actionpack 3.1.0.rc4 → 3.1.0.rc5

data/CHANGELOG

@@ -1,5 +1,11 @@
 *Rails 3.1.0 (unreleased)*
 
+* The submit form helper does not generate an id "object_name_id" anymore. [fbrusatti]
+
+* Make sure respond_with with :js tries to render a template in all cases [José Valim]
+
+* json_escape will now return a SafeBuffer string if it receives SafeBuffer string [tenderlove]
+
 * Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string [Prem Sichanugrist]
 
 * Fix escape_js to work correctly with the new SafeBuffer restriction [Paul Gallagher]

data/lib/abstract_controller/asset_paths.rb

@@ -3,7 +3,7 @@ module AbstractController
     extend ActiveSupport::Concern
 
     included do
-      config_accessor :asset_host, :asset_path, :assets_dir, :javascripts_dir, :stylesheets_dir, :use_sprockets
+      config_accessor :asset_host, :asset_path, :assets_dir, :javascripts_dir, :stylesheets_dir
     end
   end
 end

data/lib/abstract_controller/layouts.rb

@@ -81,11 +81,12 @@ module AbstractController
   #   class EmployeeController < BankController
   #     layout nil
   #
-  # The InformationController uses "bank_standard" inherited from the BankController, the VaultController overwrites
-  # and picks the layout dynamically, and the EmployeeController doesn't want to use a layout at all.
-  #
-  # The TellerController uses +teller.html.erb+, and TillController inherits that layout and
-  # uses it as well.
+  # In these examples:
+  # * The InformationController uses the "bank_standard" layout, inherited from BankController.
+  # * The TellerController follows convention and uses +app/views/layouts/teller.html.erb+.
+  # * The TillController inherits the layout from TellerController and uses +teller.html.erb+ as well.
+  # * The VaultController chooses a layout dynamically by calling the <tt>access_level_layout</tt> method.
+  # * The EmployeeController does not use a layout at all.
   #
   # == Types of layouts
   #
@@ -138,8 +139,8 @@ module AbstractController
   #
   #   end
   #
-  # This will assign "weblog_standard" as the WeblogController's layout  except for the +rss+ action, which will not wrap a layout
-  # around the rendered view.
+  # This will assign "weblog_standard" as the WeblogController's layout for all actions except for the +rss+ action, which will
+  # be rendered directly, without wrapping a layout around the rendered view.
   #
   # Both the <tt>:only</tt> and <tt>:except</tt> condition can accept an arbitrary number of method references, so
   # #<tt>:except => [ :rss, :text_only ]</tt> is valid, as is <tt>:except => :rss</tt>.
@@ -158,7 +159,7 @@ module AbstractController
   #     end
   #   end
   #
-  # This will render the help action with the "help" layout instead of the controller-wide "weblog_standard" layout.
+  # This will override the controller-wide "weblog_standard" layout, and will render the help action with the "help" layout instead.
   module Layouts
     extend ActiveSupport::Concern
 
@@ -166,6 +167,7 @@ module AbstractController
 
     included do
       class_attribute :_layout_conditions
+      remove_possible_method :_layout_conditions
       delegate :_layout_conditions, :to => :'self.class'
       self._layout_conditions = {}
       _write_layout_method

data/lib/action_controller/base.rb

@@ -31,7 +31,7 @@ module ActionController
   # "302 Moved" HTTP response that takes the user to the index action.
   #
   # These two methods represent the two basic action archetypes used in Action Controllers. Get-and-show and do-and-redirect.
-  # Most actions are variations of these themes.
+  # Most actions are variations on these themes.
   #
   # == Requests
   #
@@ -116,8 +116,8 @@ module ActionController
   #
   #   Title: <%= @post.title %>
   #
-  # You don't have to rely on the automated rendering. Especially actions that could result in the rendering of different templates will use
-  # the manual rendering methods:
+  # You don't have to rely on the automated rendering. For example, actions that could result in the rendering of different templates 
+  # will use the manual rendering methods:
   #
   #   def search
   #     @results = Search.find(params[:query])
@@ -132,9 +132,9 @@ module ActionController
   #
   # == Redirects
   #
-  # Redirects are used to move from one action to another. For example, after a <tt>create</tt> action, which stores a blog entry to a database,
-  # we might like to show the user the new entry. Because we're following good DRY principles (Don't Repeat Yourself), we're going to reuse (and redirect to)
-  # a <tt>show</tt> action that we'll assume has already been created. The code might look like this:
+  # Redirects are used to move from one action to another. For example, after a <tt>create</tt> action, which stores a blog entry to the
+  # database, we might like to show the user the new entry. Because we're following good DRY principles (Don't Repeat Yourself), we're 
+  # going to reuse (and redirect to) a <tt>show</tt> action that we'll assume has already been created. The code might look like this:
   #
   #   def create
   #     @entry = Entry.new(params[:entry])
@@ -146,7 +146,9 @@ module ActionController
   #     end
   #   end
   #
-  # In this case, after saving our new entry to the database, the user is redirected to the <tt>show</tt> method which is then executed.
+  # In this case, after saving our new entry to the database, the user is redirected to the <tt>show</tt> method, which is then executed.
+  # Note that this is an external HTTP-level redirection which will cause the browser to make a second request (a GET to the show action),
+  # and not some internal re-routing which calls both "create" and then "show" within one request.
   #
   # Learn more about <tt>redirect_to</tt> and what options you have in ActionController::Redirecting.
   #
@@ -210,16 +212,16 @@ module ActionController
       # also include them at the bottom.
       AbstractController::Callbacks,
 
