actionpack 4.0.1 → 4.2.11.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/CHANGELOG.md +402 -1173
- data/MIT-LICENSE +1 -1
- data/README.rdoc +7 -7
- data/lib/abstract_controller/base.rb +39 -7
- data/lib/abstract_controller/callbacks.rb +32 -53
- data/lib/abstract_controller/collector.rb +11 -1
- data/lib/abstract_controller/helpers.rb +26 -16
- data/lib/abstract_controller/railties/routes_helpers.rb +3 -3
- data/lib/abstract_controller/rendering.rb +57 -127
- data/lib/abstract_controller/url_for.rb +1 -1
- data/lib/abstract_controller.rb +1 -2
- data/lib/action_controller/base.rb +19 -10
- data/lib/action_controller/caching/fragments.rb +7 -1
- data/lib/action_controller/caching.rb +2 -12
- data/lib/action_controller/log_subscriber.rb +29 -20
- data/lib/action_controller/metal/conditional_get.rb +37 -12
- data/lib/action_controller/metal/data_streaming.rb +1 -1
- data/lib/action_controller/metal/etag_with_template_digest.rb +50 -0
- data/lib/action_controller/metal/exceptions.rb +1 -1
- data/lib/action_controller/metal/flash.rb +17 -0
- data/lib/action_controller/metal/force_ssl.rb +2 -2
- data/lib/action_controller/metal/head.rb +8 -6
- data/lib/action_controller/metal/helpers.rb +6 -2
- data/lib/action_controller/metal/http_authentication.rb +45 -23
- data/lib/action_controller/metal/instrumentation.rb +9 -6
- data/lib/action_controller/metal/live.rb +173 -20
- data/lib/action_controller/metal/mime_responds.rb +127 -232
- data/lib/action_controller/metal/params_wrapper.rb +16 -9
- data/lib/action_controller/metal/rack_delegation.rb +1 -1
- data/lib/action_controller/metal/redirecting.rb +34 -26
- data/lib/action_controller/metal/renderers.rb +39 -12
- data/lib/action_controller/metal/rendering.rb +41 -14
- data/lib/action_controller/metal/request_forgery_protection.rb +147 -19
- data/lib/action_controller/metal/streaming.rb +19 -21
- data/lib/action_controller/metal/strong_parameters.rb +166 -22
- data/lib/action_controller/metal/testing.rb +0 -1
- data/lib/action_controller/metal/url_for.rb +11 -12
- data/lib/action_controller/metal.rb +14 -8
- data/lib/action_controller/model_naming.rb +1 -1
- data/lib/action_controller/railtie.rb +5 -1
- data/lib/action_controller/test_case.rb +160 -94
- data/lib/action_controller.rb +2 -18
- data/lib/action_dispatch/http/cache.rb +5 -4
- data/lib/action_dispatch/http/filter_parameters.rb +2 -2
- data/lib/action_dispatch/http/filter_redirect.rb +5 -4
- data/lib/action_dispatch/http/headers.rb +46 -10
- data/lib/action_dispatch/http/mime_negotiation.rb +31 -4
- data/lib/action_dispatch/http/mime_type.rb +25 -26
- data/lib/action_dispatch/http/mime_types.rb +1 -0
- data/lib/action_dispatch/http/parameter_filter.rb +1 -1
- data/lib/action_dispatch/http/parameters.rb +25 -41
- data/lib/action_dispatch/http/request.rb +49 -32
- data/lib/action_dispatch/http/response.rb +127 -25
- data/lib/action_dispatch/http/upload.rb +9 -21
- data/lib/action_dispatch/http/url.rb +97 -70
- data/lib/action_dispatch/journey/formatter.rb +35 -19
- data/lib/action_dispatch/journey/gtg/builder.rb +3 -3
- data/lib/action_dispatch/journey/gtg/simulator.rb +10 -7
- data/lib/action_dispatch/journey/gtg/transition_table.rb +23 -33
- data/lib/action_dispatch/journey/nfa/dot.rb +2 -2
- data/lib/action_dispatch/journey/nfa/simulator.rb +1 -1
- data/lib/action_dispatch/journey/nfa/transition_table.rb +5 -5
- data/lib/action_dispatch/journey/nodes/node.rb +4 -0
- data/lib/action_dispatch/journey/parser.rb +51 -59
- data/lib/action_dispatch/journey/parser.y +12 -10
- data/lib/action_dispatch/journey/path/pattern.rb +16 -19
- data/lib/action_dispatch/journey/route.rb +8 -19
- data/lib/action_dispatch/journey/router/strexp.rb +9 -6
- data/lib/action_dispatch/journey/router/utils.rb +54 -18
- data/lib/action_dispatch/journey/router.rb +53 -75
- data/lib/action_dispatch/journey/routes.rb +4 -0
- data/lib/action_dispatch/journey/scanner.rb +5 -5
- data/lib/action_dispatch/journey/visitors.rb +81 -60
- data/lib/action_dispatch/journey/visualizer/fsm.css +0 -4
- data/lib/action_dispatch/journey/visualizer/index.html.erb +2 -2
- data/lib/action_dispatch/middleware/callbacks.rb +7 -7
- data/lib/action_dispatch/middleware/cookies.rb +119 -43
- data/lib/action_dispatch/middleware/debug_exceptions.rb +32 -13
- data/lib/action_dispatch/middleware/exception_wrapper.rb +60 -20
- data/lib/action_dispatch/middleware/flash.rb +37 -24
- data/lib/action_dispatch/middleware/params_parser.rb +2 -2
- data/lib/action_dispatch/middleware/public_exceptions.rb +12 -3
- data/lib/action_dispatch/middleware/reloader.rb +11 -2
- data/lib/action_dispatch/middleware/remote_ip.rb +40 -54
