simple_form 2.1.0 → 2.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 27282450639f5fb5ad27d5c59f274aab91a4be7a
+  data.tar.gz: 1ded8f66c7a18f3ea2679ab4da49f9851e8293c1
+SHA512:
+  metadata.gz: 4354640ba60801f7150c215638d03fe65f446c94ec30f93aafafe23a991a64b3789cc39a5f61b86708acd3cbd4fdedd078e29bf35c62e58ac930f436c5320ba6
+  data.tar.gz: 3b8dd8220e0b56ec8a6893ac0c20a60dd4950f98b4297fc197de2c28c76f2cbd9adae3dc7f0c854b7dfe9542a514b6f333257869bbf99e5fcd53fa5f7c35cdc1

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 2.1.1
+
+### bug fix
+  * Fix XSS vulnerability on label, hint and error components.
+
 ## 2.1.0
 
 ### enhancements

data/lib/simple_form/components/errors.rb

@@ -12,7 +12,7 @@ module SimpleForm
       protected
 
       def error_text
-        "#{options[:error_prefix]} #{errors.send(error_method)}".lstrip.html_safe
+        "#{html_escape(options[:error_prefix])} #{errors.send(error_method)}".lstrip.html_safe
       end
 
       def error_method

data/lib/simple_form/components/hints.rb

@@ -5,8 +5,13 @@ module SimpleForm
       def hint
         @hint ||= begin
           hint = options[:hint]
-          hint_content = hint.is_a?(String) ? hint : translate(:hints)
-          hint_content.html_safe if hint_content
+
+          if hint.is_a?(String)
+            html_escape(hint)
+          else
+            content = translate(:hints)
+            content.html_safe if content
+          end
         end
       end
 

data/lib/simple_form/components/labels.rb

@@ -30,7 +30,7 @@ module SimpleForm
       end
 
       def label_text
-        SimpleForm.label_text.call(raw_label_text, required_label_text).strip.html_safe
+        SimpleForm.label_text.call(html_escape(raw_label_text), required_label_text).strip.html_safe
       end
 
       def label_target

data/lib/simple_form/inputs/base.rb

@@ -1,8 +1,11 @@
 require 'simple_form/i18n_cache'
+require 'active_support/core_ext/string/output_safety'
 
 module SimpleForm
   module Inputs
     class Base
+      include ERB::Util
+
       extend I18nCache
 
       include SimpleForm::Helpers::Autofocus

data/lib/simple_form/version.rb

@@ -1,3 +1,3 @@
 module SimpleForm
-  VERSION = "2.1.0".freeze
+  VERSION = "2.1.1".freeze
 end

data/test/form_builder/error_test.rb

@@ -80,8 +80,13 @@ class ErrorTest < ActionView::TestCase
     assert_no_select 'p.error[error_method]'
   end
 
-  test 'error should generate an error message with raw HTML tags' do
+  test 'error should escape error prefix text' do
     with_error_for @user, :name, :error_prefix => '<b>Name</b>'
+    assert_select 'span.error', "&lt;b&gt;Name&lt;/b&gt; can't be blank"
+  end
+
+  test 'error should generate an error message with raw HTML tags' do
+    with_error_for @user, :name, :error_prefix => '<b>Name</b>'.html_safe
     assert_select 'span.error', "Name can't be blank"
     assert_select 'span.error b', "Name"
   end

data/test/form_builder/hint_test.rb

@@ -43,8 +43,14 @@ class HintTest < ActionView::TestCase
   end
 
   test 'hint should be output as html_safe' do
-    with_hint_for @user, :name, :hint => '<b>Bold</b> and not...'
+    with_hint_for @user, :name, :hint => '<b>Bold</b> and not...'.html_safe
     assert_select 'span.hint', 'Bold and not...'
+    assert_select 'span.hint b', 'Bold'
+  end
+
+  test 'builder should escape hint text' do
+    with_hint_for @user, :name, :hint => '<script>alert(1337)</script>'
+    assert_select 'span.hint', "&lt;script&gt;alert(1337)&lt;/script&gt;"
   end
 