+      # Append rescue at the bottom to wrap as much as possible.
+      Rescue,
+
       # Add instrumentations hooks at the bottom, to ensure they instrument
       # all the methods properly.
       Instrumentation,
 
       # Params wrapper should come before instrumentation so they are
       # properly showed in logs
-      ParamsWrapper,
-
-      # The same with rescue, append it at the end to wrap as much as possible.
-      Rescue
+      ParamsWrapper
     ]
 
     MODULES.each do |mod|

data/lib/action_controller/caching/sweeping.rb

@@ -61,6 +61,7 @@ module ActionController #:nodoc:
         end
 
         def after(controller)
+          self.controller = controller
           callback(:after) if controller.perform_caching
           # Clean up, so that the controller can be collected after this request
           self.controller = nil

data/lib/action_controller/metal/redirecting.rb

@@ -43,6 +43,7 @@ module ActionController
     #
     # The status code can either be a standard {HTTP Status code}[http://www.iana.org/assignments/http-status-codes] as an
     # integer, or a symbol representing the downcased, underscored and symbolized description.
+    # Note that the status code must be a 3xx HTTP code, or redirection will not occur.
     #
     # It is also possible to assign a flash message as part of the redirection. There are two special accessors for commonly used the flash names
     # +alert+ and +notice+ as well as a general purpose +flash+ bucket.

data/lib/action_controller/metal/request_forgery_protection.rb

@@ -7,17 +7,16 @@ module ActionController #:nodoc:
   # Controller actions are protected from Cross-Site Request Forgery (CSRF) attacks
   # by including a token in the rendered html for your application. This token is
   # stored as a random string in the session, to which an attacker does not have
-  # access. When a request reaches your application, \Rails then verifies the received
-  # token with the token in the session. Only HTML and javascript requests are checked,
+  # access. When a request reaches your application, \Rails verifies the received
+  # token with the token in the session. Only HTML and JavaScript requests are checked,
   # so this will not protect your XML API (presumably you'll have a different
   # authentication scheme there anyway). Also, GET requests are not protected as these
   # should be idempotent.
   #
   # CSRF protection is turned on with the <tt>protect_from_forgery</tt> method,
-  # which will check the token and raise an ActionController::InvalidAuthenticityToken
-  # if it doesn't match what was expected. A call to this method is generated for new
-  # \Rails applications by default. You can customize the error message by editing
-  # public/422.html.
+  # which checks the token and resets the session if it doesn't match what was expected.
+  # A call to this method is generated for new \Rails applications by default.
+  # You can customize the error message by editing public/422.html.
   #
   # The token parameter is named <tt>authenticity_token</tt> by default. The name and
   # value of this token must be added to every layout that renders forms by including
@@ -63,7 +62,7 @@ module ActionController #:nodoc:
       #
       # Valid Options:
       #
-      # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call.  Set which actions are verified.
+      # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call. Set which actions are verified.
       def protect_from_forgery(options = {})
         self.request_forgery_protection_token ||= :authenticity_token
         prepend_before_filter :verify_authenticity_token, options
@@ -71,7 +70,7 @@ module ActionController #:nodoc:
     end
 
     protected
-      # The actual before_filter that is used.  Modify this to change how you handle unverified requests.
+      # The actual before_filter that is used. Modify this to change how you handle unverified requests.
       def verify_authenticity_token
         unless verified_request?
           logger.debug "WARNING: Can't verify CSRF token authenticity" if logger
@@ -79,11 +78,13 @@ module ActionController #:nodoc:
         end
       end
 
