actionpack 4.0.9 → 4.0.10.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 149b41f4bdf886526ec9d02da217b3a8a143f557
-  data.tar.gz: 45a4863f566004ce4ff5e426b50e91371a11c130
+  metadata.gz: cd43145594399a05d255770b5f2c029e36b982ae
+  data.tar.gz: d2f1c113b92c0368f77926e26507eb0d2de3c4e4
 SHA512:
-  metadata.gz: e9a36f1c4b1d5ad8b9f3ea29c15ccadca1f34e8a959005159d0b361424bd0663c7c4cbc1e0e910c8188f3526adc737a0ea79ff2e03798876302a99bd82a93086
-  data.tar.gz: 5d37d9e06810aca22e045aaa9c497d7fe5e2f2e6ddc5c6be8ab2bbbd3f02ff20357631e2a5afd0ce6307d4555d7cb51fcbf326b8e1165275534e171344de4c37
+  metadata.gz: ac65bb134270c2bc62d9709576005fce9f406d500f060107863648d8728c5980d48fef896020a7347720aec2894793f733763e34b6f6fdc4df36603e34acadd7
+  data.tar.gz: 09c76ad858958fcee3ff047cf6167914bb3c242e53fbc0dff077fa259b5a18533bd9659b7ce6b49fe711f64592c9ce9ca2bdbd298304ca79b30a1023a6bd4741

data/CHANGELOG.md

@@ -1,3 +1,49 @@
+## Rails 4.0.10 (August 19, 2014) ##
+
+*   Return an absolute instead of relative path from an asset url in the case
+    of the `asset_host` proc returning nil
+
+    *Jolyon Pawlyn*
+
+*   Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671
+    ("Rosetta Flash")
+
+    *Greg Campbell*
+
+*   Generate shallow paths for all children of shallow resources.
+
+    Fixes #15783.
+
+    *Seb Jacobs*
+
+*   JSONP responses are now rendered with the `text/javascript` content type
+    when rendering through a `respond_to` block.
+
+    Fixes #15081.
+
+    *Lucas Mazza*
+
+*   Added `config.action_view.raise_on_missing_translations` to define whether an
+    error should be raised for missing translations.
+
+    Fixes #13196
+
+    *Kassio Borges*
+
+*   ActionController::Parameters#require now accepts `false` values.
+
+    Fixes #15685.
+
+    *Sergio Romano*
+
+*   With authorization header `Authorization: Token token=`, `authenticate` now
+    recognize token as nil, instead of "token".
+
+    Fixes #14846.
+
+    *Larry Lv*
+
+
 ## Rails 4.0.9 (August 18, 2014) ##
 
 *No changes*

data/lib/abstract_controller/base.rb

@@ -253,7 +253,7 @@ module AbstractController
 
       # Checks if the action name is valid and returns false otherwise.
       def _valid_action_name?(action_name)
-        action_name.to_s !~ Regexp.new(File::SEPARATOR)
+        !action_name.to_s.include? File::SEPARATOR
       end
   end
 end

data/lib/action_controller/metal/http_authentication.rb

@@ -109,8 +109,8 @@ module ActionController
 
       def authentication_request(controller, realm)
         controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
-        controller.response_body = "HTTP Basic: Access denied.\n"
         controller.status = 401
+        controller.response_body = "HTTP Basic: Access denied.\n"
       end
     end
 
@@ -244,8 +244,8 @@ module ActionController
       def authentication_request(controller, realm, message = nil)
         message ||= "HTTP Digest: Access denied.\n"
         authentication_header(controller, realm)
-        controller.response_body = message
         controller.status = 401
+        controller.response_body = message
       end
 
       def secret_token(request)
@@ -437,7 +437,7 @@ module ActionController
         authorization_request = request.authorization.to_s
         if authorization_request[TOKEN_REGEX]
           params = token_params_from authorization_request
-          [params.shift.last, Hash[params].with_indifferent_access]
+          [params.shift[1], Hash[params].with_indifferent_access]
         end
       end
 
@@ -452,7 +452,7 @@ module ActionController
 
       # This removes the `"` characters wrapping the value.
       def rewrite_param_values(array_params)
-        array_params.each { |param| param.last.gsub! %r/^"|"$/, '' }
+        array_params.each { |param| (param[1] || "").gsub! %r/^"|"$/, '' }
       end
 
       # This method takes an authorization body and splits up the key-value

data/lib/action_controller/metal/redirecting.rb

@@ -64,6 +64,7 @@ module ActionController
     # behavior for this case by rescuing ActionController::RedirectBackError.
     def redirect_to(options = {}, response_status = {}) #:doc:
       raise ActionControllerError.new("Cannot redirect to nil!") unless options
+      raise ActionControllerError.new("Cannot redirect to a parameter hash!") if options.is_a?(ActionController::Parameters)
       raise AbstractController::DoubleRenderError if response_body
 
       self.status        = _extract_redirect_to_status(options, response_status)

data/lib/action_controller/metal/renderers.rb

@@ -90,8 +90,11 @@ module ActionController
       json = json.to_json(options) unless json.kind_of?(String)
 
       if options[:callback].present?
-        self.content_type ||= Mime::JS
-        "#{options[:callback]}(#{json})"
+        if self.content_type.nil? || self.content_type == Mime::JSON
+          self.content_type = Mime::JS
+        end
+
+        "/**/#{options[:callback]}(#{json})"
       else
         self.content_type ||= Mime::JSON
         json

data/lib/action_controller/metal/strong_parameters.rb

@@ -180,7 +180,12 @@ module ActionController
     #   ActionController::Parameters.new(person: {}).require(:person)
     #   # => ActionController::ParameterMissing: param not found: person
     def require(key)
-      self[key].presence || raise(ParameterMissing.new(key))
+      value = self[key]
+      if value.present? || value == false
+        value
+      else
+        raise ParameterMissing.new(key)
+      end
     end
 
