6 files changed, 26 insertions, 19 deletions

diff --git a/actionpack/lib/action_view/helpers/date_helper.rb b/actionpack/lib/action_view/helpers/date_helper.rb
index 6f387bc95a..7d7b6a1d91 100644
--- a/actionpack/lib/action_view/helpers/date_helper.rb
+++ b/actionpack/lib/action_view/helpers/date_helper.rb
@@ -896,8 +896,10 @@ module ActionView
         # Returns the separator for a given datetime component
         def separator(type)
           case type
-            when :month, :day
-              @options[:date_separator]
+            when :month
+              @options[:discard_month] ? "" : @options[:date_separator]
+            when :day
+              @options[:discard_day] ? "" : @options[:date_separator]
             when :hour
               (@options[:discard_year] && @options[:discard_day]) ? "" : @options[:datetime_separator]
             when :minute
diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb
index a8887a804e..8efed98bd2 100644
--- a/actionpack/lib/action_view/helpers/form_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_helper.rb
@@ -303,7 +303,7 @@ module ActionView
           args.unshift object
         end
 
-        options[:html][:remote] = true if options.delete(:remote)
+        (options[:html] ||= {})[:remote] = true if options.delete(:remote)
 
         output = form_tag(options.delete(:url) || {}, options.delete(:html) || {})
         output << fields_for(object_name, *(args << options), &proc)
diff --git a/actionpack/lib/action_view/helpers/form_options_helper.rb b/actionpack/lib/action_view/helpers/form_options_helper.rb
index c564d30302..6f9d14de8b 100644
--- a/actionpack/lib/action_view/helpers/form_options_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_options_helper.rb
@@ -399,7 +399,7 @@ module ActionView
           options_for_select += "<optgroup label=\"#{html_escape(group_label_string)}\">"
           options_for_select += options_from_collection_for_select(eval("group.#{group_method}"), option_key_method, option_value_method, selected_key)
           options_for_select += '</optgroup>'
-        end
+        end.html_safe
       end
 
       # Returns a string of <tt><option></tt> tags, like <tt>options_for_select</tt>, but
diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb
index 9afa989453..0be8a2c36e 100644
--- a/actionpack/lib/action_view/helpers/text_helper.rb
+++ b/actionpack/lib/action_view/helpers/text_helper.rb
@@ -40,7 +40,10 @@ module ActionView
       # for a total length not exceeding <tt>:length</tt>.
       #
       # Pass a <tt>:separator</tt> to truncate +text+ at a natural break.
-      # Pass a <tt>:safe</tt> value as "true" to not to escape the content. 
+      #
+      # The result is not marked as HTML-safe, so will be subject to the default escaping when
+      # used in views, unless wrapped by <tt>raw()</tt>. Care should be taken if +text+ contains HTML tags
+      # or entities, because truncation may produce invalid HTML (such as unbalanced or incomplete tags).
       #
       # ==== Examples
       #
@@ -57,12 +60,6 @@ module ActionView
       #   # => "And they f... (continued)"
       #
       #   truncate("<p>Once upon a time in a world far far away</p>")
-      #   # => "&lt;p&gt;Once upon a time i..."
-      #
-      #   truncate("<p>Once upon a time in a world far far away</p>", :safe => true)
-      #   # => "<p>Once upon a time in a wo..."
-      #
-      #   truncate("<p>Once upon a time in a world far far away</p>".html_safe)
       #   # => "<p>Once upon a time in a wo..."
       #
       # You can still use <tt>truncate</tt> with the old API that accepts the
@@ -85,7 +82,6 @@ module ActionView
 
         options.reverse_merge!(:length => 30)
 
-        text = h(text) unless text.html_safe? || options[:safe]
         text.truncate(options.delete(:length), options) if text
       end
 
@@ -117,13 +113,13 @@ module ActionView
         end
         options.reverse_merge!(:highlighter => '<strong class="highlight">\1</strong>')
 
-        text = h(text) unless text.html_safe? || options[:safe]
+        text = sanitize(text) unless options[:sanitize] == false
         if text.blank? || phrases.blank?
           text
         else
           match = Array(phrases).map { |p| Regexp.escape(p) }.join('|')
           text.gsub(/(#{match})(?!(?:[^<]*?)(?:["'])[^<>]*>)/i, options[:highlighter])
-        end
+        end.html_safe
       end
 
       # Extracts an excerpt from +text+ that matches the first instance of +phrase+.
@@ -253,9 +249,9 @@ module ActionView
       #   simple_format("Look ma! A class!", :class => 'description')
       #   # => "<p class='description'>Look ma! A class!</p>"
       def simple_format(text, html_options={}, options={})
-        text = '' if text.nil?
+        text = ''.html_safe if text.nil?
         start_tag = tag('p', html_options, true)
-        text = h(text) unless text.html_safe? || options[:safe]
+        text = sanitize(text) unless options[:sanitize] == false
         text.gsub!(/\r\n?/, "\n")                    # \r\n and \r -> \n
         text.gsub!(/\n\n+/, "</p>\n\n#{start_tag}")  # 2+ newline  -> paragraph
         text.gsub!(/([^\n]\n)(?=[^\n])/, '\1<br />') # 1 newline   -> br
@@ -499,7 +495,11 @@ module ActionView
               link_text = block_given?? yield(href) : href
               href = 'http://' + href unless scheme
 
-              content_tag(:a, link_text, link_attributes.merge('href' => href), !(options[:safe] || text.html_safe?)) + punctuation.reverse.join('')
+              unless options[:sanitize] == false
+                link_text = sanitize(link_text)
+                href      = sanitize(href)
+              end
+              content_tag(:a, link_text, link_attributes.merge('href' => href), !!options[:sanitize]) + punctuation.reverse.join('')
             end
           end.html_safe
         end
@@ -514,7 +514,11 @@ module ActionView
               text.html_safe
             else
               display_text = (block_given?) ? yield(text) : text
-              display_text = h(display_text) unless options[:safe]
+
+              unless options[:sanitize] == false
+                text         = sanitize(text)
+                display_text = sanitize(display_text) unless text == display_text
+              end
               mail_to text, display_text, html_options
             end
           end
diff --git a/actionpack/lib/action_view/render/partials.rb b/actionpack/lib/action_view/render/partials.rb
index a2c191c580..459aae94a2 100644
--- a/actionpack/lib/action_view/render/partials.rb
+++ b/actionpack/lib/action_view/render/partials.rb
@@ -318,7 +318,7 @@ module ActionView
 
           object.class.model_name.partial_path.dup.tap do |partial|
             path = @view.controller_path
-            partial.insert(0, "#{File.dirname(path)}/") if path.include?(?/)
+            partial.insert(0, "#{File.dirname(path)}/") if partial.include?(?/) && path.include?(?/)
           end
         end
       end
diff --git a/actionpack/lib/action_view/test_case.rb b/actionpack/lib/action_view/test_case.rb
index dc7f901f07..b698b4cfec 100644
--- a/actionpack/lib/action_view/test_case.rb
+++ b/actionpack/lib/action_view/test_case.rb
@@ -85,6 +85,7 @@ module ActionView
 
       def setup_with_controller
         @controller = ActionView::TestCase::TestController.new
+        @request = @controller.request
         @output_buffer = ActiveSupport::SafeBuffer.new
         @rendered = ''