actionpack 6.1.7.5 → 7.0.8

data/MIT-LICENSE

@@ -18,3 +18,4 @@ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/README.rdoc

@@ -2,9 +2,8 @@
 
 Action Pack is a framework for handling and responding to web requests. It
 provides mechanisms for *routing* (mapping request URLs to actions), defining
-*controllers* that implement actions, and generating responses by rendering
-*views*, which are templates of various formats. In short, Action Pack
-provides the view and controller layers in the MVC paradigm.
+*controllers* that implement actions, and generating responses. In short, Action Pack
+provides the controller layer in the MVC paradigm.
 
 It consists of several modules:
 
@@ -31,7 +30,7 @@ The latest version of Action Pack can be installed with RubyGems:
 
   $ gem install actionpack
 
-Source code can be downloaded as part of the Rails project on GitHub:
+Source code can be downloaded as part of the \Rails project on GitHub:
 
 * https://github.com/rails/rails/tree/main/actionpack
 
@@ -49,7 +48,7 @@ API documentation is at:
 
 * https://api.rubyonrails.org
 
-Bug reports for the Ruby on Rails project can be filed here:
+Bug reports for the Ruby on \Rails project can be filed here:
 
 * https://github.com/rails/rails/issues
 

data/lib/abstract_controller/asset_paths.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module AbstractController
-  module AssetPaths #:nodoc:
+  module AssetPaths # :nodoc:
     extend ActiveSupport::Concern
 
     included do

data/lib/abstract_controller/base.rb

@@ -9,35 +9,21 @@ require "active_support/core_ext/module/attr_internal"
 module AbstractController
   # Raised when a non-existing controller action is triggered.
   class ActionNotFound < StandardError
-    attr_reader :controller, :action
-    def initialize(message = nil, controller = nil, action = nil)
+    attr_reader :controller, :action # :nodoc:
+
+    def initialize(message = nil, controller = nil, action = nil) # :nodoc:
       @controller = controller
       @action = action
       super(message)
     end
 
-    class Correction
-      def initialize(error)
-        @error = error
-      end
-
-      def corrections
-        if @error.action
-          maybe_these = @error.controller.class.action_methods
+    if defined?(DidYouMean::Correctable) && defined?(DidYouMean::SpellChecker)
+      include DidYouMean::Correctable # :nodoc:
 
-          maybe_these.sort_by { |n|
-            DidYouMean::Jaro.distance(@error.action.to_s, n)
-          }.reverse.first(4)
-        else
-          []
-        end
+      def corrections # :nodoc:
+        @corrections ||= DidYouMean::SpellChecker.new(dictionary: controller.class.action_methods).correct(action)
       end
     end
-
-    # We may not have DYM, and DYM might not let us register error handlers
-    if defined?(DidYouMean) && DidYouMean.respond_to?(:correct_error)
-      DidYouMean.correct_error(self, Correction)
-    end
   end
 
   # AbstractController::Base is a low-level API. Nobody should be
@@ -164,13 +150,14 @@ module AbstractController
 
       process_action(action_name, *args)
     end
+    ruby2_keywords(:process)
 
-    # Delegates to the class' ::controller_path
+    # Delegates to the class's ::controller_path.
     def controller_path
       self.class.controller_path
     end
 
-    # Delegates to the class' ::action_methods
+    # Delegates to the class's ::action_methods.
     def action_methods
       self.class.action_methods
     end
@@ -191,7 +178,7 @@ module AbstractController
 
     # Tests if a response body is set. Used to determine if the
     # +process_action+ callback needs to be terminated in
-    # +AbstractController::Callbacks+.
+    # AbstractController::Callbacks.
     def performed?
       response_body
     end
@@ -224,8 +211,8 @@ module AbstractController
       #
       # Notice that the first argument is the method to be dispatched
       # which is *not* necessarily the same as the action name.
-      def process_action(method_name, *args)
-        send_action(method_name, *args)
+      def process_action(...)
+        send_action(...)
       end
 
       # Actually call the method associated with the action. Override

data/lib/abstract_controller/caching/fragments.rb

@@ -142,8 +142,8 @@ module AbstractController
         end
       end
 
-      def instrument_fragment_cache(name, key) # :nodoc:
-        ActiveSupport::Notifications.instrument("#{name}.#{instrument_name}", instrument_payload(key)) { yield }
+      def instrument_fragment_cache(name, key, &block) # :nodoc:
+        ActiveSupport::Notifications.instrument("#{name}.#{instrument_name}", instrument_payload(key), &block)
       end
     end
   end

data/lib/abstract_controller/caching.rb

@@ -50,7 +50,7 @@ module AbstractController
     end
 
     def view_cache_dependencies
-      self.class._view_cache_dependencies.map { |dep| instance_exec(&dep) }.compact
+      self.class._view_cache_dependencies.filter_map { |dep| instance_exec(&dep) }
     end
 
     private

data/lib/abstract_controller/callbacks.rb

@@ -35,12 +35,18 @@ module AbstractController
                        skip_after_callbacks_if_terminated: true
     end
 
