actionpack 3.2.19 → 4.2.11.3

data/lib/action_dispatch/http/mime_type.rb

@@ -1,11 +1,12 @@
 require 'set'
-require 'active_support/core_ext/class/attribute_accessors'
-require 'active_support/core_ext/object/blank'
+require 'singleton'
+require 'active_support/core_ext/module/attribute_accessors'
+require 'active_support/core_ext/string/starts_ends_with'
 
 module Mime
   class Mimes < Array
     def symbols
-      @symbols ||= map {|m| m.to_sym }
+      @symbols ||= map { |m| m.to_sym }
     end
 
     %w(<< concat shift unshift push pop []= clear compact! collect!
@@ -22,11 +23,18 @@ module Mime
 
   SET              = Mimes.new
   EXTENSION_LOOKUP = {}
-  LOOKUP           = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
+  LOOKUP           = {}
 
-  def self.[](type)
-    return type if type.is_a?(Type)
-    Type.lookup_by_extension(type.to_s)
+  class << self
+    def [](type)
+      return type if type.is_a?(Type)
+      Type.lookup_by_extension(type)
+    end
+
+    def fetch(type)
+      return type if type.is_a?(Type)
+      EXTENSION_LOOKUP.fetch(type.to_s) { |k| yield k }
+    end
   end
 
   # Encapsulates the notion of a mime type. Can be used at render time, for example, with:
@@ -37,8 +45,8 @@ module Mime
   #
   #       respond_to do |format|
   #         format.html
-  #         format.ics { render :text => post.to_ics, :mime_type => Mime::Type["text/calendar"]  }
-  #         format.xml { render :xml => @people.to_xml }
+  #         format.ics { render text: @post.to_ics, mime_type: Mime::Type["text/calendar"]  }
+  #         format.xml { render xml: @post }
   #       end
   #     end
   #   end
@@ -46,46 +54,99 @@ module Mime
     @@html_types = Set.new [:html, :all]
     cattr_reader :html_types
 
-    # These are the content types which browsers can generate without using ajax, flash, etc
-    # i.e. following a link, getting an image or posting a form. CSRF protection
-    # only needs to protect against these types.
-    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
-    cattr_reader :browser_generated_types
     attr_reader :symbol
 
+    @register_callbacks = []
+
     # A simple helper class used in parsing the accept header
     class AcceptItem #:nodoc:
-      attr_accessor :order, :name, :q
+      attr_accessor :index, :name, :q
+      alias :to_s :name
 
-      def initialize(order, name, q=nil)
-        @order = order
-        @name = name.strip
-        q ||= 0.0 if @name == Mime::ALL # default wildcard match to end of list
+      def initialize(index, name, q = nil)
+        @index = index
+        @name = name
+        q ||= 0.0 if @name == Mime::ALL.to_s # default wildcard match to end of list
         @q = ((q || 1.0).to_f * 100).to_i
       end
 
-      def to_s
-        @name
-      end
-
       def <=>(item)
-        result = item.q <=> q
-        result = order <=> item.order if result == 0
+        result = item.q <=> @q
+        result = @index <=> item.index if result == 0
         result
       end
 
       def ==(item)
-        name == (item.respond_to?(:name) ? item.name : item)
+        @name == item.to_s
       end
     end
 
-    class << self
+    class AcceptList < Array #:nodoc:
+      def assort!
+        sort!
+
+        # Take care of the broken text/xml entry by renaming or deleting it
+        if text_xml_idx && app_xml_idx
+          app_xml.q = [text_xml.q, app_xml.q].max # set the q value to the max of the two
+          exchange_xml_items if app_xml_idx > text_xml_idx  # make sure app_xml is ahead of text_xml in the list
+          delete_at(text_xml_idx)                 # delete text_xml from the list
+        elsif text_xml_idx
+          text_xml.name = Mime::XML.to_s
+        end
+
+        # Look for more specific XML-based types and sort them ahead of app/xml
+        if app_xml_idx
+          idx = app_xml_idx
+
+          while idx < length
+            type = self[idx]
+            break if type.q < app_xml.q
+
+            if type.name.ends_with? '+xml'
+              self[app_xml_idx], self[idx] = self[idx], app_xml
+              @app_xml_idx = idx
+            end
+            idx += 1
+          end
+        end
+
+        map! { |i| Mime::Type.lookup(i.name) }.uniq!
+        to_a
+      end
+
+      private
+        def text_xml_idx
+          @text_xml_idx ||= index('text/xml')
+        end
+
+        def app_xml_idx
+          @app_xml_idx ||= index(Mime::XML.to_s)
+        end
 
