actionview 6.0.0.beta3 → 6.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4233564ef5c23bc9a517b08297234c7b0a79e061fb666f88c908fb182e186716
-  data.tar.gz: 170f5a8f9fc725f26c483f7b5b7e900d2888ef7090ffa6d9c75940ffcc30af34
+  metadata.gz: d46b0e667c524b53bbcfd7291119c3078c1bcef2f379077610f11efa75cb7bcd
+  data.tar.gz: 3952ce8b418d28245b3ba4a0126435958facc728363abd50deb0e6b110556b65
 SHA512:
-  metadata.gz: a3abde252c689dbea7c168cd8f298ac63d5f6798ea64f7619260e10214b3df21a3feab194449de53d51e4e951d4bd747236f69536554f3dfd81b6738f52d15ae
-  data.tar.gz: 6d409d208552a764dc899bef3c3794f711ae9cea39ce2546630b1f6aed32e0685e00434683392ae7cdcc5b0a01bc5c812bb64b4e69ef267054050b586e6c6d46
+  metadata.gz: dfc23eddf6eeb31093fa017f53ebc46c5a115d1d0edbc3ab40747eb243d4516e99c74d5c6d497bcb9731a62ab224ecde5f62352b50f57ab384a9595ac6d2ae53
+  data.tar.gz: d8abfa6ea6c991820b67fb389c629f6b49d09610c1d0821e009084e475649b6aef7a861c620960ef58b9efa0d4a0709b9606690f6b19557910c0fd3946130f5f

data/CHANGELOG.md

@@ -1,22 +1,58 @@
+## Rails 6.0.0.rc1 (April 24, 2019) ##
+
+*   Fix partial caching skips same item issue
+
+    If we render cached collection partials with repeated items, those repeated items
+    will get skipped. For example, if you have 5 identical items in your collection, Rails
+    only renders the first one when `cached` is set to true. But it should render all
+    5 items instead.
+
+    Fixes #35114.
+
+    *Stan Lo*
+
+*   Only clear ActionView cache in development on file changes
+
+    To speed up development mode, view caches are only cleared when files in
+    the view paths have changed. Applications which have implemented custom
+    `ActionView::Resolver` subclasses may need to add their own cache clearing.
+
+    *John Hawthorn*
+
+*   Fix `ActionView::FixtureResolver` so that it handles template variants correctly.
+
+    *Edward Rudd*
+
+
 ## Rails 6.0.0.beta3 (March 11, 2019) ##
 
-*   No changes.
+*   Only accept formats from registered mime types
+
+    A lack of filtering on mime types could allow an attacker to read
+    arbitrary files on the target server or to perform a denial of service
+    attack.
+
+    Fixes CVE-2019-5418
+    Fixes CVE-2019-5419
+
+    *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
 
 
 ## Rails 6.0.0.beta2 (February 25, 2019) ##
 
-*   ActionView::Template.finalize_compiled_template_methods is deprecated with
+*   `ActionView::Template.finalize_compiled_template_methods` is deprecated with
     no replacement.
 
     *tenderlove*
 
-*   config.action_view.finalize_compiled_template_methods is deprecated with
+*   `config.action_view.finalize_compiled_template_methods` is deprecated with
     no replacement.
 
     *tenderlove*
 
 *   Ensure unique DOM IDs for collection inputs with float values.
-    Fixes #34974
+
+    Fixes #34974.
 
     *Mark Edmondson*
 

data/README.rdoc

@@ -5,6 +5,8 @@ view helpers that assist when building HTML forms, Atom feeds and more.
 Template formats that Action View handles are ERB (embedded Ruby, typically
 used to inline short Ruby snippets inside HTML), and XML Builder.
 
+You can read more about Action View in the {Action View Overview}[https://edgeguides.rubyonrails.org/action_view_overview.html] guide.
+
 == Download and installation
 
 The latest version of Action View can be installed with RubyGems:
@@ -27,7 +29,7 @@ Action View is released under the MIT license:
 
 API documentation is at
 
-* http://api.rubyonrails.org
+* https://api.rubyonrails.org
 
 Bug reports for the Ruby on Rails project can be filed here:
 

data/lib/action_view.rb

@@ -44,7 +44,7 @@ module ActionView
     autoload :Rendering
     autoload :RoutingUrlFor
     autoload :Template
-    autoload :FileTemplate
+    autoload :UnboundTemplate
     autoload :ViewPaths
 
     autoload_under "renderer" do
@@ -81,6 +81,7 @@ module ActionView
     end
   end
 
+  autoload :CacheExpiry
   autoload :TestCase
 
   def self.eager_load!

data/lib/action_view/base.rb

@@ -242,7 +242,7 @@ module ActionView #:nodoc:
       @_config = ActiveSupport::InheritableOptions.new
 
       unless formats == NULL
-        ActiveSupport::Deprecation.warn <<~eowarn
+        ActiveSupport::Deprecation.warn <<~eowarn.squish
         Passing formats to ActionView::Base.new is deprecated
         eowarn
       end
@@ -251,7 +251,7 @@ module ActionView #:nodoc:
       when ActionView::LookupContext
         @lookup_context = lookup_context
       else
-        ActiveSupport::Deprecation.warn <<~eowarn
+        ActiveSupport::Deprecation.warn <<~eowarn.squish
         ActionView::Base instances should be constructed with a lookup context,
         assignments, and a controller.
         eowarn
@@ -267,7 +267,7 @@ module ActionView #:nodoc:
       _prepare_context
     end
 
-    def run(method, template, locals, buffer, &block)
+    def _run(method, template, locals, buffer, &block)
       _old_output_buffer, _old_virtual_path, _old_template = @output_buffer, @virtual_path, @current_template
       @current_template = template
       @output_buffer = buffer
@@ -278,7 +278,7 @@ module ActionView #:nodoc:
 
     def compiled_method_container
       if self.class == ActionView::Base
-        ActiveSupport::Deprecation.warn <<~eowarn
+        ActiveSupport::Deprecation.warn <<~eowarn.squish
           ActionView::Base instances must implement `compiled_method_container`
           or use the class method `with_empty_template_cache` for constructing
           an ActionView::Base instances that has an empty cache.

data/lib/action_view/cache_expiry.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module ActionView
+  class CacheExpiry
+    class Executor
+      def initialize(watcher:)
+        @cache_expiry = CacheExpiry.new(watcher: watcher)
+      end
+
+      def before(target)
+        @cache_expiry.clear_cache_if_necessary
+      end
+    end
+
+    def initialize(watcher:)
+      @watched_dirs = nil
+      @watcher_class = watcher
+      @watcher = nil
+    end
+
+    def clear_cache_if_necessary
+      watched_dirs = dirs_to_watch
+      if watched_dirs != @watched_dirs
+        @watched_dirs = watched_dirs
+        @watcher = @watcher_class.new([], watched_dirs) do
+          clear_cache
+        end
+        @watcher.execute
+      else
+        @watcher.execute_if_updated
+      end
+    end
+
+    def clear_cache
+      ActionView::LookupContext::DetailsKey.clear
+    end
+
+    private
+
+      def dirs_to_watch
+        fs_paths = all_view_paths.grep(FileSystemResolver)
+        fs_paths.map(&:path).sort.uniq
+      end
+
+      def all_view_paths
+        ActionView::ViewPaths.all_view_paths.flat_map(&:paths)
+      end
+  end
+end

data/lib/action_view/digestor.rb

@@ -6,12 +6,6 @@ module ActionView
   class Digestor
     @@digest_mutex = Mutex.new
 
-    module PerExecutionDigestCacheExpiry
-      def self.before(target)
-        ActionView::LookupContext::DetailsKey.clear
-      end
-    end
-
     class << self
       # Supported options:
       #

data/lib/action_view/gem_version.rb

@@ -10,7 +10,7 @@ module ActionView
     MAJOR = 6
     MINOR = 0
     TINY  = 0
-    PRE   = "beta3"
+    PRE   = "rc1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/action_view/helpers/form_helper.rb

@@ -739,7 +739,7 @@ module ActionView
       #   def labelled_form_with(**options, &block)
       #     form_with(**options.merge(builder: LabellingFormBuilder), &block)
       #   end
-      def form_with(model: nil, scope: nil, url: nil, format: nil, **options)
+      def form_with(model: nil, scope: nil, url: nil, format: nil, **options, &block)
         options[:allow_method_names_outside_object] = true
         options[:skip_default_ids] = !form_with_generates_ids
 
@@ -752,7 +752,7 @@ module ActionView
 
         if block_given?
           builder = instantiate_builder(scope, model, options)
-          output  = capture(builder, &Proc.new)
+          output  = capture(builder, &block)
           options[:multipart] ||= builder.multipart?
 
           html_options = html_options_for_form_with(url, model, options)

data/lib/action_view/helpers/form_tag_helper.rb

@@ -24,7 +24,7 @@ module ActionView
 
       mattr_accessor :default_enforce_utf8, default: true
 
-      # Starts a form tag that points the action to a url configured with <tt>url_for_options</tt> just like
+      # Starts a form tag that points the action to a URL configured with <tt>url_for_options</tt> just like
       # ActionController::Base#url_for. The method for the form defaults to POST.
       #
       # ==== Options

data/lib/action_view/helpers/output_safety_helper.rb

@@ -38,7 +38,7 @@ module ActionView #:nodoc:
 
       # Converts the array to a comma-separated sentence where the last element is
       # joined by the connector word. This is the html_safe-aware version of
-      # ActiveSupport's {Array#to_sentence}[http://api.rubyonrails.org/classes/Array.html#method-i-to_sentence].
+      # ActiveSupport's {Array#to_sentence}[https://api.rubyonrails.org/classes/Array.html#method-i-to_sentence].
       #
       def to_sentence(array, options = {})
         options.assert_valid_keys(:words_connector, :two_words_connector, :last_word_connector, :locale)

data/lib/action_view/helpers/tags/base.rb

@@ -138,7 +138,7 @@ module ActionView
           end
 
           def sanitized_value(value)
-            value.to_s.gsub(/[\s\.]/, "_").gsub(/[^-[[:word:]]]/, "").mb_chars.downcase.to_s
+            value.to_s.gsub(/[\s\.]/, "_").gsub(/[^-[[:word:]]]/, "").downcase
           end
 
           def select_content_tag(option_tags, options, html_options)

data/lib/action_view/helpers/translation_helper.rb

@@ -114,7 +114,7 @@ module ActionView
 
       # Delegates to <tt>I18n.localize</tt> with no additional functionality.
       #
-      # See http://rubydoc.info/github/svenfuchs/i18n/master/I18n/Backend/Base:localize
+      # See https://www.rubydoc.info/github/svenfuchs/i18n/master/I18n/Backend/Base:localize
       # for more information.
       def localize(*args)
         I18n.localize(*args)
@@ -138,7 +138,7 @@ module ActionView
         end
 
         def html_safe_translation_key?(key)
-          /([_.]|\b)html\z/.match?(key.to_s)
+          /(?:_|\b)html\z/.match?(key.to_s)
         end
     end
   end

data/lib/action_view/helpers/url_helper.rb

@@ -553,7 +553,7 @@ module ActionView
         url_string = URI.parser.unescape(url_for(options)).force_encoding(Encoding::BINARY)
 
         # We ignore any extra parameters in the request_uri if the
-        # submitted url doesn't have any either. This lets the function
+        # submitted URL doesn't have any either. This lets the function
         # work with things like ?order=asc
         # the behaviour can be disabled with check_parameters: true
         request_uri = url_string.index("?") || check_parameters ? request.fullpath : request.path

data/lib/action_view/lookup_context.rb

@@ -130,9 +130,8 @@ module ActionView
       end
       alias :find_template :find
 
-      def find_file(name, prefixes = [], partial = false, keys = [], options = {})
-        @view_paths.find_file(*args_for_lookup(name, prefixes, partial, keys, options))
-      end
+      alias :find_file :find
+      deprecate :find_file
 
       def find_all(name, prefixes = [], partial = false, keys = [], options = {})
         @view_paths.find_all(*args_for_lookup(name, prefixes, partial, keys, options))
@@ -154,7 +153,7 @@ module ActionView
         view_paths = build_view_paths((@view_paths.paths + self.class.fallbacks).uniq)
 
         if block_given?
-          ActiveSupport::Deprecation.warn <<~eowarn
+          ActiveSupport::Deprecation.warn <<~eowarn.squish
           Calling `with_fallbacks` with a block is deprecated.  Call methods on
           the lookup context returned by `with_fallbacks` instead.
           eowarn
@@ -280,7 +279,15 @@ module ActionView
     # add :html as fallback to :js.
     def formats=(values)
       if values
+        values = values.dup
         values.concat(default_formats) if values.delete "*/*"
+        values.uniq!
+
+        invalid_values = (values - Template::Types.symbols)
+        unless invalid_values.empty?
+          raise ArgumentError, "Invalid formats: #{invalid_values.map(&:inspect).join(", ")}"
+        end
+
         if values == [:js]
           values << :html
           @html_fallback_for_js = true

data/lib/action_view/path_set.rb

@@ -48,12 +48,11 @@ module ActionView #:nodoc:
       find_all(*args).first || raise(MissingTemplate.new(self, *args))
     end
 
-    def find_file(path, prefixes = [], *args)
-      _find_all(path, prefixes, args, true).first || raise(MissingTemplate.new(self, path, prefixes, *args))
-    end
+    alias :find_file :find
+    deprecate :find_file
 
     def find_all(path, prefixes = [], *args)
-      _find_all path, prefixes, args, false
+      _find_all path, prefixes, args
     end
 
     def exists?(path, prefixes, *args)
@@ -71,15 +70,11 @@ module ActionView #:nodoc:
 
     private
 
-      def _find_all(path, prefixes, args, outside_app)
+      def _find_all(path, prefixes, args)
         prefixes = [prefixes] if String === prefixes
         prefixes.each do |prefix|
           paths.each do |resolver|
-            if outside_app
-              templates = resolver.find_all_anywhere(path, prefix, *args)
-            else
-              templates = resolver.find_all(path, prefix, *args)
-            end
+            templates = resolver.find_all(path, prefix, *args)
             return templates unless templates.empty?
           end
         end

data/lib/action_view/railtie.rb

@@ -81,7 +81,7 @@ module ActionView
     initializer "action_view.per_request_digest_cache" do |app|
       ActiveSupport.on_load(:action_view) do
         unless ActionView::Resolver.caching?
-          app.executor.to_run ActionView::Digestor::PerExecutionDigestCacheExpiry
+          app.executor.to_run ActionView::CacheExpiry::Executor.new(watcher: app.config.file_watcher)
         end
       end
     end

data/lib/action_view/renderer/partial_renderer/collection_caching.rb

@@ -17,13 +17,13 @@ module ActionView
         # Result is a hash with the key represents the
         # key used for cache lookup and the value is the item
         # on which the partial is being rendered
-        keyed_collection = collection_by_cache_keys(view, template)
+        keyed_collection, ordered_keys = collection_by_cache_keys(view, template)
 
         # Pull all partials from cache
         # Result is a hash, key matches the entry in
         # `keyed_collection` where the cache was retrieved and the
         # value is the value that was present in the cache
-        cached_partials  = collection_cache.read_multi(*keyed_collection.keys)
+        cached_partials = collection_cache.read_multi(*keyed_collection.keys)
         instrumentation_payload[:cache_hits] = cached_partials.size
 
         # Extract the items for the keys that are not found
@@ -40,11 +40,15 @@ module ActionView
         rendered_partials = @collection.empty? ? [] : yield
 
         index = 0
-        fetch_or_cache_partial(cached_partials, template, order_by: keyed_collection.each_key) do
+        keyed_partials = fetch_or_cache_partial(cached_partials, template, order_by: keyed_collection.each_key) do
           # This block is called once
           # for every cache miss while preserving order.
           rendered_partials[index].tap { index += 1 }
         end
+
+        ordered_keys.map do |key|
+          keyed_partials[key]
+        end
       end
 
       def callable_cache_key?
@@ -56,8 +60,10 @@ module ActionView
 
         digest_path = view.digest_path_from_template(template)
 
-        @collection.each_with_object({}) do |item, hash|
-          hash[expanded_cache_key(seed.call(item), view, template, digest_path)] = item
+        @collection.each_with_object([{}, []]) do |item, (hash, ordered_keys)|
+          key = expanded_cache_key(seed.call(item), view, template, digest_path)
+          ordered_keys << key
+          hash[key] = item
         end
       end
 
@@ -82,15 +88,16 @@ module ActionView
       # If the partial is not already cached it will also be
       # written back to the underlying cache store.
       def fetch_or_cache_partial(cached_partials, template, order_by:)
-        order_by.map do |cache_key|
-          if content = cached_partials[cache_key]
-            build_rendered_template(content, template)
-          else
-            yield.tap do |rendered_partial|
-              collection_cache.write(cache_key, rendered_partial.body)
-            end
+        order_by.each_with_object({}) do |cache_key, hash|
+            hash[cache_key] =
+              if content = cached_partials[cache_key]
+                build_rendered_template(content, template)
+              else
+                yield.tap do |rendered_partial|
+                  collection_cache.write(cache_key, rendered_partial.body)
+                end
+              end
           end
-        end
       end
   end
 end