actionpack 2.3.3 → 2.3.4

data/lib/action_controller/url_rewriter.rb

@@ -184,7 +184,7 @@ module ActionController
         path = rewrite_path(options)
         rewritten_url << ActionController::Base.relative_url_root.to_s unless options[:skip_relative_url_root]
         rewritten_url << (options[:trailing_slash] ? path.sub(/\?|\z/) { "/" + $& } : path)
-        rewritten_url << "##{options[:anchor]}" if options[:anchor]
+        rewritten_url << "##{CGI.escape(options[:anchor].to_param.to_s)}" if options[:anchor]
 
         rewritten_url
       end

data/lib/action_pack/version.rb

@@ -2,7 +2,7 @@ module ActionPack #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 2
     MINOR = 3
-    TINY  = 3
+    TINY  = 4
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/lib/action_view/helpers/atom_feed_helper.rb

@@ -98,7 +98,7 @@ module ActionView
           options[:schema_date] = "2005" # The Atom spec copyright date
         end
 
-        xml = options[:xml] || eval("xml", block.binding)
+        xml = options.delete(:xml) || eval("xml", block.binding)
         xml.instruct!
         if options[:instruct]
           options[:instruct].each do |target,attrs|

data/lib/action_view/helpers/form_helper.rb

@@ -726,6 +726,7 @@ module ActionView
         options = options.stringify_keys
         tag_value = options.delete("value")
         name_and_id = options.dup
+        name_and_id["id"] = name_and_id["for"]
         add_default_name_and_id_for_value(tag_value, name_and_id)
         options.delete("index")
         options["for"] ||= name_and_id["id"]
@@ -860,8 +861,8 @@ module ActionView
 
       private
         def add_default_name_and_id_for_value(tag_value, options)
-          if tag_value
-            pretty_tag_value    = tag_value.to_s.gsub(/\s/, "_").gsub(/\W/, "").downcase
+          unless tag_value.nil?
+            pretty_tag_value = tag_value.to_s.gsub(/\s/, "_").gsub(/\W/, "").downcase
             specified_id = options["id"]
             add_default_name_and_id(options)
             options["id"] += "_#{pretty_tag_value}" unless specified_id

data/lib/action_view/helpers/form_options_helper.rb

@@ -162,6 +162,60 @@ module ActionView
         InstanceTag.new(object, method, self, options.delete(:object)).to_collection_select_tag(collection, value_method, text_method, options, html_options)
       end
 
+
+      # Returns <tt><select></tt>, <tt><optgroup></tt> and <tt><option></tt> tags for the collection of existing return values of
+      # +method+ for +object+'s class. The value returned from calling +method+ on the instance +object+ will
+      # be selected. If calling +method+ returns +nil+, no selection is made without including <tt>:prompt</tt>
+      # or <tt>:include_blank</tt> in the +options+ hash.
+      #
+      # Parameters:
+      # * +object+ - The instance of the class to be used for the select tag
+      # * +method+ - The attribute of +object+ corresponding to the select tag
+      # * +collection+ - An array of objects representing the <tt><optgroup></tt> tags.
+      # * +group_method+ - The name of a method which, when called on a member of +collection+, returns an
+      #   array of child objects representing the <tt><option></tt> tags.
+      # * +group_label_method+ - The name of a method which, when called on a member of +collection+, returns a
+      #   string to be used as the +label+ attribute for its <tt><optgroup></tt> tag.
+      # * +option_key_method+ - The name of a method which, when called on a child object of a member of
+      #   +collection+, returns a value to be used as the +value+ attribute for its <tt><option></tt> tag.
+      # * +option_value_method+ - The name of a method which, when called on a child object of a member of
+      #   +collection+, returns a value to be used as the contents of its <tt><option></tt> tag.
+      #
+      # Example object structure for use with this method:
+      #   class Continent < ActiveRecord::Base
+      #     has_many :countries
+      #     # attribs: id, name
+      #   end
+      #   class Country < ActiveRecord::Base
+      #     belongs_to :continent
+      #     # attribs: id, name, continent_id
+      #   end
+      #   class City < ActiveRecord::Base
+      #     belongs_to :country
+      #     # attribs: id, name, country_id
+      #   end
+      #
+      # Sample usage:
+      #   grouped_collection_select(:city, :country_id, @continents, :countries, :name, :id, :name)
+      #
+      # Possible output:
+      #   <select name="city[country_id]">
+      #     <optgroup label="Africa">
+      #       <option value="1">South Africa</option>
+      #       <option value="3">Somalia</option>
+      #     </optgroup>
+      #     <optgroup label="Europe">
+      #       <option value="7" selected="selected">Denmark</option>
+      #       <option value="2">Ireland</option>
+      #     </optgroup>
+      #   </select>
+      #
+      def grouped_collection_select(object, method, collection, group_method, group_label_method, option_key_method, option_value_method, options = {}, html_options = {})
+        InstanceTag.new(object, method, self, options.delete(:object)).to_grouped_collection_select_tag(collection, group_method, group_label_method, option_key_method, option_value_method, options, html_options)
+      end
+
+
+
       # Return select and option tags for the given object and method, using
       # #time_zone_options_for_select to generate the list of option tags.
       #
@@ -490,6 +544,15 @@ module ActionView
         )
       end
 
