RubyGems - actionpack - Versions diffs - 6.0.2.1 → 6.0.3.2 - Mend

actionpack 6.0.2.1 → 6.0.3.2

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (65) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +31 -0
data/README.rdoc +1 -1
data/lib/abstract_controller/base.rb +0 -1
data/lib/abstract_controller/caching.rb +1 -1
data/lib/abstract_controller/collector.rb +0 -1
data/lib/abstract_controller/helpers.rb +5 -4
data/lib/abstract_controller/translation.rb +4 -5
data/lib/action_controller/caching.rb +0 -1
data/lib/action_controller/metal.rb +7 -5
data/lib/action_controller/metal/content_security_policy.rb +0 -1
data/lib/action_controller/metal/instrumentation.rb +0 -1
data/lib/action_controller/metal/live.rb +0 -4
data/lib/action_controller/metal/params_wrapper.rb +0 -1
data/lib/action_controller/metal/rendering.rb +0 -1
data/lib/action_controller/metal/request_forgery_protection.rb +27 -9
data/lib/action_controller/metal/streaming.rb +0 -1
data/lib/action_controller/metal/strong_parameters.rb +4 -0
data/lib/action_controller/test_case.rb +7 -5
data/lib/action_dispatch.rb +3 -0
data/lib/action_dispatch/http/cache.rb +0 -1
data/lib/action_dispatch/http/content_security_policy.rb +0 -2
data/lib/action_dispatch/http/filter_parameters.rb +0 -1
data/lib/action_dispatch/http/filter_redirect.rb +0 -1
data/lib/action_dispatch/http/headers.rb +0 -1
data/lib/action_dispatch/http/mime_negotiation.rb +0 -1
data/lib/action_dispatch/http/mime_type.rb +1 -3
data/lib/action_dispatch/http/parameters.rb +1 -2
data/lib/action_dispatch/http/request.rb +9 -1
data/lib/action_dispatch/http/response.rb +0 -1
data/lib/action_dispatch/http/url.rb +0 -1
data/lib/action_dispatch/journey/formatter.rb +0 -1
data/lib/action_dispatch/journey/gtg/builder.rb +0 -1
data/lib/action_dispatch/journey/gtg/transition_table.rb +0 -1
data/lib/action_dispatch/journey/nfa/transition_table.rb +0 -1
data/lib/action_dispatch/journey/path/pattern.rb +0 -1
data/lib/action_dispatch/journey/router.rb +0 -1
data/lib/action_dispatch/journey/routes.rb +0 -1
data/lib/action_dispatch/journey/scanner.rb +0 -1
data/lib/action_dispatch/journey/visitors.rb +0 -3
data/lib/action_dispatch/middleware/actionable_exceptions.rb +1 -1
data/lib/action_dispatch/middleware/cookies.rb +6 -6
data/lib/action_dispatch/middleware/debug_exceptions.rb +7 -3
data/lib/action_dispatch/middleware/debug_view.rb +3 -5
data/lib/action_dispatch/middleware/exception_wrapper.rb +0 -1
data/lib/action_dispatch/middleware/host_authorization.rb +0 -2
data/lib/action_dispatch/middleware/public_exceptions.rb +0 -1
data/lib/action_dispatch/middleware/remote_ip.rb +0 -1
data/lib/action_dispatch/middleware/session/abstract_store.rb +0 -1
data/lib/action_dispatch/middleware/session/cookie_store.rb +0 -1
data/lib/action_dispatch/middleware/show_exceptions.rb +0 -1
data/lib/action_dispatch/middleware/stack.rb +5 -1
data/lib/action_dispatch/middleware/static.rb +1 -1
data/lib/action_dispatch/request/session.rb +0 -1
data/lib/action_dispatch/routing/inspector.rb +0 -2
data/lib/action_dispatch/routing/mapper.rb +2 -3
data/lib/action_dispatch/routing/polymorphic_routes.rb +0 -2
data/lib/action_dispatch/routing/route_set.rb +1 -4
data/lib/action_dispatch/routing/url_for.rb +0 -2
data/lib/action_dispatch/system_test_case.rb +2 -3
data/lib/action_dispatch/system_testing/driver.rb +2 -2
data/lib/action_dispatch/testing/assertion_response.rb +0 -1
data/lib/action_dispatch/testing/integration.rb +22 -7
data/lib/action_pack/gem_version.rb +2 -2
metadata +16 -16

