railties 3.0.20 → 3.1.0.beta1

data/CHANGELOG

@@ -1,87 +1,74 @@
-## Rails 3.0.20 (unreleased)
+*Rails 3.1.0 (unreleased)*
 
-## Rails 3.0.19 (Jan 8, 2013)
+* The -j option of the application generator accepts an arbitrary string. If passed "foo",
+the gem "foo-rails" is added to the Gemfile, and the application JavaScript manifest
+requires "foo" and "foo_ujs". As of this writing "prototype-rails" and "jquery-rails"
+exist and provide those files via the asset pipeline. Default is "jquery". [fxn]
 
-* No changes.
+* jQuery is no longer vendored, it is provided from now on by the jquery-rails gem. [fxn]
 
-## Rails 3.0.18 (Jan 2, 2013)
+* Prototype and Scriptaculous are no longer vendored, they are provided from now on
+by the prototype-rails gem. [fxn]
 
-* No changes.
+* The scaffold controller will now produce SCSS file if Sass is available [Prem Sichanugrist]
 
-## Rails 3.0.17 (Aug 9, 2012)
+* The controller and resource generators will now automatically produce asset stubs (this can be turned off with --skip-assets). These stubs will use Coffee and Sass, if those libraries are available. [DHH]
 
-* No changes.
+* jQuery is the new default JavaScript library. [fxn]
 
-## Rails 3.0.16 (Jul 26, 2012)
+* Changed scaffold and app generator to create Ruby 1.9 style hash when running on Ruby 1.9 [Prem Sichanugrist]
 
-* No changes.
+  So instead of creating something like:
 
-## Rails 3.0.14 (Jun 12, 2012)
+    redirect_to users_path, :notice => "User has been created"
 
-* No changes.
+  it will now be like this:
 
-* Rails 3.0.13 (May 31, 2012)
+    redirect_to users_path, notice: "User has been created"
 
-* No changes.
+  You can also passing `--old-style-hash` to make Rails generate old style hash even you're on Ruby 1.9
 
-*Rails 3.0.11 (unreleased)*
+* Changed scaffold_controller generator to create format block for JSON instead of XML [Prem Sichanugrist]
 
-* Updated Prototype UJS to lastest version fixing multiples errors in IE [Guillermo Iguaran]
+* Add using Turn with natural language test case names for test_help.rb when running with minitest (Ruby 1.9.2+) [DHH]
 
+* Direct logging of Active Record to STDOUT so it's shown inline with the results in the console [DHH]
 
-*Rails 3.0.10 (August 16, 2011)*
+* Added `config.force_ssl` configuration which loads Rack::SSL middleware and force all requests to be under HTTPS protocol [DHH, Prem Sichanugrist, and Josh Peek]
 
-*No changes.
+* Added `rails plugin new` command which generates rails plugin with gemspec, tests and dummy application for testing [Piotr Sarnacki]
 
+* Added -j parameter with jquery/prototype as options. Now you can create your apps with jQuery using `rails new myapp -j jquery`. The default is still Prototype. [siong1987]
 
-*Rails 3.0.9 (June 16, 2011)*
+* Added Rack::Etag and Rack::ConditionalGet to the default middleware stack [José Valim]
 
-*No changes.
+* Added Rack::Cache to the default middleware stack [Yehuda Katz and Carl Lerche]
 
+* Engine is now rack application [Piotr Sarnacki]
 
-*Rails 3.0.8 (June 7, 2011)*
+* Added middleware stack to Engine [Piotr Sarnacki]
 
-* Fix Rake 0.9.0 support.
+* Engine can now load plugins [Piotr Sarnacki]
 
-*Rails 3.0.7 (April 18, 2011)*
+* Engine can load its own environment file [Piotr Sarnacki]
 
-*No changes.
+* Added helpers to call engines' route helpers from application and vice versa [Piotr Sarnacki]
 
+* Task for copying plugins' and engines' migrations to application's db/migrate directory [Piotr Sarnacki]
 
