9 files changed, 61 insertions, 44 deletions
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index acff22d565..b29c5b23fc 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -18,9 +18,10 @@ module ActionController
     end
 
     def assign_parameters(routes, controller_path, action, parameters = {})
-      parameters = parameters.symbolize_keys.merge(:controller => controller_path, :action => action)
-      extra_keys = routes.extra_keys(parameters)
+      parameters = parameters.symbolize_keys
+      extra_keys = routes.extra_keys(parameters.merge(:controller => controller_path, :action => action))
       non_path_parameters = get? ? query_parameters : request_parameters
+
       parameters.each do |key, value|
         if value.is_a?(Array) && (value.frozen? || value.any?(&:frozen?))
           value = value.map{ |v| v.duplicable? ? v.dup : v }
@@ -30,7 +31,7 @@ module ActionController
           value = value.dup
         end
 
-        if extra_keys.include?(key)
+        if extra_keys.include?(key) || key == :action || key == :controller
           non_path_parameters[key] = value
         else
           if value.is_a?(Array)
@@ -43,19 +44,16 @@ module ActionController
         end
       end
 
+      path_parameters[:controller] = controller_path
+      path_parameters[:action] = action
+
       # Clear the combined params hash in case it was already referenced.
       @env.delete("action_dispatch.request.parameters")
 
       # Clear the filter cache variables so they're not stale
       @filtered_parameters = @filtered_env = @filtered_path = nil
 
-      params = self.request_parameters.dup
-      %w(controller action only_path).each do |k|
-        params.delete(k)
-        params.delete(k.to_sym)
-      end
-      data = params.to_query
-
+      data = request_parameters.to_query
       @env['CONTENT_LENGTH'] = data.length.to_s
       @env['rack.input'] = StringIO.new(data)
     end
@@ -482,12 +480,10 @@ module ActionController
         @controller.request  = @request
         @controller.response = @response
 
-        build_request_uri(action, parameters)
-
-        name = @request.parameters[:action]
+        build_request_uri(controller_class_name, action, parameters)
 
         @controller.recycle!
-        @controller.process(name)
+        @controller.process(action)
 
         if cookies = @request.env['action_dispatch.cookies']
           unless @response.committed?
@@ -603,10 +599,11 @@ module ActionController
         end
       end
 
-      def build_request_uri(action, parameters)
+      def build_request_uri(controller_class_name, action, parameters)
         unless @request.env["PATH_INFO"]
           options = @controller.respond_to?(:url_options) ? @controller.__send__(:url_options).merge(parameters) : parameters
           options.update(
+            :controller => controller_class_name,
             :action => action,
             :relative_url_root => nil,
             :_recall => @request.path_parameters)
diff --git a/actionpack/test/controller/test_case_test.rb b/actionpack/test/controller/test_case_test.rb
index a1afdc32c7..37f27c5d36 100644
--- a/actionpack/test/controller/test_case_test.rb
+++ b/actionpack/test/controller/test_case_test.rb
@@ -48,6 +48,14 @@ class TestCaseTest < ActionController::TestCase
       render text: params.inspect
     end
 
+    def test_query_parameters
+      render text: request.query_parameters.inspect
+    end
+
+    def test_request_parameters
+      render text: request.request_parameters.inspect
+    end
+
     def test_uri
       render text: request.fullpath
     end
@@ -547,6 +555,18 @@ XML
     )
   end
 
