mechanize 2.7.2 → 2.7.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 540e567d390aebe104b22b2c11c726c9bceef098
-  data.tar.gz: c86f1051ac42694d9390856a53724a1b76019a35
+SHA256:
+  metadata.gz: feff4acdf05edc4c615ab91f9ab0b7abfd1987dbd998ed07a36489189594edf2
+  data.tar.gz: efce735d57a4b2259f30a630829f432f270e3aa353fb9d4f5ad032df06387e84
 SHA512:
-  metadata.gz: 949355d69adf7c58dfa355508e25044535f2880f7a7640d29ee8177d354850fb972dc625c4fac32c7b7e7496d5ca9eae94ad3fb47fc4ee37a45ad9d19f3a10d7
-  data.tar.gz: c0a04825b124542b1d5eee4749402bfe64de7ba49b52952054f1fe92cd2d6607628174e76d8d2ca3f8be90b0da46871cb26db55be0fc3bf388ff0c266daf82f7
+  metadata.gz: f83a08c469e67045f58f3f3685cb17618db889dd85d1b7f2e56da1c9ae7744f36815a1f811f09bd99614c529b42f2038100a64fb06cdee1569d43bb831ea3fae
+  data.tar.gz: c01289d967e87c40e0936c2f973847da696bc92d9255a5c5f20099ff795ce57430f45a631a02a9395cfe7066e27731ec040a879fd255468b43cf9a1b5149c3eb

data/.github/workflows/ci-test.yml

@@ -0,0 +1,25 @@
+name: "ci"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ "*" ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: ["2.3", "2.4", "2.5", "2.6", "2.7", "3.0", "jruby"]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - name: Run tests
+      run: bundle exec rake

data/.gitignore

@@ -0,0 +1,15 @@
+*.swp
+*.gem
+*.rbc
+/.bundle
+/.config
+/Gemfile.lock
+/TAGS
+/pkg
+/tags
+/.rvmrc
+digest.htpasswd
+doc
+rdoc
+.yardoc
+_yardoc

data/CHANGELOG.rdoc

@@ -1,5 +1,88 @@
 = Mechanize CHANGELOG
 
+=== 2.7.7 / 2021-02-01
+
+* Security fixes for CVE-2021-21289
+
+  Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected into several classes'
+  methods via implicit use of Ruby's `Kernel.open` method. Exploitation is possible only if
+  untrusted input is used as a local filename and passed to any of these calls:
+
+  - `Mechanize::CookieJar#load`: since v2.0 (see 208e3ed)
+  - `Mechanize::CookieJar#save_as`: since v2.0 (see 5b776a4)
+  - `Mechanize#download`: since v2.2 (see dc91667)
+  - `Mechanize::Download#save` and `#save!` since v2.1 (see 98b2f51, bd62ff0)
+  - `Mechanize::File#save` and `#save_as`: since v2.1 (see 2bf7519)
+  - `Mechanize::FileResponse#read_body`: since v2.0 (see 01039f5)
+
+  See https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g for more
+  information.
+
+  Also see #547, #548. Thank you, @kyoshidajp!
+
+* New Features
+  * Support for Ruby 3.0 by adding `webrick` as a runtime dependency. (#557) @pvalena
+
+* Bug fix
+  * Ignore input fields with blank names (#542, #536)
+
+
+=== 2.7.6
+
+* New Features
+  * Mechanize#set_proxy accepts an HTTP URL/URI. (#513)
+
+* Bug fix
+  * Fix element(s)_with(search: selector) methods not working for forms, form fields and frames. (#444)
+  * Improve the filename parser for the `Content-Disposition` header. (#496, #517)
+  * Accept `Content-Encoding: identity`. (#515)
+  * Mechanize::Page#title no longer picks a title in an embeded SVG/RDF element. (#503)
+  * Make Mechanize::Form#has_field? boolean. (#501)
+
+=== 2.7.5
+
+* New Features
+  * All 4xx responses and RedirectLimitReachedError when fetching robots.txt are treated as full allow just like Googlebot does.
+  * Enable support for mime-types > 3.
+
+* Bug fix
+  * Don't cause infinite loop when `GET /robots.txt` redirects. (#457)
+  * Fix basic authentication for a realm that contains uppercase characters. (#458, #459)
+  * Fix encoding error when uploading a file which name is non-ASCII. (#333)
+
+=== 2.7.4
+
+* New Features
+  * Accept array-like and hash-like values as query/parameter value.
+    A new utility method Mechanize::Util.each_parameter is added, and Mechanize::Util.build_query_string is enhanced
+    for this feature.
+  * Allow passing a `Form::FileUpload` instance to `#post`. #350 by Sam
+    Rawlins.
+  * Capture link when scheme is unsupported. #362 by Jon Rowe.
+  * Pre-defined User-Agent stings are updated to those of more recent versions, and new aliases for IE 10/11 and Edge are added.
+  * Support for mime-types 1.x is restored while keeping compatible with mime-types 2.x.
+  * Mechanize::Page now responds to #xpath, #css, #at_xpath, #at_css, and #%.
+  * element(s)_with methods now accept :xpath and :css options for doing xpath/css
+    selector searching.
+  * Pass URI information to Nokogiri where applicable. #405 @lulalala
+
+* Bug fix
+  * Don't raise an exception if a connection has set a {read,open}_timeout and
+    a `file://` request is made. (#397)
+  * Fix whitespace bug in WWW-Authenticate. #451, #450, by Rasmus Bergholdt
+  * Don't allow redirect from a non-file URL to a file URL for security reasons. (#455)
+
+=== 2.7.3
+
+* New Features
+  * Allow net-http-persistent instance to be named. #324, John Weir.
+  * #save and #save! return filename #340
+  * Updated mime-types requirement to 2.x versions.  #348 by Jeff Nyman.
+
+* Bug fix
+  * Ensure Download#save! defaults back to original filename if
+    none is provided (#300)
+
 === 2.7.2
 