-*Rails 3.0.6 (April 5, 2011)
+* Changed ActionDispatch::Static to allow handling multiple directories [Piotr Sarnacki]
 
-* No changes.
-
-
-*Rails 3.0.5 (February 26, 2011)*
-
-* No changes.
-
-
-*Rails 3.0.4 (February 8, 2011)*
-
-* No changes.
-
-
-*Rails 3.0.3 (November 16, 2010)*
-
-* No changes.
-
-
-*Rails 3.0.2 (November 15, 2010)*
-
-* No changes.
+* Added isolate_namespace() method to Engine, which sets Engine as isolated [Piotr Sarnacki]
 
+* Include all helpers from plugins and shared engines in application [Piotr Sarnacki]
 
 *Rails 3.0.1 (October 15, 2010)*
 
-* No changes.
-
+* No Changes, just a version bump.
 
 *Rails 3.0.0 (August 29, 2010)*
 
-* Application generation: --skip-testunit and --skip-activerecord become --skip-test-unit
-  and --skip-active-record respectively. [fxn]
+* Application generation: --skip-testunit and --skip-activerecord become --skip-test-unit and --skip-active-record respectively. [fxn]
 
 * Added console to Rails::Railtie as a hook called just after console starts. [José Valim]
 

data/README.rdoc

@@ -4,7 +4,7 @@ Railties is responsible to glue all frameworks together. Overall, it:
 
 * handles all the bootstrapping process for a Rails application;
 
-* manager rails command line interface;
+* manages rails command line interface;
 
 * provides Rails generators core;
 
@@ -23,3 +23,4 @@ Documentation can be found at
 == License
 
 Railties is released under the MIT license.
+

data/guides/assets/stylesheets/fixes.css

@@ -0,0 +1,16 @@
+/*
+  Fix a rendering issue affecting WebKits on Mac.
+  See https://github.com/lifo/docrails/issues#issue/16 for more information.
+*/
+.syntaxhighlighter a,
+.syntaxhighlighter div,
+.syntaxhighlighter code,
+.syntaxhighlighter table,
+.syntaxhighlighter table td,
+.syntaxhighlighter table tr,
+.syntaxhighlighter table tbody,
+.syntaxhighlighter table thead,
+.syntaxhighlighter table caption,
+.syntaxhighlighter textarea {
+  line-height: 1.2em !important;
+}

data/guides/rails_guides.rb

@@ -24,14 +24,14 @@ rescue LoadError
 end
 
 begin
-  gem 'RedCloth', '>= 4.1.1'
   require 'redcloth'
 rescue Gem::LoadError
+  # This can happen if doc:guides is executed in an application.
   $stderr.puts('Generating guides requires RedCloth 4.1.1+.')
   $stderr.puts(<<ERROR) if bundler?
 Please add
 
-  gem 'RedCloth', '>= 4.1.1'
+  gem 'RedCloth', '~> 4.2'
 
 to the Gemfile, run
 

data/guides/rails_guides/generator.rb

@@ -32,12 +32,16 @@
 #
 #     Separate many using commas:
 #
-#       # generates only
+#       # generates only association_basics.html and migrations.html
 #       ONLY=assoc,migrations ruby rails_guides.rb
 #
 #     Note that if you are working on a guide generation will by default process
 #     only that one, so ONLY is rarely used nowadays.
 #
+#   LANGUAGE
+#     Use LANGUAGE when you want to generate translated guides in <tt>source/<LANGUAGE></tt>
+#     folder (such as <tt>source/es</tt>). Ignore it when generating English guides.
+#
 #   EDGE
 #     Set to "1" to indicate generated guides should be marked as edge. This
 #     inserts a badge and changes the preamble of the home page.
@@ -63,6 +67,7 @@ module RailsGuides
     GUIDES_RE = /\.(?:textile|html\.erb)$/
 
