actionpack 1.12.3 → 1.12.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- data/CHANGELOG +35 -0
- data/README +4 -0
- data/Rakefile +8 -4
- data/filler +53 -0
- data/lib/action_controller/base.rb +102 -71
- data/lib/action_controller/caching.rb +3 -3
- data/lib/action_controller/cgi_process.rb +6 -5
- data/lib/action_controller/integration.rb +10 -6
- data/lib/action_controller/layout.rb +7 -5
- data/lib/action_controller/mime_responds.rb +7 -1
- data/lib/action_controller/pagination.rb +2 -2
- data/lib/action_controller/request.rb +11 -3
- data/lib/action_controller/routing.rb +7 -2
- data/lib/action_controller/streaming.rb +11 -6
- data/lib/action_controller/templates/scaffolds/layout.rhtml +1 -1
- data/lib/action_controller/verification.rb +1 -1
- data/lib/action_pack/version.rb +1 -1
- data/lib/action_view/base.rb +7 -4
- data/lib/action_view/helpers/capture_helper.rb +18 -16
- data/lib/action_view/helpers/java_script_macros_helper.rb +5 -4
- data/lib/action_view/helpers/prototype_helper.rb +4 -3
- data/lib/action_view/helpers/text_helper.rb +22 -22
- data/test/controller/filter_params_test.rb +42 -0
- data/test/controller/send_file_test.rb +15 -1
- data/test/template/compiled_templates_test.rb +134 -0
- metadata +7 -4
- data/test/template/compiled_templates_tests.rb +0 -63
data/CHANGELOG
CHANGED
@@ -1,3 +1,38 @@
|
|
1
|
+
*1.12.4* (August 8th, 2006)
|
2
|
+
|
3
|
+
* Documentation fix: integration test scripts don't require integration_test. #4914 [Frederick Ros <sl33p3r@free.fr>]
|
4
|
+
|
5
|
+
* ActionController::Base Summary documentation rewrite. #4900 [kevin.clark@gmail.com]
|
6
|
+
|
7
|
+
* Fix text_helper.rb documentation rendering. #4725 [Frederick Ros]
|
8
|
+
|
9
|
+
* Fixes bad rendering of JavaScriptMacrosHelper rdoc. #4910 [Frederick Ros]
|
10
|
+
|
11
|
+
* Enhance documentation for setting headers in integration tests. Skip auto HTTP prepending when its already there. #4079 [Rick Olson]
|
12
|
+
|
13
|
+
* Documentation for AbstractRequest. #4895 [kevin.clark@gmail.com]
|
14
|
+
|
15
|
+
* Remove all remaining references to @params in the documentation. [Marcel Molina Jr.]
|
16
|
+
|
17
|
+
* Add documentation for redirect_to :back's RedirectBackError exception. [Marcel Molina Jr.]
|
18
|
+
|
19
|
+
* Update layout and content_for documentation to use yield rather than magic @content_for instance variables. [Marcel Molina Jr.]
