actionpack 4.0.0 → 4.0.1.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6f4ecbcfd3111cc54096fa65af027af557e6b7e3
-  data.tar.gz: dfdfd55057a638b0c95f434b70ec14864c444f15
+  metadata.gz: b6c04ba63b482170976504173eb76a7606468917
+  data.tar.gz: cec22e4ca260d29bf97824bb03b607fb8aead200
 SHA512:
-  metadata.gz: 69dbb3d11bbc52495acb69ac846abad0f6263b17c2284837860d56cd2a22a18ee785d9e1f1e3c3fc4bf8a39eb7d9a982168d3bb42392629af75f9c80bcf64f68
-  data.tar.gz: cf4e149fe77d767835201792e56a7744f9ee83dba081b1f807082d4991aba60caf3f54d1f676b10e3dd82cb91438a979aa1499d041af53116f29268b0be47f35
+  metadata.gz: 01bcd33e7a28dcae4833ce06977d6b540ae2b59d505926b8c95569f70ac2b371a2fe135a7aa87a8219faa1b6309a327f5babc1c884f5d075ead9939ce130a5e9
+  data.tar.gz: ffff6e9d696185d003e9ab97dfe7bb32ba25dcd95a46af76552b4fca01900803b693145b51986642183c3c6d562149b592b782658091874b9374ecb448d334be

data/CHANGELOG.md

@@ -1,3 +1,220 @@
+## Rails 4.0.1.rc1 (October 17, 2013) ##
+
+*   Respect `SCRIPT_NAME` when using `redirect` with a relative path
+
+    Example:
+        # application routes.rb
+        mount BlogEngine => '/blog'
+
+        # engine routes.rb
+        get '/admin' => redirect('admin/dashboard')
+
+    This now redirects to the path `/blog/admin/dashboard`, whereas before it would've
+    generated an invalid url because there would be no slash between the host name and
+    the path. It also allows redirects to work where the application is deployed to a
+    subdirectory of a website.
+
+    Fixes #7977.
+
+    *Andrew White*
+
+*   Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing
+    attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set.
+
+    Fixes #10844.
+
+    *Tamir Duberstein*
+
+*   Strong parameters should permit nested number as key.
+
+    Fixes #12293.
+
+    *kennyj*
+
+*   Fix `collection_check_boxes` generated hidden input to use the name attribute provided
+    in the options hash.
+
+    *Angel N. Sciortino*
+
+*   Fix some edge cases for AV `select` helper with `:selected` option
+
+    *Bogdan Gusiev*
+
+*   Handle `:namespace` form option in collection labels
+
+    *Vasiliy Ermolovich*
+
+*   Fix an issue where router can't recognize downcased url encoding path.
+
+    Fixes #12269.
+
+    *kennyj*
+
+*   Fix custom flash type definition. Misusage of the `_flash_types` class variable
+    caused an error when reloading controllers with custom flash types.
+
+    Fixes #12057.
+
+    *Ricardo de Cillo*
+
+*   Do not break params filtering on `nil` values.
+
+    Fixes #12149.
+
+    *Vasiliy Ermolovich*
+
+*   Fix `excerpt` when `:separator` is `nil`.
+
+    *Paul Nikitochkin*
+
+*   Make Live Streaming work with basic authentication or builder.
+
+    Fixes #10984.
+
+    *Aaron Patterson*
+
+*   Always use `Rack::Sendfile` to make possible to it be automatically
+    configured by the webserver.
+
+    Fixes #11440.
+
+    *Martin Schürrer*
+
+*   Flag cookies as secure with ignore case in `ActionDispatch::SSL`.
+
+    *Yamagishi Kazutoshi*
+
+*   Don't include STS header in non-HTTPS responses.
+
+    *Geoff Buesing*
+
+*   Fix an issue where rails raise exception about missing helper where it
+    should throw `LoadError`. When helper file exists and only loaded file from
+    this helper does not exist rails should throw LoadError instead of
+    `MissingHelperError`.
+
+    *Piotr Niełacny*
+
+*   Only cache template digests if `config.cache_template_loading` is true.
+
+    *Josh Lauer*, *Justin Ridgewell*
+
+*   Fix an issue where `:if` and `:unless` controller action procs were being run
+    before checking for the correct action in the `:only` and `:unless` options.
+
+    Fixes #11799.
+
+    *Nicholas Jakobsen*
+
+*   Fix an issue where `assert_dom_equal` and `assert_dom_not_equal` were
+    ignoring the passed failure message argument.
+
+    Fixes #11751.
+
+    *Ryan McGeary*
+
+*   Fix `current_page?` when the URL contains escaped characters and the
+    original URL is using the hexadecimal lowercased.
+
+    *Rafael Mendonça França*
+
+*   Allow `REMOTE_ADDR`, `HTTP_HOST` and `HTTP_USER_AGENT` to be overridden from
+    the environment passed into `ActionDispatch::TestRequest.new`.
+
+    Fixes #11590.
+
+    *Andrew White*
+
+*   Fix `text_area` to behave like `text_field` when `nil` is given as
+    value.
+
+    Before:
+
+        f.text_field :field, value: nil #=> <input value="">
+        f.text_area :field, value: nil  #=> <textarea>value of field</textarea>
+
+    After:
+
+        f.text_area :field, value: nil  #=> <textarea></textarea>
+
+    *Joel Cogen*
+
+*   Fix an issue where Journey was failing to clear the named routes hash when the
+    routes were reloaded and since it doesn't overwrite existing routes then if a
+    route changed but wasn't renamed it kept the old definition. This was being
+    masked by the optimised url helpers so it only became apparent when passing an
+    options hash to the url helper.
+
+    *Andrew White*
+
+*   Skip routes pointing to a redirect or mounted application when generating urls
+    using an options hash as they aren't relevant and generate incorrect urls.
+
+    Fixes #8018.
+
+    *Andrew White*
+
+*   Fix default rendered format problem when calling `render` without `:content_type` option.
+    It should return `:html`.
+
+    Fixes #11393.
+
+    *Gleb Mazovetskiy*, *Oleg*, *kennyj*
+
+*   Fix `ActionDispatch::ParamsParser#parse_formatted_parameters` to rewind body input stream on
+    parsing json params.
+
+    Fixes #11345.
+
+    *Yuri Bol*, *Paul Nikitochkin*
+
+*   Fix `link_to` with block and url hashes.
+
+    Before:
+
+        link_to(action: 'bar', controller: 'foo') { content_tag(:span, 'Example site') }
+        # => "<a action=\"bar\" controller=\"foo\"><span>Example site</span></a>"
+
+    After:
+
+        link_to(action: 'bar', controller: 'foo') { content_tag(:span, 'Example site') }
+        # => "<a href=\"/foo/bar\"><span>Example site</span></a>"
+
+    *Murahashi Sanemat Kenichi*
+
+*   Fix "Stack Level Too Deep" error when redering recursive partials.
+
+    Fixes #11340.
+
+    *Rafael Mendonça França*
+
+*   Pick `DateField` `DateTimeField` and `ColorField` values from stringified options allowing use of symbol keys with helpers.
+
+    *Jon Rowe*
+
+*   Fix `Mime::Type.parse` when bad accepts header is looked up. Previously it
+    was setting `request.formats` with an array containing a `nil` value, which
+    raised an error when setting the controller formats.
+
+    Fixes #10965.
+
+    *Becker*
+
+*   Always escape the result of `link_to_unless` method.
+
+    Before:
+
+        link_to_unless(true, '<b>Showing</b>', 'github.com')
+        # => "<b>Showing</b>"
+
+    After:
+
+        link_to_unless(true, '<b>Showing</b>', 'github.com')
+        # => "&lt;b&gt;Showing&lt;/b&gt;"
+
+    *dtaniwaki*
+
+
 ## Rails 4.0.0 (June 25, 2013) ##
 
