actionpack 4.2.11.3 → 5.0.7.2

data/lib/action_controller/metal/live.rb

@@ -3,7 +3,7 @@ require 'delegate'
 require 'active_support/json'
 
 module ActionController
-  # Mix this module in to your controller, and all actions in that controller
+  # Mix this module into your controller, and all actions in that controller
   # will be able to stream data to the client as it's written.
   #
   #   class MyController < ActionController::Base
@@ -20,7 +20,7 @@ module ActionController
   #     end
   #   end
   #
-  # There are a few caveats with this use. You *cannot* write headers after the
+  # There are a few caveats with this module. You *cannot* write headers after the
   # response has been committed (Response#committed? will return truthy).
   # Calling +write+ or +close+ on the response stream will cause the response
   # object to be committed. Make sure all headers are set before calling write
@@ -33,6 +33,20 @@ module ActionController
   # the main thread. Make sure your actions are thread safe, and this shouldn't
   # be a problem (don't share state across threads, etc).
   module Live
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def make_response!(request)
+        if request.get_header("HTTP_VERSION") == "HTTP/1.0"
+          super
+        else
+          Live::Response.new.tap do |res|
+            res.request = request
+          end
+        end
+      end
+    end
+
     # This class provides the ability to write an SSE (Server Sent Event)
     # to an IO stream. The class is initialized with a stream and can be used
     # to either write a JSON string or an object which can be converted to JSON.
@@ -102,7 +116,7 @@ module ActionController
             end
           end
 
-          message = json.gsub(/\n/, "\ndata: ")
+          message = json.gsub("\n".freeze, "\ndata: ".freeze)
           @stream.write "data: #{message}\n\n"
         end
     end
@@ -131,8 +145,8 @@ module ActionController
 
       def write(string)
         unless @response.committed?
-          @response.headers["Cache-Control"] = "no-cache"
-          @response.headers.delete "Content-Length"
+          @response.set_header "Cache-Control", "no-cache"
+          @response.delete_header "Content-Length"
         end
 
         super
@@ -149,14 +163,6 @@ module ActionController
         end
       end
 
-      def each
-        @response.sending!
-        while str = @buf.pop
-          yield str
-        end
-        @response.sent!
-      end
-
       # Write a 'close' event to the buffer; the producer/writing thread
       # uses this to notify us that it's finished supplying content.
       #
@@ -189,12 +195,6 @@ module ActionController
         !@aborted
       end
 
-      def await_close
-        synchronize do
-          @cv.wait_until { @closed }
-        end
-      end
-
       def on_error(&block)
         @error_callback = block
       end
@@ -202,32 +202,22 @@ module ActionController
       def call_on_error
         @error_callback.call
       end
-    end
 
-    class Response < ActionDispatch::Response #:nodoc: all
-      class Header < DelegateClass(Hash) # :nodoc:
-        def initialize(response, header)
-          @response = response
-          super(header)
-        end
+      private
 
-        def []=(k,v)
-          if @response.committed?
-            raise ActionDispatch::IllegalStateError, 'header already sent'
+        def each_chunk(&block)
+          loop do
+            str = nil
+            ActiveSupport::Dependencies.interlock.permit_concurrent_loads do
+              str = @buf.pop
+            end
+            break unless str
+            yield str
           end
-
-          super
-        end
-
-        def merge(other)
-          self.class.new @response, __getobj__.merge(other)
-        end
-
-        def to_hash
-          __getobj__.dup
         end
-      end
+    end
 
+    class Response < ActionDispatch::Response #:nodoc: all
       private
 
       def before_committed
@@ -237,25 +227,11 @@ module ActionController
         jar.write self unless committed?
       end
 
-      def before_sending
-        super
-        request.cookie_jar.commit!
-        headers.freeze
-      end
-
       def build_buffer(response, body)
         buf = Live::Buffer.new response
         body.each { |part| buf.write part }
         buf
       end
-
-      def merge_default_headers(original, default)
-        Header.new self, super
-      end
-
-      def handle_conditional_get!
-        super unless committed?
-      end
     end
 
