actionpack 3.2.12 → 3.2.13.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e83232f34b035dc51f73f35c3c8a211ab7622da9
-  data.tar.gz: 737b807d052385bc722299eeac6a5301135d9a63
+  metadata.gz: f6c4864b6c426b8e73b7cffc095f321d692cc8ed
+  data.tar.gz: 94688471dd5a5d2df2693fc1e1ffb81b29ea4a89
 SHA512:
-  metadata.gz: a28a6df33af3317e3087fa874617081b54f0758abd9545bf743011e68f178e7c4e023162d06ea3be4462071a36459b1a1d4f33a354828ebcb76c8c069b7dec08
-  data.tar.gz: 82efdd6a5ed47e9a39e1303ce3b026f4856236da3421970e124bc74dbb2cd9ef4ef6d2b662d919f28351fa0585abe0a289f183399d836c5721cef07bf22daf15
+  metadata.gz: e05cfe1775d8c3613b9b530a6062312fedf90d2a92dd3447f4829c6b0b3693fc99dbeb4d1afaef2accd451f792ec31cb5b472184d3b73908b6d2d1e16e653e18
+  data.tar.gz: a02fa3528e3c996cb07b0a9668e72848b914ade04d9fca43ca0bc657994345e2794baab8af346b48eae7c08f8fa26a36a71fd04e843ac745ffbe28a41818be0d

data/CHANGELOG.md

@@ -1,8 +1,163 @@
-## Rails 3.2.11 ##
+## unreleased ##
 
-* Strip nils from collections on JSON and XML posts. [CVE-2013-0155]
+*   No changes.
+
+
+## Rails 3.2.13 (Feb 17, 2013) ##
+
+*   Determine the controller#action from only the matched path when using the
+    shorthand syntax. Previously the complete path was used, which led
+    to problems with nesting (scopes and namespaces).
+    Fixes #7554.
+    Backport #9361.
+
+    Example:
+
+        # this will route to questions#new
+        scope ':locale' do
+          get 'questions/new'
+        end
+
+    *Yves Senn*
+
+*   Fix `assert_template` with `render :stream => true`.
+    Fix #1743.
+    Backport #5288.
+
+    *Sergey Nartimov*
+
+*   Eagerly populate the http method loookup cache so local project inflections do
+    not interfere with use of underscore method ( and we don't need locks )
+
+    *Aditya Sanghi*
+
+*   `BestStandardsSupport` no longer duplicates `X-UA-Compatible` values on
+    each request to prevent header size from blowing up.
+
+    *Edward Anderson*
+
+*   Fixed JSON params parsing regression for non-object JSON content.
+
+    *Dylan Smith*
+
+*   Prevent unnecessary asset compilation when using `javascript_include_tag` on
+    files with non-standard extensions.
+
+    *Noah Silas*
+
+*   Fixes issue where duplicate assets can be required with sprockets.
+
+    *Jeremy Jackson*
+
+*   Bump `rack` dependency to 1.4.3, eliminate `Rack::File` headers deprecation warning.
+
+    *Sam Ruby + Carlos Antonio da Silva*
+
+*   Do not append second slash to `root_url` when using `trailing_slash: true`
+
+    Fix #8700.
+    Backport #8701.
+
+    Example:
+        # before
+        root_url # => http://test.host//
+
+        # after
+        root_url # => http://test.host/
+
+    *Yves Senn*
+
+*   Fix a bug in `content_tag_for` that prevents it for work without a block.
+
+    *Jasl*
+
+*   Clear url helper methods when routes are reloaded by removing the methods
+    explicitly rather than just clearing the module because it didn't work
+    properly and could be the source of a memory leak.
+
+    *Andrew White*
+
+*   Fix a bug in `ActionDispatch::Request#raw_post` that caused `env['rack.input']`
+    to be read but not rewound.
+
+    *Matt Venables*
+
+*   More descriptive error messages when calling `render :partial` with
+    an invalid `:layout` argument.
+
+    Fixes #8376.
+
+        render :partial => 'partial', :layout => true
+        # results in ActionView::MissingTemplate: Missing partial /true
+
+    *Yves Senn*
+
+*   Accept symbols as `#send_data` :disposition value. [Backport #8329] *Elia Schito*
+
+*   Add i18n scope to `distance_of_time_in_words`. [Backport #7997] *Steve Klabnik*
+
+*   Fix side effect of `url_for` changing the `:controller` string option. [Backport #6003]
+    Before:
+
+        controller = '/projects'
+        url_for :controller => controller, :action => 'status'
+
+        puts controller #=> 'projects'
+
+    After
+
+        puts controller #=> '/projects'
+
+    *Nikita Beloglazov + Andrew White*
+
+*   Introduce `ActionView::Template::Handlers::ERB.escape_whitelist`. This is a list
+    of mime types where template text is not html escaped by default. It prevents `Jack & Joe`
+    from rendering as `Jack & Joe` for the whitelisted mime types. The default whitelist
+    contains text/plain. Fix #7976 [Backport #8235]
+
+    *Joost Baaij*
+
+*   `BestStandardsSupport` middleware now appends it's `X-UA-Compatible` value to app's
+    returned value if any. Fix #8086 [Backport #8093]
+
+    *Nikita Afanasenko*
+
+*   prevent double slashes in engine urls when `Rails.application.default_url_options[:trailing_slash] = true` is set
+    Fix #7842
+
+    *Yves Senn*
+
+*   Fix input name when `:multiple => true` and `:index` are set.
+
+    Before:
+
+        check_box("post", "comment_ids", { :multiple => true, :index => "foo" }, 1)
+        #=> <input name=\"post[foo][comment_ids]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids]\" type=\"checkbox\" value=\"1\" />
+
+    After:
+
+        check_box("post", "comment_ids", { :multiple => true, :index => "foo" }, 1)
+        #=> <input name=\"post[foo][comment_ids][]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids][]\" type=\"checkbox\" value=\"1\" />
+
+    Fix #8108
+
+    *Daniel Fox, Grant Hutchins & Trace Wax*
+
+
+## Rails 3.2.12 (Feb 11, 2013) ##
+
+*   No changes.
+
+
+## Rails 3.2.11 (Jan 8, 2013) ##
+
+*   Strip nils from collections on JSON and XML posts. [CVE-2013-0155]
+
+
+## Rails 3.2.10 (Jan 2, 2013) ##
+
+*   No changes.
 
