RubyGems - actionpack - Versions diffs - 4.2.8 → 5.2.4.2 - Mend

actionpack 4.2.8 → 5.2.4.2

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (166) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +285 -444
data/MIT-LICENSE +1 -1
data/README.rdoc +6 -7
data/lib/abstract_controller.rb +12 -5
data/lib/abstract_controller/asset_paths.rb +2 -0
data/lib/abstract_controller/base.rb +45 -49
data/lib/abstract_controller/caching.rb +66 -0
data/lib/{action_controller → abstract_controller}/caching/fragments.rb +78 -15
data/lib/abstract_controller/callbacks.rb +47 -31
data/lib/abstract_controller/collector.rb +8 -11
data/lib/abstract_controller/error.rb +6 -0
data/lib/abstract_controller/helpers.rb +25 -25
data/lib/abstract_controller/logger.rb +2 -0
data/lib/abstract_controller/railties/routes_helpers.rb +4 -2
data/lib/abstract_controller/rendering.rb +42 -41
data/lib/abstract_controller/translation.rb +10 -7
data/lib/abstract_controller/url_for.rb +2 -0
data/lib/action_controller.rb +29 -21
data/lib/action_controller/api.rb +149 -0
data/lib/action_controller/api/api_rendering.rb +16 -0
data/lib/action_controller/base.rb +27 -19
data/lib/action_controller/caching.rb +14 -57
data/lib/action_controller/form_builder.rb +50 -0
data/lib/action_controller/log_subscriber.rb +10 -15
data/lib/action_controller/metal.rb +98 -83
data/lib/action_controller/metal/basic_implicit_render.rb +13 -0
data/lib/action_controller/metal/conditional_get.rb +118 -44
data/lib/action_controller/metal/content_security_policy.rb +52 -0
data/lib/action_controller/metal/cookies.rb +3 -3
data/lib/action_controller/metal/data_streaming.rb +27 -46
data/lib/action_controller/metal/etag_with_flash.rb +18 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +20 -13
data/lib/action_controller/metal/exceptions.rb +8 -14
data/lib/action_controller/metal/flash.rb +4 -3
data/lib/action_controller/metal/force_ssl.rb +23 -21
data/lib/action_controller/metal/head.rb +21 -19
data/lib/action_controller/metal/helpers.rb +24 -14
data/lib/action_controller/metal/http_authentication.rb +64 -57
data/lib/action_controller/metal/implicit_render.rb +62 -8
data/lib/action_controller/metal/instrumentation.rb +19 -21
data/lib/action_controller/metal/live.rb +90 -106
data/lib/action_controller/metal/mime_responds.rb +33 -46
data/lib/action_controller/metal/parameter_encoding.rb +51 -0
data/lib/action_controller/metal/params_wrapper.rb +61 -53
data/lib/action_controller/metal/redirecting.rb +49 -28
data/lib/action_controller/metal/renderers.rb +87 -44
data/lib/action_controller/metal/rendering.rb +72 -50
data/lib/action_controller/metal/request_forgery_protection.rb +203 -92
data/lib/action_controller/metal/rescue.rb +9 -16
data/lib/action_controller/metal/streaming.rb +12 -10
data/lib/action_controller/metal/strong_parameters.rb +582 -165
data/lib/action_controller/metal/testing.rb +2 -17
data/lib/action_controller/metal/url_for.rb +19 -10
data/lib/action_controller/railtie.rb +28 -10
data/lib/action_controller/railties/helpers.rb +2 -0
data/lib/action_controller/renderer.rb +117 -0
data/lib/action_controller/template_assertions.rb +11 -0
data/lib/action_controller/test_case.rb +280 -411
data/lib/action_dispatch.rb +27 -19
data/lib/action_dispatch/http/cache.rb +93 -47
data/lib/action_dispatch/http/content_security_policy.rb +272 -0