     def process(name)
@@ -266,39 +242,55 @@ module ActionController
       # This processes the action in a child thread. It lets us return the
       # response code and headers back up the rack stack, and still process
       # the body in parallel with sending data to the client
-      Thread.new {
-        t2 = Thread.current
-        t2.abort_on_exception = true
-
-        # Since we're processing the view in a different thread, copy the
-        # thread locals from the main thread to the child thread. :'(
-        locals.each { |k,v| t2[k] = v }
-
-        begin
-          super(name)
-        rescue => e
-          if @_response.committed?
-            begin
-              @_response.stream.write(ActionView::Base.streaming_completion_on_exception) if request.format == :html
-              @_response.stream.call_on_error
-            rescue => exception
-              log_error(exception)
-            ensure
-              log_error(e)
-              @_response.stream.close
+      new_controller_thread {
+        ActiveSupport::Dependencies.interlock.running do
+          t2 = Thread.current
+
+          # Since we're processing the view in a different thread, copy the
+          # thread locals from the main thread to the child thread. :'(
+          locals.each { |k,v| t2[k] = v }
+
+          begin
+            super(name)
+          rescue => e
+            if @_response.committed?
+              begin
+                @_response.stream.write(ActionView::Base.streaming_completion_on_exception) if request.format == :html
+                @_response.stream.call_on_error
+              rescue => exception
+                log_error(exception)
+              ensure
+                log_error(e)
+                @_response.stream.close
+              end
+            else
+              error = e
             end
-          else
-            error = e
+          ensure
+            @_response.commit!
           end
-        ensure
-          @_response.commit!
         end
       }
 
-      @_response.await_commit
+      ActiveSupport::Dependencies.interlock.permit_concurrent_loads do
+        @_response.await_commit
+      end
+
       raise error if error
     end
 
+    # Spawn a new thread to serve up the controller in.  This is to get
+    # around the fact that Rack isn't based around IOs and we need to use
+    # a thread to stream data from the response bodies.  Nobody should call
+    # this method except in Rails internals. Seriously!
+    def new_controller_thread # :nodoc:
+      Thread.new {
+        t2 = Thread.current
+        t2.abort_on_exception = true
+        yield
+      }
+    end
+
     def log_error(exception)
       logger = ActionController::Base.logger
       return unless logger
@@ -315,14 +307,5 @@ module ActionController
       super
       response.close if response
     end
-
-    def set_response!(request)
-      if request.env["HTTP_VERSION"] == "HTTP/1.0"
-        super
-      else
-        @_response         = Live::Response.new
-        @_response.request = request
-      end
-    end
   end
 end

data/lib/action_controller/metal/mime_responds.rb

@@ -2,28 +2,6 @@ require 'abstract_controller/collector'
 
 module ActionController #:nodoc:
   module MimeResponds
-    extend ActiveSupport::Concern
-
-    # :stopdoc:
-    module ClassMethods
-      def respond_to(*)
-        raise NoMethodError, "The controller-level `respond_to' feature has " \
-          "been extracted to the `responders` gem. Add it to your Gemfile to " \
-          "continue using this feature:\n" \
-          "  gem 'responders', '~> 2.0'\n" \
-          "Consult the Rails upgrade guide for details."
-      end
-    end
-
-    def respond_with(*)
-      raise NoMethodError, "The `respond_with' feature has been extracted " \
-        "to the `responders` gem. Add it to your Gemfile to continue using " \
-        "this feature:\n" \
-        "  gem 'responders', '~> 2.0'\n" \
-        "Consult the Rails upgrade guide for details."
-    end
-    # :startdoc:
-
     # Without web-service support, an action which collects the data for displaying a list of people
     # might look something like this:
     #
@@ -31,6 +9,13 @@ module ActionController #:nodoc:
     #     @people = Person.all
     #   end
     #
+    # That action implicitly responds to all formats, but formats can also be whitelisted:
+    #
+    #   def index
+    #     @people = Person.all
+    #     respond_to :html, :js
+    #   end
+    #
     # Here's the same action, with web-service support baked in:
     #
     #   def index
@@ -38,11 +23,12 @@ module ActionController #:nodoc:
     #
     #     respond_to do |format|
     #       format.html
+    #       format.js
     #       format.xml { render xml: @people }
     #     end
     #   end
     #
-    # What that says is, "if the client wants HTML in response to this action, just respond as we
+    # What that says is, "if the client wants HTML or JS in response to this action, just respond as we
     # would have before, but if the client wants XML, return them the list of people in XML format."
     # (Rails determines the desired response format from the HTTP Accept header submitted by the client.)
     #
@@ -113,11 +99,11 @@ module ActionController #:nodoc:
     # and accept Rails' defaults, life will be much easier.
     #
     # If you need to use a MIME type which isn't supported by default, you can register your own handlers in
-    # config/initializers/mime_types.rb as follows.
+    # +config/initializers/mime_types.rb+ as follows.
     #
     #   Mime::Type.register "image/jpg", :jpg
     #
-    # Respond to also allows you to specify a common block for different formats by using any:
+    # Respond to also allows you to specify a common block for different formats by using +any+:
     #
     #   def index
     #     @people = Person.all
@@ -173,21 +159,21 @@ module ActionController #:nodoc:
     #     format.html.none  { render "trash" }
     #   end
     #
-    # Variants also support common `any`/`all` block that formats have.
+    # Variants also support common +any+/+all+ block that formats have.
     #
     # It works for both inline:
     #
     #   respond_to do |format|
-    #     format.html.any   { render text: "any"   }
-    #     format.html.phone { render text: "phone" }
+    #     format.html.any   { render html: "any"   }
+    #     format.html.phone { render html: "phone" }
     #   end
     #
     # and block syntax:
     #
     #   respond_to do |format|
     #     format.html do |variant|
-    #       variant.any(:tablet, :phablet){ render text: "any" }
-    #       variant.phone { render text: "phone" }
+    #       variant.any(:tablet, :phablet){ render html: "any" }
+    #       variant.phone { render html: "phone" }
     #     end
     #   end
     #
@@ -196,15 +182,12 @@ module ActionController #:nodoc:
     #   request.variant = [:tablet, :phone]
     #
     # which will work similarly to formats and MIME types negotiation. If there will be no
-    # :tablet variant declared, :phone variant will be picked:
+    # +:tablet+ variant declared, +:phone+ variant will be picked:
     #
     #   respond_to do |format|
     #     format.html.none
     #     format.html.phone # this gets rendered
     #   end
-    #
-    # Be sure to check the documentation of <tt>ActionController::MimeResponds.respond_to</tt>
-    # for more examples.
     def respond_to(*mimes)
       raise ArgumentError, "respond_to takes either types or a block, never both" if mimes.any? && block_given?
 
