actionpack 2.1.2 → 2.2.2

data/CHANGELOG

@@ -1,26 +1,242 @@
-*2.1.2 (October 23rd, 2008)*
+*2.2.2 [2.2 Final]*
 
-* Sanitize the URLs passed to redirect_to to prevent a potential response splitting attack [koz]
+* Deprecated the :file default for ActionView#render to prepare for 2.3's new :partial default [DHH]
+
+
+*2.2.1 [RC2] (November 14th, 2008)*
+
+* Restore backwards compatible functionality for setting relative_url_root.  Include deprecation
+
+* Switched the CSRF module to use the request content type to decide if the request is forgeable.  #1145 [Jeff Cohen]
+
+* Added :only and :except to map.resources to let people cut down on the number of redundant routes in an application. Typically only useful for huge routesets.  #1215 [Tom Stuart]
+
+   map.resources :products, :only => :show do |product|
+     product.resources :images, :except => :destroy
+   end
+
+* Added render :js for people who want to render inline JavaScript replies without using RJS [DHH]
+
+* Fixed that polymorphic_url should compact given array #1317 [hiroshi]
+
+* Fixed the sanitize helper to avoid double escaping already properly escaped entities #683 [antonmos/Ryan McGeary]
+
+* Fixed that FormTagHelper generated illegal html if name contained square brackets #1238 [Vladimir Dobriakov]
+
+* Fix regression bug that made date_select and datetime_select raise a Null Pointer Exception when a nil date/datetime was passed and only month and year were displayed #1289 [Bernardo Padua/Tor Erik]
+
+* Simplified the logging format for parameters (don't include controller, action, and format as duplicates) [DHH]
+
+* Remove the logging of the Session ID when the session store is CookieStore [DHH]
+
+* Fixed regex in redirect_to to fully support URI schemes #1247 [Seth Fitzsimmons]
+
+* Fixed bug with asset timestamping when using relative_url_root #1265 [Joe Goldwasser]
+
+
+*2.2.0 [RC1] (October 24th, 2008)*
+
+* Fix incorrect closing CDATA delimiter and that HTML::Node.parse would blow up on unclosed CDATA sections [packagethief]
+
+* Added stale? and fresh_when methods to provide a layer of abstraction above request.fresh? and friends [DHH]. Example:
+
+    class ArticlesController < ApplicationController
+      def show_with_respond_to_block
+        @article = Article.find(params[:id])
+
+
+        # If the request sends headers that differs from the options provided to stale?, then
+        # the request is indeed stale and the respond_to block is triggered (and the options
+        # to the stale? call is set on the response).
+        #
+        # If the request headers match, then the request is fresh and the respond_to block is
+        # not triggered. Instead the default render will occur, which will check the last-modified
+        # and etag headers and conclude that it only needs to send a "304 Not Modified" instead
+        # of rendering the template.
+        if stale?(:last_modified => @article.published_at.utc, :etag => @article)
+          respond_to do |wants|
+            # normal response processing
+          end
+        end
+      end
+
+      def show_with_implied_render
+        @article = Article.find(params[:id])
+
+        # Sets the response headers and checks them against the request, if the request is stale
+        # (i.e. no match of either etag or last-modified), then the default render of the template happens.
+        # If the request is fresh, then the default render will return a "304 Not Modified"
+        # instead of rendering the template.
+        fresh_when(:last_modified => @article.published_at.utc, :etag => @article)
+      end
+    end
+
+
+* Added inline builder yield to atom_feed_helper tags where appropriate [Sam Ruby]. Example:
+
+    entry.summary :type => 'xhtml' do |xhtml|
+      xhtml.p pluralize(order.line_items.count, "line item")
+      xhtml.p "Shipped to #{order.address}"
+      xhtml.p "Paid by #{order.pay_type}"
+    end
+
+* Make PrototypeHelper#submit_to_remote a wrapper around PrototypeHelper#button_to_remote. [Tarmo Tänav]
+
+* Set HttpOnly for the cookie session store's cookie.  #1046 
+
+* Added FormTagHelper#image_submit_tag confirm option #784 [Alastair Brunton]
 
 * Fixed FormTagHelper#submit_tag with :disable_with option wouldn't submit the button's value when was clicked #633 [Jose Fernandez]
 
+* Stopped logging template compiles as it only clogs up the log [DHH]
 
-*2.1.1 (September 4th, 2008)*
+* Changed the X-Runtime header to report in milliseconds [DHH]
 
-* All 2xx requests are considered successful [Josh Peek]
+* Changed BenchmarkHelper#benchmark to report in milliseconds [DHH]
+
+* Changed logging format to be millisecond based and skip misleading stats [DHH]. Went from:
+
+    Completed in 0.10000 (4 reqs/sec) | Rendering: 0.04000 (40%) | DB: 0.00400 (4%) | 200 OK [http://example.com]
+
+  ...to:
+  
+    Completed in 100ms (View: 40, DB: 4) | 200 OK [http://example.com]
+
+* Add support for shallow nesting of routes. #838 [S. Brent Faulkner]
+
+  Example :
+
+  map.resources :users, :shallow => true do |user|
+    user.resources :posts
+  end
+
+  - GET /users/1/posts (maps to PostsController#index action as usual)
+    named route "user_posts" is added as usual.
+
+  - GET /posts/2 (maps to PostsController#show action as if it were not nested)
+    Additionally, named route "post" is added too.
+
+* Added button_to_remote helper.  #3641 [Donald Piret, Tarmo Tänav]
 
-* Deprecate the limited follow_redirect in functional tests.  If you wish to follow redirects, use integration tests. [Michael Koziarski]
+* Deprecate render_component. Please use render_component plugin from http://github.com/rails/render_component/tree/master [Pratik]
+
+* Routes may be restricted to lists of HTTP methods instead of a single method or :any.  #407 [Brennan Dunn, Gaius Centus Novus]
+    map.resource :posts, :collection => { :search => [:get, :post] }
+    map.session 'session', :requirements => { :method => [:get, :post, :delete] }
+
+* Deprecated implicit local assignments when rendering partials [Josh Peek]
+
+* Introduce current_cycle helper method to return the current value without bumping the cycle.  #417 [Ken Collins]
+
+* Allow polymorphic_url helper to take url options. #880 [Tarmo Tänav]
+
+* Switched integration test runner to use Rack processor instead of CGI [Josh Peek]
+
+* Made AbstractRequest.if_modified_sense return nil if the header could not be parsed [Jamis Buck]
+
+* Added back ActionController::Base.allow_concurrency flag [Josh Peek]
+
+* AbstractRequest.relative_url_root is no longer automatically configured by a HTTP header. It can now be set in your configuration environment with config.action_controller.relative_url_root [Josh Peek]
+
+* Update Prototype to 1.6.0.2 #599 [Patrick Joyce]
+
+* Conditional GET utility methods.  [Jeremy Kemper]
+    response.last_modified = @post.updated_at
+    response.etag = [:admin, @post, current_user]
+
+    if request.fresh?(response)
+      head :not_modified
+    else
+      # render ...
+    end
+
+* All 2xx requests are considered successful [Josh Peek]
 
 * Fixed that AssetTagHelper#compute_public_path shouldn't cache the asset_host along with the source or per-request proc's won't run [DHH]
 
-* Deprecate define_javascript_functions, javascript_include_tag and friends are much better [Michael Koziarski]
+* Removed config.action_view.cache_template_loading, use config.cache_classes instead [Josh Peek]
+
+* Get buffer for fragment cache from template's @output_buffer [Josh Peek]
+
+* Set config.action_view.warn_cache_misses = true to receive a warning if you perform an action that results in an expensive disk operation that could be cached [Josh Peek]
+
+* Refactor template preloading. New abstractions include Renderable mixins and a refactored Template class [Josh Peek]
+
+* Changed ActionView::TemplateHandler#render API method signature to render(template, local_assigns = {}) [Josh Peek]
+
+* Changed PrototypeHelper#submit_to_remote to PrototypeHelper#button_to_remote to stay consistent with link_to_remote (submit_to_remote still works as an alias) #8994 [clemens]
+
+* Add :recursive option to javascript_include_tag and stylesheet_link_tag to be used along with :all. #480 [Damian Janowski]
+
+* Allow users to disable the use of the Accept header [Michael Koziarski]
+
+    The accept header is poorly implemented by browsers and causes strange
+	errors when used on public sites where crawlers make requests too.  You
+	can use formatted urls (e.g. /people/1.xml) to support API clients in a
+	much simpler way.
+
+	To disable the header you need to set:
+
+	config.action_controller.use_accept_header = false
+
+* Do not stat template files in production mode before rendering. You will no longer be able to modify templates in production mode without restarting the server [Josh Peek]
+
+* Deprecated TemplateHandler line offset [Josh Peek]
+
+* Allow caches_action to accept cache store options. #416. [José Valim]. Example:
+  
+  caches_action :index, :redirected, :if => Proc.new { |c| !c.request.format.json? }, :expires_in => 1.hour
+
+* Remove define_javascript_functions, javascript_include_tag and friends are far superior. [Michael Koziarski]
+
+* Deprecate :use_full_path render option. The supplying the option no longer has an effect [Josh Peek]
+
+* Add :as option to render a collection of partials with a custom local variable name. #509 [Simon Jefford, Pratik Naik]
+
+  render :partial => 'other_people', :collection => @people, :as => :person
+  
+  This will let you access objects of @people as 'person' local variable inside 'other_people' partial template.
+
+* time_zone_select: support for regexp matching of priority zones. Resolves #195 [Ernie Miller]
+
+* Made ActionView::Base#render_file private [Josh Peek]
+
+* Refactor and simplify the implementation of assert_redirected_to.  Arguments are now normalised relative to the controller being tested,  not the root of the application.  [Michael Koziarski]
+
+  This could cause some erroneous test failures if you were redirecting between controllers
+  in different namespaces and wrote your assertions relative to the root of the application.
+
+* Remove follow_redirect from controller functional tests.
+
+	If you want to follow redirects you can use integration tests.  The functional test
+	version was only useful if you were using redirect_to :id=>...
 
 * Fix polymorphic_url with singleton resources.  #461 [Tammer Saleh]
 
-* Deprecate ActionView::Base.erb_variable. Use the concat helper method instead of appending to it directly.  [Jeremy Kemper]
+* Replaced TemplateFinder abstraction with ViewLoadPaths [Josh Peek]
+
+* Added block-call style to link_to [Sam Stephenson/DHH]. Example:
+
+    <% link_to(@profile) do %>
+      <strong><%= @profile.name %></strong> -- <span>Check it out!!</span>
+    <% end %>
+
+* Performance: integration test benchmarking and profiling.  [Jeremy Kemper]
+
+* Make caching more aware of mime types. Ensure request format is not considered while expiring cache.  [Jonathan del Strother]
+
+* Drop ActionController::Base.allow_concurrency flag [Josh Peek]
+
+* More efficient concat and capture helpers. Remove ActionView::Base.erb_variable.  [Jeremy Kemper]
+
+* Added page.reload functionality. Resolves #277. [Sean Huber]
 
 * Fixed Request#remote_ip to only raise hell if the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR doesn't match (not just if they're both present) [Mark Imbriaco, Bradford Folkens]
 
+* Allow caches_action to accept a layout option [José Valim]
+
+* Added Rack processor [Ezra Zygmuntowicz, Josh Peek]
+
 
