actionpack 2.3.4 → 2.3.5

data/lib/action_view/helpers/prototype_helper.rb

@@ -393,7 +393,7 @@ module ActionView
 
         concat(form_remote_tag(options))
         fields_for(object_name, *(args << options), &proc)
-        concat('</form>')
+        concat('</form>'.html_safe!)
       end
       alias_method :form_remote_for, :remote_form_for
 

data/lib/action_view/helpers/raw_output_helper.rb

@@ -0,0 +1,9 @@
+module ActionView #:nodoc:
+  module Helpers #:nodoc:
+    module RawOutputHelper
+      def raw(stringish)
+        stringish.to_s.html_safe!
+      end
+    end
+  end
+end

data/lib/action_view/helpers/sanitize_helper.rb

@@ -49,7 +49,11 @@ module ActionView
       # confuse browsers.
       #
       def sanitize(html, options = {})
-        self.class.white_list_sanitizer.sanitize(html, options)
+        returning self.class.white_list_sanitizer.sanitize(html, options) do |sanitized|
+          if sanitized
+            sanitized.html_safe!
+          end
+        end
       end
 
       # Sanitizes a block of CSS code. Used by +sanitize+ when it comes across a style attribute.
@@ -72,7 +76,11 @@ module ActionView
       #   strip_tags("<div id='top-bar'>Welcome to my website!</div>")
       #   # => Welcome to my website!
       def strip_tags(html)
-        self.class.full_sanitizer.sanitize(html)
+        returning self.class.full_sanitizer.sanitize(html) do |sanitized|
+          if sanitized
+            sanitized.html_safe!
+          end
+        end
       end
 
       # Strips all link tags from +text+ leaving just the link text.

data/lib/action_view/helpers/tag_helper.rb

@@ -38,7 +38,7 @@ module ActionView
       #   tag("img", { :src => "open & shut.png" }, false, false)
       #   # => <img src="open &amp; shut.png" />
       def tag(name, options = nil, open = false, escape = true)
-        "<#{name}#{tag_options(options, escape) if options}#{open ? ">" : " />"}"
+        "<#{name}#{tag_options(options, escape) if options}#{open ? ">" : " />"}".html_safe!
       end
 
       # Returns an HTML block tag of type +name+ surrounding the +content+. Add
@@ -91,7 +91,7 @@ module ActionView
       #   cdata_section(File.read("hello_world.txt"))
       #   # => <![CDATA[<hello from a text file]]>
       def cdata_section(content)
-        "<![CDATA[#{content}]]>"
+        "<![CDATA[#{content}]]>".html_safe!
       end
 
       # Returns an escaped version of +html+ without affecting existing escaped entities.
@@ -125,7 +125,7 @@ module ActionView
 
         def content_tag_string(name, content, options, escape = true)
           tag_options = tag_options(options, escape) if options
-          "<#{name}#{tag_options}>#{content}</#{name}>"
+          "<#{name}#{tag_options}>#{content}</#{name}>".html_safe!
         end
 
         def tag_options(options, escape = true)
@@ -142,7 +142,7 @@ module ActionView
             else
               attrs = options.map { |key, value| %(#{key}="#{value}") }
             end
-            " #{attrs.sort * ' '}" unless attrs.empty?
+            " #{attrs.sort * ' '}".html_safe! unless attrs.empty?
           end
         end
     end

data/lib/action_view/helpers/translation_helper.rb

@@ -21,7 +21,7 @@ module ActionView
 
       # Delegates to I18n.localize with no additional functionality.
       def localize(*args)
-        I18n.localize *args
+        I18n.localize(*args)
       end
       alias :l :localize
 

data/lib/action_view/helpers/url_helper.rb

@@ -219,7 +219,7 @@ module ActionView
         if block_given?
           options      = args.first || {}
           html_options = args.second
-          concat(link_to(capture(&block), options, html_options))
+          concat(link_to(capture(&block), options, html_options).html_safe!)
         else
           name         = args.first
           options      = args.second || {}
@@ -237,7 +237,7 @@ module ActionView
           end
 
           href_attr = "href=\"#{url}\"" unless href
-          "<a #{href_attr}#{tag_options}>#{name || url}</a>"
+          "<a #{href_attr}#{tag_options}>#{name || url}</a>".html_safe!
         end
       end
 
