actionpack 2.1.2 → 2.2.2

data/lib/action_controller/routing/route_set.rb

@@ -1,6 +1,6 @@
 module ActionController
   module Routing
-    class RouteSet #:nodoc: 
+    class RouteSet #:nodoc:
       # Mapper instances are used to build routes. The object passed to the draw
       # block in config/routes.rb is a Mapper instance.
       #
@@ -115,7 +115,7 @@ module ActionController
         def install(destinations = [ActionController::Base, ActionView::Base], regenerate = false)
           reset! if regenerate
           Array(destinations).each do |dest|
-            dest.send! :include, @module
+            dest.__send__(:include, @module)
           end
         end
 
@@ -168,6 +168,7 @@ module ActionController
             #
             @module.module_eval <<-end_eval # We use module_eval to avoid leaks
               def #{selector}(*args)
+
                 #{generate_optimisation_block(route, kind)}
 
                 opts = if args.empty? || Hash === args.first
@@ -194,6 +195,7 @@ module ActionController
       def initialize
         self.routes = []
         self.named_routes = NamedRouteCollection.new
+
         clear_recognize_optimized!
       end
 
@@ -214,7 +216,7 @@ module ActionController
         named_routes.clear
         @combined_regexp = nil
         @routes_by_controller = nil
-        # This will force routing/recognition_optimisation.rb
+        # This will force routing/recognition_optimization.rb
         # to refresh optimisations.
         clear_recognize_optimized!
       end
@@ -232,7 +234,6 @@ module ActionController
         Routing.use_controllers! nil # Clear the controller cache so we may discover new ones
         clear!
         load_routes!
-        install_helpers
       end
 
       # reload! will always force a reload whereas load checks the timestamp first
@@ -353,7 +354,7 @@ module ActionController
           if generate_all
             # Used by caching to expire all paths for a resource
             return routes.collect do |route|
-              route.send!(method, options, merged, expire_on)
+              route.__send__(method, options, merged, expire_on)
             end.compact
           end
 
@@ -361,7 +362,7 @@ module ActionController
           routes = routes_by_controller[controller][action][options.keys.sort_by { |x| x.object_id }]
 
           routes.each do |route|
-            results = route.send!(method, options, merged, expire_on)
+            results = route.__send__(method, options, merged, expire_on)
             return results if results && (!results.is_a?(Array) || results.first)
           end
         end
@@ -433,4 +434,4 @@ module ActionController
       end
     end
   end
-end
+end

data/lib/action_controller/routing/routing_ext.rb

@@ -1,4 +1,3 @@
-
 class Object
   def to_param
     to_s
@@ -28,6 +27,10 @@ class Regexp #:nodoc:
     Regexp.new("|#{source}").match('').captures.length
   end
 
+  def multiline?
+    options & MULTILINE == MULTILINE
+  end
+
   class << self
     def optionalize(pattern)
       case unoptionalize(pattern)

data/lib/action_controller/routing/segments.rb

@@ -2,13 +2,19 @@ module ActionController
   module Routing
     class Segment #:nodoc:
       RESERVED_PCHAR = ':@&=+$,;'
-      UNSAFE_PCHAR = Regexp.new("[^#{URI::REGEXP::PATTERN::UNRESERVED}#{RESERVED_PCHAR}]", false, 'N').freeze
+      SAFE_PCHAR = "#{URI::REGEXP::PATTERN::UNRESERVED}#{RESERVED_PCHAR}"
+      UNSAFE_PCHAR = Regexp.new("[^#{SAFE_PCHAR}]", false, 'N').freeze
 
+      # TODO: Convert :is_optional accessor to read only
       attr_accessor :is_optional
       alias_method :optional?, :is_optional
 
       def initialize
-        self.is_optional = false
+        @is_optional = false
+      end
+
+      def number_of_captures
+        Regexp.new(regexp_chunk).number_of_captures
       end
 
       def extraction_code
@@ -63,12 +69,14 @@ module ActionController
     end
 
     class StaticSegment < Segment #:nodoc:
-      attr_accessor :value, :raw
+      attr_reader :value, :raw
       alias_method :raw?, :raw
 