     def initialize(output=nil)
+      @lang = ENV['LANGUAGE']
       initialize_dirs(output)
       create_output_dir_if_needed
       set_flags_from_environment
@@ -76,8 +81,8 @@ module RailsGuides
     private
     def initialize_dirs(output)
       @guides_dir = File.join(File.dirname(__FILE__), '..')
-      @source_dir = File.join(@guides_dir, "source")
-      @output_dir = output || File.join(@guides_dir, "output")
+      @source_dir = File.join(@guides_dir, "source", @lang.to_s)
+      @output_dir = output || File.join(@guides_dir, "output", @lang.to_s)
     end
 
     def create_output_dir_if_needed

data/guides/rails_guides/textile_extensions.rb

@@ -1,9 +1,11 @@
+require 'active_support/core_ext/object/inclusion'
+
 module RailsGuides
   module TextileExtensions
     def notestuff(body)
       body.gsub!(/^(IMPORTANT|CAUTION|WARNING|NOTE|INFO)[.:](.*)$/) do |m|
         css_class = $1.downcase
-        css_class = 'warning' if ['caution', 'important'].include?(css_class)
+        css_class = 'warning' if css_class.in?(['caution', 'important'])
 
         result = "<div class='#{css_class}'><p>"
         result << $2.strip
@@ -33,7 +35,7 @@ module RailsGuides
     def code(body)
       body.gsub!(%r{<(yaml|shell|ruby|erb|html|sql|plain)>(.*?)</\1>}m) do |m|
         es = ERB::Util.h($2)
-        css_class = ['erb', 'shell'].include?($1) ? 'html' : $1
+        css_class = $1.in?(['erb', 'shell']) ? 'html' : $1
         %{<notextile><div class="code_container"><code class="#{css_class}">#{es}</code></div></notextile>}
       end
     end

data/guides/source/2_2_release_notes.textile

@@ -260,15 +260,15 @@ h4. Other Action Controller Changes
 * Benchmarking numbers are now reported in milliseconds rather than tiny fractions of seconds
 * Rails now supports HTTP-only cookies (and uses them for sessions), which help mitigate some cross-site scripting risks in newer browsers.
 * +redirect_to+ now fully supports URI schemes (so, for example, you can redirect to a svn+ssh: URI).
-* +render+ now supports a +:js+ option to render plain vanilla javascript with the right mime type.
+* +render+ now supports a +:js+ option to render plain vanilla JavaScript with the right mime type.
 * Request forgery protection has been tightened up to apply to HTML-formatted content requests only.
 * Polymorphic URLs behave more sensibly if a passed parameter is nil. For example, calling +polymorphic_path([@project, @date, @area])+ with a nil date will give you +project_area_path+.
 
 h3. Action View
 
 * +javascript_include_tag+ and +stylesheet_link_tag+ support a new +:recursive+ option to be used along with +:all+, so that you can load an entire tree of files with a single line of code.
-* The included Prototype javascript library has been upgraded to version 1.6.0.3.
-* +RJS#page.reload+ to reload the browser's current location via javascript
+* The included Prototype JavaScript library has been upgraded to version 1.6.0.3.
+* +RJS#page.reload+ to reload the browser's current location via JavaScript
 * The +atom_feed+ helper now takes an +:instruct+ option to let you insert XML processing instructions.
 
 h3. Action Mailer

data/guides/source/2_3_release_notes.textile

@@ -278,7 +278,7 @@ Mime::JS =~ "text/javascript"        => true
 Mime::JS =~ "application/javascript" => true
 </ruby>
 
-The other change is that the framework now uses the +Mime::JS+ when checking for javascript in various spots, making it handle those alternatives cleanly.
+The other change is that the framework now uses the +Mime::JS+ when checking for JavaScript in various spots, making it handle those alternatives cleanly.
 
 * Lead Contributor: "Seth Fitzsimmons":http://www.workingwithrails.com/person/5510-seth-fitzsimmons
 
@@ -410,7 +410,7 @@ You're likely familiar with Rails' practice of adding timestamps to static asset
 
 h4. Asset Hosts as Objects
 
-Asset hosts get more flexible in edge Rails with the ability to declare an asset host as a specific object that responds to a call. This allows you to to implement any complex logic you need in your asset hosting.
+Asset hosts get more flexible in edge Rails with the ability to declare an asset host as a specific object that responds to a call. This allows you to implement any complex logic you need in your asset hosting.
 