   # Without attribute name
@@ -132,7 +138,7 @@ class HintTest < ActionView::TestCase
   test 'hint with custom wrappers works' do
     swap_wrapper do
       with_hint_for @user, :name, :hint => "can't be blank"
-      assert_select 'div.omg_hint', "can't be blank"
+      assert_select 'div.omg_hint', "can&#x27;t be blank"
     end
   end
 end

data/test/form_builder/label_test.rb

@@ -29,6 +29,16 @@ class LabelTest < ActionView::TestCase
     assert_select 'label.string.required[for=validating_user_name]', /Name/
   end
 
+  test 'builder should escape label text' do
+    with_label_for @user, :name, :label => '<script>alert(1337)</script>', :required => false
+    assert_select 'label.string', "&lt;script&gt;alert(1337)&lt;/script&gt;"
+  end
+
+  test 'builder should not escape label text if it is safe' do
+    with_label_for @user, :name, :label => '<script>alert(1337)</script>'.html_safe, :required => false
+    assert_select 'label.string script', "alert(1337)"
+  end
+
   test 'builder should allow passing options to label tag' do
     with_label_for @user, :name, :label => 'My label', :id => 'name_label'
     assert_select 'label.string#name_label', /My label/

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simple_form
 version: !ruby/object:Gem::Version
-  version: 2.1.0
-  prerelease: 
+  version: 2.1.1
 platform: ruby
 authors:
 - José Valim
@@ -11,12 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-02-26 00:00:00.000000000 Z
+date: 2013-11-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -24,7 +22,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -32,7 +29,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -40,7 +36,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -65,7 +60,6 @@ files:
 - lib/generators/simple_form/templates/README
 - lib/generators/simple_form/USAGE
 - lib/simple_form/action_view_extensions/builder.rb
-- lib/simple_form/action_view_extensions/builder.rb.orig
 - lib/simple_form/action_view_extensions/form_helper.rb
 - lib/simple_form/components/errors.rb
 - lib/simple_form/components/hints.rb
@@ -81,7 +75,6 @@ files:
 - lib/simple_form/core_ext/hash.rb
 - lib/simple_form/error_notification.rb
 - lib/simple_form/form_builder.rb
-- lib/simple_form/form_builder.rb.orig
 - lib/simple_form/helpers/autofocus.rb
 - lib/simple_form/helpers/disabled.rb
 - lib/simple_form/helpers/readonly.rb
@@ -109,7 +102,6 @@ files:
 - lib/simple_form/inputs.rb
 - lib/simple_form/map_type.rb
 - lib/simple_form/version.rb
-- lib/simple_form/version.rb.orig
 - lib/simple_form/wrappers/builder.rb
 - lib/simple_form/wrappers/many.rb
 - lib/simple_form/wrappers/root.rb
@@ -154,33 +146,26 @@ files:
 - test/test_helper.rb
 homepage: https://github.com/plataformatec/simple_form
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -389428450847468473
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -389428450847468473
 requirements: []
 rubyforge_project: simple_form
-rubygems_version: 1.8.23
+rubygems_version: 2.1.11
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Forms made easy!
 test_files:
 - test/action_view_extensions/builder_test.rb

