actionpack 5.1.7 → 5.2.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +282 -362
- data/MIT-LICENSE +1 -1
- data/README.rdoc +5 -5
- data/lib/abstract_controller.rb +3 -0
- data/lib/abstract_controller/asset_paths.rb +2 -0
- data/lib/abstract_controller/base.rb +10 -2
- data/lib/abstract_controller/caching.rb +3 -2
- data/lib/abstract_controller/caching/fragments.rb +30 -7
- data/lib/abstract_controller/callbacks.rb +25 -3
- data/lib/abstract_controller/collector.rb +2 -0
- data/lib/abstract_controller/error.rb +2 -0
- data/lib/abstract_controller/helpers.rb +4 -5
- data/lib/abstract_controller/logger.rb +2 -0
- data/lib/abstract_controller/railties/routes_helpers.rb +2 -0
- data/lib/abstract_controller/rendering.rb +9 -16
- data/lib/abstract_controller/translation.rb +2 -0
- data/lib/abstract_controller/url_for.rb +2 -0
- data/lib/action_controller.rb +3 -0
- data/lib/action_controller/api.rb +2 -0
- data/lib/action_controller/api/api_rendering.rb +2 -0
- data/lib/action_controller/base.rb +3 -0
- data/lib/action_controller/caching.rb +2 -0
- data/lib/action_controller/form_builder.rb +2 -0
- data/lib/action_controller/log_subscriber.rb +5 -3
- data/lib/action_controller/metal.rb +13 -14
- data/lib/action_controller/metal/basic_implicit_render.rb +2 -0
- data/lib/action_controller/metal/conditional_get.rb +4 -3
- data/lib/action_controller/metal/content_security_policy.rb +52 -0
- data/lib/action_controller/metal/cookies.rb +2 -0
- data/lib/action_controller/metal/data_streaming.rb +7 -5
- data/lib/action_controller/metal/etag_with_flash.rb +2 -0
- data/lib/action_controller/metal/etag_with_template_digest.rb +3 -2
- data/lib/action_controller/metal/exceptions.rb +2 -3
- data/lib/action_controller/metal/flash.rb +3 -2
- data/lib/action_controller/metal/force_ssl.rb +4 -2
- data/lib/action_controller/metal/head.rb +2 -0
- data/lib/action_controller/metal/helpers.rb +4 -3
- data/lib/action_controller/metal/http_authentication.rb +8 -9
- data/lib/action_controller/metal/implicit_render.rb +2 -0
- data/lib/action_controller/metal/instrumentation.rb +4 -6
- data/lib/action_controller/metal/live.rb +3 -1
- data/lib/action_controller/metal/mime_responds.rb +3 -1
- data/lib/action_controller/metal/parameter_encoding.rb +2 -0
- data/lib/action_controller/metal/params_wrapper.rb +14 -10
- data/lib/action_controller/metal/redirecting.rb +22 -11
- data/lib/action_controller/metal/renderers.rb +4 -3
- data/lib/action_controller/metal/rendering.rb +2 -2
- data/lib/action_controller/metal/request_forgery_protection.rb +62 -10
- data/lib/action_controller/metal/rescue.rb +5 -3
- data/lib/action_controller/metal/streaming.rb +3 -1
- data/lib/action_controller/metal/strong_parameters.rb +36 -25
- data/lib/action_controller/metal/testing.rb +2 -6
- data/lib/action_controller/metal/url_for.rb +2 -0
- data/lib/action_controller/railtie.rb +16 -4
- data/lib/action_controller/railties/helpers.rb +2 -0
- data/lib/action_controller/renderer.rb +2 -0
- data/lib/action_controller/template_assertions.rb +2 -0
- data/lib/action_controller/test_case.rb +16 -10
- data/lib/action_dispatch.rb +9 -5
- data/lib/action_dispatch/http/cache.rb +22 -14
- data/lib/action_dispatch/http/content_security_policy.rb +272 -0
- data/lib/action_dispatch/http/filter_parameters.rb +4 -2
- data/lib/action_dispatch/http/filter_redirect.rb +2 -0
- data/lib/action_dispatch/http/headers.rb +2 -0
- data/lib/action_dispatch/http/mime_negotiation.rb +4 -8
- data/lib/action_dispatch/http/mime_type.rb +15 -13
- data/lib/action_dispatch/http/mime_types.rb +17 -2
