actionpack 4.1.16 → 4.2.0.beta1

data/lib/action_dispatch/http/mime_negotiation.rb

@@ -54,8 +54,14 @@ module ActionDispatch
       end
 
       def formats
-        @env["action_dispatch.request.formats"] ||=
-          if parameters[:format]
+        @env["action_dispatch.request.formats"] ||= begin
+          params_readable = begin
+                              parameters[:format]
+                            rescue ActionController::BadRequest
+                              false
+                            end
+
+          if params_readable
             Array(Mime[parameters[:format]])
           elsif use_accept_header && valid_accept_header
             accepts
@@ -64,13 +70,13 @@ module ActionDispatch
           else
             [Mime::HTML]
           end
+        end
       end
-
       # Sets the \variant for template.
       def variant=(variant)
         if variant.is_a?(Symbol)
           @variant = [variant]
-        elsif variant.nil? || variant.is_a?(Array) && variant.any? && variant.all?{ |v| v.is_a?(Symbol) }
+        elsif variant.is_a?(Array) && variant.any? && variant.all?{ |v| v.is_a?(Symbol) }
           @variant = variant
         else
           raise ArgumentError, "request.variant must be set to a Symbol or an Array of Symbols, not a #{variant.class}. " \

data/lib/action_dispatch/http/mime_type.rb

@@ -23,7 +23,7 @@ module Mime
 
   SET              = Mimes.new
   EXTENSION_LOOKUP = {}
-  LOOKUP           = {}
+  LOOKUP           = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
 
   class << self
     def [](type)
@@ -146,7 +146,7 @@ module Mime
       end
 
       def lookup(string)
-        LOOKUP[string] || Type.new(string)
+        LOOKUP[string]
       end
 
       def lookup_by_extension(extension)
@@ -225,12 +225,9 @@ module Mime
       end
     end
 
-    attr_reader :hash
-
     def initialize(string, symbol = nil, synonyms = [])
       @symbol, @synonyms = symbol, synonyms
       @string = string
-      @hash = [@string, @synonyms, @symbol].hash
     end
 
     def to_s
@@ -264,13 +261,6 @@ module Mime
       end
     end
 
-    def eql?(other)
-      super || (self.class == other.class &&
-                @string    == other.string &&
-                @synonyms  == other.synonyms &&
-                @symbol    == other.symbol)
-    end
-
     def =~(mime_type)
       return false if mime_type.blank?
       regexp = Regexp.new(Regexp.quote(mime_type.to_s))
@@ -284,10 +274,6 @@ module Mime
     end
 
 
-    protected
-
-    attr_reader :string, :synonyms
-
     private
 
     def to_ary; end

data/lib/action_dispatch/http/parameter_filter.rb

@@ -56,7 +56,7 @@ module ActionDispatch
             elsif value.is_a?(Array)
               value = value.map { |v| v.is_a?(Hash) ? call(v) : v }
             elsif blocks.any?
-              key = key.dup if key.duplicable?
+              key = key.dup
               value = value.dup if value.duplicable?
               blocks.each { |b| b.call(key, value) }
             end

data/lib/action_dispatch/http/parameters.rb

@@ -1,13 +1,11 @@
 require 'active_support/core_ext/hash/keys'
 require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/deprecation'
 
 module ActionDispatch
   module Http
     module Parameters
-      def initialize(env)
-        super
-        @symbolized_path_params = nil
-      end
+      PARAMETERS_KEY = 'action_dispatch.request.path_parameters'
 
       # Returns both GET and POST \parameters in a single hash.
       def parameters
@@ -18,55 +16,42 @@ module ActionDispatch
             query_parameters.dup
           end
           params.merge!(path_parameters)
-          params.with_indifferent_access
         end
       end
       alias :params :parameters
 
       def path_parameters=(parameters) #:nodoc:
-        @symbolized_path_params = nil
-        @env.delete("action_dispatch.request.parameters")
-        @env["action_dispatch.request.path_parameters"] = parameters
+        @env.delete('action_dispatch.request.parameters')
+        @env[PARAMETERS_KEY] = parameters
       end
 
