RubyGems - actionpack - Versions diffs - 3.2.19 → 4.2.11.3 - Mend

actionpack 3.2.19 → 4.2.11.3

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (244) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +412 -503
data/MIT-LICENSE +1 -1
data/README.rdoc +11 -294
data/lib/abstract_controller/asset_paths.rb +2 -2
data/lib/abstract_controller/base.rb +52 -18
data/lib/abstract_controller/callbacks.rb +87 -89
data/lib/abstract_controller/collector.rb +17 -3
data/lib/abstract_controller/helpers.rb +41 -14
data/lib/abstract_controller/logger.rb +1 -2
data/lib/abstract_controller/railties/routes_helpers.rb +3 -3
data/lib/abstract_controller/rendering.rb +65 -118
data/lib/abstract_controller/translation.rb +16 -1
data/lib/abstract_controller/url_for.rb +7 -7
data/lib/abstract_controller.rb +2 -10
data/lib/action_controller/base.rb +61 -28
data/lib/action_controller/caching/fragments.rb +30 -54
data/lib/action_controller/caching.rb +38 -35
data/lib/action_controller/log_subscriber.rb +35 -18
data/lib/action_controller/metal/conditional_get.rb +103 -34
data/lib/action_controller/metal/data_streaming.rb +20 -26
data/lib/action_controller/metal/etag_with_template_digest.rb +50 -0
data/lib/action_controller/metal/exceptions.rb +19 -6
data/lib/action_controller/metal/flash.rb +41 -9
data/lib/action_controller/metal/force_ssl.rb +70 -12
data/lib/action_controller/metal/head.rb +30 -7
data/lib/action_controller/metal/helpers.rb +11 -11
data/lib/action_controller/metal/hide_actions.rb +0 -1
data/lib/action_controller/metal/http_authentication.rb +140 -94
data/lib/action_controller/metal/implicit_render.rb +1 -1
data/lib/action_controller/metal/instrumentation.rb +11 -7
data/lib/action_controller/metal/live.rb +328 -0
data/lib/action_controller/metal/mime_responds.rb +161 -152
data/lib/action_controller/metal/params_wrapper.rb +126 -81
data/lib/action_controller/metal/rack_delegation.rb +10 -4
data/lib/action_controller/metal/redirecting.rb +44 -41
data/lib/action_controller/metal/renderers.rb +48 -19
data/lib/action_controller/metal/rendering.rb +46 -11
data/lib/action_controller/metal/request_forgery_protection.rb +250 -29
data/lib/action_controller/metal/streaming.rb +30 -38
data/lib/action_controller/metal/strong_parameters.rb +669 -0
data/lib/action_controller/metal/testing.rb +12 -18
data/lib/action_controller/metal/url_for.rb +31 -29
data/lib/action_controller/metal.rb +31 -40
data/lib/action_controller/model_naming.rb +12 -0
data/lib/action_controller/railtie.rb +38 -18
data/lib/action_controller/railties/helpers.rb +22 -0
data/lib/action_controller/test_case.rb +359 -173
data/lib/action_controller.rb +9 -16
data/lib/action_dispatch/http/cache.rb +64 -11
data/lib/action_dispatch/http/filter_parameters.rb +20 -10
data/lib/action_dispatch/http/filter_redirect.rb +38 -0
data/lib/action_dispatch/http/headers.rb +85 -17
data/lib/action_dispatch/http/mime_negotiation.rb +55 -5
data/lib/action_dispatch/http/mime_type.rb +167 -114
data/lib/action_dispatch/http/mime_types.rb +2 -1
data/lib/action_dispatch/http/parameter_filter.rb +44 -46
data/lib/action_dispatch/http/parameters.rb +30 -46
data/lib/action_dispatch/http/rack_cache.rb +2 -3
data/lib/action_dispatch/http/request.rb +108 -45
data/lib/action_dispatch/http/response.rb +247 -48
data/lib/action_dispatch/http/upload.rb +60 -29
data/lib/action_dispatch/http/url.rb +135 -45
data/lib/action_dispatch/journey/backwards.rb +5 -0
data/lib/action_dispatch/journey/formatter.rb +166 -0
data/lib/action_dispatch/journey/gtg/builder.rb +162 -0
data/lib/action_dispatch/journey/gtg/simulator.rb +47 -0
data/lib/action_dispatch/journey/gtg/transition_table.rb +157 -0
data/lib/action_dispatch/journey/nfa/builder.rb +76 -0
data/lib/action_dispatch/journey/nfa/dot.rb +36 -0
data/lib/action_dispatch/journey/nfa/simulator.rb +47 -0
data/lib/action_dispatch/journey/nfa/transition_table.rb +163 -0
