sinatra 1.4.8 → 2.1.0

data/lib/sinatra/base.rb

@@ -1,7 +1,13 @@
+# coding: utf-8
+# frozen_string_literal: true
+
 # external dependencies
 require 'rack'
 require 'tilt'
 require 'rack/protection'
+require 'mustermann'
+require 'mustermann/sinatra'
+require 'mustermann/regular'
 
 # stdlib dependencies
 require 'thread'
@@ -9,8 +15,8 @@ require 'time'
 require 'uri'
 
 # other files we need
+require 'sinatra/indifferent_hash'
 require 'sinatra/show_exceptions'
-require 'sinatra/ext'
 require 'sinatra/version'
 
 module Sinatra
@@ -37,12 +43,11 @@ module Sinatra
     end
 
     def preferred_type(*types)
-      accepts = accept # just evaluate once
-      return accepts.first if types.empty?
+      return accept.first if types.empty?
       types.flatten!
-      return types.first if accepts.empty?
-      accepts.detect do |pattern|
-        type = types.detect { |t| File.fnmatch(pattern, t) }
+      return types.first if accept.empty?
+      accept.detect do |accept_header|
+        type = types.detect { |t| MimeTypeEntry.new(t).accepts?(accept_header) }
         return type if type
       end
     end
@@ -69,7 +74,11 @@ module Sinatra
       request_method == "UNLINK"
     end
 
-    private
+    def params
+      super
+    rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
+      raise BadRequest, "Invalid query parameters: #{Rack::Utils.escape_html(e.message)}"
+    end
 
     class AcceptEntry
       attr_accessor :params
@@ -113,6 +122,35 @@ module Sinatra
         to_str.send(*args, &block)
       end
     end
+
+    class MimeTypeEntry
+      attr_reader :params
+
+      def initialize(entry)
+        params = entry.scan(HEADER_PARAM).map! do |s|
+          key, value = s.strip.split('=', 2)
+          value = value[1..-2].gsub(/\\(.)/, '\1') if value.start_with?('"')
+          [key, value]
+        end
+
+        @type   = entry[/[^;]+/].delete(' ')
+        @params = Hash[params]
+      end
+
+      def accepts?(entry)
+        File.fnmatch(entry, self) && matches_params?(entry.params)
+      end
+
+      def to_str
+        @type
+      end
+
+      def matches_params?(params)
+        return true if @params.empty?
+
+        params.all? { |k,v| !@params.has_key?(k) || @params[k] == v }
+      end
+    end
   end
 
   # The response object. See Rack::Response and Rack::Response::Helpers for
@@ -120,11 +158,7 @@ module Sinatra
   # http://rubydoc.info/github/rack/rack/master/Rack/Response
   # http://rubydoc.info/github/rack/rack/master/Rack/Response/Helpers
   class Response < Rack::Response
-    DROP_BODY_RESPONSES = [204, 205, 304]
-    def initialize(*)
-      super
-      headers['Content-Type'] ||= 'text/html'
-    end
+    DROP_BODY_RESPONSES = [204, 304]
 
     def body=(value)
       value = value.body while Rack::Response === value
@@ -151,7 +185,7 @@ module Sinatra
       if calculate_content_length?
         # if some other code has already set Content-Length, don't muck with it
         # currently, this would be the static file-handler
-        headers["Content-Length"] = body.inject(0) { |l, p| l + Rack::Utils.bytesize(p) }.to_s
+        headers["Content-Length"] = body.map(&:bytesize).reduce(0, :+).to_s
       end
 
       [status.to_i, headers, result]
@@ -172,7 +206,7 @@ module Sinatra
     end
   end
 
-  # Some Rack handlers (Thin, Rainbows!) implement an extended body object protocol, however,
+  # Some Rack handlers (Rainbows!) implement an extended body object protocol, however,
   # some middleware (namely Rack::Lint) will break it by not mirroring the methods in question.
   # This middleware will detect an extended body object and will make sure it reaches the
   # handler directly. We do this here, so our middleware and middleware set up by the app will
@@ -221,6 +255,10 @@ module Sinatra
     end
   end
 
+  class BadRequest < TypeError #:nodoc:
+    def http_status; 400 end
+  end
+
   class NotFound < NameError #:nodoc:
     def http_status; 404 end
   end
@@ -229,7 +267,7 @@ module Sinatra
   module Helpers
     # Set or retrieve the response status code.
     def status(value = nil)
-      response.status = value if value
+      response.status = Rack::Utils.status_code(value) if value
       response.status
     end
 