-      # The same as <tt>path_parameters</tt> with explicitly symbolized keys.
       def symbolized_path_parameters
-        @symbolized_path_params ||= path_parameters.symbolize_keys
+        ActiveSupport::Deprecation.warn(
+          "`symbolized_path_parameters` is deprecated. Please use `path_parameters`"
+        )
+        path_parameters
       end
 
       # Returns a hash with the \parameters used to form the \path of the request.
       # Returned hash keys are strings:
       #
       #   {'action' => 'my_action', 'controller' => 'my_controller'}
-      #
-      # See <tt>symbolized_path_parameters</tt> for symbolized keys.
       def path_parameters
-        @env["action_dispatch.request.path_parameters"] ||= {}
-      end
-
-      def reset_parameters #:nodoc:
-        @env.delete("action_dispatch.request.parameters")
+        @env[PARAMETERS_KEY] ||= {}
       end
 
     private
 
-      # Convert nested Hash to HashWithIndifferentAccess
-      # and UTF-8 encode both keys and values in nested Hash.
+      # Convert nested Hash to HashWithIndifferentAccess.
       #
-      # TODO: Validate that the characters are UTF-8. If they aren't,
-      # you'll get a weird error down the road, but our form handling
-      # should really prevent that from happening
       def normalize_encode_params(params)
         case params
-        when String
-          params.force_encoding(Encoding::UTF_8).encode!
         when Hash
           if params.has_key?(:tempfile)
             UploadedFile.new(params)
           else
             params.each_with_object({}) do |(key, val), new_hash|
-              new_key = key.is_a?(String) ? key.dup.force_encoding(Encoding::UTF_8).encode! : key
-              new_hash[new_key] = if val.is_a?(Array)
+              new_hash[key] = if val.is_a?(Array)
                 val.map! { |el| normalize_encode_params(el) }
               else
                 normalize_encode_params(val)

data/lib/action_dispatch/http/request.rb

@@ -23,7 +23,7 @@ module ActionDispatch
     autoload :Session, 'action_dispatch/request/session'
     autoload :Utils,   'action_dispatch/request/utils'
 
-    LOCALHOST   = Regexp.union [/^127\.0\.0\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/]
+    LOCALHOST   = Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/]
 
     ENV_METHODS = %w[ AUTH_TYPE GATEWAY_INTERFACE
         PATH_TRANSLATED REMOTE_HOST
@@ -53,6 +53,17 @@ module ActionDispatch
       @uuid              = nil
     end
 
+    def check_path_parameters!
+      # If any of the path parameters has an invalid encoding then
+      # raise since it's likely to trigger errors further on.
+      path_parameters.each do |key, value|
+        next unless value.respond_to?(:valid_encoding?)
+        unless value.valid_encoding?
+          raise ActionController::BadRequest, "Invalid parameter: #{key} => #{value}"
+        end
+      end
+    end
+
     def key?(key)
       @env.key?(key)
     end
@@ -64,6 +75,7 @@ module ActionDispatch
     # Ordered Collections Protocol (WebDAV) (http://www.ietf.org/rfc/rfc3648.txt)
     # Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol (http://www.ietf.org/rfc/rfc3744.txt)
     # Web Distributed Authoring and Versioning (WebDAV) SEARCH (http://www.ietf.org/rfc/rfc5323.txt)
+    # Calendar Extensions to WebDAV (http://www.ietf.org/rfc/rfc4791.txt)
     # PATCH Method for HTTP (http://www.ietf.org/rfc/rfc5789.txt)
     RFC2616 = %w(OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT)
     RFC2518 = %w(PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK)
@@ -71,9 +83,10 @@ module ActionDispatch
     RFC3648 = %w(ORDERPATCH)
     RFC3744 = %w(ACL)
     RFC5323 = %w(SEARCH)
+    RFC4791 = %w(MKCALENDAR)
     RFC5789 = %w(PATCH)
 
