actionpack 8.0.0.rc1 → 8.0.0.rc2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cbf30070e8c7658bcda189e9c07184b10bfdeb1ae28ae9b7c6e354189e96eac6
4
- data.tar.gz: c21576442cf2c2e3ef1cf7e36f5e412349b6f933c651cca641a9afe48229cd96
3
+ metadata.gz: 76724412ee5fbe34b92080713c9e9fab617fe1a81c4400ba2ee252d55020a6e3
4
+ data.tar.gz: 14b34e7e8e188f66b7f7da1542301fa5856fb0b14cb6213282c07c30fffbd76f
5
5
  SHA512:
6
- metadata.gz: 8d09731d99912ded6338f7a0fcc0d98706efbf4721f26d35edcede064e240d607f6ddc5ed43a979ebe3c8d6c1e9b90347d84725c6b504c91c79fb9821edca478
7
- data.tar.gz: 5b981e0db05e7d35cda56797acbf513050fd099bb3778ec2247012e1a338dec2b1fe608a6653a4dbe54c621de63f576588b98b8d77b172f9456b78e2e9a7cd9b
6
+ metadata.gz: d13e4c2bc63c93db23db2ab94786700542926ba9c200f611985dd524fe7cd11602bc592a9124c14d7f08e39bf7e95ed56fbebdadb6c8391d5712bbad47fb62bf
7
+ data.tar.gz: 8f90ce2cd483f2ac438680310306293ccf733b0052f064bfb265a74a65c81e8bab5a32d699914a6f5c713974367d3ae5756a11e0e88210f4198e0d195339ce9b
data/CHANGELOG.md CHANGED
@@ -1,3 +1,14 @@
1
+ ## Rails 8.0.0.rc2 (October 30, 2024) ##
2
+
3
+ * Fix routes with `::` in the path.
4
+
5
+ *Rafael Mendonça França*
6
+
7
+ * Maintain Rack 2 parameter parsing behaviour.
8
+
9
+ *Matthew Draper*
10
+
11
+
1
12
  ## Rails 8.0.0.rc1 (October 19, 2024) ##
2
13
 
3
14
  * Remove `Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality`.
@@ -513,14 +513,11 @@ module ActionController
513
513
  array_params.each { |param| (param[1] || +"").gsub! %r/^"|"$/, "" }
514
514
  end
515
515
 
516
- WHITESPACED_AUTHN_PAIR_DELIMITERS = /\s*#{AUTHN_PAIR_DELIMITERS}\s*/
517
- private_constant :WHITESPACED_AUTHN_PAIR_DELIMITERS
518
-
519
516
  # This method takes an authorization body and splits up the key-value pairs by
520
517
  # the standardized `:`, `;`, or `\t` delimiters defined in
521
518
  # `AUTHN_PAIR_DELIMITERS`.
522
519
  def raw_params(auth)
523
- _raw_params = auth.sub(TOKEN_REGEX, "").split(WHITESPACED_AUTHN_PAIR_DELIMITERS)
520
+ _raw_params = auth.sub(TOKEN_REGEX, "").split(AUTHN_PAIR_DELIMITERS).map(&:strip)
524
521
  _raw_params.reject!(&:empty?)
525
522
 
526
523
  if !_raw_params.first&.start_with?(TOKEN_KEY)
@@ -95,6 +95,8 @@ module ActionController
95
95
  # * `permit` to filter params for mass assignment.
96
96
  # * `require` to require a parameter or raise an error.
97
97
  #
98
+ # Examples:
99
+ #
98
100
  # params = ActionController::Parameters.new({
99
101
  # person: {
100
102
  # name: "Francesco",
@@ -109,7 +111,7 @@ module ActionController
109
111
  # Person.first.update!(permitted)
110
112
  # # => #<Person id: 1, name: "Francesco", age: 22, role: "user">
111
113
  #
112
- # Paramaters provides two options that control the top-level behavior of new
114
+ # Parameters provides two options that control the top-level behavior of new
113
115
  # instances:
114
116
  #
115
117
  # * `permit_all_parameters` - If it's `true`, all the parameters will be
@@ -68,12 +68,17 @@ module ActionDispatch
68
68
  ActiveSupport::ParameterFilter.new(filters)
69
69
  end
70
70
 