 * Bug fix

data/EXAMPLES.rdoc

@@ -15,7 +15,7 @@ example, <code>do ... end.submit</code> is the same as <code>{ ...
   }
 
   a.get('http://google.com/') do |page|
-    search_result = page.form_with(:name => 'f') do |search|
+    search_result = page.form_with(:id => 'gbqf') do |search|
       search.q = 'Hello world'
     end.submit
 
@@ -24,29 +24,6 @@ example, <code>do ... end.submit</code> is the same as <code>{ ...
     end
   end
 
-== Rubyforge
-
-  require 'rubygems'
-  require 'mechanize'
-
-  a = Mechanize.new
-  a.get('http://rubyforge.org/') do |page|
-    # Click the login link
-    login_page = a.click(page.link_with(:text => /Log In/))
-
-    # Submit the login form
-    my_page = login_page.form_with(:action => '/account/login.php') do |f|
-      f.form_loginname  = ARGV[0]
-      f.form_pw         = ARGV[1]
-    end.click_button
-
-    my_page.links.each do |link|
-      text = link.text.strip
-      next unless text.length > 0
-      puts text
-    end
-  end
-
 == File Upload
 
 Upload a file to flickr.
@@ -129,7 +106,7 @@ This example also demonstrates subclassing Mechanize.
 
   class TestMech < Mechanize
     def process
-      get 'http://rubyforge.org/'
+      get 'http://rubygems.org/'
       search_form = page.forms.first
       search_form.words = 'WWW'
       submit search_form

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+gem "rake"
+gem "bundler"
+gem "rdoc"
+gem "minitest"
+
+gemspec

data/README.rdoc

@@ -1,6 +1,6 @@
-= Mechanize {<img src="https://secure.travis-ci.org/sparklemotion/mechanize.png?rvm=1.9.3" />}[http://travis-ci.org/sparklemotion/mechanize]
+= Mechanize {<img src="https://secure.travis-ci.org/sparklemotion/mechanize.svg?rvm=2.3.3" />}[http://travis-ci.org/sparklemotion/mechanize]
 
-* http://mechanize.rubyforge.org
+* http://docs.seattlerb.org/mechanize
 * https://github.com/sparklemotion/mechanize
 
 == Description
@@ -14,32 +14,26 @@ a history.
 == Dependencies
 
 * ruby 1.9.2 or newer
-* nokogiri[http://nokogiri.rubyforge.org]
+* nokogiri[https://github.com/sparklemotion/nokogiri]
 
 == Support:
 
-The mechanize mailing list is available here:
-
-* http://rubyforge.org/mailman/listinfo/mechanize-users
-
 The bug tracker is available here:
 
 * https://github.com/sparklemotion/mechanize/issues
 
 == Examples
 
-If you are just starting, check out the GUIDE[http://mechanize.rubyforge.org/GUIDE_rdoc.html] or
-the EXAMPLES[http://mechanize.rubyforge.org/EXAMPLES_rdoc.html] file.
+If you are just starting, check out the GUIDE[http://docs.seattlerb.org/mechanize/GUIDE_rdoc.html] or
+the EXAMPLES[http://docs.seattlerb.org/mechanize/EXAMPLES_rdoc.html] file.
 