-## Rails 3.2.10 ##
 
 ## Rails 3.2.9 (Nov 12, 2012) ##
 

data/lib/action_controller/metal/compatibility.rb

@@ -58,7 +58,8 @@ module ActionController
     end
 
     def method_for_action(action_name)
-      super || (respond_to?(:method_missing) && "_handle_method_missing")
+      super || ((self.class.public_method_defined?(:method_missing) ||
+        self.class.protected_method_defined?(:method_missing)) && "_handle_method_missing")
     end
   end
 end

data/lib/action_controller/metal/data_streaming.rb

@@ -141,7 +141,7 @@ module ActionController #:nodoc:
           raise ArgumentError, ":#{arg} option required" if options[arg].nil?
         end
 
-        disposition = options[:disposition]
+        disposition = options[:disposition].to_s
         disposition += %(; filename="#{options[:filename]}") if options[:filename]
 
         content_type = options[:type]

data/lib/action_controller/metal/hide_actions.rb

@@ -27,20 +27,14 @@ module ActionController
         self.hidden_actions = hidden_actions.dup.merge(args.map(&:to_s)).freeze
       end
 
-      def inherited(klass)
-        klass.class_eval { @visible_actions = {} }
-        super
-      end
-
       def visible_action?(action_name)
-        return @visible_actions[action_name] if @visible_actions.key?(action_name)
-        @visible_actions[action_name] = !hidden_actions.include?(action_name)
+        action_methods.include?(action_name)
       end
 