 *2.1.0 (May 31st, 2008)*
 

data/README

@@ -31,7 +31,7 @@ http://www.rubyonrails.org.
 A short rundown of the major features:
 
 * Actions grouped in controller as methods instead of separate command objects
-  and can therefore share helper methods.
+  and can therefore share helper methods
 
     BlogController < ActionController::Base
       def show
@@ -168,7 +168,7 @@ A short rundown of the major features:
   {Learn more}[link:classes/ActionController/Base.html]
 
 
-* Javascript and Ajax integration.
+* Javascript and Ajax integration
 
     link_to_function "Greeting", "alert('Hello world!')"
     link_to_remote "Delete this post", :update => "posts", 
@@ -177,7 +177,7 @@ A short rundown of the major features:
   {Learn more}[link:classes/ActionView/Helpers/JavaScriptHelper.html]
 
 
-* Pagination for navigating lists of results.
+* Pagination for navigating lists of results
 
     # controller
     def list
@@ -192,15 +192,9 @@ A short rundown of the major features:
   {Learn more}[link:classes/ActionController/Pagination.html]
 
 
-* Easy testing of both controller and template result through TestRequest/Response
-
-    class LoginControllerTest < Test::Unit::TestCase
-      def setup
-        @controller = LoginController.new
-        @request    = ActionController::TestRequest.new
-        @response   = ActionController::TestResponse.new
-      end
+* Easy testing of both controller and rendered template through ActionController::TestCase
 
+    class LoginControllerTest < ActionController::TestCase
       def test_failing_authenticate
         process :authenticate, :user_name => "nop", :password => ""
         assert flash.has_key?(:alert)
@@ -208,7 +202,7 @@ A short rundown of the major features:
       end
     end
 
-  {Learn more}[link:classes/ActionController/TestRequest.html]
+  {Learn more}[link:classes/ActionController/TestCase.html]
 
 
 * Automated benchmarking and integrated logging

data/Rakefile

@@ -5,8 +5,6 @@ require 'rake/rdoctask'
 require 'rake/packagetask'
 require 'rake/gempackagetask'
 require 'rake/contrib/sshpublisher'
-require 'rake/contrib/rubyforgepublisher'
-
 require File.join(File.dirname(__FILE__), 'lib', 'action_pack', 'version')
 
 PKG_BUILD     = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
@@ -27,14 +25,16 @@ task :default => [ :test ]
 desc "Run all unit tests"
 task :test => [:test_action_pack, :test_active_record_integration]
 
-Rake::TestTask.new(:test_action_pack) { |t|
+Rake::TestTask.new(:test_action_pack) do |t|
   t.libs << "test"
-# make sure we include the tests in alphabetical order as on some systems
-# this will not happen automatically and the tests (as a whole) will error
-  t.test_files=Dir.glob( "test/[cft]*/**/*_test.rb" ).sort
-#  t.pattern = 'test/*/*_test.rb'
+
+  # make sure we include the tests in alphabetical order as on some systems
+  # this will not happen automatically and the tests (as a whole) will error
+  t.test_files = Dir.glob( "test/[cft]*/**/*_test.rb" ).sort
+
   t.verbose = true
-}
+  #t.warning = true
+end
 
 desc 'ActiveRecord Integration Tests'
 Rake::TestTask.new(:test_active_record_integration) do |t|
@@ -80,7 +80,7 @@ spec = Gem::Specification.new do |s|
   s.has_rdoc = true
   s.requirements << 'none'
 