71
- KV_RE = "[^&;=]+"
72
- PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
73
71
  def filtered_query_string # :doc:
74
- query_string.gsub(PAIR_RE) do |_|
75
- parameter_filter.filter($1 => $2).first.join("=")
72
+ parts = query_string.split(/([&;])/)
73
+ filtered_parts = parts.map do |part|
74
+ if part.include?("=")
75
+ key, value = part.split("=", 2)
76
+ parameter_filter.filter(key => value).first.join("=")
77
+ else
78
+ part
79
+ end
76
80
  end
81
+ filtered_parts.join("")
77
82
  end
78
83
  end
79
84
  end
@@ -37,9 +37,16 @@ module ActionDispatch
37
37
  def parameter_filtered_location
38
38
  uri = URI.parse(location)
39
39
  unless uri.query.nil? || uri.query.empty?
40
- uri.query.gsub!(FilterParameters::PAIR_RE) do
41
- request.parameter_filter.filter($1 => $2).first.join("=")
40
+ parts = uri.query.split(/([&;])/)
41
+ filtered_parts = parts.map do |part|
42
+ if part.include?("=")
43
+ key, value = part.split("=", 2)
44
+ request.parameter_filter.filter(key => value).first.join("=")
45
+ else
46
+ part
47
+ end
42
48
  end
49
+ uri.query = filtered_parts.join("")
43
50
  end
44
51
  uri.to_s
45
52
  rescue URI::Error
@@ -2,6 +2,10 @@
2
2
 
3
3
  module ActionDispatch
4
4
  class ParamBuilder
5
+ # --
6
+ # This implementation is based on Rack::QueryParser,
7
+ # Copyright (C) 2007-2021 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
8
+
5
9
  def self.make_default(param_depth_limit)
6
10
  new param_depth_limit
7
11
  end
@@ -12,6 +16,10 @@ module ActionDispatch
12
16
  @param_depth_limit = param_depth_limit
13
17
  end
14
18
 
19
+ cattr_accessor :ignore_leading_brackets
20
+
21
+ LEADING_BRACKETS_COMPAT = defined?(::Rack::RELEASE) && ::Rack::RELEASE.to_s.start_with?("2.")
22
+
15
23
  cattr_accessor :default
16
24
  self.default = make_default(100)
17
25
 
@@ -61,15 +69,30 @@ module ActionDispatch
61
69
  # nil name, treat same as empty string (required by tests)
62
70
  k = after = ""
63
71
  elsif depth == 0
64
- # Start of parsing, don't treat [] or [ at start of string specially
65
- if start = name.index("[", 1)
66
- # Start of parameter nesting, use part before brackets as key
67
- k = name[0, start]
68
- after = name[start, name.length]
72
+ if ignore_leading_brackets || (ignore_leading_brackets.nil? && LEADING_BRACKETS_COMPAT)
73
+ # Rack 2 compatible behavior, ignore leading brackets
74
+ if name =~ /\A[\[\]]*([^\[\]]+)\]*/
75
+ k = $1
76
+ after = $' || ""
77
+
78
+ if !ignore_leading_brackets && (k != $& || !after.empty? && !after.start_with?("["))
79
+ ActionDispatch.deprecator.warn("Skipping over leading brackets in parameter name #{name.inspect} is deprecated and will parse differently in Rails 8.1 or Rack 3.0.")
80
+ end
81
+ else
82
+ k = name
83
+ after = ""
84
+ end
69
85
  else
70
- # Plain parameter with no nesting
71
- k = name
72
- after = ""
86
+ # Start of parsing, don't treat [] or [ at start of string specially
87
+ if start = name.index("[", 1)
88
+ # Start of parameter nesting, use part before brackets as key
89
+ k = name[0, start]
90
+ after = name[start, name.length]
91
+ else
92
+ # Plain parameter with no nesting
93
+ k = name
94
+ after = ""
95
+ end
73
96
  end
74
97
  elsif name.start_with?("[]")
75
98
  # Array nesting
@@ -1,11 +1,17 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "uri"
4
+ require "rack"
4
5
 
5
6
  module ActionDispatch
6
7
  class QueryParser
7
8
  DEFAULT_SEP = /& */n
8
- COMMON_SEP = { ";" => /; */n, ";," => /[;,] */n, "&" => /& */n }
9
+ COMPAT_SEP = /[&;] */n
10
+ COMMON_SEP = { ";" => /; */n, ";," => /[;,] */n, "&" => /& */n, "&;" => /[&;] */n }
11
+
12
+ cattr_accessor :strict_query_string_separator
13
+
14
+ SEMICOLON_COMPAT = defined?(::Rack::QueryParser::DEFAULT_SEP) && ::Rack::QueryParser::DEFAULT_SEP.to_s.include?(";")
9
15
 
10
16
  #--
11
17
  # Note this departs from WHATWG's specified parsing algorithm by
@@ -14,7 +20,23 @@ module ActionDispatch
14
20
  def self.each_pair(s, separator = nil)
15
21
  return enum_for(:each_pair, s, separator) unless block_given?
16
22
 
17
- (s || "").split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |part|
23
+ s ||= ""
24
+
25
+ splitter =
26
+ if separator
27
+ COMMON_SEP[separator] || /[#{separator}] */n
28
+ elsif strict_query_string_separator
29
+ DEFAULT_SEP
30
+ elsif SEMICOLON_COMPAT && s.include?(";")
31
+ if strict_query_string_separator.nil?
32
+ ActionDispatch.deprecator.warn("Using semicolon as a query string separator is deprecated and will not be supported in Rails 8.1 or Rack 3.0. Use `&` instead.")
33
+ end
34
+ COMPAT_SEP
35
+ else
36
+ DEFAULT_SEP
37
+ end
38
+
39
+ s.split(splitter).each do |part|
18
40
  next if part.empty?
19
41
 
