diff options
Diffstat (limited to 'actionpack')
21 files changed, 126 insertions, 28 deletions
diff --git a/actionpack/Rakefile b/actionpack/Rakefile index 863daa4b44..c45f88ed04 100644 --- a/actionpack/Rakefile +++ b/actionpack/Rakefile @@ -70,6 +70,13 @@ Rake::GemPackageTask.new(spec) do |p| p.gem_spec = spec end +desc "Release to gemcutter" +task :release => :package do + require 'rake/gemcutter' + Rake::Gemcutter::Tasks.new(spec).define + Rake::Task['gem:push'].invoke +end + task :lines do lines, codelines, total_lines, total_codelines = 0, 0, 0, 0 diff --git a/actionpack/actionpack.gemspec b/actionpack/actionpack.gemspec index 2017776661..8a7169bfa1 100644 --- a/actionpack/actionpack.gemspec +++ b/actionpack/actionpack.gemspec @@ -1,9 +1,10 @@ Gem::Specification.new do |s| s.platform = Gem::Platform::RUBY s.name = 'actionpack' - s.version = '3.0.0.beta' + s.version = '3.0.0.beta1' s.summary = 'Web-flow and rendering framework putting the VC in MVC (part of Rails).' s.description = 'Web-flow and rendering framework putting the VC in MVC (part of Rails).' + s.required_ruby_version = '>= 1.8.7' s.author = 'David Heinemeier Hansson' s.email = 'david@loudthinking.com' @@ -16,10 +17,10 @@ Gem::Specification.new do |s| s.has_rdoc = true - s.add_dependency('activesupport', '= 3.0.0.beta') - s.add_dependency('activemodel', '= 3.0.0.beta') + s.add_dependency('activesupport', '= 3.0.0.beta1') + s.add_dependency('activemodel', '= 3.0.0.beta1') s.add_dependency('rack', '~> 1.1.0') s.add_dependency('rack-test', '~> 0.5.0') - s.add_dependency('rack-mount', '~> 0.4.0') + s.add_dependency('rack-mount', '~> 0.4.7') s.add_dependency('erubis', '~> 2.6.5') end diff --git a/actionpack/lib/action_controller/metal/compatibility.rb b/actionpack/lib/action_controller/metal/compatibility.rb index 1d4a719aa6..a1cfa32d4d 100644 --- a/actionpack/lib/action_controller/metal/compatibility.rb +++ b/actionpack/lib/action_controller/metal/compatibility.rb @@ -76,6 +76,7 @@ module ActionController def consider_all_requests_local=(value) ActiveSupport::Deprecation.warn "ActionController::Base.consider_all_requests_local= is no longer effective. " << "Please configure it on your application with config.consider_all_requests_local=" + Rails.application.config.consider_all_requests_local = value end def allow_concurrency @@ -87,6 +88,7 @@ module ActionController def allow_concurrency=(value) ActiveSupport::Deprecation.warn "ActionController::Base.allow_concurrency= is no longer effective. " << "Please configure it on your application with config.allow_concurrency=" + Rails.application.config.allow_concurrency = value end def rescue_action(env) diff --git a/actionpack/lib/action_controller/metal/url_for.rb b/actionpack/lib/action_controller/metal/url_for.rb index 51702368c1..4f3ad07be5 100644 --- a/actionpack/lib/action_controller/metal/url_for.rb +++ b/actionpack/lib/action_controller/metal/url_for.rb @@ -1,4 +1,5 @@ require 'active_support/core_ext/class/attribute' +require 'active_support/core_ext/module/attribute_accessors' module ActionController # In <b>routes.rb</b> one defines URL-to-controller mappings, but the reverse @@ -87,7 +88,14 @@ module ActionController included do ActionController::Routing::Routes.install_helpers(self) - class_attribute :default_url_options + + # Including in a class uses an inheritable hash. Modules get a plain hash. + if respond_to?(:class_attribute) + class_attribute :default_url_options + else + mattr_accessor :default_url_options + end + self.default_url_options = {} end diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index 9151de4462..55a5c22ac0 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -1,5 +1,6 @@ require "action_controller" require "rails" +require "action_view/railtie" module ActionController class Railtie < Rails::Railtie diff --git a/actionpack/lib/action_controller/railties/subscriber.rb b/actionpack/lib/action_controller/railties/subscriber.rb index 1f0e6bf51a..4499e82292 100644 --- a/actionpack/lib/action_controller/railties/subscriber.rb +++ b/actionpack/lib/action_controller/railties/subscriber.rb @@ -15,9 +15,8 @@ module ActionController payload = event.payload additions = ActionController::Base.log_process_action(payload) - message = "Completed in %.0fms" % event.duration + message = "Completed #{payload[:status]} #{Rack::Utils::HTTP_STATUS_CODES[payload[:status]]} in %.0fms" % event.duration message << " (#{additions.join(" | ")})" unless additions.blank? - message << " with #{payload[:status]}" info(message) end diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb index c49ac70562..dcf98b729b 100644 --- a/actionpack/lib/action_dispatch/routing/route_set.rb +++ b/actionpack/lib/action_dispatch/routing/route_set.rb @@ -44,7 +44,8 @@ module ActionDispatch controller = "#{params[:controller].camelize}Controller" ActiveSupport::Inflector.constantize(controller) end - rescue NameError + rescue NameError => e + raise unless e.message.include?