actionpack 2.2.3 → 2.3.2

data/lib/action_view/template_error.rb

@@ -20,7 +20,11 @@ module ActionView
     end
 
     def clean_backtrace
-      original_exception.clean_backtrace
+      if defined?(Rails) && Rails.respond_to?(:backtrace_cleaner)
+        Rails.backtrace_cleaner.clean(original_exception.backtrace)
+      else
+        original_exception.backtrace
+      end
     end
 
     def sub_template_message
@@ -66,8 +70,8 @@ module ActionView
     end
 
     def to_s
-      "\n\n#{self.class} (#{message}) #{source_location}:\n" +
-        "#{source_extract}\n    #{clean_backtrace.join("\n    ")}\n\n"
+      "\n#{self.class} (#{message}) #{source_location}:\n" + 
+      "#{source_extract}\n    #{clean_backtrace.join("\n    ")}\n\n"
     end
 
     # don't do anything nontrivial here. Any raised exception from here becomes fatal 
@@ -92,9 +96,4 @@ module ActionView
         end + file_name
       end
   end
-end
-
-if defined?(Exception::TraceSubstitutions)
-  Exception::TraceSubstitutions << [/:in\s+`_run_.*'\s*$/, '']
-  Exception::TraceSubstitutions << [%r{^\s*#{Regexp.escape RAILS_ROOT}/}, ''] if defined?(RAILS_ROOT)
-end
+end

data/lib/action_view/template_handler.rb

@@ -18,7 +18,7 @@ module ActionView
     end
   end
 
-  class TemplateHandler #:nodoc:
+  class TemplateHandler
     def self.call(template)
       "#{name}.new(self).render(template, local_assigns)"
     end

data/lib/action_view/template_handlers.rb

@@ -1,10 +1,9 @@
-require 'action_view/template_handler'
-require 'action_view/template_handlers/builder'
-require 'action_view/template_handlers/erb'
-require 'action_view/template_handlers/rjs'
-
 module ActionView #:nodoc:
   module TemplateHandlers #:nodoc:
+    autoload :ERB, 'action_view/template_handlers/erb'
+    autoload :RJS, 'action_view/template_handlers/rjs'
+    autoload :Builder, 'action_view/template_handlers/builder'
+
     def self.extended(base)
       base.register_default_template_handler :erb, TemplateHandlers::ERB
       base.register_template_handler :rjs, TemplateHandlers::RJS
@@ -33,13 +32,17 @@ module ActionView #:nodoc:
       @@template_handlers.keys.map(&:to_s).sort
     end
 
+    def registered_template_handler(extension)
+      extension && @@template_handlers[extension.to_sym]
+    end
+
     def register_default_template_handler(extension, klass)
       register_template_handler(extension, klass)
       @@default_template_handlers = klass
     end
 
     def handler_class_for_extension(extension)
-      (extension && @@template_handlers[extension.to_sym]) || @@default_template_handlers
+      registered_template_handler(extension) || @@default_template_handlers
     end
   end
 end

data/lib/action_view/template_handlers/erb.rb

@@ -1,47 +1,10 @@
-require 'erb'
-
-class ERB
-  module Util
-    HTML_ESCAPE = { '&' => '&amp;',  '>' => '&gt;',   '<' => '&lt;', '"' => '&quot;' }
-    JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
-
-    # A utility method for escaping HTML tag characters.
-    # This method is also aliased as <tt>h</tt>.
-    #
-    # In your ERb templates, use this method to escape any unsafe content. For example:
-    #   <%=h @person.name %>
-    #
-    # ==== Example:
-    #   puts html_escape("is a > 0 & a < 10?")
-    #   # => is a &gt; 0 &amp; a &lt; 10?
-    def html_escape(s)
-      s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }
-    end
-
-    # A utility method for escaping HTML entities in JSON strings.
-    # This method is also aliased as <tt>j</tt>.
-    #
-    # In your ERb templates, use this method to escape any HTML entities:
-    #   <%=j @person.to_json %>
-    #
-    # ==== Example:
-    #   puts json_escape("is a > 0 & a < 10?")
-    #   # => is a \u003E 0 \u0026 a \u003C 10?
-    def json_escape(s)
-      s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
-    end
-
-    alias j json_escape
-    module_function :j
-    module_function :json_escape
-  end
-end
-
 module ActionView
   module TemplateHandlers
     class ERB < TemplateHandler
       include Compilable
 