|
20
|
+
|
21
|
+
* Cache CgiRequest#request_parameters so that multiple calls don't re-parse multipart data. [Rick]
|
22
|
+
|
23
|
+
* Fixed that remote_form_for can leave out the object parameter and default to the instance variable of the object_name, just like form_for [DHH]
|
24
|
+
|
25
|
+
* Added ActionController.filter_parameter_logging that makes it easy to remove passwords, credit card numbers, and other sensitive information from being logged when a request is handled. #1897 [jeremye@bsa.ca.gov]
|
26
|
+
|
27
|
+
* Fixed that real files and symlinks should be treated the same when compiling templates. #5438 [zachary@panandscan.com]
|
28
|
+
|
29
|
+
* Add :status option to send_data and send_file. Defaults to '200 OK'. #5243 [Manfred Stienstra <m.stienstra@fngtps.com>]
|
30
|
+
|
31
|
+
* Update documentation for erb trim syntax. #5651 [matt@mattmargolis.net]
|
32
|
+
|
33
|
+
* Short documentation to mention use of Mime::Type.register. #5710 [choonkeat@gmail.com]
|
34
|
+
|
35
|
+
|
1
36
|
*1.12.3* (June 28th, 2006)
|
2
37
|
|
3
38
|
* Fix broken traverse_to_controller. We now:
|
data/README
CHANGED
data/Rakefile
CHANGED
@@ -46,8 +46,12 @@ Rake::RDocTask.new { |rdoc|
|
|
46
46
|
rdoc.title = "Action Pack -- On rails from request to response"
|
47
47
|
rdoc.options << '--line-numbers' << '--inline-source'
|
48
48
|
rdoc.template = "#{ENV['template']}.rb" if ENV['template']
|
49
|
-
|
50
|
-
|
49
|
+
if ENV['DOC_FILES']
|
50
|
+
rdoc.rdoc_files.include(ENV['DOC_FILES'].split(/,\s*/))
|
51
|
+
else
|
52
|
+
rdoc.rdoc_files.include('README', 'RUNNING_UNIT_TESTS', 'CHANGELOG')
|
53
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
54
|
+
end
|
51
55
|
}
|
52
56
|
|
53
57
|
# Create compressed packages
|
@@ -73,7 +77,7 @@ spec = Gem::Specification.new do |s|
|
|
73
77
|
s.require_path = 'lib'
|
74
78
|
s.autorequire = 'action_controller'
|
75
79
|
|
76
|
-
s.files = [ "Rakefile", "install.rb", "README", "RUNNING_UNIT_TESTS", "CHANGELOG", "MIT-LICENSE", "examples/.htaccess" ]
|
80
|
+
s.files = [ "filler", "Rakefile", "install.rb", "README", "RUNNING_UNIT_TESTS", "CHANGELOG", "MIT-LICENSE", "examples/.htaccess" ]
|
77
81
|
dist_dirs.each do |dir|
|
78
82
|
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
|
79
83
|
end
|
@@ -144,4 +148,4 @@ task :release => [ :package ] do
|
|
144
148
|
puts release_command
|
145
149
|
system(release_command)
|
146
150
|
end
|
147
|
-
end
|
151
|
+
end
|
data/filler
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
this is just a filler file to try and work around the zlib error when unpacking the gem. Please ignore it, thanks.
|
2
|
+
|
3
|
+
abcDEfgHijkLMNopqrStUVWxyz
|
4
|
+
AbcdefgHIjklMnOpqrsTUvwxYZ
|
5
|
+
AbCDEfghIjKLmnoPQrstuVwxyz
|
6
|
+
abcDefGhijKlmnopQrstuvWXYz
|
7
|
+
AbCdefGhiJKlmnoPqrstuVwxYz
|
8
|
+
aBcdefGHijKlmnOpQrStUvwxYz
|
9
|
+
AbcdEfGhIJklmnOPQrSTuvwxyZ
|
10
|
+
AbcDeFGHijkLmnopqrstuVwxYZ
|
11
|
+
ABcdefgHIjkLmnOpqrStuVwxyZ
|
12
|
+