 *   Merge `:action` from routing scope and assign endpoint if both `:controller`
@@ -30,6 +247,10 @@
 
     *David Celis*
 
+*   Add `has_named_route?(route_name)` to the mapper API.
+
+    *José Valim*
+
 *   Fix an issue where partials with a number in the filename weren't being digested for cache dependencies.
 
     *Bryan Ricker*

data/README.rdoc

@@ -37,7 +37,7 @@ The latest version of Action Pack can be installed with RubyGems:
 
 Source code can be downloaded as part of the Rails project on GitHub
 
-* https://github.com/rails/rails/tree/master/actionpack
+* https://github.com/rails/rails/tree/4-0-stable/actionpack
 
 
 == License

data/lib/abstract_controller/callbacks.rb

@@ -36,7 +36,7 @@ module AbstractController
       def _normalize_callback_option(options, from, to) # :nodoc:
         if from = options[from]
           from = Array(from).map {|o| "action_name == '#{o}'"}.join(" || ")
-          options[to] = Array(options[to]) << from
+          options[to] = Array(options[to]).unshift(from)
         end
       end
 

data/lib/abstract_controller/helpers.rb

@@ -150,7 +150,12 @@ module AbstractController
           @error = error
           @path  = "helpers/#{path}.rb"
           set_backtrace error.backtrace
-          super("Missing helper file helpers/%s.rb" % path)
+
+          if error.path =~ /^#{path}(\.rb)?$/
+            super("Missing helper file helpers/%s.rb" % path)
+          else
+            raise error
+          end
         end
       end
 

data/lib/action_controller/base.rb

@@ -59,7 +59,7 @@ module ActionController
   #   <input type="text" name="post[address]" value="hyacintvej">
   #
   # A request stemming from a form holding these inputs will include <tt>{ "post" => { "name" => "david", "address" => "hyacintvej" } }</tt>.
-  # If the address input had been named "post[address][street]", the params would have included
+  # If the address input had been named <tt>post[address][street]</tt>, the params would have included
   # <tt>{ "post" => { "address" => { "street" => "hyacintvej" } } }</tt>. There's no limit to the depth of the nesting.
   #
   # == Sessions

data/lib/action_controller/metal/flash.rb

@@ -20,7 +20,7 @@ module ActionController #:nodoc:
           end
           helper_method type
 
