diff options
46 files changed, 545 insertions, 933 deletions
diff --git a/RELEASING_RAILS.rdoc b/RELEASING_RAILS.rdoc index 7a77f9bba2..bdf0ffc2d0 100644 --- a/RELEASING_RAILS.rdoc +++ b/RELEASING_RAILS.rdoc @@ -176,7 +176,7 @@ You can do this, or ask the security team to do it. Email the security reports to: * rubyonrails-security@googlegroups.com -* linux-distros@vs.openwall.org +* oss-security@lists.openwall.com Be sure to note the security fixes in your announcement along with CVE numbers and links to each patch. Some people may not be able to upgrade right away, diff --git a/actionpack/lib/abstract_controller/helpers.rb b/actionpack/lib/abstract_controller/helpers.rb index 4e0672d590..d63d17f4c5 100644 --- a/actionpack/lib/abstract_controller/helpers.rb +++ b/actionpack/lib/abstract_controller/helpers.rb @@ -132,7 +132,11 @@ module AbstractController case arg when String, Symbol file_name = "#{arg.to_s.underscore}_helper" - require_dependency(file_name, "Missing helper file helpers/%s.rb") + begin + require_dependency(file_name) + rescue LoadError => e + raise MissingHelperError.new(e, file_name) + end file_name.camelize.constantize when Module arg @@ -142,6 +146,15 @@ module AbstractController end end + class MissingHelperError < LoadError + def initialize(error, path) + @error = error + @path = "helpers/#{path}.rb" + set_backtrace error.backtrace + super("Missing helper file helpers/%s.rb" % path) + end + end + private # Makes all the (instance) methods in the helper module available to templates # rendered through this controller. diff --git a/actionpack/lib/action_controller/caching.rb b/actionpack/lib/action_controller/caching.rb index 112573a38d..9118806059 100644 --- a/actionpack/lib/action_controller/caching.rb +++ b/actionpack/lib/action_controller/caching.rb @@ -55,6 +55,9 @@ module ActionController #:nodoc: end end + include RackDelegation + include AbstractController::Callbacks + include ConfigMethods include Pages, Actions, Fragments include Sweeping if defined?(ActiveRecord) diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 57bb0e2a32..a0d1064094 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -401,16 +401,20 @@ module ActionController end end - # If token Authorization header is present, call the login procedure with - # the present token and options. + # If token Authorization header is present, call the login + # procedure with the present token and options. # - # controller - ActionController::Base instance for the current request. - # login_procedure - Proc to call if a token is present. The Proc should - # take 2 arguments: - # authenticate(controller) { |token, options| ... } + # [controller] + # ActionController::Base instance for the current request. # - # Returns the return value of `&login_procedure` if a token is found. - # Returns nil if no token is found. + # [login_procedure] + # Proc to call if a token is present. The Proc should take two arguments: + # + # authenticate(controller) { |token, options| ... } + # + # Returns the return value of <tt>login_procedure</tt> if a + # token is found. Returns <tt>nil</tt> if no token is found. + def authenticate(controller, &login_procedure) token, options = token_and_options(controller.request) unless token.blank? diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 95b0e99ed5..53534c0307 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -14,6 +14,20 @@ module ActionController #:nodoc: # authentication scheme there anyway). Also, GET requests are not protected as these # should be idempotent. # + # It's important to remember that XML or JSON requests are also affected and if + # you're building an API you'll need something like: + # + # class ApplicationController < ActionController::Base + # protect_from_forgery + # skip_before_filter :verify_authenticity_token, :if => :json_request? + # + # protected + # + # def json_request? + # request.format.json? + # end + # end + # # CSRF protection is turned on with the <tt>protect_from_forgery</tt> method, # which checks the token and resets the session if it doesn't match what was expected. # A call to this method is generated for new \Rails applications by default. diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index 6757a53bd1..8cea17c7a6 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -271,13 +271,12 @@ module ActionDispatch case v when Array v.grep(Hash) { |x| deep_munge(x) } + v.compact! when Hash deep_munge(v) end end - keys = hash.keys.find_all { |k| hash[k] == [nil] } - keys.each { |k| hash[k] = nil } hash end diff --git a/actionpack/lib/action_dispatch/middleware/public_exceptions.rb b/actionpack/lib/action_dispatch/middleware/public_exceptions.rb index bf9149ebf2..204f3f7fb3 100644 --- a/actionpack/lib/action_dispatch/middleware/public_exceptions.rb +++ b/actionpack/lib/action_dispatch/middleware/public_exceptions.rb @@ -3,9 +3,8 @@ module ActionDispatch class PublicExceptions attr_accessor :public_path - def initialize(public_path, consider_all_requests_local = false) + def initialize(public_path) @public_path = public_path - @consider_all_requests_local = consider_all_requests_local end def call(env) @@ -13,7 +12,7 @@ module ActionDispatch status = env["PATH_INFO"][1..-1] request = ActionDispatch::Request.new(env) content_type = request.formats.first - format = (mime = Mime[content_type]) && "to_#{mime.to_sym}" + format = content_type && "to_#{content_type.to_sym}" body = { :status => status, :error => exception.message } render(status, body, :format => format, :content_type => content_type) @@ -24,7 +23,7 @@ module ActionDispatch def render(status, body, options) format = options[:format] - if !@consider_all_requests_local && format && body.respond_to?(format) + if format && body.respond_to?(format) render_format(status, body.public_send(format), options) else render_html(status) diff --git a/actionpack/test/abstract/helper_test.rb b/actionpack/test/abstract/helper_test.rb index 9a7445de7b..e79008fa9d 100644 --- a/actionpack/test/abstract/helper_test.rb +++ b/actionpack/test/abstract/helper_test.rb @@ -69,7 +69,12 @@ module AbstractController end def test_declare_missing_helper - assert_raise(MissingSourceFile) { AbstractHelpers.helper :missing } + begin + AbstractHelpers.helper :missing + flunk "should have raised an exception" + rescue LoadError => e + assert_equal "helpers/missing_helper.rb", e.path + end end def test_helpers_with_module_through_block diff --git a/actionpack/test/controller/routing_test.rb b/actionpack/test/controller/routing_test.rb index 2f552c3a5a..306b8a93da 100644 --- a/actionpack/test/controller/routing_test.rb +++ b/actionpack/test/controller/routing_test.rb @@ -270,6 +270,16 @@ class LegacyRouteSetTests < ActiveSupport::TestCase end end + def test_specific_controller_action_failure + @rs.draw do + mount lambda {} => "/foo" + end + + assert_raises(ActionController::RoutingError) do + url_for(@rs, :controller => "omg", :action => "lol") + end + end + def test_default_setup @rs.draw { get '/:controller(/:action(/:id))' } assert_equal({:controller => "content", :action => 'index'}, rs.recognize_path("/content")) diff --git a/actionpack/test/controller/show_exceptions_test.rb b/actionpack/test/controller/show_exceptions_test.rb index ce7b6b0dc6..351b9c4cfa 100644 --- a/actionpack/test/controller/show_exceptions_test.rb +++ b/actionpack/test/controller/show_exceptions_test.rb @@ -22,14 +22,6 @@ module ShowExceptions end end - class ShowLocalExceptionsController < ActionController::Base - use ActionDispatch::ShowExceptions, ActionDispatch::PublicExceptions.new("#{FIXTURE_LOAD_PATH}/public", true) - - def boom - raise 'boom!' - end - end - class ShowExceptionsTest < ActionDispatch::IntegrationTest test 'show error page from a remote ip' do @app = ShowExceptionsController.action(:boom) @@ -101,14 +93,4 @@ module ShowExceptions assert_equal 'text/html', response.content_type.to_s end end - - class ShowExceptionsFormatsTest < ActionDispatch::IntegrationTest - def test_render_formatted_exception_in_development - @app = ShowLocalExceptionsController.action(:boom) - get "/", {}, 'HTTP_ACCEPT' => 'application/xml' - - assert_response :internal_server_error - assert_equal 'text/html', response.content_type.to_s - end - end end diff --git a/actionpack/test/dispatch/request/query_string_parsing_test.rb b/actionpack/test/dispatch/request/query_string_parsing_test.rb index 6ea66f9d32..3cb430d83d 100644 --- a/actionpack/test/dispatch/request/query_string_parsing_test.rb +++ b/actionpack/test/dispatch/request/query_string_parsing_test.rb @@ -84,11 +84,15 @@ class QueryStringParsingTest < ActionDispatch::IntegrationTest assert_parses({"action" => nil}, "action") assert_parses({"action" => {"foo" => nil}}, "action[foo]") assert_parses({"action" => {"foo" => { "bar" => nil }}}, "action[foo][bar]") - assert_parses({"action" => {"foo" => { "bar" => nil }}}, "action[foo][bar][]") - assert_parses({"action" => {"foo" => nil}}, "action[foo][]") + assert_parses({"action" => {"foo" => { "bar" => [] }}}, "action[foo][bar][]") + assert_parses({"action" => {"foo" => []}}, "action[foo][]") assert_parses({"action"=>{"foo"=>[{"bar"=>nil}]}}, "action[foo][][bar]") end + def test_array_parses_without_nil + assert_parses({"action" => ['1']}, "action[]=1&action[]") + end + test "query string with empty key" do assert_parses( { "action" => "create_customer", "full_name" => "David Heinemeier Hansson" }, diff --git a/actionpack/test/metal/caching_test.rb b/actionpack/test/metal/caching_test.rb new file mode 100644 index 0000000000..a2b6763754 --- /dev/null +++ b/actionpack/test/metal/caching_test.rb @@ -0,0 +1,32 @@ +require 'abstract_unit' + +CACHE_DIR = 'test_cache' +# Don't change '/../temp/' cavalierly or you might hose something you don't want hosed +FILE_STORE_PATH = File.join(File.dirname(__FILE__), '/../temp/', CACHE_DIR) + +class CachingController < ActionController::Metal + abstract! + + include ActionController::Caching + + self.page_cache_directory = FILE_STORE_PATH + self.cache_store = :file_store, FILE_STORE_PATH +end + +class PageCachingTestController < CachingController + caches_page :ok + + def ok + self.response_body = "ok" + end +end + +class PageCachingTest < ActionController::TestCase + tests PageCachingTestController + + def test_should_cache_get_with_ok_status + get :ok + assert_response :ok + assert File.exist?("#{FILE_STORE_PATH}/page_caching_test/ok.html"), "get with ok status should have been cached" + end +end diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md index 5ee439fa3f..847ae7f237 100644 --- a/activemodel/CHANGELOG.md +++ b/activemodel/CHANGELOG.md @@ -37,6 +37,11 @@ * Trim down Active Model API by removing `valid?` and `errors.full_messages` *José Valim* +* When `^` or `$` are used in the regular expression provided to `validates_format_of` and the :multiline option is not set to true, an exception will be raised. This is to prevent security vulnerabilities when using `validates_format_of`. The problem is described in detail in the Rails security guide. + +## Rails 3.2.6 (Jun 12, 2012) ## + +* No changes. ## Rails 3.2.5 (Jun 1, 2012) ## diff --git a/activemodel/lib/active_model/observer_array.rb b/activemodel/lib/active_model/observer_array.rb index 3d463885be..8de6918d18 100644 --- a/activemodel/lib/active_model/observer_array.rb +++ b/activemodel/lib/active_model/observer_array.rb @@ -17,6 +17,11 @@ module ActiveModel # Disables one or more observers. This supports multiple forms: # + # ORM.observers.disable :all + # # => disables all observers for all models subclassed from + # # an ORM base class that includes ActiveModel::Observing + # # e.g. ActiveRecord::Base + # # ORM.observers.disable :user_observer # # => disables the UserObserver # @@ -27,9 +32,6 @@ module ActiveModel # ORM.observers.disable :observer_1, :observer_2 # # => disables Observer1 and Observer2 for all models. # - # ORM.observers.disable :all - # # => disables all observers for all models. - # # User.observers.disable :all do # # all user observers are disabled for # # just the duration of the block @@ -40,6 +42,11 @@ module ActiveModel # Enables one or more observers. This supports multiple forms: # + # ORM.observers.enable :all + # # => enables all observers for all models subclassed from + # # an ORM base class that includes ActiveModel::Observing + # # e.g. ActiveRecord::Base + # # ORM.observers.enable :user_observer # # => enables the UserObserver # @@ -51,9 +58,6 @@ module ActiveModel # ORM.observers.enable :observer_1, :observer_2 # # => enables Observer1 and Observer2 for all models. # - # ORM.observers.enable :all - # # => enables all observers for all models. - # # User.observers.enable :all do # # all user observers are enabled for # # just the duration of the block diff --git a/activemodel/lib/active_model/validations/exclusion.rb b/activemodel/lib/active_model/validations/exclusion.rb index 4f09679541..edd42d85f2 100644 --- a/activemodel/lib/active_model/validations/exclusion.rb +++ b/activemodel/lib/active_model/validations/exclusion.rb @@ -30,8 +30,7 @@ module ActiveModel # * <tt>:in</tt> - An enumerable object of items that the value shouldn't be # part of. This can be supplied as a proc or lambda which returns an # enumerable. If the enumerable is a range the test is performed with - # <tt>Range#cover?</tt> (backported in Active Support for 1.8), otherwise - # with <tt>include?