actionpack 2.3.8 → 2.3.9.pre

data/CHANGELOG

@@ -1,3 +1,8 @@
+*2.3.9 (August 29, 2010)*
+
+* Version bump.
+
+
 *2.3.8 (May 24, 2010)*
 
 * HTML safety: fix compatibility *without* the optional rails_xss plugin.

data/Rakefile

@@ -79,7 +79,7 @@ spec = Gem::Specification.new do |s|
   s.has_rdoc = true
   s.requirements << 'none'
 
-  s.add_dependency('activesupport', '= 2.3.8' + PKG_BUILD)
+  s.add_dependency('activesupport', '= 2.3.9' + PKG_BUILD)
   s.add_dependency('rack', '~> 1.1.0')
 
   s.require_path = 'lib'

data/lib/action_controller/caching/fragments.rb

@@ -65,8 +65,8 @@ module ActionController #:nodoc:
       def read_fragment(key, options = nil)
         return unless cache_configured?
 
+        key = fragment_cache_key(key)
         self.class.benchmark "Cached fragment hit: #{key}" do
-          key = fragment_cache_key(key)
           result = cache_store.read(key, options)
           result.respond_to?(:html_safe) ? result.html_safe : result
         end

data/lib/action_controller/integration.rb

@@ -414,15 +414,25 @@ module ActionController
         end
 
         def multipart_requestify(params, first=true)
-          returning Hash.new do |p|
+          Array.new.tap do |p|
             params.each do |key, value|
               k = first ? key.to_s : "[#{key.to_s}]"
               if Hash === value
                 multipart_requestify(value, false).each do |subkey, subvalue|
-                  p[k + subkey] = subvalue
+                  p << [k + subkey, subvalue]
+                end
+              elsif Array === value
+                value.each do |element|
+                  if Hash === element || Array === element
+                    multipart_requestify(element, false).each do |subkey, subvalue|
+                      p << ["#{k}[]#{subkey}", subvalue]
+                    end
+                  else
+                    p << ["#{k}[]", element]
+                  end
                 end
               else
-                p[k] = value
+                p << [k, value]
               end
             end
           end
@@ -453,6 +463,7 @@ EOF
             end
           end.join("")+"--#{boundary}--\r"
         end
+
     end
 
     # A module used to extend ActionController::Base, so that integration tests
@@ -500,7 +511,7 @@ EOF
           reset! unless @integration_session
           # reset the html_document variable, but only for new get/post calls
           @html_document = nil unless %w(cookies assigns).include?(method)
-          returning @integration_session.__send__(method, *args) do
+          @integration_session.__send__(method, *args).tap do
             copy_session_variables!
           end
         end
@@ -556,7 +567,7 @@ EOF
       def method_missing(sym, *args, &block)
         reset! unless @integration_session
         if @integration_session.respond_to?(sym)
-          returning @integration_session.__send__(sym, *args, &block) do
+          @integration_session.__send__(sym, *args, &block).tap do
             copy_session_variables!
           end
         else

data/lib/action_controller/request.rb

@@ -446,8 +446,8 @@ EOM
     end
 
     def reset_session
-      @env['rack.session.options'].delete(:id)
-      @env['rack.session'] = {}
+      session.destroy if session
+      self.session = {}
     end
 
     def session_options

data/lib/action_controller/rescue.rb

@@ -15,7 +15,7 @@ module ActionController #:nodoc:
   # behavior is achieved by overriding the <tt>rescue_action_in_public</tt>
   # and <tt>rescue_action_locally</tt> methods.
   module Rescue
-    LOCALHOST = ['127.0.0.1', '::1'].freeze
+    LOCALHOST = [/^127\.0\.0\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/].freeze
 
     DEFAULT_RESCUE_RESPONSE = :internal_server_error
     DEFAULT_RESCUE_RESPONSES = {
@@ -122,7 +122,7 @@ module ActionController #:nodoc:
       # method if you wish to redefine the meaning of a local request to
       # include remote IP addresses or other criteria.
       def local_request? #:doc:
-        LOCALHOST.any?{ |local_ip| request.remote_addr == local_ip && request.remote_ip == local_ip }
+        LOCALHOST.any?{ |local_ip| request.remote_addr =~ local_ip && request.remote_ip =~ local_ip }
       end
 