+      def to_grouped_collection_select_tag(collection, group_method, group_label_method, option_key_method, option_value_method, options, html_options)
+        html_options = html_options.stringify_keys
+        add_default_name_and_id(html_options)
+        value = value(object)
+        content_tag(
+          "select", add_options(option_groups_from_collection_for_select(collection, group_method, group_label_method, option_key_method, option_value_method, value), options, value), html_options
+        )
+      end
+
       def to_time_zone_select_tag(priority_zones, options, html_options)
         html_options = html_options.stringify_keys
         add_default_name_and_id(html_options)
@@ -508,7 +571,8 @@ module ActionView
             option_tags = "<option value=\"\">#{options[:include_blank] if options[:include_blank].kind_of?(String)}</option>\n" + option_tags
           end
           if value.blank? && options[:prompt]
-            ("<option value=\"\">#{options[:prompt].kind_of?(String) ? options[:prompt] : 'Please select'}</option>\n") + option_tags
+            prompt = options[:prompt].kind_of?(String) ? options[:prompt] : I18n.translate('support.select.prompt', :default => 'Please select')
+            "<option value=\"\">#{prompt}</option>\n" + option_tags
           else
             option_tags
           end
@@ -524,6 +588,10 @@ module ActionView
         @template.collection_select(@object_name, method, collection, value_method, text_method, objectify_options(options), @default_options.merge(html_options))
       end
 
+      def grouped_collection_select(method, collection, group_method, group_label_method, option_key_method, option_value_method, options = {}, html_options = {})
+        @template.grouped_collection_select(@object_name, method, collection, group_method, group_label_method, option_key_method, option_value_method, objectify_options(options), @default_options.merge(html_options))
+      end
+
       def time_zone_select(method, priority_zones = nil, options = {}, html_options = {})
         @template.time_zone_select(@object_name, method, priority_zones, objectify_options(options), @default_options.merge(html_options))
       end

data/lib/action_view/helpers/tag_helper.rb

@@ -103,7 +103,7 @@ module ActionView
       #   escape_once("<< Accept & Checkout")
       #   # => "<< Accept & Checkout"
       def escape_once(html)
-        html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
+        ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
       end
 
       private

data/lib/action_view/helpers/text_helper.rb

@@ -33,30 +33,31 @@ module ActionView
       end
 
       # Truncates a given +text+ after a given <tt>:length</tt> if +text+ is longer than <tt>:length</tt>
-      # (defaults to 30). The last characters will be replaced with the <tt>:omission</tt> (defaults to "...").
+      # (defaults to 30). The last characters will be replaced with the <tt>:omission</tt> (defaults to "...")
+      # for a total length not exceeding <tt>:length</tt>.
       #
       # ==== Examples
       #
       #   truncate("Once upon a time in a world far far away")
-      #   # => Once upon a time in a world f...
+      #   # => Once upon a time in a world...
       #
       #   truncate("Once upon a time in a world far far away", :length => 14)
       #   # => Once upon a...
       #
       #   truncate("And they found that many people were sleeping better.", :length => 25, "(clipped)")
-      #   # => And they found that many (clipped)
+      #   # => And they found t(clipped)
       #
-      #   truncate("And they found that many people were sleeping better.", :omission => "... (continued)", :length => 15)
-      #   # => And they found... (continued)
+      #   truncate("And they found that many people were sleeping better.", :omission => "... (continued)", :length => 25)
+      #   # => And they f... (continued)
       #
       # You can still use <tt>truncate</tt> with the old API that accepts the
       # +length+ as its optional second and the +ellipsis+ as its
       # optional third parameter:
       #   truncate("Once upon a time in a world far far away", 14)
-      #   # => Once upon a time in a world f...
+      #   # => Once upon a...
       #
-      #   truncate("And they found that many people were sleeping better.", 15, "... (continued)")
-      #   # => And they found... (continued)
+      #   truncate("And they found that many people were sleeping better.", 25, "... (continued)")
+      #   # => And they f... (continued)
       def truncate(text, *args)
         options = args.extract_options!
         unless args.empty?
@@ -234,12 +235,20 @@ module ActionView
       #
       #   textilize("Visit the Rails website "here":http://www.rubyonrails.org/.)
       #   # => "<p>Visit the Rails website <a href="http://www.rubyonrails.org/">here</a>.</p>"
-      def textilize(text)
+      #
+      #   textilize("This is worded <strong>strongly</strong>")
+      #   # => "<p>This is worded <strong>strongly</strong></p>"
+      #
+      #   textilize("This is worded <strong>strongly</strong>", :filter_html)
+      #   # => "<p>This is worded &lt;strong&gt;strongly&lt;/strong&gt;</p>"
+      #
+      def textilize(text, *options)
+        options ||= [:hard_breaks]
+
         if text.blank?
           ""
         else
-          textilized = RedCloth.new(text, [ :hard_breaks ])
-          textilized.hard_breaks = true if textilized.respond_to?(:hard_breaks=)
+          textilized = RedCloth.new(text, options)
           textilized.to_html
         end
       end