 == Developers
 
-To run the tests for the first time:
+Use bundler to install dependencies:
 
-  gem install hoe rake
-  rake newb
+  bundle install
 
-This will install all the required dependencies for running the tests.  For
-subsequent test runs:
+Run all tests with:
 
   rake test
 
@@ -54,14 +48,14 @@ Copyright (c) 2005 by Michael Neumann (mneumann@ntecs.de)
 
 Copyright (c) 2006-2011:
 
-* {Aaron Patterson}[http://tenderlovemaking.com] (aaronp@rubyforge.org)
+* {Aaron Patterson}[http://tenderlovemaking.com] (aaron.patterson@gmail.com)
 * {Mike Dalessio}[http://mike.daless.io] (mike@csa.net)
 
-Copyright (c) 2011-2013:
+Copyright (c) 2011-2015:
 
 * {Eric Hodel}[http://blog.segment7.net] (drbrain@segment7.net)
 * {Akinori MUSHA}[http://blog.akinori.org] (knu@idaemons.org)
-* {Lee Jarvis}[http://aeroproof.com] (ljjarvis@gmail.com)
+* {Lee Jarvis}[http://twitter.com/lee_jarvis] (ljjarvis@gmail.com)
 
 This library comes with a shameless plug for employing me
 (Aaron[http://tenderlovemaking.com/]) programming Ruby, my favorite language!
@@ -79,5 +73,5 @@ library!
 
 == License
 
-This library is distributed under the MIT license.  Please see the LICENSE[http://mechanize.rubyforge.org/LICENSE_rdoc.html] file.
+This library is distributed under the MIT license.  Please see the LICENSE[http://docs.seattlerb.org/mechanize/LICENSE_rdoc.html] file.
 

data/Rakefile

@@ -1,38 +1,14 @@
 require 'rubygems'
-require 'hoe'
 
-Hoe.plugin :git
-Hoe.plugin :minitest
-Hoe.plugin :travis
-
-hoe = Hoe.spec 'mechanize' do
-  developer 'Eric Hodel',      'drbrain@segment7.net'
-  developer 'Aaron Patterson', 'aaronp@rubyforge.org'
-  developer 'Mike Dalessio',   'mike.dalessio@gmail.com'
-  developer 'Akinori MUSHA',   'knu@idaemons.org'
-  developer 'Lee Jarvis',      'ljjarvis@gmail.com'
-
-  self.readme_file      = 'README.rdoc'
-  self.history_file     = 'CHANGELOG.rdoc'
-  self.extra_rdoc_files += Dir['*.rdoc']
-
-  rdoc_locations << 'rubyforge.org:/var/www/gforge-projects/mechanize/'
-
-  self.extra_deps << ['net-http-digest_auth', '~> 1.1', '>= 1.1.1']
-  self.extra_deps << ['net-http-persistent',  '~> 2.5', '>= 2.5.2']
-  self.extra_deps << ['mime-types',           '~> 1.17', '>= 1.17.2']
-  self.extra_deps << ['http-cookie',          '~> 1.0.0']
-  self.extra_deps << ['nokogiri',             '~> 1.4']
-  self.extra_deps << ['ntlm-http',            '~> 0.1', '>= 0.1.1']
-  self.extra_deps << ['webrobots',            '<  0.2', '>= 0.0.9']
-  self.extra_deps << ['domain_name',          '~> 0.5', '>= 0.5.1']
-
-  self.extra_dev_deps << ['minitest', '~> 5.0']
-
-  self.spec_extras[:required_ruby_version] = '>= 1.8.7'
+begin
+  require "bundler/gem_tasks"
+rescue LoadError
 end
 
-task :prerelease => [:clobber, :check_manifest, :test]
+require 'rdoc/task'
+require 'rake/testtask'
+
+task :prerelease => [:clobber_rdoc, :test]
 
 desc "Update SSL Certificate"
 task('ssl_cert') do |p|
@@ -46,12 +22,20 @@ task('ssl_cert') do |p|
   sh "rm server.key.org"
 end
 