</tt>. + # <tt>Range#cover?</tt>, otherwise with <tt>include?</tt>. # * <tt>:message</tt> - Specifies a custom error message (default is: "is # reserved"). # * <tt>:allow_nil</tt> - If set to true, skips this validation if the attribute diff --git a/activemodel/lib/active_model/validations/format.rb b/activemodel/lib/active_model/validations/format.rb index dd87e312f9..ffdf842d94 100644 --- a/activemodel/lib/active_model/validations/format.rb +++ b/activemodel/lib/active_model/validations/format.rb @@ -32,11 +32,21 @@ module ActiveModel def record_error(record, attribute, name, value) record.errors.add(attribute, :invalid, options.except(name).merge!(:value => value)) end - + + def regexp_using_multiline_anchors?(regexp) + regexp.source.start_with?("^") || + (regexp.source.end_with?("$") && !regexp.source.end_with?("\\$")) + end + def check_options_validity(options, name) option = options[name] if option && !option.is_a?(Regexp) && !option.respond_to?(:call) raise ArgumentError, "A regular expression or a proc or lambda must be supplied as :#{name}" + elsif option && option.is_a?(Regexp) && + regexp_using_multiline_anchors?(option) && options[:multiline] != true + raise ArgumentError, "The provided regular expression is using multiline anchors (^ or $), " \ + "which may present a security risk. Did you mean to use \\A and \\z, or forgot to add the " \ + ":multiline => true option?" end end end @@ -47,7 +57,7 @@ module ActiveModel # attribute matches the regular expression: # # class Person < ActiveRecord::Base - # validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :on => :create + # validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, :on => :create # end # # Alternatively, you can require that the specified attribute does _not_ @@ -63,12 +73,16 @@ module ActiveModel # class Person < ActiveRecord::Base # # Admin can have number as a first letter in their screen name # validates_format_of :screen_name, - # :with => lambda{ |person| person.admin? ? /\A[a-z0-9][a-z0-9_\-]*\Z/i : /\A[a-z][a-z0-9_\-]*\Z/i } + # :with => lambda{ |person| person.admin? ? /\A[a-z0-9][a-z0-9_\-]*\z/i : /\A[a-z][a-z0-9_\-]*\z/i } # end # # Note: use <tt>\A</tt> and <tt>\Z</tt> to match the start and end of the # string, <tt>^</tt> and <tt>$</tt> match the start/end of a line. # + # Due to frequent misuse of <tt>^</tt> and <tt>$</tt>, you need to pass the + # :multiline => true option in case you use any of these two anchors in the provided + # regular expression. In most cases, you should be using <tt>\A</tt> and <tt>\z</tt>. + # # You must pass either <tt>:with</tt> or <tt>:without</tt> as an option. # In addition, both must be a regular expression or a proc or lambda, or # else an exception will be raised. @@ -98,6 +112,9 @@ module ActiveModel # method, proc or string should return or evaluate to a true or false value. # * <tt>:strict</tt> - Specifies whether validation should be strict. # See <tt>ActiveModel::Validation#validates!</tt> for more information. + # * <tt>:multiline</tt> - Set to true if your regular expression contains + # anchors that match the beginning or end of lines as opposed to the + # beginning or end of the string. These anchors are <tt>^</tt> and <tt>$</tt>. def validates_format_of(*attr_names) validates_with FormatValidator, _merge_attributes(attr_names) end diff --git a/activemodel/lib/active_model/validations/inclusion.rb b/activemodel/lib/active_model/validations/inclusion.rb index ffdbed0fc1..8810f2a3c1 100644 --- a/activemodel/lib/active_model/validations/inclusion.rb +++ b/activemodel/lib/active_model/validations/inclusion.rb @@ -28,8 +28,8 @@ module ActiveModel # Configuration options: # * <tt>:in</tt> - An enumerable object of available items. This can be # supplied as a proc or lambda which returns an enumerable. If the enumerable - # is a range the test is performed with <tt>Range#cover?</tt> - # (backported in Active Support for 1.8), otherwise with <tt>include?</tt>. + # is a range the test is performed with <tt>Range#cover?</tt>, otherwise with + # <tt>include?</tt>. # * <tt>:message</tt> - Specifies a custom error message (default is: "is not # included in the list"). # * <tt>:allow_nil</tt> - If set to true, skips this validation if the attribute diff --git a/activemodel/test/cases/validations/format_validation_test.rb b/activemodel/test/cases/validations/format_validation_test.rb index 41a1131bcb..308a3c6cef 100644 --- a/activemodel/test/cases/validations/format_validation_test.rb +++ b/activemodel/test/cases/validations/format_validation_test.rb @@ -11,7 +11,7 @@ class PresenceValidationTest < ActiveModel::TestCase end def test_validate_format - Topic.validates_format_of(:title, :content, :with => /^Validation\smacros \w+!$/, :message => "is bad data") + Topic.validates_format_of(:title, :content, :with => /\AValidation\smacros \w+!\z/, :message => "is bad data") t = Topic.new("title" => "i'm incorrect", "content" => "Validation macros rule!") assert t.invalid?, "Shouldn't be valid" @@ -27,7 +27,7 @@ class PresenceValidationTest < ActiveModel::TestCase end def test_validate_format_with_allow_blank - Topic.validates_format_of(:title, :with => /^Validation\smacros \w+!$/, :allow_blank => true) + Topic.validates_format_of(:title, :with => /\AValidation\smacros \w+!\z/, :allow_blank => true) assert Topic.new("title" => "Shouldn't be valid").invalid? assert Topic.new("title" => "").valid? assert Topic.new("title" => nil).valid? @@ -36,7 +36,7 @@ class PresenceValidationTest < ActiveModel::TestCase # testing ticket #3142 def test_validate_format_numeric - Topic.validates_format_of(:title, :content, :with => /^[1-9][0-9]*$/, :message => "is bad data") + Topic.validates_format_of(:title, :content, :with => /\A[1-9][0-9]*\z/, :message => "is bad data") t = Topic.new("title" => "72x", "content" => "6789") assert t.invalid?, "Shouldn't be valid" @@ -63,11 +63,21 @@ class PresenceValidationTest < ActiveModel::TestCase end def test_validate_format_with_formatted_message - Topic.validates_format_of(:title, :with => /^Valid Title$/, :message => "can't be %{value}") + Topic.validates_format_of(:title, :with => /\AValid Title\z/, :message => "can't be %{value}") t = Topic.new(:title => 'Invalid title') assert t.invalid? assert_equal ["can't be Invalid title"], t.errors[:title] end + + def test_validate_format_of_with_multiline_regexp_should_raise_error + assert_raise(ArgumentError) { Topic.validates_format_of(:title, :with => /^Valid Title$/) } + end + + def test_validate_format_of_with_multiline_regexp_and_option + assert_nothing_raised(ArgumentError) do + Topic.validates_format_of(:title, :with => /^Valid Title$/, :multiline => true) + end + end def test_validate_format_with_not_option Topic.validates_format_of(:title, :without => /foo/, :message => "should not contain foo") diff --git a/activemodel/test/cases/validations/i18n_validation_test.rb b/activemodel/test/cases/validations/i18n_validation_test.rb index 6b6aad3bd1..bb751cf9c5 100644 --- a/activemodel/test/cases/validations/i18n_validation_test.rb +++ b/activemodel/test/cases/validations/i18n_validation_test.rb @@ -141,7 +141,7 @@ class I18nValidationTest < ActiveModel::TestCase COMMON_CASES.each do |name, validation_options, generate_message_options| test "validates_format_of on generated message #{name}" do - Person.validates_format_of :title, validation_options.merge(:with => /^[1-9][0-9]*$/) + Person.validates_format_of :title, validation_options.merge(:with => /\A[1-9][0-9]*\z/) @person.title = '72x' @person.errors.expects(:generate_message).with(:title, :invalid, generate_message_options.merge(:value => '72x')) @person.valid? @@ -291,7 +291,7 @@ class I18nValidationTest < ActiveModel::TestCase # validates_format_of w/o mocha set_expectations_for_validation "validates_format_of", :invalid do |person, options_to_merge| - Person.validates_format_of :title, options_to_merge.merge(:with => /^[1-9][0-9]*$/) + Person.validates_format_of :title, options_to_merge.merge(:with => /\A[1-9][0-9]*\z/) end # validates_inclusion_of w/o mocha diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 9daae27b36..4ea1efdcbd 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,5 +1,11 @@ ## Rails 4.0.0 (unreleased) ## +* `update_attribute` has been removed. Use `update_column` if + you want to bypass mass-assignment protection, validations, callbacks, + and touching of updated_at. Otherwise please use `update_attributes`. + + *Steve Klabnik* + * Added `ActiveRecord::Migration.check_pending!` that raises an error if migrations are pending. *Richard Schneeman* @@ -1214,8 +1220,6 @@ ## Rails 3.0.0 (August 29, 2010) ## -* Changed update_attribute to not run callbacks and update the record directly in the database *Neeraj Singh* - * Add scoping and unscoped as the syntax to replace the old with_scope and with_exclusive_scope *José Valim* * New rake task, db:migrate:status, displays status of migrations #4947 *Kevin Skoglund* diff --git a/activerecord/Rakefile b/activerecord/Rakefile index 7feb0b75a0..a29d7b0e99 100644 --- a/activerecord/Rakefile +++ b/activerecord/Rakefile @@ -114,6 +114,16 @@ namespace :postgresql do config = ARTest.config['connections']['postgresql'] %x( createdb -E UTF8 #{config['arunit']['database']} ) %x( createdb -E UTF8 #{config['arunit2']['database']} ) + + # prepare hstore + version = %x( createdb --version ).strip.gsub(/(.*)(\d\.\d\.\d)$/, "\\2") + %w(arunit arunit2).each do |db| + if version < "9.1.0" + puts "Please prepare hstore data type. See http://www.postgresql.org/docs/9.0/static/hstore.html" + else + %x( psql #{config[db]['database']} -c "CREATE EXTENSION hstore;" ) + end + end end desc 'Drop the PostgreSQL test databases' diff --git a/activerecord/lib/active_record/associations/has_one_association.rb b/activerecord/lib/active_record/associations/has_one_association.rb index 2131edbc20..f0d1120c68 100644 --- a/activerecord/lib/active_record/associations/has_one_association.rb +++ b/activerecord/lib/active_record/associations/has_one_association.rb @@ -36,7 +36,7 @@ module ActiveRecord when :destroy target.destroy when :nullify - target.update_attribute(reflection.foreign_key, nil) + target.update_column(reflection.foreign_key, nil) end end end diff --git a/activerecord/lib/active_record/attribute_assignment.rb b/activerecord/lib/active_record/attribute_assignment.rb index e0bf80142a..abc2fa546a 100644 --- a/activerecord/lib/active_record/attribute_assignment.rb +++ b/activerecord/lib/active_record/attribute_assignment.rb @@ -64,7 +64,7 @@ module ActiveRecord # user.name # => "Josh" # user.is_admin? # => true def assign_attributes(new_attributes, options = {}) - return unless new_attributes + return if new_attributes.blank? attributes = new_attributes.stringify_keys multi_parameter_attributes = [] diff --git a/activerecord/lib/active_record/migration.rb b/activerecord/lib/active_record/migration.rb index acec65991d..d58176bc62 100644 --- a/activerecord/lib/active_record/migration.rb +++ b/activerecord/lib/active_record/migration.rb @@ -238,7 +238,7 @@ module ActiveRecord # add_column :people, :salary, :integer # Person.reset_column_information # Person.all.each do |p| - # p.update_attribute :salary, SalaryCalculator.compute(p) + # p.update_column :salary, SalaryCalculator.compute(p) # end # end # end @@ -258,7 +258,7 @@ module ActiveRecord # ... # say_with_time "Updating salaries..." do # Person.all.each do |p| - # p.update_attribute :salary, SalaryCalculator.compute(p) + # p.update_column :salary, SalaryCalculator.compute(p) # end # end # ... diff --git a/activerecord/lib/active_record/persistence.rb b/activerecord/lib/active_record/persistence.rb index ec5670ba6e..643c3f82ad 100644 --- a/activerecord/lib/active_record/persistence.rb +++ b/activerecord/lib/active_record/persistence.rb @@ -167,21 +167,6 @@ module ActiveRecord became end - # Updates a single attribute and saves the record. - # This is especially useful for boolean flags on existing records. Also note that - # - # * Validation is skipped. - # * Callbacks are invoked. - # * updated_at/updated_on column is updated if that column is available. - # * Updates all the attributes that are dirty in this object. - # - def update_attribute(name, value) - name = name.to_s - verify_readonly_attribute(name) - send("#{name}=", value) - save(:validate => false) - end - # Updates a single attribute of an object, without calling save. # # * Validation is skipped. @@ -240,7 +225,7 @@ module ActiveRecord # Saving is not subjected to validation checks. Returns +true+ if the # record could be saved. def increment!(attribute, by = 1) - increment(attribute, by).update_attribute(attribute, self[attribute]) + increment(attribute, by).update_column(attribute, self[attribute]) end # Initializes +attribute+ to zero if +nil+ and subtracts the value passed as +by+ (default is 1). @@ -257,7 +242,7 @@ module ActiveRecord # Saving is not subjected to validation checks. Returns +true+ if the # record could be saved. def decrement!(attribute, by = 1) - decrement(attribute, by).update_attribute(attribute, self[attribute]) + decrement(attribute, by).update_column(attribute, self[attribute]) end # Assigns to +attribute+ the boolean opposite of <tt>attribute?</tt>. So @@ -274,7 +259,7 @@ module ActiveRecord # Saving is not subjected to validation checks. Returns +true+ if the # record could be saved. def toggle!