-      def initialize(value = nil)
+      def initialize(value = nil, options = {})
         super()
-        self.value = value
+        @value = value
+        @raw = options[:raw] if options.key?(:raw)
+        @is_optional = options[:optional] if options.key?(:optional)
       end
 
       def interpolation_chunk
@@ -80,6 +88,10 @@ module ActionController
         optional? ? Regexp.optionalize(chunk) : chunk
       end
 
+      def number_of_captures
+        0
+      end
+
       def build_pattern(pattern)
         escaped = Regexp.escape(value)
         if optional? && ! pattern.empty?
@@ -97,10 +109,8 @@ module ActionController
     end
 
     class DividerSegment < StaticSegment #:nodoc:
-      def initialize(value = nil)
-        super(value)
-        self.raw = true
-        self.is_optional = true
+      def initialize(value = nil, options = {})
+        super(value, {:raw => true, :optional => true}.merge(options))
       end
 
       def optionality_implied?
@@ -109,13 +119,17 @@ module ActionController
     end
 
     class DynamicSegment < Segment #:nodoc:
-      attr_accessor :key, :default, :regexp
+      attr_reader :key
+
+      # TODO: Convert these accessors to read only
+      attr_accessor :default, :regexp
 
       def initialize(key = nil, options = {})
         super()
-        self.key = key
-        self.default = options[:default] if options.key? :default
-        self.is_optional = true if options[:optional] || options.key?(:default)
+        @key = key
+        @default = options[:default] if options.key?(:default)
+        @regexp = options[:regexp] if options.key?(:regexp)
+        @is_optional = true if options[:optional] || options.key?(:default)
       end
 
       def to_s
@@ -130,6 +144,7 @@ module ActionController
       def extract_value
         "#{local_name} = hash[:#{key}] && hash[:#{key}].to_param #{"|| #{default.inspect}" if default}"
       end
+
       def value_check
         if default # Then we know it won't be nil
           "#{value_regexp.inspect} =~ #{local_name}" if regexp
@@ -141,6 +156,7 @@ module ActionController
           "#{local_name} #{"&& #{value_regexp.inspect} =~ #{local_name}" if regexp}"
         end
       end
+
       def expiry_statement
         "expired, hash = true, options if !expired && expire_on[:#{key}]"
       end
@@ -152,7 +168,7 @@ module ActionController
         s << "\n#{expiry_statement}"
       end
 
-      def interpolation_chunk(value_code = "#{local_name}")
+      def interpolation_chunk(value_code = local_name)
         "\#{URI.escape(#{value_code}.to_s, ActionController::Routing::Segment::UNSAFE_PCHAR)}"
       end
 
@@ -175,7 +191,7 @@ module ActionController
       end
 
       def regexp_chunk
-        if regexp 
+        if regexp
           if regexp_has_modifiers?
             "(#{regexp.to_s})"
           else
@@ -186,10 +202,16 @@ module ActionController
         end
       end
 
+      def number_of_captures
+        if regexp
+          regexp.number_of_captures + 1
+        else
+          1
+        end
+      end
+
       def build_pattern(pattern)
-        chunk = regexp_chunk
-        chunk = "(#{chunk})" if Regexp.new(chunk).number_of_captures == 0
-        pattern = "#{chunk}#{pattern}"
+        pattern = "#{regexp_chunk}#{pattern}"
         optional? ? Regexp.optionalize(pattern) : pattern
       end
 
