actionpack 4.0.13 → 4.1.0.beta1

data/lib/action_controller/railtie.rb

@@ -1,7 +1,6 @@
 require "rails"
 require "action_controller"
 require "action_dispatch/railtie"
-require "action_view/railtie"
 require "abstract_controller/railties/routes_helpers"
 require "action_controller/railties/helpers"
 

data/lib/action_controller/test_case.rb

@@ -213,9 +213,6 @@ module ActionController
       # Clear the combined params hash in case it was already referenced.
       @env.delete("action_dispatch.request.parameters")
 
-      # Clear the filter cache variables so they're not stale
-      @filtered_parameters = @filtered_env = @filtered_path = nil
-
       params = self.request_parameters.dup
       %w(controller action only_path).each do |k|
         params.delete(k)
@@ -527,7 +524,6 @@ module ActionController
 
       def process(action, http_method = 'GET', *args)
         check_required_ivars
-        http_method, args = handle_old_process_api(http_method, args, caller)
 
         if args.first.is_a?(String) && http_method != 'HEAD'
           @request.env['RAW_POST_DATA'] = args.shift
@@ -631,17 +627,6 @@ module ActionController
         end
       end
 
-      def handle_old_process_api(http_method, args, callstack)
-        # 4.0: Remove this method.
-        if http_method.is_a?(Hash)
-          ActiveSupport::Deprecation.warn("TestCase#process now expects the HTTP method as second argument: process(action, http_method, params, session, flash)", callstack)
-          args.unshift(http_method)
-          http_method = args.last.is_a?(String) ? args.last : "GET"
-        end
-
-        [http_method, args]
-      end
-
       def build_request_uri(action, parameters)
         unless @request.env["PATH_INFO"]
           options = @controller.respond_to?(:url_options) ? @controller.__send__(:url_options).merge(parameters) : parameters

data/lib/action_dispatch.rb

@@ -52,6 +52,7 @@ module ActionDispatch
     autoload :DebugExceptions
     autoload :ExceptionWrapper
     autoload :Flash
+    autoload :Head
     autoload :ParamsParser
     autoload :PublicExceptions
     autoload :Reloader

data/lib/action_dispatch/http/headers.rb

@@ -26,9 +26,7 @@ module ActionDispatch
         @env[env_name(key)] = value
       end
 
-      def key?(key)
-        @env.key? env_name(key)
-      end
+      def key?(key); @env.key? key; end
       alias :include? :key?
 
       def fetch(key, *args, &block)

data/lib/action_dispatch/http/mime_negotiation.rb

@@ -10,6 +10,8 @@ module ActionDispatch
         self.ignore_accept_header = false
       end
 
+      attr_reader :variant
+
       # The MIME type of the HTTP request, such as Mime::XML.
       #
       # For backward compatibility, the post \format is extracted from the
@@ -48,7 +50,7 @@ module ActionDispatch
       #   GET /posts/5       | request.format => Mime::HTML or MIME::JS, or request.accepts.first
       #
       def format(view_path = [])
-        formats.first || Mime::NullType.instance
+        formats.first
       end
 
       def formats
@@ -64,6 +66,18 @@ module ActionDispatch
           end
       end
 
+      # Sets the \variant for template.
+      def variant=(variant)
+        if variant.is_a? Symbol
+          @variant = variant
+        else
+          raise ArgumentError, "request.variant must be set to a Symbol, not a #{variant.class}. " \
+            "For security reasons, never directly set the variant to a user-provided value, " \
+            "like params[:variant].to_sym. Check user-provided value against a whitelist first, " \
+            "then set the variant: request.variant = :tablet if params[:variant] == 'tablet'"
+        end
+      end
+
       # Sets the \format by string extension, which can be used to force custom formats
       # that are not controlled by the extension.
       #
@@ -113,7 +127,7 @@ module ActionDispatch
           end
         end
 
-        order.include?(Mime::ALL) ? format : nil
+        order.include?(Mime::ALL) ? formats.first : nil
       end
 
       protected

data/lib/action_dispatch/http/mime_type.rb

@@ -1,6 +1,6 @@
 require 'set'
 require 'singleton'
-require 'active_support/core_ext/class/attribute_accessors'
+require 'active_support/core_ext/module/attribute_accessors'
 require 'active_support/core_ext/string/starts_ends_with'
 
 module Mime
@@ -28,7 +28,7 @@ module Mime
   class << self
     def [](type)
       return type if type.is_a?(Type)
-      Type.lookup_by_extension(type)
+      Type.lookup_by_extension(type) || NullType.instance
     end
 
     def fetch(type)
@@ -54,10 +54,6 @@ module Mime
     @@html_types = Set.new [:html, :all]
     cattr_reader :html_types
 
