actionpack 3.0.1 → 3.0.2

data/CHANGELOG

@@ -1,6 +1,12 @@
+*Rails 3.0.2 (November 15, 2010)*
+
+* The helper number_to_currency accepts a new :negative_format option to be able to configure how to render negative amounts. [Don Wilson]
+
+
 *Rails 3.0.1 (October 15, 2010)*
 
-* No Changes, just a version bump.
+* No changes.
+
 
 *Rails 3.0.0 (August 29, 2010)*
 

data/lib/abstract_controller/base.rb

@@ -13,6 +13,7 @@ module AbstractController
   class Base
     attr_internal :response_body
     attr_internal :action_name
+    attr_internal :formats
 
     include ActiveSupport::Configurable
     extend ActiveSupport::DescendantsTracker

data/lib/abstract_controller/callbacks.rb

@@ -83,6 +83,7 @@ module AbstractController
           # for details on the allowed parameters.
           def #{filter}_filter(*names, &blk)                                                    # def before_filter(*names, &blk)
             _insert_callbacks(names, blk) do |name, options|                                    #   _insert_callbacks(names, blk) do |name, options}
+              options[:if]=(Array.wrap(options[:if]) << "!halted") if #{filter == :after}
               set_callback(:process_action, :#{filter}, name, options)                          #     set_callback(:process_action, :before_filter, name, options)
             end                                                                                 #   end
           end                                                                                   # end
@@ -91,6 +92,7 @@ module AbstractController
           # for details on the allowed parameters.
           def prepend_#{filter}_filter(*names, &blk)                                            # def prepend_before_filter(*names, &blk)
             _insert_callbacks(names, blk) do |name, options|                                    #   _insert_callbacks(names, blk) do |name, options|
+              options[:if]=(Array.wrap(options[:if]) << "!halted") if #{filter == :after}
               set_callback(:process_action, :#{filter}, name, options.merge(:prepend => true))  #     set_callback(:process_action, :before, name, options.merge(:prepend => true))
             end                                                                                 #   end
           end                                                                                   # end

data/lib/abstract_controller/rendering.rb

@@ -47,13 +47,13 @@ module AbstractController
         @view_context_class ||= begin
           controller = self
           Class.new(ActionView::Base) do
+            if controller.respond_to?(:_routes)
+              include controller._routes.url_helpers
+            end
+
             if controller.respond_to?(:_helpers)
               include controller._helpers
 
-              if controller.respond_to?(:_routes)
-                include controller._routes.url_helpers
-              end
-
               # TODO: Fix RJS to not require this
               self.helpers = controller._helpers
             end

data/lib/action_controller/base.rb

@@ -148,6 +148,8 @@ module ActionController
   #
   # In this case, after saving our new entry to the database, the user is redirected to the <tt>show</tt> method which is then executed.
   #
+  # Learn more about <tt>redirect_to</tt> and what options you have in ActionController::Redirecting.
+  #
   # == Calling multiple redirects or renders
   #
   # An action may contain only a single render or a single redirect. Attempting to try to do either again will result in a DoubleRenderError:

data/lib/action_controller/metal.rb

@@ -12,7 +12,7 @@ module ActionController
   #
   class MiddlewareStack < ActionDispatch::MiddlewareStack #:nodoc:
     class Middleware < ActionDispatch::MiddlewareStack::Middleware #:nodoc:
-      def initialize(klass, *args)
+      def initialize(klass, *args, &block)
         options = args.extract_options!
         @only   = Array(options.delete(:only)).map(&:to_s)
         @except = Array(options.delete(:except)).map(&:to_s)
@@ -112,6 +112,11 @@ module ActionController
       headers["Location"] = url
     end
 
+    # basic url_for that can be overridden for more robust functionality
+    def url_for(string)
+      string
+    end
+
     def status
       @_status
     end
@@ -147,8 +152,8 @@ module ActionController
       super
     end
 
-    def self.use(*args)
-      middleware_stack.use(*args)
+    def self.use(*args, &block)
+      middleware_stack.use(*args, &block)
     end
 
     def self.middleware

data/lib/action_controller/metal/head.rb

@@ -2,8 +2,6 @@ module ActionController
   module Head
     extend ActiveSupport::Concern
 