- data/lib/action_dispatch/http/parameter_filter.rb +2 -0
- data/lib/action_dispatch/http/parameters.rb +6 -9
- data/lib/action_dispatch/http/rack_cache.rb +2 -0
- data/lib/action_dispatch/http/request.rb +36 -16
- data/lib/action_dispatch/http/response.rb +11 -9
- data/lib/action_dispatch/http/upload.rb +2 -0
- data/lib/action_dispatch/http/url.rb +5 -6
- data/lib/action_dispatch/journey.rb +2 -0
- data/lib/action_dispatch/journey/formatter.rb +4 -2
- data/lib/action_dispatch/journey/gtg/builder.rb +2 -0
- data/lib/action_dispatch/journey/gtg/simulator.rb +2 -8
- data/lib/action_dispatch/journey/gtg/transition_table.rb +3 -2
- data/lib/action_dispatch/journey/nfa/builder.rb +2 -0
- data/lib/action_dispatch/journey/nfa/dot.rb +12 -10
- data/lib/action_dispatch/journey/nfa/simulator.rb +2 -0
- data/lib/action_dispatch/journey/nfa/transition_table.rb +2 -0
- data/lib/action_dispatch/journey/nodes/node.rb +2 -0
- data/lib/action_dispatch/journey/parser_extras.rb +2 -0
- data/lib/action_dispatch/journey/path/pattern.rb +4 -1
- data/lib/action_dispatch/journey/route.rb +15 -6
- data/lib/action_dispatch/journey/router.rb +3 -1
- data/lib/action_dispatch/journey/router/utils.rb +14 -7
- data/lib/action_dispatch/journey/routes.rb +3 -1
- data/lib/action_dispatch/journey/scanner.rb +1 -0
- data/lib/action_dispatch/journey/visitors.rb +5 -3
- data/lib/action_dispatch/middleware/callbacks.rb +2 -0
- data/lib/action_dispatch/middleware/cookies.rb +148 -91
- data/lib/action_dispatch/middleware/debug_exceptions.rb +4 -2
- data/lib/action_dispatch/middleware/debug_locks.rb +9 -7
- data/lib/action_dispatch/middleware/exception_wrapper.rb +5 -6
- data/lib/action_dispatch/middleware/executor.rb +2 -0
- data/lib/action_dispatch/middleware/flash.rb +4 -2
- data/lib/action_dispatch/middleware/public_exceptions.rb +6 -4
- data/lib/action_dispatch/middleware/reloader.rb +2 -0
- data/lib/action_dispatch/middleware/remote_ip.rb +7 -5
- data/lib/action_dispatch/middleware/request_id.rb +3 -1
- data/lib/action_dispatch/middleware/session/abstract_store.rb +17 -1
- data/lib/action_dispatch/middleware/session/cache_store.rb +13 -6
- data/lib/action_dispatch/middleware/session/cookie_store.rb +31 -32
- data/lib/action_dispatch/middleware/session/mem_cache_store.rb +2 -0
- data/lib/action_dispatch/middleware/show_exceptions.rb +3 -1
- data/lib/action_dispatch/middleware/ssl.rb +44 -38
- data/lib/action_dispatch/middleware/stack.rb +4 -2
- data/lib/action_dispatch/middleware/static.rb +14 -12
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +21 -0
- data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +13 -0
- data/lib/action_dispatch/middleware/templates/rescues/layout.erb +1 -0
- data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +6 -2
- data/lib/action_dispatch/railtie.rb +11 -1
- data/lib/action_dispatch/request/session.rb +16 -5
- data/lib/action_dispatch/request/utils.rb +6 -4
- data/lib/action_dispatch/routing.rb +3 -1
- data/lib/action_dispatch/routing/endpoint.rb +9 -2
- data/lib/action_dispatch/routing/inspector.rb +6 -4
- data/lib/action_dispatch/routing/mapper.rb +64 -52
- data/lib/action_dispatch/routing/polymorphic_routes.rb +2 -0
- data/lib/action_dispatch/routing/redirection.rb +7 -5
- data/lib/action_dispatch/routing/route_set.rb +29 -24
- data/lib/action_dispatch/routing/routes_proxy.rb +5 -2
- data/lib/action_dispatch/routing/url_for.rb +25 -5
- data/lib/action_dispatch/system_test_case.rb +22 -6
- data/lib/action_dispatch/system_testing/browser.rb +49 -0
- data/lib/action_dispatch/system_testing/driver.rb +9 -3
- data/lib/action_dispatch/system_testing/server.rb +2 -16
- data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +12 -14
- data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +8 -2
- data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb +26 -0
- data/lib/action_dispatch/testing/assertion_response.rb +2 -0
- data/lib/action_dispatch/testing/assertions.rb +2 -0
- data/lib/action_dispatch/testing/assertions/response.rb +4 -2
- data/lib/action_dispatch/testing/assertions/routing.rb +5 -5
- data/lib/action_dispatch/testing/integration.rb +24 -21
- data/lib/action_dispatch/testing/request_encoder.rb +3 -1
- data/lib/action_dispatch/testing/test_process.rb +2 -0
- data/lib/action_dispatch/testing/test_request.rb +3 -1
- data/lib/action_dispatch/testing/test_response.rb +23 -3
- data/lib/action_pack.rb +3 -1
- data/lib/action_pack/gem_version.rb +5 -3
- data/lib/action_pack/version.rb +2 -0
- metadata +23 -11
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionController
|
2
4
|
class LogSubscriber < ActiveSupport::LogSubscriber
|
3
5
|
INTERNAL_PARAMS = %w(controller action format _method only_path)
|
@@ -24,7 +26,7 @@ module ActionController
|
|
24
26
|
exception_class_name = payload[:exception].first
|
25
27
|
status = ActionDispatch::ExceptionWrapper.status_code_for_exception(exception_class_name)
|
26
28
|
end
|
27
|
-
message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
|
29
|
+
message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms".dup
|
28
30
|
message << " (#{additions.join(" | ".freeze)})" unless additions.empty?
|
29
31
|
message << "\n\n" if defined?(Rails.env) && Rails.env.development?
|
30
32
|
|
@@ -60,9 +62,9 @@ module ActionController
|
|
60
62
|
class_eval <<-METHOD, __FILE__, __LINE__ + 1
|
61
63
|
def #{method}(event)
|
62
64
|
return unless logger.info? && ActionController::Base.enable_fragment_cache_logging
|
63
|
-
|
65
|
+
key = ActiveSupport::Cache.expand_cache_key(event.payload[:key] || event.payload[:path])
|
64
66
|
human_name = #{method.to_s.humanize.inspect}
|
65
|
-
info("\#{human_name} \#{
|
67
|
+
info("\#{human_name} \#{key} (\#{event.duration.round(1)}ms)")
|
66
68
|
end
|
67
69
|
METHOD
|
68
70
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "active_support/core_ext/array/extract_options"
|
2
4
|
require "action_dispatch/middleware/stack"
|
3
5
|
require "action_dispatch/http/request"
|
@@ -24,10 +26,10 @@ module ActionController
|
|
24
26
|
end
|
25
27
|
end
|
26
28
|
|
27
|
-
def build(action, app =
|
29
|
+
def build(action, app = nil, &block)
|
28
30
|
action = action.to_s
|
29
31
|
|
30
|
-
middlewares.reverse.inject(app) do |a, middleware|
|
32
|
+
middlewares.reverse.inject(app || block) do |a, middleware|
|
31
33
|
middleware.valid?(action) ? middleware.build(a) : a
|
32
34
|
end
|
33
35
|
end
|
@@ -208,8 +210,7 @@ module ActionController
|
|
208
210
|
@_request.reset_session
|
209
211
|
end
|
210
212
|
|
211
|
-
class_attribute :middleware_stack
|
212
|
-
self.middleware_stack = ActionController::MiddlewareStack.new
|
213
|
+
class_attribute :middleware_stack, default: ActionController::MiddlewareStack.new
|
213
214
|
|
214
215
|
def self.inherited(base) # :nodoc:
|
215
216
|
base.middleware_stack = middleware_stack.dup
|
@@ -229,18 +230,16 @@ module ActionController
|
|
229
230
|
|
230
231
|
# Returns a Rack endpoint for the given action name.
|
231
232
|
def self.action(name)
|
233
|
+
app = lambda { |env|
|
234
|
+
req = ActionDispatch::Request.new(env)
|
235
|
+
res = make_response! req
|
236
|
+
new.dispatch(name, req, res)
|
237
|
+
}
|
238
|
+
|
232
239
|
if middleware_stack.any?
