actionpack 3.2.19 → 4.2.11.3

data/lib/action_dispatch/middleware/debug_exceptions.rb

@@ -1,30 +1,30 @@
 require 'action_dispatch/http/request'
 require 'action_dispatch/middleware/exception_wrapper'
+require 'action_dispatch/routing/inspector'
 
 module ActionDispatch
   # This middleware is responsible for logging exceptions and
   # showing a debugging page in case the request is local.
   class DebugExceptions
-    RESCUES_TEMPLATE_PATH = File.join(File.dirname(__FILE__), 'templates')
+    RESCUES_TEMPLATE_PATH = File.expand_path('../templates', __FILE__)
 
-    def initialize(app)
-      @app = app
+    def initialize(app, routes_app = nil)
+      @app        = app
+      @routes_app = routes_app
     end
 
     def call(env)
-      begin
-        response = @app.call(env)
+      _, headers, body = response = @app.call(env)
 
-        if response[1]['X-Cascade'] == 'pass'
-          body = response[2]
-          body.close if body.respond_to?(:close)
-          raise ActionController::RoutingError, "No route matches [#{env['REQUEST_METHOD']}] #{env['PATH_INFO'].inspect}"
-        end
-      rescue Exception => exception
-        raise exception if env['action_dispatch.show_exceptions'] == false
+      if headers['X-Cascade'] == 'pass'
+        body.close if body.respond_to?(:close)
+        raise ActionController::RoutingError, "No route matches [#{env['REQUEST_METHOD']}] #{env['PATH_INFO'].inspect}"
       end
 
-      exception ? render_exception(env, exception) : response
+      response
+    rescue Exception => exception
+      raise exception if env['action_dispatch.show_exceptions'] == false
+      render_exception(env, exception)
     end
 
     private
@@ -34,24 +34,46 @@ module ActionDispatch
       log_error(env, wrapper)
 
       if env['action_dispatch.show_detailed_exceptions']
+        request = Request.new(env)
+        traces = wrapper.traces
+
+        trace_to_show = 'Application Trace'
+        if traces[trace_to_show].empty? && wrapper.rescue_template != 'routing_error'
+          trace_to_show = 'Full Trace'
+        end
+
+        if source_to_show = traces[trace_to_show].first
+          source_to_show_id = source_to_show[:id]
+        end
+
         template = ActionView::Base.new([RESCUES_TEMPLATE_PATH],
-          :request => Request.new(env),
-          :exception => wrapper.exception,
-          :application_trace => wrapper.application_trace,
-          :framework_trace => wrapper.framework_trace,
-          :full_trace => wrapper.full_trace
+          request: request,
+          exception: wrapper.exception,
+          traces: traces,
+          show_source_idx: source_to_show_id,
+          trace_to_show: trace_to_show,
+          routes_inspector: routes_inspector(exception),
+          source_extracts: wrapper.source_extracts,
+          line_number: wrapper.line_number,
+          file: wrapper.file
         )
-
         file = "rescues/#{wrapper.rescue_template}"
-        body = template.render(:template => file, :layout => 'rescues/layout')
-        render(wrapper.status_code, body)
+
+        if request.xhr?
+          body = template.render(template: file, layout: false, formats: [:text])
+          format = "text/plain"
+        else
+          body = template.render(template: file, layout: 'rescues/layout')
+          format = "text/html"
+        end
+        render(wrapper.status_code, body, format)
       else
         raise exception
       end
     end
 
-    def render(status, body)
-      [status, {'Content-Type' => "text/html; charset=#{Response.default_charset}", 'Content-Length' => body.bytesize.to_s}, [body]]
+    def render(status, body, format)
+      [status, {'Content-Type' => "#{format}; charset=#{Response.default_charset}", 'Content-Length' => body.bytesize.to_s}, [body]]
     end
 
     def log_error(env, wrapper)
@@ -76,7 +98,13 @@ module ActionDispatch
     end
 
     def stderr_logger
-      @stderr_logger ||= Logger.new($stderr)
+      @stderr_logger ||= ActiveSupport::Logger.new($stderr)
+    end
+
+    def routes_inspector(exception)
+      if @routes_app.respond_to?(:routes) && (exception.is_a?(ActionController::RoutingError) || exception.is_a?(ActionView::Template::Error))
+        ActionDispatch::Routing::RoutesInspector.new(@routes_app.routes.routes)
+      end
     end
   end
 end

