actionpack 3.2.22.5 → 4.0.0.beta1

data/lib/action_controller/vendor/html-scanner.rb

@@ -1,20 +1,5 @@
-$LOAD_PATH << "#{File.dirname(__FILE__)}/html-scanner"
+require 'action_view/vendor/html-scanner'
+require 'active_support/deprecation'
 
-module HTML
-  extend ActiveSupport::Autoload
-
-  eager_autoload do
-    autoload :CDATA, 'html/node'
-    autoload :Document, 'html/document'
-    autoload :FullSanitizer, 'html/sanitizer'
-    autoload :LinkSanitizer, 'html/sanitizer'
-    autoload :Node, 'html/node'
-    autoload :Sanitizer, 'html/sanitizer'
-    autoload :Selector, 'html/selector'
-    autoload :Tag, 'html/node'
-    autoload :Text, 'html/node'
-    autoload :Tokenizer, 'html/tokenizer'
-    autoload :Version, 'html/version'
-    autoload :WhiteListSanitizer, 'html/sanitizer'
-  end
-end
+ActiveSupport::Deprecation.warn 'Vendored html-scanner was moved to action_view, please require "action_view/vendor/html-scanner" instead. ' +
+                                'This file will be removed in Rails 4.1'

data/lib/action_dispatch.rb

@@ -1,5 +1,5 @@
 #--
-# Copyright (c) 2004-2011 David Heinemeier Hansson
+# Copyright (c) 2004-2013 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -21,17 +21,11 @@
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #++
 
-activesupport_path = File.expand_path('../../../activesupport/lib', __FILE__)
-$:.unshift(activesupport_path) if File.directory?(activesupport_path) && !$:.include?(activesupport_path)
-
-activemodel_path = File.expand_path('../../../activemodel/lib', __FILE__)
-$:.unshift(activemodel_path) if File.directory?(activemodel_path) && !$:.include?(activemodel_path)
-
 require 'active_support'
-require 'active_support/dependencies/autoload'
+require 'active_support/rails'
+require 'active_support/core_ext/module/attribute_accessors'
 
 require 'action_pack'
-require 'active_model'
 require 'rack'
 
 module Rack
@@ -41,14 +35,18 @@ end
 module ActionDispatch
   extend ActiveSupport::Autoload
 
-  autoload_under 'http' do
-    autoload :Request
-    autoload :Response
+  class IllegalStateError < StandardError
+  end
+
+  eager_autoload do
+    autoload_under 'http' do
+      autoload :Request
+      autoload :Response
+    end
   end
 
   autoload_under 'middleware' do
     autoload :RequestId
-    autoload :BestStandardsSupport
     autoload :Callbacks
     autoload :Cookies
     autoload :DebugExceptions
@@ -59,11 +57,12 @@ module ActionDispatch
     autoload :PublicExceptions
     autoload :Reloader
     autoload :RemoteIp
-    autoload :Rescue
     autoload :ShowExceptions
+    autoload :SSL
     autoload :Static
   end
 
+  autoload :Journey
   autoload :MiddlewareStack, 'action_dispatch/middleware/stack'
   autoload :Routing
 
@@ -76,23 +75,27 @@ module ActionDispatch
     autoload :Parameters
     autoload :ParameterFilter
     autoload :FilterParameters
+    autoload :FilterRedirect
     autoload :Upload
     autoload :UploadedFile, 'action_dispatch/http/upload'
     autoload :URL
   end
 
   module Session
-    autoload :AbstractStore, 'action_dispatch/middleware/session/abstract_store'
-    autoload :CookieStore,   'action_dispatch/middleware/session/cookie_store'
-    autoload :MemCacheStore, 'action_dispatch/middleware/session/mem_cache_store'
-    autoload :CacheStore,    'action_dispatch/middleware/session/cache_store'
+    autoload :AbstractStore,                           'action_dispatch/middleware/session/abstract_store'
+    autoload :CookieStore,                             'action_dispatch/middleware/session/cookie_store'
+    autoload :EncryptedCookieStore,                    'action_dispatch/middleware/session/cookie_store'
+    autoload :UpgradeSignatureToEncryptionCookieStore, 'action_dispatch/middleware/session/cookie_store'
+    autoload :MemCacheStore,                           'action_dispatch/middleware/session/mem_cache_store'
+    autoload :CacheStore,                              'action_dispatch/middleware/session/cache_store'
   end
 