data/lib/action_dispatch/http/filter_parameters.rb +26 -20
data/lib/action_dispatch/http/filter_redirect.rb +10 -11
data/lib/action_dispatch/http/headers.rb +55 -22
data/lib/action_dispatch/http/mime_negotiation.rb +60 -41
data/lib/action_dispatch/http/mime_type.rb +134 -121
data/lib/action_dispatch/http/mime_types.rb +20 -6
data/lib/action_dispatch/http/parameter_filter.rb +25 -11
data/lib/action_dispatch/http/parameters.rb +98 -39
data/lib/action_dispatch/http/rack_cache.rb +2 -0
data/lib/action_dispatch/http/request.rb +200 -118
data/lib/action_dispatch/http/response.rb +225 -110
data/lib/action_dispatch/http/upload.rb +12 -6
data/lib/action_dispatch/http/url.rb +110 -28
data/lib/action_dispatch/journey.rb +7 -5
data/lib/action_dispatch/journey/formatter.rb +55 -32
data/lib/action_dispatch/journey/gtg/builder.rb +7 -5
data/lib/action_dispatch/journey/gtg/simulator.rb +3 -9
data/lib/action_dispatch/journey/gtg/transition_table.rb +17 -16
data/lib/action_dispatch/journey/nfa/builder.rb +5 -3
data/lib/action_dispatch/journey/nfa/dot.rb +13 -13
data/lib/action_dispatch/journey/nfa/simulator.rb +3 -1
data/lib/action_dispatch/journey/nfa/transition_table.rb +5 -48
data/lib/action_dispatch/journey/nodes/node.rb +18 -6
data/lib/action_dispatch/journey/parser.rb +23 -22
data/lib/action_dispatch/journey/parser.y +3 -2
data/lib/action_dispatch/journey/parser_extras.rb +12 -4
data/lib/action_dispatch/journey/path/pattern.rb +50 -44
data/lib/action_dispatch/journey/route.rb +106 -28
data/lib/action_dispatch/journey/router.rb +35 -23
data/lib/action_dispatch/journey/router/utils.rb +20 -11
data/lib/action_dispatch/journey/routes.rb +18 -16
data/lib/action_dispatch/journey/scanner.rb +18 -15
data/lib/action_dispatch/journey/visitors.rb +99 -52
data/lib/action_dispatch/middleware/callbacks.rb +1 -2
data/lib/action_dispatch/middleware/cookies.rb +304 -193
data/lib/action_dispatch/middleware/debug_exceptions.rb +152 -57
data/lib/action_dispatch/middleware/debug_locks.rb +124 -0
data/lib/action_dispatch/middleware/exception_wrapper.rb +68 -69
data/lib/action_dispatch/middleware/executor.rb +21 -0
data/lib/action_dispatch/middleware/flash.rb +78 -54
data/lib/action_dispatch/middleware/public_exceptions.rb +27 -25
data/lib/action_dispatch/middleware/reloader.rb +5 -91
data/lib/action_dispatch/middleware/remote_ip.rb +41 -31
data/lib/action_dispatch/middleware/request_id.rb +17 -9
data/lib/action_dispatch/middleware/session/abstract_store.rb +41 -25
data/lib/action_dispatch/middleware/session/cache_store.rb +24 -14
data/lib/action_dispatch/middleware/session/cookie_store.rb +72 -67
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +8 -2
data/lib/action_dispatch/middleware/show_exceptions.rb +26 -22
data/lib/action_dispatch/middleware/ssl.rb +114 -36
data/lib/action_dispatch/middleware/stack.rb +31 -44
data/lib/action_dispatch/middleware/static.rb +57 -50
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +2 -14
data/lib/action_dispatch/middleware/templates/rescues/{_source.erb → _source.html.erb} +0 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +21 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +13 -0
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +1 -0
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +64 -64
data/lib/action_dispatch/railtie.rb +19 -11
data/lib/action_dispatch/request/session.rb +106 -59
