RubyGems - actionpack - Versions diffs - 2.2.3 → 2.3.2 - Mend

actionpack 2.2.3 → 2.3.2

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (264) hide show

data/CHANGELOG +433 -375
data/MIT-LICENSE +1 -1
data/README +21 -75
data/Rakefile +1 -1
data/lib/action_controller.rb +80 -43
data/lib/action_controller/assertions/model_assertions.rb +1 -0
data/lib/action_controller/assertions/response_assertions.rb +43 -16
data/lib/action_controller/assertions/routing_assertions.rb +1 -1
data/lib/action_controller/assertions/selector_assertions.rb +17 -12
data/lib/action_controller/assertions/tag_assertions.rb +1 -4
data/lib/action_controller/base.rb +153 -82
data/lib/action_controller/benchmarking.rb +9 -9
data/lib/action_controller/caching.rb +9 -11
data/lib/action_controller/caching/actions.rb +11 -18
data/lib/action_controller/caching/fragments.rb +28 -20
data/lib/action_controller/caching/pages.rb +13 -15
data/lib/action_controller/caching/sweeping.rb +2 -2
data/lib/action_controller/cgi_ext.rb +0 -1
data/lib/action_controller/cgi_ext/cookie.rb +2 -0
data/lib/action_controller/cgi_process.rb +54 -162
data/lib/action_controller/cookies.rb +13 -25
data/lib/action_controller/dispatcher.rb +43 -122
data/lib/action_controller/failsafe.rb +52 -0
data/lib/action_controller/flash.rb +38 -47
data/lib/action_controller/helpers.rb +13 -9
data/lib/action_controller/http_authentication.rb +203 -23
data/lib/action_controller/integration.rb +126 -70
data/lib/action_controller/layout.rb +36 -39
data/lib/action_controller/middleware_stack.rb +119 -0
data/lib/action_controller/middlewares.rb +13 -0
data/lib/action_controller/mime_responds.rb +19 -4
data/lib/action_controller/mime_type.rb +8 -0
data/lib/action_controller/params_parser.rb +71 -0
data/lib/action_controller/performance_test.rb +0 -1
data/lib/action_controller/polymorphic_routes.rb +36 -30
data/lib/action_controller/reloader.rb +14 -0
data/lib/action_controller/request.rb +107 -499
data/lib/action_controller/request_forgery_protection.rb +7 -39
data/lib/action_controller/rescue.rb +55 -35
data/lib/action_controller/resources.rb +34 -31
data/lib/action_controller/response.rb +99 -57
data/lib/action_controller/rewindable_input.rb +28 -0
data/lib/action_controller/routing.rb +7 -7
data/lib/action_controller/routing/builder.rb +4 -1
data/lib/action_controller/routing/optimisations.rb +1 -1
data/lib/action_controller/routing/recognition_optimisation.rb +1 -2
data/lib/action_controller/routing/route.rb +15 -5
data/lib/action_controller/routing/route_set.rb +82 -35
data/lib/action_controller/routing/segments.rb +35 -0
data/lib/action_controller/session/abstract_store.rb +181 -0
data/lib/action_controller/session/cookie_store.rb +197 -175
data/lib/action_controller/session/mem_cache_store.rb +36 -83
data/lib/action_controller/session_management.rb +26 -134
data/lib/action_controller/streaming.rb +24 -7
data/lib/action_controller/templates/rescues/diagnostics.erb +2 -2
data/lib/action_controller/templates/rescues/template_error.erb +2 -2
data/lib/action_controller/test_case.rb +87 -30
data/lib/action_controller/test_process.rb +145 -104
data/lib/action_controller/uploaded_file.rb +44 -0
data/lib/action_controller/url_rewriter.rb +3 -6
data/lib/action_controller/vendor/html-scanner.rb +16 -0
data/lib/action_controller/vendor/html-scanner/html/selector.rb +1 -1
data/lib/action_controller/vendor/rack-1.0/rack.rb +89 -0
data/lib/action_controller/vendor/rack-1.0/rack/adapter/camping.rb +22 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/abstract/handler.rb +37 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/abstract/request.rb +37 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/basic.rb +58 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/digest/md5.rb +124 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/digest/nonce.rb +51 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/digest/params.rb +55 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/digest/request.rb +40 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/openid.rb +480 -0