aBcdEFGhiJklmnopQrstuVwxyz
|
13
|
+
abcDefgHijKlmnoPQrSTuvwxYz
|
14
|
+
AbcdefGhiJklmnOpqrstuVwxYZ
|
15
|
+
abcdefgHIjKlMNoPqRsTuvwxYz
|
16
|
+
ABcDeFghIjklMnopQrstUVwxyZ
|
17
|
+
AbcdefGhijkLmNopQRstuVWxYZ
|
18
|
+
aBcdefGhijklMNOpqRsTUvwxyz
|
19
|
+
abcdEFGhiJKlmnOPQrStUVwxyz
|
20
|
+
abcDefghIJklmnOPqRStuVWxyz
|
21
|
+
abcdefGhIjklmnoPQrStUVwXyZ
|
22
|
+
abcDefghIjkLmnopQrstuVwxyz
|
23
|
+
AbcdefGhIjklMNOPqrstuvWXyz
|
24
|
+
AbCdEfGHijkLmnopqrstuvwxyz
|
25
|
+
abCdEFghijKlmnopqRstuvwXYz
|
26
|
+
abCdEfghIJklmnOPqrsTUvwxyz
|
27
|
+
AbcdeFghijklmnoPqrStUvWxyZ
|
28
|
+
aBcDEFghIJKlmnopqrstuvWXyz
|
29
|
+
abcdEfghiJKlmNopqrstuvwXyz
|
30
|
+
AbcdEFGHIJKlmnopqRsTuvwxYz
|
31
|
+
abcdeFgHiJklmnoPQRsTuvwXYz
|
32
|
+
abcdEfGhijkLmnOPqrstUvwXYZ
|
33
|
+
abCDeFGhijklmNopQrstUvwxYz
|
34
|
+
abCdeFGhIjklmnOpQrstUvwxyZ
|
35
|
+
aBcDEFgHijKlmNOPQrsTUvwxYz
|
36
|
+
aBcDefghijklmNoPqrstUvWXyz
|
37
|
+
AbcDefgHiJklmnOPqRStuvwxYz
|
38
|
+
aBcdefGHijklMnopqRstUvwxyz
|
39
|
+
AbCdefghijKLmnopqRstuvWXyz
|
40
|
+
aBCdefGhiJkLMnopQrsTUvwxyz
|
41
|
+
ABcdefGHijKlmnOPqrSTUvWXyz
|
42
|
+
aBCdEfGHIJklMnopqRsTUvWxyz
|
43
|
+
ABcDEFGHIJklMnopqrSTuVwxyz
|
44
|
+
abcdEfghijklMnopqrstuvwxyz
|
45
|
+
AbCDEFghIjkLmNOpQRstUVwxyZ
|
46
|
+
abCdEFghIJklMNOPqrstUvwXYZ
|
47
|
+
abCdefghijklmnoPQrstuVwxyz
|
48
|
+
AbcdEfghijkLMnopqRSTUvWxYz
|
49
|
+
ABcDEfGhIjKLmNopqrStuVwxyZ
|
50
|
+
abCdefgHijklmnOpQRStuvwxYz
|
51
|
+
abCdeFghijKLmNopQrstuvwxyZ
|
52
|
+
abcdEFGHijKlmnopqrstuvwxYZ
|
53
|
+
|
@@ -49,13 +49,15 @@ module ActionController #:nodoc:
|
|
49
49
|
end
|
50
50
|
end
|
51
51
|
|
52
|
-
# Action Controllers are made up of one or more actions that
|
53
|
-
#
|
54
|
-
# made accessible to the web-server through
|
52
|
+
# Action Controllers are the core of a web request in Rails. They are made up of one or more actions that are executed
|
53
|
+
# on request and then either render a template or redirect to another action. An action is defined as a public method
|
54
|
+
# on the controller, which will automatically be made accessible to the web-server through Rails Routes.
|
55
|
+
#
|
56
|
+
# A sample controller could look like this:
|
55
57
|
#
|
56
58
|
# class GuestBookController < ActionController::Base
|
57
59
|
# def index
|
58
|
-
# @entries = Entry.
|
60
|
+
# @entries = Entry.find(:all)
|
59
61
|
# end
|
60
62
|
#
|
61
63
|
# def sign
|
@@ -64,26 +66,17 @@ module ActionController #:nodoc:
|
|
64
66
|
# end
|
65
67
|
# end
|
66
68
|
#
|
67
|
-
#
|
68
|
-
#
|
69
|
-
#
|
70
|
-
# All actions assume that you want to render a template matching the name of the action at the end of the performance
|
71
|
-
# unless you tell it otherwise. The index action complies with this assumption, so after populating the @entries instance
|
72
|
-
# variable, the GuestBookController will render "templates/guestbook/index.rhtml".
|
69
|
+
# Actions, by default, render a template in the <tt>app/views</tt> directory corresponding to the name of the controller and action
