diff options
Diffstat (limited to 'actionpack')
20 files changed, 464 insertions, 99 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index faa0d674dc..c3609958bc 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,4 +1,14 @@ -*Rails 3.0.0 [beta 4/release candidate] (unreleased)* +*Rails 3.0.0 [beta 4] (June 8th, 2010)* + +* Add shallow routes back to the new router [Diego Carrion] + + resources :posts do + shallow do + resources :comments + end + end + + You can now use comment_path for /comments/1 instead of post_comment_path for /posts/1/comments/1. * Remove middleware laziness [José Valim] diff --git a/actionpack/lib/action_controller/metal/url_for.rb b/actionpack/lib/action_controller/metal/url_for.rb index 10c7ca9021..c465035ca1 100644 --- a/actionpack/lib/action_controller/metal/url_for.rb +++ b/actionpack/lib/action_controller/metal/url_for.rb @@ -16,5 +16,13 @@ module ActionController raise "In order to use #url_for, you must include the helpers of a particular " \ "router. For instance, `include Rails.application.routes.url_helpers" end + + module ClassMethods + def action_methods + @action_methods ||= begin + super - _router.named_routes.helper_names + end + end + end end end
\ No newline at end of file diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/tokenizer.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/tokenizer.rb index 602411ed37..064ff3724d 100644 --- a/actionpack/lib/action_controller/vendor/html-scanner/html/tokenizer.rb +++ b/actionpack/lib/action_controller/vendor/html-scanner/html/tokenizer.rb @@ -23,6 +23,7 @@ module HTML #:nodoc: # Create a new Tokenizer for the given text. def initialize(text) + text.encode! if text.encoding_aware? @scanner = StringScanner.new(text) @position = 0 @line = 0 diff --git a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb index f9e81a02d3..8a2d8cd077 100644 --- a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb +++ b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb @@ -6,7 +6,7 @@ module ActionDispatch # This middleware rescues any exception returned by the application and renders # nice exception pages if it's being rescued locally. class ShowExceptions - LOCALHOST = ['127.0.0.1', '::1'].freeze + LOCALHOST = [/^127\.0\.0\.\d{1,3}$/, "::1", /^0:0:0:0:0:0:0:1(%.*)?$/].freeze RESCUES_TEMPLATE_PATH = File.join(File.dirname(__FILE__), 'templates') @@ -114,7 +114,7 @@ module ActionDispatch # True if the request came from localhost, 127.0.0.1. def local_request?(request) - LOCALHOST.any?{ |local_ip| request.remote_addr == local_ip && request.remote_ip == local_ip } + LOCALHOST.any? { |local_ip| local_ip === request.remote_addr && local_ip === request.remote_ip } end def status_code(exception) diff --git a/actionpack/lib/action_dispatch/routing/mapper.rb b/actionpack/lib/action_dispatch/routing/mapper.rb index ae4417b56c..e91a72cbe5 100644 --- a/actionpack/lib/action_dispatch/routing/mapper.rb +++ b/actionpack/lib/action_dispatch/routing/mapper.rb @@ -350,6 +350,10 @@ module ActionDispatch scope(:constraints => constraints) { yield } end + def shallow + scope(:shallow => true) { yield } + end + def defaults(defaults = {}) scope(:defaults => defaults) { yield } end @@ -374,12 +378,21 @@ module ActionDispatch @scope_options ||= private_methods.grep(/^merge_(.+)_scope$/) { $1.to_sym } end + def merge_shallow_scope(parent, child) + parent or child + end + def merge_path_scope(parent, child) - Mapper.normalize_path("#{parent}/#{child}") + parent_path = (@scope[:shallow] and child.eql?