data/lib/action_dispatch/http/mime_negotiation.rb CHANGED

@@ -154,7 +154,6 @@ module ActionDispatch
       end
       private
         BROWSER_LIKE_ACCEPTS = /,\s*\*\/\*|\*\/\*\s*,/
         def valid_accept_header # :doc:

data/lib/action_dispatch/http/mime_type.rb CHANGED

@@ -225,7 +225,7 @@ module Mime
     MIME_NAME = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}"
     MIME_PARAMETER_KEY = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}"
     MIME_PARAMETER_VALUE = "#{Regexp.escape('"')}?[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}#{Regexp.escape('"')}?"
-    MIME_PARAMETER = "\s*\;\s+#{MIME_PARAMETER_KEY}(?:\=#{MIME_PARAMETER_VALUE})?"
+    MIME_PARAMETER = "\s*\;\s*#{MIME_PARAMETER_KEY}(?:\=#{MIME_PARAMETER_VALUE})?"
     MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME})(?:\s*#{MIME_PARAMETER}\s*)*)\z/
     class InvalidMimeType < StandardError; end
@@ -290,11 +290,9 @@ module Mime
     def all?; false; end
     protected
       attr_reader :string, :synonyms
     private
       def to_ary; end
       def to_a; end

data/lib/action_dispatch/http/parameters.rb CHANGED

@@ -85,7 +85,6 @@ module ActionDispatch
       end
       private
         def set_binary_encoding(params, controller, action)
           return params unless controller && controller.valid_encoding?
@@ -99,7 +98,7 @@ module ActionDispatch
         def binary_params_for?(controller, action)
           controller_class_for(controller).binary_params_for?(action)
-        rescue NameError
+        rescue MissingController
           false
         end

data/lib/action_dispatch/http/request.rb CHANGED

@@ -85,7 +85,15 @@ module ActionDispatch
       if name
         controller_param = name.underscore
         const_name = "#{controller_param.camelize}Controller"
-        ActiveSupport::Dependencies.constantize(const_name)
+        begin
+          ActiveSupport::Dependencies.constantize(const_name)
+        rescue NameError => error
+          if error.missing_name == const_name || const_name.start_with?("#{error.missing_name}::")
+            raise MissingController.new(error.message, error.name)
+          else
+            raise
+          end
+        end
       else
         PASS_NOT_FOUND
       end

data/lib/action_dispatch/http/response.rb CHANGED

@@ -143,7 +143,6 @@ module ActionDispatch # :nodoc:
       end
       private
         def each_chunk(&block)
           @buf.each(&block)
         end

data/lib/action_dispatch/http/url.rb CHANGED

@@ -78,7 +78,6 @@ module ActionDispatch
         end
         private
           def add_params(path, params)
             params = { params: params } unless params.is_a?(Hash)
             params.reject! { |_, v| v.to_param.nil? }

data/lib/action_dispatch/journey/formatter.rb CHANGED

@@ -62,7 +62,6 @@ module ActionDispatch
       end
       private
         def extract_parameterized_parts(route, options, recall, parameterize = nil)
           parameterized_parts = recall.merge(options)

data/lib/action_dispatch/journey/gtg/builder.rb CHANGED

@@ -128,7 +128,6 @@ module ActionDispatch
         end
         private
           def followpos_table
             @followpos ||= build_followpos
           end

data/lib/action_dispatch/journey/gtg/transition_table.rb CHANGED

@@ -141,7 +141,6 @@ module ActionDispatch
         end
         private
           def states_hash_for(sym)
             case sym
             when String