-          _flash_types << type
+          self._flash_types += [type]
         end
       end
     end

data/lib/action_controller/metal/strong_parameters.rb

@@ -201,6 +201,7 @@ module ActionController
     # You may declare that the parameter should be an array of permitted scalars
     # by mapping it to an empty array:
     #
+    #   params = ActionController::Parameters.new(tags: ['rails', 'parameters'])
     #   params.permit(tags: [])
     #
     # You can also use +permit+ on nested parameters, like:
@@ -328,7 +329,7 @@ module ActionController
       def each_element(object)
         if object.is_a?(Array)
           object.map { |el| yield el }.compact
-        elsif object.is_a?(Hash) && object.keys.all? { |k| k =~ /\A-?\d+\z/ }
+        elsif fields_for_style?(object)
           hash = object.class.new
           object.each { |k,v| hash[k] = yield v }
           hash
@@ -337,6 +338,10 @@ module ActionController
         end
       end
 
+      def fields_for_style?(object)
+        object.is_a?(Hash) && object.all? { |k, v| k =~ /\A-?\d+\z/ && v.is_a?(Hash) }
+      end
+
       def unpermitted_parameters!(params)
         unpermitted_keys = unpermitted_keys(params)
         if unpermitted_keys.any?
@@ -415,7 +420,7 @@ module ActionController
 
         # Slicing filters out non-declared keys.
         slice(*filter.keys).each do |key, value|
-          return unless value
+          next unless value
 
           if filter[key] == EMPTY_ARRAY
             # Declaration { comment_ids: [] }.

data/lib/action_controller/test_case.rb

@@ -552,7 +552,7 @@ module ActionController
         parameters ||= {}
         controller_class_name = @controller.class.anonymous? ?
           "anonymous" :
-          @controller.class.name.underscore.sub(/_controller$/, '')
+          @controller.class.controller_path
 
         @request.assign_parameters(@routes, controller_class_name, action.to_s, parameters)
 

data/lib/action_dispatch/http/mime_type.rb

@@ -179,7 +179,7 @@ module Mime
       def parse(accept_header)
         if accept_header !~ /,/
           accept_header = accept_header.split(PARAMETER_SEPARATOR_REGEXP).first
-          parse_trailing_star(accept_header) || [Mime::Type.lookup(accept_header)]
+          parse_trailing_star(accept_header) || [Mime::Type.lookup(accept_header)].compact
         else
           list, index = AcceptList.new, 0
           accept_header.split(',').each do |header|

data/lib/action_dispatch/http/response.rb

@@ -198,7 +198,9 @@ module ActionDispatch # :nodoc:
       if body.respond_to?(:to_path)
         @stream = body
       else
-        @stream = build_buffer self, munge_body_object(body)
+        synchronize do
+          @stream = build_buffer self, munge_body_object(body)
+        end
       end
     end
 

data/lib/action_dispatch/journey/formatter.rb

@@ -18,7 +18,11 @@ module ActionDispatch
 
         match_route(name, constraints) do |route|
           parameterized_parts = extract_parameterized_parts(route, options, recall, parameterize)
-          next if !name && route.requirements.empty? && route.parts.empty?
+
+          # Skip this route unless a name has been provided or it is a
+          # standard Rails route since we can't determine whether an options
+          # hash passed to url_for matches a Rack application or a redirect.
+          next unless name || route.dispatcher?
 
           missing_keys = missing_keys(route, parameterized_parts)
           next unless missing_keys.empty?

data/lib/action_dispatch/journey/gtg/transition_table.rb

@@ -9,8 +9,8 @@ module ActionDispatch
         attr_reader :memos
 
         def initialize
-          @regexp_states = Hash.new { |h,k| h[k] = {} }
-          @string_states = Hash.new { |h,k| h[k] = {} }
+          @regexp_states = {}
+          @string_states = {}
           @accepting     = {}
           @memos         = Hash.new { |h,k| h[k] = [] }
         end
@@ -111,14 +111,8 @@ module ActionDispatch
         end
 
         def []=(from, to, sym)
-          case sym
-          when String
-            @string_states[from][sym] = to
-          when Regexp
-            @regexp_states[from][sym] = to
-          else
-            raise ArgumentError, 'unknown symbol: %s' % sym.class
-          end
+          to_mappings = states_hash_for(sym)[from] ||= {}
+          to_mappings[sym] = to
         end
 
         def states
@@ -137,18 +131,35 @@ module ActionDispatch
 
         private
 
+          def states_hash_for(sym)
+            case sym
+            when String
+              @string_states
+            when Regexp
+              @regexp_states
+            else
+              raise ArgumentError, 'unknown symbol: %s' % sym.class
+            end
+          end
+
           def move_regexp(t, a)
             return [] if t.empty?
 
             t.map { |s|
-              @regexp_states[s].map { |re, v| re === a ? v : nil }
+              if states = @regexp_states[s]
+                states.map { |re, v| re === a ? v : nil }
+              end
             }.flatten.compact.uniq
           end
 
           def move_string(t, a)
             return [] if t.empty?
 