-    # Override <tt>AbstractController::Base#process_action</tt> to run the
-    # <tt>process_action</tt> callbacks around the normal behavior.
-    def process_action(*)
-      run_callbacks(:process_action) do
-        super
+    class ActionFilter # :nodoc:
+      def initialize(actions)
+        @actions = Array(actions).map(&:to_s).to_set
       end
+
+      def match?(controller)
+        @actions.include?(controller.action_name)
+      end
+
+      alias after  match?
+      alias before match?
+      alias around match?
     end
 
     module ClassMethods
@@ -70,8 +76,7 @@ module AbstractController
 
       def _normalize_callback_option(options, from, to) # :nodoc:
         if from = options.delete(from)
-          _from = Array(from).map(&:to_s).to_set
-          from = proc { |c| _from.include? c.action_name }
+          from = ActionFilter.new(from)
           options[to] = Array(options[to]).unshift(from)
         end
       end
@@ -220,5 +225,14 @@ module AbstractController
         alias_method :"append_#{callback}_action", :"#{callback}_action"
       end
     end
+
+    private
+      # Override <tt>AbstractController::Base#process_action</tt> to run the
+      # <tt>process_action</tt> callbacks around the normal behavior.
+      def process_action(...)
+        run_callbacks(:process_action) do
+          super
+        end
+      end
   end
 end

data/lib/abstract_controller/collector.rb

@@ -10,7 +10,7 @@ module AbstractController
         def #{sym}(*args, &block)
           custom(Mime[:#{sym}], *args, &block)
         end
-        ruby2_keywords(:#{sym}) if respond_to?(:ruby2_keywords, true)
+        ruby2_keywords(:#{sym})
       RUBY
     end
 
@@ -39,6 +39,6 @@ module AbstractController
         super
       end
     end
-    ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
+    ruby2_keywords(:method_missing)
   end
 end

data/lib/abstract_controller/error.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module AbstractController
-  class Error < StandardError #:nodoc:
+  class Error < StandardError # :nodoc:
   end
 end

data/lib/abstract_controller/helpers.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "active_support/dependencies"
+require "active_support/core_ext/name_error"
 
 module AbstractController
   module Helpers
@@ -60,13 +61,14 @@ module AbstractController
       #   class ApplicationController < ActionController::Base
       #     helper_method :current_user, :logged_in?
       #
-      #     def current_user
-      #       @current_user ||= User.find_by(id: session[:user])
-      #     end
+      #     private
+      #       def current_user
+      #         @current_user ||= User.find_by(id: session[:user])
+      #       end
       #
-      #     def logged_in?
-      #       current_user != nil
-      #     end
+      #       def logged_in?
+      #         current_user != nil
+      #       end
       #   end
       #
       # In a view:
@@ -83,11 +85,14 @@ module AbstractController
         file, line = location.path, location.lineno
 
         methods.each do |method|
-          _helpers_for_modification.class_eval <<-ruby_eval, file, line
-            def #{method}(*args, &block)                    # def current_user(*args, &block)
-              controller.send(:'#{method}', *args, &block)  #   controller.send(:'current_user', *args, &block)
-            end                                             # end
-            ruby2_keywords(:'#{method}') if respond_to?(:ruby2_keywords, true)
+          # def current_user(*args, &block)
+          #   controller.send(:'current_user', *args, &block)
+          # end
+          _helpers_for_modification.class_eval <<~ruby_eval.lines.map(&:strip).join(";"), file, line
+            def #{method}(*args, &block)
+              controller.send(:'#{method}', *args, &block)
+            end
+            ruby2_keywords(:'#{method}')
           ruby_eval
         end
       end
@@ -109,7 +114,7 @@ module AbstractController
       # The last two assume that <tt>"foo".camelize</tt> returns "Foo".
       #
       # When strings or symbols are passed, the method finds the actual module
-      # object using +String#constantize+. Therefore, if the module has not been
+      # object using String#constantize. Therefore, if the module has not been
       # yet loaded, it has to be autoloadable, which is normally the case.
       #
       # Namespaces are supported. The following calls include +Foo::BarHelper+:

data/lib/abstract_controller/logger.rb

@@ -3,7 +3,7 @@
 require "active_support/benchmarkable"
 
 module AbstractController
-  module Logger #:nodoc:
+  module Logger # :nodoc:
     extend ActiveSupport::Concern
 
     included do

data/lib/abstract_controller/railties/routes_helpers.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "active_support/core_ext/module/introspection"
+
 module AbstractController
   module Railties
     module RoutesHelpers

data/lib/abstract_controller/rendering.rb

@@ -18,8 +18,10 @@ module AbstractController
     extend ActiveSupport::Concern
     include ActionView::ViewPaths
 
-    # Normalizes arguments, options and then delegates render_to_body and
+    # Normalizes arguments and options, and then delegates to render_to_body and
     # sticks the result in <tt>self.response_body</tt>.
+    #
+    # Supported options depend on the underlying +render_to_body+ implementation.
     def render(*args, &block)
       options = _normalize_render(*args, &block)
       rendered_body = render_to_body(options)
@@ -32,16 +34,12 @@ module AbstractController
       self.response_body = rendered_body
     end
 
-    # Raw rendering of a template to a string.
-    #
-    # It is similar to render, except that it does not
-    # set the +response_body+ and it should be guaranteed
-    # to always return a string.
+    # Similar to #render, but only returns the rendered template as a string,
+    # instead of setting +self.response_body+.
     #
-    # If a component extends the semantics of +response_body+
-    # (as ActionController extends it to be anything that
-    # responds to the method each), this method needs to be
-    # overridden in order to still return a string.
+    # If a component extends the semantics of +response_body+ (as ActionController
+    # extends it to be anything that responds to the method each), this method
+    # needs to be overridden in order to still return a string.
     def render_to_string(*args, &block)
       options = _normalize_render(*args, &block)
       render_to_body(options)
@@ -51,7 +49,7 @@ module AbstractController
     def render_to_body(options = {})
     end
 
-    # Returns Content-Type of rendered content.
+    # Returns +Content-Type+ of rendered content.
     def rendered_format
       Mime[:text]
     end

data/lib/abstract_controller/translation.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
-require "active_support/core_ext/symbol/starts_ends_with"
+require "active_support/html_safe_translation"
 
 module AbstractController
   module Translation
     mattr_accessor :raise_on_missing_translations, default: false
 
-    # Delegates to <tt>I18n.translate</tt>. Also aliased as <tt>t</tt>.
+    # Delegates to <tt>I18n.translate</tt>.
     #
     # When the given key starts with a period, it will be scoped by the current
     # controller and action. So if you call <tt>translate(".foo")</tt> from
@@ -24,11 +24,12 @@ module AbstractController
       end
 
       i18n_raise = options.fetch(:raise, self.raise_on_missing_translations)
-      I18n.translate(key, **options, raise: i18n_raise)
+
+      ActiveSupport::HtmlSafeTranslation.translate(key, **options, raise: i18n_raise)
     end
     alias :t :translate
 
-    # Delegates to <tt>I18n.localize</tt>. Also aliased as <tt>l</tt>.
+    # Delegates to <tt>I18n.localize</tt>.
     def localize(object, **options)
       I18n.localize(object, **options)
     end

data/lib/abstract_controller/url_for.rb

@@ -22,12 +22,10 @@ module AbstractController
       end
 
       def action_methods
-        @action_methods ||= begin
-          if _routes
-            super - _routes.named_routes.helper_names
-          else
-            super
-          end
+        @action_methods ||= if _routes
+          super - _routes.named_routes.helper_names
+        else
+          super
         end
       end
     end

data/lib/action_controller/api.rb

@@ -5,7 +5,7 @@ require "action_controller"
 require "action_controller/log_subscriber"
 