+        def text_xml
+          self[text_xml_idx]
+        end
+
+        def app_xml
+          self[app_xml_idx]
+        end
+
+        def exchange_xml_items
+          self[app_xml_idx], self[text_xml_idx] = text_xml, app_xml
+          @app_xml_idx, @text_xml_idx = text_xml_idx, app_xml_idx
+        end
+    end
+
+    class << self
       TRAILING_STAR_REGEXP = /(text|application)\/\*/
-      Q_SEPARATOR_REGEXP = /;\s*q=/
+      PARAMETER_SEPARATOR_REGEXP = /;\s*\w+="?\w+"?/
+
+      def register_callback(&block)
+        @register_callbacks << block
+      end
 
       def lookup(string)
-        LOOKUP[string]
+        LOOKUP[string] || Type.new(string)
       end
 
       def lookup_by_extension(extension)
@@ -99,91 +160,51 @@ module Mime
       end
 
       def register(string, symbol, mime_type_synonyms = [], extension_synonyms = [], skip_lookup = false)
-        Mime.const_set(symbol.to_s.upcase, Type.new(string, symbol, mime_type_synonyms))
+        Mime.const_set(symbol.upcase, Type.new(string, symbol, mime_type_synonyms))
 
-        SET << Mime.const_get(symbol.to_s.upcase)
+        new_mime = Mime.const_get(symbol.upcase)
+        SET << new_mime
 
         ([string] + mime_type_synonyms).each { |str| LOOKUP[str] = SET.last } unless skip_lookup
         ([symbol] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext.to_s] = SET.last }
+
+        @register_callbacks.each do |callback|
+          callback.call(new_mime)
+        end
       end
 
       def parse(accept_header)
-        if accept_header !~ /,/
-          accept_header = accept_header.split(Q_SEPARATOR_REGEXP).first
-          if accept_header =~ TRAILING_STAR_REGEXP
-            parse_data_with_trailing_star($1)
-          else
-            [Mime::Type.lookup(accept_header)]
-          end
+        if !accept_header.include?(',')
+          accept_header = accept_header.split(PARAMETER_SEPARATOR_REGEXP).first
+          parse_trailing_star(accept_header) || [Mime::Type.lookup(accept_header)].compact
         else
-          # keep track of creation order to keep the subsequent sort stable
-          list, index = [], 0
-          accept_header.split(/,/).each do |header|
-            params, q = header.split(Q_SEPARATOR_REGEXP)
+          list, index = AcceptList.new, 0
+          accept_header.split(',').each do |header|
+            params, q = header.split(PARAMETER_SEPARATOR_REGEXP)
             if params.present?
               params.strip!
 
-              if params =~ TRAILING_STAR_REGEXP
-                parse_data_with_trailing_star($1).each do |m|
-                  list << AcceptItem.new(index, m.to_s, q)
-                  index += 1
-                end
-              else
-                list << AcceptItem.new(index, params, q)
-                index += 1
-              end
-            end
-          end
-          list.sort!
-
-          # Take care of the broken text/xml entry by renaming or deleting it
-          text_xml = list.index("text/xml")
-          app_xml = list.index(Mime::XML.to_s)
-
-          if text_xml && app_xml
-            # set the q value to the max of the two
-            list[app_xml].q = [list[text_xml].q, list[app_xml].q].max
+              params = parse_trailing_star(params) || [params]
 
