actionpack 2.0.2 → 2.0.4

data/CHANGELOG

@@ -1,3 +1,48 @@
+*2.0.4* (2nd September 2008)
+
+* Avoid remote_ip spoofing.  [Brian Candler]
+
+* Correct inconsistencies in RequestForgeryProtection docs.  #11032 [mislav]
+
+* Make assert_routing aware of the HTTP method used.  #8039 [mpalmer]
+   e.g. assert_routing({ :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" })
+
+* Remove ERB trim variables from trace template in case ActionView::Base.erb_trim_mode is changed in the application.  #10098 [tpope, kampers]
+
+* Fix typo in form_helper documentation.  #10650 [xaviershay, kampers]
+
+* Fix bug with setting Request#format= after the getter has cached the value.  #10889 [cch1]
+
+* Add label_tag helper for generating elements. #10802 [DefV]
+
+* TestSession supports indifferent access.  #7372 [tamc, Arsen7, mhackett, julik, jean.helou]
+
+* UrlWriter respects relative_url_root.  #10748 [Cheah Chu Yeow]
+
+* Support render :text => nil.  #6684 [tjennings, PotatoSalad, Cheah Chu Yeow]
+
+* assert_response failures include the exception message.  #10688 [Seth Rasmussen]
+
+* Fixed rendering of partials with layout when done from site layout #9209 [antramm]
+
+* Fix atom_feed_helper to comply with the atom spec.  Closes #10672 [xaviershay]
+
+  * The tags created do not contain a date (http://feedvalidator.org/docs/error/InvalidTAG.html)
+  * IDs are not guaranteed unique
+  * A default self link was not provided, contrary to the documentation
+  * NOTE:  This changes tags for existing atom entries, but at least they validate now.
+
+* Correct indentation in tests.  Closes #10671 [l.guidi]
+
+* Fix that auto_link looks for ='s in url paths (Amazon urls have them).  Closes #10640 [bgreenlee]
+
+* Ensure that test case setup is run even if overridden.  #10382 [Josh Peek]
+
+* Fix HTML Sanitizer to allow trailing spaces in CSS style attributes.  Closes #10566 [wesley.moxam]
+
+* Add :default option to time_zone_select.  #10590 [Matt Aimonetti]
+
+
 *2.0.2* (December 16th, 2007)
 
 * Added delete_via_redirect and put_via_redirect to integration testing #10497 [philodespotos]

data/Rakefile

@@ -4,6 +4,7 @@ require 'rake/testtask'
 require 'rake/rdoctask'
 require 'rake/packagetask'
 require 'rake/gempackagetask'
+require 'rake/contrib/sshpublisher'
 require 'rake/contrib/rubyforgepublisher'
 require File.join(File.dirname(__FILE__), 'lib', 'action_pack', 'version')
 
@@ -76,7 +77,7 @@ spec = Gem::Specification.new do |s|
   s.has_rdoc = true
   s.requirements << 'none'
 
-  s.add_dependency('activesupport', '= 2.0.2' + PKG_BUILD)
+  s.add_dependency('activesupport', '= 2.0.4' + PKG_BUILD)
 
   s.require_path = 'lib'
   s.autorequire = 'action_controller'
@@ -132,8 +133,8 @@ task :update_js => [ :update_scriptaculous ]
 
 desc "Publish the API documentation"
 task :pgem => [:package] do 
-  Rake::SshFilePublisher.new("davidhh@wrath.rubyonrails.org", "public_html/gems/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
-  `ssh davidhh@wrath.rubyonrails.org './gemupdate.sh'`
+  Rake::SshFilePublisher.new("david@greed.loudthinking.com", "/u/sites/gems/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
+  `ssh david@greed.loudthinking.com '/u/sites/gems/gemupdate.sh'`
 end
 
 desc "Publish the API documentation"
@@ -144,6 +145,7 @@ end
 desc "Publish the release files to RubyForge."
 task :release => [ :package ] do
   require 'rubyforge'
+  require 'rake/contrib/rubyforgepublisher'
 
   packages = %w( gem tgz zip ).collect{ |ext| "pkg/#{PKG_NAME}-#{PKG_VERSION}.#{ext}" }
 

data/lib/action_controller/assertions/response_assertions.rb

@@ -33,7 +33,11 @@ module ActionController
           elsif type.is_a?(Symbol) && @response.response_code == ActionController::StatusCodes::SYMBOL_TO_STATUS_CODE[type]
             assert_block("") { true } # to count the assertion
           else
-            assert_block(build_message(message, "Expected response to be a <?>, but was <?>", type, @response.response_code)) { false }
+            if @response.error?
+              assert_block(build_message(message, "Expected response to be a <?>, but was <?>\n<?>", type, @response.response_code, @response.template.instance_variable_get(:@exception).message)) { false }
+            else
+              assert_block(build_message(message, "Expected response to be a <?>, but was <?>", type, @response.response_code)) { false }
+            end
           end
         end
       end
@@ -91,7 +95,7 @@ module ActionController
                 value['controller'] = value['controller'].to_s
                 if key == :actual && value['controller'].first != '/' && !value['controller'].include?('/')
                   new_controller_path = ActionController::Routing.controller_relative_to(value['controller'], @controller.class.controller_path)
-                  value['controller'] = new_controller_path if value['controller'] != new_controller_path && ActionController::Routing.possible_controllers.include?(new_controller_path)
+                  value['controller'] = new_controller_path if value['controller'] != new_controller_path && ActionController::Routing.possible_controllers.include?(new_controller_path) && @response.redirected_to.is_a?(Hash)
                 end
                 value['controller'] = value['controller'][1..-1] if value['controller'].first == '/' # strip leading hash
               end

data/lib/action_controller/assertions/routing_assertions.rb

@@ -114,6 +114,9 @@ module ActionController
       #
       #  # Tests a route, providing a defaults hash
       #  assert_routing 'controller/action/9', {:id => "9", :item => "square"}, {:controller => "controller", :action => "action"}, {}, {:item => "square"}
+      #
+      #  # Tests a route with a HTTP method
+      #  assert_routing({ :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" })
       def assert_routing(path, options, defaults={}, extras={}, message=nil)
         assert_recognizes(options, path, extras, message)
         
@@ -122,7 +125,7 @@ module ActionController
           options[:controller] = "/#{controller}"
         end
          
-        assert_generates(path, options, defaults, extras, message)
+        assert_generates(path.is_a?(Hash) ? path[:path] : path, options, defaults, extras, message)
       end
 
       private
@@ -140,4 +143,4 @@ module ActionController
         end
     end
   end
-end
+end

data/lib/action_controller/base.rb

@@ -850,8 +850,8 @@ module ActionController #:nodoc:
           response.headers["Location"] = url_for(location)
         end
 
-        if text = options[:text]
-          render_for_text(text, options[:status])
+        if options.has_key?(:text)
+          render_for_text(options[:text], options[:status])
 
         else
           if file = options[:file]
@@ -1029,7 +1029,8 @@ module ActionController #:nodoc:
       # RedirectBackError will be raised. You may specify some fallback
       # behavior for this case by rescuing RedirectBackError.
       def redirect_to(options = {}, response_status = {}) #:doc: 
-        
+        raise ActionControllerError.new("Cannot redirect to nil!") if options.nil?
+
         if options.is_a?(Hash) && options[:status] 
           status = options.delete(:status) 
         elsif response_status[:status] 

data/lib/action_controller/cgi_ext/cookie.rb

@@ -89,7 +89,7 @@ class CGI #:nodoc:
       cookies = Hash.new([])
 
       if raw_cookie
-        raw_cookie.split(/[;,]\s?/).each do |pairs|
+        raw_cookie.split(/;\s?/).each do |pairs|
           name, values = pairs.split('=',2)
           next unless name and values
           name = CGI::unescape(name)

data/lib/action_controller/filters.rb

@@ -583,10 +583,12 @@ module ActionController #:nodoc:
           when filter.respond_to?(:call)
             if filter.is_a?(Method)
               MethodFilter
-            elsif filter.arity == 1
-              ProcFilter
             else
-              ProcWithCallFilter
+              case filter.arity
+              when 1; ProcFilter
+              when 2; ProcWithCallFilter
+              else raise ArgumentError, 'Filter blocks must take one or two arguments.'
+              end
             end
           when filter.respond_to?(:filter)
             ClassFilter

data/lib/action_controller/http_authentication.rb

@@ -1,5 +1,3 @@
-require 'base64'
-
 module ActionController
   module HttpAuthentication
     # Makes it dead easy to do HTTP Basic authentication.
@@ -110,11 +108,11 @@ module ActionController
       end
     
       def decode_credentials(request)
-        Base64.decode64(authorization(request).split.last || '')
+        ActiveSupport::Base64.decode64(authorization(request).split.last || '')
       end
 
       def encode_credentials(user_name, password)
-        "Basic #{Base64.encode64("#{user_name}:#{password}")}"
+        "Basic #{ActiveSupport::Base64.encode64("#{user_name}:#{password}")}"
       end
 
       def authentication_request(controller, realm)

data/lib/action_controller/integration.rb

@@ -1,6 +1,7 @@
-require 'dispatcher'
 require 'stringio'
 require 'uri'
+
+require 'action_controller/dispatcher'
 require 'action_controller/test_process'
 
 module ActionController
@@ -276,7 +277,7 @@ module ActionController
           ActionController::Base.clear_last_instantiation!
 
           cgi = StubCGI.new(env, data)
-          Dispatcher.dispatch(cgi, ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS, cgi.stdoutput)
+          ActionController::Dispatcher.dispatch(cgi, ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS, cgi.stdoutput)
           @result = cgi.stdoutput.string
           @request_count += 1
 

data/lib/action_controller/layout.rb

@@ -29,18 +29,20 @@ module ActionController #:nodoc:
     #
     #   // The header part of this layout
     #   <%= yield %>
-    #   // The footer part of this layout -->
+    #   // The footer part of this layout
     #
     # And then you have content pages that look like this:
     #
     #    hello world
     #
-    # Not a word about common structures. At rendering time, the content page is computed and then inserted in the layout, 
-    # like this:
+    # At rendering time, the content page is computed and then inserted in the layout, like this:
     #
     #   // The header part of this layout
     #   hello world
-    #   // The footer part of this layout -->
+    #   // The footer part of this layout
+    #
+    # NOTE: The old notation for rendering the view from a layout was to expose the magic <tt>@content_for_layout</tt> instance
+    # variable. The preferred notation now is to use <tt>yield</tt>, as documented above.
     #
     # == Accessing shared variables
     #
@@ -124,7 +126,7 @@ module ActionController #:nodoc:
     #   class WeblogController < ActionController::Base
     #     layout "weblog_standard"
     #
-    # If no directory is specified for the template name, the template will by default be looked for in +app/views/layouts/+. 
+    # If no directory is specified for the template name, the template will by default be looked for in <tt>app/views/layouts/</tt>.
     # Otherwise, it will be looked up relative to the template root.
     #
     # == Conditional layouts
@@ -149,23 +151,20 @@ module ActionController #:nodoc:
     # == Using a different layout in the action render call
     # 
     # If most of your actions use the same layout, it makes perfect sense to define a controller-wide layout as described above.
-    # Some times you'll have exceptions, though, where one action wants to use a different layout than the rest of the controller.
-    # This is possible using the <tt>render</tt> method. It's just a bit more manual work as you'll have to supply fully
-    # qualified template and layout names as this example shows:
+    # Sometimes you'll have exceptions where one action wants to use a different layout than the rest of the controller.
+    # You can do this by passing a <tt>:layout</tt> option to the <tt>render</tt> call. For example:
     #
     #   class WeblogController < ActionController::Base
+    #     layout "weblog_standard"
+    #
     #     def help
-    #       render :action => "help/index", :layout => "help"
+    #       render :action => "help", :layout => "help"
     #     end
     #   end
     #
-    # As you can see, you pass the template as the first parameter, the status code as the second ("200" is OK), and the layout
-    # as the third.
-    #
-    # NOTE: The old notation for rendering the view from a layout was to expose the magic <tt>@content_for_layout</tt> instance 
-    # variable. The preferred notation now is to use <tt>yield</tt>, as documented above.
+    # This will render the help action with the "help" layout instead of the controller-wide "weblog_standard" layout.
     module ClassMethods
-      # If a layout is specified, all rendered actions will have their result rendered  
+      # If a layout is specified, all rendered actions will have their result rendered
       # when the layout <tt>yield</tt>s. This layout can itself depend on instance variables assigned during action
       # performance and have access to them as any normal template would.
       def layout(template_name, conditions = {}, auto = false)

data/lib/action_controller/mime_type.rb

@@ -145,7 +145,10 @@ module Mime
     end
     
     def ==(mime_type)
-      (@synonyms + [ self ]).any? { |synonym| synonym.to_s == mime_type.to_s } if mime_type
+      return false unless mime_type
+      (@synonyms + [ self ]).any? do |synonym|
+        synonym.to_s == mime_type.to_s || synonym.to_sym == mime_type.to_sym
+      end
     end
     
     private

data/lib/action_controller/polymorphic_routes.rb

@@ -1,8 +1,75 @@
 module ActionController
+  # Polymorphic URL helpers are methods for smart resolution to a named route call when
+  # given an ActiveRecord model instance. They are to be used in combination with
+  # ActionController::Resources.
+  #
+  # These methods are useful when you want to generate correct URL or path to a RESTful
+  # resource without having to know the exact type of the record in question.
+  #
+  # Nested resources and/or namespaces are also supported, as illustrated in the example:
+  #
+  #   polymorphic_url([:admin, @article, @comment])
+  #   #-> results in:
+  #   admin_article_comment_url(@article, @comment)
+  #
+  # == Usage within the framework
+  #
+  # Polymorphic URL helpers are used in a number of places throughout the Rails framework:
+  #
+  # * <tt>url_for</tt>, so you can use it with a record as the argument, e.g.
+  #   <tt>url_for(@article)</tt>;
+  # * ActionView::Helpers::FormHelper uses <tt>polymorphic_path</tt>, so you can write
+  #   <tt>form_for(@article)</tt> without having to specify :url parameter for the form
+  #   action;
+  # * <tt>redirect_to</tt> (which, in fact, uses <tt>url_for</tt>) so you can write
+  #   <tt>redirect_to(post)</tt> in your controllers;
+  # * ActionView::Helpers::AtomFeedHelper, so you don't have to explicitly specify URLs
+  #   for feed entries.
+  #
+  # == Prefixed polymorphic helpers
+  #
+  # In addition to <tt>polymorphic_url</tt> and <tt>polymorphic_path</tt> methods, a
+  # number of prefixed helpers are available as a shorthand to <tt>:action => "..."</tt>
+  # in options. Those are:
+  #
+  # * <tt>edit_polymorphic_url</tt>, <tt>edit_polymorphic_path</tt>
+  # * <tt>new_polymorphic_url</tt>, <tt>new_polymorphic_path</tt>
+  # * <tt>formatted_polymorphic_url</tt>, <tt>formatted_polymorphic_path</tt>
+  #
+  # Example usage:
+  #
+  #   edit_polymorphic_path(@post)
+  #   #=> /posts/1/edit
+  #
+  #   formatted_polymorphic_path([@post, :pdf])
+  #   #=> /posts/1.pdf
   module PolymorphicRoutes
+    # Constructs a call to a named RESTful route for the given record and returns the
+    # resulting URL string. For example:
+    #
+    #   polymorphic_url(post)
+    #   # calls post_url(post) #=> "http://example.com/posts/1"
+    #
+    # ==== Options
+    # * <tt>:action</tt> -- specifies the action prefix for the named route:
+    #   <tt>:new</tt>, <tt>:edit</tt> or <tt>:formatted</tt>. Default is no prefix.
+    # * <tt>:routing_type</tt> -- <tt>:path</tt> or <tt>:url</tt> (default <tt>:url</tt>).
+    #
+    # ==== Examples
+    #
+    #   # an Article record
+    #   polymorphic_url(record)  #->  article_url(record)
+    #
+    #   # a Comment record
+    #   polymorphic_url(record)  #->  comment_url(record)
+    #
+    #   # it recognizes new records and maps to the collection
+    #   record = Comment.new
+    #   polymorphic_url(record)  #->  comments_url()
+    #
     def polymorphic_url(record_or_hash_or_array, options = {})
-      record = extract_record(record_or_hash_or_array)
-
+      record    = extract_record(record_or_hash_or_array)
+      format    = (options[:action].to_s == "formatted" and record_or_hash_or_array.pop)
       namespace = extract_namespace(record_or_hash_or_array)
       
       args = case record_or_hash_or_array
@@ -11,9 +78,11 @@ module ActionController
         else        [ record_or_hash_or_array ]
       end
 
+      args << format if format
+
       inflection =
         case
-        when options[:action] == "new"
+        when options[:action].to_s == "new"
           args.pop
           :singular
         when record.respond_to?(:new_record?) && record.new_record?
@@ -27,8 +96,11 @@ module ActionController
       send!(named_route, *args)
     end
 
-    def polymorphic_path(record_or_hash_or_array)
-      polymorphic_url(record_or_hash_or_array, :routing_type => :path)
+    # Returns the path component of a URL for the given record. It uses
+    # <tt>polymorphic_url</tt> with <tt>:routing_type => :path</tt>.
+    def polymorphic_path(record_or_hash_or_array, options = {})
+      options[:routing_type] = :path
+      polymorphic_url(record_or_hash_or_array, options)
     end
 
     %w(edit new formatted).each do |action|
@@ -43,26 +115,29 @@ module ActionController
       EOT
     end
 
-
     private
       def action_prefix(options)
         options[:action] ? "#{options[:action]}_" : ""
       end
 
       def routing_type(options)
-        "#{options[:routing_type] || "url"}"
+        options[:routing_type] || :url
       end
 
       def build_named_route_call(records, namespace, inflection, options = {})
-        records = Array.new([extract_record(records)]) unless records.is_a?(Array)        
-        base_segment = "#{RecordIdentifier.send!("#{inflection}_class_name", records.pop)}_"
-
-        method_root = records.reverse.inject(base_segment) do |string, name|
-          segment = "#{RecordIdentifier.send!("singular_class_name", name)}_"
-          segment << string
+        unless records.is_a?(Array)
+          record = extract_record(records)
+          route  = ''
+        else
+          record = records.pop
+          route = records.inject("") do |string, parent|
+            string << "#{RecordIdentifier.send!("singular_class_name", parent)}_"
+          end
         end
 
-        action_prefix(options) + namespace + method_root + routing_type(options)
+        route << "#{RecordIdentifier.send!("#{inflection}_class_name", record)}_"
+
+        action_prefix(options) + namespace + route + routing_type(options).to_s
       end
 
       def extract_record(record_or_hash_or_array)
@@ -78,7 +153,7 @@ module ActionController
           if record_or_hash_or_array.is_a?(Array)
             record_or_hash_or_array.delete_if do |record_or_namespace|
               if record_or_namespace.is_a?(String) || record_or_namespace.is_a?(Symbol)
-                namespace << "#{record_or_namespace.to_s}_"
+                namespace << "#{record_or_namespace}_"
               end
             end
           end  

data/lib/action_controller/record_identifier.rb

@@ -53,15 +53,15 @@ module ActionController
       [ prefix, singular_class_name(record_or_class) ].compact * '_'
     end
 
-    # The DOM class convention is to use the singular form of an object or class with the id following an underscore. 
+    # The DOM id convention is to use the singular form of an object or class with the id following an underscore.
     # If no id is found, prefix with "new_" instead. Examples:
     #
-    #   dom_class(Post.new(:id => 45)) # => "post_45"
-    #   dom_class(Post.new)            # => "new_post"
+    #   dom_id(Post.new(:id => 45)) # => "post_45"
+    #   dom_id(Post.new)            # => "new_post"
     #
     # If you need to address multiple instances of the same class in the same view, you can prefix the dom_id:
     #
-    #   dom_class(Post.new(:id => 45), :edit) # => "edit_post_45"
+    #   dom_id(Post.new(:id => 45), :edit) # => "edit_post_45"
     def dom_id(record, prefix = nil) 
       prefix ||= 'new' unless record.id
       [ prefix, singular_class_name(record), record.id ].compact * '_'