diff options
Diffstat (limited to 'actionpack/lib/action_controller')
40 files changed, 539 insertions, 596 deletions
diff --git a/actionpack/lib/action_controller/assertions.rb b/actionpack/lib/action_controller/assertions.rb deleted file mode 100644 index 5b9a2b71f2..0000000000 --- a/actionpack/lib/action_controller/assertions.rb +++ /dev/null @@ -1,69 +0,0 @@ -require 'test/unit/assertions' - -module ActionController #:nodoc: - # In addition to these specific assertions, you also have easy access to various collections that the regular test/unit assertions - # can be used against. These collections are: - # - # * assigns: Instance variables assigned in the action that are available for the view. - # * session: Objects being saved in the session. - # * flash: The flash objects currently in the session. - # * cookies: Cookies being sent to the user on this request. - # - # These collections can be used just like any other hash: - # - # assert_not_nil assigns(:person) # makes sure that a @person instance variable was set - # assert_equal "Dave", cookies[:name] # makes sure that a cookie called :name was set as "Dave" - # assert flash.empty? # makes sure that there's nothing in the flash - # - # For historic reasons, the assigns hash uses string-based keys. So assigns[:person] won't work, but assigns["person"] will. To - # appease our yearning for symbols, though, an alternative accessor has been devised using a method call instead of index referencing. - # So assigns(:person) will work just like assigns["person"], but again, assigns[:person] will not work. - # - # On top of the collections, you have the complete url that a given action redirected to available in redirect_to_url. - # - # For redirects within the same controller, you can even call follow_redirect and the redirect will be followed, triggering another - # action call which can then be asserted against. - # - # == Manipulating the request collections - # - # The collections described above link to the response, so you can test if what the actions were expected to do happened. But - # sometimes you also want to manipulate these collections in the incoming request. This is really only relevant for sessions - # and cookies, though. For sessions, you just do: - # - # @request.session[:key] = "value" - # - # For cookies, you need to manually create the cookie, like this: - # - # @request.cookies["key"] = CGI::Cookie.new("key", "value") - # - # == Testing named routes - # - # If you're using named routes, they can be easily tested using the original named routes' methods straight in the test case. - # Example: - # - # assert_redirected_to page_url(:title => 'foo') - module Assertions - def self.included(klass) - %w(response selector tag dom routing model).each do |kind| - require "action_controller/assertions/#{kind}_assertions" - klass.module_eval { include const_get("#{kind.camelize}Assertions") } - end - end - - def clean_backtrace(&block) - yield - rescue Test::Unit::AssertionFailedError => error - framework_path = Regexp.new(File.expand_path("#{File.dirname(__FILE__)}/assertions")) - error.backtrace.reject! { |line| File.expand_path(line) =~ framework_path } - raise - end - end -end - -module Test #:nodoc: - module Unit #:nodoc: - class TestCase #:nodoc: - include ActionController::Assertions - end - end -end diff --git a/actionpack/lib/action_controller/assertions/model_assertions.rb b/actionpack/lib/action_controller/assertions/model_assertions.rb index d25214bb66..3a7b39b106 100644 --- a/actionpack/lib/action_controller/assertions/model_assertions.rb +++ b/actionpack/lib/action_controller/assertions/model_assertions.rb @@ -11,6 +11,7 @@ module ActionController # assert_valid(model) # def assert_valid(record) + ::ActiveSupport::Deprecation.warn("assert_valid is deprecated. Use assert record.valid? instead", caller) clean_backtrace do assert record.valid?, record.errors.full_messages.join("\n") end diff --git a/actionpack/lib/action_controller/assertions/response_assertions.rb b/actionpack/lib/action_controller/assertions/response_assertions.rb index e2e8bbdc71..7ab24389b8 100644 --- a/actionpack/lib/action_controller/assertions/response_assertions.rb +++ b/actionpack/lib/action_controller/assertions/response_assertions.rb @@ -1,6 +1,3 @@ -require 'rexml/document' -require 'html/document' - module ActionController module Assertions # A small suite of assertions that test responses from Rails applications. diff --git a/actionpack/lib/action_controller/assertions/selector_assertions.rb b/actionpack/lib/action_controller/assertions/selector_assertions.rb index bcbb570e4b..e03fed7abb 100644 --- a/actionpack/lib/action_controller/assertions/selector_assertions.rb +++ b/actionpack/lib/action_controller/assertions/selector_assertions.rb @@ -3,9 +3,6 @@ # Under MIT and/or CC By license. #++ -require 'rexml/document' -require 'html/document' - module ActionController module Assertions unless const_defined?(:NO_STRIP) diff --git a/actionpack/lib/action_controller/assertions/tag_assertions.rb b/actionpack/lib/action_controller/assertions/tag_assertions.rb index 90ba3668fb..80249e0e83 100644 --- a/actionpack/lib/action_controller/assertions/tag_assertions.rb +++ b/actionpack/lib/action_controller/assertions/tag_assertions.rb @@ -1,6 +1,3 @@ -require 'rexml/document' -require 'html/document' - module ActionController module Assertions # Pair of assertions to testing elements in the HTML output of the response. @@ -127,4 +124,4 @@ module ActionController end end end -end
\ No newline at end of file +end diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index b001b355dc..c2f0c1c4f6 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -1,12 +1,3 @@ -require 'action_controller/mime_type' -require 'action_controller/request' -require 'action_controller/response' -require 'action_controller/routing' -require 'action_controller/resources' -require 'action_controller/url_rewriter' -require 'action_controller/status_codes' -require 'action_view' -require 'drb' require 'set' module ActionController #:nodoc: @@ -336,6 +327,10 @@ module ActionController #:nodoc: # sets it to <tt>:authenticity_token</tt> by default. cattr_accessor :request_forgery_protection_token + # Controls the IP Spoofing check when determining the remote IP. + @@ip_spoofing_check = true + cattr_accessor :ip_spoofing_check + # Indicates whether or not optimise the generated named # route helper methods cattr_accessor :optimise_named_routes @@ -529,7 +524,7 @@ module ActionController #:nodoc: end def send_response - response.prepare! unless component_request? + response.prepare! response end @@ -876,8 +871,9 @@ module ActionController #:nodoc: end end - response.layout = layout = pick_layout(options) - logger.info("Rendering template within #{layout}") if logger && layout + layout = pick_layout(options) + response.layout = layout.path_without_format_and_extension if layout + logger.info("Rendering template within #{layout.path_without_format_and_extension}") if logger && layout if content_type = options[:content_type] response.content_type = content_type.to_s @@ -1029,10 +1025,10 @@ module ActionController #:nodoc: # # * <tt>Hash</tt> - The URL will be generated by calling url_for with the +options+. # * <tt>Record</tt> - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record. - # * <tt>String starting with protocol:// (like http://)</tt> - Is passed straight through as the target for redirection. - # * <tt>String not containing a protocol</tt> - The current protocol and host is prepended to the string. + # * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) - Is passed straight through as the target for redirection. + # * <tt>String</tt> not containing a protocol - The current protocol and host is prepended to the string. # * <tt>:back</tt> - Back to the page that issued the request. Useful for forms that are triggered from multiple places. - # Short-hand for redirect_to(request.env["HTTP_REFERER"]) + # Short-hand for <tt>redirect_to(request.env["HTTP_REFERER"])</tt> # # Examples: # redirect_to :action => "show", :id => 5 @@ -1064,7 +1060,7 @@ module ActionController #:nodoc: status = 302 end - response.redirected_to= options + response.redirected_to = options logger.info("Redirected to #{options}") if logger && logger.info? case options @@ -1239,9 +1235,9 @@ module ActionController #:nodoc: def log_processing_for_parameters parameters = respond_to?(:filter_parameters) ? filter_parameters(params) : params.dup - parameters = parameters.except!(:controller, :action, :format) + parameters = parameters.except!(:controller, :action, :format, :_method) - logger.info " Parameters: #{parameters.inspect}" + logger.info " Parameters: #{parameters.inspect}" unless parameters.empty? end def default_render #:nodoc: @@ -1270,11 +1266,6 @@ module ActionController #:nodoc: @action_name = (params['action'] || 'index') end - def assign_default_content_type_and_charset - response.assign_default_content_type_and_charset! - end - deprecate :assign_default_content_type_and_charset => :'response.assign_default_content_type_and_charset!' - def action_methods self.class.action_methods end @@ -1337,4 +1328,11 @@ module ActionController #:nodoc: close_session end end + + Base.class_eval do + include Flash, Filters, Layout, Benchmarking, Rescue, MimeResponds, Helpers + include Cookies, Caching, Verification, Streaming + include SessionManagement, HttpAuthentication::Basic::ControllerMethods + include RecordIdentifier, RequestForgeryProtection, Translation + end end diff --git a/actionpack/lib/action_controller/caching.rb b/actionpack/lib/action_controller/caching.rb index c4063dfb4b..b4d251eb3c 100644 --- a/actionpack/lib/action_controller/caching.rb +++ b/actionpack/lib/action_controller/caching.rb @@ -2,13 +2,6 @@ require 'fileutils' require 'uri' require 'set' -require 'action_controller/caching/pages' -require 'action_controller/caching/actions' -require 'action_controller/caching/sql_cache' -require 'action_controller/caching/sweeping' -require 'action_controller/caching/fragments' - - module ActionController #:nodoc: # Caching is a cheap way of speeding up slow applications by keeping the result of calculations, renderings, and database calls # around for subsequent requests. Action Controller affords you three approaches in varying levels of granularity: Page, Action, Fragment. @@ -31,6 +24,12 @@ module ActionController #:nodoc: # ActionController::Base.cache_store = :mem_cache_store, "localhost" # ActionController::Base.cache_store = MyOwnStore.new("parameter") module Caching + autoload :Actions, 'action_controller/caching/actions' + autoload :Fragments, 'action_controller/caching/fragments' + autoload :Pages, 'action_controller/caching/pages' + autoload :SqlCache, 'action_controller/caching/sql_cache' + autoload :Sweeping, 'action_controller/caching/sweeping' + def self.included(base) #:nodoc: base.class_eval do @@cache_store = nil @@ -63,10 +62,9 @@ module ActionController #:nodoc: end end - - private + private def cache_configured? self.class.cache_configured? end end -end