 * More Information: "asset-hosting-with-minimum-ssl":http://github.com/dhh/asset-hosting-with-minimum-ssl/tree/master
 

data/guides/source/3_0_release_notes.textile

@@ -22,7 +22,7 @@ To install Rails 3:
 
 <shell>
 # Use sudo if your setup requires it
-gem install rails
+$ gem install rails
 </shell>
 
 
@@ -47,8 +47,8 @@ h4. script/* replaced by script/rails
 The new <tt>script/rails</tt> replaces all the scripts that used to be in the <tt>script</tt> directory. You do not run <tt>script/rails</tt> directly though, the +rails+ command detects it is being invoked in the root of a Rails application and runs the script for you. Intended usage is:
 
 <shell>
-rails console                      # instead of script/console
-rails g scaffold post title:string # instead of script/generate scaffold post title:string
+$ rails console                      # instead of script/console
+$ rails g scaffold post title:string # instead of script/generate scaffold post title:string
 </shell>
 
 Run <tt>rails --help</tt> for a list of all the options.
@@ -59,12 +59,12 @@ The +config.gem+ method is gone and has been replaced by using +bundler+ and a +
 
 h4. Upgrade Process
 
-To help with the upgrade process, a plugin named "Rails Upgrade":http://github.com/rails/rails_upgrade has been created to automate part of it.
+To help with the upgrade process, a plugin named "Rails Upgrade":http://github.com/jm/rails_upgrade has been created to automate part of it.
 
 Simply install the plugin, then run +rake rails:upgrade:check+ to check your app for pieces that need to be updated (with links to information on how to update them).  It also offers a task to generate a +Gemfile+ based on your current +config.gem+ calls and a task to generate a new routes file from your current one.  To get the plugin, simply run the following:
 
 <shell>
-ruby script/plugin install git://github.com/rails/rails_upgrade.git
+$ ruby script/plugin install git://github.com/jm/rails_upgrade.git
 </shell>
 
 You can see an example of how that works at "Rails Upgrade is now an Official Plugin":http://omgbloglol.com/post/364624593/rails-upgrade-is-now-an-official-plugin
@@ -357,15 +357,15 @@ Validations have been moved from Active Record into Active Model, providing an i
 
 * There is now a <tt>validates :attribute, options_hash</tt> shortcut method that allows you to pass options for all the validates class methods, you can pass more than one option to a validate method.
 * The +validates+ method has the following options:
-  * <tt>:acceptance => Boolean</tt>.
-  * <tt>:confirmation => Boolean</tt>.
-  * <tt>:exclusion => { :in => Enumerable }</tt>.
-  * <tt>:inclusion => { :in => Enumerable }</tt>.
-  * <tt>:format => { :with => Regexp, :on => :create }</tt>.
-  * <tt>:length => { :maximum => Fixnum }</tt>.
-  * <tt>:numericality => Boolean</tt>.
-  * <tt>:presence => Boolean</tt>.
-  * <tt>:uniqueness => Boolean</tt>.
+** <tt>:acceptance => Boolean</tt>.
+** <tt>:confirmation => Boolean</tt>.
+** <tt>:exclusion => { :in => Enumerable }</tt>.
+** <tt>:inclusion => { :in => Enumerable }</tt>.
+** <tt>:format => { :with => Regexp, :on => :create }</tt>.
+** <tt>:length => { :maximum => Fixnum }</tt>.
+** <tt>:numericality => Boolean</tt>.
+** <tt>:presence => Boolean</tt>.
+** <tt>:uniqueness => Boolean</tt>.
 