data/lib/action_dispatch/journey/nodes/node.rb +128 -0
data/lib/action_dispatch/journey/parser.rb +198 -0
data/lib/action_dispatch/journey/parser.y +49 -0
data/lib/action_dispatch/journey/parser_extras.rb +23 -0
data/lib/action_dispatch/journey/path/pattern.rb +193 -0
data/lib/action_dispatch/journey/route.rb +125 -0
data/lib/action_dispatch/journey/router/strexp.rb +27 -0
data/lib/action_dispatch/journey/router/utils.rb +93 -0
data/lib/action_dispatch/journey/router.rb +144 -0
data/lib/action_dispatch/journey/routes.rb +80 -0
data/lib/action_dispatch/journey/scanner.rb +61 -0
data/lib/action_dispatch/journey/visitors.rb +221 -0
data/lib/action_dispatch/journey/visualizer/fsm.css +30 -0
data/lib/action_dispatch/journey/visualizer/fsm.js +134 -0
data/lib/action_dispatch/journey/visualizer/index.html.erb +52 -0
data/lib/action_dispatch/journey.rb +5 -0
data/lib/action_dispatch/middleware/callbacks.rb +16 -11
data/lib/action_dispatch/middleware/cookies.rb +346 -125
data/lib/action_dispatch/middleware/debug_exceptions.rb +52 -24
data/lib/action_dispatch/middleware/exception_wrapper.rb +75 -9
data/lib/action_dispatch/middleware/flash.rb +85 -72
data/lib/action_dispatch/middleware/params_parser.rb +16 -31
data/lib/action_dispatch/middleware/public_exceptions.rb +39 -14
data/lib/action_dispatch/middleware/reloader.rb +16 -7
data/lib/action_dispatch/middleware/remote_ip.rb +132 -40
data/lib/action_dispatch/middleware/request_id.rb +3 -7
data/lib/action_dispatch/middleware/session/abstract_store.rb +22 -20
data/lib/action_dispatch/middleware/session/cache_store.rb +3 -3
data/lib/action_dispatch/middleware/session/cookie_store.rb +84 -29
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +8 -3
data/lib/action_dispatch/middleware/show_exceptions.rb +15 -44
data/lib/action_dispatch/middleware/ssl.rb +72 -0
data/lib/action_dispatch/middleware/stack.rb +6 -1
data/lib/action_dispatch/middleware/static.rb +80 -23
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +34 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +23 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.erb +27 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +52 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +16 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +133 -5
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +11 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +32 -0
data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb +11 -0
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +20 -0
data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +7 -0
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +6 -0
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +16 -0
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +200 -0
data/lib/action_dispatch/railtie.rb +19 -6
data/lib/action_dispatch/request/session.rb +193 -0
data/lib/action_dispatch/request/utils.rb +35 -0
data/lib/action_dispatch/routing/endpoint.rb +10 -0
data/lib/action_dispatch/routing/inspector.rb +234 -0
data/lib/action_dispatch/routing/mapper.rb +897 -436
data/lib/action_dispatch/routing/polymorphic_routes.rb +213 -92
data/lib/action_dispatch/routing/redirection.rb +97 -37
data/lib/action_dispatch/routing/route_set.rb +432 -239
data/lib/action_dispatch/routing/routes_proxy.rb +7 -4
data/lib/action_dispatch/routing/url_for.rb +63 -34
data/lib/action_dispatch/routing.rb +57 -89
data/lib/action_dispatch/testing/assertions/dom.rb +2 -36
data/lib/action_dispatch/testing/assertions/response.rb +24 -38
data/lib/action_dispatch/testing/assertions/routing.rb +55 -54
data/lib/action_dispatch/testing/assertions/selector.rb +2 -434
data/lib/action_dispatch/testing/assertions/tag.rb +2 -137
data/lib/action_dispatch/testing/assertions.rb +11 -7
data/lib/action_dispatch/testing/integration.rb +88 -72
data/lib/action_dispatch/testing/test_process.rb +9 -6
