Merge branch 'master' into nested_has_many_through

Conflicts:
	activerecord/CHANGELOG
	activerecord/lib/active_record/association_preload.rb
	activerecord/lib/active_record/associations.rb
	activerecord/lib/active_record/associations/class_methods/join_dependency.rb
	activerecord/lib/active_record/associations/class_methods/join_dependency/join_association.rb
	activerecord/lib/active_record/associations/has_many_association.rb
	activerecord/lib/active_record/associations/has_many_through_association.rb
	activerecord/lib/active_record/associations/has_one_association.rb
	activerecord/lib/active_record/associations/has_one_through_association.rb
	activerecord/lib/active_record/associations/through_association_scope.rb
	activerecord/lib/active_record/reflection.rb
	activerecord/test/cases/associations/has_many_through_associations_test.rb
	activerecord/test/cases/associations/has_one_through_associations_test.rb
	activerecord/test/cases/reflection_test.rb
	activerecord/test/cases/relations_test.rb
	activerecord/test/fixtures/memberships.yml
	activerecord/test/models/categorization.rb
	activerecord/test/models/category.rb
	activerecord/test/models/member.rb
	activerecord/test/models/reference.rb
	activerecord/test/models/tagging.rb

14 files changed, 175 insertions, 56 deletions

diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
index 48308cbb60..81c0698fb8 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -24,7 +24,7 @@ module ActionController
   #
   # Actions, by default, render a template in the <tt>app/views</tt> directory corresponding to the name of the controller and action
   # after executing code in the action. For example, the +index+ action of the PostsController would render the
-  # template <tt>app/views/posts/index.erb</tt> by default after populating the <tt>@posts</tt> instance variable.
+  # template <tt>app/views/posts/index.html.erb</tt> by default after populating the <tt>@posts</tt> instance variable.
   #
   # Unlike index, the create action will not render a template. After performing its main purpose (creating a
   # new post), it initiates a redirect instead. This redirect works by returning an external
diff --git a/actionpack/lib/action_controller/caching/actions.rb b/actionpack/lib/action_controller/caching/actions.rb
index a4bac3caed..a1c582560c 100644
--- a/actionpack/lib/action_controller/caching/actions.rb
+++ b/actionpack/lib/action_controller/caching/actions.rb
@@ -103,12 +103,14 @@ module ActionController #:nodoc:
       end
 
       def _save_fragment(name, options)
-        return unless caching_allowed?
-
         content = response_body
         content = content.join if content.is_a?(Array)
 
-        write_fragment(name, content, options)
+        if caching_allowed?
+          write_fragment(name, content, options)
+        else
+          content
+        end
       end
 