data/lib/action_controller/vendor/rack-1.0/rack/builder.rb +63 -0
data/lib/action_controller/vendor/rack-1.0/rack/cascade.rb +36 -0
data/lib/action_controller/vendor/rack-1.0/rack/chunked.rb +49 -0
data/lib/action_controller/vendor/rack-1.0/rack/commonlogger.rb +61 -0
data/lib/action_controller/vendor/rack-1.0/rack/conditionalget.rb +45 -0
data/lib/action_controller/vendor/rack-1.0/rack/content_length.rb +29 -0
data/lib/action_controller/vendor/rack-1.0/rack/content_type.rb +23 -0
data/lib/action_controller/vendor/rack-1.0/rack/deflater.rb +85 -0
data/lib/action_controller/vendor/rack-1.0/rack/directory.rb +153 -0
data/lib/action_controller/vendor/rack-1.0/rack/file.rb +88 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler.rb +48 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/cgi.rb +61 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/evented_mongrel.rb +8 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/fastcgi.rb +89 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/lsws.rb +55 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/mongrel.rb +84 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/scgi.rb +59 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/swiftiplied_mongrel.rb +8 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/thin.rb +18 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/webrick.rb +67 -0
data/lib/action_controller/vendor/rack-1.0/rack/head.rb +19 -0
data/lib/action_controller/vendor/rack-1.0/rack/lint.rb +462 -0
data/lib/action_controller/vendor/rack-1.0/rack/lobster.rb +65 -0
data/lib/action_controller/vendor/rack-1.0/rack/lock.rb +16 -0
data/lib/action_controller/vendor/rack-1.0/rack/methodoverride.rb +27 -0
data/lib/action_controller/vendor/rack-1.0/rack/mime.rb +204 -0
data/lib/action_controller/vendor/rack-1.0/rack/mock.rb +160 -0
data/lib/action_controller/vendor/rack-1.0/rack/recursive.rb +57 -0
data/lib/action_controller/vendor/rack-1.0/rack/reloader.rb +64 -0
data/lib/action_controller/vendor/rack-1.0/rack/request.rb +241 -0
data/lib/action_controller/vendor/rack-1.0/rack/response.rb +179 -0
data/lib/action_controller/vendor/rack-1.0/rack/session/abstract/id.rb +142 -0
data/lib/action_controller/vendor/rack-1.0/rack/session/cookie.rb +91 -0
data/lib/action_controller/vendor/rack-1.0/rack/session/memcache.rb +109 -0
data/lib/action_controller/vendor/rack-1.0/rack/session/pool.rb +100 -0
data/lib/action_controller/vendor/rack-1.0/rack/showexceptions.rb +349 -0
data/lib/action_controller/vendor/rack-1.0/rack/showstatus.rb +106 -0
data/lib/action_controller/vendor/rack-1.0/rack/static.rb +38 -0
data/lib/action_controller/vendor/rack-1.0/rack/urlmap.rb +55 -0
data/lib/action_controller/vendor/rack-1.0/rack/utils.rb +392 -0
data/lib/action_controller/verification.rb +1 -1
data/lib/action_pack.rb +1 -1
data/lib/action_pack/version.rb +2 -2
data/lib/action_view.rb +22 -17
data/lib/action_view/base.rb +53 -79
data/lib/action_view/erb/util.rb +38 -0
data/lib/action_view/helpers.rb +24 -5
data/lib/action_view/helpers/active_record_helper.rb +2 -2
data/lib/action_view/helpers/asset_tag_helper.rb +81 -50
data/lib/action_view/helpers/atom_feed_helper.rb +1 -1
data/lib/action_view/helpers/benchmark_helper.rb +26 -5
data/lib/action_view/helpers/date_helper.rb +82 -7
data/lib/action_view/helpers/form_helper.rb +295 -64
data/lib/action_view/helpers/form_options_helper.rb +160 -18