(':id')) ? parent.split('/').last : parent + Mapper.normalize_path "#{parent_path}/#{child}" end def merge_name_prefix_scope(parent, child) - parent ? "#{parent}_#{child}" : child + if @scope[:shallow] + child + else + parent ? "#{parent}_#{child}" : child + end end def merge_module_scope(parent, child) @@ -463,6 +476,10 @@ module ActionDispatch name.to_s.singularize end + def member_prefix + ':id' + end + def member_name singular end @@ -509,11 +526,19 @@ module ActionDispatch end end + def nested_prefix + id_segment + end + def nested_options options = { :name_prefix => member_name } options["#{singular}_id".to_sym] = id_constraint if id_constraint? options end + + def shallow? + options[:shallow] + end end class SingletonResource < Resource #:nodoc: @@ -532,9 +557,21 @@ module ActionDispatch end end + def member_prefix + '' + end + def member_name name end + + def nested_prefix + '' + end + + def nested_options + { :name_prefix => member_name } + end end def initialize(*args) #:nodoc: @@ -544,6 +581,7 @@ module ActionDispatch def resource(*resources, &block) options = resources.extract_options! + options = (@scope[:options] || {}).merge(options) if apply_common_behavior_for(:resource, resources, options, &block) return self @@ -554,17 +592,17 @@ module ActionDispatch scope(:path => resource.path, :controller => resource.controller) do with_scope_level(:resource, resource) do - scope(:name_prefix => resource.name.to_s, :as => "") do - yield if block_given? - end + yield if block_given? - scope(resource.options) do - get :show if resource.actions.include?(:show) - post :create if resource.actions.include?(:create) - put :update if resource.actions.include?(:update) - delete :destroy if resource.actions.include?(:destroy) - get :new, :as => resource.name if resource.actions.include?(:new) - get :edit, :as => resource.name if resource.actions.include?(:edit) + with_scope_level(:member) do + scope(resource.options) do + get :show if resource.actions.include?(:show) + post :create if resource.actions.include?(:create) + put :update if resource.actions.include?(:update) + delete :destroy if resource.actions.include?(:destroy) + get :new, :as => resource.name if resource.actions.include?(:new) + get :edit, :as => resource.name if resource.actions.include?(:edit) + end end end end @@ -574,6 +612,7 @@ module ActionDispatch def resources(*resources, &block) options = resources.extract_options! + options = (@scope[:options] || {}).merge(options) if apply_common_behavior_for(:resources, resources, options, &block) return self @@ -581,8 +620,12 @@ module ActionDispatch resource = Resource.new(resources.pop, options) - scope(:path => resource.path, :controller => resource.controller) do + scope(:path => resource.path, :controller => resource.controller, :shallow => resource.shallow?) do with_scope_level(:resources, resource) do + if @scope[:shallow] && @scope[:name_prefix] + @scope[:path] = "/#{@scope[:name_prefix].pluralize}/:#{@scope[:name_prefix]}_id/#{resource.path}" + end + yield if block_given? with_scope_level(:collection) do @@ -596,6 +639,8 @@ module ActionDispatch with_scope_level(:member) do scope(':id') do scope(resource.options) do + @scope[:name_prefix] = nil if @scope[:shallow] + get :show if resource.actions.include?(:show) put :update if resource.actions.include?(:update) delete :destroy if resource.actions.include?(:destroy) @@ -622,31 +667,36 @@ module ActionDispatch end def member - unless [:resources, :resource].include?(@scope[:scope_level]) - raise ArgumentError, "You can't use member action outside resources and resource scope." + unless resource_scope? + raise ArgumentError, "can't use member outside resource(s) scope" end - case @scope[:scope_level] - when :resources - with_scope_level(:member) do - scope(':id', :name_prefix => parent_resource.member_name, :as => "") do - yield - end + with_scope_level(:member) do + scope(parent_resource.member_prefix, :name_prefix => parent_resource.member_name, :as => "") do + yield end - when :resource - with_scope_level(:member) do + end + end + + def new + unless resource_scope? + raise ArgumentError, "can't use new outside resource(s) scope" + end + + with_scope_level(:new) do + scope(new_scope_prefix, :name_prefix => parent_resource.member_name, :as => "") do yield end end end def nested - unless @scope[:scope_level] == :resources - raise ArgumentError, "can't use nested outside resources