actionpack 8.0.0.rc1 → 8.0.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/lib/action_controller/metal/http_authentication.rb +1 -4
- data/lib/action_controller/metal/strong_parameters.rb +3 -1
- data/lib/action_dispatch/http/filter_parameters.rb +9 -4
- data/lib/action_dispatch/http/filter_redirect.rb +9 -2
- data/lib/action_dispatch/http/param_builder.rb +31 -8
- data/lib/action_dispatch/http/query_parser.rb +24 -2
- data/lib/action_dispatch/journey/scanner.rb +5 -1
- data/lib/action_dispatch/railtie.rb +6 -0
- data/lib/action_pack/gem_version.rb +1 -1
- metadata +11 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 76724412ee5fbe34b92080713c9e9fab617fe1a81c4400ba2ee252d55020a6e3
|
4
|
+
data.tar.gz: 14b34e7e8e188f66b7f7da1542301fa5856fb0b14cb6213282c07c30fffbd76f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d13e4c2bc63c93db23db2ab94786700542926ba9c200f611985dd524fe7cd11602bc592a9124c14d7f08e39bf7e95ed56fbebdadb6c8391d5712bbad47fb62bf
|
7
|
+
data.tar.gz: 8f90ce2cd483f2ac438680310306293ccf733b0052f064bfb265a74a65c81e8bab5a32d699914a6f5c713974367d3ae5756a11e0e88210f4198e0d195339ce9b
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,14 @@
|
|
1
|
+
## Rails 8.0.0.rc2 (October 30, 2024) ##
|
2
|
+
|
3
|
+
* Fix routes with `::` in the path.
|
4
|
+
|
5
|
+
*Rafael Mendonça França*
|
6
|
+
|
7
|
+
* Maintain Rack 2 parameter parsing behaviour.
|
8
|
+
|
9
|
+
*Matthew Draper*
|
10
|
+
|
11
|
+
|
1
12
|
## Rails 8.0.0.rc1 (October 19, 2024) ##
|
2
13
|
|
3
14
|
* Remove `Rails.application.config.action_controller.allow_deprecated_parameters_hash_equality`.
|
@@ -513,14 +513,11 @@ module ActionController
|
|
513
513
|
array_params.each { |param| (param[1] || +"").gsub! %r/^"|"$/, "" }
|
514
514
|
end
|
515
515
|
|
516
|
-
WHITESPACED_AUTHN_PAIR_DELIMITERS = /\s*#{AUTHN_PAIR_DELIMITERS}\s*/
|
517
|
-
private_constant :WHITESPACED_AUTHN_PAIR_DELIMITERS
|
518
|
-
|
519
516
|
# This method takes an authorization body and splits up the key-value pairs by
|
520
517
|
# the standardized `:`, `;`, or `\t` delimiters defined in
|
521
518
|
# `AUTHN_PAIR_DELIMITERS`.
|
522
519
|
def raw_params(auth)
|
523
|
-
_raw_params = auth.sub(TOKEN_REGEX, "").split(
|
520
|
+
_raw_params = auth.sub(TOKEN_REGEX, "").split(AUTHN_PAIR_DELIMITERS).map(&:strip)
|
524
521
|
_raw_params.reject!(&:empty?)
|
525
522
|
|
526
523
|
if !_raw_params.first&.start_with?(TOKEN_KEY)
|
@@ -95,6 +95,8 @@ module ActionController
|
|
95
95
|
# * `permit` to filter params for mass assignment.
|
96
96
|
# * `require` to require a parameter or raise an error.
|
97
97
|
#
|
98
|
+
# Examples:
|
99
|
+
#
|
98
100
|
# params = ActionController::Parameters.new({
|
99
101
|
# person: {
|
100
102
|
# name: "Francesco",
|
@@ -109,7 +111,7 @@ module ActionController
|
|
109
111
|
# Person.first.update!(permitted)
|
110
112
|
# # => #<Person id: 1, name: "Francesco", age: 22, role: "user">
|
111
113
|
#
|
112
|
-
#
|
114
|
+
# Parameters provides two options that control the top-level behavior of new
|
113
115
|
# instances:
|
114
116
|
#
|
115
117
|
# * `permit_all_parameters` - If it's `true`, all the parameters will be
|
@@ -68,12 +68,17 @@ module ActionDispatch
|
|
68
68
|
ActiveSupport::ParameterFilter.new(filters)
|
69
69
|
end
|
70
70
|
|
71
|
-
KV_RE = "[^&;=]+"
|
72
|
-
PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
|
73
71
|
def filtered_query_string # :doc:
|
74
|
-
query_string.
|
75
|
-
|
72
|
+
parts = query_string.split(/([&;])/)
|
73
|
+
filtered_parts = parts.map do |part|
|
74
|
+
if part.include?("=")
|
75
|
+
key, value = part.split("=", 2)
|
76
|
+
parameter_filter.filter(key => value).first.join("=")
|
77
|
+
else
|
78
|
+
part
|
79
|
+
end
|
76
80
|
end
|
81
|
+
filtered_parts.join("")
|
77
82
|
end
|
78
83
|
end
|
79
84
|
end
|
@@ -37,9 +37,16 @@ module ActionDispatch
|
|
37
37
|
def parameter_filtered_location
|
38
38
|
uri = URI.parse(location)
|
39
39
|
unless uri.query.nil? || uri.query.empty?