+  mattr_accessor :test_app
+
   autoload_under 'testing' do
     autoload :Assertions
     autoload :Integration
     autoload :IntegrationTest, 'action_dispatch/testing/integration'
-    autoload :PerformanceTest
     autoload :TestProcess
     autoload :TestRequest
     autoload :TestResponse
@@ -100,3 +103,8 @@ module ActionDispatch
 end
 
 autoload :Mime, 'action_dispatch/http/mime_type'
+
+ActiveSupport.on_load(:action_view) do
+  ActionView::Base.default_formats ||= Mime::SET.symbols
+  ActionView::Template::Types.delegate_to Mime
+end

data/lib/action_dispatch/http/cache.rb

@@ -1,4 +1,3 @@
-require 'active_support/core_ext/object/blank'
 
 module ActionDispatch
   module Http
@@ -18,12 +17,21 @@ module ActionDispatch
           env[HTTP_IF_NONE_MATCH]
         end
 
+        def if_none_match_etags
+          (if_none_match ? if_none_match.split(/\s*,\s*/) : []).collect do |etag|
+            etag.gsub(/^\"|\"$/, "")
+          end
+        end
+
         def not_modified?(modified_at)
           if_modified_since && modified_at && if_modified_since >= modified_at
         end
 
         def etag_matches?(etag)
-          if_none_match && if_none_match == etag
+          if etag
+            etag = etag.gsub(/^\"|\"$/, "")
+            if_none_match_etags.include?(etag)
+          end
         end
 
         # Check response freshness (Last-Modified and ETag) against request
@@ -60,6 +68,20 @@ module ActionDispatch
           headers[LAST_MODIFIED] = utc_time.httpdate
         end
 
+        def date
+          if date_header = headers['Date']
+            Time.httpdate(date_header)
+          end
+        end
+
+        def date?
+          headers.include?('Date')
+        end
+
+        def date=(utc_time)
+          headers['Date'] = utc_time.httpdate
+        end
+
         def etag=(etag)
           key = ActiveSupport::Cache.expand_cache_key(etag)
           @etag = self[ETAG] = %("#{Digest::MD5.hexdigest(key)}")
@@ -70,17 +92,37 @@ module ActionDispatch
         LAST_MODIFIED = "Last-Modified".freeze
         ETAG          = "ETag".freeze
         CACHE_CONTROL = "Cache-Control".freeze
+        SPESHUL_KEYS  = %w[extras no-cache max-age public must-revalidate]
 
-        def prepare_cache_control!
-          @cache_control = {}
-          @etag = self[ETAG]
-
+        def cache_control_segments
           if cache_control = self[CACHE_CONTROL]
-            cache_control.split(/,\s*/).each do |segment|
-              first, last = segment.split("=")
-              @cache_control[first.to_sym] = last || true
+            cache_control.delete(' ').split(',')
+          else
+            []
+          end
+        end
+
+        def cache_control_headers
+          cache_control = {}
+
+          cache_control_segments.each do |segment|
+            directive, argument = segment.split('=', 2)
+
+            if SPESHUL_KEYS.include? directive
+              key = directive.tr('-', '_')
+              cache_control[key.to_sym] = argument || true
+            else
+              cache_control[:extras] ||= []
+              cache_control[:extras] << segment
             end
           end
+
+          cache_control
+        end
+
+        def prepare_cache_control!
+          @cache_control = cache_control_headers
+          @etag = self[ETAG]
         end
 
         def handle_conditional_get!
@@ -96,14 +138,24 @@ module ActionDispatch
         MUST_REVALIDATE       = "must-revalidate".freeze
 
         def set_conditional_cache_control!
-          return if self[CACHE_CONTROL].present?
+          control = {}
+          cc_headers = cache_control_headers
+          if extras = cc_headers.delete(:extras)
+            @cache_control[:extras] ||= []
+            @cache_control[:extras] += extras
+            @cache_control[:extras].uniq!
+          end
 
