6 files changed, 75 insertions, 63 deletions

diff --git a/actionpack/lib/abstract_controller/base.rb b/actionpack/lib/abstract_controller/base.rb
index a84ed17bd4..af5de815bb 100644
--- a/actionpack/lib/abstract_controller/base.rb
+++ b/actionpack/lib/abstract_controller/base.rb
@@ -114,11 +114,6 @@ module AbstractController
       end
     end
 
-    # Define some internal variables that should not be propagated to the view.
-    def self.default_protected_instance_vars
-      []
-    end
-
     abstract!
 
     # Calls the action going through the entire action dispatch stack.
diff --git a/actionpack/lib/abstract_controller/rendering.rb b/actionpack/lib/abstract_controller/rendering.rb
index 41f19fba78..4596aad46c 100644
--- a/actionpack/lib/abstract_controller/rendering.rb
+++ b/actionpack/lib/abstract_controller/rendering.rb
@@ -13,8 +13,15 @@ module AbstractController
   module Rendering
     extend ActiveSupport::Concern
 
-    def self.default_protected_instance_vars
-      super.concat [:@_action_name, :@_response_body, :@_formats, :@_prefixes, :@_config]
+    included do
+      class_attribute :protected_instance_variables
+      self.protected_instance_variables = []
+    end
+
+    # Normalize arguments, options and then delegates render_to_body and
+    # sticks the result in self.response_body.
+    # :api: public
+    def render(*args, &block)
     end
 
     # Raw rendering of a template to a string.
@@ -29,32 +36,37 @@ module AbstractController
     # overridden in order to still return a string.
     # :api: plugin
     def render_to_string(*args, &block)
+      options = _normalize_render(*args, &block)
+      render_to_body(options)
     end
 
     # Raw rendering of a template.
-    # :api: plugin
-    def render_to_body(options = {})
-    end
-
-    # Normalize arguments, options and then delegates render_to_body and
-    # sticks the result in self.response_body.
     # :api: public
-    def render(*args, &block)
+    def render_to_body(options = {})
+      _process_options(options)
+      _render_template(options)
     end
 
     # Return Content-Type of rendered content
     # :api: public
     def rendered_format
+      Mime::TEXT
     end
 
+    DEFAULT_PROTECTED_INSTANCE_VARIABLES = %w(
+      @_action_name @_response_body @_formats @_prefixes @_config
+      @_view_context_class @_view_renderer @_lookup_context
+    )
+
     # This method should return a hash with assigns.
     # You can overwrite this configuration per controller.
     # :api: public
     def view_assigns
       hash = {}
-      (instance_variables - self.class.default_protected_instance_vars).each do |name|
-        hash[name[1..-1]] = instance_variable_get(name)
-      end
+      variables  = instance_variables
+      variables -= protected_instance_variables
+      variables -= DEFAULT_PROTECTED_INSTANCE_VARIABLES
+      variables.each { |name| hash[name[1..-1]] = instance_variable_get(name) }
       hash
     end
 
@@ -76,5 +88,41 @@ module AbstractController
     def _process_options(options)
       options
     end
+
+    # Normalize args and options.
+    # :api: private
+    def _normalize_render(*args, &block)
+      options = _normalize_args(*args, &block)
+      _normalize_options(options)
+      options
+    end
+  end
+
+  # Basic rendering implements the most minimal rendering layer.
+  # It only supports rendering :text and :nothing. Passing any other option will
+  # result in `UnsupportedOperationError` exception. For more functionality like
+  # different formats, layouts etc. you should use `ActionView` gem.
+  module BasicRendering
+    extend ActiveSupport::Concern
+
+    # Render text or nothing (empty string) to response_body
+    # :api: public
+    def render(*args, &block)
+      super(*args, &block)
+      opts = args.first
+      if opts.has_key?(:text) && opts[:text].present?
+        self.response_body = opts[:text]
+      elsif opts.has_key?(:nothing) && opts[:nothing]
+        self.response_body = " "
+      else
+        raise UnsupportedOperationError
+      end
+    end
+
+    class UnsupportedOperationError < StandardError
+      def initialize
+        super "Unsupported render operation. BasicRendering supports only :text and :nothing options. For more, you need to include ActionView."
+      end
+    end
   end
 end
diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
index a00eafc9ed..df416908f0 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -14,7 +14,7 @@ module ActionController
   #
   metal = Class.new(Metal) do
     include AbstractController::Rendering
-    include ActionController::BasicRendering
+    include AbstractController::BasicRendering
   end
 