data/lib/action_dispatch/request/utils.rb +67 -24
data/lib/action_dispatch/routing.rb +17 -18
data/lib/action_dispatch/routing/endpoint.rb +9 -2
data/lib/action_dispatch/routing/inspector.rb +58 -67
data/lib/action_dispatch/routing/mapper.rb +734 -447
data/lib/action_dispatch/routing/polymorphic_routes.rb +161 -139
data/lib/action_dispatch/routing/redirection.rb +36 -26
data/lib/action_dispatch/routing/route_set.rb +321 -291
data/lib/action_dispatch/routing/routes_proxy.rb +32 -5
data/lib/action_dispatch/routing/url_for.rb +65 -25
data/lib/action_dispatch/system_test_case.rb +147 -0
data/lib/action_dispatch/system_testing/browser.rb +49 -0
data/lib/action_dispatch/system_testing/driver.rb +59 -0
data/lib/action_dispatch/system_testing/server.rb +31 -0
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +96 -0
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +31 -0
data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb +26 -0
data/lib/action_dispatch/testing/assertion_response.rb +47 -0
data/lib/action_dispatch/testing/assertions.rb +6 -4
data/lib/action_dispatch/testing/assertions/response.rb +45 -20
data/lib/action_dispatch/testing/assertions/routing.rb +30 -26
data/lib/action_dispatch/testing/integration.rb +347 -209
data/lib/action_dispatch/testing/request_encoder.rb +55 -0
data/lib/action_dispatch/testing/test_process.rb +28 -22
data/lib/action_dispatch/testing/test_request.rb +27 -34
data/lib/action_dispatch/testing/test_response.rb +35 -7
data/lib/action_pack.rb +4 -2
data/lib/action_pack/gem_version.rb +5 -3
data/lib/action_pack/version.rb +3 -1
metadata +56 -39
data/lib/action_controller/metal/hide_actions.rb +0 -40
data/lib/action_controller/metal/rack_delegation.rb +0 -32
data/lib/action_controller/middleware.rb +0 -39
data/lib/action_controller/model_naming.rb +0 -12
data/lib/action_dispatch/journey/backwards.rb +0 -5
data/lib/action_dispatch/journey/router/strexp.rb +0 -27
data/lib/action_dispatch/middleware/params_parser.rb +0 -60
data/lib/action_dispatch/testing/assertions/dom.rb +0 -3
data/lib/action_dispatch/testing/assertions/selector.rb +0 -3
data/lib/action_dispatch/testing/assertions/tag.rb +0 -3

data/lib/action_dispatch/middleware/debug_exceptions.rb CHANGED

@@ -1,110 +1,205 @@
-require 'action_dispatch/http/request'
-require 'action_dispatch/middleware/exception_wrapper'
-require 'action_dispatch/routing/inspector'
+# frozen_string_literal: true
+require "action_dispatch/http/request"
+require "action_dispatch/middleware/exception_wrapper"
+require "action_dispatch/routing/inspector"
+require "action_view"
+require "action_view/base"
+require "pp"
 module ActionDispatch
   # This middleware is responsible for logging exceptions and
   # showing a debugging page in case the request is local.
   class DebugExceptions
-    RESCUES_TEMPLATE_PATH = File.expand_path('../templates', __FILE__)
+    RESCUES_TEMPLATE_PATH = File.expand_path("templates", __dir__)
+    class DebugView < ActionView::Base
+      def debug_params(params)
+        clean_params = params.clone
+        clean_params.delete("action")
+        clean_params.delete("controller")
+        if clean_params.empty?
+          "None"
+        else
+          PP.pp(clean_params, "".dup, 200)
+        end
+      end
+      def debug_headers(headers)
+        if headers.present?