-desc 'Install deps for travis to work around Hoe/RubyGems bug'
-task 'travis_deps' do
-  hoe.spec.dependencies.each do |dep|
-    first_requirement = dep.requirement.requirements.first.join ' '
-    system('gem', 'install', dep.name, '-v', first_requirement,
-           '--no-rdoc', '--no-ri')
-  end
+RDoc::Task.new do |rdoc|
+  rdoc.main = "README.rdoc"
+  rdoc.rdoc_dir = 'doc'
+  rdoc.rdoc_files.include( "CHANGELOG.rdoc", "EXAMPLES.rdoc", "GUIDE.rdoc", "LICENSE.rdoc", "README.rdoc", "lib/**/*.rb")
+end
+
+desc "Run tests"
+Rake::TestTask.new { |t|
+  t.test_files = Dir['test/**/test*.rb']
+  t.verbose = true
+}
+
+task publish_docs: %w[rdoc] do
+  sh 'rsync', '-avzO', '--delete', 'doc/', 'docs-push.seattlerb.org:/data/www/docs.seattlerb.org/mechanize/'
 end
 
+task default: :test

data/examples/{rubyforge.rb → rubygems.rb}

@@ -1,4 +1,4 @@
-# This example logs a user in to rubyforge and prints out the body of the
+# This example logs a user in to rubygems and prints out the body of the
 # page after logging the user in.
 require 'rubygems'
 require 'mechanize'
@@ -9,12 +9,13 @@ mech = Mechanize.new
 mech.log = Logger.new $stderr
 mech.agent.http.debug_output = $stderr
 
-# Load the rubyforge website
-page = mech.get('http://rubyforge.org/')
-page = mech.click page.link_with(:text => /Log In/) # Click the login link
+# Load the rubygems website
+page = mech.get('https://rubygems.org/')
+page = mech.click page.link_with(:text => /Sign in/) # Click the login link
 form = page.forms[1] # Select the first form
-form.form_loginname = ARGV[0]
-form.form_pw        = ARGV[1]
+form["session[who]"] = ARGV[0]
+form["session[password]"] = ARGV[1]
+form["commit"] = "Sign in"
 
 # Submit the form
 page = form.submit form.buttons.first

data/lib/mechanize.rb

@@ -1,7 +1,6 @@
+require 'mechanize/version'
 require 'fileutils'
 require 'forwardable'
-require 'iconv' if RUBY_VERSION < '1.9.2'
-require 'mime/types'
 require 'mutex_m'
 require 'net/http/digest_auth'
 require 'net/http/persistent'
@@ -70,11 +69,6 @@ require 'zlib'
 
 class Mechanize
 
-  ##
-  # The version of Mechanize you are using.
-
-  VERSION = '2.7.2'
-
   ##
   # Base mechanize error class
 
@@ -92,22 +86,26 @@ class Mechanize
   # description in parenthesis is for informative purposes and is not part of
   # the alias name.
   #
-  # * Linux Firefox (3.6.1)
+  # * Linux Firefox (43.0 on Ubuntu Linux)
   # * Linux Konqueror (3)
   # * Linux Mozilla
-  # * Mac Firefox (3.6)
+  # * Mac Firefox (43.0)
   # * Mac Mozilla
-  # * Mac Safari (5)
+  # * Mac Safari (9.0 on OS X 10.11.2)
   # * Mac Safari 4
   # * Mechanize (default)
   # * Windows IE 6
   # * Windows IE 7
   # * Windows IE 8
   # * Windows IE 9
+  # * Windows IE 10 (Windows 8 64bit)
+  # * Windows IE 11 (Windows 8.1 64bit)
+  # * Windows Edge
   # * Windows Mozilla
-  # * iPhone (3.0)
-  # * iPad
-  # * Android (Motorola Xoom)
+  # * Windows Firefox (43.0)
+  # * iPhone (iOS 9.1)
+  # * iPad (iOS 9.1)
+  # * Android (5.1.1)
   #
   # Example:
   #
@@ -116,26 +114,37 @@ class Mechanize
 