- data/lib/action_dispatch/middleware/request_id.rb +1 -1
- data/lib/action_dispatch/middleware/session/cache_store.rb +3 -3
- data/lib/action_dispatch/middleware/session/cookie_store.rb +8 -7
- data/lib/action_dispatch/middleware/show_exceptions.rb +6 -2
- data/lib/action_dispatch/middleware/ssl.rb +10 -7
- data/lib/action_dispatch/middleware/static.rb +79 -23
- data/lib/action_dispatch/middleware/templates/rescues/{_request_and_response.erb → _request_and_response.html.erb} +0 -0
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +23 -0
- data/lib/action_dispatch/middleware/templates/rescues/_source.erb +21 -19
- data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +52 -0
- data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb +9 -0
- data/lib/action_dispatch/middleware/templates/rescues/{diagnostics.erb → diagnostics.html.erb} +1 -1
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +9 -0
- data/lib/action_dispatch/middleware/templates/rescues/layout.erb +6 -0
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +11 -0
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb +3 -0
- data/lib/action_dispatch/middleware/templates/rescues/{routing_error.erb → routing_error.html.erb} +3 -1
- data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb +11 -0
- data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +20 -0
- data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +7 -0
- data/lib/action_dispatch/middleware/templates/rescues/{unknown_action.erb → unknown_action.html.erb} +1 -1
- data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +3 -0
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +120 -64
- data/lib/action_dispatch/railtie.rb +5 -2
- data/lib/action_dispatch/request/session.rb +12 -0
- data/lib/action_dispatch/request/utils.rb +35 -0
- data/lib/action_dispatch/routing/endpoint.rb +10 -0
- data/lib/action_dispatch/routing/inspector.rb +11 -17
- data/lib/action_dispatch/routing/mapper.rb +519 -312
- data/lib/action_dispatch/routing/polymorphic_routes.rb +204 -79
- data/lib/action_dispatch/routing/redirection.rb +51 -26
- data/lib/action_dispatch/routing/route_set.rb +331 -206
- data/lib/action_dispatch/routing/routes_proxy.rb +5 -4
- data/lib/action_dispatch/routing/url_for.rb +19 -5
- data/lib/action_dispatch/routing.rb +9 -6
- data/lib/action_dispatch/testing/assertions/dom.rb +2 -26
- data/lib/action_dispatch/testing/assertions/response.rb +9 -15
- data/lib/action_dispatch/testing/assertions/routing.rb +22 -22
- data/lib/action_dispatch/testing/assertions/selector.rb +2 -429
- data/lib/action_dispatch/testing/assertions/tag.rb +2 -134
- data/lib/action_dispatch/testing/assertions.rb +11 -7
- data/lib/action_dispatch/testing/integration.rb +31 -29
- data/lib/action_dispatch/testing/test_request.rb +1 -1
- data/lib/action_dispatch/testing/test_response.rb +1 -5
- data/lib/action_dispatch.rb +5 -8
- data/lib/action_pack/gem_version.rb +15 -0
- data/lib/action_pack/version.rb +4 -7
- data/lib/action_pack.rb +1 -1
- metadata +77 -159
- data/lib/abstract_controller/layouts.rb +0 -423
- data/lib/abstract_controller/view_paths.rb +0 -96
- data/lib/action_controller/deprecated/integration_test.rb +0 -5
- data/lib/action_controller/deprecated.rb +0 -7
- data/lib/action_controller/metal/responder.rb +0 -287
- data/lib/action_controller/record_identifier.rb +0 -31
- data/lib/action_controller/vendor/html-scanner.rb +0 -5
- data/lib/action_dispatch/middleware/templates/rescues/_trace.erb +0 -24
- data/lib/action_dispatch/middleware/templates/rescues/missing_template.erb +0 -7
- data/lib/action_dispatch/middleware/templates/rescues/template_error.erb +0 -43
- data/lib/action_view/base.rb +0 -201
- data/lib/action_view/buffers.rb +0 -49
- data/lib/action_view/context.rb +0 -36
- data/lib/action_view/dependency_tracker.rb +0 -93
- data/lib/action_view/digestor.rb +0 -113
- data/lib/action_view/flows.rb +0 -76
- data/lib/action_view/helpers/active_model_helper.rb +0 -49
- data/lib/action_view/helpers/asset_tag_helper.rb +0 -320
- data/lib/action_view/helpers/asset_url_helper.rb +0 -355
- data/lib/action_view/helpers/atom_feed_helper.rb +0 -203
- data/lib/action_view/helpers/cache_helper.rb +0 -196
- data/lib/action_view/helpers/capture_helper.rb +0 -216
- data/lib/action_view/helpers/controller_helper.rb +0 -25
- data/lib/action_view/helpers/csrf_helper.rb +0 -30
- data/lib/action_view/helpers/date_helper.rb +0 -1083
- data/lib/action_view/helpers/debug_helper.rb +0 -39
- data/lib/action_view/helpers/form_helper.rb +0 -1880
- data/lib/action_view/helpers/form_options_helper.rb +0 -838
- data/lib/action_view/helpers/form_tag_helper.rb +0 -785
- data/lib/action_view/helpers/javascript_helper.rb +0 -117
