actionpack 3.2.22.1 → 3.2.22.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/abstract_controller/rendering.rb +3 -3
- data/lib/action_pack/version.rb +1 -1
- data/lib/action_view/helpers/rendering_helper.rb +2 -0
- data/lib/action_view/helpers/tag_helper.rb +12 -5
- data/lib/action_view/lookup_context.rb +4 -0
- data/lib/action_view/path_set.rb +19 -7
- data/lib/action_view/renderer/abstract_renderer.rb +1 -1
- data/lib/action_view/renderer/renderer.rb +7 -0
- data/lib/action_view/renderer/template_renderer.rb +3 -2
- data/lib/action_view/template/resolver.rb +21 -12
- data/lib/action_view/testing/resolvers.rb +2 -3
- metadata +8 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b2589906c64cd869c852384400c0faaa3ce38781
|
|
4
|
+
data.tar.gz: 791a03c38208269ba110b4d5afaa77b3144894b6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ac4faea0a3986fbaa9644ec86c74bab96478b4b75786901f0d9142f563ada0d0efdf56e3c094af894eb7542fedfb7c88eaa93fa04fdb37be981c7e9267a65875
|
|
7
|
+
data.tar.gz: ef93100f309d422d5d4542e73dd02a7087cd4f0fc3b37e48d01fc9d0deedbc282550cf81780489d707ad2902e559f3a65711ca03c25b03ad2fce7ab28b5e5186
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require "abstract_controller/base"
|
|
2
2
|
require "action_view"
|
|
3
3
|
require "active_support/core_ext/object/instance_variables"
|
|
4
|
+
require "active_support/hash_with_indifferent_access"
|
|
4
5
|
|
|
5
6
|
module AbstractController
|
|
6
7
|
class DoubleRenderError < Error
|
|
@@ -138,7 +139,7 @@ module AbstractController
|
|
|
138
139
|
end
|
|
139
140
|
|
|
140
141
|
# Normalize args by converting render "foo" to render :action => "foo" and
|
|
141
|
-
# render "foo/bar" to render :
|
|
142
|
+
# render "foo/bar" to render :app_template_file => "foo/bar".
|
|
142
143
|
# :api: plugin
|
|
143
144
|
def _normalize_args(action=nil, options={})
|
|
144
145
|
case action
|
|
@@ -147,12 +148,11 @@ module AbstractController
|
|
|
147
148
|
options = action
|
|
148
149
|
when String, Symbol
|
|
149
150
|
action = action.to_s
|
|
150
|
-
key = action.include?(?/) ? :
|
|
151
|
+
key = action.include?(?/) ? :app_template_file : :action
|
|
151
152
|
options[key] = action
|
|
152
153
|
else
|
|
153
154
|
options[:partial] = action
|
|
154
155
|
end
|
|
155
|
-
|
|
156
156
|
options
|
|
157
157
|
end
|
|
158
158
|
|
data/lib/action_pack/version.rb
CHANGED
|
@@ -10,6 +10,7 @@ module ActionView
|
|
|
10
10
|
module TagHelper
|
|
11
11
|
extend ActiveSupport::Concern
|
|
12
12
|
include CaptureHelper
|
|
13
|
+
include OutputSafetyHelper
|
|
13
14
|
|
|
14
15
|
BOOLEAN_ATTRIBUTES = %w(disabled readonly multiple checked autobuffer
|
|
15
16
|
autoplay controls loop selected hidden scoped async
|
|
@@ -141,20 +142,26 @@ module ActionView
|
|
|
141
142
|
unless v.is_a?(String) || v.is_a?(Symbol) || v.is_a?(BigDecimal)
|
|
142
143
|
v = v.to_json
|
|
143
144
|
end
|
|
144
|
-
|
|
145
|
-
attrs << %(data-#{k.to_s.dasherize}="#{v}")
|
|
145
|
+
attrs << tag_option("data-#{k.to_s.dasherize}", v, escape)
|
|
146
146
|
end
|
|
147
147
|
elsif BOOLEAN_ATTRIBUTES.include?(key)
|
|
148
148
|
attrs << %(#{key}="#{key}") if value
|
|
149
149
|
elsif !value.nil?