+          headers.inspect.gsub(",", ",\n")
+        else
+          "None"
+        end
+      end
+      def debug_hash(object)
+        object.to_hash.sort_by { |k, _| k.to_s }.map { |k, v| "#{k}: #{v.inspect rescue $!.message}" }.join("\n")
+      end
+      def render(*)
+        logger = ActionView::Base.logger
+        if logger && logger.respond_to?(:silence)
+          logger.silence { super }
+        else
+          super
+        end
+      end
+    end
-    def initialize(app, routes_app = nil)
-      @app        = app
-      @routes_app = routes_app
+    def initialize(app, routes_app = nil, response_format = :default)
+      @app             = app
+      @routes_app      = routes_app
+      @response_format = response_format
     end
     def call(env)
+      request = ActionDispatch::Request.new env
       _, headers, body = response = @app.call(env)
-      if headers['X-Cascade'] == 'pass'
+      if headers["X-Cascade"] == "pass"
         body.close if body.respond_to?(:close)
         raise ActionController::RoutingError, "No route matches [#{env['REQUEST_METHOD']}] #{env['PATH_INFO'].inspect}"
       end
       response
     rescue Exception => exception
-      raise exception if env['action_dispatch.show_exceptions'] == false
-      render_exception(env, exception)
+      raise exception unless request.show_exceptions?
+      render_exception(request, exception)
     end
     private
-    def render_exception(env, exception)
-      wrapper = ExceptionWrapper.new(env, exception)
-      log_error(env, wrapper)
+      def render_exception(request, exception)
+        backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
+        wrapper = ExceptionWrapper.new(backtrace_cleaner, exception)
+        log_error(request, wrapper)
+        if request.get_header("action_dispatch.show_detailed_exceptions")
+          content_type = request.formats.first
+          if api_request?(content_type)
+            render_for_api_request(content_type, wrapper)
+          else
+            render_for_browser_request(request, wrapper)
+          end
+        else
+          raise exception
+        end
+      end
+      def render_for_browser_request(request, wrapper)
+        template = create_template(request, wrapper)
+        file = "rescues/#{wrapper.rescue_template}"
+        if request.xhr?
+          body = template.render(template: file, layout: false, formats: [:text])
+          format = "text/plain"
+        else
+          body = template.render(template: file, layout: "rescues/layout")
+          format = "text/html"
+        end
+        render(wrapper.status_code, body, format)
+      end
+      def render_for_api_request(content_type, wrapper)
+        body = {
+          status: wrapper.status_code,
+          error:  Rack::Utils::HTTP_STATUS_CODES.fetch(
+            wrapper.status_code,
+            Rack::Utils::HTTP_STATUS_CODES[500]
+          ),
+          exception: wrapper.exception.inspect,
+          traces: wrapper.traces
+        }
+        to_format = "to_#{content_type.to_sym}"
+        if content_type && body.respond_to?(to_format)
+          formatted_body = body.public_send(to_format)
+          format = content_type
+        else
+          formatted_body = body.to_json
+          format = Mime[:json]
+        end
+        render(wrapper.status_code, formatted_body, format)
+      end
-      if env['action_dispatch.show_detailed_exceptions']
-        request = Request.new(env)
+      def create_template(request, wrapper)
         traces = wrapper.traces
-        trace_to_show = 'Application Trace'
-        if traces[trace_to_show].empty? && wrapper.rescue_template != 'routing_error'
-          trace_to_show = 'Full Trace'
+        trace_to_show = "Application Trace"
+        if traces[trace_to_show].empty? && wrapper.rescue_template != "routing_error"
+          trace_to_show = "Full Trace"
         end
         if source_to_show = traces[trace_to_show].first
           source_to_show_id = source_to_show[:id]
         end
-        template = ActionView::Base.new([RESCUES_TEMPLATE_PATH],
+        DebugView.new([RESCUES_TEMPLATE_PATH],
           request: request,
           exception: wrapper.exception,
           traces: traces,
           show_source_idx: source_to_show_id,
           trace_to_show: trace_to_show,
-          routes_inspector: routes_inspector(exception),
+          routes_inspector: routes_inspector(wrapper.exception),
           source_extracts: wrapper.source_extracts,
           line_number: wrapper.line_number,
           file: wrapper.file
         )
-        file = "rescues/#{wrapper.rescue_template}"
+      end
-        if request.xhr?
