actionpack 3.1.12 → 3.2.0.rc1

data/lib/action_controller/railties/paths.rb

@@ -6,13 +6,14 @@ module ActionController
           define_method(:inherited) do |klass|
             super(klass)
 
-            if namespace = klass.parents.detect {|m| m.respond_to?(:_railtie) }
-              paths = namespace._railtie.paths["app/helpers"].existent
+            if namespace = klass.parents.detect { |m| m.respond_to?(:railtie_helpers_paths) }
+              paths = namespace.railtie_helpers_paths
             else
-              paths = app.config.helpers_paths
+              paths = app.helpers_paths
             end
 
             klass.helpers_path = paths
+
             if klass.superclass == ActionController::Base && ActionController::Base.include_all_helpers
               klass.helper :all
             end

data/lib/action_controller/record_identifier.rb

@@ -14,9 +14,9 @@ module ActionController
   #   <% end %>                  </div>
   #
   #   # controller
-  #   def destroy
+  #   def update
   #     post = Post.find(params[:id])
-  #     post.destroy
+  #     post.update_attributes(params[:post])
   #
   #     redirect_to(post) # Calls polymorphic_url(post) which in turn calls post_url(post)
   #   end
@@ -40,7 +40,7 @@ module ActionController
     #   dom_class(post, :edit)   # => "edit_post"
     #   dom_class(Person, :edit) # => "edit_person"
     def dom_class(record_or_class, prefix = nil)
-      singular = ActiveModel::Naming.singular(record_or_class)
+      singular = ActiveModel::Naming.param_key(record_or_class)
       prefix ? "#{prefix}#{JOIN}#{singular}" : singular
     end
 
@@ -67,7 +67,7 @@ module ActionController
     # This can be overwritten to customize the default generated string representation if desired.
     # If you need to read back a key from a dom_id in order to query for the underlying database record,
     # you should write a helper like 'person_record_from_dom_id' that will extract the key either based
-    # on the default implementation (which just joins all key attributes with '-') or on your own
+    # on the default implementation (which just joins all key attributes with '_') or on your own
     # overwritten version of the method. By default, this implementation passes the key string through a
     # method that replaces all characters that are invalid inside DOM ids, with valid ones. You need to
     # make sure yourself that your dom ids are valid, in case you overwrite this method.

data/lib/action_controller/test_case.rb

@@ -79,13 +79,28 @@ module ActionController
                 "expecting <?> but rendering with <?>",
                 options, rendered.keys.join(', '))
         assert_block(msg) do
-          if options.nil?
-            @templates.blank?
-          else
+          if options
             rendered.any? { |t,num| t.match(options) }
+          else
+            @templates.blank?
           end
         end
       when Hash
+        if expected_layout = options[:layout]
+          msg = build_message(message,
+                  "expecting layout <?> but action rendered <?>",
+                  expected_layout, @layouts.keys)
+
+          case expected_layout
+          when String
+            assert(@layouts.keys.include?(expected_layout), msg)
+          when Regexp
+            assert(@layouts.keys.any? {|l| l =~ expected_layout }, msg)
+          when nil
+            assert(@layouts.empty?, msg)
+          end
+        end
+
         if expected_partial = options[:partial]
           if expected_locals = options[:locals]
             actual_locals = @locals[expected_partial.to_s.sub(/^_/,'')]
@@ -98,19 +113,6 @@ module ActionController
                     "expecting ? to be rendered ? time(s) but rendered ? time(s)",
                      expected_partial, expected_count, actual_count)
             assert(actual_count == expected_count.to_i, msg)
-          elsif options.key?(:layout)
-            msg = build_message(message,
-                    "expecting layout <?> but action rendered <?>",
-                    expected_layout, @layouts.keys)
-
-            case layout = options[:layout]
-            when String
-              assert(@layouts.include?(expected_layout), msg)
-            when Regexp
-              assert(@layouts.any? {|l| l =~ layout }, msg)
-            when nil
-              assert(@layouts.empty?, msg)
-            end
           else
             msg = build_message(message,
                     "expecting partial <?> but action rendered <?>",
@@ -145,23 +147,17 @@ module ActionController
       extra_keys = routes.extra_keys(parameters)
       non_path_parameters = get? ? query_parameters : request_parameters
       parameters.each do |key, value|
-        if value.is_a?(Array) && (value.frozen? || value.any?(&:frozen?))
-          value = value.map{ |v| v.duplicable? ? v.dup : v }
-        elsif value.is_a?(Hash) && (value.frozen? || value.any?{ |k,v| v.frozen? })
-          value = Hash[value.map{ |k,v| [k, v.duplicable? ? v.dup : v] }]
-        elsif value.frozen? && value.duplicable?
+        if value.is_a? Fixnum
+          value = value.to_s
+        elsif value.is_a? Array
+          value = Result.new(value.map { |v| v.is_a?(String) ? v.dup : v })
+        elsif value.is_a? String
           value = value.dup
         end
 