+      # This is the method that defines the application behavior when a request is found to be unverified.
+      # By default, \Rails resets the session when it finds an unverified request.
       def handle_unverified_request
         reset_session
       end
 
-      # Returns true or false if a request is verified.  Checks:
+      # Returns true or false if a request is verified. Checks:
       #
       # * is it a GET request?  Gets should be safe and idempotent
       # * Does the form_authenticity_token match the given token value from the params?

data/lib/action_controller/metal/responder.rb

@@ -162,6 +162,11 @@ module ActionController #:nodoc:
       navigation_behavior(e)
     end
 
+    # to_js simply tries to render a template. If no template is found, raises the error.
+    def to_js
+      default_render
+    end
+
     # All other formats follow the procedure below. First we try to render a
     # template, if the template is not available, we verify if the resource
     # responds to :to_format and display it.

data/lib/action_controller/metal/streaming.rb

@@ -24,20 +24,8 @@ module ActionController #:nodoc:
   #
   # == Examples
   #
-  # Streaming can be added to a controller easily, all you need to do is
-  # call +stream+ in the controller class:
-  #
-  #   class PostsController
-  #     stream
-  #   end
-  #
-  # The +stream+ method accepts the same options as +before_filter+ and friends:
-  #
-  #   class PostsController
-  #     stream :only => :index
-  #   end
-  #
-  # You can also selectively turn on streaming for specific actions:
+  # Streaming can be added to a given template easily, all you need to do is
+  # to pass the :stream option.
   #
   #   class PostsController
   #     def index
@@ -72,6 +60,9 @@ module ActionController #:nodoc:
   #     render :stream => true
   #   end
   #
+  # Notice that :stream only works with templates. Rendering :json
+  # or :xml with :stream won't work.
+  #
   # == Communication between layout and template
   #
   # When streaming, rendering happens top-down instead of inside-out.
@@ -215,6 +206,7 @@ module ActionController #:nodoc:
       # Render streaming templates. It accepts :only, :except, :if and :unless as options
       # to specify when to stream, as in ActionController filters.
       def stream(options={})
+        ActiveSupport::Deprecation.warn "stream class method is deprecated. Please give the :stream option to render instead"
         if defined?(Fiber)
           before_filter :_stream_filter, options
         else

data/lib/action_controller/railtie.rb

@@ -4,7 +4,6 @@ require "action_dispatch/railtie"
 require "action_view/railtie"
 require "abstract_controller/railties/routes_helpers"
 require "action_controller/railties/paths"
-require "sprockets/railtie"
 
 module ActionController
   class Railtie < Rails::Railtie

data/lib/action_controller/test_case.rb

@@ -395,7 +395,26 @@ module ActionController
       end
       alias xhr :xml_http_request
 
+      def paramify_values(hash_or_array_or_value)
+        case hash_or_array_or_value
+        when Hash
+          hash_or_array_or_value.each do |key, value|
+            hash_or_array_or_value[key] = paramify_values(value)
+          end
+        when Array
+          hash_or_array_or_value.map {|i| paramify_values(i)}
+        when Rack::Test::UploadedFile
+          hash_or_array_or_value
+        else
+          hash_or_array_or_value.to_param
+        end
+      end
+
       def process(action, parameters = nil, session = nil, flash = nil, http_method = 'GET')
+        # Ensure that numbers and symbols passed as params are converted to
+        # proper params, as is the case when engaging rack.
+        paramify_values(parameters)
+
         # Sanity check for required instance variables so we can give an
         # understandable error message.
         %w(@routes @controller @request @response).each do |iv_name|

data/lib/action_dispatch/http/upload.rb

@@ -4,7 +4,7 @@ module ActionDispatch
       attr_accessor :original_filename, :content_type, :tempfile, :headers
 
       def initialize(hash)
-        @original_filename = hash[:filename]
+        @original_filename = encode_filename(hash[:filename])
         @content_type      = hash[:type]
         @headers           = hash[:head]
         @tempfile          = hash[:tempfile]
@@ -30,6 +30,16 @@ module ActionDispatch
       def size
         @tempfile.size
       end
+      
+      private
+      def encode_filename(filename)
+        # Encode the filename in the utf8 encoding, unless it is nil or we're in 1.8
+        if "ruby".encoding_aware? && filename
+          filename.force_encoding("UTF-8").encode!
+        else
+          filename
+        end
+      end
     end
 
     module Upload

data/lib/action_dispatch/middleware/cookies.rb

@@ -128,6 +128,11 @@ module ActionDispatch
         @cookies[name.to_s]
       end
 