|
|
150
|
-
|
|
151
|
-
final_value = ERB::Util.html_escape(final_value) if escape
|
|
152
|
-
attrs << %(#{key}="#{final_value}")
|
|
150
|
+
attrs << tag_option(key, value, escape)
|
|
153
151
|
end
|
|
154
152
|
end
|
|
155
153
|
" #{attrs.sort * ' '}".html_safe unless attrs.empty?
|
|
156
154
|
end
|
|
157
155
|
end
|
|
156
|
+
|
|
157
|
+
def tag_option(key, value, escape)
|
|
158
|
+
if value.is_a?(Array)
|
|
159
|
+
value = escape ? safe_join(value, " ") : value.join(" ")
|
|
160
|
+
else
|
|
161
|
+
value = escape ? ERB::Util.html_escape(value) : value.to_s
|
|
162
|
+
end
|
|
163
|
+
%(#{key}="#{value.gsub(/"/, '"'.freeze)}")
|
|
164
|
+
end
|
|
158
165
|
end
|
|
159
166
|
end
|
|
160
167
|
end
|
|
@@ -127,6 +127,10 @@ module ActionView
|
|
|
127
127
|
@view_paths.find_all(*args_for_lookup(name, prefixes, partial, keys, options))
|
|
128
128
|
end
|
|
129
129
|
|
|
130
|
+
def find_file(name, prefixes = [], partial = false, keys = [], options = {})
|
|
131
|
+
@view_paths.find_file(*args_for_lookup(name, prefixes, partial, keys, options))
|
|
132
|
+
end
|
|
133
|
+
|
|
130
134
|
def exists?(name, prefixes = [], partial = false, keys = [], options = {})
|
|
131
135
|
@view_paths.exists?(*args_for_lookup(name, prefixes, partial, keys, options))
|
|
132
136
|
end
|
data/lib/action_view/path_set.rb
CHANGED
|
@@ -58,23 +58,35 @@ module ActionView #:nodoc:
|
|
|
58
58
|
find_all(*args).first || raise(MissingTemplate.new(self, *args))
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
+
def find_file(path, prefixes = [], *args)
|
|
62
|
+
_find_all(path, prefixes, args, true).first || raise(MissingTemplate.new(self, path, prefixes, *args))
|
|
63
|
+
end
|
|
64
|
+
|
|
61
65
|
def find_all(path, prefixes = [], *args)
|
|
66
|
+
_find_all path, prefixes, args, false
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def exists?(path, prefixes, *args)
|
|
70
|
+
find_all(path, prefixes, *args).any?
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
private
|
|
74
|
+
|
|
75
|
+
def _find_all(path, prefixes, args, outside_app)
|
|
62
76
|
prefixes = [prefixes] if String === prefixes
|
|
63
77
|
prefixes.each do |prefix|
|
|
64
78
|
paths.each do |resolver|
|
|
65
|
-
|
|
79
|
+
if outside_app
|
|
80
|
+
templates = resolver.find_all_anywhere(path, prefix, *args)
|
|
81
|
+
else
|
|
82
|
+
templates = resolver.find_all(path, prefix, *args)
|
|
83
|
+
end
|
|
66
84
|
return templates unless templates.empty?
|
|
67
85
|
end
|
|
68
86
|
end
|
|
69
87
|
[]
|
|
70
88
|
end
|
|
71
89
|
|
|
72
|
-
def exists?(path, prefixes, *args)
|
|
73
|
-
find_all(path, prefixes, *args).any?
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
private
|
|
77
|
-
|
|
78
90
|
def typecast(paths)
|
|
79
91
|
paths.map do |path|
|
|
80
92
|
case path
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module ActionView
|
|
2
2
|
class AbstractRenderer #:nodoc:
|
|
3
|
-
delegate :find_template, :template_exists?, :with_fallbacks, :update_details,
|
|
3
|
+
delegate :find_template, :find_file, :template_exists?, :with_fallbacks, :update_details,
|
|
4
4
|
:with_layout_format, :formats, :to => :@lookup_context
|
|
5
5
|
|
|
6
6
|
def initialize(lookup_context)
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require 'active_support/hash_with_indifferent_access'