data/lib/simple_form/action_view_extensions/builder.rb.orig

@@ -1,247 +0,0 @@
-module SimpleForm
-  module ActionViewExtensions
-    # A collection of methods required by simple_form but added to rails default form.
-    # This means that you can use such methods outside simple_form context.
-    module Builder
-
-      # Wrapper for using SimpleForm inside a default rails form.
-      # Example:
-      #
-      #   form_for @user do |f|
-      #     f.simple_fields_for :posts do |posts_form|
-      #       # Here you have all simple_form methods available
-      #       posts_form.input :title
-      #     end
-      #   end
-      def simple_fields_for(*args, &block)
-        options = args.extract_options!
-        options[:wrapper] = self.options[:wrapper] if options[:wrapper].nil?
-        options[:defaults] ||= self.options[:defaults]
-
-        if self.class < ActionView::Helpers::FormBuilder
-          options[:builder] ||= self.class
-        else
-          options[:builder] ||= SimpleForm::FormBuilder
-        end
-        fields_for(*(args << options), &block)
-      end
-    end
-  end
-end
-
-module SimpleForm
-  module Tags
-    module CollectionExtensions
-      private
-
-      def render_collection
-        item_wrapper_tag   = @options.fetch(:item_wrapper_tag, :span)
-        item_wrapper_class = @options[:item_wrapper_class]
-
-        @collection.map do |item|
-          value = value_for_collection(item, @value_method)
-          text  = value_for_collection(item, @text_method)
-          default_html_options = default_html_options_for_collection(item, value)
-
-          rendered_item = yield item, value, text, default_html_options
-
-          item_wrapper_tag ? @template_object.content_tag(item_wrapper_tag, rendered_item, :class => item_wrapper_class) : rendered_item
-        end.join.html_safe
-      end
-
-      def wrap_rendered_collection(collection)
-        wrapper_tag = @options[:collection_wrapper_tag]
-
-        if wrapper_tag
-          wrapper_class = @options[:collection_wrapper_class]
-          @template_object.content_tag(wrapper_tag, collection, :class => wrapper_class)
-        else
-          collection
-        end
-      end
-    end
-
-    class CollectionRadioButtons < ActionView::Helpers::Tags::CollectionRadioButtons
-      include CollectionExtensions
-
-      def render
-        wrap_rendered_collection(super)
-      end
-
-      private
-
-      def render_component(builder)
-        builder.radio_button + builder.label(:class => "collection_radio_buttons")
-      end
-    end
-
-    class CollectionCheckBoxes < ActionView::Helpers::Tags::CollectionCheckBoxes
-      include CollectionExtensions
-
-      def render
-        wrap_rendered_collection(super)
-      end
-
-      private
-
-      def render_component(builder)
-        builder.check_box + builder.label(:class => "collection_check_boxes")
-      end
-    end
-  end
-end
-
-module ActionView::Helpers
-  class FormBuilder
-    include SimpleForm::ActionViewExtensions::Builder
-  end
-
-<<<<<<< HEAD
-    # Create a collection of radio inputs for the attribute. Basically this
-    # helper will create a radio input associated with a label for each
-    # text/value option in the collection, using value_method and text_method
-    # to convert these text/value. You can give a symbol or a proc to both
-    # value_method and text_method, that will be evaluated for each item in
-    # the collection.
-    #
-    # == Examples
-    #
-    #   form_for @user do |f|
-    #     f.collection_radio_buttons :options, [[true, 'Yes'] ,[false, 'No']], :first, :last
-    #   end
-    #
-    #   <input id="user_options_true" name="user[options]" type="radio" value="true" />
-    #   <label class="collection_radio_buttons" for="user_options_true">Yes</label>
-    #   <input id="user_options_false" name="user[options]" type="radio" value="false" />
-    #   <label class="collection_radio_buttons" for="user_options_false">No</label>
-    #
-    # It is also possible to give a block that should generate the radio +
-    # label. To wrap the radio with the label, for instance:
-    #
-    #   form_for @user do |f|
-    #     f.collection_radio_buttons(
-    #       :options, [[true, 'Yes'] ,[false, 'No']], :first, :last
-    #     ) do |b|
-    #       b.label { b.radio_button + b.text }
-    #     end
-    #   end
-    #
-    # == Options
-    #
-    # Collection radio accepts some extra options:
-    #
-    #   * checked  => the value that should be checked initially.
-    #
-    #   * disabled => the value or values that should be disabled. Accepts a single
-    #                 item or an array of items.
-    #
-    #   * collection_wrapper_tag   => the tag to wrap the entire collection.
-    #
-    #   * collection_wrapper_class => the CSS class to use for collection_wrapper_tag
-    #
-    #   * item_wrapper_tag         => the tag to wrap each item in the collection.
-    #
-    #   * item_wrapper_class       => the CSS class to use for item_wrapper_tag
-    #
