3 files changed, 32 insertions, 14 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index b7687ca100..139706ecb9 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -181,7 +181,7 @@ module ActionDispatch
     # to the Message{Encryptor,Verifier} allows us to handle the
     # (de)serialization step within the cookie jar, which gives us the
     # opportunity to detect and migrate legacy cookies.
-    module VerifyAndUpgradeLegacySignedMessage
+    module VerifyAndUpgradeLegacySignedMessage # :nodoc:
       def initialize(*args)
         super
         @legacy_verifier = ActiveSupport::MessageVerifier.new(@options[:secret_token], serializer: ActiveSupport::MessageEncryptor::NullSerializer)
@@ -392,7 +392,7 @@ module ActionDispatch
       end
     end
 
-    class JsonSerializer
+    class JsonSerializer # :nodoc:
       def self.load(value)
         ActiveSupport::JSON.decode(value)
       end
@@ -402,7 +402,7 @@ module ActionDispatch
       end
     end
 
-    module SerializedCookieJars
+    module SerializedCookieJars # :nodoc:
       MARSHAL_SIGNATURE = "\x04\x08".freeze
 
       protected
@@ -454,12 +454,16 @@ module ActionDispatch
         @verifier = ActiveSupport::MessageVerifier.new(secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end
 
+      # Returns the value of the cookie by +name+ if it is untampered,
+      # returns +nil+ otherwise or if no such cookie exists.
       def [](name)
         if signed_message = @parent_jar[name]
           deserialize name, verify(signed_message)
         end
       end
 
+      # Signs and Sets the cookie named +name+. The second argument may be the cookie's
+      # value or a hash of options as documented above.
       def []=(name, options)
         if options.is_a?(Hash)
           options.symbolize_keys!
@@ -482,8 +486,8 @@ module ActionDispatch
 
     # UpgradeLegacySignedCookieJar is used instead of SignedCookieJar if
     # secrets.secret_token and secrets.secret_key_base are both set. It reads
-    # legacy cookies signed with the old dummy key generator and re-saves
-    # them using the new key generator to provide a smooth upgrade path.
+    # legacy cookies signed with the old dummy key generator and signs and
+    # re-saves them using the new key generator to provide a smooth upgrade path.
     class UpgradeLegacySignedCookieJar < SignedCookieJar #:nodoc:
       include VerifyAndUpgradeLegacySignedMessage
 
@@ -511,12 +515,16 @@ module ActionDispatch
         @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end
 
+      # Returns the value of the cookie by +name+ if it is untampered,
+      # returns +nil+ otherwise or if no such cookie exists.
       def [](name)
         if encrypted_message = @parent_jar[name]
           deserialize name, decrypt_and_verify(encrypted_message)
         end
       end
 
+      # Encrypts and Sets the cookie named +name+. The second argument may be the cookie's
+      # value or a hash of options as documented above.
       def []=(name, options)
         if options.is_a?(Hash)
           options.symbolize_keys!
diff --git a/actionpack/lib/action_dispatch/middleware/public_exceptions.rb b/actionpack/lib/action_dispatch/middleware/public_exceptions.rb
index 040cb215b7..7cde76b30e 100644
--- a/actionpack/lib/action_dispatch/middleware/public_exceptions.rb
+++ b/actionpack/lib/action_dispatch/middleware/public_exceptions.rb
@@ -17,10 +17,10 @@ module ActionDispatch
     end
 
     def call(env)
-      status       = env["PATH_INFO"][1..-1]
+      status       = env["PATH_INFO"][1..-1].to_i
       request      = ActionDispatch::Request.new(env)
       content_type = request.formats.first
-      body         = { :status => status, :error => Rack::Utils::HTTP_STATUS_CODES.fetch(status.to_i, Rack::Utils::HTTP_STATUS_CODES[500]) }
+      body         = { :status => status, :error => Rack::Utils::HTTP_STATUS_CODES.fetch(status, Rack::Utils::HTTP_STATUS_CODES[500]) }
 
       render(status, content_type, body)
     end
diff --git a/actionpack/lib/action_dispatch/middleware/static.rb b/actionpack/lib/action_dispatch/middleware/static.rb
index 2e1bd45c3d..c47e5d5245 100644
--- a/actionpack/lib/action_dispatch/middleware/static.rb
+++ b/actionpack/lib/action_dispatch/middleware/static.rb
@@ -3,15 +3,15 @@ require 'active_support/core_ext/uri'
 
 module ActionDispatch
   # This middleware returns a file's contents from disk in the body response.
-  # When initialized it can accept an optional 'Cache-Control' header which
+  # When initialized, it can accept an optional 'Cache-Control' header, which
   # will be set when a response containing a file's contents is delivered.
   #
   # This middleware will render the file specified in `env["PATH_INFO"]`
-  # where the base path is in the +root+ directory. For example if the +root+
-  # is set to `public/` then a request with `env["PATH_INFO"]` of
-  # `assets/application.js` will return a response with contents of a file
+  # where the base path is in the +root+ directory. For example, if the +root+
+  # is set to `public/`, then a request with `env["PATH_INFO"]` of
+  # `assets/application.js` will return a response with the contents of a file
   # located at `public/assets/application.js` if the file exists. If the file
-  # does not exist a 404 "File not Found" response will be returned.
+  # does not exist, a 404 "File not Found" response will be returned.
   class FileHandler
     def initialize(root, cache_control)
       @root          = root.chomp('/')
@@ -20,6 +20,13 @@ module ActionDispatch
       @file_server = ::Rack::File.new(@root, headers)
     end
 
+
+    # Takes a path to a file. If the file is found, has valid encoding, and has
+    # correct read permissions, the return value is a URI-escaped string
+    # representing the filename. Otherwise, false is returned.
+    #
+    # Used by the `Static` class to check the existence of a valid file
+    # in the server's `public/` directory. (See Static#call)
     def match?(path)
       path = URI.parser.unescape(path)
       return false unless path.valid_encoding?
@@ -28,7 +35,7 @@ module ActionDispatch
       paths = [path, "#{path}#{ext}", "#{path}/index#{ext}"]
 
       if match = paths.detect { |p|
-        path = File.join(@root, p)
+        path = File.join(@root, p.force_encoding('UTF-8'))
         begin
           File.file?(path) && File.readable?(path)
         rescue SystemCallError
@@ -47,6 +54,9 @@ module ActionDispatch
       if gzip_path && gzip_encoding_accepted?(env)
         env['PATH_INFO']            = gzip_path
         status, headers, body       = @file_server.call(env)
+        if status == 304
+          return [status, headers, body]
+        end
         headers['Content-Encoding'] = 'gzip'
         headers['Content-Type']     = content_type(path)
       else
@@ -85,7 +95,7 @@ module ActionDispatch
   end
 
   # This middleware will attempt to return the contents of a file's body from
-  # disk in the response.  If a file is not found on disk, the request will be
+  # disk in the response. If a file is not found on disk, the request will be
   # delegated to the application stack. This middleware is commonly initialized
   # to serve assets from a server's `public/` directory.
   #