+      ##
+      # :singleton-method:
       # Specify trim mode for the ERB compiler. Defaults to '-'.
       # See ERb documentation for suitable values.
       cattr_accessor :erb_trim_mode

data/lib/action_view/template_handlers/rjs.rb

@@ -4,6 +4,7 @@ module ActionView
       include Compilable
 
       def compile(template)
+        "@template_format = :html;" +
         "controller.response.content_type ||= Mime::JS;" +
           "update_page do |page|;#{template.source}\nend"
       end

data/lib/action_view/test_case.rb

@@ -1,7 +1,30 @@
 require 'active_support/test_case'
 
 module ActionView
+  class Base
+    alias_method :initialize_without_template_tracking, :initialize
+    def initialize(*args)
+      @_rendered = { :template => nil, :partials => Hash.new(0) }
+      initialize_without_template_tracking(*args)
+    end
+  end
+
+  module Renderable
+    alias_method :render_without_template_tracking, :render
+    def render(view, local_assigns = {})
+      if respond_to?(:path) && !is_a?(InlineTemplate)
+        rendered = view.instance_variable_get(:@_rendered)
+        rendered[:partials][self] += 1 if is_a?(RenderablePartial)
+        rendered[:template] ||= self
+      end
+      render_without_template_tracking(view, local_assigns)
+    end
+  end
+
   class TestCase < ActiveSupport::TestCase
+    include ActionController::TestCase::Assertions
+    include ActionController::TestProcess
+
     class_inheritable_accessor :helper_class
     @@helper_class = nil
 
@@ -40,11 +63,14 @@ module ActionView
     end
 
     class TestController < ActionController::Base
-      attr_accessor :request, :response
+      attr_accessor :request, :response, :params
 
       def initialize
         @request = ActionController::TestRequest.new
         @response = ActionController::TestResponse.new
+        
+        @params = {}
+        send(:initialize_current_url)
       end
     end
 

data/test/abstract_unit.rb

@@ -1,39 +1,45 @@
 $:.unshift(File.dirname(__FILE__) + '/../lib')
 $:.unshift(File.dirname(__FILE__) + '/../../activesupport/lib')
 $:.unshift(File.dirname(__FILE__) + '/fixtures/helpers')
+$:.unshift(File.dirname(__FILE__) + '/fixtures/alternate_helpers')
 
+require 'rubygems'
 require 'yaml'
 require 'stringio'
 require 'test/unit'
-require 'action_controller'
-require 'action_controller/cgi_ext'
-require 'action_controller/test_process'
-require 'action_view/test_case'
+
+gem 'mocha', '>= 0.9.5'
+require 'mocha'
 
 begin
   require 'ruby-debug'
+  Debugger.settings[:autoeval] = true
+  Debugger.start
 rescue LoadError
   # Debugging disabled. `gem install ruby-debug` to enable.
 end
 
+require 'action_controller'
+require 'action_controller/cgi_ext'
+require 'action_controller/test_process'
+require 'action_view/test_case'
+
 # Show backtraces for deprecated behavior for quicker cleanup.
 ActiveSupport::Deprecation.debug = true
 
 ActionController::Base.logger = nil
 ActionController::Routing::Routes.reload rescue nil
 
+ActionController::Base.session_store = nil
+
+# Register danish language for testing
+I18n.backend.store_translations 'da', {}
+I18n.backend.store_translations 'pt-BR', {}
+ORIGINAL_LOCALES = I18n.available_locales.map(&:to_s).sort
+
 FIXTURE_LOAD_PATH = File.join(File.dirname(__FILE__), 'fixtures')
-ActionView::PathSet::Path.eager_load_templates!
+ActionView::Base.cache_template_loading = true
 ActionController::Base.view_paths = FIXTURE_LOAD_PATH
-
-# Wrap tests that use Mocha and skip if unavailable.
-def uses_mocha(test_name)
-  unless Object.const_defined?(:Mocha)
-    require 'mocha'
-    require 'stubba'
-  end
-  yield
-rescue LoadError => load_error
-  raise unless load_error.message =~ /mocha/i
-  $stderr.puts "Skipping #{test_name} tests. `gem install mocha` and try again."
-end
+CACHED_VIEW_PATHS = ActionView::Base.cache_template_loading? ?
+                      ActionController::Base.view_paths :
+                      ActionController::Base.view_paths.map {|path| ActionView::Template::EagerPath.new(path.to_s)}

data/test/active_record_unit.rb

@@ -51,7 +51,8 @@ class ActiveRecordTestConnector
         if Object.const_defined?(:ActiveRecord)
           defaults = { :database => ':memory:' }
           begin
-            options = defaults.merge :adapter => 'sqlite3', :timeout => 500
+            adapter = defined?(JRUBY_VERSION) ? 'jdbcsqlite3' : 'sqlite3'
+            options = defaults.merge :adapter => adapter, :timeout => 500
             ActiveRecord::Base.establish_connection(options)
             ActiveRecord::Base.configurations = { 'sqlite3_ar_integration' => options }
             ActiveRecord::Base.connection
@@ -82,7 +83,9 @@ class ActiveRecordTestConnector
   end
 end
 