 module ActionController
-  # API Controller is a lightweight version of <tt>ActionController::Base</tt>,
+  # API Controller is a lightweight version of ActionController::Base,
   # created for applications that don't require all functionalities that a complete
   # \Rails controller provides, allowing you to create controllers with just the
   # features that you need for API only applications.
@@ -32,15 +32,15 @@ module ActionController
   #   end
   #
   # Request, response, and parameters objects all work the exact same way as
-  # <tt>ActionController::Base</tt>.
+  # ActionController::Base.
   #
   # == Renders
   #
   # The default API Controller stack includes all renderers, which means you
-  # can use <tt>render :json</tt> and brothers freely in your controllers. Keep
+  # can use <tt>render :json</tt> and siblings freely in your controllers. Keep
   # in mind that templates are not going to be rendered, so you need to ensure
   # your controller is calling either <tt>render</tt> or <tt>redirect_to</tt> in
-  # all actions, otherwise it will return 204 No Content.
+  # all actions, otherwise it will return <tt>204 No Content</tt>.
   #
   #   def show
   #     post = Post.find(params[:id])
@@ -51,7 +51,7 @@ module ActionController
   #
   # Redirects are used to move from one action to another. You can use the
   # <tt>redirect_to</tt> method in your controllers in the same way as in
-  # <tt>ActionController::Base</tt>. For example:
+  # ActionController::Base. For example:
   #
   #   def create
   #     redirect_to root_url and return if not_authorized?
@@ -61,7 +61,7 @@ module ActionController
   # == Adding New Behavior
   #
   # In some scenarios you may want to add back some functionality provided by
-  # <tt>ActionController::Base</tt> that is not present by default in
+  # ActionController::Base that is not present by default in
   # <tt>ActionController::API</tt>, for instance <tt>MimeResponds</tt>. This
   # module gives you the <tt>respond_to</tt> method. Adding it is quite simple,
   # you just need to include the module in a specific controller or in
@@ -83,7 +83,7 @@ module ActionController
   #     end
   #   end
   #
-  # Make sure to check the modules included in <tt>ActionController::Base</tt>
+  # Make sure to check the modules included in ActionController::Base
   # if you want to use any other functionality that is not provided
   # by <tt>ActionController::API</tt> out of the box.
   class API < Metal

data/lib/action_controller/base.rb

@@ -87,10 +87,11 @@ module ActionController
   #
   # or you can remove the entire session with +reset_session+.
   #
-  # Sessions are stored by default in a browser cookie that's cryptographically signed, but unencrypted.
-  # This prevents the user from tampering with the session but also allows them to see its contents.
-  #
-  # Do not put secret information in cookie-based sessions!
+  # By default, sessions are stored in an encrypted browser cookie (see
+  # ActionDispatch::Session::CookieStore). Thus the user will not be able to
+  # read or edit the session data. However, the user can keep a copy of the
+  # cookie even after it has expired, so you should avoid storing sensitive
+  # information in cookie-based sessions.
   #
   # == Responses
   #

data/lib/action_controller/form_builder.rb

@@ -3,7 +3,7 @@
 module ActionController
   # Override the default form builder for all views rendered by this
   # controller and any of its descendants. Accepts a subclass of
-  # +ActionView::Helpers::FormBuilder+.
+  # ActionView::Helpers::FormBuilder.
   #
   # For example, given a form builder:
   #
@@ -36,7 +36,7 @@ module ActionController
       # in the views rendered by this controller and its subclasses.
       #
       # ==== Parameters
-      # * <tt>builder</tt> - Default form builder, an instance of +ActionView::Helpers::FormBuilder+
+      # * <tt>builder</tt> - Default form builder, an instance of ActionView::Helpers::FormBuilder
       def default_form_builder(builder)
         self._default_form_builder = builder
       end

data/lib/action_controller/log_subscriber.rb

@@ -56,12 +56,13 @@ module ActionController
     def unpermitted_parameters(event)
       debug do
         unpermitted_keys = event.payload[:keys]
-        color("Unpermitted parameter#{'s' if unpermitted_keys.size > 1}: #{unpermitted_keys.map { |e| ":#{e}" }.join(", ")}", RED)
+        display_unpermitted_keys = unpermitted_keys.map { |e| ":#{e}" }.join(", ")
+        context = event.payload[:context].map { |k, v| "#{k}: #{v}" }.join(", ")
+        color("Unpermitted parameter#{'s' if unpermitted_keys.size > 1}: #{display_unpermitted_keys}. Context: { #{context} }", RED)
       end
     end
 
-    %w(write_fragment read_fragment exist_fragment?
-       expire_fragment expire_page write_page).each do |method|
+    %w(write_fragment read_fragment exist_fragment? expire_fragment).each do |method|
       class_eval <<-METHOD, __FILE__, __LINE__ + 1
         def #{method}(event)
           return unless logger.info? && ActionController::Base.enable_fragment_cache_logging

data/lib/action_controller/metal/basic_implicit_render.rb

@@ -3,7 +3,9 @@
 module ActionController
   module BasicImplicitRender # :nodoc:
     def send_action(method, *args)
-      super.tap { default_render unless performed? }
+      ret = super
+      default_render unless performed?
+      ret
     end
 
     def default_render