@@ -213,8 +196,9 @@ module ActionController #:nodoc:
 
       if format = collector.negotiate_format(request)
         _process_format(format)
+        _set_rendered_content_type format
         response = collector.response
-        response ? response.call : render({})
+        response.call if response
       else
         raise ActionController::UnknownFormat
       end
@@ -250,7 +234,7 @@ module ActionController #:nodoc:
         @responses = {}
         @variant = variant
 
-        mimes.each { |mime| @responses["Mime::#{mime.upcase}".constantize] = nil }
+        mimes.each { |mime| @responses[Mime[mime]] = nil }
       end
 
       def any(*args, &block)
@@ -310,16 +294,17 @@ module ActionController #:nodoc:
         end
 
         def variant
-          if @variant.nil?
+          if @variant.empty?
             @variants[:none] || @variants[:any]
-          elsif (@variants.keys & @variant).any?
-            @variant.each do |v|
-              return @variants[v] if @variants.key?(v)
-            end
           else
-            @variants[:any]
+            @variants[variant_key]
           end
         end
+
+        private
+          def variant_key
+            @variant.find { |variant| @variants.key?(variant) } || :any
+          end
       end
     end
   end

data/lib/action_controller/metal/params_wrapper.rb

@@ -1,7 +1,6 @@
 require 'active_support/core_ext/hash/slice'
 require 'active_support/core_ext/hash/except'
 require 'active_support/core_ext/module/anonymous'
-require 'active_support/core_ext/struct'
 require 'action_dispatch/http/mime_type'
 
 module ActionController
@@ -9,8 +8,7 @@ module ActionController
   # submit requests without having to specify any root elements.
   #
   # This functionality is enabled in +config/initializers/wrap_parameters.rb+
-  # and can be customized. If you are upgrading to \Rails 3.1, this file will
-  # need to be created for the functionality to be enabled.
+  # and can be customized.
   #
   # You could also turn it on per controller by setting the format array to
   # a non-empty array:
@@ -42,7 +40,7 @@ module ActionController
   #       wrap_parameters :person, include: [:username, :password]
   #     end
   #
-  # On ActiveRecord models with no +:include+ or +:exclude+ option set,
+  # On Active Record models with no +:include+ or +:exclude+ option set,
   # it will only wrap the parameters returned by the class method
   # <tt>attribute_names</tt>.
   #
@@ -86,7 +84,7 @@ module ActionController
         new name, format, include, exclude, nil, nil
       end
 
-      def initialize(name, format, include, exclude, klass, model) # nodoc
+      def initialize(name, format, include, exclude, klass, model) # :nodoc:
         super
         @include_set = include
         @name_set    = name
@@ -132,7 +130,7 @@ module ActionController
       private
       # Determine the wrapper model from the controller's name. By convention,
       # this could be done by trying to find the defined model that has the
-      # same singularize name as the controller. For example, +UsersController+
+      # same singular name as the controller. For example, +UsersController+
       # will try to find if the +User+ model exists.
       #
       # This method also does namespace lookup. Foo::Bar::UsersController will
@@ -252,7 +250,7 @@ module ActionController
 
     private
 
-      # Returns the wrapper key which will be used to stored wrapped parameters.
+      # Returns the wrapper key which will be used to store wrapped parameters.
       def _wrapper_key
         _wrapper_options.name
       end
@@ -278,8 +276,10 @@ module ActionController
 