     protected
diff --git a/actionpack/lib/action_controller/caching/fragments.rb b/actionpack/lib/action_controller/caching/fragments.rb
index 37c155b9cd..0be04b70a1 100644
--- a/actionpack/lib/action_controller/caching/fragments.rb
+++ b/actionpack/lib/action_controller/caching/fragments.rb
@@ -1,52 +1,72 @@
 module ActionController #:nodoc:
   module Caching
-    # Fragment caching is used for caching various blocks within templates without caching the entire action as a whole. This is useful when
-    # certain elements of an action change frequently or depend on complicated state while other parts rarely change or can be shared amongst multiple
-    # parties. The caching is done using the cache helper available in the Action View. A template with caching might look something like:
+    # Fragment caching is used for caching various blocks within 
+    # views without caching the entire action as a whole. This is
+    # useful when certain elements of an action change frequently or 
+    # depend on complicated state while other parts rarely change or 
+    # can be shared amongst multiple parties. The caching is done using
+    # the <tt>cache</tt> helper available in the Action View. A 
+    # template with fragment caching might look like:
     #
     #   <b>Hello <%= @name %></b>
+    #
     #   <% cache do %>
     #     All the topics in the system:
     #     <%= render :partial => "topic", :collection => Topic.find(:all) %>
     #   <% end %>
     #
-    # This cache will bind to the name of the action that called it, so if this code was part of the view for the topics/list action, you would
-    # be able to invalidate it using <tt>expire_fragment(:controller => "topics", :action => "list")</tt>.
+    # This cache will bind the name of the action that called it, so if
+    # this code was part of the view for the topics/list action, you 
+    # would be able to invalidate it using:
+    #   
+    #   expire_fragment(:controller => "topics", :action => "list")
     #
-    # This default behavior is of limited use if you need to cache multiple fragments per action or if the action itself is cached using
-    # <tt>caches_action</tt>, so we also have the option to qualify the name of the cached fragment with something like:
+    # This default behavior is limited if you need to cache multiple 
+    # fragments per action or if the action itself is cached using 
+    # <tt>caches_action</tt>. To remedy this, there is an option to 
+    # qualify the name of the cached fragment by using the 
+    # <tt>:action_suffix</tt> option:
     #
     #   <% cache(:action => "list", :action_suffix => "all_topics") do %>
     #
-    # That would result in a name such as <tt>/topics/list/all_topics</tt>, avoiding conflicts with the action cache and with any fragments that use a
-    # different suffix. Note that the URL doesn't have to really exist or be callable - the url_for system is just used to generate unique
-    # cache names that we can refer to when we need to expire the cache.
+    # That would result in a name such as 
+    # <tt>/topics/list/all_topics</tt>, avoiding conflicts with the 
+    # action cache and with any fragments that use a different suffix.
+    # Note that the URL doesn't have to really exist or be callable
+    # - the url_for system is just used to generate unique cache names
+    # that we can refer to when we need to expire the cache.
     #
     # The expiration call for this example is:
     #
-    #   expire_fragment(:controller => "topics", :action => "list", :action_suffix => "all_topics")
+    #   expire_fragment(:controller => "topics", 
+    #                   :action => "list", 
+    #                   :action_suffix => "all_topics")
     module Fragments
-      # Given a key (as described in <tt>expire_fragment</tt>), returns a key suitable for use in reading,
-      # writing, or expiring a cached fragment. If the key is a hash, the generated key is the return
-      # value of url_for on that hash (without the protocol). All keys are prefixed with <tt>views/</tt> and uses
+      # Given a key (as described in <tt>expire_fragment</tt>), returns
+      # a key suitable for use in reading, writing, or expiring a 
+      # cached fragment. If the key is a hash, the generated key is the
+      # return value of url_for on that hash (without the protocol). 
+      # All keys are prefixed with <tt>views/</tt> and uses
       # ActiveSupport::Cache.expand_cache_key for the expansion.
       def fragment_cache_key(key)
         ActiveSupport::Cache.expand_cache_key(key.is_a?(Hash) ? url_for(key).split("://").last : key, :views)
       end
 
-      # Writes <tt>content</tt> to the location signified by <tt>key</tt> (see <tt>expire_fragment</tt> for acceptable formats)
+      # Writes <tt>content</tt> to the location signified by 
+      # <tt>key</tt> (see <tt>expire_fragment</tt> for acceptable formats).
       def write_fragment(key, content, options = nil)
         return content unless cache_configured?
 
         key = fragment_cache_key(key)
         instrument_fragment_cache :write_fragment, key do
-          content = content.html_safe.to_str if content.respond_to?(:html_safe)
+          content = content.to_str
           cache_store.write(key, content, options)
         end
         content
       end
 
-      # Reads a cached fragment from the location signified by <tt>key</tt> (see <tt>expire_fragment</tt> for acceptable formats)
+      # Reads a cached fragment from the location signified by <tt>key</tt>
+      # (see <tt>expire_fragment</tt> for acceptable formats).
       def read_fragment(key, options = nil)
         return unless cache_configured?
 
@@ -57,7 +77,8 @@ module ActionController #:nodoc:
         end
       end
 
-      # Check if a cached fragment from the location signified by <tt>key</tt> exists (see <tt>expire_fragment</tt> for acceptable formats)
+      # Check if a cached fragment from the location signified by 
+      # <tt>key</tt> exists (see <tt>expire_fragment</tt> for acceptable formats)
       def fragment_exist?(key, options = nil)
         return unless cache_configured?
         key = fragment_cache_key(key)
@@ -70,6 +91,7 @@ module ActionController #:nodoc:
       # Removes fragments from the cache.
       #
       # +key+ can take one of three forms:
+      #
       # * String - This would normally take the form of a path, like
       #   <tt>pages/45/notes</tt>.
       # * Hash - Treated as an implicit call to +url_for+, like
diff --git a/actionpack/lib/action_controller/caching/pages.rb b/actionpack/lib/action_controller/caching/pages.rb
index 3e57d2c236..8c583c7ce0 100644
--- a/actionpack/lib/action_controller/caching/pages.rb
+++ b/actionpack/lib/action_controller/caching/pages.rb
@@ -106,7 +106,7 @@ module ActionController #:nodoc:
           end
 
           def page_cache_path(path, extension = nil)
-            page_cache_directory + page_cache_file(path, extension)
+            page_cache_directory.to_s + page_cache_file(path, extension)
           end
 
           def instrument_page_cache(name, path)
diff --git a/actionpack/lib/action_controller/log_subscriber.rb b/actionpack/lib/action_controller/log_subscriber.rb
index 3b19310a69..3fae697cc3 100644
--- a/actionpack/lib/action_controller/log_subscriber.rb
+++ b/actionpack/lib/action_controller/log_subscriber.rb
@@ -16,7 +16,11 @@ module ActionController
       payload   = event.payload
       additions = ActionController::Base.log_process_action(payload)
 
-      message = "Completed #{payload[:status]} #{Rack::Utils::HTTP_STATUS_CODES[payload[:status]]} in %.0fms" % event.duration
+      status = payload[:status]
+      if status.nil? && payload[:exception].present?
+        status = Rack::Utils.status_code(ActionDispatch::ShowExceptions.rescue_responses[payload[:exception].first]) rescue nil 
+      end 
+      message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in %.0fms" % event.duration
       message << " (#{additions.join(" | ")})" unless additions.blank?
 
       info(message)
diff --git a/actionpack/lib/action_controller/metal.rb b/actionpack/lib/action_controller/metal.rb
index 329798e84f..e5db31061b 100644
--- a/actionpack/lib/action_controller/metal.rb
+++ b/actionpack/lib/action_controller/metal.rb
@@ -36,19 +36,68 @@ module ActionController
       action = action.to_s
       raise "MiddlewareStack#build requires an app" unless app
 
-      reverse.inject(app) do |a, middleware|
+      middlewares.reverse.inject(app) do |a, middleware|
         middleware.valid?(action) ?
           middleware.build(a) : a
       end
     end
   end
 
-  # Provides a way to get a valid Rack application from a controller.
+  # <tt>ActionController::Metal</tt> is the simplest possible controller, providing a
+  # valid Rack interface without the additional niceties provided by
+  # <tt>ActionController::Base</tt>.
+  #
+  # A sample metal controller might look like this:
+  #
+  #   class HelloController < ActionController::Metal
+  #     def index
+  #       self.response_body = "Hello World!"
+  #     end
+  #   end
+  #
+  # And then to route requests to your metal controller, you would add
+  # something like this to <tt>config/routes.rb</tt>:
+  #
+  #   match 'hello', :to => HelloController.action(:index)
+  #
+  # The +action+ method returns a valid Rack application for the \Rails
+  # router to dispatch to.
+  #
+  # == Rendering Helpers
+  #
+  # <tt>ActionController::Metal</tt> by default provides no utilities for rendering
+  # views, partials, or other responses aside from explicitly calling of
+  # <tt>response_body=</tt>, <tt>content_type=</tt>, and <tt>status=</tt>. To
+  # add the render helpers you're used to having in a normal controller, you
+  # can do the following:
+  #
+  #   class HelloController < ActionController::Metal
+  #     include ActionController::Rendering
+  #     append_view_path "#{Rails.root}/app/views"
+  #
+  #     def index
+  #       render "hello/index"
+  #     end
+  #   end
+  #
+  # == Redirection Helpers
+  #
+  # To add redirection helpers to your metal controller, do the following:
+  #
+  #   class HelloController < ActionController::Metal
+  #     include ActionController::Redirecting
+  #     include Rails.application.routes.url_helpers
+  #
+  #     def index
+  #       redirect_to root_url
+  #     end
+  #   end
+  #
+  # == Other Helpers
+  #
+  # You can refer to the modules included in <tt>ActionController::Base</tt> to see
+  # other features you can bring into your metal controller.
   #
-  # In AbstractController, dispatching is triggered directly by calling #process on a new controller.
-  # <tt>ActionController::Metal</tt> provides an <tt>action</tt> method that returns a valid Rack application for a
-  # given action. Other rack builders, such as Rack::Builder, Rack::URLMap, and the \Rails router,
-  # can dispatch directly to actions returned by controllers in your application.
   class Metal < AbstractController::Base
     abstract!
 
@@ -133,7 +182,7 @@ module ActionController
     end
 
     def response_body=(val)
-      body = val.respond_to?(:each) ? val : [val]
+      body = val.nil? ? nil : (val.respond_to?(:each) ? val : [val])
       super body
     end
 
diff --git a/actionpack/lib/action_controller/metal/implicit_render.rb b/actionpack/lib/action_controller/metal/implicit_render.rb
index 282dcf66b3..cfa7004048 100644
--- a/actionpack/lib/action_controller/metal/implicit_render.rb
+++ b/actionpack/lib/action_controller/metal/implicit_render.rb
@@ -12,10 +12,10 @@ module ActionController
 
     def method_for_action(action_name)
       super || begin
-        if template_exists?(action_name.to_s, _prefix)
+        if template_exists?(action_name.to_s, _prefixes)
           "default_render"
         end
       end
     end
   end
-end
\ No newline at end of file
+end
diff --git a/actionpack/lib/action_controller/metal/mime_responds.rb b/actionpack/lib/action_controller/metal/mime_responds.rb
index 9ba37134b8..a2e06fe0a6 100644
--- a/actionpack/lib/action_controller/metal/mime_responds.rb
+++ b/actionpack/lib/action_controller/metal/mime_responds.rb
@@ -63,13 +63,13 @@ module ActionController #:nodoc:
     # might look something like this:
     #
     #   def index
-    #     @people = Person.find(:all)
+    #     @people = Person.all
     #   end
     #
     # Here's the same action, with web-service support baked in:
     #
     #   def index
-    #     @people = Person.find(:all)
+    #     @people = Person.all
     #
     #     respond_to do |format|
     #       format.html
@@ -155,7 +155,7 @@ module ActionController #:nodoc:
     # Respond to also allows you to specify a common block for different formats by using any:
     #
     #   def index
-    #     @people = Person.find(:all)
+    #     @people = Person.all
     #
     #     respond_to do |format|
     #       format.html
@@ -178,7 +178,7 @@ module ActionController #:nodoc:
     #     respond_to :html, :xml, :json
     #
     #     def index
-    #       @people = Person.find(:all)
+    #       @people = Person.all
     #       respond_with(@person)
     #     end
     #   end
@@ -208,8 +208,8 @@ module ActionController #:nodoc:
     # It also accepts a block to be given. It's used to overwrite a default
     # response:
     #
-    #   def destroy
-    #     @user = User.find(params[:id])
+    #   def create
+    #     @user = User.new(params[:user])
     #     flash[:notice] = "User was successfully created." if @user.save
     #
     #     respond_with(@user) do |format|
diff --git a/actionpack/lib/action_controller/metal/renderers.rb b/actionpack/lib/action_controller/metal/renderers.rb
index d6f6ab1855..38711c8462 100644
--- a/actionpack/lib/action_controller/metal/renderers.rb
+++ b/actionpack/lib/action_controller/metal/renderers.rb
@@ -2,6 +2,7 @@ require 'active_support/core_ext/class/attribute'
 require 'active_support/core_ext/object/blank'
 
 module ActionController
+  # See <tt>Renderers.add</tt>
   def self.add_renderer(key, &block)
     Renderers.add(key, &block)
   end
@@ -39,7 +40,43 @@ module ActionController
       nil
     end
 
+    # Hash of available renderers, mapping a renderer name to its proc.
+    # Default keys are :json, :js, :xml and :update.
     RENDERERS = {}
+
+    # Adds a new renderer to call within controller actions.
+    # A renderer is invoked by passing its name as an option to
+    # <tt>AbstractController::Rendering#render</tt>. To create a renderer
+    # pass it a name and a block. The block takes two arguments, the first
+    # is the value paired with its key and the second is the remaining
+    # hash of options passed to +render+.
+    #
+    # === Example
+    # Create a csv renderer:
+    #
+    #   ActionController::Renderers.add :csv do |obj, options|
+    #     filename = options[:filename] || 'data'
+    #     str = obj.respond_to?(:to_csv) ? obj.to_csv : obj.to_s
+    #     send_data str, :type => Mime::CSV,
+    #       :disposition => "attachment; filename=#{filename}.csv"
+    #   end
+    #
+    # Note that we used Mime::CSV for the csv mime type as it comes with Rails.
+    # For a custom renderer, you'll need to register a mime type with
+    # <tt>Mime::Type.register</tt>.
+    #
+    # To use the csv renderer in a controller action:
+    #
+    #   def show
+    #     @csvable = Csvable.find(params[:id])
+    #     respond_to do |format|
+    #       format.html
+    #       format.csv { render :csv => @csvable, :filename => @csvable.name }
+    #     }
+    #   end
+    # To use renderers and their mime types in more concise ways, see
+    # <tt>ActionController::MimeResponds::ClassMethods.respond_to</tt> and
+    # <tt>ActionController::MimeResponds#respond_with</tt>
     def self.add(key, &block)
       define_method("_render_option_#{key}", &block)
       RENDERERS[key] = block
diff --git a/actionpack/lib/action_controller/metal/rendering.rb b/actionpack/lib/action_controller/metal/rendering.rb
index 14cc547dd0..32d52c84c4 100644
--- a/actionpack/lib/action_controller/metal/rendering.rb
+++ b/actionpack/lib/action_controller/metal/rendering.rb
@@ -6,7 +6,7 @@ module ActionController
 
     # Before processing, set the request formats in current controller formats.
     def process_action(*) #:nodoc:
-      self.formats = request.formats.map { |x| x.to_sym }
+      self.formats = request.formats.map { |x| x.ref }
       super
     end
 
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 148efbb081..1cd93a188c 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -66,30 +66,29 @@ module ActionController #:nodoc:
       # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call.  Set which actions are verified.
       def protect_from_forgery(options = {})
         self.request_forgery_protection_token ||= :authenticity_token
-        before_filter :verify_authenticity_token, options
+        prepend_before_filter :verify_authenticity_token, options
       end
     end
 
     protected
-
-      def protect_from_forgery(options = {})
-        self.request_forgery_protection_token ||= :authenticity_token
-        before_filter :verify_authenticity_token, options
-      end
-
       # The actual before_filter that is used.  Modify this to change how you handle unverified requests.
       def verify_authenticity_token
-        verified_request? || raise(ActionController::InvalidAuthenticityToken)
+        verified_request? || handle_unverified_request
+      end
+
+      def handle_unverified_request
+        reset_session
       end
 
       # Returns true or false if a request is verified.  Checks:
       #
-      # * is the format restricted?  By default, only HTML requests are checked.
       # * is it a GET request?  Gets should be safe and idempotent
       # * Does the form_authenticity_token match the given token value from the params?
+      # * Does the X-CSRF-Token header match the form_authenticity_token
       def verified_request?
-        !protect_against_forgery? || request.forgery_whitelisted? ||
-          form_authenticity_token == params[request_forgery_protection_token]
+        !protect_against_forgery? || request.get? ||
+          form_authenticity_token == params[request_forgery_protection_token] ||
+          form_authenticity_token == request.headers['X-CSRF-Token']
       end
 
       # Sets the token value for the current session.
diff --git a/actionpack/lib/action_controller/metal/responder.rb b/actionpack/lib/action_controller/metal/responder.rb
index 38d32211cc..4b45413cf8 100644
--- a/actionpack/lib/action_controller/metal/responder.rb
+++ b/actionpack/lib/action_controller/metal/responder.rb
@@ -77,8 +77,6 @@ module ActionController #:nodoc:
   #
   #   respond_with(@project, :manager, @task)
   #
-  # Check <code>polymorphic_url</code> documentation for more examples.
-  #
   class Responder
     attr_reader :controller, :request, :format, :resource, :resources, :options
 
@@ -115,7 +113,7 @@ module ActionController #:nodoc:
     # Main entry point for responder responsible to dispatch to the proper format.
     #
     def respond
-      method = :"to_#{format}"
+      method = "to_#{format}"
       respond_to?(method) ? send(method) : to_format
     end
 
@@ -171,7 +169,7 @@ module ActionController #:nodoc:
     # Checks whether the resource responds to the current format or not.
     #
     def resourceful?
-      resource.respond_to?(:"to_#{format}")
+      resource.respond_to?("to_#{format}")
     end
 
     # Returns the resource location by retrieving it from the options or
diff --git a/actionpack/lib/action_controller/railties/paths.rb b/actionpack/lib/action_controller/railties/paths.rb
index 699c44c62c..dce3c2fe88 100644
--- a/actionpack/lib/action_controller/railties/paths.rb
+++ b/actionpack/lib/action_controller/railties/paths.rb
@@ -16,6 +16,14 @@ module ActionController
             if klass.superclass == ActionController::Base && ActionController::Base.include_all_helpers
               klass.helper :all
             end
+
+            if app.config.serve_static_assets && namespace
+              paths = namespace._railtie.config.paths
+
+              klass.config.assets_dir      = paths["public"].first
+              klass.config.javascripts_dir = paths["public/javascripts"].first
+              klass.config.stylesheets_dir = paths["public/stylesheets"].first
+            end
           end
         end
       end
diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
index 3e5d23b5c1..09dd08898c 100644
--- a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
+++ b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
@@ -170,7 +170,7 @@ module HTML
 
     def contains_bad_protocols?(attr_name, value)
       uri_attributes.include?(attr_name) &&
-      (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(%|&#37;)3A/ && !allowed_protocols.include?(value.split(protocol_separator).first))
+      (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(%|&#37;)3A/ && !allowed_protocols.include?(value.split(protocol_separator).first.downcase))
     end
   end
 end