actionpack 3.1.0.beta1 → 3.1.0.rc1

data/lib/action_controller/metal/request_forgery_protection.rb

@@ -73,7 +73,10 @@ module ActionController #:nodoc:
     protected
       # The actual before_filter that is used.  Modify this to change how you handle unverified requests.
       def verify_authenticity_token
-        verified_request? || handle_unverified_request
+        unless verified_request?
+          logger.debug "WARNING: Can't verify CSRF token authenticity" if logger
+          handle_unverified_request
+        end
       end
 
       def handle_unverified_request

data/lib/action_controller/metal/responder.rb

@@ -68,7 +68,7 @@ module ActionController #:nodoc:
   #     respond_with(@project, @task)
   #   end
   #
-  # Giving an array of resources, you ensure that the responder will redirect to
+  # Giving several resources ensures that the responder will redirect to
   # <code>project_task_url</code> instead of <code>task_url</code>.
   #
   # Namespaced and singleton resources require a symbol to be given, as in
@@ -77,6 +77,11 @@ module ActionController #:nodoc:
   #
   #   respond_with(@project, :manager, @task)
   #
+  # Note that if you give an array, it will be treated as a collection,
+  # so the following is not equivalent:
+  #
+  #   respond_with [@project, :manager, @task]
+  #
   # === Custom options
   #
   # <code>respond_with</code> also allow you to pass options that are forwarded

data/lib/action_controller/metal/url_for.rb

@@ -1,3 +1,24 @@
+# Includes +url_for+ into the host class. The class has to provide a +RouteSet+ by implementing 
+# the <tt>_routes</tt> method. Otherwise, an exception will be raised.
+#
+# In addition to <tt>AbstractController::UrlFor</tt>, this module accesses the HTTP layer to define 
+# url options like the +host+. In order to do so, this module requires the host class
+# to implement +env+ and +request+, which need to be a Rack-compatible.
+#
+# Example:
+#
+#   class RootUrl
+#     include ActionController::UrlFor
+#     include Rails.application.routes.url_helpers
+#
+#     delegate :env, :request, :to => :controller
+#
+#     def initialize(controller)
+#       @controller = controller
+#       @url        = root_path # named route from the application.
+#     end
+#   end
+# => 
 module ActionController
   module UrlFor
     extend ActiveSupport::Concern

data/lib/action_controller/test_case.rb

@@ -2,6 +2,7 @@ require 'rack/session/abstract/id'
 require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/object/to_query'
 require 'active_support/core_ext/class/attribute'
+require 'active_support/core_ext/module/anonymous'
 
 module ActionController
   module TemplateAssertions
@@ -413,7 +414,11 @@ module ActionController
         @request.env['REQUEST_METHOD'] = http_method
 
         parameters ||= {}
-        @request.assign_parameters(@routes, @controller.class.name.underscore.sub(/_controller$/, ''), action.to_s, parameters)
+        controller_class_name = @controller.class.anonymous? ?
+          "anonymous_controller" :
+          @controller.class.name.underscore.sub(/_controller$/, '')
+
+        @request.assign_parameters(@routes, controller_class_name, action.to_s, parameters)
 
         @request.session = ActionController::TestSession.new(session) if session
         @request.session["flash"] = @request.flash.update(flash || {})

data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb

@@ -33,7 +33,7 @@ module HTML
       result = super
       # strip any comments, and if they have a newline at the end (ie. line with
       # only a comment) strip that too
-      result.gsub!(/<!--(.*?)-->[\n]?/m, "") if result
+      result = result.gsub(/<!--(.*?)-->[\n]?/m, "") if (result && result =~ /<!--(.*?)-->[\n]?/m)
       # Recurse - handle all dirty nested tags
       result == text ? result : sanitize(result, options)
     end

data/lib/action_dispatch/http/cache.rb

@@ -42,20 +42,6 @@ module ActionDispatch
         attr_reader :cache_control, :etag
         alias :etag? :etag
 
-        def initialize(*)
-          super
-
-          @cache_control = {}
-          @etag = self["ETag"]
-
-          if cache_control = self["Cache-Control"]
-            cache_control.split(/,\s*/).each do |segment|
-              first, last = segment.split("=")
-              @cache_control[first.to_sym] = last || true
-            end
-          end
-        end
-
         def last_modified
           if last = headers['Last-Modified']
             Time.httpdate(last)
@@ -77,6 +63,18 @@ module ActionDispatch
 
       private
 
+        def prepare_cache_control!
+          @cache_control = {}
+          @etag = self["ETag"]
+
+          if cache_control = self["Cache-Control"]
+            cache_control.split(/,\s*/).each do |segment|
+              first, last = segment.split("=")
+              @cache_control[first.to_sym] = last || true
+            end
+          end
+        end
+
         def handle_conditional_get!
           if etag? || last_modified? || !@cache_control.empty?
             set_conditional_cache_control!