scope" + unless resource_scope? + raise ArgumentError, "can't use nested outside resource(s) scope" end with_scope_level(:nested) do - scope(parent_resource.id_segment, parent_resource.nested_options) do + scope(parent_resource.nested_prefix, parent_resource.nested_options) do yield end end @@ -678,7 +728,7 @@ module ActionDispatch @scope[:path] = old_path end else - with_exclusive_name_prefix(action) do + with_exclusive_name_prefix(action_name_prefix(action, options)) do return match("#{action_path(action, path_names)}(.:format)", options.reverse_merge(:to => action)) end end @@ -691,10 +741,16 @@ module ActionDispatch return collection { match(*args) } when :member return member { match(*args) } + when :new + return new { match(*args) } + end + + if @scope[:scope_level] == :resource + return member { match(*args) } end - if @scope[:scope_level] == :resources - raise ArgumentError, "can't define route directly in resources scope" + if resource_scope? + raise ArgumentError, "can't define route directly in resource(s) scope" end super @@ -716,6 +772,10 @@ module ActionDispatch path_names[name.to_sym] || name.to_s end + def action_name_prefix(action, options = {}) + (options[:on] == :new || @scope[:scope_level] == :new) ? "#{action}_new" : action + end + def apply_common_behavior_for(method, resources, options, &block) if resources.length > 1 resources.each { |r| send(method, r, options, &block) } @@ -729,7 +789,7 @@ module ActionDispatch return true end - if @scope[:scope_level] == :resources + if resource_scope? nested do send(method, resources.pop, options, &block) end @@ -739,6 +799,14 @@ module ActionDispatch false end + def new_scope_prefix + @scope[:path_names][:new] || 'new' + end + + def resource_scope? + [:resource, :resources].include?(@scope[:scope_level]) + end + def with_exclusive_name_prefix(prefix) begin old_name_prefix = @scope[:name_prefix] diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb index 750912b251..57a73dde75 100644 --- a/actionpack/lib/action_dispatch/routing/route_set.rb +++ b/actionpack/lib/action_dispatch/routing/route_set.rb @@ -68,6 +68,10 @@ module ActionDispatch clear! end + def helper_names + self.module.instance_methods.map(&:to_s) + end + def clear! @routes = {} @helpers = [] @@ -176,7 +180,6 @@ module ActionDispatch url_for(options) end - protected :#{selector} END_EVAL helpers << selector end diff --git a/actionpack/lib/action_dispatch/testing/assertions/selector.rb b/actionpack/lib/action_dispatch/testing/assertions/selector.rb index 9deabf5b3c..0e82b41590 100644 --- a/actionpack/lib/action_dispatch/testing/assertions/selector.rb +++ b/actionpack/lib/action_dispatch/testing/assertions/selector.rb @@ -267,14 +267,12 @@ module ActionDispatch if match_with = equals[:text] matches.delete_if do |match| text = "" - text.force_encoding(match_with.encoding) if text.respond_to?(:force_encoding) stack = match.children.reverse while node = stack.pop if node.tag? stack.concat node.children.reverse else content = node.content - content.force_encoding(match_with.encoding) if content.respond_to?(:force_encoding) text << content end end diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb index 8f0c5d939f..532d060c06 100644 --- a/actionpack/lib/action_pack/version.rb +++ b/actionpack/lib/action_pack/version.rb @@ -3,7 +3,7 @@ module ActionPack MAJOR = 3 MINOR = 0 TINY = 0 - BUILD = "beta3" + BUILD = "beta4" STRING = [MAJOR, MINOR, TINY, BUILD].join('.') end diff --git a/actionpack/lib/action_view/helpers/asset_tag_helper.rb b/actionpack/lib/action_view/helpers/asset_tag_helper.rb index 626cc7d3b0..25426a5547 100644 --- a/actionpack/lib/action_view/helpers/asset_tag_helper.rb +++ b/actionpack/lib/action_view/helpers/asset_tag_helper.rb @@ -620,7 +620,10 @@ module ActionView options.symbolize_keys! src = options[:src] = path_to_image(source) - options[:alt] = options.fetch(:alt){ File.basename(src, '.*').capitalize } + + unless src =~ /^cid:/ + options[:alt] = options.fetch(:alt){ File.basename(src, '.