data/lib/action_dispatch/middleware/exception_wrapper.rb

@@ -1,16 +1,22 @@
 require 'action_controller/metal/exceptions'
-require 'active_support/core_ext/exception'
+require 'active_support/core_ext/module/attribute_accessors'
 
 module ActionDispatch
   class ExceptionWrapper
     cattr_accessor :rescue_responses
     @@rescue_responses = Hash.new(:internal_server_error)
     @@rescue_responses.merge!(
-      'ActionController::RoutingError'             => :not_found,
-      'AbstractController::ActionNotFound'         => :not_found,
-      'ActionController::MethodNotAllowed'         => :method_not_allowed,
-      'ActionController::NotImplemented'           => :not_implemented,
-      'ActionController::InvalidAuthenticityToken' => :unprocessable_entity
+      'ActionController::RoutingError'                => :not_found,
+      'AbstractController::ActionNotFound'            => :not_found,
+      'ActionController::MethodNotAllowed'            => :method_not_allowed,
+      'ActionController::UnknownHttpMethod'           => :method_not_allowed,
+      'ActionController::NotImplemented'              => :not_implemented,
+      'ActionController::UnknownFormat'               => :not_acceptable,
+      'ActionController::InvalidAuthenticityToken'    => :unprocessable_entity,
+      'ActionController::InvalidCrossOriginRequest'   => :unprocessable_entity,
+      'ActionDispatch::ParamsParser::ParseError'      => :bad_request,
+      'ActionController::BadRequest'                  => :bad_request,
+      'ActionController::ParameterMissing'            => :bad_request
     )
 
     cattr_accessor :rescue_templates
@@ -22,11 +28,13 @@ module ActionDispatch
       'ActionView::Template::Error'         => 'template_error'
     )
 
-    attr_reader :env, :exception
+    attr_reader :env, :exception, :line_number, :file
 
     def initialize(env, exception)
       @env = env
       @exception = original_exception(exception)
+
+      expand_backtrace if exception.is_a?(SyntaxError) || exception.try(:original_exception).try(:is_a?, SyntaxError)
     end
 
     def rescue_template
@@ -49,12 +57,52 @@ module ActionDispatch
       clean_backtrace(:all)
     end
 
+    def traces
+      appplication_trace_with_ids = []
+      framework_trace_with_ids = []
+      full_trace_with_ids = []
+
+      full_trace.each_with_index do |trace, idx|
+        trace_with_id = { id: idx, trace: trace }
+
+        if application_trace.include?(trace)
+          appplication_trace_with_ids << trace_with_id
+        else
+          framework_trace_with_ids << trace_with_id
+        end
+
+        full_trace_with_ids << trace_with_id
+      end
+
+      {
+        "Application Trace" => appplication_trace_with_ids,
+        "Framework Trace" => framework_trace_with_ids,
+        "Full Trace" => full_trace_with_ids
+      }
+    end
+
     def self.status_code_for_exception(class_name)
       Rack::Utils.status_code(@@rescue_responses[class_name])
     end
 
+    def source_extracts
+      backtrace.map do |trace|
+        file, line = trace.split(":")
+        line_number = line.to_i
+
+        {
+          code: source_fragment(file, line_number),
+          line_number: line_number
+        }
+      end
+    end
+
     private
 
+    def backtrace
+      Array(@exception.backtrace)
+    end
+
     def original_exception(exception)
       if registered_original_exception?(exception)
         exception.original_exception
@@ -69,14 +117,32 @@ module ActionDispatch
 
     def clean_backtrace(*args)
       if backtrace_cleaner
-        backtrace_cleaner.clean(@exception.backtrace, *args)
+        backtrace_cleaner.clean(backtrace, *args)
       else
-        @exception.backtrace
+        backtrace
       end
     end
 
     def backtrace_cleaner
       @backtrace_cleaner ||= @env['action_dispatch.backtrace_cleaner']
     end
+
+    def source_fragment(path, line)
+      return unless Rails.respond_to?(:root) && Rails.root
+      full_path = Rails.root.join(path)
+      if File.exist?(full_path)
+        File.open(full_path, "r") do |file|
+          start = [line - 3, 0].max
+          lines = file.each_line.drop(start).take(6)
+          Hash[*(start+1..(lines.count+start)).zip(lines).flatten]
+        end
+      end
+    end
+
+    def expand_backtrace
+      @exception.backtrace.unshift(
+        @exception.to_s.split("\n")
+      ).flatten!
+    end
   end
 end