-          body = template.render(template: file, layout: false, formats: [:text])
-          format = "text/plain"
-        else
-          body = template.render(template: file, layout: 'rescues/layout')
-          format = "text/html"
-        end
-        render(wrapper.status_code, body, format)
-      else
-        raise exception
+      def render(status, body, format)
+        [status, { "Content-Type" => "#{format}; charset=#{Response.default_charset}", "Content-Length" => body.bytesize.to_s }, [body]]
       end
-    end
-    def render(status, body, format)
-      [status, {'Content-Type' => "#{format}; charset=#{Response.default_charset}", 'Content-Length' => body.bytesize.to_s}, [body]]
-    end
+      def log_error(request, wrapper)
+        logger = logger(request)
+        return unless logger
-    def log_error(env, wrapper)
-      logger = logger(env)
-      return unless logger
+        exception = wrapper.exception
-      exception = wrapper.exception
+        trace = wrapper.application_trace
+        trace = wrapper.framework_trace if trace.empty?
-      trace = wrapper.application_trace
-      trace = wrapper.framework_trace if trace.empty?
+        ActiveSupport::Deprecation.silence do
+          logger.fatal "  "
+          logger.fatal "#{exception.class} (#{exception.message}):"
+          log_array logger, exception.annoted_source_code if exception.respond_to?(:annoted_source_code)
+          logger.fatal "  "
+          log_array logger, trace
+        end
+      end
-      ActiveSupport::Deprecation.silence do
-        message = "\n#{exception.class} (#{exception.message}):\n"
-        message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code)
-        message << "  " << trace.join("\n  ")
-        logger.fatal("#{message}\n\n")
+      def log_array(logger, array)
+        if logger.formatter && logger.formatter.respond_to?(:tags_text)
+          logger.fatal array.join("\n#{logger.formatter.tags_text}")
+        else
+          logger.fatal array.join("\n")
+        end
       end
-    end
-    def logger(env)
-      env['action_dispatch.logger'] || stderr_logger
-    end
+      def logger(request)
+        request.logger || ActionView::Base.logger || stderr_logger
+      end
-    def stderr_logger
-      @stderr_logger ||= ActiveSupport::Logger.new($stderr)
-    end
+      def stderr_logger
+        @stderr_logger ||= ActiveSupport::Logger.new($stderr)
+      end
-    def routes_inspector(exception)
-      if @routes_app.respond_to?(:routes) && (exception.is_a?(ActionController::RoutingError) || exception.is_a?(ActionView::Template::Error))
-        ActionDispatch::Routing::RoutesInspector.new(@routes_app.routes.routes)
+      def routes_inspector(exception)
+        if @routes_app.respond_to?(:routes) && (exception.is_a?(ActionController::RoutingError) || exception.is_a?(ActionView::Template::Error))
+          ActionDispatch::Routing::RoutesInspector.new(@routes_app.routes.routes)
+        end
+      end
+      def api_request?(content_type)
+        @response_format == :api && !content_type.html?
       end
-    end
   end
 end

data/lib/action_dispatch/middleware/debug_locks.rb ADDED

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+module ActionDispatch
+  # This middleware can be used to diagnose deadlocks in the autoload interlock.
+  #
+  # To use it, insert it near the top of the middleware stack, using
+  # <tt>config/application.rb</tt>:
+  #
+  #     config.middleware.insert_before Rack::Sendfile, ActionDispatch::DebugLocks
+  #
+  # After restarting the application and re-triggering the deadlock condition,
+  # <tt>/rails/locks</tt> will show a summary of all threads currently known to
+  # the interlock, which lock level they are holding or awaiting, and their
+  # current backtrace.
