actionpack 3.1.12 → 3.2.0.rc1

data/lib/action_dispatch/http/filter_parameters.rb

@@ -26,6 +26,8 @@ module ActionDispatch
     module FilterParameters
       extend ActiveSupport::Concern
 
+      @@parameter_filter_for  = {}
+
       # Return a hash of parameters with all sensitive data replaced.
       def filtered_parameters
         @filtered_parameters ||= parameter_filter.filter(parameters)
@@ -52,7 +54,7 @@ module ActionDispatch
       end
 
       def parameter_filter_for(filters)
-        ParameterFilter.new(filters)
+        @@parameter_filter_for[filters] ||= ParameterFilter.new(filters)
       end
 
       KV_RE   = '[^&;=]+'

data/lib/action_dispatch/http/headers.rb

@@ -1,11 +1,10 @@
-require 'active_support/memoizable'
-
 module ActionDispatch
   module Http
     class Headers < ::Hash
-      extend ActiveSupport::Memoizable
+      @@env_cache = Hash.new { |h,k| h[k] = "HTTP_#{k.upcase.gsub(/-/, '_')}" }
 
       def initialize(*args)
+
         if args.size == 1 && args[0].is_a?(Hash)
           super()
           update(args[0])
@@ -25,9 +24,8 @@ module ActionDispatch
       private
         # Converts a HTTP header name to an environment variable name.
         def env_name(header_name)
-          "HTTP_#{header_name.upcase.gsub(/-/, '_')}"
+          @@env_cache[header_name]
         end
-        memoize :env_name
     end
   end
 end

data/lib/action_dispatch/http/mime_negotiation.rb

@@ -98,7 +98,8 @@ module ActionDispatch
       BROWSER_LIKE_ACCEPTS = /,\s*\*\/\*|\*\/\*\s*,/
 
       def valid_accept_header
-        xhr? || (accept && accept !~ BROWSER_LIKE_ACCEPTS)
+        (xhr? && (accept || content_mime_type)) ||
+          (accept && accept !~ BROWSER_LIKE_ACCEPTS)
       end
 
       def use_accept_header

data/lib/action_dispatch/http/mime_type.rb

@@ -47,7 +47,7 @@ module Mime
     cattr_reader :html_types
 
     # These are the content types which browsers can generate without using ajax, flash, etc
-    # i.e. following a link, getting an image or posting a form.  CSRF protection
+    # i.e. following a link, getting an image or posting a form. CSRF protection
     # only needs to protect against these types.
     @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
     cattr_reader :browser_generated_types
@@ -103,7 +103,7 @@ module Mime
         SET << Mime.const_get(symbol.to_s.upcase)
 
         ([string] + mime_type_synonyms).each { |str| LOOKUP[str] = SET.last } unless skip_lookup
-        ([symbol.to_s] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext] = SET.last }
+        ([symbol] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext.to_s] = SET.last }
       end
 
       def parse(accept_header)
@@ -246,7 +246,7 @@ module Mime
       end
     end
 
-    # Returns true if Action Pack should check requests using this Mime Type for possible request forgery.  See
+    # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See
     # ActionController::RequestForgeryProtection.
     def verify_request?
       @@browser_generated_types.include?(to_sym)
@@ -256,6 +256,10 @@ module Mime
       @@html_types.include?(to_sym) || @string =~ /html/
     end
 
+    def respond_to?(method, include_private = false) #:nodoc:
+      super || method.to_s =~ /(\w+)\?$/
+    end
+
     private
       def method_missing(method, *args)
         if method.to_s =~ /(\w+)\?$/

data/lib/action_dispatch/http/mime_types.rb

@@ -7,6 +7,15 @@ Mime::Type.register "text/javascript", :js, %w( application/javascript applicati
 Mime::Type.register "text/css", :css
 Mime::Type.register "text/calendar", :ics
 Mime::Type.register "text/csv", :csv
+
+Mime::Type.register "image/png", :png, [], %w(png)
+Mime::Type.register "image/jpeg", :jpeg, [], %w(jpg jpeg jpe)
+Mime::Type.register "image/gif", :gif, [], %w(gif)
+Mime::Type.register "image/bmp", :bmp, [], %w(bmp)
+Mime::Type.register "image/tiff", :tiff, [], %w(tif tiff)
+
+Mime::Type.register "video/mpeg", :mpeg, [], %w(mpg mpeg mpe)
+
 Mime::Type.register "application/xml", :xml, %w( text/xml application/x-xml )
 Mime::Type.register "application/rss+xml", :rss
 Mime::Type.register "application/atom+xml", :atom
@@ -19,5 +28,8 @@ Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form
 # http://www.json.org/JSONRequest.html
 Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest )
 