-            t.map { |s| @string_states[s][a] }.compact
+            t.map do |s|
+              if states = @string_states[s]
+                states[a]
+              end
+            end.compact
           end
       end
     end

data/lib/action_dispatch/journey/route.rb

@@ -16,6 +16,14 @@ module ActionDispatch
         @app         = app
         @path        = path
 
+        # Unwrap any constraints so we can see what's inside for route generation.
+        # This allows the formatter to skip over any mounted applications or redirects
+        # that shouldn't be matched when using a url_for without a route name.
+        while app.is_a?(Routing::Mapper::Constraints) do
+          app = app.app
+        end
+        @dispatcher  = app.is_a?(Routing::RouteSet::Dispatcher)
+
         @constraints = constraints
         @defaults    = defaults
         @required_defaults = nil
@@ -93,6 +101,10 @@ module ActionDispatch
         end
       end
 
+      def dispatcher?
+        @dispatcher
+      end
+
       def matches?(request)
         constraints.all? do |method, value|
           next true unless request.respond_to?(method)

data/lib/action_dispatch/journey/router/utils.rb

@@ -7,15 +7,18 @@ module ActionDispatch
         # Normalizes URI path.
         #
         # Strips off trailing slash and ensures there is a leading slash.
+        # Also converts downcase url encoded string to uppercase.
         #
         #   normalize_path("/foo")  # => "/foo"
         #   normalize_path("/foo/") # => "/foo"
         #   normalize_path("foo")   # => "/foo"
         #   normalize_path("")      # => "/"
+        #   normalize_path("/%ab")  # => "/%AB"
         def self.normalize_path(path)
           path = "/#{path}"
           path.squeeze!('/')
           path.sub!(%r{/+\Z}, '')
+          path.gsub!(/(%[a-f0-9]{2}+)/) { $1.upcase }
           path = '/' if path == ''
           path
         end

data/lib/action_dispatch/journey/routes.rb

@@ -30,6 +30,7 @@ module ActionDispatch
 
       def clear
         routes.clear
+        named_routes.clear
       end
 
       def partitioned_routes

data/lib/action_dispatch/journey/visitors.rb

@@ -1,10 +1,13 @@
 # encoding: utf-8
+
+require 'thread_safe'
+
 module ActionDispatch
   module Journey # :nodoc:
     module Visitors # :nodoc:
       class Visitor # :nodoc:
-        DISPATCH_CACHE = Hash.new { |h,k|
-          h[k] = "visit_#{k}"
+        DISPATCH_CACHE = ThreadSafe::Cache.new { |h,k|
+          h[k] = :"visit_#{k}"
         }
 
         def accept(node)

data/lib/action_dispatch/middleware/cookies.rb

@@ -160,7 +160,7 @@ module ActionDispatch
           end
       end
 
-      # Returns the +signed+ or +encrypted jar, preferring +encrypted+ if +secret_key_base+ is set.
+      # Returns the +signed+ or +encrypted+ jar, preferring +encrypted+ if +secret_key_base+ is set.
       # Used by ActionDispatch::Session::CookieStore to avoid the need to introduce new cookie stores.
       def signed_or_encrypted
         @signed_or_encrypted ||=

data/lib/action_dispatch/middleware/params_parser.rb

@@ -41,7 +41,7 @@ module ActionDispatch
         when Proc
           strategy.call(request.raw_post)
         when :json
-          data = ActiveSupport::JSON.decode(request.body)
+          data = ActiveSupport::JSON.decode(request.raw_post)
           data = {:_json => data} unless data.is_a?(Hash)
           request.deep_munge(data).with_indifferent_access
         else

data/lib/action_dispatch/middleware/remote_ip.rb

@@ -143,7 +143,7 @@ module ActionDispatch
         # proxies with incompatible IP header conventions, and there is no way
         # for us to determine which header is the right one after the fact.
         # Since we have no idea, we give up and explode.
-        should_check_ip = @check_ip && client_ips.last
+        should_check_ip = @check_ip && client_ips.last && forwarded_ips.last
         if should_check_ip && !forwarded_ips.include?(client_ips.last)
           # We don't know which came from the proxy, and which from the user
           raise IpSpoofAttackError, "IP spoofing attack?! " +

data/lib/action_dispatch/middleware/ssl.rb

@@ -36,8 +36,7 @@ module ActionDispatch
         url.scheme = "https"
         url.host   = @host if @host
         url.port   = @port if @port
-        headers    = hsts_headers.merge('Content-Type' => 'text/html',
-                                        'Location'     => url.to_s)
+        headers    = { 'Content-Type' => 'text/html', 'Location' => url.to_s }
 
         [301, headers, []]
       end
@@ -58,7 +57,7 @@ module ActionDispatch
           cookies = cookies.split("\n")
 
           headers['Set-Cookie'] = cookies.map { |cookie|
-            if cookie !~ /;\s+secure(;|$)/
+            if cookie !~ /;\s+secure(;|$)/i
               "#{cookie}; secure"
             else
               cookie

data/lib/action_dispatch/routing/mapper.rb

@@ -515,6 +515,11 @@ module ActionDispatch
           end
         end
 
+        # Query if the following named route was already defined.
+        def has_named_route?(name)
+          @set.named_routes.routes[name.to_sym]
+        end
+
         private
           def app_name(app)
             return unless app.respond_to?(:routes)

data/lib/action_dispatch/routing/redirection.rb

@@ -30,6 +30,10 @@ module ActionDispatch
         uri.host   ||= req.host
         uri.port   ||= req.port unless req.standard_port?
 