+  def test_query_param_named_action
+    get :test_query_parameters, params: {action: 'foobar'}
+    parsed_params = eval(@response.body)
+    assert_equal({action: 'foobar'}, parsed_params)
+  end
+
+  def test_request_param_named_action
+    post :test_request_parameters, params: {action: 'foobar'}
+    parsed_params = eval(@response.body)
+    assert_equal({'action' => 'foobar'}, parsed_params)
+  end
+
   def test_kwarg_params_passing_with_session_and_flash
     get :test_params, params: {
       page: {
diff --git a/guides/source/initialization.md b/guides/source/initialization.md
index 0e9881e5dc..43083ebb86 100644
--- a/guides/source/initialization.md
+++ b/guides/source/initialization.md
@@ -53,11 +53,11 @@ require "rails/cli"
 ```
 
 The file `railties/lib/rails/cli` in turn calls
-`Rails::AppRailsLoader.exec_app_rails`.
+`Rails::AppLoader.exec_app`.
 
-### `railties/lib/rails/app_rails_loader.rb`
+### `railties/lib/rails/app_loader.rb`
 
-The primary goal of the function `exec_app_rails` is to execute your app's
+The primary goal of the function `exec_app` is to execute your app's
 `bin/rails`. If the current directory does not have a `bin/rails`, it will
 navigate upwards until it finds a `bin/rails` executable. Thus one can invoke a
 `rails` command from anywhere inside a rails application.
diff --git a/guides/source/security.md b/guides/source/security.md
index 46fc8795e2..93580d4d4e 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -712,7 +712,7 @@ The log files on www.attacker.com will read like this:
 GET http://www.attacker.com/_app_session=836c1c25278e5b321d6bea4f19cb57e2
 ```
 
-You can mitigate these attacks (in the obvious way) by adding the **httpOnly** flag to cookies, so that document.cookie may not be read by JavaScript. Http only cookies can be used from IE v6.SP1, Firefox v2.0.0.5 and Opera 9.5. Safari is still considering, it ignores the option. But other, older browsers (such as WebTV and IE 5.5 on Mac) can actually cause the page to fail to load. Be warned that cookies [will still be visible using Ajax](http://ha.ckers.org/blog/20070719/firefox-implements-httponly-and-is-vulnerable-to-xmlhttprequest/), though.
+You can mitigate these attacks (in the obvious way) by adding the **httpOnly** flag to cookies, so that document.cookie may not be read by JavaScript. Http only cookies can be used from IE v6.SP1, Firefox v2.0.0.5 and Opera 9.5. Safari is still considering, it ignores the option. But other, older browsers (such as WebTV and IE 5.5 on Mac) can actually cause the page to fail to load. Be warned that cookies [will still be visible using Ajax](https://www.owasp.org/index.php/HTTPOnly#Browsers_Supporting_HttpOnly), though.
 
 ##### Defacement
 
diff --git a/railties/lib/rails/app_rails_loader.rb b/railties/lib/rails/app_loader.rb
index 9a7c6c5f2d..a9fe21824e 100644
--- a/railties/lib/rails/app_rails_loader.rb
+++ b/railties/lib/rails/app_loader.rb
@@ -2,7 +2,7 @@ require 'pathname'
 require 'rails/version'
 
 module Rails
-  module AppRailsLoader
+  module AppLoader # :nodoc:
     extend self
 
     RUBY = Gem.ruby
@@ -29,7 +29,7 @@ generate it and add it to source control:
 
 EOS
 
-    def exec_app_rails
+    def exec_app
       original_cwd = Dir.pwd
 
       loop do
diff --git a/railties/lib/rails/cli.rb b/railties/lib/rails/cli.rb
index dd70c272c6..a8794bc0de 100644
--- a/railties/lib/rails/cli.rb
+++ b/railties/lib/rails/cli.rb
@@ -1,8 +1,8 @@
-require 'rails/app_rails_loader'
+require 'rails/app_loader'
 
 # If we are inside a Rails application this method performs an exec and thus
 # the rest of this script is not run.
-Rails::AppRailsLoader.exec_app_rails
+Rails::AppLoader.exec_app
 
 require 'rails/ruby_version_check'
 Signal.trap("INT") { puts; exit(1) }
diff --git a/railties/lib/rails/tasks/framework.rake b/railties/lib/rails/tasks/framework.rake
index 6ff39c40f9..904b9d9ad6 100644
--- a/railties/lib/rails/tasks/framework.rake
+++ b/railties/lib/rails/tasks/framework.rake
@@ -37,23 +37,21 @@ namespace :rails do
 
   namespace :update do
     class RailsUpdate
-
       def self.invoke_from_app_generator(method)
-        RailsUpdate.app_generator.send(method)
+        app_generator.send(method)
       end
 
       def self.app_generator
         @app_generator ||= begin
-                             require 'rails/generators'
-                             require 'rails/generators/rails/app/app_generator'
-                             gen = Rails::Generators::AppGenerator.new ["rails"], { with_dispatchers: true },
-                               destination_root: Rails.root
-                             File.exist?(Rails.root.join("config", "application.rb")) ?
-                               gen.send(:app_const) : gen.send(:valid_const?)
-                             gen
-                           end
+          require 'rails/generators'
+          require 'rails/generators/rails/app/app_generator'
+          gen = Rails::Generators::AppGenerator.new ["rails"], { with_dispatchers: true },
+            destination_root: Rails.root
+          File.exist?(Rails.root.join("config", "application.rb")) ?
+            gen.send(:app_const) : gen.send(:valid_const?)
+          gen
+        end
       end
-
     end
 