-    # These are the content types which browsers can generate without using ajax, flash, etc
-    # i.e. following a link, getting an image or posting a form. CSRF protection
-    # only needs to protect against these types.
-    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
     attr_reader :symbol
 
     @register_callbacks = []
@@ -178,7 +174,7 @@ module Mime
       end
 
       def parse(accept_header)
-        if !accept_header.include?(',')
+        if accept_header !~ /,/
           accept_header = accept_header.split(PARAMETER_SEPARATOR_REGEXP).first
           parse_trailing_star(accept_header) || [Mime::Type.lookup(accept_header)].compact
         else
@@ -273,18 +269,6 @@ module Mime
       end
     end
 
-    # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See
-    # ActionController::RequestForgeryProtection.
-    def verify_request?
-      ActiveSupport::Deprecation.warn "Mime::Type#verify_request? is deprecated and will be removed in Rails 4.1"
-      @@browser_generated_types.include?(to_sym)
-    end
-
-    def self.browser_generated_types
-      ActiveSupport::Deprecation.warn "Mime::Type.browser_generated_types is deprecated and will be removed in Rails 4.1"
-      @@browser_generated_types
-    end
-
     def html?
       @@html_types.include?(to_sym) || @string =~ /html/
     end
@@ -315,9 +299,7 @@ module Mime
       true
     end
 
-    def ref
-      nil
-    end
+    def ref; end
 
     def respond_to_missing?(method, include_private = false)
       method.to_s.ends_with? '?'

data/lib/action_dispatch/http/mime_types.rb

@@ -7,6 +7,7 @@ Mime::Type.register "text/javascript", :js, %w( application/javascript applicati
 Mime::Type.register "text/css", :css
 Mime::Type.register "text/calendar", :ics
 Mime::Type.register "text/csv", :csv
+Mime::Type.register "text/vcard", :vcf
 
 Mime::Type.register "image/png", :png, [], %w(png)
 Mime::Type.register "image/jpeg", :jpeg, [], %w(jpg jpeg jpe pjpeg)

data/lib/action_dispatch/http/parameters.rb

@@ -57,26 +57,25 @@ module ActionDispatch
       # you'll get a weird error down the road, but our form handling
       # should really prevent that from happening
       def normalize_encode_params(params)
-        if params.is_a?(String)
-          return params.force_encoding(Encoding::UTF_8).encode!
-        elsif !params.is_a?(Hash)
-          return params
-        end
-
-        new_hash = {}
-        params.each do |k, v|
-          new_key = k.is_a?(String) ? k.dup.force_encoding(Encoding::UTF_8).encode! : k
-          new_hash[new_key] =
-            case v
-            when Hash
-              normalize_encode_params(v)
-            when Array
-              v.map! {|el| normalize_encode_params(el) }
-            else
-              normalize_encode_params(v)
-            end
+        case params
+        when String
+          params.force_encoding(Encoding::UTF_8).encode!
+        when Hash
+          if params.has_key?(:tempfile)
+            UploadedFile.new(params)
+          else
+            params.each_with_object({}) do |(key, val), new_hash|
+              new_key = key.is_a?(String) ? key.dup.force_encoding(Encoding::UTF_8).encode! : key
+              new_hash[new_key] = if val.is_a?(Array)
+                val.map! { |el| normalize_encode_params(el) }
+              else
+                normalize_encode_params(val)
+              end
+            end.with_indifferent_access
+          end
+        else
+          params
         end
-        new_hash.with_indifferent_access
       end
     end
   end

data/lib/action_dispatch/http/request.rb

@@ -18,10 +18,10 @@ module ActionDispatch
     include ActionDispatch::Http::MimeNegotiation
     include ActionDispatch::Http::Parameters
     include ActionDispatch::Http::FilterParameters
-    include ActionDispatch::Http::Upload
     include ActionDispatch::Http::URL
 
     autoload :Session, 'action_dispatch/request/session'
+    autoload :Utils,   'action_dispatch/request/utils'
 