-class ActiveRecordTestCase < ActiveSupport::TestCase
+class ActiveRecordTestCase < ActionController::TestCase
+  include ActiveRecord::TestFixtures
+
   # Set our fixture path
   if ActiveRecordTestConnector.able_to_connect
     self.fixture_path = [FIXTURE_LOAD_PATH]
@@ -96,8 +99,6 @@ class ActiveRecordTestCase < ActiveSupport::TestCase
   def run(*args)
     super if ActiveRecordTestConnector.connected
   end
-
-  def default_test; end
 end
 
 ActiveRecordTestConnector.setup

data/test/activerecord/active_record_store_test.rb

@@ -1,141 +1,174 @@
-# These tests exercise CGI::Session::ActiveRecordStore, so you're going to
-# need AR in a sibling directory to AP and have SQLite installed.
 require 'active_record_unit'
-require 'action_controller/session/active_record_store'
-
-module CommonActiveRecordStoreTests
-  def test_basics
-    s = session_class.new(:session_id => '1234', :data => { 'foo' => 'bar' })
-    assert_equal 'bar', s.data['foo']
-    assert s.save
-    assert_equal 'bar', s.data['foo']
-
-    assert_not_nil t = session_class.find_by_session_id('1234')
-    assert_not_nil t.data
-    assert_equal 'bar', t.data['foo']
-  end
 
-  def test_reload_same_session
-    @new_session.update
-    reloaded = CGI::Session.new(CGI.new, 'session_id' => @new_session.session_id, 'database_manager' => CGI::Session::ActiveRecordStore)
-    assert_equal 'bar', reloaded['foo']
-  end
+class ActiveRecordStoreTest < ActionController::IntegrationTest
+  DispatcherApp = ActionController::Dispatcher.new
+  SessionApp = ActiveRecord::SessionStore.new(DispatcherApp,
+                :key => '_session_id')
+  SessionAppWithFixation = ActiveRecord::SessionStore.new(DispatcherApp,
+                            :key => '_session_id', :cookie_only => false)
 
-  def test_tolerates_close_close
-    assert_nothing_raised do
-      @new_session.close
-      @new_session.close
+  class TestController < ActionController::Base
+    def no_session_access
+      head :ok
     end
-  end
-end
-
-class ActiveRecordStoreTest < ActiveRecordTestCase
-  include CommonActiveRecordStoreTests
 
-  def session_class
-    CGI::Session::ActiveRecordStore::Session
-  end
+    def set_session_value
+      session[:foo] = params[:foo] || "bar"
+      head :ok
+    end
 
-  def session_id_column
-    "session_id"
-  end
+    def get_session_value
+      render :text => "foo: #{session[:foo].inspect}"
+    end
 
-  def setup
-    session_class.create_table!
+    def get_session_id
+      session[:foo]
+      render :text => "#{request.session_options[:id]}"
+    end
 
-    ENV['REQUEST_METHOD'] = 'GET'
-    ENV['REQUEST_URI'] = '/'
-    CGI::Session::ActiveRecordStore.session_class = session_class
+    def call_reset_session
+      session[:bar]
+      reset_session
+      session[:bar] = "baz"
+      head :ok
+    end
 
-    @cgi = CGI.new
-    @new_session = CGI::Session.new(@cgi, 'database_manager' => CGI::Session::ActiveRecordStore, 'new_session' => true)
-    @new_session['foo'] = 'bar'
+    def rescue_action(e) raise end
   end
 
-# this test only applies for eager session saving
-#  def test_another_instance
-#    @another = CGI::Session.new(@cgi, 'session_id' => @new_session.session_id, 'database_manager' => CGI::Session::ActiveRecordStore)
-#    assert_equal @new_session.session_id, @another.session_id
-#  end
+  def setup
+    ActiveRecord::SessionStore.session_class.create_table!
+    @integration_session = open_session(SessionApp)
+  end
 
-  def test_model_attribute
-    assert_kind_of CGI::Session::ActiveRecordStore::Session, @new_session.model
-    assert_equal({ 'foo' => 'bar' }, @new_session.model.data)
+  def teardown
+    ActiveRecord::SessionStore.session_class.drop_table!
   end
 
-  def test_save_unloaded_session
-    c = session_class.connection
-    bogus_class = c.quote(ActiveSupport::Base64.encode64("\004\010o:\vBlammo\000"))
-    c.insert("INSERT INTO #{session_class.table_name} ('#{session_id_column}', 'data') VALUES ('abcdefghijklmnop', #{bogus_class})")
+  def test_setting_and_getting_session_value
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      assert cookies['_session_id']
 
