RubyGems - actionpack - Versions diffs - 3.2.22.5 → 5.2.4 - Mend

actionpack 3.2.22.5 → 5.2.4

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (271) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +279 -603
data/MIT-LICENSE +1 -1
data/README.rdoc +13 -297
data/lib/abstract_controller/asset_paths.rb +4 -2
data/lib/abstract_controller/base.rb +82 -52
data/lib/abstract_controller/caching/fragments.rb +166 -0
data/lib/abstract_controller/caching.rb +66 -0
data/lib/abstract_controller/callbacks.rb +117 -103
data/lib/abstract_controller/collector.rb +18 -7
data/lib/abstract_controller/error.rb +6 -0
data/lib/abstract_controller/helpers.rb +65 -38
data/lib/abstract_controller/logger.rb +3 -2
data/lib/abstract_controller/railties/routes_helpers.rb +5 -3
data/lib/abstract_controller/rendering.rb +77 -129
data/lib/abstract_controller/translation.rb +21 -3
data/lib/abstract_controller/url_for.rb +9 -7
data/lib/abstract_controller.rb +12 -13
data/lib/action_controller/api/api_rendering.rb +16 -0
data/lib/action_controller/api.rb +149 -0
data/lib/action_controller/base.rb +81 -40
data/lib/action_controller/caching.rb +22 -62
data/lib/action_controller/form_builder.rb +50 -0
data/lib/action_controller/log_subscriber.rb +30 -18
data/lib/action_controller/metal/basic_implicit_render.rb +13 -0
data/lib/action_controller/metal/conditional_get.rb +190 -47
data/lib/action_controller/metal/content_security_policy.rb +52 -0
data/lib/action_controller/metal/cookies.rb +3 -3
data/lib/action_controller/metal/data_streaming.rb +40 -65
data/lib/action_controller/metal/etag_with_flash.rb +18 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +57 -0
data/lib/action_controller/metal/exceptions.rb +19 -12
data/lib/action_controller/metal/flash.rb +42 -9
data/lib/action_controller/metal/force_ssl.rb +79 -19
data/lib/action_controller/metal/head.rb +35 -10
data/lib/action_controller/metal/helpers.rb +31 -21
data/lib/action_controller/metal/http_authentication.rb +182 -134
data/lib/action_controller/metal/implicit_render.rb +62 -8
data/lib/action_controller/metal/instrumentation.rb +28 -26
data/lib/action_controller/metal/live.rb +312 -0
data/lib/action_controller/metal/mime_responds.rb +159 -163
data/lib/action_controller/metal/parameter_encoding.rb +51 -0
data/lib/action_controller/metal/params_wrapper.rb +146 -93
data/lib/action_controller/metal/redirecting.rb +80 -56
data/lib/action_controller/metal/renderers.rb +119 -47
data/lib/action_controller/metal/rendering.rb +89 -32
data/lib/action_controller/metal/request_forgery_protection.rb +373 -41
data/lib/action_controller/metal/rescue.rb +9 -16
data/lib/action_controller/metal/streaming.rb +39 -45
data/lib/action_controller/metal/strong_parameters.rb +1086 -0
data/lib/action_controller/metal/testing.rb +8 -29
data/lib/action_controller/metal/url_for.rb +43 -32
data/lib/action_controller/metal.rb +112 -106
data/lib/action_controller/railtie.rb +56 -18
data/lib/action_controller/railties/helpers.rb +24 -0
data/lib/action_controller/renderer.rb +117 -0
data/lib/action_controller/template_assertions.rb +11 -0
data/lib/action_controller/test_case.rb +402 -347
data/lib/action_controller.rb +31 -30
data/lib/action_dispatch/http/cache.rb +133 -34
data/lib/action_dispatch/http/content_security_policy.rb +272 -0
data/lib/action_dispatch/http/filter_parameters.rb +40 -24
data/lib/action_dispatch/http/filter_redirect.rb +37 -0
data/lib/action_dispatch/http/headers.rb +117 -16
data/lib/action_dispatch/http/mime_negotiation.rb +98 -33
data/lib/action_dispatch/http/mime_type.rb +198 -146
data/lib/action_dispatch/http/mime_types.rb +22 -7
data/lib/action_dispatch/http/parameter_filter.rb +61 -49
data/lib/action_dispatch/http/parameters.rb +94 -51
data/lib/action_dispatch/http/rack_cache.rb +4 -3
data/lib/action_dispatch/http/request.rb +262 -117
data/lib/action_dispatch/http/response.rb +400 -86
data/lib/action_dispatch/http/upload.rb +66 -29
data/lib/action_dispatch/http/url.rb +232 -60
data/lib/action_dispatch/journey/formatter.rb +189 -0
data/lib/action_dispatch/journey/gtg/builder.rb +164 -0
data/lib/action_dispatch/journey/gtg/simulator.rb +41 -0
data/lib/action_dispatch/journey/gtg/transition_table.rb +158 -0
data/lib/action_dispatch/journey/nfa/builder.rb +78 -0
data/lib/action_dispatch/journey/nfa/dot.rb +36 -0