- data/lib/action_view/helpers/number_helper.rb +0 -441
- data/lib/action_view/helpers/output_safety_helper.rb +0 -38
- data/lib/action_view/helpers/record_tag_helper.rb +0 -106
- data/lib/action_view/helpers/rendering_helper.rb +0 -90
- data/lib/action_view/helpers/sanitize_helper.rb +0 -256
- data/lib/action_view/helpers/tag_helper.rb +0 -173
- data/lib/action_view/helpers/tags/base.rb +0 -148
- data/lib/action_view/helpers/tags/check_box.rb +0 -64
- data/lib/action_view/helpers/tags/checkable.rb +0 -16
- data/lib/action_view/helpers/tags/collection_check_boxes.rb +0 -44
- data/lib/action_view/helpers/tags/collection_helpers.rb +0 -84
- data/lib/action_view/helpers/tags/collection_radio_buttons.rb +0 -36
- data/lib/action_view/helpers/tags/collection_select.rb +0 -28
- data/lib/action_view/helpers/tags/color_field.rb +0 -25
- data/lib/action_view/helpers/tags/date_field.rb +0 -13
- data/lib/action_view/helpers/tags/date_select.rb +0 -72
- data/lib/action_view/helpers/tags/datetime_field.rb +0 -22
- data/lib/action_view/helpers/tags/datetime_local_field.rb +0 -19
- data/lib/action_view/helpers/tags/datetime_select.rb +0 -8
- data/lib/action_view/helpers/tags/email_field.rb +0 -8
- data/lib/action_view/helpers/tags/file_field.rb +0 -8
- data/lib/action_view/helpers/tags/grouped_collection_select.rb +0 -29
- data/lib/action_view/helpers/tags/hidden_field.rb +0 -8
- data/lib/action_view/helpers/tags/label.rb +0 -66
- data/lib/action_view/helpers/tags/month_field.rb +0 -13
- data/lib/action_view/helpers/tags/number_field.rb +0 -18
- data/lib/action_view/helpers/tags/password_field.rb +0 -12
- data/lib/action_view/helpers/tags/radio_button.rb +0 -31
- data/lib/action_view/helpers/tags/range_field.rb +0 -8
- data/lib/action_view/helpers/tags/search_field.rb +0 -24
- data/lib/action_view/helpers/tags/select.rb +0 -40
- data/lib/action_view/helpers/tags/tel_field.rb +0 -8
- data/lib/action_view/helpers/tags/text_area.rb +0 -18
- data/lib/action_view/helpers/tags/text_field.rb +0 -29
- data/lib/action_view/helpers/tags/time_field.rb +0 -13
- data/lib/action_view/helpers/tags/time_select.rb +0 -8
- data/lib/action_view/helpers/tags/time_zone_select.rb +0 -20
- data/lib/action_view/helpers/tags/url_field.rb +0 -8
- data/lib/action_view/helpers/tags/week_field.rb +0 -13
- data/lib/action_view/helpers/tags.rb +0 -39
- data/lib/action_view/helpers/text_helper.rb +0 -443
- data/lib/action_view/helpers/translation_helper.rb +0 -107
- data/lib/action_view/helpers/url_helper.rb +0 -635
- data/lib/action_view/helpers.rb +0 -58
- data/lib/action_view/locale/en.yml +0 -56
- data/lib/action_view/log_subscriber.rb +0 -30
- data/lib/action_view/lookup_context.rb +0 -241
- data/lib/action_view/model_naming.rb +0 -12
- data/lib/action_view/path_set.rb +0 -77
- data/lib/action_view/railtie.rb +0 -43
- data/lib/action_view/record_identifier.rb +0 -84
- data/lib/action_view/renderer/abstract_renderer.rb +0 -47
- data/lib/action_view/renderer/partial_renderer.rb +0 -492
- data/lib/action_view/renderer/renderer.rb +0 -50
- data/lib/action_view/renderer/streaming_template_renderer.rb +0 -103
- data/lib/action_view/renderer/template_renderer.rb +0 -96
- data/lib/action_view/routing_url_for.rb +0 -107
- data/lib/action_view/tasks/dependencies.rake +0 -17
- data/lib/action_view/template/error.rb +0 -138
- data/lib/action_view/template/handlers/builder.rb +0 -26
- data/lib/action_view/template/handlers/erb.rb +0 -146
- data/lib/action_view/template/handlers/raw.rb +0 -11
- data/lib/action_view/template/handlers.rb +0 -53
- data/lib/action_view/template/resolver.rb +0 -326
- data/lib/action_view/template/text.rb +0 -34
- data/lib/action_view/template/types.rb +0 -57
- data/lib/action_view/template.rb +0 -339
- data/lib/action_view/test_case.rb +0 -270
- data/lib/action_view/testing/resolvers.rb +0 -50
- data/lib/action_view/vendor/html-scanner/html/document.rb +0 -68
- data/lib/action_view/vendor/html-scanner/html/node.rb +0 -532
- data/lib/action_view/vendor/html-scanner/html/sanitizer.rb +0 -188
- data/lib/action_view/vendor/html-scanner/html/selector.rb +0 -830
- data/lib/action_view/vendor/html-scanner/html/tokenizer.rb +0 -107
- data/lib/action_view/vendor/html-scanner/html/version.rb +0 -11
- data/lib/action_view/vendor/html-scanner.rb +0 -20
- data/lib/action_view.rb +0 -93
@@ -11,7 +11,7 @@ module AbstractController
|
|
11
11
|
|
12
12
|
def _routes
|
13
13
|
raise "In order to use #url_for, you must include routing helpers explicitly. " \
|
14
|
-
"For instance, `include Rails.application.routes.url_helpers"
|
14
|
+
"For instance, `include Rails.application.routes.url_helpers`."