         if extra_keys.include?(key.to_sym)
           non_path_parameters[key] = value
         else
-          if value.is_a?(Array)
-            value = Result.new(value.map(&:to_param))
-          else
-            value = value.to_param
-          end
-
           path_parameters[key.to_s] = value
         end
       end
@@ -181,10 +177,6 @@ module ActionController
     end
 
     def recycle!
-      write_cookies!
-      @env.delete('HTTP_COOKIE') if @cookies.blank?
-      @env.delete('action_dispatch.cookies')
-      @cookies = nil
       @formats = nil
       @env.delete_if { |k, v| k =~ /^(action_dispatch|rack)\.request/ }
       @env.delete_if { |k, v| k =~ /^action_dispatch\.rescue/ }
@@ -192,6 +184,14 @@ module ActionController
       @method = @request_method = nil
       @fullpath = @ip = @remote_ip = @protocol = nil
       @env['action_dispatch.request.query_parameters'] = {}
+      @set_cookies ||= {}
+      @set_cookies.update(Hash[cookie_jar.instance_variable_get("@set_cookies").map{ |k,o| [k,o[:value]] }])
+      deleted_cookies = cookie_jar.instance_variable_get("@delete_cookies")
+      @set_cookies.reject!{ |k,v| deleted_cookies.include?(k) }
+      cookie_jar.update(rack_cookies)
+      cookie_jar.update(cookies)
+      cookie_jar.update(@set_cookies)
+      cookie_jar.recycle!
     end
   end
 
@@ -212,7 +212,7 @@ module ActionController
     DEFAULT_OPTIONS = Rack::Session::Abstract::ID::DEFAULT_OPTIONS
 
     def initialize(session = {})
-      @env, @by = nil, nil
+      super(nil, nil)
       replace(session.stringify_keys)
       @loaded = true
     end
@@ -298,27 +298,26 @@ module ActionController
   #   assert_equal "Dave", cookies[:name] # makes sure that a cookie called :name was set as "Dave"
   #   assert flash.empty? # makes sure that there's nothing in the flash
   #
-  # For historic reasons, the assigns hash uses string-based keys. So assigns[:person] won't work, but assigns["person"] will. To
+  # For historic reasons, the assigns hash uses string-based keys. So <tt>assigns[:person]</tt> won't work, but <tt>assigns["person"]</tt> will. To
   # appease our yearning for symbols, though, an alternative accessor has been devised using a method call instead of index referencing.
-  # So assigns(:person) will work just like assigns["person"], but again, assigns[:person] will not work.
+  # So <tt>assigns(:person)</tt> will work just like <tt>assigns["person"]</tt>, but again, <tt>assigns[:person]</tt> will not work.
   #
-  # On top of the collections, you have the complete url that a given action redirected to available in redirect_to_url.
+  # On top of the collections, you have the complete url that a given action redirected to available in <tt>redirect_to_url</tt>.
   #
   # For redirects within the same controller, you can even call follow_redirect and the redirect will be followed, triggering another
   # action call which can then be asserted against.
   #
-  # == Manipulating the request collections
+  # == Manipulating session and cookie variables
   #
-  # The collections described above link to the response, so you can test if what the actions were expected to do happened. But
-  # sometimes you also want to manipulate these collections in the incoming request. This is really only relevant for sessions
-  # and cookies, though. For sessions, you just do:
+  # Sometimes you need to set up the session and cookie variables for a test.
+  # To do this just assign a value to the session or cookie collection:
   #
-  #   @request.session[:key] = "value"
-  #   @request.cookies[:key] = "value"
+  #   session[:key] = "value"
+  #   cookies[:key] = "value"
   #
-  # To clear the cookies for a test just clear the request's cookies hash:
+  # To clear the cookies for a test just clear the cookie collection:
   #
-  #   @request.cookies.clear
+  #   cookies.clear
   #
   # == \Testing named routes
   #
@@ -336,9 +335,21 @@ module ActionController
       module ClassMethods
 