+Mime::Type.register "application/pdf", :pdf, [], %w(pdf)
+Mime::Type.register "application/zip", :zip, [], %w(zip)
+
 # Create Mime::ALL but do not add it to the SET.
 Mime::ALL = Mime::Type.new("*/*", :all, [])

data/lib/action_dispatch/http/parameter_filter.rb

@@ -20,6 +20,8 @@ module ActionDispatch
         @filters.present?
       end
 
+      FILTERED = '[FILTERED]'.freeze
+
       def compiled_filter
         @compiled_filter ||= begin
           regexps, blocks = compile_filter
@@ -29,7 +31,7 @@ module ActionDispatch
 
             original_params.each do |key, value|
               if regexps.find { |r| key =~ r }
-                value = '[FILTERED]'
+                value = FILTERED
               elsif value.is_a?(Hash)
                 value = filter(value)
               elsif value.is_a?(Array)

data/lib/action_dispatch/http/parameters.rb

@@ -35,10 +35,6 @@ module ActionDispatch
         @env["action_dispatch.request.path_parameters"] ||= {}
       end
 
-      def reset_parameters #:nodoc:
-        @env.delete("action_dispatch.request.parameters")
-      end
-
     private
 
       # TODO: Validate that the characters are UTF-8. If they aren't,

data/lib/action_dispatch/http/request.rb

@@ -2,11 +2,11 @@ require 'tempfile'
 require 'stringio'
 require 'strscan'
 
-require 'active_support/core_ext/module/deprecation'
 require 'active_support/core_ext/hash/indifferent_access'
 require 'active_support/core_ext/string/access'
 require 'active_support/inflector'
 require 'action_dispatch/http/headers'
+require 'action_controller/metal/exceptions'
 
 module ActionDispatch
   class Request < Rack::Request
@@ -26,7 +26,7 @@ module ActionDispatch
         HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING
         HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM
         HTTP_NEGOTIATE HTTP_PRAGMA ].freeze
-      
+
     ENV_METHODS.each do |env|
       class_eval <<-METHOD, __FILE__, __LINE__ + 1
         def #{env.sub(/^HTTP_/n, '').downcase}  # def accept_charset
@@ -35,14 +35,6 @@ module ActionDispatch
       METHOD
     end
 
-    def self.new(env)
-      if request = env["action_dispatch.request"] && request.instance_of?(self)
-        return request
-      end
-
-      super
-    end
-
     def key?(key)
       @env.key?(key)
     end
@@ -94,31 +86,31 @@ module ActionDispatch
     end
 
     # Is this a GET (or HEAD) request?
-    # Equivalent to <tt>request.request_method == :get</tt>.
+    # Equivalent to <tt>request.request_method_symbol == :get</tt>.
     def get?
       HTTP_METHOD_LOOKUP[request_method] == :get
     end
 
     # Is this a POST request?
-    # Equivalent to <tt>request.request_method == :post</tt>.
+    # Equivalent to <tt>request.request_method_symbol == :post</tt>.
     def post?
       HTTP_METHOD_LOOKUP[request_method] == :post
     end
 
     # Is this a PUT request?
-    # Equivalent to <tt>request.request_method == :put</tt>.
+    # Equivalent to <tt>request.request_method_symbol == :put</tt>.
     def put?
       HTTP_METHOD_LOOKUP[request_method] == :put
     end
 
     # Is this a DELETE request?
-    # Equivalent to <tt>request.request_method == :delete</tt>.
+    # Equivalent to <tt>request.request_method_symbol == :delete</tt>.
     def delete?
       HTTP_METHOD_LOOKUP[request_method] == :delete
     end
 
