actionpack 7.1.5.1 → 8.1.2

data/lib/action_dispatch/http/mime_negotiation.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "active_support/core_ext/module/attribute_accessors"
 
 module ActionDispatch
@@ -16,23 +18,9 @@ module ActionDispatch
 
       included do
         mattr_accessor :ignore_accept_header, default: false
-
-        def return_only_media_type_on_content_type=(value)
-          ActionDispatch.deprecator.warn(
-            "`config.action_dispatch.return_only_request_media_type_on_content_type` is deprecated and will" \
-              " be removed in Rails 7.2."
-          )
-        end
-
-        def return_only_media_type_on_content_type
-          ActionDispatch.deprecator.warn(
-            "`config.action_dispatch.return_only_request_media_type_on_content_type` is deprecated and will" \
-            " be removed in Rails 7.2."
-          )
-        end
       end
 
-      # The MIME type of the HTTP request, such as Mime[:xml].
+      # The MIME type of the HTTP request, such as [Mime](:xml).
       def content_mime_type
         fetch_header("action_dispatch.request.content_type") do |k|
           v = if get_header("CONTENT_TYPE") =~ /^([^,;]*)/
@@ -66,11 +54,16 @@ module ActionDispatch
         end
       end
 
-      # Returns the MIME type for the \format used in the request.
+      # Returns the MIME type for the format used in the request.
+      #
+      #     # GET /posts/5.xml
+      #     request.format # => Mime[:xml]
       #
-      #   GET /posts/5.xml   | request.format => Mime[:xml]
-      #   GET /posts/5.xhtml | request.format => Mime[:html]
-      #   GET /posts/5       | request.format => Mime[:html] or Mime[:js], or request.accepts.first
+      #     # GET /posts/5.xhtml
+      #     request.format # => Mime[:html]
+      #
+      #     # GET /posts/5
+      #     request.format # => Mime[:html] or Mime[:js], or request.accepts.first
       #
       def format(_view_path = nil)
         formats.first || Mime::NullType.instance
@@ -98,7 +91,49 @@ module ActionDispatch
         end
       end
 
-      # Sets the \variant for template.
+      # Sets the \variant for the response template.
+      #
+      # When determining which template to render, Action View will incorporate
+      # all variants from the request. For example, if an
+      # `ArticlesController#index` action needs to respond to
+      # `request.variant = [:ios, :turbo_native]`, it will render the
+      # first template file it can find in the following list:
+      #
+      # - `app/views/articles/index.html+ios.erb`
+      # - `app/views/articles/index.html+turbo_native.erb`
+      # - `app/views/articles/index.html.erb`
+      #
+      # Variants add context to the requests that views render appropriately.
+      # Variant names are arbitrary, and can communicate anything from the
+      # request's platform (`:android`, `:ios`, `:linux`, `:macos`, `:windows`)
+      # to its browser (`:chrome`, `:edge`, `:firefox`, `:safari`), to the type
+      # of user (`:admin`, `:guest`, `:user`).
+      #
+      # Note: Adding many new variant templates with similarities to existing
+      # template files can make maintaining your view code more difficult.
+      #
+      # #### Parameters
+      #
+      # * `variant` - a symbol name or an array of symbol names for variants
+      #   used to render the response template
+      #
+      # #### Examples
+      #
+      #     class ApplicationController < ActionController::Base
+      #       before_action :determine_variants
+      #
+      #       private
+      #         def determine_variants
+      #           variants = []
+      #
+      #           # some code to determine the variant(s) to use
+      #
+      #           variants << :ios if request.user_agent.include?("iOS")
+      #           variants << :turbo_native if request.user_agent.include?("Turbo Native")
+      #
+      #           request.variant = variants
+      #         end
+      #     end
       def variant=(variant)
         variant = Array(variant)
 
@@ -109,40 +144,53 @@ module ActionDispatch
         end
       end
 
+      # Returns the \variant for the response template as an instance of
+      # ActiveSupport::ArrayInquirer.
+      #
+      #     request.variant = :phone
+      #     request.variant.phone?  # => true
+      #     request.variant.tablet? # => false
+      #
+      #     request.variant = [:phone, :tablet]
+      #     request.variant.phone?                  # => true
+      #     request.variant.desktop?                # => false
+      #     request.variant.any?(:phone, :desktop)  # => true
+      #     request.variant.any?(:desktop, :watch)  # => false
       def variant
         @variant ||= ActiveSupport::ArrayInquirer.new
       end
 
