actionpack 2.1.2 → 2.2.2

data/lib/action_controller/layout.rb

@@ -3,11 +3,6 @@ module ActionController #:nodoc:
     def self.included(base)
       base.extend(ClassMethods)
       base.class_eval do
-        # NOTE: Can't use alias_method_chain here because +render_without_layout+ is already
-        # defined as a publicly exposed method
-        alias_method :render_with_no_layout, :render
-        alias_method :render, :render_with_a_layout
-
         class << self
           alias_method_chain :inherited, :layout
         end
@@ -169,17 +164,17 @@ module ActionController #:nodoc:
       # performance and have access to them as any normal template would.
       def layout(template_name, conditions = {}, auto = false)
         add_layout_conditions(conditions)
-        write_inheritable_attribute "layout", template_name
-        write_inheritable_attribute "auto_layout", auto
+        write_inheritable_attribute(:layout, template_name)
+        write_inheritable_attribute(:auto_layout, auto)
       end
 
       def layout_conditions #:nodoc:
-        @layout_conditions ||= read_inheritable_attribute("layout_conditions")
+        @layout_conditions ||= read_inheritable_attribute(:layout_conditions)
       end
 
       def default_layout(format) #:nodoc:
-        layout = read_inheritable_attribute("layout")
-        return layout unless read_inheritable_attribute("auto_layout")
+        layout = read_inheritable_attribute(:layout)
+        return layout unless read_inheritable_attribute(:auto_layout)
         @default_layout ||= {}
         @default_layout[format] ||= default_layout_with_format(format, layout)
         @default_layout[format]
@@ -199,7 +194,7 @@ module ActionController #:nodoc:
         end
 
         def add_layout_conditions(conditions)
-          write_inheritable_hash "layout_conditions", normalize_conditions(conditions)
+          write_inheritable_hash(:layout_conditions, normalize_conditions(conditions))
         end
 
         def normalize_conditions(conditions)
@@ -221,10 +216,10 @@ module ActionController #:nodoc:
     # object). If the layout was defined without a directory, layouts is assumed. So <tt>layout "weblog/standard"</tt> will return
     # weblog/standard, but <tt>layout "standard"</tt> will return layouts/standard.
     def active_layout(passed_layout = nil)
-      layout = passed_layout || self.class.default_layout(response.template.template_format)
+      layout = passed_layout || self.class.default_layout(default_template_format)
       active_layout = case layout
         when String then layout
-        when Symbol then send!(layout)
+        when Symbol then __send__(layout)
         when Proc   then layout.call(self)
       end
 
@@ -240,51 +235,24 @@ module ActionController #:nodoc:
       end
     end
 
-    protected
-      def render_with_a_layout(options = nil, extra_options = {}, &block) #:nodoc:
-        template_with_options = options.is_a?(Hash)
-
-        if (layout = pick_layout(template_with_options, options)) && apply_layout?(template_with_options, options)
-          options = options.merge :layout => false if template_with_options
-          logger.info("Rendering template within #{layout}") if logger
-
-          content_for_layout = render_with_no_layout(options, extra_options, &block)
-          erase_render_results
-          add_variables_to_assigns
-          @template.instance_variable_set("@content_for_layout", content_for_layout)
-          response.layout = layout
-          status = template_with_options ? options[:status] : nil
-          render_for_text(@template.render_file(layout, true), status)
-        else
-          render_with_no_layout(options, extra_options, &block)
-        end
-      end
-
-
     private
-      def apply_layout?(template_with_options, options)
-        return false if options == :update
-        template_with_options ?  candidate_for_layout?(options) : !template_exempt_from_layout?
-      end
-
       def candidate_for_layout?(options)
-        (options.has_key?(:layout) && options[:layout] != false) ||
-          options.values_at(:text, :xml, :json, :file, :inline, :partial, :nothing).compact.empty? &&
-          !template_exempt_from_layout?(options[:template] || default_template_name(options[:action]))
+        options.values_at(:text, :xml, :json, :file, :inline, :partial, :nothing, :update).compact.empty? &&
+          !@template.__send__(:_exempt_from_layout?, options[:template] || default_template_name(options[:action]))
       end
 
-      def pick_layout(template_with_options, options)
-        if template_with_options
-          case layout = options[:layout]
-            when FalseClass
-              nil
-            when NilClass, TrueClass
-              active_layout if action_has_layout?
-            else
-              active_layout(layout)
+      def pick_layout(options)
+        if options.has_key?(:layout)
+          case layout = options.delete(:layout)
+          when FalseClass
+            nil
+          when NilClass, TrueClass
+            active_layout if action_has_layout? && !@template.__send__(:_exempt_from_layout?, default_template_name)
+          else
+            active_layout(layout)
           end
         else
-          active_layout if action_has_layout?
+          active_layout if action_has_layout? && candidate_for_layout?(options)
         end
       end
 