data/lib/action_dispatch/http/rack_cache.rb

@@ -14,11 +14,15 @@ module ActionDispatch
     end
 
     def read(key)
-      @store.read(key) || []
+      if data = @store.read(key)
+        Marshal.load(data)
+      else
+        []
+      end
     end
 
     def write(key, value)
-      @store.write(key, value)
+      @store.write(key, Marshal.dump(value))
     end
 
     ::Rack::Cache::MetaStore::RAILS = self

data/lib/action_dispatch/http/response.rb

@@ -56,26 +56,25 @@ module ActionDispatch # :nodoc:
 
     cattr_accessor(:default_charset) { "utf-8" }
 
-    module Setup
-      def initialize(status = 200, header = {}, body = [])
-        self.body, self.header, self.status = body, header, status
+    include Rack::Response::Helpers
+    include ActionDispatch::Http::Cache::Response
 
-        @sending_file = false
-        @blank = false
+    def initialize(status = 200, header = {}, body = [])
+      self.body, self.header, self.status = body, header, status
 
-        if content_type = self["Content-Type"]
-          type, charset = content_type.split(/;\s*charset=/)
-          @content_type = Mime::Type.lookup(type)
-          @charset = charset || "UTF-8"
-        end
+      @sending_file = false
+      @blank = false
 
-        yield self if block_given?
+      if content_type = self["Content-Type"]
+        type, charset = content_type.split(/;\s*charset=/)
+        @content_type = Mime::Type.lookup(type)
+        @charset = charset || "UTF-8"
       end
-    end
 
-    include Rack::Response::Helpers
-    include Setup
-    include ActionDispatch::Http::Cache::Response
+      prepare_cache_control!
+
+      yield self if block_given?
+    end
 
     def status=(status)
       @status = Rack::Utils.status_code(status)
@@ -116,9 +115,32 @@ module ActionDispatch # :nodoc:
 
     EMPTY = " "
 
+    class BodyBuster #:nodoc:
+      def initialize(response)
+        @response = response
+        @body = ""
+      end
+
+      def bust(body)
+        body.call(@response, self)
+        body.close if body.respond_to?(:close)
+        @body
+      end
+
+      def write(string)
+        @body << string.to_s
+      end
+    end
+
     def body=(body)
       @blank = true if body == EMPTY
 
+      if body.respond_to?(:call)
+        ActiveSupport::Deprecation.warn "Setting a Proc or an object that responds to call " \
+          "in response_body is no longer supported", caller
+        body = BodyBuster.new(self).bust(body)
+      end
+
       # Explicitly check for strings. This is *wrong* theoretically
       # but if we don't check this, the performance on string bodies
       # is bad on Ruby 1.8 (because strings responds to each then).
@@ -150,6 +172,10 @@ module ActionDispatch # :nodoc:
       headers['Location'] = url
     end
 
+    def close
+      @body.close if @body.respond_to?(:close)
+    end
+
     def to_a
       assign_default_content_type_and_charset!
       handle_conditional_get!

data/lib/action_dispatch/http/url.rb

@@ -162,7 +162,7 @@ module ActionDispatch
 
       # Returns all the \subdomains as a string, so <tt>"dev.www"</tt> would be
       # returned for "dev.www.rubyonrails.org". You can specify a different <tt>tld_length</tt>,
-      # such as 2 to catch <tt>["www"]</tt> instead of <tt>"www.rubyonrails"</tt>
+      # such as 2 to catch <tt>"www"</tt> instead of <tt>"www.rubyonrails"</tt>
       # in "www.rubyonrails.co.uk".
       def subdomain(tld_length = @@tld_length)
         subdomains(tld_length).join(".")

data/lib/action_dispatch/middleware/cookies.rb

@@ -167,8 +167,8 @@ module ActionDispatch
 
         handle_options(options)
 
-        @set_cookies[key] = options
-        @delete_cookies.delete(key)
+        @set_cookies[key.to_s] = options
+        @delete_cookies.delete(key.to_s)
         value
       end
 
@@ -181,7 +181,7 @@ module ActionDispatch
         handle_options(options)
 
         value = @cookies.delete(key.to_s)
-        @delete_cookies[key] = options
+        @delete_cookies[key.to_s] = options
         value
       end
 