data/lib/action_dispatch/journey/nfa/simulator.rb +49 -0
data/lib/action_dispatch/journey/nfa/transition_table.rb +120 -0
data/lib/action_dispatch/journey/nodes/node.rb +140 -0
data/lib/action_dispatch/journey/parser.rb +199 -0
data/lib/action_dispatch/journey/parser.y +50 -0
data/lib/action_dispatch/journey/parser_extras.rb +31 -0
data/lib/action_dispatch/journey/path/pattern.rb +199 -0
data/lib/action_dispatch/journey/route.rb +203 -0
data/lib/action_dispatch/journey/router/utils.rb +102 -0
data/lib/action_dispatch/journey/router.rb +156 -0
data/lib/action_dispatch/journey/routes.rb +82 -0
data/lib/action_dispatch/journey/scanner.rb +64 -0
data/lib/action_dispatch/journey/visitors.rb +268 -0
data/lib/action_dispatch/journey/visualizer/fsm.css +30 -0
data/lib/action_dispatch/journey/visualizer/fsm.js +134 -0
data/lib/action_dispatch/journey/visualizer/index.html.erb +52 -0
data/lib/action_dispatch/journey.rb +7 -0
data/lib/action_dispatch/middleware/callbacks.rb +17 -13
data/lib/action_dispatch/middleware/cookies.rb +494 -162
data/lib/action_dispatch/middleware/debug_exceptions.rb +176 -53
data/lib/action_dispatch/middleware/debug_locks.rb +124 -0
data/lib/action_dispatch/middleware/exception_wrapper.rb +103 -38
data/lib/action_dispatch/middleware/executor.rb +21 -0
data/lib/action_dispatch/middleware/flash.rb +128 -91
data/lib/action_dispatch/middleware/public_exceptions.rb +43 -16
data/lib/action_dispatch/middleware/reloader.rb +6 -83
data/lib/action_dispatch/middleware/remote_ip.rb +151 -49
data/lib/action_dispatch/middleware/request_id.rb +19 -15
data/lib/action_dispatch/middleware/session/abstract_store.rb +38 -34
data/lib/action_dispatch/middleware/session/cache_store.rb +14 -9
data/lib/action_dispatch/middleware/session/cookie_store.rb +94 -44
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +15 -4
data/lib/action_dispatch/middleware/show_exceptions.rb +36 -61
data/lib/action_dispatch/middleware/ssl.rb +150 -0
data/lib/action_dispatch/middleware/stack.rb +33 -41
data/lib/action_dispatch/middleware/static.rb +92 -48
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +22 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +23 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +27 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +52 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +16 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +21 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +13 -0
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +134 -5
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +11 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +32 -0
data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb +11 -0
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +20 -0
data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +7 -0
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +6 -0
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +16 -0
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +200 -0
data/lib/action_dispatch/railtie.rb +29 -8
data/lib/action_dispatch/request/session.rb +234 -0
data/lib/action_dispatch/request/utils.rb +78 -0
data/lib/action_dispatch/routing/endpoint.rb +17 -0
data/lib/action_dispatch/routing/inspector.rb +225 -0
data/lib/action_dispatch/routing/mapper.rb +1329 -582
data/lib/action_dispatch/routing/polymorphic_routes.rb +237 -94
data/lib/action_dispatch/routing/redirection.rb +120 -50
data/lib/action_dispatch/routing/route_set.rb +545 -322
data/lib/action_dispatch/routing/routes_proxy.rb +37 -7
data/lib/action_dispatch/routing/url_for.rb +103 -34
data/lib/action_dispatch/routing.rb +66 -99
data/lib/action_dispatch/system_test_case.rb +147 -0
data/lib/action_dispatch/system_testing/browser.rb +49 -0
data/lib/action_dispatch/system_testing/driver.rb +59 -0
data/lib/action_dispatch/system_testing/server.rb +31 -0
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +96 -0
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +31 -0
data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb +26 -0
data/lib/action_dispatch/testing/assertion_response.rb +47 -0
data/lib/action_dispatch/testing/assertions/response.rb +53 -42
data/lib/action_dispatch/testing/assertions/routing.rb +79 -74
data/lib/action_dispatch/testing/assertions.rb +15 -9
