8 files changed, 176 insertions, 13 deletions

diff --git a/actionpack/test/controller/base_test.rb b/actionpack/test/controller/base_test.rb
index 7d0609751f..2d4083252e 100644
--- a/actionpack/test/controller/base_test.rb
+++ b/actionpack/test/controller/base_test.rb
@@ -130,8 +130,6 @@ class PerformActionTest < ActionController::TestCase
     @request     = ActionController::TestRequest.new
     @response    = ActionController::TestResponse.new
     @request.host = "www.nextangle.com"
-
-    rescue_action_in_public!
   end
 
   def test_process_should_be_precise
@@ -155,7 +153,6 @@ class UrlOptionsTest < ActionController::TestCase
   def setup
     super
     @request.host = 'www.example.com'
-    rescue_action_in_public!
   end
 
   def test_url_for_query_params_included
@@ -195,7 +192,6 @@ class UrlOptionsTest < ActionController::TestCase
         match "account/overview"
       end
 
-      @controller.class.send(:include, set.url_helpers)
       assert !@controller.class.action_methods.include?("account_overview_path")
     end
   end
@@ -207,7 +203,6 @@ class DefaultUrlOptionsTest < ActionController::TestCase
   def setup
     super
     @request.host = 'www.example.com'
-    rescue_action_in_public!
   end
 
   def test_default_url_options_override
@@ -258,7 +253,6 @@ class EmptyUrlOptionsTest < ActionController::TestCase
   def setup
     super
     @request.host = 'www.example.com'
-    rescue_action_in_public!
   end
 
   def test_ensure_url_for_works_as_expected_when_called_with_no_options_if_default_url_options_is_not_set
diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb
index a91e3cafa5..828ea5b0fb 100644
--- a/actionpack/test/controller/http_digest_authentication_test.rb
+++ b/actionpack/test/controller/http_digest_authentication_test.rb
@@ -274,6 +274,6 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
   end
 
   def decode_credentials(header)
-    ActionController::HttpAuthentication::Digest.decode_credentials(@response.headers['WWW-Authenticate'])
+    ActionController::HttpAuthentication::Digest.decode_credentials(header)
   end
 end
diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb
index b1d76150f8..6dab42d75d 100644
--- a/actionpack/test/controller/redirect_test.rb
+++ b/actionpack/test/controller/redirect_test.rb
@@ -103,6 +103,14 @@ class RedirectController < ActionController::Base
     redirect_to proc { {:action => "hello_world"} }
   end
 
+  def redirect_with_header_break
+    redirect_to "/lol\r\nwat"
+  end
+
+  def redirect_with_null_bytes
+    redirect_to "\000/lol\r\nwat"
+  end
+
   def rescue_errors(e) raise e end
 
   protected
@@ -120,6 +128,18 @@ class RedirectTest < ActionController::TestCase
     assert_equal "http://test.host/redirect/hello_world", redirect_to_url
   end
 
+  def test_redirect_with_header_break
+    get :redirect_with_header_break
+    assert_response :redirect
+    assert_equal "http://test.host/lolwat", redirect_to_url
+  end
+
+  def test_redirect_with_null_bytes
+    get :redirect_with_null_bytes
+    assert_response :redirect
+    assert_equal "http://test.host/lolwat", redirect_to_url
+  end
+
   def test_redirect_with_no_status
     get :simple_redirect
     assert_response 302
diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb
index 8167fc2fd2..fce13d096c 100644
--- a/actionpack/test/controller/render_test.rb
+++ b/actionpack/test/controller/render_test.rb
@@ -553,12 +553,33 @@ class TestController < ActionController::Base
     render :partial => 'partial'
   end
 
+  def partial_html_erb
+    render :partial => 'partial_html_erb'
+  end
+
   def render_to_string_with_partial
     @partial_only = render_to_string :partial => "partial_only"
     @partial_with_locals = render_to_string :partial => "customer", :locals => { :customer => Customer.new("david") }
     render :template => "test/hello_world"
   end
 