data/lib/action_dispatch/middleware/flash.rb

@@ -1,23 +1,25 @@
+require 'active_support/core_ext/hash/keys'
+
 module ActionDispatch
-  class Request
+  class Request < Rack::Request
     # Access the contents of the flash. Use <tt>flash["notice"]</tt> to
     # read a notice you put there or <tt>flash["notice"] = "hello"</tt>
     # to put a new one.
     def flash
-      @env[Flash::KEY] ||= (session["flash"] || Flash::FlashHash.new)
+      @env[Flash::KEY] ||= Flash::FlashHash.from_session_value(session["flash"])
     end
   end
 
-  # The flash provides a way to pass temporary objects between actions. Anything you place in the flash will be exposed
+  # The flash provides a way to pass temporary primitive-types (String, Array, Hash) between actions. Anything you place in the flash will be exposed
   # to the very next action and then cleared out. This is a great way of doing notices and alerts, such as a create
   # action that sets <tt>flash[:notice] = "Post successfully created"</tt> before redirecting to a display action that can
-  # then expose the flash to its template. Actually, that exposure is automatically done. Example:
+  # then expose the flash to its template. Actually, that exposure is automatically done.
   #
   #   class PostsController < ActionController::Base
   #     def create
   #       # save post
   #       flash[:notice] = "Post successfully created"
-  #       redirect_to posts_path(@post)
+  #       redirect_to @post
   #     end
   #
   #     def show
@@ -35,8 +37,11 @@ module ActionDispatch
   #   flash.alert = "You must be logged in"
   #   flash.notice = "Post successfully created"
   #
-  # This example just places a string in the flash, but you can put any object in there. And of course, you can put as
-  # many as you like at a time too. Just remember: They'll be gone by the time the next action has been performed.
+  # This example places a string in the flash. And of course, you can put as many as you like at a time too. If you want to pass
+  # non-primitive types, you will have to handle that in your application. Example: To show messages with links, you will have to
+  # use sanitize helper.
+  #
+  # Just remember: They'll be gone by the time the next action has been performed.
   #
   # See docs on the FlashHash class for more details about the flash.
   class Flash
@@ -50,37 +55,54 @@ module ActionDispatch
       end
 
       def []=(k, v)
+        k = k.to_s
         @flash[k] = v
         @flash.discard(k)
         v
       end
 
       def [](k)
-        @flash[k]
+        @flash[k.to_s]
       end
 
-      # Convenience accessor for flash.now[:alert]=
+      # Convenience accessor for <tt>flash.now[:alert]=</tt>.
       def alert=(message)
         self[:alert] = message
       end
 
-      # Convenience accessor for flash.now[:notice]=
+      # Convenience accessor for <tt>flash.now[:notice]=</tt>.
       def notice=(message)
         self[:notice] = message
       end
     end
 
-    # Implementation detail: please do not change the signature of the
-    # FlashHash class. Doing that will likely affect all Rails apps in
-    # production as the FlashHash currently stored in their sessions will
-    # become invalid.
     class FlashHash
       include Enumerable
 
-      def initialize #:nodoc:
-        @used    = Set.new
-        @closed  = false
-        @flashes = {}
+      def self.from_session_value(value) #:nodoc:
+        flash = case value
+                when FlashHash # Rails 3.1, 3.2
+                  new(value.instance_variable_get(:@flashes), value.instance_variable_get(:@used))
+                when Hash # Rails 4.0
+                  new(value['flashes'], value['discard'])
+                else
+                  new
+                end
+
+        flash.tap(&:sweep)
+      end
+      
+      # Builds a hash containing the discarded values and the hashes
+      # representing the flashes.
+      # If there are no values in @flashes, returns nil.
+      def to_session_value #:nodoc:
+        return nil if empty?
+        {'discard' => @discard.to_a, 'flashes' => @flashes}
+      end
+
+      def initialize(flashes = {}, discard = []) #:nodoc:
+        @discard = Set.new(stringify_array(discard))
+        @flashes = flashes.stringify_keys
         @now     = nil
       end
 
