diff options
| -rw-r--r-- | actionpack/lib/action_dispatch/routing/route_set.rb | 10 | ||||
| -rw-r--r-- | actionpack/lib/action_view/helpers/url_helper.rb | 40 | ||||
| -rw-r--r-- | actionpack/test/template/url_helper_test.rb | 20 | ||||
| -rw-r--r-- | activerecord/CHANGELOG.md | 2 | ||||
| -rw-r--r-- | activerecord/lib/active_record/relation/calculations.rb | 2 |
5 files changed, 38 insertions, 36 deletions
diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb index 7872f4007e..64b1d58ae9 100644 --- a/actionpack/lib/action_dispatch/routing/route_set.rb +++ b/actionpack/lib/action_dispatch/routing/route_set.rb @@ -252,15 +252,11 @@ module ActionDispatch self.draw_paths = [] self.request_class = request_class - @valid_conditions = {} - + @valid_conditions = { :controller => true, :action => true } request_class.public_instance_methods.each { |m| - @valid_conditions[m.to_sym] = true + @valid_conditions[m] = true } - @valid_conditions[:controller] = true - @valid_conditions[:action] = true - - self.valid_conditions.delete(:id) + @valid_conditions.delete(:id) @append = [] @prepend = [] diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index a4b10bc68a..7f5b3c8a0f 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -233,25 +233,15 @@ module ActionView # # link_to("Destroy", "http://www.example.com", :method => :delete, :confirm => "Are you sure?") # # => <a href='http://www.example.com' rel="nofollow" data-method="delete" data-confirm="Are you sure?">Destroy</a> - def link_to(*args, &block) - if block_given? - options = args.first || {} - html_options = args.second - link_to(capture(&block), options, html_options) - else - name = args[0] - options = args[1] || {} - html_options = args[2] - - html_options = convert_options_to_data_attributes(options, html_options) - url = url_for(options) + def link_to(name = nil, options = nil, html_options = nil, &block) + html_options, options = options, name if block_given? + options ||= {} + url = url_for(options) - href = html_options['href'] - tag_options = tag_options(html_options) + html_options = convert_options_to_data_attributes(options, html_options) + html_options['href'] ||= url - href_attr = "href=\"#{ERB::Util.html_escape(url)}\"" unless href - "<a #{href_attr}#{tag_options}>#{ERB::Util.html_escape(name || url)}</a>".html_safe - end + content_tag(:a, name || url, html_options, &block) end # Generates a form containing a single button that submits to the URL created @@ -341,15 +331,10 @@ module ActionView # # </div> # # </form>" # # - def button_to(*args, &block) - if block_given? - options = args[0] || {} - html_options = args[1] || {} - else - name = args[0] - options = args[1] || {} - html_options = args[2] || {} - end + def button_to(name = nil, options = nil, html_options = nil, &block) + html_options, options = options, name if block_given? + options ||= {} + html_options ||= {} html_options = html_options.stringify_keys convert_boolean_attributes!(html_options, %w(disabled)) @@ -374,7 +359,8 @@ module ActionView button = if block_given? content_tag('button', html_options, &block) else - tag('input', html_options.merge('value' => name || url)) + html_options['value'] = name || url + tag('input', html_options) end inner_tags = method_tag.safe_concat(button).safe_concat(request_token_tag) diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index 365a86ab91..62608a727f 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -277,6 +277,16 @@ class UrlHelperTest < ActiveSupport::TestCase ) end + def test_link_tag_with_block + assert_dom_equal '<a href="/"><span>Example site</span></a>', + link_to('/') { content_tag(:span, 'Example site') } + end + + def test_link_tag_with_block_and_html_options + assert_dom_equal '<a class="special" href="/"><span>Example site</span></a>', + link_to('/', :class => "special") { content_tag(:span, 'Example site') } + end + def test_link_tag_using_block_in_erb out = render_erb %{<%= link_to('/') do %>Example site<% end %>} assert_equal '<a href="/">Example site</a>', out @@ -289,6 +299,16 @@ class UrlHelperTest < ActiveSupport::TestCase ) end + def test_link_tag_escapes_content + assert_dom_equal '<a href="/">Malicious <script>content</script></a>', + link_to("Malicious <script>content</script>", "/") + end + + def test_link_tag_does_not_escape_html_safe_content + assert_dom_equal '<a href="/">Malicious <script>content</script></a>', + link_to("Malicious <script>content</script>".html_safe, "/") + end + def test_link_to_unless assert_equal "Showing", link_to_unless(true, "Showing", url_hash) diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 4f4e087acd..59c6154c48 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -3,7 +3,7 @@ * Allow blocks for `count` with `ActiveRecord::Relation`, to work similar as `Array#count`: - Person.where("age > 26").count { |person| gender == 'female' } + Person.where("age > 26").count { |person| person.gender == 'female' } *Chris Finne & Carlos Antonio da Silva* diff --git a/activerecord/lib/active_record/relation/calculations.rb b/activerecord/lib/active_record/relation/calculations.rb index ad49c80e4f..54c93332bb 100644 --- a/activerecord/lib/active_record/relation/calculations.rb +++ b/activerecord/lib/active_record/relation/calculations.rb @@ -17,7 +17,7 @@ module ActiveRecord # Person.count(:age, distinct: true) # # => counts the number of different age values # - # Person.where("age > 26").count { |person| gender == 'female' } + # Person.where("age > 26").count { |person| person.gender == 'female' } # # => queries people where "age > 26" then count the loaded results filtering by gender def count(column_name = nil, options = {}) if block_given? |