       # Overrides AbstractController::Base#action_methods to remove any methods
       # that are listed as hidden methods.
       def action_methods
-        @action_methods ||= Set.new(super.reject { |name| hidden_actions.include?(name) })
+        @action_methods ||= Set.new(super.reject { |name| hidden_actions.include?(name) }).freeze
       end
     end
   end

data/lib/action_controller/metal/redirecting.rb

@@ -77,7 +77,7 @@ module ActionController
 
     private
       def _extract_redirect_to_status(options, response_status)
-        status = if options.is_a?(Hash) && options.key?(:status)
+        if options.is_a?(Hash) && options.key?(:status)
           Rack::Utils.status_code(options.delete(:status))
         elsif response_status.key?(:status)
           Rack::Utils.status_code(response_status[:status])

data/lib/action_controller/test_case.rb

@@ -70,6 +70,8 @@ module ActionController
     #
     def assert_template(options = {}, message = nil)
       validate_request!
+      # Force body to be read in case the template is being streamed
+      response.body
 
       case options
       when NilClass, String, Symbol

data/lib/action_dispatch/http/filter_parameters.rb

@@ -26,8 +26,6 @@ module ActionDispatch
     module FilterParameters
       extend ActiveSupport::Concern
 
-      @@parameter_filter_for  = {}
-
       # Return a hash of parameters with all sensitive data replaced.
       def filtered_parameters
         @filtered_parameters ||= parameter_filter.filter(parameters)
@@ -54,7 +52,7 @@ module ActionDispatch
       end
 
       def parameter_filter_for(filters)
-        @@parameter_filter_for[filters] ||= ParameterFilter.new(filters)
+        ParameterFilter.new(filters)
       end
 
       KV_RE   = '[^&;=]+'

data/lib/action_dispatch/http/request.rb

@@ -56,7 +56,12 @@ module ActionDispatch
     RFC5789 = %w(PATCH)
 
     HTTP_METHODS = RFC2616 + RFC2518 + RFC3253 + RFC3648 + RFC3744 + RFC5323 + RFC5789
-    HTTP_METHOD_LOOKUP = Hash.new { |h, m| h[m] = m.underscore.to_sym if HTTP_METHODS.include?(m) }
+    HTTP_METHOD_LOOKUP = {}
+
+    # Populate the HTTP method lookup cache
+    HTTP_METHODS.each do |method|
+      HTTP_METHOD_LOOKUP[method] = method.underscore.to_sym
+    end
 
     # Returns the HTTP \method that the application should see.
     # In the case where the \method was overridden by a middleware
@@ -179,8 +184,9 @@ module ActionDispatch
     # work with raw requests directly.
     def raw_post
       unless @env.include? 'RAW_POST_DATA'
-        @env['RAW_POST_DATA'] = body.read(@env['CONTENT_LENGTH'].to_i)
-        body.rewind if body.respond_to?(:rewind)
+        raw_post_body = body
+        @env['RAW_POST_DATA'] = raw_post_body.read(@env['CONTENT_LENGTH'].to_i)
+        raw_post_body.rewind if raw_post_body.respond_to?(:rewind)
       end
       @env['RAW_POST_DATA']
     end

data/lib/action_dispatch/http/url.rb

@@ -43,7 +43,11 @@ module ActionDispatch
           params = options[:params] || {}
           params.reject! {|k,v| v.to_param.nil? }
 
-          rewritten_url << (options[:trailing_slash] ? path.sub(/\?|\z/) { "/" + $& } : path)
+          if options[:trailing_slash] && !path.ends_with?('/')
+            rewritten_url << path.sub(/(\?|\z)/) { "/" + $& }
+          else
+            rewritten_url << path
+          end
           rewritten_url << "?#{params.to_query}" unless params.empty?
           rewritten_url << "##{Journey::Router::Utils.escape_fragment(options[:anchor].to_param.to_s)}" if options[:anchor]
           rewritten_url

data/lib/action_dispatch/middleware/best_standards_support.rb

@@ -15,7 +15,15 @@ module ActionDispatch
 
     def call(env)
       status, headers, body = @app.call(env)
-      headers["X-UA-Compatible"] = @header
+
+      if headers["X-UA-Compatible"] && @header
+        unless headers["X-UA-Compatible"][@header]
+          headers["X-UA-Compatible"] << "," << @header.to_s
+        end
+      else
+        headers["X-UA-Compatible"] = @header
+      end
+
       [status, headers, body]
     end
   end

data/lib/action_dispatch/middleware/params_parser.rb

@@ -44,10 +44,10 @@ module ActionDispatch
         when :yaml
           YAML.load(request.raw_post)
         when :json
-          data = request.deep_munge ActiveSupport::JSON.decode(request.body)
+          data = ActiveSupport::JSON.decode(request.body)
           request.body.rewind if request.body.respond_to?(:rewind)
           data = {:_json => data} unless data.is_a?(Hash)
-          data.with_indifferent_access
+          request.deep_munge(data).with_indifferent_access
         else
           false
         end

data/lib/action_dispatch/middleware/session/cookie_store.rb

@@ -22,15 +22,12 @@ module ActionDispatch
     #
     # Session options:
     #
-    # * <tt>:secret</tt>: An application-wide key string or block returning a
-    #   string called per generated digest. The block is called with the
-    #   CGI::Session instance as an argument. It's important that the secret
-    #   is not vulnerable to a dictionary attack. Therefore, you should choose
-    #   a secret consisting of random numbers and letters and more than 30
-    #   characters. Examples:
+    # * <tt>:secret</tt>: An application-wide key string. It's important that
+    #   the secret is not vulnerable to a dictionary attack. Therefore, you
+    #   should choose a secret consisting of random numbers and letters and
+    #   more than 30 characters.
     #
     #     :secret => '449fe2e7daee471bffae2fd8dc02313d'
-    #     :secret => Proc.new { User.current_user.secret_key }
     #
     # * <tt>:digest</tt>: The message digest algorithm used to verify session
     #   integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,

data/lib/action_dispatch/middleware/static.rb

@@ -5,7 +5,8 @@ module ActionDispatch
     def initialize(root, cache_control)
       @root          = root.chomp('/')
       @compiled_root = /^#{Regexp.escape(root)}/
-      @file_server   = ::Rack::File.new(@root, cache_control)
+      headers = cache_control && { 'Cache-Control' => cache_control }
+      @file_server   = ::Rack::File.new(@root, headers)
     end
 
     def match?(path)

data/lib/action_dispatch/routing/mapper.rb

@@ -51,7 +51,6 @@ module ActionDispatch
       class Mapping #:nodoc:
         IGNORE_OPTIONS = [:to, :as, :via, :on, :constraints, :defaults, :only, :except, :anchor, :shallow, :shallow_path, :shallow_prefix]
         ANCHOR_CHARACTERS_REGEX = %r{\A(\\A|\^)|(\\Z|\\z|\$)\Z}
-        SHORTHAND_REGEX = %r{/[\w/]+$}
         WILDCARD_PATH = %r{\*([^/\)]+)\)?$}
 
         def initialize(set, scope, path, options)
@@ -70,12 +69,7 @@ module ActionDispatch
           def normalize_options!
             path_without_format = @path.sub(/\(\.:format\)$/, '')
 
-            if using_match_shorthand?(path_without_format, @options)
-              to_shorthand    = @options[:to].blank?
-              @options[:to] ||= path_without_format.gsub(/\(.*\)/, "")[1..-1].sub(%r{/([^/]*)$}, '#\1')
-            end
-
-            @options.merge!(default_controller_and_action(to_shorthand))
+            @options.merge!(default_controller_and_action)
 
             requirements.each do |name, requirement|
               # segment_keys.include?(k.to_s) || k == :controller
@@ -153,7 +147,7 @@ module ActionDispatch
             end
           end
 
-          def default_controller_and_action(to_shorthand=nil)
+          def default_controller_and_action
             if to.respond_to?(:call)
               { }
             else
@@ -166,7 +160,7 @@ module ActionDispatch
               controller ||= default_controller
               action     ||= default_action
 
-              unless controller.is_a?(Regexp) || to_shorthand
+              unless controller.is_a?(Regexp)
                 controller = [@scope[:module], controller].compact.join("/").presence
               end
 