   AGENT_ALIASES = {
     'Mechanize' => "Mechanize/#{VERSION} Ruby/#{ruby_version} (http://github.com/sparklemotion/mechanize/)",
-    'Linux Firefox' => 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.1) Gecko/20100122 firefox/3.6.1',
+    'Linux Firefox' => 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0',
     'Linux Konqueror' => 'Mozilla/5.0 (compatible; Konqueror/3; Linux)',
     'Linux Mozilla' => 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624',
-    'Mac Firefox' => 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6',
+    'Mac Firefox' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0) Gecko/20100101 Firefox/43.0',
     'Mac Mozilla' => 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030401',
     'Mac Safari 4' => 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; de-at) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10',
-    'Mac Safari' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/534.51.22 (KHTML, like Gecko) Version/5.1.1 Safari/534.51.22',
-    'Windows Chrome' => 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.32 Safari/537.36',
+    'Mac Safari' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9',
+    'Windows Chrome' => 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.125 Safari/537.36',
     'Windows IE 6' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
     'Windows IE 7' => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)',
     'Windows IE 8' => 'Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)',
     'Windows IE 9' => 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)',
+    'Windows IE 10' => 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)',
+    'Windows IE 11' => 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko',
+    'Windows Edge' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586',
     'Windows Mozilla' => 'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6',
-    'iPhone' => 'Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1C28 Safari/419.3',
-    'iPad' => 'Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10',
-    'Android' => 'Mozilla/5.0 (Linux; U; Android 3.0; en-us; Xoom Build/HRI39) AppleWebKit/534.13 (KHTML, like Gecko) Version/4.0 Safari/534.13'
+    'Windows Firefox' => 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0',
+    'iPhone' => 'Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B5110e Safari/601.1',
+    'iPad' => 'Mozilla/5.0 (iPad; CPU OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1',
+    'Android' => 'Mozilla/5.0 (Linux; Android 5.1.1; Nexus 7 Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.76 Safari/537.36',
   }
 
-  AGENT_ALIASES['Mac FireFox'] = AGENT_ALIASES['Mac Firefox']
-  AGENT_ALIASES['Linux FireFox'] = AGENT_ALIASES['Linux Firefox']
+  AGENT_ALIASES.default_proc = proc { |hash, key|
+    case key
+    when /FireFox/
+      if ua = hash[nkey = key.sub(/FireFox/, 'Firefox')]
+        warn "Mechanize#user_agent_alias: #{key.inspect} should be spelled as #{nkey.inspect}"
+        ua
+      end
+    end
+  }
 
   def self.inherited(child) # :nodoc:
     child.html_parser = html_parser
@@ -166,12 +175,20 @@ class Mechanize
   # as SSL parameters or proxies:
   #
   #   agent = Mechanize.new do |a|
-  #     a.proxy_host = 'proxy.example'
+  #     a.proxy_addr = 'proxy.example'
   #     a.proxy_port = 8080
   #   end
+  #
+  # If you need segregated SSL connections give each agent a unique
+  # name.  Otherwise the connections will be shared.  This is
+  # particularly important if you are using certifcates.
+  #
+  #    agent_1 = Mechanize.new 'conn1'
+  #    agent_2 = Mechanize.new 'conn2'
+  #
 
-  def initialize
-    @agent = Mechanize::HTTP::Agent.new
+  def initialize(connection_name = 'mechanize')
+    @agent = Mechanize::HTTP::Agent.new(connection_name)
     @agent.context = self
     @log = nil
 
@@ -334,12 +351,21 @@ class Mechanize
         click real_link
       else
         button = nil
+        # Note that this will not work if we have since navigated to a different page.
+        # Should rather make each button aware of its parent form.
         form = page.forms.find do |f|
           button = f.button_with(:value => link)
           button.is_a? Form::Submit
         end
         submit form, button if form
       end
+    when Form::Submit, Form::ImageButton then
+      # Note that this will not work if we have since navigated to a different page.
+      # Should rather make each button aware of its parent form.
+      form = page.forms.find do |f|
+        f.buttons.include?(link)
+      end
+      submit form, link if form
     else
       referer = current_page()
       href = link.respond_to?(:href) ? link.href :
@@ -370,7 +396,7 @@ class Mechanize
     io = if io_or_filename.respond_to? :write then
            io_or_filename
          else
-           open io_or_filename, 'wb'
+           ::File.open(io_or_filename, 'wb')
          end
 
     case page
@@ -392,6 +418,9 @@ class Mechanize
   ##
   # DELETE +uri+ with +query_params+, and setting +headers+:
   #
+  # +query_params+ is formatted into a query string using
+  # Mechanize::Util.build_query_string, which see.
+  #
   #   delete('http://example/', {'q' => 'foo'}, {})
 
   def delete(uri, query_params = {}, headers = {})
@@ -405,6 +434,9 @@ class Mechanize
   # +headers+.
   #
   # The +referer+ may be a URI or a page.
+  #
+  # +parameters+ is formatted into a query string using
+  # Mechanize::Util.build_query_string, which see.
 
