actionpack 3.0.4.rc1 → 3.0.4

data/lib/action_controller/metal/rendering.rb

@@ -7,7 +7,7 @@ module ActionController
 
     # Before processing, set the request formats in current controller formats.
     def process_action(*) #:nodoc:
-      self.formats = request.formats.map { |x| x.to_sym }
+      self.formats = request.formats.map { |x| x.ref }
       super
     end
 

data/lib/action_controller/metal/request_forgery_protection.rb

@@ -89,25 +89,24 @@ module ActionController #:nodoc:
     end
 
     protected
-
-      def protect_from_forgery(options = {})
-        self.request_forgery_protection_token ||= :authenticity_token
-        before_filter :verify_authenticity_token, options
-      end
-
       # The actual before_filter that is used.  Modify this to change how you handle unverified requests.
       def verify_authenticity_token
-        verified_request? || raise(ActionController::InvalidAuthenticityToken)
+        verified_request? || handle_unverified_request
+      end
+
+      def handle_unverified_request
+        reset_session
       end
 
       # Returns true or false if a request is verified.  Checks:
       #
-      # * is the format restricted?  By default, only HTML requests are checked.
       # * is it a GET request?  Gets should be safe and idempotent
       # * Does the form_authenticity_token match the given token value from the params?
+      # * Does the X-CSRF-Token header match the form_authenticity_token
       def verified_request?
-        !protect_against_forgery? || request.forgery_whitelisted? ||
-          form_authenticity_token == params[request_forgery_protection_token]
+        !protect_against_forgery? || request.get? ||
+          form_authenticity_token == params[request_forgery_protection_token] ||
+          form_authenticity_token == request.headers['X-CSRF-Token']
       end
 
       # Sets the token value for the current session.

data/lib/action_dispatch/http/mime_type.rb

@@ -176,7 +176,11 @@ module Mime
     end
 
     def to_sym
-      @symbol || @string.to_sym
+      @symbol
+    end
+
+    def ref
+      to_sym || to_s
     end
 
     def ===(list)

data/lib/action_dispatch/http/request.rb

@@ -141,8 +141,9 @@ module ActionDispatch
     end
 
     def forgery_whitelisted?
-      get? || xhr? || content_mime_type.nil? || !content_mime_type.verify_request?
+      get?
     end
+    deprecate :forgery_whitelisted? => "it is just an alias for 'get?' now, update your code"
 
     def media_type
       content_mime_type.to_s

data/lib/action_pack/version.rb

@@ -3,7 +3,7 @@ module ActionPack
     MAJOR = 3
     MINOR = 0
     TINY  = 4
-    PRE   = "rc1"
+    PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
   end

data/lib/action_view/helpers/url_helper.rb

@@ -490,7 +490,9 @@ module ActionView
         string = ''
 
         if encode == "javascript"
-          "document.write('#{content_tag("a", name || email_address_obfuscated.html_safe, html_options.merge("href" => "mailto:#{email_address}#{extras}".html_safe))}');".each_byte do |c|
+          html   = content_tag("a", name || email_address_obfuscated.html_safe, html_options.merge("href" => "mailto:#{email_address}#{extras}".html_safe))
+          html   = escape_javascript(html)
+          "document.write('#{html}');".each_byte do |c|
             string << sprintf("%%%x", c)
           end
           "<script type=\"#{Mime::JS}\">eval(decodeURIComponent('#{string}'))</script>".html_safe

data/lib/action_view/lookup_context.rb

@@ -145,11 +145,11 @@ module ActionView
         @frozen_formats = true
       end
 
-      # Overload formats= to reject [:"*/*"] values.
+      # Overload formats= to reject ["*/*"] values.
       def formats=(values)
         if values && values.size == 1
           value = values.first
-          values = nil    if value == :"*/*"
+          values = nil    if value == "*/*"
           values << :html if value == :js
         end
         super(values)

data/lib/action_view/template.rb

@@ -117,7 +117,7 @@ module ActionView
       @method_names       = {}
 
       format   = details[:format] || :html
-      @formats = Array.wrap(format).map(&:to_sym)
+      @formats = Array.wrap(format).map { |f| f.is_a?(Mime::Type) ? f.ref : f }
       @virtual_path = details[:virtual_path].try(:sub, ".#{format}", "")
     end
 

data/lib/action_view/template/resolver.rb

@@ -72,14 +72,20 @@ module ActionView
       query.gsub!(/\{\.html,/, "{.html,.text.html,")
       query.gsub!(/\{\.text,/, "{.text,.text.plain,")
 
-      Dir[query].reject { |p| File.directory?(p) }.map do |p|
-        handler, format = extract_handler_and_format(p, formats)
+      templates = []
+      sanitizer = Hash.new { |h,k| h[k] = Dir["#{File.dirname(k)}/*"] }
+
+      Dir[query].each do |p|
+        next if File.directory?(p) || !sanitizer[p].include?(p)
 
+        handler, format = extract_handler_and_format(p, formats)
         contents = File.open(p, "rb") {|io| io.read }
 
-        Template.new(contents, File.expand_path(p), handler,
+        templates << Template.new(contents, File.expand_path(p), handler,
           :virtual_path => path, :format => format)
       end
+
+      templates
     end
 
     # Extract handler and formats from path. If a format cannot be a found neither

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: actionpack
 version: !ruby/object:Gem::Version 
-  hash: 977940590
-  prerelease: true
+  hash: 15
+  prerelease: false
   segments: 
   - 3
   - 0
   - 4
-  - rc1
-  version: 3.0.4.rc1
+  version: 3.0.4
 platform: ruby
 authors: 
 - David Heinemeier Hansson
@@ -16,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-01-31 00:00:00 +13:00
+date: 2011-02-09 00:00:00 +13:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -27,13 +26,12 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 977940590
+        hash: 15
         segments: 
         - 3
         - 0
         - 4
-        - rc1
-        version: 3.0.4.rc1
+        version: 3.0.4
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
@@ -44,13 +42,12 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 977940590
+        hash: 15
         segments: 
         - 3
         - 0
         - 4
-        - rc1
-        version: 3.0.4.rc1
+        version: 3.0.4
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
@@ -360,14 +357,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version 
-      hash: 25
+      hash: 3
       segments: 
-      - 1
-      - 3
-      - 1
-      version: 1.3.1
+      - 0
+      version: "0"
 requirements: 
 - none
 rubyforge_project: actionpack