actionpack 2.0.5 → 2.1.0

data/CHANGELOG

@@ -1,16 +1,116 @@
-*2.0.5* (October 19th, 2008)
+*2.1.0 (May 31st, 2008)*
 
-* Sanitize the URLs passed to redirect_to to prevent a potential response splitting attack [koz]
+* InstanceTag#default_time_from_options overflows to DateTime [Geoff Buesing]
 
+* Fixed that forgery protection can be used without session tracking (Peter Jones) [#139]
 
-*2.0.4* (2nd September 2008)
+* Added session(:on) to turn session management back on in a controller subclass if the superclass turned it off (Peter Jones) [#136]
+
+* Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [rick]
+* InstanceTag#default_time_from_options with hash args uses Time.current as default; respects hash settings when time falls in system local spring DST gap [Geoff Buesing]
+
+* select_date defaults to Time.zone.today when config.time_zone is set [Geoff Buesing]
+
+* Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) [#80]
+
+* Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) [DHH]
+
+* Reduce number of instance variables being copied from controller to view. [Pratik]
+
+* select_datetime and select_time default to Time.zone.now when config.time_zone is set [Geoff Buesing]
+
+* datetime_select defaults to Time.zone.now when config.time_zone is set [Geoff Buesing]
+
+* Remove ActionController::Base#view_controller_internals flag. [Pratik]
+
+* Add conditional options to caches_page method. [Paul Horsfall]
+
+* Move missing template logic to ActionView. [Pratik]
+
+* Introduce ActionView::InlineTemplate class. [Pratik]
+
+* Automatically parse posted JSON content for Mime::JSON requests.  [rick]
+
+  POST /posts
+  {"post": {"title": "Breaking News"}}
+
+  def create
+    @post = Post.create params[:post]
+    # ...
+  end
+
+* add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick]
+
+* Provide a helper proxy to access helper methods from outside views. Closes #10839 [Josh Peek]
+  e.g. ApplicationController.helpers.simple_format(text)
+
+* Improve documentation. [Xavier Noria, leethal, jerome]
+
+* Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 [josh, eventualbuddha, Pratik]
+
+* Support render :partial => collection of heterogeneous elements.  #11491 [Zach Dennis]
 
 * Avoid remote_ip spoofing.  [Brian Candler]
 
-* Correct inconsistencies in RequestForgeryProtection docs.  #11032 [mislav]
+* Added support for regexp flags like ignoring case in the :requirements part of routes declarations #11421 [NeilW]
 