       # Checks if we should perform parameters wrapping.
       def _wrapper_enabled?
-        ref = request.content_mime_type.try(:ref)
-        _wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters[_wrapper_key]
+        return false unless request.has_content_type?
+
+        ref = request.content_mime_type.ref
+        _wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters.key?(_wrapper_key)
       end
   end
 end

data/lib/action_controller/metal/redirecting.rb

@@ -11,7 +11,6 @@ module ActionController
     extend ActiveSupport::Concern
 
     include AbstractController::Logger
-    include ActionController::RackDelegation
     include ActionController::UrlFor
 
     # Redirects the browser to the target specified in +options+. This parameter can be any one of:
@@ -21,8 +20,6 @@ module ActionController
     # * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) or a protocol relative reference (like <tt>//</tt>) - Is passed straight through as the target for redirection.
     # * <tt>String</tt> not containing a protocol - The current protocol and host is prepended to the string.
     # * <tt>Proc</tt> - A block that will be executed in the controller's context. Should return any option accepted by +redirect_to+.
-    # * <tt>:back</tt> - Back to the page that issued the request. Useful for forms that are triggered from multiple places.
-    #   Short-hand for <tt>redirect_to(request.env["HTTP_REFERER"])</tt>
     #
     # === Examples:
     #
@@ -31,7 +28,6 @@ module ActionController
     #   redirect_to "http://www.rubyonrails.org"
     #   redirect_to "/images/screenshot.jpg"
     #   redirect_to articles_url
-    #   redirect_to :back
     #   redirect_to proc { edit_post_url(@post) }
     #
     # The redirection happens as a "302 Found" header unless otherwise specified using the <tt>:status</tt> option:
@@ -62,13 +58,8 @@ module ActionController
     #   redirect_to post_url(@post), status: 301, flash: { updated_post_id: @post.id }
     #   redirect_to({ action: 'atom' }, alert: "Something serious happened")
     #
-    # When using <tt>redirect_to :back</tt>, if there is no referrer,
-    # <tt>ActionController::RedirectBackError</tt> will be raised. You
-    # may specify some fallback behavior for this case by rescuing
-    # <tt>ActionController::RedirectBackError</tt>.
     def redirect_to(options = {}, response_status = {}) #:doc:
       raise ActionControllerError.new("Cannot redirect to nil!") unless options
-      raise ActionControllerError.new("Cannot redirect to a parameter hash!") if options.is_a?(ActionController::Parameters)
       raise AbstractController::DoubleRenderError if response_body
 
       self.status        = _extract_redirect_to_status(options, response_status)
@@ -76,6 +67,32 @@ module ActionController
       self.response_body = "<html><body>You are being <a href=\"#{ERB::Util.unwrapped_html_escape(location)}\">redirected</a>.</body></html>"
     end
 
+    # Redirects the browser to the page that issued the request (the referrer)
+    # if possible, otherwise redirects to the provided default fallback
+    # location.
+    #
+    # The referrer information is pulled from the HTTP `Referer` (sic) header on
+    # the request. This is an optional header and its presence on the request is
+    # subject to browser security settings and user preferences. If the request
+    # is missing this header, the <tt>fallback_location</tt> will be used.
+    #
+    #   redirect_back fallback_location: { action: "show", id: 5 }
+    #   redirect_back fallback_location: post
+    #   redirect_back fallback_location: "http://www.rubyonrails.org"
+    #   redirect_back fallback_location:  "/images/screenshot.jpg"
+    #   redirect_back fallback_location:  articles_url
+    #   redirect_back fallback_location:  proc { edit_post_url(@post) }
+    #
+    # All options that can be passed to <tt>redirect_to</tt> are accepted as
+    # options and the behavior is identical.
+    def redirect_back(fallback_location:, **args)
+      if referer = request.headers["Referer"]
+        redirect_to referer, **args
+      else
+        redirect_to fallback_location, **args
+      end
+    end
+
     def _compute_redirect_to_location(request, options) #:nodoc:
       case options
       # The scheme name consist of a letter followed by any combination of
@@ -88,6 +105,12 @@ module ActionController
       when String
         request.protocol + request.host_with_port + options
       when :back
+        ActiveSupport::Deprecation.warn(<<-MESSAGE.squish)
+          `redirect_to :back` is deprecated and will be removed from Rails 5.1.
+          Please use `redirect_back(fallback_location: fallback_location)` where
+          `fallback_location` represents the location to use if the request has
+          no HTTP referer information.
+        MESSAGE
         request.headers["Referer"] or raise RedirectBackError
       when Proc
         _compute_redirect_to_location request, options.call