|
70
|
+
# after executing code in the action. For example, the +index+ action of the +GuestBookController+ would render the
|
71
|
+
# template <tt>app/views/guestbook/index.rhtml</tt> by default after populating the <tt>@entries</tt> instance variable.
|
73
72
|
#
|
74
|
-
# Unlike index, the sign action
|
75
|
-
# new entry in the guest book), it
|
76
|
-
#
|
73
|
+
# Unlike index, the sign action will not render a template. After performing its main purpose (creating a
|
74
|
+
# new entry in the guest book), it initiates a redirect instead. This redirect works by returning an external
|
75
|
+
# "302 Moved" HTTP response that takes the user to the index action.
|
77
76
|
#
|
78
77
|
# The index and sign represent the two basic action archetypes used in Action Controllers. Get-and-show and do-and-redirect.
|
79
78
|
# Most actions are variations of these themes.
|
80
79
|
#
|
81
|
-
# Also note that it's the final call to <tt>process_cgi</tt> that actually initiates the action performance. It will extract
|
82
|
-
# request and response objects from the CGI
|
83
|
-
#
|
84
|
-
# When Action Pack is used inside of Rails, the template_root is automatically configured and you don't need to call process_cgi
|
85
|
-
# yourself.
|
86
|
-
#
|
87
80
|
# == Requests
|
88
81
|
#
|
89
82
|
# Requests are processed by the Action Controller framework by extracting the value of the "action" key in the request parameters.
|
@@ -94,16 +87,16 @@ module ActionController #:nodoc:
|
|
94
87
|
# The full request object is available with the request accessor and is primarily used to query for http headers. These queries
|
95
88
|
# are made by accessing the environment hash, like this:
|
96
89
|
#
|
97
|
-
# def
|
98
|
-
# location = request.env["
|
99
|
-
# render :text => "
|
90
|
+
# def server_ip
|
91
|
+
# location = request.env["SERVER_ADDR"]
|
92
|
+
# render :text => "This server hosted at #{location}"
|
100
93
|
# end
|
101
94
|
#
|
102
95
|
# == Parameters
|
103
96
|
#
|
104
|
-
# All request parameters, whether they come from a GET or POST request, or from the URL, are available through the params
|
105
|
-
#
|
106
|
-
# in params.
|
97
|
+
# All request parameters, whether they come from a GET or POST request, or from the URL, are available through the params method
|
98
|
+
# which returns a hash. For example, an action that was performed through <tt>/weblog/list?category=All&limit=5</tt> will include
|
99
|
+
# <tt>{ "category" => "All", "limit" => 5 }</tt> in params.
|
107
100
|
#
|
108
101
|
# It's also possible to construct multi-dimensional parameter hashes by specifying keys using brackets, such as:
|
109
102
|
#
|
@@ -116,12 +109,12 @@ module ActionController #:nodoc:
|
|
116
109
|
#
|
117
110
|
# == Sessions
|
118
111
|
#
|
119
|
-
# Sessions allows you to store objects in
|
112
|
+
# Sessions allows you to store objects in between requests. This is useful for objects that are not yet ready to be persisted,
|
120
113
|
# such as a Signup object constructed in a multi-paged process, or objects that don't change much and are needed all the time, such
|
121
114
|
# as a User object for a system that requires login. The session should not be used, however, as a cache for objects where it's likely
|
122
115
|
# they could be changed unknowingly. It's usually too much work to keep it all synchronized -- something databases already excel at.
|
123
116
|
#
|
124
|
-
# You can place objects in the session by using the <tt>session</tt> hash
|
117
|
+
# You can place objects in the session by using the <tt>session</tt> method, which accesses a hash:
|
125
118
|
#
|
126
119
|
# session[:person] = Person.authenticate(user_name, password)
|
127
120
|
#
|
@@ -129,17 +122,24 @@ module ActionController #:nodoc:
|
|
129
122
|
#
|
130
123
|
# Hello #{session[:person]}
|
131
124
|
#
|
132
|
-
# Any object can be placed in the session (as long as it can be Marshalled). But remember that 1000 active sessions each storing a
|
133
|
-
# 50kb object could lead to a 50MB memory overhead. In other words, think carefully about size and caching before resorting to the use