-* Make assert_routing aware of the HTTP method used.  #8039 [mpalmer]
-   e.g. assert_routing({ :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" })
+* Fixed that ActionController::Base#read_multipart would fail if boundary was exactly 10240 bytes #10886 [ariejan]
+
+* Fixed HTML::Tokenizer (used in sanitize helper) didn't handle unclosed CDATA tags #10071 [esad, packagethief]
+
+* Improve documentation. [Radar, Jan De Poorter, chuyeow, xaviershay, danger, miloops, Xavier Noria,  Sunny Ripert]
+
+* Fixed that FormHelper#radio_button would produce invalid ids #11298 [harlancrystal]
+
+* Added :confirm option to submit_tag #11415 [miloops]
+
+* Fixed NumberHelper#number_with_precision to properly round in a way that works equally on Mac, Windows, Linux (closes #11409, #8275, #10090, #8027) [zhangyuanyi]
+
+* Allow the #simple_format text_helper to take an html_options hash for each paragraph.  #2448 [Francois Beausoleil, thechrisoshow]
+
+* Fix regression from filter refactoring where re-adding a skipped filter resulted in it being called twice.  [rick]
+
+* Refactor filters to use Active Support callbacks.  #11235 [Josh Peek]
+
+* Fixed that polymorphic routes would modify the input array #11363 [thomas.lee]
+
+* Added :format option to NumberHelper#number_to_currency to enable better localization support #11149 [lylo]
+
+* Fixed that TextHelper#excerpt would include one character too many #11268 [Irfy]
+
+* Fix more obscure nested parameter hash parsing bug.  #10797 [thomas.lee]
+
+* Added ActionView::Helpers::register_javascript/stylesheet_expansion to make it easier for plugin developers to inject multiple assets.  #10350 [lotswholetime]
+
+* Fix nested parameter hash parsing bug.  #10797 [thomas.lee]
+
+* Allow using named routes in ActionController::TestCase before any request has been made. Closes #11273 [alloy]
+
+* Fixed that sweepers defined by cache_sweeper will be added regardless of the perform_caching setting. Instead, control whether the sweeper should be run with the perform_caching setting. This makes testing easier when you want to turn perform_caching on/off [DHH]
+
+* Make MimeResponds::Responder#any work without explicit types. Closes #11140 [jaw6]
+
+* Better error message for type conflicts when parsing params.  Closes #7962 [spicycode, matt]
+
+* Remove unused ActionController::Base.template_class. Closes #10787 [Pratik]
+
+* Moved template handlers related code from ActionView::Base to ActionView::Template. [Pratik]
+
+* Tests for div_for and content_tag_for helpers. Closes #11223 [thechrisoshow]
+
+* Allow file uploads in Integration Tests.  Closes #11091 [RubyRedRick]
+
+* Refactor partial rendering into a PartialTemplate class. [Pratik]
+
+* Added that requests with JavaScript as the priority mime type in the accept header and no format extension in the parameters will be treated as though their format was :js when it comes to determining which template to render. This makes it possible for JS requests to automatically render action.js.rjs files without an explicit respond_to block  [DHH]
+
+* Tests for distance_of_time_in_words with TimeWithZone instances. Closes #10914 [ernesto.jimenez]
+
+* Remove support for multivalued (e.g., '&'-delimited) cookies. [Jamis Buck]
+
+* Fix problem with render :partial collections, records, and locals. #11057 [lotswholetime] 
+
+* Added support for naming concrete classes in sweeper declarations [DHH]
 
 * Remove ERB trim variables from trace template in case ActionView::Base.erb_trim_mode is changed in the application.  #10098 [tpope, kampers]
 
@@ -18,16 +118,58 @@
 
 * Fix bug with setting Request#format= after the getter has cached the value.  #10889 [cch1]
 
-* Add label_tag helper for generating elements. #10802 [DefV]
+* Correct inconsistencies in RequestForgeryProtection docs.  #11032 [mislav]
+
+* Introduce a Template class to ActionView.  #11024 [lifofifo]
+
+* Introduce the :index option for form_for and fields_for to simplify multi-model forms (see http://railscasts.com/episodes/75).  #9883 [rmm5t]
+
+* Introduce map.resources :cards, :as => 'tarjetas' to use a custom resource name in the URL: cards_path == '/tarjetas'.  #10578 [blj]
 
 * TestSession supports indifferent access.  #7372 [tamc, Arsen7, mhackett, julik, jean.helou]
 
+* Make assert_routing aware of the HTTP method used.  #8039 [mpalmer]
+  e.g. assert_routing({ :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" })
+
+* Make map.root accept a single symbol as an argument to declare an alias.  #10818 [bscofield] 
+
+  e.g.  map.dashboard '/dashboard', :controller=>'dashboard'
+        map.root      :dashboard
+
+* Handle corner case with image_tag when passed 'messed up' image names. #9018 [duncanbeevers, mpalmer]
+
+* Add label_tag helper for generating elements. #10802 [DefV]
+
+* Introduce TemplateFinder to handle view paths and lookups.  #10800 [Pratik Naik] 
+
+* Performance: optimize route recognition. Large speedup for apps with many resource routes.  #10835 [oleganza]
+
+* Make render :partial recognise form builders and use the _form partial.  #10814 [djanowski]
+
+* Allow users to declare other namespaces when using the atom feed helpers. #10304 [david.calavera]
+
+* Introduce send_file :x_sendfile => true to send an X-Sendfile response header.  [Jeremy Kemper]
+
+* Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used #10739 [jeremyevans]
+
+* Provide nicer access to HTTP Headers.  Instead of request.env["HTTP_REFERRER"] you can now use request.headers["Referrer"]. [Koz]
+
 * UrlWriter respects relative_url_root.  #10748 [Cheah Chu Yeow]
 