data/lib/action_view/helpers/url_helper.rb

@@ -568,7 +568,7 @@ module ActionView
             when confirm && popup
               "if (#{confirm_javascript_function(confirm)}) { #{popup_javascript_function(popup)} };return false;"
             when confirm && method
-              "if (#{confirm_javascript_function(confirm)}) { #{method_javascript_function(method)} };return false;"
+              "if (#{confirm_javascript_function(confirm)}) { #{method_javascript_function(method, url, href)} };return false;"
             when confirm
               "return #{confirm_javascript_function(confirm)};"
             when method

data/lib/action_view/locale/en.yml

@@ -108,3 +108,7 @@
         # The variable :count is also available
         body: "There were problems with the following fields:"
 
+  support:
+    select:
+      # default value for :prompt => true in FormOptionsHelper
+      prompt: "Please select"

data/test/abstract_unit.rb

@@ -43,3 +43,19 @@ ActionController::Base.view_paths = FIXTURE_LOAD_PATH
 CACHED_VIEW_PATHS = ActionView::Base.cache_template_loading? ?
                       ActionController::Base.view_paths :
                       ActionController::Base.view_paths.map {|path| ActionView::Template::EagerPath.new(path.to_s)}
+
+class DummyMutex
+  def lock
+    @locked = true
+  end
+
+  def unlock
+    @locked = false
+  end
+
+  def locked?
+    @locked
+  end
+end
+
+ActionController::Reloader.default_lock = DummyMutex.new

data/test/controller/caching_test.rb

@@ -52,7 +52,7 @@ class PageCachingTest < ActionController::TestCase
     ActionController::Base.perform_caching = true
 
     ActionController::Routing::Routes.draw do |map|
-      map.main '', :controller => 'posts'
+      map.main '', :controller => 'posts', :format => nil
       map.formatted_posts 'posts.:format', :controller => 'posts'
       map.resources :posts
       map.connect ':controller/:action/:id'

data/test/controller/cookie_test.rb

@@ -118,4 +118,10 @@ class CookieTest < ActionController::TestCase
     get :delete_cookie_with_path
     assert_equal ["user_name=; path=/beaten; expires=Thu, 01-Jan-1970 00:00:00 GMT"], @response.headers["Set-Cookie"]
   end
+
+  def test_cookies_persist_throughout_request
+    get :authenticate
+    cookies = @controller.send(:cookies)
+    assert_equal 'david', cookies['user_name']
+  end
 end

data/test/controller/dispatcher_test.rb

@@ -2,25 +2,17 @@ require 'abstract_unit'
 
 class DispatcherTest < Test::Unit::TestCase
   Dispatcher = ActionController::Dispatcher
+  Reloader   = ActionController::Reloader
 
   def setup
     ENV['REQUEST_METHOD'] = 'GET'
-
-    Dispatcher.middleware = ActionController::MiddlewareStack.new do |middleware|
-      middlewares = File.expand_path(File.join(File.dirname(__FILE__), "../../lib/action_controller/middlewares.rb"))
-      middleware.instance_eval(File.read(middlewares))
-    end
-
-    # Clear callbacks as they are redefined by Dispatcher#define_dispatcher_callbacks
-    Dispatcher.instance_variable_set("@prepare_dispatch_callbacks", ActiveSupport::Callbacks::CallbackChain.new)
-    Dispatcher.instance_variable_set("@before_dispatch_callbacks", ActiveSupport::Callbacks::CallbackChain.new)
-    Dispatcher.instance_variable_set("@after_dispatch_callbacks", ActiveSupport::Callbacks::CallbackChain.new)
-
+    reset_dispatcher
     Dispatcher.stubs(:require_dependency)
   end
 
   def teardown
     ENV.delete 'REQUEST_METHOD'
+    reset_dispatcher
   end
 
   def test_clears_dependencies_after_dispatch_if_in_loading_mode
@@ -41,6 +33,34 @@ class DispatcherTest < Test::Unit::TestCase
     dispatch
   end
 