data/lib/action_view/helpers/form_tag_helper.rb +2 -2
data/lib/action_view/helpers/number_helper.rb +31 -18
data/lib/action_view/helpers/prototype_helper.rb +2 -12
data/lib/action_view/helpers/sanitize_helper.rb +0 -10
data/lib/action_view/helpers/scriptaculous_helper.rb +1 -0
data/lib/action_view/helpers/tag_helper.rb +3 -4
data/lib/action_view/helpers/text_helper.rb +99 -122
data/lib/action_view/helpers/translation_helper.rb +19 -1
data/lib/action_view/helpers/url_helper.rb +25 -2
data/lib/action_view/inline_template.rb +1 -1
data/lib/action_view/locale/en.yml +19 -1
data/lib/action_view/partials.rb +46 -9
data/lib/action_view/paths.rb +28 -84
data/lib/action_view/reloadable_template.rb +117 -0
data/lib/action_view/renderable.rb +28 -35
data/lib/action_view/renderable_partial.rb +3 -4
data/lib/action_view/template.rb +172 -31
data/lib/action_view/template_error.rb +8 -9
data/lib/action_view/template_handler.rb +1 -1
data/lib/action_view/template_handlers.rb +9 -6
data/lib/action_view/template_handlers/erb.rb +2 -39
data/lib/action_view/template_handlers/rjs.rb +1 -0
data/lib/action_view/test_case.rb +27 -1
data/test/abstract_unit.rb +23 -17
data/test/active_record_unit.rb +5 -4
data/test/activerecord/active_record_store_test.rb +139 -106
data/test/activerecord/render_partial_with_record_identification_test.rb +5 -21
data/test/controller/action_pack_assertions_test.rb +25 -23
data/test/controller/addresses_render_test.rb +3 -6
data/test/controller/assert_select_test.rb +83 -70
data/test/controller/base_test.rb +11 -13
data/test/controller/benchmark_test.rb +3 -3
data/test/controller/caching_test.rb +34 -24
data/test/controller/capture_test.rb +3 -6
data/test/controller/content_type_test.rb +3 -6
data/test/controller/cookie_test.rb +31 -66
data/test/controller/deprecation/deprecated_base_methods_test.rb +9 -11
data/test/controller/dispatcher_test.rb +23 -28
data/test/controller/fake_models.rb +8 -0
data/test/controller/filters_test.rb +6 -2
data/test/controller/flash_test.rb +2 -6
data/test/controller/helper_test.rb +15 -1
data/test/controller/html-scanner/document_test.rb +1 -1
data/test/controller/html-scanner/sanitizer_test.rb +1 -1
data/test/controller/http_basic_authentication_test.rb +88 -0
data/test/controller/http_digest_authentication_test.rb +178 -0
data/test/controller/integration_test.rb +56 -52
data/test/controller/layout_test.rb +46 -44
data/test/controller/middleware_stack_test.rb +90 -0
data/test/controller/mime_responds_test.rb +7 -11
data/test/controller/mime_type_test.rb +9 -0
data/test/controller/polymorphic_routes_test.rb +235 -151
data/test/controller/rack_test.rb +52 -81
data/test/controller/redirect_test.rb +6 -14
data/test/controller/render_test.rb +273 -60
data/test/controller/request/json_params_parsing_test.rb +45 -0
data/test/controller/request/multipart_params_parsing_test.rb +223 -0
data/test/controller/request/query_string_parsing_test.rb +120 -0
data/test/controller/request/url_encoded_params_parsing_test.rb +184 -0
data/test/controller/request/xml_params_parsing_test.rb +88 -0
data/test/controller/request_forgery_protection_test.rb +17 -98
data/test/controller/request_test.rb +45 -530
data/test/controller/rescue_test.rb +45 -22
data/test/controller/resources_test.rb +112 -37
data/test/controller/routing_test.rb +1442 -1384
data/test/controller/selector_test.rb +3 -3
data/test/controller/send_file_test.rb +30 -3
data/test/controller/session/cookie_store_test.rb +169 -240
data/test/controller/session/mem_cache_store_test.rb +94 -148
data/test/controller/session/test_session_test.rb +58 -0
data/test/controller/test_test.rb +32 -13
data/test/controller/url_rewriter_test.rb +54 -4
data/test/controller/verification_test.rb +1 -1
data/test/controller/view_paths_test.rb +15 -15
