actionpack 4.2.11.1 → 5.2.4.3

data/lib/action_dispatch/middleware/stack.rb

@@ -1,28 +1,20 @@
+# frozen_string_literal: true
+
 require "active_support/inflector/methods"
 require "active_support/dependencies"
 
 module ActionDispatch
   class MiddlewareStack
     class Middleware
-      attr_reader :args, :block, :name, :classcache
-
-      def initialize(klass_or_name, *args, &block)
-        @klass = nil
-
-        if klass_or_name.respond_to?(:name)
-          @klass = klass_or_name
-          @name  = @klass.name
-        else
-          @name  = klass_or_name.to_s
-        end
+      attr_reader :args, :block, :klass
 
-        @classcache = ActiveSupport::Dependencies::Reference
-        @args, @block = args, block
+      def initialize(klass, args, block)
+        @klass = klass
+        @args  = args
+        @block = block
       end
 
-      def klass
-        @klass || classcache[@name]
-      end
+      def name; klass.name; end
 
       def ==(middleware)
         case middleware
@@ -30,24 +22,20 @@ module ActionDispatch
           klass == middleware.klass
         when Class
           klass == middleware
-        else
-          normalize(@name) == normalize(middleware)
         end
       end
 
       def inspect
-        klass.to_s
+        if klass.is_a?(Class)
+          klass.to_s
+        else
+          klass.class.to_s
+        end
       end
 
       def build(app)
         klass.new(app, *args, &block)
       end
-
-    private
-
-      def normalize(object)
-        object.to_s.strip.sub(/^::/, '')
-      end
     end
 
     include Enumerable
@@ -75,19 +63,17 @@ module ActionDispatch
       middlewares[i]
     end
 
-    def unshift(*args, &block)
-      middleware = self.class::Middleware.new(*args, &block)
-      middlewares.unshift(middleware)
+    def unshift(klass, *args, &block)
+      middlewares.unshift(build_middleware(klass, args, block))
     end
 
     def initialize_copy(other)
       self.middlewares = other.middlewares.dup
     end
 
-    def insert(index, *args, &block)
+    def insert(index, klass, *args, &block)
       index = assert_index(index, :before)
-      middleware = self.class::Middleware.new(*args, &block)
-      middlewares.insert(index, middleware)
+      middlewares.insert(index, build_middleware(klass, args, block))
     end
 
     alias_method :insert_before, :insert
@@ -104,26 +90,27 @@ module ActionDispatch
     end
 
     def delete(target)
-      middlewares.delete target
+      middlewares.delete_if { |m| m.klass == target }
     end
 
-    def use(*args, &block)
-      middleware = self.class::Middleware.new(*args, &block)
-      middlewares.push(middleware)
+    def use(klass, *args, &block)
+      middlewares.push(build_middleware(klass, args, block))
     end
 
     def build(app = nil, &block)
-      app ||= block
-      raise "MiddlewareStack#build requires an app" unless app
-      middlewares.freeze.reverse.inject(app) { |a, e| e.build(a) }
+      middlewares.freeze.reverse.inject(app || block) { |a, e| e.build(a) }
     end
 
-  protected
+    private
 
-    def assert_index(index, where)
-      i = index.is_a?(Integer) ? index : middlewares.index(index)
-      raise "No such middleware to insert #{where}: #{index.inspect}" unless i
-      i
-    end
+      def assert_index(index, where)
+        i = index.is_a?(Integer) ? index : middlewares.index { |m| m.klass == index }
+        raise "No such middleware to insert #{where}: #{index.inspect}" unless i
+        i
+      end
+
+      def build_middleware(klass, args, block)
+        Middleware.new(klass, args, block)
+      end
   end
 end

data/lib/action_dispatch/middleware/static.rb

@@ -1,35 +1,41 @@
-require 'rack/utils'
-require 'active_support/core_ext/uri'
+# frozen_string_literal: true
+
+require "rack/utils"
+require "active_support/core_ext/uri"
 