*').capitalize } + end if size = options.delete(:size) options[:width], options[:height] = size.split("x") if size =~ %r{^\d+x\d+$} @@ -754,7 +757,7 @@ module ActionView end def is_uri?(path) - path =~ %r{^[-a-z]+://} + path =~ %r{^[-a-z]+://|^cid:} end # Pick an asset host for this source. Returns +nil+ if no host is set, diff --git a/actionpack/lib/action_view/helpers/cache_helper.rb b/actionpack/lib/action_view/helpers/cache_helper.rb index a904af56bb..8251ed18f4 100644 --- a/actionpack/lib/action_view/helpers/cache_helper.rb +++ b/actionpack/lib/action_view/helpers/cache_helper.rb @@ -32,27 +32,27 @@ module ActionView # <i>Topics listed alphabetically</i> # <% end %> def cache(name = {}, options = nil, &block) - safe_concat fragment_for(name, options, &block) + if controller.perform_caching + safe_concat(fragment_for(name, options, &block)) + else + yield + end + nil end private # TODO: Create an object that has caching read/write on it def fragment_for(name = {}, options = nil, &block) #:nodoc: - if controller.perform_caching - if controller.fragment_exist?(name, options) - controller.read_fragment(name, options) - else - # VIEW TODO: Make #capture usable outside of ERB - # This dance is needed because Builder can't use capture - pos = output_buffer.length - yield - fragment = output_buffer.slice!(pos..-1) - controller.write_fragment(name, fragment, options) - end + if controller.fragment_exist?(name, options) + controller.read_fragment(name, options) else - ret = yield - ActiveSupport::SafeBuffer.new(ret) if ret.is_a?(String) + # VIEW TODO: Make #capture usable outside of ERB + # This dance is needed because Builder can't use capture + pos = output_buffer.length + yield + fragment = output_buffer.slice!(pos..-1) + controller.write_fragment(name, fragment, options) end end end diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb index c09d01eeee..66277f79fe 100644 --- a/actionpack/lib/action_view/helpers/tag_helper.rb +++ b/actionpack/lib/action_view/helpers/tag_helper.rb @@ -110,7 +110,7 @@ module ActionView def content_tag_string(name, content, options, escape = true) tag_options = tag_options(options, escape) if options - "<#{name}#{tag_options}>#{ERB::Util.h(content)}</#{name}>".html_safe + "<#{name}#{tag_options}>#{escape ? ERB::Util.h(content) : content}</#{name}>".html_safe end def tag_options(options, escape = true) diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index bfad9f8d31..8f63845d49 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -74,6 +74,7 @@ module ActionView options.reverse_merge!(:length => 30) + text = sanitize(text) unless text.html_safe? || options[:safe] text.truncate(options.delete(:length), options) if text end @@ -105,6 +106,7 @@ module ActionView end options.reverse_merge!(:highlighter => '<strong class="highlight">\1</strong>') + text = sanitize(text) unless text.html_safe? || options[:safe] if text.blank? || phrases.blank? text else @@ -244,13 +246,14 @@ module ActionView # def textilize(text, *options) options ||= [:hard_breaks] + text = sanitize(text) unless text.html_safe? || options.delete(:safe) if text.blank? "" else textilized = RedCloth.new(text, options) textilized.to_html - end + end.html_safe end # Returns the text with all the Textile codes turned into HTML tags, @@ -271,8 +274,8 @@ module ActionView # # textilize_without_paragraph("Visit the Rails website "here":http://www.rubyonrails.org/.) # # => "Visit the Rails website <a href="http://www.rubyonrails.org/">here</a>." - def textilize_without_paragraph(text) - textiled = textilize(text) + def textilize_without_paragraph(text, *options) + textiled = textilize(text, *options) if textiled[0..2] == "<p>" then textiled = textiled[3..-1] end if textiled[-4..-1] == "</p>" then textiled = textiled[0..