-      # Sets the \format by string extension, which can be used to force custom formats
+      # Sets the format by string extension, which can be used to force custom formats
       # that are not controlled by the extension.
       #
-      #   class ApplicationController < ActionController::Base
-      #     before_action :adjust_format_for_iphone
+      #     class ApplicationController < ActionController::Base
+      #       before_action :adjust_format_for_iphone
       #
-      #     private
-      #       def adjust_format_for_iphone
-      #         request.format = :iphone if request.env["HTTP_USER_AGENT"][/iPhone/]
-      #       end
-      #   end
+      #       private
+      #         def adjust_format_for_iphone
+      #           request.format = :iphone if request.env["HTTP_USER_AGENT"][/iPhone/]
+      #         end
+      #     end
       def format=(extension)
         parameters[:format] = extension.to_s
         set_header "action_dispatch.request.formats", [Mime::Type.lookup_by_extension(parameters[:format])]
       end
 
-      # Sets the \formats by string extensions. This differs from #format= by allowing you
-      # to set multiple, ordered formats, which is useful when you want to have a fallback.
+      # Sets the formats by string extensions. This differs from #format= by allowing
+      # you to set multiple, ordered formats, which is useful when you want to have a
+      # fallback.
       #
-      # In this example, the +:iphone+ format will be used if it's available, otherwise it'll fall back
-      # to the +:html+ format.
+      # In this example, the `:iphone` format will be used if it's available,
+      # otherwise it'll fall back to the `:html` format.
       #
-      #   class ApplicationController < ActionController::Base
-      #     before_action :adjust_format_for_iphone_with_html_fallback
+      #     class ApplicationController < ActionController::Base
+      #       before_action :adjust_format_for_iphone_with_html_fallback
       #
-      #     private
-      #       def adjust_format_for_iphone_with_html_fallback
-      #         request.formats = [ :iphone, :html ] if request.env["HTTP_USER_AGENT"][/iPhone/]
-      #       end
-      #   end
+      #       private
+      #         def adjust_format_for_iphone_with_html_fallback
+      #           request.formats = [ :iphone, :html ] if request.env["HTTP_USER_AGENT"][/iPhone/]
+      #         end
+      #     end
       def formats=(extensions)
         parameters[:format] = extensions.first.to_s
         set_header "action_dispatch.request.formats", extensions.collect { |extension|
@@ -168,8 +216,8 @@ module ActionDispatch
       end
 
       private
-        # We use normal content negotiation unless you include */* in your list,
-        # in which case we assume you're a browser and send HTML.
+        # We use normal content negotiation unless you include **/** in your list, in
+        # which case we assume you're a browser and send HTML.
         BROWSER_LIKE_ACCEPTS = /,\s*\*\/\*|\*\/\*\s*,/
 
         def params_readable?

data/lib/action_dispatch/http/mime_type.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "singleton"
 
 module Mime
@@ -65,19 +67,20 @@ module Mime
     end
   end
 
-  # Encapsulates the notion of a MIME type. Can be used at render time, for example, with:
+  # Encapsulates the notion of a MIME type. Can be used at render time, for
+  # example, with:
   #
-  #   class PostsController < ActionController::Base
-  #     def show
-  #       @post = Post.find(params[:id])
+  #     class PostsController < ActionController::Base
+  #       def show
+  #         @post = Post.find(params[:id])
   #
-  #       respond_to do |format|
-  #         format.html
-  #         format.ics { render body: @post.to_ics, mime_type: Mime::Type.lookup("text/calendar")  }
-  #         format.xml { render xml: @post }
+  #         respond_to do |format|
+  #           format.html
+  #           format.ics { render body: @post.to_ics, mime_type: Mime::Type.lookup("text/calendar")  }
+  #           format.xml { render xml: @post }
+  #         end
   #       end
   #     end
-  #   end
   class Type
     attr_reader :symbol
 
@@ -173,8 +176,9 @@ module Mime
         EXTENSION_LOOKUP[extension.to_s]
       end
 
