actionpack 6.1.7.5 → 7.1.3.1

data/lib/abstract_controller/translation.rb

@@ -1,12 +1,10 @@
 # frozen_string_literal: true
 
-require "active_support/core_ext/symbol/starts_ends_with"
+require "active_support/html_safe_translation"
 
 module AbstractController
   module Translation
-    mattr_accessor :raise_on_missing_translations, default: false
-
-    # Delegates to <tt>I18n.translate</tt>. Also aliased as <tt>t</tt>.
+    # Delegates to <tt>I18n.translate</tt>.
     #
     # When the given key starts with a period, it will be scoped by the current
     # controller and action. So if you call <tt>translate(".foo")</tt> from
@@ -23,15 +21,36 @@ module AbstractController
         key = "#{path}.#{action_name}#{key}"
       end
 
-      i18n_raise = options.fetch(:raise, self.raise_on_missing_translations)
-      I18n.translate(key, **options, raise: i18n_raise)
+      if options[:default]
+        options[:default] = [options[:default]] unless options[:default].is_a?(Array)
+        options[:default] = options[:default].map do |value|
+          value.is_a?(String) ? ERB::Util.html_escape(value) : value
+        end
+      end
+
+      if options[:raise].nil?
+        options[:default] = [] unless options[:default]
+        options[:default] << MISSING_TRANSLATION
+      end
+
+      result = ActiveSupport::HtmlSafeTranslation.translate(key, **options)
+
+      if result == MISSING_TRANSLATION
+        +"translation missing: #{key}"
+      else
+        result
+      end
     end
     alias :t :translate
 
-    # Delegates to <tt>I18n.localize</tt>. Also aliased as <tt>l</tt>.
+    # Delegates to <tt>I18n.localize</tt>.
     def localize(object, **options)
       I18n.localize(object, **options)
     end
     alias :l :localize
+
+    private
+      MISSING_TRANSLATION = -(2**60)
+      private_constant :MISSING_TRANSLATION
   end
 end

data/lib/abstract_controller/url_for.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 module AbstractController
+  # = URL For
+  #
   # Includes +url_for+ into the host class (e.g. an abstract controller or mailer). The class
   # has to provide a +RouteSet+ by implementing the <tt>_routes</tt> methods. Otherwise, an
   # exception will be raised.
@@ -22,12 +24,10 @@ module AbstractController
       end
 
       def action_methods
-        @action_methods ||= begin
-          if _routes
-            super - _routes.named_routes.helper_names
-          else
-            super
-          end
+        @action_methods ||= if _routes
+          super - _routes.named_routes.helper_names
+        else
+          super
         end
       end
     end

data/lib/abstract_controller.rb

@@ -4,6 +4,7 @@ require "action_pack"
 require "active_support"
 require "active_support/rails"
 require "active_support/i18n"
+require "abstract_controller/deprecator"
 
 module AbstractController
   extend ActiveSupport::Autoload
@@ -24,5 +25,10 @@ module AbstractController
   def self.eager_load!
     super
     AbstractController::Caching.eager_load!
+    AbstractController::Base.descendants.each do |controller|
+      unless controller.abstract?
+        controller.eager_load!
+      end
+    end
   end
 end

data/lib/action_controller/api.rb

@@ -5,7 +5,9 @@ require "action_controller"
 require "action_controller/log_subscriber"
 
