merb-core 1.1.0 → 1.1.1

data/CHANGELOG

@@ -1,4 +1,18 @@
-== 1.1.0 "" 2009-11-
+== 1.1.0 "Black Hole" 2010-03-22
+
+* Ruby 1.9 support. The big one. Merb now runs on ruby 1.9.1. This mandated some
+  small changes to the internals as well as some changes to the specs. However,
+  it shouldn't require any changes in your app level code, or at least the merb
+  specific parts of your app level code.
+
+* Unicorns! Merb is now better behaved as a rack app and works with a config.ru
+  file[2]. This change should make working with whatever is the latest and
+  greatest ruby webserver a lot easier.
+
+* Bugfixes. So many bug fixes. As part of the release process we've done our
+  best to clear out many of the bugs which have been gathering dust over the
+  past year. Some do still remain, but those generally require a more complex
+  solution which needs some thought.
 
 * !!!BC!!! Dependency handling using Bundler
   In this version we dropped old way of loading dependencies using the Kernel
@@ -6,36 +20,52 @@
   us to move the whole dependency handling and gem management outside the
   Merb. Therefore we can simplify some internals and remove some of the Kernel
   monkeypatching:
-  
+
   The old Kernel.dependency and Kernel.dependencies will only 'require
   gem_name' or 'require require_as' when you call this methods. These methods
   will also emit the DEPRECATED warnings when you will use them. If you see
   the warning you should move your dependency to the Gemfile or Rakefile.
-  
+
   If you used dependencies to load exact version of the Gem and you have
   installed multiple versions of the same gem you now get one more DEPRECATED
   warning. This is because we don't use 'gem' command from RubyGems which was
   used deep inside to load exact gem version. ALSO THE LATEST VERSION OF THE
   GEM WILL BE LOADED BECAUSE WE DO SIMPLE 'require'.
-  
+
   Also methods: use_orm, use_test, use_testing_framework and use_template_engine
   DON'T require any gems now, you must require it in Gemfile.
-  
+
   Merb generators was changed to generate you Gemfile for your application and
   settings instead of the dependencies.rb.
-  
+
   So what still works? Almost everything except it doesn't defer to the Merb
   start and doesn't load exact version of gem if more versions are installed:
-  
+
   dependency "json"                           => works
   dependency "rspec", :require_as => 'spec'   => works try to require 'spec'
   dependency "json", '1.1.6'                  => works unless you have
                                                  >= 1.1.6 installed
   dependency "json" { }                       => works but doesn't yield
-  
+
   For more information how to migrate to Bundler see:
   http://wiki.github.com/merb/merb/howto-using-the-bundler
 
+=== Bugs fixed
+
+* [merb-core]    #1040 Allow using <%== %> escaped version of <%= %>
+* [merb-core]    #1068 Correctly handle HEAD requests (This requires manual
+  alteration of rack.rb)
+* [merb-core]    #1174 Merb::Config[:use_mutex] issue
+  'sel' to string before comparing to string
+* [merb-core]    #1258 Sessions could be overwritten under certain (rare)
+  situations.
+* [merb-core]    #1288 Fix for run_later in clusters
+* [merb-core]    #1298 Fix potential timing attack on cookie sessions.
+* [merb-core]    #1304 Multipart input parsing produces wrong checkbox input
+* [merb-core]    #1310 Prevent mongrel bloat when streaming files
+* [merb-core]    #1317 Merb now returns correct cookie headers
+* [merb-core]    Improvements to handling of conditional validators
+
 == 0.9.8 "Time Machine" 2008-06-10
 
 * Pre-release contributors file update.

data/Rakefile

@@ -8,65 +8,8 @@ require "fileutils"
 # Load code annotation support library
 require File.expand_path("../tools/annotation_extract", __FILE__)
 
-# Load this library's version information
-require File.expand_path('../lib/merb-core/version', __FILE__)
-
 include FileUtils
 