@@ -240,7 +278,11 @@ module Sinatra
         def block.each; yield(call) end
         response.body = block
       elsif value
-        headers.delete 'Content-Length' unless request.head? || value.is_a?(Rack::File) || value.is_a?(Stream)
+        # Rack 2.0 returns a Rack::File::Iterator here instead of
+        # Rack::File as it was in the previous API.
+        unless request.head? || value.is_a?(Rack::File::Iterator) || value.is_a?(Stream)
+          headers.delete 'Content-Length'
+        end
         response.body = value
       else
         response.body
@@ -264,8 +306,8 @@ module Sinatra
     # Generates the absolute URI for a given path in the app.
     # Takes Rack routers and reverse proxies into account.
     def uri(addr = nil, absolute = true, add_script_name = true)
-      return addr if addr =~ /\A[A-z][A-z0-9\+\.\-]*:/
-      uri = [host = ""]
+      return addr if addr =~ /\A[a-z][a-z0-9\+\.\-]*:/i
+      uri = [host = String.new]
       if absolute
         host << "http#{'s' if request.secure?}://"
         if request.forwarded? or request.port != (request.secure? ? 443 : 80)
@@ -339,8 +381,8 @@ module Sinatra
 
     # Set the Content-Disposition to "attachment" with the specified filename,
     # instructing the user agents to prompt to save.
-    def attachment(filename = nil, disposition = 'attachment')
-      response['Content-Disposition'] = disposition.to_s
+    def attachment(filename = nil, disposition = :attachment)
+      response['Content-Disposition'] = disposition.to_s.dup
       if filename
         params = '; filename="%s"' % File.basename(filename)
         response['Content-Disposition'] << params
@@ -357,19 +399,19 @@ module Sinatra
 
       disposition = opts[:disposition]
       filename    = opts[:filename]
-      disposition = 'attachment' if disposition.nil? and filename
-      filename    = path         if filename.nil?
+      disposition = :attachment if disposition.nil? and filename
+      filename    = path        if filename.nil?
       attachment(filename, disposition) if disposition
 
       last_modified opts[:last_modified] if opts[:last_modified]
 
-      file      = Rack::File.new nil
-      file.path = path
-      result    = file.serving env
+      file   = Rack::File.new(File.dirname(settings.app_file))
+      result = file.serving(request, path)
+
       result[1].each { |k,v| headers[k] ||= v }
       headers['Content-Length'] = result[1]['Content-Length']
       opts[:status] &&= Integer(opts[:status])
-      halt opts[:status] || result[0], result[2]
+      halt (opts[:status] || result[0]), result[2]
     rescue Errno::ENOENT
       not_found
     end
@@ -394,7 +436,7 @@ module Sinatra
       def close
         return if closed?
         @closed = true
-        @scheduler.schedule { @callbacks.each { |c| c.call }}
+        @scheduler.schedule { @callbacks.each { |c| c.call } }
       end
 
       def each(&front)
@@ -431,7 +473,7 @@ module Sinatra
     #
     # The close parameter specifies whether Stream#close should be called
     # after the block has been executed. This is only relevant for evented
-    # servers like Thin or Rainbows.
+    # servers like Rainbows.
     def stream(keep_open = false)
       scheduler = env['async.callback'] ? EventMachine : Stream
       current   = @params.dup
@@ -441,7 +483,7 @@ module Sinatra
     # Specify response freshness policy for HTTP caches (Cache-Control header).
     # Any number of non-value directives (:public, :private, :no_cache,
     # :no_store, :must_revalidate, :proxy_revalidate) may be passed along with
-    # a Hash of value directives (:max_age, :min_stale, :s_max_age).
+    # a Hash of value directives (:max_age, :s_maxage).
     #
     #   cache_control :public, :must_revalidate, :max_age => 60
     #   => Cache-Control: public, must-revalidate, max-age=60
@@ -451,8 +493,8 @@ module Sinatra
     def cache_control(*values)
       if values.last.kind_of?(Hash)
         hash = values.pop
-        hash.reject! { |k,v| v == false }
-        hash.reject! { |k,v| values << k if v == true }
+        hash.reject! { |k, v| v == false }
+        hash.reject! { |k, v| values << k if v == true }
       else
         hash = {}
       end
@@ -460,7 +502,7 @@ module Sinatra
       values.map! { |value| value.to_s.tr('_','-') }
       hash.each do |key, value|
         key = key.to_s.tr('_', '-')
-        value = value.to_i if key == "max-age"
+        value = value.to_i if ['max-age', 's-maxage'].include? key
         values << "#{key}=#{value}"
       end
 
@@ -473,7 +515,7 @@ module Sinatra
     # "values" arguments are passed to the #cache_control helper:
     #
     #   expires 500, :public, :must_revalidate
-    #   => Cache-Control: public, must-revalidate, max-age=60
+    #   => Cache-Control: public, must-revalidate, max-age=500
     #   => Expires: Mon, 08 Jun 2009 08:50:17 GMT
     #
     def expires(amount, *values)
@@ -590,25 +632,20 @@ module Sinatra
       status == 404
     end
 