(attribute) - toggle(attribute).update_attribute(attribute, self[attribute]) + toggle(attribute).update_column(attribute, self[attribute]) end # Reloads the attributes of this object from the database. diff --git a/activerecord/lib/active_record/store.rb b/activerecord/lib/active_record/store.rb index d70e02e379..542cb3187a 100644 --- a/activerecord/lib/active_record/store.rb +++ b/activerecord/lib/active_record/store.rb @@ -2,7 +2,7 @@ require 'active_support/core_ext/hash/indifferent_access' module ActiveRecord # Store gives you a thin wrapper around serialize for the purpose of storing hashes in a single column. - # It's like a simple key/value store backed into your record when you don't care about being able to + # It's like a simple key/value store baked into your record when you don't care about being able to # query that store outside the context of a single record. # # You can then declare accessors to this store that are then accessible just like any other attribute diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb index f95230ff50..c5818d5ded 100644 --- a/activerecord/test/cases/base_test.rb +++ b/activerecord/test/cases/base_test.rb @@ -1935,7 +1935,7 @@ class BasicsTest < ActiveRecord::TestCase def test_cache_key_format_for_existing_record_with_nil_updated_at dev = Developer.first - dev.update_attribute(:updated_at, nil) + dev.update_column(:updated_at, nil) assert_match(/\/#{dev.id}$/, dev.cache_key) end diff --git a/activerecord/test/cases/dirty_test.rb b/activerecord/test/cases/dirty_test.rb index 46d485135f..8378d835a6 100644 --- a/activerecord/test/cases/dirty_test.rb +++ b/activerecord/test/cases/dirty_test.rb @@ -498,7 +498,7 @@ class DirtyTest < ActiveRecord::TestCase assert !pirate.previous_changes.key?('created_on') pirate = Pirate.find_by_catchphrase("Ahoy!") - pirate.update_attribute(:catchphrase, "Ninjas suck!") + pirate.update_column(:catchphrase, "Ninjas suck!") assert_equal 2, pirate.previous_changes.size assert_equal ["Ahoy!", "Ninjas suck!"], pirate.previous_changes['catchphrase'] diff --git a/activerecord/test/cases/mass_assignment_security_test.rb b/activerecord/test/cases/mass_assignment_security_test.rb index 1b5421c25e..214546802a 100644 --- a/activerecord/test/cases/mass_assignment_security_test.rb +++ b/activerecord/test/cases/mass_assignment_security_test.rb @@ -95,7 +95,11 @@ class MassAssignmentSecurityTest < ActiveRecord::TestCase end def test_mass_assigning_does_not_choke_on_nil - Firm.new.assign_attributes(nil) + assert_nil Firm.new.assign_attributes(nil) + end + + def test_mass_assigning_does_not_choke_on_empty_hash + assert_nil Firm.new.assign_attributes({}) end def test_assign_attributes_uses_default_role_when_no_role_is_provided diff --git a/activerecord/test/cases/persistence_test.rb b/activerecord/test/cases/persistence_test.rb index fecdf2b705..b7b77b24af 100644 --- a/activerecord/test/cases/persistence_test.rb +++ b/activerecord/test/cases/persistence_test.rb @@ -371,71 +371,10 @@ class PersistencesTest < ActiveRecord::TestCase assert_raise(ActiveSupport::FrozenObjectError) { client.name = "something else" } end - def test_update_attribute - assert !Topic.find(1).approved? - Topic.find(1).update_attribute("approved", true) - assert Topic.find(1).approved? - - Topic.find(1).update_attribute(:approved, false) - assert !Topic.find(1).approved? - end - def test_update_attribute_does_not_choke_on_nil assert Topic.find(1).update_attributes(nil) end - def test_update_attribute_for_readonly_attribute - minivan = Minivan.find('m1') - assert_raises(ActiveRecord::ActiveRecordError) { minivan.update_attribute(:color, 'black') } - end - - # This test is correct, but it is hard to fix it since - # update_attribute trigger simply call save! that triggers - # all callbacks. - # def test_update_attribute_with_one_changed_and_one_updated - # t = Topic.order('id').limit(1).first - # title, author_name = t.title, t.author_name - # t.author_name = 'John' - # t.update_attribute(:title, 'super_title') - # assert_equal 'John', t.author_name - # assert_equal 'super_title', t.title - # assert t.changed?, "topic should have changed" - # assert t.author_name_changed?, "author_name should have changed" - # assert !t.title_changed?, "title should not have changed" - # assert_nil t.title_change, 'title change should be nil' - # assert_equal ['author_name'], t.changed - # - # t.reload - # assert_equal 'David', t.author_name - # assert_equal 'super_title', t.title - # end - - def test_update_attribute_with_one_updated - t = Topic.first - t.update_attribute(:title, 'super_title') - assert_equal 'super_title', t.title - assert !t.changed?, "topic should not have changed" - assert !t.title_changed?, "title should not have changed" - assert_nil t.title_change, 'title change should be nil' - - t.reload - assert_equal 'super_title', t.title - end - - def test_update_attribute_for_updated_at_on - developer = Developer.find(1) - prev_month = Time.now.prev_month - - developer.update_attribute(:updated_at, prev_month) - assert_equal prev_month, developer.updated_at - - developer.update_attribute(:salary, 80001) - assert_not_equal prev_month, developer.updated_at - - developer.reload - assert_not_equal prev_month, developer.updated_at - end - def test_update_column topic = Topic.find(1) topic.update_column("approved", true) @@ -467,7 +406,7 @@ class PersistencesTest < ActiveRecord::TestCase def test_update_column_should_not_leave_the_object_dirty topic = Topic.find(1) - topic.update_attribute("content", "Have a nice day") + topic.update_column("content", "Have a nice day") topic.reload topic.update_column(:content, "You too") diff --git a/activerecord/test/cases/timestamp_test.rb b/activerecord/test/cases/timestamp_test.rb index 447aa29ffe..7df6993b30 100644 --- a/activerecord/test/cases/timestamp_test.rb +++ b/activerecord/test/cases/timestamp_test.rb @@ -11,7 +11,7 @@ class TimestampTest < ActiveRecord::TestCase def setup @developer = Developer.first - @developer.update_attribute(:updated_at, Time.now.prev_month) + @developer.update_column(:updated_at, Time.now.prev_month) @previously_updated_at = @developer.updated_at end @@ -133,7 +133,7 @@ class TimestampTest < ActiveRecord::TestCase pet = Pet.first owner = pet.owner - owner.update_attribute(:happy_at, 3.days.ago) + owner.update_column(:happy_at, 3.days.ago) previously_owner_updated_at = owner.updated_at pet.name = "I'm a parrot" diff --git a/activesupport/lib/active_support/core_ext/object/try.rb b/activesupport/lib/active_support/core_ext/object/try.rb index 30c835f5cd..16a799ec03 100644 --- a/activesupport/lib/active_support/core_ext/object/try.rb +++ b/activesupport/lib/active_support/core_ext/object/try.rb @@ -11,8 +11,6 @@ class Object # subclasses of +BasicObject+. For example, using try with +SimpleDelegator+ will # delegate +try+ to target instead of calling it on delegator itself. # - # ==== Examples - # # Without +try+ # @person && @person.name # or @@ -27,7 +25,7 @@ class Object # # Without a method argument try will yield to the block unless the receiver is nil. # @person.try { |p| "#{p.first_name} #{p.last_name}" } - #-- + # # +try+ behaves like +Object#public_send+, unless called on +NilClass+. def try(*a, &b) if a.empty? && block_given? @@ -42,8 +40,6 @@ class NilClass # Calling +try+ on +nil+ always returns +nil+. # It becomes specially helpful when navigating through associations that may return +nil+. # - # === Examples - # # nil.try(:name) # => nil # # Without +try+ diff --git a/activesupport/lib/active_support/dependencies.rb b/activesupport/lib/active_support/dependencies.rb index 5db06e0a56..c9071a73d8 100644 --- a/activesupport/lib/active_support/dependencies.rb +++ b/activesupport/lib/active_support/dependencies.rb @@ -305,7 +305,8 @@ module ActiveSupport #:nodoc: require_or_load(path || file_name) rescue LoadError => load_error if file_name = load_error.message[/ -- (.*?)(\.rb)?$/, 1] - raise LoadError.new(message % file_name).copy_blame!(load_error) + load_error.message.replace(message % file_name) + load_error.copy_blame!(load_error) end raise end diff --git a/activesupport/lib/active_support/gzip.rb b/activesupport/lib/active_support/gzip.rb index 420b965c87..6ef33ab683 100644 --- a/activesupport/lib/active_support/gzip.rb +++ b/activesupport/lib/active_support/gzip.rb @@ -2,7 +2,14 @@ require 'zlib' require 'stringio' module ActiveSupport - # A convenient wrapper for the zlib standard library that allows compression/decompression of strings with gzip. + # A convenient wrapper for the zlib standard library that allows + # compression/decompression of strings with gzip. + # + # gzip = ActiveSupport::Gzip.compress('compress me!') + # # => "\x1F\x8B\b\x00o\x8D\xCDO\x00\x03K\xCE\xCF-(J-.V\xC8MU\x04\x00R>n\x83\f\x00\x00\x00" + # + # ActiveSupport::Gzip.decompress(gzip) + # # => "compress me!" module Gzip class Stream < StringIO def initialize(*) diff --git a/activesupport/lib/active_support/json/decoding.rb b/activesupport/lib/active_support/json/decoding.rb index 72fd97ceee..e44939e78a 100644 --- a/activesupport/lib/active_support/json/decoding.rb +++ b/activesupport/lib/active_support/json/decoding.rb @@ -39,6 +39,14 @@ module ActiveSupport self.backend = old_backend end + # Returns the class of the error that will be raised when there is an error in decoding JSON. + # Using this method means you won't directly depend on the ActiveSupport's JSON implementation, in case it changes in the future. + # + # begin + # obj = ActiveSupport::JSON.decode(some_string) + # rescue ActiveSupport::JSON.parse_error + # Rails.logger.warn("Attempted to decode invalid JSON: #{some_string}") + # end def parse_error MultiJson::DecodeError end diff --git a/activesupport/lib/active_support/number_helper.rb b/activesupport/lib/active_support/number_helper.rb index fc97782697..c736041066 100644 --- a/activesupport/lib/active_support/number_helper.rb +++ b/activesupport/lib/active_support/number_helper.rb @@ -24,17 +24,17 @@ module ActiveSupport # number. # ==== Examples # - # number_to_phone(5551234) # => 555-1234 - # number_to_phone("5551234") # => 555-1234 - # number_to_phone(1235551234) # => 123-555-1234 - # number_to_phone(1235551234, :area_code => true) # => (123) 555-1234 - # number_to_phone(1235551234, :delimiter => " ") # => 123 555 1234 - # number_to_phone(1235551234, :area_code => true, :extension => 555) # => (123) 555-1234 x 555 - # number_to_phone(1235551234, :country_code => 1) # => +1-123-555-1234 - # number_to_phone("123a456") # => 123a456 - # - # number_to_phone(1235551234, :country_code => 1, :extension => 1343, :delimiter => ".") - # # => +1.123.555.1234 x 1343 + # number_to_phone(5551234) # => 555-1234 + # number_to_phone("5551234") # => 555-1234 + # number_to_phone(1235551234) # => 123-555-1234 + # number_to_phone(1235551234, area_code: true) # => (123) 555-1234 + # number_to_phone(1235551234, delimiter: ' ') # => 123 555 1234 + # number_to_phone(1235551234, area_code: true, extension: 555) # => (123) 555-1234 x 555 + # number_to_phone(1235551234, country_code: 1) # => +1-123-555-1234 + # number_to_phone("123a456") # => 123a456 + # + # number_to_phone(1235551234, country_code: 1, extension: 1343, delimiter: '.') + # # => +1.123.555.1234 x 1343 def number_to_phone(number, options = {}) return unless number options = options.symbolize_keys @@ -85,18 +85,18 @@ module ActiveSupport # # ==== Examples # - # number_to_currency(1234567890.50) # => $1,234,567,890.50 - # number_to_currency(1234567890.506) # => $1,234,567,890.51 - # number_to_currency(1234567890.506, :precision => 3) # => $1,234,567,890.506 - # number_to_currency(1234567890.506, :locale => :fr) # => 1 234 567 890,51 € - # number_to_currency("123a456") # => $123a456 - # - # number_to_currency(-1234567890.50, :negative_format => "(%u%n)") - # # => ($1,234,567,890.50) - # number_to_currency(1234567890.50, :unit => "£", :separator => ",", :delimiter => "") - # # => £1234567890,50 - # number_to_currency(1234567890.50, :unit => "£", :separator => ",", :delimiter => "", :format => "%n %u") - # # => 1234567890,50 £ + # number_to_currency(1234567890.50) # => $1,234,567,890.50 + # number_to_currency(1234567890.506) # => $1,234,567,890.51 + # number_to_currency(1234567890.506, precision: 3) # => $1,234,567,890.506 + # number_to_currency(1234567890.506, locale: :fr) # => 1 234 567 890,51 € + # number_to_currency('123a456') # => $123a456 + # + # number_to_currency(-1234567890.50, negative_format: '(%u%n)') + # # => ($1,234,567,890.50) + # number_to_currency(1234567890.50, unit: '£', separator: ',', delimiter: '') + # # => £1234567890,50 + # number_to_currency(1234567890.50, unit: '£', separator: ',', delimiter: '', format: '%n %u') + # # => 1234567890,50 £ def number_to_currency(number, options = {}) return unless number options = options.symbolize_keys @@ -144,15 +144,14 @@ module ActiveSupport # # ==== Examples # - # number_to_percentage(100) # => 100.000% - # number_to_percentage("98") # => 98.000% - # number_to_percentage(100, :precision => 0) # => 100% - # number_to_percentage(1000, :delimiter => '.', :separator => ',') # => 1.000,000% - # number_to_percentage(302.24398923423, :precision => 5) # => 302.24399% - # number_to_percentage(1000, :locale => :fr) # => 1 000,000% - # number_to_percentage("98a") # => 98a% - # number_to_percentage(100, :format => "%n %") # => 100 % - # + # number_to_percentage(100) # => 100.000% + # number_to_percentage('98') # => 98.000% + # number_to_percentage(100, precision: 0) # => 100% + # number_to_percentage(1000, delimiter: '.', separator: ,') # => 1.000,000% + # number_to_percentage(302.24398923423, precision: 5) # => 302.24399% + # number_to_percentage(1000, :locale => :fr) # => 1 000,000% + # number_to_percentage('98a') # => 98a% + # number_to_percentage(100, format: '%n %') # => 100 % def number_to_percentage(number, options = {}) return unless number options = options.symbolize_keys @@ -181,16 +180,16 @@ module ActiveSupport # # ==== Examples # - # number_to_delimited(12345678) # => 12,345,678 - # number_to_delimited("123456") # => 123,456 - # number_to_delimited(12345678.05) # => 12,345,678.05 - # number_to_delimited(12345678, :delimiter => ".") # => 12.345.678 - # number_to_delimited(12345678, :delimiter => ",") # => 12,345,678 - # number_to_delimited(12345678.05, :separator => " ") # => 12,345,678 05 - # number_to_delimited(12345678.05, :locale => :fr) # => 12 345 678,05 - # number_to_delimited("112a") # => 112a - # number_to_delimited(98765432.98, :delimiter => " ", :separator => ",") - # # => 98 765 432,98 + # number_to_delimited(12345678) # => 12,345,678 + # number_to_delimited('123456') # => 123,456 + # number_to_delimited(12345678.05) # => 12,345,678.05 + # number_to_delimited(12345678, delimiter: '.') # => 12.345.678 + # number_to_delimited(12345678, delimiter: ',') # => 12,345,678 + # number_to_delimited(12345678.05, separator: ' ') # => 12,345,678 05 + # number_to_delimited(12345678.05, locale: :fr) # => 12 345 678,05 + # number_to_delimited('112a') # => 112a + # number_to_delimited(98765432.98, delimiter: ' ', separator: ',') + # # => 98 765 432,98 def number_to_delimited(number, options = {}) options = options.symbolize_keys @@ -227,21 +226,21 @@ module ActiveSupport # # ==== Examples # - # number_to_rounded(111.2345) # => 111.235 - # number_to_rounded(111.2345, :precision => 2) # => 111.23 - # number_to_rounded(13, :precision => 5) # => 13.00000 - # number_to_rounded(389.32314, :precision => 0) # => 389 - # number_to_rounded(111.2345, :significant => true) # => 111 - # number_to_rounded(111.2345, :precision => 1, :significant => true) # => 100 - # number_to_rounded(13, :precision => 5, :significant => true) # => 13.000 - # number_to_rounded(111.234, :locale => :fr) # => 111,234 - # - # number_to_rounded(13, :precision => 5, :significant => true, :strip_insignificant_zeros => true) - # # => 13 - # - # number_to_rounded(389.32314, :precision => 4, :significant => true) # => 389.3 - # number_to_rounded(1111.2345, :precision => 2, :separator => ',', :delimiter => '.') - # # => 1.111,23 + # number_to_rounded(111.2345) # => 111.235 + # number_to_rounded(111.2345, precision: 2) # => 111.23 + # number_to_rounded(13, precision: 5) # => 13.00000 + # number_to_rounded(389.32314, precision: 0) # => 389 + # number_to_rounded(111.2345, significant: true) # => 111 + # number_to_rounded(111.2345, precision: 1, significant: true) # => 100 + # number_to_rounded(13, precision: 5, significant: true) # => 13.000 + # number_to_rounded(111.234, locale: :fr) # => 111,234 + # + # number_to_rounded(13, precision: 5, significant: true, strip_insignificant_zeros: true) + # # => 13 + # + # number_to_rounded(389.32314, precision: 4, significant: true) # => 389.3 + # number_to_rounded(1111.2345, precision: 2, separator: ',', delimiter: '.') + # # => 1.111,23 def number_to_rounded(number, options = {}) options = options.symbolize_keys @@ -309,21 +308,21 @@ module ActiveSupport # # ==== Examples # - # number_to_human_size(123) # => 123 Bytes - # number_to_human_size(1234) # => 1.21 KB - # number_to_human_size(12345) # => 12.1 KB - # number_to_human_size(1234567) # => 1.18 MB - # number_to_human_size(1234567890) # => 1.15 GB - # number_to_human_size(1234567890123) # => 1.12 TB - # number_to_human_size(1234567, :precision => 2) # => 1.2 MB - # number_to_human_size(483989, :precision => 2) # => 470 KB - # number_to_human_size(1234567, :precision => 2, :separator => ',') # => 1,2 MB - # - # Non-significant zeros after the fractional separator are - # stripped out by default (set - # <tt>:strip_insignificant_zeros</tt> to +false+ to change that): - # number_to_human_size(1234567890123, :precision => 5) # => "1.1229 TB" - # number_to_human_size(524288000, :precision => 5) # => "500 MB" + # number_to_human_size(123) # => 123 Bytes + # number_to_human_size(1234) # => 1.21 KB + # number_to_human_size(12345) # => 12.1 KB + # number_to_human_size(1234567) # => 1.18 MB + # number_to_human_size(1234567890) # => 1.15 GB + # number_to_human_size(1234567890123) # => 1.12 TB + # number_to_human_size(1234567, precision: 2) # => 1.2 MB + # number_to_human_size(483989, precision: 2) # => 470 KB + # number_to_human_size(1234567, precision: 2, separator: ',') # => 1,2 MB + # + # Non-significant zeros after the fractional separator are stripped out by + # default (set <tt>:strip_insignificant_zeros</tt> to +false+ to change that): + # + # number_to_human_size(1234567890123, precision: 5) # => "1.1229 TB" + # number_to_human_size(524288000, precision: 5) # => "500 MB" def number_to_human_size(number, options = {}) options = options.symbolize_keys @@ -407,27 +406,28 @@ module ActiveSupport # # ==== Examples # - # number_to_human(123) # => "123" - # number_to_human(1234) # => "1.23 Thousand" - # number_to_human(12345) # => "12.3 Thousand" - # number_to_human(1234567) # => "1.23 Million" - # number_to_human(1234567890) # => "1.23 Billion" - # number_to_human(1234567890123) # => "1.23 Trillion" - # number_to_human(1234567890123456) # => "1.23 Quadrillion" - # number_to_human(1234567890123456789) # => "1230 Quadrillion" - # number_to_human(489939, :precision => 2) # => "490 Thousand" - # number_to_human(489939, :precision => 4) # => "489.9 Thousand" - # number_to_human(1234567, :precision => 4, - # :significant => false) # => "1.2346 Million" - # number_to_human(1234567, :precision => 1, - # :separator => ',', - # :significant => false) # => "1,2 Million" + # number_to_human(123) # => "123" + # number_to_human(1234) # => "1.23 Thousand" + # number_to_human(12345) # => "12.3 Thousand" + # number_to_human(1234567) # => "1.23 Million" + # number_to_human(1234567890) # => "1.23 Billion" + # number_to_human(1234567890123) # => "1.23 Trillion" + # number_to_human(1234567890123456) # => "1.23 Quadrillion" + # number_to_human(1234567890123456789) # => "1230 Quadrillion" + # number_to_human(489939, precision: 2) # => "490 Thousand" + # number_to_human(489939, precision: 4) # => "489.9 Thousand" + # number_to_human(1234567, precision: 4, + # significant: false) # => "1.2346 Million" + # number_to_human(1234567, precision: 1, + # separator: ',', + # significant: false) # => "1,2 Million" # # Non-significant zeros after the decimal separator are stripped # out by default (set <tt>:strip_insignificant_zeros</tt> to # +false+ to change that): - # number_to_human(12345012345, :significant_digits => 6) # => "12.345 Billion" - # number_to_human(500000000, :precision => 5) # => "500 Million" + # + # number_to_human(12345012345, significant_digits: 6) # => "12.345 Billion" + # number_to_human(500000000, precision: 5) # => "500 Million" # # ==== Custom Unit Quantifiers # @@ -435,6 +435,7 @@ module ActiveSupport # number_to_human(500000, :units => {:unit => "ml", :thousand => "lt"}) # => "500 lt" # # If in your I18n locale you have: + # # distance: # centi: # one: "centimeter" @@ -449,12 +450,12 @@ module ActiveSupport # # Then you could do: # - # number_to_human(543934, :units => :distance) # => "544 kilometers" - # number_to_human(54393498, :units => :distance) # => "54400 kilometers" - # number_to_human(54393498000, :units => :distance) # => "54.4 gazillion-distance" - # number_to_human(343, :units => :distance, :precision => 1) # => "300 meters" - # number_to_human(1, :units => :distance) # => "1 meter" - # number_to_human(0.34, :units => :distance) # => "34 centimeters" + # number_to_human(543934, :units => :distance) # => "544 kilometers" + # number_to_human(54393498, :units => :distance) # => "54400 kilometers" + # number_to_human(54393498000, :units => :distance) # => "54.4 gazillion-distance" + # number_to_human(343, :units => :distance, :precision => 1) # => "300 meters" + # number_to_human(1, :units => :distance) # => "1 meter" + # number_to_human(0.34, :units => :distance) # => "34 centimeters" def number_to_human(number, options = {}) options = options.symbolize_keys @@ -505,22 +506,22 @@ module ActiveSupport end private_class_method :private_module_and_instance_method - def format_translations(namespace, locale) + def format_translations(namespace, locale) #:nodoc: defaults_translations(locale).merge(translations_for(namespace, locale)) end private_module_and_instance_method :format_translations - def defaults_translations(locale) + def defaults_translations(locale) #:nodoc: I18n.translate(:'number.format', :locale => locale, :default => {}) end private_module_and_instance_method :defaults_translations - def translations_for(namespace, locale) + def translations_for(namespace, locale) #:nodoc: I18n.translate(:"number.#{namespace}.format", :locale => locale, :default => {}) end private_module_and_instance_method :translations_for - def valid_float?(number) + def valid_float?(number) #:nodoc: Float(number) rescue ArgumentError, TypeError false diff --git a/activesupport/test/dependencies_test.rb b/activesupport/test/dependencies_test.rb index f622c6b43f..69829bcda5 100644 --- a/activesupport/test/dependencies_test.rb +++ b/activesupport/test/dependencies_test.rb @@ -39,6 +39,19 @@ class DependenciesTest < ActiveSupport::TestCase with_loading 'autoloading_fixtures', &block end + def test_depend_on_path + skip "LoadError#path does not exist" if RUBY_VERSION < '2.0.0' + + expected = assert_raises(LoadError) do + Kernel.require 'omgwtfbbq' + end + + e = assert_raises(LoadError) do + ActiveSupport::Dependencies.depend_on 'omgwtfbbq' + end + assert_equal expected.path, e.path + end + def test_tracking_loaded_files require_dependency 'dependencies/service_one' require_dependency 'dependencies/service_two' diff --git a/guides/source/active_model_basics.textile b/guides/source/active_model_basics.textile index d373f4ac85..7cafff2ad8 100644 --- a/guides/source/active_model_basics.textile +++ b/guides/source/active_model_basics.textile @@ -187,7 +187,7 @@ class Person attr_accessor :name, :email, :token validates :name, :presence => true - validates_format_of :email, :with => /^([^\s]+)((?:[-a-z0-9]\.)[a-z]{2,})$/i + validates_format_of :email, :with => /\A([^\s]+)((?:[-a-z0-9]\.)[a-z]{2,})\z/i validates! :token, :presence => true end diff --git a/guides/source/active_support_core_extensions.textile b/guides/source/active_support_core_extensions.textile index 011a702901..40ef19cfbf 100644 --- a/guides/source/active_support_core_extensions.textile +++ b/guides/source/active_support_core_extensions.textile @@ -1857,16 +1857,24 @@ h4. Formatting Enables the formatting of numbers in a variety of ways. Produce a string representation of a number as a telephone number: + <ruby> -5551234.to_s(:phone) # => 555-1234 -1235551234.to_s(:phone) # => 123-555-1234 -1235551234.to_s(:phone, :area_code => true) # => (123) 555-1234 -1235551234.to_s(:phone, :delimiter => " ") # => 123 555 1234 -1235551234.to_s(:phone, :area_code => true, :extension => 555) # => (123) 555-1234 x 555 -1235551234.to_s(:phone, :country_code => 1) # => +1-123-555-1234 +5551234.to_s(:phone) +# => 555-1234 +1235551234.to_s(:phone) +# => 123-555-1234 +1235551234.to_s(:phone, :area_code => true) +# => (123) 555-1234 +1235551234.to_s(:phone, :delimiter => " ") +# => 123 555 1234 +1235551234.to_s(:phone, :area_code => true, :extension => 555) +# => (123) 555-1234 x 555 +1235551234.to_s(:phone, :country_code => 1) +# => +1-123-555-1234 </ruby> Produce a string representation of a number as currency: + <ruby> 1234567890.50.to_s(:currency) # => $1,234,567,890.50 1234567890.506.to_s(:currency) # => $1,234,567,890.51 @@ -1874,14 +1882,20 @@ Produce a string representation of a number as currency: </ruby> Produce a string representation of a number as a percentage: + <ruby> -100.to_s(:percentage) # => 100.000% -100.to_s(:percentage, :precision => 0) # => 100% -1000.to_s(:percentage, :delimiter => '.', :separator => ',') # => 1.000,000% -302.24398923423.to_s(:percentage, :precision => 5) # => 302.24399% +100.to_s(:percentage) +# => 100.000% +100.to_s(:percentage, :precision => 0) +# => 100% +1000.to_s(:percentage, :delimiter => '.', :separator => ',') +# => 1.000,000% +302.24398923423.to_s(:percentage, :precision => 5) +# => 302.24399% </ruby> Produce a string representation of a number in delimited form: + <ruby> 12345678.to_s(:delimited) # => 12,345,678 12345678.05.to_s(:delimited) # => 12,345,678.05 @@ -1891,33 +1905,36 @@ Produce a string representation of a number in delimited form: </ruby> Produce a string representation of a number rounded to a precision: + <ruby> -111.2345.to_s(:rounded) # => 111.235 -111.2345.to_s(:rounded, :precision => 2) # => 111.23 -13.to_s(:rounded, :precision => 5) # => 13.00000 -389.32314.to_s(:rounded, :precision => 0) # => 389 -111.2345.to_s(:rounded, :significant => true) # => 111 +111.2345.to_s(:rounded) # => 111.235 +111.2345.to_s(:rounded, :precision => 2) # => 111.23 +13.to_s(:rounded, :precision => 5) # => 13.00000 +389.32314.to_s(:rounded, :precision => 0) # => 389 +111.2345.to_s(:rounded, :significant => true) # => 111 </ruby> Produce a string representation of a number as a human-readable number of bytes: + <ruby> -123.to_s(:human_size) # => 123 Bytes -1234.to_s(:human_size) # => 1.21 KB -12345.to_s(:human_size) # => 12.1 KB -1234567.to_s(:human_size) # => 1.18 MB -1234567890.to_s(:human_size) # => 1.15 GB -1234567890123.to_s(:human_size) # => 1.12 TB +123.to_s(:human_size) # => 123 Bytes +1234.to_s(:human_size) # => 1.21 KB +12345.to_s(:human_size) # => 12.1 KB +1234567.to_s(:human_size) # => 1.18 MB +1234567890.to_s(:human_size) # => 1.15 GB +1234567890123.to_s(:human_size) # => 1.12 TB </ruby> Produce a string representation of a number in human-readable words: + <ruby> -123.to_s(:human) # => "123" -1234.to_s(:human) # => "1.23 Thousand" -12345.to_s(:human) # => "12.3 Thousand" -1234567.to_s(:human) # => "1.23 Million" -1234567890.to_s(:human) # => "1.23 Billion" -1234567890123.to_s(:human) # => "1.23 Trillion" -1234567890123456.to_s(:human) # => "1.23 Quadrillion" +123.to_s(:human) # => "123" +1234.to_s(:human) # => "1.23 Thousand" +12345.to_s(:human) # => "12.3 Thousand" +1234567.to_s(:human) # => "1.23 Million" +1234567890.to_s(:human) # => "1.23 Billion" +1234567890123.to_s(:human) # => "1.23 Trillion" +1234567890123456.to_s(:human) # => "1.23 Quadrillion" </ruby> NOTE: Defined in +active_support/core_ext/numeric/formatting.rb+. @@ -2469,6 +2486,7 @@ To do so, the method loops over the pairs and builds nodes that depend on the _v * If +value+ responds to +to_xml+ the method is invoked with +key+ as <tt>:root</tt>. * Otherwise, a node with +key+ as tag is created with a string representation of +value+ as text node. If +value+ is +nil+ an attribute "nil" set to "true" is added. Unless the option <tt>:skip_types</tt> exists and is true, an attribute "type" is added as well according to the following mapping: + <ruby> XML_TYPE_NAMES = { "Symbol" => "symbol", diff --git a/guides/source/caching_with_rails.textile b/guides/source/caching_with_rails.textile index 34a100cd3a..3ee36ae971 100644 --- a/guides/source/caching_with_rails.textile +++ b/guides/source/caching_with_rails.textile @@ -332,7 +332,7 @@ h4. ActiveSupport::Cache::MemoryStore This cache store keeps entries in memory in the same Ruby process. The cache store has a bounded size specified by the +:size+ options to the initializer (default is 32Mb). When the cache exceeds the allotted size, a cleanup will occur and the least recently used entries will be removed. <ruby> -config.cache_store = :memory_store, :size => 64.megabytes +config.cache_store = :memory_store, { :size => 64.megabytes } </ruby> If you're running multiple Ruby on Rails server processes (which is the case if you're using mongrel_cluster or Phusion Passenger), then your Rails server process instances won't be able to share cache data with each other. This cache store is not appropriate for large application deployments, but can work well for small, low traffic sites with only a couple of server processes or for development and test environments. diff --git a/guides/source/contributing_to_ruby_on_rails.textile b/guides/source/contributing_to_ruby_on_rails.textile index acf75d41cd..b52cd6c6b6 100644 --- a/guides/source/contributing_to_ruby_on_rails.textile +++ b/guides/source/contributing_to_ruby_on_rails.textile @@ -109,7 +109,7 @@ You can run any single test separately too: <shell> $ cd actionpack -$ ruby -Itest test/template/form_helper_test.rb +$ bundle exec ruby -Itest test/template/form_helper_test.rb </shell> h4. Warnings @@ -190,6 +190,8 @@ $ rake postgresql:build_databases NOTE: Using the rake task to create the test databases ensures they have the correct character set and collation. +NOTE: You'll see the following warning (or localized warning) during activating HStore extension in PostgreSQL 9.1.x or earlier: "WARNING: => is deprecated as an operator". + If you’re using another database, check the files under +activerecord/test/connections+ for default connection information. You can edit these files to provide different credentials on your machine if you must, but obviously you should not push any such changes back to Rails. You can now run the tests as you did for +sqlite3+. The tasks are respectively @@ -317,6 +319,8 @@ Now get busy and add or edit code. You’re on your branch now, so you can write * Include tests that fail without your code, and pass with it. * Update the (surrounding) documentation, examples elsewhere, and the guides: whatever is affected by your contribution. +TIP: Changes that are cosmetic in nature and do not add anything substantial to the stability, functionality, or testability of Rails will generally not be accepted. + h4. Follow the Coding Conventions Rails follows a simple set of coding style conventions. diff --git a/guides/source/form_helpers.textile b/guides/source/form_helpers.textile index 8106de6f9d..1851aceff8 100644 --- a/guides/source/form_helpers.textile +++ b/guides/source/form_helpers.textile @@ -419,6 +419,18 @@ TIP: The second argument to +options_for_select+ must be exactly equal to the de WARNING: when +:inlude_blank+ or +:prompt:+ are not present, +:include_blank+ is forced true if the select attribute +required+ is true, display +size+ is one and +multiple+ is not true. +You can add arbitrary attributes to the options using hashes: + +<erb> +<%= options_for_select([['Lisbon', 1, :'data-size' => '2.8 million'], ['Madrid', 2, :'data-size' => '3.2 million']], 2) %> + +output: + +<option value="1" data-size="2.8 million">Lisbon</option> +<option value="2" selected="selected" data-size="3.2 million">Madrid</option> +... +</erb> + h4. Select Boxes for Dealing with Models In most cases form controls will be tied to a specific database model and as you might expect Rails provides helpers tailored for that purpose. Consistent with other form helpers, when dealing with models you drop the +_tag+ suffix from +select_tag+: diff --git a/guides/source/initialization.textile b/guides/source/initialization.textile index 48d4373afe..0638bbed10 100644 --- a/guides/source/initialization.textile +++ b/guides/source/initialization.textile @@ -8,14 +8,14 @@ as of Rails 4. It is an extremely in-depth guide and recommended for advanced Ra endprologue. -This guide goes through every single file, class and method call that is +This guide goes through every method call that is required to boot up the Ruby on Rails stack for a default Rails 4 application, explaining each part in detail along the way. For this guide, we will be focusing on how the two most common methods (+rails server+ and Passenger) boot a Rails application. NOTE: Paths in this guide are relative to Rails or a Rails application unless otherwise specified. h3. Launch! -As of Rails 3, +script/server+ has become +rails server+. This was done to centralize all rails related commands to one common file. +A Rails application is usually started with the command +rails server+. h4. +bin/rails+ @@ -224,47 +224,27 @@ when 'server' } </ruby> -This file will change into the root of the directory (a path two directories back from +APP_PATH+ which points at +config/application.rb+), but only if the +config.ru+ file isn't found. This then requires +rails/commands/server+ which requires +action_dispatch+ and sets up the +Rails::Server+ class. - -h4. +actionpack/lib/action_dispatch.rb+ - -Action Dispatch is the routing component of the Rails framework. It depends on Active Support, +actionpack/lib/action_pack.rb+ and +Rack+ being available. The first thing required here is +active_support+. - -h4. +activesupport/lib/active_support.rb+ - -This file begins with requiring +active_support/lib/active_support/dependencies/autoload.rb+ which redefines Ruby's +autoload+ method to have a little more extra behaviour especially in regards to eager autoloading. Eager autoloading is the loading of all required classes and will happen when the +config.cache_classes+ setting is +true+. The required file also requires another file: +active_support/lazy_load_hooks+ - -h4. +activesupport/lib/active_support/lazy_load_hooks.rb+ - -This file defines the +ActiveSupport.on_load+ hook which is used to execute code when specific parts are loaded. We'll see this in use a little later on. - -This file begins with requiring +active_support/inflector/methods+. - -h4. +activesupport/lib/active_support/inflector/methods.rb+ - -The +methods.rb+ file is responsible for defining methods such as +camelize+, +underscore+ and +dasherize+ as well as a slew of others. The "+ActiveSupport::Inflector+ documentation":http://api.rubyonrails.org/classes/ActiveSupport/Inflector.html covers them all pretty decently. - -In this file there are a lot of lines such as this inside the +ActiveSupport+ module: +This file will change into the root of the directory (a path two directories back from +APP_PATH+ which points at +config/application.rb+), but only if the +config.ru+ file isn't found. This then requires +rails/commands/server+ which sets up the +Rails::Server+ class. <ruby> -autoload :Inflector -</ruby> - -Due to the overriding of the +autoload+ method, Ruby will know how to look for this file at +activesupport/lib/active_support/inflector.rb+ when the +Inflector+ class is first referenced. - -The +active_support/lib/active_support/version.rb+ that is also required here simply defines an +ActiveSupport::VERSION+ constant which defines a couple of constants inside this module, the main constant of this is +ActiveSupport::VERSION::STRING+ which returns the current version of ActiveSupport. - -The +active_support/lib/active_support.rb+ file simply defines the +ActiveSupport+ module and some autoloads (eager and of the normal variety) for it. +require 'fileutils' +require 'optparse' +require 'action_dispatch' -h4. +actionpack/lib/action_dispatch.rb+ cont'd. +module Rails + class Server < ::Rack::Server +</ruby> -Now back to +action_pack/lib/action_dispatch.rb+. The next +require+ in this file is one for +action_pack+, which simply calls +action_pack/version.rb+ which defines +ActionPack::VERSION+ and the constants, much like +ActiveSpport+ does. ++fileutils+ and +optparse+ are standard Ruby libraries which provide helper functions for working with files and parsing options. -After this line, there's a require to +active_model+ which simply defines autoloads for the +ActiveModel+ part of Rails and sets up the +ActiveModel+ module which is used later on. +h4. +actionpack/lib/action_dispatch.rb+ -The last of the requires is to +rack+, which like the +active_model+ and +active_support+ requires before it, sets up the +Rack+ module as well as the autoloads for constants within it. +Action Dispatch is the routing component of the Rails framework. Other +than the rouing itself, it adds +functionalities like routing, session, and common middlewares. -Finally in +action_dispatch.rb+ the +ActionDispatch+ module and *its* autoloads are declared. +Action Dispatch itself is also responsible for loading Active Support, Action +Pack, Active Model, and Rack. h4. +rails/commands/server.rb+ @@ -363,11 +343,21 @@ def parse!(args) ... </ruby> -This method will set up keys for the +options+ which Rails will then be able to use to determine how its server should run. After +initialize+ has finished, then the +start+ method will launch the server. +This method will set up keys for the +options+ which Rails will then be +able to use to determine how its server should run. After +initialize+ +has finished, we jump back into +rails/server+ where +APP_PATH+ (which was +set earlier) is required. + +h4. +config/application+ + +When +require APP_PATH+ is executed, +config/application.rb+ is loaded. +This is a file exists in your app and it's free for you to change based +on your needs. Among other things, inside this file you load gems with +bundler, and create your application namespace. h4. +Rails::Server#start+ -This method is defined like this: +After +congif/application+ is loaded, +server.start+ is called. This method is defined like this: <ruby> def start @@ -405,7 +395,7 @@ method creates a trap for +INT+ signals, so if you +CTRL-C+ the server, it will exit the process. As we can see from the code here, it will create the +tmp/cache+, +tmp/pids+, +tmp/sessions+ and +tmp/sockets+ directories. It then calls +wrapped_app+ which is responsible for -creating the Rack app, before creating and assignig an +creating the Rack app, before creating and assigning an instance of +ActiveSupport::Logger+. The +super+ method will call +Rack::Server.start+ which begins its definition like this: @@ -455,7 +445,8 @@ end </ruby> The interesting part for a Rails app is the last line, +server.run+. Here we encounter the +wrapped_app+ method again, which this time -we're going to explore more. +we're going to explore more (even though it was executed before, and +thus memoized by now). <ruby> @wrapped_app ||= build_app app @@ -494,7 +485,7 @@ app = eval "Rack::Builder.new {( " <plus> cfgfile <plus> "\n )}.to_app", TOPLEVEL_BINDING, config </ruby> -The +initialize+ method will take the block here and execute it within an instance of +Rack::Builder+. This is where the majority of