-    #   * a block                  => to generate the label + radio or any other component.
-    def collection_radio_buttons(method, collection, value_method, text_method, options = {}, html_options = {}, &block)
-      SimpleForm::Tags::CollectionRadioButtons.new(@object_name, method, @template, collection, value_method, text_method, objectify_options(options), @default_options.merge(html_options)).render(&block)
-=======
-  module FormOptionsHelper
-    # Override Rails options_from_collection_for_select to handle lambdas/procs in
-    # text and value methods, so it works the same way as collection_radio_buttons
-    # and collection_check_boxes in SimpleForm. If none of text/value methods is a
-    # callable object, then it just delegates back to original collection select.
-    # FIXME: remove when support only Rails 4.0 forward
-    #        https://github.com/rails/rails/commit/9035324367526af0300477a58b6d3efc15d1a5a8
-    alias :original_options_from_collection_for_select :options_from_collection_for_select
-    def options_from_collection_for_select(collection, value_method, text_method, selected = nil)
-      if value_method.respond_to?(:call) || text_method.respond_to?(:call)
-        collection = collection.map do |item|
-          value = value_for_collection(item, value_method)
-          text  = value_for_collection(item, text_method)
-
-          [value, text]
-        end
-
-        value_method, text_method = :first, :last
-        selected = extract_selected_and_disabled_and_call_procs selected, collection
-      end
-
-      original_options_from_collection_for_select collection, value_method, text_method, selected
-    end
-
-    private
-
-    def extract_selected_and_disabled_and_call_procs(selected, collection)
-      selected, disabled = extract_selected_and_disabled selected
-      selected_disabled = { :selected => selected, :disabled => disabled }
-
-      selected_disabled.each do |key, check|
-        if check.is_a? Proc
-          values = collection.map { |option| option.first if check.call(option.first) }
-          selected_disabled[key] = values
-        end
-      end
-    end
-
-    def value_for_collection(item, value) #:nodoc:
-      value.respond_to?(:call) ? value.call(item) : item.send(value)
->>>>>>> master
-    end
-
-    # Creates a collection of check boxes for each item in the collection,
-    # associated with a clickable label. Use value_method and text_method to
-    # convert items in the collection for use as text/value in check boxes.
-    # You can give a symbol or a proc to both value_method and text_method,
-    # that will be evaluated for each item in the collection.
-    #
-    # == Examples
-    #
-    #   form_for @user do |f|
-    #     f.collection_check_boxes :options, [[true, 'Yes'] ,[false, 'No']], :first, :last
-    #   end
-    #
-    #   <input name="user[options][]" type="hidden" value="" />
-    #   <input id="user_options_true" name="user[options][]" type="checkbox" value="true" />
-    #   <label class="collection_check_boxes" for="user_options_true">Yes</label>
-    #   <input name="user[options][]" type="hidden" value="" />
-    #   <input id="user_options_false" name="user[options][]" type="checkbox" value="false" />
-    #   <label class="collection_check_boxes" for="user_options_false">No</label>
-    #
-    # It is also possible to give a block that should generate the check box +
-    # label. To wrap the check box with the label, for instance:
-    #
-    #   form_for @user do |f|
-    #     f.collection_check_boxes(
-    #       :options, [[true, 'Yes'] ,[false, 'No']], :first, :last
-    #     ) do |b|
-    #       b.label { b.check_box + b.text }
-    #     end
-    #   end
-    #
-    # == Options
-    #
-    # Collection check box accepts some extra options:
-    #
-    #   * checked  => the value or values that should be checked initially. Accepts
-    #                 a single item or an array of items. It overrides existing associations.
-    #
-    #   * disabled => the value or values that should be disabled. Accepts a single
-    #                 item or an array of items.
-    #
-    #   * collection_wrapper_tag   => the tag to wrap the entire collection.
-    #
-    #   * collection_wrapper_class => the CSS class to use for collection_wrapper_tag. This option
-    #                                 is ignored if the :collection_wrapper_tag option is blank.
-    #
-    #   * item_wrapper_tag         => the tag to wrap each item in the collection.
-    #
-    #   * item_wrapper_class       => the CSS class to use for item_wrapper_tag
-    #
-    #   * a block                  => to generate the label + check box or any other component.
-    def collection_check_boxes(method, collection, value_method, text_method, options = {}, html_options = {}, &block)
-      SimpleForm::Tags::CollectionCheckBoxes.new(@object_name, method, @template, collection, value_method, text_method, objectify_options(options), @default_options.merge(html_options)).render(&block)
-    end
-  end
-end