|
|
2
|
+
|
|
1
3
|
module ActionView
|
|
2
4
|
# This is the main entry point for rendering. It basically delegates
|
|
3
5
|
# to other objects like TemplateRenderer and PartialRenderer which
|
|
@@ -11,6 +13,11 @@ module ActionView
|
|
|
11
13
|
|
|
12
14
|
# Main render entry point shared by AV and AC.
|
|
13
15
|
def render(context, options)
|
|
16
|
+
if (options.is_a?(HashWithIndifferentAccess) && !options.respond_to?(:permitted?)) ||
|
|
17
|
+
(options.respond_to?(:permitted?) && !options.permitted?)
|
|
18
|
+
raise ArgumentError, "render parameters are not permitted"
|
|
19
|
+
end
|
|
20
|
+
|
|
14
21
|
if options.key?(:partial)
|
|
15
22
|
render_partial(context, options)
|
|
16
23
|
else
|
|
@@ -21,11 +21,12 @@ module ActionView
|
|
|
21
21
|
# Determine the template to be rendered using the given options.
|
|
22
22
|
def determine_template(options) #:nodoc:
|
|
23
23
|
keys = options[:locals].try(:keys) || []
|
|
24
|
-
|
|
25
24
|
if options.key?(:text)
|
|
26
25
|
Template::Text.new(options[:text], formats.try(:first))
|
|
26
|
+
elsif options.key?(:app_template_file)
|
|
27
|
+
find_template(options[:app_template_file], nil, false, keys, @details)
|
|
27
28
|
elsif options.key?(:file)
|
|
28
|
-
with_fallbacks {
|
|
29
|
+
with_fallbacks { find_file(options[:file], nil, false, keys, @details) }
|
|
29
30
|
elsif options.key?(:inline)
|
|
30
31
|
handler = Template.handler_for_extension(options[:type] || "erb")
|
|
31
32
|
Template.new(options[:inline], "inline template", handler, :locals => keys)
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require "pathname"
|
|
2
2
|
require "active_support/core_ext/class"
|
|
3
3
|
require "active_support/core_ext/io"
|
|
4
|
+
require "active_support/core_ext/string/starts_ends_with"
|
|
4
5
|
require "action_view/template"
|
|
5
6
|
|
|
6
7
|
module ActionView
|
|
@@ -43,7 +44,13 @@ module ActionView
|
|
|
43
44
|
# Normalizes the arguments and passes it on to find_template.
|
|
44
45
|
def find_all(name, prefix=nil, partial=false, details={}, key=nil, locals=[])
|
|
45
46
|
cached(key, [name, prefix, partial], details, locals) do
|
|
46
|
-
find_templates(name, prefix, partial, details)
|
|
47
|
+
find_templates(name, prefix, partial, details, false)
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def find_all_anywhere(name, prefix, partial=false, details={}, key=nil, locals=[])
|
|
52
|
+
cached(key, [name, prefix, partial], details, locals) do
|
|
53
|
+
find_templates(name, prefix, partial, details, true)
|
|
47
54
|
end
|
|
48
55
|
end
|
|
49
56
|
|
|
@@ -54,8 +61,8 @@ module ActionView
|
|
|
54
61
|
# This is what child classes implement. No defaults are needed
|
|
55
62
|
# because Resolver guarantees that the arguments are present and
|
|
56
63
|
# normalized.
|
|
57
|
-
def find_templates(name, prefix, partial, details)
|
|
58
|
-
raise NotImplementedError, "Subclasses must implement a find_templates(name, prefix, partial, details) method"
|
|
64
|
+
def find_templates(name, prefix, partial, details, outside_app_allowed = false)
|
|
65
|
+
raise NotImplementedError, "Subclasses must implement a find_templates(name, prefix, partial, details, outside_app_allowed) method"