(controller) nil end diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb index 4dde21dd40..67f89e1627 100644 --- a/actionpack/lib/action_pack/version.rb +++ b/actionpack/lib/action_pack/version.rb @@ -2,7 +2,7 @@ module ActionPack #:nodoc: module VERSION #:nodoc: MAJOR = 3 MINOR = 0 - TINY = "0.beta" + TINY = "0.beta1" STRING = [MAJOR, MINOR, TINY].join('.') end diff --git a/actionpack/lib/action_view/helpers.rb b/actionpack/lib/action_view/helpers.rb index ceb0e18d80..b4f649385a 100644 --- a/actionpack/lib/action_view/helpers.rb +++ b/actionpack/lib/action_view/helpers.rb @@ -7,6 +7,7 @@ module ActionView #:nodoc: autoload :AtomFeedHelper, 'action_view/helpers/atom_feed_helper' autoload :CacheHelper, 'action_view/helpers/cache_helper' autoload :CaptureHelper, 'action_view/helpers/capture_helper' + autoload :CsrfHelper, 'action_view/helpers/csrf_helper' autoload :DateHelper, 'action_view/helpers/date_helper' autoload :DebugHelper, 'action_view/helpers/debug_helper' autoload :FormHelper, 'action_view/helpers/form_helper' @@ -40,6 +41,7 @@ module ActionView #:nodoc: include AtomFeedHelper include CacheHelper include CaptureHelper + include CsrfHelper include DateHelper include DebugHelper include FormHelper diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb new file mode 100644 index 0000000000..41c6b67f91 --- /dev/null +++ b/actionpack/lib/action_view/helpers/csrf_helper.rb @@ -0,0 +1,12 @@ +module ActionView + module Helpers + module CsrfHelper + # Returns a meta tag with the request forgery protection token for forms to use. Put this in your head. + def csrf_meta_tag + if protect_against_forgery? + %(<meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/>).html_safe + end + end + end + end +end diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb index 4d29a03b92..305d6b3128 100644 --- a/actionpack/lib/action_view/helpers/form_helper.rb +++ b/actionpack/lib/action_view/helpers/form_helper.rb @@ -309,7 +309,7 @@ module ActionView options[:html][:remote] = true if options.delete(:remote) - concat(form_tag(options.delete(:url) || {}, options.delete(:html) || {})) + safe_concat(form_tag(options.delete(:url) || {}, options.delete(:html) || {})) fields_for(object_name, *(args << options), &proc) safe_concat('</form>') end @@ -1172,7 +1172,9 @@ module ActionView def fields_for_with_nested_attributes(association_name, args, block) name = "#{object_name}[#{association_name}_attributes]" - association = args.first.to_model if args.first.respond_to?(:to_model) + options = args.extract_options! + association = args.shift + association = association.to_model if association.respond_to?(:to_model) if association.respond_to?(:new_record?) association = [association] if @object.send(association_name).is_a?(Array) @@ -1181,20 +1183,22 @@ module ActionView end if association.is_a?(Array) - explicit_child_index = args.last[:child_index] if args.last.is_a?(Hash) + explicit_child_index = options[:child_index] association.map do |child| - fields_for_nested_model("#{name}[#{explicit_child_index || nested_child_index(name)}]", child, args, block) + fields_for_nested_model("#{name}[#{explicit_child_index || nested_child_index(name)}]", child, options, block) end.join elsif association - fields_for_nested_model(name, association, args, block) + fields_for_nested_model(name, association, options, block) end end - def fields_for_nested_model(name, object, args, block) + def fields_for_nested_model(name, object, options, block) + object = object.to_model if object.respond_to?(:to_model) + if object.new_record? - @template.fields_for(name, object, *args, &block) + @template.fields_for(name, object, options, &block) else - @template.fields_for(name, object, *args) do |builder| + @template.fields_for(name, object, options) do |builder| block.call(builder) @template.concat builder.hidden_field(:id) unless builder.emitted_hidden_id? end diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb index ba1b0bcc20..6ed6c3101b 100644 --- a/actionpack/lib/action_view/helpers/form_tag_helper.rb +++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb @@ -441,8 +441,8 @@ module ActionView # # => <fieldset class="format"><p><input id="name" name="name" type="text" /></p></fieldset> def field_set_tag(legend = nil, options = nil, &block) content = capture(&block) - concat(tag(:fieldset, options, true)) - concat(content_tag(:legend, legend)) unless legend.blank? + safe_concat(tag(:fieldset, options, true)) + safe_concat(content_tag(:legend, legend)) unless legend.blank? concat(content) safe_concat("</fieldset>") end @@ -477,7 +477,7 @@ module ActionView def form_tag_in_block(html_options, &block) content = capture(&block) - concat(form_tag_html(html_options)) + safe_concat(form_tag_html(html_options)) concat(content) safe_concat("</form>") end diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index 7dca9849c0..8fdaa8cf8d 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -86,7 +86,7 @@ module ActionView tag = content_tag(:script, javascript_cdata_section(content), html_options.merge(:type => Mime::JS)) if block_called_from_erb?(block) - concat(tag) + safe_concat(tag) else tag end diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb index ed80e07c78..a3a8185f40 100644 --- a/actionpack/lib/action_view/helpers/tag_helper.rb +++ b/actionpack/lib/action_view/helpers/tag_helper.rb @@ -72,7 +72,7 @@ module ActionView content_tag = content_tag_string(name, capture(&block), options, escape) if block_called_from_erb?(block) - concat(content_tag) + safe_concat(content_tag) else content_tag end diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index 2e02f6637a..644f34dbbe 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -187,7 +187,7 @@ module ActionView # pluralize(0, 'person') # # => 0 people def pluralize(count, singular, plural = nil) - "#{count || 0} " + ((count == 1 || count == '1') ? singular : (plural || singular.pluralize)) + "#{count || 0} " + ((count == 1 || count =~ /^1(\.0+)?$/) ? singular : (plural || singular.pluralize)) end # Wraps the +text+ into lines no longer than +line_width+ width. This method @@ -327,12 +327,12 @@ module ActionView # # => "<p class='description'>Look ma! A class!</p>" def simple_format(text, html_options={}) start_tag = tag('p', html_options, true) - text = text.to_s.dup + text = h(text) text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n text.gsub!(/\n\n+/, "</p>\n\n#{start_tag}") # 2+ newline -> paragraph text.gsub!(/([^\n]\n)(?=[^\n])/, '\1<br />') # 1 newline -> br text.insert 0, start_tag - text << "</p>" + text.safe_concat("</p>") end # Turns all URLs and e-mail addresses into clickable links. The <tt>:link</tt> option diff --git a/actionpack/lib/action_view/render/rendering.rb b/actionpack/lib/action_view/render/rendering.rb index 7c33f1334a..abc7c09991 100644 --- a/actionpack/lib/action_view/render/rendering.rb +++ b/actionpack/lib/action_view/render/rendering.rb @@ -19,7 +19,7 @@ module ActionView options[:locals] ||= {} if block_given? - return concat(_render_partial(options.merge(:partial => layout), &block)) + return safe_concat(_render_partial(options.merge(:partial => layout), &block)) elsif options.key?(:partial) return _render_partial(options) end diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index b2a0e2e2a3..be05ef6167 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -15,13 +15,17 @@ module RequestForgeryProtectionActions render :text => 'pwn' end + def meta + render :inline => "<%= csrf_meta_tag %>" + end + def rescue_action(e) raise e end end # sample controllers class RequestForgeryProtectionController < ActionController::Base include RequestForgeryProtectionActions - protect_from_forgery :only => :index + protect_from_forgery :only => %w(index meta) end class FreeCookieController < RequestForgeryProtectionController @@ -211,6 +215,12 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase ActiveSupport::SecureRandom.stubs(:base64).returns(@token) ActionController::Base.request_forgery_protection_token = :authenticity_token end + + test 'should emit a csrf-token meta tag' do + ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?') + get :meta + assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="cf50faa3fe97702ca1ae<=?"