 NOTE: All the Rails version 2.3 style validation methods are still supported in Rails 3.0, the new validates method is designed as an additional aid in your model validations, not a replacement for the existing API.
 

data/guides/source/action_controller_overview.textile

@@ -98,7 +98,7 @@ The value of +params[:ids]+ will now be +["1", "2", "3"]+. Note that parameter v
 To send a hash you include the key name inside the brackets:
 
 <html>
-<form action="/clients" method="post">
+<form accept-charset="UTF-8" action="/clients" method="post">
   <input type="text" name="client[name]" value="Acme" />
   <input type="text" name="client[phone]" value="12345" />
   <input type="text" name="client[address][postcode]" value="12345" />
@@ -115,10 +115,7 @@ h4. Routing Parameters
 The +params+ hash will always contain the +:controller+ and +:action+ keys, but you should use the methods +controller_name+ and +action_name+ instead to access these values. Any other parameters defined by the routing, such as +:id+ will also be available. As an example, consider a listing of clients where the list can show either active or inactive clients. We can add a route which captures the +:status+ parameter in a "pretty" URL:
 
 <ruby>
-map.connect "/clients/:status",
-  :controller => "clients",
-  :action => "index",
-  :foo => "bar"
+match '/clients/:status' => 'clients#index', :foo => "bar"
 </ruby>
 
 In this case, when a user opens the URL +/clients/active+, +params[:status]+ will be set to "active". When this route is used, +params[:foo]+ will also be set to "bar" just like it was passed in the query string. In the same way +params[:action]+ will contain "index".
@@ -161,7 +158,7 @@ If you need a different session storage mechanism, you can change it in the +con
 <ruby>
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information
-# (create the session table with "rake db:sessions:create")
+# (create the session table with "script/rails g session_migration")
 # YourApp::Application.config.session_store :active_record_store
 </ruby>
 
@@ -214,7 +211,7 @@ class ApplicationController < ActionController::Base
   # logging out removes it.
   def current_user
     @_current_user ||= session[:current_user_id] &&
-      User.find(session[:current_user_id])
+      User.find_by_id(session[:current_user_id])
   end
 end
 </ruby>
@@ -371,6 +368,7 @@ class UsersController < ApplicationController
     respond_to do |format|
       format.html # index.html.erb
       format.xml  { render :xml => @users}
+      format.json { render :json => @users}
     end
   end
 end
@@ -425,27 +423,36 @@ Now, the +LoginsController+'s +new+ and +create+ actions will work as before wit
 
 h4. After Filters and Around Filters
 
-In addition to before filters, you can run filters after an action has run or both before and after. The after filter is similar to the before filter, but because the action has already been run it has access to the response data that's about to be sent to the client. Obviously, after filters can not stop the action from running.
+In addition to before filters, you can also run filters after an action has been executed, or both before and after.
 
-Around filters are responsible for running the action, but they can choose not to, which is the around filter's way of stopping it.
+After filters are similar to before filters, but because the action has already been run they have access to the response data that's about to be sent to the client. Obviously, after filters cannot stop the action from running.
+
+Around filters are responsible for running their associated actions by yielding, similar to how Rack middlewares work.
+
+For example, in a website where changes have an approval workflow an administrator could be able to preview them easily, just apply them within a transaction:
 
 <ruby>
-# Example taken from the Rails API filter documentation:
-# http://api.rubyonrails.org/classes/ActionController/Filters/ClassMethods.html
-class ApplicationController < ActionController::Base
-  around_filter :catch_exceptions
+class ChangesController < ActionController::Base
+  around_filter :wrap_in_transaction, :only => :show
 
   private
 
-  def catch_exceptions
-    yield
-  rescue => exception
-    logger.debug "Caught exception! #{exception}"
-    raise
+  def wrap_in_transaction
+    ActiveRecord::Base.transaction do
+      begin
+        yield
+      ensure
+        raise ActiveRecord::Rollback
+      end
+    end
   end
 end
 </ruby>
 