data/test/controller/webservice_test.rb +178 -147
data/test/fixtures/alternate_helpers/foo_helper.rb +3 -0
data/test/fixtures/layout_tests/alt/layouts/alt.rhtml +0 -0
data/test/fixtures/layouts/default_html.html.erb +1 -0
data/test/fixtures/layouts/xhr.html.erb +2 -0
data/test/fixtures/multipart/empty +10 -0
data/test/fixtures/multipart/hello.txt +1 -0
data/test/fixtures/multipart/none +9 -0
data/test/fixtures/public/500.da.html +1 -0
data/test/fixtures/quiz/questions/_question.html.erb +1 -0
data/test/fixtures/replies.yml +1 -1
data/test/fixtures/test/_one.html.erb +1 -0
data/test/fixtures/test/_two.html.erb +1 -0
data/test/fixtures/test/dont_pick_me +1 -0
data/test/fixtures/test/hello.builder +1 -1
data/test/fixtures/test/hello_world.da.html.erb +1 -0
data/test/fixtures/test/hello_world.erb~ +1 -0
data/test/fixtures/test/hello_world.pt-BR.html.erb +1 -0
data/test/fixtures/test/malformed/malformed.en.html.erb~ +1 -0
data/test/fixtures/test/malformed/malformed.erb~ +1 -0
data/test/fixtures/test/malformed/malformed.html.erb~ +1 -0
data/test/fixtures/test/render_explicit_html_template.js.rjs +1 -0
data/test/fixtures/test/render_implicit_html_template.js.rjs +1 -0
data/test/fixtures/test/render_implicit_html_template_from_xhr_request.da.html.erb +1 -0
data/test/fixtures/test/render_implicit_html_template_from_xhr_request.html.erb +1 -0
data/test/fixtures/test/render_implicit_js_template_without_layout.js.erb +1 -0
data/test/fixtures/test/utf8.html.erb +2 -0
data/test/template/active_record_helper_i18n_test.rb +31 -33
data/test/template/active_record_helper_test.rb +34 -0
data/test/template/asset_tag_helper_test.rb +52 -14
data/test/template/atom_feed_helper_test.rb +3 -5
data/test/template/benchmark_helper_test.rb +50 -24
data/test/template/compiled_templates_test.rb +177 -33
data/test/template/date_helper_i18n_test.rb +88 -81
data/test/template/date_helper_test.rb +427 -43
data/test/template/form_helper_test.rb +243 -44
data/test/template/form_options_helper_test.rb +631 -565
data/test/template/form_tag_helper_test.rb +9 -2
data/test/template/javascript_helper_test.rb +0 -5
data/test/template/number_helper_i18n_test.rb +60 -48
data/test/template/number_helper_test.rb +1 -0
data/test/template/render_test.rb +117 -35
data/test/template/test_test.rb +4 -6
data/test/template/text_helper_test.rb +129 -50
data/test/template/translation_helper_test.rb +23 -19
data/test/template/url_helper_test.rb +35 -2
data/test/view/test_case_test.rb +8 -0
metadata +197 -23
data/lib/action_controller/assertions.rb +0 -69
data/lib/action_controller/caching/sql_cache.rb +0 -18
data/lib/action_controller/cgi_ext/session.rb +0 -53
data/lib/action_controller/components.rb +0 -169
data/lib/action_controller/rack_process.rb +0 -297
data/lib/action_controller/request_profiler.rb +0 -169
data/lib/action_controller/session/active_record_store.rb +0 -340
data/lib/action_controller/session/drb_server.rb +0 -32
data/lib/action_controller/session/drb_store.rb +0 -35
data/test/controller/cgi_test.rb +0 -269
data/test/controller/components_test.rb +0 -156
data/test/controller/http_authentication_test.rb +0 -54
data/test/controller/integration_upload_test.rb +0 -43
data/test/controller/session_fixation_test.rb +0 -89
data/test/controller/session_management_test.rb +0 -178
data/test/fixtures/test/hello_world.js +0 -1

data/test/controller/request/json_params_parsing_test.rb ADDED

@@ -0,0 +1,45 @@
+require 'abstract_unit'
+class JsonParamsParsingTest < ActionController::IntegrationTest
+  class TestController < ActionController::Base
+    class << self
+      attr_accessor :last_request_parameters
+    end
+    def parse
+      self.class.last_request_parameters = request.request_parameters
+      head :ok
