Merge branch 'master' of github.com:rails/rails

12 files changed, 114 insertions, 12 deletions

diff --git a/actionpack/lib/action_controller/metal/data_streaming.rb b/actionpack/lib/action_controller/metal/data_streaming.rb
index 5e077dd7bd..0670a58d97 100644
--- a/actionpack/lib/action_controller/metal/data_streaming.rb
+++ b/actionpack/lib/action_controller/metal/data_streaming.rb
@@ -34,7 +34,7 @@ module ActionController #:nodoc:
       #   If no content type is registered for the extension, default type 'application/octet-stream' will be used.
       # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
       #   Valid values are 'inline' and 'attachment' (default).
-      # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to '200 OK'.
+      # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to 200.
       # * <tt>:url_based_filename</tt> - set to +true+ if you want the browser guess the filename from
       #   the URL, which is necessary for i18n filenames on certain browsers
       #   (setting <tt>:filename</tt> overrides this option).
@@ -92,7 +92,7 @@ module ActionController #:nodoc:
       #   If no content type is registered for the extension, default type 'application/octet-stream' will be used.
       # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
       #   Valid values are 'inline' and 'attachment' (default).
-      # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to '200 OK'.
+      # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to 200.
       #
       # Generic data download:
       #
diff --git a/actionpack/lib/action_controller/metal/head.rb b/actionpack/lib/action_controller/metal/head.rb
index 8abcad55a2..a618533d09 100644
--- a/actionpack/lib/action_controller/metal/head.rb
+++ b/actionpack/lib/action_controller/metal/head.rb
@@ -9,6 +9,8 @@ module ActionController
     #
     #   head :created, :location => person_path(@person)
     #
+    #   head :created, :location => @person
+    #
     # It can also be used to return exceptional conditions:
     #
     #   return head(:method_not_allowed) unless request.post?
diff --git a/actionpack/lib/action_controller/record_identifier.rb b/actionpack/lib/action_controller/record_identifier.rb
index 2036442cfe..9c38ff44d8 100644
--- a/actionpack/lib/action_controller/record_identifier.rb
+++ b/actionpack/lib/action_controller/record_identifier.rb
@@ -14,9 +14,9 @@ module ActionController
   #   <% end %>                  </div>
   #
   #   # controller
-  #   def destroy
+  #   def update
   #     post = Post.find(params[:id])
-  #     post.destroy
+  #     post.update_attributes(params[:post])
   #
   #     redirect_to(post) # Calls polymorphic_url(post) which in turn calls post_url(post)
   #   end
diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/document.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/document.rb
index 7fa3aead82..386820300a 100644
--- a/actionpack/lib/action_controller/vendor/html-scanner/html/document.rb
+++ b/actionpack/lib/action_controller/vendor/html-scanner/html/document.rb
@@ -4,7 +4,7 @@ require 'html/selector'
 require 'html/sanitizer'
 
 module HTML #:nodoc:
-  # A top-level HTMl document. You give it a body of text, and it will parse that
+  # A top-level HTML document. You give it a body of text, and it will parse that
   # text into a tree of nodes.
   class Document #:nodoc:
 
diff --git a/actionpack/lib/action_dispatch.rb b/actionpack/lib/action_dispatch.rb
index 7f972fc281..1e92d14542 100644
--- a/actionpack/lib/action_dispatch.rb
+++ b/actionpack/lib/action_dispatch.rb
@@ -47,6 +47,7 @@ module ActionDispatch
   end
 
   autoload_under 'middleware' do
+    autoload :RequestId
     autoload :BestStandardsSupport
     autoload :Callbacks
     autoload :Cookies
@@ -82,6 +83,7 @@ module ActionDispatch
     autoload :AbstractStore, 'action_dispatch/middleware/session/abstract_store'
     autoload :CookieStore,   'action_dispatch/middleware/session/cookie_store'
     autoload :MemCacheStore, 'action_dispatch/middleware/session/mem_cache_store'
+    autoload :CacheStore,    'action_dispatch/middleware/session/cache_store'
   end
 
   autoload_under 'testing' do
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 37d0a3e0b8..7a5237dcf3 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -177,6 +177,16 @@ module ActionDispatch
       @remote_ip ||= (@env["action_dispatch.remote_ip"] || ip).to_s
     end
 
+    # Returns the unique request id, which is based off either the X-Request-Id header that can
+    # be generated by a firewall, load balancer, or web server or by the RequestId middleware
+    # (which sets the action_dispatch.request_id environment variable).
+    #
+    # This unique ID is useful for tracing a request from end-to-end as part of logging or debugging.
+    # This relies on the rack variable set by the ActionDispatch::RequestId middleware.
+    def uuid
+      @uuid ||= env["action_dispatch.request_id"]
+    end
+
     # Returns the lowercase name of the HTTP server software.
     def server_software
       (@env['SERVER_SOFTWARE'] && /^([a-zA-Z]+)/ =~ @env['SERVER_SOFTWARE']) ? $1.downcase : nil
diff --git a/actionpack/lib/action_dispatch/http/url.rb b/actionpack/lib/action_dispatch/http/url.rb
index 170c68f3e0..c8ddd07bfa 100644
--- a/actionpack/lib/action_dispatch/http/url.rb
+++ b/actionpack/lib/action_dispatch/http/url.rb
@@ -45,7 +45,7 @@ module ActionDispatch
 
           rewritten_url << (options[:trailing_slash] ? path.sub(/\?|\z/) { "/" + $& } : path)
           rewritten_url << "?#{params.to_query}" unless params.empty?
-          rewritten_url << "##{Journey::Router::Utils.escape_uri(options[:anchor].to_param.to_s)}" if options[:anchor]
+          rewritten_url << "##{Journey::Router::Utils.escape_fragment(options[:anchor].to_param.to_s)}" if options[:anchor]
           rewritten_url
         end
 