+        if relative_path?(uri.path)
+          uri.path = "#{req.script_name}/#{uri.path}"
+        end
+
         body = %(<html><body>You are being <a href="#{ERB::Util.h(uri.to_s)}">redirected</a>.</body></html>)
 
         headers = {
@@ -48,6 +52,11 @@ module ActionDispatch
       def inspect
         "redirect(#{status})"
       end
+
+      private
+        def relative_path?(path)
+          path && !path.empty? && path[0] != '/'
+        end
     end
 
     class PathRedirect < Redirect
@@ -81,6 +90,11 @@ module ActionDispatch
           url_options[:path] = (url_options[:path] % escape_path(params))
         end
 
+        if relative_path?(url_options[:path])
+          url_options[:path] = "/#{url_options[:path]}"
+          url_options[:script_name] = request.script_name
+        end
+
         ActionDispatch::Http::URL.url_for url_options
       end
 
@@ -104,6 +118,10 @@ module ActionDispatch
       #
       #   get 'docs/:article', to: redirect('/wiki/%{article}')
       #
+      # Note that if you return a path without a leading slash then the url is prefixed with the
+      # current SCRIPT_NAME environment variable. This is typically '/' but may be different in
+      # a mounted engine or where the application is deployed to a subdirectory of a website.
+      #
       # Alternatively you can use one of the other syntaxes:
       #
       # The block version of redirect allows for the easy encapsulation of any logic associated with

data/lib/action_dispatch/routing/route_set.rb

@@ -186,10 +186,16 @@ module ActionDispatch
               klass = Journey::Router::Utils
 
               @path_parts.zip(args) do |part, arg|
+                parameterized_arg = arg.to_param
+
+                if parameterized_arg.nil? || parameterized_arg.empty?
+                  raise_generation_error(args)
+                end
+
                 # Replace each route parameter
                 # e.g. :id for regular parameter or *path for globbing
                 # with ruby string interpolation code
-                path.gsub!(/(\*|:)#{part}/, klass.escape_fragment(arg.to_param))
+                path.gsub!(/(\*|:)#{part}/, klass.escape_fragment(parameterized_arg))
               end
               path
             end
@@ -197,6 +203,25 @@ module ActionDispatch
             def optimize_routes_generation?(t)
               t.send(:optimize_routes_generation?)
             end
+
+            def raise_generation_error(args)
+              parts, missing_keys = [], []
+
+              @path_parts.zip(args) do |part, arg|
+                parameterized_arg = arg.to_param
+
+                if parameterized_arg.nil? || parameterized_arg.empty?
+                  missing_keys << part
+                end
+
+                parts << [part, arg]
+              end
+
+              message = "No route matches #{Hash[parts].inspect}"
+              message << " missing required keys: #{missing_keys.inspect}"
+
+              raise ActionController::UrlGenerationError, message
+            end
           end
 
           def initialize(route, options)

data/lib/action_dispatch/testing/assertions/dom.rb

@@ -7,20 +7,20 @@ module ActionDispatch
       #
       #   # assert that the referenced method generates the appropriate HTML string
       #   assert_dom_equal '<a href="http://www.example.com">Apples</a>', link_to("Apples", "http://www.example.com")
-      def assert_dom_equal(expected, actual, message = "")
+      def assert_dom_equal(expected, actual, message = nil)
         expected_dom = HTML::Document.new(expected).root
         actual_dom   = HTML::Document.new(actual).root
-        assert_equal expected_dom, actual_dom
+        assert_equal expected_dom, actual_dom, message
       end
 
       # The negated form of +assert_dom_equivalent+.
       #
       #   # assert that the referenced method does not generate the specified HTML string
       #   assert_dom_not_equal '<a href="http://www.example.com">Apples</a>', link_to("Oranges", "http://www.example.com")
-      def assert_dom_not_equal(expected, actual, message = "")
+      def assert_dom_not_equal(expected, actual, message = nil)
         expected_dom = HTML::Document.new(expected).root
         actual_dom   = HTML::Document.new(actual).root
-        assert_not_equal expected_dom, actual_dom
+        assert_not_equal expected_dom, actual_dom, message
       end
     end
   end

data/lib/action_dispatch/testing/test_request.rb

@@ -3,7 +3,11 @@ require 'rack/utils'
 
 module ActionDispatch
   class TestRequest < Request
-    DEFAULT_ENV = Rack::MockRequest.env_for('/')
+    DEFAULT_ENV = Rack::MockRequest.env_for('/',
+      'HTTP_HOST'       => 'test.host',
+      'REMOTE_ADDR'     => '0.0.0.0',
+      'HTTP_USER_AGENT' => 'Rails Testing'
+    )
 