@@ -309,7 +309,7 @@ module ActionView
         html_options.merge!("type" => "submit", "value" => name)
 
         "<form method=\"#{form_method}\" action=\"#{escape_once url}\" class=\"button-to\"><div>" +
-          method_tag + tag("input", html_options) + request_token_tag + "</div></form>"
+          method_tag + tag("input", html_options) + request_token_tag + "</div></form>".html_safe!
       end
 
 

data/lib/action_view/locale/en.yml

@@ -91,6 +91,9 @@
       over_x_years:
         one:   "over 1 year"
         other: "over {{count}} years"
+      almost_x_years:
+        one:   "almost 1 year"
+        other: "almost {{count}} years"
     prompts:
       year:   "Year"
       month:  "Month"

data/lib/action_view/partials.rb

@@ -221,7 +221,7 @@ module ActionView
           result = template.render_partial(self, object, local_assigns.dup, as)
           index += 1
           result
-        end.join(spacer)
+        end.join(spacer).html_safe!
       end
 
       def _pick_partial_template(partial_path) #:nodoc:

data/lib/action_view/safe_buffer.rb

@@ -0,0 +1,28 @@
+
+module ActionView #:nodoc:
+  class SafeBuffer < String
+    def <<(value)
+      if value.html_safe?
+        super(value)
+      else
+        super(ERB::Util.h(value))
+      end
+    end
+
+    def concat(value)
+      self << value
+    end
+
+    def html_safe?
+      true
+    end
+
+    def html_safe!
+      self
+    end
+
+    def to_s
+      self
+    end
+  end
+end

data/lib/action_view/template.rb

@@ -57,9 +57,14 @@ module ActionView #:nodoc:
     end
 
     class EagerPath < Path
+      def initialize(path)
+        super
+        @loaded = false
+      end
+
       def load!
         return if @loaded
-        
+
         @paths = {}
         templates_in_path do |template|
           template.load!
@@ -103,8 +108,9 @@ module ActionView #:nodoc:
       @@exempt_from_layout.merge(regexps)
     end
 
-    attr_accessor :template_path, :filename, :load_path, :base_path
+    attr_accessor :template_path, :load_path, :base_path
     attr_accessor :locale, :name, :format, :extension
+    attr_writer :filename
     delegate :to_s, :to => :path
 
     def initialize(template_path, load_path = nil)

data/lib/action_view/test_case.rb

@@ -22,11 +22,52 @@ module ActionView
   end
 
   class TestCase < ActiveSupport::TestCase
+    class TestController < ActionController::Base
+      attr_accessor :request, :response, :params
+
+      def self.controller_path
+        ''
+      end
+
+      def initialize
+        @request = ActionController::TestRequest.new
+        @response = ActionController::TestResponse.new
+
+        @params = {}
+        send(:initialize_current_url)
+      end
+    end
+
     include ActionController::TestCase::Assertions
     include ActionController::TestProcess
 
+    include ActionController::PolymorphicRoutes
+    include ActionController::RecordIdentifier
+
+    include ActionView::Helpers
+    include ActionController::Helpers
+
     class_inheritable_accessor :helper_class
-    @@helper_class = nil
+    attr_accessor :controller, :output_buffer, :rendered
+
+    setup :setup_with_controller
+    def setup_with_controller
+      @controller = TestController.new
+      @output_buffer = ''
+      @rendered = ''
+
+      self.class.send(:include_helper_modules!)
+      make_test_case_available_to_view!
+    end
+
+    def render(options = {}, local_assigns = {}, &block)
+      @rendered << output = _view.render(options, local_assigns, &block)
+      output
+    end
+
+    def protect_against_forgery?
+      false
+    end
 
     class << self
       def tests(helper_class)
@@ -46,42 +87,76 @@ module ActionView
       rescue NameError
         nil
       end
-    end
 