@@ -304,7 +272,13 @@ module ActionController #:nodoc:
       end
 
       def layout_directory?(layout_name)
-        @template.finder.find_template_extension_from_handler(File.join('layouts', layout_name))
+        @template.__send__(:_pick_template, "#{File.join('layouts', layout_name)}.#{@template.template_format}") ? true : false
+      rescue ActionView::MissingTemplate
+        false
+      end
+
+      def default_template_format
+        response.template.template_format
       end
   end
 end

data/lib/action_controller/mime_responds.rb

@@ -114,7 +114,11 @@ module ActionController #:nodoc:
         @request    = controller.request
         @response   = controller.response
 
-        @mime_type_priority = Array(Mime::Type.lookup_by_extension(@request.parameters[:format]) || @request.accepts)
+        if ActionController::Base.use_accept_header
+          @mime_type_priority = Array(Mime::Type.lookup_by_extension(@request.parameters[:format]) || @request.accepts)
+        else
+          @mime_type_priority = [@request.format]
+        end
 
         @order     = []
         @responses = {}

data/lib/action_controller/mime_type.rb

@@ -1,3 +1,5 @@
+require 'set'
+
 module Mime
   SET              = []
   EXTENSION_LOOKUP = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
@@ -18,8 +20,20 @@ module Mime
   #   end
   class Type
     @@html_types = Set.new [:html, :all]
+    cattr_reader :html_types
+
+    # These are the content types which browsers can generate without using ajax, flash, etc
+    # i.e. following a link, getting an image or posting a form.  CSRF protection
+    # only needs to protect against these types.
+    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
+    cattr_reader :browser_generated_types
+
+
     @@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml]
-    cattr_reader :html_types, :unverifiable_types
+    def self.unverifiable_types
+      ActiveSupport::Deprecation.warn("unverifiable_types is deprecated and has no effect", caller)
+      @@unverifiable_types
+    end
 
     # A simple helper class used in parsing the accept header
     class AcceptItem #:nodoc:
@@ -72,57 +86,61 @@ module Mime
       end
 
       def parse(accept_header)
-        # keep track of creation order to keep the subsequent sort stable
-        list = []
-        accept_header.split(/,/).each_with_index do |header, index| 
-          params, q = header.split(/;\s*q=/)       
-          if params
-            params.strip!          
-            list << AcceptItem.new(index, params, q) unless params.empty?
+        if accept_header !~ /,/
+          [Mime::Type.lookup(accept_header)]
+        else
+          # keep track of creation order to keep the subsequent sort stable
+          list = []
+          accept_header.split(/,/).each_with_index do |header, index| 
+            params, q = header.split(/;\s*q=/)       
+            if params
+              params.strip!          
+              list << AcceptItem.new(index, params, q) unless params.empty?
+            end
           end
-        end
-        list.sort!
+          list.sort!
 
-        # Take care of the broken text/xml entry by renaming or deleting it
-        text_xml = list.index("text/xml")
-        app_xml = list.index(Mime::XML.to_s)
+          # Take care of the broken text/xml entry by renaming or deleting it
+          text_xml = list.index("text/xml")
+          app_xml = list.index(Mime::XML.to_s)
 
-        if text_xml && app_xml
-          # set the q value to the max of the two
-          list[app_xml].q = [list[text_xml].q, list[app_xml].q].max
+          if text_xml && app_xml
+            # set the q value to the max of the two
+            list[app_xml].q = [list[text_xml].q, list[app_xml].q].max
 
-          # make sure app_xml is ahead of text_xml in the list
-          if app_xml > text_xml
-            list[app_xml], list[text_xml] = list[text_xml], list[app_xml]
-            app_xml, text_xml = text_xml, app_xml
-          end
+            # make sure app_xml is ahead of text_xml in the list
+            if app_xml > text_xml
+              list[app_xml], list[text_xml] = list[text_xml], list[app_xml]
+              app_xml, text_xml = text_xml, app_xml
+            end
 
-          # delete text_xml from the list
-          list.delete_at(text_xml)
+            # delete text_xml from the list
+            list.delete_at(text_xml)
 
-        elsif text_xml
-          list[text_xml].name = Mime::XML.to_s
-        end
+          elsif text_xml
+            list[text_xml].name = Mime::XML.to_s
+          end
 
-        # Look for more specific XML-based types and sort them ahead of app/xml
+          # Look for more specific XML-based types and sort them ahead of app/xml
 
-        if app_xml
-          idx = app_xml
-          app_xml_type = list[app_xml]
+          if app_xml
+            idx = app_xml
+            app_xml_type = list[app_xml]
 
-          while(idx < list.length)
-            type = list[idx]
-            break if type.q < app_xml_type.q
-            if type.name =~ /\+xml$/
-              list[app_xml], list[idx] = list[idx], list[app_xml]
-              app_xml = idx
+            while(idx < list.length)
+              type = list[idx]
+              break if type.q < app_xml_type.q
+              if type.name =~ /\+xml$/
+                list[app_xml], list[idx] = list[idx], list[app_xml]
+                app_xml = idx
+              end
+              idx += 1
             end
-            idx += 1
           end
-        end
 
-        list.map! { |i| Mime::Type.lookup(i.name) }.uniq!
-        list
+          list.map! { |i| Mime::Type.lookup(i.name) }.uniq!
+          list
+        end
       end
     end
     
@@ -159,15 +177,19 @@ module Mime
     end
 
     # Returns true if Action Pack should check requests using this Mime Type for possible request forgery.  See
-    # ActionController::RequestForgerProtection.
+    # ActionController::RequestForgeryProtection.
     def verify_request?
-      !@@unverifiable_types.include?(to_sym)
+      browser_generated?
     end
 
     def html?
       @@html_types.include?(to_sym) || @string =~ /html/
     end
 
+    def browser_generated?
+      @@browser_generated_types.include?(to_sym)
+    end
+
     private
       def method_missing(method, *args)
         if method.to_s =~ /(\w+)\?$/

data/lib/action_controller/mime_types.rb

@@ -17,4 +17,5 @@ Mime::Type.register "multipart/form-data", :multipart_form
 Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form
 
 # http://www.ietf.org/rfc/rfc4627.txt
-Mime::Type.register "application/json", :json, %w( text/x-json )
+# http://www.json.org/JSONRequest.html
+Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest )

data/lib/action_controller/performance_test.rb

@@ -0,0 +1,16 @@
+require 'action_controller/integration'
+require 'active_support/testing/performance'
+require 'active_support/testing/default'
+
+module ActionController
+  # An integration test that runs a code profiler on your test methods.
+  # Profiling output for combinations of each test method, measurement, and
+  # output format are written to your tmp/performance directory.
+  #
+  # By default, process_time is measured and both flat and graph_html output
+  # formats are written, so you'll have two output files per test method.
+  class PerformanceTest < ActionController::IntegrationTest
+    include ActiveSupport::Testing::Performance
+    include ActiveSupport::Testing::Default
+  end
+end

data/lib/action_controller/polymorphic_routes.rb

@@ -73,7 +73,8 @@ module ActionController
     #
     def polymorphic_url(record_or_hash_or_array, options = {})
       if record_or_hash_or_array.kind_of?(Array)
-        record_or_hash_or_array = record_or_hash_or_array.dup
+        record_or_hash_or_array = record_or_hash_or_array.compact
+        record_or_hash_or_array = record_or_hash_or_array[0] if record_or_hash_or_array.size == 1
       end
 
       record    = extract_record(record_or_hash_or_array)
@@ -102,7 +103,13 @@ module ActionController
       args << format if format
       
       named_route = build_named_route_call(record_or_hash_or_array, namespace, inflection, options)
-      send!(named_route, *args)
+
+      url_options = options.except(:action, :routing_type, :format)
+      unless url_options.empty?
+        args.last.kind_of?(Hash) ? args.last.merge!(url_options) : args << url_options
+      end
+
+      __send__(named_route, *args)
     end
 
     # Returns the path component of a URL for the given record. It uses
@@ -114,19 +121,19 @@ module ActionController
 
     %w(edit new formatted).each do |action|
       module_eval <<-EOT, __FILE__, __LINE__
-        def #{action}_polymorphic_url(record_or_hash)
-          polymorphic_url(record_or_hash, :action => "#{action}")
+        def #{action}_polymorphic_url(record_or_hash, options = {})
+          polymorphic_url(record_or_hash, options.merge(:action => "#{action}"))
         end
 
