actionpack 4.2.11.1 → 6.1.3.2

data/lib/action_dispatch/http/mime_type.rb

@@ -1,23 +1,35 @@
-require 'set'
-require 'singleton'
-require 'active_support/core_ext/module/attribute_accessors'
-require 'active_support/core_ext/string/starts_ends_with'
+# frozen_string_literal: true
+
+require "singleton"
+require "active_support/core_ext/symbol/starts_ends_with"
 
 module Mime
-  class Mimes < Array
-    def symbols
-      @symbols ||= map { |m| m.to_sym }
+  class Mimes
+    attr_reader :symbols
+
+    include Enumerable
+
+    def initialize
+      @mimes = []
+      @symbols = []
     end
 
-    %w(<< concat shift unshift push pop []= clear compact! collect!
-    delete delete_at delete_if flatten! map! insert reject! reverse!
-    replace slice! sort! uniq!).each do |method|
-      module_eval <<-CODE, __FILE__, __LINE__ + 1
-        def #{method}(*)
-          @symbols = nil
-          super
+    def each
+      @mimes.each { |x| yield x }
+    end
+
+    def <<(type)
+      @mimes << type
+      @symbols << type.to_sym
+    end
+
+    def delete_if
+      @mimes.delete_if do |x|
+        if yield x
+          @symbols.delete(x.to_sym)
+          true
         end
-      CODE
+      end
     end
   end
 
@@ -37,7 +49,7 @@ module Mime
     end
   end
 
-  # Encapsulates the notion of a mime type. Can be used at render time, for example, with:
+  # Encapsulates the notion of a MIME type. Can be used at render time, for example, with:
   #
   #   class PostsController < ActionController::Base
   #     def show
@@ -45,20 +57,17 @@ module Mime
   #
   #       respond_to do |format|
   #         format.html
-  #         format.ics { render text: @post.to_ics, mime_type: Mime::Type["text/calendar"]  }
+  #         format.ics { render body: @post.to_ics, mime_type: Mime::Type.lookup("text/calendar")  }
   #         format.xml { render xml: @post }
   #       end
   #     end
   #   end
   class Type
-    @@html_types = Set.new [:html, :all]
-    cattr_reader :html_types
-
     attr_reader :symbol
 
     @register_callbacks = []
 
-    # A simple helper class used in parsing the accept header
+    # A simple helper class used in parsing the accept header.
     class AcceptItem #:nodoc:
       attr_accessor :index, :name, :q
       alias :to_s :name
@@ -66,7 +75,7 @@ module Mime
       def initialize(index, name, q = nil)
         @index = index
         @name = name
-        q ||= 0.0 if @name == Mime::ALL.to_s # default wildcard match to end of list
+        q ||= 0.0 if @name == "*/*" # Default wildcard match to end of list.
         @q = ((q || 1.0).to_f * 100).to_i
       end
 
@@ -75,70 +84,58 @@ module Mime
         result = @index <=> item.index if result == 0
         result
       end
-
-      def ==(item)
-        @name == item.to_s
-      end
     end
 
-    class AcceptList < Array #:nodoc:
-      def assort!
-        sort!
+    class AcceptList #:nodoc:
+      def self.sort!(list)
+        list.sort!
 
-        # Take care of the broken text/xml entry by renaming or deleting it
+        text_xml_idx = find_item_by_name list, "text/xml"
+        app_xml_idx = find_item_by_name list, Mime[:xml].to_s
+
+        # Take care of the broken text/xml entry by renaming or deleting it.
         if text_xml_idx && app_xml_idx
-          app_xml.q = [text_xml.q, app_xml.q].max # set the q value to the max of the two
-          exchange_xml_items if app_xml_idx > text_xml_idx  # make sure app_xml is ahead of text_xml in the list
-          delete_at(text_xml_idx)                 # delete text_xml from the list
+          app_xml = list[app_xml_idx]
+          text_xml = list[text_xml_idx]
+
+          app_xml.q = [text_xml.q, app_xml.q].max # Set the q value to the max of the two.
+          if app_xml_idx > text_xml_idx  # Make sure app_xml is ahead of text_xml in the list.
+            list[app_xml_idx], list[text_xml_idx] = text_xml, app_xml
+            app_xml_idx, text_xml_idx = text_xml_idx, app_xml_idx
+          end
+          list.delete_at(text_xml_idx)  # Delete text_xml from the list.
         elsif text_xml_idx
-          text_xml.name = Mime::XML.to_s
+          list[text_xml_idx].name = Mime[:xml].to_s
         end
 