@@ -451,7 +445,7 @@ module ActionDispatch
                 # we must actually delete prefix segment keys to avoid passing them to next url_for
                 _route.segment_keys.each { |k| options.delete(k) }
                 prefix = _routes.url_helpers.send("#{name}_path", prefix_options)
-                prefix = '' if prefix == '/'
+                prefix = prefix.gsub(%r{/\z}, '')
                 prefix
               end
             end
@@ -1261,6 +1255,11 @@ module ActionDispatch
             paths = [path] + rest
           end
 
+          path_without_format = path.to_s.sub(/\(\.:format\)$/, '')
+          if using_match_shorthand?(path_without_format, options)
+            options[:to] ||= path_without_format.gsub(%r{^/}, "").sub(%r{/([^/]*)$}, '#\1')
+          end
+
           options[:anchor] = true unless options.key?(:anchor)
 
           if options[:on] && !VALID_ON_OPTIONS.include?(options[:on])
@@ -1271,6 +1270,10 @@ module ActionDispatch
           self
         end
 
+        def using_match_shorthand?(path, options)
+          path && (options[:to] || options[:action]).nil? && path =~ %r{/[\w/]+$}
+        end
+
         def decomposed_match(path, options) # :nodoc:
           if on = options.delete(:on)
             send(on) { decomposed_match(path, options) }
@@ -1288,9 +1291,10 @@ module ActionDispatch
 
         def add_route(action, options) # :nodoc:
           path = path_for_action(action, options.delete(:path))
+          action = action.to_s.dup
 
-          if action.to_s =~ /^[\w\/]+$/
-            options[:action] ||= action unless action.to_s.include?("/")
+          if action =~ /^[\w\/]+$/
+            options[:action] ||= action unless action.include?("/")
           else
             action = nil
           end

data/lib/action_dispatch/routing/redirection.rb

@@ -78,10 +78,10 @@ module ActionDispatch
       # params, depending of how many arguments your block accepts. A string is required as a
       # return value.
       #
-      #   match 'jokes/:number', :to => redirect do |params, request|
-      #     path = (params[:number].to_i.even? ? "/wheres-the-beef" : "/i-love-lamp")
+      #   match 'jokes/:number', :to => redirect { |params, request|
+      #     path = (params[:number].to_i.even? ? "wheres-the-beef" : "i-love-lamp")
       #     "http://#{request.host_with_port}/#{path}"
-      #   end
+      #   }
       #
       # The options version of redirect allows you to supply only the parts of the url which need
       # to change, it also supports interpolation of the path similar to the first example.

data/lib/action_dispatch/routing/route_set.rb

@@ -94,7 +94,12 @@ module ActionDispatch
         attr_reader :routes, :helpers, :module
 
         def initialize
-          clear!
+          @routes = {}
+          @helpers = []
+
+          @module = Module.new do
+            instance_methods.each { |selector| remove_method(selector) }
+          end
         end
 
         def helper_names
@@ -102,12 +107,14 @@ module ActionDispatch
         end
 
         def clear!
+          @helpers.each do |helper|
+            @module.module_eval do
+              remove_possible_method helper
+            end
+          end
+
           @routes = {}
           @helpers = []
-
-          @module ||= Module.new do
-            instance_methods.each { |selector| remove_method(selector) }
-          end
         end
 
         def add(name, route)
@@ -291,7 +298,6 @@ module ActionDispatch
 
       def clear!
         @finalized = false
-        @url_helpers = nil
         named_routes.clear
         set.clear
         formatter.clear
@@ -442,12 +448,12 @@ module ActionDispatch
           normalize_options!
           normalize_controller_action_id!
           use_relative_controller!
-          controller.sub!(%r{^/}, '') if controller
+          normalize_controller!
           handle_nil_action!
         end
 
         def controller
-          @controller ||= @options[:controller]
+          @options[:controller]
         end
 
         def current_controller
@@ -504,10 +510,15 @@ module ActionDispatch
             old_parts = current_controller.split('/')
             size = controller.count("/") + 1
             parts = old_parts[0...-size] << controller
-            @controller = @options[:controller] = parts.join("/")
+            @options[:controller] = parts.join("/")
           end
         end
 