-begin
-
-  gem 'jeweler', '~> 1.4'
-  require 'jeweler'
-
-  Jeweler::Tasks.new do |gemspec|
-
-    gemspec.version     = Merb::VERSION.dup
-
-    gemspec.name        = "merb-core"
-    gemspec.description = "Merb. Pocket rocket web framework."
-    gemspec.summary     = "Merb plugin that provides caching (page, action, fragment, object)"
-
-    gemspec.authors     = [ "Ezra Zygmuntowicz" ]
-    gemspec.email       = "ez@engineyard.com"
-    gemspec.homepage    = "http://merbivore.com/"
-
-    gemspec.extra_rdoc_files.include [ 'CHANGELOG' ]
-
-    gemspec.files = Dir["{bin,lib,spec,spec10}/**/*"] + [
-      'LICENSE',
-      'README',
-      'Rakefile',
-      'TODO',
-      'CHANGELOG',
-      'PUBLIC_CHANGELOG',
-      'CONTRIBUTORS'
-    ]
-
-    # Runtime dependencies
-    gemspec.add_dependency 'bundler',    '>= 0.9.3'
-    gemspec.add_dependency 'extlib',     '>= 0.9.13'
-    gemspec.add_dependency 'erubis',     '>= 2.6.2'
-    gemspec.add_dependency 'rake'
-    gemspec.add_dependency 'rspec'
-    gemspec.add_dependency 'rack'
-    gemspec.add_dependency 'mime-types', '>= 1.16' # supports ruby-1.9
-
-    # Development dependencies
-    gemspec.add_development_dependency 'rspec',  '>= 1.2.9'
-    gemspec.add_development_dependency 'webrat', '>= 0.3.1'
-
-    # Executable files
-    gemspec.executables  = 'merb'
-
-  end
-
-  Jeweler::GemcutterTasks.new
-
-rescue LoadError
-  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
-end
-
-
 desc "Run the specs."
 task :default => :specs
 
@@ -84,9 +27,8 @@ namespace :doc do
     rdoc.rdoc_files.add(files)
     rdoc.main = "README"
     rdoc.title = "Merb Docs"
-    rdoc.template = File.expand_path("../tools/allison-2.0.2/lib/allison.rb", __FILE__)
     rdoc.rdoc_dir = "doc/rdoc"
-    rdoc.options << "--line-numbers" << "--inline-source"
+    rdoc.options << "--line-numbers"
   end
 
   desc "run webgen"

data/lib/merb-core.rb

@@ -580,8 +580,9 @@ module Merb
     # :log_level<Symbol>::        logger level, default is :info
     #
     # :disabled_components<Array[Symbol]>::
-    #   array of disabled component names
-    #   Default is empty array.
+    #   array of disabled component names,
+    #   for instance, to disable json gem,
+    #   specify :json. Default is empty array.
     #
     # :deferred_actions<Array(Symbol, String)]>::
     #   names of actions that should be deferred

data/lib/merb-core/bootloader.rb

@@ -378,6 +378,7 @@ class Merb::BootLoader::Dependencies < Merb::BootLoader
       load_env_config
     end
     expand_ruby_path
+    enable_json_gem unless Merb::disabled?(:json)
     update_logger
     nil
   end
@@ -404,6 +405,21 @@ class Merb::BootLoader::Dependencies < Merb::BootLoader
     nil
   end
   
+  # Requires json or json_pure.
+  #
+  # ==== Returns
+  # nil
+  #
+  # :api: private
+  def self.enable_json_gem
+    require "json"
+    rescue LoadError
+        Merb.logger.error! "You have enabled JSON but don't have json " \
+                           "installed or don't have dependency in the Gemfile. " \
+                           "Add \"gem 'json', '>= 1.1.7'\" or " \
+                           "\"gem 'json_pure', '>= 1.1.7'\" to your Gemfile."
+  end
+
   # Resets the logger and sets the log_stream to Merb::Config[:log_file]
   # if one is specified, falling back to STDOUT.
   #
@@ -1314,7 +1330,7 @@ class Merb::BootLoader::RackUpApplication < Merb::BootLoader
       Merb::Config[:app] = eval("::Rack::Builder.new {( #{rackup_code}\n )}.to_app", TOPLEVEL_BINDING, Merb::Config[:rackup])
     else
       Merb::Config[:app] = ::Rack::Builder.new {
-         use Rack::Head # handle head requests
+         use Merb::Rack::Head # handle head requests
          use Merb::Rack::ContentLength # report content length
          if prefix = ::Merb::Config[:path_prefix]
            use Merb::Rack::PathPrefix, prefix