|
15
15
|
end
|
16
16
|
|
17
17
|
module ClassMethods
|
data/lib/abstract_controller.rb
CHANGED
@@ -10,12 +10,11 @@ module AbstractController
|
|
10
10
|
autoload :Base
|
11
11
|
autoload :Callbacks
|
12
12
|
autoload :Collector
|
13
|
+
autoload :DoubleRenderError, "abstract_controller/rendering"
|
13
14
|
autoload :Helpers
|
14
|
-
autoload :Layouts
|
15
15
|
autoload :Logger
|
16
16
|
autoload :Rendering
|
17
17
|
autoload :Translation
|
18
18
|
autoload :AssetPaths
|
19
|
-
autoload :ViewPaths
|
20
19
|
autoload :UrlFor
|
21
20
|
end
|
@@ -1,9 +1,10 @@
|
|
1
|
+
require 'action_view'
|
1
2
|
require "action_controller/log_subscriber"
|
2
3
|
require "action_controller/metal/params_wrapper"
|
3
4
|
|
4
5
|
module ActionController
|
5
6
|
# Action Controllers are the core of a web request in \Rails. They are made up of one or more actions that are executed
|
6
|
-
# on request and then either
|
7
|
+
# on request and then either it renders a template or redirects to another action. An action is defined as a public method
|
7
8
|
# on the controller, which will automatically be made accessible to the web-server through \Rails Routes.
|
8
9
|
#
|
9
10
|
# By default, only the ApplicationController in a \Rails application inherits from <tt>ActionController::Base</tt>. All other
|
@@ -43,8 +44,8 @@ module ActionController
|
|
43
44
|
# The full request object is available via the request accessor and is primarily used to query for HTTP headers:
|
44
45
|
#
|
45
46
|
# def server_ip
|
46
|
-
# location = request.env["
|
47
|
-
# render
|
47
|
+
# location = request.env["REMOTE_ADDR"]
|
48
|
+
# render plain: "This server hosted at #{location}"
|
48
49
|
# end
|
49
50
|
#
|
50
51
|
# == Parameters
|
@@ -85,7 +86,7 @@ module ActionController
|
|
85
86
|
# or you can remove the entire session with +reset_session+.
|
86
87
|
#
|
87
88
|
# Sessions are stored by default in a browser cookie that's cryptographically signed, but unencrypted.
|
88
|
-
# This prevents the user from tampering with the session but also allows
|
89
|
+
# This prevents the user from tampering with the session but also allows them to see its contents.
|
89
90
|
#
|
90
91
|
# Do not put secret information in cookie-based sessions!
|
91
92
|
#
|
@@ -182,7 +183,7 @@ module ActionController
|
|
182
183
|
# Shortcut helper that returns all the modules included in
|
183
184
|
# ActionController::Base except the ones passed as arguments:
|
184
185
|
#
|
185
|
-
# class
|
186
|
+
# class MyBaseController < ActionController::Metal
|
186
187
|
# ActionController::Base.without_modules(:ParamsWrapper, :Streaming).each do |left|
|
187
188
|
# include left
|
188
189
|
# end
|
@@ -200,7 +201,7 @@ module ActionController
|
|
200
201
|
end
|
201
202
|
|
202
203
|
MODULES = [
|
203
|
-
AbstractController::