         # Sets the controller class name. Useful if the name can't be inferred from test class.
-        # Expects +controller_class+ as a constant. Example: <tt>tests WidgetController</tt>.
+        # Normalizes +controller_class+ before using. Examples:
+        #
+        #   tests WidgetController
+        #   tests :widget
+        #   tests 'widget'
+        #
         def tests(controller_class)
-          self.controller_class = controller_class
+          case controller_class
+          when String, Symbol
+            self.controller_class = "#{controller_class.to_s.underscore}_controller".camelize.constantize
+          when Class
+            self.controller_class = controller_class
+          else
+            raise ArgumentError, "controller class must be a String, Symbol, or Class"
+          end
         end
 
         def controller_class=(new_class)
@@ -355,9 +366,7 @@ module ActionController
         end
 
         def determine_default_controller_class(name)
-          name.sub(/Test$/, '').constantize
-        rescue NameError
-          nil
+          name.sub(/Test$/, '').safe_constantize
         end
 
         def prepare_controller_class(new_class)
@@ -417,7 +426,7 @@ module ActionController
       def process(action, parameters = nil, session = nil, flash = nil, http_method = 'GET')
         # Ensure that numbers and symbols passed as params are converted to
         # proper params, as is the case when engaging rack.
-        parameters = paramify_values(parameters) if html_format?(parameters)
+        parameters = paramify_values(parameters)
 
         # Sanity check for required instance variables so we can give an
         # understandable error message.
@@ -445,15 +454,16 @@ module ActionController
 
         @request.session = ActionController::TestSession.new(session) if session
         @request.session["flash"] = @request.flash.update(flash || {})
+        @request.session["flash"].sweep
 
         @controller.request = @request
+        @controller.params.merge!(parameters)
         build_request_uri(action, parameters)
         @controller.class.class_eval { include Testing }
         @controller.recycle!
         @controller.process_with_new_base_test(@request, @response)
         @assigns = @controller.respond_to?(:view_assigns) ? @controller.view_assigns : {}
         @request.session.delete('flash') if @request.session['flash'].blank?
-        @request.cookies.merge!(@response.cookies)
         @response
       end
 
@@ -503,12 +513,6 @@ module ActionController
           @request.env["QUERY_STRING"] = query_string || ""
         end
       end
-
-      def html_format?(parameters)
-        return true unless parameters.is_a?(Hash)
-        format = Mime[parameters[:format]]
-        format.nil? || format.html?
-      end
     end
 
     # When the request.remote_addr remains the default for testing, which is 0.0.0.0, the exception is simply raised inline

data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb

@@ -66,7 +66,7 @@ module HTML
 
     # A regular expression of the valid characters used to separate protocols like
     # the ':' in 'http://foo.com'
-    self.protocol_separator     = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|%)3A/i
+    self.protocol_separator     = /:|(&#0*58)|(&#x70)|(%|%)3A/
 
     # Specifies a Set of HTML attributes that can have URIs.
     self.uri_attributes         = Set.new(%w(href src cite action longdesc xlink:href lowsrc))
@@ -104,14 +104,14 @@ module HTML
     # Specifies the default Set of allowed shorthand css properties for the #sanitize and #sanitize_css helpers.
     self.shorthand_css_properties = Set.new(%w(background border margin padding))
 
-    # Sanitizes a block of css code.  Used by #sanitize when it comes across a style attribute
+    # Sanitizes a block of css code. Used by #sanitize when it comes across a style attribute
     def sanitize_css(style)
       # disallow urls
       style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
 
       # gauntlet
-      if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ ||
-          style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/
+      if style !~ /^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*$/ ||
+          style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*$/
         return ''
       end
 
@@ -122,7 +122,7 @@ module HTML
         elsif shorthand_css_properties.include?(prop.split('-')[0].downcase)
           unless val.split().any? do |keyword|
             !allowed_css_keywords.include?(keyword) &&
-              keyword !~ /\A(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
+              keyword !~ /^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$/
           end
             clean << prop + ': ' + val + ';'
           end
@@ -171,7 +171,7 @@ module HTML
 
     def contains_bad_protocols?(attr_name, value)
       uri_attributes.include?(attr_name) &&
-      (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i && !allowed_protocols.include?(value.split(protocol_separator).first.downcase.strip))
+      (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(%|&#37;)3A/ && !allowed_protocols.include?(value.split(protocol_separator).first.downcase))
     end
   end
 end

data/lib/action_dispatch.rb

@@ -47,12 +47,16 @@ module ActionDispatch
   end
 
   autoload_under 'middleware' do
+    autoload :RequestId
     autoload :BestStandardsSupport
     autoload :Callbacks
     autoload :Cookies
+    autoload :DebugExceptions
+    autoload :ExceptionWrapper
     autoload :Flash
     autoload :Head
     autoload :ParamsParser
+    autoload :PublicExceptions
     autoload :Reloader
     autoload :RemoteIp
     autoload :Rescue
@@ -60,7 +64,6 @@ module ActionDispatch
     autoload :Static
   end
 