+        # Remove leading slashes from controllers
+        def normalize_controller!
+          @options[:controller] = controller.sub(%r{^/}, '') if controller
+        end
+
         # This handles the case of :action => nil being explicitly passed.
         # It is identical to :action => "index"
         def handle_nil_action!

data/lib/action_pack/version.rb

@@ -2,8 +2,8 @@ module ActionPack
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 12
-    PRE   = nil
+    TINY  = 13
+    PRE   = "rc1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
   end

data/lib/action_view/helpers/date_helper.rb

@@ -65,12 +65,17 @@ module ActionView
       #   distance_of_time_in_words(Time.now, Time.now)           # => less than a minute
       #
       def distance_of_time_in_words(from_time, to_time = 0, include_seconds = false, options = {})
+        options = {
+          :scope => :'datetime.distance_in_words',
+        }.merge!(options)
+
         from_time = from_time.to_time if from_time.respond_to?(:to_time)
         to_time = to_time.to_time if to_time.respond_to?(:to_time)
-        distance_in_minutes = (((to_time - from_time).abs)/60).round
-        distance_in_seconds = ((to_time - from_time).abs).round
+        distance = (to_time.to_f - from_time.to_f).abs
+        distance_in_minutes = (distance / 60.0).round
+        distance_in_seconds = distance.round
 
-        I18n.with_options :locale => options[:locale], :scope => :'datetime.distance_in_words' do |locale|
+        I18n.with_options :locale => options[:locale], :scope => options[:scope] do |locale|
           case distance_in_minutes
             when 0..1
               return distance_in_minutes == 0 ?
@@ -129,8 +134,8 @@ module ActionView
       #   from_time = Time.now - 3.days - 14.minutes - 25.seconds
       #   time_ago_in_words(from_time)      # => 3 days
       #
-      def time_ago_in_words(from_time, include_seconds = false)
-        distance_of_time_in_words(from_time, Time.now, include_seconds)
+      def time_ago_in_words(from_time, include_seconds = false, options = {})
+        distance_of_time_in_words(from_time, Time.now, include_seconds, options)
       end
 
       alias_method :distance_of_time_in_words_to_now, :time_ago_in_words

data/lib/action_view/helpers/form_helper.rb

@@ -331,9 +331,9 @@ module ActionView
       # In many cases you will want to wrap the above in another helper, so you
       # could do something like the following:
       #
-      #   def labelled_form_for(record_or_name_or_array, *args, &proc)
+      #   def labelled_form_for(record_or_name_or_array, *args, &block)
       #     options = args.extract_options!
-      #     form_for(record_or_name_or_array, *(args << options.merge(:builder => LabellingFormBuilder)), &proc)
+      #     form_for(record_or_name_or_array, *(args << options.merge(:builder => LabellingFormBuilder)), &block)
       #   end
       #
       # If you don't need to attach a form to a model instance, then check out
@@ -355,7 +355,7 @@ module ActionView
       #   <%= form_for @invoice, :url => external_url, :authenticity_token => false do |f|
       #     ...
       #   <% end %>
-      def form_for(record, options = {}, &proc)
+      def form_for(record, options = {}, &block)
         raise ArgumentError, "Missing block" unless block_given?
 
         options[:html] ||= {}
@@ -374,12 +374,10 @@ module ActionView
         options[:html][:method] = options.delete(:method) if options.has_key?(:method)
         options[:html][:authenticity_token] = options.delete(:authenticity_token)
 
