actionpack 4.0.1 → 4.2.11.1

data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb

@@ -0,0 +1,23 @@
+<%
+  clean_params = @request.filtered_parameters.clone
+  clean_params.delete("action")
+  clean_params.delete("controller")
+
+  request_dump = clean_params.empty? ? 'None' : clean_params.inspect.gsub(',', ",\n")
+
+  def debug_hash(object)
+    object.to_hash.sort_by { |k, _| k.to_s }.map { |k, v| "#{k}: #{v.inspect rescue $!.message}" }.join("\n")
+  end unless self.class.method_defined?(:debug_hash)
+%>
+
+Request parameters
+<%= request_dump %>
+
+Session dump
+<%= debug_hash @request.session %>
+
+Env dump
+<%= debug_hash @request.env.slice(*@request.class::ENV_METHODS) %>
+
+Response headers
+<%= defined?(@response) ? @response.headers.inspect.gsub(',', ",\n") : 'None' %>

data/lib/action_dispatch/middleware/templates/rescues/_source.erb

@@ -1,25 +1,27 @@
-<% if @source_extract %>
-<div class="source">
-<div class="info">
-  Extracted source (around line <strong>#<%= @line_number %></strong>):
-</div>
-<div class="data">
-  <table cellpadding="0" cellspacing="0" class="lines">
-      <tr>
-        <td>
-          <pre class="line_numbers">
-            <% @source_extract.keys.each do |line_number| %>
+<% @source_extracts.each_with_index do |source_extract, index| %>
+  <% if source_extract[:code] %>
+    <div class="source <%="hidden" if @show_source_idx != index%>" id="frame-source-<%=index%>">
+      <div class="info">
+        Extracted source (around line <strong>#<%= source_extract[:line_number] %></strong>):
+      </div>
+      <div class="data">
+        <table cellpadding="0" cellspacing="0" class="lines">
+          <tr>
+            <td>
+              <pre class="line_numbers">
+                <% source_extract[:code].each_key do |line_number| %>
 <span><%= line_number -%></span>
-            <% end %>
-          </pre>
-        </td>
+                <% end %>
+              </pre>
+            </td>
 <td width="100%">
 <pre>
-<% @source_extract.each do |line, source| -%><div class="line<%= " active" if line == @line_number -%>"><%= source -%></div><% end -%>
+<% source_extract[:code].each do |line, source| -%><div class="line<%= " active" if line == source_extract[:line_number] -%>"><%= source -%></div><% end -%>
 </pre>
 </td>
-    </tr>
-  </table>
-</div>
-</div>
+          </tr>
+        </table>
+      </div>
+    </div>
+  <% end %>
 <% end %>

data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb

@@ -0,0 +1,52 @@
+<% names = @traces.keys %>
+
+<p><code>Rails.root: <%= defined?(Rails) && Rails.respond_to?(:root) ? Rails.root : "unset" %></code></p>
+
+<div id="traces">
+  <% names.each do |name| %>
+    <%
+      show = "show('#{name.gsub(/\s/, '-')}');"
+      hide = (names - [name]).collect {|hide_name| "hide('#{hide_name.gsub(/\s/, '-')}');"}
+    %>
+    <a href="#" onclick="<%= hide.join %><%= show %>; return false;"><%= name %></a> <%= '|' unless names.last == name %>
+  <% end %>
+
+  <% @traces.each do |name, trace| %>
+    <div id="<%= name.gsub(/\s/, '-') %>" style="display: <%= (name == @trace_to_show) ? 'block' : 'none' %>;">
+      <pre><code><% trace.each do |frame| %><a class="trace-frames" data-frame-id="<%= frame[:id] %>" href="#"><%= frame[:trace] %></a><br><% end %></code></pre>
+    </div>
+  <% end %>
+
+  <script type="text/javascript">
+    var traceFrames = document.getElementsByClassName('trace-frames');
+    var selectedFrame, currentSource = document.getElementById('frame-source-0');
+
+    // Add click listeners for all stack frames
+    for (var i = 0; i < traceFrames.length; i++) {
+      traceFrames[i].addEventListener('click', function(e) {
+        e.preventDefault();
+        var target = e.target;
+        var frame_id = target.dataset.frameId;
+
+        if (selectedFrame) {
+          selectedFrame.className = selectedFrame.className.replace("selected", "");
+        }
+
+        target.className += " selected";
+        selectedFrame = target;
+
+        // Change the extracted source code
+        changeSourceExtract(frame_id);
+      });
+
+      function changeSourceExtract(frame_id) {
+        var el = document.getElementById('frame-source-' + frame_id);
+        if (currentSource && el) {
+          currentSource.className += " hidden";
+          el.className = el.className.replace(" hidden", "");
+          currentSource = el;
+        }
+      }
+    }
+  </script>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb

@@ -0,0 +1,9 @@
+Rails.root: <%= defined?(Rails) && Rails.respond_to?(:root) ? Rails.root : "unset" %>
+
+<% @traces.each do |name, trace| %>
+<% if trace.any? %>
+<%= name %>
+<%= trace.map { |t| t[:trace] }.join("\n") %>
+
+<% end %>
+<% end %>

data/lib/action_dispatch/middleware/templates/rescues/{diagnostics.erb → diagnostics.html.erb}

@@ -8,7 +8,7 @@
 </header>
 
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
 
   <%= render template: "rescues/_source" %>
   <%= render template: "rescues/_trace" %>

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb

@@ -0,0 +1,9 @@
+<%= @exception.class.to_s %><%
+  if @request.parameters['controller']
+%> in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
+<% end %>
+
+<%= @exception.message %>
+<%= render template: "rescues/_source" %>
+<%= render template: "rescues/_trace" %>
+<%= render template: "rescues/_request_and_response" %>

data/lib/action_dispatch/middleware/templates/rescues/layout.erb

@@ -116,9 +116,15 @@
       background-color: #FFCCCC;
     }
 
+    .hidden {
+      display: none;
+    }
+
     a { color: #980905; }
     a:visited { color: #666; }
+    a.trace-frames { color: #666; }
     a:hover { color: #C52F24; }
+    a.trace-frames.selected { color: #C52F24 }
 
     <%= yield :style %>
   </style>

data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb

@@ -0,0 +1,11 @@
+<header>
+  <h1>Template is missing</h1>
+</header>
+
+<div id="container">
+  <h2><%= h @exception.message %></h2>
+
+  <%= render template: "rescues/_source" %>
+  <%= render template: "rescues/_trace" %>
+  <%= render template: "rescues/_request_and_response" %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb

@@ -0,0 +1,3 @@
+Template is missing
+
+<%= @exception.message %>

data/lib/action_dispatch/middleware/templates/rescues/{routing_error.erb → routing_error.html.erb}

@@ -2,7 +2,7 @@
   <h1>Routing Error</h1>
 </header>
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
   <% unless @exception.failures.empty? %>
     <p>
       <h2>Failure reasons:</h2>
@@ -27,4 +27,6 @@
 
     <%= @routes_inspector.format(ActionDispatch::Routing::HtmlTableFormatter.new(self)) %>
   <% end %>
+
+  <%= render template: "rescues/_request_and_response" %>
 </div>

data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb

@@ -0,0 +1,11 @@
+Routing Error
+
+<%= @exception.message %>
+<% unless @exception.failures.empty? %>
+Failure reasons:
+<% @exception.failures.each do |route, reason| %>
+  - <%= route.inspect.delete('\\') %></code> failed because <%= reason.downcase %>
+<% end %>
+<% end %>
+
+<%= render template: "rescues/_trace", format: :text %>

data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb

@@ -0,0 +1,20 @@
+<header>
+  <h1>
+    <%= @exception.original_exception.class.to_s %> in
+    <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
+  </h1>
+</header>
+
+<div id="container">
+  <p>
+    Showing <i><%= @exception.file_name %></i> where line <b>#<%= @exception.line_number %></b> raised:
+  </p>
+  <pre><code><%= h @exception.message %></code></pre>
+
+  <%= render template: "rescues/_source" %>
+
+  <p><%= @exception.sub_template_message %></p>
+
+  <%= render template: "rescues/_trace" %>
+  <%= render template: "rescues/_request_and_response" %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb

@@ -0,0 +1,7 @@
+<%= @exception.original_exception.class.to_s %> in <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
+
+Showing <%= @exception.file_name %> where line #<%= @exception.line_number %> raised:
+<%= @exception.message %>
+<%= @exception.sub_template_message %>
+<%= render template: "rescues/_trace", format: :text %>
+<%= render template: "rescues/_request_and_response", format: :text %>

data/lib/action_dispatch/middleware/templates/rescues/{unknown_action.erb → unknown_action.html.erb}