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb

@@ -1,7 +1,7 @@
 <h1>
   <%=h @exception.class.to_s %>
   <% if @request.parameters['controller'] %>
-    in <%=h @request.parameters['controller'].classify.pluralize %>Controller<% if @request.parameters['action'] %>#<%=h @request.parameters['action'] %><% end %>
+    in <%=h @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%=h @request.parameters['action'] %><% end %>
   <% end %>
 </h1>
 <pre><%=h @exception.message %></pre>

data/lib/action_dispatch/routing.rb

@@ -49,8 +49,8 @@ module ActionDispatch
   # You may wish to organize groups of controllers under a namespace. Most
   # commonly, you might group a number of administrative controllers under
   # an +admin+ namespace. You would place these controllers under the
-  # app/controllers/admin directory, and you can group them together in your
-  # router:
+  # <tt>app/controllers/admin</tt> directory, and you can group them together
+  # in your router:
   #
   #   namespace "admin" do
   #     resources :posts, :comments
@@ -152,7 +152,7 @@ module ActionDispatch
   #     }
   #   end
   #
-  # Using the multiline match modifier will raise an ArgumentError.
+  # Using the multiline match modifier will raise an +ArgumentError+.
   # Encoding regular expression modifiers are silently ignored. The
   # match will always use the default encoding or ASCII.
   #

data/lib/action_dispatch/routing/mapper.rb

@@ -335,7 +335,7 @@ module ActionDispatch
         #
         # [:on]
         #   Shorthand for wrapping routes in a specific RESTful context. Valid
-        #   values are :member, :collection, and :new.  Only use within
+        #   values are +:member+, +:collection+, and +:new+.  Only use within
         #   <tt>resource(s)</tt> block. For example:
         #
         #      resource :bar do
@@ -352,7 +352,7 @@ module ActionDispatch
         #
         # [:constraints]
         #   Constrains parameters with a hash of regular expressions or an
-        #   object that responds to #matches?
+        #   object that responds to <tt>matches?</tt>
         #
         #     match 'path/:id', :constraints => { :id => /[A-Z]\d{5}/ }
         #
@@ -373,7 +373,7 @@ module ActionDispatch
         #   See <tt>Scoping#defaults</tt> for its scope equivalent.
         #
         # [:anchor]
-        #   Boolean to anchor a #match pattern. Default is true. When set to
+        #   Boolean to anchor a <tt>match</tt> pattern. Default is true. When set to
         #   false, the pattern matches any request prefixed with the given path.
         #
         #     # Matches any request starting with 'path'
@@ -517,15 +517,15 @@ module ActionDispatch
       # You may wish to organize groups of controllers under a namespace.
       # Most commonly, you might group a number of administrative controllers
       # under an +admin+ namespace. You would place these controllers under
-      # the app/controllers/admin directory, and you can group them together
-      # in your router:
+      # the <tt>app/controllers/admin</tt> directory, and you can group them
+      # together in your router:
       #
       #   namespace "admin" do
       #     resources :posts, :comments
       #   end
       #
       # This will create a number of routes for each of the posts and comments
-      # controller. For Admin::PostsController, Rails will create:
+      # controller. For <tt>Admin::PostsController</tt>, Rails will create:
       #
       #   GET	    /admin/posts
       #   GET	    /admin/posts/new
@@ -536,7 +536,7 @@ module ActionDispatch
       #   DELETE  /admin/posts/1
       #
       # If you want to route /posts (without the prefix /admin) to
-      # Admin::PostsController, you could use
+      # <tt>Admin::PostsController</tt>, you could use
       #
       #   scope :module => "admin" do
       #     resources :posts
@@ -546,7 +546,7 @@ module ActionDispatch
       #
       #   resources :posts, :module => "admin"
       #
-      # If you want to route /admin/posts to PostsController
+      # If you want to route /admin/posts to +PostsController+
       # (without the Admin:: module prefix), you could use
       #
       #   scope "/admin" do
@@ -555,11 +555,11 @@ module ActionDispatch
       #
       # or, for a single case
       #
-      #   resources :posts, :path => "/admin"
+      #   resources :posts, :path => "/admin/posts"
       #
       # In each of these cases, the named routes remain the same as if you did
       # not use scope. In the last case, the following paths map to
-      # PostsController:
+      # +PostsController+:
       #
       #   GET	    /admin/posts
       #   GET	    /admin/posts/new
@@ -587,7 +587,7 @@ module ActionDispatch
         #
         # === Examples
         #
-        #   # route /posts (without the prefix /admin) to Admin::PostsController
+        #   # route /posts (without the prefix /admin) to <tt>Admin::PostsController</tt>
         #   scope :module => "admin" do
         #     resources :posts
         #   end
@@ -597,7 +597,7 @@ module ActionDispatch
         #     resources :posts
         #   end
         #
-        #   # prefix the routing helper name: sekret_posts_path instead of posts_path
+        #   # prefix the routing helper name: +sekret_posts_path+ instead of +posts_path+
         #   scope :as => "sekret" do
         #     resources :posts
         #   end
@@ -679,12 +679,12 @@ module ActionDispatch
         #     resources :posts
         #   end
         #
-        #   # maps to Sekret::PostsController rather than Admin::PostsController
+        #   # maps to <tt>Sekret::PostsController</tt> rather than <tt>Admin::PostsController</tt>
         #   namespace :admin, :module => "sekret" do
         #     resources :posts
         #   end
         #
-        #   # generates sekret_posts_path rather than admin_posts_path
+        #   # generates +sekret_posts_path+ rather than +admin_posts_path+
         #   namespace :admin, :as => "sekret" do
         #     resources :posts
         #   end
@@ -712,6 +712,7 @@ module ActionDispatch
         #     constraints(:post_id => /\d+\.\d+) do
         #       resources :comments
         #     end
+        #   end
         #
         # === Restricting based on IP
         #
@@ -846,20 +847,20 @@ module ActionDispatch
       # You may wish to organize groups of controllers under a namespace. Most
       # commonly, you might group a number of administrative controllers under
       # an +admin+ namespace. You would place these controllers under the
-      # app/controllers/admin directory, and you can group them together in your
-      # router:
+      # <tt>app/controllers/admin</tt> directory, and you can group them together
+      # in your router:
       #
       #   namespace "admin" do
       #     resources :posts, :comments
       #   end
       #
-      # By default the :id parameter doesn't accept dots. If you need to
-      # use dots as part of the :id parameter add a constraint which
+      # By default the +:id+ parameter doesn't accept dots. If you need to
+      # use dots as part of the +:id+ parameter add a constraint which
       # overrides this restriction, e.g:
       #
       #   resources :articles, :id => /[^\/]+/
       #
-      # This allows any character other than a slash as part of your :id.
+      # This allows any character other than a slash as part of your +:id+.
       #
       module Resources
         # CANONICAL_ACTIONS holds all actions that does not need a prefix or
@@ -909,7 +910,7 @@ module ActionDispatch
 
