diff options
-rw-r--r-- | actionpack/lib/action_view/helpers/form_tag_helper.rb | 11 | ||||
-rw-r--r-- | actionpack/lib/action_view/helpers/url_helper.rb | 22 | ||||
-rw-r--r-- | actionpack/test/template/html-scanner/sanitizer_test.rb | 2 | ||||
-rw-r--r-- | actionpack/test/template/url_helper_test.rb | 27 | ||||
-rw-r--r-- | activerecord/lib/active_record/relation/query_methods.rb | 10 | ||||
-rw-r--r-- | activeresource/lib/active_resource/base.rb | 4 | ||||
-rw-r--r-- | activeresource/lib/active_resource/connection.rb | 4 | ||||
-rw-r--r-- | activesupport/lib/active_support/core_ext/uri.rb | 2 | ||||
-rw-r--r-- | activesupport/test/core_ext/uri_ext_test.rb | 8 | ||||
-rw-r--r-- | railties/guides/source/3_2_release_notes.textile | 10 | ||||
-rw-r--r-- | railties/lib/rails/deprecation.rb | 37 |
11 files changed, 70 insertions, 67 deletions
diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb index 57b90a9c42..e97f602728 100644 --- a/actionpack/lib/action_view/helpers/form_tag_helper.rb +++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb @@ -627,7 +627,7 @@ module ActionView token_tag(authenticity_token) else html_options["method"] = "post" - tag(:input, :type => "hidden", :name => "_method", :value => method) + token_tag(authenticity_token) + method_tag(method) + token_tag(authenticity_token) end tags = utf8_enforcer_tag << method_tag @@ -646,15 +646,6 @@ module ActionView output.safe_concat("</form>") end - def token_tag(token) - if token == false || !protect_against_forgery? - '' - else - token ||= form_authenticity_token - tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => token) - end - end - # see http://www.w3.org/TR/html4/types.html#type-name def sanitize_to_id(name) name.to_s.gsub(']','').gsub(/[^-a-zA-Z0-9:.]/, "_") diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index ebd1f280a8..d27d49821b 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -327,7 +327,7 @@ module ActionView method_tag = '' if (method = html_options.delete('method')) && %w{put delete}.include?(method.to_s) - method_tag = tag('input', :type => 'hidden', :name => '_method', :value => method.to_s) + method_tag = method_tag(method) end form_method = method.to_s == 'get' ? 'get' : 'post' @@ -336,10 +336,7 @@ module ActionView remote = html_options.delete('remote') - request_token_tag = '' - if form_method == 'post' && protect_against_forgery? - request_token_tag = tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token) - end + request_token_tag = form_method == 'post' ? token_tag : '' url = options.is_a?(String) ? options : self.url_for(options) name ||= url @@ -476,7 +473,7 @@ module ActionView # string given as the value. # * <tt>:subject</tt> - Preset the subject line of the email. # * <tt>:body</tt> - Preset the body of the email. - # * <tt>:cc</tt> - Carbon Copy addition recipients on the email. + # * <tt>:cc</tt> - Carbon Copy additional recipients on the email. # * <tt>:bcc</tt> - Blind Carbon Copy additional recipients on the email. # # ==== Examples @@ -670,6 +667,19 @@ module ActionView bool_attrs.each { |x| html_options[x] = x if html_options.delete(x) } html_options end + + def token_tag(token=nil) + if token == false || !protect_against_forgery? + '' + else + token ||= form_authenticity_token + tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => token) + end + end + + def method_tag(method) + tag('input', :type => 'hidden', :name => '_method', :value => method.to_s) + end end end end diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb index b4d751e405..32c655c5fd 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -56,7 +56,6 @@ class SanitizerTest < ActionController::TestCase assert_sanitized "a b c<script language=\"Javascript\">blah blah blah</script>d e f", "a b cd e f" end - # TODO: Clean up def test_sanitize_js_handlers raw = %{onthis="do that" <a href="#" onclick="hello" name="foo" onbogus="remove me">hello</a>} assert_sanitized raw, %{onthis="do that" <a name="foo" href="#">hello</a>} @@ -215,7 +214,6 @@ class SanitizerTest < ActionController::TestCase assert_sanitized img_hack, "<img>" end - # TODO: Clean up def test_should_sanitize_attributes assert_sanitized %(<SPAN title="'><script>alert()</script>">blah</SPAN>), %(<span title="'><script>alert()</script>">blah</span>) end diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index d013a44e6c..cf4dafbac4 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -11,6 +11,9 @@ class UrlHelperTest < ActiveSupport::TestCase # In those cases, we'll set up a simple mock attr_accessor :controller, :request + cattr_accessor :request_forgery + self.request_forgery = false + routes = ActionDispatch::Routing::RouteSet.new routes.draw do match "/" => "foo#bar" @@ -49,11 +52,22 @@ class UrlHelperTest < ActiveSupport::TestCase assert_equal 'javascript:history.back()', url_for(:back) end - # todo: missing test cases + # TODO: missing test cases def test_button_to_with_straight_url assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"button_to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com") end + def test_button_to_with_straight_url_and_request_forgery + self.request_forgery = true + + assert_dom_equal( + %{<form method="post" action="http://www.example.com" class="button_to"><div><input type="submit" value="Hello" /><input name="form_token" type="hidden" value="secret" /></div></form>}, + button_to("Hello", "http://www.example.com") + ) + ensure + self.request_forgery = false + end + def test_button_to_with_form_class assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"custom-class\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com", :form_class => 'custom-class') end @@ -435,9 +449,16 @@ class UrlHelperTest < ActiveSupport::TestCase assert mail_to("me@domain.com", "My email", :encode => "hex").html_safe? end - # TODO: button_to looks at this ... why? def protect_against_forgery? - false + self.request_forgery + end + + def form_authenticity_token + "secret" + end + + def request_forgery_protection_token + "form_token" end private diff --git a/activerecord/lib/active_record/relation/query_methods.rb b/activerecord/lib/active_record/relation/query_methods.rb index b5f202ef6a..a8ae7208fc 100644 --- a/activerecord/lib/active_record/relation/query_methods.rb +++ b/activerecord/lib/active_record/relation/query_methods.rb @@ -75,16 +75,16 @@ module ActiveRecord # array, it actually returns a relation object and can have other query # methods appended to it, such as the other methods in ActiveRecord::QueryMethods. # - # This method will also take multiple parameters: + # The argument to the method can also be an array of fields. # - # >> Model.select(:field, :other_field, :and_one_more) + # >> Model.select([:field, :other_field, :and_one_more]) # => [#<Model field: "value", other_field: "value", and_one_more: "value">] # - # Any attributes that do not have fields retrieved by a select - # will return `nil` when the getter method for that attribute is used: + # Accessing attributes of an object that do not have fields retrieved by a select + # will throw <tt>ActiveModel::MissingAttributeError</tt>: # # >> Model.select(:field).first.other_field - # => nil + # => ActiveModel::MissingAttributeError: missing attribute: other_field def select(value = Proc.new) if block_given? to_a.select {|*block_args| value.call(*block_args) } diff --git a/activeresource/lib/active_resource/base.rb b/activeresource/lib/active_resource/base.rb index 548990cb70..ed872c0883 100644 --- a/activeresource/lib/active_resource/base.rb +++ b/activeresource/lib/active_resource/base.rb @@ -939,12 +939,12 @@ module ActiveResource # Accepts a URI and creates the site URI from that. def create_site_uri_from(site) - site.is_a?(URI) ? site.dup : URI.parser.parse(site) + site.is_a?(URI) ? site.dup : URI.parse(site) end # Accepts a URI and creates the proxy URI from that. def create_proxy_uri_from(proxy) - proxy.is_a?(URI) ? proxy.dup : URI.parser.parse(proxy) + proxy.is_a?(URI) ? proxy.dup : URI.parse(proxy) end # contains a set of the current prefix parameters. diff --git a/activeresource/lib/active_resource/connection.rb b/activeresource/lib/active_resource/connection.rb index 94839c8c25..2a034f9269 100644 --- a/activeresource/lib/active_resource/connection.rb +++ b/activeresource/lib/active_resource/connection.rb @@ -39,14 +39,14 @@ module ActiveResource # Set URI for remote service. def site=(site) - @site = site.is_a?(URI) ? site : URI.parser.parse(site) + @site = site.is_a?(URI) ? site : URI.parse(site) @user = URI.parser.unescape(@site.user) if @site.user @password = URI.parser.unescape(@site.password) if @site.password end # Set the proxy for remote service. def proxy=(proxy) - @proxy = proxy.is_a?