data/lib/simple_form/form_builder.rb.orig

@@ -1,486 +0,0 @@
-<<<<<<< HEAD
-require 'simple_form/core_ext/hash'
-=======
-require 'active_support/core_ext/object/deep_dup'
-require 'simple_form/map_type'
->>>>>>> beeac4d... These modules don't need to be autoloaded
-
-module SimpleForm
-  class FormBuilder < ActionView::Helpers::FormBuilder
-    attr_reader :template, :object_name, :object, :wrapper
-
-    # When action is create or update, we still should use new and edit
-    ACTIONS = {
-      :create => :new,
-      :update => :edit
-    }
-
-    extend MapType
-    include SimpleForm::Inputs
-
-    map_type :text,                                :to => SimpleForm::Inputs::TextInput
-    map_type :file,                                :to => SimpleForm::Inputs::FileInput
-    map_type :string, :email, :search, :tel, :url, :to => SimpleForm::Inputs::StringInput
-    map_type :password,                            :to => SimpleForm::Inputs::PasswordInput
-    map_type :integer, :decimal, :float,           :to => SimpleForm::Inputs::NumericInput
-    map_type :range,                               :to => SimpleForm::Inputs::RangeInput
-    map_type :check_boxes,                         :to => SimpleForm::Inputs::CollectionCheckBoxesInput
-    map_type :radio_buttons,                       :to => SimpleForm::Inputs::CollectionRadioButtonsInput
-    map_type :select,                              :to => SimpleForm::Inputs::CollectionSelectInput
-    map_type :grouped_select,                      :to => SimpleForm::Inputs::GroupedCollectionSelectInput
-    map_type :date, :time, :datetime,              :to => SimpleForm::Inputs::DateTimeInput
-    map_type :country, :time_zone,                 :to => SimpleForm::Inputs::PriorityInput
-    map_type :boolean,                             :to => SimpleForm::Inputs::BooleanInput
-
-    def self.discovery_cache
-      @discovery_cache ||= {}
-    end
-
-    def initialize(*) #:nodoc:
-      super
-      @defaults = options[:defaults]
-      @wrapper  = SimpleForm.wrapper(options[:wrapper] || SimpleForm.default_wrapper)
-    end
-
-    # Basic input helper, combines all components in the stack to generate
-    # input html based on options the user define and some guesses through
-    # database column information. By default a call to input will generate
-    # label + input + hint (when defined) + errors (when exists), and all can
-    # be configured inside a wrapper html.
-    #
-    # == Examples
-    #
-    #   # Imagine @user has error "can't be blank" on name
-    #   simple_form_for @user do |f|
-    #     f.input :name, :hint => 'My hint'
-    #   end
-    #
-    # This is the output html (only the input portion, not the form):
-    #
-    #     <label class="string required" for="user_name">
-    #       <abbr title="required">*</abbr> Super User Name!
-    #     </label>
-    #     <input class="string required" id="user_name" maxlength="100"
-    #        name="user[name]" size="100" type="text" value="Carlos" />
-    #     <span class="hint">My hint</span>
-    #     <span class="error">can't be blank</span>
-    #
-    # Each database type will render a default input, based on some mappings and
-    # heuristic to determine which is the best option.
-    #
-    # You have some options for the input to enable/disable some functions:
-    #
-    #   :as => allows you to define the input type you want, for instance you
-    #          can use it to generate a text field for a date column.
-    #
-    #   :required => defines whether this attribute is required or not. True
-    #               by default.
-    #
-    # The fact SimpleForm is built in components allow the interface to be unified.
-    # So, for instance, if you need to disable :hint for a given input, you can pass
-    # :hint => false. The same works for :error, :label and :wrapper.
-    #
-    # Besides the html for any component can be changed. So, if you want to change
-    # the label html you just need to give a hash to :label_html. To configure the
-    # input html, supply :input_html instead and so on.
-    #
-    # == Options
-    #
-    # Some inputs, as datetime, time and select allow you to give extra options, like
-    # prompt and/or include blank. Such options are given in plainly:
-    #
-    #    f.input :created_at, :include_blank => true
-    #
-    # == Collection
-    #
-    # When playing with collections (:radio_buttons, :check_boxes and :select
-    # inputs), you have three extra options:
-    #
-    #   :collection => use to determine the collection to generate the radio or select
-    #
-    #   :label_method => the method to apply on the array collection to get the label