+    # whether or not the status is set to 400
+    def bad_request?
+      status == 400
+    end
+
     # Generates a Time object from the given value.
     # Used by #expires and #last_modified.
     def time_for(value)
-      if value.respond_to? :to_time
-        value.to_time
-      elsif value.is_a? Time
-        value
-      elsif value.respond_to? :new_offset
-        # DateTime#to_time does the same on 1.9
-        d = value.new_offset 0
-        t = Time.utc d.year, d.mon, d.mday, d.hour, d.min, d.sec + d.sec_fraction
-        t.getlocal
-      elsif value.respond_to? :mday
-        # Date#to_time does the same on 1.9
-        Time.local(value.year, value.mon, value.mday)
-      elsif value.is_a? Numeric
+      if value.is_a? Numeric
         Time.at value
-      else
+      elsif value.respond_to? :to_s
         Time.parse value.to_s
+      else
+        value.to_time
       end
     rescue ArgumentError => boom
       raise boom
@@ -632,8 +669,6 @@ module Sinatra
     end
   end
 
-  private
-
   # Template rendering methods. Each method takes the name of a template
   # to render as a Symbol and returns a String with the rendered output,
   # as well as an optional hash with additional options.
@@ -692,7 +727,7 @@ module Sinatra
       render :less, template, options, locals
     end
 
-    def stylus(template, options={}, locals={})
+    def stylus(template, options = {}, locals = {})
       options.merge! :layout => false, :default_content_type => :css
       render :styl, template, options, locals
     end
@@ -707,6 +742,7 @@ module Sinatra
     end
 
     def markdown(template, options = {}, locals = {})
+      options[:exclude_outvar] = true
       render :markdown, template, options, locals
     end
 
@@ -771,15 +807,8 @@ module Sinatra
     def find_template(views, name, engine)
       yield ::File.join(views, "#{name}.#{@preferred_extension}")
 
-      if Tilt.respond_to?(:mappings)
-        Tilt.mappings.each do |ext, engines|
-          next unless ext != @preferred_extension and engines.include? engine
-          yield ::File.join(views, "#{name}.#{ext}")
-        end
-      else
-        Tilt.default_mapping.extensions_for(engine).each do |ext|
-          yield ::File.join(views, "#{name}.#{ext}") unless ext == @preferred_extension
-        end
+      Tilt.default_mapping.extensions_for(engine).each do |ext|
+        yield ::File.join(views, "#{name}.#{ext}") unless ext == @preferred_extension
       end
     end
 
@@ -794,7 +823,7 @@ module Sinatra
 
     def render(engine, data, options = {}, locals = {}, &block)
       # merge app-level options
-      engine_options  = settings.respond_to?(engine) ? settings.send(engine) : {}
+      engine_options = settings.respond_to?(engine) ? settings.send(engine) : {}
       options.merge!(engine_options) { |key, v1, v2| v1 }
 
       # extract generic options
@@ -806,13 +835,15 @@ module Sinatra
       layout          = engine_options[:layout] if layout.nil? or (layout == true && engine_options[:layout] != false)
       layout          = @default_layout         if layout.nil? or layout == true
       layout_options  = options.delete(:layout_options) || {}
-      content_type    = options.delete(:content_type)   || options.delete(:default_content_type)
+      content_type    = options.delete(:default_content_type)
+      content_type    = options.delete(:content_type)   || content_type
       layout_engine   = options.delete(:layout_engine)  || engine
       scope           = options.delete(:scope)          || self
+      exclude_outvar  = options.delete(:exclude_outvar)
       options.delete(:layout)
 
       # set some defaults
-      options[:outvar]           ||= '@_out_buf'
+      options[:outvar] ||= '@_out_buf' unless exclude_outvar
       options[:default_encoding] ||= settings.default_encoding
 
       # compile and render template
@@ -863,7 +894,9 @@ module Sinatra
           end
         when Proc, String
           body = data.is_a?(String) ? Proc.new { data } : data
-          path, line = settings.caller_locations.first
+          caller = settings.caller_locations.first
+          path = options[:path] || caller[0]
+          line = options[:line] || caller[1]
           template.new(path, line.to_i, options, &body)
         else
           raise ArgumentError, "Sorry, don't know how to render #{data.inspect}."
@@ -878,7 +911,7 @@ module Sinatra
     include Helpers
     include Templates
 
-    URI_INSTANCE = URI.const_defined?(:Parser) ? URI::Parser.new : URI
+    URI_INSTANCE = URI::Parser.new
 
     attr_accessor :app, :env, :request, :response, :params
     attr_reader   :template_cache
@@ -887,6 +920,7 @@ module Sinatra
       super()
       @app = app
       @template_cache = Tilt::Cache.new
+      @pinned_response = nil # whether a before! filter pinned the content-type
       yield self if block_given?
     end
 
@@ -897,21 +931,19 @@ module Sinatra
 
     def call!(env) # :nodoc:
       @env      = env
+      @params   = IndifferentHash.new
       @request  = Request.new(env)
       @response = Response.new
-      @params   = indifferent_params(@request.params)
       template_cache.clear if settings.reload_templates
-      force_encoding(@params)
 