-            # make sure app_xml is ahead of text_xml in the list
-            if app_xml > text_xml
-              list[app_xml], list[text_xml] = list[text_xml], list[app_xml]
-              app_xml, text_xml = text_xml, app_xml
-            end
-
-            # delete text_xml from the list
-            list.delete_at(text_xml)
-
-          elsif text_xml
-            list[text_xml].name = Mime::XML.to_s
-          end
-
-          # Look for more specific XML-based types and sort them ahead of app/xml
-
-          if app_xml
-            idx = app_xml
-            app_xml_type = list[app_xml]
-
-            while(idx < list.length)
-              type = list[idx]
-              break if type.q < app_xml_type.q
-              if type.name =~ /\+xml$/
-                list[app_xml], list[idx] = list[idx], list[app_xml]
-                app_xml = idx
+              params.each do |m|
+                list << AcceptItem.new(index, m.to_s, q)
+                index += 1
               end
-              idx += 1
             end
           end
-
-          list.map! { |i| Mime::Type.lookup(i.name) }.uniq!
-          list
+          list.assort!
         end
       end
 
-      # input: 'text'
-      # returned value:  [Mime::JSON, Mime::XML, Mime::ICS, Mime::HTML, Mime::CSS, Mime::CSV, Mime::JS, Mime::YAML, Mime::TEXT]
+      def parse_trailing_star(accept_header)
+        parse_data_with_trailing_star($1) if accept_header =~ TRAILING_STAR_REGEXP
+      end
+
+      # For an input of <tt>'text'</tt>, returns <tt>[Mime::JSON, Mime::XML, Mime::ICS,
+      # Mime::HTML, Mime::CSS, Mime::CSV, Mime::JS, Mime::YAML, Mime::TEXT]</tt>.
       #
-      # input: 'application'
-      # returned value: [Mime::HTML, Mime::JS, Mime::XML, Mime::YAML, Mime::ATOM, Mime::JSON, Mime::RSS, Mime::URL_ENCODED_FORM]
+      # For an input of <tt>'application'</tt>, returns <tt>[Mime::HTML, Mime::JS,
+      # Mime::XML, Mime::YAML, Mime::ATOM, Mime::JSON, Mime::RSS, Mime::URL_ENCODED_FORM]</tt>.
       def parse_data_with_trailing_star(input)
         Mime::SET.select { |m| m =~ input }
       end
@@ -192,21 +213,24 @@ module Mime
       #
       # Usage:
       #
-      # Mime::Type.unregister(:mobile)
+      #   Mime::Type.unregister(:mobile)
       def unregister(symbol)
-        symbol = symbol.to_s.upcase
+        symbol = symbol.upcase
         mime = Mime.const_get(symbol)
         Mime.instance_eval { remove_const(symbol) }
 
         SET.delete_if { |v| v.eql?(mime) }
-        LOOKUP.delete_if { |k,v| v.eql?(mime) }
-        EXTENSION_LOOKUP.delete_if { |k,v| v.eql?(mime) }
+        LOOKUP.delete_if { |_,v| v.eql?(mime) }
+        EXTENSION_LOOKUP.delete_if { |_,v| v.eql?(mime) }
       end
     end
 
+    attr_reader :hash
+
     def initialize(string, symbol = nil, synonyms = [])
       @symbol, @synonyms = symbol, synonyms
       @string = string
+      @hash = [@string, @synonyms, @symbol].hash
     end
 
     def to_s
@@ -240,6 +264,13 @@ module Mime
       end
     end
 
+    def eql?(other)
+      super || (self.class == other.class &&
+                @string    == other.string &&
+                @synonyms  == other.synonyms &&
+                @symbol    == other.symbol)
+    end
+
     def =~(mime_type)
       return false if mime_type.blank?
       regexp = Regexp.new(Regexp.quote(mime_type.to_s))
@@ -248,28 +279,50 @@ module Mime
       end
     end
 
-    # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See
-    # ActionController::RequestForgeryProtection.
-    def verify_request?
-      @@browser_generated_types.include?(to_sym)
-    end
-
     def html?
       @@html_types.include?(to_sym) || @string =~ /html/
     end
 