data/lib/action_dispatch/journey/nfa/transition_table.rb CHANGED

@@ -94,7 +94,6 @@ module ActionDispatch
         end
         private
           def inverted
             return @inverted if @inverted

data/lib/action_dispatch/journey/path/pattern.rb CHANGED

@@ -174,7 +174,6 @@ module ActionDispatch
         end
         private
           def regexp_visitor
             @anchored ? AnchoredRegexp : UnanchoredRegexp
           end

data/lib/action_dispatch/journey/router.rb CHANGED

@@ -81,7 +81,6 @@ module ActionDispatch
       end
       private
         def partitioned_routes
           routes.partition { |r|
             r.path.anchored && r.ast.grep(Nodes::Symbol).all? { |n| n.default_regexp?  }

data/lib/action_dispatch/journey/routes.rb CHANGED

@@ -71,7 +71,6 @@ module ActionDispatch
       end
       private
         def clear_cache!
           @ast                = nil
           @simulator          = nil

data/lib/action_dispatch/journey/scanner.rb CHANGED

@@ -33,7 +33,6 @@ module ActionDispatch
       end
       private
         # takes advantage of String @- deduping capabilities in Ruby 2.5 upwards
         # see: https://bugs.ruby-lang.org/issues/13077
         def dedup_scan(regex)

data/lib/action_dispatch/journey/visitors.rb CHANGED

@@ -59,7 +59,6 @@ module ActionDispatch
         end
         private
           def visit(node)
             send(DISPATCH_CACHE[node.type], node)
           end
@@ -168,7 +167,6 @@ module ActionDispatch
       class String < FunctionalVisitor # :nodoc:
         private
           def binary(node, seed)
             visit(node.right, visit(node.left, seed))
           end
@@ -214,7 +212,6 @@ module ActionDispatch
         end
         private
           def binary(node, seed)
             seed.last.concat node.children.map { |c|
               "#{node.object_id} -> #{c.object_id};"

data/lib/action_dispatch/middleware/actionable_exceptions.rb CHANGED

@@ -23,7 +23,7 @@ module ActionDispatch
     private
       def actionable_request?(request)
-        request.show_exceptions? && request.post? && request.path == endpoint
+        request.get_header("action_dispatch.show_detailed_exceptions")  && request.post? && request.path == endpoint
       end
       def redirect_to(location)

data/lib/action_dispatch/middleware/cookies.rb CHANGED

@@ -252,7 +252,6 @@ module ActionDispatch
       end
       private
         def upgrade_legacy_hmac_aes_cbc_cookies?
           request.secret_key_base.present? &&
             request.encrypted_signed_cookie_salt.present? &&
@@ -428,7 +427,6 @@ module ActionDispatch
       mattr_accessor :always_write_cookie, default: false
       private
         def escape(string)
           ::Rack::Utils.escape(string)
         end
@@ -573,7 +571,8 @@ module ActionDispatch
         secret = request.key_generator.generate_key(request.signed_cookie_salt)
         @verifier = ActiveSupport::MessageVerifier.new(secret, digest: signed_cookie_digest, serializer: SERIALIZER)
-        request.cookies_rotations.signed.each do |*secrets, **options|
+        request.cookies_rotations.signed.each do |(*secrets)|
+          options = secrets.extract_options!
           @verifier.rotate(*secrets, serializer: SERIALIZER, **options)
         end
       end
@@ -586,7 +585,7 @@ module ActionDispatch
         end
         def commit(name, options)
-          options[:value] = @verifier.generate(serialize(options[:value]), cookie_metadata(name, options))
+          options[:value] = @verifier.generate(serialize(options[:value]), **cookie_metadata(name, options))
           raise CookieOverflow if options[:value].bytesize > MAX_COOKIE_SIZE
         end
@@ -609,7 +608,8 @@ module ActionDispatch
           @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: SERIALIZER)
         end
-        request.cookies_rotations.encrypted.each do |*secrets, **options|
+        request.cookies_rotations.encrypted.each do |(*secrets)|
+          options = secrets.extract_options!
           @encryptor.rotate(*secrets, serializer: SERIALIZER, **options)
         end
@@ -632,7 +632,7 @@ module ActionDispatch
         end
         def commit(name, options)
-          options[:value] = @encryptor.encrypt_and_sign(serialize(options[:value]), cookie_metadata(name, options))
+          options[:value] = @encryptor.encrypt_and_sign(serialize(options[:value]), **cookie_metadata(name, options))
           raise CookieOverflow if options[:value].bytesize > MAX_COOKIE_SIZE
         end

