diff options
7 files changed, 71 insertions, 73 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index c9d3b1c55c..cde0f67dac 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -19,21 +19,13 @@ *Prem Sichanugrist* -* Fix `time_zone_options_for_select` to call `dup` on the returned TimeZone array. - - Previously if you supplied :priority_zones options to `time_zone_options_for_select` - the memoized ActiveSupport::TimeZone.all array would be mutated. Calling - `dup` prevents mutation of the main TimeZones array. - - *Brian McManus* - * Remove support for parsing YAML parameters from request. *Aaron Patterson* * Add a message when you have no routes defined to both `rake routes` and GET "/rails/info/routes" that lets you know you have none defined and links - to the Rails Guide on the topic. + to the Rails guide on the topic. *Steve Klabnik* @@ -47,31 +39,30 @@ screen readers by converting both hyphens and underscores to spaces. Before: + image_tag('underscored_file_name.png') # => <img alt="Underscored_file_name" src="/assets/underscored_file_name.png" /> After: + image_tag('underscored_file_name.png') # => <img alt="Underscored file name" src="/assets/underscored_file_name.png" /> *Nick Cox* -* We don't support the `:controller` option for route definitions - with the ruby constant notation. This will now result in an - `ArgumentError`. +* We don't support Ruby constant notation in the `:controller` option for route + definitions. So, this raises an `ArgumentError` now: - Example: - # This raises an ArgumentError: - resources :posts, :controller => "Admin::Posts" + resources :posts, controller: "Admin::Posts" # WRONG - # Use directory notation instead: - resources :posts, :controller => "admin/posts" + Use path notation instead: + + resources :posts, controller: "admin/posts" # RIGHT *Yves Senn* * `assert_template` can be used to verify the locals of partials, which live inside a directory. - Fixes #8516. # Prefixed partials inside directories worked and still work. assert_template partial: 'directory/_partial', locals: {name: 'John'} @@ -79,23 +70,25 @@ # This did not work but does now. assert_template partial: 'directory/partial', locals: {name: 'John'} + Fixes #8516. + *Yves Senn* -* Fix `content_tag_for` with array html option. +* Fix `content_tag_for` with array HTML option. It would embed array as string instead of joining it like `content_tag` does: content_tag(:td, class: ["foo", "bar"]){} - #=> '<td class="foo bar"></td>' + # => <td class="foo bar"></td> Before: content_tag_for(:td, item, class: ["foo", "bar"]) - #=> '<td class="item ["foo", "bar"]" id="item_1"></td>' + # => <td class="item ["foo", "bar"]" id="item_1"></td> After: content_tag_for(:td, item, class: ["foo", "bar"]) - #=> '<td class="item foo bar" id="item_1"></td>' + # => <td class="item foo bar" id="item_1"></td> *Semyon Perepelitsa* @@ -115,35 +108,18 @@ *Piotr Sarnacki* -* Add javascript based routing path matcher to `/rails/info/routes`. +* Add JavaScript based routing path matcher to `/rails/info/routes`. Routes can now be filtered by whether or not they match a path. *Richard Schneeman* -* Given - - params.permit(:name) - - `:name` passes if it is a key of `params` whose value is a permitted scalar. - - Similarly, given - - params.permit(tags: []) - - `:tags` passes if it is a key of `params` whose value is an array of - permitted scalars. - - Permitted scalars filtering happens at any level of nesting. - - *Xavier Noria* - * Change the behavior of route defaults so that explicit defaults are no longer required where the key is not part of the path. For example: resources :posts, bucket_type: 'posts' will be required whenever constructing the url from a hash such as a functional - test or using url_for directly. However using the explicit form alters the + test or using `url_for` directly. However using the explicit form alters the behavior so it's not required: resources :projects, defaults: { bucket_type: 'projects' } @@ -177,7 +153,7 @@ *Colin Burn-Murdoch* -* Fixed json params parsing regression for non-object JSON content. +* Fixed JSON params parsing regression for non-object JSON content. *Dylan Smith* @@ -215,12 +191,13 @@ * Do not append second slash to `root_url` when using `trailing_slash: true` Fix #8700 - Example: - # before - root_url # => http://test.host// + Before: + + root_url(trailing_slash: true) # => http://test.host// - # after - root_url # => http://test.host/ + After: + + root_url(trailing_slash: true) # => http://test.host/ *Yves Senn* @@ -244,8 +221,8 @@ *Yves Senn* -* Added `Mime::NullType` class. This allows to use html?, xml?, json?..etc when - the `format` of `request` is unknown, without raise an exception. +* Added `Mime::NullType` class. This allows to use `html?`, `xml?`, `json?