@@ -92,18 +114,19 @@ module ActionDispatch
         super
       end
 
-      def []=(k, v) #:nodoc:
-        keep(k)
+      def []=(k, v)
+        k = k.to_s
+        @discard.delete k
         @flashes[k] = v
       end
 
       def [](k)
-        @flashes[k]
+        @flashes[k.to_s]
       end
 
       def update(h) #:nodoc:
-        h.keys.each { |k| keep(k) }
-        @flashes.update h
+        @discard.subtract stringify_array(h.keys)
+        @flashes.update h.stringify_keys
         self
       end
 
@@ -112,10 +135,12 @@ module ActionDispatch
       end
 
       def key?(name)
-        @flashes.key? name
+        @flashes.key? name.to_s
       end
 
       def delete(key)
+        key = key.to_s
+        @discard.delete key
         @flashes.delete key
         self
       end
@@ -129,6 +154,7 @@ module ActionDispatch
       end
 
       def clear
+        @discard.clear
         @flashes.clear
       end
 
@@ -139,8 +165,8 @@ module ActionDispatch
       alias :merge! :update
 
       def replace(h) #:nodoc:
-        @used = Set.new
-        @flashes.replace h
+        @discard.clear
+        @flashes.replace h.stringify_keys
         self
       end
 
@@ -154,6 +180,14 @@ module ActionDispatch
       # vanish when the current action is done.
       #
       # Entries set via <tt>now</tt> are accessed the same way as standard entries: <tt>flash['my-key']</tt>.
+      #
+      # Also, brings two convenience accessors:
+      #
+      #   flash.now.alert = "Beware now!"
+      #   # Equivalent to flash.now[:alert] = "Beware now!"
+      #
+      #   flash.now.notice = "Good luck now!"
+      #   # Equivalent to flash.now[:notice] = "Good luck now!"
       def now
         @now ||= FlashNow.new(self)
       end
@@ -163,7 +197,9 @@ module ActionDispatch
       #    flash.keep            # keeps the entire flash
       #    flash.keep(:notice)   # keeps only the "notice" entry, the rest of the flash is discarded
       def keep(k = nil)
-        use(k, false)
+        k = k.to_s if k
+        @discard.subtract Array(k || keys)
+        k ? self[k] : self
       end
 
       # Marks the entire flash or a single flash entry to be discarded by the end of the current action:
@@ -171,63 +207,49 @@ module ActionDispatch
       #     flash.discard              # discard the entire flash at the end of the current action
       #     flash.discard(:warning)    # discard only the "warning" entry at the end of the current action
       def discard(k = nil)
-        use(k)
+        k = k.to_s if k
+        @discard.merge Array(k || keys)
+        k ? self[k] : self
       end
 
       # Mark for removal entries that were kept, and delete unkept ones.
       #
       # This method is called automatically by filters, so you generally don't need to care about it.
       def sweep #:nodoc:
-        keys.each do |k|
-          unless @used.include?(k)
-            @used << k
-          else
-            delete(k)
-            @used.delete(k)
-          end
-        end
-
-        # clean up after keys that could have been left over by calling reject! or shift on the flash
-        (@used - keys).each{ |k| @used.delete(k) }
+        @discard.each { |k| @flashes.delete k }
+        @discard.replace @flashes.keys
       end
 
-      # Convenience accessor for flash[:alert]
+      # Convenience accessor for <tt>flash[:alert]</tt>.
       def alert
         self[:alert]
       end
 
-      # Convenience accessor for flash[:alert]=
+      # Convenience accessor for <tt>flash[:alert]=</tt>.
       def alert=(message)
         self[:alert] = message
       end
 
-      # Convenience accessor for flash[:notice]
+      # Convenience accessor for <tt>flash[:notice]</tt>.
       def notice
         self[:notice]
       end
 