-    include ActionView::Helpers
-    include ActionController::PolymorphicRoutes
-    include ActionController::RecordIdentifier
+      def helper_method(*methods)
+        # Almost a duplicate from ActionController::Helpers
+        methods.flatten.each do |method|
+          master_helper_module.module_eval <<-end_eval
+            def #{method}(*args, &block)                    # def current_user(*args, &block)
+              _test_case.send(%(#{method}), *args, &block)  #   test_case.send(%(current_user), *args, &block)
+            end                                             # end
+          end_eval
+        end
+      end
 
-    setup :setup_with_helper_class
+      private
+        def include_helper_modules!
+          helper(helper_class) if helper_class
+          include master_helper_module
+        end
+    end
 
-    def setup_with_helper_class
-      if helper_class && !self.class.ancestors.include?(helper_class)
-        self.class.send(:include, helper_class)
+    private
+      def make_test_case_available_to_view!
+        test_case_instance = self
+        master_helper_module.module_eval do
+          define_method(:_test_case) { test_case_instance }
+          private :_test_case
+        end
       end
 
-      self.output_buffer = ''
-    end
+      def _view
+        view = ActionView::Base.new(ActionController::Base.view_paths, _assigns, @controller)
+        view.helpers.include master_helper_module
+        view.output_buffer = self.output_buffer
+        view
+      end
 
-    class TestController < ActionController::Base
-      attr_accessor :request, :response, :params
+      # Support the selector assertions
+      #
+      # Need to experiment if this priority is the best one: rendered => output_buffer
+      def response_from_page_or_rjs
+        HTML::Document.new(rendered.blank? ? output_buffer : rendered).root
+      end
 
-      def initialize
-        @request = ActionController::TestRequest.new
-        @response = ActionController::TestResponse.new
-        
-        @params = {}
-        send(:initialize_current_url)
+      EXCLUDE_IVARS = %w{
+        @output_buffer
+        @fixture_cache
+        @method_name
+        @_result
+        @loaded_fixtures
+        @test_passed
+        @view
+      }
+
+      def _instance_variables
+        instance_variables - EXCLUDE_IVARS
       end
-    end
 
-    protected
-      attr_accessor :output_buffer
+      def _assigns
+        _instance_variables.inject({}) do |hash, var|
+          name = var[1..-1].to_sym
+          hash[name] = instance_variable_get(var)
+          hash
+        end
+      end
 
-    private
       def method_missing(selector, *args)
-        controller = TestController.new
-        return controller.__send__(selector, *args) if ActionController::Routing::Routes.named_routes.helpers.include?(selector)
-        super
+        if ActionController::Routing::Routes.named_routes.helpers.include?(selector)
+          @controller.__send__(selector, *args)
+        else
+          super
+        end
       end
   end
-end
+end

data/lib/actionpack.rb

@@ -1 +1,2 @@
 require 'action_pack'
+ActiveSupport::Deprecation.warn 'require "actionpack" is deprecated and will be removed in Rails 3. Use require "action_pack" instead.'

data/test/controller/cookie_test.rb

@@ -114,6 +114,13 @@ class CookieTest < ActionController::TestCase
     assert_equal %w{1 2 3}, jar["pages"]
   end
 
+  def test_cookiejar_delete_removes_item_and_returns_its_value
+    @request.cookies["user_name"] = "david"
+    @controller.response = @response
+    jar = ActionController::CookieJar.new(@controller)
+    assert_equal "david", jar.delete("user_name")
+  end
+
   def test_delete_cookie_with_path
     get :delete_cookie_with_path
     assert_equal ["user_name=; path=/beaten; expires=Thu, 01-Jan-1970 00:00:00 GMT"], @response.headers["Set-Cookie"]