+    end
+  end
+  def teardown
+    TestController.last_request_parameters = nil
+  end
+  test "parses json params for application json" do
+    assert_parses(
+      {"person" => {"name" => "David"}},
+      "{\"person\": {\"name\": \"David\"}}", { 'CONTENT_TYPE' => 'application/json' }
+    )
+  end
+  test "parses json params for application jsonrequest" do
+    assert_parses(
+      {"person" => {"name" => "David"}},
+      "{\"person\": {\"name\": \"David\"}}", { 'CONTENT_TYPE' => 'application/jsonrequest' }
+    )
+  end
+  private
+    def assert_parses(expected, actual, headers = {})
+      with_routing do |set|
+        set.draw do |map|
+          map.connect ':action', :controller => "json_params_parsing_test/test"
+        end
+        post "/parse", actual, headers
+        assert_response :ok
+        assert_equal(expected, TestController.last_request_parameters)
+      end
+    end
+end

data/test/controller/request/multipart_params_parsing_test.rb ADDED

@@ -0,0 +1,223 @@
+require 'abstract_unit'
+class MultipartParamsParsingTest < ActionController::IntegrationTest
+  class TestController < ActionController::Base
+    class << self
+      attr_accessor :last_request_parameters
+    end
+    def parse
+      self.class.last_request_parameters = request.request_parameters
+      head :ok
+    end
+    def read
+      render :text => "File: #{params[:uploaded_data].read}"
+    end
+  end
+  FIXTURE_PATH = File.dirname(__FILE__) + '/../../fixtures/multipart'
+  def teardown
+    TestController.last_request_parameters = nil
+  end
+  test "parses single parameter" do
+    assert_equal({ 'foo' => 'bar' }, parse_multipart('single_parameter'))
+  end
+  test "parses bracketed parameters" do
+    assert_equal({ 'foo' => { 'baz' => 'bar'}}, parse_multipart('bracketed_param'))
+  end
+  test "parses text file" do
+    params = parse_multipart('text_file')
+    assert_equal %w(file foo), params.keys.sort
+    assert_equal 'bar', params['foo']
+    file = params['file']
+    assert_kind_of Tempfile, file
+    assert_equal 'file.txt', file.original_filename
+    assert_equal "text/plain", file.content_type
+    assert_equal 'contents', file.read
+  end
+  test "parses boundary problem file" do
+    params = parse_multipart('boundary_problem_file')
+    assert_equal %w(file foo), params.keys.sort
+    file = params['file']
+    foo  = params['foo']
+    assert_kind_of Tempfile, file
+    assert_equal 'file.txt', file.original_filename
+    assert_equal "text/plain", file.content_type
+    assert_equal 'bar', foo
+  end
+  test "parses large text file" do
+    params = parse_multipart('large_text_file')
+    assert_equal %w(file foo), params.keys.sort
+    assert_equal 'bar', params['foo']
+    file = params['file']
+    assert_kind_of Tempfile, file
+    assert_equal 'file.txt', file.original_filename
+    assert_equal "text/plain", file.content_type
+    assert ('a' * 20480) == file.read
+  end
+  test "parses binary file" do
+    params = parse_multipart('binary_file')
+    assert_equal %w(file flowers foo), params.keys.sort
+    assert_equal 'bar', params['foo']
+    file = params['file']
+    assert_kind_of Tempfile, file
+    assert_equal 'file.csv', file.original_filename
+    assert_nil file.content_type
+    assert_equal 'contents', file.read
+    file = params['flowers']
+    assert_kind_of Tempfile, file
+    assert_equal 'flowers.jpg', file.original_filename
+    assert_equal "image/jpeg", file.content_type
+    assert_equal 19512, file.size
+  end
+  test "parses mixed files" do
+    params = parse_multipart('mixed_files')
+    assert_equal %w(files foo), params.keys.sort
+    assert_equal 'bar', params['foo']
+    # Ruby CGI doesn't handle multipart/mixed for us.