-      # Registers an alias that's not used on MIME type lookup, but can be referenced directly. Especially useful for
-      # rendering different HTML versions depending on the user agent, like an iPhone.
+      # Registers an alias that's not used on MIME type lookup, but can be referenced
+      # directly. Especially useful for rendering different HTML versions depending on
+      # the user agent, like an iPhone.
       def register_alias(string, symbol, extension_synonyms = [])
         register(string, symbol, [], extension_synonyms, true)
       end
@@ -224,11 +228,11 @@ module Mime
         parse_data_with_trailing_star($1) if accept_header =~ TRAILING_STAR_REGEXP
       end
 
-      # For an input of <tt>'text'</tt>, returns <tt>[Mime[:json], Mime[:xml], Mime[:ics],
-      # Mime[:html], Mime[:css], Mime[:csv], Mime[:js], Mime[:yaml], Mime[:text]]</tt>.
+      # For an input of `'text'`, returns `[Mime[:json], Mime[:xml], Mime[:ics],
+      # Mime[:html], Mime[:css], Mime[:csv], Mime[:js], Mime[:yaml], Mime[:text]]`.
       #
-      # For an input of <tt>'application'</tt>, returns <tt>[Mime[:html], Mime[:js],
-      # Mime[:xml], Mime[:yaml], Mime[:atom], Mime[:json], Mime[:rss], Mime[:url_encoded_form]]</tt>.
+      # For an input of `'application'`, returns `[Mime[:html], Mime[:js], Mime[:xml],
+      # Mime[:yaml], Mime[:atom], Mime[:json], Mime[:rss], Mime[:url_encoded_form]]`.
       def parse_data_with_trailing_star(type)
         Mime::SET.select { |m| m.match?(type) }
       end
@@ -237,7 +241,7 @@ module Mime
       #
       # To unregister a MIME type:
       #
-      #   Mime::Type.unregister(:mobile)
+      #     Mime::Type.unregister(:mobile)
       def unregister(symbol)
         symbol = symbol.downcase
         if mime = Mime[symbol]
@@ -329,7 +333,7 @@ module Mime
       def to_ary; end
       def to_a; end
 
-      def method_missing(method, *args)
+      def method_missing(method, ...)
         if method.end_with?("?")
           method[0..-2].downcase.to_sym == to_sym
         else
@@ -353,9 +357,9 @@ module Mime
     def html?; true; end
   end
 
-  # ALL isn't a real MIME type, so we don't register it for lookup with the
-  # other concrete types. It's a wildcard match that we use for +respond_to+
-  # negotiation internals.
+  # ALL isn't a real MIME type, so we don't register it for lookup with the other
+  # concrete types. It's a wildcard match that we use for `respond_to` negotiation
+  # internals.
   ALL = AllType.instance
 
   class NullType
@@ -376,7 +380,7 @@ module Mime
         method.end_with?("?")
       end
 
-      def method_missing(method, *args)
+      def method_missing(method, ...)
         false if method.end_with?("?")
       end
   end

data/lib/action_dispatch/http/mime_types.rb

@@ -3,6 +3,8 @@
 # Build list of Mime types for HTTP responses
 # https://www.iana.org/assignments/media-types/
 
+# :markup: markdown
+
 Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml )
 Mime::Type.register "text/plain", :text, [], %w(txt)
 Mime::Type.register "text/javascript", :js, %w( application/javascript application/x-javascript )
@@ -11,6 +13,7 @@ Mime::Type.register "text/calendar", :ics
 Mime::Type.register "text/csv", :csv
 Mime::Type.register "text/vcard", :vcf
 Mime::Type.register "text/vtt", :vtt, %w(vtt)
+Mime::Type.register "text/markdown", :md, [], %w(md markdown)
 
 Mime::Type.register "image/png", :png, [], %w(png)
 Mime::Type.register "image/jpeg", :jpeg, [], %w(jpg jpeg jpe pjpeg)

