5 files changed, 19 insertions, 21 deletions

diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index c38d8ccef3..f1e8714a86 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -32,14 +32,14 @@ module ActionController
       # ==== Options
       # * <tt>host</tt>   - Redirect to a different host name
       # * <tt>only</tt>   - The callback should be run only for this action
-      # * <tt>except</tt>  - The callback should be run for all actions except this action
+      # * <tt>except</tt> - The callback should be run for all actions except this action
       # * <tt>if</tt>     - A symbol naming an instance method or a proc; the callback
       #                     will be called only when it returns a true value.
       # * <tt>unless</tt> - A symbol naming an instance method or a proc; the callback
       #                     will be called only when it returns a false value.
       def force_ssl(options = {})
         host = options.delete(:host)
-        before_filter(options) do
+        before_action(options) do
           force_ssl_redirect(host)
         end
       end
diff --git a/actionpack/lib/action_controller/metal/helpers.rb b/actionpack/lib/action_controller/metal/helpers.rb
index d2cbbd3330..35facd13c8 100644
--- a/actionpack/lib/action_controller/metal/helpers.rb
+++ b/actionpack/lib/action_controller/metal/helpers.rb
@@ -1,4 +1,3 @@
-
 module ActionController
   # The \Rails framework provides a large number of helpers for working with assets, dates, forms,
   # numbers and model objects, to name a few. These helpers are available to all templates
@@ -91,11 +90,11 @@ module ActionController
       end
 
       def all_helpers_from_path(path)
-        helpers = []
-        Array(path).each do |_path|
-          extract  = /^#{Regexp.quote(_path.to_s)}\/?(.*)_helper.rb$/
+        helpers = Array(path).flat_map do |_path|
+          extract = /^#{Regexp.quote(_path.to_s)}\/?(.*)_helper.rb$/
           names = Dir["#{_path}/**/*_helper.rb"].map { |file| file.sub(extract, '\1') }
-          helpers += names.sort
+          names.sort!
+          names
         end
         helpers.uniq!
         helpers
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index d3b5bafee1..283f6413ec 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -25,7 +25,7 @@ module ActionController
     # the regular HTML interface is protected by a session approach:
     #
     #   class ApplicationController < ActionController::Base
-    #     before_filter :set_account, :authenticate
+    #     before_action :set_account, :authenticate
     #
     #     protected
     #       def set_account
@@ -68,7 +68,7 @@ module ActionController
 
         module ClassMethods
           def http_basic_authenticate_with(options = {})
-            before_filter(options.except(:name, :password, :realm)) do
+            before_action(options.except(:name, :password, :realm)) do
               authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password|
                 name == options[:name] && password == options[:password]
               end
@@ -124,7 +124,7 @@ module ActionController
     #     USERS = {"dhh" => "secret", #plain text password
     #              "dap" => Digest::MD5.hexdigest(["dap",REALM,"secret"].join(":"))}  #ha1 digest password
     #
-    #     before_filter :authenticate, except: [:index]
+    #     before_action :authenticate, except: [:index]
     #
     #     def index
     #       render text: "Everyone can see me!"
@@ -317,7 +317,7 @@ module ActionController
     #   class PostsController < ApplicationController
     #     TOKEN = "secret"
     #
-    #     before_filter :authenticate, except: [ :index ]
+    #     before_action :authenticate, except: [ :index ]
     #
     #     def index
     #       render text: "Everyone can see me!"
@@ -340,7 +340,7 @@ module ActionController
     # the regular HTML interface is protected by a session approach:
     #
     #   class ApplicationController < ActionController::Base
-    #     before_filter :set_account, :authenticate
+    #     before_action :set_account, :authenticate
     #
     #     protected
     #       def set_account
diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index b23938e7d9..091facfd8d 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -74,7 +74,7 @@ module ActionController
 
     private
       def _extract_redirect_to_status(options, response_status)
-        status = if options.is_a?(Hash) && options.key?(:status)
+        if options.is_a?(Hash) && options.key?(:status)
           Rack::Utils.status_code(options.delete(:status))
         elsif response_status.key?(:status)
           Rack::Utils.status_code(response_status[:status])
@@ -94,8 +94,7 @@ module ActionController
         when String
           request.protocol + request.host_with_port + options
         when :back
-          raise RedirectBackError unless refer = request.headers["Referer"]
-          refer
+          request.headers["Referer"] or raise RedirectBackError
         when Proc
           _compute_redirect_to_location options.call
         else
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 265ce5d6f3..c5db0cb0d4 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -19,7 +19,7 @@ module ActionController #:nodoc:
   #
   #   class ApplicationController < ActionController::Base
   #     protect_from_forgery
-  #     skip_before_filter :verify_authenticity_token, if: :json_request?
+  #     skip_before_action :verify_authenticity_token, if: :json_request?
   #
   #     protected
   #
@@ -66,15 +66,15 @@ module ActionController #:nodoc:
       #
       # You can disable csrf protection on controller-by-controller basis:
       #
-      #   skip_before_filter :verify_authenticity_token
+      #   skip_before_action :verify_authenticity_token
       #
       # It can also be disabled for specific controller actions:
       #
-      #   skip_before_filter :verify_authenticity_token, except: [:create]
+      #   skip_before_action :verify_authenticity_token, except: [:create]
       #
       # Valid Options:
       #
-      # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call. Set which actions are verified.
+      # * <tt>:only/:except</tt> - Passed to the <tt>before_action</tt> call. Set which actions are verified.
       # * <tt>:with</tt> - Set the method to handle unverified request.
       #
       # Valid unverified request handling methods are:
@@ -84,7 +84,7 @@ module ActionController #:nodoc:
       def protect_from_forgery(options = {})
         include protection_method_module(options[:with] || :null_session)
         self.request_forgery_protection_token ||= :authenticity_token
-        prepend_before_filter :verify_authenticity_token, options
+        prepend_before_action :verify_authenticity_token, options
       end
 
       private
@@ -152,7 +152,7 @@ module ActionController #:nodoc:
     end
 
     protected
-      # The actual before_filter that is used. Modify this to change how you handle unverified requests.
+      # The actual before_action that is used. Modify this to change how you handle unverified requests.
       def verify_authenticity_token
         unless verified_request?
           logger.warn "Can't verify CSRF token authenticity" if logger