-        # Look for more specific XML-based types and sort them ahead of app/xml
+        # Look for more specific XML-based types and sort them ahead of app/xml.
         if app_xml_idx
+          app_xml = list[app_xml_idx]
           idx = app_xml_idx
 
-          while idx < length
-            type = self[idx]
+          while idx < list.length
+            type = list[idx]
             break if type.q < app_xml.q
 
-            if type.name.ends_with? '+xml'
-              self[app_xml_idx], self[idx] = self[idx], app_xml
-              @app_xml_idx = idx
+            if type.name.end_with? "+xml"
+              list[app_xml_idx], list[idx] = list[idx], app_xml
+              app_xml_idx = idx
             end
             idx += 1
           end
         end
 
-        map! { |i| Mime::Type.lookup(i.name) }.uniq!
-        to_a
+        list.map! { |i| Mime::Type.lookup(i.name) }.uniq!
+        list
       end
 
-      private
-        def text_xml_idx
-          @text_xml_idx ||= index('text/xml')
-        end
-
-        def app_xml_idx
-          @app_xml_idx ||= index(Mime::XML.to_s)
-        end
-
-        def text_xml
-          self[text_xml_idx]
-        end
-
-        def app_xml
-          self[app_xml_idx]
-        end
-
-        def exchange_xml_items
-          self[app_xml_idx], self[text_xml_idx] = text_xml, app_xml
-          @app_xml_idx, @text_xml_idx = text_xml_idx, app_xml_idx
-        end
+      def self.find_item_by_name(array, name)
+        array.index { |item| item.name == name }
+      end
     end
 
     class << self
-      TRAILING_STAR_REGEXP = /(text|application)\/\*/
+      TRAILING_STAR_REGEXP = /^(text|application)\/\*/
       PARAMETER_SEPARATOR_REGEXP = /;\s*\w+="?\w+"?/
 
       def register_callback(&block)
@@ -153,46 +150,48 @@ module Mime
         EXTENSION_LOOKUP[extension.to_s]
       end
 
-      # Registers an alias that's not used on mime type lookup, but can be referenced directly. Especially useful for
+      # Registers an alias that's not used on MIME type lookup, but can be referenced directly. Especially useful for
       # rendering different HTML versions depending on the user agent, like an iPhone.
       def register_alias(string, symbol, extension_synonyms = [])
         register(string, symbol, [], extension_synonyms, true)
       end
 
       def register(string, symbol, mime_type_synonyms = [], extension_synonyms = [], skip_lookup = false)
-        Mime.const_set(symbol.upcase, Type.new(string, symbol, mime_type_synonyms))
+        new_mime = Type.new(string, symbol, mime_type_synonyms)
 
-        new_mime = Mime.const_get(symbol.upcase)
         SET << new_mime
 
-        ([string] + mime_type_synonyms).each { |str| LOOKUP[str] = SET.last } unless skip_lookup
-        ([symbol] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext.to_s] = SET.last }
+        ([string] + mime_type_synonyms).each { |str| LOOKUP[str] = new_mime } unless skip_lookup
+        ([symbol] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext.to_s] = new_mime }
 
         @register_callbacks.each do |callback|
           callback.call(new_mime)
         end
+        new_mime
       end
 
       def parse(accept_header)
-        if !accept_header.include?(',')
+        if !accept_header.include?(",")
           accept_header = accept_header.split(PARAMETER_SEPARATOR_REGEXP).first
+          return [] unless accept_header
           parse_trailing_star(accept_header) || [Mime::Type.lookup(accept_header)].compact
         else
-          list, index = AcceptList.new, 0
-          accept_header.split(',').each do |header|
+          list, index = [], 0
+          accept_header.split(",").each do |header|
             params, q = header.split(PARAMETER_SEPARATOR_REGEXP)
-            if params.present?
-              params.strip!
 
