6 files changed, 31 insertions, 24 deletions

diff --git a/actionpack/lib/action_dispatch/http/cache.rb b/actionpack/lib/action_dispatch/http/cache.rb
index a8febc32b3..a7c7cfc1e5 100644
--- a/actionpack/lib/action_dispatch/http/cache.rb
+++ b/actionpack/lib/action_dispatch/http/cache.rb
@@ -202,13 +202,17 @@ module ActionDispatch
               self._cache_control = _cache_control + ", #{control[:extras].join(', ')}"
             end
           else
-            extras  = control[:extras]
+            extras = control[:extras]
             max_age = control[:max_age]
+            stale_while_revalidate = control[:stale_while_revalidate]
+            stale_if_error = control[:stale_if_error]
 
             options = []
             options << "max-age=#{max_age.to_i}" if max_age
             options << (control[:public] ? PUBLIC : PRIVATE)
             options << MUST_REVALIDATE if control[:must_revalidate]
+            options << "stale-while-revalidate=#{stale_while_revalidate.to_i}" if stale_while_revalidate
+            options << "stale-if-error=#{stale_if_error.to_i}" if stale_if_error
             options.concat(extras) if extras
 
             self._cache_control = options.join(", ")
diff --git a/actionpack/lib/action_dispatch/http/headers.rb b/actionpack/lib/action_dispatch/http/headers.rb
index c3c2a9d8c5..6c7d24d2d0 100644
--- a/actionpack/lib/action_dispatch/http/headers.rb
+++ b/actionpack/lib/action_dispatch/http/headers.rb
@@ -121,7 +121,7 @@ module ActionDispatch
         # not contained within the headers hash.
         def env_name(key)
           key = key.to_s
-          if key =~ HTTP_HEADER
+          if HTTP_HEADER.match?(key)
             key = key.upcase.tr("-", "_")
             key = "HTTP_" + key unless CGI_VARIABLES.include?(key)
           end
diff --git a/actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
index d7435fa8df..be129965d1 100644
--- a/actionpack/lib/action_dispatch/http/mime_negotiation.rb
+++ b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
@@ -85,10 +85,7 @@ module ActionDispatch
         if variant.all? { |v| v.is_a?(Symbol) }
           @variant = ActiveSupport::ArrayInquirer.new(variant)
         else
-          raise ArgumentError, "request.variant must be set to a Symbol or an Array of Symbols. " \
-            "For security reasons, never directly set the variant to a user-provided value, " \
-            "like params[:variant].to_sym. Check user-provided value against a whitelist first, " \
-            "then set the variant: request.variant = :tablet if params[:variant] == 'tablet'"
+          raise ArgumentError, "request.variant must be set to a Symbol or an Array of Symbols."
         end
       end
 
diff --git a/actionpack/lib/action_dispatch/http/parameter_filter.rb b/actionpack/lib/action_dispatch/http/parameter_filter.rb
index 1d58964862..09aab631ed 100644
--- a/actionpack/lib/action_dispatch/http/parameter_filter.rb
+++ b/actionpack/lib/action_dispatch/http/parameter_filter.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "active_support/core_ext/object/duplicable"
+require "active_support/core_ext/array/extract"
 
 module ActionDispatch
   module Http
@@ -38,8 +39,8 @@ module ActionDispatch
             end
           end
 
-          deep_regexps, regexps = regexps.partition { |r| r.to_s.include?("\\.".freeze) }
-          deep_strings, strings = strings.partition { |s| s.include?("\\.".freeze) }
+          deep_regexps = regexps.extract! { |r| r.to_s.include?("\\.".freeze) }
+          deep_strings = strings.extract! { |s| s.include?("\\.".freeze) }
 
           regexps << Regexp.new(strings.join("|".freeze), true) unless strings.empty?
           deep_regexps << Regexp.new(deep_strings.join("|".freeze), true) unless deep_strings.empty?
@@ -55,23 +56,23 @@ module ActionDispatch
           @blocks = blocks
         end
 
-        def call(original_params, parents = [])
-          filtered_params = original_params.class.new
+        def call(params, parents = [], original_params = params)
+          filtered_params = params.class.new
 
-          original_params.each do |key, value|
+          params.each do |key, value|
             parents.push(key) if deep_regexps
             if regexps.any? { |r| key =~ r }
               value = FILTERED
             elsif deep_regexps && (joined = parents.join(".")) && deep_regexps.any? { |r| joined =~ r }
               value = FILTERED
             elsif value.is_a?(Hash)
-              value = call(value, parents)
+              value = call(value, parents, original_params)
             elsif value.is_a?(Array)
-              value = value.map { |v| v.is_a?(Hash) ? call(v, parents) : v }
+              value = value.map { |v| v.is_a?(Hash) ? call(v, parents, original_params) : v }
             elsif blocks.any?
               key = key.dup if key.duplicable?
               value = value.dup if value.duplicable?
-              blocks.each { |b| b.call(key, value) }
+              blocks.each { |b| b.arity == 2 ? b.call(key, value) : b.call(key, value, original_params) }
             end
             parents.pop if deep_regexps
 
diff --git a/actionpack/lib/action_dispatch/http/response.rb b/actionpack/lib/action_dispatch/http/response.rb
index 7e50cb6d23..885dc0ecba 100644
--- a/actionpack/lib/action_dispatch/http/response.rb
+++ b/actionpack/lib/action_dispatch/http/response.rb
@@ -224,16 +224,6 @@ module ActionDispatch # :nodoc:
       @status = Rack::Utils.status_code(status)
     end
 
-    # Sets the HTTP content type.
-    def content_type=(content_type)
-      return unless content_type
-      new_header_info = parse_content_type(content_type.to_s)
-      prev_header_info = parsed_content_type_header
-      charset = new_header_info.charset || prev_header_info.charset
-      charset ||= self.class.default_charset unless prev_header_info.mime_type
-      set_content_type new_header_info.mime_type, charset
-    end
-
     # Sets the HTTP response's content MIME type. For example, in the controller
     # you could write this:
     #
@@ -242,7 +232,17 @@ module ActionDispatch # :nodoc:
     # If a character set has been defined for this response (see charset=) then
     # the character set information will also be included in the content type
     # information.
+    def content_type=(content_type)
+      return unless content_type
+      new_header_info = parse_content_type(content_type.to_s)
+      prev_header_info = parsed_content_type_header
+      charset = new_header_info.charset || prev_header_info.charset
+      charset ||= self.class.default_charset unless prev_header_info.mime_type
+      set_content_type new_header_info.mime_type, charset
+    end
 
+    # Content type of response.
+    # It returns just MIME type and does NOT contain charset part.
     def content_type
       parsed_content_type_header.mime_type
     end
diff --git a/actionpack/lib/action_dispatch/http/upload.rb b/actionpack/lib/action_dispatch/http/upload.rb
index 0b162dc7f1..827f022ca2 100644
--- a/actionpack/lib/action_dispatch/http/upload.rb
+++ b/actionpack/lib/action_dispatch/http/upload.rb
@@ -65,6 +65,11 @@ module ActionDispatch
         @tempfile.path
       end
 
+      # Shortcut for +tempfile.to_path+.
+      def to_path
+        @tempfile.to_path
+      end
+
       # Shortcut for +tempfile.rewind+.
       def rewind
         @tempfile.rewind