-5] end return textiled @@ -295,8 +298,9 @@ module ActionView # # markdown('') # # => '<p><img src="http://rubyonrails.com/images/rails.png" alt="The ROR logo" title="Ruby on Rails" /></p>' - def markdown(text) - text.blank? ? "" : BlueCloth.new(text).to_html + def markdown(text, *options) + text = sanitize(text) unless text.html_safe? || options.delete(:safe) + (text.blank? ? "" : BlueCloth.new(text).to_html).html_safe end # Returns +text+ transformed into HTML using simple formatting rules. @@ -320,14 +324,15 @@ module ActionView # # simple_format("Look ma! A class!", :class => 'description') # # => "<p class='description'>Look ma! A class!</p>" - def simple_format(text, html_options={}) + def simple_format(text, html_options={}, options={}) + text = '' if text.nil? start_tag = tag('p', html_options, true) - text = h(text) + text = sanitize(text) unless text.html_safe? || options[:safe] text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n text.gsub!(/\n\n+/, "</p>\n\n#{start_tag}") # 2+ newline -> paragraph text.gsub!(/([^\n]\n)(?=[^\n])/, '\1<br />') # 1 newline -> br text.insert 0, start_tag - text.safe_concat("</p>") + text.html_safe.safe_concat("</p>") end # Turns all URLs and e-mail addresses into clickable links. The <tt>:link</tt> option @@ -368,7 +373,7 @@ module ActionView # # => "Welcome to my new blog at <a href=\"http://www.myblog.com/\" target=\"_blank\">http://www.myblog.com</a>. # Please e-mail me at <a href=\"mailto:me@email.com\">me@email.com</a>." def auto_link(text, *args, &block)#link = :all, html = {}, &block) - return '' if text.blank? + return ''.html_safe if text.blank? options = args.size == 2 ? {} : args.extract_options! # this is necessary because the old auto_link API has a Hash as its last parameter unless args.empty? @@ -378,9 +383,9 @@ module ActionView options.reverse_merge!(:link => :all, :html => {}) case options[:link].to_sym - when :all then auto_link_email_addresses(auto_link_urls(text, options[:html], &block), options[:html], &block) + when :all then auto_link_email_addresses(auto_link_urls(text, options[:html], options, &block), options[:html], &block) when :email_addresses then auto_link_email_addresses(text, options[:html], &block) - when :urls then auto_link_urls(text, options[:html], &block) + when :urls then auto_link_urls(text, options[:html], options, &block) end end @@ -544,7 +549,7 @@ module ActionView # Turns all urls into clickable links. If a block is given, each url # is yielded and the result is used as the link text. - def auto_link_urls(text, html_options = {}) + def auto_link_urls(text, html_options = {}, options = {}) link_attributes = html_options.stringify_keys text.gsub(AUTO_LINK_RE) do scheme, href = $1, $& @@ -566,21 +571,22 @@ module ActionView link_text = block_given?? yield(href) : href href = 'http://' + href unless scheme - content_tag(:a, link_text, link_attributes.merge('href' => href)) + punctuation.reverse.join('') + content_tag(:a, link_text, link_attributes.merge('href' => href), !(options[:safe] || text.html_safe?)) + punctuation.reverse.join('') end - end + end.html_safe end # Turns all email addresses into clickable links. If a block is given, # each email is yielded and the result is used as the link text. - def auto_link_email_addresses(text, html_options = {}) + def auto_link_email_addresses(text, html_options = {}, options = {}) text.gsub(AUTO_EMAIL_RE) do text = $& if auto_linked?($`, $') - text + text.html_safe else display_text = (block_given?) ? yield(text) : text + display_text = sanitize(display_text) unless options[:safe] mail_to text, display_text, html_options end end diff --git a/actionpack/lib/action_view/lookup_context.rb b/actionpack/lib/action_view/lookup_context.rb index 3aaa5e401c..823226cb9c 100644 --- a/actionpack/lib/action_view/lookup_context.rb +++ b/actionpack/lib/action_view/lookup_context.rb @@ -188,7 +188,7 @@ module ActionView begin yield ensure - _set_detail(:formats, formats) + _set_detail(:formats, old_formats) end end end diff --git a/actionpack/test/controller/caching_test.rb b/actionpack/test/controller/caching_test.rb index 4431eb2e2a..c161bea945 