+    files = params['files']
+    assert_kind_of String, files
+    files.force_encoding('ASCII-8BIT') if files.respond_to?(:force_encoding)
+    assert_equal 19756, files.size
+  end
+  test "does not create tempfile if no file has been selected" do
+    params = parse_multipart('none')
+    assert_equal %w(submit-name), params.keys.sort
+    assert_equal 'Larry', params['submit-name']
+    assert_equal nil, params['files']
+  end
+  test "parses empty upload file" do
+    params = parse_multipart('empty')
+    assert_equal %w(files submit-name), params.keys.sort
+    assert_equal 'Larry', params['submit-name']
+    assert params['files']
+    assert_equal "", params['files'].read
+  end
+  test "uploads and reads binary file" do
+    with_test_routing do
+      fixture = FIXTURE_PATH + "/mona_lisa.jpg"
+      params = { :uploaded_data => fixture_file_upload(fixture, "image/jpg") }
+      post '/read', params
+      expected_length = 'File: '.length + File.size(fixture)
+      assert_equal expected_length, response.content_length
+    end
+  end
+  test "uploads and reads file" do
+    with_test_routing do
+      post '/read', :uploaded_data => fixture_file_upload(FIXTURE_PATH + "/hello.txt", "text/plain")
+      assert_equal "File: Hello", response.body
+    end
+  end
+  # The lint wrapper is used in integration tests
+  # instead of a normal StringIO class
+  InputWrapper = Rack::Lint::InputWrapper
+  test "parses unwindable stream" do
+    InputWrapper.any_instance.stubs(:rewind).raises(Errno::ESPIPE)
+    params = parse_multipart('large_text_file')
+    assert_equal %w(file foo), params.keys.sort
+    assert_equal 'bar', params['foo']
+  end
+  test "uploads and reads file with unwindable input" do
+    InputWrapper.any_instance.stubs(:rewind).raises(Errno::ESPIPE)
+    with_test_routing do
+      post '/read', :uploaded_data => fixture_file_upload(FIXTURE_PATH + "/hello.txt", "text/plain")
+      assert_equal "File: Hello", response.body
+    end
+  end
+  test "passes through rack middleware and uploads file" do
+    with_muck_middleware do
+      with_test_routing do
+        post '/read', :uploaded_data => fixture_file_upload(FIXTURE_PATH + "/hello.txt", "text/plain")
+        assert_equal "File: Hello", response.body
+      end
+    end
+  end
+  test "passes through rack middleware and uploads file with unwindable input" do
+    InputWrapper.any_instance.stubs(:rewind).raises(Errno::ESPIPE)
+    with_muck_middleware do
+      with_test_routing do
+        post '/read', :uploaded_data => fixture_file_upload(FIXTURE_PATH + "/hello.txt", "text/plain")
+        assert_equal "File: Hello", response.body
+      end
+    end
+  end
+  private
+    def fixture(name)
+      File.open(File.join(FIXTURE_PATH, name), 'rb') do |file|
+        { "rack.input" => file.read,
+          "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
+          "CONTENT_LENGTH" => file.stat.size.to_s }
+      end
+    end
+    def parse_multipart(name)
+      with_test_routing do
+        headers = fixture(name)
+        post "/parse", headers.delete("rack.input"), headers
+        assert_response :ok
+        TestController.last_request_parameters
+      end
+    end
+    def with_test_routing
+      with_routing do |set|
+        set.draw do |map|
+          map.connect ':action', :controller => "multipart_params_parsing_test/test"
+        end
+        yield
+      end
+    end
+    class MuckMiddleware
+      def initialize(app)
+        @app = app
+      end
+      def call(env)
+        req = Rack::Request.new(env)
+        req.params # Parse params
+        @app.call(env)
+      end
+    end
+    def with_muck_middleware
+      original_middleware = ActionController::Dispatcher.middleware
+      middleware = original_middleware.dup
+      middleware.insert_after ActionController::RewindableInput, MuckMiddleware
+      ActionController::Dispatcher.middleware = middleware
+      yield
+      ActionController::Dispatcher.middleware = original_middleware
+    end
+end

data/test/controller/request/query_string_parsing_test.rb ADDED

@@ -0,0 +1,120 @@
+require 'abstract_unit'
+class QueryStringParsingTest < ActionController::IntegrationTest
+  class TestController < ActionController::Base
+    class << self