data/lib/action_dispatch/testing/integration.rb +361 -207
data/lib/action_dispatch/testing/request_encoder.rb +55 -0
data/lib/action_dispatch/testing/test_process.rb +28 -19
data/lib/action_dispatch/testing/test_request.rb +30 -33
data/lib/action_dispatch/testing/test_response.rb +35 -11
data/lib/action_dispatch.rb +42 -32
data/lib/action_pack/gem_version.rb +17 -0
data/lib/action_pack/version.rb +7 -7
data/lib/action_pack.rb +4 -2
metadata +116 -175
data/lib/abstract_controller/layouts.rb +0 -423
data/lib/abstract_controller/view_paths.rb +0 -96
data/lib/action_controller/caching/actions.rb +0 -185
data/lib/action_controller/caching/fragments.rb +0 -127
data/lib/action_controller/caching/pages.rb +0 -187
data/lib/action_controller/caching/sweeping.rb +0 -97
data/lib/action_controller/deprecated/integration_test.rb +0 -2
data/lib/action_controller/deprecated/performance_test.rb +0 -1
data/lib/action_controller/deprecated.rb +0 -3
data/lib/action_controller/metal/compatibility.rb +0 -65
data/lib/action_controller/metal/hide_actions.rb +0 -41
data/lib/action_controller/metal/rack_delegation.rb +0 -26
data/lib/action_controller/metal/responder.rb +0 -286
data/lib/action_controller/metal/session_management.rb +0 -14
data/lib/action_controller/middleware.rb +0 -39
data/lib/action_controller/railties/paths.rb +0 -25
data/lib/action_controller/record_identifier.rb +0 -85
data/lib/action_controller/vendor/html-scanner/html/document.rb +0 -68
data/lib/action_controller/vendor/html-scanner/html/node.rb +0 -532
data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +0 -177
data/lib/action_controller/vendor/html-scanner/html/selector.rb +0 -830
data/lib/action_controller/vendor/html-scanner/html/tokenizer.rb +0 -107
data/lib/action_controller/vendor/html-scanner/html/version.rb +0 -11
data/lib/action_controller/vendor/html-scanner.rb +0 -20
data/lib/action_dispatch/middleware/best_standards_support.rb +0 -30
data/lib/action_dispatch/middleware/body_proxy.rb +0 -30
data/lib/action_dispatch/middleware/head.rb +0 -18
data/lib/action_dispatch/middleware/params_parser.rb +0 -75
data/lib/action_dispatch/middleware/rescue.rb +0 -26
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb +0 -31
data/lib/action_dispatch/middleware/templates/rescues/_trace.erb +0 -26
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb +0 -10
data/lib/action_dispatch/middleware/templates/rescues/missing_template.erb +0 -2
data/lib/action_dispatch/middleware/templates/rescues/routing_error.erb +0 -15
data/lib/action_dispatch/middleware/templates/rescues/template_error.erb +0 -17
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.erb +0 -2
data/lib/action_dispatch/testing/assertions/dom.rb +0 -37
data/lib/action_dispatch/testing/assertions/selector.rb +0 -435
data/lib/action_dispatch/testing/assertions/tag.rb +0 -138
data/lib/action_dispatch/testing/performance_test.rb +0 -10
data/lib/action_view/asset_paths.rb +0 -142
data/lib/action_view/base.rb +0 -220
data/lib/action_view/buffers.rb +0 -43
data/lib/action_view/context.rb +0 -36
data/lib/action_view/flows.rb +0 -79
data/lib/action_view/helpers/active_model_helper.rb +0 -50
data/lib/action_view/helpers/asset_paths.rb +0 -7
data/lib/action_view/helpers/asset_tag_helper.rb +0 -457
data/lib/action_view/helpers/asset_tag_helpers/asset_include_tag.rb +0 -146
data/lib/action_view/helpers/asset_tag_helpers/asset_paths.rb +0 -93
data/lib/action_view/helpers/asset_tag_helpers/javascript_tag_helpers.rb +0 -193
data/lib/action_view/helpers/asset_tag_helpers/stylesheet_tag_helpers.rb +0 -148
data/lib/action_view/helpers/atom_feed_helper.rb +0 -200
data/lib/action_view/helpers/cache_helper.rb +0 -64
data/lib/action_view/helpers/capture_helper.rb +0 -203
data/lib/action_view/helpers/controller_helper.rb +0 -25
data/lib/action_view/helpers/csrf_helper.rb +0 -32
data/lib/action_view/helpers/date_helper.rb +0 -1062
data/lib/action_view/helpers/debug_helper.rb +0 -40
data/lib/action_view/helpers/form_helper.rb +0 -1486
data/lib/action_view/helpers/form_options_helper.rb +0 -658
data/lib/action_view/helpers/form_tag_helper.rb +0 -685
data/lib/action_view/helpers/javascript_helper.rb +0 -110
data/lib/action_view/helpers/number_helper.rb +0 -622
data/lib/action_view/helpers/output_safety_helper.rb +0 -38
data/lib/action_view/helpers/record_tag_helper.rb +0 -111
