actionpack 2.1.0 → 2.1.1

data/lib/action_controller/polymorphic_routes.rb

@@ -48,6 +48,9 @@ module ActionController
     #
     #   # calls post_url(post)
     #   polymorphic_url(post) # => "http://example.com/posts/1"
+    #   polymorphic_url([blog, post]) # => "http://example.com/blogs/1/posts/1"
+    #   polymorphic_url([:admin, blog, post]) # => "http://example.com/admin/blogs/1/posts/1"
+    #   polymorphic_url([user, :blog, post]) # => "http://example.com/users/1/blog/posts/1"
     #
     # ==== Options
     #
@@ -83,8 +86,6 @@ module ActionController
         else        [ record_or_hash_or_array ]
       end
 
-      args << format if format
-
       inflection =
         case
         when options[:action].to_s == "new"
@@ -96,6 +97,9 @@ module ActionController
         else
           :singular
         end
+
+      args.delete_if {|arg| arg.is_a?(Symbol) || arg.is_a?(String)}
+      args << format if format
       
       named_route = build_named_route_call(record_or_hash_or_array, namespace, inflection, options)
       send!(named_route, *args)
@@ -136,11 +140,19 @@ module ActionController
         else
           record = records.pop
           route = records.inject("") do |string, parent|
-            string << "#{RecordIdentifier.send!("singular_class_name", parent)}_"
+            if parent.is_a?(Symbol) || parent.is_a?(String)
+              string << "#{parent}_"
+            else
+              string << "#{RecordIdentifier.send!("singular_class_name", parent)}_"
+            end
           end
         end
 
-        route << "#{RecordIdentifier.send!("#{inflection}_class_name", record)}_"
+        if record.is_a?(Symbol) || record.is_a?(String)
+          route << "#{record}_"
+        else
+          route << "#{RecordIdentifier.send!("#{inflection}_class_name", record)}_"
+        end
 
         action_prefix(options) + namespace + route + routing_type(options).to_s
       end
@@ -163,16 +175,17 @@ module ActionController
         end
       end
       
+      # Remove the first symbols from the array and return the url prefix
+      # implied by those symbols.
       def extract_namespace(record_or_hash_or_array)
-        returning "" do |namespace|
-          if record_or_hash_or_array.is_a?(Array)
-            record_or_hash_or_array.delete_if do |record_or_namespace|
-              if record_or_namespace.is_a?(String) || record_or_namespace.is_a?(Symbol)
-                namespace << "#{record_or_namespace}_"
-              end
-            end
-          end  
+        return "" unless record_or_hash_or_array.is_a?(Array)
+
+        namespace_keys = []
+        while (key = record_or_hash_or_array.first) && key.is_a?(String) || key.is_a?(Symbol)
+          namespace_keys << record_or_hash_or_array.shift
         end
+
+        namespace_keys.map {|k| "#{k}_"}.join
       end
   end
 end

data/lib/action_controller/record_identifier.rb

@@ -31,18 +31,21 @@ module ActionController
   module RecordIdentifier
     extend self
 
+    JOIN = '_'.freeze
+    NEW = 'new'.freeze
+
     # Returns plural/singular for a record or class. Example:
     #
     #   partial_path(post)                   # => "posts/post"
     #   partial_path(Person)                 # => "people/person"
     #   partial_path(Person, "admin/games")  # => "admin/people/person"
     def partial_path(record_or_class, controller_path = nil)
-      klass = class_from_record_or_class(record_or_class)
+      name = model_name_from_record_or_class(record_or_class)
 
       if controller_path && controller_path.include?("/")
-        "#{File.dirname(controller_path)}/#{klass.name.tableize}/#{klass.name.demodulize.underscore}"
+        "#{File.dirname(controller_path)}/#{name.partial_path}"
       else
-        "#{klass.name.tableize}/#{klass.name.demodulize.underscore}"
+        name.partial_path
       end
     end
 
@@ -56,21 +59,25 @@ module ActionController
     #   dom_class(post, :edit)   # => "edit_post"
     #   dom_class(Person, :edit) # => "edit_person"
     def dom_class(record_or_class, prefix = nil)
-      [ prefix, singular_class_name(record_or_class) ].compact * '_'
+      singular = singular_class_name(record_or_class)
+      prefix ? "#{prefix}#{JOIN}#{singular}" : singular
     end
 