@@ -214,7 +236,6 @@ module ActionController
       def regexp_has_modifiers?
         regexp.options & (Regexp::IGNORECASE | Regexp::EXTENDED) != 0
       end
-
     end
 
     class ControllerSegment < DynamicSegment #:nodoc:
@@ -223,8 +244,12 @@ module ActionController
         "(?i-:(#{(regexp || Regexp.union(*possible_names)).source}))"
       end
 
+      def number_of_captures
+        1
+      end
+
       # Don't URI.escape the controller name since it may contain slashes.
-      def interpolation_chunk(value_code = "#{local_name}")
+      def interpolation_chunk(value_code = local_name)
         "\#{#{value_code}.to_s}"
       end
 
@@ -244,7 +269,7 @@ module ActionController
     end
 
     class PathSegment < DynamicSegment #:nodoc:
-      def interpolation_chunk(value_code = "#{local_name}")
+      def interpolation_chunk(value_code = local_name)
         "\#{#{value_code}}"
       end
 
@@ -268,6 +293,10 @@ module ActionController
         regexp || "(.*)"
       end
 
+      def number_of_captures
+        regexp ? regexp.number_of_captures : 1
+      end
+
       def optionality_implied?
         true
       end

data/lib/action_controller/session/cookie_store.rb

@@ -70,7 +70,8 @@ class CGI::Session::CookieStore
       'path'    => options['session_path'],
       'domain'  => options['session_domain'],
       'expires' => options['session_expires'],
-      'secure'  => options['session_secure']
+      'secure'  => options['session_secure'],
+      'http_only' => options['session_http_only']
     }
 
     # Set no_hidden and no_cookies since the session id is unused and we
@@ -129,7 +130,7 @@ class CGI::Session::CookieStore
   private
     # Marshal a session hash into safe cookie data. Include an integrity hash.
     def marshal(session)
-      data = ActiveSupport::Base64.encode64(Marshal.dump(session)).chop
+      data = ActiveSupport::Base64.encode64s(Marshal.dump(session))
       "#{data}--#{generate_digest(data)}"
     end
 

data/lib/action_controller/session/drb_server.rb

@@ -1,8 +1,8 @@
-#!/usr/local/bin/ruby -w
-                                                                                
-# This is a really simple session storage daemon, basically just a hash, 
+#!/usr/bin/env ruby
+
+# This is a really simple session storage daemon, basically just a hash,
 # which is enabled for DRb access.
-                                                                                
+
 require 'drb'
 
 session_hash = Hash.new
@@ -14,13 +14,13 @@ class <<session_hash
       super(key, value)
     end
   end
-  
+
   def [](key)
     @mutex.synchronize do
       super(key)
     end
   end
-  
+
   def delete(key)
     @mutex.synchronize do
       super(key)
@@ -29,4 +29,4 @@ class <<session_hash
 end
 
 DRb.start_service('druby://127.0.0.1:9192', session_hash)
-DRb.thread.join
+DRb.thread.join

data/lib/action_controller/session_management.rb

@@ -60,6 +60,10 @@ module ActionController #:nodoc:
       #   # the session will only work over HTTPS, but only for the foo action
       #   session :only => :foo, :session_secure => true
       #
+      #   # the session by default uses HttpOnly sessions for security reasons.
+      #   # this can be switched off.
+      #   session :only => :foo, :session_http_only => false
+      #
       #   # the session will only be disabled for 'foo', and only if it is
       #   # requested as a web service
       #   session :off, :only => :foo,
@@ -86,14 +90,14 @@ module ActionController #:nodoc:
           raise ArgumentError, "only one of either :only or :except are allowed"
         end
 
-        write_inheritable_array("session_options", [options])
+        write_inheritable_array(:session_options, [options])
       end
 