data/lib/action_dispatch/testing/test_request.rb +13 -9
data/lib/action_dispatch/testing/test_response.rb +1 -5
data/lib/action_dispatch.rb +24 -21
data/lib/action_pack/gem_version.rb +15 -0
data/lib/action_pack/version.rb +5 -7
data/lib/action_pack.rb +1 -1
metadata +181 -292
data/lib/abstract_controller/layouts.rb +0 -423
data/lib/abstract_controller/view_paths.rb +0 -96
data/lib/action_controller/caching/actions.rb +0 -185
data/lib/action_controller/caching/pages.rb +0 -187
data/lib/action_controller/caching/sweeping.rb +0 -97
data/lib/action_controller/deprecated/integration_test.rb +0 -2
data/lib/action_controller/deprecated/performance_test.rb +0 -1
data/lib/action_controller/deprecated.rb +0 -3
data/lib/action_controller/metal/compatibility.rb +0 -65
data/lib/action_controller/metal/responder.rb +0 -286
data/lib/action_controller/metal/session_management.rb +0 -14
data/lib/action_controller/railties/paths.rb +0 -25
data/lib/action_controller/record_identifier.rb +0 -85
data/lib/action_controller/vendor/html-scanner/html/document.rb +0 -68
data/lib/action_controller/vendor/html-scanner/html/node.rb +0 -532
data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +0 -177
data/lib/action_controller/vendor/html-scanner/html/selector.rb +0 -830
data/lib/action_controller/vendor/html-scanner/html/tokenizer.rb +0 -107
data/lib/action_controller/vendor/html-scanner/html/version.rb +0 -11
data/lib/action_controller/vendor/html-scanner.rb +0 -20
data/lib/action_dispatch/middleware/best_standards_support.rb +0 -30
data/lib/action_dispatch/middleware/body_proxy.rb +0 -30
data/lib/action_dispatch/middleware/head.rb +0 -18
data/lib/action_dispatch/middleware/rescue.rb +0 -26
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb +0 -31
data/lib/action_dispatch/middleware/templates/rescues/_trace.erb +0 -26
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb +0 -10
data/lib/action_dispatch/middleware/templates/rescues/missing_template.erb +0 -2
data/lib/action_dispatch/middleware/templates/rescues/routing_error.erb +0 -15
data/lib/action_dispatch/middleware/templates/rescues/template_error.erb +0 -17
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.erb +0 -2
data/lib/action_dispatch/testing/performance_test.rb +0 -10
data/lib/action_view/asset_paths.rb +0 -142
data/lib/action_view/base.rb +0 -220
data/lib/action_view/buffers.rb +0 -43
data/lib/action_view/context.rb +0 -36
data/lib/action_view/flows.rb +0 -79
data/lib/action_view/helpers/active_model_helper.rb +0 -50
data/lib/action_view/helpers/asset_paths.rb +0 -7
data/lib/action_view/helpers/asset_tag_helper.rb +0 -457
data/lib/action_view/helpers/asset_tag_helpers/asset_include_tag.rb +0 -146
data/lib/action_view/helpers/asset_tag_helpers/asset_paths.rb +0 -93
data/lib/action_view/helpers/asset_tag_helpers/javascript_tag_helpers.rb +0 -193
data/lib/action_view/helpers/asset_tag_helpers/stylesheet_tag_helpers.rb +0 -148
data/lib/action_view/helpers/atom_feed_helper.rb +0 -200
data/lib/action_view/helpers/cache_helper.rb +0 -64
data/lib/action_view/helpers/capture_helper.rb +0 -203
data/lib/action_view/helpers/controller_helper.rb +0 -25
data/lib/action_view/helpers/csrf_helper.rb +0 -32
data/lib/action_view/helpers/date_helper.rb +0 -1062
data/lib/action_view/helpers/debug_helper.rb +0 -40
data/lib/action_view/helpers/form_helper.rb +0 -1486
data/lib/action_view/helpers/form_options_helper.rb +0 -658
data/lib/action_view/helpers/form_tag_helper.rb +0 -685
data/lib/action_view/helpers/javascript_helper.rb +0 -110
data/lib/action_view/helpers/number_helper.rb +0 -622
data/lib/action_view/helpers/output_safety_helper.rb +0 -38
data/lib/action_view/helpers/record_tag_helper.rb +0 -111
data/lib/action_view/helpers/rendering_helper.rb +0 -90
data/lib/action_view/helpers/sanitize_helper.rb +0 -259
data/lib/action_view/helpers/tag_helper.rb +0 -160