|
204
|
+
AbstractController::Rendering,
|
204
205
|
AbstractController::Translation,
|
205
206
|
AbstractController::AssetPaths,
|
206
207
|
|
@@ -208,9 +209,11 @@ module ActionController
|
|
208
209
|
HideActions,
|
209
210
|
UrlFor,
|
210
211
|
Redirecting,
|
212
|
+
ActionView::Layouts,
|
211
213
|
Rendering,
|
212
214
|
Renderers::All,
|
213
215
|
ConditionalGet,
|
216
|
+
EtagWithTemplateDigest,
|
214
217
|
RackDelegation,
|
215
218
|
Caching,
|
216
219
|
MimeResponds,
|
@@ -223,7 +226,6 @@ module ActionController
|
|
223
226
|
ForceSSL,
|
224
227
|
Streaming,
|
225
228
|
DataStreaming,
|
226
|
-
RecordIdentifier,
|
227
229
|
HttpAuthentication::Basic::ControllerMethods,
|
228
230
|
HttpAuthentication::Digest::ControllerMethods,
|
229
231
|
HttpAuthentication::Token::ControllerMethods,
|
@@ -249,10 +251,17 @@ module ActionController
|
|
249
251
|
end
|
250
252
|
|
251
253
|
# Define some internal variables that should not be propagated to the view.
|
252
|
-
|
254
|
+
PROTECTED_IVARS = AbstractController::Rendering::DEFAULT_PROTECTED_INSTANCE_VARIABLES + [
|
253
255
|
:@_status, :@_headers, :@_params, :@_env, :@_response, :@_request,
|
254
|
-
:@_view_runtime, :@_stream, :@_url_options, :@_action_has_layout
|
255
|
-
|
256
|
+
:@_view_runtime, :@_stream, :@_url_options, :@_action_has_layout ]
|
257
|
+
|
258
|
+
def _protected_ivars # :nodoc:
|
259
|
+
PROTECTED_IVARS
|
260
|
+
end
|
261
|
+
|
262
|
+
def self.protected_instance_variables
|
263
|
+
PROTECTED_IVARS
|
264
|
+
end
|
256
265
|
|
257
266
|
ActiveSupport.run_load_hooks(:action_controller, self)
|
258
267
|
end
|
@@ -90,7 +90,13 @@ module ActionController
|
|
90
90
|
end
|
91
91
|
|
92
92
|
def instrument_fragment_cache(name, key) # :nodoc:
|
93
|
-
|
93
|
+
payload = {
|
94
|
+
controller: controller_name,
|
95
|
+
action: action_name,
|
96
|
+
key: key
|
97
|
+
}
|
98
|
+
|
99
|
+
ActiveSupport::Notifications.instrument("#{name}.action_controller", payload) { yield }
|
94
100
|
end
|
95
101
|
end
|
96
102
|
end
|
@@ -9,14 +9,14 @@ module ActionController
|
|
9
9
|
# You can read more about each approach by clicking the modules below.
|
10
10
|
#
|
11
11
|
# Note: To turn off all caching, set
|
12
|
-
# config.action_controller.perform_caching = false
|
12
|
+
# config.action_controller.perform_caching = false
|
13
13
|
#
|
14
14
|
# == \Caching stores
|
15
15
|
#
|
16
16
|
# All the caching stores from ActiveSupport::Cache are available to be used as backends
|
17
17
|
# for Action Controller caching.
|
18
18
|
#
|
19
|
-
# Configuration examples (
|
19
|
+
# Configuration examples (FileStore is the default):
|
20
20
|
#
|
21
21
|
# config.action_controller.cache_store = :memory_store
|
22
22
|
# config.action_controller.cache_store = :file_store, '/path/to/cache/directory'
|
@@ -58,16 +58,6 @@ module ActionController
|
|
58
58
|
config_accessor :default_static_extension
|
59
59
|
self.default_static_extension ||= '.html'
|
60
60
|
|
61
|
-
def self.page_cache_extension=(extension)
|
62
|
-
ActiveSupport::Deprecation.deprecation_warning(:page_cache_extension, :default_static_extension)
|
63
|
-
self.default_static_extension = extension
|
64
|
-
end
|
65
|
-
|
66
|
-
def self.page_cache_extension
|
67
|
-
ActiveSupport::Deprecation.deprecation_warning(:page_cache_extension, :default_static_extension)
|
68
|
-
default_static_extension
|
69
|
-
end
|
70
|
-
|
71
61
|
config_accessor :perform_caching
|
72
62
|
self.perform_caching = true if perform_caching.nil?
|
73
63
|
|
@@ -1,4 +1,3 @@
|
|
1
|
-
|
2
1
|
module ActionController
|
3
2
|
class LogSubscriber < ActiveSupport::LogSubscriber
|
4
3
|
INTERNAL_PARAMS = %w(controller action format _method only_path)
|
@@ -16,41 +15,51 @@ module ActionController
|
|
16
15
|
end
|
17
16
|
|
18
17
|
def process_action(event)
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
18
|
+
info do
|
19
|
+
payload = event.payload
|
20
|
+
additions = ActionController::Base.log_process_action(payload)
|
21
|
+
|
22
|
+
status = payload[:status]
|
23
|
+
if status.nil? && payload[:exception].present?
|
24
|
+
exception_class_name = payload[:exception].first
|
25
|
+
status = ActionDispatch::ExceptionWrapper.status_code_for_exception(exception_class_name)
|
26
|
+
end
|
27
|
+
message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
|
28
|
+
message << " (#{additions.join(" | ")})" unless additions.blank?
|
29
|
+
message
|
28
30
|
end
|
29
|
-
message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
|
30
|
-
message << " (#{additions.join(" | ")})" unless additions.blank?