-          control = @cache_control
+          control.merge! cc_headers
+          control.merge! @cache_control
 
           if control.empty?
             headers[CACHE_CONTROL] = DEFAULT_CACHE_CONTROL
           elsif control[:no_cache]
             headers[CACHE_CONTROL] = NO_CACHE
+            if control[:extras]
+              headers[CACHE_CONTROL] += ", #{control[:extras].join(', ')}"
+            end
           else
             extras  = control[:extras]
             max_age = control[:max_age]

data/lib/action_dispatch/http/filter_parameters.rb

@@ -1,6 +1,6 @@
-require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/hash/keys'
 require 'active_support/core_ext/object/duplicable'
+require 'action_dispatch/http/parameter_filter'
 
 module ActionDispatch
   module Http
@@ -10,8 +10,6 @@ module ActionDispatch
     # value of the params hash and all subhashes is passed to it, the value
     # or key can be replaced using String#replace or similar method.
     #
-    # Examples:
-    #
     #   env["action_dispatch.parameter_filter"] = [:password]
     #   => replaces the value to all keys matching /password/i with "[FILTERED]"
     #
@@ -22,9 +20,17 @@ module ActionDispatch
     #     v.reverse! if k =~ /secret/i
     #   end
     #   => reverses the value to all keys matching /secret/i
-    #
     module FilterParameters
-      extend ActiveSupport::Concern
+      ENV_MATCH = [/RAW_POST_DATA/, "rack.request.form_vars"] # :nodoc:
+      NULL_PARAM_FILTER = ParameterFilter.new # :nodoc:
+      NULL_ENV_FILTER   = ParameterFilter.new ENV_MATCH # :nodoc:
+
+      def initialize(env)
+        super
+        @filtered_parameters = nil
+        @filtered_env        = nil
+        @filtered_path       = nil
+      end
 
       # Return a hash of parameters with all sensitive data replaced.
       def filtered_parameters
@@ -44,11 +50,16 @@ module ActionDispatch
     protected
 
       def parameter_filter
-        parameter_filter_for(@env["action_dispatch.parameter_filter"])
+        parameter_filter_for @env.fetch("action_dispatch.parameter_filter") {
+          return NULL_PARAM_FILTER
+        }
       end
 
       def env_filter
-        parameter_filter_for(Array.wrap(@env["action_dispatch.parameter_filter"]) << /RAW_POST_DATA/)
+        user_key = @env.fetch("action_dispatch.parameter_filter") {
+          return NULL_ENV_FILTER
+        }
+        parameter_filter_for(Array(user_key) + ENV_MATCH)
       end
 
       def parameter_filter_for(filters)
@@ -62,7 +73,6 @@ module ActionDispatch
           parameter_filter.filter([[$1, $2]]).first.join("=")
         end
       end
-
     end
   end
 end

data/lib/action_dispatch/http/filter_redirect.rb

@@ -0,0 +1,37 @@
+module ActionDispatch
+  module Http
+    module FilterRedirect
+
+      FILTERED = '[FILTERED]'.freeze # :nodoc:
+
+      def filtered_location
+        if !location_filter.empty? && location_filter_match?
+          FILTERED
+        else
+          location
+        end
+      end
+
+    private
+
+      def location_filter
+        if request.present?
+          request.env['action_dispatch.redirect_filter'] || []
+        else
+          []
+        end
+      end
+
+      def location_filter_match?
+        location_filter.any? do |filter|
+          if String === filter
+            location.include?(filter)
+          elsif Regexp === filter
+            location.match(filter)
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/action_dispatch/http/headers.rb