|
134
|
-
# of the session.
|
135
|
-
#
|
136
125
|
# For removing objects from the session, you can either assign a single key to nil, like <tt>session[:person] = nil</tt>, or you can
|
137
126
|
# remove the entire session with reset_session.
|
138
127
|
#
|
128
|
+
# By default, sessions are stored on the file system in <tt>RAILS_ROOT/tmp/sessions</tt>. Any object can be placed in the session
|
129
|
+
# (as long as it can be Marshalled). But remember that 1000 active sessions each storing a 50kb object could lead to a 50MB store on the filesystem.
|
130
|
+
# In other words, think carefully about size and caching before resorting to the use of the session on the filesystem.
|
131
|
+
#
|
132
|
+
# An alternative to storing sessions on disk is to use ActiveRecordStore to store sessions in your database, which can solve problems
|
133
|
+
# caused by storing sessions in the file system and may speed up your application. To use ActiveRecordStore, uncomment the line:
|
134
|
+
#
|
135
|
+
# config.action_controller.session_store = :active_record_store
|
136
|
+
#
|
137
|
+
# in your <tt>environment.rb</tt> and run <tt>rake db:sessions:create</tt>.
|
138
|
+
#
|
139
139
|
# == Responses
|
140
140
|
#
|
141
141
|
# Each action results in a response, which holds the headers and document to be sent to the user's browser. The actual response
|
142
|
-
# object is generated automatically through the use of renders and redirects
|
142
|
+
# object is generated automatically through the use of renders and redirects and requires no user intervention.
|
143
143
|
#
|
144
144
|
# == Renders
|
145
145
|
#
|
@@ -161,9 +161,9 @@ module ActionController #:nodoc:
|
|
161
161
|
# def search
|
162
162
|
# @results = Search.find(params[:query])
|
163
163
|
# case @results
|
164
|
-
# when 0 then render :action=> "no_results"
|
165
|
-
# when 1 then render :action=> "show"
|
166
|
-
# when 2..10 then render :action=> "show_many"
|
164
|
+
# when 0 then render :action => "no_results"
|
165
|
+
# when 1 then render :action => "show"
|
166
|
+
# when 2..10 then render :action => "show_many"
|
167
167
|
# end
|
168
168
|
# end
|
169
169
|
#
|
@@ -171,32 +171,21 @@ module ActionController #:nodoc:
|
|
171
171
|
#
|
172
172
|
# == Redirects
|
173
173
|
#
|
174
|
-
#
|
175
|
-
#
|
176
|
-
#
|
177
|
-
# the post again, but rather just show it one more time.
|
178
|
-
#
|
179
|
-
# This sounds fairly simple, but the redirection is complicated by the quest for a phenomenon known as "pretty urls". Instead of accepting
|
180
|
-
# the dreadful being that is "weblog_controller?action=show&post_id=5", Action Controller goes out of its way to represent the former as
|
181
|
-
# "/weblog/show/5". And this is even the simple case. As an example of a more advanced pretty url consider
|
182
|
-
# "/library/books/ISBN/0743536703/show", which can be mapped to books_controller?action=show&type=ISBN&id=0743536703.
|
183
|
-
#
|
184
|
-
# Redirects work by rewriting the URL of the current action. So if the show action was called by "/library/books/ISBN/0743536703/show",
|
185
|
-
# we can redirect to an edit action simply by doing <tt>redirect_to(:action => "edit")</tt>, which could throw the user to
|
186
|
-
# "/library/books/ISBN/0743536703/edit". Naturally, you'll need to setup the routes configuration file to point to the proper controller
|
187
|
-
# and action in the first place, but once you have, it can be rewritten with ease.
|
188
|
-
#
|
189
|
-
# Let's consider a bunch of examples on how to go from "/clients/37signals/basecamp/project/dash" to somewhere else:
|
190
|
-
#
|
191
|
-
# redirect_to(:action => "edit") =>
|
192
|
-
# /clients/37signals/basecamp/project/dash
|
193
|
-
#
|
194
|
-
# redirect_to(:client_name => "nextangle", :project_name => "rails") =>
|
195
|
-
# /clients/nextangle/rails/project/dash
|
174
|
+
# Redirects are used to move from one action to another. For example, after a <tt>create</tt> action, which stores a blog entry to a database,
|
175
|
+
# we might like to show the user the new entry. Because we're following good DRY principles (Don't Repeat Yourself), we're going to reuse (and redirect to)
|
176
|
+
# a <tt>show</tt> action that we'll assume has already been created. The code might look like this:
|
196
177
|
#
|
197
|
-
#
|
178
|
+
# def create
|
179
|
+
# @entry = Entry.new(params[:entry])
|
180
|
+
# if @entry.save
|
181
|
+
# # The entry was saved correctly, redirect to show
|
182
|
+
# redirect_to :action => 'show', :id => @entry.id
|
183
|
+
# else
|
184
|
+
# # things didn't go so well, do something else
|
185
|
+
# end
|
186
|
+
# end
|
198
187
|
#
|
199
|
-
#
|
188
|
+
# In this case, after saving our new entry to the database, the user is redirected to the <tt>show</tt> method which is then executed.
|
200
189
|
#
|
201
190
|
# == Calling multiple redirects or renders
|
202
191
|
#
|
@@ -214,15 +203,6 @@ module ActionController #:nodoc:
|
|
214
203
|
# render :action => "overthere" # won't be called unless monkeys is nil
|
215
204
|
# end
|
216
205
|
#
|
217
|
-
# == Environments
|
218
|
-
#
|
219
|
-
# Action Controller works out of the box with CGI, FastCGI, and mod_ruby. CGI and mod_ruby controllers are triggered just the same using:
|
220
|
-
#
|
221
|
-
# WeblogController.process_cgi
|
222
|
-
#
|
223
|
-
# FastCGI controllers are triggered using:
|
224
|
-
#
|
225
|
-
# FCGI.each_cgi{ |cgi| WeblogController.process_cgi(cgi) }
|
226
206
|
class Base
|
227
207
|
DEFAULT_RENDER_STATUS_CODE = "200 OK"
|
228
208
|
|
@@ -263,10 +243,10 @@ module ActionController #:nodoc:
|
|
263
243
|
|
264
244
|
# Modern REST web services often need to submit complex data to the web application.
|
265
245
|
# The param_parsers hash lets you register handlers wich will process the http body and add parameters to the
|
266
|
-
#
|
246
|
+
# <tt>params</tt> hash. These handlers are invoked for post and put requests.
|
267
247
|
#
|
268
248
|
# By default application/xml is enabled. A XmlSimple class with the same param name as the root will be instanciated
|
269
|
-
# in the
|
249
|
+
# in the <tt>params</tt>. This allows XML requests to mask themselves as regular form submissions, so you can have one
|
270
250
|
# action serve both regular forms and web service requests.
|
271
251
|
#
|
272
252
|
# Example of doing your own parser for a custom content type:
|
@@ -366,6 +346,53 @@ module ActionController #:nodoc:
|
|
366
346
|
def hide_action(*names)
|
367
347
|
write_inheritable_attribute(:hidden_actions, hidden_actions | names.collect { |n| n.to_s })