 module ActionController
-  # API Controller is a lightweight version of <tt>ActionController::Base</tt>,
+  # = Action Controller \API
+  #
+  # API Controller is a lightweight version of ActionController::Base,
   # created for applications that don't require all functionalities that a complete
   # \Rails controller provides, allowing you to create controllers with just the
   # features that you need for API only applications.
@@ -19,7 +21,7 @@ module ActionController
   # your application, they're just not part of the default API controller stack.
   #
   # Normally, +ApplicationController+ is the only controller that inherits from
-  # <tt>ActionController::API</tt>. All other controllers in turn inherit from
+  # +ActionController::API+. All other controllers in turn inherit from
   # +ApplicationController+.
   #
   # A sample controller could look like this:
@@ -32,15 +34,15 @@ module ActionController
   #   end
   #
   # Request, response, and parameters objects all work the exact same way as
-  # <tt>ActionController::Base</tt>.
+  # ActionController::Base.
   #
   # == Renders
   #
   # The default API Controller stack includes all renderers, which means you
-  # can use <tt>render :json</tt> and brothers freely in your controllers. Keep
+  # can use <tt>render :json</tt> and siblings freely in your controllers. Keep
   # in mind that templates are not going to be rendered, so you need to ensure
   # your controller is calling either <tt>render</tt> or <tt>redirect_to</tt> in
-  # all actions, otherwise it will return 204 No Content.
+  # all actions, otherwise it will return <tt>204 No Content</tt>.
   #
   #   def show
   #     post = Post.find(params[:id])
@@ -51,7 +53,7 @@ module ActionController
   #
   # Redirects are used to move from one action to another. You can use the
   # <tt>redirect_to</tt> method in your controllers in the same way as in
-  # <tt>ActionController::Base</tt>. For example:
+  # ActionController::Base. For example:
   #
   #   def create
   #     redirect_to root_url and return if not_authorized?
@@ -61,8 +63,8 @@ module ActionController
   # == Adding New Behavior
   #
   # In some scenarios you may want to add back some functionality provided by
-  # <tt>ActionController::Base</tt> that is not present by default in
-  # <tt>ActionController::API</tt>, for instance <tt>MimeResponds</tt>. This
+  # ActionController::Base that is not present by default in
+  # +ActionController::API+, for instance <tt>MimeResponds</tt>. This
   # module gives you the <tt>respond_to</tt> method. Adding it is quite simple,
   # you just need to include the module in a specific controller or in
   # +ApplicationController+ in case you want it available in your entire
@@ -83,9 +85,9 @@ module ActionController
   #     end
   #   end
   #
-  # Make sure to check the modules included in <tt>ActionController::Base</tt>
+  # Make sure to check the modules included in ActionController::Base
   # if you want to use any other functionality that is not provided
-  # by <tt>ActionController::API</tt> out of the box.
+  # by +ActionController::API+ out of the box.
   class API < Metal
     abstract!
 

data/lib/action_controller/base.rb

@@ -5,11 +5,13 @@ require "action_controller/log_subscriber"
 require "action_controller/metal/params_wrapper"
 
 module ActionController
+  # = Action Controller \Base
+  #
   # Action Controllers are the core of a web request in \Rails. They are made up of one or more actions that are executed
   # on request and then either it renders a template or redirects to another action. An action is defined as a public method
   # on the controller, which will automatically be made accessible to the web-server through \Rails Routes.
   #
-  # By default, only the ApplicationController in a \Rails application inherits from <tt>ActionController::Base</tt>. All other
+  # By default, only the ApplicationController in a \Rails application inherits from +ActionController::Base+. All other
   # controllers inherit from ApplicationController. This gives you one class to configure things such as
   # request forgery protection and filtering of sensitive request parameters.
   #
@@ -87,10 +89,11 @@ module ActionController
   #
   # or you can remove the entire session with +reset_session+.
   #
-  # Sessions are stored by default in a browser cookie that's cryptographically signed, but unencrypted.
-  # This prevents the user from tampering with the session but also allows them to see its contents.
-  #
-  # Do not put secret information in cookie-based sessions!
+  # By default, sessions are stored in an encrypted browser cookie (see
+  # ActionDispatch::Session::CookieStore). Thus the user will not be able to
+  # read or edit the session data. However, the user can keep a copy of the
+  # cookie even after it has expired, so you should avoid storing sensitive
+  # information in cookie-based sessions.
   #
   # == Responses
   #
@@ -166,22 +169,6 @@ module ActionController
   class Base < Metal
     abstract!
 
-    # We document the request and response methods here because albeit they are
-    # implemented in ActionController::Metal, the type of the returned objects
-    # is unknown at that level.
-
-    ##
-    # :method: request
-    #
-    # Returns an ActionDispatch::Request instance that represents the
-    # current request.
-
-    ##
-    # :method: response
-    #
-    # Returns an ActionDispatch::Response that represents the current
-    # response.
-
     # Shortcut helper that returns all the modules included in
     # ActionController::Base except the ones passed as arguments:
     #

data/lib/action_controller/caching.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 module ActionController
+  # = Action Controller \Caching
+  #
   # \Caching is a cheap way of speeding up slow applications by keeping the result of
   # calculations, renderings, and database calls around for subsequent requests.
   #

data/lib/action_controller/deprecator.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module ActionController
+  def self.deprecator # :nodoc:
+    AbstractController.deprecator
+  end
+end