-  autoload :ClosedError, 'action_dispatch/middleware/closed_error'
   autoload :MiddlewareStack, 'action_dispatch/middleware/stack'
   autoload :Routing
 
@@ -82,6 +85,7 @@ module ActionDispatch
     autoload :AbstractStore, 'action_dispatch/middleware/session/abstract_store'
     autoload :CookieStore,   'action_dispatch/middleware/session/cookie_store'
     autoload :MemCacheStore, 'action_dispatch/middleware/session/mem_cache_store'
+    autoload :CacheStore,    'action_dispatch/middleware/session/cache_store'
   end
 
   autoload_under 'testing' do

data/lib/action_dispatch/http/cache.rb

@@ -4,14 +4,18 @@ module ActionDispatch
   module Http
     module Cache
       module Request
+
+        HTTP_IF_MODIFIED_SINCE = 'HTTP_IF_MODIFIED_SINCE'.freeze
+        HTTP_IF_NONE_MATCH     = 'HTTP_IF_NONE_MATCH'.freeze
+
         def if_modified_since
-          if since = env['HTTP_IF_MODIFIED_SINCE']
+          if since = env[HTTP_IF_MODIFIED_SINCE]
             Time.rfc2822(since) rescue nil
           end
         end
 
         def if_none_match
-          env['HTTP_IF_NONE_MATCH']
+          env[HTTP_IF_NONE_MATCH]
         end
 
         def not_modified?(modified_at)
@@ -43,31 +47,35 @@ module ActionDispatch
         alias :etag? :etag
 
         def last_modified
-          if last = headers['Last-Modified']
+          if last = headers[LAST_MODIFIED]
             Time.httpdate(last)
           end
         end
 
         def last_modified?
-          headers.include?('Last-Modified')
+          headers.include?(LAST_MODIFIED)
         end
 
         def last_modified=(utc_time)
-          headers['Last-Modified'] = utc_time.httpdate
+          headers[LAST_MODIFIED] = utc_time.httpdate
         end
 
         def etag=(etag)
           key = ActiveSupport::Cache.expand_cache_key(etag)
-          @etag = self["ETag"] = %("#{Digest::MD5.hexdigest(key)}")
+          @etag = self[ETAG] = %("#{Digest::MD5.hexdigest(key)}")
         end
 
       private
 
+        LAST_MODIFIED = "Last-Modified".freeze
+        ETAG          = "ETag".freeze
+        CACHE_CONTROL = "Cache-Control".freeze
+
         def prepare_cache_control!
           @cache_control = {}
-          @etag = self["ETag"]
+          @etag = self[ETAG]
 
-          if cache_control = self["Cache-Control"]
+          if cache_control = self[CACHE_CONTROL]
             cache_control.split(/,\s*/).each do |segment|
               first, last = segment.split("=")
               @cache_control[first.to_sym] = last || true
@@ -81,28 +89,32 @@ module ActionDispatch
           end
         end
 
-        DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate"
+        DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate".freeze
+        NO_CACHE              = "no-cache".freeze
+        PUBLIC                = "public".freeze
+        PRIVATE               = "private".freeze
+        MUST_REVALIDATE       = "must-revalidate".freeze
 
         def set_conditional_cache_control!
-          return if self["Cache-Control"].present?
+          return if self[CACHE_CONTROL].present?
 
           control = @cache_control
 
           if control.empty?
-            headers["Cache-Control"] = DEFAULT_CACHE_CONTROL
+            headers[CACHE_CONTROL] = DEFAULT_CACHE_CONTROL
           elsif control[:no_cache]
-            headers["Cache-Control"] = "no-cache"
+            headers[CACHE_CONTROL] = NO_CACHE
           else
             extras  = control[:extras]
             max_age = control[:max_age]
 
             options = []
             options << "max-age=#{max_age.to_i}" if max_age
-            options << (control[:public] ? "public" : "private")
-            options << "must-revalidate" if control[:must_revalidate]
+            options << (control[:public] ? PUBLIC : PRIVATE)
+            options << MUST_REVALIDATE if control[:must_revalidate]
             options.concat(extras) if extras
 
-            headers["Cache-Control"] = options.join(", ")
+            headers[CACHE_CONTROL] = options.join(", ")
           end
         end
       end