     LOCALHOST   = Regexp.union [/^127\.0\.0\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/]
 
@@ -225,7 +225,7 @@ module ActionDispatch
     def raw_post
       unless @env.include? 'RAW_POST_DATA'
         raw_post_body = body
-        @env['RAW_POST_DATA'] = raw_post_body.read(@env['CONTENT_LENGTH'].to_i)
+        @env['RAW_POST_DATA'] = raw_post_body.read(content_length)
         raw_post_body.rewind if raw_post_body.respond_to?(:rewind)
       end
       @env['RAW_POST_DATA']
@@ -271,7 +271,7 @@ module ActionDispatch
 
     # Override Rack's GET method to support indifferent access
     def GET
-      @env["action_dispatch.request.query_parameters"] ||= deep_munge((normalize_encode_params(super) || {}))
+      @env["action_dispatch.request.query_parameters"] ||= Utils.deep_munge((normalize_encode_params(super) || {}))
     rescue TypeError => e
       raise ActionController::BadRequest.new(:query, e)
     end
@@ -279,7 +279,7 @@ module ActionDispatch
 
     # Override Rack's POST method to support indifferent access
     def POST
-      @env["action_dispatch.request.request_parameters"] ||= deep_munge((normalize_encode_params(super) || {}))
+      @env["action_dispatch.request.request_parameters"] ||= Utils.deep_munge((normalize_encode_params(super) || {}))
     rescue TypeError => e
       raise ActionController::BadRequest.new(:request, e)
     end
@@ -299,33 +299,24 @@ module ActionDispatch
       LOCALHOST =~ remote_addr && LOCALHOST =~ remote_ip
     end
 
-    # Remove nils from the params hash
+    # Extracted into ActionDispatch::Request::Utils.deep_munge, but kept here for backwards compatibility.
     def deep_munge(hash)
-      hash.each do |k, v|
-        case v
-        when Array
-          v.grep(Hash) { |x| deep_munge(x) }
-          v.compact!
-          hash[k] = nil if v.empty?
-        when Hash
-          deep_munge(v)
-        end
-      end
+      ActiveSupport::Deprecation.warn(
+        "This method has been extracted into ActionDispatch::Request::Utils.deep_munge. Please start using that instead."
+      )
 
-      hash
+      Utils.deep_munge(hash)
     end
 
     protected
-
-    def parse_query(qs)
-      deep_munge(super)
-    end
+      def parse_query(qs)
+        Utils.deep_munge(super)
+      end
 
     private
-
-    def check_method(name)
-      HTTP_METHOD_LOOKUP[name] || raise(ActionController::UnknownHttpMethod, "#{name}, accepted HTTP methods are #{HTTP_METHODS[0...-1].join(', ')}, and #{HTTP_METHODS[-1]}")
-      name
-    end
+      def check_method(name)
+        HTTP_METHOD_LOOKUP[name] || raise(ActionController::UnknownHttpMethod, "#{name}, accepted HTTP methods are #{HTTP_METHODS.to_sentence(:locale => :en)}")
+        name
+      end
   end
 end

data/lib/action_dispatch/http/response.rb

@@ -1,4 +1,4 @@
-require 'active_support/core_ext/class/attribute_accessors'
+require 'active_support/core_ext/module/attribute_accessors'
 require 'monitor'
 
 module ActionDispatch # :nodoc:
@@ -31,10 +31,17 @@ module ActionDispatch # :nodoc:
   #    end
   #  end
   class Response
-    attr_accessor :request, :header
+    # The request that the response is responding to.
+    attr_accessor :request
+
+    # The HTTP status code.
     attr_reader :status
+
     attr_writer :sending_file
 
+    # Get and set headers for this response.
+    attr_accessor :header
+
     alias_method :headers=, :header=
     alias_method :headers,  :header
 
@@ -49,9 +56,12 @@ module ActionDispatch # :nodoc:
     # If a character set has been defined for this response (see charset=) then
     # the character set information will also be included in the content type
     # information.
-    attr_accessor :charset
     attr_reader   :content_type
 
