10 files changed, 30 insertions, 22 deletions

diff --git a/actionpack/lib/abstract_controller/base.rb b/actionpack/lib/abstract_controller/base.rb
index acdfb33efa..15faabf977 100644
--- a/actionpack/lib/abstract_controller/base.rb
+++ b/actionpack/lib/abstract_controller/base.rb
@@ -255,7 +255,7 @@ module AbstractController
 
       # Checks if the action name is valid and returns false otherwise.
       def _valid_action_name?(action_name)
-        action_name !~ Regexp.new(File::SEPARATOR)
+        !action_name.to_s.include? File::SEPARATOR
       end
   end
 end
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index 3111992f82..5b52c19802 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -121,8 +121,8 @@ module ActionController
 
       def authentication_request(controller, realm)
         controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
-        controller.response_body = "HTTP Basic: Access denied.\n"
         controller.status = 401
+        controller.response_body = "HTTP Basic: Access denied.\n"
       end
     end
 
@@ -256,8 +256,8 @@ module ActionController
       def authentication_request(controller, realm, message = nil)
         message ||= "HTTP Digest: Access denied.\n"
         authentication_header(controller, realm)
-        controller.response_body = message
         controller.status = 401
+        controller.response_body = message
       end
 
       def secret_token(request)
@@ -449,7 +449,7 @@ module ActionController
         authorization_request = request.authorization.to_s
         if authorization_request[TOKEN_REGEX]
           params = token_params_from authorization_request
-          [params.shift.last, Hash[params].with_indifferent_access]
+          [params.shift[1], Hash[params].with_indifferent_access]
         end
       end
 
@@ -464,7 +464,7 @@ module ActionController
 
       # This removes the `"` characters wrapping the value.
       def rewrite_param_values(array_params)
-        array_params.each { |param| param.last.gsub! %r/^"|"$/, '' }
+        array_params.each { |param| (param[1] || "").gsub! %r/^"|"$/, '' }
       end
 
       # This method takes an authorization body and splits up the key-value
diff --git a/actionpack/lib/action_controller/metal/mime_responds.rb b/actionpack/lib/action_controller/metal/mime_responds.rb
index 1974bbf529..00e7e980f8 100644
--- a/actionpack/lib/action_controller/metal/mime_responds.rb
+++ b/actionpack/lib/action_controller/metal/mime_responds.rb
@@ -322,7 +322,7 @@ module ActionController #:nodoc:
     #       end
     #     end
     #
-    # * for a javascript request - if the template isn't found, an exception is
+    # * for a JavaScript request - if the template isn't found, an exception is
     #   raised.
     # * for other requests - i.e. data formats such as xml, json, csv etc, if
     #   the resource passed to +respond_with+ responds to <code>to_<format></code>,
@@ -335,7 +335,7 @@ module ActionController #:nodoc:
     # As outlined above, the +resources+ argument passed to +respond_with+
     # can play two roles. It can be used to generate the redirect url
     # for successful html requests (e.g. for +create+ actions when
-    # no template exists), while for formats other than html and javascript
+    # no template exists), while for formats other than html and JavaScript
     # it is the object that gets rendered, by being converted directly to the
     # required format (again assuming no template exists).
     #
@@ -352,7 +352,7 @@ module ActionController #:nodoc:
     #
     # This would cause +respond_with+ to redirect to <code>project_task_url</code>
     # instead of <code>task_url</code>. For request formats other than html or
-    # javascript, if multiple resources are passed in this way, it is the last
+    # JavaScript, if multiple resources are passed in this way, it is the last
     # one specified that is rendered.
     #
     # === Customizing response behavior
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index c3c3e4c4f1..b70962cf44 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -184,7 +184,12 @@ module ActionController
     #   ActionController::Parameters.new(person: {}).require(:person)
     #   # => ActionController::ParameterMissing: param not found: person
     def require(key)
-      self[key].presence || raise(ParameterMissing.new(key))
+      value = self[key]
+      if value.present? || value == false
+        value
+      else
+        raise ParameterMissing.new(key)
+      end
     end
 
     # Alias of #require.
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index e6695ffc90..b117170514 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -593,7 +593,6 @@ module ActionController
 
         unless @controller.respond_to?(:recycle!)
           @controller.extend(Testing::Functional)
-          @controller.class.class_eval { include Testing }
         end
 
         @request.recycle!
@@ -629,8 +628,11 @@ module ActionController
         @response.prepare!
 
