actionpack 5.0.7.2 → 5.1.0.beta1

data/lib/action_dispatch/http/parameter_filter.rb

@@ -1,7 +1,9 @@
+require "active_support/core_ext/object/duplicable"
+
 module ActionDispatch
   module Http
     class ParameterFilter
-      FILTERED = '[FILTERED]'.freeze # :nodoc:
+      FILTERED = "[FILTERED]".freeze # :nodoc:
 
       def initialize(filters = [])
         @filters = filters
@@ -37,8 +39,8 @@ module ActionDispatch
           deep_regexps, regexps = regexps.partition { |r| r.to_s.include?("\\.".freeze) }
           deep_strings, strings = strings.partition { |s| s.include?("\\.".freeze) }
 
-          regexps << Regexp.new(strings.join('|'.freeze), true) unless strings.empty?
-          deep_regexps << Regexp.new(deep_strings.join('|'.freeze), true) unless deep_strings.empty?
+          regexps << Regexp.new(strings.join("|".freeze), true) unless strings.empty?
+          deep_regexps << Regexp.new(deep_strings.join("|".freeze), true) unless deep_strings.empty?
 
           new regexps, deep_regexps, blocks
         end
@@ -48,17 +50,17 @@ module ActionDispatch
         def initialize(regexps, deep_regexps, blocks)
           @regexps = regexps
           @deep_regexps = deep_regexps.any? ? deep_regexps : nil
-          @blocks  = blocks
+          @blocks = blocks
         end
 
         def call(original_params, parents = [])
-          filtered_params = original_params.class.new
+          filtered_params = {}
 
           original_params.each do |key, value|
             parents.push(key) if deep_regexps
             if regexps.any? { |r| key =~ r }
               value = FILTERED
-            elsif deep_regexps && (joined = parents.join('.')) && deep_regexps.any? { |r| joined =~ r }
+            elsif deep_regexps && (joined = parents.join(".")) && deep_regexps.any? { |r| joined =~ r }
               value = FILTERED
             elsif value.is_a?(Hash)
               value = call(value, parents)

data/lib/action_dispatch/http/parameters.rb

@@ -3,15 +3,23 @@ module ActionDispatch
     module Parameters
       extend ActiveSupport::Concern
 
-      PARAMETERS_KEY = 'action_dispatch.request.path_parameters'
+      PARAMETERS_KEY = "action_dispatch.request.path_parameters"
 
       DEFAULT_PARSERS = {
         Mime[:json].symbol => -> (raw_post) {
           data = ActiveSupport::JSON.decode(raw_post)
-          data.is_a?(Hash) ? data : {:_json => data}
+          data.is_a?(Hash) ? data : { _json: data }
         }
       }
 
+      # Raised when raw data from the request cannot be parsed by the parser
+      # defined for request's content mime type.
+      class ParseError < StandardError
+        def initialize
+          super($!.message)
+        end
+      end
+
       included do
         class << self
           # Returns the parameter parsers.
@@ -22,7 +30,7 @@ module ActionDispatch
       end
 
       module ClassMethods
-        # Configure the parameter parser for a give mime type.
+        # Configure the parameter parser for a given mime type.
         #
         # It accepts a hash where the key is the symbol of the mime type
         # and the value is a proc.
@@ -47,13 +55,14 @@ module ActionDispatch
                    query_parameters.dup
                  end
         params.merge!(path_parameters)
+        params = set_binary_encoding(params)
         set_header("action_dispatch.request.parameters", params)
         params
       end
       alias :params :parameters
 
       def path_parameters=(parameters) #:nodoc:
-        delete_header('action_dispatch.request.parameters')
+        delete_header("action_dispatch.request.parameters")
 
         # If any of the path parameters has an invalid encoding then
         # raise since it's likely to trigger errors further on.
@@ -74,24 +83,38 @@ module ActionDispatch
 
       private
 
-      def parse_formatted_parameters(parsers)
-        return yield if content_length.zero? || content_mime_type.nil?
+        def set_binary_encoding(params)
+          action = params[:action]
+          if controller_class.binary_params_for?(action)
+            ActionDispatch::Request::Utils.each_param_value(params) do |param|
+              param.force_encoding ::Encoding::ASCII_8BIT
+            end
+          end
+          params
+        end
+
+        def parse_formatted_parameters(parsers)
+          return yield if content_length.zero? || content_mime_type.nil?
 