the initialization process of Rails happens. The chain of events that this simple line sets off will be the focus of a large majority of this guide. The +require+ line for +config/environment.rb+ in +config.ru+ is the first to run: +The +initialize+ method of +Rack::Builder+ will take the block here and execute it within an instance of +Rack::Builder+. This is where the majority of the initialization process of Rails happens. The +require+ line for +config/environment.rb+ in +config.ru+ is the first to run: <ruby> require ::File.expand_path('../config/environment', __FILE__) @@ -541,641 +532,128 @@ require "rails" end </ruby> -First off the line is the +rails+ require itself. +This is where all the Rails frameworks are loaded and thus made +available to the application. We wont go into detail of what happens +inside each of those frameworks, but you're encouraged to try and +explore them on your own. -h4. +railties/lib/rails.rb+ +For now, just keep in mind that common functionality like Rails engines, +I18n and Rails configuration is all bein defined here. -This file is responsible for the initial definition of the +Rails+ -module and, rather than defining the autoloads like +ActiveSupport+, -+ActionDispatch+ and so on, it actually defines other functionality. -Such as the +root+, +env+ and +application+ methods which are extremely -useful in Rails 4 applications. +h4. Back to +config/environment.rb+ -However, before all that takes place the +rails/ruby_version_check+ file is required first. - -h4. +railties/lib/rails/ruby_version_check.rb+ - -This file simply checks if the Ruby version is less than 1.9.3 and -raises an error if that is the case. Rails 4 simply will not run on -earlier versions of Ruby. - -NOTE: You should always endeavor to run the latest version of Ruby with your Rails applications. The benefits are many, including security fixes and the like, and very often there is a speed increase associated with it. The caveat is that you could have code that potentially breaks on the latest version, which should be fixed to work on the latest version rather than kept around as an excuse not to upgrade. - -h4. +active_support/core_ext/kernel/reporting.rb+ - -This is the first of the many Active Support core extensions that come with Rails. This one in particular defines methods in the +Kernel+ module which is mixed in to the +Object+ class so the methods are available on +main+ and can therefore be called like this: - -<ruby> -silence_warnings do - # some code -end -</ruby> - -These methods can be used to silence STDERR responses and the +silence_stream+ allows you to also silence other streams. Additionally, this mixin allows you to suppress exceptions and capture streams. For more information see the "Silencing Warnings, Streams, and Exceptions":active_support_core_extensions.html#silencing-warnings-streams-and-exceptions section from the Active Support Core Extensions Guide. - -h4. +active_support/core_ext/array/extract_options.rb+ - -The next file that is required is another Active Support core extension, -this time to the +Array+ and +Hash+ classes. This file defines an -+extract_options!+ method which Rails uses to extract options from -parameters. +When +config/application.rb+ has finished loading Rails, and defined +your application namespace, you go back to +config/environment.rb+, +where your application is initialized. For example, if you application was called ++Blog+, here you would find +Blog::Application.initialize!+, which is +defined in +rails/application.rb+ h4. +railties/lib/rails/application.rb+ -The next file required by +railties/lib/rails.rb+ is +application.rb+. -This file defines the +Rails::Application+ constant which the -application's class defined in +config/application.rb+ in a standard -Rails application depends on. - -Before the +Rails::Application+ class is -defined however, +rails/engine+ is also loaded, which is responsible for -handling the behavior and definitions of Rails engines. - -TIP: You can read more about engines in the "Getting Started with Engines":engines.html guide. - -Among other things, Rails Engine is also responsible for loading the -Railtie class. - -h4. +railties/lib/rails/railtie.rb+ - -The +rails/railtie.rb+ file is responsible for defining +Rails::Railtie+, the underlying class for all ties to Rails now. Gems that want to have their own initializers or rake tasks and hook into Rails should have a +GemName::Railtie+ class that inherits from +Rails::Railtie+. - -The "API documentation":http://api.rubyonrails.org/classes/Rails/Railtie.html for +Rails::Railtie+, much like +Rails::Engine+, explains this class exceptionally well. - -The first require in this file is +rails/initializable.rb+. - -h4. +railties/lib/rails/initializable.rb+ - -Now we reach the end of this particular rabbit hole as +rails/initializable.rb+ doesn't require any more Rails files, only +tsort+ from the Ruby standard library. - -This file defines the +Rails::Initializable+ module which contains the +Initializer+ class, the basis for all initializers in Rails. This module also contains a +ClassMethods+ class which will be included into the +Rails::Railtie+ class when these requires have finished. - -Now that +rails/initializable.rb+ has finished being required from +rails/railtie.rb+, the next require is for +rails/configuration+. - -h4. +railties/lib/rails/configuration.rb+ - -This file defines the +Rails::Configuration+ module, containing the +MiddlewareStackProxy+ class as well as the +Generators+ class. The +MiddlewareStackProxy+ class is used for managing the middleware stack for an application, which we'll see later on. The +Generators+ class provides the functionality used for configuring what generators an application uses through the "+config.generators+ option":configuring.html#configuring-generators. - -The first file required in this file is +activesupport/deprecation+. - -h4. +activesupport/lib/active_support/deprecation.rb+ - -This file, and the files it requires, define the basic deprecation warning features found in Rails. This file is responsible for setting defaults in the +ActiveSupport::Deprecation+ module for the +deprecation_horizon+, +silenced+ and +debug+ values. The files that are required before this happens are: - -* +active_support/deprecation/behaviors+ -* +active_support/deprecation/reporting+ -* +active_support/deprecation/method_wrappers+ -* +active_support/deprecation/proxy_wrappers+ - -h4. +activesupport/lib/active_support/deprecation/behaviors.rb+ - -This file defines the behavior of the +ActiveSupport::Deprecation+ module, setting up the +DEFAULT_BEHAVIORS+ hash constant which contains the three defaults to outputting deprecation warnings: +:stderr+, +:log+ and +:notify+. This file begins by requiring +activesupport/notifications+ and +activesupport/core_ext/array/wrap+. - -h4. +activesupport/lib/active_support/notifications.rb+ - -This file defines the +ActiveSupport::Notifications+ module. Notifications provides an instrumentation API for Ruby, shipping with a queue implementation that consumes and publish events to log subscribers in a thread. - -The "API documentation":http://api.rubyonrails.org/classes/ActiveSupport/Notifications.html for +ActiveSupport::Notifications+ explains the usage of this module, including the methods that it defines. - -The file required in +active_support/notifications.rb+ is +active_support/core_ext/module/delegation+ which is documented in the "Active Support Core Extensions Guide":active_support_core_extensions.html#method-delegation. - -h4. +activesupport/core_ext/array/wrap+ - -As this file comprises of a core extension, it is covered exclusively in "the Active Support Core Extensions guide":active_support_core_extensions.html#wrapping - -h4. +activesupport/lib/active_support/deprecation/reporting.rb+ - -This file is responsible for defining the +warn+ and +silence+ methods for +ActiveSupport::Deprecation+ as well as additional private methods for this module. - -h4. +activesupport/lib/active_support/deprecation/method_wrappers.rb+ - -This file defines a +deprecate_methods+ which is primarily used by the +module/deprecation+ core extension required by the first line of this file. Other core extensions required by this file are the +module/aliasing+ and +array/extract_options+ files. - -h4. +activesupport/lib/active_support/deprecation/proxy_wrappers.rb+ - -+proxy_wrappers.rb+ defines deprecation wrappers for methods, instance variables and constants. Previously, this was used for the +RAILS_ENV+ and +RAILS_ROOT+ constants for 3.0 but since then these constants have been removed. The deprecation message that would be raised from these would be something like: - -<plain> -BadConstant is deprecated! Use GoodConstant instead. -</plain> - -h4. +active_support/ordered_options+ - -This file is the next file required from +rails/configuration.rb+ is the file that defines +ActiveSupport::OrderedOptions+ which is used for configuration options such as +config.active_support+ and the like. - -The next file required is +active_support/core_ext/hash/deep_dup+ which is covered in "Active Support Core Extensions guide":active_support_core_extensions.html#deep_dup - -h4. +active_support/core_ext/object+ - -This file is responsible for requiring many more Active Support core extensions: +The +initialize!+ method looks like this: <ruby> -require 'active_support/core_ext/object/acts_like' -require 'active_support/core_ext/object/blank' -require 'active_support/core_ext/object/duplicable' -require 'active_support/core_ext/object/deep_dup' -require 'active_support/core_ext/object/try' -require 'active_support/core_ext/object/inclusion' - -require 'active_support/core_ext/object/conversions' -require 'active_support/core_ext/object/instance_variables' - -require 'active_support/core_ext/object/to_json' -require 'active_support/core_ext/object/to_param' -require 'active_support/core_ext/object/to_query' -require 'active_support/core_ext/object/with_options' -</ruby> - -The Rails API documentation covers them in great detail, so we're not going to explain each of them. - -The file that is required next from +rails/configuration+ is +rails/paths+. - -h4. +railties/lib/rails/paths.rb+ - -This file defines the +Rails::Paths+ module which allows paths to be configured for a Rails application or engine. Later on in this guide when we cover Rails configuration during the initialization process we'll see this used to set up some default paths for Rails and some of them will be configured to be eager loaded. - -h4. +railties/lib/rails/rack.rb+ - -The final file to be loaded by +railties/lib/rails/configuration.rb+ is +rails/rack+ which defines some simple autoloads: - -<ruby> -module Rails - module Rack - autoload :Debugger, "rails/rack/debugger" - autoload :Logger, "rails/rack/logger" - autoload :LogTailer, "rails/rack/log_tailer" - end -end -</ruby> - -Once this file is finished loading, then the +Rails::Configuration+ class is initialized. This completes the loading of +railties/lib/rails/configuration.rb+ and now we jump back to the loading of +railties/lib/rails/railtie.rb+, where the next file loaded is +active_support/inflector+. - -h4. +activesupport/lib/active_support/inflector.rb+ - -+active_support/inflector.rb+ requires a series of file which are responsible for setting up the basics for knowing how to pluralize and singularize words. These files are: - -<ruby> -require 'active_support/inflector/inflections' -require 'active_support/inflector/transliterate' -require 'active_support/inflector/methods' - -require 'active_support/inflections' -require 'active_support/core_ext/string/inflections' -</ruby> - -The +active_support/inflector/methods+ file has already been required by +active_support/autoload+ and so won't be loaded again here. The +activesupport/lib/active_support/inflector/inflections.rb+ is required by +active_support/inflector/methods+. - -h4. +active_support/inflections+ - -This file references the +ActiveSupport::Inflector+ constant which isn't loaded by this point. But there were autoloads set up in +activesupport/lib/active_support.rb+ which will load the file which loads this constant and so then it will be defined. Then this file defines pluralization and singularization rules for words in Rails. This is how Rails knows how to pluralize "tomato" to "tomatoes". - -<ruby> -inflect.irregular('zombie', 'zombies') -</ruby> - -h4. +activesupport/lib/active_support/inflector/transliterate.rb+ - -This is the file that defines the "+transliterate+":http://api.rubyonrails.org/classes/ActiveSupport/Inflector.html#method-i-transliterate and "+parameterize+":http://api.rubyonrails.org/classes/ActiveSupport/Inflector.html#method-i-parameterize methods. - -h4. +active_support/core_ext/module/introspection+ - -The next file loaded by +rails/railtie+ is the introspection core -extension, which extends +Module+ with methods like +parent_name+, +parent+ and -+parents+. - -h4. +active_support/core_ext/module/delegation+ - -The final file loaded by +rails/railtie+ is the delegation core extension, which defines the "+delegate+":http://api.rubyonrails.org/classes/Module.html#method-i-delegate method. - -h4. Back to +railties/lib/rails/railtie.rb+ - -Once the inflector files have been loaded, the +Rails::Railtie+ class is defined. This class