data/lib/action_view/helpers/text_helper.rb +0 -426
data/lib/action_view/helpers/translation_helper.rb +0 -91
data/lib/action_view/helpers/url_helper.rb +0 -693
data/lib/action_view/helpers.rb +0 -60
data/lib/action_view/locale/en.yml +0 -160
data/lib/action_view/log_subscriber.rb +0 -28
data/lib/action_view/lookup_context.rb +0 -254
data/lib/action_view/path_set.rb +0 -89
data/lib/action_view/railtie.rb +0 -55
data/lib/action_view/renderer/abstract_renderer.rb +0 -41
data/lib/action_view/renderer/partial_renderer.rb +0 -415
data/lib/action_view/renderer/renderer.rb +0 -54
data/lib/action_view/renderer/streaming_template_renderer.rb +0 -106
data/lib/action_view/renderer/template_renderer.rb +0 -94
data/lib/action_view/template/error.rb +0 -128
data/lib/action_view/template/handlers/builder.rb +0 -26
data/lib/action_view/template/handlers/erb.rb +0 -125
data/lib/action_view/template/handlers.rb +0 -50
data/lib/action_view/template/resolver.rb +0 -272
data/lib/action_view/template/text.rb +0 -30
data/lib/action_view/template.rb +0 -337
data/lib/action_view/test_case.rb +0 -245
data/lib/action_view/testing/resolvers.rb +0 -50
data/lib/action_view.rb +0 -84
data/lib/sprockets/assets.rake +0 -99
data/lib/sprockets/bootstrap.rb +0 -37
data/lib/sprockets/compressors.rb +0 -83
data/lib/sprockets/helpers/isolated_helper.rb +0 -13
data/lib/sprockets/helpers/rails_helper.rb +0 -182
data/lib/sprockets/helpers.rb +0 -6
data/lib/sprockets/railtie.rb +0 -62
data/lib/sprockets/static_compiler.rb +0 -56

data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb DELETED Viewed

@@ -1,177 +0,0 @@
-require 'set'
-require 'cgi'
-require 'active_support/core_ext/class/attribute'
-module HTML
-  class Sanitizer
-    def sanitize(text, options = {})
-      return text unless sanitizeable?(text)
-      tokenize(text, options).join
-    end
-    def sanitizeable?(text)
-      !(text.nil? || text.empty? || !text.index("<"))
-    end
-  protected
-    def tokenize(text, options)
-      tokenizer = HTML::Tokenizer.new(text)
-      result = []
-      while token = tokenizer.next
-        node = Node.parse(nil, 0, 0, token, false)
-        process_node node, result, options
-      end
-      result
-    end
-    def process_node(node, result, options)
-      result << node.to_s
-    end
-  end
-  class FullSanitizer < Sanitizer
-    def sanitize(text, options = {})
-      result = super
-      # strip any comments, and if they have a newline at the end (ie. line with
-      # only a comment) strip that too
-      result = result.gsub(/<!--(.*?)-->[\n]?/m, "") if (result && result =~ /<!--(.*?)-->[\n]?/m)
-      # Recurse - handle all dirty nested tags
-      result == text ? result : sanitize(result, options)
-    end
-    def process_node(node, result, options)
-      result << node.to_s if node.class == HTML::Text
-    end
-  end
-  class LinkSanitizer < FullSanitizer
-    cattr_accessor :included_tags, :instance_writer => false
-    self.included_tags = Set.new(%w(a href))
-    def sanitizeable?(text)
-      !(text.nil? || text.empty? || !((text.index("<a") || text.index("<href")) && text.index(">")))
-    end
-  protected
-    def process_node(node, result, options)
-      result << node.to_s unless node.is_a?(HTML::Tag) && included_tags.include?(node.name)
-    end
-  end
-  class WhiteListSanitizer < Sanitizer
-    [:protocol_separator, :uri_attributes, :allowed_attributes, :allowed_tags, :allowed_protocols, :bad_tags,
-     :allowed_css_properties, :allowed_css_keywords, :shorthand_css_properties].each do |attr|
-      class_attribute attr, :instance_writer => false
-    end
-    # A regular expression of the valid characters used to separate protocols like
-    # the ':' in 'http://foo.com'
-    self.protocol_separator     = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i
-    # Specifies a Set of HTML attributes that can have URIs.