-    sess = session_class.find_by_session_id('abcdefghijklmnop')
-    assert_not_nil sess
-    assert !sess.loaded?
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: "bar"', response.body
 
-    # because the session is not loaded, the save should be a no-op. If it
-    # isn't, this'll try and unmarshall the bogus class, and should get an error.
-    assert_nothing_raised { sess.save }
-  end
+      get '/set_session_value', :foo => "baz"
+      assert_response :success
+      assert cookies['_session_id']
 
-  def teardown
-    session_class.drop_table!
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: "baz"', response.body
+    end
   end
-end
 
-class ColumnLimitTest < ActiveRecordTestCase
-  def setup
-    @session_class = CGI::Session::ActiveRecordStore::Session
-    @session_class.create_table!
+  def test_getting_nil_session_value
+    with_test_route_set do
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: nil', response.body
+    end
   end
 
-  def teardown
-    @session_class.drop_table!
-  end
+  def test_setting_session_value_after_session_reset
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      assert cookies['_session_id']
+      session_id = cookies['_session_id']
+
+      get '/call_reset_session'
+      assert_response :success
+      assert_not_equal [], headers['Set-Cookie']
 
-  def test_protection_from_data_larger_than_column
-    # Can't test this unless there is a limit
-    return unless limit = @session_class.data_column_size_limit
-    too_big = ':(' * limit
-    s = @session_class.new(:session_id => '666', :data => {'foo' => too_big})
-    s.data
-    assert_raise(ActionController::SessionOverflowError) { s.save }
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: nil', response.body
+
+      get '/get_session_id'
+      assert_response :success
+      assert_not_equal session_id, response.body
+    end
   end
-end
 
-class DeprecatedActiveRecordStoreTest < ActiveRecordStoreTest
-  def session_id_column
-    "sessid"
+  def test_getting_session_id
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      assert cookies['_session_id']
+      session_id = cookies['_session_id']
+
+      get '/get_session_id'
+      assert_response :success
+      assert_equal session_id, response.body
+    end
   end
 
-  def setup
-    session_class.connection.execute 'create table old_sessions (id integer primary key, sessid text unique, data text)'
-    session_class.table_name = 'old_sessions'
-    session_class.send :setup_sessid_compatibility!
+  def test_prevents_session_fixation
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      assert cookies['_session_id']
 
-    ENV['REQUEST_METHOD'] = 'GET'
-    CGI::Session::ActiveRecordStore.session_class = session_class
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: "bar"', response.body
+      session_id = cookies['_session_id']
+      assert session_id
 
-    @new_session = CGI::Session.new(CGI.new, 'database_manager' => CGI::Session::ActiveRecordStore, 'new_session' => true)
-    @new_session['foo'] = 'bar'
-  end
+      reset!
 
-  def teardown
-    session_class.connection.execute 'drop table old_sessions'
-    session_class.table_name = 'sessions'
-  end
-end
+      get '/set_session_value', :_session_id => session_id, :foo => "baz"
+      assert_response :success
+      assert_equal nil, cookies['_session_id']
 
-class SqlBypassActiveRecordStoreTest < ActiveRecordStoreTest
-  def session_class
-    unless defined? @session_class
-      @session_class = CGI::Session::ActiveRecordStore::SqlBypass
-      @session_class.connection = CGI::Session::ActiveRecordStore::Session.connection
+      get '/get_session_value', :_session_id => session_id
+      assert_response :success
+      assert_equal 'foo: nil', response.body
+      assert_equal nil, cookies['_session_id']
     end
-    @session_class
   end
 
-  def test_model_attribute
-    assert_kind_of CGI::Session::ActiveRecordStore::SqlBypass, @new_session.model
-    assert_equal({ 'foo' => 'bar' }, @new_session.model.data)
+  def test_allows_session_fixation
+    @integration_session = open_session(SessionAppWithFixation)
+
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      assert cookies['_session_id']
+
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: "bar"', response.body
+      session_id = cookies['_session_id']
+      assert session_id
+
+      reset!
+      @integration_session = open_session(SessionAppWithFixation)
+
+      get '/set_session_value', :_session_id => session_id, :foo => "baz"
+      assert_response :success
+      assert_equal session_id, cookies['_session_id']
+
+      get '/get_session_value', :_session_id => session_id
+      assert_response :success
+      assert_equal 'foo: "baz"', response.body
+      assert_equal session_id, cookies['_session_id']
+    end
   end
+
+  private
+    def with_test_route_set
+      with_routing do |set|
+        set.draw do |map|
+          map.with_options :controller => "active_record_store_test/test" do |c|
+            c.connect "/:action"
+          end
+        end
+        yield
+      end
+    end
 end