/>), @response.body + end end class FreeCookieControllerTest < ActionController::TestCase @@ -238,6 +248,11 @@ class FreeCookieControllerTest < ActionController::TestCase assert_nothing_raised { send(method, :index)} end end + + test 'should not emit a csrf-token meta tag' do + get :meta + assert @response.body.blank? + end end class CustomAuthenticityParamControllerTest < ActionController::TestCase diff --git a/actionpack/test/controller/subscriber_test.rb b/actionpack/test/controller/subscriber_test.rb index 119a18ebc5..d7c1166f14 100644 --- a/actionpack/test/controller/subscriber_test.rb +++ b/actionpack/test/controller/subscriber_test.rb @@ -73,7 +73,7 @@ class ACSubscriberTest < ActionController::TestCase wait assert_equal 2, logs.size assert_match /Completed/, logs.last - assert_match /with 200/, logs.last + assert_match /200 OK/, logs.last end def test_process_action_without_parameters diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb index dfe824fd70..bcb97e4ae0 100644 --- a/actionpack/test/dispatch/routing_test.rb +++ b/actionpack/test/dispatch/routing_test.rb @@ -118,6 +118,8 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest match 'description', :to => "account#description", :as => "description" resource :subscription, :credit, :credit_card + root :to => "account#index" + namespace :admin do resource :subscription end @@ -659,6 +661,14 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest end end + def test_namespaced_roots + with_test_routes do + assert_equal '/account', account_root_path + get '/account' + assert_equal 'account#index', @response.body + end + end + def test_optional_scoped_root with_test_routes do assert_equal '/en', root_path("en") diff --git a/actionpack/test/template/form_helper_test.rb b/actionpack/test/template/form_helper_test.rb index f2d524bd1b..7b909fff82 100644 --- a/actionpack/test/template/form_helper_test.rb +++ b/actionpack/test/template/form_helper_test.rb @@ -918,6 +918,28 @@ class FormHelperTest < ActionView::TestCase assert_dom_equal expected, output_buffer end + def test_nested_fields_for_with_existing_records_on_a_supplied_nested_attributes_collection_different_from_record_one + comments = Array.new(2) { |id| Comment.new(id + 1) } + @post.comments = [] + + form_for(:post, @post) do |f| + concat f.text_field(:title) + f.fields_for(:comments, comments) do |cf| + concat cf.text_field(:name) + end + end + + expected = '<form action="http://www.example.com" method="post">' + + '<input name="post[title]" size="30" type="text" id="post_title" value="Hello World" />' + + '<input id="post_comments_attributes_0_name" name="post[comments_attributes][0][name]" size="30" type="text" value="comment #1" />' + + '<input id="post_comments_attributes_0_id" name="post[comments_attributes][0][id]" type="hidden" value="1" />' + + '<input id="post_comments_attributes_1_name" name="post[comments_attributes][1][name]" size="30" type="text" value="comment #2" />' + + '<input id="post_comments_attributes_1_id" name="post[comments_attributes][1][id]" type="hidden" value="2" />' + + '</form>' + + assert_dom_equal expected, output_buffer + end + def test_nested_fields_for_on_a_nested_attributes_collection_association_yields_only_builder @post.comments = [Comment.new(321), Comment.new] yielded_comments = [] diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index 088c07b8bb..9962b7af3f 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -40,6 +40,18 @@ class TextHelperTest < ActionView::TestCase assert_equal %Q(<p class="test">para 1</p>\n\n<p class="test">para 2</p>), simple_format("para 1\n\npara 2", :class => 'test') end + def test_simple_format_should_be_html_safe + assert simple_format("<b> test with html tags </b>").html_safe? + end + + def test_simple_format_should_escape_unsafe_input + assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b>") + end + + def test_simple_format_should_not_escape_safe_input + assert_equal "<p><b> test with safe string </b></p>", simple_format("<b> test with safe string </b>".html_safe) + end + def test_truncate assert_equal "Hello World!", truncate("Hello World!", :length => 12) assert_equal "Hello Wor...", truncate("Hello World!!", :length => 12) @@ -228,6 +240,8 @@ class TextHelperTest < ActionView::TestCase assert_equal("2 counts", pluralize('2', "count")) assert_equal("1,066 counts", pluralize('1,066', "count")) assert_equal("1.25 counts", pluralize('1.25', "count")) + assert_equal("1.0 count", pluralize('1.0', "count")) + assert_equal("1.00 count", pluralize('1.00', "count")) assert_equal("2 counters", pluralize(2, "count", "counters")) assert_equal("0 counters", pluralize(nil, "count", "counters")) assert_equal("2 people", pluralize(2, "person")) |