data/lib/merb-core/config.rb

@@ -287,7 +287,7 @@ module Merb
           adapters = [:mongrel, :emongrel, :thin, :ebb, :fastcgi, :webrick]
 
           opts.on("-a", "--adapter ADAPTER",
-                  "The rack adapter to use to run merb (default is mongrel)" \
+                  "The rack adapter to use to run merb (default is thin)" \
                   "[#{adapters.join(', ')}]") do |adapter|
             options[:adapter] ||= adapter
           end

data/lib/merb-core/dispatch/dispatcher.rb

@@ -4,119 +4,108 @@ module Merb
   class Dispatcher
     class << self
       include Merb::ControllerExceptions
-      
-      # :api: private
+
+      # @api private
       attr_accessor :use_mutex
-      
+
       @@work_queue = Queue.new
-      
-      # ==== Returns
-      # Queue:: the current queue of dispatch jobs.
-      # 
-      # :api: private
+
+      # @return [Queue] the current queue of dispatch jobs.
+      #
+      # @api private
       def work_queue
         @@work_queue
-      end  
-      
-      # Dispatch the rack environment. ControllerExceptions are rescued here
-      # and redispatched.
+      end
+
+      # Dispatch the rack environment.
       #
-      # ==== Parameters
-      # rack_env<Rack::Environment>::
-      #   The rack environment, which is used to instantiate a Merb::Request
+      # ControllerExceptions are rescued here and redispatched.
       #
-      # ==== Returns
-      # Merb::Controller::
-      #   The Merb::Controller that was dispatched to
-      # 
-      # :api: private
+      # @param rack_env [Rack::Environment] The rack environment, which is used to instantiate a Merb::Request
+      # @return [Merb::Controller] The Merb::Controller that was dispatched to
+      #
+      # @api private
       def handle(request)
         request.handle
       end
     end
   end
-  
+
   class Request
     include Merb::ControllerExceptions
-    
+
     @@mutex = Mutex.new
-    
+
     attr_reader :start
-    
-    # Handles request routing and action dispatch.
-    # 
-    # ==== Returns
-    # Array[Integer, Hash, #each]:: A Rack response
-    # 
-    # :api: private
+
+    # Handles request routing and action dispatch
+    #
+    # @return [Array[Integer, Hash, #each]] A Rack response
+    #
+    # @api private
     def handle
       @start = env["merb.request_start"] = Time.now
       Merb.logger.info { "Started request handling: #{start.to_s}" }
-      
+
       find_route!
       return rack_response if handled?
-      
+
       klass = controller
-      Merb.logger.debug { "Routed to: #{klass::_filter_params(params).inspect}" }
-      
+
       unless klass < Controller
-        raise NotFound, 
+        raise NotFound,
           "Controller '#{klass}' not found.\n" \
           "If Merb tries to find a controller for static files, " \
           "you may need to check your Rackup file, see the Problems " \
           "section at: http://wiki.merbivore.com/pages/rack-middleware"
       end
-      
+
+      Merb.logger.debug { "Routed to: #{klass::_filter_params(params).inspect}" }
+
       if klass.abstract?
         raise NotFound, "The '#{klass}' controller has no public actions"
       end
-      
+
       dispatch_action(klass, params[:action])
     rescue Object => exception
       dispatch_exception(exception)
     end
-    
+
     private
-    # Setup the controller and call the chosen action 
+    # Setup the controller and call the chosen action
+    #
+    # @param klass [Merb::Controller] The controller class to dispatch to.
+    # @param action [Symbol] The action to dispatch.
+    # @param status [Integer] The status code to respond with.
     #
-    # ==== Parameters
-    # klass<Merb::Controller>:: The controller class to dispatch to.
-    # action<Symbol>:: The action to dispatch.
-    # status<Integer>:: The status code to respond with.
+    # @return [Array[Integer, Hash, #each]] A Rack response
     #
-    # ==== Returns
-    # Array[Integer, Hash, #each]:: A Rack response
-    # 
-    # :api: private
+    # @api private
     def dispatch_action(klass, action_name, status=200)
       @env["merb.status"] = status
       @env["merb.action_name"] = action_name
-      
+
       if Dispatcher.use_mutex
         @@mutex.synchronize { klass.call(env) }
       else
         klass.call(env)
       end
     end
-        
-    # Re-route the current request to the Exception controller if it is
-    # available, and try to render the exception nicely.  
+
+    # Re-route the request to the Exception controller if it is available
     #
     # You can handle exceptions by implementing actions for specific
     # exceptions such as not_found or for entire classes of exceptions
-    # such as client_error. You can also implement handlers for 
+    # such as client_error. You can also implement handlers for
     # exceptions outside the Merb exception hierarchy (e.g.
     # StandardError is caught in standard_error).
     #
-    # ==== Parameters
-    # exception<Object>::
-    #   The exception object that was created when trying to dispatch the
-    #   original controller.
+    # @param exception [Object] The exception object that was created when
+    #                           trying to dispatch the original controller.
     #
-    # ==== Returns
-    # Array[Integer, Hash, #each]:: A Rack response
-    # 
-    # :api: private
+    # @return [Array[Integer, Hash, #each]] A Rack response
+    #
+    # @api private
     def dispatch_exception(exception)
       if(exception.is_a?(Merb::ControllerExceptions::Base) &&
          !exception.is_a?(Merb::ControllerExceptions::ServerError))
@@ -124,12 +113,12 @@ module Merb
       else
         Merb.logger.error(Merb.exception(exception))
       end
-      
+
       exceptions = env["merb.exceptions"] = [exception]
-      
+
       begin
         e = exceptions.first
-        
+
         if action_name = e.action_name
           dispatch_action(Exceptions, action_name, e.class.status)
         else
@@ -141,7 +130,7 @@ module Merb
         else
           Merb.logger.error("Dispatching #{e.class} raised another error.")
           Merb.logger.error(Merb.exception(dispatch_issue))
-          
+
           exceptions.unshift dispatch_issue
           retry
         end