+  #
+  # Generally a deadlock will be caused by the interlock conflicting with some
+  # other external lock or blocking I/O call. These cannot be automatically
+  # identified, but should be visible in the displayed backtraces.
+  #
+  # NOTE: The formatting and content of this middleware's output is intended for
+  # human consumption, and should be expected to change between releases.
+  #
+  # This middleware exposes operational details of the server, with no access
+  # control. It should only be enabled when in use, and removed thereafter.
+  class DebugLocks
+    def initialize(app, path = "/rails/locks")
+      @app = app
+      @path = path
+    end
+    def call(env)
+      req = ActionDispatch::Request.new env
+      if req.get?
+        path = req.path_info.chomp("/".freeze)
+        if path == @path
+          return render_details(req)
+        end
+      end
+      @app.call(env)
+    end
+    private
+      def render_details(req)
+        threads = ActiveSupport::Dependencies.interlock.raw_state do |raw_threads|
+          # The Interlock itself comes to a complete halt as long as this block
+          # is executing. That gives us a more consistent picture of everything,
+          # but creates a pretty strong Observer Effect.
+          #
+          # Most directly, that means we need to do as little as possible in
+          # this block. More widely, it means this middleware should remain a
+          # strictly diagnostic tool (to be used when something has gone wrong),
+          # and not for any sort of general monitoring.
+          raw_threads.each.with_index do |(thread, info), idx|
+            info[:index] = idx
+            info[:backtrace] = thread.backtrace
+          end
+          raw_threads
+        end
+        str = threads.map do |thread, info|
+          if info[:exclusive]
+            lock_state = "Exclusive".dup
+          elsif info[:sharing] > 0
+            lock_state = "Sharing".dup
+            lock_state << " x#{info[:sharing]}" if info[:sharing] > 1
+          else
+            lock_state = "No lock".dup
+          end
+          if info[:waiting]
+            lock_state << " (yielded share)"
+          end
+          msg = "Thread #{info[:index]} [0x#{thread.__id__.to_s(16)} #{thread.status || 'dead'}]  #{lock_state}\n".dup
+          if info[:sleeper]
+            msg << "  Waiting in #{info[:sleeper]}"
+            msg << " to #{info[:purpose].to_s.inspect}" unless info[:purpose].nil?
+            msg << "\n"
+            if info[:compatible]
+              compat = info[:compatible].map { |c| c == false ? "share" : c.to_s.inspect }
+              msg << "  may be pre-empted for: #{compat.join(', ')}\n"
+            end
+            blockers = threads.values.select { |binfo| blocked_by?(info, binfo, threads.values) }
+            msg << "  blocked by: #{blockers.map { |i| i[:index] }.join(', ')}\n" if blockers.any?
+          end
+          blockees = threads.values.select { |binfo| blocked_by?(binfo, info, threads.values) }
+          msg << "  blocking: #{blockees.map { |i| i[:index] }.join(', ')}\n" if blockees.any?