includes a module called +Initializable+, which is actually +Rails::Initializable+. This module includes the +initializer+ method which is used later on for setting up initializers, amongst other methods. - -h4. +railties/lib/rails/initializable.rb+ - -When the module from this file (+Rails::Initializable+) is included, it extends the class it's included into with the +ClassMethods+ module inside of it. This module defines the +initializer+ method which is used to define initializers throughout all of the railties. This file completes the loading of +railties/lib/rails/railtie.rb+. Now we go back to +rails/engine.rb+. - -h4. +railties/lib/rails/engine.rb+ - -The next file required in +rails/engine.rb+ is +active_support/core_ext/module/delegation+ which is documented in the "Active Support Core Extensions Guide":active_support_core_extensions.html#method-delegation. - -The next two files after this are Ruby standard library files: +pathname+ and +rbconfig+. The file after these is +rails/engine/railties+. - -h4. +railties/lib/rails/engine/railties.rb+ - -This file defines the +Rails::Engine::Railties+ class which provides the +engines+ and +railties+ methods which are used later on for defining rake tasks and other functionality for engines and railties. - -h4. Back to +railties/lib/rails/engine.rb+ - -Once +rails/engine/railties.rb+ has finished loading the +Rails::Engine+ class gets its basic functionality defined, such as the +inherited+ method which will be called when this class is inherited from. - -Once this file has finished loading we jump back to +railties/lib/rails/plugin.rb+ - -h4. Back to +railties/lib/rails/plugin.rb+ - -The next file required in this is a core extension from Active Support called +array/conversions+ which is covered in "this section":active_support_core_extensions.html#array-conversions of the Active Support Core Extensions Guide. - -Once that file has finished loading, the +Rails::Plugin+ class is defined. - -h4. Back to +railties/lib/rails/application.rb+ - -Jumping back to +rails/application.rb+ now. This file defines the +Rails::Application+ class where the application's class inherits from. This class (and its superclasses) define the basic behaviour on the application's constant such as the +config+ method used for configuring the application. - -Once this file's done then we go back to the +railties/lib/rails.rb+ file, which next requires +rails/version+. - -h4. +railties/lib/rails/version.rb+ - -Much like +active_support/version+, this file defines the +VERSION+ constant which has a +STRING+ constant on it which returns the current version of Rails. - -Once this file has finished loading we go back to +railties/lib/rails.rb+ which then requires +active_support/railtie.rb+. - -h4. +activesupport/lib/active_support/railtie.rb+ - -This file requires +active_support+ and +rails+ which have already been required so these two lines are effectively ignored. The third require in this file is to +active_support/i18n_railtie.rb+. - -h4. +activesupport/lib/active_support/i18n_railtie.rb+ - -This file is the first file that sets up configuration with these lines inside the class: - -<ruby> -class Railtie < Rails::Railtie - config.i18n = ActiveSupport::OrderedOptions.new - config.i18n.railties_load_path = [] - config.i18n.load_path = [] - config.i18n.fallbacks = ActiveSupport::OrderedOptions.new -</ruby> - -By inheriting from +Rails::Railtie+ the +Rails::Railtie#inherited+ method is called: - -<ruby> -def inherited(base) - unless base.abstract_railtie? - base.send(:include, Railtie::Configurable) - subclasses << base - end -end -</ruby> - -This first checks if the Railtie that's inheriting it is a component of Rails itself: - -<ruby> -ABSTRACT_RAILTIES = %w(Rails::Railtie Rails::Plugin Rails::Engine Rails::Application) - -... - -def abstract_railtie? - ABSTRACT_RAILTIES.include?(name) +def initialize!(group=:default) #:nodoc: + raise "Application has been already initialized." if @initialized + run_initializers(group, self) + @initialized = true + self end </ruby> -Because +I18n::Railtie+ isn't in this list, +abstract_railtie?+ returns +false+. Therefore the +Railtie::Configurable+ module is included into this class and the +subclasses+ method is called and +I18n::Railtie+ is added to this new array. +As you can see, you can only initialize an app once. This is also where the initializers are run. -<ruby> -def subclasses - @subclasses ||= [] -end -</ruby> +TODO: review this -The +config+ method used at the top of +I18n::Railtie+ is defined on +Rails::Railtie+ and is defined like this: +The initializers code itself is tricky. What Rails is doing here is it +traverses all the class ancestors looking for an +initializers+ method, +sorting them and running them. For example, the +Engine+ class will make +all the engines available by providing the +initializers+ method. -<ruby> -def config - @config ||= Railtie::Configuration.new -end -</ruby> - -At this point, that +Railtie::Configuration+ constant is automatically loaded which causes the +rails/railties/configuration+ file to be loaded. The line for this is this particular line in +railties/lib/rails/railtie.rb+: +After this is done we go back to +Rack::Server+ -<ruby> -autoload :Configuration, "rails/railtie/configuration" -</ruby> +h4. Rack: lib/rack/server.rb -h4. +railties/lib/rails/railtie/configuration.rb+ - -This file begins with a require out to +rails/configuration+ which has already been required earlier in the process and so isn't required again. - -This file defines the +Rails::Railtie::Configuration+ class which is responsible for providing a way to easily configure railties and it's the +initialize+ method here which is called by the +config+ method back in the +i18n_railtie.rb+ file. The methods on this object don't exist, and so are rescued by the +method_missing+ defined further down in +configuration.rb+: +Last time we left when the +app+ method was being defined: <ruby> -def method_missing(name, *args, &blk) - if name.to_s =~ /=$/ - @@options[$`.to_sym] = args.first - elsif @@options.key?(name) - @@options[name] - else - super - end -end -</ruby> - -So therefore when an option is referred to it simply stores the value as the key if it's used in a setter context, or retrieves it if used in a getter context. Nothing fancy going on there. - -h4. Back to +activesupport/lib/active_support/i18n_railtie.rb+ - -After the configuration method the +reloader+ method is defined, and then the first of of Railties' initializers is defined: +i18n.callbacks+. +def app + @app ||= begin + if !::File.exist? options[:config] + abort "configuration #{options[:config]} not found" + end -<ruby> -initializer "i18n.callbacks" do - ActionDispatch::Reloader.to_prepare do - I18n::Railtie.reloader.execute_if_updated + app, options = Rack::Builder.parse_file(self.options[:config], opt_parser) + self.options.merge! options + app end end </ruby> -The +initializer+ method (from the +Rails::Initializable+ module) here doesn't run the block, but rather stores it to be run later on: - -<ruby> -def initializer(name, opts = {}, &blk) - raise ArgumentError, "A block must be passed when defining an initializer" unless blk - opts[:after] ||= initializers.last.name unless initializers.empty? || initializers.find { |i| i.name == opts[:before] } - initializers << Initializer.new(name, nil, opts, &blk) -end -</ruby> - -An initializer can be configured to run before or after another initializer, which we'll see a couple of times throughout this initialization process. Anything that inherits from +Rails::Railtie+ may also make use of the +initializer+ method, something which is covered in the "Configuration guide":configuring.html#rails-railtie-initializer. - -The +Initializer+ class here is defined within the +Rails::Initializable+ module and its +initialize+ method is defined to just set up a couple of variables: - -<ruby> -def initialize(name, context, options, &block) - @name, @context, @options, @block = name, context, options, block -end -</ruby> - -Once this +initialize+ method is finished, the object is added to the object the +initializers+ method returns: +At this point +app+ is the Rails app itself (a middleware), and what +happens next is Rack will call all the provided middlewares: <ruby> -def initializers - @initializers ||= self.class.initializers_for(self) -end -</ruby> - -If +@initializers+ isn't set (which it won't be at this point), the +intializers_for+ method will be called for this class. - -<ruby> -def initializers_for(binding) - Collection.new(initializers_chain.map { |i| i.bind(binding) }) -end -</ruby> - -The +Collection+ class in +railties/lib/rails/initializable.rb+ inherits from +Array+ and includes the +TSort+ module which is used to sort out the order of the initializers based on the order they are placed in. - -The +initializers_chain+ method referenced in the +initializers_for+ method is defined like this: - -<ruby> -def initializers_chain - initializers = Collection.new - ancestors.reverse_each do |klass| - next unless klass.respond_to?(:initializers) - initializers = initializers + klass.initializers +def build_app(app) + middleware[options[:environment]].reverse_each do |middleware| + middleware = middleware.call(self) if middleware.respond_to?(:call) + next unless middleware + klass = middleware.shift + app = klass.new(app, *middleware) end - initializers -end -</ruby> - -This method collects the initializers from the ancestors of this class and adds them to a new +Collection+ object using the <tt>+</tt> method which is defined like this for the <tt>Collection</tt> class: - -<ruby> -def +(other) - Collection.new(to_a + other.to_a) + app end </ruby> -So this <tt>+</tt> method is overridden to return a new collection comprising of the existing collection as an array and then using the <tt>Array#+</tt> method combines these two collections, returning a "super" +Collection+ object. In this case, the only initializer that's going to be in this new +Collection+ object is the +i18n.callbacks+ initializer. - -The next method to be called after this +initializer+ method is the +after_initialize+ method on the +config+ object, which is defined like this: +Remember, +build_app+ was called (by wrapped_app) in the last line of +Server#start+. +Here's how it looked like when we left: <ruby> -def after_initialize(&block) - ActiveSupport.on_load(:after_initialize, :yield => true, &block) -end +server.run wrapped_app, options, &blk </ruby> -The +on_load+ method here is provided by the +active_support/lazy_load_hooks+ file which was required earlier and is defined like this: +At this point, the implementation of +server.run+ will depend on the +server you're using. For example, if you were using Mongrel, here's what +the +run+ method would look like: <ruby> -def self.on_load(name, options = {}, &block) - if base = @loaded[name] - execute_hook(base, options, block) +def self.run(app, options={}) + server = ::Mongrel::HttpServer.new( + options[:Host] || '0.0.0.0', + options[:Port] || 8080, + options[:num_processors] || 950, + options[:throttle] || 0, + options[:timeout] || 60) + # Acts like Rack::URLMap, utilizing Mongrel's own path finding methods. + # Use is similar to #run, replacing the app argument with a hash of + # { path=>app, ... } or an instance of Rack::URLMap. + if options[:map] + if app.is_a? Hash + app.each do |path, appl| + path = '/'+path unless path[0] == ?/ + server.register(path, Rack::Handler::Mongrel.new(appl)) + end + elsif app.is_a? URLMap + app.instance_variable_get(:@mapping).each do |(host, path, appl)| + next if !host.nil? && !options[:Host].nil? && options[:Host] != host + path = '/'+path unless path[0] == ?