(URI) ? proxy : URI.parser.parse(proxy) + @proxy = proxy.is_a?(URI) ? proxy : URI.parse(proxy) end # Sets the user for remote service. diff --git a/activesupport/lib/active_support/core_ext/uri.rb b/activesupport/lib/active_support/core_ext/uri.rb index 0b219ce44a..bfe0832b37 100644 --- a/activesupport/lib/active_support/core_ext/uri.rb +++ b/activesupport/lib/active_support/core_ext/uri.rb @@ -20,7 +20,7 @@ end module URI class << self def parser - @parser ||= URI.const_defined?(:Parser) ? URI::Parser.new : URI + @parser ||= URI::Parser.new end end end diff --git a/activesupport/test/core_ext/uri_ext_test.rb b/activesupport/test/core_ext/uri_ext_test.rb index 4a6cbb8801..03e388dd7a 100644 --- a/activesupport/test/core_ext/uri_ext_test.rb +++ b/activesupport/test/core_ext/uri_ext_test.rb @@ -7,11 +7,7 @@ class URIExtTest < ActiveSupport::TestCase def test_uri_decode_handle_multibyte str = "\xE6\x97\xA5\xE6\x9C\xAC\xE8\xAA\x9E" # Ni-ho-nn-go in UTF-8, means Japanese. - if URI.const_defined?(:Parser) - parser = URI::Parser.new - assert_equal str, parser.unescape(parser.escape(str)) - else - assert_equal str, URI.unescape(URI.escape(str)) - end + parser = URI::Parser.new + assert_equal str, parser.unescape(parser.escape(str)) end end diff --git a/railties/guides/source/3_2_release_notes.textile b/railties/guides/source/3_2_release_notes.textile index 439cd5f714..379b7472c6 100644 --- a/railties/guides/source/3_2_release_notes.textile +++ b/railties/guides/source/3_2_release_notes.textile @@ -142,6 +142,12 @@ h4. Deprecations * +Rails::Plugin+ is deprecated and will be removed in Rails 4.0. Instead of adding plugins to +vendor/plugins+ use gems or bundler with path or git dependencies. +h3. Action Mailer + +* Upgraded <tt>mail</tt> version to 2.4.0. + +* Removed the old Action Mailer API which was deprecated since Rails 3.0. + h3. Action Pack h4. Action Controller @@ -284,7 +290,7 @@ h5. Deprecations * Passing formats or handlers to render :template and friends like <tt>render :template => "foo.html.erb"</tt> is deprecated. Instead, you can provide :handlers and :formats directly as an options: <tt> render :template => "foo", :formats => [:html, :js], :handlers => :erb</tt>. -h3. Sprockets +h4. Sprockets * Adds a configuration option <tt>config.assets.logger</tt> to control Sprockets logging. Set it to +false+ to turn off logging and to +nil+ to default to +Rails.logger+. @@ -292,6 +298,8 @@ h3. Active Record * Boolean columns with 'on' and 'ON' values are type casted to true. +* When the +timestamps+ method creates the +created_at+ and +updated_at+ columns, it makes them non-nullable by default. + * Implemented <tt>ActiveRecord::Relation#explain</tt>. * Implements <tt>AR::Base.silence_auto_explain</tt> which allows the user to selectively disable automatic EXPLAINs within a block. diff --git a/railties/lib/rails/deprecation.rb b/railties/lib/rails/deprecation.rb index 71adcd61f4..c5811b2629 100644 --- a/railties/lib/rails/deprecation.rb +++ b/railties/lib/rails/deprecation.rb @@ -1,39 +1,18 @@ -require "active_support/string_inquirer" -require "active_support/basic_object" +require 'active_support/deprecation/proxy_wrappers' module Rails - module Initializer - def self.run(&block) - klass = Class.new(Rails::Application) - klass.instance_exec(klass.config, &block) - klass.initialize! - end - end - - class DeprecatedConstant < ActiveSupport::BasicObject - def self.deprecate(old, new) - constant = self.new(old, new) + class DeprecatedConstant < ActiveSupport::Deprecation::DeprecatedConstantProxy + def self.deprecate(old, current) + constant = new(old, current) eval "::#{old} = constant" end - def initialize(old, new) - @old, @new = old, new - @target = ::Kernel.eval "proc { #{@new} }" - @warned = false - end - - def method_missing(meth, *args, &block) - ::ActiveSupport::Deprecation.warn("#{@old} is deprecated. Please use #{@new}") unless @warned - @warned = true + private - target = @target.call - if target.respond_to?(meth) - target.send(meth, *args, &block) - else - super - end + def target + ::Kernel.eval @new_const.to_s end end - DeprecatedConstant.deprecate("RAILS_CACHE", "::Rails.cache") + DeprecatedConstant.deprecate('RAILS_CACHE', '::Rails.cache') end |