|
233
|
-
middleware_stack.build(name)
|
234
|
-
req = ActionDispatch::Request.new(env)
|
235
|
-
res = make_response! req
|
236
|
-
new.dispatch(name, req, res)
|
237
|
-
end
|
240
|
+
middleware_stack.build(name, app)
|
238
241
|
else
|
239
|
-
|
240
|
-
req = ActionDispatch::Request.new(env)
|
241
|
-
res = make_response! req
|
242
|
-
new.dispatch(name, req, res)
|
243
|
-
}
|
242
|
+
app
|
244
243
|
end
|
245
244
|
end
|
246
245
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "active_support/core_ext/hash/keys"
|
2
4
|
|
3
5
|
module ActionController
|
@@ -7,8 +9,7 @@ module ActionController
|
|
7
9
|
include Head
|
8
10
|
|
9
11
|
included do
|
10
|
-
class_attribute :etaggers
|
11
|
-
self.etaggers = []
|
12
|
+
class_attribute :etaggers, default: []
|
12
13
|
end
|
13
14
|
|
14
15
|
module ClassMethods
|
@@ -227,7 +228,7 @@ module ActionController
|
|
227
228
|
# expires_in 3.hours, public: true, must_revalidate: true
|
228
229
|
#
|
229
230
|
# This method will overwrite an existing Cache-Control header.
|
230
|
-
# See
|
231
|
+
# See https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities.
|
231
232
|
#
|
232
233
|
# The method will also ensure an HTTP Date header for client compatibility.
|
233
234
|
def expires_in(seconds, options = {})
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ActionController #:nodoc:
|
4
|
+
module ContentSecurityPolicy
|
5
|
+
# TODO: Documentation
|
6
|
+
extend ActiveSupport::Concern
|
7
|
+
|
8
|
+
include AbstractController::Helpers
|
9
|
+
include AbstractController::Callbacks
|
10
|
+
|
11
|
+
included do
|
12
|
+
helper_method :content_security_policy?
|
13
|
+
helper_method :content_security_policy_nonce
|
14
|
+
end
|
15
|
+
|
16
|
+
module ClassMethods
|
17
|
+
def content_security_policy(enabled = true, **options, &block)
|
18
|
+
before_action(options) do
|
19
|
+
if block_given?
|
20
|
+
policy = current_content_security_policy
|
21
|
+
yield policy
|
22
|
+
request.content_security_policy = policy
|
23
|
+
end
|
24
|
+
|
25
|
+
unless enabled
|
26
|
+
request.content_security_policy = nil
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
def content_security_policy_report_only(report_only = true, **options)
|
32
|
+
before_action(options) do
|
33
|
+
request.content_security_policy_report_only = report_only
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
private
|
39
|
+
|
40
|
+
def content_security_policy?
|
41
|
+
request.content_security_policy
|
42
|
+
end
|
43
|
+
|
44
|
+
def content_security_policy_nonce
|
45
|
+
request.content_security_policy_nonce
|
46
|
+
end
|
47
|
+
|
48
|
+
def current_content_security_policy
|
49
|
+
request.content_security_policy.try(:clone) || ActionDispatch::ContentSecurityPolicy.new
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "action_controller/metal/exceptions"
|
2
4
|
|
3
5
|
module ActionController #:nodoc:
|
@@ -54,14 +56,14 @@ module ActionController #:nodoc:
|
|
54
56
|
#
|
55
57
|
# Read about the other Content-* HTTP headers if you'd like to
|
56
58
|
# provide the user with more information (such as Content-Description) in
|
57
|
-
#
|
59
|
+
# https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
|
58
60
|
#
|
59
61
|
# Also be aware that the document may be cached by proxies and browsers.
|
60
62
|
# The Pragma and Cache-Control headers declare how the file may be cached
|
61
63
|
# by intermediaries. They default to require clients to validate with
|
62
64
|
# the server before releasing cached responses. See
|
63
|
-
#
|
64
|
-
#
|
65
|
+
# https://www.mnot.net/cache_docs/ for an overview of web caching and
|
66
|
+
# https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
|
65
67
|
# for the Cache-Control header spec.
|
66
68
|
def send_file(path, options = {}) #:doc:
|
67
69
|
raise MissingFile, "Cannot read file #{path}" unless File.file?(path) && File.readable?(path)
|
@@ -111,10 +113,10 @@ module ActionController #:nodoc:
|
|
111
113
|
def send_file_headers!(options)
|
112
114
|
type_provided = options.has_key?(:type)
|
113
115
|
|
114
|
-
|
116
|
+
content_type = options.fetch(:type, DEFAULT_SEND_FILE_TYPE)
|
117
|
+
self.content_type = content_type
|
115
118
|
response.sending_file = true
|
116
119
|
|
117
|
-
content_type = options.fetch(:type, DEFAULT_SEND_FILE_TYPE)
|
118
120
|
raise ArgumentError, ":type option required" if content_type.nil?
|
119
121
|
|
120
122
|
if content_type.is_a?(Symbol)
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionController
|
2
4
|
# When our views change, they should bubble up into HTTP cache freshness
|
3
5
|
# and bust browser caches. So the template digest for the current action
|
@@ -22,8 +24,7 @@ module ActionController
|
|
22
24
|
include ActionController::ConditionalGet
|
23
25
|
|
24
26
|
included do
|
25
|
-
class_attribute :etag_with_template_digest
|
26
|
-
self.etag_with_template_digest = true
|
27
|
+
class_attribute :etag_with_template_digest, default: true
|
27
28
|
|
28
29
|
ActiveSupport.on_load :action_view, yield: true do
|
29
30
|
etag do |options|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionController
|
2
4
|
class ActionControllerError < StandardError #:nodoc:
|
3
5
|
end
|
@@ -32,9 +34,6 @@ module ActionController
|
|
32
34
|
class NotImplemented < MethodNotAllowed #:nodoc:
|
33
35
|
end
|
34
36
|
|
35
|
-
class UnknownController < ActionControllerError #:nodoc:
|
36
|
-
end
|
37
|
-
|
38
37
|
class MissingFile < ActionControllerError #:nodoc:
|
39
38
|
end
|
40
39
|
|
@@ -1,10 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionController #:nodoc:
|
2
4
|
module Flash
|
3
5
|
extend ActiveSupport::Concern
|
4
6
|
|
5
7
|
included do
|
6
|
-
class_attribute :_flash_types, instance_accessor: false
|
7
|
-
self._flash_types = []
|
8
|
+
class_attribute :_flash_types, instance_accessor: false, default: []
|
8
9
|
|
9
10
|
delegate :flash, to: :request
|
10
11
|
add_flash_types(:alert, :notice)
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "active_support/core_ext/hash/except"
|
2
4
|
require "active_support/core_ext/hash/slice"
|
3
5
|
|
@@ -37,7 +39,7 @@ module ActionController
|
|
37
39
|
# end
|
38
40
|
#
|
39
41
|
# ==== URL Options
|
40
|
-
# You can pass any of the following options to affect the redirect
|
42
|
+
# You can pass any of the following options to affect the redirect URL
|
41
43
|
# * <tt>host</tt> - Redirect to a different host name
|
42
44
|
# * <tt>subdomain</tt> - Redirect to a different subdomain
|
43
45
|
# * <tt>domain</tt> - Redirect to a different domain
|
@@ -71,7 +73,7 @@ module ActionController
|
|
71
73
|
# Redirect the existing request to use the HTTPS protocol.
|
72
74
|
#
|
73
75
|
# ==== Parameters
|
74
|
-
# * <tt>host_or_options</tt> - Either a host name or any of the
|
76
|
+
# * <tt>host_or_options</tt> - Either a host name or any of the URL and
|
75
77
|
# redirect options available to the <tt>force_ssl</tt> method.
|
76
78
|
def force_ssl_redirect(host_or_options = nil)
|
77
79
|
unless request.ssl?
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module ActionController
|
2
4
|
# The \Rails framework provides a large number of helpers for working with assets, dates, forms,
|
3
5
|
# numbers and model objects, to name a few. These helpers are available to all templates
|
@@ -53,9 +55,8 @@ module ActionController
|
|
53
55
|
include AbstractController::Helpers
|
54
56
|
|
55
57
|
included do
|
56
|
-
class_attribute :helpers_path, :
|
57
|
-
|
58
|
-
self.include_all_helpers = true
|
58
|
+
class_attribute :helpers_path, default: []
|
59
|
+
class_attribute :include_all_helpers, default: true
|
59
60
|
end
|
60
61
|
|
61
62
|
module ClassMethods
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "base64"
|
2
4
|
require "active_support/security_utils"
|
3
5
|
|
@@ -70,10 +72,10 @@ module ActionController
|
|
70
72
|
before_action(options.except(:name, :password, :realm)) do
|
71
73
|
authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password|
|
72
74
|
# This comparison uses & so that it doesn't short circuit and
|
73
|
-
# uses `
|
75
|
+
# uses `secure_compare` so that length information
|
74
76
|
# isn't leaked.
|
75
|
-
ActiveSupport::SecurityUtils.
|
76
|
-
ActiveSupport::SecurityUtils.
|
77
|
+
ActiveSupport::SecurityUtils.secure_compare(name, options[:name]) &
|
78
|
+
ActiveSupport::SecurityUtils.secure_compare(password, options[:password])
|
77
79
|
end
|
78
80
|
end
|
79
81
|
end
|
@@ -246,7 +248,7 @@ module ActionController
|
|
246
248
|
def decode_credentials(header)
|
247
249
|
ActiveSupport::HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/, "").split(",").map do |pair|
|
248
250
|
key, value = pair.split("=", 2)
|
249
|
-
[key.strip, value.to_s.gsub(/^"|"$/, "").delete('
|
251
|
+
[key.strip, value.to_s.gsub(/^"|"$/, "").delete("'")]
|
250
252
|
end]
|
251
253
|
end
|
252
254
|
|
@@ -348,10 +350,7 @@ module ActionController
|
|
348
350
|
# authenticate_or_request_with_http_token do |token, options|
|
349
351
|
# # Compare the tokens in a time-constant manner, to mitigate
|
350
352
|
# # timing attacks.
|
351
|
-
# ActiveSupport::SecurityUtils.secure_compare(
|
352
|
-
# ::Digest::SHA256.hexdigest(token),
|
353
|
-
# ::Digest::SHA256.hexdigest(TOKEN)
|
354
|
-
# )
|
353
|
+
# ActiveSupport::SecurityUtils.secure_compare(token, TOKEN)
|
355
354
|
# end
|
356
355
|
# end
|
357
356
|
# end
|
@@ -475,7 +474,7 @@ module ActionController
|
|
475
474
|
|
476
475
|
# This removes the <tt>"</tt> characters wrapping the value.
|
477
476
|
def rewrite_param_values(array_params)
|
478
|
-
array_params.each { |param| (param[1] || "").gsub! %r/^"|"$/, "" }
|
477
|
+
array_params.each { |param| (param[1] || "".dup).gsub! %r/^"|"$/, "" }
|
479
478
|
end
|
480
479
|
|
481
480
|
# This method takes an authorization body and splits up the key-value
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "benchmark"
|
2
4
|
require "abstract_controller/logger"
|
3
5
|
|
@@ -81,16 +83,13 @@ module ActionController
|
|
81
83
|
# def cleanup_view_runtime
|
82
84
|
# super - time_taken_in_something_expensive
|
83
85
|
# end
|
84
|
-
#
|
85
|
-
# :api: plugin
|
86
|
-
def cleanup_view_runtime
|
86
|
+
def cleanup_view_runtime # :doc:
|
87
87
|
yield
|
88
88
|
end
|
89
89
|
|
90
90
|
# Every time after an action is processed, this method is invoked
|
91
91
|
# with the payload, so you can add more information.
|
92
|
-
# :
|
93
|
-
def append_info_to_payload(payload)
|
92
|
+
def append_info_to_payload(payload) # :doc:
|
94
93
|
payload[:view_runtime] = view_runtime
|
95
94
|
end
|
96
95
|
|
@@ -98,7 +97,6 @@ module ActionController
|
|
98
97
|
# A hook which allows other frameworks to log what happened during
|
99
98
|
# controller process action. This method should return an array
|
100
99
|
# with the messages to be added.
|
101
|
-
# :api: plugin
|
102
100
|
def log_process_action(payload) #:nodoc:
|
103
101
|
messages, view_runtime = [], payload[:view_runtime]
|
104
102
|
messages << ("Views: %.1fms" % view_runtime.to_f) if view_runtime
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "action_dispatch/http/response"
|
2
4
|
require "delegate"
|
3
5
|
require "active_support/json"
|
@@ -295,7 +297,7 @@ module ActionController
|
|
295
297
|
return unless logger
|
296
298
|
|
297
299
|
logger.fatal do
|
298
|
-
message = "\n#{exception.class} (#{exception.message}):\n"
|
300
|
+
message = "\n#{exception.class} (#{exception.message}):\n".dup
|
299
301
|
message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code)
|
300
302
|
message << " " << exception.backtrace.join("\n ")
|
301
303
|
"#{message}\n\n"
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "abstract_controller/collector"
|
2
4
|
|
3
5
|
module ActionController #:nodoc:
|
@@ -182,7 +184,7 @@ module ActionController #:nodoc:
|
|
182
184
|
# request.variant = [:tablet, :phone]
|
183
185
|
#
|
184
186
|
# This will work similarly to formats and MIME types negotiation. If there
|
185
|
-
# is no +:tablet+ variant declared, +:phone+ variant will be
|
187
|
+
# is no +:tablet+ variant declared, the +:phone+ variant will be used:
|
186
188
|
#
|
187
189
|
# respond_to do |format|
|
188
190
|
# format.html.none
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "active_support/core_ext/hash/slice"
|
2
4
|
require "active_support/core_ext/hash/except"
|
3
5
|
require "active_support/core_ext/module/anonymous"
|
@@ -91,7 +93,7 @@ module ActionController
|
|
91
93
|
end
|
92
94
|
|
93
95
|
def model
|
94
|
-
super ||
|
96
|
+
super || self.model = _default_wrap_model
|
95
97
|
end
|
96
98
|
|
97
99
|
def include
|
@@ -110,6 +112,14 @@ module ActionController
|
|
110
112
|
else
|
111
113
|
self.include = m.attribute_names
|
112
114
|
end
|
115
|
+
|
116
|
+
if m.respond_to?(:nested_attributes_options) && m.nested_attributes_options.keys.any?
|
117
|
+
self.include += m.nested_attributes_options.keys.map do |key|
|
118
|
+
key.to_s.dup.concat("_attributes")
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
self.include
|
113
123
|
end
|
114
124
|
end
|
115
125
|
end
|
@@ -159,8 +169,7 @@ module ActionController
|
|
159
169
|
end
|
160
170
|
|
161
171
|
included do
|
162
|
-
class_attribute :_wrapper_options
|
163
|
-
self._wrapper_options = Options.from_hash(format: [])
|
172
|
+
class_attribute :_wrapper_options, default: Options.from_hash(format: [])
|
164
173
|
end
|
165
174
|
|
166
175
|
module ClassMethods
|
@@ -233,12 +242,7 @@ module ActionController
|
|
233
242
|
# by the metal call stack.
|
234
243
|
def process_action(*args)
|
235
244
|
if _wrapper_enabled?
|
236
|
-
|
237
|
-
wrapped_hash = _extract_parameters(request.parameters)
|
238
|
-
else
|
239
|
-
wrapped_hash = _wrap_parameters request.request_parameters
|
240
|
-
end
|
241
|
-
|
245
|
+
wrapped_hash = _wrap_parameters request.request_parameters
|
242
246
|
wrapped_keys = request.request_parameters.keys
|
243
247
|
wrapped_filtered_hash = _wrap_parameters request.filtered_parameters.slice(*wrapped_keys)
|
244
248
|
|
@@ -283,7 +287,7 @@ module ActionController
|
|
283
287
|
return false unless request.has_content_type?
|
284
288
|
|
285
289
|
ref = request.content_mime_type.ref
|
286
|
-
_wrapper_formats.include?(ref) && _wrapper_key && !request.
|
290
|
+
_wrapper_formats.include?(ref) && _wrapper_key && !request.parameters.key?(_wrapper_key)
|
287
291
|
end
|
288
292
|
end
|
289
293
|
end
|