+Note that an around filter wraps also rendering. In particular, if in the example above the view itself reads from the database via a scope or whatever, it will do so within the transaction and thus present the data to preview.
+
+They can choose not to yield and build the response themselves, in which case the action is not run.
+
 h4. Other Ways to Use Filters
 
 While the most common way to use filters is by creating private methods and using *_filter to add them, there are two other ways to do the same thing.
@@ -481,45 +488,6 @@ end
 
 Again, this is not an ideal example for this filter, because it's not run in the scope of the controller but gets the controller passed as an argument. The filter class has a class method +filter+ which gets run before or after the action, depending on if it's a before or after filter. Classes used as around filters can also use the same +filter+ method, which will get run in the same way. The method must +yield+ to execute the action. Alternatively, it can have both a +before+ and an +after+ method that are run before and after the action.
 
-h3. Verification
-
-Verifications make sure certain criteria are met in order for a controller or action to run. They can specify that a certain key (or several keys in the form of an array) is present in the +params+, +session+ or +flash+ hashes or that a certain HTTP method was used or that the request was made using +XMLHttpRequest+ (Ajax). The default action taken when these criteria are not met is to render a 400 Bad Request response, but you can customize this by specifying a redirect URL or rendering something else and you can also add flash messages and HTTP headers to the response. It is described in the "API documentation":http://api.rubyonrails.org/classes/ActionController/Verification/ClassMethods.html as "essentially a special kind of before_filter".
-
-Here's an example of using verification to make sure the user supplies a username and a password in order to log in:
-
-<ruby>
-class LoginsController < ApplicationController
-  verify :params => [:username, :password],
-         :render => {:action => "new"},
-         :add_flash => {
-           :error => "Username and password required to log in"
-         }
-
-  def create
-    @user = User.authenticate(params[:username], params[:password])
-    if @user
-      flash[:notice] = "You're logged in"
-      redirect_to root_url
-    else
-      render :action => "new"
-    end
-  end
-end
-</ruby>
-
-Now the +create+ action won't run unless the "username" and "password" parameters are present, and if they're not, an error message will be added to the flash and the +new+ action will be rendered. But there's something rather important missing from the verification above: It will be used for *every* action in LoginsController, which is not what we want. You can limit which actions it will be used for with the +:only+ and +:except+ options just like a filter:
-
-<ruby>
-class LoginsController < ApplicationController
-  verify :params => [:username, :password],
-         :render => {:action => "new"},
-         :add_flash => {
-           :error => "Username and password required to log in"
-         },
-         :only => :create # Run only for the "create" action
-end
-</ruby>
-
 h3. Request Forgery Protection
 
 Cross-site request forgery is a type of attack in which a site tricks a user into making requests on another site, possibly adding, modifying or deleting data on that site without the user's knowledge or permission.
@@ -540,7 +508,7 @@ If you generate a form like this:
 You will see how the token gets added as a hidden field:
 
 <html>
-<form action="/users/1" method="post">
+<form accept-charset="UTF-8" action="/users/1" method="post">
 <input type="hidden"
        value="67250ab105eb5ad10851c00a5621854a23af5489"
        name="authenticity_token"/>
@@ -560,7 +528,7 @@ In every controller there are two accessor methods pointing to the request and t
 
 h4. The +request+ Object
 
-The request object contains a lot of useful information about the request coming in from the client. To get a full list of the available methods, refer to the "API documentation":http://api.rubyonrails.org/classes/ActionController/AbstractRequest.html. Among the properties that you can access on this object are:
+The request object contains a lot of useful information about the request coming in from the client. To get a full list of the available methods, refer to the "API documentation":http://api.rubyonrails.org/classes/ActionDispatch/Request.html. Among the properties that you can access on this object are:
 
 |_.Property of +request+|_.Purpose|
 |host|The hostname used for this request.|
@@ -608,26 +576,15 @@ Rails comes with two built-in HTTP authentication mechanisms:
 
 h4. HTTP Basic Authentication
 
-HTTP basic authentication is an authentication scheme that is supported by the majority of browsers and other HTTP clients. As an example, consider an administration section which will only be available by entering a username and a password into the browser's HTTP basic dialog window. Using the built-in authentication is quite easy and only requires you to use one method, +authenticate_or_request_with_http_basic+.
+HTTP basic authentication is an authentication scheme that is supported by the majority of browsers and other HTTP clients. As an example, consider an administration section which will only be available by entering a username and a password into the browser's HTTP basic dialog window. Using the built-in authentication is quite easy and only requires you to use one method, +http_basic_authenticate_with+.
 
