aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_view/helpers
diff options
context:
space:
mode:
authorPratik Naik <pratiknaik@gmail.com>2010-02-14 19:28:05 +0000
committerPratik Naik <pratiknaik@gmail.com>2010-02-14 19:28:05 +0000
commit6f3c5f67870a625b8be4de6e34e8d0d2f5d2b5e3 (patch)
tree3da8d75101aabe3c1d90d0582505ec1480c9d885 /actionpack/lib/action_view/helpers
parent77bf78b3b78a41d4f2f6e733f5c9c00608c0adba (diff)
parenta1b60696e2b13cbe94d748444cc0da37b190fbb8 (diff)
downloadrails-6f3c5f67870a625b8be4de6e34e8d0d2f5d2b5e3.tar.gz
rails-6f3c5f67870a625b8be4de6e34e8d0d2f5d2b5e3.tar.bz2
rails-6f3c5f67870a625b8be4de6e34e8d0d2f5d2b5e3.zip
Merge remote branch 'mainstream/master'
Conflicts: railties/README railties/guides/source/active_support_core_extensions.textile railties/guides/source/getting_started.textile railties/lib/generators/rails/app/templates/README
Diffstat (limited to 'actionpack/lib/action_view/helpers')
-rw-r--r--actionpack/lib/action_view/helpers/csrf_helper.rb12
-rw-r--r--actionpack/lib/action_view/helpers/form_helper.rb20
-rw-r--r--actionpack/lib/action_view/helpers/form_tag_helper.rb6
-rw-r--r--actionpack/lib/action_view/helpers/javascript_helper.rb2
-rw-r--r--actionpack/lib/action_view/helpers/tag_helper.rb2
-rw-r--r--actionpack/lib/action_view/helpers/text_helper.rb6
6 files changed, 32 insertions, 16 deletions
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb
new file mode 100644
index 0000000000..41c6b67f91
--- /dev/null
+++ b/actionpack/lib/action_view/helpers/csrf_helper.rb
@@ -0,0 +1,12 @@
+module ActionView
+ module Helpers
+ module CsrfHelper
+ # Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
+ def csrf_meta_tag
+ if protect_against_forgery?
+ %(<meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/>).html_safe
+ end
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb
index 4d29a03b92..305d6b3128 100644
--- a/actionpack/lib/action_view/helpers/form_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_helper.rb
@@ -309,7 +309,7 @@ module ActionView
options[:html][:remote] = true if options.delete(:remote)
- concat(form_tag(options.delete(:url) || {}, options.delete(:html) || {}))
+ safe_concat(form_tag(options.delete(:url) || {}, options.delete(:html) || {}))
fields_for(object_name, *(args << options), &proc)
safe_concat('</form>')
end
@@ -1172,7 +1172,9 @@ module ActionView
def fields_for_with_nested_attributes(association_name, args, block)
name = "#{object_name}[#{association_name}_attributes]"
- association = args.first.to_model if args.first.respond_to?(:to_model)
+ options = args.extract_options!
+ association = args.shift
+ association = association.to_model if association.respond_to?(:to_model)
if association.respond_to?(:new_record?)
association = [association] if @object.send(association_name).is_a?(Array)
@@ -1181,20 +1183,22 @@ module ActionView
end
if association.is_a?(Array)
- explicit_child_index = args.last[:child_index] if args.last.is_a?(Hash)
+ explicit_child_index = options[:child_index]
association.map do |child|
- fields_for_nested_model("#{name}[#{explicit_child_index || nested_child_index(name)}]", child, args, block)
+ fields_for_nested_model("#{name}[#{explicit_child_index || nested_child_index(name)}]", child, options, block)
end.join
elsif association
- fields_for_nested_model(name, association, args, block)
+ fields_for_nested_model(name, association, options, block)
end
end
- def fields_for_nested_model(name, object, args, block)
+ def fields_for_nested_model(name, object, options, block)
+ object = object.to_model if object.respond_to?(:to_model)
+
if object.new_record?
- @template.fields_for(name, object, *args, &block)
+ @template.fields_for(name, object, options, &block)
else
- @template.fields_for(name, object, *args) do |builder|
+ @template.fields_for(name, object, options) do |builder|
block.call(builder)
@template.concat builder.hidden_field(:id) unless builder.emitted_hidden_id?
end
diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb
index ba1b0bcc20..6ed6c3101b 100644
--- a/actionpack/lib/action_view/helpers/form_tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb
@@ -441,8 +441,8 @@ module ActionView
# # => <fieldset class="format"><p><input id="name" name="name" type="text" /></p></fieldset>
def field_set_tag(legend = nil, options = nil, &block)
content = capture(&block)
- concat(tag(:fieldset, options, true))
- concat(content_tag(:legend, legend)) unless legend.blank?
+ safe_concat(tag(:fieldset, options, true))
+ safe_concat(content_tag(:legend, legend)) unless legend.blank?
concat(content)
safe_concat("</fieldset>")
end
@@ -477,7 +477,7 @@ module ActionView
def form_tag_in_block(html_options, &block)
content = capture(&block)
- concat(form_tag_html(html_options))
+ safe_concat(form_tag_html(html_options))
concat(content)
safe_concat("</form>")
end
diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb
index 7dca9849c0..8fdaa8cf8d 100644
--- a/actionpack/lib/action_view/helpers/javascript_helper.rb
+++ b/actionpack/lib/action_view/helpers/javascript_helper.rb
@@ -86,7 +86,7 @@ module ActionView
tag = content_tag(:script, javascript_cdata_section(content), html_options.merge(:type => Mime::JS))
if block_called_from_erb?(block)
- concat(tag)
+ safe_concat(tag)
else
tag
end
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
index ed80e07c78..a3a8185f40 100644
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -72,7 +72,7 @@ module ActionView
content_tag = content_tag_string(name, capture(&block), options, escape)
if block_called_from_erb?(block)
- concat(content_tag)
+ safe_concat(content_tag)
else
content_tag
end
diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb
index 2e02f6637a..644f34dbbe 100644
--- a/actionpack/lib/action_view/helpers/text_helper.rb
+++ b/actionpack/lib/action_view/helpers/text_helper.rb
@@ -187,7 +187,7 @@ module ActionView
# pluralize(0, 'person')
# # => 0 people
def pluralize(count, singular, plural = nil)
- "#{count || 0} " + ((count == 1 || count == '1') ? singular : (plural || singular.pluralize))
+ "#{count || 0} " + ((count == 1 || count =~ /^1(\.0+)?$/) ? singular : (plural || singular.pluralize))
end
# Wraps the +text+ into lines no longer than +line_width+ width. This method
@@ -327,12 +327,12 @@ module ActionView
# # => "<p class='description'>Look ma! A class!</p>"
def simple_format(text, html_options={})
start_tag = tag('p', html_options, true)
- text = text.to_s.dup
+ text = h(text)
text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n
text.gsub!(/\n\n+/, "</p>\n\n#{start_tag}") # 2+ newline -> paragraph
text.gsub!(/([^\n]\n)(?=[^\n])/, '\1<br />') # 1 newline -> br
text.insert 0, start_tag
- text << "</p>"
+ text.safe_concat("</p>")
end
# Turns all URLs and e-mail addresses into clickable links. The <tt>:link</tt> option