-    HTTP_METHODS = RFC2616 + RFC2518 + RFC3253 + RFC3648 + RFC3744 + RFC5323 + RFC5789
+    HTTP_METHODS = RFC2616 + RFC2518 + RFC3253 + RFC3648 + RFC3744 + RFC5323 + RFC4791 + RFC5789
 
     HTTP_METHOD_LOOKUP = {}
 
@@ -152,6 +165,13 @@ module ActionDispatch
       Http::Headers.new(@env)
     end
 
+    # Returns a +String+ with the last requested path including their params.
+    #
+    #    # get '/foo'
+    #    request.original_fullpath # => '/foo'
+    #
+    #    # get '/foo?bar'
+    #    request.original_fullpath # => '/foo?bar'
     def original_fullpath
       @original_fullpath ||= (env["ORIGINAL_FULLPATH"] || fullpath)
     end
@@ -189,8 +209,8 @@ module ActionDispatch
     end
 
     # Returns true if the "X-Requested-With" header contains "XMLHttpRequest"
-    # (case-insensitive). All major JavaScript libraries send this header with
-    # every Ajax request.
+    # (case-insensitive), which may need to be manually added depending on the
+    # choice of JavaScript libraries and frameworks.
     def xml_http_request?
       @env['HTTP_X_REQUESTED_WITH'] =~ /XMLHttpRequest/i
     end
@@ -205,7 +225,7 @@ module ActionDispatch
       @remote_ip ||= (@env["action_dispatch.remote_ip"] || ip).to_s
     end
 
-    # Returns the unique request id, which is based off either the X-Request-Id header that can
+    # Returns the unique request id, which is based on either the X-Request-Id header that can
     # be generated by a firewall, load balancer, or web server or by the RequestId middleware
     # (which sets the action_dispatch.request_id environment variable).
     #
@@ -271,16 +291,16 @@ module ActionDispatch
 
     # Override Rack's GET method to support indifferent access
     def GET
-      @env["action_dispatch.request.query_parameters"] ||= Utils.deep_munge((normalize_encode_params(super) || {}))
-    rescue TypeError => e
+      @env["action_dispatch.request.query_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {}))
+    rescue TypeError, Rack::Utils::InvalidParameterError => e
       raise ActionController::BadRequest.new(:query, e)
     end
     alias :query_parameters :GET
 
     # Override Rack's POST method to support indifferent access
     def POST
-      @env["action_dispatch.request.request_parameters"] ||= Utils.deep_munge((normalize_encode_params(super) || {}))
-    rescue TypeError => e
+      @env["action_dispatch.request.request_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {}))
+    rescue TypeError, Rack::Utils::InvalidParameterError => e
       raise ActionController::BadRequest.new(:request, e)
     end
     alias :request_parameters :POST
@@ -315,7 +335,7 @@ module ActionDispatch
 
     private
       def check_method(name)
-        HTTP_METHOD_LOOKUP[name] || raise(ActionController::UnknownHttpMethod, "#{name}, accepted HTTP methods are #{HTTP_METHODS[0...-1].join(', ')}, and #{HTTP_METHODS[-1]}")
+        HTTP_METHOD_LOOKUP[name] || raise(ActionController::UnknownHttpMethod, "#{name}, accepted HTTP methods are #{HTTP_METHODS.to_sentence(:locale => :en)}")
         name
       end
   end

data/lib/action_dispatch/http/response.rb

@@ -97,6 +97,9 @@ module ActionDispatch # :nodoc:
         x
       end
 
+      def abort
+      end
+
       def close
         @response.commit!
         @closed = true
@@ -110,11 +113,10 @@ module ActionDispatch # :nodoc:
     # The underlying body, as a streamable object.
     attr_reader :stream
 
-    def initialize(status = 200, header = {}, body = [], options = {})
+    def initialize(status = 200, header = {}, body = [])
       super()
 