-  s.add_dependency('activesupport', '= 2.1.2' + PKG_BUILD)
+  s.add_dependency('activesupport', '= 2.2.2' + PKG_BUILD)
 
   s.require_path = 'lib'
   s.autorequire = 'action_controller'
@@ -136,8 +136,8 @@ task :update_js => [ :update_scriptaculous ]
 
 desc "Publish the API documentation"
 task :pgem => [:package] do 
-  Rake::SshFilePublisher.new("david@greed.loudthinking.com", "/u/sites/gems/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
-  `ssh david@greed.loudthinking.com '/u/sites/gems/gemupdate.sh'`
+  Rake::SshFilePublisher.new("gems.rubyonrails.org", "/u/sites/gems/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
+  `ssh gems.rubyonrails.org '/u/sites/gems/gemupdate.sh'`
 end
 
 desc "Publish the API documentation"

data/lib/action_controller.rb

@@ -21,16 +21,13 @@
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #++
 
-$:.unshift(File.dirname(__FILE__)) unless
-  $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
-
-unless defined?(ActiveSupport)
-  begin
-    $:.unshift "#{File.dirname(__FILE__)}/../../activesupport/lib"
+begin
+  require 'active_support'
+rescue LoadError
+  activesupport_path = "#{File.dirname(__FILE__)}/../../activesupport/lib"
+  if File.directory?(activesupport_path)
+    $:.unshift activesupport_path
     require 'active_support'
-  rescue LoadError
-    require 'rubygems'
-    gem 'activesupport'
   end
 end
 
@@ -53,9 +50,11 @@ require 'action_controller/streaming'
 require 'action_controller/session_management'
 require 'action_controller/http_authentication'
 require 'action_controller/components'
+require 'action_controller/rack_process'
 require 'action_controller/record_identifier'
 require 'action_controller/request_forgery_protection'
 require 'action_controller/headers'
+require 'action_controller/translation'
 
 require 'action_view'
 
@@ -76,4 +75,5 @@ ActionController::Base.class_eval do
   include ActionController::Components
   include ActionController::RecordIdentifier
   include ActionController::RequestForgeryProtection
+  include ActionController::Translation
 end

data/lib/action_controller/assertions/response_assertions.rb

@@ -56,74 +56,24 @@ module ActionController
       #   # assert that the redirection was to the named route login_url
       #   assert_redirected_to login_url
       #
+      #   # assert that the redirection was to the url for @customer
+      #   assert_redirected_to @customer
+      #
       def assert_redirected_to(options = {}, message=nil)
         clean_backtrace do
           assert_response(:redirect, message)
           return true if options == @response.redirected_to
-          ActionController::Routing::Routes.reload if ActionController::Routing::Routes.empty?
-
-          begin
-            url  = {}
-            original = { :expected => options, :actual => @response.redirected_to.is_a?(Symbol) ? @response.redirected_to : @response.redirected_to.dup }
-            original.each do |key, value|
-              if value.is_a?(Symbol)
-                value = @controller.respond_to?(value, true) ? @controller.send(value) : @controller.send("hash_for_#{value}_url")
-              end
-
-              unless value.is_a?(Hash)
-                request = case value
-                  when NilClass    then nil
-                  when /^\w+:\/\// then recognized_request_for(%r{^(\w+://.*?(/|$|\?))(.*)$} =~ value ? $3 : nil)
-                  else                  recognized_request_for(value)
-                end
-                value = request.path_parameters if request
-              end
-
-              if value.is_a?(Hash) # stringify 2 levels of hash keys
-                if name = value.delete(:use_route)
-                  route = ActionController::Routing::Routes.named_routes[name]
-                  value.update(route.parameter_shell)
-                end
-
-                value.stringify_keys!
-                value.values.select { |v| v.is_a?(Hash) }.collect { |v| v.stringify_keys! }
-                if key == :expected && value['controller'] == @controller.controller_name && original[:actual].is_a?(Hash)
-                  original[:actual].stringify_keys!
-                  value.delete('controller') if original[:actual]['controller'].nil? || original[:actual]['controller'] == value['controller']
-                end
-              end
-
-              if value.respond_to?(:[]) && value['controller']
-                value['controller'] = value['controller'].to_s
-                if key == :actual && value['controller'].first != '/' && !value['controller'].include?('/')
-                  new_controller_path = ActionController::Routing.controller_relative_to(value['controller'], @controller.class.controller_path)
-                  value['controller'] = new_controller_path if value['controller'] != new_controller_path && ActionController::Routing.possible_controllers.include?(new_controller_path) && @response.redirected_to.is_a?(Hash)
-                end
-                value['controller'] = value['controller'][1..-1] if value['controller'].first == '/' # strip leading hash
-              end
-              url[key] = value
-            end
-
-            @response_diff = url[:actual].diff(url[:expected]) if url[:actual]
-            msg = build_message(message, "expected a redirect to <?>, found one to <?>, a difference of <?> ", url[:expected], url[:actual], @response_diff)
-
-            assert_block(msg) do
-              url[:expected].keys.all? do |k|
-                if k == :controller then url[:expected][k] == ActionController::Routing.controller_relative_to(url[:actual][k], @controller.class.controller_path)
-                else parameterize(url[:expected][k]) == parameterize(url[:actual][k])
-                end
-              end
-            end
-          rescue ActionController::RoutingError # routing failed us, so match the strings only.
-            msg = build_message(message, "expected a redirect to <?>, found one to <?>", options, @response.redirect_url)
-            url_regexp = %r{^(\w+://.*?(/|$|\?))(.*)$}
-            eurl, epath, url, path = [options, @response.redirect_url].collect do |url|
-              u, p = (url_regexp =~ url) ? [$1, $3] : [nil, url]
-              [u, (p.first == '/') ? p : '/' + p]
-            end.flatten
+          
+          # Support partial arguments for hash redirections
+          if options.is_a?(Hash) && @response.redirected_to.is_a?(Hash)
+            return true if options.all? {|(key, value)| @response.redirected_to[key] == value}
+          end
+          
+          redirected_to_after_normalisation = normalize_argument_to_redirection(@response.redirected_to)
+          options_after_normalisation       = normalize_argument_to_redirection(options)
 