|
31
|
-
|
32
|
-
info(message)
|
33
31
|
end
|
34
32
|
|
35
33
|
def halted_callback(event)
|
36
|
-
info
|
34
|
+
info { "Filter chain halted as #{event.payload[:filter].inspect} rendered or redirected" }
|
37
35
|
end
|
38
36
|
|
39
37
|
def send_file(event)
|
40
|
-
info
|
38
|
+
info { "Sent file #{event.payload[:path]} (#{event.duration.round(1)}ms)" }
|
41
39
|
end
|
42
40
|
|
43
41
|
def redirect_to(event)
|
44
|
-
info
|
42
|
+
info { "Redirected to #{event.payload[:location]}" }
|
45
43
|
end
|
46
44
|
|
47
45
|
def send_data(event)
|
48
|
-
info
|
46
|
+
info { "Sent data #{event.payload[:filename]} (#{event.duration.round(1)}ms)" }
|
49
47
|
end
|
50
48
|
|
51
49
|
def unpermitted_parameters(event)
|
52
|
-
|
53
|
-
|
50
|
+
debug do
|
51
|
+
unpermitted_keys = event.payload[:keys]
|
52
|
+
"Unpermitted parameter#{'s' if unpermitted_keys.size > 1}: #{unpermitted_keys.join(", ")}"
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def deep_munge(event)
|
57
|
+
debug do
|
58
|
+
"Value for params[:#{event.payload[:keys].join('][:')}] was set "\
|
59
|
+
"to nil, because it was one of [], [null] or [null, null, ...]. "\
|
60
|
+
"Go to http://guides.rubyonrails.org/security.html#unsafe-query-generation "\
|
61
|
+
"for more information."\
|
62
|
+
end
|
54
63
|
end
|
55
64
|
|
56
65
|
%w(write_fragment read_fragment exist_fragment?
|
@@ -13,9 +13,9 @@ module ActionController
|
|
13
13
|
end
|
14
14
|
|
15
15
|
module ClassMethods
|
16
|
-
# Allows you to consider additional controller-wide information when generating an
|
16
|
+
# Allows you to consider additional controller-wide information when generating an ETag.
|
17
17
|
# For example, if you serve pages tailored depending on who's logged in at the moment, you
|
18
|
-
# may want to add the current user id to be part of the
|
18
|
+
# may want to add the current user id to be part of the ETag to prevent authorized displaying
|
19
19
|
# of cached pages.
|
20
20
|
#
|
21
21
|
# class InvoicesController < ApplicationController
|
@@ -32,7 +32,7 @@ module ActionController
|
|
32
32
|
end
|
33
33
|
end
|
34
34
|
|
35
|
-
# Sets the etag
|
35
|
+
# Sets the +etag+, +last_modified+, or both on the response and renders a
|
36
36
|
# <tt>304 Not Modified</tt> response if the request is already fresh.
|
37
37
|
#
|
38
38
|
# === Parameters:
|
@@ -41,6 +41,11 @@ module ActionController
|
|
41
41
|
# * <tt>:last_modified</tt>.
|
42
42
|
# * <tt>:public</tt> By default the Cache-Control header is private, set this to
|
43
43
|
# +true+ if you want your application to be cachable by other devices (proxy caches).
|
44
|
+
# * <tt>:template</tt> By default, the template digest for the current
|
45
|
+
# controller/action is included in ETags. If the action renders a
|
46
|
+
# different template, you can include its digest instead. If the action
|
47
|
+
# doesn't render a template at all, you can pass <tt>template: false</tt>
|
48
|
+
# to skip any attempt to check for a template digest.
|
44
49
|
#
|
45
50
|
# === Example:
|
46
51
|
#
|
@@ -49,11 +54,11 @@ module ActionController
|
|
49
54
|
# fresh_when(etag: @article, last_modified: @article.created_at, public: true)
|
50
55
|
# end
|
51
56
|
#
|
52
|
-
# This will render the show template if the request isn't sending a matching
|
57
|
+
# This will render the show template if the request isn't sending a matching ETag or
|
53
58
|
# If-Modified-Since header and just a <tt>304 Not Modified</tt> response if there's a match.
|
54
59
|
#
|
55
60
|
# You can also just pass a record where +last_modified+ will be set by calling
|
56
|
-
# +updated_at+ and the etag by passing the object itself.
|
61
|
+
# +updated_at+ and the +etag+ by passing the object itself.
|
57
62
|
#
|
58
63
|
# def show
|
59
64
|
# @article = Article.find(params[:id])
|
@@ -66,18 +71,24 @@ module ActionController
|
|
66
71
|
# @article = Article.find(params[:id])
|
67
72
|
# fresh_when(@article, public: true)
|
68
73
|
# end
|
74
|
+
#
|
75
|
+
# When rendering a different template than the default controller/action
|
76
|
+
# style, you can indicate which digest to include in the ETag:
|
77
|
+
#
|
78
|
+
# before_action { fresh_when @article, template: 'widgets/show' }
|
79
|
+
#
|
69
80
|
def fresh_when(record_or_options, additional_options = {})
|
70
81
|
if record_or_options.is_a? Hash
|
71
82
|
options = record_or_options
|
72
|
-
options.assert_valid_keys(:etag, :last_modified, :public)
|
83
|
+
options.assert_valid_keys(:etag, :last_modified, :public, :template)
|
73
84
|
else
|
74
85
|
record = record_or_options
|
75
86
|
options = { etag: record, last_modified: record.try(:updated_at) }.merge!(additional_options)
|
76
87
|
end
|
77
88
|
|
78
|
-
response.etag = combine_etags(options[:etag]
|
79
|
-
response.last_modified = options[:last_modified]
|
80
|
-
response.cache_control[:public] = true
|
89
|
+
response.etag = combine_etags(options) if options[:etag] || options[:template]
|
90
|
+
response.last_modified = options[:last_modified] if options[:last_modified]
|
91
|
+
response.cache_control[:public] = true if options[:public]
|
81
92
|
|
82
93
|
head :not_modified if request.fresh?(response)