-        builder = options[:parent_builder] = instantiate_builder(object_name, object, options, &proc)
-        fields_for = fields_for(object_name, object, options, &proc)
+        builder = options[:parent_builder] = instantiate_builder(object_name, object, options, &block)
+        output  = capture(builder, &block)
         default_options = builder.multipart? ? { :multipart => true } : {}
-        output = form_tag(options.delete(:url) || {}, default_options.merge!(options.delete(:html)))
-        output << fields_for
-        output.safe_concat('</form>')
+        form_tag(options.delete(:url) || {}, default_options.merge!(options.delete(:html))) { output }
       end
 
       def apply_form_for_options!(object_or_array, options) #:nodoc:
@@ -1205,9 +1203,11 @@ module ActionView
             options["name"] ||= tag_name_with_index(@auto_index)
             options["id"] = options.fetch("id"){ tag_id_with_index(@auto_index) }
           else
-            options["name"] ||= tag_name + (options['multiple'] ? '[]' : '')
+            options["name"] ||= tag_name
             options["id"] = options.fetch("id"){ tag_id }
           end
+
+          options["name"] += "[]" if options["multiple"]
           options["id"] = [options.delete('namespace'), options["id"]].compact.join("_").presence
         end
 

data/lib/action_view/helpers/form_options_helper.rb

@@ -508,9 +508,9 @@ module ActionView
         convert_zones = lambda { |list| list.map { |z| [ z.to_s, z.name ] } }
 
         if priority_zones
-	        if priority_zones.is_a?(Regexp)
+          if priority_zones.is_a?(Regexp)
             priority_zones = model.all.find_all {|z| z =~ priority_zones}
-	        end
+          end
           zone_options += options_for_select(convert_zones[priority_zones], selected)
           zone_options += "<option value=\"\" disabled=\"disabled\">-------------</option>\n"
 

data/lib/action_view/helpers/form_tag_helper.rb

@@ -45,7 +45,7 @@ module ActionView
       #   # => <form action="/posts" method="post">
       #
       #   form_tag('/posts/1', :method => :put)
-      #   # => <form action="/posts/1" method="put">
+      #   # => <form action="/posts/1" method="post"> ... <input name="_method" type="hidden" value="put" /> ...
       #
       #   form_tag('/upload', :multipart => true)
       #   # => <form action="/upload" method="post" enctype="multipart/form-data">
@@ -53,7 +53,7 @@ module ActionView
       #   <%= form_tag('/posts') do -%>
       #     <div><%= submit_tag 'Save' %></div>
       #   <% end -%>
-      #   # => <form action="/posts" method="post"><div><input type="submit" name="submit" value="Save" /></div></form>
+      #   # => <form action="/posts" method="post"><div><input type="submit" name="commit" value="Save" /></div></form>
       #
       #   <%= form_tag('/posts', :remote => true) %>
       #   # => <form action="/posts" method="post" data-remote="true">
@@ -181,7 +181,7 @@ module ActionView
       #   # => <label for="name">Name</label>
       #
       #   label_tag 'name', 'Your name'
-      #   # => <label for="name">Your Name</label>
+      #   # => <label for="name">Your name</label>
       #
       #   label_tag 'name', nil, :class => 'small_label'
       #   # => <label for="name" class="small_label">Name</label>

data/lib/action_view/helpers/number_helper.rb

@@ -1,5 +1,7 @@
 # encoding: utf-8
 
+require 'active_support/core_ext/hash/keys'
+require 'active_support/core_ext/hash/reverse_merge'
 require 'active_support/core_ext/big_decimal/conversions'
 require 'active_support/core_ext/float/rounding'
 require 'active_support/core_ext/object/blank'

data/lib/action_view/helpers/record_tag_helper.rb

@@ -98,7 +98,9 @@ module ActionView
           options, prefix = prefix, nil if prefix.is_a?(Hash)
           options = options ? options.dup : {}
           options.merge!(:class => "#{dom_class(record, prefix)} #{options[:class]}".strip, :id => dom_id(record, prefix))
-          if block.arity == 0
+          if !block_given?
+            content_tag(tag_name, "", options)
+          elsif block.arity == 0
             content_tag(tag_name, capture(&block), options)
           else
             content_tag(tag_name, capture(record, &block), options)

data/lib/action_view/renderer/partial_renderer.rb

@@ -256,7 +256,7 @@ module ActionView
       object, as = @object, @variable
 
       if !block && (layout = @options[:layout])
-        layout = find_template(layout)
+        layout = find_template(layout.to_s)
       end
 
       object ||= locals[as]

data/lib/action_view/template/handlers/erb.rb

@@ -15,6 +15,17 @@ module ActionView
           src << "@output_buffer.safe_concat('" << escape_text(text) << "');"
         end
 