+          msg << "\n#{info[:backtrace].join("\n")}\n" if info[:backtrace]
+        end.join("\n\n---\n\n\n")
+        [200, { "Content-Type" => "text/plain", "Content-Length" => str.size }, [str]]
+      end
+      def blocked_by?(victim, blocker, all_threads)
+        return false if victim.equal?(blocker)
+        case victim[:sleeper]
+        when :start_sharing
+          blocker[:exclusive] ||
+            (!victim[:waiting] && blocker[:compatible] && !blocker[:compatible].include?(false))
+        when :start_exclusive
+          blocker[:sharing] > 0 ||
+            blocker[:exclusive] ||
+            (blocker[:compatible] && !blocker[:compatible].include?(victim[:purpose]))
+        when :yield_shares
+          blocker[:exclusive]
+        when :stop_exclusive
+          blocker[:exclusive] ||
+            victim[:compatible] &&
+            victim[:compatible].include?(blocker[:purpose]) &&
+            all_threads.all? { |other| !other[:compatible] || blocker.equal?(other) || other[:compatible].include?(blocker[:purpose]) }
+        end
+      end
+  end
+end

data/lib/action_dispatch/middleware/exception_wrapper.rb CHANGED

@@ -1,40 +1,41 @@
-require 'action_controller/metal/exceptions'
-require 'active_support/core_ext/module/attribute_accessors'
+# frozen_string_literal: true
+require "active_support/core_ext/module/attribute_accessors"
+require "rack/utils"
 module ActionDispatch
   class ExceptionWrapper
-    cattr_accessor :rescue_responses
-    @@rescue_responses = Hash.new(:internal_server_error)
-    @@rescue_responses.merge!(
-      'ActionController::RoutingError'                => :not_found,
-      'AbstractController::ActionNotFound'            => :not_found,
-      'ActionController::MethodNotAllowed'            => :method_not_allowed,
-      'ActionController::UnknownHttpMethod'           => :method_not_allowed,
-      'ActionController::NotImplemented'              => :not_implemented,
-      'ActionController::UnknownFormat'               => :not_acceptable,
-      'ActionController::InvalidAuthenticityToken'    => :unprocessable_entity,
-      'ActionController::InvalidCrossOriginRequest'   => :unprocessable_entity,
-      'ActionDispatch::ParamsParser::ParseError'      => :bad_request,
-      'ActionController::BadRequest'                  => :bad_request,
-      'ActionController::ParameterMissing'            => :bad_request
+    cattr_accessor :rescue_responses, default: Hash.new(:internal_server_error).merge!(
+      "ActionController::RoutingError"               => :not_found,
+      "AbstractController::ActionNotFound"           => :not_found,
+      "ActionController::MethodNotAllowed"           => :method_not_allowed,
+      "ActionController::UnknownHttpMethod"          => :method_not_allowed,
+      "ActionController::NotImplemented"             => :not_implemented,
+      "ActionController::UnknownFormat"              => :not_acceptable,
+      "ActionController::InvalidAuthenticityToken"   => :unprocessable_entity,
+      "ActionController::InvalidCrossOriginRequest"  => :unprocessable_entity,
+      "ActionDispatch::Http::Parameters::ParseError" => :bad_request,
+      "ActionController::BadRequest"                 => :bad_request,
+      "ActionController::ParameterMissing"           => :bad_request,
+      "Rack::QueryParser::ParameterTypeError"        => :bad_request,
+      "Rack::QueryParser::InvalidParameterError"     => :bad_request
     )
-    cattr_accessor :rescue_templates
-    @@rescue_templates = Hash.new('diagnostics')
-    @@rescue_templates.merge!(
-      'ActionView::MissingTemplate'         => 'missing_template',
-      'ActionController::RoutingError'      => 'routing_error',
-      'AbstractController::ActionNotFound'  => 'unknown_action',
-      'ActionView::Template::Error'         => 'template_error'
+    cattr_accessor :rescue_templates, default: Hash.new("diagnostics").merge!(
+      "ActionView::MissingTemplate"         => "missing_template",
+      "ActionController::RoutingError"      => "routing_error",
+      "AbstractController::ActionNotFound"  => "unknown_action",
+      "ActiveRecord::StatementInvalid"      => "invalid_statement",
+      "ActionView::Template::Error"         => "template_error"
