Merge branch 'master' into preload

* master: (62 commits)
  Getting Started Guide: Hello Rails! -> Hello, Rails! and wrap code tag
  Add CHANGELOG entry for #12344
  Add regression test to #12343
  Fix typo in number_to_human docs: you -> your
  [Documentation] Add a missing validation to I18n docs
  Use the given name in html_options for the hidden field in collection_check_boxes
  assign_attributes should return if argument is blank.
  No need the else clause
  Use join to concat the both side of the AST
  Add a CHANGELOG entry about Web Console inclusion
  added column type to example in section 2.3
  Include web-console in new projects Gemfile
  ActiveRecord::ConnectionAdapters::Column.string_to_time method respects string with timezone. Closes #12278.
  add test_scoped_root_as_name
  Getting Started Guide: update RubyGems Guides link [ci skip]
  Deprecate unused quoted_locking_column method.
  Update references to wycats/thor to erikhuda/thor.
  bcrypt-ruby v3.1.2 supports Ruby 2.0 on Windows
  Fix the model name in the association basics guides
  We shouldn't override PostgreSQLAdapter's superclass inheritance while monkeypatching
  ...

10 files changed, 117 insertions, 58 deletions

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 63a208dbcf..b0b75f6909 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,13 @@
+*   Fix regex used to detect URI schemes in `redirect_to` to be consistent with
+    RFC 3986.
+
+    *Derek Prior*
+
+*   Fix incorrect `assert_redirected_to` failure message for protocol-relative
+    URLs.
+
+    *Derek Prior*
+
 *   Fix an issue where router can't recognize downcased url encoding path.
 
     Fixes #12269
diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index e9031f3fac..ab14a61b97 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -71,6 +71,26 @@ module ActionController
       self.response_body = "<html><body>You are being <a href=\"#{ERB::Util.h(location)}\">redirected</a>.</body></html>"
     end
 
+    def _compute_redirect_to_location(options) #:nodoc:
+      case options
+      # The scheme name consist of a letter followed by any combination of
+      # letters, digits, and the plus ("+"), period ("."), or hyphen ("-")
+      # characters; and is terminated by a colon (":").
+      # See http://tools.ietf.org/html/rfc3986#section-3.1
+      # The protocol relative scheme starts with a double slash "//".
+      when /\A([a-z][a-z\d\-+\.]*:|\/\/).*/i
+        options
+      when String
+        request.protocol + request.host_with_port + options
+      when :back
+        request.headers["Referer"] or raise RedirectBackError
+      when Proc
+        _compute_redirect_to_location options.call
+      else
+        url_for(options)
+      end.delete("\0\r\n")
+    end
+
     private
       def _extract_redirect_to_status(options, response_status)
         if options.is_a?(Hash) && options.key?(:status)
@@ -81,24 +101,5 @@ module ActionController
           302
         end
       end
-
-      def _compute_redirect_to_location(options)
-        case options
-        # The scheme name consist of a letter followed by any combination of
-        # letters, digits, and the plus ("+"), period ("."), or hyphen ("-")
-        # characters; and is terminated by a colon (":").
-        # The protocol relative scheme starts with a double slash "//"
-        when %r{\A(\w[\w+.-]*:|//).*}
-          options
-        when String
-          request.protocol + request.host_with_port + options
-        when :back
-          request.headers["Referer"] or raise RedirectBackError
-        when Proc
-          _compute_redirect_to_location options.call
-        else
-          url_for(options)
-        end.delete("\0\r\n")
-      end
   end
 end
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 573c739da4..bd64b1f812 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -124,6 +124,9 @@ module ActionController #:nodoc:
             @loaded = true
           end
 