+      def key?(name)
+        @cookies.key?(name.to_s)
+      end
+      alias :has_key? :key?
+
       def update(other_hash)
         @cookies.update other_hash
         self

data/lib/action_dispatch/routing/mapper.rb

@@ -116,6 +116,8 @@ module ActionDispatch
               path
             elsif path.include?(":format") || path.end_with?('/')
               path
+            elsif @options[:format] == true
+              "#{path}.:format"
             else
               "#{path}(.:format)"
             end
@@ -187,13 +189,12 @@ module ActionDispatch
           end
 
           def blocks
-            block = @scope[:blocks] || []
-
-            if @options[:constraints].present? && !@options[:constraints].is_a?(Hash)
-              block << @options[:constraints]
+            constraints = @options[:constraints]
+            if constraints.present? && !constraints.is_a?(Hash)
+              [constraints]
+            else
+              @scope[:blocks] || []
             end
-
-            block
           end
 
           def constraints
@@ -1102,9 +1103,9 @@ module ActionDispatch
         #
         #   The +comments+ resource here will have the following routes generated for it:
         #
-        #     post_comments    GET    /sekret/posts/:post_id/comments(.:format)
-        #     post_comments    POST   /sekret/posts/:post_id/comments(.:format)
-        #     new_post_comment GET    /sekret/posts/:post_id/comments/new(.:format)
+        #     post_comments    GET    /posts/:post_id/comments(.:format)
+        #     post_comments    POST   /posts/:post_id/comments(.:format)
+        #     new_post_comment GET    /posts/:post_id/comments/new(.:format)
         #     edit_comment     GET    /sekret/comments/:id/edit(.:format)
         #     comment          GET    /sekret/comments/:id(.:format)
         #     comment          PUT    /sekret/comments/:id(.:format)

data/lib/action_dispatch/routing/polymorphic_routes.rb

@@ -124,14 +124,7 @@ module ActionDispatch
           args.last.kind_of?(Hash) ? args.last.merge!(url_options) : args << url_options
         end
 
-        if proxy
-          proxy.send(named_route, *args)
-        else
-          # we need to use url_for, because polymorphic_url can be used in context of other than
-          # current routes (e.g. engine's routes). As named routes from engine are not included
-          # calling engine's named route directly would fail.
-          url_for _routes.url_helpers.__send__("hash_for_#{named_route}", *args)
-        end
+        (proxy || self).send(named_route, *args)
       end
 
       # Returns the path component of a URL for the given record. It uses
@@ -182,10 +175,12 @@ module ActionDispatch
 
           if record.is_a?(Symbol) || record.is_a?(String)
             route << record
-          else
+          elsif record
             route << ActiveModel::Naming.route_key(record)
             route = [route.join("_").singularize] if inflection == :singular
             route << "index" if ActiveModel::Naming.uncountable?(record) && inflection == :plural
+          else
+            raise ArgumentError, "Nil location provided. Can't build URI."
           end
 
           route << routing_type(options)

data/lib/action_dispatch/testing/test_request.rb

@@ -83,7 +83,7 @@ module ActionDispatch
       end
 
       def escape_cookie(name, value)
-        "#{Rack::Utils.escape(name)}=#{Rack::Utils.escape(value)}"
+        "#{Rack::Utils.escape(name)}=#{Rack::Utils.escape(value.to_s)}"
       end
 
       def delete_nil_values!

data/lib/action_pack/version.rb

@@ -3,7 +3,7 @@ module ActionPack
     MAJOR = 3
     MINOR = 1
     TINY  = 0
-    PRE   = "rc4"
+    PRE   = "rc5"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
   end

data/lib/action_view.rb

@@ -30,6 +30,7 @@ module ActionView
   extend ActiveSupport::Autoload
 
   eager_autoload do
+    autoload :AssetPaths
     autoload :Base
     autoload :Context
     autoload :Helpers