-              params = parse_trailing_star(params) || [params]
+            next unless params
+            params.strip!
+            next if params.empty?
+
+            params = parse_trailing_star(params) || [params]
 
-              params.each do |m|
-                list << AcceptItem.new(index, m.to_s, q)
-                index += 1
-              end
+            params.each do |m|
+              list << AcceptItem.new(index, m.to_s, q)
+              index += 1
             end
           end
-          list.assort!
+          AcceptList.sort! list
         end
       end
 
@@ -200,34 +199,44 @@ module Mime
         parse_data_with_trailing_star($1) if accept_header =~ TRAILING_STAR_REGEXP
       end
 
-      # For an input of <tt>'text'</tt>, returns <tt>[Mime::JSON, Mime::XML, Mime::ICS,
-      # Mime::HTML, Mime::CSS, Mime::CSV, Mime::JS, Mime::YAML, Mime::TEXT]</tt>.
+      # For an input of <tt>'text'</tt>, returns <tt>[Mime[:json], Mime[:xml], Mime[:ics],
+      # Mime[:html], Mime[:css], Mime[:csv], Mime[:js], Mime[:yaml], Mime[:text]</tt>.
       #
-      # For an input of <tt>'application'</tt>, returns <tt>[Mime::HTML, Mime::JS,
-      # Mime::XML, Mime::YAML, Mime::ATOM, Mime::JSON, Mime::RSS, Mime::URL_ENCODED_FORM]</tt>.
-      def parse_data_with_trailing_star(input)
-        Mime::SET.select { |m| m =~ input }
+      # For an input of <tt>'application'</tt>, returns <tt>[Mime[:html], Mime[:js],
+      # Mime[:xml], Mime[:yaml], Mime[:atom], Mime[:json], Mime[:rss], Mime[:url_encoded_form]</tt>.
+      def parse_data_with_trailing_star(type)
+        Mime::SET.select { |m| m.match?(type) }
       end
 
       # This method is opposite of register method.
       #
-      # Usage:
+      # To unregister a MIME type:
       #
       #   Mime::Type.unregister(:mobile)
       def unregister(symbol)
-        symbol = symbol.upcase
-        mime = Mime.const_get(symbol)
-        Mime.instance_eval { remove_const(symbol) }
-
-        SET.delete_if { |v| v.eql?(mime) }
-        LOOKUP.delete_if { |_,v| v.eql?(mime) }
-        EXTENSION_LOOKUP.delete_if { |_,v| v.eql?(mime) }
+        symbol = symbol.downcase
+        if mime = Mime[symbol]
+          SET.delete_if { |v| v.eql?(mime) }
+          LOOKUP.delete_if { |_, v| v.eql?(mime) }
+          EXTENSION_LOOKUP.delete_if { |_, v| v.eql?(mime) }
+        end
       end
     end
 
     attr_reader :hash
 
+    MIME_NAME = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}"
+    MIME_PARAMETER_KEY = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}"
+    MIME_PARAMETER_VALUE = "#{Regexp.escape('"')}?[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}#{Regexp.escape('"')}?"
+    MIME_PARAMETER = "\s*\;\s*#{MIME_PARAMETER_KEY}(?:\=#{MIME_PARAMETER_VALUE})?"
+    MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME})(?>\s*#{MIME_PARAMETER}\s*)*)\z/
+
+    class InvalidMimeType < StandardError; end
+
     def initialize(string, symbol = nil, synonyms = [])
+      unless MIME_REGEXP.match?(string)
+        raise InvalidMimeType, "#{string.inspect} is not a valid MIME type"
+      end
       @symbol, @synonyms = symbol, synonyms
       @string = string
       @hash = [@string, @synonyms, @symbol].hash
@@ -246,7 +255,7 @@ module Mime
     end
 
