11 files changed, 78 insertions, 37 deletions

diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb
index 3655b90e32..00d4612ac9 100644
--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@@ -93,8 +93,6 @@ class RedirectToSSL < ForceSSLController
 end
 
 class ForceSSLControllerLevelTest < ActionController::TestCase
-  tests ForceSSLControllerLevel
-
   def test_banana_redirects_to_https
     get :banana
     assert_response 301
@@ -115,8 +113,6 @@ class ForceSSLControllerLevelTest < ActionController::TestCase
 end
 
 class ForceSSLCustomOptionsTest < ActionController::TestCase
-  tests ForceSSLCustomOptions
-
   def setup
     @request.env['HTTP_HOST'] = 'www.example.com:80'
   end
@@ -189,8 +185,6 @@ class ForceSSLCustomOptionsTest < ActionController::TestCase
 end
 
 class ForceSSLOnlyActionTest < ActionController::TestCase
-  tests ForceSSLOnlyAction
-
   def test_banana_not_redirects_to_https
     get :banana
     assert_response 200
@@ -204,8 +198,6 @@ class ForceSSLOnlyActionTest < ActionController::TestCase
 end
 
 class ForceSSLExceptActionTest < ActionController::TestCase
-  tests ForceSSLExceptAction
-
   def test_banana_not_redirects_to_https
     get :banana
     assert_response 200
@@ -219,8 +211,6 @@ class ForceSSLExceptActionTest < ActionController::TestCase
 end
 
 class ForceSSLIfConditionTest < ActionController::TestCase
-  tests ForceSSLIfCondition
-
   def test_banana_not_redirects_to_https
     get :banana
     assert_response 200
@@ -234,8 +224,6 @@ class ForceSSLIfConditionTest < ActionController::TestCase
 end
 
 class ForceSSLFlashTest < ActionController::TestCase
-  tests ForceSSLFlash
-
   def test_cheeseburger_redirects_to_https
     get :set_flash
     assert_response 302
@@ -315,7 +303,6 @@ class ForceSSLOptionalSegmentsTest < ActionController::TestCase
 end
 
 class RedirectToSSLTest < ActionController::TestCase
-  tests RedirectToSSL
   def test_banana_redirects_to_https_if_not_https
     get :banana
     assert_response 301
@@ -334,4 +321,4 @@ class RedirectToSSLTest < ActionController::TestCase
     assert_response 200
     assert_equal 'ihaz', response.body
   end
-end
\ No newline at end of file
+end
diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb
index e851cc6a63..200a2dcc47 100644
--- a/actionpack/test/controller/integration_test.rb
+++ b/actionpack/test/controller/integration_test.rb
@@ -374,6 +374,10 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest
       follow_redirect!
       assert_response :success
       assert_equal "/get", path
+
+      get '/moved'
+      assert_response :redirect
+      assert_redirected_to '/method'
     end
   end
 
@@ -511,6 +515,8 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest
         end
 
         set.draw do
+          get 'moved' => redirect('/method')
+
           match ':action', :to => controller, :via => [:get, :post], :as => :action
           get 'get/:action', :to => controller, :as => :get_action
         end
diff --git a/actionpack/test/controller/live_stream_test.rb b/actionpack/test/controller/live_stream_test.rb
index 947f64176b..1dca36374a 100644
--- a/actionpack/test/controller/live_stream_test.rb
+++ b/actionpack/test/controller/live_stream_test.rb
@@ -39,6 +39,13 @@ module ActionController
       ensure
         sse.close
       end
+
+      def sse_with_multiple_line_message
+        sse = SSE.new(response.stream)
+        sse.write("first line.\nsecond line.")
+      ensure
+        sse.close
+      end
     end
 
     tests SSETestController
@@ -87,6 +94,15 @@ module ActionController
       assert_match(/data: {\"name\":\"Ryan\"}/, second_response)
       assert_match(/id: 2/, second_response)
     end
+
+    def test_sse_with_multiple_line_message
+      get :sse_with_multiple_line_message
+
+      wait_for_response_stream_close
+      first_response, second_response = response.body.split("\n")
+      assert_match(/data: first line/, first_response)
+      assert_match(/data: second line/, second_response)
+    end
   end
 