-        strategy = parsers.fetch(content_mime_type.symbol) { return yield }
+          strategy = parsers.fetch(content_mime_type.symbol) { return yield }
 
-        begin
-          strategy.call(raw_post)
-        rescue # JSON or Ruby code block errors
-          my_logger = logger || ActiveSupport::Logger.new($stderr)
-          my_logger.debug "Error occurred while parsing request parameters.\nContents:\n\n#{raw_post}"
+          begin
+            strategy.call(raw_post)
+          rescue # JSON or Ruby code block errors
+            my_logger = logger || ActiveSupport::Logger.new($stderr)
+            my_logger.debug "Error occurred while parsing request parameters.\nContents:\n\n#{raw_post}"
 
-          raise ParamsParser::ParseError
+            raise ParseError
+          end
         end
-      end
 
-      def params_parsers
-        ActionDispatch::Request.parameter_parsers
-      end
+        def params_parsers
+          ActionDispatch::Request.parameter_parsers
+        end
     end
   end
+
+  module ParamsParser
+    ParseError = ActiveSupport::Deprecation::DeprecatedConstantProxy.new("ActionDispatch::ParamsParser::ParseError", "ActionDispatch::Http::Parameters::ParseError")
+  end
 end

data/lib/action_dispatch/http/request.rb

@@ -1,16 +1,16 @@
-require 'stringio'
-
-require 'active_support/inflector'
-require 'action_dispatch/http/headers'
-require 'action_controller/metal/exceptions'
-require 'rack/request'
-require 'action_dispatch/http/cache'
-require 'action_dispatch/http/mime_negotiation'
-require 'action_dispatch/http/parameters'
-require 'action_dispatch/http/filter_parameters'
-require 'action_dispatch/http/upload'
-require 'action_dispatch/http/url'
-require 'active_support/core_ext/array/conversions'
+require "stringio"
+
+require "active_support/inflector"
+require "action_dispatch/http/headers"
+require "action_controller/metal/exceptions"
+require "rack/request"
+require "action_dispatch/http/cache"
+require "action_dispatch/http/mime_negotiation"
+require "action_dispatch/http/parameters"
+require "action_dispatch/http/filter_parameters"
+require "action_dispatch/http/upload"
+require "action_dispatch/http/url"
+require "active_support/core_ext/array/conversions"
 
 module ActionDispatch
   class Request
@@ -22,8 +22,8 @@ module ActionDispatch
     include ActionDispatch::Http::URL
     include Rack::Request::Env
 
-    autoload :Session, 'action_dispatch/request/session'
-    autoload :Utils,   'action_dispatch/request/utils'
+    autoload :Session, "action_dispatch/request/session"
+    autoload :Utils,   "action_dispatch/request/utils"
 
     LOCALHOST   = Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/]
 
@@ -68,7 +68,8 @@ module ActionDispatch
 
     PASS_NOT_FOUND = Class.new { # :nodoc:
       def self.action(_); self; end
-      def self.call(_); [404, {'X-Cascade' => 'pass'}, []]; end
+      def self.call(_); [404, { "X-Cascade" => "pass" }, []]; end
+      def self.binary_params_for?(action); false; end
     }
 
     def controller_class
@@ -76,7 +77,7 @@ module ActionDispatch
 
       if params.key?(:controller)
         controller_param = params[:controller].underscore
-        params[:action] ||= 'index'
+        params[:action] ||= "index"
         const_name = "#{controller_param.camelize}Controller"
         ActiveSupport::Dependencies.constantize(const_name)
       else
@@ -84,6 +85,9 @@ module ActionDispatch
       end
     end
 
+    # Returns true if the request has a header matching the given key parameter.
+    #
+    #    request.key? :ip_spoofing_check # => true
     def key?(key)
       has_header? key
     end
@@ -148,11 +152,11 @@ module ActionDispatch
     end
 
     def controller_instance # :nodoc:
-      get_header('action_controller.instance'.freeze)
+      get_header("action_controller.instance".freeze)
     end
 
     def controller_instance=(controller) # :nodoc:
-      set_header('action_controller.instance'.freeze, controller)
+      set_header("action_controller.instance".freeze, controller)
     end
 
     def http_auth_salt
@@ -163,7 +167,7 @@ module ActionDispatch
       # We're treating `nil` as "unset", and we want the default setting to be
       # `true`.  This logic should be extracted to `env_config` and calculated
       # once.
-      !(get_header('action_dispatch.show_exceptions'.freeze) == false)
+      !(get_header("action_dispatch.show_exceptions".freeze) == false)
     end
 