@@ -2,5 +2,5 @@
   <h1>Unknown action</h1>
 </header>
 <div id="container">
-  <h2><%= @exception.message %></h2>
+  <h2><%= h @exception.message %></h2>
 </div>

data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb

@@ -0,0 +1,3 @@
+Unknown action
+
+<%= @exception.message %>

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -1,24 +1,44 @@
 <% content_for :style do %>
   #route_table {
-    margin: 0 auto 0;
+    margin: 0;
     border-collapse: collapse;
   }
 
-  #route_table td {
-    padding: 0 30px;
+  #route_table thead tr {
+    border-bottom: 2px solid #ddd;
+  }
+
+  #route_table thead tr.bottom {
+    border-bottom: none;
   }
 
-  #route_table tr.bottom th {
-    padding-bottom: 10px;
+  #route_table thead tr.bottom th {
+    padding: 10px 0;
     line-height: 15px;
   }
 
-  #route_table .matched_paths {
+  #route_table tbody tr {
+    border-bottom: 1px solid #ddd;
+  }
+
+  #route_table tbody tr:nth-child(odd) {
+    background: #f2f2f2;
+  }
+
+  #route_table tbody.exact_matches,
+  #route_table tbody.fuzzy_matches {
     background-color: LightGoldenRodYellow;
+    border-bottom: solid 2px SlateGrey;
   }
 
-  #route_table .matched_paths {
-    border-bottom: solid 3px SlateGrey;
+  #route_table tbody.exact_matches tr,
+  #route_table tbody.fuzzy_matches tr {
+    background: none;
+    border-bottom: none;
+  }
+
+  #route_table td {
+    padding: 4px 30px;
   }
 
   #path_search {
@@ -45,13 +65,15 @@
       <th><%# HTTP Verb %>
       </th>
       <th><%# Path %>
-        <%= search_field(:path, nil, id: 'path_search', placeholder: "Path Match") %>
+        <%= search_field(:path, nil, id: 'search', placeholder: "Path Match") %>
       </th>
       <th><%# Controller#action %>
       </th>
     </tr>
   </thead>
-  <tbody class='matched_paths' id='matched_paths'>
+  <tbody class='exact_matches' id='exact_matches'>
+  </tbody>
+  <tbody class='fuzzy_matches' id='fuzzy_matches'>
   </tbody>
   <tbody>
     <%= yield %>
@@ -59,6 +81,7 @@
 </table>
 
 <script type='text/javascript'>
+  // Iterates each element through a function
   function each(elems, func) {
     if (!elems instanceof Array) { elems = [elems]; }
     for (var i = 0, len = elems.length; i < len; i++) {
@@ -66,77 +89,110 @@
     }
   }
 
-  function setValOn(elems, val) {
-    each(elems, function(elem) {
-      elem.innerHTML = val;
-    });
+  // Sets innerHTML for an element
+  function setContent(elem, text) {
+    elem.innerHTML = text;
   }
 
-  function onClick(elems, func) {
-    each(elems, function(elem) {
-      elem.onclick = func;
-    });
-  }
+  // Enables path search functionality
+  function setupMatchPaths() {
+    // Check if the user input (sanitized as a path) matches the regexp data attribute
+    function checkExactMatch(section, elem, value) {
+      var string = sanitizePath(value),
+          regexp = elem.getAttribute("data-regexp");
 
-  // Enables functionality to toggle between `_path` and `_url` helper suffixes
-  function setupRouteToggleHelperLinks() {
-    var toggleLinks = document.querySelectorAll('#route_table [data-route-helper]');
-    onClick(toggleLinks, function(){
-      var helperTxt   = this.getAttribute("data-route-helper"),
-          helperElems = document.querySelectorAll('[data-route-name] span.helper');
-      setValOn(helperElems, helperTxt);
-    });
-  }
+      showMatch(string, regexp, section, elem);
+    }
 
-  // takes an array of elements with a data-regexp attribute and
-  // passes their their parent <tr> into the callback function
-  // if the regexp matchs a given path
-  function eachElemsForPath(elems, path, func) {
-    each(elems, function(e){
-      var reg = e.getAttribute("data-regexp");
-      if (path.match(RegExp(reg))) {
-        func(e.parentNode.cloneNode(true));
-      }
-    })
-  }
+    // Check if the route path data attribute contains the user input
+    function checkFuzzyMatch(section, elem, value) {
+      var string = elem.getAttribute("data-route-path"),
+          regexp = value;
 