+      attr_accessor :last_query_parameters
+    end
+    def parse
+      self.class.last_query_parameters = request.query_parameters
+      head :ok
+    end
+  end
+  def teardown
+    TestController.last_query_parameters = nil
+  end
+  test "query string" do
+    assert_parses(
+      {"action" => "create_customer", "full_name" => "David Heinemeier Hansson", "customerId" => "1"},
+      "action=create_customer&full_name=David%20Heinemeier%20Hansson&customerId=1"
+    )
+  end
+  test "deep query string" do
+    assert_parses(
+      {'x' => {'y' => {'z' => '10'}}},
+      "x[y][z]=10"
+    )
+  end
+  test "deep query string with array" do
+    assert_parses({'x' => {'y' => {'z' => ['10']}}}, 'x[y][z][]=10')
+    assert_parses({'x' => {'y' => {'z' => ['10', '5']}}}, 'x[y][z][]=10&x[y][z][]=5')
+  end
+  test "deep query string with array of hash" do
+    assert_parses({'x' => {'y' => [{'z' => '10'}]}}, 'x[y][][z]=10')
+    assert_parses({'x' => {'y' => [{'z' => '10', 'w' => '10'}]}}, 'x[y][][z]=10&x[y][][w]=10')
+    assert_parses({'x' => {'y' => [{'z' => '10', 'v' => {'w' => '10'}}]}}, 'x[y][][z]=10&x[y][][v][w]=10')
+  end
+  test "deep query string with array of hashes with one pair" do
+    assert_parses({'x' => {'y' => [{'z' => '10'}, {'z' => '20'}]}}, 'x[y][][z]=10&x[y][][z]=20')
+  end
+  test "deep query string with array of hashes with multiple pairs" do
+    assert_parses(
+      {'x' => {'y' => [{'z' => '10', 'w' => 'a'}, {'z' => '20', 'w' => 'b'}]}},
+      'x[y][][z]=10&x[y][][w]=a&x[y][][z]=20&x[y][][w]=b'
+    )
+  end
+  test "query string with nil" do
+    assert_parses(
+      { "action" => "create_customer", "full_name" => ''},
+      "action=create_customer&full_name="
+    )
+  end
+  test "query string with array" do
+    assert_parses(
+      { "action" => "create_customer", "selected" => ["1", "2", "3"]},
+      "action=create_customer&selected[]=1&selected[]=2&selected[]=3"
+    )
+  end
+  test "query string with amps" do
+    assert_parses(
+      { "action" => "create_customer", "name" => "Don't & Does"},
+      "action=create_customer&name=Don%27t+%26+Does"
+    )
+  end
+  test "query string with many equal" do
+    assert_parses(
+      { "action" => "create_customer", "full_name" => "abc=def=ghi"},
+      "action=create_customer&full_name=abc=def=ghi"
+    )
+  end
+  test "query string without equal" do
+    assert_parses({ "action" => nil }, "action")
+  end
+  test "query string with empty key" do
+    assert_parses(
+      { "action" => "create_customer", "full_name" => "David Heinemeier Hansson" },
+      "action=create_customer&full_name=David%20Heinemeier%20Hansson&=Save"
+    )
+  end
+  test "query string with many ampersands" do
+    assert_parses(
+      { "action" => "create_customer", "full_name" => "David Heinemeier Hansson"},
+      "&action=create_customer&&&full_name=David%20Heinemeier%20Hansson"
+    )
+  end
+  test "unbalanced query string with array" do
+    assert_parses(
+      {'location' => ["1", "2"], 'age_group' => ["2"]},
+      "location[]=1&location[]=2&age_group[]=2"
+    )
+  end
+  private
+    def assert_parses(expected, actual)
+      with_routing do |set|
+        set.draw do |map|
+          map.connect ':action', :controller => "query_string_parsing_test/test"
+        end
+        get "/parse", actual
+        assert_response :ok
+        assert_equal(expected, TestController.last_query_parameters)
+      end
+    end
+end

data/test/controller/request/url_encoded_params_parsing_test.rb ADDED

@@ -0,0 +1,184 @@
+require 'abstract_unit'
+class UrlEncodedParamsParsingTest < ActionController::IntegrationTest
+  class TestController < ActionController::Base
+    class << self
+      attr_accessor :last_request_parameters, :last_request_type
+    end
+    def parse
+      self.class.last_request_parameters = request.request_parameters
+      head :ok
+    end
+  end
+  def teardown
+    TestController.last_request_parameters = nil
+  end
+  test "parses unbalanced query string with array" do
+    assert_parses(
+       {'location' => ["1", "2"], 'age_group' => ["2"]},
+      "location[]=1&location[]=2&age_group[]=2"
+    )
+  end
+  test "parses nested hash" do
+    query = [
+      "note[viewers][viewer][][type]=User",