-    def respond_to?(method, include_private = false) #:nodoc:
-      super || method.to_s =~ /(\w+)\?$/
-    end
+
+    protected
+
+    attr_reader :string, :synonyms
 
     private
-      def method_missing(method, *args)
-        if method.to_s =~ /(\w+)\?$/
-          $1.downcase.to_sym == to_sym
-        else
-          super
-        end
+
+    def to_ary; end
+    def to_a; end
+
+    def method_missing(method, *args)
+      if method.to_s.ends_with? '?'
+        method[0..-2].downcase.to_sym == to_sym
+      else
+        super
       end
+    end
+
+    def respond_to_missing?(method, include_private = false) #:nodoc:
+      method.to_s.ends_with? '?'
+    end
+  end
+
+  class NullType
+    include Singleton
+
+    def nil?
+      true
+    end
+
+    def ref; end
+
+    def respond_to_missing?(method, include_private = false)
+      method.to_s.ends_with? '?'
+    end
+
+    private
+    def method_missing(method, *args)
+      false if method.to_s.ends_with? '?'
+    end
   end
 end
 

data/lib/action_dispatch/http/mime_types.rb

@@ -7,9 +7,10 @@ Mime::Type.register "text/javascript", :js, %w( application/javascript applicati
 Mime::Type.register "text/css", :css
 Mime::Type.register "text/calendar", :ics
 Mime::Type.register "text/csv", :csv
+Mime::Type.register "text/vcard", :vcf
 
 Mime::Type.register "image/png", :png, [], %w(png)
-Mime::Type.register "image/jpeg", :jpeg, [], %w(jpg jpeg jpe)
+Mime::Type.register "image/jpeg", :jpeg, [], %w(jpg jpeg jpe pjpeg)
 Mime::Type.register "image/gif", :gif, [], %w(gif)
 Mime::Type.register "image/bmp", :bmp, [], %w(bmp)
 Mime::Type.register "image/tiff", :tiff, [], %w(tif tiff)

data/lib/action_dispatch/http/parameter_filter.rb

@@ -1,74 +1,72 @@
 module ActionDispatch
   module Http
     class ParameterFilter
+      FILTERED = '[FILTERED]'.freeze # :nodoc:
 
-      def initialize(filters)
+      def initialize(filters = [])
         @filters = filters
       end
 
       def filter(params)
-        if enabled?
-          compiled_filter.call(params)
-        else
-          params.dup
-        end
+        compiled_filter.call(params)
       end
 
     private
 
-      def enabled?
-        @filters.present?
+      def compiled_filter
+        @compiled_filter ||= CompiledFilter.compile(@filters)
       end
 
-      FILTERED = '[FILTERED]'.freeze
+      class CompiledFilter # :nodoc:
+        def self.compile(filters)
+          return lambda { |params| params.dup } if filters.empty?
 
-      def compiled_filter
-        @compiled_filter ||= begin
-          regexps, blocks = compile_filter
+          strings, regexps, blocks = [], [], []
 
-          lambda do |original_params|
-            filtered_params = {}
+          filters.each do |item|
+            case item
+            when Proc
+              blocks << item
+            when Regexp
+              regexps << item
+            else
+              strings << item.to_s
+            end
+          end
 
-            original_params.each do |key, value|
-              if regexps.find { |r| key =~ r }
-                value = FILTERED
-              elsif value.is_a?(Hash)
-                value = filter(value)
-              elsif value.is_a?(Array)
-                value = value.map { |v| v.is_a?(Hash) ? filter(v) : v }
-              elsif blocks.present?
-                key = key.dup
-                value = value.dup if value.duplicable?
-                blocks.each { |b| b.call(key, value) }
-              end
+          regexps << Regexp.new(strings.join('|'), true) unless strings.empty?
+          new regexps, blocks
+        end
 
-              filtered_params[key] = value
-            end
+        attr_reader :regexps, :blocks
 
-            filtered_params
-          end
+        def initialize(regexps, blocks)
+          @regexps = regexps
+          @blocks  = blocks
         end
-      end
 
-      def compile_filter
-        strings, regexps, blocks = [], [], []
+        def call(original_params)
+          filtered_params = {}
+
+          original_params.each do |key, value|
+            if regexps.any? { |r| key =~ r }
+              value = FILTERED
+            elsif value.is_a?(Hash)
+              value = call(value)
+            elsif value.is_a?(Array)
+              value = value.map { |v| v.is_a?(Hash) ? call(v) : v }
+            elsif blocks.any?
+              key = key.dup if key.duplicable?
+              value = value.dup if value.duplicable?
+              blocks.each { |b| b.call(key, value) }
+            end
 
-        @filters.each do |item|
-          case item
-          when NilClass
-          when Proc
-            blocks << item
-          when Regexp
-            regexps << item
-          else
-            strings << item.to_s
+            filtered_params[key] = value
           end
-        end
 