+    # The charset of the response. HTML wants to know the encoding of the
+    # content you're giving them, so we need to send that along.
+    attr_accessor :charset
+
     CONTENT_TYPE = "Content-Type".freeze
     SET_COOKIE   = "Set-Cookie".freeze
     LOCATION     = "Location".freeze
@@ -93,6 +103,7 @@ module ActionDispatch # :nodoc:
       end
     end
 
+    # The underlying body, as a streamable object.
     attr_reader :stream
 
     def initialize(status = 200, header = {}, body = [])
@@ -142,6 +153,7 @@ module ActionDispatch # :nodoc:
       @status = Rack::Utils.status_code(status)
     end
 
+    # Sets the HTTP content type.
     def content_type=(content_type)
       @content_type = content_type.to_s
     end
@@ -171,7 +183,7 @@ module ActionDispatch # :nodoc:
 
     def respond_to?(method, include_private = false)
       if method.to_s == 'to_path'
-        stream.respond_to?(:to_path)
+        stream.respond_to?(method)
       else
         super
       end
@@ -218,11 +230,13 @@ module ActionDispatch # :nodoc:
       ::Rack::Utils.delete_cookie_header!(header, key, value)
     end
 
+    # The location header we'll be responding with.
     def location
       headers[LOCATION]
     end
     alias_method :redirect_url, :location
 
+    # Sets the location header we'll be responding with.
     def location=(url)
       headers[LOCATION] = url
     end
@@ -231,11 +245,13 @@ module ActionDispatch # :nodoc:
       stream.close if stream.respond_to?(:close)
     end
 
+    # Turns the Response into a Rack-compatible array of the status, headers,
+    # and body.
     def to_a
       rack_response @status, @header.to_hash
     end
     alias prepare! to_a
-    alias to_ary   to_a # For implicit splat on 1.9.2
+    alias to_ary   to_a
 
     # Returns the response cookies, converted to a Hash of (name => value) pairs
     #
@@ -254,9 +270,6 @@ module ActionDispatch # :nodoc:
       cookies
     end
 
-    def _status_code
-      @status
-    end
   private
 
     def merge_default_headers(original, default)

data/lib/action_dispatch/http/upload.rb

@@ -73,18 +73,5 @@ module ActionDispatch
         filename.force_encoding(Encoding::UTF_8).encode! if filename
       end
     end
-
-    module Upload # :nodoc:
-      # Replace file upload hash with UploadedFile objects
-      # when normalize and encode parameters.
-      def normalize_encode_params(value)
-        if Hash === value && value.has_key?(:tempfile)
-          UploadedFile.new(value)
-        else
-          super
-        end
-      end
-      private :normalize_encode_params
-    end
   end
 end

data/lib/action_dispatch/http/url.rb

@@ -34,15 +34,19 @@ module ActionDispatch
           path  = options.delete(:script_name).to_s.chomp("/")
           path << options.delete(:path).to_s
 
-          add_trailing_slash(path) if options[:trailing_slash]
-
           params = options[:params].is_a?(Hash) ? options[:params] : options.slice(:params)
           params.reject! { |_,v| v.to_param.nil? }
 
           result = build_host_url(options)
-
-          result << path
-
+          if options[:trailing_slash]
+            if path.include?('?')
+              result << path.sub(/\?/, '/\&')
+            else
+              result << path.sub(/[^\/]\z|\A\z/, '\&/')
+            end
+          else
+            result << path
+          end
           result << "?#{params.to_query}" unless params.empty?
           result << "##{Journey::Router::Utils.escape_fragment(options[:anchor].to_param.to_s)}" if options[:anchor]
           result
@@ -50,18 +54,6 @@ module ActionDispatch
 
         private
 
-        def add_trailing_slash(path)
-          # includes querysting
-          if path.include?('?')
-            path.sub!(/\?/, '/\&')
-          # does not have a .format
-          elsif !path.include?(".")
-            path.sub!(/[^\/]\z|\A\z/, '\&/')
-          end
-
-          path
-        end
-
         def build_host_url(options)
           if options[:host].blank? && options[:only_path].blank?
             raise ArgumentError, 'Missing host to link to! Please provide the :host parameter, set default_url_options[:host], or set :only_path to true'
@@ -138,7 +130,7 @@ module ActionDispatch
 
           case options[:protocol]
           when "//"
-            options[:port]
+            nil
           when "https://"
             options[:port].to_i == 443 ? nil : options[:port]
           else