data/lib/merb-core/dispatch/request.rb

@@ -324,7 +324,7 @@ module Merb
     def message
       return {} unless params[:_message]
       begin
-        Marshal.load(Merb::Parse.unescape(params[:_message]).unpack("m").first)
+        Marshal.load(params[:_message].unpack("m").first)
       rescue ArgumentError, TypeError
         {}
       end

data/lib/merb-core/dispatch/session.rb

@@ -1,6 +1,12 @@
 require 'merb-core/dispatch/session/container'
 require 'merb-core/dispatch/session/store_container'
 
+# Try to require SecureRandom from the Ruby 1.9.x
+begin
+  require 'securerandom'
+rescue LoadError
+end
+
 module Merb
   class Config
     # Returns stores list constructed from
@@ -74,16 +80,20 @@ module Merb
     #
     # :api: private
     def rand_uuid
-      values = [
-        rand(0x0010000),
-        rand(0x0010000),
-        rand(0x0010000),
-        rand(0x0010000),
-        rand(0x0010000),
-        rand(0x1000000),
-        rand(0x1000000),
-      ]
-      "%04x%04x%04x%04x%04x%06x%06x" % values
+      if defined?(SecureRandom)
+        SecureRandom.hex(16)
+      else
+        values = [
+          rand(0x0010000),
+          rand(0x0010000),
+          rand(0x0010000),
+          rand(0x0010000),
+          rand(0x0010000),
+          rand(0x1000000),
+          rand(0x1000000),
+        ]
+        "%04x%04x%04x%04x%04x%06x%06x" % values
+      end
     end
     
     # Marks this session as needing a new cookie.