       # So we can declare session options in the Rails initializer.
       alias_method :session=, :session
 
       def cached_session_options #:nodoc:
-        @session_options ||= read_inheritable_attribute("session_options") || []
+        @session_options ||= read_inheritable_attribute(:session_options) || []
       end
 
       def session_options_for(request, action) #:nodoc:

data/lib/action_controller/streaming.rb

@@ -12,19 +12,21 @@ module ActionController #:nodoc:
     X_SENDFILE_HEADER = 'X-Sendfile'.freeze
 
     protected
-      # Sends the file by streaming it 4096 bytes at a time. This way the
-      # whole file doesn't need to be read into memory at once.  This makes
-      # it feasible to send even large files.
+      # Sends the file, by default streaming it 4096 bytes at a time. This way the
+      # whole file doesn't need to be read into memory at once. This makes it
+      # feasible to send even large files. You can optionally turn off streaming
+      # and send the whole file at once.
       #
-      # Be careful to sanitize the path parameter if it coming from a web
+      # Be careful to sanitize the path parameter if it is coming from a web
       # page. <tt>send_file(params[:path])</tt> allows a malicious user to
       # download any file on your server.
       #
       # Options:
       # * <tt>:filename</tt> - suggests a filename for the browser to use.
       #   Defaults to <tt>File.basename(path)</tt>.
-      # * <tt>:type</tt> - specifies an HTTP content type.
-      #   Defaults to 'application/octet-stream'.
+      # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'.
+      # * <tt>:length</tt> - used to manually override the length (in bytes) of the content that
+      #   is going to be sent to the client. Defaults to <tt>File.size(path)</tt>.
       # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
       #   Valid values are 'inline' and 'attachment' (default).
       # * <tt>:stream</tt> - whether to send the file to the user agent as it is read (+true+)
@@ -35,6 +37,12 @@ module ActionController #:nodoc:
       # * <tt>:url_based_filename</tt> - set to +true+ if you want the browser guess the filename from
       #   the URL, which is necessary for i18n filenames on certain browsers
       #   (setting <tt>:filename</tt> overrides this option).
+      # * <tt>:x_sendfile</tt> - uses X-Sendfile to send the file when set to +true+. This is currently
+      #   only available with Lighttpd/Apache2 and specific modules installed and activated. Since this
+      #   uses the web server to send the file, this may lower memory consumption on your server and
+      #   it will not block your application for further requests.
+      #   See http://blog.lighttpd.net/articles/2006/07/02/x-sendfile and
+      #   http://tn123.ath.cx/mod_xsendfile/ for details. Defaults to +false+.
       #
       # The default Content-Type and Content-Disposition headers are
       # set to download arbitrary binary files in as many browsers as
@@ -99,8 +107,7 @@ module ActionController #:nodoc:
       #
       # Options:
       # * <tt>:filename</tt> - suggests a filename for the browser to use.
-      # * <tt>:type</tt> - specifies an HTTP content type.
-      #   Defaults to 'application/octet-stream'.
+      # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'.
       # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
       #   Valid values are 'inline' and 'attachment' (default).
       # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to '200 OK'.

data/lib/action_controller/templates/rescues/diagnostics.erb

@@ -6,6 +6,6 @@
 </h1>
 <pre><%=h @exception.clean_message %></pre>
 
-<%= render_file(@rescues_path + "/_trace.erb", false) %>
+<%= render(:file => @rescues_path + "/_trace.erb") %>
 
-<%= render_file(@rescues_path + "/_request_and_response.erb", false) %>
+<%= render(:file => @rescues_path + "/_request_and_response.erb") %>

data/lib/action_controller/templates/rescues/template_error.erb

@@ -15,7 +15,7 @@
 
 <% @real_exception = @exception
    @exception = @exception.original_exception || @exception %>
-<%= render_file(@rescues_path + "/_trace.erb", false) %>
+<%= render(:file => @rescues_path + "/_trace.erb") %>
 <% @exception = @real_exception %>
 