-      default_headers = options.fetch(:default_headers, self.class.default_headers)
-      header = merge_default_headers(header, default_headers)
+      header = merge_default_headers(header, self.class.default_headers)
 
       self.body, self.header, self.status = body, header, status
 
@@ -208,18 +210,6 @@ module ActionDispatch # :nodoc:
     end
     alias_method :status_message, :message
 
-    def respond_to?(method, include_private = false)
-      if method.to_s == 'to_path'
-        stream.respond_to?(method)
-      else
-        super
-      end
-    end
-
-    def to_path
-      stream.to_path
-    end
-
     # Returns the content of the response as a string. This contains the contents
     # of any calls to <tt>render</tt>.
     def body
@@ -272,6 +262,17 @@ module ActionDispatch # :nodoc:
       stream.close if stream.respond_to?(:close)
     end
 
+    def abort
+      if stream.respond_to?(:abort)
+        stream.abort
+      elsif stream.respond_to?(:close)
+        # `stream.close` should really be reserved for a close from the
+        # other direction, but we must fall back to it for
+        # compatibility.
+        stream.close
+      end
+    end
+
     # Turns the Response into a Rack-compatible array of the status, headers,
     # and body.
     def to_a
@@ -309,7 +310,9 @@ module ActionDispatch # :nodoc:
     end
 
     def merge_default_headers(original, default)
-      default.respond_to?(:merge) ? default.merge(original) : original
+      return original unless default.respond_to?(:merge)
+
+      default.merge(original)
     end
 
     def build_buffer(response, body)
@@ -336,6 +339,38 @@ module ActionDispatch # :nodoc:
       !@sending_file && @charset != false
     end
 
+    class RackBody
+      def initialize(response)
+        @response = response
+      end
+
+      def each(*args, &block)
+        @response.each(*args, &block)
+      end
+
+      def close
+        # Rack "close" maps to Response#abort, and *not* Response#close
+        # (which is used when the controller's finished writing)
+        @response.abort
+      end
+
+      def body
+        @response.body
+      end
+
+      def respond_to?(method, include_private = false)
+        if method.to_s == 'to_path'
+          @response.stream.respond_to?(method)
+        else
+          super
+        end
+      end
+
+      def to_path
+        @response.stream.to_path
+      end
+    end
+
     def rack_response(status, header)
       assign_default_content_type_and_charset!(header)
       handle_conditional_get!
@@ -346,7 +381,7 @@ module ActionDispatch # :nodoc:
         header.delete CONTENT_TYPE
         [status, header, []]
       else
-        [status, header, Rack::BodyProxy.new(self){}]
+        [status, header, RackBody.new(self)]
       end
     end
   end

data/lib/action_dispatch/http/upload.rb

@@ -18,6 +18,7 @@ module ActionDispatch
       # A +Tempfile+ object with the actual uploaded file. Note that some of
       # its interface is available directly.
       attr_accessor :tempfile
+      alias :to_io :tempfile
 
       # A string with the headers of the multipart request.
       attr_accessor :headers
@@ -26,7 +27,8 @@ module ActionDispatch
         @tempfile          = hash[:tempfile]
         raise(ArgumentError, ':tempfile is required') unless @tempfile
 
-        @original_filename = encode_filename(hash[:filename])
+        @original_filename = hash[:filename]
+        @original_filename &&= @original_filename.encode "UTF-8"
         @content_type      = hash[:type]
         @headers           = hash[:head]
       end
@@ -65,13 +67,6 @@ module ActionDispatch
       def eof?
         @tempfile.eof?
       end
-
-      private
-
-      def encode_filename(filename)
-        # Encode the filename in the utf8 encoding, unless it is nil
-        filename.force_encoding(Encoding::UTF_8).encode! if filename
-      end
     end
   end
 end

data/lib/action_dispatch/http/url.rb

@@ -5,51 +5,81 @@ module ActionDispatch
   module Http
     module URL
       IP_HOST_REGEXP  = /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
-      HOST_REGEXP     = /(^.*:\/\/)?([^:]+)(?::(\d+$))?/
+      HOST_REGEXP     = /(^[^:]+:\/\/)?([^:]+)(?::(\d+$))?/
       PROTOCOL_REGEXP = /^([^:]+)(:)?(\/\/)?$/
 
       mattr_accessor :tld_length
       self.tld_length = 1
 
       class << self
-        def extract_domain(host, tld_length = @@tld_length)
-          host.split('.').last(1 + tld_length).join('.') if named_host?(host)
+        def extract_domain(host, tld_length)
+          extract_domain_from(host, tld_length) if named_host?(host)
         end
 