 module ActionDispatch
   # This middleware returns a file's contents from disk in the body response.
-  # When initialized it can accept an optional 'Cache-Control' header which
-  # will be set when a response containing a file's contents is delivered.
+  # When initialized, it can accept optional HTTP headers, which will be set
+  # when a response containing a file's contents is delivered.
   #
-  # This middleware will render the file specified in `env["PATH_INFO"]`
-  # where the base path is in the +root+ directory. For example if the +root+
-  # is set to `public/` then a request with `env["PATH_INFO"]` of
-  # `assets/application.js` will return a response with contents of a file
-  # located at `public/assets/application.js` if the file exists. If the file
-  # does not exist a 404 "File not Found" response will be returned.
+  # This middleware will render the file specified in <tt>env["PATH_INFO"]</tt>
+  # where the base path is in the +root+ directory. For example, if the +root+
+  # is set to +public/+, then a request with <tt>env["PATH_INFO"]</tt> of
+  # +assets/application.js+ will return a response with the contents of a file
+  # located at +public/assets/application.js+ if the file exists. If the file
+  # does not exist, a 404 "File not Found" response will be returned.
   class FileHandler
-    def initialize(root, cache_control)
-      @root          = root.chomp('/')
-      @compiled_root = /^#{Regexp.escape(root)}/
-      headers        = cache_control && { 'Cache-Control' => cache_control }
-      @file_server = ::Rack::File.new(@root, headers)
+    def initialize(root, index: "index", headers: {})
+      @root          = root.chomp("/").b
+      @file_server   = ::Rack::File.new(@root, headers)
+      @index         = index
     end
 
+    # Takes a path to a file. If the file is found, has valid encoding, and has
+    # correct read permissions, the return value is a URI-escaped string
+    # representing the filename. Otherwise, false is returned.
+    #
+    # Used by the +Static+ class to check the existence of a valid file
+    # in the server's +public/+ directory (see Static#call).
     def match?(path)
-      path = URI.parser.unescape(path)
-      return false unless valid_path?(path)
+      path = ::Rack::Utils.unescape_path path
+      return false unless ::Rack::Utils.valid_path? path
+      path = ::Rack::Utils.clean_path_info path
 
-      paths = [path, "#{path}#{ext}", "#{path}/index#{ext}"].map { |v|
-        Rack::Utils.clean_path_info v
-      }
+      paths = [path, "#{path}#{ext}", "#{path}/#{@index}#{ext}"]
 
       if match = paths.detect { |p|
-        path = File.join(@root, p.force_encoding('UTF-8'))
+        path = File.join(@root, p.b)
         begin
           File.file?(path) && File.readable?(path)
         rescue SystemCallError
@@ -37,31 +43,35 @@ module ActionDispatch
         end
 
       }
-        return ::Rack::Utils.escape(match)
+        return ::Rack::Utils.escape_path(match).b
       end
     end
 
     def call(env)
-      path      = env['PATH_INFO']
+      serve(Rack::Request.new(env))
+    end
+
+    def serve(request)
+      path      = request.path_info
       gzip_path = gzip_file_path(path)
 
-      if gzip_path && gzip_encoding_accepted?(env)
-        env['PATH_INFO']            = gzip_path
-        status, headers, body       = @file_server.call(env)
+      if gzip_path && gzip_encoding_accepted?(request)
+        request.path_info           = gzip_path
+        status, headers, body       = @file_server.call(request.env)
         if status == 304
           return [status, headers, body]
         end
-        headers['Content-Encoding'] = 'gzip'
-        headers['Content-Type']     = content_type(path)
+        headers["Content-Encoding"] = "gzip"
+        headers["Content-Type"]     = content_type(path)
       else
-        status, headers, body = @file_server.call(env)
+        status, headers, body = @file_server.call(request.env)
       end
 
-      headers['Vary'] = 'Accept-Encoding' if gzip_path
+      headers["Vary"] = "Accept-Encoding" if gzip_path
 
       return [status, headers, body]
     ensure
-      env['PATH_INFO'] = path
+      request.path_info = path
     end
 
     private
@@ -70,54 +80,51 @@ module ActionDispatch
       end
 
       def content_type(path)
-        ::Rack::Mime.mime_type(::File.extname(path), 'text/plain')
+        ::Rack::Mime.mime_type(::File.extname(path), "text/plain".freeze)
       end
 
-      def gzip_encoding_accepted?(env)
-        env['HTTP_ACCEPT_ENCODING'] =~ /\bgzip\b/i
+      def gzip_encoding_accepted?(request)
+        request.accept_encoding.any? { |enc, quality| enc =~ /\bgzip\b/i }
       end
 
       def gzip_file_path(path)
         can_gzip_mime = content_type(path) =~ /\A(?:text\/|application\/javascript)/
         gzip_path     = "#{path}.gz"
-        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape(gzip_path)))
-          gzip_path
+        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape_path(gzip_path).b))
+          gzip_path.b
         else
           false
         end
       end
-
-      def valid_path?(path)
-        path.valid_encoding? && !path.include?("\0")
-      end
   end
 