/ + server.register(path, Rack::Handler::Mongrel.new(appl)) + end + else + raise ArgumentError, "first argument should be a Hash or URLMap" + end else - @load_hooks[name] << [block, options] - end -end -</ruby> - -The +@loaded+ variable here is a hash containing elements representing the different components of Rails that have been loaded at this stage. Currently, this hash is empty. So the +else+ is executed here, using the +@load_hooks+ variable defined in +active_support/lazy_load_hooks+: - -<ruby> -@load_hooks = Hash.new {|h,k| h[k] = [] } -</ruby> - -This defines a new hash which has keys that default to empty arrays. This saves Rails from having to do something like this instead: - -<ruby> -@load_hooks[name] = [] -@load_hooks[name] << [block, options] -</ruby> - -The value added to this array here consists of the block and options passed to +after_initialize+. - -We'll see these +@load_hooks+ used later on in the initialization process. - -This rest of +i18n_railtie.rb+ defines the protected class methods +include_fallback_modules+, +init_fallbacks+ and +validate_fallbacks+. - -h4. Back to +activesupport/lib/active_support/railtie.rb+ - -This file defines the +ActiveSupport::Railtie+ constant which like the +I18n::Railtie+ constant just defined, inherits from +Rails::Railtie+ meaning the +inherited+ method would be called again here, including +Rails::Configurable+ into this class. This class makes use of +Rails::Railtie+'s +config+ method again, setting up the configuration options for Active Support. - -Then this Railtie sets up three more initializers: - -* +active_support.deprecation_behavior+ -* +active_support.initialize_time_zone+ -* +active_support.set_configs+ - -We will cover what each of these initializers do when they run. - -Once the +active_support/railtie+ file has finished loading the next file required from +railties/lib/rails.rb+ is the +action_dispatch/railtie+. - -h4. +actionpack/lib/action_dispatch/railtie.rb+ - -This file defines the +ActionDispatch::Railtie+ class, but not before requiring +action_dispatch+. - -h4. +actionpack/lib/action_dispatch.rb+ - -This file starts off with the following requires: - -<ruby> -require 'active_support' -require 'active_support/dependencies/autoload' -require 'active_support/core_ext/module/attribute_accessors' -</ruby> - -The following require is to +action_pack+ (+actionpack/lib/action_pack.rb+) which contains a simple require to +action_pack/version+. This file, like other +version.rb+ files before it, defines the +ActionPack::VERSION+ constant: - -<ruby> -module ActionPack - module VERSION #:nodoc: - MAJOR = 4 - MINOR = 0 - TINY = 0 - PRE = "beta" - - STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') + server.register('/', Rack::Handler::Mongrel.new(app)) end + yield server if block_given? + server.run.join end </ruby> -Once +action_pack+ is finished, then +active_model+ is required. - -h4. +activemodel/lib/active_model.rb+ - -This file makes a require to +active_model/version+ which defines the version for Active Model: - -<ruby> -module ActiveModel - module VERSION #:nodoc: - MAJOR = 4 - MINOR = 0 - TINY = 0 - PRE = "beta" - - STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') - end -end -</ruby> - -Once the +version.rb+ file is loaded, the +ActiveModel+ module has its autoloaded constants defined as well as a sub-module called +ActiveModel::Serializers+ which has autoloads of its own. When the +ActiveModel+ module is closed the +active_support/i18n+ file is required. - -h4. +activesupport/lib/active_support/i18n.rb+ - -This is where the +i18n+ gem is required and first configured: - -<ruby> -begin - require 'i18n' - require 'active_support/lazy_load_hooks' -rescue LoadError => e - $stderr.puts "You don't have i18n installed in your application. Please add it to your Gemfile and run bundle install" - raise e -end - -I18n.load_path << "#{File.dirname(__FILE__)}/locale/en.yml" -</ruby> - -In effect, the +I18n+ module first defined by +i18n_railtie+ is extended by the +i18n+ gem, rather than the other way around. This has no ill effect. They both work on the same way. - -This is another spot where +active_support/lazy_load_hooks+ is required, but it has already been required so it's not loaded again. - -If +i18n+ cannot be loaded, the user is presented with an error which says that it cannot be loaded and recommends that it's added to the +Gemfile+. However, in a normal Rails application this gem would be loaded. - -Once it has finished loading, the +I18n.load_path+ method is used to add the +activesupport/lib/active_support/locale/en.yml+ file to I18n's load path. When the translations are loaded in the initialization process, this is one of the files where they will be sourced from. - -The loading of this file finishes the loading of +active_model+ and so we go back to +action_dispatch+. - -h4. Back to +actionpack/lib/action_dispatch.rb+ - -The remainder of this file requires the +rack+ file from the Rack gem which defines the +Rack+ module. After +rack+, there's autoloads defined for the +Rack+, +ActionDispatch+, +ActionDispatch::Http+, +ActionDispatch::Session+. A new method called +autoload_under+ is used here, and this simply prefixes the files where the modules are autoloaded from with the path specified. For example here: - -<ruby> -autoload_under 'testing' do - autoload :Assertions -... -</ruby> - -The +Assertions+ module is in the +action_dispatch/testing+ folder rather than simply +action_dispatch+. - -Finally, this file defines a top-level autoload, the +Mime+ constant. - -h4. Back to +actionpack/lib/action_dispatch/railtie.rb+ - -After +action_dispatch+ is required in this file, the +ActionDispatch::Railtie+ class is defined and is yet another class that inherits from +Rails::Railtie+. This class defines some initial configuration option defaults for +config.action_dispatch+ before setting up a single initializer called +action_dispatch.configure+. - -With +action_dispatch/railtie+ now complete, we go back to +railties/lib/rails.rb+. - -h4. Back to +railties/lib/rails.rb+ - -With the Active Support and Action Dispatch railties now both loaded, the rest of this file deals with setting up UTF-8 to be the default encoding for Rails and then finally setting up the +Rails+ module. This module defines useful methods such as +Rails.logger+, +Rails.application+, +Rails.env+, and +Rails.root+. - -h4. Back to +railties/lib/rails/all.rb+ - -Now that +rails.rb+ is required, the remaining railties are loaded next, beginning with +active_record/railtie+. - -h4. +activerecord/lib/active_record/railtie.rb+ - -Before this file gets into the swing of defining the +ActiveRecord::Railtie+ class, there are a couple of files that are required first. The first one of these is +active_record+. - -h4. +activerecord/lib/active_record.rb+ - -This file begins by detecting if the +lib+ directories of +active_support+ and +active_model+ are not in the load path and if they aren't then adds them. As we saw back in +action_dispatch.rb+, these directories are already there. - -The first couple of requires have already been done by other files and so aren't loaded here, but the next one to +arel+ will require the file provided by the Arel gem, which defines the +Arel+ module. - -<ruby> -require 'active_support' -require 'active_model' -require 'arel' -</ruby> - -The file required next is +active_record/version+ which defines the +ActiveRecord::VERSION+ constant: - -<ruby> -module ActiveRecord - module VERSION #:nodoc: - MAJOR = 4 - MINOR = 0 - TINY = 0 - PRE = "beta" - - STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') - end -end -</ruby> - -Once these requires are finished, the base for the +ActiveRecord+ module is defined along with its autoloads. - -Near the end of the file, we see this line: - -<ruby> -ActiveSupport.on_load(:active_record) do - Arel::Table.engine = self -end -</ruby> - -This will set the engine for +Arel::Table+ to be +ActiveRecord::Base+. - -The file then finishes with this line: - -<ruby> -ActiveSupport.on_load(:i18n) do - I18n.load_path << File.dirname(__FILE__) + '/active_record/locale/en.yml' -end -</ruby> - -This will add the translations from +activerecord/lib/active_record/locale/en.yml+ to the load path for +I18n+, with this file being parsed when all the translations are loaded. - -h4. Back to +activerecord/lib/active_record/railtie.rb+ - -The next two <tt>require</tt>s in this file aren't run because their files are already required, with +rails+ being required by +rails/all+ and +active_model/railtie+ being required from +action_dispatch+. - -<ruby> -require "rails" -require "active_model/railtie" -</ruby> - -The next +require+ in this file is to +action_controller/railtie+. - -h4. +actionpack/lib/action_controller/railtie.rb+ - -This file begins with a couple more requires to files that have already been loaded: - -<ruby> -require "rails" -require "action_controller" -require "action_dispatch/railtie" -</ruby> - -However the require after these is to a file that hasn't yet been loaded, +action_view/railtie+, which begins by requiring +action_view+. - -h4. +actionpack/lib/action_view.rb+ +We wont dig into the server configuration itself, but this is +the last piece of our journey in the Rails initialization process. -+action_view.rb+ +This high level overview will help you understand when you code is +executed and how, and overall become a better Rails developer. If you +still want to know more, the Rails source code itself is probably the +best place to go next. diff --git a/guides/source/layouts_and_rendering.textile b/guides/source/layouts_and_rendering.textile index b0a87a5981..55bd521419 100644 --- a/guides/source/layouts_and_rendering.textile +++ b/guides/source/layouts_and_rendering.textile @@ -23,8 +23,6 @@ From the controller's point of view, there are three ways to create an HTTP resp * Call +redirect_to+ to send an HTTP redirect status code to the browser * Call +head+ to create a response consisting solely of HTTP headers to send back to the browser -I'll cover each of these methods in turn. But first, a few words about the very easiest thing that the controller can do to create a response: nothing at all. - h4. Rendering by Default: Convention Over Configuration in Action You've heard that Rails promotes "convention over configuration". Default rendering is an excellent example of this. By default, controllers in Rails automatically render views with names that correspond to valid routes. For example, if you have this code in your +BooksController+ class: diff --git a/guides/source/rails_on_rack.textile b/guides/source/rails_on_rack.textile index 3a7c392508..63712b22ef 100644 --- a/guides/source/rails_on_rack.textile +++ b/guides/source/rails_on_rack.textile @@ -195,6 +195,23 @@ use Rack::Runtime run Blog::Application.routes </shell> +If you want to remove session related middleware, do the following: + +<ruby> +# config/application.rb +config.middleware.delete "ActionDispatch::Cookies" +config.middleware.delete "ActionDispatch::Session::CookieStore" +config.middleware.delete "ActionDispatch::Flash" +</ruby> + +And to remove browser related middleware, + +<ruby> +# config/application.rb +config.middleware.delete "ActionDispatch::BestStandardsSupport" +config.middleware.delete "Rack::MethodOverride" +</ruby> + h4. Internal Middleware Stack Much of Action Controller's functionality is implemented as Middlewares. The following list explains the purpose of each of them: diff --git a/guides/source/security.textile b/guides/source/security.textile index 0931dd6393..626d6fa508 100644 --- a/guides/source/security.textile +++ b/guides/source/security.textile @@ -588,26 +588,43 @@ h4. Regular Expressions INFO: _A common pitfall in Ruby's regular expressions is to match the string's beginning and end by ^ and $, instead of \A and \z._ -Ruby uses a slightly different approach than many other languages to match the end and the beginning of a string. That is why even many Ruby and Rails books make this wrong. So how is this a security threat? Imagine you have a File model and you validate the file name by a regular expression like this: +Ruby uses a slightly different approach than many other languages to match the end and the beginning of a string. That is why even many Ruby and Rails books make this wrong. So how is this a security threat? Say you wanted to loosely validate a URL field and you used a simple regular expression like this: <ruby> -class File < ActiveRecord::Base - validates :name, :format => /^[\w\.\-\<plus>]<plus>$/ -end + /^https?:\/\/[^\n]+$/i </ruby> -This means, upon saving, the model will validate the file name to consist only of alphanumeric characters, dots, + and -. And the programmer added ^ and $ so that file name will contain these characters from the beginning to the end of the string. However, _(highlight)in Ruby ^ and $ matches the *line* beginning and line end_. And thus a file name like this passes the filter without problems: +This may work fine in some languages. However, _(highlight)in Ruby ^ and $ match the *line* beginning and line end_. And thus a URL like this passes the filter without problems: <plain> -file.txt%0A<script>alert('hello')</script> +javascript:exploit_code();/* +http://hi.com +*/ </plain> -Whereas %0A is a line feed in URL encoding, so Rails automatically converts it to "file.txt\n<script>alert('hello')</script>". This file name passes the filter because the regular expression matches – up to the line end, the rest does not matter. The correct expression should read: +This URL passes the filter because the regular expression matches – the second line, the rest does not matter. Now imagine we had a view that showed the URL like this: + +<ruby> + link_to "Homepage", @user.homepage +</ruby> + +The link looks innocent to visitors, but when it's clicked, it will execute the javascript function "exploit_code" or any other javascript the attacker provides. + +To fix the regular expression, \A and \z should be used instead of ^ and $, like so: <ruby> -/\A[\w\.\-\<plus>]<plus>\z/ + /\Ahttps?:\/\/[^\n]+\z/i </ruby> +Since this is a frequent mistake, the format validator (validates_format_of) now raises an exception if the provided regular expression starts with ^ or ends with $. If you do need to use ^ and $ instead of \A and \z (which is rare), you can set the :multiline option to true, like so: + +<ruby> + # content should include a line "Meanwhile" anywhere in the string + validates :content, :format => { :with => /^Meanwhile$/, :multiline => true } +</ruby> + +Note that this only protects you against the most common mistake when using the format validator - you always need to keep in mind that ^ and $ match the *line* beginning and line end in Ruby, and not the beginning and end of a string. + h4. Privilege Escalation WARNING: _Changing a single parameter may give the user unauthorized access. Remember that every parameter may be changed, no matter how much you hide or obfuscate it._ |