   class LiveStreamTest < ActionController::TestCase
diff --git a/actionpack/test/controller/mime/accept_format_test.rb b/actionpack/test/controller/mime/accept_format_test.rb
index c03c7edeb8..811c507af2 100644
--- a/actionpack/test/controller/mime/accept_format_test.rb
+++ b/actionpack/test/controller/mime/accept_format_test.rb
@@ -9,8 +9,6 @@ class StarStarMimeController < ActionController::Base
 end
 
 class StarStarMimeControllerTest < ActionController::TestCase
-  tests StarStarMimeController
-
   def test_javascript_with_format
     @request.accept = "text/javascript"
     get :index, :format => 'js'
diff --git a/actionpack/test/controller/mime/respond_to_test.rb b/actionpack/test/controller/mime/respond_to_test.rb
index ce6d135d92..41503e11a8 100644
--- a/actionpack/test/controller/mime/respond_to_test.rb
+++ b/actionpack/test/controller/mime/respond_to_test.rb
@@ -258,8 +258,6 @@ class RespondToController < ActionController::Base
 end
 
 class RespondToControllerTest < ActionController::TestCase
-  tests RespondToController
-
   def setup
     super
     @request.host = "www.example.com"
diff --git a/actionpack/test/controller/mime/respond_with_test.rb b/actionpack/test/controller/mime/respond_with_test.rb
index a70592fa1b..416b3b81a5 100644
--- a/actionpack/test/controller/mime/respond_with_test.rb
+++ b/actionpack/test/controller/mime/respond_with_test.rb
@@ -138,8 +138,6 @@ class EmptyRespondWithController < ActionController::Base
 end
 
 class RespondWithControllerTest < ActionController::TestCase
-  tests RespondWithController
-
   def setup
     super
     @request.host = "www.example.com"
diff --git a/actionpack/test/controller/new_base/render_implicit_action_test.rb b/actionpack/test/controller/new_base/render_implicit_action_test.rb
index 1e2191d417..5b4885f7e0 100644
--- a/actionpack/test/controller/new_base/render_implicit_action_test.rb
+++ b/actionpack/test/controller/new_base/render_implicit_action_test.rb
@@ -6,7 +6,7 @@ module RenderImplicitAction
       "render_implicit_action/simple/hello_world.html.erb"     => "Hello world!",
       "render_implicit_action/simple/hyphen-ated.html.erb"     => "Hello hyphen-ated!",
       "render_implicit_action/simple/not_implemented.html.erb" => "Not Implemented"
-    )]
+    ), ActionView::FileSystemResolver.new(File.expand_path('../../../controller', __FILE__))]
 
     def hello_world() end
   end
@@ -33,10 +33,25 @@ module RenderImplicitAction
       assert_status 200
     end
 
+    test "render does not traverse the file system" do
+      assert_raises(AbstractController::ActionNotFound) do
+        action_name = %w(.. .. fixtures shared).join(File::SEPARATOR)
+        SimpleController.action(action_name).call(Rack::MockRequest.env_for("/"))
+      end
+    end
+
     test "available_action? returns true for implicit actions" do
       assert SimpleController.new.available_action?(:hello_world)
       assert SimpleController.new.available_action?(:"hyphen-ated")
       assert SimpleController.new.available_action?(:not_implemented)
     end
+
+    test "available_action? does not allow File::SEPARATOR on the name" do
+      action_name = %w(evil .. .. path).join(File::SEPARATOR)
+      assert_equal false, SimpleController.new.available_action?(action_name.to_sym)
+
+      action_name = %w(evil path).join(File::SEPARATOR)
+      assert_equal false, SimpleController.new.available_action?(action_name.to_sym)
+    end
   end
 end
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 5ab5141966..07c2115832 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -462,16 +462,37 @@ end
 class CustomAuthenticityParamControllerTest < ActionController::TestCase
   def setup
     super
-    ActionController::Base.request_forgery_protection_token = :custom_token_name
+    @old_logger = ActionController::Base.logger
+    @logger = ActiveSupport::LogSubscriber::TestHelper::MockLogger.new
+    @token = "foobar"
+    ActionController::Base.request_forgery_protection_token = @token
   end
 
   def teardown
-    ActionController::Base.request_forgery_protection_token = :authenticity_token
+    ActionController::Base.request_forgery_protection_token = nil
     super
   end
 