data/lib/action_view/asset_paths.rb

@@ -0,0 +1,148 @@
+require 'zlib'
+require 'active_support/core_ext/file'
+
+module ActionView
+
+  class AssetPaths #:nodoc:
+    attr_reader :config, :controller
+
+    def initialize(config, controller = nil)
+      @config = config
+      @controller = controller
+    end
+
+    # Add the extension +ext+ if not present. Return full or scheme-relative URLs otherwise untouched.
+    # Prefix with <tt>/dir/</tt> if lacking a leading +/+. Account for relative URL
+    # roots. Rewrite the asset path for cache-busting asset ids. Include
+    # asset host, if configured, with the correct request protocol.
+    #
+    # When include_host is true and the asset host does not specify the protocol
+    # the protocol parameter specifies how the protocol will be added.
+    # When :relative (default), the protocol will be determined by the client using current protocol
+    # When :request, the protocol will be the request protocol
+    # Otherwise, the protocol is used (E.g. :http, :https, etc)
+    def compute_public_path(source, dir, ext = nil, include_host = true, protocol = nil)
+      source = source.to_s
+      return source if is_uri?(source)
+
+      source = rewrite_extension(source, dir, ext) if ext
+      source = rewrite_asset_path(source, dir)
+      source = rewrite_relative_url_root(source, relative_url_root) if has_request?
+      source = rewrite_host_and_protocol(source, protocol) if include_host
+      source
+    end
+
+    # Return the filesystem path for the source
+    def compute_source_path(source, dir, ext)
+      source = rewrite_extension(source, dir, ext) if ext
+      File.join(config.assets_dir, dir, source)
+    end
+
+    def is_uri?(path)
+      path =~ %r{^[-a-z]+://|^cid:|^//}
+    end
+
+  private
+
+    def rewrite_extension(source, dir, ext)
+      raise NotImplementedError
+    end
+
+    def rewrite_asset_path(source, path = nil)
+      raise NotImplementedError
+    end
+
+    def rewrite_relative_url_root(source, relative_url_root)
+      relative_url_root && !source.starts_with?("#{relative_url_root}/") ? "#{relative_url_root}#{source}" : source
+    end
+
+    def has_request?
+      controller.respond_to?(:request)
+    end
+
+    def rewrite_host_and_protocol(source, protocol = nil)
+      host = compute_asset_host(source)
+      if host && !is_uri?(host)
+        if (protocol || default_protocol) == :request && !has_request?
+          host = nil
+        else
+          host = "#{compute_protocol(protocol)}#{host}"
+        end
+      end
+      host.nil? ? source : "#{host}#{source}"
+    end
+
+    def compute_protocol(protocol)
+      protocol ||= default_protocol
+      case protocol
+      when :relative
+        "//"
+      when :request
+        unless @controller
+          invalid_asset_host!("The protocol requested was :request. Consider using :relative instead.")
+        end
+        @controller.request.protocol
+      else
+        "#{protocol}://"
+      end
+    end
+
+    def default_protocol
+      protocol = @config.action_controller.default_asset_host_protocol if @config.action_controller.present?
+      protocol ||= @config.default_asset_host_protocol
+      protocol || (has_request? ? :request : :relative)
+    end
+
+    def invalid_asset_host!(help_message)
+      raise ActionController::RoutingError, "This asset host cannot be computed without a request in scope. #{help_message}"
+    end
+
+    # Pick an asset host for this source. Returns +nil+ if no host is set,
+    # the host if no wildcard is set, the host interpolated with the
+    # numbers 0-3 if it contains <tt>%d</tt> (the number is the source hash mod 4),
+    # or the value returned from invoking the proc if it's a proc or the value from
+    # invoking call if it's an object responding to call.
+    def compute_asset_host(source)
+      if host = asset_host_config
+        if host.respond_to?(:call)
+          args = [source]
+          arity = arity_of(host)
+          if arity > 1 && !has_request?
+            invalid_asset_host!("Remove the second argument to your asset_host Proc if you do not need the request.")
+          end
+          args << current_request if (arity > 1 || arity < 0) && has_request?
+          host.call(*args)
+        else
+          (host =~ /%d/) ? host % (Zlib.crc32(source) % 4) : host
+        end
+      end
+    end
+
+    def relative_url_root
+      config = controller.config if controller.respond_to?(:config)
+      config ||= config.action_controller if config.action_controller.present?
+      config ||= config
+      config.relative_url_root
+    end
+
+    def asset_host_config
+      if config.action_controller.present?
+        config.action_controller.asset_host
+      else
+        config.asset_host
+      end
+    end
+
+    # Returns the current request if one exists.
+    def current_request
+      controller.request if has_request?
+    end
+
+    # Returns the arity of a callable
+    def arity_of(callable)
+      callable.respond_to?(:arity) ? callable.arity : callable.method(:call).arity
+    end
+
+  end
+
+end