+        # Erubis toggles <%= and <%== behavior when escaping is enabled.
+        # We override to always treat <%== as escaped.
+        def add_expr(src, code, indicator)
+          case indicator
+          when '=='
+            add_expr_escaped(src, code)
+          else
+            super
+          end
+        end
+
         BLOCK_EXPR = /\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/
 
         def add_expr_literal(src, code)
@@ -48,6 +59,10 @@ module ActionView
         class_attribute :erb_implementation
         self.erb_implementation = Erubis
 
+        # Do not escape templates of these mime types.
+        class_attribute :escape_whitelist
+        self.escape_whitelist = ["text/plain"]
+
         ENCODING_TAG = Regexp.new("\\A(<%#{ENCODING_FLAG}-?%>)[ \\t]*")
 
         def self.call(template)
@@ -83,6 +98,7 @@ module ActionView
 
           self.class.erb_implementation.new(
             erb,
+            :escape => (self.class.escape_whitelist.include? template.mime_type),
             :trim => (self.class.erb_trim_mode == "-")
           ).src
         end

data/lib/sprockets/helpers/rails_helper.rb

@@ -31,7 +31,7 @@ module Sprockets
           else
             super(source.to_s, { :src => path_to_asset(source, :ext => 'js', :body => body, :digest => digest) }.merge!(options))
           end
-        end.uniq.join("\n").html_safe
+        end.flatten.uniq.join("\n").html_safe
       end
 
       def stylesheet_link_tag(*sources)
@@ -48,7 +48,7 @@ module Sprockets
           else
             super(source.to_s, { :href => path_to_asset(source, :ext => 'css', :body => body, :protocol => :request, :digest => digest) }.merge!(options))
           end
-        end.uniq.join("\n").html_safe
+        end.flatten.uniq.join("\n").html_safe
       end
 
       def asset_path(source, options = {})
@@ -157,18 +157,25 @@ module Sprockets
         end
 
         def rewrite_extension(source, dir, ext)
-          source_ext = File.extname(source)
-          if ext && source_ext != ".#{ext}"
-            if !source_ext.empty? && (asset = asset_environment[source]) &&
-                  asset.pathname.to_s =~ /#{source}\Z/
-              source
-            else
-              "#{source}.#{ext}"
-            end
-          else
+          source_ext = File.extname(source)[1..-1]
+
+          if !ext || ext == source_ext
+            source
+          elsif source_ext.blank?
+            "#{source}.#{ext}"
+          elsif exact_match_present?(source)
             source
+          else
+            "#{source}.#{ext}"
           end
         end
+
+        def exact_match_present?(source)
+          pathname = asset_environment.resolve(source)
+          pathname.to_s =~ /#{Regexp.escape(source)}\Z/
+        rescue Sprockets::FileNotFound
+          false
+        end
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionpack
 version: !ruby/object:Gem::Version
-  version: 3.2.12
+  version: 3.2.13.rc1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-02-11 00:00:00.000000000 Z
+date: 2013-02-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,138 +16,138 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.12
+        version: 3.2.13.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.12
+        version: 3.2.13.rc1
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.12
+        version: 3.2.13.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.12
+        version: 3.2.13.rc1
 - !ruby/object:Gem::Dependency
   name: rack-cache
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 1.4.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 1.4.5
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.6.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.6.1
 - !ruby/object:Gem::Dependency
   name: journey
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 1.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 1.0.4
 - !ruby/object:Gem::Dependency
   name: sprockets
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 2.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 2.2.1
 - !ruby/object:Gem::Dependency
   name: erubis
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 2.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 2.7.0
 - !ruby/object:Gem::Dependency
   name: tzinfo
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.3.29
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.3.29
 description: Web apps on Rails. Simple, battle-tested conventions for building and
@@ -357,18 +357,18 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements:
 - none
 rubyforge_project: 
-rubygems_version: 2.0.0.rc.2
+rubygems_version: 2.0.0
 signing_key: 
 specification_version: 4
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).