-  // Ensure path always starts with a slash "/" and remove params or fragments
-  function sanitizePath(path) {
-    var path = path.charAt(0) == '/' ? path : "/" + path;
-    return path.replace(/\#.*|\?.*/, '');
-  }
+      showMatch(string, regexp, section, elem);
+    }
 
-  // Enables path search functionality
-  function setupMatchPaths() {
-    var regexpElems     = document.querySelectorAll('#route_table [data-regexp]'),
-        pathElem        = document.querySelector('#path_search'),
-        selectedSection = document.querySelector('#matched_paths'),
-        noMatchText     = '<tr><th colspan="4">None</th></tr>';
+    // Display the parent <tr> element in the appropriate section when there's a match
+    function showMatch(string, regexp, section, elem) {
+      if(string.match(RegExp(regexp))) {
+        section.appendChild(elem.parentNode.cloneNode(true));
+      }
+    }
+
+    // Check if there are any matched results in a section
+    function checkNoMatch(section, defaultText, noMatchText) {
+      if (section.innerHTML === defaultText) {
+        setContent(section, defaultText + noMatchText);
+      }
+    }
 
+    // Ensure path always starts with a slash "/" and remove params or fragments
+    function sanitizePath(path) {
+      var path = path.charAt(0) == '/' ? path : "/" + path;
+      return path.replace(/\#.*|\?.*/, '');
+    }
 
-    // Remove matches if no path is present
-    pathElem.onblur = function(e) {
-      if (pathElem.value === "") selectedSection.innerHTML = "";
+    var regexpElems     = document.querySelectorAll('#route_table [data-regexp]'),
+        searchElem      = document.querySelector('#search'),
+        exactMatches    = document.querySelector('#exact_matches'),
+        fuzzyMatches    = document.querySelector('#fuzzy_matches');
+
+    // Remove matches when no search value is present
+    searchElem.onblur = function(e) {
+      if (searchElem.value === "") {
+        setContent(exactMatches, "");
+        setContent(fuzzyMatches, "");
+      }
     }
 
     // On key press perform a search for matching paths
-    pathElem.onkeyup = function(e){
-      var path        = sanitizePath(pathElem.value),
-          defaultText = '<tr><th colspan="4">Paths Matching (' + path + '):</th></tr>';
+    searchElem.onkeyup = function(e){
+      var userInput         = searchElem.value,
+          defaultExactMatch = '<tr><th colspan="4">Paths Matching (' + escape(sanitizePath(userInput)) +'):</th></tr>',
+          defaultFuzzyMatch = '<tr><th colspan="4">Paths Containing (' + escape(userInput) +'):</th></tr>',
+          noExactMatch      = '<tr><th colspan="4">No Exact Matches Found</th></tr>',
+          noFuzzyMatch      = '<tr><th colspan="4">No Fuzzy Matches Found</th></tr>';
 
       // Clear out results section
-      selectedSection.innerHTML= defaultText;
+      setContent(exactMatches, defaultExactMatch);
+      setContent(fuzzyMatches, defaultFuzzyMatch);
+
+      // Display exact matches and fuzzy matches
+      each(regexpElems, function(elem) {
+        checkExactMatch(exactMatches, elem, userInput);
+        checkFuzzyMatch(fuzzyMatches, elem, userInput);
+      })
+
+      // Display 'No Matches' message when no matches are found
+      checkNoMatch(exactMatches, defaultExactMatch, noExactMatch);
+      checkNoMatch(fuzzyMatches, defaultFuzzyMatch, noFuzzyMatch);
+    }
+  }
 
-      // Display matches if they exist
-      eachElemsForPath(regexpElems, path, function(e){
-        selectedSection.appendChild(e);
+  // Enables functionality to toggle between `_path` and `_url` helper suffixes
+  function setupRouteToggleHelperLinks() {
+
+    // Sets content for each element
+    function setValOn(elems, val) {
+      each(elems, function(elem) {
+        setContent(elem, val);
       });
+    }
 