+  def render_to_string_with_template_and_html_partial
+    @text = render_to_string :template => "test/with_partial", :formats => [:text]
+    @html = render_to_string :template => "test/with_partial", :formats => [:html]
+    render :template => "test/with_html_partial"
+  end
+
+  def render_to_string_and_render_with_different_formats
+    @html = render_to_string :template => "test/with_partial", :formats => [:html]
+    render :template => "test/with_partial", :formats => [:text]
+  end
+
+  def render_template_within_a_template_with_other_format
+    render  :template => "test/with_xml_template",
+            :formats  => [:html],
+            :layout   => "with_html_partial"
+  end
+
   def partial_with_counter
     render :partial => "counter", :locals => { :counter_counter => 5 }
   end
@@ -1001,6 +1022,7 @@ class RenderTest < ActionController::TestCase
   def test_accessing_local_assigns_in_inline_template
     get :accessing_local_assigns_in_inline_template, :local_name => "Local David"
     assert_equal "Goodbye, Local David", @response.body
+    assert_equal "text/html", @response.content_type
   end
 
   def test_should_implicitly_render_html_template_from_xhr_request
@@ -1255,6 +1277,15 @@ class RenderTest < ActionController::TestCase
     assert_equal "text/html", @response.content_type
   end
 
+  def test_render_html_formatted_partial_even_with_other_mime_time_in_accept
+    @request.accept = "text/javascript, text/html"
+
+    get :partial_html_erb
+
+    assert_equal "partial.html.erb", @response.body.strip
+    assert_equal "text/html", @response.content_type
+  end
+
   def test_should_render_html_partial_with_formats
     get :partial_formats_html
     assert_equal "partial html", @response.body
@@ -1268,6 +1299,28 @@ class RenderTest < ActionController::TestCase
     assert_equal "text/html", @response.content_type
   end
 
+  def test_render_to_string_with_template_and_html_partial
+    get :render_to_string_with_template_and_html_partial
+    assert_equal "**only partial**\n", assigns(:text)
+    assert_equal "<strong>only partial</strong>\n", assigns(:html)
+    assert_equal "<strong>only html partial</strong>\n", @response.body
+    assert_equal "text/html", @response.content_type
+  end
+
+  def test_render_to_string_and_render_with_different_formats
+    get :render_to_string_and_render_with_different_formats
+    assert_equal "<strong>only partial</strong>\n", assigns(:html)
+    assert_equal "**only partial**\n", @response.body
+    assert_equal "text/plain", @response.content_type
+  end
+
+  def test_render_template_within_a_template_with_other_format
+    get :render_template_within_a_template_with_other_format
+    expected = "only html partial<p>This is grand!</p>"
+    assert_equal expected, @response.body.strip
+    assert_equal "text/html", @response.content_type
+  end
+
   def test_partial_with_counter
     get :partial_with_counter
     assert_equal "5", @response.body
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 64ed7f667f..066cd523be 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -35,6 +35,24 @@ module RequestForgeryProtectionActions
   def form_for_without_protection
     render :inline => "<%= form_for(:some_resource, :authenticity_token => false ) {} %>"
   end
+
+  def form_for_remote
+    render :inline => "<%= form_for(:some_resource, :remote => true ) {} %>"
+  end
+
+  def form_for_remote_with_token
+    render :inline => "<%= form_for(:some_resource, :remote => true, :authenticity_token => true ) {} %>"
+  end
+
+  def form_for_with_token
+    render :inline => "<%= form_for(:some_resource, :authenticity_token => true ) {} %>"
+  end
+
+  def form_for_remote_with_external_token
+    render :inline => "<%= form_for(:some_resource, :remote => true, :authenticity_token => 'external_token') {} %>"
+  end
+
+  def rescue_action(e) raise e end
 end
 
 # sample controllers
@@ -43,7 +61,7 @@ class RequestForgeryProtectionController < ActionController::Base
   protect_from_forgery :only => %w(index meta)
 end
 
-class RequestForgeryProtectionControllerUsingOldBehaviour < ActionController::Base
+class RequestForgeryProtectionControllerUsingException < ActionController::Base
   include RequestForgeryProtectionActions
   protect_from_forgery :only => %w(index meta)
 
@@ -98,6 +116,60 @@ module RequestForgeryProtectionTests
     assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token
   end
 