+  def test_builds_middleware_stack_only_during_initialization_if_not_in_loading_mode
+    dispatcher = create_dispatcher
+    assert_not_nil dispatcher.instance_variable_get(:"@app")
+    dispatcher.instance_variable_set(:"@app", lambda { |env| })
+    dispatcher.expects(:build_middleware_stack).never
+    dispatcher.call(nil)
+    dispatcher.call(nil)
+  end
+
+  def test_rebuilds_middleware_stack_on_every_request_if_in_loading_mode
+    dispatcher = create_dispatcher(false)
+    dispatcher.instance_variable_set(:"@app", lambda { |env| })
+    dispatcher.expects(:build_middleware_stack).twice
+    dispatcher.call(nil)
+    Reloader.default_lock.unlock
+    dispatcher.call(nil)
+  end
+
+  def test_doesnt_wrap_call_in_reloader_if_not_in_loading_mode
+    Reloader.expects(:run).never
+    dispatch
+  end
+
+  def test_wraps_call_in_reloader_if_in_loading_mode
+    Reloader.expects(:run).once
+    dispatch(false)
+  end
+
   # Stub out dispatch error logger
   class << Dispatcher
     def log_failsafe_exception(status, exception); end
@@ -99,6 +119,25 @@ class DispatcherTest < Test::Unit::TestCase
       Dispatcher.new.call({'rack.input' => StringIO.new('')})
     end
 
+    def create_dispatcher(cache_classes = true)
+      Dispatcher.define_dispatcher_callbacks(cache_classes)
+      Dispatcher.new
+    end
+
+    def reset_dispatcher
+      Dispatcher.middleware = ActionController::MiddlewareStack.new do |middleware|
+        middlewares = File.expand_path(File.join(File.dirname(__FILE__), "../../lib/action_controller/middlewares.rb"))
+        middleware.instance_eval(File.read(middlewares))
+      end
+
+      # Clear callbacks as they are redefined by Dispatcher#define_dispatcher_callbacks
+      Dispatcher.instance_variable_set("@prepare_dispatch_callbacks", ActiveSupport::Callbacks::CallbackChain.new)
+      Dispatcher.instance_variable_set("@before_dispatch_callbacks", ActiveSupport::Callbacks::CallbackChain.new)
+      Dispatcher.instance_variable_set("@after_dispatch_callbacks", ActiveSupport::Callbacks::CallbackChain.new)
+
+      Dispatcher.define_dispatcher_callbacks(true)
+    end
+
     def assert_subclasses(howmany, klass, message = klass.subclasses.inspect)
       assert_equal howmany, klass.subclasses.size, message
     end

data/test/controller/filter_params_test.rb

@@ -24,7 +24,8 @@ class FilterParamTest < Test::Unit::TestCase
     [{'foo'=>'bar', 'baz'=>'foo'},{'foo'=>'[FILTERED]', 'baz'=>'[FILTERED]'},%w'foo baz'],
     [{'bar'=>{'foo'=>'bar','bar'=>'foo'}},{'bar'=>{'foo'=>'[FILTERED]','bar'=>'foo'}},%w'fo'],
     [{'foo'=>{'foo'=>'bar','bar'=>'foo'}},{'foo'=>'[FILTERED]'},%w'f banana'],
-    [{'baz'=>[{'foo'=>'baz'}]}, {'baz'=>[{'foo'=>'[FILTERED]'}]}, %w(foo)]]
+    [{'baz'=>[{'foo'=>'baz'}]}, {'baz'=>[{'foo'=>'[FILTERED]'}]}, %w(foo)],
+    [{'baz'=>[{'foo'=>'baz'}, 1, 2, 3]}, {'baz'=>[{'foo'=>'[FILTERED]'}, 1, 2, 3]}, %w(foo)]]
 
     test_hashes.each do |before_filter, after_filter, filter_words|
       FilterParamController.filter_parameter_logging(*filter_words)