-    include ActionController::UrlFor
-
     # Return a response that has no content (merely headers). The options
     # argument is interpreted to be a hash of header names and values.
     # This allows you to easily return a response that consists only of
@@ -27,8 +25,8 @@ module ActionController
 
       self.status = status
       self.location = url_for(location) if location
-      self.content_type = Mime[formats.first]
+      self.content_type = Mime[formats.first] if formats
       self.response_body = " "
     end
   end
-end
+end

data/lib/action_controller/metal/http_authentication.rb

@@ -95,12 +95,11 @@ module ActionController
     #       end
     #   end
     #
-    # NOTE: The +authenticate_or_request_with_http_digest+ block must return the user's password or the ha1 digest hash so the framework can appropriately
-    #       hash to check the user's credentials. Returning +nil+ will cause authentication to fail.
-    #       Storing the ha1 hash: MD5(username:realm:password), is better than storing a plain password. If
-    #       the password file or database is compromised, the attacker would be able to use the ha1 hash to
-    #       authenticate as the user at this +realm+, but would not have the user's password to try using at
-    #       other sites.
+    # === Notes
+    #
+    # The +authenticate_or_request_with_http_digest+ block must return the user's password
+    # or the ha1 digest hash so the framework can appropriately hash to check the user's
+    # credentials. Returning +nil+ will cause authentication to fail.
     #
     # On shared hosts, Apache sometimes doesn't pass authentication headers to
     # FCGI instances. If your environment matches this description and you cannot
@@ -218,11 +217,10 @@ module ActionController
       end
 
       def decode_credentials(header)
-        header.to_s.gsub(/^Digest\s+/,'').split(',').inject({}) do |hash, pair|
+        Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
           key, value = pair.split('=', 2)
-          hash[key.strip.to_sym] = value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')
-          hash
-        end
+          [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
+        end]
       end
 
       def authentication_header(controller, realm)

data/lib/action_controller/metal/mime_responds.rb

@@ -227,7 +227,7 @@ module ActionController #:nodoc:
             "controller responds to in the class level" if self.class.mimes_for_respond_to.empty?
 
       if response = retrieve_response_from_mimes(&block)
-        options = resources.extract_options!
+        options = resources.size == 1 ? {} : resources.extract_options!
         options.merge!(:default_response => response)
         (options.delete(:responder) || self.class.responder).call(self, resources, options)
       end

data/lib/action_controller/metal/redirecting.rb

@@ -38,6 +38,9 @@ module ActionController
     #   redirect_to :action=>'atom', :status => :moved_permanently
     #   redirect_to post_url(@post), :status => 301
     #   redirect_to :action=>'atom', :status => 302
+    # 
+    # The status code can either be a standard {HTTP Status code}[http://www.iana.org/assignments/http-status-codes] as an
+    # integer, or a symbol representing the downcased, underscored and symbolized description.
     #
     # It is also possible to assign a flash message as part of the redirection. There are two special accessors for commonly used the flash names
     # +alert+ and +notice+ as well as a general purpose +flash+ bucket.
@@ -48,8 +51,7 @@ module ActionController
     #   redirect_to post_url(@post), :status => 301, :flash => { :updated_post_id => @post.id }
     #   redirect_to { :action=>'atom' }, :alert => "Something serious happened"
     #
-    # When using <tt>redirect_to :back</tt>, if there is no referrer,
-    # RedirectBackError will be raised. You may specify some fallback
+    # When using <tt>redirect_to :back</tt>, if there is no referrer, RedirectBackError will be raised. You may specify some fallback
     # behavior for this case by rescuing RedirectBackError.
     def redirect_to(options = {}, response_status = {}) #:doc:
       raise ActionControllerError.new("Cannot redirect to nil!") if options.nil?

data/lib/action_controller/metal/renderers.rb

@@ -71,7 +71,7 @@ module ActionController
     end
 
     add :json do |json, options|
-      json = ActiveSupport::JSON.encode(json, options) unless json.respond_to?(:to_str)
+      json = json.to_json(options) unless json.respond_to?(:to_str)
       json = "#{options[:callback]}(#{json})" unless options[:callback].blank?
       self.content_type ||= Mime::JSON
       self.response_body  = json

data/lib/action_controller/metal/responder.rb

@@ -161,6 +161,8 @@ module ActionController #:nodoc:
         display resource.errors, :status => :unprocessable_entity
       elsif post?
         display resource, :status => :created, :location => api_location
+      elsif has_empty_resource_definition?
+        display empty_resource, :status => :ok
       else
         head :ok
       end
@@ -221,5 +223,23 @@ module ActionController #:nodoc:
     def default_action
       @action ||= ACTIONS_FOR_VERBS[request.request_method_symbol]
     end
+
+    # Check whether resource needs a specific definition of empty resource to be valid
+    #
+    def has_empty_resource_definition?
+      respond_to?("empty_#{format}_resource")
+    end
+
+    # Delegate to proper empty resource method
+    #
+    def empty_resource
+      send("empty_#{format}_resource")
+    end
+
+    # Return a valid empty JSON resource
+    #
+    def empty_json_resource
+      "{}"
+    end
   end
 end

data/lib/action_controller/test_case.rb

@@ -40,6 +40,13 @@ module ActionController
       ActiveSupport::Notifications.unsubscribe("!render_template.action_view")
     end
 