+      "note[viewers][viewer][][id]=1",
+      "note[viewers][viewer][][type]=Group",
+      "note[viewers][viewer][][id]=2"
+    ].join("&")
+    expected = { "note" => { "viewers"=>{"viewer"=>[{ "id"=>"1", "type"=>"User"}, {"type"=>"Group", "id"=>"2"} ]} } }
+    assert_parses(expected, query)
+  end
+  test "parses more complex nesting" do
+    query = [
+      "customers[boston][first][name]=David",
+      "customers[boston][first][url]=http://David",
+      "customers[boston][second][name]=Allan",
+      "customers[boston][second][url]=http://Allan",
+      "something_else=blah",
+      "something_nil=",
+      "something_empty=",
+      "products[first]=Apple Computer",
+      "products[second]=Pc",
+      "=Save"
+    ].join("&")
+    expected =  {
+      "customers" => {
+        "boston" => {
+          "first" => {
+            "name" => "David",
+            "url" => "http://David"
+          },
+          "second" => {
+            "name" => "Allan",
+            "url" => "http://Allan"
+          }
+        }
+      },
+      "something_else" => "blah",
+      "something_empty" => "",
+      "something_nil" => "",
+      "products" => {
+        "first" => "Apple Computer",
+        "second" => "Pc"
+      }
+    }
+    assert_parses expected, query
+  end
+  test "parses params with array" do
+    query = "selected[]=1&selected[]=2&selected[]=3"
+    expected = { "selected" => [ "1", "2", "3" ] }
+    assert_parses expected, query
+  end
+  test "parses params with nil key" do
+    query    = "=&test2=value1"
+    expected = { "test2" => "value1" }
+    assert_parses expected, query
+  end
+  test "parses params with array prefix and hashes" do
+    query    = "a[][b][c]=d"
+    expected = {"a" => [{"b" => {"c" => "d"}}]}
+    assert_parses expected, query
+  end
+  test "parses params with complex nesting" do
+    query    = "a[][b][c][][d][]=e"
+    expected = {"a" => [{"b" => {"c" => [{"d" => ["e"]}]}}]}
+    assert_parses expected, query
+  end
+  test "parses params with file path" do
+    query = [
+      "customers[boston][first][name]=David",
+      "something_else=blah",
+      "logo=#{File.expand_path(__FILE__)}"
+    ].join("&")
+    expected = {
+      "customers" => {
+        "boston" => {
+          "first" => {
+            "name" => "David"
+          }
+        }
+      },
+      "something_else" => "blah",
+      "logo" => File.expand_path(__FILE__),
+    }
+    assert_parses expected, query
+  end
+  test "parses params with Safari 2 trailing null character" do
+    query = "selected[]=1&selected[]=2&selected[]=3\0"
+    expected = { "selected" => [ "1", "2", "3" ] }
+    assert_parses expected, query
+  end
+  test "passes through rack middleware and parses params" do
+    with_muck_middleware do
+      assert_parses({ "a" => { "b" => "c" } }, "a[b]=c")
+    end
+  end
+  # The lint wrapper is used in integration tests
+  # instead of a normal StringIO class
+  InputWrapper = Rack::Lint::InputWrapper
+  test "passes through rack middleware and parses params with unwindable input" do
+    InputWrapper.any_instance.stubs(:rewind).raises(Errno::ESPIPE)
+    with_muck_middleware do
+      assert_parses({ "a" => { "b" => "c" } }, "a[b]=c")
+    end
+  end
+  private
+    class MuckMiddleware
+      def initialize(app)
+        @app = app
+      end
+      def call(env)
+        req = Rack::Request.new(env)
+        req.params # Parse params
+        @app.call(env)
+      end
+    end
+    def with_muck_middleware
+      original_middleware = ActionController::Dispatcher.middleware
+      middleware = original_middleware.dup
+      middleware.insert_after ActionController::RewindableInput, MuckMiddleware
+      ActionController::Dispatcher.middleware = middleware
+      yield
+      ActionController::Dispatcher.middleware = original_middleware
+    end
+    def with_test_routing
+      with_routing do |set|
+        set.draw do |map|
+          map.connect ':action', :controller => "url_encoded_params_parsing_test/test"
+        end
+        yield
+      end
+    end
+    def assert_parses(expected, actual)
+      with_test_routing do
+        post "/parse", actual
+        assert_response :ok
+        assert_equal(expected, TestController.last_request_parameters)
+      end
+    end
+end