\ No newline at end of file +end diff --git a/actionpack/lib/action_controller/caching/fragments.rb b/actionpack/lib/action_controller/caching/fragments.rb index 31cbe27452..c41b1a12cf 100644 --- a/actionpack/lib/action_controller/caching/fragments.rb +++ b/actionpack/lib/action_controller/caching/fragments.rb @@ -10,23 +10,23 @@ module ActionController #:nodoc: # <%= render :partial => "topic", :collection => Topic.find(:all) %> # <% end %> # - # This cache will bind to the name of the action that called it, so if this code was part of the view for the topics/list action, you would - # be able to invalidate it using <tt>expire_fragment(:controller => "topics", :action => "list")</tt>. - # - # This default behavior is of limited use if you need to cache multiple fragments per action or if the action itself is cached using + # This cache will bind to the name of the action that called it, so if this code was part of the view for the topics/list action, you would + # be able to invalidate it using <tt>expire_fragment(:controller => "topics", :action => "list")</tt>. + # + # This default behavior is of limited use if you need to cache multiple fragments per action or if the action itself is cached using # <tt>caches_action</tt>, so we also have the option to qualify the name of the cached fragment with something like: # # <% cache(:action => "list", :action_suffix => "all_topics") do %> # - # That would result in a name such as "/topics/list/all_topics", avoiding conflicts with the action cache and with any fragments that use a - # different suffix. Note that the URL doesn't have to really exist or be callable - the url_for system is just used to generate unique - # cache names that we can refer to when we need to expire the cache. - # + # That would result in a name such as "/topics/list/all_topics", avoiding conflicts with the action cache and with any fragments that use a + # different suffix. Note that the URL doesn't have to really exist or be callable - the url_for system is just used to generate unique + # cache names that we can refer to when we need to expire the cache. + # # The expiration call for this example is: - # + # # expire_fragment(:controller => "topics", :action => "list", :action_suffix => "all_topics") module Fragments - # Given a key (as described in <tt>expire_fragment</tt>), returns a key suitable for use in reading, + # Given a key (as described in <tt>expire_fragment</tt>), returns a key suitable for use in reading, # writing, or expiring a cached fragment. If the key is a hash, the generated key is the return # value of url_for on that hash (without the protocol). All keys are prefixed with "views/" and uses # ActiveSupport::Cache.expand_cache_key for the expansion. @@ -50,7 +50,7 @@ module ActionController #:nodoc: # Writes <tt>content</tt> to the location signified by <tt>key</tt> (see <tt>expire_fragment</tt> for acceptable formats) def write_fragment(key, content, options = nil) - return unless cache_configured? + return content unless cache_configured? key = fragment_cache_key(key) diff --git a/actionpack/lib/action_controller/cgi_ext/cookie.rb b/actionpack/lib/action_controller/cgi_ext/cookie.rb index 009ddd1c64..9cd19bb12d 100644 --- a/actionpack/lib/action_controller/cgi_ext/cookie.rb +++ b/actionpack/lib/action_controller/cgi_ext/cookie.rb @@ -1,3 +1,5 @@ +require 'delegate' + CGI.module_eval { remove_const "Cookie" } # TODO: document how this differs from stdlib CGI::Cookie diff --git a/actionpack/lib/action_controller/cgi_process.rb b/actionpack/lib/action_controller/cgi_process.rb index fabacd9b83..45b51a7488 100644 --- a/actionpack/lib/action_controller/cgi_process.rb +++ b/actionpack/lib/action_controller/cgi_process.rb @@ -1,5 +1,4 @@ require 'action_controller/cgi_ext' -require 'action_controller/session/cookie_store' module ActionController #:nodoc: class Base diff --git a/actionpack/lib/action_controller/components.rb b/actionpack/lib/action_controller/components.rb deleted file mode 100644 index f446b91e7e..0000000000 --- a/actionpack/lib/action_controller/components.rb +++ /dev/null @@ -1,169 +0,0 @@ -module ActionController #:nodoc: - # Components allow you to call other actions for their rendered response while executing another action. You can either delegate - # the entire response rendering or you can mix a partial response in with your other content. - # - # class WeblogController < ActionController::Base - # # Performs a method and then lets hello_world output its render - # def delegate_action - # do_other_stuff_before_hello_world - # render_component :controller => "greeter", :action => "hello_world", :params => { :person => "david" } - # end - # end - # - # class GreeterController < ActionController::Base - # def hello_world - # render :text => "#{params[:person]} says, Hello World!" - # end - # end - # - # The same can be done in a view to do a partial rendering: - # - # Let's see a greeting: - # <%= render_component :controller => "greeter", :action => "hello_world" %> - # - # It is also possible to specify the controller as a class constant, bypassing the inflector - # code to compute the controller class at runtime: - # - # <%= render_component :controller => GreeterController, :action => "hello_world" %> - # - # == When to use components - # - # Components should be used with care. They're significantly slower than simply splitting reusable parts into partials and - # conceptually more complicated. Don't use components as a way of separating concerns inside a single application. Instead, - # reserve components to those rare cases where you truly have reusable view and controller elements that can be employed - # across many applications at once. - # - # So to repeat: Components are a special-purpose approach that can often be replaced with better use of partials and filters. - module Components - def self.included(base) #:nodoc: - base.class_eval do - include InstanceMethods - include ActiveSupport::Deprecation - extend ClassMethods - helper HelperMethods - - # If this controller was instantiated to process a component request, - # +parent_controller+ points to the instantiator of this controller. - attr_accessor :parent_controller - - alias_method_chain :process_cleanup, :components - alias_method_chain :set_session_options, :components - alias_method_chain :flash, :components - - alias_method :component_request?, :parent_controller - end - end - - module ClassMethods - # Track parent controller to identify component requests - def process_with_components(request, response, parent_controller = nil) #:nodoc: - controller = new - controller.parent_controller = parent_controller - controller.process(request, response) - end - end - - module HelperMethods - def render_component(options) - @controller.__send__(:render_component_as_string, options) - end - end - - module InstanceMethods - # Extracts the action_name from the request parameters and performs that action. - def process_with_components(request, response, method = :perform_action, *arguments) #:nodoc: - flash.discard if component_request? - process_without_components(request, response, method, *arguments) - end - - protected - # Renders the component specified as the response for the current method - def render_component(options) #:doc: - component_logging(options) do - render_for_text(component_response(options, true).body, response.headers["Status"]) - end - end - deprecate :render_component => "Please install render_component plugin from http://github.com/rails/render_component/tree/master" - - # Returns the component response as a string - def render_component_as_string(options) #:doc: - component_logging(options) do - response = component_response(options, false) - - if redirected = response.redirected_to - render_component_as_string(redirected) - else - response.body - end - end - end - deprecate :render_component_as_string => "Please install render_component plugin from http://github.com/rails/render_component/tree/master" - - def flash_with_components(refresh = false) #:nodoc: - if !defined?(@_flash) || refresh - @_flash = - if defined?(@parent_controller) - @parent_controller.flash - else - flash_without_components - end - end - @_flash - end - - private - def component_response(options, reuse_response) - klass = component_class(options) - request = request_for_component(klass.controller_name, options) - new_response = reuse_response ? response : response.dup - - klass.process_with_components(request, new_response, self) - end - - # determine the controller class for the component request - def component_class(options) - if controller = options[:controller] - controller.is_a?(Class) ? controller : "#{controller.camelize}Controller".constantize - else - self.class - end - end - - # Create a new request object based on the current request. - # The new request inherits the session from the current request, - # bypassing any session options set for the component controller's class - def request_for_component(controller_name, options) - new_request = request.dup - new_request.session = request.session - - new_request.instance_variable_set( - :@parameters, - (options[:params] || {}).with_indifferent_access.update( - "controller" => controller_name, "action" => options[:action], "id" => options[:id] - ) - ) - - new_request - end - - def component_logging(options) - if logger - logger.info "Start rendering component (#{options.inspect}): " - result = yield - logger.info "\n\nEnd of component rendering" - result - else - yield - end - end - - def set_session_options_with_components(request) - set_session_options_without_components(request) unless component_request? - end - - def process_cleanup_with_components - process_cleanup_without_components unless component_request? - end - end - end -end diff --git a/actionpack/lib/action_controller/dispatcher.rb b/actionpack/lib/action_controller/dispatcher.rb index f3e173004a..47199af2b4 100644 --- a/actionpack/lib/action_controller/dispatcher.rb +++ b/actionpack/lib/action_controller/dispatcher.rb @@ -12,18 +12,8 @@ module ActionController after_dispatch :cleanup_application end - # Common callbacks - to_prepare :load_application_controller do - begin - require_dependency 'application' unless defined?(::ApplicationController) - rescue LoadError => error - raise unless error.message =~ /application\.rb/ - end - end - if defined?(ActiveRecord) after_dispatch :checkin_connections - before_dispatch { ActiveRecord::Base.verify_active_connections! } to_prepare(:activerecord_instantiate_observers) { ActiveRecord::Base.instantiate_observers } end @@ -71,7 +61,7 @@ module ActionController private def failsafe_response_body(status) - error_path = "#{error_file_path}/#{status.to_s[0..3]}.html" + error_path = "#{error_file_path}/#{status.to_s[0..2]}.html" if File.exist?(error_path) File.read(error_path) @@ -95,6 +85,9 @@ module ActionController end end + cattr_accessor :middleware + self.middleware = MiddlewareStack.new + cattr_accessor :error_file_path self.error_file_path = Rails.public_path if defined?(Rails.public_path) @@ -103,6 +96,7 @@ module ActionController def initialize(output = $stdout, request = nil, response = nil) @output, @request, @response = output, request, response + @app = @@middleware.build(lambda { |env| self._call(env) }) end def dispatch_unlocked @@ -137,6 +131,10 @@ module ActionController end def call(env) + @app.call(env) + end + + def _call(env) @request = RackRequest.new(env) @response = RackResponse.new(@request) dispatch @@ -147,7 +145,6 @@ module ActionController run_callbacks :prepare_dispatch Routing::Routes.reload - ActionController::Base.view_paths.reload! ActionView::Helpers::AssetTagHelper::AssetTag::Cache.clear end @@ -186,7 +183,7 @@ module ActionController def failsafe_rescue(exception) self.class.failsafe_response(@output, '500 Internal Server Error', exception) do - if @controller ||= defined?(::ApplicationController) ? ::ApplicationController : Base + if @controller ||= (::ApplicationController rescue Base) @controller.process_with_exception(@request, @response, exception).out(@output) else raise exception diff --git a/actionpack/lib/action_controller/flash.rb b/actionpack/lib/action_controller/flash.rb index 0148fb5c04..62fa381a6f 100644 --- a/actionpack/lib/action_controller/flash.rb +++ b/actionpack/lib/action_controller/flash.rb @@ -165,7 +165,7 @@ module ActionController #:nodoc: def assign_shortcuts_with_flash(request, response) #:nodoc: assign_shortcuts_without_flash(request, response) flash(:refresh) - flash.sweep if @_session && !component_request? + flash.sweep if @_session end end end diff --git a/actionpack/lib/action_controller/helpers.rb b/actionpack/lib/action_controller/helpers.rb index 9cffa07b26..402750c57d 100644 --- a/actionpack/lib/action_controller/helpers.rb +++ b/actionpack/lib/action_controller/helpers.rb @@ -1,13 +1,17 @@ +require 'active_support/dependencies' + # FIXME: helper { ... } is broken on Ruby 1.9 module ActionController #:nodoc: module Helpers #:nodoc: - HELPERS_DIR = (defined?(RAILS_ROOT) ? "#{RAILS_ROOT}/app/helpers" : "app/helpers") - def self.included(base) # Initialize the base module to aggregate its helpers. base.class_inheritable_accessor :master_helper_module base.master_helper_module = Module.new + # Set the default directory for helpers + base.class_inheritable_accessor :helpers_dir + base.helpers_dir = (defined?(RAILS_ROOT) ? "#{RAILS_ROOT}/app/helpers" : "app/helpers") + # Extend base with class methods to declare helpers. base.extend(ClassMethods) @@ -88,8 +92,8 @@ module ActionController #:nodoc: # When the argument is a module it will be included directly in the template class. # helper FooHelper # => includes FooHelper # - # When the argument is the symbol <tt>:all</tt>, the controller will include all helpers from - # <tt>app/helpers/**/*.rb</tt> under RAILS_ROOT. + # When the argument is the symbol <tt>:all</tt>, the controller will include all helpers beneath + # <tt>ActionController::Base.helpers_dir</tt> (defaults to <tt>app/helpers/**/*.rb</tt> under RAILS_ROOT). # helper :all # # Additionally, the +helper+ class method can receive and evaluate a block, making the methods defined available @@ -213,8 +217,8 @@ module ActionController #:nodoc: # Extract helper names from files in app/helpers/**/*.rb def all_application_helpers - extract = /^#{Regexp.quote(HELPERS_DIR)}\/?(.*)_helper.rb$/ - Dir["#{HELPERS_DIR}/**/*_helper.rb"].map { |file| file.sub extract, '\1' } + extract = /^#{Regexp.quote(helpers_dir)}\/?(.*)_helper.rb$/ + Dir["#{helpers_dir}/**/*_helper.rb"].map { |file| file.sub extract, '\1' } end end end diff --git a/actionpack/lib/action_controller/integration.rb b/actionpack/lib/action_controller/integration.rb index fc473c269c..65e3eed678 100644 --- a/actionpack/lib/action_controller/integration.rb +++ b/actionpack/lib/action_controller/integration.rb @@ -1,9 +1,6 @@ -require 'active_support/test_case' -require 'action_controller/dispatcher' -require 'action_controller/test_process' - require 'stringio' require 'uri' +require 'active_support/test_case' module ActionController module Integration #:nodoc: @@ -16,7 +13,7 @@ module ActionController # rather than instantiating Integration::Session directly. class Session include Test::Unit::Assertions - include ActionController::Assertions + include ActionController::TestCase::Assertions include ActionController::TestProcess # The integer HTTP status code of the last request. diff --git a/actionpack/lib/action_controller/layout.rb b/actionpack/lib/action_controller/layout.rb index 3631ce86af..54108df06d 100644 --- a/actionpack/lib/action_controller/layout.rb +++ b/actionpack/lib/action_controller/layout.rb @@ -175,13 +175,12 @@ module ActionController #:nodoc: def default_layout(format) #:nodoc: layout = read_inheritable_attribute(:layout) return layout unless read_inheritable_attribute(:auto_layout) - @default_layout ||= {} - @default_layout[format] ||= default_layout_with_format(format, layout) - @default_layout[format] + find_layout(layout, format) end - def layout_list #:nodoc: - Array(view_paths).sum([]) { |path| Dir["#{path}/layouts/**/*"] } + def find_layout(layout, *formats) #:nodoc: + return layout if layout.respond_to?(:render) + view_paths.find_template(layout.to_s =~ /layouts\// ? layout : "layouts/#{layout}", *formats) end private @@ -189,7 +188,7 @@ module ActionController #:nodoc: inherited_without_layout(child) unless child.name.blank? layout_match = child.name.underscore.sub(/_controller$/, '').sub(/^controllers\//, '') - child.layout(layout_match, {}, true) unless child.layout_list.grep(%r{layouts/#{layout_match}(\.[a-z][0-9a-z]*)+$}).empty? + child.layout(layout_match, {}, true) if child.find_layout(layout_match, :all) end end @@ -200,15 +199,6 @@ module ActionController #:nodoc: def normalize_conditions(conditions) conditions.inject({}) {|hash, (key, value)| hash.merge(key => [value].flatten.map {|action| action.to_s})} end - - def default_layout_with_format(format, layout) - list = layout_list - if list.grep(%r{layouts/#{layout}\.#{format}(\.[a-z][0-9a-z]*)+$}).empty? - (!list.grep(%r{layouts/#{layout}\.([a-z][0-9a-z]*)+$}).empty? && format == :html) ? layout : nil - else - layout - end - end end # Returns the name of the active layout. If the layout was specified as a method reference (through a symbol), this method @@ -217,20 +207,18 @@ module ActionController #:nodoc: # weblog/standard, but <tt>layout "standard"</tt> will return layouts/standard. def active_layout(passed_layout = nil) layout = passed_layout || self.class.default_layout(default_template_format) + active_layout = case layout - when String then layout when Symbol then __send__(layout) when Proc then layout.call(self) + else layout end - # Explicitly passed layout names with slashes are looked up relative to the template root, - # but auto-discovered layouts derived from a nested controller will contain a slash, though be relative - # to the 'layouts' directory so we have to check the file system to infer which case the layout name came from. if active_layout - if active_layout.include?('/') && ! layout_directory?(active_layout) - active_layout + if layout = self.class.find_layout(active_layout, @template.template_format) + layout else - "layouts/#{active_layout}" + raise ActionView::MissingTemplate.new(self.class.view_paths, active_layout) end end end @@ -271,12 +259,6 @@ module ActionController #:nodoc: end end - def layout_directory?(layout_name) - @template.__send__(:_pick_template, "#{File.join('layouts', layout_name)}.#{@template.template_format}") ? true : false - rescue ActionView::MissingTemplate - false - end - def default_template_format response.template.template_format end diff --git a/actionpack/lib/action_controller/middleware_stack.rb b/actionpack/lib/action_controller/middleware_stack.rb new file mode 100644 index 0000000000..1864bed23a --- /dev/null +++ b/actionpack/lib/action_controller/middleware_stack.rb @@ -0,0 +1,42 @@ +module ActionController + class MiddlewareStack < Array + class Middleware + attr_reader :klass, :args, :block + + def initialize(klass, *args, &block) + @klass = klass.is_a?(Class) ? klass : klass.to_s.constantize + @args = args + @block = block + end + + def ==(middleware) + case middleware + when Middleware + klass == middleware.klass + when Class + klass == middleware + else + klass == middleware.to_s.constantize + end + end + + def inspect + str = @klass.to_s + @args.each { |arg| str += ", #{arg.inspect}" } + str + end + + def build(app) + klass.new(app, *args, &block) + end + end + + def use(*args, &block) + push(Middleware.new(*args, &block)) + end + + def build(app) + reverse.inject(app) { |a, e| e.build(a) } + end + end +end diff --git a/actionpack/lib/action_controller/mime_type.rb b/actionpack/lib/action_controller/mime_type.rb index 26edca3b69..6923a13f3f 100644 --- a/actionpack/lib/action_controller/mime_type.rb +++ b/actionpack/lib/action_controller/mime_type.rb @@ -20,8 +20,20 @@ module Mime # end class Type @@html_types = Set.new [:html, :all] + cattr_reader :html_types + + # These are the content types which browsers can generate without using ajax, flash, etc + # i.e. following a link, getting an image or posting a form. CSRF protection + # only needs to protect against these types. + @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text] + cattr_reader :browser_generated_types + + @@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml] - cattr_reader :html_types, :unverifiable_types + def self.unverifiable_types + ActiveSupport::Deprecation.warn("unverifiable_types is deprecated and has no effect", caller) + @@unverifiable_types + end # A simple helper class used in parsing the accept header class AcceptItem #:nodoc: @@ -165,15 +177,19 @@ module Mime end # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See - # ActionController::RequestForgerProtection. + # ActionController::RequestForgeryProtection. def verify_request? - !@@unverifiable_types.include?(to_sym) + browser_generated? end def html? @@html_types.include?(to_sym) || @string =~ /html/ end + def browser_generated? + @@browser_generated_types.include?(to_sym) + end + private def method_missing(method, *args) if method.to_s =~ /(\w+)\?$/ diff --git a/actionpack/lib/action_controller/performance_test.rb b/actionpack/lib/action_controller/performance_test.rb index 85543fffae..d88180087d 100644 --- a/actionpack/lib/action_controller/performance_test.rb +++ b/actionpack/lib/action_controller/performance_test.rb @@ -1,4 +1,3 @@ -require 'action_controller/integration' require 'active_support/testing/performance' require 'active_support/testing/default' diff --git a/actionpack/lib/action_controller/polymorphic_routes.rb b/actionpack/lib/action_controller/polymorphic_routes.rb index cc228c4230..dce50c6c3b 100644 --- a/actionpack/lib/action_controller/polymorphic_routes.rb +++ b/actionpack/lib/action_controller/polymorphic_routes.rb @@ -36,12 +36,11 @@ module ActionController # # * <tt>edit_polymorphic_url</tt>, <tt>edit_polymorphic_path</tt> # * <tt>new_polymorphic_url</tt>, <tt>new_polymorphic_path</tt> - # * <tt>formatted_polymorphic_url</tt>, <tt>formatted_polymorphic_path</tt> # # Example usage: # # edit_polymorphic_path(@post) # => "/posts/1/edit" - # formatted_polymorphic_path([@post, :pdf]) # => "/posts/1.pdf" + # polymorphic_path(@post, :format => :pdf) # => "/posts/1.pdf" module PolymorphicRoutes # Constructs a call to a named RESTful route for the given record and returns the # resulting URL string. For example: @@ -55,7 +54,7 @@ module ActionController # ==== Options # # * <tt>:action</tt> - Specifies the action prefix for the named route: - # <tt>:new</tt>, <tt>:edit</tt>, or <tt>:formatted</tt>. Default is no prefix. + # <tt>:new</tt> or <tt>:edit</tt>. Default is no prefix. # * <tt>:routing_type</tt> - Allowed values are <tt>:path</tt> or <tt>:url</tt>. # Default is <tt>:url</tt>. # @@ -73,13 +72,13 @@ module ActionController # def polymorphic_url(record_or_hash_or_array, options = {}) if record_or_hash_or_array.kind_of?(Array) - record_or_hash_or_array = record_or_hash_or_array.dup + record_or_hash_or_array = record_or_hash_or_array.compact + record_or_hash_or_array = record_or_hash_or_array[0] if record_or_hash_or_array.size == 1 end record = extract_record(record_or_hash_or_array) - format = extract_format(record_or_hash_or_array, options) namespace = extract_namespace(record_or_hash_or_array) - + args = case record_or_hash_or_array when Hash; [ record_or_hash_or_array ] when Array; record_or_hash_or_array.dup @@ -99,11 +98,10 @@ module ActionController end args.delete_if {|arg| arg.is_a?(Symbol) || arg.is_a?(String)} - args << format if format - + named_route = build_named_route_call(record_or_hash_or_array, namespace, inflection, options) - url_options = options.except(:action, :routing_type, :format) + url_options = options.except(:action, :routing_type) unless url_options.empty? args.last.kind_of?(Hash) ? args.last.merge!(url_options) : args << url_options end @@ -118,7 +116,7 @@ module ActionController polymorphic_url(record_or_hash_or_array, options) end - %w(edit new formatted).each do |action| + %w(edit new).each do |action| module_eval <<-EOT, __FILE__, __LINE__ def #{action}_polymorphic_url(record_or_hash, options = {}) polymorphic_url(record_or_hash, options.merge(:action => "#{action}")) @@ -130,9 +128,21 @@ module ActionController EOT end + def formatted_polymorphic_url(record_or_hash, options = {}) + ActiveSupport::Deprecation.warn("formatted_polymorphic_url has been deprecated. Please pass :format to the polymorphic_url method instead", caller) + options[:format] = record_or_hash.pop if Array === record_or_hash + polymorphic_url(record_or_hash, options) + end + + def formatted_polymorphic_path(record_or_hash, options = {}) + ActiveSupport::Deprecation.warn("formatted_polymorphic_path has been deprecated. Please pass :format to the polymorphic_path method instead", caller) + options[:format] = record_or_hash.pop if record_or_hash === Array + polymorphic_url(record_or_hash, options.merge(:routing_type => :path)) + end + private def action_prefix(options) - options[:action] ? "#{options[:action]}_" : options[:format] ? "formatted_" : "" + options[:action] ? "#{options[:action]}_" : '' end def routing_type(options) @@ -170,17 +180,7 @@ module ActionController else record_or_hash_or_array end end - - def extract_format(record_or_hash_or_array, options) - if options[:action].to_s == "formatted" && record_or_hash_or_array.is_a?(Array) - record_or_hash_or_array.pop - elsif options[:format] - options[:format] - else - nil - end - end - + # Remove the first symbols from the array and return the url prefix # implied by those symbols. def extract_namespace(record_or_hash_or_array) diff --git a/actionpack/lib/action_controller/rack_process.rb b/actionpack/lib/action_controller/rack_process.rb index e8ea3704a8..58d7b53e31 100644 --- a/actionpack/lib/action_controller/rack_process.rb +++ b/actionpack/lib/action_controller/rack_process.rb @@ -1,5 +1,4 @@ require 'action_controller/cgi_ext' -require 'action_controller/session/cookie_store' module ActionController #:nodoc: class RackRequest < AbstractRequest #:nodoc: diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb index a6d4abf029..087fffe87d 100755 --- a/actionpack/lib/action_controller/request.rb +++ b/actionpack/lib/action_controller/request.rb @@ -13,7 +13,7 @@ module ActionController ActiveSupport::Deprecation.warn( "ActionController::AbstractRequest.relative_url_root= has been renamed." + "You can now set it with config.action_controller.relative_url_root=", caller) - ActionController::base.relative_url_root=relative_url_root + ActionController::Base.relative_url_root=relative_url_root end HTTP_METHODS = %w(get head put post delete options) @@ -209,7 +209,7 @@ module ActionController # delimited list in the case of multiple chained proxies; the last # address which is not trusted is the originating IP. def remote_ip - remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].split(',').collect(&:strip) + remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/) unless remote_addr_list.blank? not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES} @@ -218,7 +218,7 @@ module ActionController remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',') if @env.include? 'HTTP_CLIENT_IP' - if remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) + if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) # We don't know which came from the proxy, and which from the user raise ActionControllerError.new(<<EOM) IP spoofing attack?! @@ -369,11 +369,9 @@ EOM # Returns the interpreted \path to requested resource after all the installation # directory of this application was taken into account. def path - path = (uri = request_uri) ? uri.split('?').first.to_s : '' - - # Cut off the path to the installation directory if given - path.sub!(%r/^#{ActionController::Base.relative_url_root}/, '') - path || '' + path = request_uri.to_s[/\A[^\?]*/] + path.sub!(/\A#{ActionController::Base.relative_url_root}/, '') + path end memoize :path diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb index 05a6d8bb79..f3e6288c26 100644 --- a/actionpack/lib/action_controller/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/request_forgery_protection.rb @@ -5,8 +5,6 @@ module ActionController #:nodoc: module RequestForgeryProtection def self.included(base) base.class_eval do - class_inheritable_accessor :request_forgery_protection_options - self.request_forgery_protection_options = {} helper_method :form_authenticity_token helper_method :protect_against_forgery? end @@ -14,7 +12,7 @@ module ActionController #:nodoc: end # Protecting controller actions from CSRF attacks by ensuring that all forms are coming from the current web application, not a - # forged link from another site, is done by embedding a token based on the session (which an attacker wouldn't know) in all + # forged link from another site, is done by embedding a token based on a random string stored in the session (which an attacker wouldn't know) in all # forms and Ajax requests generated by Rails and then verifying the authenticity of that token in the controller. Only # HTML/JavaScript requests are checked, so this will not protect your XML API (presumably you'll have a different authentication # scheme there anyway). Also, GET requests are not protected as these should be idempotent anyway. @@ -57,12 +55,8 @@ module ActionController #:nodoc: # Example: # # class FooController < ApplicationController - # # uses the cookie session store (then you don't need a separate :secret) # protect_from_forgery :except => :index # - # # uses one of the other session stores that uses a session_id value. - # protect_from_forgery :secret => 'my-little-pony', :except => :index - # # # you can disable csrf protection on controller-by-controller basis: # skip_before_filter :verify_authenticity_token # end @@ -70,13 +64,12 @@ module ActionController #:nodoc: # Valid Options: # # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call. Set which actions are verified. - # * <tt>:secret</tt> - Custom salt used to generate the <tt>form_authenticity_token</tt>. - # Leave this off if you are using the cookie session store. - # * <tt>:digest</tt> - Message digest used for hashing. Defaults to 'SHA1'. def protect_from_forgery(options = {}) self.request_forgery_protection_token ||= :authenticity_token before_filter :verify_authenticity_token, :only => options.delete(:only), :except => options.delete(:except) - request_forgery_protection_options.update(options) + if options[:secret] || options[:digest] + ActiveSupport::Deprecation.warn("protect_from_forgery only takes :only and :except options now. :digest and :secret have no effect", caller) + end end end @@ -90,7 +83,7 @@ module ActionController #:nodoc: # # * is the format restricted? By default, only HTML and AJAX requests are checked. # * is it a GET request? Gets should be safe and idempotent - # * Does the form_authenticity_token match the given _token value from the params? + # * Does the form_authenticity_token match the given token value from the params? def verified_request? !protect_against_forgery? || request.method == :get || @@ -99,40 +92,15 @@ module ActionController #:nodoc: end def verifiable_request_format? - request.content_type.nil? || request.content_type.verify_request? + !request.content_type.nil? && request.content_type.verify_request? end # Sets the token value for the current session. Pass a <tt>:secret</tt> option # in +protect_from_forgery+ to add a custom salt to the hash. def form_authenticity_token - @form_authenticity_token ||= if !session.respond_to?(:session_id) - raise InvalidAuthenticityToken, "Request Forgery Protection requires a valid session. Use #allow_forgery_protection to disable it, or use a valid session." - elsif request_forgery_protection_options[:secret] - authenticity_token_from_session_id - elsif session.respond_to?(:dbman) && session.dbman.respond_to?(:generate_digest) - authenticity_token_from_cookie_session - else - raise InvalidAuthenticityToken, "No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store)." - end - end - - # Generates a unique digest using the session_id and the CSRF secret. - def authenticity_token_from_session_id - key = if request_forgery_protection_options[:secret].respond_to?(:call) - request_forgery_protection_options[:secret].call(@session) - else - request_forgery_protection_options[:secret] - end - digest = request_forgery_protection_options[:digest] ||= 'SHA1' - OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(digest), key.to_s, session.session_id.to_s) - end - - # No secret was given, so assume this is a cookie session store. - def authenticity_token_from_cookie_session - session[:csrf_id] ||= CGI::Session.generate_unique_id - session.dbman.generate_digest(session[:csrf_id]) + session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32) end - + def protect_against_forgery? allow_forgery_protection && request_forgery_protection_token end diff --git a/actionpack/lib/action_controller/request_profiler.rb b/actionpack/lib/action_controller/request_profiler.rb index a6471d0c08..70bb77e7ac 100644 --- a/actionpack/lib/action_controller/request_profiler.rb +++ b/actionpack/lib/action_controller/request_profiler.rb @@ -1,5 +1,4 @@ require 'optparse' -require 'action_controller/integration' module ActionController class RequestProfiler diff --git a/actionpack/lib/action_controller/rescue.rb b/actionpack/lib/action_controller/rescue.rb index ec8e9b92d5..9c24c3def4 100644 --- a/actionpack/lib/action_controller/rescue.rb +++ b/actionpack/lib/action_controller/rescue.rb @@ -68,9 +68,8 @@ module ActionController #:nodoc: logger.fatal(exception.to_s) else logger.fatal( - "\n\n#{exception.class} (#{exception.message}):\n " + - clean_backtrace(exception).join("\n ") + - "\n\n" + "\n#{exception.class} (#{exception.message}):\n " + + clean_backtrace(exception).join("\n ") + "\n\n" ) end end @@ -151,13 +150,8 @@ module ActionController #:nodoc: end def clean_backtrace(exception) - if backtrace = exception.backtrace - if defined?(RAILS_ROOT) - backtrace.map { |line| line.sub RAILS_ROOT, '' } - else - backtrace - end - end + defined?(Rails) && Rails.respond_to?(:backtrace_cleaner) ? + Rails.backtrace_cleaner.clean(exception.backtrace) : exception.backtrace end end end diff --git a/actionpack/lib/action_controller/resources.rb b/actionpack/lib/action_controller/resources.rb index 872b0dab3d..b6cfe2dd68 100644 --- a/actionpack/lib/action_controller/resources.rb +++ b/actionpack/lib/action_controller/resources.rb @@ -42,7 +42,11 @@ module ActionController # # Read more about REST at http://en.wikipedia.org/wiki/Representational_State_Transfer module Resources + INHERITABLE_OPTIONS = :namespace, :shallow, :actions + class Resource #:nodoc: + DEFAULT_ACTIONS = :index, :create, :new, :edit, :show, :update, :destroy + attr_reader :collection_methods, :member_methods, :new_methods attr_reader :path_prefix, :name_prefix, :path_segment attr_reader :plural, :singular @@ -57,6 +61,7 @@ module ActionController arrange_actions add_default_actions + set_allowed_actions set_prefixes end @@ -113,6 +118,10 @@ module ActionController @singular.to_s == @plural.to_s end + def has_action?(action) + !DEFAULT_ACTIONS.include?(action) || @options[:actions].nil? || @options[:actions].include?(action) + end + protected def arrange_actions @collection_methods = arrange_actions_by_methods(options.delete(:collection)) @@ -125,6 +134,25 @@ module ActionController add_default_action(new_methods, :get, :new) end + def set_allowed_actions + only = @options.delete(:only) + except = @options.delete(:except) + + if only && except + raise ArgumentError, 'Please supply either :only or :except, not both.' + elsif only == :all || except == :none + options[:actions] = DEFAULT_ACTIONS + elsif only == :none || except == :all + options[:actions] = [] + elsif only + options[:actions] = DEFAULT_ACTIONS & Array(only).map(&:to_sym) + elsif except + options[:actions] = DEFAULT_ACTIONS - Array(except).map(&:to_sym) + else + # leave options[:actions] alone + end + end + def set_prefixes @path_prefix = options.delete(:path_prefix) @name_prefix = options.delete(:name_prefix) @@ -353,6 +381,25 @@ module ActionController # # map.resources :users, :has_many => { :posts => :comments }, :shallow => true # + # * <tt>:only</tt> and <tt>:except</tt> - Specify which of the seven default actions should be routed to. + # + # <tt>:only</tt> and <tt>:except</tt> may be set to <tt>:all</tt>, <tt>:none</tt>, an action name or a + # list of action names. By default, routes are generated for all seven actions. + # + # For example: + # + # map.resources :posts, :only => [:index, :show] do |post| + # post.resources :comments, :except => [:update, :destroy] + # end + # # --> GET /posts (maps to the PostsController#index action) + # # --> POST /posts (fails) + # # --> GET /posts/1 (maps to the PostsController#show action) + # # --> DELETE /posts/1 (fails) + # # --> POST /posts/1/comments (maps to the CommentsController#create action) + # # --> PUT /posts/1/comments/1 (fails) + # + # The <tt>:only</tt> and <tt>:except</tt> options are inherited by any nested resource(s). + # # If <tt>map.resources</tt> is called with multiple resources, they all get the same options applied. # # Examples: @@ -478,7 +525,7 @@ module ActionController map_associations(resource, options) if block_given? - with_options(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix, :namespace => options[:namespace], :shallow => options[:shallow], &block) + with_options(options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix), &block) end end end @@ -488,14 +535,14 @@ module ActionController with_options :controller => resource.controller do |map| map_collection_actions(map, resource) - map_default_singleton_actions(map, resource) map_new_actions(map, resource) map_member_actions(map, resource) + map_default_singleton_actions(map, resource) map_associations(resource, options) if block_given? - with_options(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix, :namespace => options[:namespace], :shallow => options[:shallow], &block) + with_options(options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix), &block) end end end @@ -507,7 +554,7 @@ module ActionController name_prefix = "#{options.delete(:name_prefix)}#{resource.nesting_name_prefix}" Array(options[:has_one]).each do |association| - resource(association, :path_prefix => path_prefix, :name_prefix => name_prefix, :namespace => options[:namespace], :shallow => options[:shallow]) + resource(association, options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => path_prefix, :name_prefix => name_prefix)) end end @@ -522,7 +569,7 @@ module ActionController map_has_many_associations(resource, association, options) end when Symbol, String - resources(associations, :path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix, :namespace => options[:namespace], :shallow => options[:shallow], :has_many => options[:has_many]) + resources(associations, options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix, :has_many => options[:has_many])) else end end @@ -531,41 +578,39 @@ module ActionController resource.collection_methods.each do |method, actions| actions.each do |action| [method].flatten.each do |m| - action_options = action_options_for(action, resource, m) - map_named_routes(map, "#{action}_#{resource.name_prefix}#{resource.plural}", "#{resource.path}#{resource.action_separator}#{action}", action_options) + map_resource_routes(map, resource, action, "#{resource.path}#{resource.action_separator}#{action}", "#{action}_#{resource.name_prefix}#{resource.plural}", m) end end end end def map_default_collection_actions(map, resource) - index_action_options = action_options_for("index", resource) index_route_name = "#{resource.name_prefix}#{resource.plural}" if resource.uncountable? index_route_name << "_index" end - map_named_routes(map, index_route_name, resource.path, index_action_options) - - create_action_options = action_options_for("create", resource) - map_unnamed_routes(map, resource.path, create_action_options) + map_resource_routes(map, resource, :index, resource.path, index_route_name) + map_resource_routes(map, resource, :create, resource.path, index_route_name) end def map_default_singleton_actions(map, resource) - create_action_options = action_options_for("create", resource) - map_unnamed_routes(map, resource.path, create_action_options) + map_resource_routes(map, resource, :create, resource.path, "#{resource.shallow_name_prefix}#{resource.singular}") end def map_new_actions(map, resource) resource.new_methods.each do |method, actions| actions.each do |action| - action_options = action_options_for(action, resource, method) - if action == :new - map_named_routes(map, "new_#{resource.name_prefix}#{resource.singular}", resource.new_path, action_options) - else - map_named_routes(map, "#{action}_new_#{resource.name_prefix}#{resource.singular}", "#{resource.new_path}#{resource.action_separator}#{action}", action_options) + route_path = resource.new_path + route_name = "new_#{resource.name_prefix}#{resource.singular}" + + unless action == :new + route_path = "#{route_path}#{resource.action_separator}#{action}" + route_name = "#{action}_#{route_name}" end + + map_resource_routes(map, resource, action, route_path, route_name, method) end end end @@ -574,34 +619,31 @@ module ActionController resource.member_methods.each do |method, actions| actions.each do |action| [method].flatten.each do |m| - action_options = action_options_for(action, resource, m) - action_path = resource.options[:path_names][action] if resource.options[:path_names].is_a?(Hash) action_path ||= Base.resources_path_names[action] || action - map_named_routes(map, "#{action}_#{resource.shallow_name_prefix}#{resource.singular}", "#{resource.member_path}#{resource.action_separator}#{action_path}", action_options) + map_resource_routes(map, resource, action, "#{resource.member_path}#{resource.action_separator}#{action_path}", "#{action}_#{resource.shallow_name_prefix}#{resource.singular}", m) end end end - show_action_options = action_options_for("show", resource) - map_named_routes(map, "#{resource.shallow_name_prefix}#{resource.singular}", resource.member_path, show_action_options) - - update_action_options = action_options_for("update", resource) - map_unnamed_routes(map, resource.member_path, update_action_options) - - destroy_action_options = action_options_for("destroy", resource) - map_unnamed_routes(map, resource.member_path, destroy_action_options) + route_path = "#{resource.shallow_name_prefix}#{resource.singular}" + map_resource_routes(map, resource, :show, resource.member_path, route_path) + map_resource_routes(map, resource, :update, resource.member_path, route_path) + map_resource_routes(map, resource, :destroy, resource.member_path, route_path) end - def map_unnamed_routes(map, path_without_format, options) - map.connect(path_without_format, options) - map.connect("#{path_without_format}.:format", options) - end + def map_resource_routes(map, resource, action, route_path, route_name = nil, method = nil) + if resource.has_action?(action) + action_options = action_options_for(action, resource, method) + formatted_route_path = "#{route_path}.:format" - def map_named_routes(map, name, path_without_format, options) - map.named_route(name, path_without_format, options) - map.named_route("formatted_#{name}", "#{path_without_format}.:format", options) + if route_name && @set.named_routes[route_name.to_sym].nil? + map.named_route(route_name, formatted_route_path, action_options) + else + map.connect(formatted_route_path, action_options) + end + end end def add_conditions_for(conditions, method) @@ -625,7 +667,3 @@ module ActionController end end end - -class ActionController::Routing::RouteSet::Mapper - include ActionController::Resources -end diff --git a/actionpack/lib/action_controller/routing.rb b/actionpack/lib/action_controller/routing.rb index 8d51e823a6..efd474097e 100644 --- a/actionpack/lib/action_controller/routing.rb +++ b/actionpack/lib/action_controller/routing.rb @@ -1,6 +1,5 @@ require 'cgi' require 'uri' -require 'action_controller/polymorphic_routes' require 'action_controller/routing/optimisations' require 'action_controller/routing/routing_ext' require 'action_controller/routing/route' diff --git a/actionpack/lib/action_controller/routing/builder.rb b/actionpack/lib/action_controller/routing/builder.rb index 7b888fa8d2..44d759444a 100644 --- a/actionpack/lib/action_controller/routing/builder.rb +++ b/actionpack/lib/action_controller/routing/builder.rb @@ -1,23 +1,16 @@ module ActionController module Routing class RouteBuilder #:nodoc: - attr_accessor :separators, :optional_separators + attr_reader :separators, :optional_separators + attr_reader :separator_regexp, :nonseparator_regexp, :interval_regexp def initialize - self.separators = Routing::SEPARATORS - self.optional_separators = %w( / ) - end - - def separator_pattern(inverted = false) - "[#{'^' if inverted}#{Regexp.escape(separators.join)}]" - end - - def interval_regexp - Regexp.new "(.*?)(#{separators.source}|$)" - end + @separators = Routing::SEPARATORS + @optional_separators = %w( / ) - def multiline_regexp?(expression) - expression.options & Regexp::MULTILINE == Regexp::MULTILINE + @separator_regexp = /[#{Regexp.escape(separators.join)}]/ + @nonseparator_regexp = /\A([^#{Regexp.escape(separators.join)}]+)/ + @interval_regexp = /(.*?)(#{separator_regexp}|$)/ end # Accepts a "route path" (a string defining a route), and returns the array @@ -30,7 +23,7 @@ module ActionController rest, segments = path, [] until rest.empty? - segment, rest = segment_for rest + segment, rest = segment_for(rest) segments << segment end segments @@ -39,20 +32,22 @@ module ActionController # A factory method that returns a new segment instance appropriate for the # format of the given string. def segment_for(string) - segment = case string - when /\A:(\w+)/ - key = $1.to_sym - case key - when :controller then ControllerSegment.new(key) - else DynamicSegment.new key - end - when /\A\*(\w+)/ then PathSegment.new($1.to_sym, :optional => true) - when /\A\?(.*?)\?/ - StaticSegment.new($1, :optional => true) - when /\A(#{separator_pattern(:inverted)}+)/ then StaticSegment.new($1) - when Regexp.new(separator_pattern) then - DividerSegment.new($&, :optional => (optional_separators.include? $&)) - end + segment = + case string + when /\A\.(:format)?\// + OptionalFormatSegment.new + when /\A:(\w+)/ + key = $1.to_sym + key == :controller ? ControllerSegment.new(key) : DynamicSegment.new(key) + when /\A\*(\w+)/ + PathSegment.new($1.to_sym, :optional => true) + when /\A\?(.*?)\?/ + StaticSegment.new($1, :optional => true) + when nonseparator_regexp + StaticSegment.new($1) + when separator_regexp + DividerSegment.new($&, :optional => optional_separators.include?($&)) + end [segment, $~.post_match] end @@ -98,7 +93,7 @@ module ActionController if requirement.source =~ %r{\A(\\A|\^)|(\\Z|\\z|\$)\Z} raise ArgumentError, "Regexp anchor characters are not allowed in routing requirements: #{requirement.inspect}" end - if multiline_regexp?(requirement) + if requirement.multiline? raise ArgumentError, "Regexp multiline option not allowed in routing requirements: #{requirement.inspect}" end segment.regexp = requirement diff --git a/actionpack/lib/action_controller/routing/optimisations.rb b/actionpack/lib/action_controller/routing/optimisations.rb index 0a87303bda..714cf97861 100644 --- a/actionpack/lib/action_controller/routing/optimisations.rb +++ b/actionpack/lib/action_controller/routing/optimisations.rb @@ -65,7 +65,7 @@ module ActionController # rather than triggering the expensive logic in +url_for+. class PositionalArguments < Optimiser def guard_conditions - number_of_arguments = route.segment_keys.size + number_of_arguments = route.required_segment_keys.size # if they're using foo_url(:id=>2) it's one # argument, but we don't want to generate /foos/id2 if number_of_arguments == 1 @@ -106,12 +106,8 @@ module ActionController # argument class PositionalArgumentsWithAdditionalParams < PositionalArguments def guard_conditions - [ - "args.size == #{route.segment_keys.size + 1}", - "!args.last.has_key?(:anchor)", - "!args.last.has_key?(:port)", - "!args.last.has_key?(:host)" - ] + ["args.size == #{route.segment_keys.size + 1}"] + + UrlRewriter::RESERVED_OPTIONS.collect{ |key| "!args.last.has_key?(:#{key})" } end # This case uses almost the same code as positional arguments, diff --git a/actionpack/lib/action_controller/routing/recognition_optimisation.rb b/actionpack/lib/action_controller/routing/recognition_optimisation.rb index 6c47ced6d1..3b98b16683 100644 --- a/actionpack/lib/action_controller/routing/recognition_optimisation.rb +++ b/actionpack/lib/action_controller/routing/recognition_optimisation.rb @@ -148,7 +148,7 @@ module ActionController end nil end - }, __FILE__, __LINE__ + }, '(recognize_optimized)', 1 end def clear_recognize_optimized! diff --git a/actionpack/lib/action_controller/routing/route.rb b/actionpack/lib/action_controller/routing/route.rb index 3b2cb28545..e2077edad8 100644 --- a/actionpack/lib/action_controller/routing/route.rb +++ b/actionpack/lib/action_controller/routing/route.rb @@ -35,6 +35,11 @@ module ActionController segment.key if segment.respond_to? :key end.compact end + + def required_segment_keys + required_segments = segments.select {|seg| (!seg.optional? && !seg.is_a?(DividerSegment)) || seg.is_a?(PathSegment) } + required_segments.collect { |seg| seg.key if seg.respond_to?(:key)}.compact + end # Build a query string from the keys of the given hash. If +only_keys+ # is given (as an array), only the keys indicated will be used to build @@ -122,6 +127,16 @@ module ActionController super end + def generate(options, hash, expire_on = {}) + path, hash = generate_raw(options, hash, expire_on) + append_query_string(path, hash, extra_keys(options)) + end + + def generate_extras(options, hash, expire_on = {}) + path, hash = generate_raw(options, hash, expire_on) + [path, extra_keys(options)] + end + private def requirement_for(key) return requirements[key] if requirements.key? key @@ -150,11 +165,6 @@ module ActionController # the query string. (Never use keys from the recalled request when building the # query string.) - method_decl = "def generate(#{args})\npath, hash = generate_raw(options, hash, expire_on)\nappend_query_string(path, hash, extra_keys(options))\nend" - instance_eval method_decl, "generated code (#{__FILE__}:#{__LINE__})" - - method_decl = "def generate_extras(#{args})\npath, hash = generate_raw(options, hash, expire_on)\n[path, extra_keys(options)]\nend" - instance_eval method_decl, "generated code (#{__FILE__}:#{__LINE__})" raw_method end @@ -219,7 +229,7 @@ module ActionController next_capture = 1 extraction = segments.collect do |segment| x = segment.match_extraction(next_capture) - next_capture += Regexp.new(segment.regexp_chunk).number_of_captures + next_capture += segment.number_of_captures x end extraction.compact diff --git a/actionpack/lib/action_controller/routing/route_set.rb b/actionpack/lib/action_controller/routing/route_set.rb index ff448490e9..13646aef61 100644 --- a/actionpack/lib/action_controller/routing/route_set.rb +++ b/actionpack/lib/action_controller/routing/route_set.rb @@ -7,6 +7,8 @@ module ActionController # Mapper instances have relatively few instance methods, in order to avoid # clashes with named routes. class Mapper #:doc: + include ActionController::Resources + def initialize(set) #:nodoc: @set = set end @@ -136,9 +138,13 @@ module ActionController end end + def named_helper_module_eval(code, *args) + @module.module_eval(code, *args) + end + def define_hash_access(route, name, kind, options) selector = hash_access_name(name, kind) - @module.module_eval <<-end_eval # We use module_eval to avoid leaks + named_helper_module_eval <<-end_eval # We use module_eval to avoid leaks def #{selector}(options = nil) options ? #{options.inspect}.merge(options) : #{options.inspect} end @@ -166,8 +172,9 @@ module ActionController # # foo_url(bar, baz, bang, :sort_by => 'baz') # - @module.module_eval <<-end_eval # We use module_eval to avoid leaks + named_helper_module_eval <<-end_eval # We use module_eval to avoid leaks def #{selector}(*args) + #{generate_optimisation_block(route, kind)} opts = if args.empty? || Hash === args.first @@ -182,6 +189,14 @@ module ActionController end url_for(#{hash_access_method}(opts)) + + end + #Add an alias to support the now deprecated formatted_* URL. + def formatted_#{selector}(*args) + ActiveSupport::Deprecation.warn( + "formatted_#{selector}() has been deprecated. please pass format to the standard" + + "#{selector}() method instead.", caller) + #{selector}(*args) end protected :#{selector} end_eval @@ -189,9 +204,11 @@ module ActionController end end - attr_accessor :routes, :named_routes, :configuration_file + attr_accessor :routes, :named_routes, :configuration_files def initialize + self.configuration_files = [] + self.routes = [] self.named_routes = NamedRouteCollection.new @@ -205,7 +222,6 @@ module ActionController end def draw - clear! yield Mapper.new(self) install_helpers end @@ -229,8 +245,22 @@ module ActionController routes.empty? end + def add_configuration_file(path) + self.configuration_files << path + end + + # Deprecated accessor + def configuration_file=(path) + add_configuration_file(path) + end + + # Deprecated accessor + def configuration_file + configuration_files + end + def load! - Routing.use_controllers! nil # Clear the controller cache so we may discover new ones + Routing.use_controllers!(nil) # Clear the controller cache so we may discover new ones clear! load_routes! end @@ -239,24 +269,39 @@ module ActionController alias reload! load! def reload - if @routes_last_modified && configuration_file - mtime = File.stat(configuration_file).mtime - # if it hasn't been changed, then just return - return if mtime == @routes_last_modified - # if it has changed then record the new time and fall to the load! below - @routes_last_modified = mtime + if configuration_files.any? && @routes_last_modified + if routes_changed_at == @routes_last_modified + return # routes didn't change, don't reload + else + @routes_last_modified = routes_changed_at + end end + load! end def load_routes! - if configuration_file - load configuration_file - @routes_last_modified = File.stat(configuration_file).mtime + if configuration_files.any? + configuration_files.each { |config| load(config) } + @routes_last_modified = routes_changed_at else add_route ":controller/:action/:id" end end + + def routes_changed_at + routes_changed_at = nil + + configuration_files.each do |config| + config_changed_at = File.stat(config).mtime + + if routes_changed_at.nil? || config_changed_at > routes_changed_at + routes_changed_at = config_changed_at + end + end + + routes_changed_at + end def add_route(path, options = {}) route = builder.build(path, options) @@ -358,7 +403,7 @@ module ActionController end # don't use the recalled keys when determining which routes to check - routes = routes_by_controller[controller][action][options.keys.sort_by { |x| x.object_id }] + routes = routes_by_controller[controller][action][options.reject {|k,v| !v}.keys.sort_by { |x| x.object_id }] routes.each do |route| results = route.__send__(method, options, merged, expire_on) diff --git a/actionpack/lib/action_controller/routing/routing_ext.rb b/actionpack/lib/action_controller/routing/routing_ext.rb index 5f4ba90d0c..4a82b2af5f 100644 --- a/actionpack/lib/action_controller/routing/routing_ext.rb +++ b/actionpack/lib/action_controller/routing/routing_ext.rb @@ -27,6 +27,10 @@ class Regexp #:nodoc: Regexp.new("|#{source}").match('').captures.length end + def multiline? + options & MULTILINE == MULTILINE + end + class << self def optionalize(pattern) case unoptionalize(pattern) diff --git a/actionpack/lib/action_controller/routing/segments.rb b/actionpack/lib/action_controller/routing/segments.rb index e5f174ae2c..5dda3d4d00 100644 --- a/actionpack/lib/action_controller/routing/segments.rb +++ b/actionpack/lib/action_controller/routing/segments.rb @@ -13,6 +13,10 @@ module ActionController @is_optional = false end + def number_of_captures + Regexp.new(regexp_chunk).number_of_captures + end + def extraction_code nil end @@ -84,6 +88,10 @@ module ActionController optional? ? Regexp.optionalize(chunk) : chunk end + def number_of_captures + 0 + end + def build_pattern(pattern) escaped = Regexp.escape(value) if optional? && ! pattern.empty? @@ -194,10 +202,16 @@ module ActionController end end + def number_of_captures + if regexp + regexp.number_of_captures + 1 + else + 1 + end + end + def build_pattern(pattern) - chunk = regexp_chunk - chunk = "(#{chunk})" if Regexp.new(chunk).number_of_captures == 0 - pattern = "#{chunk}#{pattern}" + pattern = "#{regexp_chunk}#{pattern}" optional? ? Regexp.optionalize(pattern) : pattern end @@ -230,6 +244,10 @@ module ActionController "(?i-:(#{(regexp || Regexp.union(*possible_names)).source}))" end + def number_of_captures + 1 + end + # Don't URI.escape the controller name since it may contain slashes. def interpolation_chunk(value_code = local_name) "\#{#{value_code}.to_s}" @@ -275,6 +293,10 @@ module ActionController regexp || "(.*)" end + def number_of_captures + regexp ? regexp.number_of_captures : 1 + end + def optionality_implied? true end @@ -286,5 +308,36 @@ module ActionController end end end + + # The OptionalFormatSegment allows for any resource route to have an optional + # :format, which decreases the amount of routes created by 50%. + class OptionalFormatSegment < DynamicSegment + + def initialize(key = nil, options = {}) + super(:format, {:optional => true}.merge(options)) + end + + def interpolation_chunk + "." + super + end + + def regexp_chunk + '(\.[^/?\.]+)?' + end + + def to_s + '(.:format)?' + end + + #the value should not include the period (.) + def match_extraction(next_capture) + %[ + if (m = match[#{next_capture}]) + params[:#{key}] = URI.unescape(m.from(1)) + end + ] + end + end + end end diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index f2fb200950..ea0ea4f841 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -1,6 +1,5 @@ require 'cgi' require 'cgi/session' -require 'openssl' # to generate the HMAC message digest # This cookie-based session store is the Rails default. Sessions typically # contain at most a user_id and flash message; both fit within the 4K cookie @@ -121,32 +120,20 @@ class CGI::Session::CookieStore write_cookie('value' => nil, 'expires' => 1.year.ago) end - # Generate the HMAC keyed message digest. Uses SHA1 by default. - def generate_digest(data) - key = @secret.respond_to?(:call) ? @secret.call(@session) : @secret - OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(@digest), key, data) - end - private # Marshal a session hash into safe cookie data. Include an integrity hash. def marshal(session) - data = ActiveSupport::Base64.encode64s(Marshal.dump(session)) - "#{data}--#{generate_digest(data)}" + verifier.generate(session) end # Unmarshal cookie data to a hash and verify its integrity. def unmarshal(cookie) if cookie - data, digest = cookie.split('--') - - # Do two checks to transparently support old double-escaped data. - unless digest == generate_digest(data) || digest == generate_digest(data = CGI.unescape(data)) - delete - raise TamperedWithCookie - end - - Marshal.load(ActiveSupport::Base64.decode64(data)) + verifier.verify(cookie) end + rescue ActiveSupport::MessageVerifier::InvalidSignature + delete + raise TamperedWithCookie end # Read the session data cookie. @@ -164,4 +151,13 @@ class CGI::Session::CookieStore def clear_old_cookie_value @session.cgi.cookies[@cookie_options['name']].clear end + + def verifier + if @secret.respond_to?(:call) + key = @secret.call + else + key = @secret + end + ActiveSupport::MessageVerifier.new(key, @digest) + end end diff --git a/actionpack/lib/action_controller/session_management.rb b/actionpack/lib/action_controller/session_management.rb index fd3d94ed97..60a9aec39c 100644 --- a/actionpack/lib/action_controller/session_management.rb +++ b/actionpack/lib/action_controller/session_management.rb @@ -1,10 +1,3 @@ -require 'action_controller/session/cookie_store' -require 'action_controller/session/drb_store' -require 'action_controller/session/mem_cache_store' -if Object.const_defined?(:ActiveRecord) - require 'action_controller/session/active_record_store' -end - module ActionController #:nodoc: module SessionManagement #:nodoc: def self.included(base) diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index 4fc60f0697..79a8e1364d 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -1,20 +1,6 @@ require 'active_support/test_case' module ActionController - class NonInferrableControllerError < ActionControllerError - def initialize(name) - @name = name - super "Unable to determine the controller to test from #{name}. " + - "You'll need to specify it using 'tests YourController' in your " + - "test case definition. This could mean that #{inferred_controller_name} does not exist " + - "or it contains syntax errors" - end - - def inferred_controller_name - @name.sub(/Test$/, '') - end - end - # Superclass for ActionController functional tests. Functional tests allow you to # test a single controller action per test method. This should not be confused with # integration tests (see ActionController::IntegrationTest), which are more like @@ -74,7 +60,66 @@ module ActionController # class SpecialEdgeCaseWidgetsControllerTest < ActionController::TestCase # tests WidgetController # end + # + # == Testing controller internals + # + # In addition to these specific assertions, you also have easy access to various collections that the regular test/unit assertions + # can be used against. These collections are: + # + # * assigns: Instance variables assigned in the action that are available for the view. + # * session: Objects being saved in the session. + # * flash: The flash objects currently in the session. + # * cookies: Cookies being sent to the user on this request. + # + # These collections can be used just like any other hash: + # + # assert_not_nil assigns(:person) # makes sure that a @person instance variable was set + # assert_equal "Dave", cookies[:name] # makes sure that a cookie called :name was set as "Dave" + # assert flash.empty? # makes sure that there's nothing in the flash + # + # For historic reasons, the assigns hash uses string-based keys. So assigns[:person] won't work, but assigns["person"] will. To + # appease our yearning for symbols, though, an alternative accessor has been devised using a method call instead of index referencing. + # So assigns(:person) will work just like assigns["person"], but again, assigns[:person] will not work. + # + # On top of the collections, you have the complete url that a given action redirected to available in redirect_to_url. + # + # For redirects within the same controller, you can even call follow_redirect and the redirect will be followed, triggering another + # action call which can then be asserted against. + # + # == Manipulating the request collections + # + # The collections described above link to the response, so you can test if what the actions were expected to do happened. But + # sometimes you also want to manipulate these collections in the incoming request. This is really only relevant for sessions + # and cookies, though. For sessions, you just do: + # + # @request.session[:key] = "value" + # + # For cookies, you need to manually create the cookie, like this: + # + # @request.cookies["key"] = CGI::Cookie.new("key", "value") + # + # == Testing named routes + # + # If you're using named routes, they can be easily tested using the original named routes' methods straight in the test case. + # Example: + # + # assert_redirected_to page_url(:title => 'foo') class TestCase < ActiveSupport::TestCase + module Assertions + %w(response selector tag dom routing model).each do |kind| + include ActionController::Assertions.const_get("#{kind.camelize}Assertions") + end + + def clean_backtrace(&block) + yield + rescue ActiveSupport::TestCase::Assertion => error + framework_path = Regexp.new(File.expand_path("#{File.dirname(__FILE__)}/assertions")) + error.backtrace.reject! { |line| File.expand_path(line) =~ framework_path } + raise + end + end + include Assertions + # When the request.remote_addr remains the default for testing, which is 0.0.0.0, the exception is simply raised inline # (bystepping the regular exception handling from rescue_action). If the request.remote_addr is anything else, the regular # rescue_action process takes place. This means you can test your rescue_action code by setting remote_addr to something else @@ -107,7 +152,7 @@ module ActionController end def controller_class=(new_class) - prepare_controller_class(new_class) + prepare_controller_class(new_class) if new_class write_inheritable_attribute(:controller_class, new_class) end @@ -122,7 +167,7 @@ module ActionController def determine_default_controller_class(name) name.sub(/Test$/, '').constantize rescue NameError - raise NonInferrableControllerError.new(name) + nil end def prepare_controller_class(new_class) @@ -131,17 +176,23 @@ module ActionController end def setup_controller_request_and_response - @controller = self.class.controller_class.new - @controller.request = @request = TestRequest.new + @request = TestRequest.new @response = TestResponse.new - @controller.params = {} - @controller.send(:initialize_current_url) + if klass = self.class.controller_class + @controller ||= klass.new rescue nil + end + + if @controller + @controller.request = @request + @controller.params = {} + @controller.send(:initialize_current_url) + end end # Cause the action to be rescued according to the regular rules for rescue_action when the visitor is not local def rescue_action_in_public! @request.remote_addr = '208.77.188.166' # example.com end - end + end end diff --git a/actionpack/lib/action_controller/test_process.rb b/actionpack/lib/action_controller/test_process.rb index 7a31f0e8d5..cd3914f011 100644 --- a/actionpack/lib/action_controller/test_process.rb +++ b/actionpack/lib/action_controller/test_process.rb @@ -1,4 +1,3 @@ -require 'action_controller/assertions' require 'action_controller/test_case' module ActionController #:nodoc: @@ -201,6 +200,11 @@ module ActionController #:nodoc: alias_method :server_error?, :error? + # Was there a client client? + def client_error? + (400..499).include?(response_code) + end + # Returns the redirection location or nil def redirect_url headers['Location'] @@ -284,7 +288,7 @@ module ActionController #:nodoc: # See AbstractResponse for more information on controller response objects. class TestResponse < AbstractResponse include TestResponseBehavior - + def recycle! headers.delete('ETag') headers.delete('Last-Modified') @@ -333,10 +337,10 @@ module ActionController #:nodoc: # a file upload. # # Usage example, within a functional test: - # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(Test::Unit::TestCase.fixture_path + '/files/spongebob.png', 'image/png') + # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + '/files/spongebob.png', 'image/png') # # Pass a true third parameter to ensure the uploaded file is opened in binary mode (only required for Windows): - # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(Test::Unit::TestCase.fixture_path + '/files/spongebob.png', 'image/png', :binary) + # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + '/files/spongebob.png', 'image/png', :binary) require 'tempfile' class TestUploadedFile # The filename, *not* including the path, of the "uploaded" file @@ -395,6 +399,7 @@ module ActionController #:nodoc: @html_document = nil @request.env['REQUEST_METHOD'] ||= "GET" + @request.action = action.to_s parameters ||= {} @@ -463,15 +468,15 @@ module ActionController #:nodoc: html_document.find_all(conditions) end - def method_missing(selector, *args) - if ActionController::Routing::Routes.named_routes.helpers.include?(selector) - @controller.send(selector, *args) + def method_missing(selector, *args, &block) + if @controller && ActionController::Routing::Routes.named_routes.helpers.include?(selector) + @controller.send(selector, *args, &block) else super end end - # Shortcut for <tt>ActionController::TestUploadedFile.new(Test::Unit::TestCase.fixture_path + path, type)</tt>: + # Shortcut for <tt>ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + path, type)</tt>: # # post :change_avatar, :avatar => fixture_file_upload('/files/spongebob.png', 'image/png') # @@ -480,11 +485,7 @@ module ActionController #:nodoc: # # post :change_avatar, :avatar => fixture_file_upload('/files/spongebob.png', 'image/png', :binary) def fixture_file_upload(path, mime_type = nil, binary = false) - ActionController::TestUploadedFile.new( - Test::Unit::TestCase.respond_to?(:fixture_path) ? Test::Unit::TestCase.fixture_path + path : path, - mime_type, - binary - ) + ActionController::TestUploadedFile.new("#{ActionController::TestCase.try(:fixture_path)}#{path}", mime_type, binary) end # A helper to make it easier to test different route configurations. diff --git a/actionpack/lib/action_controller/vendor/html-scanner.rb b/actionpack/lib/action_controller/vendor/html-scanner.rb new file mode 100644 index 0000000000..f622d195ee --- /dev/null +++ b/actionpack/lib/action_controller/vendor/html-scanner.rb @@ -0,0 +1,16 @@ +$LOAD_PATH << "#{File.dirname(__FILE__)}/html-scanner" + +module HTML + autoload :CDATA, 'html/node' + autoload :Document, 'html/document' + autoload :FullSanitizer, 'html/sanitizer' + autoload :LinkSanitizer, 'html/sanitizer' + autoload :Node, 'html/node' + autoload :Sanitizer, 'html/sanitizer' + autoload :Selector, 'html/selector' + autoload :Tag, 'html/node' + autoload :Text, 'html/node' + autoload :Tokenizer, 'html/tokenizer' + autoload :Version, 'html/version' + autoload :WhiteListSanitizer, 'html/sanitizer' +end diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb index 12c8405101..ae20f9947c 100644 --- a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +++ b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb @@ -160,7 +160,7 @@ module HTML if !options[:attributes].include?(attr_name) || contains_bad_protocols?(attr_name, value) node.attributes.delete(attr_name) else - node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(value) + node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(CGI::unescapeHTML(value)) end end end |