|
40
|
-
uri.query.
|
41
|
-
|
40
|
+
parts = uri.query.split(/([&;])/)
|
41
|
+
filtered_parts = parts.map do |part|
|
42
|
+
if part.include?("=")
|
43
|
+
key, value = part.split("=", 2)
|
44
|
+
request.parameter_filter.filter(key => value).first.join("=")
|
45
|
+
else
|
46
|
+
part
|
47
|
+
end
|
42
48
|
end
|
49
|
+
uri.query = filtered_parts.join("")
|
43
50
|
end
|
44
51
|
uri.to_s
|
45
52
|
rescue URI::Error
|
@@ -2,6 +2,10 @@
|
|
2
2
|
|
3
3
|
module ActionDispatch
|
4
4
|
class ParamBuilder
|
5
|
+
# --
|
6
|
+
# This implementation is based on Rack::QueryParser,
|
7
|
+
# Copyright (C) 2007-2021 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
|
8
|
+
|
5
9
|
def self.make_default(param_depth_limit)
|
6
10
|
new param_depth_limit
|
7
11
|
end
|
@@ -12,6 +16,10 @@ module ActionDispatch
|
|
12
16
|
@param_depth_limit = param_depth_limit
|
13
17
|
end
|
14
18
|
|
19
|
+
cattr_accessor :ignore_leading_brackets
|
20
|
+
|
21
|
+
LEADING_BRACKETS_COMPAT = defined?(::Rack::RELEASE) && ::Rack::RELEASE.to_s.start_with?("2.")
|
22
|
+
|
15
23
|
cattr_accessor :default
|
16
24
|
self.default = make_default(100)
|
17
25
|
|
@@ -61,15 +69,30 @@ module ActionDispatch
|
|
61
69
|
# nil name, treat same as empty string (required by tests)
|
62
70
|
k = after = ""
|
63
71
|
elsif depth == 0
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
72
|
+
if ignore_leading_brackets || (ignore_leading_brackets.nil? && LEADING_BRACKETS_COMPAT)
|
73
|
+
# Rack 2 compatible behavior, ignore leading brackets
|
74
|
+
if name =~ /\A[\[\]]*([^\[\]]+)\]*/
|
75
|
+
k = $1
|
76
|
+
after = $' || ""
|
77
|
+
|
78
|
+
if !ignore_leading_brackets && (k != $& || !after.empty? && !after.start_with?("["))
|
79
|
+
ActionDispatch.deprecator.warn("Skipping over leading brackets in parameter name #{name.inspect} is deprecated and will parse differently in Rails 8.1 or Rack 3.0.")
|
80
|
+
end
|
81
|
+
else
|
82
|
+
k = name
|
83
|
+
after = ""
|
84
|
+
end
|
69
85
|
else
|
70
|
-
#
|
71
|
-
|
72
|
-
|
86
|
+
# Start of parsing, don't treat [] or [ at start of string specially
|
87
|
+
if start = name.index("[", 1)
|
88
|
+
# Start of parameter nesting, use part before brackets as key
|
89
|
+
k = name[0, start]
|
90
|
+
after = name[start, name.length]
|
91
|
+
else
|
92
|
+
# Plain parameter with no nesting
|
93
|
+
k = name
|
94
|
+
after = ""
|
95
|
+
end
|
73
96
|
end
|
74
97
|
elsif name.start_with?("[]")
|
75
98
|
# Array nesting
|
@@ -1,11 +1,17 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "uri"
|
4
|
+
require "rack"
|
4
5
|
|
5
6
|
module ActionDispatch
|
6
7
|
class QueryParser
|
7
8
|
DEFAULT_SEP = /& */n
|
8
|
-
|
9
|
+
COMPAT_SEP = /[&;] */n
|
10
|
+
COMMON_SEP = { ";" => /; */n, ";," => /[;,] */n, "&" => /& */n, "&;" => /[&;] */n }
|
11
|
+
|
12
|
+
cattr_accessor :strict_query_string_separator
|
13
|
+
|
14
|
+
SEMICOLON_COMPAT = defined?(::Rack::QueryParser::DEFAULT_SEP) && ::Rack::QueryParser::DEFAULT_SEP.to_s.include?(";")
|
9
15
|
|
10
16
|
#--
|
11
17
|
# Note this departs from WHATWG's specified parsing algorithm by
|
@@ -14,7 +20,23 @@ module ActionDispatch
|
|
14
20
|
def self.each_pair(s, separator = nil)
|
15
21
|
return enum_for(:each_pair, s, separator) unless block_given?
|
16
22
|
|
17
|
-
|
23
|
+
s ||= ""
|
24
|
+
|
25
|
+
splitter =
|
26
|
+
if separator
|
27
|
+
COMMON_SEP[separator] || /[#{separator}] */n
|
28
|
+
elsif strict_query_string_separator
|
29
|
+
DEFAULT_SEP
|
30
|
+
elsif SEMICOLON_COMPAT && s.include?(";")
|
31
|
+
if strict_query_string_separator.nil?