   def get(uri, parameters = [], referer = nil, headers = {})
     method = :get
@@ -445,6 +477,9 @@ class Mechanize
   ##
   # HEAD +uri+ with +query_params+ and +headers+:
   #
+  # +query_params+ is formatted into a query string using
+  # Mechanize::Util.build_query_string, which see.
+  #
   #   head('http://example/', {'q' => 'foo'}, {})
 
   def head(uri, query_params = {}, headers = {})
@@ -456,9 +491,13 @@ class Mechanize
   end
 
   ##
-  # POST to the given +uri+ with the given +query+.  The query is specified by
-  # either a string, or a list of key-value pairs represented by a hash or an
-  # array of arrays.
+  # POST to the given +uri+ with the given +query+.
+  #
+  # +query+ is processed using Mechanize::Util.each_parameter (which
+  # see), and then encoded into an entity body.  If any IO/FileUpload
+  # object is specified as a field value the "enctype" will be
+  # multipart/form-data, or application/x-www-form-urlencoded
+  # otherwise.
   #
   # Examples:
   #   agent.post 'http://example.com/', "foo" => "bar"
@@ -481,12 +520,15 @@ class Mechanize
 
     form = Form.new(node)
 
-    query.each { |k, v|
+    Mechanize::Util.each_parameter(query) { |k, v|
       if v.is_a?(IO)
         form.enctype = 'multipart/form-data'
         ul = Form::FileUpload.new({'name' => k.to_s},::File.basename(v.path))
         ul.file_data = v.read
         form.file_uploads << ul
+      elsif v.is_a?(Form::FileUpload)
+        form.enctype = 'multipart/form-data'
+        form.file_uploads << v
       else
         form.fields << Form::Field.new({'name' => k.to_s},v)
       end
@@ -510,6 +552,8 @@ class Mechanize
   def request_with_entity(verb, uri, entity, headers = {})
     cur_page = current_page || Page.new
 
+    log.debug("query: #{ entity.inspect }") if log
+
     headers = {
       'Content-Type' => 'application/octet-stream',
       'Content-Length' => entity.size.to_s,
@@ -926,6 +970,12 @@ Use of #auth and #basic_auth are deprecated due to a security vulnerability.
     @agent.redirection_limit = limit
   end
 
+  ##
+  # Resolve the full path of a link / uri
+  def resolve link
+    @agent.resolve link
+  end
+
   ##
   # A hash of custom request headers that will be sent on every request
 
@@ -1130,19 +1180,19 @@ Use of #auth and #basic_auth are deprecated due to a security vulnerability.
   end
 
   ##
-  # SSL version to use.  Ruby 1.9 and newer only.
+  # SSL version to use.
 
   def ssl_version
     @agent.ssl_version
-  end if RUBY_VERSION > '1.9'
+  end
 
   ##
   # Sets the SSL version to use to +version+ without client/server
-  # negotiation.  Ruby 1.9 and newer only.
+  # negotiation.
 
   def ssl_version= ssl_version
     @agent.ssl_version = ssl_version
-  end if RUBY_VERSION > '1.9'
+  end
 
   ##
   # A callback for additional certificate verification.  See
@@ -1285,6 +1335,7 @@ Use of #auth and #basic_auth are deprecated due to a security vulnerability.
 
 end
 
+require 'mechanize/element_not_found_error'
 require 'mechanize/response_read_error'
 require 'mechanize/chunked_termination_error'
 require 'mechanize/content_type_error'
@@ -1307,7 +1358,6 @@ require 'mechanize/http/content_disposition_parser'
 require 'mechanize/http/www_authenticate_parser'
 require 'mechanize/image'
 require 'mechanize/page'
-require 'mechanize/monkey_patch'
 require 'mechanize/pluggable_parsers'
 require 'mechanize/redirect_limit_reached_error'
 require 'mechanize/redirect_not_get_or_head_error'