   # This middleware will attempt to return the contents of a file's body from
-  # disk in the response.  If a file is not found on disk, the request will be
+  # disk in the response. If a file is not found on disk, the request will be
   # delegated to the application stack. This middleware is commonly initialized
-  # to serve assets from a server's `public/` directory.
+  # to serve assets from a server's +public/+ directory.
   #
   # This middleware verifies the path to ensure that only files
   # living in the root directory can be rendered. A request cannot
   # produce a directory traversal using this middleware. Only 'GET' and 'HEAD'
   # requests will result in a file being returned.
   class Static
-    def initialize(app, path, cache_control=nil)
+    def initialize(app, path, index: "index", headers: {})
       @app = app
-      @file_handler = FileHandler.new(path, cache_control)
+      @file_handler = FileHandler.new(path, index: index, headers: headers)
     end
 
     def call(env)
-      case env['REQUEST_METHOD']
-      when 'GET', 'HEAD'
-        path = env['PATH_INFO'].chomp('/')
+      req = Rack::Request.new env
+
+      if req.get? || req.head?
+        path = req.path_info.chomp("/".freeze)
         if match = @file_handler.match?(path)
-          env["PATH_INFO"] = match
-          return @file_handler.call(env)
+          req.path_info = match
+          return @file_handler.serve(req)
         end
       end
 
-      @app.call(env)
+      @app.call(req.env)
     end
   end
 end

data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb

@@ -5,20 +5,8 @@
   <pre id="blame_trace" <%='style="display:none"' if hide %>><code><%= @exception.describe_blame %></code></pre>
 <% end %>
 
-<%
-  clean_params = @request.filtered_parameters.clone
-  clean_params.delete("action")
-  clean_params.delete("controller")
-
-  request_dump = clean_params.empty? ? 'None' : clean_params.inspect.gsub(',', ",\n")
-
-  def debug_hash(object)
-    object.to_hash.sort_by { |k, _| k.to_s }.map { |k, v| "#{k}: #{v.inspect rescue $!.message}" }.join("\n")
-  end unless self.class.method_defined?(:debug_hash)
-%>
-
 <h2 style="margin-top: 30px">Request</h2>
-<p><b>Parameters</b>:</p> <pre><%= request_dump %></pre>
+<p><b>Parameters</b>:</p> <pre><%= debug_params(@request.filtered_parameters) %></pre>
 
 <div class="details">
   <div class="summary"><a href="#" onclick="return toggleSessionDump()">Toggle session dump</a></div>
@@ -31,4 +19,4 @@
 </div>
 
 <h2 style="margin-top: 30px">Response</h2>
-<p><b>Headers</b>:</p> <pre><%= defined?(@response) ? @response.headers.inspect.gsub(',', ",\n") : 'None' %></pre>
+<p><b>Headers</b>:</p> <pre><%= debug_headers(defined?(@response) ? @response.headers : {}) %></pre>

data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb

@@ -0,0 +1,8 @@
+<% @source_extracts.first(3).each do |source_extract| %>
+<% if source_extract[:code] %>
+Extracted source (around line #<%= source_extract[:line_number] %>):
+
+<% source_extract[:code].each do |line, source| -%>
+<%= line == source_extract[:line_number] ? "*#{line}" : "##{line}" -%> <%= source -%><% end -%>
+<% end %>
+<% end %>

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb

@@ -0,0 +1,21 @@
+<header>
+  <h1>
+    <%= @exception.class.to_s %>
+    <% if @request.parameters['controller'] %>
+      in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
+    <% end %>
+  </h1>
+</header>
+
+<div id="container">
+  <h2>
+    <%= h @exception.message %>
+    <% if %r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}}.match?(@exception.message) %>
+      <br />To resolve this issue run: bin/rails active_storage:install
+    <% end %>
+  </h2>
+
+  <%= render template: "rescues/_source" %>
+  <%= render template: "rescues/_trace" %>
+  <%= render template: "rescues/_request_and_response" %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb

@@ -0,0 +1,13 @@
+<%= @exception.class.to_s %><%
+  if @request.parameters['controller']
+%> in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
+<% end %>
+
+<%= @exception.message %>
+<% if %r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}}.match?(@exception.message) %>
+To resolve this issue run: bin/rails active_storage:install
+<% end %>
+
+<%= render template: "rescues/_source" %>
+<%= render template: "rescues/_trace" %>
+<%= render template: "rescues/_request_and_response" %>

data/lib/action_dispatch/middleware/templates/rescues/layout.erb

@@ -106,6 +106,7 @@
 
     .line {
       padding-left: 10px;
+      white-space: pre;
     }
 
     .line:hover {

data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb

@@ -1,6 +1,6 @@
 <header>
   <h1>
-    <%= @exception.original_exception.class.to_s %> in
+    <%= @exception.cause.class.to_s %> in
     <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
   </h1>
 </header>

data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb

@@ -1,4 +1,4 @@
-<%= @exception.original_exception.class.to_s %> in <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
+<%= @exception.cause.class.to_s %> in <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
 
 Showing <%= @exception.file_name %> where line #<%= @exception.line_number %> raised:
 <%= @exception.message %>

data/lib/action_dispatch/middleware/templates/routes/_route.html.erb

@@ -4,13 +4,13 @@
       <%= route[:name] %><span class='helper'>_path</span>
     <% end %>
   </td>
-  <td data-route-verb='<%= route[:verb] %>'>
+  <td>
     <%= route[:verb] %>
   </td>
-  <td data-route-path='<%= route[:path] %>' data-regexp='<%= route[:regexp] %>'>
+  <td data-route-path='<%= route[:path] %>'>
     <%= route[:path] %>
   </td>
-  <td data-route-reqs='<%= route[:reqs] %>'>
-    <%= route[:reqs] %>
+  <td>
+    <%=simple_format route[:reqs] %>
   </td>
 </tr>

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -17,6 +17,10 @@
     line-height: 15px;
   }
 
+  #route_table thead tr.bottom th input#search {
+    -webkit-appearance: textfield;
+  }
+
   #route_table tbody tr {
     border-bottom: 1px solid #ddd;
   }
@@ -60,7 +64,7 @@
         <%= link_to "Path", "#", 'data-route-helper' => '_path',
                     title: "Returns a relative path (without the http or domain)" %> /
         <%= link_to "Url", "#", 'data-route-helper' => '_url',
-                    title: "Returns an absolute url (with the http and domain)"   %>
+                    title: "Returns an absolute URL (with the http and domain)"   %>
       </th>
       <th><%# HTTP Verb %>
       </th>
@@ -81,92 +85,87 @@
 </table>
 
 <script type='text/javascript'>
-  // Iterates each element through a function
-  function each(elems, func) {
-    if (!elems instanceof Array) { elems = [elems]; }
-    for (var i = 0, len = elems.length; i < len; i++) {
-      func(elems[i]);
-    }
-  }
-
-  // Sets innerHTML for an element
-  function setContent(elem, text) {
-    elem.innerHTML = text;
-  }
+  // support forEarch iterator on NodeList
+  NodeList.prototype.forEach = Array.prototype.forEach;
 
   // Enables path search functionality
   function setupMatchPaths() {
-    // Check if the user input (sanitized as a path) matches the regexp data attribute
-    function checkExactMatch(section, elem, value) {
-      var string = sanitizePath(value),
-          regexp = elem.getAttribute("data-regexp");
-
-      showMatch(string, regexp, section, elem);
-    }
-
-    // Check if the route path data attribute contains the user input
-    function checkFuzzyMatch(section, elem, value) {
-      var string = elem.getAttribute("data-route-path"),
-          regexp = value;
-
-      showMatch(string, regexp, section, elem);
+    // Check if there are any matched results in a section
+    function checkNoMatch(section, noMatchText) {
+      if (section.children.length <= 1) {
+        section.innerHTML += noMatchText;
+      }
     }
 
-    // Display the parent <tr> element in the appropriate section when there's a match
-    function showMatch(string, regexp, section, elem) {
-      if(string.match(RegExp(regexp))) {
-        section.appendChild(elem.parentNode.cloneNode(true));
-      }
+    // get JSON from URL and invoke callback with result
+    function getJSON(url, success) {
+      var xhr = new XMLHttpRequest();
+      xhr.open('GET', url);
+      xhr.onload = function() {
+        if (this.status == 200)
+          success(JSON.parse(this.response));
+      };
+      xhr.send();
     }
 
-    // Check if there are any matched results in a section
-    function checkNoMatch(section, defaultText, noMatchText) {
-      if (section.innerHTML === defaultText) {
-        setContent(section, defaultText + noMatchText);
+    function delayedKeyup(input, callback) {
+      var timeout;
+      input.onkeyup = function(){
+        if (timeout) clearTimeout(timeout);
+        timeout = setTimeout(callback, 300);
       }
     }
 