     def ref
-      to_sym || to_s
+      symbol || to_s
     end
 
     def ===(list)
@@ -258,7 +267,7 @@ module Mime
     end
 
     def ==(mime_type)
-      return false if mime_type.blank?
+      return false unless mime_type
       (@synonyms + [ self ]).any? do |synonym|
         synonym.to_s == mime_type.to_s || synonym.to_sym == mime_type.to_sym
       end
@@ -272,40 +281,59 @@ module Mime
     end
 
     def =~(mime_type)
-      return false if mime_type.blank?
+      return false unless mime_type
       regexp = Regexp.new(Regexp.quote(mime_type.to_s))
-      (@synonyms + [ self ]).any? do |synonym|
-        synonym.to_s =~ regexp
-      end
+      @synonyms.any? { |synonym| synonym.to_s =~ regexp } || @string =~ regexp
+    end
+
+    def match?(mime_type)
+      return false unless mime_type
+      regexp = Regexp.new(Regexp.quote(mime_type.to_s))
+      @synonyms.any? { |synonym| synonym.to_s.match?(regexp) } || @string.match?(regexp)
     end
 
     def html?
-      @@html_types.include?(to_sym) || @string =~ /html/
+      (symbol == :html) || /html/.match?(@string)
     end
 
+    def all?; false; end
 
     protected
-
-    attr_reader :string, :synonyms
+      attr_reader :string, :synonyms
 
     private
+      def to_ary; end
+      def to_a; end
 
-    def to_ary; end
-    def to_a; end
+      def method_missing(method, *args)
+        if method.end_with?("?")
+          method[0..-2].downcase.to_sym == to_sym
+        else
+          super
+        end
+      end
 
-    def method_missing(method, *args)
-      if method.to_s.ends_with? '?'
-        method[0..-2].downcase.to_sym == to_sym
-      else
-        super
+      def respond_to_missing?(method, include_private = false)
+        method.end_with?("?") || super
       end
-    end
+  end
+
+  class AllType < Type
+    include Singleton
 
-    def respond_to_missing?(method, include_private = false) #:nodoc:
-      method.to_s.ends_with? '?'
+    def initialize
+      super "*/*", nil
     end
+
+    def all?; true; end
+    def html?; true; end
   end
 
+  # ALL isn't a real MIME type, so we don't register it for lookup with the
+  # other concrete types. It's a wildcard match that we use for +respond_to+
+  # negotiation internals.
+  ALL = AllType.instance
+
   class NullType
     include Singleton
 
@@ -313,17 +341,21 @@ module Mime
       true
     end
 
-    def ref; end
-
-    def respond_to_missing?(method, include_private = false)
-      method.to_s.ends_with? '?'
+    def to_s
+      ""
     end
 
+    def ref; end
+
     private
-    def method_missing(method, *args)
-      false if method.to_s.ends_with? '?'
-    end
+      def respond_to_missing?(method, _)
+        method.end_with?("?")
+      end
+
+      def method_missing(method, *args)
+        false if method.end_with?("?")
+      end
   end
 end
 
-require 'action_dispatch/http/mime_types'
+require "action_dispatch/http/mime_types"

data/lib/action_dispatch/http/mime_types.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # Build list of Mime types for HTTP responses
-# http://www.iana.org/assignments/media-types/
+# https://www.iana.org/assignments/media-types/
 
 Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml )
 Mime::Type.register "text/plain", :text, [], %w(txt)
@@ -8,29 +10,41 @@ Mime::Type.register "text/css", :css
 Mime::Type.register "text/calendar", :ics
 Mime::Type.register "text/csv", :csv
 Mime::Type.register "text/vcard", :vcf
+Mime::Type.register "text/vtt", :vtt, %w(vtt)
 
 Mime::Type.register "image/png", :png, [], %w(png)
 Mime::Type.register "image/jpeg", :jpeg, [], %w(jpg jpeg jpe pjpeg)
 Mime::Type.register "image/gif", :gif, [], %w(gif)
 Mime::Type.register "image/bmp", :bmp, [], %w(bmp)
 Mime::Type.register "image/tiff", :tiff, [], %w(tif tiff)
+Mime::Type.register "image/svg+xml", :svg
 
 Mime::Type.register "video/mpeg", :mpeg, [], %w(mpg mpeg mpe)
 
+Mime::Type.register "audio/mpeg", :mp3, [], %w(mp1 mp2 mp3)
+Mime::Type.register "audio/ogg", :ogg, [], %w(oga ogg spx opus)
+Mime::Type.register "audio/aac", :m4a, %w( audio/mp4 ), %w(m4a mpg4 aac)
+
+Mime::Type.register "video/webm", :webm, [], %w(webm)
+Mime::Type.register "video/mp4", :mp4, [], %w(mp4 m4v)
+
+Mime::Type.register "font/otf", :otf, [], %w(otf)
+Mime::Type.register "font/ttf", :ttf, [], %w(ttf)
+Mime::Type.register "font/woff", :woff, [], %w(woff)
+Mime::Type.register "font/woff2", :woff2, [], %w(woff2)
+
 Mime::Type.register "application/xml", :xml, %w( text/xml application/x-xml )
 Mime::Type.register "application/rss+xml", :rss
 Mime::Type.register "application/atom+xml", :atom
-Mime::Type.register "application/x-yaml", :yaml, %w( text/yaml )
+Mime::Type.register "application/x-yaml", :yaml, %w( text/yaml ), %w(yml yaml)
 
 Mime::Type.register "multipart/form-data", :multipart_form
 Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form
 
-# http://www.ietf.org/rfc/rfc4627.txt
+# https://www.ietf.org/rfc/rfc4627.txt
 # http://www.json.org/JSONRequest.html
 Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest )
 
 Mime::Type.register "application/pdf", :pdf, [], %w(pdf)
 Mime::Type.register "application/zip", :zip, [], %w(zip)
-
-# Create Mime::ALL but do not add it to the SET.
-Mime::ALL = Mime::Type.new("*/*", :all, [])
+Mime::Type.register "application/gzip", :gzip, %w(application/x-gzip), %w(gz)

data/lib/action_dispatch/http/parameters.rb

@@ -1,35 +1,78 @@
-require 'active_support/core_ext/hash/keys'
-require 'active_support/core_ext/hash/indifferent_access'
-require 'active_support/deprecation'
+# frozen_string_literal: true
 
 module ActionDispatch
   module Http
     module Parameters
-      PARAMETERS_KEY = 'action_dispatch.request.path_parameters'
+      extend ActiveSupport::Concern
+
+      PARAMETERS_KEY = "action_dispatch.request.path_parameters"
+
+      DEFAULT_PARSERS = {
+        Mime[:json].symbol => -> (raw_post) {
+          data = ActiveSupport::JSON.decode(raw_post)
+          data.is_a?(Hash) ? data : { _json: data }
+        }
+      }
+
+      # Raised when raw data from the request cannot be parsed by the parser
+      # defined for request's content MIME type.
+      class ParseError < StandardError
+        def initialize
+          super($!.message)
+        end
+      end
+
+      included do
+        class << self
+          # Returns the parameter parsers.
+          attr_reader :parameter_parsers
+        end
+
+        self.parameter_parsers = DEFAULT_PARSERS
+      end
+
+      module ClassMethods
+        # Configure the parameter parser for a given MIME type.
+        #
+        # It accepts a hash where the key is the symbol of the MIME type
+        # and the value is a proc.
+        #
+        #     original_parsers = ActionDispatch::Request.parameter_parsers
+        #     xml_parser = -> (raw_post) { Hash.from_xml(raw_post) || {} }
+        #     new_parsers = original_parsers.merge(xml: xml_parser)
+        #     ActionDispatch::Request.parameter_parsers = new_parsers
+        def parameter_parsers=(parsers)
+          @parameter_parsers = parsers.transform_keys { |key| key.respond_to?(:symbol) ? key.symbol : key }
+        end
+      end
 