+    def process(*args)
+      @partials = Hash.new(0)
+      @templates = Hash.new(0)
+      @layouts = Hash.new(0)
+      super
+    end
+
     # Asserts that the request was rendered with the appropriate template file or partials.
     #
     # ==== Examples

data/lib/action_controller/vendor/html-scanner/html/node.rb

@@ -38,18 +38,14 @@ module HTML #:nodoc:
     private
 
       def keys_to_strings(hash)
-        hash.keys.inject({}) do |h,k|
-          h[k.to_s] = hash[k]
-          h
-        end
+        Hash[hash.keys.map {|k| [k.to_s, hash[k]]}]
       end
 
       def keys_to_symbols(hash)
-        hash.keys.inject({}) do |h,k|
+        Hash[hash.keys.map do |k|
           raise "illegal key #{k.inspect}" unless k.respond_to?(:to_sym)
-          h[k.to_sym] = hash[k]
-          h
-        end
+          [k.to_sym, hash[k]]
+        end]
       end
   end
 
@@ -77,9 +73,7 @@ module HTML #:nodoc:
 
     # Return a textual representation of the node.
     def to_s
-      s = ""
-      @children.each { |child| s << child.to_s }
-      s
+      @children.join()
     end
 
     # Return false (subclasses must override this to provide specific matching

data/lib/action_dispatch/http/request.rb

@@ -4,6 +4,7 @@ require 'strscan'
 
 require 'active_support/core_ext/hash/indifferent_access'
 require 'active_support/core_ext/string/access'
+require 'active_support/inflector'
 require 'action_dispatch/http/headers'
 
 module ActionDispatch
@@ -44,8 +45,24 @@ module ActionDispatch
       @env.key?(key)
     end
 
-    HTTP_METHODS = %w(get head put post delete options)
-    HTTP_METHOD_LOOKUP = HTTP_METHODS.inject({}) { |h, m| h[m] = h[m.upcase] = m.to_sym; h }
+    # List of HTTP request methods from the following RFCs:
+    # Hypertext Transfer Protocol -- HTTP/1.1 (http://www.ietf.org/rfc/rfc2616.txt)
+    # HTTP Extensions for Distributed Authoring -- WEBDAV (http://www.ietf.org/rfc/rfc2518.txt)
+    # Versioning Extensions to WebDAV (http://www.ietf.org/rfc/rfc3253.txt)
+    # Ordered Collections Protocol (WebDAV) (http://www.ietf.org/rfc/rfc3648.txt)
+    # Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol (http://www.ietf.org/rfc/rfc3744.txt)
+    # Web Distributed Authoring and Versioning (WebDAV) SEARCH (http://www.ietf.org/rfc/rfc5323.txt)
+    # PATCH Method for HTTP (http://www.ietf.org/rfc/rfc5789.txt)
+    RFC2616 = %w(OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT)
+    RFC2518 = %w(PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK)
+    RFC3253 = %w(VERSION-CONTROL REPORT CHECKOUT CHECKIN UNCHECKOUT MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL MKACTIVITY)
+    RFC3648 = %w(ORDERPATCH)
+    RFC3744 = %w(ACL)
+    RFC5323 = %w(SEARCH)
+    RFC5789 = %w(PATCH)
+
+    HTTP_METHODS = RFC2616 + RFC2518 + RFC3253 + RFC3648 + RFC3744 + RFC5323 + RFC5789
+    HTTP_METHOD_LOOKUP = Hash.new { |h, m| h[m] = m.underscore.to_sym if HTTP_METHODS.include?(m) }
 