-            assert_equal(eurl, url, msg) if eurl && url
-            assert_equal(epath, path, msg) if epath && path
+          if redirected_to_after_normalisation != options_after_normalisation
+            flunk "Expected response to be a redirect to <#{options_after_normalisation}> but was a redirect to <#{redirected_to_after_normalisation}>"
           end
         end
       end
@@ -137,36 +87,37 @@ module ActionController
       #
       def assert_template(expected = nil, message=nil)
         clean_backtrace do
-          rendered = expected ? @response.rendered_file(!expected.include?('/')) : @response.rendered_file
+          rendered = @response.rendered_template.to_s
           msg = build_message(message, "expecting <?> but rendering with <?>", expected, rendered)
           assert_block(msg) do
             if expected.nil?
-              !@response.rendered_with_file?
+              @response.rendered_template.blank?
             else
-              expected == rendered
+              rendered.to_s.match(expected)
             end
           end
         end
       end
 
       private
-        # Recognizes the route for a given path.
-        def recognized_request_for(path, request_method = nil)
-          path = "/#{path}" unless path.first == '/'
-
-          # Assume given controller
-          request = ActionController::TestRequest.new({}, {}, nil)
-          request.env["REQUEST_METHOD"] = request_method.to_s.upcase if request_method
-          request.path   = path
-
-          ActionController::Routing::Routes.recognize(request)
-          request
-        end
 
         # Proxy to to_param if the object will respond to it.
         def parameterize(value)
           value.respond_to?(:to_param) ? value.to_param : value
         end
+
+        def normalize_argument_to_redirection(fragment)
+          after_routing = @controller.url_for(fragment)
+          if after_routing =~ %r{^\w+://.*}
+            after_routing
+          else
+            # FIXME - this should probably get removed.
+            if after_routing.first != '/'
+              after_routing = '/' + after_routing
+            end
+            @request.protocol + @request.host_with_port + after_routing
+          end
+        end
     end
   end
 end