data/test/controller/dom_assertions_test.rb

@@ -0,0 +1,53 @@
+require 'abstract_unit'
+
+class DomAssertionsTest < ActionView::TestCase
+  def setup
+    super
+    @html_only = '<ul><li>foo</li><li>bar</li></ul>'
+    @html_with_meaningless_whitespace = %{
+      <ul>
+        <li>\tfoo  </li>
+        <li>
+        bar
+        </li>
+      </ul>
+    }
+    @more_html_with_meaningless_whitespace = %{<ul>
+      
+      <li>foo</li>
+
+<li>bar</li></ul>}
+  end
+  
+  test "assert_dom_equal strips meaningless whitespace from expected string" do
+    assert_dom_equal @html_with_meaningless_whitespace, @html_only
+  end
+
+  test "assert_dom_equal strips meaningless whitespace from actual string" do
+    assert_dom_equal @html_only, @html_with_meaningless_whitespace
+  end
+  
+  test "assert_dom_equal strips meaningless whitespace from both expected and actual strings" do
+    assert_dom_equal @more_html_with_meaningless_whitespace, @html_with_meaningless_whitespace
+  end
+  
+  test "assert_dom_not_equal strips meaningless whitespace from expected string" do
+    assert_assertion_fails { assert_dom_not_equal @html_with_meaningless_whitespace, @html_only }
+  end
+  
+  test "assert_dom_not_equal strips meaningless whitespace from actual string" do
+    assert_assertion_fails { assert_dom_not_equal @html_only, @html_with_meaningless_whitespace }
+  end
+  
+  test "assert_dom_not_equal strips meaningless whitespace from both expected and actual strings" do
+    assert_assertion_fails do
+      assert_dom_not_equal @more_html_with_meaningless_whitespace, @html_with_meaningless_whitespace
+    end
+  end
+  
+  private
+  
+  def assert_assertion_fails
+    assert_raise(ActiveSupport::TestCase::Assertion) { yield }
+  end
+end

data/test/controller/filter_params_test.rb

@@ -18,6 +18,7 @@ class FilterParamTest < Test::Unit::TestCase
     test_hashes = [[{},{},[]],
     [{'foo'=>nil},{'foo'=>nil},[]],
     [{'foo'=>'bar'},{'foo'=>'bar'},[]],
+    [{'foo'=>1},{'foo'=>1},[]],
     [{'foo'=>'bar'},{'foo'=>'bar'},%w'food'],
     [{'foo'=>'bar'},{'foo'=>'[FILTERED]'},%w'foo'],
     [{'foo'=>'bar', 'bar'=>'foo'},{'foo'=>'[FILTERED]', 'bar'=>'foo'},%w'foo baz'],

data/test/controller/html-scanner/sanitizer_test.rb

@@ -19,6 +19,7 @@ class SanitizerTest < ActionController::TestCase
     assert_equal "This has a  here.", sanitizer.sanitize("This has a <!-- comment --> here.")
     assert_equal "This has a  here.", sanitizer.sanitize("This has a <![CDATA[<section>]]> here.")
     assert_equal "This has an unclosed ", sanitizer.sanitize("This has an unclosed <![CDATA[<section>]] here...")
+    assert_equal "non printable char is a tag", sanitizer.sanitize("<\x07a href='/hello'>non printable char is a tag</a>")
     [nil, '', '   '].each { |blank| assert_equal blank, sanitizer.sanitize(blank) }
   end
 

data/test/controller/http_digest_authentication_test.rb

@@ -92,6 +92,23 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
     assert_equal "Authentication Failed", @response.body
   end
 
+  test "authentication request with missing nonce should return 401" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please', :remove_nonce => true)
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
+  test "authentication request with Basic auth credentials should return 401" do
+    ActionController::Base.session_options[:secret] = "session_options_secret"
+    @request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials('pretty', 'please')
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
   test "authentication request with invalid opaque" do
     @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'foo', :opaque => "xxyyzz")
     get :display
@@ -220,9 +237,14 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
 
     assert_response :unauthorized
 
+    remove_nonce = options.delete(:remove_nonce)
+
     credentials = decode_credentials(@response.headers['WWW-Authenticate'])
     credentials.merge!(options)
     credentials.merge!(:uri => @request.env['REQUEST_URI'].to_s)
+
+    credentials.delete(:nonce) if remove_nonce
+
     ActionController::HttpAuthentication::Digest.encode_credentials(method, credentials, password, options[:password_is_ha1])
   end