/javascript" src="/javascripts/checkout.js"></script>
       #
-      #   javascript_include_tag "prototype", "cart", "checkout", :cache => "shop" # when ActionController::Base.perform_caching is false =>
+      #   javascript_include_tag "prototype", "cart", "checkout", :cache => "shop" # when ActionController::Base.perform_caching is true =>
       #     <script type="text/javascript" src="/javascripts/shop.js"></script>
       def javascript_include_tag(*sources)
         options = sources.extract_options!.stringify_keys
@@ -435,9 +435,11 @@ module ActionView
               else
                 source = "/#{dir}/#{source}" unless source[0] == ?/
                 if has_request
-                  source = "#{@controller.request.relative_url_root}#{source}"
+                  unless source =~ %r{^#{@controller.request.relative_url_root}/}
+                    source = "#{@controller.request.relative_url_root}#{source}"
+                  end
                 end
-                rewrite_asset_path!(source)
+                source = rewrite_asset_path(source)
 
                 if include_host
                   host = compute_asset_host(source)
@@ -484,11 +486,15 @@ module ActionView
           end
         end
 
-        # Break out the asset path rewrite so you wish to put the asset id
+        # Break out the asset path rewrite in case plugins wish to put the asset id
         # someplace other than the query string.
-        def rewrite_asset_path!(source)
+        def rewrite_asset_path(source)
           asset_id = rails_asset_id(source)
-          source << "?#{asset_id}" if !asset_id.blank?
+          if asset_id.blank?
+            source
+          else
+            source + "?#{asset_id}"
+          end
         end
 
         def javascript_src_tag(source, options)

data/lib/action_view/helpers/atom_feed_helper.rb

@@ -26,7 +26,7 @@ module ActionView
       #     end
       #
       #   app/views/posts/index.atom.builder:
-      #     atom_feed do |feed|
+      #     atom_feed(:tag_uri => "2008") do |feed|
       #       feed.title("My great blog!")
       #       feed.updated((@posts.first.created_at))
       #     
@@ -44,31 +44,35 @@ module ActionView
       #
       # The options are for atom_feed are:
       #
+      # * <tt>:schema_date</tt>: Required. The date at which the tag scheme for the feed was first used. A good default is the year you created the feed. See http://feedvalidator.org/docs/error/InvalidTAG.html for more information.
       # * <tt>:language</tt>: Defaults to "en-US".
       # * <tt>:root_url</tt>: The HTML alternative that this feed is doubling for. Defaults to / on the current host.
       # * <tt>:url</tt>: The URL for this feed. Defaults to the current URL.
       #
-      # atom_feed yields a AtomFeedBuilder instance.
+      # atom_feed yields an AtomFeedBuilder instance.
       def atom_feed(options = {}, &block)
+        if options[:schema_date].blank?
+          logger.warn("You must provide the :schema_date option to atom_feed for your feed to be valid. A good default is the year you first created this feed.") unless logger.nil?
+        else
+          options[:schema_date] = options[:schema_date].strftime("%Y-%m-%d") if options[:schema_date].respond_to?(:strftime)
+        end
+        
         xml = options[:xml] || eval("xml", block.binding)
         xml.instruct!
 
         xml.feed "xml:lang" => options[:language] || "en-US", "xmlns" => 'http://www.w3.org/2005/Atom' do
-          xml.id("tag:#{request.host}:#{request.request_uri.split(".")[0].gsub("/", "")}")      
+          xml.id("tag:#{request.host},#{options[:schema_date]}:#{request.request_uri.split(".")[0]}")      
           xml.link(:rel => 'alternate', :type => 'text/html', :href => options[:root_url] || (request.protocol + request.host_with_port))
-
-          if options[:url]
-            xml.link(:rel => 'self', :type => 'application/atom+xml', :href => options[:url] || request.url)
-          end
-
-          yield AtomFeedBuilder.new(xml, self)
+          xml.link(:rel => 'self', :type => 'application/atom+xml', :href => options[:url] || request.url)
+          
+          yield AtomFeedBuilder.new(xml, self, options)
         end
       end
 
 
       class AtomFeedBuilder
-        def initialize(xml, view)
-          @xml, @view = xml, view
+        def initialize(xml, view, feed_options = {})
+          @xml, @view, @feed_options = xml, view, feed_options
         end
         