 <ruby>
 class AdminController < ApplicationController
-  USERNAME, PASSWORD = "humbaba", "5baa61e4"
-
-  before_filter :authenticate
-
-  private
-
-  def authenticate
-    authenticate_or_request_with_http_basic do |username, password|
-      username == USERNAME &&
-      Digest::SHA1.hexdigest(password) == PASSWORD
-    end
-  end
+  http_basic_authenticate_with :name => "humbaba", :password => "5baa61e4"
 end
 </ruby>
 
-With this in place, you can create namespaced controllers that inherit from +AdminController+. The before filter will thus be run for all actions in those controllers, protecting them with HTTP basic authentication.
+With this in place, you can create namespaced controllers that inherit from +AdminController+. The filter will thus be run for all actions in those controllers, protecting them with HTTP basic authentication.
 
 h4. HTTP Digest Authentication
 
@@ -739,16 +696,12 @@ GET /clients/1.pdf
 
 h3. Parameter Filtering
 
-Rails keeps a log file for each environment in the +log+ folder. These are extremely useful when debugging what's actually going on in your application, but in a live application you may not want every bit of information to be stored in the log file. The +filter_parameter_logging+ method can be used to filter out sensitive information from the log. It works by replacing certain values in the +params+ hash with "[FILTERED]" as they are written to the log. As an example, let's see how to filter all parameters with keys that include "password":
+Rails keeps a log file for each environment in the +log+ folder. These are extremely useful when debugging what's actually going on in your application, but in a live application you may not want every bit of information to be stored in the log file. You can filter certain request parameters from your log files by appending them to <tt>config.filter_parameters</tt> in the application configuration. These parameters will be marked [FILTERED] in the log.
 
 <ruby>
-class ApplicationController < ActionController::Base
-  filter_parameter_logging :password
-end
+config.filter_parameters << :password
 </ruby>
 
-The method works recursively through all levels of the +params+ hash and takes an optional second parameter which is used as the replacement string if present. It can also take a block which receives each key in turn and replaces those for which the block returns true.
-
 h3. Rescue
 
 Most likely your application is going to contain bugs or otherwise throw an exception that needs to be handled. For example, if the user follows a link to a resource that no longer exists in the database, Active Record will throw the +ActiveRecord::RecordNotFound+ exception.
@@ -813,6 +766,28 @@ end
 
 NOTE: Certain exceptions are only rescuable from the +ApplicationController+ class, as they are raised before the controller gets initialized and the action gets executed. See Pratik Naik's "article":http://m.onkey.org/2008/7/20/rescue-from-dispatching on the subject for more information.
 
+h3. Force HTTPS protocol
+
+Sometime you might want to force a particular controller to only be accessible via an HTTPS protocol for security reason. Since Rails 3.1 you can now use +force_ssl+ method in your controller to enforce that:
+
+<ruby>
+class DinnerController
+  force_ssl
+end
+</ruby>
+
+Just like the filter, you could also passing +:only+ and +:except+ to enforce the secure connection only to specific actions
+
+<ruby>
+class DinnerController
+  force_ssl :only => :cheeseburger
+  # or
+  force_ssl :except => :cheeseburger
+end
+</ruby>
+
+Please note that if you found yourself adding +force_ssl+ to many controllers, you may found yourself wanting to force the whole application to use HTTPS instead. In that case, you can set the +config.force_ssl+ in your environment file.
+
 h3. Changelog
 
 * February 17, 2009: Yet another proofread by Xavier Noria.