+* The asset_host block takes the controller request as an optional second argument. Example: use a single asset host for SSL requests.  #10549 [Cheah Chu Yeow, Peter B, Tom Taylor]
+
 * Support render :text => nil.  #6684 [tjennings, PotatoSalad, Cheah Chu Yeow]
 
 * assert_response failures include the exception message.  #10688 [Seth Rasmussen]
 
+* All fragment cache keys are now by default prefixed with the "views/" namespace [DHH]
+
+* Moved the caching stores from ActionController::Caching::Fragments::* to ActiveSupport::Cache::*. If you're explicitly referring to a store, like ActionController::Caching::Fragments::MemoryStore, you need to update that reference with ActiveSupport::Cache::MemoryStore [DHH]
+
+* Deprecated ActionController::Base.fragment_cache_store for ActionController::Base.cache_store [DHH]
+
+* Made fragment caching in views work for rjs and builder as well #6642 [zsombor]
+
 * Fixed rendering of partials with layout when done from site layout #9209 [antramm]
 
 * Fix atom_feed_helper to comply with the atom spec.  Closes #10672 [xaviershay]

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2004-2007 David Heinemeier Hansson
+Copyright (c) 2004-2008 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README

@@ -97,7 +97,7 @@ A short rundown of the major features:
 
     class WeblogController < ActionController::Base
       before_filter :authenticate, :cache, :audit
-      after_filter { |c| c.response.body = GZip::compress(c.response.body) }
+      after_filter { |c| c.response.body = Gzip::compress(c.response.body) }
       after_filter LocalizeFilter
       
       def index

data/Rakefile

@@ -5,7 +5,6 @@ require 'rake/rdoctask'
 require 'rake/packagetask'
 require 'rake/gempackagetask'
 require 'rake/contrib/sshpublisher'
-require 'rake/contrib/rubyforgepublisher'
 require File.join(File.dirname(__FILE__), 'lib', 'action_pack', 'version')
 
 PKG_BUILD     = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
@@ -28,9 +27,9 @@ task :test => [:test_action_pack, :test_active_record_integration]
 
 Rake::TestTask.new(:test_action_pack) { |t|
   t.libs << "test"
-# make sure we include the controller tests (c*) first as on some systems
+# make sure we include the tests in alphabetical order as on some systems
 # this will not happen automatically and the tests (as a whole) will error
-  t.test_files=Dir.glob( "test/c*/**/*_test.rb" ) + Dir.glob( "test/[ft]*/*_test.rb" )
+  t.test_files=Dir.glob( "test/[cft]*/**/*_test.rb" ).sort
 #  t.pattern = 'test/*/*_test.rb'
   t.verbose = true
 }
@@ -77,7 +76,7 @@ spec = Gem::Specification.new do |s|
   s.has_rdoc = true
   s.requirements << 'none'
 