-    // Ensure path always starts with a slash "/" and remove params or fragments
+    // remove params or fragments
     function sanitizePath(path) {
-      var path = path.charAt(0) == '/' ? path : "/" + path;
-      return path.replace(/\#.*|\?.*/, '');
+      return path.replace(/[#?].*/, '');
     }
 
-    var regexpElems     = document.querySelectorAll('#route_table [data-regexp]'),
-        searchElem      = document.querySelector('#search'),
-        exactMatches    = document.querySelector('#exact_matches'),
-        fuzzyMatches    = document.querySelector('#fuzzy_matches');
+    var pathElements = document.querySelectorAll('#route_table [data-route-path]'),
+        searchElem   = document.querySelector('#search'),
+        exactSection = document.querySelector('#exact_matches'),
+        fuzzySection = document.querySelector('#fuzzy_matches');
 
     // Remove matches when no search value is present
     searchElem.onblur = function(e) {
       if (searchElem.value === "") {
-        setContent(exactMatches, "");
-        setContent(fuzzyMatches, "");
+        exactSection.innerHTML = "";
+        fuzzySection.innerHTML = "";
       }
     }
 
     // On key press perform a search for matching paths
-    searchElem.onkeyup = function(e){
-      var userInput         = searchElem.value,
-          defaultExactMatch = '<tr><th colspan="4">Paths Matching (' + escape(sanitizePath(userInput)) +'):</th></tr>',
-          defaultFuzzyMatch = '<tr><th colspan="4">Paths Containing (' + escape(userInput) +'):</th></tr>',
+    delayedKeyup(searchElem, function() {
+      var path = sanitizePath(searchElem.value),
+          defaultExactMatch = '<tr><th colspan="4">Paths Matching (' + path +'):</th></tr>',
+          defaultFuzzyMatch = '<tr><th colspan="4">Paths Containing (' + path +'):</th></tr>',
           noExactMatch      = '<tr><th colspan="4">No Exact Matches Found</th></tr>',
           noFuzzyMatch      = '<tr><th colspan="4">No Fuzzy Matches Found</th></tr>';
 
-      // Clear out results section
-      setContent(exactMatches, defaultExactMatch);
-      setContent(fuzzyMatches, defaultFuzzyMatch);
+      if (!path)
+        return searchElem.onblur();
 
-      // Display exact matches and fuzzy matches
-      each(regexpElems, function(elem) {
-        checkExactMatch(exactMatches, elem, userInput);
-        checkFuzzyMatch(fuzzyMatches, elem, userInput);
-      })
+      getJSON('/rails/info/routes?path=' + path, function(matches){
+        // Clear out results section
+        exactSection.innerHTML = defaultExactMatch;
+        fuzzySection.innerHTML = defaultFuzzyMatch;
 
-      // Display 'No Matches' message when no matches are found
-      checkNoMatch(exactMatches, defaultExactMatch, noExactMatch);
-      checkNoMatch(fuzzyMatches, defaultFuzzyMatch, noFuzzyMatch);
-    }
+        // Display exact matches and fuzzy matches
+        pathElements.forEach(function(elem) {
+          var elemPath = elem.getAttribute('data-route-path');
+
+          if (matches['exact'].indexOf(elemPath) != -1)
+            exactSection.appendChild(elem.parentNode.cloneNode(true));
+
+          if (matches['fuzzy'].indexOf(elemPath) != -1)
+            fuzzySection.appendChild(elem.parentNode.cloneNode(true));
+        })
+
+        // Display 'No Matches' message when no matches are found
+        checkNoMatch(exactSection, noExactMatch);
+        checkNoMatch(fuzzySection, noFuzzyMatch);
+      })
+    })
   }
 
   // Enables functionality to toggle between `_path` and `_url` helper suffixes
@@ -174,19 +173,20 @@
 
     // Sets content for each element
     function setValOn(elems, val) {
-      each(elems, function(elem) {
-        setContent(elem, val);
+      elems.forEach(function(elem) {
+        elem.innerHTML = val;
       });
     }
 
     // Sets onClick event for each element
     function onClick(elems, func) {
-      each(elems, function(elem) {
+      elems.forEach(function(elem) {
         elem.onclick = func;
       });
     }
 
     var toggleLinks = document.querySelectorAll('#route_table [data-route-helper]');
+
     onClick(toggleLinks, function(){
       var helperTxt   = this.getAttribute("data-route-helper"),
           helperElems = document.querySelectorAll('[data-route-name] span.helper');