+          # no-op
+          def destroy; end
+
           def exists?
             true
           end
diff --git a/actionpack/lib/action_dispatch/journey/router/utils.rb b/actionpack/lib/action_dispatch/journey/router/utils.rb
index 80011597aa..1edf86cd88 100644
--- a/actionpack/lib/action_dispatch/journey/router/utils.rb
+++ b/actionpack/lib/action_dispatch/journey/router/utils.rb
@@ -7,11 +7,13 @@ module ActionDispatch
         # Normalizes URI path.
         #
         # Strips off trailing slash and ensures there is a leading slash.
+        # Also converts downcase url encoded string to uppercase.
         #
         #   normalize_path("/foo")  # => "/foo"
         #   normalize_path("/foo/") # => "/foo"
         #   normalize_path("foo")   # => "/foo"
         #   normalize_path("")      # => "/"
+        #   normalize_path("/%ab")  # => "/%AB"
         def self.normalize_path(path)
           path = "/#{path}"
           path.squeeze!('/')
@@ -36,7 +38,7 @@ module ActionDispatch
           UNSAFE_FRAGMENT = Regexp.new("[^#{safe_fragment}]", false).freeze
         end
 
-        Parser = URI.const_defined?(:Parser) ? URI::Parser.new : URI
+        Parser = URI::Parser.new
 
         def self.escape_path(path)
           Parser.escape(path.to_s, UriEscape::UNSAFE_SEGMENT)
diff --git a/actionpack/lib/action_dispatch/journey/visitors.rb b/actionpack/lib/action_dispatch/journey/visitors.rb
index 0a8cb1b4d4..a5b4679fae 100644
--- a/actionpack/lib/action_dispatch/journey/visitors.rb
+++ b/actionpack/lib/action_dispatch/journey/visitors.rb
@@ -84,44 +84,43 @@ module ActionDispatch
 
       # Used for formatting urls (url_for)
       class Formatter < Visitor # :nodoc:
-        attr_reader :options, :consumed
+        attr_reader :options
 
         def initialize(options)
           @options  = options
-          @consumed = {}
         end
 
         private
 
-          def visit_GROUP(node)
-            if consumed == options
-              nil
-            else
-              route = visit(node.left)
-              route.include?("\0") ? nil : route
+          def visit(node, optional = false)
+            case node.type
+            when :LITERAL, :SLASH, :DOT
+              node.left
+            when :STAR
+              visit(node.left)
+            when :GROUP
+              visit(node.left, true)
+            when :CAT
+              visit_CAT(node, optional)
+            when :SYMBOL
+              visit_SYMBOL(node)
             end
           end
 
-          def terminal(node)
-            node.left
-          end
-
-          def binary(node)
-            [visit(node.left), visit(node.right)].join
-          end
+          def visit_CAT(node, optional)
+            left = visit(node.left, optional)
+            right = visit(node.right, optional)
 
-          def nary(node)
-            node.children.map { |c| visit(c) }.join
+            if optional && !(right && left)
+              ""
+            else
+              [left, right].join
+            end
           end
 
           def visit_SYMBOL(node)
-            key = node.to_sym
-
-            if value = options[key]
-              consumed[key] = value
+            if value = options[node.to_sym]
               Router::Utils.escape_path(value)
-            else
-              "\0"
             end
           end
       end
diff --git a/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb b/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb
index 6d3f8da932..2fb03f2712 100644
--- a/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb
+++ b/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb
@@ -74,6 +74,19 @@ module ActionDispatch
       # * <tt>:routing_type</tt> - Allowed values are <tt>:path</tt> or <tt>:url</tt>.
       #   Default is <tt>:url</tt>.
       #
+      # Also includes all the options from <tt>url_for</tt>. These include such
+      # things as <tt>:anchor</tt> or <tt>:trailing_slash</tt>. Example usage
+      # is given below:
+      #
+      #   polymorphic_url([blog, post], anchor: 'my_anchor')
+      #     # => "http://example.com/blogs/1/posts/1#my_anchor"
+      #   polymorphic_url([blog, post], anchor: 'my_anchor', script_name: "/my_app")
+      #     # => "http://example.com/my_app/blogs/1/posts/1#my_anchor"
+      #
+      # For all of these options, see the documentation for <tt>url_for</tt>.
+      #
+      # ==== Functionality
+      #
       #   # an Article record
       #   polymorphic_url(record)  # same as article_url(record)
       #
diff --git a/actionpack/lib/action_dispatch/testing/assertions/response.rb b/actionpack/lib/action_dispatch/testing/assertions/response.rb
index 44ed0ac1f3..93f9fab9c2 100644
--- a/actionpack/lib/action_dispatch/testing/assertions/response.rb
+++ b/actionpack/lib/action_dispatch/testing/assertions/response.rb
@@ -67,21 +67,11 @@ module ActionDispatch
         end
 
         def normalize_argument_to_redirection(fragment)
-          normalized = case fragment
-            when Regexp
-              fragment
-            when %r{^\w[A-Za-z\d+.-]*:.*}
-              fragment
-            when String
-              @request.protocol + @request.host_with_port + fragment
-            when :back
-              raise RedirectBackError unless refer = @request.headers["Referer"]
-              refer
-            else
-              @controller.url_for(fragment)
-            end
-
-          normalized.respond_to?(:delete) ? normalized.delete("\0\r\n") : normalized
+          if Regexp === fragment
+            fragment
+          else
+            @controller._compute_redirect_to_location(fragment)
+          end
         end
     end
   end
diff --git a/actionpack/test/controller/action_pack_assertions_test.rb b/actionpack/test/controller/action_pack_assertions_test.rb
index 22a410db94..ba4cffcd3e 100644
--- a/actionpack/test/controller/action_pack_assertions_test.rb
+++ b/actionpack/test/controller/action_pack_assertions_test.rb
@@ -39,6 +39,8 @@ class ActionPackAssertionsController < ActionController::Base
 
   def redirect_external() redirect_to "http://www.rubyonrails.org"; end
 
+  def redirect_external_protocol_relative() redirect_to "//www.rubyonrails.org"; end
+
   def response404() head '404 AWOL' end
 
   def response500() head '500 Sorry' end
@@ -258,6 +260,19 @@ class ActionPackAssertionsControllerTest < ActionController::TestCase
     end
   end
 
+  def test_assert_redirect_failure_message_with_protocol_relative_url
+    begin
+      process :redirect_external_protocol_relative
+      assert_redirected_to "/foo"
+    rescue ActiveSupport::TestCase::Assertion => ex
+      assert_no_match(
+        /#{request.protocol}#{request.host}\/\/www.rubyonrails.org/,
+        ex.message,
+        'protocol relative url was incorrectly normalized'
+      )
+    end
+  end
+
   def test_template_objects_exist
     process :assign_this
     assert !@controller.instance_variable_defined?(:"@hi")
@@ -309,6 +324,9 @@ class ActionPackAssertionsControllerTest < ActionController::TestCase
 
     process :redirect_external
     assert_equal 'http://www.rubyonrails.org', @response.redirect_url
+
+    process :redirect_external_protocol_relative
+    assert_equal '//www.rubyonrails.org', @response.redirect_url
   end
 
   def test_no_redirect_url
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index c272e785c2..727db79241 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -78,6 +78,11 @@ class RequestForgeryProtectionControllerUsingNullSession < ActionController::Bas
     cookies.encrypted[:foo] = 'bar'
     render :nothing => true
   end
+
+  def try_to_reset_session
+    reset_session
+    render :nothing => true
+  end
 end
 
 class FreeCookieController < RequestForgeryProtectionControllerUsingResetSession
@@ -320,6 +325,11 @@ class RequestForgeryProtectionControllerUsingNullSessionTest < ActionController:
     post :encrypted
     assert_response :ok
   end
+
+  test 'should allow reset_session' do
+    post :try_to_reset_session
+    assert_response :ok
+  end
 end
 
 class RequestForgeryProtectionControllerUsingExceptionTest < ActionController::TestCase
diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb
index e4c3ddd3f9..3e9e90a950 100644
--- a/actionpack/test/dispatch/routing_test.rb
+++ b/actionpack/test/dispatch/routing_test.rb
@@ -1102,6 +1102,19 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest
     assert_equal 'projects#index', @response.body
   end
 
+  def test_scoped_root_as_name
+    draw do
+      scope '(:locale)', :locale => /en|pl/ do
+        root :to => 'projects#index', :as => 'projects'
+      end
+    end
+
+    assert_equal '/en', projects_path(:locale => 'en')
+    assert_equal '/', projects_path
+    get '/en'
+    assert_equal 'projects#index', @response.body
+  end
+
   def test_scope_with_format_option
     draw do
       get "direct/index", as: :no_format_direct, format: false