     )
-    attr_reader :env, :exception, :line_number, :file
+    attr_reader :backtrace_cleaner, :exception, :line_number, :file
-    def initialize(env, exception)
-      @env = env
+    def initialize(backtrace_cleaner, exception)
+      @backtrace_cleaner = backtrace_cleaner
       @exception = original_exception(exception)
-      expand_backtrace if exception.is_a?(SyntaxError) || exception.try(:original_exception).try(:is_a?, SyntaxError)
+      expand_backtrace if exception.is_a?(SyntaxError) || exception.cause.is_a?(SyntaxError)
     end
     def rescue_template
@@ -58,7 +59,7 @@ module ActionDispatch
     end
     def traces
-      appplication_trace_with_ids = []
+      application_trace_with_ids = []
       framework_trace_with_ids = []
       full_trace_with_ids = []
@@ -66,7 +67,7 @@ module ActionDispatch
         trace_with_id = { id: idx, trace: trace }
         if application_trace.include?(trace)
-          appplication_trace_with_ids << trace_with_id
+          application_trace_with_ids << trace_with_id
         else
           framework_trace_with_ids << trace_with_id
         end
@@ -75,7 +76,7 @@ module ActionDispatch
       end
       {
-        "Application Trace" => appplication_trace_with_ids,
+        "Application Trace" => application_trace_with_ids,
         "Framework Trace" => framework_trace_with_ids,
         "Full Trace" => full_trace_with_ids
       }
@@ -87,8 +88,7 @@ module ActionDispatch
     def source_extracts
       backtrace.map do |trace|
-        file, line = trace.split(":")
-        line_number = line.to_i
+        file, line_number = extract_file_and_line_number(trace)
         {
           code: source_fragment(file, line_number),
@@ -99,50 +99,49 @@ module ActionDispatch
     private
-    def backtrace
-      Array(@exception.backtrace)
-    end
-    def original_exception(exception)
-      if registered_original_exception?(exception)
-        exception.original_exception
-      else
-        exception
+      def backtrace
+        Array(@exception.backtrace)
       end
-    end
-    def registered_original_exception?(exception)
-      exception.respond_to?(:original_exception) && @@rescue_responses.has_key?(exception.original_exception.class.name)
-    end
-    def clean_backtrace(*args)
-      if backtrace_cleaner
-        backtrace_cleaner.clean(backtrace, *args)
-      else
-        backtrace
+      def original_exception(exception)
+        if @@rescue_responses.has_key?(exception.cause.class.name)
+          exception.cause
+        else
+          exception
+        end
       end
-    end
-    def backtrace_cleaner
-      @backtrace_cleaner ||= @env['action_dispatch.backtrace_cleaner']
-    end
+      def clean_backtrace(*args)
+        if backtrace_cleaner
+          backtrace_cleaner.clean(backtrace, *args)
+        else
+          backtrace
+        end
+      end
-    def source_fragment(path, line)
-      return unless Rails.respond_to?(:root) && Rails.root
-      full_path = Rails.root.join(path)
-      if File.exist?(full_path)
-        File.open(full_path, "r") do |file|
-          start = [line - 3, 0].max
-          lines = file.each_line.drop(start).take(6)
-          Hash[*(start+1..(lines.count+start)).zip(lines).flatten]
+      def source_fragment(path, line)
+        return unless Rails.respond_to?(:root) && Rails.root
+        full_path = Rails.root.join(path)
+        if File.exist?(full_path)
+          File.open(full_path, "r") do |file|
+            start = [line - 3, 0].max
+            lines = file.each_line.drop(start).take(6)
+            Hash[*(start + 1..(lines.count + start)).zip(lines).flatten]
+          end
         end
       end
-    end
-    def expand_backtrace
-      @exception.backtrace.unshift(
-        @exception.to_s.split("\n")
-      ).flatten!
-    end
+      def extract_file_and_line_number(trace)
+        # Split by the first colon followed by some digits, which works for both
+        # Windows and Unix path styles.
+        file, line = trace.match(/^(.+?):(\d+).*$/, &:captures) || trace
+        [file, line.to_i]
+      end
+      def expand_backtrace
+        @exception.backtrace.unshift(
+          @exception.to_s.split("\n")
+        ).flatten!
+      end
   end
 end