-      // If no match present, tell the user
-      if (selectedSection.innerHTML === defaultText) {
-        selectedSection.innerHTML = selectedSection.innerHTML + noMatchText;
-      }
+    // Sets onClick event for each element
+    function onClick(elems, func) {
+      each(elems, function(elem) {
+        elem.onclick = func;
+      });
     }
+
+    var toggleLinks = document.querySelectorAll('#route_table [data-route-helper]');
+    onClick(toggleLinks, function(){
+      var helperTxt   = this.getAttribute("data-route-helper"),
+          helperElems = document.querySelectorAll('[data-route-name] span.helper');
+
+      setValOn(helperElems, helperTxt);
+    });
   }
 
   setupMatchPaths();

data/lib/action_dispatch/railtie.rb

@@ -16,12 +16,12 @@ module ActionDispatch
     config.action_dispatch.signed_cookie_salt = 'signed cookie'
     config.action_dispatch.encrypted_cookie_salt = 'encrypted cookie'
     config.action_dispatch.encrypted_signed_cookie_salt = 'signed encrypted cookie'
+    config.action_dispatch.perform_deep_munge = true
 
     config.action_dispatch.default_headers = {
       'X-Frame-Options' => 'SAMEORIGIN',
       'X-XSS-Protection' => '1; mode=block',
-      'X-Content-Type-Options' => 'nosniff',
-      'X-UA-Compatible' => 'chrome=1'
+      'X-Content-Type-Options' => 'nosniff'
     }
 
     config.eager_load_namespaces << ActionDispatch
@@ -29,6 +29,7 @@ module ActionDispatch
     initializer "action_dispatch.configure" do |app|
       ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
       ActionDispatch::Request.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
+      ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
       ActionDispatch::Response.default_charset = app.config.action_dispatch.default_charset || app.config.encoding
       ActionDispatch::Response.default_headers = app.config.action_dispatch.default_headers
 
@@ -39,6 +40,8 @@ module ActionDispatch
       ActionDispatch::Cookies::CookieJar.always_write_cookie = config.action_dispatch.always_write_cookie
 
       ActionDispatch.test_app = app
+
+      ActionDispatch::Routing::RouteSet.relative_url_root = app.config.relative_url_root
     end
   end
 end

data/lib/action_dispatch/request/session.rb

@@ -7,6 +7,9 @@ module ActionDispatch
       ENV_SESSION_KEY         = Rack::Session::Abstract::ENV_SESSION_KEY # :nodoc:
       ENV_SESSION_OPTIONS_KEY = Rack::Session::Abstract::ENV_SESSION_OPTIONS_KEY # :nodoc:
 
+      # Singleton object used to determine if an optional param wasn't specified
+      Unspecified = Object.new
+
       def self.create(store, env, default_options)
         session_was = find env
         session     = Request::Session.new(store, env)
@@ -127,6 +130,15 @@ module ActionDispatch
         @delegate.delete key.to_s
       end
 
+      def fetch(key, default=Unspecified, &block)
+        load_for_read!
+        if default == Unspecified
+          @delegate.fetch(key.to_s, &block)
+        else
+          @delegate.fetch(key.to_s, default, &block)
+        end
+      end
+
       def inspect
         if loaded?
           super

data/lib/action_dispatch/request/utils.rb

@@ -0,0 +1,35 @@
+module ActionDispatch
+  class Request < Rack::Request
+    class Utils # :nodoc:
+
+      mattr_accessor :perform_deep_munge
+      self.perform_deep_munge = true
+
+      class << self
+        # Remove nils from the params hash
+        def deep_munge(hash, keys = [])
+          return hash unless perform_deep_munge
+
+          hash.each do |k, v|
+            keys << k
+            case v
+            when Array
+              v.grep(Hash) { |x| deep_munge(x, keys) }
+              v.compact!
+              if v.empty?
+                hash[k] = nil
+                ActiveSupport::Notifications.instrument("deep_munge.action_controller", keys: keys)
+              end
+            when Hash
+              deep_munge(v, keys)
+            end
+            keys.pop
+          end
+
+          hash
+        end
+      end
+    end
+  end
+end
+

data/lib/action_dispatch/routing/endpoint.rb

@@ -0,0 +1,10 @@
+module ActionDispatch
+  module Routing
+    class Endpoint # :nodoc:
+      def dispatcher?;   false; end
+      def redirect?;     false; end
+      def matches?(req); true;  end
+      def app;           self;  end
+    end
+  end
+end