100644 --- a/actionpack/test/controller/caching_test.rb +++ b/actionpack/test/controller/caching_test.rb @@ -644,21 +644,6 @@ class FragmentCachingTest < ActionController::TestCase assert_equal 'will not expire ;-)', @store.read('views/primalgrasp') end - def test_fragment_for_with_disabled_caching - @controller.perform_caching = false - - @store.write('views/expensive', 'fragment content') - fragment_computed = false - - view_context = @controller.view_context - - buffer = 'generated till now -> '.html_safe - buffer << view_context.send(:fragment_for, 'expensive') { fragment_computed = true } - - assert fragment_computed - assert_equal 'generated till now -> ', buffer - end - def test_fragment_for @store.write('views/expensive', 'fragment content') fragment_computed = false diff --git a/actionpack/test/controller/new_base/render_rjs_test.rb b/actionpack/test/controller/new_base/render_rjs_test.rb index b602b9f8e9..74bf865b54 100644 --- a/actionpack/test/controller/new_base/render_rjs_test.rb +++ b/actionpack/test/controller/new_base/render_rjs_test.rb @@ -2,7 +2,10 @@ require 'abstract_unit' module RenderRjs class BasicController < ActionController::Base + layout "application", :only => :index_respond_to + self.view_paths = [ActionView::FixtureResolver.new( + "layouts/application.html.erb" => "", "render_rjs/basic/index.js.rjs" => "page[:customer].replace_html render(:partial => 'customer')", "render_rjs/basic/index_html.js.rjs" => "page[:customer].replace_html :partial => 'customer'", "render_rjs/basic/index_no_js.js.erb" => "<%= render(:partial => 'developer') %>", diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb index ffa4f50b00..a294535e88 100644 --- a/actionpack/test/dispatch/routing_test.rb +++ b/actionpack/test/dispatch/routing_test.rb @@ -34,6 +34,33 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest end end + resources :users do + shallow do + resources :photos do + resources :types do + member do + post :preview + end + collection do + delete :erase + end + end + end + end + end + + shallow do + resources :teams do + resources :players + end + + resources :countries do + resources :cities do + resources :places + end + end + end + match 'account/logout' => redirect("/logout"), :as => :logout_redirect match 'account/login', :to => redirect("/login") @@ -69,8 +96,17 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest end scope 'pt', :name_prefix => 'pt' do - resources :projects, :path_names => { :edit => 'editar' }, :path => 'projetos' - resource :admin, :path_names => { :new => 'novo' }, :path => 'administrador' + resources :projects, :path_names => { :edit => 'editar', :new => 'novo' }, :path => 'projetos' do + post :preview, :on => :new + end + resource :admin, :path_names => { :new => 'novo' }, :path => 'administrador' do + post :preview, :on => :new + end + resources :products, :path_names => { :new => 'novo' } do + new do + post :preview + end + end end resources :projects, :controller => :project do @@ -119,6 +155,10 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest end resources :replies do + new do + post :preview + end + member do put :answer, :to => :mark_as_answer delete :answer, :to => :unmark_as_answer @@ -189,10 +229,13 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest root :to => 'projects#index' end - resources :products, :constraints => { :id => /\d{4}/ } do - root :to => "products#root" - get :favorite, :on => :collection - resources :images + scope :only => [:index, :show] do + resources :products, :constraints => { :id => /\d{4}/ } do + root :to => "products#root" + get :favorite, :on => :collection + resources :images + end + resource :account end resource :dashboard, :constraints => { :ip => /192\.168\.1\.