data/lib/action_view/helpers/rendering_helper.rb +0 -92
data/lib/action_view/helpers/sanitize_helper.rb +0 -259
data/lib/action_view/helpers/tag_helper.rb +0 -167
data/lib/action_view/helpers/text_helper.rb +0 -426
data/lib/action_view/helpers/translation_helper.rb +0 -91
data/lib/action_view/helpers/url_helper.rb +0 -693
data/lib/action_view/helpers.rb +0 -60
data/lib/action_view/locale/en.yml +0 -160
data/lib/action_view/log_subscriber.rb +0 -28
data/lib/action_view/lookup_context.rb +0 -258
data/lib/action_view/path_set.rb +0 -101
data/lib/action_view/railtie.rb +0 -55
data/lib/action_view/renderer/abstract_renderer.rb +0 -41
data/lib/action_view/renderer/partial_renderer.rb +0 -415
data/lib/action_view/renderer/renderer.rb +0 -61
data/lib/action_view/renderer/streaming_template_renderer.rb +0 -106
data/lib/action_view/renderer/template_renderer.rb +0 -95
data/lib/action_view/template/error.rb +0 -128
data/lib/action_view/template/handlers/builder.rb +0 -26
data/lib/action_view/template/handlers/erb.rb +0 -125
data/lib/action_view/template/handlers.rb +0 -50
data/lib/action_view/template/resolver.rb +0 -298
data/lib/action_view/template/text.rb +0 -30
data/lib/action_view/template.rb +0 -337
data/lib/action_view/test_case.rb +0 -246
data/lib/action_view/testing/resolvers.rb +0 -49
data/lib/action_view.rb +0 -84
data/lib/sprockets/assets.rake +0 -99
data/lib/sprockets/bootstrap.rb +0 -37
data/lib/sprockets/compressors.rb +0 -83
data/lib/sprockets/helpers/isolated_helper.rb +0 -13
data/lib/sprockets/helpers/rails_helper.rb +0 -182
data/lib/sprockets/helpers.rb +0 -6
data/lib/sprockets/railtie.rb +0 -62
data/lib/sprockets/static_compiler.rb +0 -56

data/lib/action_dispatch/http/mime_type.rb CHANGED Viewed

@@ -1,22 +1,34 @@
-require 'set'
-require 'active_support/core_ext/class/attribute_accessors'
-require 'active_support/core_ext/object/blank'
+# frozen_string_literal: true
+# -*- frozen-string-literal: true -*-
+require "singleton"
+require "active_support/core_ext/string/starts_ends_with"
 module Mime
-  class Mimes < Array
-    def symbols
-      @symbols ||= map {|m| m.to_sym }
+  class Mimes
+    include Enumerable
+    def initialize
+      @mimes = []
+      @symbols = nil
     end
-    %w(<< concat shift unshift push pop []= clear compact! collect!
-    delete delete_at delete_if flatten! map! insert reject! reverse!
-    replace slice! sort! uniq!).each do |method|
-      module_eval <<-CODE, __FILE__, __LINE__ + 1
-        def #{method}(*)
-          @symbols = nil
-          super
-        end
-      CODE
+    def each
+      @mimes.each { |x| yield x }
+    end
+    def <<(type)
+      @mimes << type
+      @symbols = nil
+    end
+    def delete_if
+      @mimes.delete_if { |x| yield x }.tap { @symbols = nil }
+    end
+    def symbols
+      @symbols ||= map(&:to_sym)
     end
   end
@@ -24,12 +36,19 @@ module Mime
   EXTENSION_LOOKUP = {}
   LOOKUP           = {}
-  def self.[](type)
-    return type if type.is_a?(Type)
-    Type.lookup_by_extension(type.to_s)
+  class << self
+    def [](type)
+      return type if type.is_a?(Type)
+      Type.lookup_by_extension(type)
+    end
+    def fetch(type)
+      return type if type.is_a?(Type)
+      EXTENSION_LOOKUP.fetch(type.to_s) { |k| yield k }
+    end
   end
-  # Encapsulates the notion of a mime type. Can be used at render time, for example, with:
+  # Encapsulates the notion of a MIME type. Can be used at render time, for example, with:
   #
   #   class PostsController < ActionController::Base
   #     def show
@@ -37,52 +56,90 @@ module Mime
   #
   #       respond_to do |format|
   #         format.html
-  #         format.ics { render :text => post.to_ics, :mime_type => Mime::Type["text/calendar"]  }
-  #         format.xml { render :xml => @people.to_xml }
+  #         format.ics { render body: @post.to_ics, mime_type: Mime::Type.lookup("text/calendar")  }
+  #         format.xml { render xml: @post }
   #       end
   #     end
   #   end
   class Type
-    @@html_types = Set.new [:html, :all]
-    cattr_reader :html_types
-    # These are the content types which browsers can generate without using ajax, flash, etc
-    # i.e. following a link, getting an image or posting a form. CSRF protection
-    # only needs to protect against these types.
-    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
-    cattr_reader :browser_generated_types
     attr_reader :symbol
-    # A simple helper class used in parsing the accept header
+    @register_callbacks = []
+    # A simple helper class used in parsing the accept header.
     class AcceptItem #:nodoc:
-      attr_accessor :order, :name, :q
+      attr_accessor :index, :name, :q
+      alias :to_s :name
-      def initialize(order, name, q=nil)
-        @order = order
-        @name = name.strip
-        q ||= 0.0 if @name == Mime::ALL # default wildcard match to end of list
+      def initialize(index, name, q = nil)
+        @index = index
+        @name = name
+        q ||= 0.0 if @name == "*/*".freeze # Default wildcard match to end of list.
         @q = ((q || 1.0).to_f * 100).to_i
       end
-      def to_s
-        @name
-      end
       def <=>(item)
-        result = item.q <=> q
-        result = order <=> item.order if result == 0
+        result = item.q <=> @q
+        result = @index <=> item.index if result == 0
         result
       end
+    end
-      def ==(item)
-        name == (item.respond_to?(:name) ? item.name : item)
+    class AcceptList #:nodoc:
+      def self.sort!(list)
+        list.sort!
+        text_xml_idx = find_item_by_name list, "text/xml"
+        app_xml_idx = find_item_by_name list, Mime[:xml].to_s
+        # Take care of the broken text/xml entry by renaming or deleting it.
+        if text_xml_idx && app_xml_idx
+          app_xml = list[app_xml_idx]
+          text_xml = list[text_xml_idx]
+          app_xml.q = [text_xml.q, app_xml.q].max # Set the q value to the max of the two.
+          if app_xml_idx > text_xml_idx  # Make sure app_xml is ahead of text_xml in the list.
+            list[app_xml_idx], list[text_xml_idx] = text_xml, app_xml
+            app_xml_idx, text_xml_idx = text_xml_idx, app_xml_idx
+          end
+          list.delete_at(text_xml_idx)  # Delete text_xml from the list.
+        elsif text_xml_idx
+          list[text_xml_idx].name = Mime[:xml].to_s
+        end
+        # Look for more specific XML-based types and sort them ahead of app/xml.
+        if app_xml_idx
+          app_xml = list[app_xml_idx]
+          idx = app_xml_idx
+          while idx < list.length
+            type = list[idx]
+            break if type.q < app_xml.q
+            if type.name.ends_with? "+xml"
+              list[app_xml_idx], list[idx] = list[idx], app_xml
+              app_xml_idx = idx
+            end
+            idx += 1
+          end
+        end
+        list.map! { |i| Mime::Type.lookup(i.name) }.uniq!
+        list
+      end
+      def self.find_item_by_name(array, name)
+        array.index { |item| item.name == name }
       end
     end
     class << self
+      TRAILING_STAR_REGEXP = /^(text|application)\/\*/
+      PARAMETER_SEPARATOR_REGEXP = /;\s*\w+="?\w+"?/
-      TRAILING_STAR_REGEXP = /(text|application)\/\*/
-      Q_SEPARATOR_REGEXP = /;\s*q=/
+      def register_callback(&block)
+        @register_callbacks << block
+      end
       def lookup(string)
         LOOKUP[string] || Type.new(string)
@@ -92,115 +149,75 @@ module Mime
         EXTENSION_LOOKUP[extension.to_s]
       end
-      # Registers an alias that's not used on mime type lookup, but can be referenced directly. Especially useful for
+      # Registers an alias that's not used on MIME type lookup, but can be referenced directly. Especially useful for
       # rendering different HTML versions depending on the user agent, like an iPhone.
       def register_alias(string, symbol, extension_synonyms = [])
         register(string, symbol, [], extension_synonyms, true)
       end
       def register(string, symbol, mime_type_synonyms = [], extension_synonyms = [], skip_lookup = false)
-        Mime.const_set(symbol.to_s.upcase, Type.new(string, symbol, mime_type_synonyms))
+        new_mime = Type.new(string, symbol, mime_type_synonyms)
-        SET << Mime.const_get(symbol.to_s.upcase)
+        SET << new_mime
-        ([string] + mime_type_synonyms).each { |str| LOOKUP[str] = SET.last } unless skip_lookup
-        ([symbol] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext.to_s] = SET.last }
+        ([string] + mime_type_synonyms).each { |str| LOOKUP[str] = new_mime } unless skip_lookup
+        ([symbol] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext.to_s] = new_mime }
+        @register_callbacks.each do |callback|
+          callback.call(new_mime)
+        end
+        new_mime
       end
       def parse(accept_header)
-        if accept_header !~ /,/
-          accept_header = accept_header.split(Q_SEPARATOR_REGEXP).first
-          if accept_header =~ TRAILING_STAR_REGEXP
-            parse_data_with_trailing_star($1)
-          else
-            [Mime::Type.lookup(accept_header)]
-          end
+        if !accept_header.include?(",")
+          accept_header = accept_header.split(PARAMETER_SEPARATOR_REGEXP).first
+          parse_trailing_star(accept_header) || [Mime::Type.lookup(accept_header)].compact
         else
-          # keep track of creation order to keep the subsequent sort stable
           list, index = [], 0
-          accept_header.split(/,/).each do |header|
-            params, q = header.split(Q_SEPARATOR_REGEXP)
-            if params.present?
-              params.strip!
-              if params =~ TRAILING_STAR_REGEXP
-                parse_data_with_trailing_star($1).each do |m|
-                  list << AcceptItem.new(index, m.to_s, q)
-                  index += 1
-                end
-              else
-                list << AcceptItem.new(index, params, q)
-                index += 1
-              end
-            end
-          end
-          list.sort!
-          # Take care of the broken text/xml entry by renaming or deleting it
-          text_xml = list.index("text/xml")
-          app_xml = list.index(Mime::XML.to_s)
-          if text_xml && app_xml
-            # set the q value to the max of the two
-            list[app_xml].q = [list[text_xml].q, list[app_xml].q].max
-            # make sure app_xml is ahead of text_xml in the list
-            if app_xml > text_xml
-              list[app_xml], list[text_xml] = list[text_xml], list[app_xml]
-              app_xml, text_xml = text_xml, app_xml
-            end
+          accept_header.split(",").each do |header|
+            params, q = header.split(PARAMETER_SEPARATOR_REGEXP)
-            # delete text_xml from the list
-            list.delete_at(text_xml)
+            next unless params
+            params.strip!
+            next if params.empty?
-          elsif text_xml
-            list[text_xml].name = Mime::XML.to_s
-          end
-          # Look for more specific XML-based types and sort them ahead of app/xml
-          if app_xml
-            idx = app_xml
-            app_xml_type = list[app_xml]
+            params = parse_trailing_star(params) || [params]
-            while(idx < list.length)
-              type = list[idx]
-              break if type.q < app_xml_type.q
-              if type.name =~ /\+xml$/
-                list[app_xml], list[idx] = list[idx], list[app_xml]
-                app_xml = idx
-              end
-              idx += 1
+            params.each do |m|
+              list << AcceptItem.new(index, m.to_s, q)
+              index += 1
             end
           end
-          list.map! { |i| Mime::Type.lookup(i.name) }.uniq!
-          list
+          AcceptList.sort! list
         end
       end
-      # input: 'text'
-      # returned value:  [Mime::JSON, Mime::XML, Mime::ICS, Mime::HTML, Mime::CSS, Mime::CSV, Mime::JS, Mime::YAML, Mime::TEXT]
+      def parse_trailing_star(accept_header)
+        parse_data_with_trailing_star($1) if accept_header =~ TRAILING_STAR_REGEXP
+      end
+      # For an input of <tt>'text'</tt>, returns <tt>[Mime[:json], Mime[:xml], Mime[:ics],
+      # Mime[:html], Mime[:css], Mime[:csv], Mime[:js], Mime[:yaml], Mime[:text]</tt>.
       #
-      # input: 'application'
-      # returned value: [Mime::HTML, Mime::JS, Mime::XML, Mime::YAML, Mime::ATOM, Mime::JSON, Mime::RSS, Mime::URL_ENCODED_FORM]
-      def parse_data_with_trailing_star(input)
-        Mime::SET.select { |m| m =~ input }
+      # For an input of <tt>'application'</tt>, returns <tt>[Mime[:html], Mime[:js],
+      # Mime[:xml], Mime[:yaml], Mime[:atom], Mime[:json], Mime[:rss], Mime[:url_encoded_form]</tt>.
+      def parse_data_with_trailing_star(type)
+        Mime::SET.select { |m| m =~ type }
       end
       # This method is opposite of register method.
       #
-      # Usage:
+      # To unregister a MIME type:
       #
-      # Mime::Type.unregister(:mobile)
+      #   Mime::Type.unregister(:mobile)
       def unregister(symbol)
-        symbol = symbol.to_s.upcase
-        mime = Mime.const_get(symbol)
-        Mime.instance_eval { remove_const(symbol) }
-        SET.delete_if { |v| v.eql?(mime) }
-        LOOKUP.delete_if { |k,v| v.eql?(mime) }
-        EXTENSION_LOOKUP.delete_if { |k,v| v.eql?(mime) }
+        symbol = symbol.downcase
+        if mime = Mime[symbol]
+          SET.delete_if { |v| v.eql?(mime) }
+          LOOKUP.delete_if { |_, v| v.eql?(mime) }
+          EXTENSION_LOOKUP.delete_if { |_, v| v.eql?(mime) }
+        end
       end
     end
@@ -225,7 +242,7 @@ module Mime
     end
     def ref
-      to_sym || to_s
+      symbol || to_s
     end
     def ===(list)
@@ -237,7 +254,7 @@ module Mime
     end
     def ==(mime_type)
-      return false if mime_type.blank?
+      return false unless mime_type
       (@synonyms + [ self ]).any? do |synonym|
         synonym.to_s == mime_type.to_s || synonym.to_sym == mime_type.to_sym
       end
@@ -251,40 +268,75 @@ module Mime
     end
     def =~(mime_type)
-      return false if mime_type.blank?
+      return false unless mime_type
       regexp = Regexp.new(Regexp.quote(mime_type.to_s))
-      (@synonyms + [ self ]).any? do |synonym|
-        synonym.to_s =~ regexp
-      end
-    end
-    # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See
-    # ActionController::RequestForgeryProtection.
-    def verify_request?
-      @@browser_generated_types.include?(to_sym)
+      @synonyms.any? { |synonym| synonym.to_s =~ regexp } || @string =~ regexp
     end
     def html?
-      @@html_types.include?(to_sym) || @string =~ /html/
+      symbol == :html || @string =~ /html/
     end
-    def respond_to?(method, include_private = false) #:nodoc:
-      super || method.to_s =~ /(\w+)\?$/
-    end
+    def all?; false; end
+    # TODO Change this to private once we've dropped Ruby 2.2 support.
+    # Workaround for Ruby 2.2 "private attribute?" warning.
     protected
-    attr_reader :string, :synonyms
+      attr_reader :string, :synonyms
     private
+      def to_ary; end
+      def to_a; end
       def method_missing(method, *args)
-        if method.to_s =~ /(\w+)\?$/
-          $1.downcase.to_sym == to_sym
+        if method.to_s.ends_with? "?"
+          method[0..-2].downcase.to_sym == to_sym
         else
           super
         end
       end
+      def respond_to_missing?(method, include_private = false)
+        (method.to_s.ends_with? "?") || super
+      end
+  end
+  class AllType < Type
+    include Singleton
+    def initialize
+      super "*/*", :all
+    end
+    def all?; true; end
+    def html?; true; end
+  end
+  # ALL isn't a real MIME type, so we don't register it for lookup with the
+  # other concrete types. It's a wildcard match that we use for `respond_to`
+  # negotiation internals.
+  ALL = AllType.instance
+  class NullType
+    include Singleton
+    def nil?
+      true
+    end
+    def ref; end
+    private
+      def respond_to_missing?(method, _)
+        method.to_s.ends_with? "?"
+      end
+      def method_missing(method, *args)
+        false if method.to_s.ends_with? "?"
+      end
   end
 end
-require 'action_dispatch/http/mime_types'
+require "action_dispatch/http/mime_types"

data/lib/action_dispatch/http/mime_types.rb CHANGED Viewed

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
 # Build list of Mime types for HTTP responses
-# http://www.iana.org/assignments/media-types/
+# https://www.iana.org/assignments/media-types/
 Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml )
 Mime::Type.register "text/plain", :text, [], %w(txt)
@@ -7,29 +9,42 @@ Mime::Type.register "text/javascript", :js, %w( application/javascript applicati
 Mime::Type.register "text/css", :css
 Mime::Type.register "text/calendar", :ics
 Mime::Type.register "text/csv", :csv
+Mime::Type.register "text/vcard", :vcf
+Mime::Type.register "text/vtt", :vtt, %w(vtt)
 Mime::Type.register "image/png", :png, [], %w(png)
-Mime::Type.register "image/jpeg", :jpeg, [], %w(jpg jpeg jpe)
+Mime::Type.register "image/jpeg", :jpeg, [], %w(jpg jpeg jpe pjpeg)
 Mime::Type.register "image/gif", :gif, [], %w(gif)
 Mime::Type.register "image/bmp", :bmp, [], %w(bmp)
 Mime::Type.register "image/tiff", :tiff, [], %w(tif tiff)
+Mime::Type.register "image/svg+xml", :svg
 Mime::Type.register "video/mpeg", :mpeg, [], %w(mpg mpeg mpe)
+Mime::Type.register "audio/mpeg", :mp3, [], %w(mp1 mp2 mp3)
+Mime::Type.register "audio/ogg", :ogg, [], %w(oga ogg spx opus)
+Mime::Type.register "audio/aac", :m4a, %w( audio/mp4 ), %w(m4a mpg4 aac)
+Mime::Type.register "video/webm", :webm, [], %w(webm)
+Mime::Type.register "video/mp4", :mp4, [], %w(mp4 m4v)
+Mime::Type.register "font/otf", :otf, [], %w(otf)
+Mime::Type.register "font/ttf", :ttf, [], %w(ttf)
+Mime::Type.register "font/woff", :woff, [], %w(woff)
+Mime::Type.register "font/woff2", :woff2, [], %w(woff2)
 Mime::Type.register "application/xml", :xml, %w( text/xml application/x-xml )
 Mime::Type.register "application/rss+xml", :rss
 Mime::Type.register "application/atom+xml", :atom
-Mime::Type.register "application/x-yaml", :yaml, %w( text/yaml )
+Mime::Type.register "application/x-yaml", :yaml, %w( text/yaml ), %w(yml yaml)
 Mime::Type.register "multipart/form-data", :multipart_form
 Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form
-# http://www.ietf.org/rfc/rfc4627.txt
+# https://www.ietf.org/rfc/rfc4627.txt
 # http://www.json.org/JSONRequest.html
 Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest )
 Mime::Type.register "application/pdf", :pdf, [], %w(pdf)
 Mime::Type.register "application/zip", :zip, [], %w(zip)
-# Create Mime::ALL but do not add it to the SET.
-Mime::ALL = Mime::Type.new("*/*", :all, [])
+Mime::Type.register "application/gzip", :gzip, %w(application/x-gzip), %w(gz)

data/lib/action_dispatch/http/parameter_filter.rb CHANGED Viewed

@@ -1,74 +1,86 @@
+# frozen_string_literal: true
+require "active_support/core_ext/object/duplicable"
 module ActionDispatch
   module Http
     class ParameterFilter
+      FILTERED = "[FILTERED]".freeze # :nodoc:
-      def initialize(filters)
+      def initialize(filters = [])
         @filters = filters
       end
       def filter(params)
-        if enabled?
-          compiled_filter.call(params)
-        else
-          params.dup
-        end
+        compiled_filter.call(params)
       end
     private
-      def enabled?
-        @filters.present?
+      def compiled_filter
+        @compiled_filter ||= CompiledFilter.compile(@filters)
       end
-      FILTERED = '[FILTERED]'.freeze
+      class CompiledFilter # :nodoc:
+        def self.compile(filters)
+          return lambda { |params| params.dup } if filters.empty?
-      def compiled_filter
-        @compiled_filter ||= begin
-          regexps, blocks = compile_filter
-          lambda do |original_params|
-            filtered_params = {}
-            original_params.each do |key, value|
-              if regexps.find { |r| key =~ r }
-                value = FILTERED
-              elsif value.is_a?(Hash)
-                value = filter(value)
-              elsif value.is_a?(Array)
-                value = value.map { |v| v.is_a?(Hash) ? filter(v) : v }
-              elsif blocks.present?
-                key = key.dup
-                value = value.dup if value.duplicable?
-                blocks.each { |b| b.call(key, value) }
-              end
-              filtered_params[key] = value
-            end
+          strings, regexps, blocks = [], [], []
-            filtered_params
+          filters.each do |item|
+            case item
+            when Proc
+              blocks << item
+            when Regexp
+              regexps << item
+            else
+              strings << Regexp.escape(item.to_s)
+            end
           end
+          deep_regexps, regexps = regexps.partition { |r| r.to_s.include?("\\.".freeze) }
+          deep_strings, strings = strings.partition { |s| s.include?("\\.".freeze) }
+          regexps << Regexp.new(strings.join("|".freeze), true) unless strings.empty?
+          deep_regexps << Regexp.new(deep_strings.join("|".freeze), true) unless deep_strings.empty?
+          new regexps, deep_regexps, blocks
         end
-      end
-      def compile_filter
-        strings, regexps, blocks = [], [], []
-        @filters.each do |item|
-          case item
-          when NilClass
-          when Proc
-            blocks << item
-          when Regexp
-            regexps << item
-          else
-            strings << item.to_s
-          end
+        attr_reader :regexps, :deep_regexps, :blocks
+        def initialize(regexps, deep_regexps, blocks)
+          @regexps = regexps
+          @deep_regexps = deep_regexps.any? ? deep_regexps : nil
+          @blocks = blocks
         end
-        regexps << Regexp.new(strings.join('|'), true) unless strings.empty?
-        [regexps, blocks]
-      end
+        def call(original_params, parents = [])
+          filtered_params = original_params.class.new
+          original_params.each do |key, value|
+            parents.push(key) if deep_regexps
+            if regexps.any? { |r| key =~ r }
+              value = FILTERED
+            elsif deep_regexps && (joined = parents.join(".")) && deep_regexps.any? { |r| joined =~ r }
+              value = FILTERED
+            elsif value.is_a?(Hash)
+              value = call(value, parents)
+            elsif value.is_a?(Array)
+              value = value.map { |v| v.is_a?(Hash) ? call(v, parents) : v }
+            elsif blocks.any?
+              key = key.dup if key.duplicable?
+              value = value.dup if value.duplicable?
+              blocks.each { |b| b.call(key, value) }
+            end
+            parents.pop if deep_regexps
+            filtered_params[key] = value
+          end
+          filtered_params
+        end
+      end
     end
   end
 end