-  s.add_dependency('activesupport', '= 2.0.5' + PKG_BUILD)
+  s.add_dependency('activesupport', '= 2.1.0' + PKG_BUILD)
 
   s.require_path = 'lib'
   s.autorequire = 'action_controller'
@@ -133,8 +132,8 @@ task :update_js => [ :update_scriptaculous ]
 
 desc "Publish the API documentation"
 task :pgem => [:package] do 
-  Rake::SshFilePublisher.new("david@greed.loudthinking.com", "/u/sites/gems/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
-  `ssh david@greed.loudthinking.com '/u/sites/gems/gemupdate.sh'`
+  Rake::SshFilePublisher.new("davidhh@wrath.rubyonrails.org", "public_html/gems/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
+  `ssh davidhh@wrath.rubyonrails.org './gemupdate.sh'`
 end
 
 desc "Publish the API documentation"

data/lib/action_controller.rb

@@ -1,5 +1,5 @@
 #--
-# Copyright (c) 2004-2007 David Heinemeier Hansson
+# Copyright (c) 2004-2008 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -55,9 +55,9 @@ require 'action_controller/http_authentication'
 require 'action_controller/components'
 require 'action_controller/record_identifier'
 require 'action_controller/request_forgery_protection'
+require 'action_controller/headers'
 
 require 'action_view'
-ActionController::Base.template_class = ActionView::Base
 
 ActionController::Base.class_eval do
   include ActionController::Flash

data/lib/action_controller/assertions/model_assertions.rb

@@ -1,7 +1,8 @@
 module ActionController
   module Assertions
     module ModelAssertions
-      # Ensures that the passed record is valid by ActiveRecord standards and returns any error messages if it is not.
+      # Ensures that the passed record is valid by Active Record standards and
+      # returns any error messages if it is not.
       #
       # ==== Examples
       #

data/lib/action_controller/assertions/response_assertions.rb

@@ -34,7 +34,9 @@ module ActionController
             assert_block("") { true } # to count the assertion
           else
             if @response.error?
-              assert_block(build_message(message, "Expected response to be a <?>, but was <?>\n<?>", type, @response.response_code, @response.template.instance_variable_get(:@exception).message)) { false }
+              exception = @response.template.instance_variable_get(:@exception)
+              exception_message = exception && exception.message
+              assert_block(build_message(message, "Expected response to be a <?>, but was <?>\n<?>", type, @response.response_code, exception_message.to_s)) { false }
             else
               assert_block(build_message(message, "Expected response to be a <?>, but was <?>", type, @response.response_code)) { false }
             end
@@ -95,7 +97,7 @@ module ActionController
                 value['controller'] = value['controller'].to_s
                 if key == :actual && value['controller'].first != '/' && !value['controller'].include?('/')
                   new_controller_path = ActionController::Routing.controller_relative_to(value['controller'], @controller.class.controller_path)
-                  value['controller'] = new_controller_path if value['controller'] != new_controller_path && ActionController::Routing.possible_controllers.include?(new_controller_path) && @response.redirected_to.is_a?(Hash)
+                  value['controller'] = new_controller_path if value['controller'] != new_controller_path && ActionController::Routing.possible_controllers.include?(new_controller_path)
                 end
                 value['controller'] = value['controller'][1..-1] if value['controller'].first == '/' # strip leading hash
               end

data/lib/action_controller/assertions/routing_assertions.rb

@@ -59,7 +59,7 @@ module ActionController
         end
       end
 
-      # Asserts that the provided options can be used to generate the provided path.  This is the inverse of #assert_recognizes.
+      # Asserts that the provided options can be used to generate the provided path.  This is the inverse of +assert_recognizes+.
       # The +extras+ parameter is used to tell the request the names and values of additional request parameters that would be in
       # a query string. The +message+ parameter allows you to specify a custom error message for assertion failures.
       #
@@ -96,8 +96,8 @@ module ActionController
       end
 
       # Asserts that path and options match both ways; in other words, it verifies that <tt>path</tt> generates 
-      # <tt>options</tt> and then that <tt>options</tt> generates <tt>path</tt>.  This essentially combines #assert_recognizes 
-      # and #assert_generates into one step.
+      # <tt>options</tt> and then that <tt>options</tt> generates <tt>path</tt>.  This essentially combines +assert_recognizes+
+      # and +assert_generates+ into one step.
       #
       # The +extras+ hash allows you to specify options that would normally be provided as a query string to the action.  The
       # +message+ parameter allows you to specify a custom error message to display upon failure.  