data/lib/action_dispatch/http/param_builder.rb

@@ -0,0 +1,187 @@
+# frozen_string_literal: true
+
+module ActionDispatch
+  class ParamBuilder
+    # --
+    # This implementation is based on Rack::QueryParser,
+    # Copyright (C) 2007-2021 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
+
+    def self.make_default(param_depth_limit)
+      new param_depth_limit
+    end
+
+    attr_reader :param_depth_limit
+
+    def initialize(param_depth_limit)
+      @param_depth_limit = param_depth_limit
+    end
+
+    cattr_accessor :default
+    self.default = make_default(100)
+
+    class << self
+      delegate :from_query_string, :from_pairs, :from_hash, to: :default
+
+      def ignore_leading_brackets
+        ActionDispatch.deprecator.warn <<~MSG
+          ActionDispatch::ParamBuilder.ignore_leading_brackets is deprecated and have no effect and will be removed in Rails 8.2.
+        MSG
+
+        @ignore_leading_brackets
+      end
+
+      def ignore_leading_brackets=(value)
+        ActionDispatch.deprecator.warn <<~MSG
+          ActionDispatch::ParamBuilder.ignore_leading_brackets is deprecated and have no effect and will be removed in Rails 8.2.
+        MSG
+
+        @ignore_leading_brackets = value
+      end
+    end
+
+    def from_query_string(qs, separator: nil, encoding_template: nil)
+      from_pairs QueryParser.each_pair(qs, separator), encoding_template: encoding_template
+    end
+
+    def from_pairs(pairs, encoding_template: nil)
+      params = make_params
+
+      pairs.each do |k, v|
+        if Hash === v
+          v = ActionDispatch::Http::UploadedFile.new(v)
+        end
+
+        store_nested_param(params, k, v, 0, encoding_template)
+      end
+
+      params
+    rescue ArgumentError => e
+      raise InvalidParameterError, e.message, e.backtrace
+    end
+
+    def from_hash(hash, encoding_template: nil)
+      # Force encodings from encoding template
+      hash = Request::Utils::CustomParamEncoder.encode_for_template(hash, encoding_template)
+
+      # Assert valid encoding
+      Request::Utils.check_param_encoding(hash)
+
+      # Convert hashes to HWIA (or UploadedFile), and deep-munge nils
+      # out of arrays
+      hash = Request::Utils.normalize_encode_params(hash)
+
+      hash
+    end
+
+    private
+      def store_nested_param(params, name, v, depth, encoding_template = nil)
+        raise ParamsTooDeepError if depth >= param_depth_limit
+
+        if !name
+          # nil name, treat same as empty string (required by tests)
+          k = after = ""
+        elsif depth == 0
+          # Start of parsing, don't treat [] or [ at start of string specially
+          if start = name.index("[", 1)
+            # Start of parameter nesting, use part before brackets as key
+            k = name[0, start]
+            after = name[start, name.length]
+          else
+            # Plain parameter with no nesting
+            k = name
+            after = ""
+          end
+        elsif name.start_with?("[]")
+          # Array nesting
+          k = "[]"
+          after = name[2, name.length]
+        elsif name.start_with?("[") && (start = name.index("]", 1))
+          # Hash nesting, use the part inside brackets as the key
+          k = name[1, start - 1]
+          after = name[start + 1, name.length]
+        else
+          # Probably malformed input, nested but not starting with [
+          # treat full name as key for backwards compatibility.
+          k = name
+          after = ""
+        end
+
+        return if k.empty?
+
+        unless k.valid_encoding?
+          raise InvalidParameterError, "Invalid encoding for parameter: #{k}"
+        end
+
+        if depth == 0 && String === v
+          # We have to wait until we've found the top part of the name,
+          # because that's what the encoding template is configured with
+          if encoding_template && (designated_encoding = encoding_template[k]) && !v.frozen?
+            v.force_encoding(designated_encoding)
+          end
+
+          # ... and we can't validate the encoding until after we've
+          # applied any template override
+          unless v.valid_encoding?
+            raise InvalidParameterError, "Invalid encoding for parameter: #{v.scrub}"
+          end
+        end
+
+        if after == ""
+          if k == "[]" && depth != 0
+            return (v || !ActionDispatch::Request::Utils.perform_deep_munge) ? [v] : []
+          else
+            params[k] = v
+          end
+        elsif after == "["
+          params[name] = v
+        elsif after == "[]"
+          params[k] ||= []
+          raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
+          params[k] << v if v || !ActionDispatch::Request::Utils.perform_deep_munge
+        elsif after.start_with?("[]")
+          # Recognize x[][y] (hash inside array) parameters
+          unless after[2] == "[" && after.end_with?("]") && (child_key = after[3, after.length - 4]) && !child_key.empty? && !child_key.index("[") && !child_key.index("]")
+            # Handle other nested array parameters
+            child_key = after[2, after.length]
+          end
+          params[k] ||= []
+          raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
+          if params_hash_type?(params[k].last) && !params_hash_has_key?(params[k].last, child_key)
+            store_nested_param(params[k].last, child_key, v, depth + 1)
+          else
+            params[k] << store_nested_param(make_params, child_key, v, depth + 1)
+          end
+        else
+          params[k] ||= make_params
+          raise ParameterTypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k])
+          params[k] = store_nested_param(params[k], after, v, depth + 1)
+        end
+
+        params
+      end
+
+      def make_params
+        ActiveSupport::HashWithIndifferentAccess.new
+      end
+
+      def new_depth_limit(param_depth_limit)
+        self.class.new @params_class, param_depth_limit
+      end
+
+      def params_hash_type?(obj)
+        Hash === obj
+      end
+
+      def params_hash_has_key?(hash, key)
+        return false if key.include?("[]")
+
+        key.split(/[\[\]]+/).inject(hash) do |h, part|
+          next h if part == ""
+          return false unless params_hash_type?(h) && h.key?(part)
+          h[part]
+        end
+
+        true
+      end
+  end
+end