     def self.new(env = {})
       super
@@ -12,10 +16,6 @@ module ActionDispatch
     def initialize(env = {})
       env = Rails.application.env_config.merge(env) if defined?(Rails.application) && Rails.application
       super(default_env.merge(env))
-
-      self.host        = 'test.host'
-      self.remote_addr = '0.0.0.0'
-      self.user_agent  = 'Rails Testing'
     end
 
     def request_method=(method)

data/lib/action_pack/version.rb

@@ -1,7 +1,7 @@
 module ActionPack
   # Returns the version of the currently loaded ActionPack as a Gem::Version
   def self.version
-    Gem::Version.new "4.0.0"
+    Gem::Version.new "4.0.1.rc1"
   end
 
   module VERSION #:nodoc:

data/lib/action_view/dependency_tracker.rb

@@ -74,7 +74,7 @@ module ActionView
             # render(@topic)         => render("topics/topic")
             # render(topics)         => render("topics/topic")
             # render(message.topics) => render("topics/topic")
-            collect { |name| name.sub(/\A@?([a-z]+\.)*([a-z_]+)\z/) { "#{$2.pluralize}/#{$2.singularize}" } }.
+            collect { |name| name.sub(/\A@?([a-z_]+\.)*([a-z_]+)\z/) { "#{$2.pluralize}/#{$2.singularize}" } }.
 
             # render("headline") => render("message/headline")
             collect { |name| name.include?("/") ? name : "#{directory}/#{name}" }.

data/lib/action_view/digestor.rb

@@ -1,16 +1,44 @@
 require 'thread_safe'
 require 'action_view/dependency_tracker'
+require 'monitor'
 
 module ActionView
   class Digestor
     cattr_reader(:cache)
-    @@cache = ThreadSafe::Cache.new
+    @@cache          = ThreadSafe::Cache.new
+    @@digest_monitor = Monitor.new
+
+    class << self
+      def digest(name, format, finder, options = {})
+        cache_key = ([name, format] + Array.wrap(options[:dependencies])).join('.')
+        # this is a correctly done double-checked locking idiom
+        # (ThreadSafe::Cache's lookups have volatile semantics)
+        @@cache[cache_key] || @@digest_monitor.synchronize do
+          @@cache.fetch(cache_key) do # re-check under lock
+            compute_and_store_digest(cache_key, name, format, finder, options)
+          end
+        end
+      end
+
+      private
+      def compute_and_store_digest(cache_key, name, format, finder, options) # called under @@digest_monitor lock
+        klass = if options[:partial] || name.include?("/_")
+          # Prevent re-entry or else recursive templates will blow the stack.
+          # There is no need to worry about other threads seeing the +false+ value,
+          # as they will then have to wait for this thread to let go of the @@digest_monitor lock.
+          pre_stored = @@cache.put_if_absent(cache_key, false).nil? # put_if_absent returns nil on insertion
+          PartialDigestor
+        else
+          Digestor
+        end
 
-    def self.digest(name, format, finder, options = {})
-      cache_key = [name, format] + Array.wrap(options[:dependencies])
-      @@cache[cache_key.join('.')] ||= begin
-        klass = options[:partial] || name.include?("/_") ? PartialDigestor : Digestor
-        klass.new(name, format, finder, options).digest
+        digest = klass.new(name, format, finder, options).digest
+        # Store the actual digest if config.cache_template_loading is true
+        @@cache[cache_key] = stored_digest = digest if ActionView::Resolver.caching?
+        digest
+      ensure
+        # something went wrong or ActionView::Resolver.caching? is false, make sure not to corrupt the @@cache
+        @@cache.delete_pair(cache_key, false) if pre_stored && !stored_digest 
       end
     end
 

data/lib/action_view/helpers/date_helper.rb

@@ -539,7 +539,7 @@ module ActionView
       #   my_date = Time.now + 2.days
       #
       #   # Generates a select field for days that defaults to the day for the date in my_date.
-      #   select_day(my_time)
+      #   select_day(my_date)
       #
       #   # Generates a select field for days that defaults to the number given.
       #   select_day(5)
@@ -549,7 +549,7 @@ module ActionView
       #
       #   # Generates a select field for days that defaults to the day for the date in my_date
       #   # that is named 'due' rather than 'day'.
-      #   select_day(my_time, field_name: 'due')
+      #   select_day(my_date, field_name: 'due')
       #
       #   # Generates a select field for days with a custom prompt. Use <tt>prompt: true</tt> for a
       #   # generic prompt.