data/lib/action_controller/assertions/selector_assertions.rb

@@ -12,20 +12,20 @@ module ActionController
       NO_STRIP = %w{pre script style textarea}
     end
 
-    # Adds the #assert_select method for use in Rails functional
+    # Adds the +assert_select+ method for use in Rails functional
     # test cases, which can be used to make assertions on the response HTML of a controller
-    # action. You can also call #assert_select within another #assert_select to
+    # action. You can also call +assert_select+ within another +assert_select+ to
     # make assertions on elements selected by the enclosing assertion.
     #
-    # Use #css_select to select elements without making an assertions, either
+    # Use +css_select+ to select elements without making an assertions, either
     # from the response HTML or elements selected by the enclosing assertion.
     # 
     # In addition to HTML responses, you can make the following assertions:
-    # * #assert_select_rjs    -- Assertions on HTML content of RJS update and
+    # * +assert_select_rjs+ - Assertions on HTML content of RJS update and
     #     insertion operations.
-    # * #assert_select_encoded  -- Assertions on HTML encoded inside XML,
+    # * +assert_select_encoded+ - Assertions on HTML encoded inside XML,
     #     for example for dealing with feed item descriptions.
-    # * #assert_select_email    -- Assertions on the HTML body of an e-mail.
+    # * +assert_select_email+ - Assertions on the HTML body of an e-mail.
     #
     # Also see HTML::Selector to learn how to use selectors.
     module SelectorAssertions
@@ -44,8 +44,8 @@ module ActionController
       # base element and any of its children. Returns an empty array if no
       # match is found.
       #
-      # The selector may be a CSS selector expression (+String+), an expression
-      # with substitution values (+Array+) or an HTML::Selector object.
+      # The selector may be a CSS selector expression (String), an expression
+      # with substitution values (Array) or an HTML::Selector object.
       #
       # ==== Examples
       #   # Selects all div tags
@@ -114,8 +114,8 @@ module ActionController
       # starting from (and including) that element and all its children in
       # depth-first order.
       #
-      # If no element if specified, calling #assert_select will select from the
-      # response HTML. Calling #assert_select inside an #assert_select block will
+      # If no element if specified, calling +assert_select+ will select from the
+      # response HTML. Calling #assert_select inside an +assert_select+ block will
       # run the assertion for each element selected by the enclosing assertion.
       #
       # ==== Example
@@ -130,33 +130,33 @@ module ActionController
       #     assert_select "li"
       #   end
       #
-      # The selector may be a CSS selector expression (+String+), an expression
+      # The selector may be a CSS selector expression (String), an expression
       # with substitution values, or an HTML::Selector object.
       #
       # === Equality Tests
       #
       # The equality test may be one of the following:
-      # * <tt>true</tt> -- Assertion is true if at least one element selected.
-      # * <tt>false</tt> -- Assertion is true if no element selected.
-      # * <tt>String/Regexp</tt> -- Assertion is true if the text value of at least
+      # * <tt>true</tt> - Assertion is true if at least one element selected.
+      # * <tt>false</tt> - Assertion is true if no element selected.
+      # * <tt>String/Regexp</tt> - Assertion is true if the text value of at least
       #   one element matches the string or regular expression.
-      # * <tt>Integer</tt> -- Assertion is true if exactly that number of
+      # * <tt>Integer</tt> - Assertion is true if exactly that number of
       #   elements are selected.
-      # * <tt>Range</tt> -- Assertion is true if the number of selected
+      # * <tt>Range</tt> - Assertion is true if the number of selected
       #   elements fit the range.
       # If no equality test specified, the assertion is true if at least one
       # element selected.
       #
       # To perform more than one equality tests, use a hash with the following keys:
-      # * <tt>:text</tt> -- Narrow the selection to elements that have this text
+      # * <tt>:text</tt> - Narrow the selection to elements that have this text
       #   value (string or regexp).
-      # * <tt>:html</tt> -- Narrow the selection to elements that have this HTML
+      # * <tt>:html</tt> - Narrow the selection to elements that have this HTML
       #   content (string or regexp).
-      # * <tt>:count</tt> -- Assertion is true if the number of selected elements
+      # * <tt>:count</tt> - Assertion is true if the number of selected elements
       #   is equal to this value.
-      # * <tt>:minimum</tt> -- Assertion is true if the number of selected
+      # * <tt>:minimum</tt> - Assertion is true if the number of selected
       #   elements is at least this value.
-      # * <tt>:maximum</tt> -- Assertion is true if the number of selected
+      # * <tt>:maximum</tt> - Assertion is true if the number of selected
       #   elements is at most this value.
       #
       # If the method is called with a block, once all equality tests are
@@ -263,12 +263,15 @@ module ActionController
         if match_with = equals[:text]
           matches.delete_if do |match|
             text = ""
+            text.force_encoding(match_with.encoding) if text.respond_to?(:force_encoding)
             stack = match.children.reverse
             while node = stack.pop
               if node.tag?
                 stack.concat node.children.reverse
               else
-                text << node.content
+                content = node.content
+                content.force_encoding(match_with.encoding) if content.respond_to?(:force_encoding)
+                text << content
               end
             end
             text.strip! unless NO_STRIP.include?(match.name)
@@ -353,16 +356,16 @@ module ActionController
       #
       # === Using blocks
       #
-      # Without a block, #assert_select_rjs merely asserts that the response
+      # Without a block, +assert_select_rjs+ merely asserts that the response
       # contains one or more RJS statements that replace or update content.
       #
-      # With a block, #assert_select_rjs also selects all elements used in
+      # With a block, +assert_select_rjs+ also selects all elements used in
       # these statements and passes them to the block. Nested assertions are
       # supported.
       #
-      # Calling #assert_select_rjs with no arguments and using nested asserts
+      # Calling +assert_select_rjs+ with no arguments and using nested asserts
       # asserts that the HTML content is returned by one or more RJS statements.
-      # Using #assert_select directly makes the same assertion on the content,
+      # Using +assert_select+ directly makes the same assertion on the content,
       # but without distinguishing whether the content is returned in an HTML
       # or JavaScript.
       #
@@ -598,7 +601,7 @@ module ActionController
           RJS_PATTERN_UNICODE_ESCAPED_CHAR = /\\u([0-9a-zA-Z]{4})/
         end
 