`, etc. + when the format of the request is unknown, without raising an exception. *Angelo Capilleri* @@ -270,7 +247,7 @@ *Matt Venables* -* Prevent raising EOFError on multipart GET request (IE issue). *Adam Stankiewicz* +* Prevent raising `EOFError` on multipart GET request (IE issue). *Adam Stankiewicz* * Rename all action callbacks from *_filter to *_action to avoid the misconception that these callbacks are only suited for transforming or halting the response. With the new style, @@ -1033,6 +1010,8 @@ not submitted with the form. This is a behavior change, previously the hidden tag had a value of the disabled checkbox. *Tadas Tamosauskas* +* `favicon_link_tag` helper will now use the favicon in app/assets by default. *Lucas Caton* + * `ActionView::Helpers::TextHelper#highlight` now defaults to the HTML5 `mark` element. *Brian Cardarella* diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 17379cf7ac..d275a854fd 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -50,6 +50,10 @@ module ActionController #:nodoc: config_accessor :request_forgery_protection_token self.request_forgery_protection_token ||= :authenticity_token + # Holds the class which implements the request forgery protection. + config_accessor :forgery_protection_strategy + self.forgery_protection_strategy = nil + # Controls whether request forgery protection is turned on or not. Turned off by default only in test mode. config_accessor :allow_forgery_protection self.allow_forgery_protection = true if allow_forgery_protection.nil? @@ -82,14 +86,14 @@ module ActionController #:nodoc: # * <tt>:reset_session</tt> - Resets the session. # * <tt>:null_session</tt> - Provides an empty session during request but doesn't reset it completely. Used as default if <tt>:with</tt> option is not specified. def protect_from_forgery(options = {}) - include protection_method_module(options[:with] || :null_session) + self.forgery_protection_strategy = protection_method_class(options[:with] || :null_session) self.request_forgery_protection_token ||= :authenticity_token prepend_before_action :verify_authenticity_token, options end private - def protection_method_module(name) + def protection_method_class(name) ActionController::RequestForgeryProtection::ProtectionMethods.const_get(name.to_s.classify) rescue NameError raise ArgumentError, 'Invalid request forgery protection method, use :null_session, :exception, or :reset_session' @@ -97,17 +101,22 @@ module ActionController #:nodoc: end module ProtectionMethods - module NullSession - protected + class NullSession + def initialize(controller) + @controller = controller + end # This is the method that defines the application behavior when a request is found to be unverified. def handle_unverified_request + request = @controller.request request.session = NullSessionHash.new(request.env) request.env['action_dispatch.request.flash_hash'] = nil request.env['rack.session.options'] = { skip: true } request.env['action_dispatch.cookies'] = NullCookieJar.build(request) end + protected + class NullSessionHash < Rack::Session::Abstract::SessionHash #:nodoc: def initialize(env) super(nil, env) @@ -135,16 +144,20 @@ module ActionController #:nodoc: end end - module ResetSession - protected + class ResetSession + def initialize(controller) + @controller = controller + end def handle_unverified_request - reset_session + @controller.reset_session end end - module Exception - protected + class Exception + def initialize(controller) + @controller = controller + end def handle_unverified_request raise ActionController::InvalidAuthenticityToken @@ -153,6 +166,10 @@ module ActionController #:nodoc: end protected + def handle_unverified_request + forgery_protection_strategy.new(self).handle_unverified_request + end + # The actual before_action that is used. Modify this to change how you handle unverified requests. def verify_authenticity_token unless verified_request? diff --git a/actionpack/lib/action_view/helpers/asset_tag_helper.rb b/actionpack/lib/action_view/helpers/asset_tag_helper.rb index bf78c00e4d..31e37893c6 100644 --- a/actionpack/lib/action_view/helpers/asset_tag_helper.rb +++ b/actionpack/lib/action_view/helpers/asset_tag_helper.rb @@ -152,7 +152,7 @@ module ActionView # * <tt>:type</tt> - Override the auto-generated mime type, defaults to 'image/vnd.microsoft.icon' # # favicon_link_tag '/myicon.ico' - # # => <link href="/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" /> + # # => <link href="/assets/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" /> # # Mobile Safari looks for a different <link> tag, pointing to an image that # will be used if you add the page to the home screen of an iPod Touch, iPhone, or iPad. @@ -161,7 +161,7 @@ module ActionView # favicon_link_tag '/mb-icon.png', rel: 'apple-touch-icon', type: 