       # Returns both GET and POST \parameters in a single hash.
       def parameters
-        @env["action_dispatch.request.parameters"] ||= begin
-          params = begin
-            request_parameters.merge(query_parameters)
-          rescue EOFError
-            query_parameters.dup
-          end
-          params.merge!(path_parameters)
-        end
+        params = get_header("action_dispatch.request.parameters")
+        return params if params
+
+        params = begin
+                   request_parameters.merge(query_parameters)
+                 rescue EOFError
+                   query_parameters.dup
+                 end
+        params.merge!(path_parameters)
+        set_header("action_dispatch.request.parameters", params)
+        params
       end
       alias :params :parameters
 
       def path_parameters=(parameters) #:nodoc:
-        @env.delete('action_dispatch.request.parameters')
-        @env[PARAMETERS_KEY] = parameters
-      end
+        delete_header("action_dispatch.request.parameters")
+
+        parameters = Request::Utils.set_binary_encoding(self, parameters, parameters[:controller], parameters[:action])
+        # If any of the path parameters has an invalid encoding then
+        # raise since it's likely to trigger errors further on.
+        Request::Utils.check_param_encoding(parameters)
 
-      def symbolized_path_parameters
-        ActiveSupport::Deprecation.warn(
-          '`symbolized_path_parameters` is deprecated. Please use `path_parameters`.'
-        )
-        path_parameters
+        set_header PARAMETERS_KEY, parameters
+      rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
+        raise ActionController::BadRequest.new("Invalid path parameters: #{e.message}")
       end
 
       # Returns a hash with the \parameters used to form the \path of the request.
@@ -37,31 +80,38 @@ module ActionDispatch
       #
       #   {'action' => 'my_action', 'controller' => 'my_controller'}
       def path_parameters
-        @env[PARAMETERS_KEY] ||= {}
+        get_header(PARAMETERS_KEY) || set_header(PARAMETERS_KEY, {})
       end
 
-    private
+      private
+        def parse_formatted_parameters(parsers)
+          return yield if content_length.zero? || content_mime_type.nil?
 
-      # Convert nested Hash to HashWithIndifferentAccess.
-      #
-      def normalize_encode_params(params)
-        case params
-        when Hash
-          if params.has_key?(:tempfile)
-            UploadedFile.new(params)
-          else
-            params.each_with_object({}) do |(key, val), new_hash|
-              new_hash[key] = if val.is_a?(Array)
-                val.map! { |el| normalize_encode_params(el) }
-              else
-                normalize_encode_params(val)
-              end
-            end.with_indifferent_access
+          strategy = parsers.fetch(content_mime_type.symbol) { return yield }
+
+          begin
+            strategy.call(raw_post)
+          rescue # JSON or Ruby code block errors.
+            log_parse_error_once
+            raise ParseError
           end
-        else
-          params
         end
-      end
+
+        def log_parse_error_once
+          @parse_error_logged ||= begin
+            parse_logger = logger || ActiveSupport::Logger.new($stderr)
+            parse_logger.debug <<~MSG.chomp
+              Error occurred while parsing request parameters.
+              Contents:
+
+              #{raw_post}
+            MSG
+          end
+        end
+
+        def params_parsers
+          ActionDispatch::Request.parameter_parsers
+        end
     end
   end
 end