data/lib/action_view/helpers/form_helper.rb

@@ -1172,7 +1172,7 @@ module ActionView
     # methods in the +FormHelper+ module. This class, however, allows you to
     # call methods with the model object you are building the form for.
     #
-    # You can create your own custom FormBuilder templates by subclasses this
+    # You can create your own custom FormBuilder templates by subclassing this
     # class. For example:
     #
     #   class MyFormBuilder < ActionView::Helpers::FormBuilder

data/lib/action_view/helpers/form_options_helper.rb

@@ -97,14 +97,17 @@ module ActionView
       # Create a select tag and a series of contained option tags for the provided object and method.
       # The option currently held by the object will be selected, provided that the object is available.
       #
-      # There are two possible formats for the choices parameter, corresponding to other helpers' output:
-      #   * A flat collection: see options_for_select
-      #   * A nested collection: see grouped_options_for_select
+      # There are two possible formats for the +choices+ parameter, corresponding to other helpers' output:
+      #
+      # * A flat collection (see +options_for_select+).
+      #
+      # * A nested collection (see +grouped_options_for_select+).
+      #
+      # For example:
       #
-      # Example with @post.person_id => 1:
       #   select("post", "person_id", Person.all.collect {|p| [ p.name, p.id ] }, { include_blank: true })
       #
-      # could become:
+      # would become:
       #
       #   <select name="post[person_id]">
       #     <option value=""></option>
@@ -113,6 +116,8 @@ module ActionView
       #     <option value="3">Tobias</option>
       #   </select>
       #
+      # assuming the associated person has ID 1.
+      #
       # This can be used to provide a default set of options in the standard way: before rendering the create form, a
       # new model instance is assigned the default options and bound to @model_name. Usually this model is not saved
       # to the database. Instead, a second model object is created when the create request is received.
@@ -654,7 +659,7 @@ module ActionView
       #
       # Example object structure for use with this method:
       #   class Post < ActiveRecord::Base
-      #     has_and_belongs_to_many :author
+      #     has_and_belongs_to_many :authors
       #   end
       #   class Author < ActiveRecord::Base
       #     has_and_belongs_to_many :posts

data/lib/action_view/helpers/tags/base.rb

@@ -119,7 +119,8 @@ module ActionView
           html_options = html_options.stringify_keys
           add_default_name_and_id(html_options)
           options[:include_blank] ||= true unless options[:prompt] || select_not_required?(html_options)
-          select = content_tag("select", add_options(option_tags, options, value(object)), html_options)
+          value = options.fetch(:selected) { value(object) }
+          select = content_tag("select", add_options(option_tags, options, value), html_options)
 
           if html_options["multiple"] && options.fetch(:include_hidden, true)
             tag("input", :disabled => html_options["disabled"], :name => html_options["name"], :type => "hidden", :value => "") + select

data/lib/action_view/helpers/tags/collection_check_boxes.rb

@@ -27,7 +27,8 @@ module ActionView
 
           # Append a hidden field to make sure something will be sent back to the
           # server if all check boxes are unchecked.
-          hidden = @template_object.hidden_field_tag("#{tag_name}[]", "", :id => nil)
+          hidden_name = @html_options[:name] || "#{tag_name}[]"
+          hidden = @template_object.hidden_field_tag(hidden_name, "", :id => nil)
 
           rendered_collection + hidden
         end

data/lib/action_view/helpers/tags/collection_helpers.rb

@@ -18,7 +18,8 @@ module ActionView
           end
 
           def label(label_html_options={}, &block)
-            @template_object.label(@object_name, @sanitized_attribute_name, @text, label_html_options, &block)
+            html_options = label_html_options.merge(@input_html_options)
+            @template_object.label(@object_name, @sanitized_attribute_name, @text, html_options, &block)
           end
         end
 

data/lib/action_view/helpers/tags/color_field.rb

@@ -4,7 +4,7 @@ module ActionView
       class ColorField < TextField # :nodoc:
         def render
           options = @options.stringify_keys
-          options["value"] = @options.fetch("value") { validate_color_string(value(object)) }
+          options["value"] = options.fetch("value") { validate_color_string(value(object)) }
           @options = options
           super
         end

data/lib/action_view/helpers/tags/datetime_field.rb

@@ -4,7 +4,7 @@ module ActionView
       class DatetimeField < TextField # :nodoc:
         def render
           options = @options.stringify_keys
-          options["value"] = @options.fetch("value") { format_date(value(object)) }
+          options["value"] = options.fetch("value") { format_date(value(object)) }
           options["min"] = format_date(options["min"])
           options["max"] = format_date(options["max"])
           @options = options

data/lib/action_view/helpers/tags/label.rb

@@ -30,6 +30,7 @@ module ActionView
           add_default_name_and_id_for_value(tag_value, name_and_id)
           options.delete("index")
           options.delete("namespace")
+          options.delete("multiple")
           options["for"] = name_and_id["id"] unless options.key?("for")
 
           if block_given?

data/lib/action_view/helpers/tags/text_area.rb

@@ -10,7 +10,7 @@ module ActionView
             options["cols"], options["rows"] = size.split("x") if size.respond_to?(:split)
           end
 
-          content_tag("textarea", options.delete('value') || value_before_type_cast(object), options)
+          content_tag("textarea", options.delete("value") { value_before_type_cast(object) }, options)
         end
       end
     end

data/lib/action_view/helpers/tags/text_field.rb

@@ -5,8 +5,8 @@ module ActionView
         def render
           options = @options.stringify_keys
           options["size"] = options["maxlength"] unless options.key?("size")
-          options["type"]  ||= field_type
-          options["value"] = options.fetch("value"){ value_before_type_cast(object) } unless field_type == "file"
+          options["type"] ||= field_type
+          options["value"] = options.fetch("value") { value_before_type_cast(object) } unless field_type == "file"
           options["value"] &&= ERB::Util.html_escape(options["value"])
           add_default_name_and_id(options)
           tag("input", options)

data/lib/action_view/helpers/text_helper.rb

@@ -150,7 +150,7 @@ module ActionView
       def excerpt(text, phrase, options = {})
         return unless text && phrase
 