         # Accepts a Date or Time object and inserts it in the proper format. If nil is passed, current time in UTC is used.
@@ -80,12 +84,12 @@ module ActionView
         #
         # Options:
         #
-        # * <tt>:updated</tt>: Time of update. Defaults to the created_at attribute on the record if one such exists.
-        # * <tt>:published</tt>: Time first published. Defaults to the updated_at attribute on the record if one such exists.
+        # * <tt>:published</tt>: Time first published. Defaults to the created_at attribute on the record if one such exists.
+        # * <tt>:updated</tt>: Time of update. Defaults to the updated_at attribute on the record if one such exists.
         # * <tt>:url</tt>: The URL for this entry. Defaults to the polymorphic_url for the record.
         def entry(record, options = {})
           @xml.entry do 
-            @xml.id("tag:#{@view.request.host_with_port}:#{record.class}#{record.id}")
+            @xml.id("tag:#{@view.request.host},#{@feed_options[:schema_date]}:#{record.class}/#{record.id}")
 
             if options[:published] || (record.respond_to?(:created_at) && record.created_at)
               @xml.published((options[:published] || record.created_at).xmlschema)
@@ -102,10 +106,10 @@ module ActionView
         end
 
         private
-          def method_missing(method, *arguments)
-            @xml.__send__(method, *arguments)
+          def method_missing(method, *arguments, &block)
+            @xml.__send__(method, *arguments, &block)
           end
       end
     end
   end
-end
+end

data/lib/action_view/helpers/date_helper.rb

@@ -341,7 +341,7 @@ module ActionView
               %(<option value="#{leading_zero_on_single_digits(second)}">#{leading_zero_on_single_digits(second)}</option>\n)
             )
           end
-          select_html(options[:field_name] || 'second', second_options, options)
+          select_html(options[:field_name] || 'second', second_options.join, options)
         end
       end
 
@@ -375,7 +375,7 @@ module ActionView
               %(<option value="#{leading_zero_on_single_digits(minute)}">#{leading_zero_on_single_digits(minute)}</option>\n)
             )
           end
-          select_html(options[:field_name] || 'minute', minute_options, options)
+          select_html(options[:field_name] || 'minute', minute_options.join, options)
          end
       end
 
@@ -408,7 +408,7 @@ module ActionView
               %(<option value="#{leading_zero_on_single_digits(hour)}">#{leading_zero_on_single_digits(hour)}</option>\n)
             )
           end
-          select_html(options[:field_name] || 'hour', hour_options, options)
+          select_html(options[:field_name] || 'hour', hour_options.join, options)
         end
       end
 
@@ -441,7 +441,7 @@ module ActionView
               %(<option value="#{day}">#{day}</option>\n)
             )
           end
-          select_html(options[:field_name] || 'day', day_options, options)
+          select_html(options[:field_name] || 'day', day_options.join, options)
         end
       end
 
@@ -501,7 +501,7 @@ module ActionView
               %(<option value="#{month_number}">#{month_name}</option>\n)
             )
           end
-          select_html(options[:field_name] || 'month', month_options, options)
+          select_html(options[:field_name] || 'month', month_options.join, options)
         end
       end
 
@@ -543,7 +543,7 @@ module ActionView
               %(<option value="#{year}">#{year}</option>\n)
             )
           end
-          select_html(options[:field_name] || 'year', year_options, options)
+          select_html(options[:field_name] || 'year', year_options.join, options)
         end
       end
 

data/lib/action_view/helpers/form_helper.rb

@@ -155,8 +155,9 @@ module ActionView
       #
       # In many cases you will want to wrap the above in another helper, so you could do something like the following:
       #
-      #   def labelled_form_for(name, object, options, &proc)
-      #     form_for(name, object, options.merge(:builder => LabellingFormBuiler), &proc)
+      #   def labelled_form_for(record_or_name_or_array, *args, &proc)
+      #     options = args.extract_options!
+      #     form_for(record_or_name_or_array, *(args << options.merge(:builder => LabellingFormBuilder)), &proc)
       #   end
       #
       # If you don't need to attach a form to a model instance, then check out FormTagHelper#form_tag.

data/lib/action_view/helpers/form_options_helper.rb

@@ -131,6 +131,17 @@ module ActionView
       # to TimeZone. This may be used by users to specify a different time
       # zone model object. (See #time_zone_options_for_select for more
       # information.)
+      # Finally, this method supports a <tt>:default</tt> option, which selects
+      # a default TimeZone if the object's time zone is nil.
+      #
+      # Examples:
+      #   time_zone_select( "user", "time_zone", nil, :include_blank => true)
+      #
+      #   time_zone_select( "user", "time_zone", nil, :default => "Pacific Time (US & Canada)" )
+      #
+      #   time_zone_select( "user", 'time_zone', TimeZone.us_zones, :default => "Pacific Time (US & Canada)")
+      #
+      #   time_zone_select( "user", "time_zone", TZInfo::Timezone.all.sort, :model => TZInfo::Timezone)
       def time_zone_select(object, method, priority_zones = nil, options = {}, html_options = {})
         InstanceTag.new(object, method, self, nil, options.delete(:object)).to_time_zone_select_tag(priority_zones, options, html_options)
       end
@@ -385,7 +396,7 @@ module ActionView
         value = value(object)
         content_tag("select",
           add_options(
-            time_zone_options_for_select(value, priority_zones, options[:model] || TimeZone),
+            time_zone_options_for_select(value || options[:default], priority_zones, options[:model] || TimeZone),
             options, value
           ), html_options
         )