-      @response['Content-Type'] = nil
       invoke { dispatch! }
       invoke { error_block!(response.status) } unless @env['sinatra.error']
 
       unless @response['Content-Type']
-        if Array === body and body[0].respond_to? :content_type
+        if Array === body && body[0].respond_to?(:content_type)
           content_type body[0].content_type
-        else
-          content_type :html
+        elsif default = settings.default_content_type
+          content_type default
         end
       end
 
@@ -961,17 +993,23 @@ module Sinatra
     private
 
     # Run filters defined on the class and all superclasses.
+    # Accepts an optional block to call after each filter is applied.
     def filter!(type, base = settings)
       filter! type, base.superclass if base.superclass.respond_to?(:filters)
-      base.filters[type].each { |args| process_route(*args) }
+      base.filters[type].each do |args|
+        result = process_route(*args)
+        yield result if block_given?
+      end
     end
 
     # Run routes defined on the class and all superclasses.
     def route!(base = settings, pass_block = nil)
       if routes = base.routes[@request.request_method]
-        routes.each do |pattern, keys, conditions, block|
-          returned_pass_block = process_route(pattern, keys, conditions) do |*args|
-            env['sinatra.route'] = block.instance_variable_get(:@route_name)
+        routes.each do |pattern, conditions, block|
+          @response.delete_header('Content-Type') unless @pinned_response
+
+          returned_pass_block = process_route(pattern, conditions) do |*args|
+            env['sinatra.route'] = "#{@request.request_method} #{pattern}"
             route_eval { block[*args] }
           end
 
@@ -999,23 +1037,35 @@ module Sinatra
     # Revert params afterwards.
     #
     # Returns pass block.
-    def process_route(pattern, keys, conditions, block = nil, values = [])
+    def process_route(pattern, conditions, block = nil, values = [])
       route = @request.path_info
       route = '/' if route.empty? and not settings.empty_path_info?
-      return unless match = pattern.match(route)
-      values += match.captures.map! { |v| force_encoding URI_INSTANCE.unescape(v) if v }
-
-      if values.any?
-        original, @params = params, params.merge('splat' => [], 'captures' => values)
-        keys.zip(values) { |k,v| Array === @params[k] ? @params[k] << v : @params[k] = v if v }
+      route = route[0..-2] if !settings.strict_paths? && route != '/' && route.end_with?('/')
+      return unless params = pattern.params(route)
+
+      params.delete("ignore") # TODO: better params handling, maybe turn it into "smart" object or detect changes
+      force_encoding(params)
+      @params = @params.merge(params) if params.any?
+
+      regexp_exists = pattern.is_a?(Mustermann::Regular) || (pattern.respond_to?(:patterns) && pattern.patterns.any? {|subpattern| subpattern.is_a?(Mustermann::Regular)} )
+      if regexp_exists
+        captures           = pattern.match(route).captures.map { |c| URI_INSTANCE.unescape(c) if c }
+        values            += captures
+        @params[:captures] = force_encoding(captures) unless captures.nil? || captures.empty?
+      else
+        values += params.values.flatten
       end
 
       catch(:pass) do
         conditions.each { |c| throw :pass if c.bind(self).call == false }
         block ? block[self, values] : yield(self, values)
       end
+    rescue
+      @env['sinatra.error.params'] = @params
+      raise
     ensure
-      @params = original if original
+      params ||= {}
+      params.each { |k, _| @params.delete(k) } unless @env['sinatra.error.params']
     end
 
     # No matching route was found or all routes passed. The default
@@ -1027,7 +1077,7 @@ module Sinatra
       if @app
         forward
       else
-        raise NotFound
+        raise NotFound, "#{request.request_method} #{request.path_info}"
       end
     end
 
@@ -1035,7 +1085,10 @@ module Sinatra
     # a matching file is found, returns nil otherwise.
     def static!(options = {})
       return if (public_dir = settings.public_folder).nil?
-      path = File.expand_path("#{public_dir}#{URI_INSTANCE.unescape(request.path_info)}" )
+      path = "#{public_dir}#{URI_INSTANCE.unescape(request.path_info)}"
+      return unless valid_path?(path)
+
+      path = File.expand_path(path)
       return unless File.file?(path)
 
       env['sinatra.static_file'] = path
@@ -1043,28 +1096,10 @@ module Sinatra
       send_file path, options.merge(:disposition => nil)
     end
 
-    # Enable string or symbol key access to the nested params hash.
-    def indifferent_params(object)
-      case object
-      when Hash
-        new_hash = indifferent_hash
-        object.each { |key, value| new_hash[key] = indifferent_params(value) }
-        new_hash
-      when Array
-        object.map { |item| indifferent_params(item) }
-      else
-        object
-      end
-    end
-
-    # Creates a Hash with indifferent access.
-    def indifferent_hash
-      Hash.new {|hash,key| hash[key.to_s] if Symbol === key }
-    end
-
     # Run the block with 'throw :halt' support and apply result to the response.
     def invoke
       res = catch(:halt) { yield }
+
       res = [res] if Integer === res or String === res
       if Array === res and Integer === res.first
         res = res.dup
@@ -1079,9 +1114,18 @@ module Sinatra
 
     # Dispatch a request with error handling.
     def dispatch!
+      # Avoid passing frozen string in force_encoding
+      @params.merge!(@request.params).each do |key, val|
+        next unless val.respond_to?(:force_encoding)
+        val = val.dup if val.frozen?
+        @params[key] = force_encoding(val)
+      end
+
       invoke do
         static! if settings.static? && (request.get? || request.head?)
-        filter! :before
+        filter! :before do
+          @pinned_response = !@response['Content-Type'].nil?
+        end
         route!
       end
     rescue ::Exception => boom
@@ -1096,6 +1140,9 @@ module Sinatra
 
     # Error handling during requests.
     def handle_exception!(boom)
+      if error_params = @env['sinatra.error.params']
+        @params = @params.merge(error_params)
+      end
       @env['sinatra.error'] = boom
 
       if boom.respond_to? :http_status
@@ -1111,15 +1158,24 @@ module Sinatra
       if server_error?
         dump_errors! boom if settings.dump_errors?
         raise boom if settings.show_exceptions? and settings.show_exceptions != :after_handler
+      elsif not_found?
+        headers['X-Cascade'] = 'pass' if settings.x_cascade?
       end
 
-      if not_found?
-        headers['X-Cascade'] = 'pass' if settings.x_cascade?
-        body '<h1>Not Found</h1>'
+      if res = error_block!(boom.class, boom) || error_block!(status, boom)
+        return res
+      end
+
+      if not_found? || bad_request?
+        if boom.message && boom.message != boom.class.name
+          body boom.message
+        else
+          content_type 'text/html'
+          body '<h1>' + (not_found? ? 'Not Found' : 'Bad Request') + '</h1>'
+        end
       end
 
-      res = error_block!(boom.class, boom) || error_block!(status, boom)
-      return res if res or not server_error?
+      return unless server_error?
       raise boom if settings.raise_errors? or settings.show_exceptions?
       error_block! Exception, boom
     end
@@ -1147,12 +1203,12 @@ module Sinatra
 
     class << self
       CALLERS_TO_IGNORE = [ # :nodoc:
-        /\/sinatra(\/(base|main|show_exceptions))?\.rb$/,    # all sinatra code
+        /\/sinatra(\/(base|main|show_exceptions))?\.rb$/,   # all sinatra code
         /lib\/tilt.*\.rb$/,                                 # all tilt code
         /^\(.*\)$/,                                         # generated code
         /rubygems\/(custom|core_ext\/kernel)_require\.rb$/, # rubygems require hacks
         /active_support/,                                   # active_support require hacks
-        /bundler(\/runtime)?\.rb/,                          # bundler require hacks
+        /bundler(\/(?:runtime|inline))?\.rb/,               # bundler require hacks
         /<internal:/,                                       # internal in ruby >= 1.9.2
         /src\/kernel\/bootstrap\/[A-Z]/                     # maglev kernel files
       ]
@@ -1177,7 +1233,7 @@ module Sinatra
         @extensions     = []
 
         if superclass.respond_to?(:templates)
-          @templates = Hash.new { |hash,key| superclass.templates[key] }
+          @templates = Hash.new { |hash, key| superclass.templates[key] }
         else
           @templates = {}
         end
@@ -1232,8 +1288,8 @@ module Sinatra
           end
         end
 
-        define_singleton("#{option}=", setter) if setter
-        define_singleton(option, getter) if getter
+        define_singleton("#{option}=", setter)
+        define_singleton(option, getter)
         define_singleton("#{option}?", "!!#{option}") unless method_defined? "#{option}?"
         self
       end
@@ -1252,16 +1308,16 @@ module Sinatra
       # class, or an HTTP status code to specify which errors should be
       # handled.
       def error(*codes, &block)
-        args  = compile! "ERROR", //, block
-        codes = codes.map { |c| Array(c) }.flatten
+        args  = compile! "ERROR", /.*/, block
+        codes = codes.flat_map(&method(:Array))
         codes << Exception if codes.empty?
+        codes << Sinatra::NotFound if codes.include?(404)
         codes.each { |c| (@errors[c] ||= []) << args }
       end
 
       # Sugar for `error(404) { ... }`
       def not_found(&block)
         error(404, &block)
-        error(Sinatra::NotFound, &block)
       end
 
       # Define a named template. The block must return the template source.
@@ -1299,7 +1355,7 @@ module Sinatra
           data.each_line do |line|
             lines += 1
             if line =~ /^@@\s*(.*\S)\s*$/
-              template = force_encoding('', encoding)
+              template = force_encoding(String.new, encoding)
               templates[$1.to_sym] = [template, file, lines]
             elsif template
               template << line
@@ -1328,21 +1384,20 @@ module Sinatra
       # Define a before filter; runs before all requests within the same
       # context as route handlers and may access/modify the request and
       # response.
-      def before(path = nil, options = {}, &block)
-        add_filter(:before, path, options, &block)
+      def before(path = /.*/, **options, &block)
+        add_filter(:before, path, **options, &block)
       end
 
       # Define an after filter; runs after all requests within the same
       # context as route handlers and may access/modify the request and
       # response.
-      def after(path = nil, options = {}, &block)
-        add_filter(:after, path, options, &block)
+      def after(path = /.*/, **options, &block)
+        add_filter(:after, path, **options, &block)
       end
 
       # add a filter
-      def add_filter(type, path = nil, options = {}, &block)
-        path, options = //, path if path.respond_to?(:each_pair)
-        filters[type] << compile!(type, path || //, block, options)
+      def add_filter(type, path = /.*/, **options, &block)
+        filters[type] << compile!(type, path, block, **options)
       end
 
       # Add a route condition. The route is considered non-matching when the
@@ -1387,7 +1442,7 @@ module Sinatra
       # in `extensions` available to the handlers and templates
       def helpers(*extensions, &block)
         class_eval(&block)   if block_given?
-        include(*extensions) if extensions.any?
+        prepend(*extensions) if extensions.any?
       end
 
       # Register an extension. Alternatively take a block from which an
@@ -1422,7 +1477,7 @@ module Sinatra
         return unless running?
         # Use Thin's hard #stop! if available, otherwise just #stop.
         running_server.respond_to?(:stop!) ? running_server.stop! : running_server.stop
-        $stderr.puts "== Sinatra has ended his set (crowd applauds)" unless handler_name =~/cgi/i
+        $stderr.puts "== Sinatra has ended his set (crowd applauds)" unless suppress_messages?
         set :running_server, nil
         set :handler_name, nil
       end
@@ -1430,7 +1485,7 @@ module Sinatra
       alias_method :stop!, :quit!
 
       # Run the Sinatra app as a self-hosted server using
-      # Thin, Puma, Mongrel, or WEBrick (in that order). If given a block, will call
+      # Puma, Mongrel, or WEBrick (in that order). If given a block, will call
       # with the constructed handler once we have taken the stage.
       def run!(options = {}, &block)
         return if running?
@@ -1503,8 +1558,12 @@ module Sinatra
 
       # Starts the server by running the Rack Handler.
       def start_server(handler, server_settings, handler_name)
-        handler.run(self, server_settings) do |server|
-          unless handler_name =~ /cgi/i
+        # Ensure we initialize middleware before startup, to match standard Rack
+        # behavior, by ensuring an instance exists:
+        prototype
+        # Run the instance we created:
+        handler.run(self, **server_settings) do |server|
+          unless suppress_messages?
             $stderr.puts "== Sinatra (v#{Sinatra::VERSION}) has taken the stage on #{port} for #{environment} with backup from #{handler_name}"
           end
 
@@ -1517,6 +1576,10 @@ module Sinatra
         end
       end
 
+      def suppress_messages?
+        handler_name =~ /cgi/i || quiet
+      end
+
       def setup_traps
         if traps?
           at_exit { quit! }
@@ -1534,8 +1597,7 @@ module Sinatra
 
       # Dynamically defines a method on settings.
       def define_singleton(name, content = Proc.new)
-        # replace with call to singleton_class once we're 1.9 only
-        (class << self; self; end).class_eval do
+        singleton_class.class_eval do
           undef_method(name) if method_defined? name
           String === content ? class_eval("def #{name}() #{content}; end") : define_method(name, &content)
         end
@@ -1578,10 +1640,8 @@ module Sinatra
       end
 
       def route(verb, path, options = {}, &block)
-        # Because of self.options.host
-        host_name(options.delete(:host)) if options.key?(:host)
         enable :empty_path_info if path == "" and empty_path_info.nil?
-        signature = compile!(verb, path, block, options)
+        signature = compile!(verb, path, block, **options)
         (@routes[verb] ||= []) << signature
         invoke_hook(:route_added, verb, path, block)
         signature
@@ -1592,115 +1652,33 @@ module Sinatra
       end
 
       def generate_method(method_name, &block)
-        method_name = method_name.to_sym
         define_method(method_name, &block)
         method = instance_method method_name
         remove_method method_name
         method
       end
 
-      def compile!(verb, path, block, options = {})
+      def compile!(verb, path, block, **options)
+        # Because of self.options.host
+        host_name(options.delete(:host)) if options.key?(:host)
+        # Pass Mustermann opts to compile()
+        route_mustermann_opts = options.key?(:mustermann_opts) ? options.delete(:mustermann_opts) : {}.freeze
+
         options.each_pair { |option, args| send(option, *args) }
+
+        pattern                 = compile(path, route_mustermann_opts)
         method_name             = "#{verb} #{path}"
         unbound_method          = generate_method(method_name, &block)
-        pattern, keys           = compile path
         conditions, @conditions = @conditions, []
-
         wrapper                 = block.arity != 0 ?
-          proc { |a,p| unbound_method.bind(a).call(*p) } :
-          proc { |a,p| unbound_method.bind(a).call }
-        wrapper.instance_variable_set(:@route_name, method_name)
-
-        [ pattern, keys, conditions, wrapper ]
-      end
-
-      def compile(path)
-        if path.respond_to? :to_str
-          keys = []
-
-          # Split the path into pieces in between forward slashes.
-          # A negative number is given as the second argument of path.split
-          # because with this number, the method does not ignore / at the end
-          # and appends an empty string at the end of the return value.
-          #
-          segments = path.split('/', -1).map! do |segment|
-            ignore = []
-
-            # Special character handling.
-            #
-            pattern = segment.to_str.gsub(/[^\?\%\\\/\:\*\w]|:(?!\w)/) do |c|
-              ignore << escaped(c).join if c.match(/[\.@]/)
-              patt = encoded(c)
-              patt.gsub(/%[\da-fA-F]{2}/) do |match|
-                match.split(//).map! { |char| char == char.downcase ? char : "[#{char}#{char.downcase}]" }.join
-              end
-            end
-
-            ignore = ignore.uniq.join
-
-            # Key handling.
-            #
-            pattern.gsub(/((:\w+)|\*)/) do |match|
-              if match == "*"
-                keys << 'splat'
-                "(.*?)"
-              else
-                keys << $2[1..-1]
-                ignore_pattern = safe_ignore(ignore)
+          proc { |a, p| unbound_method.bind(a).call(*p) } :
+          proc { |a, p| unbound_method.bind(a).call }
 
-                ignore_pattern
-              end
-            end
-          end
-
-          # Special case handling.
-          #
-          if last_segment = segments[-1] and last_segment.match(/\[\^\\\./)
-            parts = last_segment.rpartition(/\[\^\\\./)
-            parts[1] = '[^'
-            segments[-1] = parts.join
-          end
-          [/\A#{segments.join('/')}\z/, keys]
-        elsif path.respond_to?(:keys) && path.respond_to?(:match)
-          [path, path.keys]
-        elsif path.respond_to?(:names) && path.respond_to?(:match)
-          [path, path.names]
-        elsif path.respond_to? :match
-          [path, []]
-        else
-          raise TypeError, path
-        end
+        [ pattern, conditions, wrapper ]
       end
 
-      def encoded(char)
-        enc = URI_INSTANCE.escape(char)
-        enc = "(?:#{escaped(char, enc).join('|')})" if enc == char
-        enc = "(?:#{enc}|#{encoded('+')})" if char == " "
-        enc
-      end
-
-      def escaped(char, enc = URI_INSTANCE.escape(char))
-        [Regexp.escape(enc), URI_INSTANCE.escape(char, /./)]
-      end
-
-      def safe_ignore(ignore)
-        unsafe_ignore = []
-        ignore = ignore.gsub(/%[\da-fA-F]{2}/) do |hex|
-          unsafe_ignore << hex[1..2]
-          ''
-        end
-        unsafe_patterns = unsafe_ignore.map! do |unsafe|
-          chars = unsafe.split(//).map! do |char|
-            char == char.downcase ? char : char + char.downcase
-          end
-
-          "|(?:%[^#{chars[0]}].|%[#{chars[0]}][^#{chars[1]}])"
-        end
-        if unsafe_patterns.length > 0
-          "((?:[^#{ignore}/?#%]#{unsafe_patterns.join()})+)"
-        else
-          "([^#{ignore}/?#]+)"
-        end
+      def compile(path, route_mustermann_opts = {})
+        Mustermann.new(path, **mustermann_opts.merge(route_mustermann_opts))
       end
 
       def setup_default_middleware(builder)
@@ -1745,10 +1723,16 @@ module Sinatra
       def setup_protection(builder)
         return unless protection?
         options = Hash === protection ? protection.dup : {}
-        protect_session  = options.fetch(:session) { sessions? }
-        options[:except] = Array options[:except]
-        options[:except] += [:session_hijacking, :remote_token] unless protect_session
+        options = {
+          img_src:  "'self' data:",
+          font_src: "'self'"
+        }.merge options
+
+        protect_session = options.fetch(:session) { sessions? }
+        options[:without_session] = !protect_session
+
         options[:reaction] ||= :drop_session
+
         builder.use Rack::Protection, options
       end
 
@@ -1757,7 +1741,7 @@ module Sinatra
         options = {}
         options[:secret] = session_secret if session_secret?
         options.merge! sessions.to_hash if sessions.respond_to? :to_hash
-        builder.use Rack::Session::Cookie, options
+        builder.use session_store, options
       end
 
       def detect_rack_handler
@@ -1766,8 +1750,6 @@ module Sinatra
           begin
             return Rack::Handler.get(server_name.to_s)
           rescue LoadError, NameError
-          rescue ArgumentError
-            Sinatra::Ext.get_handler(server_name.to_s)
           end
         end
         fail "Server handler (#{servers.join(',')}) not found."
@@ -1801,36 +1783,30 @@ module Sinatra
       end
     end
 
-    # Fixes encoding issues by
-    # * defaulting to UTF-8
-    # * casting params to Encoding.default_external
-    #
-    # The latter might not be necessary if Rack handles it one day.
-    # Keep an eye on Rack's LH #100.
-    def force_encoding(*args) settings.force_encoding(*args) end
-    if defined? Encoding
-      def self.force_encoding(data, encoding = default_encoding)
-        return if data == settings || data.is_a?(Tempfile)
-        if data.respond_to? :force_encoding
-          data.force_encoding(encoding).encode!
-        elsif data.respond_to? :each_value
-          data.each_value { |v| force_encoding(v, encoding) }
-        elsif data.respond_to? :each
-          data.each { |v| force_encoding(v, encoding) }
-        end
-        data
+    # Force data to specified encoding. It defaults to settings.default_encoding
+    # which is UTF-8 by default
+    def self.force_encoding(data, encoding = default_encoding)
+      return if data == settings || data.is_a?(Tempfile)
+      if data.respond_to? :force_encoding
+        data.force_encoding(encoding).encode!
+      elsif data.respond_to? :each_value
+        data.each_value { |v| force_encoding(v, encoding) }
+      elsif data.respond_to? :each
+        data.each { |v| force_encoding(v, encoding) }
       end
-    else
-      def self.force_encoding(data, *) data end
+      data
     end
 
+    def force_encoding(*args) settings.force_encoding(*args) end
+
     reset!
 
-    set :environment, (ENV['RACK_ENV'] || :development).to_sym
+    set :environment, (ENV['APP_ENV'] || ENV['RACK_ENV'] || :development).to_sym
     set :raise_errors, Proc.new { test? }
     set :dump_errors, Proc.new { !test? }
     set :show_exceptions, Proc.new { development? }
     set :sessions, false
+    set :session_store, Rack::Session::Cookie
     set :logging, false
     set :protection, true
     set :method_override, false
@@ -1839,6 +1815,8 @@ module Sinatra
     set :x_cascade, true
     set :add_charset, %w[javascript xml xhtml+xml].map { |t| "application/#{t}" }
     settings.add_charset << /^text\//
+    set :mustermann_opts, {}
+    set :default_content_type, 'text/html'
 
     # explicitly generating a session secret eagerly to play nice with preforking
     begin
@@ -1861,6 +1839,7 @@ module Sinatra
     set :server, %w[HTTP webrick]
     set :bind, Proc.new { development? ? 'localhost' : '0.0.0.0' }
     set :port, Integer(ENV['PORT'] && !ENV['PORT'].empty? ? ENV['PORT'] : 4567)
+    set :quiet, false
 
     ruby_engine = defined?(RUBY_ENGINE) && RUBY_ENGINE
 
@@ -1868,16 +1847,16 @@ module Sinatra
       server.unshift 'control_tower'
     else
       server.unshift 'reel'
+      server.unshift 'puma'
       server.unshift 'mongrel'  if ruby_engine.nil?
-      server.unshift 'puma'     if ruby_engine != 'rbx'
       server.unshift 'thin'     if ruby_engine != 'jruby'
-      server.unshift 'puma'     if ruby_engine == 'rbx'
       server.unshift 'trinidad' if ruby_engine == 'jruby'
     end
 
     set :absolute_redirects, true
     set :prefixed_redirects, false
     set :empty_path_info, nil
+    set :strict_paths, true
 
     set :app_file, nil
     set :root, Proc.new { app_file && File.expand_path(File.dirname(app_file)) }
@@ -1898,7 +1877,7 @@ module Sinatra
 
     configure :development do
       get '/__sinatra__/:image.png' do
-        filename = File.dirname(__FILE__) + "/images/#{params[:image].to_i}.png"
+        filename = __dir__ + "/images/#{params[:image].to_i}.png"
         content_type :png
         send_file filename
       end
@@ -1936,7 +1915,7 @@ module Sinatra
             </style>
           </head>
           <body>
-            <h2>Sinatra doesn&rsquo;t know this ditty.</h2>
+            <h2>Sinatra doesn’t know this ditty.</h2>
             <img src='#{uri "/__sinatra__/404.png"}'>
             <div id="c">
               Try this:
@@ -1957,14 +1936,13 @@ module Sinatra
   # top-level. Subclassing Sinatra::Base is highly recommended for
   # modular applications.
   class Application < Base
-    set :logging, Proc.new { ! test? }
+    set :logging, Proc.new { !test? }
     set :method_override, true
-    set :run, Proc.new { ! test? }
-    set :session_secret, Proc.new { super() unless development? }
+    set :run, Proc.new { !test? }
     set :app_file, nil
 
     def self.register(*extensions, &block) #:nodoc:
-      added_methods = extensions.map {|m| m.public_instance_methods }.flatten
+      added_methods = extensions.flat_map(&:public_instance_methods)
       Delegator.delegate(*added_methods)
       super(*extensions, &block)
     end