     # Returns a symbol form of the #request_method
@@ -175,7 +179,7 @@ module ActionDispatch
     # even if it was overridden by middleware. See #request_method for
     # more information.
     def method
-      @method ||= check_method(get_header("rack.methodoverride.original_method") || get_header('REQUEST_METHOD'))
+      @method ||= check_method(get_header("rack.methodoverride.original_method") || get_header("REQUEST_METHOD"))
     end
 
     # Returns a symbol form of the #method
@@ -237,7 +241,7 @@ module ActionDispatch
     # (case-insensitive), which may need to be manually added depending on the
     # choice of JavaScript libraries and frameworks.
     def xml_http_request?
-      get_header('HTTP_X_REQUESTED_WITH') =~ /XMLHttpRequest/i
+      get_header("HTTP_X_REQUESTED_WITH") =~ /XMLHttpRequest/i
     end
     alias :xhr? :xml_http_request?
 
@@ -276,24 +280,24 @@ module ActionDispatch
 
     # Returns the lowercase name of the HTTP server software.
     def server_software
-      (get_header('SERVER_SOFTWARE') && /^([a-zA-Z]+)/ =~ get_header('SERVER_SOFTWARE')) ? $1.downcase : nil
+      (get_header("SERVER_SOFTWARE") && /^([a-zA-Z]+)/ =~ get_header("SERVER_SOFTWARE")) ? $1.downcase : nil
     end
 
     # Read the request \body. This is useful for web services that need to
     # work with raw requests directly.
     def raw_post
-      unless has_header? 'RAW_POST_DATA'
+      unless has_header? "RAW_POST_DATA"
         raw_post_body = body
-        set_header('RAW_POST_DATA', raw_post_body.read(content_length))
+        set_header("RAW_POST_DATA", raw_post_body.read(content_length))
         raw_post_body.rewind if raw_post_body.respond_to?(:rewind)
       end
-      get_header 'RAW_POST_DATA'
+      get_header "RAW_POST_DATA"
     end
 
     # The request body is an IO input stream. If the RAW_POST_DATA environment
     # variable is already set, wrap it in a StringIO.
     def body
-      if raw_post = get_header('RAW_POST_DATA')
+      if raw_post = get_header("RAW_POST_DATA")
         raw_post.force_encoding(Encoding::BINARY)
         StringIO.new(raw_post)
       else
@@ -314,7 +318,7 @@ module ActionDispatch
     end
 
     def body_stream #:nodoc:
-      get_header('rack.input')
+      get_header("rack.input")
     end
 
     # TODO This should be broken apart into AD::Request::Session and probably
@@ -356,7 +360,7 @@ module ActionDispatch
         end
         self.request_parameters = Request::Utils.normalize_encode_params(pr)
       end
-    rescue ParamsParser::ParseError # one of the parse strategies blew up
+    rescue Http::Parameters::ParseError # one of the parse strategies blew up
       self.request_parameters = Request::Utils.normalize_encode_params(super || {})
       raise
     rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
@@ -367,10 +371,10 @@ module ActionDispatch
     # Returns the authorization header regardless of whether it was specified directly or through one of the
     # proxy alternatives.
     def authorization
-      get_header('HTTP_AUTHORIZATION')   ||
-      get_header('X-HTTP_AUTHORIZATION') ||
-      get_header('X_HTTP_AUTHORIZATION') ||
-      get_header('REDIRECT_X_HTTP_AUTHORIZATION')
+      get_header("HTTP_AUTHORIZATION")   ||
+      get_header("X-HTTP_AUTHORIZATION") ||
+      get_header("X_HTTP_AUTHORIZATION") ||
+      get_header("REDIRECT_X_HTTP_AUTHORIZATION")
     end
 
     # True if the request came from localhost, 127.0.0.1, or ::1.
@@ -391,7 +395,7 @@ module ActionDispatch
     end
 
     def ssl?
-      super || scheme == 'wss'.freeze
+      super || scheme == "wss".freeze
     end
 
     private

data/lib/action_dispatch/http/response.rb

@@ -1,7 +1,7 @@
-require 'active_support/core_ext/module/attribute_accessors'
-require 'action_dispatch/http/filter_redirect'
-require 'action_dispatch/http/cache'
-require 'monitor'
+require "active_support/core_ext/module/attribute_accessors"
+require "action_dispatch/http/filter_redirect"
+require "action_dispatch/http/cache"
+require "monitor"
 
 module ActionDispatch # :nodoc:
   # Represents an HTTP response generated by a controller action. Use it to
@@ -39,9 +39,9 @@ module ActionDispatch # :nodoc:
         super(header)
       end
 