     # desc "Update config/boot.rb from your current rails install"
diff --git a/railties/test/app_rails_loader_test.rb b/railties/test/app_loader_test.rb
index d4885447e6..5946c8fd4c 100644
--- a/railties/test/app_rails_loader_test.rb
+++ b/railties/test/app_loader_test.rb
@@ -1,11 +1,11 @@
 require 'tmpdir'
 require 'abstract_unit'
-require 'rails/app_rails_loader'
+require 'rails/app_loader'
 
-class AppRailsLoaderTest < ActiveSupport::TestCase
+class AppLoaderTest < ActiveSupport::TestCase
   def loader
     @loader ||= Class.new do
-      extend Rails::AppRailsLoader
+      extend Rails::AppLoader
 
       def self.exec_arguments
         @exec_arguments
@@ -23,7 +23,7 @@ class AppRailsLoaderTest < ActiveSupport::TestCase
   end
 
   def expects_exec(exe)
-    assert_equal [Rails::AppRailsLoader::RUBY, exe], loader.exec_arguments
+    assert_equal [Rails::AppLoader::RUBY, exe], loader.exec_arguments
   end
 
   setup do
@@ -38,20 +38,20 @@ class AppRailsLoaderTest < ActiveSupport::TestCase
     test "is not in a Rails application if #{exe} is not found in the current or parent directories" do
       def loader.find_executables; end
 
-      assert !loader.exec_app_rails
+      assert !loader.exec_app
     end
 
     test "is not in a Rails application if #{exe} exists but is a folder" do
       FileUtils.mkdir_p(exe)
 
-      assert !loader.exec_app_rails
+      assert !loader.exec_app
     end
 
     ['APP_PATH', 'ENGINE_PATH'].each do |keyword|
       test "is in a Rails application if #{exe} exists and contains #{keyword}" do
         write exe, keyword
 
-        loader.exec_app_rails
+        loader.exec_app
 
         expects_exec exe
       end
@@ -59,7 +59,7 @@ class AppRailsLoaderTest < ActiveSupport::TestCase
       test "is not in a Rails application if #{exe} exists but doesn't contain #{keyword}" do
         write exe
 
-        assert !loader.exec_app_rails
+        assert !loader.exec_app
       end
 
       test "is in a Rails application if parent directory has #{exe} containing #{keyword} and chdirs to the root directory" do
@@ -68,7 +68,7 @@ class AppRailsLoaderTest < ActiveSupport::TestCase
 
         Dir.chdir('foo/bar')
 
-        loader.exec_app_rails
+        loader.exec_app
 
         expects_exec exe
 
diff --git a/railties/test/application/rake/framework_test.rb b/railties/test/application/rake/framework_test.rb
index d2c2ae2fa0..ec57af79f6 100644
--- a/railties/test/application/rake/framework_test.rb
+++ b/railties/test/application/rake/framework_test.rb
@@ -6,7 +6,6 @@ module ApplicationTests
     class FrameworkTest < ActiveSupport::TestCase
       include ActiveSupport::Testing::Isolation
 
-
       def setup
         build_app
         boot_rails
@@ -27,7 +26,9 @@ module ApplicationTests
 
       test 'requiring the rake task should not define method .app_generator on Object' do
         require "#{app_path}/config/environment"
+
         load_tasks
+
         assert_raise NameError do
           Object.method(:app_generator)
         end
@@ -35,6 +36,7 @@ module ApplicationTests
 
       test 'requiring the rake task should not define method .invoke_from_app_generator on Object' do
         require "#{app_path}/config/environment"
+
         load_tasks
 
         assert_raise NameError do