-        regexps << Regexp.new(strings.join('|'), true) unless strings.empty?
-        [regexps, blocks]
+          filtered_params
+        end
       end
-
     end
   end
 end

data/lib/action_dispatch/http/parameters.rb

@@ -1,81 +1,65 @@
 require 'active_support/core_ext/hash/keys'
 require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/deprecation'
 
 module ActionDispatch
   module Http
     module Parameters
+      PARAMETERS_KEY = 'action_dispatch.request.path_parameters'
+
       # Returns both GET and POST \parameters in a single hash.
       def parameters
         @env["action_dispatch.request.parameters"] ||= begin
-          params = request_parameters.merge(query_parameters)
+          params = begin
+            request_parameters.merge(query_parameters)
+          rescue EOFError
+            query_parameters.dup
+          end
           params.merge!(path_parameters)
-          encode_params(params).with_indifferent_access
         end
       end
       alias :params :parameters
 
       def path_parameters=(parameters) #:nodoc:
-        @symbolized_path_params = nil
-        @env.delete("action_dispatch.request.parameters")
-        @env["action_dispatch.request.path_parameters"] = parameters
+        @env.delete('action_dispatch.request.parameters')
+        @env[PARAMETERS_KEY] = parameters
       end
 
-      # The same as <tt>path_parameters</tt> with explicitly symbolized keys.
       def symbolized_path_parameters
-        @symbolized_path_params ||= path_parameters.symbolize_keys
+        ActiveSupport::Deprecation.warn(
+          '`symbolized_path_parameters` is deprecated. Please use `path_parameters`.'
+        )
+        path_parameters
       end
 
       # Returns a hash with the \parameters used to form the \path of the request.
       # Returned hash keys are strings:
       #
       #   {'action' => 'my_action', 'controller' => 'my_controller'}
-      #
-      # See <tt>symbolized_path_parameters</tt> for symbolized keys.
       def path_parameters
-        @env["action_dispatch.request.path_parameters"] ||= {}
-      end
-
-      def reset_parameters #:nodoc:
-        @env.delete("action_dispatch.request.parameters")
+        @env[PARAMETERS_KEY] ||= {}
       end
 
     private
 
-      # TODO: Validate that the characters are UTF-8. If they aren't,
-      # you'll get a weird error down the road, but our form handling
-      # should really prevent that from happening
-      def encode_params(params)
-        return params unless "ruby".encoding_aware?
-
-        if params.is_a?(String)
-          return params.force_encoding("UTF-8").encode!
-        elsif !params.is_a?(Hash)
-          return params
-        end
-
-        params.each do |k, v|
-          case v
-          when Hash
-            encode_params(v)
-          when Array
-            v.map! {|el| encode_params(el) }
+      # Convert nested Hash to HashWithIndifferentAccess.
+      #
+      def normalize_encode_params(params)
+        case params
+        when Hash
+          if params.has_key?(:tempfile)
+            UploadedFile.new(params)
           else
-            encode_params(v)
+            params.each_with_object({}) do |(key, val), new_hash|
+              new_hash[key] = if val.is_a?(Array)
+                val.map! { |el| normalize_encode_params(el) }
+              else
+                normalize_encode_params(val)
+              end
+            end.with_indifferent_access
           end
-        end
-      end
-
-      # Convert nested Hash to HashWithIndifferentAccess
-      def normalize_parameters(value)
-        case value
-        when Hash
-          h = {}
-          value.each { |k, v| h[k] = normalize_parameters(v) }
-          h.with_indifferent_access
-        when Array
-          value.map { |e| normalize_parameters(e) }
         else
-          value
+          params
         end
       end
     end

data/lib/action_dispatch/http/rack_cache.rb

@@ -8,8 +8,7 @@ module ActionDispatch
       new
     end
 
-    # TODO: Finally deal with the RAILS_CACHE global
-    def initialize(store = RAILS_CACHE)
+    def initialize(store = Rails.cache)
       @store = store
     end
 
@@ -33,7 +32,7 @@ module ActionDispatch
       new
     end
 
-    def initialize(store = RAILS_CACHE)
+    def initialize(store = Rails.cache)
       @store = store
     end