     # Returns the HTTP \method that the application should see.
     # In the case where the \method was overridden by a middleware

data/lib/action_dispatch/http/response.rb

@@ -4,27 +4,26 @@ require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/class/attribute_accessors'
 
 module ActionDispatch # :nodoc:
-  # Represents an HTTP response generated by a controller action. One can use
-  # an ActionDispatch::Response object to retrieve the current state
-  # of the response, or customize the response. An Response object can
-  # either represent a "real" HTTP response (i.e. one that is meant to be sent
-  # back to the web browser) or a test response (i.e. one that is generated
-  # from integration tests). See CgiResponse and TestResponse, respectively.
+  # Represents an HTTP response generated by a controller action. Use it to
+  # retrieve the current state of the response, or customize the response. It can
+  # either represent a real HTTP response (i.e. one that is meant to be sent
+  # back to the web browser) or a TestResponse (i.e. one that is generated
+  # from integration tests).
   #
-  # Response is mostly a Ruby on Rails framework implement detail, and
+  # \Response is mostly a Ruby on \Rails framework implementation detail, and
   # should never be used directly in controllers. Controllers should use the
   # methods defined in ActionController::Base instead. For example, if you want
   # to set the HTTP response's content MIME type, then use
   # ActionControllerBase#headers instead of Response#headers.
   #
   # Nevertheless, integration tests may want to inspect controller responses in
-  # more detail, and that's when Response can be useful for application
+  # more detail, and that's when \Response can be useful for application
   # developers. Integration test methods such as
   # ActionDispatch::Integration::Session#get and
   # ActionDispatch::Integration::Session#post return objects of type
-  # TestResponse (which are of course also of type Response).
+  # TestResponse (which are of course also of type \Response).
   #
-  # For example, the following demo integration "test" prints the body of the
+  # For example, the following demo integration test prints the body of the
   # controller response to the console:
   #
   #  class DemoControllerTest < ActionDispatch::IntegrationTest

data/lib/action_dispatch/http/upload.rb

@@ -2,31 +2,27 @@ require 'active_support/core_ext/object/blank'
 
 module ActionDispatch
   module Http
-    module UploadedFile
-      def self.extended(object)
-        object.class_eval do
-          attr_accessor :original_path, :content_type
-          alias_method :local_path, :path if method_defined?(:path)
-        end
+    class UploadedFile
+      attr_accessor :original_filename, :content_type, :tempfile, :headers
+
+      def initialize(hash)
+        @original_filename = hash[:filename]
+        @content_type      = hash[:type]
+        @headers           = hash[:head]
+        @tempfile          = hash[:tempfile]
+        raise(ArgumentError, ':tempfile is required') unless @tempfile
       end
 
-      # Take the basename of the upload's original filename.
-      # This handles the full Windows paths given by Internet Explorer
-      # (and perhaps other broken user agents) without affecting
-      # those which give the lone filename.
-      # The Windows regexp is adapted from Perl's File::Basename.
-      def original_filename
-        unless defined? @original_filename
-          @original_filename =
-            unless original_path.blank?
-              if original_path =~ /^(?:.*[:\\\/])?(.*)/m
-                $1
-              else
-                File.basename original_path
-              end
-            end
-        end
-        @original_filename
+      def read(*args)
+        @tempfile.read(*args)
+      end
+
+      def rewind
+        @tempfile.rewind
+      end
+
+      def size
+        @tempfile.size
       end
     end
 
@@ -35,11 +31,7 @@ module ActionDispatch
       # file upload hash with UploadedFile objects
       def normalize_parameters(value)
         if Hash === value && value.has_key?(:tempfile)
-          upload = value[:tempfile]
-          upload.extend(UploadedFile)
-          upload.original_path = value[:filename]
-          upload.content_type = value[:type]
-          upload
+          UploadedFile.new(value)
         else
           super
         end
@@ -47,4 +39,4 @@ module ActionDispatch
       private :normalize_parameters
     end
   end
-end
+end

data/lib/action_dispatch/middleware/cookies.rb

@@ -98,17 +98,19 @@ module ActionDispatch
       def self.build(request)
         secret = request.env[TOKEN_KEY]
         host = request.host
+        secure = request.ssl?
 
-        new(secret, host).tap do |hash|
+        new(secret, host, secure).tap do |hash|
           hash.update(request.cookies)
         end
       end
 
-      def initialize(secret = nil, host = nil)
+      def initialize(secret = nil, host = nil, secure = false)
         @secret = secret
         @set_cookies = {}
         @delete_cookies = {}
         @host = host
+        @secure = secure
 
         super()
       end
@@ -193,9 +195,15 @@ module ActionDispatch
       end
 
       def write(headers)
-        @set_cookies.each { |k, v| ::Rack::Utils.set_cookie_header!(headers, k, v) }
+        @set_cookies.each { |k, v| ::Rack::Utils.set_cookie_header!(headers, k, v) if write_cookie?(v) }
         @delete_cookies.each { |k, v| ::Rack::Utils.delete_cookie_header!(headers, k, v) }
       end
+
+      private
+
+        def write_cookie?(cookie)
+          @secure || !cookie[:secure] || defined?(Rails.env) && Rails.env.development?
+        end
     end
 
     class PermanentCookieJar < CookieJar #:nodoc: