Merge remote-tracking branch 'origin/master'

12 files changed, 86 insertions, 56 deletions

diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
index 95de595f4f..71425cd542 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -171,11 +171,11 @@ module ActionController
   class Base < Metal
     abstract!
 
-    # Shortcut helper that returns all the ActionController modules except the ones passed in the argument:
+    # Shortcut helper that returns all the ActionController::Base modules except the ones passed in the argument:
     #
     #   class MetalController
-    #     ActionController::Base.without_modules(:ParamsWrapper, :Streaming).each do |module|
-    #       include module
+    #     ActionController::Base.without_modules(:ParamsWrapper, :Streaming).each do |left|
+    #       include left
     #     end
     #   end
     #
diff --git a/actionpack/lib/action_controller/caching/sweeping.rb b/actionpack/lib/action_controller/caching/sweeping.rb
index 49cf70ec21..bb176ca3f9 100644
--- a/actionpack/lib/action_controller/caching/sweeping.rb
+++ b/actionpack/lib/action_controller/caching/sweeping.rb
@@ -54,6 +54,11 @@ module ActionController #:nodoc:
       class Sweeper < ActiveRecord::Observer #:nodoc:
         attr_accessor :controller
 
+        def initialize(*args)
+          super
+          @controller = nil
+        end
+
         def before(controller)
           self.controller = controller
           callback(:before) if controller.perform_caching
@@ -88,7 +93,7 @@ module ActionController #:nodoc:
           end
 
           def method_missing(method, *arguments, &block)
-            return unless @controller
+            super unless @controller
             @controller.__send__(method, *arguments, &block)
           end
       end
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index a1e40fc4e0..ac12cbb625 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -44,7 +44,7 @@ module ActionController
             redirect_options = {:protocol => 'https://', :status => :moved_permanently}
             redirect_options.merge!(:host => host) if host
             redirect_options.merge!(:params => request.query_parameters)
-            flash.keep
+            flash.keep if respond_to?(:flash)
             redirect_to redirect_options
           end
         end
diff --git a/actionpack/lib/action_controller/metal/helpers.rb b/actionpack/lib/action_controller/metal/helpers.rb
index d070eaae5d..1a4bca12d2 100644
--- a/actionpack/lib/action_controller/metal/helpers.rb
+++ b/actionpack/lib/action_controller/metal/helpers.rb
@@ -52,6 +52,7 @@ module ActionController
   module Helpers
     extend ActiveSupport::Concern
 
+    class << self; attr_accessor :helpers_path; end
     include AbstractController::Helpers
 
     included do
diff --git a/actionpack/lib/action_controller/metal/mime_responds.rb b/actionpack/lib/action_controller/metal/mime_responds.rb
index 1e3c2d83cf..7ff5d48c5a 100644
--- a/actionpack/lib/action_controller/metal/mime_responds.rb
+++ b/actionpack/lib/action_controller/metal/mime_responds.rb
@@ -355,8 +355,12 @@ module ActionController #:nodoc:
       end
     end
 
-    # Collects mimes and return the response for the negotiated format. Returns
-    # nil if :not_acceptable was sent to the client.
+    # Returns a Collector object containing the appropriate mime-type response
+    # for the current request, based on the available responses defined by a block.
+    # In typical usage this is the block passed to +respond_with+ or +respond_to+.
+    #
+    # Sends :not_acceptable to the client and returns nil if no suitable format
+    # is available.
     #
     def retrieve_collector_from_mimes(mimes=nil, &block) #:nodoc:
       mimes ||= collect_mimes_from_class_level
diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index b07742e0e1..3ffb7ef426 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -93,7 +93,7 @@ module ActionController
           _compute_redirect_to_location options.call
         else
           url_for(options)
-        end.gsub(/[\r\n]/, '')
+        end.gsub(/[\0\r\n]/, '')
       end
   end
 end
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index afa9243f02..3081c14c09 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -37,6 +37,10 @@ module ActionController #:nodoc:
       config_accessor :request_forgery_protection_token
       self.request_forgery_protection_token ||= :authenticity_token
 
+      # Controls how unverified request will be handled
+      config_accessor :request_forgery_protection_method
+      self.request_forgery_protection_method ||= :reset_session
+
       # Controls whether request forgery protection is turned on or not. Turned off by default only in test mode.
       config_accessor :allow_forgery_protection
       self.allow_forgery_protection = true if allow_forgery_protection.nil?
@@ -64,8 +68,10 @@ module ActionController #:nodoc:
       # Valid Options:
       #
       # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call. Set which actions are verified.
+      # * <tt>:with</tt> - Set the method to handle unverified request. Valid values: <tt>:exception</tt> and <tt>:reset_session</tt> (default).
       def protect_from_forgery(options = {})
         self.request_forgery_protection_token ||= :authenticity_token
+        self.request_forgery_protection_method = options.delete(:with) if options.key?(:with)
         prepend_before_filter :verify_authenticity_token, options
       end
     end
@@ -80,9 +86,19 @@ module ActionController #:nodoc:
       end
 
       # This is the method that defines the application behavior when a request is found to be unverified.
-      # By default, \Rails resets the session when it finds an unverified request.
+      # By default, \Rails uses <tt>request_forgery_protection_method</tt> when it finds an unverified request:
+      #
+      # * <tt>:reset_session</tt> - Resets the session.
+      # * <tt>:exception</tt>: - Raises ActionController::InvalidAuthenticityToken exception.
       def handle_unverified_request
-        reset_session
+        case request_forgery_protection_method
+        when :exception
+          raise ActionController::InvalidAuthenticityToken
+        when :reset_session
+          reset_session
+        else
+          raise ArgumentError, 'Invalid request forgery protection method, use :exception or :reset_session'
+        end
       end
 
       # Returns true or false if a request is verified. Checks:
diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb
index 3e170d7872..851a2c4aee 100644
--- a/actionpack/lib/action_controller/railtie.rb
+++ b/actionpack/lib/action_controller/railtie.rb
@@ -3,33 +3,32 @@ require "action_controller"
 require "action_dispatch/railtie"
 require "action_view/railtie"
 require "abstract_controller/railties/routes_helpers"
-require "action_controller/railties/paths"
+require "action_controller/railties/helpers"
 
 module ActionController
   class Railtie < Rails::Railtie #:nodoc:
     config.action_controller = ActiveSupport::OrderedOptions.new
 
-    initializer "action_controller.logger" do
-      ActiveSupport.on_load(:action_controller) { self.logger ||= Rails.logger }
-    end
-
-    initializer "action_controller.initialize_framework_caches" do
-      ActiveSupport.on_load(:action_controller) { self.cache_store ||= Rails.cache }
-    end
-
     initializer "action_controller.assets_config", :group => :all do |app|
       app.config.action_controller.assets_dir ||= app.config.paths["public"].first
     end
 
+    initializer "action_controller.set_helpers_path" do |app|
+      ActionController::Helpers.helpers_path = app.helpers_paths
+    end
+
     initializer "action_controller.set_configs" do |app|
       paths   = app.config.paths
       options = app.config.action_controller
 
+      options.logger               ||= Rails.logger
+      options.cache_store          ||= Rails.cache
+
       options.javascripts_dir      ||= paths["public/javascripts"].first
       options.stylesheets_dir      ||= paths["public/stylesheets"].first
       options.page_cache_directory ||= paths["public"].first
 
-      # make sure readers methods get compiled
+      # Ensure readers methods get compiled
       options.asset_path           ||= app.config.asset_path
       options.asset_host           ||= app.config.asset_host
       options.relative_url_root    ||= app.config.relative_url_root
@@ -37,8 +36,16 @@ module ActionController
       ActiveSupport.on_load(:action_controller) do
         include app.routes.mounted_helpers
         extend ::AbstractController::Railties::RoutesHelpers.with(app.routes)
-        extend ::ActionController::Railties::Paths.with(app)
-        options.each { |k,v| send("#{k}=", v) }
+        extend ::ActionController::Railties::Helpers
+
+        options.each do |k,v|
+          k = "#{k}="
+          if respond_to?(k)
+            send(k, v)
+          elsif !Base.respond_to?(k)
+            raise "Invalid option key: #{k}"
+          end
+        end
       end
     end
 
diff --git a/actionpack/lib/action_controller/railties/helpers.rb b/actionpack/lib/action_controller/railties/helpers.rb
new file mode 100644
index 0000000000..3985c6b273
--- /dev/null
+++ b/actionpack/lib/action_controller/railties/helpers.rb
@@ -0,0 +1,22 @@
+module ActionController
+  module Railties
+    module Helpers
+      def inherited(klass)
+        super
+        return unless klass.respond_to?(:helpers_path=)
+
+        if namespace = klass.parents.detect { |m| m.respond_to?(:railtie_helpers_paths) }
+          paths = namespace.railtie_helpers_paths
+        else
+          paths = ActionController::Helpers.helpers_path
+        end
+
+        klass.helpers_path = paths
+
+        if klass.superclass == ActionController::Base && ActionController::Base.include_all_helpers
+          klass.helper :all
+        end
+      end
+    end
+  end
+end
diff --git a/actionpack/lib/action_controller/railties/paths.rb b/actionpack/lib/action_controller/railties/paths.rb
deleted file mode 100644
index bbe63149ad..0000000000
--- a/actionpack/lib/action_controller/railties/paths.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-module ActionController
-  module Railties
-    module Paths
-      def self.with(app)
-        Module.new do
-          define_method(:inherited) do |klass|
-            super(klass)
-
-            if namespace = klass.parents.detect { |m| m.respond_to?(:railtie_helpers_paths) }
-              paths = namespace.railtie_helpers_paths
-            else
-              paths = app.helpers_paths
-            end
-
-            klass.helpers_path = paths
-
-            if klass.superclass == ActionController::Base && ActionController::Base.include_all_helpers
-              klass.helper :all
-            end
-          end
-        end
-      end
-    end
-  end
-end
diff --git a/actionpack/lib/action_controller/record_identifier.rb b/actionpack/lib/action_controller/record_identifier.rb
index 9c38ff44d8..18dda978b3 100644
--- a/actionpack/lib/action_controller/record_identifier.rb
+++ b/actionpack/lib/action_controller/record_identifier.rb
@@ -2,8 +2,8 @@ require 'active_support/core_ext/module'
 
 module ActionController
   # The record identifier encapsulates a number of naming conventions for dealing with records, like Active Records or
-  # Active Resources or pretty much any other model type that has an id. These patterns are then used to try elevate
-  # the view actions to a higher logical level. Example:
+  # pretty much any other model type that has an id. These patterns are then used to try elevate the view actions to
+  # a higher logical level. Example:
   #
   #   # routes
   #   resources :posts
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index e9a3ec5a22..7ba8319e4c 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -56,6 +56,9 @@ module ActionController
     #   # assert that the "new" view template was rendered
     #   assert_template "new"
     #
+    #   # assert that the exact template "admin/posts/new" was rendered
+    #   assert_template %r{\Aadmin/posts/new\Z}
+    #
     #   # assert that the "_customer" partial was rendered twice
     #   assert_template :partial => '_customer', :count => 2
     #
@@ -74,11 +77,11 @@ module ActionController
       response.body
 
       case options
-      when NilClass, String, Symbol
+      when NilClass, String, Symbol, Regexp
         options = options.to_s if Symbol === options
         rendered = @templates
         msg = message || sprintf("expecting <%s> but rendering with <%s>",
-                options, rendered.keys)
+                options.inspect, rendered.keys)
         assert_block(msg) do
           if options
             rendered.any? { |t,num| t.match(options) }
@@ -121,6 +124,8 @@ module ActionController
           assert @partials.empty?,
             "Expected no partials to be rendered"
         end
+      else
+        raise ArgumentError, "assert_template only accepts a String, Symbol, Hash, Regexp, or nil"
       end
     end
   end
@@ -500,11 +505,6 @@ module ActionController
         end
       end
 
-      # Cause the action to be rescued according to the regular rules for rescue_action when the visitor is not local
-      def rescue_action_in_public!
-        @request.remote_addr = '208.77.188.166' # example.com
-      end
-
       included do
         include ActionController::TemplateAssertions
         include ActionDispatch::Assertions