       # Render detailed diagnostics for unhandled exceptions rescued from

data/lib/action_controller/resources.rb

@@ -659,7 +659,7 @@ module ActionController
       end
 
       def add_conditions_for(conditions, method)
-        returning({:conditions => conditions.dup}) do |options|
+        ({:conditions => conditions.dup}).tap do |options|
           options[:conditions][:method] = method unless method == :any
         end
       end

data/lib/action_controller/routing.rb

@@ -377,7 +377,7 @@ module ActionController
     ActiveSupport::Inflector.module_eval do
       # Ensures that routes are reloaded when Rails inflections are updated.
       def inflections_with_route_reloading(&block)
-        returning(inflections_without_route_reloading(&block)) {
+        (inflections_without_route_reloading(&block)).tap {
           ActionController::Routing::Routes.reload! if block_given?
         }
       end

data/lib/action_controller/routing/route.rb

@@ -65,7 +65,7 @@ module ActionController
       #   map.connect '/page/:id', :controller => 'pages', :action => 'show', :id => /\d+/
       #
       def parameter_shell
-        @parameter_shell ||= returning({}) do |shell|
+        @parameter_shell ||= {}.tap do |shell|
           requirements.each do |key, requirement|
             shell[key] = requirement unless requirement.is_a? Regexp
           end
@@ -76,7 +76,7 @@ module ActionController
       # includes keys that appear inside the path, and keys that have requirements
       # placed upon them.
       def significant_keys
-        @significant_keys ||= returning([]) do |sk|
+        @significant_keys ||= [].tap do |sk|
           segments.each { |segment| sk << segment.key if segment.respond_to? :key }
           sk.concat requirements.keys
           sk.uniq!
@@ -86,7 +86,7 @@ module ActionController
       # Return a hash of key/value pairs representing the keys in the route that
       # have defaults, or which are specified by non-regexp requirements.
       def defaults
-        @defaults ||= returning({}) do |hash|
+        @defaults ||= {}.tap do |hash|
           segments.each do |segment|
             next unless segment.respond_to? :default
             hash[segment.key] = segment.default unless segment.default.nil?

data/lib/action_controller/session/abstract_store.rb

@@ -2,13 +2,42 @@ require 'rack/utils'
 
 module ActionController
   module Session
-    class AbstractStore
+    class AbstractStore  
       ENV_SESSION_KEY = 'rack.session'.freeze
       ENV_SESSION_OPTIONS_KEY = 'rack.session.options'.freeze
 
       HTTP_COOKIE = 'HTTP_COOKIE'.freeze
       SET_COOKIE = 'Set-Cookie'.freeze
 
+      # thin wrapper around Hash that allows us to lazily
+      # load session id into session_options
+      class OptionsHash < Hash
+        def initialize(by, env, default_options)
+          @by = by
+          @env = env
+          @session_id_loaded = false
+          merge!(default_options)
+        end
+
+        def [](key)
+          if key == :id
+            load_session_id! unless super(:id) || has_session_id?
+          end
+          super(key)
+        end
+
+        private
+
+          def has_session_id?
+            @session_id_loaded
+          end
+
+          def load_session_id!
+            self[:id] = @by.send(:extract_session_id, @env)
+            @session_id_loaded = true
+          end
+      end
+
       class SessionHash < Hash
         def initialize(by, env)
           super()
@@ -25,21 +54,42 @@ module ActionController
         end
 
         def [](key)
-          load! unless @loaded
+          load_for_read!
+          super
+        end
+
+        def has_key?(key)
+          load_for_read!
           super
         end
 
         def []=(key, value)
-          load! unless @loaded
+          load_for_write!
+          super
+        end
+
+        def clear
+          load_for_write!
           super
         end
 
         def to_hash
+          load_for_read!
           h = {}.replace(self)
           h.delete_if { |k,v| v.nil? }
           h
         end
 
+        def update(hash)
+          load_for_write!
+          super
+        end
+
+        def delete(key)
+          load_for_write!
+          super
+        end
+
         def data
          ActiveSupport::Deprecation.warn(
            "ActionController::Session::AbstractStore::SessionHash#data " +
@@ -48,40 +98,43 @@ module ActionController
         end
 
         def inspect
-          load! unless @loaded
+          load_for_read!
           super
         end
 
+        def exists?
+          return @exists if instance_variable_defined?(:@exists)
+          @exists = @by.send(:exists?, @env)
+        end
+
+        def loaded?
+          @loaded
+        end
+
+        def destroy
+          clear
+          @by.send(:destroy, @env) if @by
+          @env[ENV_SESSION_OPTIONS_KEY][:id] = nil if @env && @env[ENV_SESSION_OPTIONS_KEY]
+          @loaded = false
+        end
+
         private
-          def loaded?
-            @loaded
+          
+          def load_for_read!
+            load! if !loaded? && exists?
           end
 
-          def load!
-            stale_session_check! do
-              id, session = @by.send(:load_session, @env)
-              (@env[ENV_SESSION_OPTIONS_KEY] ||= {})[:id] = id
-              replace(session)
-              @loaded = true
-            end
+          def load_for_write!
+            load! unless loaded?
           end
 