           alias :member_name :singular
 
-          # Checks for uncountable plurals, and appends "_index" if the plural 
+          # Checks for uncountable plurals, and appends "_index" if the plural
           # and singular form are the same.
           def collection_name
             singular == plural ? "#{plural}_index" : plural
@@ -975,7 +976,7 @@ module ActionDispatch
         #   resource :geocoder
         #
         # creates six different routes in your application, all mapping to
-        # the GeoCoders controller (note that the controller is named after
+        # the +GeoCoders+ controller (note that the controller is named after
         # the plural):
         #
         #   GET     /geocoder/new
@@ -1024,7 +1025,7 @@ module ActionDispatch
         #   resources :photos
         #
         # creates seven different routes in your application, all mapping to
-        # the Photos controller:
+        # the +Photos+ controller:
         #
         #   GET     /photos/new
         #   POST    /photos
@@ -1082,9 +1083,13 @@ module ActionDispatch
         #   Is the same as:
         #
         #     resources :posts do
-        #       resources :comments
+        #       resources :comments, :except => [:show, :edit, :update, :destroy]
         #     end
-        #     resources :comments
+        #     resources :comments, :only => [:show, :edit, :update, :destroy]
+        #
+        #   This allows URLs for resources that otherwise would be deeply nested such
+        #   as a comment on a blog post like <tt>/posts/a-long-permalink/comments/1234</tt>
+        #   to be shortened to just <tt>/comments/1234</tt>.
         #
         # [:shallow_path]
         #   Prefixes nested shallow routes with the specified path.
@@ -1107,11 +1112,11 @@ module ActionDispatch
         #
         # === Examples
         #
-        #   # routes call Admin::PostsController
+        #   # routes call <tt>Admin::PostsController</tt>
         #   resources :posts, :module => "admin"
         #
         #   # resource actions are at /admin/posts.
-        #   resources :posts, :path => "admin"
+        #   resources :posts, :path => "admin/posts"
         def resources(*resources, &block)
           options = resources.extract_options!
 
@@ -1151,7 +1156,7 @@ module ActionDispatch
         #   end
         #
         # This will enable Rails to recognize paths such as <tt>/photos/search</tt>
-        # with GET, and route to the search action of PhotosController. It will also
+        # with GET, and route to the search action of +PhotosController+. It will also
         # create the <tt>search_photos_url</tt> and <tt>search_photos_path</tt>
         # route helpers.
         def collection
@@ -1175,7 +1180,7 @@ module ActionDispatch
         #   end
         #
         # This will recognize <tt>/photos/1/preview</tt> with GET, and route to the
-        # preview action of PhotosController. It will also create the
+        # preview action of +PhotosController+. It will also create the
         # <tt>preview_photo_url</tt> and <tt>preview_photo_path</tt> helpers.
         def member
           unless resource_scope?