@@ -1,31 +1,39 @@
 module ActionDispatch
   module Http
-    class Headers < ::Hash
-      @@env_cache = Hash.new { |h,k| h[k] = "HTTP_#{k.upcase.gsub(/-/, '_')}" }
+    class Headers
+      include Enumerable
 
-      def initialize(*args)
-
-        if args.size == 1 && args[0].is_a?(Hash)
-          super()
-          update(args[0])
-        else
-          super
-        end
+      def initialize(env = {})
+        @headers = env
       end
 
       def [](header_name)
-        if include?(header_name)
-          super
-        else
-          super(env_name(header_name))
-        end
+        @headers[env_name(header_name)]
+      end
+
+      def []=(k,v); @headers[k] = v; end
+      def key?(k); @headers.key? k; end
+      alias :include? :key?
+
+      def fetch(header_name, *args, &block)
+        @headers.fetch env_name(header_name), *args, &block
+      end
+
+      def each(&block)
+        @headers.each(&block)
       end
 
       private
-        # Converts a HTTP header name to an environment variable name.
-        def env_name(header_name)
-          @@env_cache[header_name]
-        end
+
+      # Converts a HTTP header name to an environment variable name if it is
+      # not contained within the headers hash.
+      def env_name(header_name)
+        @headers.include?(header_name) ? header_name : cgi_name(header_name)
+      end
+
+      def cgi_name(k)
+        "HTTP_#{k.upcase.gsub(/-/, '_')}"
+      end
     end
   end
 end

data/lib/action_dispatch/http/mime_negotiation.rb

@@ -1,3 +1,5 @@
+require 'active_support/core_ext/module/attribute_accessors'
+
 module ActionDispatch
   module Http
     module MimeNegotiation
@@ -66,7 +68,7 @@ module ActionDispatch
       # that are not controlled by the extension.
       #
       #   class ApplicationController < ActionController::Base
-      #     before_filter :adjust_format_for_iphone
+      #     before_action :adjust_format_for_iphone
       #
       #     private
       #       def adjust_format_for_iphone
@@ -78,6 +80,27 @@ module ActionDispatch
         @env["action_dispatch.request.formats"] = [Mime::Type.lookup_by_extension(parameters[:format])]
       end
 
+      # Sets the \formats by string extensions. This differs from #format= by allowing you
+      # to set multiple, ordered formats, which is useful when you want to have a fallback.
+      #
+      # In this example, the :iphone format will be used if it's available, otherwise it'll fallback
+      # to the :html format.
+      #
+      #   class ApplicationController < ActionController::Base
+      #     before_action :adjust_format_for_iphone_with_html_fallback
+      #
+      #     private
+      #       def adjust_format_for_iphone_with_html_fallback
+      #         request.formats = [ :iphone, :html ] if request.env["HTTP_USER_AGENT"][/iPhone/]
+      #       end
+      #   end
+      def formats=(extensions)
+        parameters[:format] = extensions.first.to_s
+        @env["action_dispatch.request.formats"] = extensions.collect do |extension|
+          Mime::Type.lookup_by_extension(extension)
+        end
+      end
+
       # Receives an array of mimes and return the first user sent mime that
       # matches the order array.
       #
@@ -98,7 +121,7 @@ module ActionDispatch
       BROWSER_LIKE_ACCEPTS = /,\s*\*\/\*|\*\/\*\s*,/
 
       def valid_accept_header
-        (xhr? && (accept.present? || content_mime_type)) ||
+        (xhr? && (accept || content_mime_type)) ||
           (accept.present? && accept !~ BROWSER_LIKE_ACCEPTS)
       end