-        def #{action}_polymorphic_path(record_or_hash)
-          polymorphic_url(record_or_hash, :action => "#{action}", :routing_type => :path)
+        def #{action}_polymorphic_path(record_or_hash, options = {})
+          polymorphic_url(record_or_hash, options.merge(:action => "#{action}", :routing_type => :path))
         end
       EOT
     end
 
     private
       def action_prefix(options)
-        options[:action] ? "#{options[:action]}_" : ""
+        options[:action] ? "#{options[:action]}_" : options[:format] ? "formatted_" : ""
       end
 
       def routing_type(options)
@@ -143,7 +150,7 @@ module ActionController
             if parent.is_a?(Symbol) || parent.is_a?(String)
               string << "#{parent}_"
             else
-              string << "#{RecordIdentifier.send!("singular_class_name", parent)}_"
+              string << "#{RecordIdentifier.__send__("singular_class_name", parent)}_"
             end
           end
         end
@@ -151,7 +158,7 @@ module ActionController
         if record.is_a?(Symbol) || record.is_a?(String)
           route << "#{record}_"
         else
-          route << "#{RecordIdentifier.send!("#{inflection}_class_name", record)}_"
+          route << "#{RecordIdentifier.__send__("#{inflection}_class_name", record)}_"
         end
 