     # The DOM id convention is to use the singular form of an object or class with the id following an underscore.
     # If no id is found, prefix with "new_" instead. Examples:
     #
-    #   dom_id(Post.new(:id => 45)) # => "post_45"
+    #   dom_id(Post.find(45))       # => "post_45"
     #   dom_id(Post.new)            # => "new_post"
     #
     # If you need to address multiple instances of the same class in the same view, you can prefix the dom_id:
     #
-    #   dom_id(Post.new(:id => 45), :edit) # => "edit_post_45"
+    #   dom_id(Post.find(45), :edit) # => "edit_post_45"
     def dom_id(record, prefix = nil) 
-      prefix ||= 'new' unless record.id
-      [ prefix, singular_class_name(record), record.id ].compact * '_'
+      if record_id = record.id
+        "#{dom_class(record, prefix)}#{JOIN}#{record_id}"
+      else
+        dom_class(record, prefix || NEW)
+      end
     end
 
     # Returns the plural class name of a record or class. Examples:
@@ -78,7 +85,7 @@ module ActionController
     #   plural_class_name(post)             # => "posts"
     #   plural_class_name(Highrise::Person) # => "highrise_people"
     def plural_class_name(record_or_class)
-      singular_class_name(record_or_class).pluralize
+      model_name_from_record_or_class(record_or_class).plural
     end
 
     # Returns the singular class name of a record or class. Examples:
@@ -86,12 +93,12 @@ module ActionController
     #   singular_class_name(post)             # => "post"
     #   singular_class_name(Highrise::Person) # => "highrise_person"
     def singular_class_name(record_or_class)
-      class_from_record_or_class(record_or_class).name.underscore.tr('/', '_')
+      model_name_from_record_or_class(record_or_class).singular
     end
 
     private
-      def class_from_record_or_class(record_or_class)
-        record_or_class.is_a?(Class) ? record_or_class : record_or_class.class
+      def model_name_from_record_or_class(record_or_class)
+        (record_or_class.is_a?(Class) ? record_or_class : record_or_class.class).model_name
       end
   end
-end
+end

data/lib/action_controller/request.rb

@@ -134,14 +134,17 @@ module ActionController
     # REMOTE_ADDR is a proxy.  HTTP_X_FORWARDED_FOR may be a comma-
     # delimited list in the case of multiple chained proxies; the last
     # address which is not trusted is the originating IP.
-
     def remote_ip
-      if TRUSTED_PROXIES !~ @env['REMOTE_ADDR']
-        return @env['REMOTE_ADDR']
+      remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].split(',').collect(&:strip)
+
+      unless remote_addr_list.blank?
+        not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
+        return not_trusted_addrs.first unless not_trusted_addrs.empty?
       end
+      remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
 
       if @env.include? 'HTTP_CLIENT_IP'
-        if @env.include? 'HTTP_X_FORWARDED_FOR'
+        if remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
           # We don't know which came from the proxy, and which from the user
           raise ActionControllerError.new(<<EOM)
 IP spoofing attack?!
@@ -149,11 +152,11 @@ HTTP_CLIENT_IP=#{@env['HTTP_CLIENT_IP'].inspect}
 HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}
 EOM
         end
+
         return @env['HTTP_CLIENT_IP']
       end
 
-      if @env.include? 'HTTP_X_FORWARDED_FOR' then
-        remote_ips = @env['HTTP_X_FORWARDED_FOR'].split(',')
+      if remote_ips
         while remote_ips.size > 1 && TRUSTED_PROXIES =~ remote_ips.last.strip
           remote_ips.pop
         end

data/lib/action_controller/routing.rb

@@ -88,6 +88,10 @@ module ActionController
   #
   #   map.connect ':controller/:action/:id', :action => 'show', :defaults => { :page => 'Dashboard' }
   #
+  # Note: The default routes, as provided by the Rails generator, make all actions in every
+  # controller accessible via GET requests. You should consider removing them or commenting
+  # them out if you're using named routes and resources.
+  #
   # == Named routes
   #
   # Routes can be named with the syntax <tt>map.name_of_route options</tt>,
@@ -369,7 +373,7 @@ module ActionController
 
     Routes = RouteSet.new
 
-    ::Inflector.module_eval do
+    ActiveSupport::Inflector.module_eval do
 	  # Ensures that routes are reloaded when Rails inflections are updated.
       def inflections_with_route_reloading(&block)
         returning(inflections_without_route_reloading(&block)) {

data/lib/action_controller/routing/builder.rb

@@ -67,10 +67,9 @@ module ActionController
         options = options.dup
 
         if options[:namespace]
-          options[:controller] = "#{options[:path_prefix]}/#{options[:controller]}"
+          options[:controller] = "#{options.delete(:namespace).sub(/\/$/, '')}/#{options[:controller]}"
           options.delete(:path_prefix)
           options.delete(:name_prefix)
-          options.delete(:namespace)
         end
 
         requirements = (options.delete(:requirements) || {}).dup

data/lib/action_controller/routing/segments.rb

@@ -249,7 +249,7 @@ module ActionController
       end
 
       def extract_value
-        "#{local_name} = hash[:#{key}] && hash[:#{key}].collect { |path_component| URI.escape(path_component.to_param, ActionController::Routing::Segment::UNSAFE_PCHAR) }.to_param #{"|| #{default.inspect}" if default}"
+        "#{local_name} = hash[:#{key}] && Array(hash[:#{key}]).collect { |path_component| URI.escape(path_component.to_param, ActionController::Routing::Segment::UNSAFE_PCHAR) }.to_param #{"|| #{default.inspect}" if default}"
       end
 
       def default

data/lib/action_controller/templates/rescues/layout.erb

@@ -1,4 +1,4 @@
-<html>
+<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
   <title>Action Controller: Exception caught</title>
   <style>

data/lib/action_controller/test_process.rb

@@ -171,7 +171,7 @@ module ActionController #:nodoc:
 
     # Was the response successful?
     def success?
-      response_code == 200
+      (200..299).include?(response_code)
     end
 
     # Was the URL not found?
@@ -333,7 +333,7 @@ module ActionController #:nodoc:
     attr_reader :original_filename
 
     # The content type of the "uploaded" file
-    attr_reader :content_type
+    attr_accessor :content_type
 
     def initialize(path, content_type = Mime::TEXT, binary = false)
       raise "#{path} file does not exist" unless File.exist?(path)
@@ -413,6 +413,8 @@ module ActionController #:nodoc:
       get(@response.redirected_to.delete(:action), @response.redirected_to.stringify_keys)
     end
 
+    deprecate :follow_redirect => "If you wish to follow redirects, you should use integration tests"
+
     def assigns(key = nil) 
       if key.nil? 
         @response.template.assigns 

data/lib/action_controller/vendor/html-scanner/html/document.rb

@@ -17,7 +17,7 @@ module HTML #:nodoc:
       @root = Node.new(nil)
       node_stack = [ @root ]
       while token = tokenizer.next
-        node = Node.parse(node_stack.last, tokenizer.line, tokenizer.position, token)
+        node = Node.parse(node_stack.last, tokenizer.line, tokenizer.position, token, strict)
 
         node_stack.last.children << node unless node.tag? && node.closing == :close
         if node.tag?

data/lib/action_controller/verification.rb

@@ -116,7 +116,7 @@ module ActionController #:nodoc:
     end
     
     def apply_redirect_to(redirect_to_option) # :nodoc:
-      redirect_to_option.is_a?(Symbol) ? self.send!(redirect_to_option) : redirect_to_option
+      (redirect_to_option.is_a?(Symbol) && redirect_to_option != :back) ? self.send!(redirect_to_option) : redirect_to_option
     end
     
     def apply_remaining_actions(options) # :nodoc:

data/lib/action_pack/version.rb

@@ -2,7 +2,7 @@ module ActionPack #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 2
     MINOR = 1
-    TINY  = 0
+    TINY  = 1
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/lib/action_view/base.rb

@@ -178,10 +178,13 @@ module ActionView #:nodoc:
     # that alert()s the caught exception (and then re-raises it). 
     @@debug_rjs = false
     cattr_accessor :debug_rjs
-    
+
     @@erb_variable = '_erbout'
     cattr_accessor :erb_variable
-    
+    class << self
+      deprecate :erb_variable= => 'The erb variable will no longer be configurable. Use the concat helper method instead of appending to it directly.'
+    end
+
     attr_internal :request
 
     delegate :request_forgery_protection_token, :template, :params, :session, :cookies, :response, :headers,
@@ -253,6 +256,7 @@ If you are rendering a subtemplate, you must now use controller-like partial syn
       elsif options == :update
         update_page(&block)
       elsif options.is_a?(Hash)
+        use_full_path = options[:use_full_path]
         options = options.reverse_merge(:locals => {}, :use_full_path => true)
 
         if partial_layout = options.delete(:layout)
@@ -266,7 +270,7 @@ If you are rendering a subtemplate, you must now use controller-like partial syn
             end
           end
         elsif options[:file]
-          render_file(options[:file], options[:use_full_path], options[:locals])
+          render_file(options[:file], use_full_path || false, options[:locals])
         elsif options[:partial] && options[:collection]
           render_partial_collection(options[:partial], options[:collection], options[:spacer_template], options[:locals])
         elsif options[:partial]

data/lib/action_view/helpers/asset_tag_helper.rb

@@ -485,21 +485,24 @@ module ActionView
                     source = "#{@controller.request.relative_url_root}#{source}"
                   end
                 end
-                source = rewrite_asset_path(source)
 