-<%= render_file(@rescues_path + "/_request_and_response.erb", false) %>
+<%= render(:file => @rescues_path + "/_request_and_response.erb") %>

data/lib/action_controller/test_case.rb

@@ -15,6 +15,65 @@ module ActionController
     end
   end
 
+  # Superclass for ActionController functional tests. Functional tests allow you to
+  # test a single controller action per test method. This should not be confused with
+  # integration tests (see ActionController::IntegrationTest), which are more like
+  # "stories" that can involve multiple controllers and mutliple actions (i.e. multiple
+  # different HTTP requests).
+  #
+  # == Basic example
+  #
+  # Functional tests are written as follows:
+  # 1. First, one uses the +get+, +post+, +put+, +delete+ or +head+ method to simulate
+  #    an HTTP request.
+  # 2. Then, one asserts whether the current state is as expected. "State" can be anything:
+  #    the controller's HTTP response, the database contents, etc.
+  #
+  # For example:
+  #
+  #   class BooksControllerTest < ActionController::TestCase
+  #     def test_create
+  #       # Simulate a POST response with the given HTTP parameters.
+  #       post(:create, :book => { :title => "Love Hina" })
+  #
+  #       # Assert that the controller tried to redirect us to
+  #       # the created book's URI.
+  #       assert_response :found
+  #
+  #       # Assert that the controller really put the book in the database.
+  #       assert_not_nil Book.find_by_title("Love Hina")
+  #     end
+  #   end
+  #
+  # == Special instance variables
+  #
+  # ActionController::TestCase will also automatically provide the following instance
+  # variables for use in the tests:
+  #
+  # <b>@controller</b>::
+  #      The controller instance that will be tested.
+  # <b>@request</b>::
+  #      An ActionController::TestRequest, representing the current HTTP
+  #      request. You can modify this object before sending the HTTP request. For example,
+  #      you might want to set some session properties before sending a GET request.
+  # <b>@response</b>::
+  #      An ActionController::TestResponse object, representing the response
+  #      of the last HTTP response. In the above example, <tt>@response</tt> becomes valid
+  #      after calling +post+. If the various assert methods are not sufficient, then you
+  #      may use this object to inspect the HTTP response in detail.
+  #
+  # (Earlier versions of Rails required each functional test to subclass
+  # Test::Unit::TestCase and define @controller, @request, @response in +setup+.)
+  #
+  # == Controller is automatically inferred
+  #
+  # ActionController::TestCase will automatically infer the controller under test
+  # from the test class name. If the controller cannot be inferred from the test
+  # class name, you can explicity set it with +tests+.
+  #
+  #   class SpecialEdgeCaseWidgetsControllerTest < ActionController::TestCase
+  #     tests WidgetController
+  #   end
   class TestCase < ActiveSupport::TestCase
     # When the request.remote_addr remains the default for testing, which is 0.0.0.0, the exception is simply raised inline
     # (bystepping the regular exception handling from rescue_action). If the request.remote_addr is anything else, the regular
@@ -25,7 +84,7 @@ module ActionController
     module RaiseActionExceptions
       attr_accessor :exception
 
-      def rescue_action(e)
+      def rescue_action_without_handler(e)
         self.exception = e
         
         if request.remote_addr == "0.0.0.0"
@@ -41,6 +100,8 @@ module ActionController
     @@controller_class = nil
 
     class << self
+      # Sets the controller class name. Useful if the name can't be inferred from test class.
+      # Expects +controller_class+ as a constant. Example: <tt>tests WidgetController</tt>.
       def tests(controller_class)
         self.controller_class = controller_class
       end
@@ -73,6 +134,9 @@ module ActionController
       @controller = self.class.controller_class.new
       @controller.request = @request = TestRequest.new
       @response = TestResponse.new
+
+      @controller.params = {}
+      @controller.send(:initialize_current_url)
     end
     
     # Cause the action to be rescued according to the regular rules for rescue_action when the visitor is not local
@@ -80,4 +144,4 @@ module ActionController
       @request.remote_addr = '208.77.188.166' # example.com
     end
  end
-end
+end