-      # Convenience accessor for flash[:notice]=
+      # Convenience accessor for <tt>flash[:notice]=</tt>.
       def notice=(message)
         self[:notice] = message
       end
 
       protected
+      def now_is_loaded?
+        @now
+      end
 
-        def now_is_loaded?
-          !!@now
-        end
-
-        # Used internally by the <tt>keep</tt> and <tt>discard</tt> methods
-        #     use()               # marks the entire flash as used
-        #     use('msg')          # marks the "msg" entry as used
-        #     use(nil, false)     # marks the entire flash as unused (keeps it around for one more action)
-        #     use('msg', false)   # marks the "msg" entry as unused (keeps it around for one more action)
-        # Returns the single value for the key you asked to be marked (un)used or the FlashHash itself
-        # if no key is passed.
-        def use(key = nil, used = true)
-          Array(key || keys).each { |k| used ? @used << k : @used.delete(k) }
-          return key ? self[key] : self
+      def stringify_array(array)
+        array.map do |item|
+          item.kind_of?(Symbol) ? item.to_s : item
         end
+      end
     end
 
     def initialize(app)
@@ -235,27 +257,18 @@ module ActionDispatch
     end
 
     def call(env)
-      if (session = env['rack.session']) && (flash = session['flash'])
-        flash.sweep
-      end
-
       @app.call(env)
     ensure
-      session    = env['rack.session'] || {}
+      session    = Request::Session.find(env) || {}
       flash_hash = env[KEY]
 
-      if flash_hash
-        if !flash_hash.empty? || session.key?('flash')
-          session["flash"] = flash_hash
-          new_hash = flash_hash.dup
-        else
-          new_hash = flash_hash
-        end
-
-        env[KEY] = new_hash
+      if flash_hash && (flash_hash.present? || session.key?('flash'))
+        session["flash"] = flash_hash.to_session_value
+        env[KEY] = flash_hash.dup
       end
 
-      if session.key?('flash') && session['flash'].empty?
+      if (!session.respond_to?(:loaded?) || session.loaded?) && # (reset_session uses {}, which doesn't implement #loaded?)
+        session.key?('flash') && session['flash'].nil?
         session.delete('flash')
       end
     end

data/lib/action_dispatch/middleware/params_parser.rb

@@ -4,10 +4,16 @@ require 'active_support/core_ext/hash/indifferent_access'
 
 module ActionDispatch
   class ParamsParser
-    DEFAULT_PARSERS = {
-      Mime::XML => :xml_simple,
-      Mime::JSON => :json
-    }
+    class ParseError < StandardError
+      attr_reader :original_exception
+
+      def initialize(message, original_exception)
+        super(message)
+        @original_exception = original_exception
+      end
+    end
+
+    DEFAULT_PARSERS = { Mime::JSON => :json }
 
     def initialize(app, parsers = {})
       @app, @parsers = app, DEFAULT_PARSERS.merge(parsers)
@@ -27,49 +33,28 @@ module ActionDispatch
 
         return false if request.content_length.zero?
 
-        mime_type = content_type_from_legacy_post_data_format_header(env) ||
-          request.content_mime_type
-
-        strategy = @parsers[mime_type]
+        strategy = @parsers[request.content_mime_type]
 
         return false unless strategy
 
         case strategy
         when Proc
           strategy.call(request.raw_post)
-        when :xml_simple, :xml_node
-          data = request.deep_munge(Hash.from_xml(request.body.read) || {})
-          request.body.rewind if request.body.respond_to?(:rewind)
-          data.with_indifferent_access
-        when :yaml
-          YAML.load(request.raw_post)
         when :json
-          data = ActiveSupport::JSON.decode(request.body)
-          request.body.rewind if request.body.respond_to?(:rewind)
+          data = ActiveSupport::JSON.decode(request.raw_post)
           data = {:_json => data} unless data.is_a?(Hash)
-          request.deep_munge(data).with_indifferent_access
+          Request::Utils.deep_munge(data).with_indifferent_access
         else
           false
         end
-      rescue Exception => e # YAML, XML or Ruby code block errors
+      rescue => e # JSON or Ruby code block errors
         logger(env).debug "Error occurred while parsing request parameters.\nContents:\n\n#{request.raw_post}"
 
-        raise e
-      end
-
-      def content_type_from_legacy_post_data_format_header(env)
-        if x_post_format = env['HTTP_X_POST_DATA_FORMAT']
-          case x_post_format.to_s.downcase
-          when 'yaml' then return Mime::YAML
-          when 'xml'  then return Mime::XML
-          end
-        end
-
-        nil
+        raise ParseError.new(e.message, e)
       end
 
       def logger(env)
-        env['action_dispatch.logger'] || Logger.new($stderr)
+        env['action_dispatch.logger'] || ActiveSupport::Logger.new($stderr)
       end
   end
 end