data/lib/action_controller/form_builder.rb

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
 module ActionController
+  # = Action Controller Form Builder
+  #
   # Override the default form builder for all views rendered by this
   # controller and any of its descendants. Accepts a subclass of
-  # +ActionView::Helpers::FormBuilder+.
+  # ActionView::Helpers::FormBuilder.
   #
   # For example, given a form builder:
   #
@@ -36,7 +38,7 @@ module ActionController
       # in the views rendered by this controller and its subclasses.
       #
       # ==== Parameters
-      # * <tt>builder</tt> - Default form builder, an instance of +ActionView::Helpers::FormBuilder+
+      # * <tt>builder</tt> - Default form builder, an instance of ActionView::Helpers::FormBuilder
       def default_form_builder(builder)
         self._default_form_builder = builder
       end

data/lib/action_controller/log_subscriber.rb

@@ -8,7 +8,10 @@ module ActionController
       return unless logger.info?
 
       payload = event.payload
-      params  = payload[:params].except(*INTERNAL_PARAMS)
+      params = {}
+      payload[:params].each_pair do |k, v|
+        params[k] = v unless INTERNAL_PARAMS.include?(k)
+      end
       format  = payload[:format]
       format  = format.to_s.upcase if format.is_a?(Symbol)
       format  = "*/*" if format.nil?
@@ -16,6 +19,7 @@ module ActionController
       info "Processing by #{payload[:controller]}##{payload[:action]} as #{format}"
       info "  Parameters: #{params.inspect}" unless params.empty?
     end
+    subscribe_log_level :start_processing, :info
 
     def process_action(event)
       info do
@@ -29,46 +33,55 @@ module ActionController
 
         additions << "Allocations: #{event.allocations}"
 
-        message = +"Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
-        message << " (#{additions.join(" | ")})"
+        message = +"Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms" \
+                   " (#{additions.join(" | ")})"
         message << "\n\n" if defined?(Rails.env) && Rails.env.development?
 
         message
       end
     end
+    subscribe_log_level :process_action, :info
 
     def halted_callback(event)
       info { "Filter chain halted as #{event.payload[:filter].inspect} rendered or redirected" }
     end
+    subscribe_log_level :halted_callback, :info
 
     def send_file(event)
       info { "Sent file #{event.payload[:path]} (#{event.duration.round(1)}ms)" }
     end
+    subscribe_log_level :send_file, :info
 
     def redirect_to(event)
       info { "Redirected to #{event.payload[:location]}" }
     end
+    subscribe_log_level :redirect_to, :info
 
     def send_data(event)
       info { "Sent data #{event.payload[:filename]} (#{event.duration.round(1)}ms)" }
     end
+    subscribe_log_level :send_data, :info
 
     def unpermitted_parameters(event)
       debug do
         unpermitted_keys = event.payload[:keys]
-        color("Unpermitted parameter#{'s' if unpermitted_keys.size > 1}: #{unpermitted_keys.map { |e| ":#{e}" }.join(", ")}", RED)
+        display_unpermitted_keys = unpermitted_keys.map { |e| ":#{e}" }.join(", ")
+        context = event.payload[:context].map { |k, v| "#{k}: #{v}" }.join(", ")
+        color("Unpermitted parameter#{'s' if unpermitted_keys.size > 1}: #{display_unpermitted_keys}. Context: { #{context} }", RED)
       end
     end
+    subscribe_log_level :unpermitted_parameters, :debug
 
-    %w(write_fragment read_fragment exist_fragment?
-       expire_fragment expire_page write_page).each do |method|
+    %w(write_fragment read_fragment exist_fragment? expire_fragment).each do |method|
       class_eval <<-METHOD, __FILE__, __LINE__ + 1
+        # frozen_string_literal: true
         def #{method}(event)
-          return unless logger.info? && ActionController::Base.enable_fragment_cache_logging
+          return unless ActionController::Base.enable_fragment_cache_logging
           key         = ActiveSupport::Cache.expand_cache_key(event.payload[:key] || event.payload[:path])
           human_name  = #{method.to_s.humanize.inspect}
           info("\#{human_name} \#{key} (\#{event.duration.round(1)}ms)")
         end
+        subscribe_log_level :#{method}, :info
       METHOD
     end
 

data/lib/action_controller/metal/basic_implicit_render.rb

@@ -3,7 +3,9 @@
 module ActionController
   module BasicImplicitRender # :nodoc:
     def send_action(method, *args)
-      super.tap { default_render unless performed? }
+      ret = super
+      default_render unless performed?
+      ret
     end
 
     def default_render