-        def extract_subdomains(host, tld_length = @@tld_length)
+        def extract_subdomains(host, tld_length)
           if named_host?(host)
-            parts = host.split('.')
-            parts[0..-(tld_length + 2)]
+            extract_subdomains_from(host, tld_length)
           else
             []
           end
         end
 
-        def extract_subdomain(host, tld_length = @@tld_length)
+        def extract_subdomain(host, tld_length)
           extract_subdomains(host, tld_length).join('.')
         end
 
-        def url_for(options = {})
-          options = options.dup
-          path  = options.delete(:script_name).to_s.chomp("/")
-          path << options.delete(:path).to_s
+        def url_for(options)
+          if options[:only_path]
+            path_for options
+          else
+            full_url_for options
+          end
+        end
 
-          add_trailing_slash(path) if options[:trailing_slash]
+        def full_url_for(options)
+          host     = options[:host]
+          protocol = options[:protocol]
+          port     = options[:port]
 
-          params = options[:params].is_a?(Hash) ? options[:params] : options.slice(:params)
-          params.reject! { |_,v| v.to_param.nil? }
+          unless host
+            raise ArgumentError, 'Missing host to link to! Please provide the :host parameter, set default_url_options[:host], or set :only_path to true'
+          end
 
-          result = build_host_url(options)
+          build_host_url(host, port, protocol, options, path_for(options))
+        end
 
-          result << path
+        def path_for(options)
+          path  = options[:script_name].to_s.chomp("/")
+          path << options[:path] if options.key?(:path)
 
-          result << "?#{params.to_query}" unless params.empty?
-          result << "##{Journey::Router::Utils.escape_fragment(options[:anchor].to_param.to_s)}" if options[:anchor]
-          result
+          add_trailing_slash(path) if options[:trailing_slash]
+          add_params(path, options[:params]) if options.key?(:params)
+          add_anchor(path, options[:anchor]) if options.key?(:anchor)
+
+          path
         end
 
         private
 
+        def add_params(path, params)
+          params = { params: params } unless params.is_a?(Hash)
+          params.reject! { |_,v| v.to_param.nil? }
+          path << "?#{params.to_query}" unless params.empty?
+        end
+
+        def add_anchor(path, anchor)
+          path << "##{Journey::Router::Utils.escape_fragment(anchor.to_param.to_s)}"
+        end
+
+        def extract_domain_from(host, tld_length)
+          host.split('.').last(1 + tld_length).join('.')
+        end
+
+        def extract_subdomains_from(host, tld_length)
+          parts = host.split('.')
+          parts[0..-(tld_length + 2)]
+        end
+
         def add_trailing_slash(path)
           # includes querysting
           if path.include?('?')
@@ -58,54 +88,38 @@ module ActionDispatch
           elsif !path.include?(".")
             path.sub!(/[^\/]\z|\A\z/, '\&/')
           end
-
-          path
         end
 
-        def build_host_url(options)
-          if options[:host].blank? && options[:only_path].blank?
-            raise ArgumentError, 'Missing host to link to! Please provide the :host parameter, set default_url_options[:host], or set :only_path to true'
+        def build_host_url(host, port, protocol, options, path)
+          if match = host.match(HOST_REGEXP)
+            protocol ||= match[1] unless protocol == false
+            host       = match[2]
+            port       = match[3] unless options.key? :port
           end
 
-          result = ""
+          protocol = normalize_protocol protocol
+          host     = normalize_host(host, options)
 