-    #
-    #   :value_method => the method to apply on the array collection to get the value
-    #
-    # == Priority
-    #
-    # Some inputs, as :time_zone and :country accepts a :priority option. If none is
-    # given SimpleForm.time_zone_priority and SimpleForm.country_priority are used respectively.
-    #
-    def input(attribute_name, options={}, &block)
-      options = @defaults.deep_dup.deep_merge(options) if @defaults
-      input = find_input(attribute_name, options, &block)
-
-      chosen =
-        if name = options[:wrapper] || find_wrapper_mapping(input.input_type)
-          name.respond_to?(:render) ? name : SimpleForm.wrapper(name)
-        else
-          wrapper
-        end
-
-      chosen.render input
-    end
-    alias :attribute :input
-
-    # Creates a input tag for the given attribute. All the given options
-    # are sent as :input_html.
-    #
-    # == Examples
-    #
-    #   simple_form_for @user do |f|
-    #     f.input_field :name
-    #   end
-    #
-    # This is the output html (only the input portion, not the form):
-    #
-    #     <input class="string required" id="user_name" maxlength="100"
-    #        name="user[name]" size="100" type="text" value="Carlos" />
-    #
-    def input_field(attribute_name, options={})
-      options = options.dup
-      options[:input_html] = options.except(:as, :collection, :label_method, :value_method)
-      options = @defaults.deep_dup.deep_merge(options) if @defaults
-
-      SimpleForm::Wrappers::Root.new([:input], :wrapper => false).render find_input(attribute_name, options)
-    end
-
-    # Helper for dealing with association selects/radios, generating the
-    # collection automatically. It's just a wrapper to input, so all options
-    # supported in input are also supported by association. Some extra options
-    # can also be given:
-    #
-    # == Examples
-    #
-    #   simple_form_for @user do |f|
-    #     f.association :company          # Company.all
-    #   end
-    #
-    #   f.association :company, :collection => Company.all(:order => 'name')
-    #   # Same as using :order option, but overriding collection
-    #
-    # == Block
-    #
-    # When a block is given, association simple behaves as a proxy to
-    # simple_fields_for:
-    #
-    #   f.association :company do |c|
-    #     c.input :name
-    #     c.input :type
-    #   end
-    #
-    # From the options above, only :collection can also be supplied.
-    #
-    def association(association, options={}, &block)
-      options = options.dup
-
-      return simple_fields_for(*[association,
-        options.delete(:collection), options].compact, &block) if block_given?
-
-      raise ArgumentError, "Association cannot be used in forms not associated with an object" unless @object
-
-      reflection = find_association_reflection(association)
-      raise "Association #{association.inspect} not found" unless reflection
-
-      options[:as] ||= :select
-      options[:collection] ||= options.fetch(:collection) {
-        reflection.klass.all(reflection.options.slice(:conditions, :order))
-      }
-
-      attribute = case reflection.macro
-        when :belongs_to
-          (reflection.respond_to?(:options) && reflection.options[:foreign_key]) || :"#{reflection.name}_id"
-        when :has_one
-          raise ArgumentError, ":has_one associations are not supported by f.association"
-        else
-          if options[:as] == :select
-            html_options = options[:input_html] ||= {}
-            html_options[:size]   ||= 5
-            html_options[:multiple] = true unless html_options.key?(:multiple)
-          end
-
-          # Force the association to be preloaded for performance.
-          if options[:preload] != false && object.respond_to?(association)
-            target = object.send(association)
-            target.to_a if target.respond_to?(:to_a)
-          end
-
-          :"#{reflection.name.to_s.singularize}_ids"
-      end
-
-      input(attribute, options.merge(:reflection => reflection))
-    end
-
-    # Creates a button:
-    #
-    #   form_for @user do |f|
-    #     f.button :submit
-    #   end
-    #
-    # It just acts as a proxy to method name given. We also alias original Rails
-    # button implementation (3.2 forward (to delegate to the original when
-    # calling `f.button :button`.
-    #
-    # TODO: remove if condition when supporting only Rails 3.2 forward.
-    alias_method :button_button, :button if method_defined?(:button)
-    def button(type, *args, &block)
-      options = args.extract_options!.dup
-      options[:class] = [SimpleForm.button_class, options[:class]].compact
-      args << options
-      if respond_to?("#{type}_button")
-        send("#{type}_button", *args, &block)
-      else
-        send(type, *args, &block)
-      end
-    end
-
-    # Creates an error tag based on the given attribute, only when the attribute
-    # contains errors. All the given options are sent as :error_html.
-    #
-    # == Examples
-    #
-    #    f.error :name
-    #    f.error :name, :id => "cool_error"
-    #
-    def error(attribute_name, options={})
-      options = options.dup
-
-      options[:error_html] = options.except(:error_tag, :error_prefix, :error_method)
-      column      = find_attribute_column(attribute_name)
-      input_type  = default_input_type(attribute_name, column, options)
-      wrapper.find(:error).
-        render(SimpleForm::Inputs::Base.new(self, attribute_name, column, input_type, options))
-    end
-
-    # Return the error but also considering its name. This is used
-    # when errors for a hidden field need to be shown.
-    #
-    # == Examples
-    #
-    #    f.full_error :token #=> <span class="error">Token is invalid</span>
-    #
-    def full_error(attribute_name, options={})
-      options = options.dup
-
-      options[:error_prefix] ||= if object.class.respond_to?(:human_attribute_name)
-        object.class.human_attribute_name(attribute_name.to_s)
-      else
-        attribute_name.to_s.humanize
-      end
-
-      error(attribute_name, options)
-    end
-
-    # Creates a hint tag for the given attribute. Accepts a symbol indicating
-    # an attribute for I18n lookup or a string. All the given options are sent
-    # as :hint_html.
-    #
-    # == Examples
-    #
-    #    f.hint :name # Do I18n lookup
-    #    f.hint :name, :id => "cool_hint"
-    #    f.hint "Don't forget to accept this"
-    #
-    def hint(attribute_name, options={})
-      options = options.dup
-
-      options[:hint_html] = options.except(:hint_tag, :hint)
-      if attribute_name.is_a?(String)
-        options[:hint] = attribute_name
-        attribute_name, column, input_type = nil, nil, nil
-      else
-        column      = find_attribute_column(attribute_name)
-        input_type  = default_input_type(attribute_name, column, options)
-      end
-
-      wrapper.find(:hint).
-        render(SimpleForm::Inputs::Base.new(self, attribute_name, column, input_type, options))
-    end
-
-    # Creates a default label tag for the given attribute. You can give a label
-    # through the :label option or using i18n. All the given options are sent
-    # as :label_html.
-    #
-    # == Examples
-    #
-    #    f.label :name                     # Do I18n lookup
-    #    f.label :name, "Name"             # Same behavior as Rails, do not add required tag
-    #    f.label :name, :label => "Name"   # Same as above, but adds required tag
-    #
-    #    f.label :name, :required => false
-    #    f.label :name, :id => "cool_label"
-    #
-    def label(attribute_name, *args)
-      return super if args.first.is_a?(String) || block_given?
-
-      options = args.extract_options!.dup
-      options[:label_html] = options.except(:label, :required, :as)
-
-      column      = find_attribute_column(attribute_name)
-      input_type  = default_input_type(attribute_name, column, options)
-      SimpleForm::Inputs::Base.new(self, attribute_name, column, input_type, options).label
-    end
-
-    # Creates an error notification message that only appears when the form object
-    # has some error. You can give a specific message with the :message option,
-    # otherwise it will look for a message using I18n. All other options given are
-    # passed straight as html options to the html tag.
-    #
-    # == Examples
-    #
-    #    f.error_notification
-    #    f.error_notification :message => 'Something went wrong'
-    #    f.error_notification :id => 'user_error_message', :class => 'form_error'
-    #
-    def error_notification(options={})
-      SimpleForm::ErrorNotification.new(self, options).render
-    end
-
-    # Extract the model names from the object_name mess, ignoring numeric and
-    # explicit child indexes.
-    #
-    # Example:
-    #
-    # route[blocks_attributes][0][blocks_learning_object_attributes][1][foo_attributes]
-    # ["route", "blocks", "blocks_learning_object", "foo"]
-    #
-    def lookup_model_names
-      @lookup_model_names ||= begin
-        child_index = options[:child_index]
-        names = object_name.to_s.scan(/([a-zA-Z_]+)/).flatten
-        names.delete(child_index) if child_index
-        names.each { |name| name.gsub!('_attributes', '') }
-        names.freeze
-      end
-    end
-
