diff options
Diffstat (limited to 'actionpack/lib/action_controller')
4 files changed, 51 insertions, 11 deletions
diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb index 881af74147..93241fc056 100644 --- a/actionpack/lib/action_controller/metal/params_wrapper.rb +++ b/actionpack/lib/action_controller/metal/params_wrapper.rb @@ -2,6 +2,7 @@ require 'active_support/core_ext/class/attribute' require 'active_support/core_ext/hash/slice' require 'active_support/core_ext/hash/except' require 'active_support/core_ext/array/wrap' +require 'active_support/core_ext/module/anonymous' require 'action_dispatch/http/mime_types' module ActionController @@ -136,15 +137,25 @@ module ActionController # this could be done by trying to find the defined model that has the # same singularize name as the controller. For example, +UsersController+ # will try to find if the +User+ model exists. - def _default_wrap_model + # + # This method also does namespace lookup. Foo::Bar::UsersController will + # try to find Foo::Bar::User, Foo::User and finally User. + def _default_wrap_model #:nodoc: + return nil if self.anonymous? + model_name = self.name.sub(/Controller$/, '').singularize begin model_klass = model_name.constantize - rescue NameError => e - unscoped_model_name = model_name.split("::", 2).last - break if unscoped_model_name == model_name - model_name = unscoped_model_name + rescue NameError, ArgumentError => e + if e.message =~ /is not missing constant|uninitialized constant #{model_name}/ + namespaces = model_name.split("::") + namespaces.delete_at(-2) + break if namespaces.last == model_name + model_name = namespaces.join("::") + else + raise + end end until model_klass model_klass @@ -155,12 +166,12 @@ module ActionController unless options[:only] || options[:except] model ||= _default_wrap_model - if model.respond_to?(:column_names) - options[:only] = model.column_names + if model.respond_to?(:attribute_names) && model.attribute_names.present? + options[:only] = model.attribute_names end end - unless options[:name] + unless options[:name] || self.anonymous? model ||= _default_wrap_model options[:name] = model ? model.to_s.demodulize.underscore : controller_name.singularize @@ -218,7 +229,7 @@ module ActionController # Checks if we should perform parameters wrapping. def _wrapper_enabled? ref = request.content_mime_type.try(:ref) - _wrapper_formats.include?(ref) && !request.request_parameters[_wrapper_key] + _wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters[_wrapper_key] end end end diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 1cd93a188c..13044a7450 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -73,7 +73,10 @@ module ActionController #:nodoc: protected # The actual before_filter that is used. Modify this to change how you handle unverified requests. def verify_authenticity_token - verified_request? || handle_unverified_request + unless verified_request? + logger.debug "WARNING: Can't verify CSRF token authenticity" if logger + handle_unverified_request + end end def handle_unverified_request diff --git a/actionpack/lib/action_controller/metal/url_for.rb b/actionpack/lib/action_controller/metal/url_for.rb index 6fc0cf1fb8..08132b1900 100644 --- a/actionpack/lib/action_controller/metal/url_for.rb +++ b/actionpack/lib/action_controller/metal/url_for.rb @@ -1,3 +1,24 @@ +# Includes +url_for+ into the host class. The class has to provide a +RouteSet+ by implementing +# the <tt>_routes</tt> method. Otherwise, an exception will be raised. +# +# In addition to <tt>AbstractController::UrlFor</tt>, this module accesses the HTTP layer to define +# url options like the +host+. In order to do so, this module requires the host class +# to implement +env+ and +request+, which need to be a Rack-compatible. +# +# Example: +# +# class RootUrl +# include ActionController::UrlFor +# include Rails.application.routes.url_helpers +# +# delegate :env, :request, :to => :controller +# +# def initialize(controller) +# @controller = controller +# @url = root_path # named route from the application. +# end +# end +# => module ActionController module UrlFor extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index 0085f542aa..89ff5ba174 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -2,6 +2,7 @@ require 'rack/session/abstract/id' require 'active_support/core_ext/object/blank' require 'active_support/core_ext/object/to_query' require 'active_support/core_ext/class/attribute' +require 'active_support/core_ext/module/anonymous' module ActionController module TemplateAssertions @@ -413,7 +414,11 @@ module ActionController @request.env['REQUEST_METHOD'] = http_method parameters ||= {} - @request.assign_parameters(@routes, @controller.class.name.underscore.sub(/_controller$/, ''), action.to_s, parameters) + controller_class_name = @controller.class.anonymous? ? + "anonymous_controller" : + @controller.class.name.underscore.sub(/_controller$/, '') + + @request.assign_parameters(@routes, controller_class_name, action.to_s, parameters) @request.session = ActionController::TestSession.new(session) if session @request.session["flash"] = @request.flash.update(flash || {}) |