-          unless options[:only_path]
-            if match = options[:host].match(HOST_REGEXP)
-              options[:protocol] ||= match[1] unless options[:protocol] == false
-              options[:host]       = match[2]
-              options[:port]       = match[3] unless options.key?(:port)
-            end
+          result = protocol.dup
 
-            options[:protocol] = normalize_protocol(options)
-            options[:host]     = normalize_host(options)
-            options[:port]     = normalize_port(options)
-
-            result << options[:protocol]
-            result << rewrite_authentication(options)
-            result << options[:host]
-            result << ":#{options[:port]}" if options[:port]
+          if options[:user] && options[:password]
+            result << "#{Rack::Utils.escape(options[:user])}:#{Rack::Utils.escape(options[:password])}@"
           end
-          result
-        end
 
-        def named_host?(host)
-          host && IP_HOST_REGEXP !~ host
-        end
+          result << host
+          normalize_port(port, protocol) { |normalized_port|
+            result << ":#{normalized_port}"
+          }
 
-        def same_host?(options)
-          (options[:subdomain] == true || !options.key?(:subdomain)) && options[:domain].nil?
+          result.concat path
         end
 
-        def rewrite_authentication(options)
-          if options[:user] && options[:password]
-            "#{Rack::Utils.escape(options[:user])}:#{Rack::Utils.escape(options[:password])}@"
-          else
-            ""
-          end
+        def named_host?(host)
+          IP_HOST_REGEXP !~ host
         end
 
-        def normalize_protocol(options)
-          case options[:protocol]
+        def normalize_protocol(protocol)
+          case protocol
           when nil
             "http://"
           when false, "//"
@@ -113,36 +127,39 @@ module ActionDispatch
           when PROTOCOL_REGEXP
             "#{$1}://"
           else
-            raise ArgumentError, "Invalid :protocol option: #{options[:protocol].inspect}"
+            raise ArgumentError, "Invalid :protocol option: #{protocol.inspect}"
           end
         end
 
-        def normalize_host(options)
-          return options[:host] if !named_host?(options[:host]) || same_host?(options)
+        def normalize_host(_host, options)
+          return _host unless named_host?(_host)
 
           tld_length = options[:tld_length] || @@tld_length
+          subdomain  = options.fetch :subdomain, true
+          domain     = options[:domain]
 
           host = ""
-          if options[:subdomain] == true || !options.key?(:subdomain)
-            host << extract_subdomain(options[:host], tld_length).to_param
-          elsif options[:subdomain].present?
-            host << options[:subdomain].to_param
+          if subdomain == true
+            return _host if domain.nil?
+
+            host << extract_subdomains_from(_host, tld_length).join('.')
+          elsif subdomain
+            host << subdomain.to_param
           end
           host << "." unless host.empty?
-          host << (options[:domain] || extract_domain(options[:host], tld_length))
+          host << (domain || extract_domain_from(_host, tld_length))
           host
         end
 
-        def normalize_port(options)
-          return nil if options[:port].nil? || options[:port] == false
+        def normalize_port(port, protocol)
+          return unless port
 
-          case options[:protocol]
-          when "//"
-            options[:port]
+          case protocol
+          when "//" then yield port
           when "https://"
-            options[:port].to_i == 443 ? nil : options[:port]
+            yield port unless port.to_i == 443
           else
-            options[:port].to_i == 80 ? nil : options[:port]
+            yield port unless port.to_i == 80
           end
         end
       end
@@ -165,7 +182,7 @@ module ActionDispatch
 
       # Returns the \host for this request, such as "example.com".
       def raw_host_with_port
-        if forwarded = env["HTTP_X_FORWARDED_HOST"].presence
+        if forwarded = env["HTTP_X_FORWARDED_HOST"]
           forwarded.split(/,\s?/).last
         else
           env['HTTP_HOST'] || "#{env['SERVER_NAME'] || env['SERVER_ADDR']}:#{env['SERVER_PORT']}"