-        separator = options.fetch(:separator, "")
+        separator = options[:separator] || ''
         phrase    = Regexp.escape(phrase)
         regex     = /#{phrase}/i
 
@@ -169,7 +169,8 @@ module ActionView
         prefix, first_part   = cut_excerpt_part(:first, first_part, separator, options)
         postfix, second_part = cut_excerpt_part(:second, second_part, separator, options)
 
-        prefix + (first_part + separator + phrase + separator + second_part).strip + postfix
+        affix = [first_part, separator, phrase, separator, second_part].join.strip
+        [prefix, affix, postfix].join
       end
 
       # Attempts to pluralize the +singular+ word unless +count+ is 1. If

data/lib/action_view/helpers/url_helper.rb

@@ -172,7 +172,7 @@ module ActionView
       #   link_to "Visit Other Site", "http://www.rubyonrails.org/", data: { confirm: "Are you sure?" }
       #   # => <a href="http://www.rubyonrails.org/" data-confirm="Are you sure?">Visit Other Site</a>
       def link_to(name = nil, options = nil, html_options = nil, &block)
-        html_options, options = options, name if block_given?
+        html_options, options, name = options, name, block if block_given?
         options ||= {}
 
         html_options = convert_options_to_data_attributes(options, html_options)
@@ -380,7 +380,7 @@ module ActionView
           if block_given?
             block.arity <= 1 ? capture(name, &block) : capture(name, options, html_options, &block)
           else
-            name
+            ERB::Util.html_escape(name)
           end
         else
           link_to(name, options, html_options)
@@ -528,12 +528,13 @@ module ActionView
 
         return false unless request.get? || request.head?
 
-        url_string = url_for(options)
+        url_string = URI.parser.unescape(url_for(options)).force_encoding(Encoding::BINARY)
 
         # We ignore any extra parameters in the request_uri if the
         # submitted url doesn't have any either. This lets the function
         # work with things like ?order=asc
         request_uri = url_string.index("?") ? request.fullpath : request.path
+        request_uri = URI.parser.unescape(request_uri).force_encoding(Encoding::BINARY)
 
         if url_string =~ /^\w+:\/\//
           url_string == "#{request.protocol}#{request.host_with_port}#{request_uri}"

data/lib/action_view/railtie.rb

@@ -35,5 +35,9 @@ module ActionView
         end
       end
     end
+
+    rake_tasks do
+      load "action_view/tasks/dependencies.rake"
+    end
   end
 end

data/lib/action_view/renderer/template_renderer.rb

@@ -11,7 +11,7 @@ module ActionView
       prepend_formats(template.formats)
 
       unless context.rendered_format
-        context.rendered_format = template.formats.first || formats.last
+        context.rendered_format = template.formats.first || formats.first
       end
 
       render_template(template, options[:layout], options[:locals])

data/lib/action_view/tasks/dependencies.rake

@@ -0,0 +1,17 @@
+namespace :cache_digests do
+  desc 'Lookup nested dependencies for TEMPLATE (like messages/show or comments/_comment.html)'
+  task :nested_dependencies => :environment do
+    abort 'You must provide TEMPLATE for the task to run' unless ENV['TEMPLATE'].present?
+    template, format = ENV['TEMPLATE'].split(".")
+    format ||= :html
+    puts JSON.pretty_generate ActionView::Digestor.new(template, format, ApplicationController.new.lookup_context).nested_dependencies
+  end
+
+  desc 'Lookup first-level dependencies for TEMPLATE (like messages/show or comments/_comment.html)'
+  task :dependencies => :environment do
+    abort 'You must provide TEMPLATE for the task to run' unless ENV['TEMPLATE'].present?
+    template, format = ENV['TEMPLATE'].split(".")
+    format ||= :html
+    puts JSON.pretty_generate ActionView::Digestor.new(template, format, ApplicationController.new.lookup_context).dependencies
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionpack
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.0.1.rc1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-25 00:00:00.000000000 Z
+date: 2013-10-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: 4.0.1.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: 4.0.1.rc1
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: 4.0.1.rc1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: 4.0.1.rc1
 - !ruby/object:Gem::Dependency
   name: tzinfo
   requirement: !ruby/object:Gem::Requirement
@@ -340,6 +340,7 @@ files:
 - lib/action_view/renderer/streaming_template_renderer.rb
 - lib/action_view/renderer/template_renderer.rb
 - lib/action_view/routing_url_for.rb
+- lib/action_view/tasks/dependencies.rake
 - lib/action_view/template/error.rb
 - lib/action_view/template/handlers/builder.rb
 - lib/action_view/template/handlers/erb.rb
@@ -374,13 +375,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements:
 - none
 rubyforge_project: 
-rubygems_version: 2.0.2
+rubygems_version: 2.0.6
 signing_key: 
 specification_version: 4
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).