         action_prefix(options) + namespace + route + routing_type(options).to_s

data/lib/action_controller/rack_process.rb

@@ -0,0 +1,303 @@
+require 'action_controller/cgi_ext'
+require 'action_controller/session/cookie_store'
+
+module ActionController #:nodoc:
+  class RackRequest < AbstractRequest #:nodoc:
+    attr_accessor :session_options
+    attr_reader :cgi
+
+    class SessionFixationAttempt < StandardError #:nodoc:
+    end
+
+    DEFAULT_SESSION_OPTIONS = {
+      :database_manager => CGI::Session::CookieStore, # store data in cookie
+      :prefix           => "ruby_sess.",    # prefix session file names
+      :session_path     => "/",             # available to all paths in app
+      :session_key      => "_session_id",
+      :cookie_only      => true,
+      :session_http_only=> true
+    }
+
+    def initialize(env, session_options = DEFAULT_SESSION_OPTIONS)
+      @session_options = session_options
+      @env = env
+      @cgi = CGIWrapper.new(self)
+      super()
+    end
+
+    %w[ AUTH_TYPE GATEWAY_INTERFACE PATH_INFO
+        PATH_TRANSLATED REMOTE_HOST
+        REMOTE_IDENT REMOTE_USER SCRIPT_NAME
+        SERVER_NAME SERVER_PROTOCOL
+
+        HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING
+        HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM
+        HTTP_NEGOTIATE HTTP_PRAGMA HTTP_REFERER HTTP_USER_AGENT ].each do |env|
+      define_method(env.sub(/^HTTP_/n, '').downcase) do
+        @env[env]
+      end
+    end
+
+    def query_string
+      qs = super
+      if !qs.blank?
+        qs
+      else
+        @env['QUERY_STRING']
+      end
+    end
+
+    def body_stream #:nodoc:
+      @env['rack.input']
+    end
+
+    def key?(key)
+      @env.key?(key)
+    end
+
+    def cookies
+      return {} unless @env["HTTP_COOKIE"]
+
+      unless @env["rack.request.cookie_string"] == @env["HTTP_COOKIE"]
+        @env["rack.request.cookie_string"] = @env["HTTP_COOKIE"]
+        @env["rack.request.cookie_hash"] = CGI::Cookie::parse(@env["rack.request.cookie_string"])
+      end
+
+      @env["rack.request.cookie_hash"]
+    end
+
+    def server_port
+      @env['SERVER_PORT'].to_i
+    end
+
+    def server_software
+      @env['SERVER_SOFTWARE'].split("/").first
+    end
+
+    def session
+      unless defined?(@session)
+        if @session_options == false
+          @session = Hash.new
+        else
+          stale_session_check! do
+            if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
+              raise SessionFixationAttempt
+            end
+            case value = session_options_with_string_keys['new_session']
+              when true
+                @session = new_session
+              when false
+                begin
+                  @session = CGI::Session.new(@cgi, session_options_with_string_keys)
+                # CGI::Session raises ArgumentError if 'new_session' == false
+                # and no session cookie or query param is present.
+                rescue ArgumentError
+                  @session = Hash.new
+                end
+              when nil
+                @session = CGI::Session.new(@cgi, session_options_with_string_keys)
+              else
+                raise ArgumentError, "Invalid new_session option: #{value}"
+            end
+            @session['__valid_session']
+          end
+        end
+      end
+      @session
+    end
+
+    def reset_session
+      @session.delete if defined?(@session) && @session.is_a?(CGI::Session)
+      @session = new_session
+    end
+
+    private
+      # Delete an old session if it exists then create a new one.
+      def new_session
+        if @session_options == false
+          Hash.new
+        else
+          CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => false)).delete rescue nil
+          CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => true))
+        end
+      end
+
+      def cookie_only?
+        session_options_with_string_keys['cookie_only']
+      end
+
+      def stale_session_check!
+        yield
+      rescue ArgumentError => argument_error
+        if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
+          begin
+            # Note that the regexp does not allow $1 to end with a ':'
+            $1.constantize
+          rescue LoadError, NameError => const_error
+            raise ActionController::SessionRestoreError, <<-end_msg
+Session contains objects whose class definition isn\'t available.
+Remember to require the classes for all objects kept in the session.
+(Original exception: #{const_error.message} [#{const_error.class}])
+end_msg
+          end
+
+          retry
+        else
+          raise
+        end
+      end
+
+      def session_options_with_string_keys
+        @session_options_with_string_keys ||= DEFAULT_SESSION_OPTIONS.merge(@session_options).stringify_keys
+      end
+  end
+
+  class RackResponse < AbstractResponse #:nodoc:
+    def initialize(request)
+      @cgi = request.cgi
+      @writer = lambda { |x| @body << x }
+      @block = nil
+      super()
+    end
+
+    # Retrieve status from instance variable if has already been delete
+    def status
+      @status || super
+    end
+
+    def out(output = $stdout, &block)
+      # Nasty hack because CGI sessions are closed after the normal
+      # prepare! statement
+      set_cookies!
+
+      @block = block
+      @status = headers.delete("Status")
+      if [204, 304].include?(status.to_i)
+        headers.delete("Content-Type")
+        [status, headers.to_hash, []]
+      else
+        [status, headers.to_hash, self]
+      end
+    end
+    alias to_a out
+
+    def each(&callback)
+      if @body.respond_to?(:call)
+        @writer = lambda { |x| callback.call(x) }
+        @body.call(self, self)
+      elsif @body.is_a?(String)
+        @body.each_line(&callback)
+      else
+        @body.each(&callback)
+      end
+
+      @writer = callback
+      @block.call(self) if @block
+    end
+
+    def write(str)
+      @writer.call str.to_s
+      str
+    end
+
+    def close
+      @body.close if @body.respond_to?(:close)
+    end
+
+    def empty?
+      @block == nil && @body.empty?
+    end
+
+    def prepare!
+      super
+
+      convert_language!
+      convert_expires!
+      set_status!
+      # set_cookies!
+    end
+
+    private
+      def convert_language!
+        headers["Content-Language"] = headers.delete("language") if headers["language"]
+      end
+
+      def convert_expires!
+        headers["Expires"] = headers.delete("") if headers["expires"]
+      end
+
+      def convert_content_type!
+        super
+        headers['Content-Type'] = headers.delete('type') || "text/html"
+        headers['Content-Type'] += "; charset=" + headers.delete('charset') if headers['charset']
+      end
+
+      def set_content_length!
+        super
+        headers["Content-Length"] = headers["Content-Length"].to_s if headers["Content-Length"]
+      end
+
+      def set_status!
+        self.status ||= "200 OK"
+      end
+
+      def set_cookies!
+        # Convert 'cookie' header to 'Set-Cookie' headers.
+        # Because Set-Cookie header can appear more the once in the response body,
+        # we store it in a line break separated string that will be translated to
+        # multiple Set-Cookie header by the handler.
+        if cookie = headers.delete('cookie')
+          cookies = []
+
+          case cookie
+            when Array then cookie.each { |c| cookies << c.to_s }
+            when Hash  then cookie.each { |_, c| cookies << c.to_s }
+            else            cookies << cookie.to_s
+          end
+
+          @cgi.output_cookies.each { |c| cookies << c.to_s } if @cgi.output_cookies
+
+          headers['Set-Cookie'] = [headers['Set-Cookie'], cookies].flatten.compact
+        end
+      end
+  end
+
+  class CGIWrapper < ::CGI
+    attr_reader :output_cookies
+
+    def initialize(request, *args)
+      @request  = request
+      @args     = *args
+      @input    = request.body
+
+      super *args
+    end
+
+    def params
+      @params ||= @request.params
+    end
+
+    def cookies
+      @request.cookies
+    end
+
+    def query_string
+      @request.query_string
+    end
+
+    # Used to wrap the normal args variable used inside CGI.
+    def args
+      @args
+    end
+
+    # Used to wrap the normal env_table variable used inside CGI.
+    def env_table
+      @request.env
+    end
+
+    # Used to wrap the normal stdinput variable used inside CGI.
+    def stdinput
+      @input
+    end
+  end
+end