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 8c4615c0c1..a4ffd40a66 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -174,7 +174,7 @@ module ActionDispatch
           options = { :value => value }
         end
 
-        value = @cookies[key.to_s] = value
+        @cookies[key.to_s] = value
 
         handle_options(options)
 
diff --git a/actionpack/lib/action_dispatch/middleware/request_id.rb b/actionpack/lib/action_dispatch/middleware/request_id.rb
new file mode 100644
index 0000000000..bee446c8a5
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/request_id.rb
@@ -0,0 +1,39 @@
+require 'securerandom'
+require 'active_support/core_ext/string/access'
+require 'active_support/core_ext/object/blank'
+
+module ActionDispatch
+  # Makes a unique request id available to the action_dispatch.request_id env variable (which is then accessible through
+  # ActionDispatch::Request#uuid) and sends the same id to the client via the X-Request-Id header.
+  #
+  # The unique request id is either based off the X-Request-Id header in the request, which would typically be generated
+  # by a firewall, load balancer, or the web server, or, if this header is not available, a random uuid. If the
+  # header is accepted from the outside world, we sanitize it to a max of 255 chars and alphanumeric and dashes only.
+  #
+  # The unique request id can be used to trace a request end-to-end and would typically end up being part of log files
+  # from multiple pieces of the stack.
+  class RequestId
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      env["action_dispatch.request_id"] = external_request_id(env) || internal_request_id
+      status, headers, body = @app.call(env)
+
+      headers["X-Request-Id"] = env["action_dispatch.request_id"]
+      [ status, headers, body ]
+    end
+
+    private
+      def external_request_id(env)
+        if request_id = env["HTTP_X_REQUEST_ID"].presence
+          request_id.gsub(/[^\w\-]/, "").first(255)
+        end
+      end
+
+      def internal_request_id
+        SecureRandom.hex(16)
+      end
+  end
+end
diff --git a/actionpack/lib/action_dispatch/middleware/session/cache_store.rb b/actionpack/lib/action_dispatch/middleware/session/cache_store.rb
new file mode 100644
index 0000000000..d3b6fd12fa
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/session/cache_store.rb
@@ -0,0 +1,50 @@
+require 'action_dispatch/middleware/session/abstract_store'
+require 'rack/session/memcache'
+
+module ActionDispatch
+  module Session
+    # Session store that uses an ActiveSupport::Cache::Store to store the sessions. This store is most useful
+    # if you don't store critical data in your sessions and you don't need them to live for extended periods
+    # of time.
+    class CacheStore < AbstractStore
+      # Create a new store. The cache to use can be passed in the <tt>:cache</tt> option. If it is
+      # not specified, <tt>Rails.cache</tt> will be used.
+      def initialize(app, options = {})
+        @cache = options[:cache] || Rails.cache
+        options[:expire_after] ||= @cache.options[:expires_in]
+        super
+      end
+
+      # Get a session from the cache.
+      def get_session(env, sid)
+        sid ||= generate_sid
+        session = @cache.read(cache_key(sid))
+        session ||= {}
+        [sid, session]
+      end
+
+      # Set a session in the cache.
+      def set_session(env, sid, session, options)
+        key = cache_key(sid)
+        if session
+          @cache.write(key, session, :expires_in => options[:expire_after])
+        else
+          @cache.delete(key)
+        end
+        sid
+      end
+
+      # Remove a session from the cache.
+      def destroy_session(env, sid, options)
+        @cache.delete(cache_key(sid))
+        generate_sid
+      end
+
+      private
+        # Turn the session id into a cache key.
+        def cache_key(sid)
+          "_session_id:#{sid}"
+        end
+    end
+  end
+end
diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb
index bc956ef216..e7bc431783 100644
--- a/actionpack/lib/action_dispatch/routing/route_set.rb
+++ b/actionpack/lib/action_dispatch/routing/route_set.rb
@@ -394,10 +394,9 @@ module ActionDispatch
           if name == :controller
             value
           elsif value.is_a?(Array)
-            value.map { |v| Journey::Router::Utils.escape_uri(v.to_param) }.join('/')
-          else
-            return nil unless param = value.to_param
-            param.split('/').map { |v| Journey::Router::Utils.escape_uri(v) }.join("/")
+            value.map { |v| v.to_param }.join('/')
+          elsif param = value.to_param
+            param
           end
         end
 
diff --git a/actionpack/lib/action_view/helpers/number_helper.rb b/actionpack/lib/action_view/helpers/number_helper.rb
index ec6c2c8db3..7031694af4 100644
--- a/actionpack/lib/action_view/helpers/number_helper.rb
+++ b/actionpack/lib/action_view/helpers/number_helper.rb
@@ -69,7 +69,7 @@ module ActionView
           number.gsub!(/(\d{1,3})(\d{3})(\d{4}$)/,"(\\1) \\2#{delimiter}\\3")
         else
           number.gsub!(/(\d{0,3})(\d{3})(\d{4})$/,"\\1#{delimiter}\\2#{delimiter}\\3")
-          number.slice!(0, 1) if number.starts_with?('-')
+          number.slice!(0, 1) if number.starts_with?(delimiter) && !delimiter.blank?
         end
 
         str = []