|
|
59
66
|
end
|
|
60
67
|
|
|
61
68
|
# Helpers that builds a path. Useful for building virtual paths.
|
|
@@ -110,24 +117,21 @@ module ActionView
|
|
|
110
117
|
super()
|
|
111
118
|
end
|
|
112
119
|
|
|
113
|
-
cattr_accessor :
|
|
114
|
-
self.allow_external_files = false
|
|
120
|
+
cattr_accessor :instance_reader => false, :instance_writer => false
|
|
115
121
|
|
|
116
122
|
private
|
|
117
123
|
|
|
118
|
-
def find_templates(name, prefix, partial, details)
|
|
124
|
+
def find_templates(name, prefix, partial, details, outside_app_allowed = false)
|
|
119
125
|
path = Path.build(name, prefix, partial)
|
|
120
|
-
query(path, details, details[:formats])
|
|
126
|
+
query(path, details, details[:formats], outside_app_allowed)
|
|
121
127
|
end
|
|
122
128
|
|
|
123
|
-
def query(path, details, formats)
|
|
129
|
+
def query(path, details, formats, outside_app_allowed)
|
|
124
130
|
query = build_query(path, details)
|
|
125
131
|
|
|
126
132
|
template_paths = find_template_paths query
|
|
127
133
|
|
|
128
|
-
unless
|
|
129
|
-
template_paths = reject_files_external_to_app(template_paths)
|
|
130
|
-
end
|
|
134
|
+
template_paths = reject_files_external_to_app(template_paths) unless outside_app_allowed
|
|
131
135
|
|
|
132
136
|
template_paths.map { |template|
|
|
133
137
|
handler, format = extract_handler_and_format(template, formats)
|
|
@@ -267,7 +271,12 @@ module ActionView
|
|
|
267
271
|
class OptimizedFileSystemResolver < FileSystemResolver #:nodoc:
|
|
268
272
|
def build_query(path, details)
|
|
269
273
|
exts = EXTENSIONS.map { |ext| details[ext] }
|
|
270
|
-
|
|
274
|
+
|
|
275
|
+
if path.to_s.starts_with? @path.to_s
|
|
276
|
+
query = escape_entry(path)
|
|
277
|
+
else
|
|
278
|
+
query = escape_entry(File.join(@path, path))
|
|
279
|
+
end
|
|
271
280
|
|
|
272
281
|
query + exts.map { |ext|
|
|
273
282
|
"{#{ext.compact.uniq.map { |e| ".#{e}," }.join}}"
|
|
@@ -19,7 +19,7 @@ module ActionView #:nodoc:
|
|
|
19
19
|
|
|
20
20
|
private
|
|
21
21
|
|
|
22
|
-
def query(path, exts, formats)
|
|
22
|
+
def query(path, exts, formats, outside_app_allowed)
|
|
23
23
|
query = ""
|
|
24
24
|
EXTENSIONS.each do |ext|
|
|
25
25
|
query << '(' << exts[ext].map {|e| e && Regexp.escape(".#{e}") }.join('|') << '|)'
|
|
@@ -40,11 +40,10 @@ module ActionView #:nodoc:
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
class NullResolver < PathResolver
|
|
43
|
-
def query(path, exts, formats)
|
|
43
|
+
def query(path, exts, formats, outside_app_allowed)
|
|
44
44
|
handler, format = extract_handler_and_format(path, formats)
|
|
45
45
|
[ActionView::Template.new("Template generated by Null Resolver", path, handler, :virtual_path => path, :format => format)]
|
|
46
46
|
end
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
end
|
|
50
|
-
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: actionpack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.2.22.
|
|
4
|
+
version: 3.2.22.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-09-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 3.2.22.
|
|
19
|
+
version: 3.2.22.5
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 3.2.22.
|
|
26
|
+
version: 3.2.22.5
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: activemodel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 3.2.22.
|
|
33
|
+
version: 3.2.22.5
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 3.2.22.
|
|
40
|
+
version: 3.2.22.5
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rack-cache
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -369,8 +369,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
369
369
|
requirements:
|
|
370
370
|
- none
|
|
371
371
|
rubyforge_project:
|
|
372
|
-
rubygems_version: 2.
|
|
372
|
+
rubygems_version: 2.6.6
|
|
373
373
|
signing_key:
|
|
374
374
|
specification_version: 4
|
|
375
375
|
summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
|
|
376
376
|
test_files: []
|
|
377
|
+
has_rdoc:
|