         @assigns = @controller.respond_to?(:view_assigns) ? @controller.view_assigns : {}
-        @request.session['flash'] = @request.flash.to_session_value
-        @request.session.delete('flash') if @request.session['flash'].blank?
+
+        if flash_value = @request.flash.to_session_value
+          @request.session['flash'] = flash_value
+        end
+
         @response
       end
 
diff --git a/actionpack/lib/action_dispatch/http/cache.rb b/actionpack/lib/action_dispatch/http/cache.rb
index f9b278349e..63a3cbc90b 100644
--- a/actionpack/lib/action_dispatch/http/cache.rb
+++ b/actionpack/lib/action_dispatch/http/cache.rb
@@ -92,7 +92,7 @@ module ActionDispatch
         LAST_MODIFIED = "Last-Modified".freeze
         ETAG          = "ETag".freeze
         CACHE_CONTROL = "Cache-Control".freeze
-        SPECIAL_KEYS  = %w[extras no-cache max-age public must-revalidate]
+        SPECIAL_KEYS  = Set.new(%w[extras no-cache max-age public must-revalidate])
 
         def cache_control_segments
           if cache_control = self[CACHE_CONTROL]
diff --git a/actionpack/lib/action_dispatch/http/url.rb b/actionpack/lib/action_dispatch/http/url.rb
index a5858758c6..3997c6ee98 100644
--- a/actionpack/lib/action_dispatch/http/url.rb
+++ b/actionpack/lib/action_dispatch/http/url.rb
@@ -36,13 +36,13 @@ module ActionDispatch
           path  = options[:script_name].to_s.chomp("/")
           path << options[:path].to_s
 
-          add_trailing_slash(path) if options[:trailing_slash]
+          path = add_trailing_slash(path) if options[:trailing_slash]
 
-          result = path
-
-          unless options[:only_path]
-            result.prepend build_host_url(options)
-          end
+          result = if options[:only_path]
+                     path
+                   else
+                     build_host_url(options).concat path
+                   end
 
           if options.key? :params
             params = options[:params].is_a?(Hash) ?
diff --git a/actionpack/lib/action_dispatch/journey/router.rb b/actionpack/lib/action_dispatch/journey/router.rb
index 74fa9ee3a2..fe3fc0a9fa 100644
--- a/actionpack/lib/action_dispatch/journey/router.rb
+++ b/actionpack/lib/action_dispatch/journey/router.rb
@@ -35,6 +35,7 @@ module ActionDispatch
           unless route.path.anchored
             req.script_name = (script_name.to_s + match.to_s).chomp('/')
             req.path_info = match.post_match
+            req.path_info = "/" + req.path_info unless req.path_info.start_with? "/"
           end
 
           req.path_parameters = set_params.merge parameters
diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb
index bdda802195..69535faabd 100644
--- a/actionpack/lib/action_dispatch/routing/route_set.rb
+++ b/actionpack/lib/action_dispatch/routing/route_set.rb
@@ -420,7 +420,7 @@ module ActionDispatch
 
         path = conditions.delete :path_info
         ast  = conditions.delete :parsed_path_info
-        path = build_path(path, ast, requirements, SEPARATORS, anchor)
+        path = build_path(path, ast, requirements, anchor)
         conditions = build_conditions(conditions, path.names.map { |x| x.to_sym })
 
         route = @set.add_route(app, path, conditions, defaults, name)
@@ -428,7 +428,7 @@ module ActionDispatch
         route
       end
 
-      def build_path(path, ast, requirements, separators, anchor)
+      def build_path(path, ast, requirements, anchor)
         strexp = Journey::Router::Strexp.new(
             ast,
             path,
diff --git a/actionpack/lib/action_dispatch/testing/integration.rb b/actionpack/lib/action_dispatch/testing/integration.rb
index af3bc26691..17765d851b 100644
--- a/actionpack/lib/action_dispatch/testing/integration.rb
+++ b/actionpack/lib/action_dispatch/testing/integration.rb
@@ -347,7 +347,7 @@ module ActionDispatch
       # By default, a single session is automatically created for you, but you
       # can use this method to open multiple sessions that ought to be tested
       # simultaneously.
-      def open_session(app = nil)
+      def open_session
         dup.tap do |session|
           yield session if block_given?
         end