-    self.uri_attributes         = Set.new(%w(href src cite action longdesc xlink:href lowsrc))
-    # Specifies a Set of 'bad' tags that the #sanitize helper will remove completely, as opposed
-    # to just escaping harmless tags like &lt;font&gt;
-    self.bad_tags               = Set.new(%w(script))
-    # Specifies the default Set of tags that the #sanitize helper will allow unscathed.
-    self.allowed_tags           = Set.new(%w(strong em b i p code pre tt samp kbd var sub
-      sup dfn cite big small address hr br div span h1 h2 h3 h4 h5 h6 ul ol li dl dt dd abbr
-      acronym a img blockquote del ins))
-    # Specifies the default Set of html attributes that the #sanitize helper will leave
-    # in the allowed tag.
-    self.allowed_attributes     = Set.new(%w(href src width height alt cite datetime title class name xml:lang abbr))
-    # Specifies the default Set of acceptable css properties that #sanitize and #sanitize_css will accept.
-    self.allowed_protocols      = Set.new(%w(ed2k ftp http https irc mailto news gopher nntp telnet webcal xmpp callto
-      feed svn urn aim rsync tag ssh sftp rtsp afs))
-    # Specifies the default Set of acceptable css keywords that #sanitize and #sanitize_css will accept.
-    self.allowed_css_properties = Set.new(%w(azimuth background-color border-bottom-color border-collapse
-      border-color border-left-color border-right-color border-top-color clear color cursor direction display
-      elevation float font font-family font-size font-style font-variant font-weight height letter-spacing line-height
-      overflow pause pause-after pause-before pitch pitch-range richness speak speak-header speak-numeral speak-punctuation
-      speech-rate stress text-align text-decoration text-indent unicode-bidi vertical-align voice-family volume white-space
-      width))
-    # Specifies the default Set of acceptable css keywords that #sanitize and #sanitize_css will accept.
-    self.allowed_css_keywords   = Set.new(%w(auto aqua black block blue bold both bottom brown center
-      collapse dashed dotted fuchsia gray green !important italic left lime maroon medium none navy normal
-      nowrap olive pointer purple red right solid silver teal top transparent underline white yellow))
-    # Specifies the default Set of allowed shorthand css properties for the #sanitize and #sanitize_css helpers.
-    self.shorthand_css_properties = Set.new(%w(background border margin padding))
-    # Sanitizes a block of css code. Used by #sanitize when it comes across a style attribute
-    def sanitize_css(style)
-      # disallow urls
-      style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
-      # gauntlet
-      if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ ||
-          style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/
-        return ''
-      end
-      clean = []
-      style.scan(/([-\w]+)\s*:\s*([^:;]*)/) do |prop,val|
-        if allowed_css_properties.include?(prop.downcase)
-          clean <<  prop + ': ' + val + ';'
-        elsif shorthand_css_properties.include?(prop.split('-')[0].downcase)
-          unless val.split().any? do |keyword|
-            !allowed_css_keywords.include?(keyword) &&
-              keyword !~ /\A(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
-          end
-            clean << prop + ': ' + val + ';'
-          end
-        end
-      end
-      clean.join(' ')
-    end
-  protected
-    def tokenize(text, options)
-      options[:parent] = []
-      options[:attributes] ||= allowed_attributes
-      options[:tags]       ||= allowed_tags
-      super
-    end
-    def process_node(node, result, options)
-      result << case node
-        when HTML::Tag
-          if node.closing == :close
-            options[:parent].shift
-          else
-            options[:parent].unshift node.name
-          end
-          process_attributes_for node, options
-          options[:tags].include?(node.name) ? node : nil
-        else
-          bad_tags.include?(options[:parent].first) ? nil : node.to_s.gsub(/</, "&lt;")
-      end
-    end
-    def process_attributes_for(node, options)
-      return unless node.attributes
-      node.attributes.keys.each do |attr_name|
-        value = node.attributes[attr_name].to_s
-        if !options[:attributes].include?(attr_name) || contains_bad_protocols?(attr_name, value)
-          node.attributes.delete(attr_name)
-        else
-          node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(CGI::unescapeHTML(value))
-        end
-      end
-    end
-    def contains_bad_protocols?(attr_name, value)
-      uri_attributes.include?(attr_name) &&
-      (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i && !allowed_protocols.include?(value.split(protocol_separator).first.downcase.strip))
-    end
-  end
-end