20
42
  k, v = part.split("=", 2)
@@ -55,7 +55,7 @@ module ActionDispatch
55
55
  def scan
56
56
  next_byte = @scanner.peek_byte
57
57
  case
58
- when (token = STATIC_TOKENS[next_byte])
58
+ when (token = STATIC_TOKENS[next_byte]) && (token != :SYMBOL || next_byte_is_not_a_token?)
59
59
  @scanner.pos += 1
60
60
  @length = @scanner.skip(/\w+/).to_i + 1 if token == :SYMBOL || token == :STAR
61
61
  token
@@ -65,6 +65,10 @@ module ActionDispatch
65
65
  :LITERAL
66
66
  end
67
67
  end
68
+
69
+ def next_byte_is_not_a_token?
70
+ !STATIC_TOKENS[@scanner.string.getbyte(@scanner.pos + 1)]
71
+ end
68
72
  end
69
73
  end
70
74
  end
@@ -31,6 +31,9 @@ module ActionDispatch
31
31
  config.action_dispatch.debug_exception_log_level = :fatal
32
32
  config.action_dispatch.strict_freshness = false
33
33
 
34
+ config.action_dispatch.ignore_leading_brackets = nil
35
+ config.action_dispatch.strict_query_string_separator = nil
36
+
34
37
  config.action_dispatch.default_headers = {
35
38
  "X-Frame-Options" => "SAMEORIGIN",
36
39
  "X-XSS-Protection" => "1; mode=block",
@@ -52,6 +55,9 @@ module ActionDispatch
52
55
  ActionDispatch::Http::URL.secure_protocol = app.config.force_ssl
53
56
  ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
54
57
 
58
+ ActionDispatch::ParamBuilder.ignore_leading_brackets = app.config.action_dispatch.ignore_leading_brackets
59
+ ActionDispatch::QueryParser.strict_query_string_separator = app.config.action_dispatch.strict_query_string_separator
60
+
55
61
  ActiveSupport.on_load(:action_dispatch_request) do
56
62
  self.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
57
63
  ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
@@ -12,7 +12,7 @@ module ActionPack
12
12
  MAJOR = 8
13
13
  MINOR = 0
14
14
  TINY = 0
15
- PRE = "rc1"
15
+ PRE = "rc2"
16
16
 
17
17
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
18
18
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 8.0.0.rc1
4
+ version: 8.0.0.rc2
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-10-19 00:00:00.000000000 Z
11
+ date: 2024-10-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 8.0.0.rc1
19
+ version: 8.0.0.rc2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 8.0.0.rc1
26
+ version: 8.0.0.rc2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,28 +128,28 @@ dependencies:
128
128
  requirements:
129
129
  - - '='
130
130
  - !ruby/object:Gem::Version
131
- version: 8.0.0.rc1
131
+ version: 8.0.0.rc2
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - '='
137
137
  - !ruby/object:Gem::Version
138
- version: 8.0.0.rc1
138
+ version: 8.0.0.rc2
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: activemodel
141
141
  requirement: !ruby/object:Gem::Requirement
142
142
  requirements:
143
143
  - - '='
144
144
  - !ruby/object:Gem::Version
145
- version: 8.0.0.rc1
145
+ version: 8.0.0.rc2
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - '='
151
151
  - !ruby/object:Gem::Version
152
- version: 8.0.0.rc1
152
+ version: 8.0.0.rc2
153
153
  description: Web apps on Rails. Simple, battle-tested conventions for building and
154
154
  testing MVC web applications. Works with any Rack-compatible server.
155
155
  email: david@loudthinking.com
@@ -350,10 +350,10 @@ licenses:
350
350
  - MIT
351
351
  metadata:
352
352
  bug_tracker_uri: https://github.com/rails/rails/issues
353
- changelog_uri: https://github.com/rails/rails/blob/v8.0.0.rc1/actionpack/CHANGELOG.md
354
- documentation_uri: https://api.rubyonrails.org/v8.0.0.rc1/
353
+ changelog_uri: https://github.com/rails/rails/blob/v8.0.0.rc2/actionpack/CHANGELOG.md
354
+ documentation_uri: https://api.rubyonrails.org/v8.0.0.rc2/
355
355
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
356
- source_code_uri: https://github.com/rails/rails/tree/v8.0.0.rc1/actionpack
356
+ source_code_uri: https://github.com/rails/rails/tree/v8.0.0.rc2/actionpack
357
357
  rubygems_mfa_required: 'true'
358
358
  post_install_message:
359
359
  rdoc_options: []