-      def []=(k,v)
+      def []=(k, v)
         if @response.sending? || @response.sent?
-          raise ActionDispatch::IllegalStateError, 'header already sent'
+          raise ActionDispatch::IllegalStateError, "header already sent"
         end
 
         super
@@ -67,7 +67,7 @@ module ActionDispatch # :nodoc:
 
     alias_method :headers,  :header
 
-    delegate :[], :[]=, :to => :@header
+    delegate :[], :[]=, to: :@header
 
     def each(&block)
       sending!
@@ -103,8 +103,8 @@ module ActionDispatch # :nodoc:
 
       def body
         @str_body ||= begin
-          buf = ''
-            each { |chunk| buf << chunk }
+          buf = ""
+          each { |chunk| buf << chunk }
           buf
         end
       end
@@ -251,7 +251,7 @@ module ActionDispatch # :nodoc:
       end
     end
 
-    # Sets the HTTP character set. In case of nil parameter
+    # Sets the HTTP character set. In case of +nil+ parameter
     # it sets the charset to utf-8.
     #
     #   response.charset = 'utf-16' # => 'utf-16'
@@ -333,7 +333,7 @@ module ActionDispatch # :nodoc:
 
       # Stream the file's contents if Rack::Sendfile isn't present.
       def each
-        File.open(to_path, 'rb') do |file|
+        File.open(to_path, "rb") do |file|
           while chunk = file.read(16384)
             yield chunk
           end
@@ -393,7 +393,7 @@ module ActionDispatch # :nodoc:
       if header = get_header(SET_COOKIE)
         header = header.split("\n") if header.respond_to?(:to_str)
         header.each do |cookie|
-          if pair = cookie.split(';').first
+          if pair = cookie.split(";").first
             key, value = pair.split("=").map { |v| Rack::Utils.unescape(v) }
             cookies[key] = value
           end
@@ -424,8 +424,8 @@ module ActionDispatch # :nodoc:
     end
 
     def set_content_type(content_type, charset)
-      type = (content_type || '').dup
-      type << "; charset=#{charset}" if charset
+      type = (content_type || "").dup
+      type << "; charset=#{charset.to_s.downcase}" if charset
       set_header CONTENT_TYPE, type
     end
 
@@ -484,7 +484,7 @@ module ActionDispatch # :nodoc:
       end
 
       def respond_to?(method, include_private = false)
-        if method.to_s == 'to_path'
+        if method.to_s == "to_path"
           @response.stream.respond_to?(method)
         else
           super
@@ -503,7 +503,7 @@ module ActionDispatch # :nodoc:
     def handle_no_content!
       if NO_CONTENT_CODES.include?(@status)
         @header.delete CONTENT_TYPE
-        @header.delete 'Content-Length'
+        @header.delete "Content-Length"
       end
     end
 

data/lib/action_dispatch/http/upload.rb

@@ -24,27 +24,23 @@ module ActionDispatch
       attr_accessor :headers
 
       def initialize(hash) # :nodoc:
-        @tempfile          = hash[:tempfile]
-        raise(ArgumentError, ':tempfile is required') unless @tempfile
-
-        if hash[:filename]
-          @original_filename = hash[:filename].dup
+        @tempfile = hash[:tempfile]
+        raise(ArgumentError, ":tempfile is required") unless @tempfile
 
+        @original_filename = hash[:filename]
+        if @original_filename
           begin
             @original_filename.encode!(Encoding::UTF_8)
           rescue EncodingError
             @original_filename.force_encoding(Encoding::UTF_8)
           end
-        else
-          @original_filename = nil
         end
-
         @content_type      = hash[:type]
         @headers           = hash[:head]
       end
 
       # Shortcut for +tempfile.read+.
-      def read(length=nil, buffer=nil)
+      def read(length = nil, buffer = nil)
         @tempfile.read(length, buffer)
       end
 
@@ -54,7 +50,7 @@ module ActionDispatch
       end
 
       # Shortcut for +tempfile.close+.
-      def close(unlink_now=false)
+      def close(unlink_now = false)
         @tempfile.close(unlink_now)
       end