|
32
|
+
ActionDispatch.deprecator.warn("Using semicolon as a query string separator is deprecated and will not be supported in Rails 8.1 or Rack 3.0. Use `&` instead.")
|
33
|
+
end
|
34
|
+
COMPAT_SEP
|
35
|
+
else
|
36
|
+
DEFAULT_SEP
|
37
|
+
end
|
38
|
+
|
39
|
+
s.split(splitter).each do |part|
|
18
40
|
next if part.empty?
|
19
41
|
|
20
42
|
k, v = part.split("=", 2)
|
@@ -55,7 +55,7 @@ module ActionDispatch
|
|
55
55
|
def scan
|
56
56
|
next_byte = @scanner.peek_byte
|
57
57
|
case
|
58
|
-
when (token = STATIC_TOKENS[next_byte])
|
58
|
+
when (token = STATIC_TOKENS[next_byte]) && (token != :SYMBOL || next_byte_is_not_a_token?)
|
59
59
|
@scanner.pos += 1
|
60
60
|
@length = @scanner.skip(/\w+/).to_i + 1 if token == :SYMBOL || token == :STAR
|
61
61
|
token
|
@@ -65,6 +65,10 @@ module ActionDispatch
|
|
65
65
|
:LITERAL
|
66
66
|
end
|
67
67
|
end
|
68
|
+
|
69
|
+
def next_byte_is_not_a_token?
|
70
|
+
!STATIC_TOKENS[@scanner.string.getbyte(@scanner.pos + 1)]
|
71
|
+
end
|
68
72
|
end
|
69
73
|
end
|
70
74
|
end
|
@@ -31,6 +31,9 @@ module ActionDispatch
|
|
31
31
|
config.action_dispatch.debug_exception_log_level = :fatal
|
32
32
|
config.action_dispatch.strict_freshness = false
|
33
33
|
|
34
|
+
config.action_dispatch.ignore_leading_brackets = nil
|
35
|
+
config.action_dispatch.strict_query_string_separator = nil
|
36
|
+
|
34
37
|
config.action_dispatch.default_headers = {
|
35
38
|
"X-Frame-Options" => "SAMEORIGIN",
|
36
39
|
"X-XSS-Protection" => "1; mode=block",
|
@@ -52,6 +55,9 @@ module ActionDispatch
|
|
52
55
|
ActionDispatch::Http::URL.secure_protocol = app.config.force_ssl
|
53
56
|
ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
|
54
57
|
|
58
|
+
ActionDispatch::ParamBuilder.ignore_leading_brackets = app.config.action_dispatch.ignore_leading_brackets
|
59
|
+
ActionDispatch::QueryParser.strict_query_string_separator = app.config.action_dispatch.strict_query_string_separator
|
60
|
+
|
55
61
|
ActiveSupport.on_load(:action_dispatch_request) do
|
56
62
|
self.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
|
57
63
|
ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionpack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 8.0.0.
|
4
|
+
version: 8.0.0.rc2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-10-
|
11
|
+
date: 2024-10-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 8.0.0.
|
19
|
+
version: 8.0.0.rc2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 8.0.0.
|
26
|
+
version: 8.0.0.rc2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: nokogiri
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,28 +128,28 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - '='
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 8.0.0.
|
131
|
+
version: 8.0.0.rc2
|
132
132
|
type: :runtime
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - '='
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 8.0.0.
|
138
|
+
version: 8.0.0.rc2
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: activemodel
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
142
142
|
requirements:
|
143
143
|
- - '='
|
144
144
|
- !ruby/object:Gem::Version
|
145
|
-
version: 8.0.0.
|
145
|
+
version: 8.0.0.rc2
|
146
146
|
type: :development
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
150
|
- - '='
|
151
151
|
- !ruby/object:Gem::Version
|
152
|
-
version: 8.0.0.
|
152
|
+
version: 8.0.0.rc2
|
153
153
|
description: Web apps on Rails. Simple, battle-tested conventions for building and
|
154
154
|
testing MVC web applications. Works with any Rack-compatible server.
|
155
155
|
email: david@loudthinking.com
|
@@ -350,10 +350,10 @@ licenses:
|
|
350
350
|
- MIT
|
351
351
|
metadata:
|
352
352
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
353
|
-
changelog_uri: https://github.com/rails/rails/blob/v8.0.0.
|
354
|
-
documentation_uri: https://api.rubyonrails.org/v8.0.0.
|
353
|
+
changelog_uri: https://github.com/rails/rails/blob/v8.0.0.rc2/actionpack/CHANGELOG.md
|
354
|
+
documentation_uri: https://api.rubyonrails.org/v8.0.0.rc2/
|
355
355
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
356
|
-
source_code_uri: https://github.com/rails/rails/tree/v8.0.0.
|
356
|
+
source_code_uri: https://github.com/rails/rails/tree/v8.0.0.rc2/actionpack
|
357
357
|
rubygems_mfa_required: 'true'
|
358
358
|
post_install_message:
|
359
359
|
rdoc_options: []
|