data/lib/action_dispatch/middleware/debug_exceptions.rb CHANGED

@@ -44,7 +44,6 @@ module ActionDispatch
     end
     private
       def invoke_interceptors(request, exception)
         backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
         wrapper = ExceptionWrapper.new(backtrace_cleaner, exception)
@@ -137,6 +136,7 @@ module ActionDispatch
       def log_error(request, wrapper)
         logger = logger(request)
         return unless logger
         exception = wrapper.exception
@@ -157,10 +157,14 @@ module ActionDispatch
       end
       def log_array(logger, array)
+        lines = Array(array)
+        return if lines.empty?
         if logger.formatter && logger.formatter.respond_to?(:tags_text)
-          logger.fatal array.join("\n#{logger.formatter.tags_text}")
+          logger.fatal lines.join("\n#{logger.formatter.tags_text}")
         else
-          logger.fatal array.join("\n")
+          logger.fatal lines.join("\n")
         end
       end

data/lib/action_dispatch/middleware/debug_view.rb CHANGED

@@ -58,11 +58,9 @@ module ActionDispatch
     end
     def params_valid?
-      begin
-        @request.parameters
-      rescue ActionController::BadRequest
-        false
-      end
+      @request.parameters
+    rescue ActionController::BadRequest
+      false
     end
   end
 end

data/lib/action_dispatch/middleware/exception_wrapper.rb CHANGED

@@ -130,7 +130,6 @@ module ActionDispatch
     end
     private
       def backtrace
         Array(@exception.backtrace)
       end

data/lib/action_dispatch/middleware/host_authorization.rb CHANGED

@@ -30,7 +30,6 @@ module ActionDispatch
       end
       private
         def sanitize_hosts(hosts)
           Array(hosts).map do |host|
             case host
@@ -87,7 +86,6 @@ module ActionDispatch
     end
     private
       def authorized?(request)
         origin_host = request.get_header("HTTP_HOST").to_s.sub(/:\d+\z/, "")
         forwarded_host = request.x_forwarded_host.to_s.split(/,\s?/).last.to_s.sub(/:\d+\z/, "")

data/lib/action_dispatch/middleware/public_exceptions.rb CHANGED

@@ -32,7 +32,6 @@ module ActionDispatch
     end
     private
       def render(status, content_type, body)
         format = "to_#{content_type.to_sym}" if content_type
         if format && body.respond_to?(format)

data/lib/action_dispatch/middleware/remote_ip.rb CHANGED

@@ -156,7 +156,6 @@ module ActionDispatch
       end
     private
       def ips_from(header) # :doc:
         return [] unless header
         # Split the comma-separated list into an array of strings.

data/lib/action_dispatch/middleware/session/abstract_store.rb CHANGED

@@ -30,7 +30,6 @@ module ActionDispatch
       end
     private
       def initialize_sid # :doc:
         @default_options.delete(:sidbits)
         @default_options.delete(:secure_random)

data/lib/action_dispatch/middleware/session/cookie_store.rb CHANGED

@@ -76,7 +76,6 @@ module ActionDispatch
       end
       private
         def extract_session_id(req)
           stale_session_check! do
             sid = unpacked_cookie_data(req)["session_id"]

data/lib/action_dispatch/middleware/show_exceptions.rb CHANGED

@@ -40,7 +40,6 @@ module ActionDispatch
     end
     private
       def render_exception(request, exception)
         backtrace_cleaner = request.get_header "action_dispatch.backtrace_cleaner"
         wrapper = ExceptionWrapper.new(backtrace_cleaner, exception)

data/lib/action_dispatch/middleware/stack.rb CHANGED

@@ -91,6 +91,7 @@ module ActionDispatch
     def unshift(klass, *args, &block)
       middlewares.unshift(build_middleware(klass, args, block))
     end
+    ruby2_keywords(:unshift) if respond_to?(:ruby2_keywords, true)
     def initialize_copy(other)
       self.middlewares = other.middlewares.dup
@@ -100,6 +101,7 @@ module ActionDispatch
       index = assert_index(index, :before)
       middlewares.insert(index, build_middleware(klass, args, block))
     end
+    ruby2_keywords(:insert) if respond_to?(:ruby2_keywords, true)
     alias_method :insert_before, :insert
@@ -107,12 +109,14 @@ module ActionDispatch
       index = assert_index(index, :after)
       insert(index + 1, *args, &block)
     end
+    ruby2_keywords(:insert_after) if respond_to?(:ruby2_keywords, true)
     def swap(target, *args, &block)
       index = assert_index(target, :before)
       insert(index, *args, &block)
       middlewares.delete_at(index + 1)
     end
+    ruby2_keywords(:swap) if respond_to?(:ruby2_keywords, true)
     def delete(target)
       middlewares.delete_if { |m| m.klass == target }
@@ -121,6 +125,7 @@ module ActionDispatch
     def use(klass, *args, &block)
       middlewares.push(build_middleware(klass, args, block))
     end
+    ruby2_keywords(:use) if respond_to?(:ruby2_keywords, true)
     def build(app = nil, &block)
       instrumenting = ActiveSupport::Notifications.notifier.listening?(InstrumentationProxy::EVENT_NAME)
@@ -134,7 +139,6 @@ module ActionDispatch
     end
     private
       def assert_index(index, where)
         i = index.is_a?(Integer) ? index : middlewares.index { |m| m.klass == index }
         raise "No such middleware to insert #{where}: #{index.inspect}" unless i

data/lib/action_dispatch/middleware/static.rb CHANGED

@@ -42,7 +42,7 @@ module ActionDispatch
           false
         end
       }
-        return ::Rack::Utils.escape_path(match).b
+        ::Rack::Utils.escape_path(match).b
       end
     end

data/lib/action_dispatch/request/session.rb CHANGED

@@ -222,7 +222,6 @@ module ActionDispatch
       end
       private
         def load_for_read!
           load! if !loaded? && exists?
         end

data/lib/action_dispatch/routing/inspector.rb CHANGED

@@ -177,7 +177,6 @@ module ActionDispatch
         end
         private
           def draw_section(routes)
             header_lengths = ["Prefix", "Verb", "URI Pattern"].map(&:length)
             name_width, verb_width, path_width = widths(routes).zip(header_lengths).map(&:max)
@@ -210,7 +209,6 @@ module ActionDispatch
         end
         private
           def draw_expanded_section(routes)
             routes.map.each_with_index do |r, i|
               <<~MESSAGE.chomp

data/lib/action_dispatch/routing/mapper.rb CHANGED

@@ -362,7 +362,7 @@ module ActionDispatch
           def translate_controller(controller)
             return controller if Regexp === controller
-            return controller.to_s if controller =~ /\A[a-z_0-9][a-z_0-9\/]*\z/
+            return controller.to_s if /\A[a-z_0-9][a-z_0-9\/]*\z/.match?(controller)
             yield
           end
@@ -398,7 +398,7 @@ module ActionDispatch
       # for root cases, where the latter is the correct one.
       def self.normalize_path(path)
         path = Journey::Router::Utils.normalize_path(path)
-        path.gsub!(%r{/(\(+)/?}, '\1/') unless path =~ %r{^/(\(+[^)]+\)){1,}$}
+        path.gsub!(%r{/(\(+)/?}, '\1/') unless %r{^/(\(+[^)]+\)){1,}$}.match?(path)
         path
       end
@@ -1668,7 +1668,6 @@ module ActionDispatch
         end
         private
           def parent_resource
             @scope[:scope_level_resource]
           end