-        # #assert_select and #css_select call this to obtain the content in the HTML
+        # +assert_select+ and +css_select+ call this to obtain the content in the HTML
         # page, or from all the RJS statements, depending on the type of response.
         def response_from_page_or_rjs()
           content_type = @response.content_type

data/lib/action_controller/assertions/tag_assertions.rb

@@ -91,7 +91,7 @@ module ActionController
       #              :descendant => { :tag => "span",
       #                               :child => /hello world/ }
       #
-      # <b>Please note</b>: #assert_tag and #assert_no_tag only work
+      # <b>Please note</b>: +assert_tag+ and +assert_no_tag+ only work
       # with well-formed XHTML. They recognize a few tags as implicitly self-closing
       # (like br and hr and such) but will not work correctly with tags
       # that allow optional closing tags (p, li, td). <em>You must explicitly
@@ -104,8 +104,8 @@ module ActionController
         end
       end
       
-      # Identical to #assert_tag, but asserts that a matching tag does _not_
-      # exist. (See #assert_tag for a full discussion of the syntax.)
+      # Identical to +assert_tag+, but asserts that a matching tag does _not_
+      # exist. (See +assert_tag+ for a full discussion of the syntax.)
       #
       # === Examples
       #   # Assert that there is not a "div" containing a "p"