|
368
348
|
end
|
349
|
+
|
350
|
+
# Replace sensitive paramater data from the request log.
|
351
|
+
# Filters paramaters that have any of the arguments as a substring.
|
352
|
+
# Looks in all subhashes of the param hash for keys to filter.
|
353
|
+
# If a block is given, each key and value of the paramater hash and all
|
354
|
+
# subhashes is passed to it, the value or key
|
355
|
+
# can be replaced using String#replace or similar method.
|
356
|
+
#
|
357
|
+
# Examples:
|
358
|
+
# filter_parameter_logging
|
359
|
+
# => Does nothing, just slows the logging process down
|
360
|
+
#
|
361
|
+
# filter_parameter_logging :password
|
362
|
+
# => replaces the value to all keys matching /password/i with "[FILTERED]"
|
363
|
+
#
|
364
|
+
# filter_parameter_logging :foo, "bar"
|
365
|
+
# => replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
|
366
|
+
#
|
367
|
+
# filter_parameter_logging { |k,v| v.reverse! if k =~ /secret/i }
|
368
|
+
# => reverses the value to all keys matching /secret/i
|
369
|
+
#
|
370
|
+
# filter_parameter_logging(:foo, "bar") { |k,v| v.reverse! if k =~ /secret/i }
|
371
|
+
# => reverses the value to all keys matching /secret/i, and
|
372
|
+
# replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
|
373
|
+
def filter_parameter_logging(*filter_words, &block)
|
374
|
+
parameter_filter = Regexp.new(filter_words.collect{ |s| s.to_s }.join('|'), true) if filter_words.length > 0
|
375
|
+
|
376
|
+
define_method(:filter_parameters) do |unfiltered_parameters|
|
377
|
+
filtered_parameters = {}
|
378
|
+
|
379
|
+
unfiltered_parameters.each do |key, value|
|
380
|
+
if key =~ parameter_filter
|
381
|
+
filtered_parameters[key] = '[FILTERED]'
|
382
|
+
elsif value.is_a?(Hash)
|
383
|
+
filtered_parameters[key] = filter_parameters(value)
|
384
|
+
elsif block_given?
|
385
|
+
key, value = key.dup, value.dup
|
386
|
+
yield key, value
|
387
|
+
filtered_parameters[key] = value
|
388
|
+
else
|
389
|
+
filtered_parameters[key] = value
|
390
|
+
end
|
391
|
+
end
|
392
|
+
|
393
|
+
filtered_parameters
|
394
|
+
end
|
395
|
+
end
|
369
396
|
end
|
370
397
|
|
371
398
|
public
|
@@ -803,6 +830,10 @@ module ActionController #:nodoc:
|
|
803
830
|
# redirect_to :back
|
804
831
|
#
|
805
832
|
# The redirection happens as a "302 Moved" header.
|
833
|
+
#
|
834
|
+
# When using <tt>redirect_to :back</tt>, if there is no referrer,
|
835
|
+
# RedirectBackError will be raised. You may specify some fallback
|
836
|
+
# behavior for this case by rescueing RedirectBackError.
|
806
837
|
def redirect_to(options = {}, *parameters_for_method_reference) #:doc:
|
807
838
|
case options
|
808
839
|
when %r{^\w+://.*}
|
@@ -901,7 +932,7 @@ module ActionController #:nodoc:
|
|
901
932
|
if logger
|
902
933
|
logger.info "\n\nProcessing #{controller_class_name}\##{action_name} (for #{request_origin}) [#{request.method.to_s.upcase}]"
|
903
934
|
logger.info " Session ID: #{@session.session_id}" if @session and @session.respond_to?(:session_id)
|
904
|
-
logger.info " Parameters: #{@params.inspect}"
|
935
|
+
logger.info " Parameters: #{respond_to?(:filter_parameters) ? filter_parameters(@params).inspect : @params.inspect}"
|
905
936
|
end
|
906
937
|
end
|
907
938
|
|
@@ -38,9 +38,9 @@ module ActionController #:nodoc:
|
|
38
38
|
#
|
39
39
|
# class WeblogController < ActionController::Base
|
40
40
|
# def update
|
41
|
-
# List.update(
|
42
|
-
# expire_page :action => "show", :id =>
|
43
|
-
# redirect_to :action => "show", :id =>
|
41
|
+
# List.update(params[:list][:id], params[:list])
|
42
|
+
# expire_page :action => "show", :id => params[:list][:id]
|
43
|
+
# redirect_to :action => "show", :id => params[:list][:id]
|
44
44
|
# end
|
45
45
|
# end
|
46
46
|
#
|
@@ -64,11 +64,12 @@ module ActionController #:nodoc:
|
|
64
64
|
end
|
65
65
|
|
66
66
|
def request_parameters
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
67
|
+
@request_parameters ||=
|
68
|
+
if ActionController::Base.param_parsers.has_key?(content_type)
|
69
|
+
CGIMethods.parse_formatted_request_parameters(content_type, @env['RAW_POST_DATA'])
|
70
|
+
else
|
71
|
+
CGIMethods.parse_request_parameters(@cgi.params)