+  def test_should_render_form_without_token_tag_if_remote
+    assert_not_blocked do
+      get :form_for_remote
+    end
+    assert_no_match(/authenticity_token/, response.body)
+  end
+
+  def test_should_render_form_with_token_tag_if_remote_and_embedding_token_is_on
+    original = ActionView::Helpers::FormTagHelper.embed_authenticity_token_in_remote_forms
+    begin
+      ActionView::Helpers::FormTagHelper.embed_authenticity_token_in_remote_forms = true
+      assert_not_blocked do
+        get :form_for_remote
+      end
+      assert_match(/authenticity_token/, response.body)
+    ensure
+      ActionView::Helpers::FormTagHelper.embed_authenticity_token_in_remote_forms = original
+    end
+  end
+
+  def test_should_render_form_with_token_tag_if_remote_and_external_authenticity_token_requested_and_embedding_is_on
+    original = ActionView::Helpers::FormTagHelper.embed_authenticity_token_in_remote_forms
+    begin
+      ActionView::Helpers::FormTagHelper.embed_authenticity_token_in_remote_forms = true
+      assert_not_blocked do
+        get :form_for_remote_with_external_token
+      end
+      assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', 'external_token'
+    ensure
+      ActionView::Helpers::FormTagHelper.embed_authenticity_token_in_remote_forms = original
+    end
+  end
+
+  def test_should_render_form_with_token_tag_if_remote_and_external_authenticity_token_requested
+    assert_not_blocked do
+      get :form_for_remote_with_external_token
+    end
+    assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', 'external_token'
+  end
+
+  def test_should_render_form_with_token_tag_if_remote_and_authenticity_token_requested
+    assert_not_blocked do
+      get :form_for_remote_with_token
+    end
+    assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token
+  end
+
+  def test_should_render_form_with_token_tag_with_authenticity_token_requested
+    assert_not_blocked do
+      get :form_for_with_token
+    end
+    assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token
+  end
+
   def test_should_allow_get
     assert_not_blocked { get :index }
   end
@@ -215,7 +287,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase
   end
 end
 
-class RequestForgeryProtectionControllerUsingOldBehaviourTest < ActionController::TestCase
+class RequestForgeryProtectionControllerUsingExceptionTest < ActionController::TestCase
   include RequestForgeryProtectionTests
   def assert_blocked
     assert_raises(ActionController::InvalidAuthenticityToken) do
diff --git a/actionpack/test/controller/send_file_test.rb b/actionpack/test/controller/send_file_test.rb
index 36884846be..3af17f495c 100644
--- a/actionpack/test/controller/send_file_test.rb
+++ b/actionpack/test/controller/send_file_test.rb
@@ -23,10 +23,6 @@ class SendFileController < ActionController::Base
   def data
     send_data(file_data, options)
   end
-
-  def multibyte_text_data
-    send_data("Кирилица\n祝您好運.", options)
-  end
 end
 
 class SendFileTest < ActionController::TestCase
diff --git a/actionpack/test/controller/sweeper_test.rb b/actionpack/test/controller/sweeper_test.rb
new file mode 100644
index 0000000000..0561efc62f
--- /dev/null
+++ b/actionpack/test/controller/sweeper_test.rb
@@ -0,0 +1,16 @@
+require 'abstract_unit'
+
+
+class SweeperTest < ActionController::TestCase
+
+  class ::AppSweeper < ActionController::Caching::Sweeper; end
+
+  def test_sweeper_should_not_ignore_unknown_method_calls
+    sweeper = ActionController::Caching::Sweeper.send(:new)
+    assert_raise NameError do
+      sweeper.instance_eval do
+        some_method_that_doesnt_exist
+      end
+    end
+  end
+end
diff --git a/actionpack/test/controller/url_for_test.rb b/actionpack/test/controller/url_for_test.rb
index 288efbf7c3..aa233d6135 100644
--- a/actionpack/test/controller/url_for_test.rb
+++ b/actionpack/test/controller/url_for_test.rb
@@ -16,6 +16,10 @@ module AbstractController
         W.default_url_options[:host] = 'www.basecamphq.com'
       end
 
+      def add_port!
+        W.default_url_options[:port] = 3000
+      end
+
       def add_numeric_host!
         W.default_url_options[:host] = '127.0.0.1'
       end
@@ -121,6 +125,14 @@ module AbstractController
         )
       end
 
+      def test_default_port
+        add_host!
+        add_port!
+        assert_equal('http://www.basecamphq.com:3000/c/a/i',
+          W.new.url_for(:controller => 'c', :action => 'a', :id => 'i')
+        )
+      end
+
       def test_protocol
         add_host!
         assert_equal('https://www.basecamphq.com/c/a/i',