-    # The action to be used in lookup.
-    def lookup_action
-      @lookup_action ||= begin
-        action = template.controller.action_name
-        return unless action
-        action = action.to_sym
-        ACTIONS[action] || action
-      end
-    end
-
-    private
-
-    # Find an input based on the attribute name.
-    def find_input(attribute_name, options={}, &block) #:nodoc:
-      column     = find_attribute_column(attribute_name)
-      input_type = default_input_type(attribute_name, column, options)
-
-      if input_type == :radio
-        SimpleForm.deprecation_warn "Using `:as => :radio` as input type is " \
-          "deprecated, please change it to `:as => :radio_buttons`."
-        input_type = :radio_buttons
-      end
-
-      if block_given?
-        SimpleForm::Inputs::BlockInput.new(self, attribute_name, column, input_type, options, &block)
-      else
-        find_mapping(input_type).new(self, attribute_name, column, input_type, options)
-      end
-    end
-
-    # Attempt to guess the better input type given the defined options. By
-    # default alwayls fallback to the user :as option, or to a :select when a
-    # collection is given.
-    def default_input_type(attribute_name, column, options) #:nodoc:
-      return options[:as].to_sym if options[:as]
-      return :select             if options[:collection]
-      custom_type = find_custom_type(attribute_name.to_s) and return custom_type
-
-      input_type = column.try(:type)
-      case input_type
-      when :timestamp
-        :datetime
-      when :string, nil
-        case attribute_name.to_s
-        when /password/  then :password
-        when /time_zone/ then :time_zone
-        when /country/   then :country
-        when /email/     then :email
-        when /phone/     then :tel
-        when /url/       then :url
-        else
-          file_method?(attribute_name) ? :file : (input_type || :string)
-        end
-      else
-        input_type
-      end
-    end
-
-    def find_custom_type(attribute_name) #:nodoc:
-      SimpleForm.input_mappings.find { |match, type|
-        attribute_name =~ match
-      }.try(:last) if SimpleForm.input_mappings
-    end
-
-    def file_method?(attribute_name) #:nodoc:
-      file = @object.send(attribute_name) if @object.respond_to?(attribute_name)
-      file && SimpleForm.file_methods.any? { |m| file.respond_to?(m) }
-    end
-
-    def find_attribute_column(attribute_name) #:nodoc:
-      if @object.respond_to?(:column_for_attribute)
-        @object.column_for_attribute(attribute_name)
-      end
-    end
-
-    def find_association_reflection(association) #:nodoc:
-      if @object.class.respond_to?(:reflect_on_association)
-        @object.class.reflect_on_association(association)
-      end
-    end
-
-    # Attempts to find a mapping. It follows the following rules:
-    #
-    # 1) It tries to find a registered mapping, if succeeds:
-    #    a) Try to find an alternative with the same name in the Object scope
-    #    b) Or use the found mapping
-    # 2) If not, fallbacks to #{input_type}Input
-    # 3) If not, fallbacks to SimpleForm::Inputs::#{input_type}Input
-    def find_mapping(input_type) #:nodoc:
-      discovery_cache[input_type] ||=
-        if mapping = self.class.mappings[input_type]
-          mapping_override(mapping) || mapping
-        else
-          camelized = "#{input_type.to_s.camelize}Input"
-          attempt_mapping(camelized, Object) || attempt_mapping(camelized, self.class) ||
-            raise("No input found for #{input_type}")
-        end
-    end
-
-    def find_wrapper_mapping(input_type) #:nodoc:
-      SimpleForm.wrapper_mappings && SimpleForm.wrapper_mappings[input_type]
-    end
-
-    # If cache_discovery is enabled, use the class level cache that persists
-    # between requests, otherwise use the instance one.
-    def discovery_cache #:nodoc:
-      if SimpleForm.cache_discovery
-        self.class.discovery_cache
-      else
-        @discovery_cache ||= {}
-      end
-    end
-
-    def mapping_override(klass) #:nodoc:
-      name = klass.name
-      if name =~ /^SimpleForm::Inputs/
-        attempt_mapping name.split("::").last, Object
-      end
-    end
-
-    def attempt_mapping(mapping, at) #:nodoc:
-      return if SimpleForm.inputs_discovery == false && at == Object
-
-      begin
-        at.const_get(mapping)
-      rescue NameError => e
-        raise if e.message !~ /#{mapping}$/
-      end
-    end
-  end
-end

data/lib/simple_form/version.rb.orig

@@ -1,7 +0,0 @@
-module SimpleForm
-<<<<<<< HEAD
-  VERSION = "2.0.4".freeze
-=======
-  VERSION = "2.1.0.dev".freeze
->>>>>>> issue-720
-end