|
72
|
+
end
|
72
73
|
end
|
73
74
|
|
74
75
|
def cookies
|
@@ -140,14 +140,18 @@ module ActionController
|
|
140
140
|
|
141
141
|
# Performs a GET request with the given parameters. The parameters may
|
142
142
|
# be +nil+, a Hash, or a string that is appropriately encoded
|
143
|
-
# (application/x-www-form-urlencoded or multipart/form-data).
|
143
|
+
# (application/x-www-form-urlencoded or multipart/form-data). The headers
|
144
|
+
# should be a hash. The keys will automatically be upcased, with the
|
145
|
+
# prefix 'HTTP_' added if needed.
|
144
146
|
def get(path, parameters=nil, headers=nil)
|
145
147
|
process :get, path, parameters, headers
|
146
148
|
end
|
147
149
|
|
148
150
|
# Performs a POST request with the given parameters. The parameters may
|
149
151
|
# be +nil+, a Hash, or a string that is appropriately encoded
|
150
|
-
# (application/x-www-form-urlencoded or multipart/form-data).
|
152
|
+
# (application/x-www-form-urlencoded or multipart/form-data). The headers
|
153
|
+
# should be a hash. The keys will automatically be upcased, with the
|
154
|
+
# prefix 'HTTP_' added if needed.
|
151
155
|
def post(path, parameters=nil, headers=nil)
|
152
156
|
process :post, path, parameters, headers
|
153
157
|
end
|
@@ -155,7 +159,9 @@ module ActionController
|
|
155
159
|
# Performs an XMLHttpRequest request with the given parameters, mimicing
|
156
160
|
# the request environment created by the Prototype library. The parameters
|
157
161
|
# may be +nil+, a Hash, or a string that is appropriately encoded
|
158
|
-
# (application/x-www-form-urlencoded or multipart/form-data).
|
162
|
+
# (application/x-www-form-urlencoded or multipart/form-data). The headers
|
163
|
+
# should be a hash. The keys will automatically be upcased, with the
|
164
|
+
# prefix 'HTTP_' added if needed.
|
159
165
|
def xml_http_request(path, parameters=nil, headers=nil)
|
160
166
|
headers = (headers || {}).merge("X-Requested-With" => "XMLHttpRequest")
|
161
167
|
post(path, parameters, headers)
|
@@ -218,7 +224,7 @@ module ActionController
|
|
218
224
|
|
219
225
|
(headers || {}).each do |key, value|
|
220
226
|
key = key.to_s.upcase.gsub(/-/, "_")
|
221
|
-
key = "HTTP_#{key}" unless env.has_key?(key)
|
227
|
+
key = "HTTP_#{key}" unless env.has_key?(key) || env =~ /^X|HTTP/
|
222
228
|
env[key] = value
|
223
229
|
end
|
224
230
|
|
@@ -341,7 +347,6 @@ module ActionController
|
|
341
347
|
# using the get/post methods:
|
342
348
|
#
|
343
349
|
# require "#{File.dirname(__FILE__)}/test_helper"
|
344
|
-
# require "integration_test"
|
345
350
|
#
|
346
351
|
# class ExampleTest < ActionController::IntegrationTest
|
347
352
|
# fixtures :people
|
@@ -366,7 +371,6 @@ module ActionController
|
|
366
371
|
# reference any named routes you happen to have defined!
|
367
372
|
#
|
368
373
|
# require "#{File.dirname(__FILE__)}/test_helper"
|
369
|
-
# require "integration_test"
|
370
374
|
#
|
371
375
|
# class AdvancedTest < ActionController::IntegrationTest
|
372
376
|
# fixtures :people, :rooms
|