     # Is this a HEAD request?
-    # Equivalent to <tt>request.method == :head</tt>.
+    # Equivalent to <tt>request.method_symbol == :head</tt>.
     def head?
       HTTP_METHOD_LOOKUP[method] == :head
     end
@@ -130,23 +122,10 @@ module ActionDispatch
       Http::Headers.new(@env)
     end
 
-    def original_fullpath
-      @original_fullpath ||= (env["ORIGINAL_FULLPATH"] || fullpath)
-    end
-
     def fullpath
       @fullpath ||= super
     end
 
-    def original_url
-      base_url + original_fullpath
-    end
-
-    def forgery_whitelisted?
-      get?
-    end
-    deprecate :forgery_whitelisted? => "it is just an alias for 'get?' now, update your code"
-
     def media_type
       content_mime_type.to_s
     end
@@ -168,28 +147,21 @@ module ActionDispatch
       @ip ||= super
     end
 
-    # Which IP addresses are "trusted proxies" that can be stripped from
-    # the right-hand-side of X-Forwarded-For.
-    #
-    # http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces.
-    TRUSTED_PROXIES = %r{
-      ^127\.0\.0\.1$                | # localhost
-      ^(10                          | # private IP 10.x.x.x
-        172\.(1[6-9]|2[0-9]|3[0-1]) | # private IP in the range 172.16.0.0 .. 172.31.255.255
-        192\.168                      # private IP 192.168.x.x
-       )\.
-    }x
-
-    # Determines originating IP address.  REMOTE_ADDR is the standard
-    # but will fail if the user is behind a proxy.  HTTP_CLIENT_IP and/or
-    # HTTP_X_FORWARDED_FOR are set by proxies so check for these if
-    # REMOTE_ADDR is a proxy.  HTTP_X_FORWARDED_FOR may be a comma-
-    # delimited list in the case of multiple chained proxies; the last
-    # address which is not trusted is the originating IP.
+    # Originating IP address, usually set by the RemoteIp middleware.
     def remote_ip
       @remote_ip ||= (@env["action_dispatch.remote_ip"] || ip).to_s
     end
 
+    # Returns the unique request id, which is based off either the X-Request-Id header that can
+    # be generated by a firewall, load balancer, or web server or by the RequestId middleware
+    # (which sets the action_dispatch.request_id environment variable).
+    #
+    # This unique ID is useful for tracing a request from end-to-end as part of logging or debugging.
+    # This relies on the rack variable set by the ActionDispatch::RequestId middleware.
+    def uuid
+      @uuid ||= env["action_dispatch.request_id"]
+    end
+
     # Returns the lowercase name of the HTTP server software.
     def server_software
       (@env['SERVER_SOFTWARE'] && /^([a-zA-Z]+)/ =~ @env['SERVER_SOFTWARE']) ? $1.downcase : nil
@@ -267,28 +239,6 @@ module ActionDispatch
       LOCALHOST.any? { |local_ip| local_ip === remote_addr && local_ip === remote_ip }
     end
 
-    # Remove nils from the params hash
-    def deep_munge(hash)
-      hash.each do |k, v|
-        case v
-        when Array
-          v.grep(Hash) { |x| deep_munge(x) }
-          v.compact!
-          hash[k] = nil if v.empty?
-        when Hash
-          deep_munge(v)
-        end
-      end
-
-      hash
-    end
-
-    protected
-
-    def parse_query(qs)
-      deep_munge(super)
-    end
-
     private
 
     def check_method(name)

data/lib/action_dispatch/http/response.rb

@@ -53,8 +53,10 @@ module ActionDispatch # :nodoc:
     # information.
     attr_accessor :charset, :content_type
 
-    CONTENT_TYPE = "Content-Type"
-
+    CONTENT_TYPE = "Content-Type".freeze
+    SET_COOKIE   = "Set-Cookie".freeze
+    LOCATION     = "Location".freeze
+ 
     cattr_accessor(:default_charset) { "utf-8" }
 
     include Rack::Response::Helpers
@@ -66,10 +68,10 @@ module ActionDispatch # :nodoc:
       @sending_file = false
       @blank = false
 
-      if content_type = self["Content-Type"]
+      if content_type = self[CONTENT_TYPE]
         type, charset = content_type.split(/;\s*charset=/)
         @content_type = Mime::Type.lookup(type)
-        @charset = charset || "UTF-8"
+        @charset = charset || self.class.default_charset
       end
 
       prepare_cache_control!
@@ -116,32 +118,9 @@ module ActionDispatch # :nodoc:
 
     EMPTY = " "
 
-    class BodyBuster #:nodoc:
-      def initialize(response)
-        @response = response
-        @body = ""
-      end
-
-      def bust(body)
-        body.call(@response, self)
-        body.close if body.respond_to?(:close)
-        @body
-      end
-
-      def write(string)
-        @body << string.to_s
-      end
-    end
-
     def body=(body)
       @blank = true if body == EMPTY
 
-      if body.respond_to?(:call)
-        ActiveSupport::Deprecation.warn "Setting a Proc or an object that responds to call " \
-          "in response_body is no longer supported", caller
-        body = BodyBuster.new(self).bust(body)
-      end
-
       # Explicitly check for strings. This is *wrong* theoretically
       # but if we don't check this, the performance on string bodies
       # is bad on Ruby 1.8 (because strings responds to each then).
@@ -165,12 +144,12 @@ module ActionDispatch # :nodoc:
     end
 
     def location
-      headers['Location']
+      headers[LOCATION]
     end
     alias_method :redirect_url, :location
 
     def location=(url)
-      headers['Location'] = url
+      headers[LOCATION] = url
     end
 
     def close
@@ -181,10 +160,10 @@ module ActionDispatch # :nodoc:
       assign_default_content_type_and_charset!
       handle_conditional_get!
 
-      @header["Set-Cookie"] = @header["Set-Cookie"].join("\n") if @header["Set-Cookie"].respond_to?(:join)
+      @header[SET_COOKIE] = @header[SET_COOKIE].join("\n") if @header[SET_COOKIE].respond_to?(:join)
 
       if [204, 304].include?(@status)
-        @header.delete "Content-Type"
+        @header.delete CONTENT_TYPE
         [@status, @header, []]
       else
         [@status, @header, self]
@@ -198,7 +177,7 @@ module ActionDispatch # :nodoc:
     #   assert_equal 'AuthorOfNewPage', r.cookies['author']
     def cookies
       cookies = {}
-      if header = self["Set-Cookie"]
+      if header = self[SET_COOKIE]
         header = header.split("\n") if header.respond_to?(:to_str)
         header.each do |cookie|
           if pair = cookie.split(';').first

data/lib/action_dispatch/http/upload.rb

@@ -11,24 +11,13 @@ module ActionDispatch
         raise(ArgumentError, ':tempfile is required') unless @tempfile
       end
 
-      def open
-        @tempfile.open
-      end
-
-      def path
-        @tempfile.path
-      end
-
       def read(*args)
         @tempfile.read(*args)
       end
 
-      def rewind
-        @tempfile.rewind
-      end
-
-      def size
-        @tempfile.size
+      # Delegate these methods to the tempfile.
+      [:open, :path, :rewind, :size].each do |method|
+        class_eval "def #{method}; @tempfile.#{method}; end"
       end
       
       private

data/lib/action_dispatch/http/url.rb

@@ -45,7 +45,7 @@ module ActionDispatch
 
           rewritten_url << (options[:trailing_slash] ? path.sub(/\?|\z/) { "/" + $& } : path)
           rewritten_url << "?#{params.to_query}" unless params.empty?
-          rewritten_url << "##{Rack::Mount::Utils.escape_uri(options[:anchor].to_param.to_s)}" if options[:anchor]
+          rewritten_url << "##{Journey::Router::Utils.escape_fragment(options[:anchor].to_param.to_s)}" if options[:anchor]
           rewritten_url
         end
 

data/lib/action_dispatch/middleware/callbacks.rb

@@ -19,8 +19,7 @@ module ActionDispatch
       set_callback(:call, :after, *args, &block)
     end
 
-    def initialize(app, unused = nil)
-      ActiveSupport::Deprecation.warn "Passing a second argument to ActionDispatch::Callbacks.new is deprecated." unless unused.nil?
+    def initialize(app)
       @app = app
     end