     # Alias of #require.

data/lib/action_dispatch/http/response.rb

@@ -169,7 +169,7 @@ module ActionDispatch # :nodoc:
     end
     alias_method :status_message, :message
 
-    def respond_to?(method)
+    def respond_to?(method, include_private = false)
       if method.to_s == 'to_path'
         stream.respond_to?(:to_path)
       else

data/lib/action_dispatch/middleware/session/cache_store.rb

@@ -16,9 +16,9 @@ module ActionDispatch
 
       # Get a session from the cache.
       def get_session(env, sid)
-        sid ||= generate_sid
-        session = @cache.read(cache_key(sid))
-        session ||= {}
+        unless sid and session = @cache.read(cache_key(sid))
+          sid, session = generate_sid, {}
+        end
         [sid, session]
       end
 

data/lib/action_dispatch/routing/mapper.rb

@@ -395,6 +395,12 @@ module ActionDispatch
         # [:action]
         #   The route's action.
         #
+        # [:param]
+        #   Overrides the default resource identifier `:id` (name of the
+        #   dynamic segment used to generate the routes).
+        #   You can access that segment from your controller using
+        #   <tt>params[<:param>]</tt>.
+        #
         # [:path]
         #   The path prefix for the routes.
         #
@@ -1372,7 +1378,7 @@ module ActionDispatch
           end
 
           with_scope_level(:nested) do
-            if shallow? && shallow_nesting_depth > 1
+            if shallow? && shallow_nesting_depth >= 1
               shallow_scope(parent_resource.nested_scope, nested_options) { yield }
             else
               scope(parent_resource.nested_scope, nested_options) { yield }

data/lib/action_pack/version.rb

@@ -1,7 +1,7 @@
 module ActionPack
   # Returns the version of the currently loaded ActionPack as a Gem::Version
   def self.version
-    Gem::Version.new "4.0.9"
+    Gem::Version.new "4.0.10.rc1"
   end
 
   module VERSION #:nodoc:

data/lib/action_view/base.rb

@@ -149,6 +149,10 @@ module ActionView #:nodoc:
     # Specify default_formats that can be rendered.
     cattr_accessor :default_formats
 
+    # Specify whether an error should be raised for missing translations
+    cattr_accessor :raise_on_missing_translations
+    @@raise_on_missing_translations = false
+
     class_attribute :_routes
     class_attribute :logger
 

data/lib/action_view/helpers/asset_url_helper.rb

@@ -192,7 +192,6 @@ module ActionView
       def compute_asset_host(source = "", options = {})
         request = self.request if respond_to?(:request)
         host = config.asset_host if defined? config.asset_host
-        host ||= request.base_url if request && options[:protocol] == :request
 
         if host.respond_to?(:call)
           arity = host.respond_to?(:arity) ? host.arity : host.method(:call).arity
@@ -203,6 +202,7 @@ module ActionView
           host = host % (Zlib.crc32(source) % 4)
         end
 
+        host ||= request.base_url if request && options[:protocol] == :request
         return unless host
 
         if host =~ URI_REGEXP

data/lib/action_view/helpers/sanitize_helper.rb

@@ -48,7 +48,7 @@ module ActionView
       # Change allowed default attributes
       #
       #   class Application < Rails::Application
-      #     config.action_view.sanitized_allowed_attributes = 'id', 'class', 'style'
+      #     config.action_view.sanitized_allowed_attributes = ['id', 'class', 'style']
       #   end
       #
       # Please note that sanitizing user-provided text does not guarantee that the
@@ -204,7 +204,7 @@ module ActionView
         # Adds to the Set of allowed HTML attributes for the +sanitize+ helper.
         #
         #   class Application < Rails::Application
-        #     config.action_view.sanitized_allowed_attributes = 'onclick', 'longdesc'
+        #     config.action_view.sanitized_allowed_attributes = ['onclick', 'longdesc']
         #   end
         #
         def sanitized_allowed_attributes=(attributes)

data/lib/action_view/helpers/translation_helper.rb

@@ -38,10 +38,10 @@ module ActionView
 
         # If the user has specified rescue_format then pass it all through, otherwise use
         # raise and do the work ourselves
-        if options.key?(:raise) || options.key?(:rescue_format)
-          raise_error = options[:raise] || options[:rescue_format]
-        else
-          raise_error = false
+        options[:raise] ||= ActionView::Base.raise_on_missing_translations
+
+        raise_error = options[:raise] || options.key?(:rescue_format)
+        unless raise_error
           options[:raise] = true
         end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionpack
 version: !ruby/object:Gem::Version
-  version: 4.0.9
+  version: 4.0.10.rc1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-18 00:00:00.000000000 Z
+date: 2014-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.9
+        version: 4.0.10.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.9
+        version: 4.0.10.rc1
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.9
+        version: 4.0.10.rc1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.0.9
+        version: 4.0.10.rc1
 - !ruby/object:Gem::Dependency
   name: tzinfo
   requirement: !ruby/object:Gem::Requirement
@@ -375,9 +375,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements:
 - none
 rubyforge_project: