activesupport 4.0.13 → 4.1.0.beta1

data/lib/active_support/core_ext/object/try.rb

@@ -47,7 +47,7 @@ class Object
   end
 
   # Same as #try, but will raise a NoMethodError exception if the receiving is not nil and
-  # does not implemented the tried method.
+  # does not implement the tried method.
   def try!(*a, &b)
     if a.empty? && block_given?
       yield self

data/lib/active_support/core_ext/range/each.rb

@@ -1,4 +1,5 @@
 require 'active_support/core_ext/module/aliasing'
+require 'active_support/core_ext/object/acts_like'
 
 class Range #:nodoc:
 
@@ -16,7 +17,7 @@ class Range #:nodoc:
 
   private
   def ensure_iteration_allowed
-    if first.is_a?(Time)
+    if first.acts_like?(:time)
       raise TypeError, "can't iterate from #{first.class}"
     end
   end

data/lib/active_support/core_ext/string/access.rb

@@ -8,22 +8,22 @@ class String
   # the beginning of the range is greater than the end of the string.
   #
   #   str = "hello"
-  #   str.at(0)      #=> "h"
-  #   str.at(1..3)   #=> "ell"
-  #   str.at(-2)     #=> "l"
-  #   str.at(-2..-1) #=> "lo"
-  #   str.at(5)      #=> nil
-  #   str.at(5..-1)  #=> ""
+  #   str.at(0)      # => "h"
+  #   str.at(1..3)   # => "ell"
+  #   str.at(-2)     # => "l"
+  #   str.at(-2..-1) # => "lo"
+  #   str.at(5)      # => nil
+  #   str.at(5..-1)  # => ""
   #
   # If a Regexp is given, the matching portion of the string is returned.
   # If a String is given, that given string is returned if it occurs in
   # the string. In both cases, nil is returned if there is no match.
   #
   #   str = "hello"
-  #   str.at(/lo/) #=> "lo"
-  #   str.at(/ol/) #=> nil
-  #   str.at("lo") #=> "lo"
-  #   str.at("ol") #=> nil
+  #   str.at(/lo/) # => "lo"
+  #   str.at(/ol/) # => nil
+  #   str.at("lo") # => "lo"
+  #   str.at("ol") # => nil
   def at(position)
     self[position]
   end
@@ -32,15 +32,15 @@ class String
   # If the position is negative, it is counted from the end of the string.
   #
   #   str = "hello"
-  #   str.from(0)  #=> "hello"
-  #   str.from(3)  #=> "lo"
-  #   str.from(-2) #=> "lo"
+  #   str.from(0)  # => "hello"
+  #   str.from(3)  # => "lo"
+  #   str.from(-2) # => "lo"
   #
   # You can mix it with +to+ method and do fun things like:
   #
   #   str = "hello"
-  #   str.from(0).to(-1) #=> "hello"
-  #   str.from(1).to(-2) #=> "ell"
+  #   str.from(0).to(-1) # => "hello"
+  #   str.from(1).to(-2) # => "ell"
   def from(position)
     self[position..-1]
   end
@@ -49,17 +49,17 @@ class String
   # If the position is negative, it is counted from the end of the string.
   #
   #   str = "hello"
-  #   str.to(0)  #=> "h"
-  #   str.to(3)  #=> "hell"
-  #   str.to(-2) #=> "hell"
+  #   str.to(0)  # => "h"
+  #   str.to(3)  # => "hell"
+  #   str.to(-2) # => "hell"
   #
   # You can mix it with +from+ method and do fun things like:
   #
   #   str = "hello"
-  #   str.from(0).to(-1) #=> "hello"
-  #   str.from(1).to(-2) #=> "ell"
+  #   str.from(0).to(-1) # => "hello"
+  #   str.from(1).to(-2) # => "ell"
   def to(position)
-    self[0..position]
+    self[0, position + 1]
   end
 
   # Returns the first character. If a limit is supplied, returns a substring
@@ -67,11 +67,11 @@ class String
   # given limit is greater than or equal to the string length, returns self.
   #
   #   str = "hello"
-  #   str.first    #=> "h"
-  #   str.first(1) #=> "h"
-  #   str.first(2) #=> "he"
-  #   str.first(0) #=> ""
-  #   str.first(6) #=> "hello"
+  #   str.first    # => "h"
+  #   str.first(1) # => "h"
+  #   str.first(2) # => "he"
+  #   str.first(0) # => ""
+  #   str.first(6) # => "hello"
   def first(limit = 1)
     if limit == 0
       ''
@@ -87,11 +87,11 @@ class String
   # the given limit is greater than or equal to the string length, returns self.
   #
   #   str = "hello"
-  #   str.last    #=> "o"
-  #   str.last(1) #=> "o"
-  #   str.last(2) #=> "lo"
-  #   str.last(0) #=> ""
-  #   str.last(6) #=> "hello"
+  #   str.last    # => "o"
+  #   str.last(1) # => "o"
+  #   str.last(2) # => "lo"
+  #   str.last(0) # => ""
+  #   str.last(6) # => "hello"
   def last(limit = 1)
     if limit == 0
       ''

data/lib/active_support/core_ext/string/conversions.rb

@@ -15,6 +15,7 @@ class String
   #   "2012-12-13 06:12".to_time         # => 2012-12-13 06:12:00 +0100
   #   "2012-12-13T06:12".to_time         # => 2012-12-13 06:12:00 +0100
   #   "2012-12-13T06:12".to_time(:utc)   # => 2012-12-13 05:12:00 UTC
+  #   "12/13/2012".to_time               # => ArgumentError: argument out of range
   def to_time(form = :local)
     parts = Date._parse(self, false)
     return if parts.empty?
@@ -35,20 +36,20 @@ class String
 
   # Converts a string to a Date value.
   #
-  #   "1-1-2012".to_date   #=> Sun, 01 Jan 2012
-  #   "01/01/2012".to_date #=> Sun, 01 Jan 2012
-  #   "2012-12-13".to_date #=> Thu, 13 Dec 2012
-  #   "12/13/2012".to_date #=> ArgumentError: invalid date
+  #   "1-1-2012".to_date   # => Sun, 01 Jan 2012
+  #   "01/01/2012".to_date # => Sun, 01 Jan 2012
+  #   "2012-12-13".to_date # => Thu, 13 Dec 2012
+  #   "12/13/2012".to_date # => ArgumentError: invalid date
   def to_date
     ::Date.parse(self, false) unless blank?
   end
 
   # Converts a string to a DateTime value.
   #
-  #   "1-1-2012".to_datetime            #=> Sun, 01 Jan 2012 00:00:00 +0000
-  #   "01/01/2012 23:59:59".to_datetime #=> Sun, 01 Jan 2012 23:59:59 +0000
-  #   "2012-12-13 12:50".to_datetime    #=> Thu, 13 Dec 2012 12:50:00 +0000
-  #   "12/13/2012".to_datetime          #=> ArgumentError: invalid date
+  #   "1-1-2012".to_datetime            # => Sun, 01 Jan 2012 00:00:00 +0000
+  #   "01/01/2012 23:59:59".to_datetime # => Sun, 01 Jan 2012 23:59:59 +0000
+  #   "2012-12-13 12:50".to_datetime    # => Thu, 13 Dec 2012 12:50:00 +0000
+  #   "12/13/2012".to_datetime          # => ArgumentError: invalid date
   def to_datetime
     ::DateTime.parse(self, false) unless blank?
   end

data/lib/active_support/core_ext/string/exclude.rb

@@ -2,9 +2,9 @@ class String
   # The inverse of <tt>String#include?</tt>. Returns true if the string
   # does not include the other string.
   #
-  #   "hello".exclude? "lo" #=> false
-  #   "hello".exclude? "ol" #=> true
-  #   "hello".exclude? ?h   #=> false
+  #   "hello".exclude? "lo" # => false
+  #   "hello".exclude? "ol" # => true
+  #   "hello".exclude? ?h   # => false
   def exclude?(string)
     !include?(string)
   end

data/lib/active_support/core_ext/string/filters.rb

@@ -3,7 +3,7 @@ class String
   # the string, and then changing remaining consecutive whitespace
   # groups into one space each.
   #
-  # Note that it handles both ASCII and Unicode whitespace.
+  # Note that it handles both ASCII and Unicode whitespace like mongolian vowel separator (U+180E).
   #
   #   %{ Multi-line
   #      string }.squish                   # => "Multi-line string"
@@ -20,6 +20,16 @@ class String
     self
   end
 
+  # Returns a new string with all occurrences of the pattern removed. Short-hand for String#gsub(pattern, '').
+  def remove(pattern)
+    gsub pattern, ''
+  end
+
+  # Alters the string by removing all occurrences of the pattern. Short-hand for String#gsub!(pattern, '').
+  def remove!(pattern)
+    gsub! pattern, ''
+  end
+
   # Truncates a given +text+ after a given <tt>length</tt> if +text+ is longer than <tt>length</tt>:
   #
   #   'Once upon a time in a world far far away'.truncate(27)
@@ -41,8 +51,8 @@ class String
   def truncate(truncate_at, options = {})
     return dup unless length > truncate_at
 
-    options[:omission] ||= '...'
-    length_with_room_for_omission = truncate_at - options[:omission].length
+    omission = options[:omission] || '...'
+    length_with_room_for_omission = truncate_at - omission.length
     stop = \
       if options[:separator]
         rindex(options[:separator], length_with_room_for_omission) || length_with_room_for_omission
@@ -50,6 +60,6 @@ class String
         length_with_room_for_omission
       end
 
-    "#{self[0...stop]}#{options[:omission]}"
+    "#{self[0, stop]}#{omission}"
   end
 end

data/lib/active_support/core_ext/string/inflections.rb

@@ -182,21 +182,23 @@ class String
   #
   #   'egg_and_hams'.classify # => "EggAndHam"
   #   'posts'.classify        # => "Post"
-  #
-  # Singular names are not handled correctly.
-  #
-  #   'business'.classify # => "Busines"
   def classify
     ActiveSupport::Inflector.classify(self)
   end
 
-  # Capitalizes the first word, turns underscores into spaces, and strips '_id'.
+  # Capitalizes the first word, turns underscores into spaces, and strips a
+  # trailing '_id' if present.
   # Like +titleize+, this is meant for creating pretty output.
   #
-  #   'employee_salary'.humanize # => "Employee salary"
-  #   'author_id'.humanize       # => "Author"
-  def humanize
-    ActiveSupport::Inflector.humanize(self)
+  # The capitalization of the first word can be turned off by setting the
+  # optional parameter +capitalize+ to false.
+  # By default, this parameter is true.
+  #
+  #   'employee_salary'.humanize              # => "Employee salary"
+  #   'author_id'.humanize                    # => "Author"
+  #   'author_id'.humanize(capitalize: false) # => "author"
+  def humanize(options = {})
+    ActiveSupport::Inflector.humanize(self, options)
   end
 
   # Creates a foreign key name from a class name.

data/lib/active_support/core_ext/string/output_safety.rb

@@ -4,9 +4,10 @@ require 'active_support/core_ext/kernel/singleton_class'
 class ERB
   module Util
     HTML_ESCAPE = { '&' => '&amp;',  '>' => '&gt;',   '<' => '&lt;', '"' => '&quot;', "'" => '&#39;' }
-    JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
+    JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003e', '<' => '\u003c', "\u2028" => '\u2028', "\u2029" => '\u2029' }
+    HTML_ESCAPE_REGEXP = /[&"'><]/
     HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+));)/
-    JSON_ESCAPE_REGEXP = /[&"><]/
+    JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
 
     # A utility method for escaping HTML tag characters.
     # This method is also aliased as <tt>h</tt>.
@@ -21,7 +22,7 @@ class ERB
       if s.html_safe?
         s
       else
-        s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
+        s.gsub(HTML_ESCAPE_REGEXP, HTML_ESCAPE).html_safe
       end
     end
 
@@ -48,17 +49,56 @@ class ERB
 
     module_function :html_escape_once
 
-    # A utility method for escaping HTML entities in JSON strings
-    # using \uXXXX JavaScript escape sequences for string literals:
+    # A utility method for escaping HTML entities in JSON strings. Specifically, the
+    # &, > and < characters are replaced with their equivalent unicode escaped form -
+    # \u0026, \u003e, and \u003c. The Unicode sequences \u2028 and \u2029 are also
+    # escaped as they are treated as newline characters in some JavaScript engines.
+    # These sequences have identical meaning as the original characters inside the
+    # context of a JSON string, so assuming the input is a valid and well-formed
+    # JSON value, the output will have equivalent meaning when parsed:
     #
-    #   json_escape('is a > 0 & a < 10?')
-    #   # => is a \u003E 0 \u0026 a \u003C 10?
+    #   json = JSON.generate({ name: "</script><script>alert('PWNED!!!')</script>"})
+    #   # => "{\"name\":\"</script><script>alert('PWNED!!!')</script>\"}"
     #
-    # Note that after this operation is performed the output is not
-    # valid JSON. In particular double quotes are removed:
+    #   json_escape(json)
+    #   # => "{\"name\":\"\\u003C/script\\u003E\\u003Cscript\\u003Ealert('PWNED!!!')\\u003C/script\\u003E\"}"
+    #
+    #   JSON.parse(json) == JSON.parse(json_escape(json))
+    #   # => true
+    #
+    # The intended use case for this method is to escape JSON strings before including
+    # them inside a script tag to avoid XSS vulnerability:
+    #
+    #   <script>
+    #     var currentUser = <%= json_escape current_user.to_json %>;
+    #   </script>
+    #
+    # WARNING: this helper only works with valid JSON. Using this on non-JSON values
+    # will open up serious XSS vulnerabilities. For example, if you replace the
+    # +current_user.to_json+ in the example above with user input instead, the browser
+    # will happily eval() that string as JavaScript.
+    #
+    # The escaping performed in this method is identical to those performed in the
+    # Active Support JSON encoder when +ActiveSupport.escape_html_entities_in_json+ is
+    # set to true. Because this transformation is idempotent, this helper can be
+    # applied even if +ActiveSupport.escape_html_entities_in_json+ is already true.
+    #
+    # Therefore, when you are unsure if +ActiveSupport.escape_html_entities_in_json+
+    # is enabled, or if you are unsure where your JSON string originated from, it
+    # is recommended that you always apply this helper (other libraries, such as the
+    # JSON gem, do not provide this kind of protection by default; also some gems
+    # might override +to_json+ to bypass Active Support's encoder).
+    #
+    # The output of this helper method is marked as HTML safe so that you can directly
+    # include it inside a <tt><script></tt> tag as shown above.
+    #
+    # However, it is NOT safe to use the output of this inside an HTML attribute,
+    # because quotation marks are not escaped. Doing so might break your page's layout.
+    # If you intend to use this inside an HTML attribute, you should use the
+    # +html_escape+ helper (or its +h+ alias) instead:
+    #
+    #   <div data-user-info="<%= h current_user.to_json %>">...</div>
     #
-    #   json_escape('{"name":"john","created_at":"2010-04-28T01:39:31Z","id":1}')
-    #   # => {name:john,created_at:2010-04-28T01:39:31Z,id:1}
     def json_escape(s)
       result = s.to_s.gsub(JSON_ESCAPE_REGEXP, JSON_ESCAPE)
       s.html_safe? ? result.html_safe : result
@@ -102,11 +142,7 @@ module ActiveSupport #:nodoc:
       else
         if html_safe?
           new_safe_buffer = super
-
-          if new_safe_buffer
-            new_safe_buffer.instance_eval { @html_safe = true }
-          end
-
+          new_safe_buffer.instance_eval { @html_safe = true }
           new_safe_buffer
         else
           to_str[*args]
@@ -147,15 +183,14 @@ module ActiveSupport #:nodoc:
     end
 
     def %(args)
-      args = Array(args).map do |arg|
-        if !html_safe? || arg.html_safe?
-          arg
-        else
-          ERB::Util.h(arg)
-        end
+      case args
+      when Hash
+        escaped_args = Hash[args.map { |k,arg| [k, html_escape_interpolated_argument(arg)] }]
+      else
+        escaped_args = Array(args).map { |arg| html_escape_interpolated_argument(arg) }
       end
 
-      self.class.new(super(args))
+      self.class.new(super(escaped_args))
     end
 
     def html_safe?
@@ -175,7 +210,7 @@ module ActiveSupport #:nodoc:
     end
 
     UNSAFE_STRING_METHODS.each do |unsafe_method|
-      if 'String'.respond_to?(unsafe_method)
+      if unsafe_method.respond_to?(unsafe_method)
         class_eval <<-EOT, __FILE__, __LINE__ + 1
           def #{unsafe_method}(*args, &block)       # def capitalize(*args, &block)
             to_str.#{unsafe_method}(*args, &block)  #   to_str.capitalize(*args, &block)
@@ -188,6 +223,12 @@ module ActiveSupport #:nodoc:
         EOT
       end
     end
+
+    private
+
+    def html_escape_interpolated_argument(arg)
+      (!html_safe? || arg.html_safe?) ? arg : ERB::Util.h(arg)
+    end
   end
 end
 

data/lib/active_support/core_ext/string/zones.rb

@@ -1,3 +1,4 @@
+require 'active_support/core_ext/string/conversions'
 require 'active_support/core_ext/time/zones'
 
 class String

data/lib/active_support/core_ext/thread.rb

@@ -39,8 +39,8 @@ class Thread
   #      Thread.current.thread_variable_set(:cat, 'meow')
   #      Thread.current.thread_variable_set("dog", 'woof')
   #    end
-  #    thr.join               #=> #<Thread:0x401b3f10 dead>
-  #    thr.thread_variables   #=> [:dog, :cat]
+  #    thr.join               # => #<Thread:0x401b3f10 dead>
+  #    thr.thread_variables   # => [:dog, :cat]
   #
   # Note that these are not fiber local variables. Please see Thread#thread_variable_get
   # for more details.
@@ -53,8 +53,8 @@ class Thread
   #
   #    me = Thread.current
   #    me.thread_variable_set(:oliver, "a")
-  #    me.thread_variable?(:oliver)    #=> true
-  #    me.thread_variable?(:stanley)   #=> false
+  #    me.thread_variable?(:oliver)    # => true
+  #    me.thread_variable?(:stanley)   # => false
   #
   # Note that these are not fiber local variables. Please see Thread#thread_variable_get
   # for more details.

data/lib/active_support/core_ext/time/calculations.rb

@@ -3,7 +3,6 @@ require 'active_support/core_ext/time/conversions'
 require 'active_support/time_with_zone'
 require 'active_support/core_ext/time/zones'
 require 'active_support/core_ext/date_and_time/calculations'
-require 'active_support/deprecation'
 
 class Time
   include DateAndTime::Calculations
@@ -26,41 +25,6 @@ class Time
       end
     end
 
-    # *DEPRECATED*: Use +Time#utc+ or +Time#local+ instead.
-    #
-    # Returns a new Time if requested year can be accommodated by Ruby's Time class
-    # (i.e., if year is within either 1970..2038 or 1902..2038, depending on system architecture);
-    # otherwise returns a DateTime.
-    def time_with_datetime_fallback(utc_or_local, year, month=1, day=1, hour=0, min=0, sec=0, usec=0)
-      ActiveSupport::Deprecation.warn 'time_with_datetime_fallback is deprecated. Use Time#utc or Time#local instead', caller
-      time = ::Time.send(utc_or_local, year, month, day, hour, min, sec, usec)
-
-      # This check is needed because Time.utc(y) returns a time object in the 2000s for 0 <= y <= 138.
-      if time.year == year
-        time
-      else
-        ::DateTime.civil_from_format(utc_or_local, year, month, day, hour, min, sec)
-      end
-    rescue
-      ::DateTime.civil_from_format(utc_or_local, year, month, day, hour, min, sec)
-    end
-
-    # *DEPRECATED*: Use +Time#utc+ instead.
-    #
-    # Wraps class method +time_with_datetime_fallback+ with +utc_or_local+ set to <tt>:utc</tt>.
-    def utc_time(*args)
-      ActiveSupport::Deprecation.warn 'utc_time is deprecated. Use Time#utc instead', caller
-      time_with_datetime_fallback(:utc, *args)
-    end
-
-    # *DEPRECATED*: Use +Time#local+ instead.
-    #
-    # Wraps class method +time_with_datetime_fallback+ with +utc_or_local+ set to <tt>:local</tt>.
-    def local_time(*args)
-      ActiveSupport::Deprecation.warn 'local_time is deprecated. Use Time#local instead', caller
-      time_with_datetime_fallback(:local, *args)
-    end
-
     # Returns <tt>Time.zone.now</tt> when <tt>Time.zone</tt> or <tt>config.time_zone</tt> are set, otherwise just returns <tt>Time.now</tt>.
     def current
       ::Time.zone ? ::Time.zone.now : ::Time.now
@@ -178,6 +142,16 @@ class Time
   alias :at_midnight :beginning_of_day
   alias :at_beginning_of_day :beginning_of_day
 
+  # Returns a new Time representing the middle of the day (12:00)
+  def middle_of_day
+    change(:hour => 12)
+  end
+  alias :midday :middle_of_day
+  alias :noon :middle_of_day
+  alias :at_midday :middle_of_day
+  alias :at_noon :middle_of_day
+  alias :at_middle_of_day :middle_of_day
+
   # Returns a new Time representing the end of the day, 23:59:59.999999 (.999999999 in ruby1.9)
   def end_of_day
     change(
@@ -225,27 +199,6 @@ class Time
     beginning_of_day..end_of_day
   end
 
-  # Returns a Range representing the whole week of the current time.
-  # Week starts on start_day, default is <tt>Date.week_start</tt> or <tt>config.week_start</tt> when set.
-  def all_week(start_day = Date.beginning_of_week)
-    beginning_of_week(start_day)..end_of_week(start_day)
-  end
-
-  # Returns a Range representing the whole month of the current time.
-  def all_month
-    beginning_of_month..end_of_month
-  end
-
-  # Returns a Range representing the whole quarter of the current time.
-  def all_quarter
-    beginning_of_quarter..end_of_quarter
-  end
-
-  # Returns a Range representing the whole year of the current time.
-  def all_year
-    beginning_of_year..end_of_year
-  end
-
   def plus_with_duration(other) #:nodoc:
     if ActiveSupport::Duration === other
       other.since(self)