data/lib/action_dispatch/http/param_error.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module ActionDispatch
+  class ParamError < ActionDispatch::Http::Parameters::ParseError
+    def initialize(message = nil)
+      super
+    end
+
+    def self.===(other)
+      super || (
+        defined?(Rack::Utils::ParameterTypeError) && Rack::Utils::ParameterTypeError === other ||
+        defined?(Rack::Utils::InvalidParameterError) && Rack::Utils::InvalidParameterError === other ||
+        defined?(Rack::QueryParser::ParamsTooDeepError) && Rack::QueryParser::ParamsTooDeepError === other
+      )
+    end
+  end
+
+  class ParameterTypeError < ParamError
+  end
+
+  class InvalidParameterError < ParamError
+  end
+
+  class ParamsTooDeepError < ParamError
+  end
+end

data/lib/action_dispatch/http/parameters.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionDispatch
   module Http
     module Parameters
@@ -14,8 +16,8 @@ module ActionDispatch
         }
       }
 
-      # Raised when raw data from the request cannot be parsed by the parser
-      # defined for request's content MIME type.
+      # Raised when raw data from the request cannot be parsed by the parser defined
+      # for request's content MIME type.
       class ParseError < StandardError
         def initialize(message = $!.message)
           super(message)
@@ -34,8 +36,8 @@ module ActionDispatch
       module ClassMethods
         # Configure the parameter parser for a given MIME type.
         #
-        # It accepts a hash where the key is the symbol of the MIME type
-        # and the value is a proc.
+        # It accepts a hash where the key is the symbol of the MIME type and the value
+        # is a proc.
         #
         #     original_parsers = ActionDispatch::Request.parameter_parsers
         #     xml_parser = -> (raw_post) { Hash.from_xml(raw_post) || {} }
@@ -46,7 +48,7 @@ module ActionDispatch
         end
       end
 
-      # Returns both GET and POST \parameters in a single hash.
+      # Returns both GET and POST parameters in a single hash.
       def parameters
         params = get_header("action_dispatch.request.parameters")
         return params if params
@@ -63,24 +65,24 @@ module ActionDispatch
       alias :params :parameters
 
       def path_parameters=(parameters) # :nodoc:
-        delete_header("action_dispatch.request.parameters")
+        @env.delete("action_dispatch.request.parameters")
 
         parameters = Request::Utils.set_binary_encoding(self, parameters, parameters[:controller], parameters[:action])
-        # If any of the path parameters has an invalid encoding then
-        # raise since it's likely to trigger errors further on.
+        # If any of the path parameters has an invalid encoding then raise since it's
+        # likely to trigger errors further on.
         Request::Utils.check_param_encoding(parameters)
 
-        set_header PARAMETERS_KEY, parameters
+        @env[PARAMETERS_KEY] = parameters
       rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
         raise ActionController::BadRequest.new("Invalid path parameters: #{e.message}")
       end
 
-      # Returns a hash with the \parameters used to form the \path of the request.
+      # Returns a hash with the parameters used to form the path of the request.
       # Returned hash keys are symbols:
       #
-      #   { action: "my_action", controller: "my_controller" }
+      #     { action: "my_action", controller: "my_controller" }
       def path_parameters
-        get_header(PARAMETERS_KEY) || set_header(PARAMETERS_KEY, {})
+        @env[PARAMETERS_KEY] ||= {}
       end
 
       private