   # Action Controllers are the core of a web request in \Rails. They are made up of one or more actions that are executed
@@ -261,12 +261,11 @@ module ActionController
       include mod
     end
 
-    def self.default_protected_instance_vars
-      super.concat [
-        :@_status, :@_headers, :@_params, :@_env, :@_response, :@_request,
-        :@_view_runtime, :@_stream, :@_url_options, :@_action_has_layout
-      ]
-    end
+    # Define some internal variables that should not be propagated to the view.
+    self.protected_instance_variables = [
+      :@_status, :@_headers, :@_params, :@_env, :@_response, :@_request,
+      :@_view_runtime, :@_stream, :@_url_options, :@_action_has_layout
+    ]
 
     ActiveSupport.run_load_hooks(:action_controller, self)
   end
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index b8afce42c9..a2cb6d1e66 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -48,7 +48,7 @@ module ActionController
       # You can pass any of the following options to affect the redirect status and response
       # * <tt>status</tt>     - Redirect with a custom status (default is 301 Moved Permanently)
       # * <tt>flash</tt>      - Set a flash message when redirecting
-      # * <tt>alert</tt>      - Set a alert message when redirecting
+      # * <tt>alert</tt>      - Set an alert message when redirecting
       # * <tt>notice</tt>     - Set a notice message when redirecting
       #
       # ==== Action Options
diff --git a/actionpack/lib/action_controller/metal/rendering.rb b/actionpack/lib/action_controller/metal/rendering.rb
index 21224b9c3b..7b4f1f73a5 100644
--- a/actionpack/lib/action_controller/metal/rendering.rb
+++ b/actionpack/lib/action_controller/metal/rendering.rb
@@ -1,36 +1,4 @@
 module ActionController
-  # Basic rendering implements the most minimal rendering layer.
-  # It only supports rendering :text and :nothing. Passing any other option will
-  # result in `UnsupportedOperationError` exception. For more functionality like
-  # different formats, layouts etc. you should use `ActionView` gem.
-  module BasicRendering
-    extend ActiveSupport::Concern
-
-    # Render text or nothing (empty string) to response_body
-    # :api: public
-    def render(*args, &block)
-      super(*args, &block)
-      opts = args.first
-      if opts.has_key?(:text) && opts[:text].present?
-        self.response_body = opts[:text]
-      elsif opts.has_key?(:nothing) && opts[:nothing]
-        self.response_body = " "
-      else
-        raise UnsupportedOperationError
-      end
-    end
-
-    def rendered_format
-      Mime::TEXT
-    end
-
-    class UnsupportedOperationError < StandardError
-      def initialize
-        super "Unsupported render operation. BasicRendering supports only :text and :nothing options. For more, you need to include ActionView."
-      end
-    end
-  end
-
   module Rendering
     extend ActiveSupport::Concern
 
@@ -50,13 +18,14 @@ module ActionController
 
     # Overwrite render_to_string because body can now be set to a rack body.
     def render_to_string(*)
-      if self.response_body = super
+      result = super
+      if result.respond_to?(:each)
         string = ""
-        self.response_body.each { |r| string << r }
+        result.each { |r| string << r }
         string
+      else
+        result
       end
-    ensure
-      self.response_body = nil
     end
 
     def render_to_body(*)
diff --git a/actionpack/lib/action_dispatch/routing/mapper.rb b/actionpack/lib/action_dispatch/routing/mapper.rb
index 288ce3e867..600c49e442 100644
--- a/actionpack/lib/action_dispatch/routing/mapper.rb
+++ b/actionpack/lib/action_dispatch/routing/mapper.rb
@@ -362,8 +362,9 @@ module ActionDispatch
         #   # Yes, controller actions are just rack endpoints
         #   match 'photos/:id', to: PhotosController.action(:show)
         #
-        # Because request various HTTP verbs with a single action has security
-        # implications, is recommendable use HttpHelpers[rdoc-ref:HttpHelpers]
+        # Because requesting various HTTP verbs with a single action has security
+        # implications, you must either specify the actions in
+        # the via options or use one of the HtttpHelpers[rdoc-ref:HttpHelpers]
         # instead +match+
         #
         # === Options