'image/png' # # => <link href="/assets/mb-icon.png" rel="apple-touch-icon" type="image/png" /> # - def favicon_link_tag(source='/favicon.ico', options={}) + def favicon_link_tag(source='favicon.ico', options={}) tag('link', { :rel => 'shortcut icon', :type => 'image/vnd.microsoft.icon', diff --git a/actionpack/lib/action_view/helpers/form_options_helper.rb b/actionpack/lib/action_view/helpers/form_options_helper.rb index 49473dd129..377819a80c 100644 --- a/actionpack/lib/action_view/helpers/form_options_helper.rb +++ b/actionpack/lib/action_view/helpers/form_options_helper.rb @@ -560,19 +560,19 @@ module ActionView def time_zone_options_for_select(selected = nil, priority_zones = nil, model = ::ActiveSupport::TimeZone) zone_options = "".html_safe - zones = model.all.dup + zones = model.all convert_zones = lambda { |list| list.map { |z| [ z.to_s, z.name ] } } if priority_zones if priority_zones.is_a?(Regexp) - priority_zones = zones.select { |z| z =~ priority_zones } + priority_zones = zones.grep(priority_zones) end zone_options.safe_concat options_for_select(convert_zones[priority_zones], selected) zone_options.safe_concat content_tag(:option, '-------------', :value => '', :disabled => 'disabled') zone_options.safe_concat "\n" - zones.reject! { |z| priority_zones.include?(z) } + zones = zones - priority_zones end zone_options.safe_concat options_for_select(convert_zones[zones], selected) diff --git a/actionpack/test/template/asset_tag_helper_test.rb b/actionpack/test/template/asset_tag_helper_test.rb index 185f742c7f..11614a45dc 100644 --- a/actionpack/test/template/asset_tag_helper_test.rb +++ b/actionpack/test/template/asset_tag_helper_test.rb @@ -200,7 +200,7 @@ class AssetTagHelperTest < ActionView::TestCase } FaviconLinkToTag = { - %(favicon_link_tag) => %(<link href="/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />), + %(favicon_link_tag) => %(<link href="/images/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />), %(favicon_link_tag 'favicon.ico') => %(<link href="/images/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />), %(favicon_link_tag 'favicon.ico', :rel => 'foo') => %(<link href="/images/favicon.ico" rel="foo" type="image/vnd.microsoft.icon" />), %(favicon_link_tag 'favicon.ico', :rel => 'foo', :type => 'bar') => %(<link href="/images/favicon.ico" rel="foo" type="bar" />), diff --git a/actionpack/test/template/form_options_helper_test.rb b/actionpack/test/template/form_options_helper_test.rb index 04c3fd4649..04cdd068c8 100644 --- a/actionpack/test/template/form_options_helper_test.rb +++ b/actionpack/test/template/form_options_helper_test.rb @@ -21,10 +21,10 @@ class FormOptionsHelperTest < ActionView::TestCase end def setup - @fake_timezones = %w(A B C D E).inject([]) do |zones, id| + @fake_timezones = %w(A B C D E).map do |id| tz = TZInfo::Timezone.loaded_zones[id] = stub(:name => id, :to_s => id) ActiveSupport::TimeZone.stubs(:[]).with(id).returns(tz) - zones << tz + tz end ActiveSupport::TimeZone.stubs(:all).returns(@fake_timezones) end @@ -351,7 +351,7 @@ class FormOptionsHelperTest < ActionView::TestCase ) end - def test_time_zone_options_no_parms + def test_time_zone_options_no_params opts = time_zone_options_for_select assert_dom_equal "<option value=\"A\">A</option>\n" + "<option value=\"B\">B</option>\n" + @@ -1086,11 +1086,13 @@ class FormOptionsHelperTest < ActionView::TestCase def test_time_zone_select_with_priority_zones_as_regexp @firm = Firm.new("D") + + priority_zones = /A|D/ @fake_timezones.each_with_index do |tz, i| - tz.stubs(:=~).returns(i.zero? || i == 3) + priority_zones.stubs(:===).with(tz).returns(i.zero? || i == 3) end - html = time_zone_select("firm", "time_zone", /A|D/) + html = time_zone_select("firm", "time_zone", priority_zones) assert_dom_equal "<select id=\"firm_time_zone\" name=\"firm[time_zone]\">" + "<option value=\"A\">A</option>\n" + "<option value=\"D\" selected=\"selected\">D</option>" + diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb index 1b88b834c7..17763b39c5 100644 --- a/railties/lib/rails/application/configuration.rb +++ b/railties/lib/rails/application/configuration.rb @@ -97,9 +97,9 @@ module Rails self end - # Loads and returns the contents of the #database_configuration_file. The - # contents of the file are processed via ERB before being sent through - # YAML::load. + # Loads and returns the configuration of the database. + # First, looks at If ENV['DATABASE_URL'] if it's not present it uses the #paths["config/database"] + # The contents of the file are processed via ERB before being sent through YAML::load. def database_configuration if ENV['DATABASE_URL'] {Rails.env => ActiveRecord::ConnectionAdapters::ConnectionSpecification::Resolver.connection_url_to_hash(ENV['DATABASE_URL']).stringify_keys} |