-          def stale_session_check!
-            yield
-          rescue ArgumentError => argument_error
-            if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
-              begin
-                # Note that the regexp does not allow $1 to end with a ':'
-                $1.constantize
-              rescue LoadError, NameError => const_error
-                raise ActionController::SessionRestoreError, "Session contains objects whose class definition isn\\'t available.\nRemember to require the classes for all objects kept in the session.\n(Original exception: \#{const_error.message} [\#{const_error.class}])\n"
-              end
-
-              retry
-            else
-              raise
-            end
+          def load!
+            id, session = @by.send(:load_session, @env)
+            @env[ENV_SESSION_OPTIONS_KEY][:id] = id
+            replace(session)
+            @loaded = true
           end
+
       end
 
       DEFAULT_OPTIONS = {
@@ -120,18 +173,14 @@ module ActionController
       end
 
       def call(env)
-        session = SessionHash.new(self, env)
-
-        env[ENV_SESSION_KEY] = session
-        env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup
-
+        prepare!(env)
         response = @app.call(env)
 
         session_data = env[ENV_SESSION_KEY]
         options = env[ENV_SESSION_OPTIONS_KEY]
 
-        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
-          session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
+        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after]
+          session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.loaded?
 
           sid = options[:id] || generate_sid
 
@@ -139,21 +188,23 @@ module ActionController
             return response
           end
 
-          cookie = Rack::Utils.escape(@key) + '=' + Rack::Utils.escape(sid)
-          cookie << "; domain=#{options[:domain]}" if options[:domain]
-          cookie << "; path=#{options[:path]}" if options[:path]
-          if options[:expire_after]
-            expiry = Time.now + options[:expire_after]
-            cookie << "; expires=#{expiry.httpdate}"
-          end
-          cookie << "; Secure" if options[:secure]
-          cookie << "; HttpOnly" if options[:httponly]
-
-          headers = response[1]
-          unless headers[SET_COOKIE].blank?
-            headers[SET_COOKIE] << "\n#{cookie}"
-          else
-            headers[SET_COOKIE] = cookie
+          if (env["rack.request.cookie_hash"] && env["rack.request.cookie_hash"][@key] != sid) || options[:expire_after]
+            cookie = Rack::Utils.escape(@key) + '=' + Rack::Utils.escape(sid)
+            cookie << "; domain=#{options[:domain]}" if options[:domain]
+            cookie << "; path=#{options[:path]}" if options[:path]
+            if options[:expire_after]
+              expiry = Time.now + options[:expire_after]
+              cookie << "; expires=#{expiry.httpdate}"
+            end
+            cookie << "; Secure" if options[:secure]
+            cookie << "; HttpOnly" if options[:httponly]
+
+            headers = response[1]
+            unless headers[SET_COOKIE].blank?
+              headers[SET_COOKIE] << "\n#{cookie}"
+            else
+              headers[SET_COOKIE] = cookie
+            end
           end
         end
 
@@ -161,18 +212,39 @@ module ActionController
       end
 
       private
+      
+        def prepare!(env)
+          env[ENV_SESSION_KEY] = SessionHash.new(self, env)
+          env[ENV_SESSION_OPTIONS_KEY] = OptionsHash.new(self, env, @default_options)
+        end
+      
         def generate_sid
           ActiveSupport::SecureRandom.hex(16)
         end
 
         def load_session(env)
-          request = Rack::Request.new(env)
-          sid = request.cookies[@key]
-          unless @cookie_only
-            sid ||= request.params[@key]
+          stale_session_check! do
+            sid = current_session_id(env)
+            sid, session = get_session(env, sid)
+            [sid, session]
+          end
+        end
+        
+        def extract_session_id(env)
+          stale_session_check! do
+            request = Rack::Request.new(env)
+            sid = request.cookies[@key]
+            sid ||= request.params[@key] unless @cookie_only
+            sid
           end
-          sid, session = get_session(env, sid)
-          [sid, session]
+        end
+
+        def current_session_id(env)
+          env[ENV_SESSION_OPTIONS_KEY][:id]
+        end
+        
+        def exists?(env)
+          current_session_id(env).present?
         end
 
         def get_session(env, sid)
@@ -182,6 +254,30 @@ module ActionController
         def set_session(env, sid, session_data)
           raise '#set_session needs to be implemented.'
         end
+        
+        def destroy(env)
+          raise '#destroy needs to be implemented.'
+        end
+        
+        module SessionUtils
+          private
+          def stale_session_check!
+            yield
+          rescue ArgumentError => argument_error
+            if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
+              begin
+                # Note that the regexp does not allow $1 to end with a ':'
+                $1.constantize
+              rescue LoadError, NameError => const_error
+                raise ActionController::SessionRestoreError, "Session contains objects whose class definition isn\\'t available.\nRemember to require the classes for all objects kept in the session.\n(Original exception: \#{const_error.message} [\#{const_error.class}])\n"
+              end
+              retry
+            else
+              raise
+            end
+          end
+        end
+        include SessionUtils
     end
   end
 end