-                if include_host
-                  host = compute_asset_host(source)
+                rewrite_asset_path(source)
+              end
+            end
 
-                  if has_request && !host.blank? && host !~ %r{^[-a-z]+://}
-                    host = "#{@controller.request.protocol}#{host}"
-                  end
+          source = ActionView::Base.computed_public_paths[cache_key]
 
-                  "#{host}#{source}"
-                else
-                  source
-                end
-              end
+          if include_host && source !~ %r{^[-a-z]+://}
+            host = compute_asset_host(source)
+
+            if has_request && !host.blank? && host !~ %r{^[-a-z]+://}
+              host = "#{@controller.request.protocol}#{host}"
             end
+
+            "#{host}#{source}"
+          else
+            source
+          end
         end
 
         # Pick an asset host for this source. Returns +nil+ if no host is set,

data/lib/action_view/helpers/date_helper.rb

@@ -696,15 +696,15 @@ module ActionView
 
     class FormBuilder
       def date_select(method, options = {}, html_options = {})
-        @template.date_select(@object_name, method, options.merge(:object => @object))
+        @template.date_select(@object_name, method, options.merge(:object => @object), html_options)
       end
 
       def time_select(method, options = {}, html_options = {})
-        @template.time_select(@object_name, method, options.merge(:object => @object))
+        @template.time_select(@object_name, method, options.merge(:object => @object), html_options)
       end
 
       def datetime_select(method, options = {}, html_options = {})
-        @template.datetime_select(@object_name, method, options.merge(:object => @object))
+        @template.datetime_select(@object_name, method, options.merge(:object => @object), html_options)
       end
     end
   end

data/lib/action_view/helpers/form_helper.rb

@@ -601,7 +601,11 @@ module ActionView
       end
 
       def object
-        @object || (@template_object.instance_variable_get("@#{@object_name}") rescue nil)
+        @object || @template_object.instance_variable_get("@#{@object_name}")
+      rescue NameError
+        # As @object_name may contain the nested syntax (item[subobject]) we
+        # need to fallback to nil.
+        nil
       end
 
       def value(object)

data/lib/action_view/helpers/form_options_helper.rb

@@ -304,7 +304,7 @@ module ActionView
       #
       # NOTE: Only the option tags are returned, you have to wrap this call in
       # a regular HTML select tag.
-      def time_zone_options_for_select(selected = nil, priority_zones = nil, model = TimeZone)
+      def time_zone_options_for_select(selected = nil, priority_zones = nil, model = ::ActiveSupport::TimeZone)
         zone_options = ""
 
         zones = model.all
@@ -417,7 +417,7 @@ module ActionView
         value = value(object)
         content_tag("select",
           add_options(
-            time_zone_options_for_select(value || options[:default], priority_zones, options[:model] || TimeZone),
+            time_zone_options_for_select(value || options[:default], priority_zones, options[:model] || ActiveSupport::TimeZone),
             options, value
           ), html_options
         )

data/lib/action_view/helpers/form_tag_helper.rb

@@ -129,7 +129,7 @@ module ActionView
       #   label_tag 'name', nil, :class => 'small_label'
       #   # => <label for="name" class="small_label">Name</label>
       def label_tag(name, text = nil, options = {})
-        content_tag :label, text || name.humanize, { "for" => name }.update(options.stringify_keys)
+        content_tag :label, text || name.to_s.humanize, { "for" => name }.update(options.stringify_keys)
       end
 
       # Creates a hidden form input field used to transmit data that would be lost due to HTTP's statelessness or
@@ -348,11 +348,13 @@ module ActionView
         options.stringify_keys!
         
         if disable_with = options.delete("disable_with")
+          disable_with = "this.value='#{disable_with}'"
+          disable_with << ";#{options.delete('onclick')}" if options['onclick']
+          
           options["onclick"] = [
             "this.setAttribute('originalValue', this.value)",
             "this.disabled=true",
-            "this.value='#{disable_with}'",
-            "#{options["onclick"]}",
+            disable_with,
             "result = (this.form.onsubmit ? (this.form.onsubmit() ? this.form.submit() : false) : this.form.submit())",
             "if (result == false) { this.value = this.getAttribute('originalValue'); this.disabled = false }",
             "return result;",