|
83
94
|
end
|
@@ -93,6 +104,11 @@ module ActionController
|
|
93
104
|
# * <tt>:last_modified</tt>.
|
94
105
|
# * <tt>:public</tt> By default the Cache-Control header is private, set this to
|
95
106
|
# +true+ if you want your application to be cachable by other devices (proxy caches).
|
107
|
+
# * <tt>:template</tt> By default, the template digest for the current
|
108
|
+
# controller/action is included in ETags. If the action renders a
|
109
|
+
# different template, you can include its digest instead. If the action
|
110
|
+
# doesn't render a template at all, you can pass <tt>template: false</tt>
|
111
|
+
# to skip any attempt to check for a template digest.
|
96
112
|
#
|
97
113
|
# === Example:
|
98
114
|
#
|
@@ -108,7 +124,7 @@ module ActionController
|
|
108
124
|
# end
|
109
125
|
#
|
110
126
|
# You can also just pass a record where +last_modified+ will be set by calling
|
111
|
-
# updated_at and the etag by passing the object itself.
|
127
|
+
# +updated_at+ and the +etag+ by passing the object itself.
|
112
128
|
#
|
113
129
|
# def show
|
114
130
|
# @article = Article.find(params[:id])
|
@@ -133,6 +149,14 @@ module ActionController
|
|
133
149
|
# end
|
134
150
|
# end
|
135
151
|
# end
|
152
|
+
#
|
153
|
+
# When rendering a different template than the default controller/action
|
154
|
+
# style, you can indicate which digest to include in the ETag:
|
155
|
+
#
|
156
|
+
# def show
|
157
|
+
# super if stale? @article, template: 'widgets/show'
|
158
|
+
# end
|
159
|
+
#
|
136
160
|
def stale?(record_or_options, additional_options = {})
|
137
161
|
fresh_when(record_or_options, additional_options)
|
138
162
|
!request.fresh?(response)
|
@@ -168,8 +192,9 @@ module ActionController
|
|
168
192
|
end
|
169
193
|
|
170
194
|
private
|
171
|
-
def combine_etags(
|
172
|
-
|
195
|
+
def combine_etags(options)
|
196
|
+
etags = etaggers.map { |etagger| instance_exec(options, &etagger) }.compact
|
197
|
+
etags.unshift options[:etag]
|
173
198
|
end
|
174
199
|
end
|
175
200
|
end
|
@@ -96,7 +96,7 @@ module ActionController #:nodoc:
|
|
96
96
|
end
|
97
97
|
|
98
98
|
# Sends the given binary data to the browser. This method is similar to
|
99
|
-
# <tt>render
|
99
|
+
# <tt>render plain: data</tt>, but also allows you to specify whether
|
100
100
|
# the browser should display the response as a file attachment (i.e. in a
|
101
101
|
# download dialog) or as inline data. You may also set the content type,
|
102
102
|
# the apparent file name, and other things.
|
@@ -0,0 +1,50 @@
|
|
1
|
+
module ActionController
|
2
|
+
# When our views change, they should bubble up into HTTP cache freshness
|
3
|
+
# and bust browser caches. So the template digest for the current action
|
4
|
+
# is automatically included in the ETag.
|
5
|
+
#
|
6
|
+
# Enabled by default for apps that use Action View. Disable by setting
|
7
|
+
#
|
8
|
+
# config.action_controller.etag_with_template_digest = false
|
9
|
+
#
|
10
|
+
# Override the template to digest by passing +:template+ to +fresh_when+
|
11
|
+
# and +stale?+ calls. For example:
|
12
|
+
#
|
13
|
+
# # We're going to render widgets/show, not posts/show
|
14
|
+
# fresh_when @post, template: 'widgets/show'
|
15
|
+
#
|
16
|
+
# # We're not going to render a template, so omit it from the ETag.
|
17
|
+
# fresh_when @post, template: false
|
18
|
+
#
|
19
|
+
module EtagWithTemplateDigest
|
20
|
+
extend ActiveSupport::Concern
|
21
|
+
|
22
|
+
include ActionController::ConditionalGet
|
23
|
+
|
24
|
+
included do
|
25
|
+
class_attribute :etag_with_template_digest
|
26
|
+
self.etag_with_template_digest = true
|
27
|
+
|
28
|
+
ActiveSupport.on_load :action_view, yield: true do |action_view_base|
|
29
|
+
etag do |options|
|
30
|
+
determine_template_etag(options) if etag_with_template_digest
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
private
|
36
|
+
def determine_template_etag(options)
|
37
|
+
if template = pick_template_for_etag(options)
|
38
|
+
lookup_and_digest_template(template)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def pick_template_for_etag(options)
|
43
|
+
options.fetch(:template) { "#{controller_name}/#{action_name}" }
|
44
|
+
end
|
45
|
+
|
46
|
+
def lookup_and_digest_template(template)
|
47
|
+
ActionView::Digestor.digest name: template, finder: lookup_context
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
@@ -11,6 +11,23 @@ module ActionController #:nodoc:
|
|
11
11
|
end
|
12
12
|
|
13
13
|
module ClassMethods
|
14
|
+
# Creates new flash types. You can pass as many types as you want to create
|
15
|
+
# flash types other than the default <tt>alert</tt> and <tt>notice</tt> in
|
16
|
+
# your controllers and views. For instance:
|
17
|
+
#
|
18
|
+
# # in application_controller.rb
|
19
|
+
# class ApplicationController < ActionController::Base
|
20
|
+
# add_flash_types :warning
|
21
|
+
# end
|
22
|
+
#
|
23
|
+
# # in your controller
|
24
|
+
# redirect_to user_path(@user), warning: "Incomplete profile"
|
25
|
+
#
|
26
|
+
# # in your view
|
27
|
+
# <%= warning %>
|
28
|
+
#
|
29
|
+
# This method will automatically define a new method for each of the given
|
30
|
+
# names, and it will be available in your views.
|
14
31
|
def add_flash_types(*types)
|
15
32
|
types.each do |type|
|
16
33
|
next if _flash_types.include?(type)
|
@@ -48,7 +48,7 @@ module ActionController
|
|
48
48
|
# You can pass any of the following options to affect the redirect status and response
|
49
49
|
# * <tt>status</tt> - Redirect with a custom status (default is 301 Moved Permanently)
|
50
50
|
# * <tt>flash</tt> - Set a flash message when redirecting
|
51
|
-
# * <tt>alert</tt> - Set
|
51
|
+
# * <tt>alert</tt> - Set an alert message when redirecting
|
52
52
|
# * <tt>notice</tt> - Set a notice message when redirecting
|
53
53
|
#
|
54
54
|
# ==== Action Options
|
@@ -85,7 +85,7 @@ module ActionController
|
|
85
85
|
if host_or_options.is_a?(Hash)
|
86
86
|
options.merge!(host_or_options)
|
87
87
|
elsif host_or_options
|
88
|
-
options
|
88
|
+
options[:host] = host_or_options
|
89
89
|
end
|
90
90
|
|
91
91
|
secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
|
@@ -1,8 +1,6 @@
|
|
1
1
|
module ActionController
|
2
2
|
module Head
|
3
|
-
|
4
|
-
|
5
|
-
# Return a response that has no content (merely headers). The options
|
3
|
+
# Returns a response that has no content (merely headers). The options
|
6
4
|
# argument is interpreted to be a hash of header names and values.
|
7
5
|
# This allows you to easily return a response that consists only of
|
8
6
|
# significant headers:
|
@@ -16,6 +14,8 @@ module ActionController
|
|
16
14
|
# return head(:method_not_allowed) unless request.post?
|
17
15
|
# return head(:bad_request) unless valid_request?
|
18
16
|
# render
|
17
|
+
#
|
18
|
+
# See Rack::Utils::SYMBOL_TO_STATUS_CODE for a full list of valid +status+ symbols.
|
19
19
|
def head(status, options = {})
|
20
20
|
options, status = status, nil if status.is_a?(Hash)
|
21
21
|
status ||= options.delete(:status) || :ok
|
@@ -29,15 +29,17 @@ module ActionController
|
|
29
29
|
self.status = status
|
30
30
|
self.location = url_for(location) if location
|
31
31
|
|
32
|
-
|
32
|
+
self.response_body = ""
|
33
|
+
|
34
|
+
if include_content?(self.response_code)
|
33
35
|
self.content_type = content_type || (Mime[formats.first] if formats)
|
34
36
|
self.response.charset = false if self.response
|
35
|
-
self.response_body = " "
|
36
37
|
else
|
37
38
|
headers.delete('Content-Type')
|
38
39
|
headers.delete('Content-Length')
|
39
|
-
self.response_body = ""
|
40
40
|
end
|
41
|
+
|
42
|
+
true
|
41
43
|
end
|
42
44
|
|
43
45
|
private
|
@@ -5,7 +5,7 @@ module ActionController
|
|
5
5
|
#
|
6
6
|
# In addition to using the standard template helpers provided, creating custom helpers to
|
7
7
|
# extract complicated logic or reusable functionality is strongly encouraged. By default, each controller
|
8
|
-
# will include all helpers.
|
8
|
+
# will include all helpers. These helpers are only accessible on the controller through <tt>.helpers</tt>
|
9
9
|
#
|
10
10
|
# In previous versions of \Rails the controller will include a helper whose
|
11
11
|
# name matches that of the controller, e.g., <tt>MyController</tt> will automatically
|
@@ -73,7 +73,11 @@ module ActionController
|
|
73
73
|
|
74
74
|
# Provides a proxy to access helpers methods from outside the view.
|
75
75
|
def helpers
|
76
|
-
@helper_proxy ||=
|
76
|
+
@helper_proxy ||= begin
|
77
|
+
proxy = ActionView::Base.new
|
78
|
+
proxy.config = config.inheritable_copy
|
79
|
+
proxy.extend(_helpers)
|
80
|
+
end
|
77
81
|
end
|
78
82
|
|
79
83
|
# Overwrite modules_for_helpers to accept :all as argument, which loads
|