-  def test_should_allow_custom_token
-    post :index, :custom_token_name => 'foobar'
-    assert_response :ok
+  def test_should_not_warn_if_form_authenticity_param_matches_form_authenticity_token
+    ActionController::Base.logger = @logger
+    SecureRandom.stubs(:base64).returns(@token)
+
+    begin
+      post :index, :custom_token_name => 'foobar'
+      assert_equal 0, @logger.logged(:warn).size
+    ensure
+      ActionController::Base.logger = @old_logger
+    end
+  end
+
+  def test_should_warn_if_form_authenticity_param_does_not_match_form_authenticity_token
+    ActionController::Base.logger = @logger
+
+    begin
+      post :index, :custom_token_name => 'bazqux'
+      assert_equal 1, @logger.logged(:warn).size
+    ensure
+      ActionController::Base.logger = @old_logger
+    end
   end
 end
diff --git a/actionpack/test/controller/routing_test.rb b/actionpack/test/controller/routing_test.rb
index df453a0251..b22bc2dc25 100644
--- a/actionpack/test/controller/routing_test.rb
+++ b/actionpack/test/controller/routing_test.rb
@@ -419,14 +419,7 @@ class LegacyRouteSetTests < ActiveSupport::TestCase
       get 'page' => 'content#show_page', :as => 'pages', :host => 'foo.com'
     end
     routes = setup_for_named_route
-    routes.expects(:url_for).with({
-      :host => 'foo.com',
-      :only_path => false,
-      :controller => 'content',
-      :action => 'show_page',
-      :use_route => 'pages'
-    }).once
-    routes.send(:pages_url)
+    assert_equal "http://foo.com/page", routes.pages_url
   end
 
   def setup_for_named_route(options = {})
diff --git a/actionpack/test/controller/send_file_test.rb b/actionpack/test/controller/send_file_test.rb
index 4df2f8b98d..aee139b95e 100644
--- a/actionpack/test/controller/send_file_test.rb
+++ b/actionpack/test/controller/send_file_test.rb
@@ -30,7 +30,6 @@ class SendFileWithActionControllerLive < SendFileController
 end
 
 class SendFileTest < ActionController::TestCase
-  tests SendFileController
   include TestFileUtils
 
   Mime::Type.register "image/png", :png unless defined? Mime::PNG
@@ -201,8 +200,6 @@ class SendFileTest < ActionController::TestCase
     end
   end
 
-  tests SendFileWithActionControllerLive
-
   def test_send_file_with_action_controller_live
     @controller = SendFileWithActionControllerLive.new
     @controller.options = { :content_type => "application/x-ruby" }
diff --git a/actionpack/test/controller/url_for_test.rb b/actionpack/test/controller/url_for_test.rb
index a8035e5bd7..0c6df16325 100644
--- a/actionpack/test/controller/url_for_test.rb
+++ b/actionpack/test/controller/url_for_test.rb
@@ -169,6 +169,18 @@ module AbstractController
         )
       end
 
+      def test_without_protocol_and_with_port
+        add_host!
+        add_port!
+
+        assert_equal('//www.basecamphq.com:3000/c/a/i',
+          W.new.url_for(:controller => 'c', :action => 'a', :id => 'i', :protocol => '//')
+        )
+        assert_equal('//www.basecamphq.com:3000/c/a/i',
+          W.new.url_for(:controller => 'c', :action => 'a', :id => 'i', :protocol => false)
+        )
+      end
+
       def test_trailing_slash
         add_host!
         options = {:controller => 'foo', :trailing_slash => true, :action => 'bar', :id => '33'}