data/test/controller/http_basic_authentication_test.rb

@@ -4,6 +4,7 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
   class DummyController < ActionController::Base
     before_filter :authenticate, :only => :index
     before_filter :authenticate_with_request, :only => :display
+    before_filter :authenticate_long_credentials, :only => :show
 
     def index
       render :text => "Hello Secret"
@@ -12,6 +13,10 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
     def display
       render :text => 'Definitely Maybe'
     end
+    
+    def show
+      render :text => 'Only for loooooong credentials'
+    end
 
     private
 
@@ -28,6 +33,12 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
         request_http_basic_authentication("SuperSecret")
       end
     end
+    
+    def authenticate_long_credentials
+      authenticate_or_request_with_http_basic do |username, password|
+        username == '1234567890123456789012345678901234567890' && password == '1234567890123456789012345678901234567890'
+      end
+    end
   end
 
   AUTH_HEADERS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION', 'REDIRECT_X_HTTP_AUTHORIZATION']
@@ -42,6 +53,13 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
       assert_response :success
       assert_equal 'Hello Secret', @response.body, "Authentication failed for request header #{header}"
     end
+    test "successful authentication with #{header.downcase} and long credentials" do
+      @request.env[header] = encode_credentials('1234567890123456789012345678901234567890', '1234567890123456789012345678901234567890')
+      get :show
+      
+      assert_response :success
+      assert_equal 'Only for loooooong credentials', @response.body, "Authentication failed for request header #{header} and long credentials"
+    end
   end
 
   AUTH_HEADERS.each do |header|
@@ -52,6 +70,13 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
       assert_response :unauthorized
       assert_equal "HTTP Basic: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header}"
     end
+    test "unsuccessful authentication with #{header.downcase} and long credentials" do
+      @request.env[header] = encode_credentials('h4x0rh4x0rh4x0rh4x0rh4x0rh4x0rh4x0rh4x0r', 'worldworldworldworldworldworldworldworld')
+      get :show
+
+      assert_response :unauthorized
+      assert_equal "HTTP Basic: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header} and long credentials"
+    end
   end
 
   test "authentication request without credential" do

data/test/controller/http_digest_authentication_test.rb

@@ -129,7 +129,7 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
     assert_equal 'Definitely Maybe', @response.body
   end
 
-   test "authentication request with request-uri that doesn't match credentials digest-uri" do
+  test "authentication request with request-uri that doesn't match credentials digest-uri" do
     @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
     @request.env['REQUEST_URI'] = "/http_digest_authentication_test/dummy_digest/altered/uri"
     get :display
@@ -138,10 +138,33 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
     assert_equal "Authentication Failed", @response.body
   end
 
-   test "authentication request with absolute uri" do
-    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:uri => "http://test.host/http_digest_authentication_test/dummy_digest/display",
+  test "authentication request with absolute request uri (as in webrick)" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
+    @request.env['REQUEST_URI'] = "http://test.host/http_digest_authentication_test/dummy_digest"
+
+    get :display
+
+    assert_response :success
+    assert assigns(:logged_in)
+    assert_equal 'Definitely Maybe', @response.body
+  end
+
+  test "authentication request with absolute uri in credentials (as in IE)" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:url => "http://test.host/http_digest_authentication_test/dummy_digest",
                                                             :username => 'pretty', :password => 'please')
-    @request.env['REQUEST_URI'] = "http://test.host/http_digest_authentication_test/dummy_digest/display"
+
+    get :display
+
+    assert_response :success
+    assert assigns(:logged_in)
+    assert_equal 'Definitely Maybe', @response.body
+  end
+
+  test "authentication request with absolute uri in both request and credentials (as in Webrick with IE)" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:url => "http://test.host/http_digest_authentication_test/dummy_digest",
+                                                            :username => 'pretty', :password => 'please')
+    @request.env['REQUEST_URI'] = "http://test.host/http_digest_authentication_test/dummy_digest"
+
     get :display
 
     assert_response :success
@@ -199,11 +222,11 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
 
     credentials = decode_credentials(@response.headers['WWW-Authenticate'])
     credentials.merge!(options)
-    credentials.reverse_merge!(:uri => "#{@request.env['REQUEST_URI']}")
+    credentials.merge!(:uri => @request.env['REQUEST_URI'].to_s)
     ActionController::HttpAuthentication::Digest.encode_credentials(method, credentials, password, options[:password_is_ha1])
   end
 
   def decode_credentials(header)
     ActionController::HttpAuthentication::Digest.decode_credentials(@response.headers['WWW-Authenticate'])
   end
-end
+end