\d{1,3}/ } @@ -207,6 +250,14 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest end match "whatever/:controller(/:action(/:id))" + + resource :profile do + get :settings + + new do + post :preview + end + end end end @@ -728,6 +779,18 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest end end + def test_shallow_routes + with_test_routes do + assert_equal '/photos/4', photo_path(4) + assert_equal '/types/10/edit', edit_type_path(10) + assert_equal '/types/5/preview', preview_type_path(5) + assert_equal '/photos/2/types', photo_types_path(2) + assert_equal '/cities/1/places', url_for(:controller => :places, :action => :index, :city_id => 1, :only_path => true) + assert_equal '/teams/new', url_for(:controller => :teams, :action => :new, :only_path => true) + assert_equal '/photos/11/types/erase', url_for(:controller => :types, :action => :erase, :photo_id => 11, :only_path => true) + end + end + def test_update_project_person with_test_routes do get '/projects/1/people/2/update' @@ -1038,6 +1101,54 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest end end + def test_resource_new_actions + with_test_routes do + assert_equal '/replies/new/preview', preview_new_reply_path + assert_equal '/pt/projetos/novo/preview', preview_new_pt_project_path + assert_equal '/pt/administrador/novo/preview', preview_new_pt_admin_path + assert_equal '/pt/products/novo/preview', preview_new_pt_product_path + assert_equal '/profile/new/preview', preview_new_profile_path + + post '/replies/new/preview' + assert_equal 'replies#preview', @response.body + + post '/pt/projetos/novo/preview' + assert_equal 'projects#preview', @response.body + + post '/pt/administrador/novo/preview' + assert_equal 'admins#preview', @response.body + + post '/pt/products/novo/preview' + assert_equal 'products#preview', @response.body + + post '/profile/new/preview' + assert_equal 'profiles#preview', @response.body + end + end + + def test_resource_merges_options_from_scope + with_test_routes do + assert_raise(NameError) { new_account_path } + + get '/account/new' + assert_equal 404, status + end + end + + def test_resources_merges_options_from_scope + with_test_routes do + assert_raise(NoMethodError) { edit_product_path('1') } + + get '/products/1/edit' + assert_equal 404, status + + assert_raise(NoMethodError) { edit_product_image_path('1', '2') } + + post '/products/1/images/2/edit' + assert_equal 404, status + end + end + private def with_test_routes yield diff --git a/actionpack/test/dispatch/show_exceptions_test.rb b/actionpack/test/dispatch/show_exceptions_test.rb index b447b0715c..4966527f4d 100644 --- a/actionpack/test/dispatch/show_exceptions_test.rb +++ b/actionpack/test/dispatch/show_exceptions_test.rb @@ -53,7 +53,7 @@ class ShowExceptionsTest < ActionController::IntegrationTest test "rescue locally from a local request" do @app = ProductionApp - ['127.0.0.1', '::1'].each do |ip_address| + ['127.0.0.1', '127.0.0.127', '::1', '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1%0'].each do |ip_address| self.remote_addr = ip_address get "/", {}, {'action_dispatch.show_exceptions' => true} diff --git a/actionpack/test/template/asset_tag_helper_test.rb b/actionpack/test/template/asset_tag_helper_test.rb index b6a6f52876..633641514e 100644 --- a/actionpack/test/template/asset_tag_helper_test.rb +++ b/actionpack/test/template/asset_tag_helper_test.rb @@ -404,6 +404,15 @@ class AssetTagHelperTest < ActionView::TestCase assert_equal %(<img alt="Rails" src="#{expected_path}" />), image_tag("rails.png") end + def test_image_tag_interpreting_email_cid_correctly + # An inline image has no need for an alt tag to be automatically generated from the cid: + assert_equal '<img src="cid:thi%25%25sis@acontentid" />', image_tag("cid:thi%25%25sis@acontentid") + end + + def test_image_tag_interpreting_email_adding_optional_alt_tag + assert_equal '<img alt="Image" src="cid:thi%25%25sis@acontentid" />', image_tag("cid:thi%25%25sis@acontentid", :alt => "Image") + end + def test_timebased_asset_id_with_relative_url_root @controller.config.relative_url_root = "/collaboration/hieraki" expected_time = File.stat(File.expand_path(File.dirname(__FILE__) + "/../fixtures/public/images/rails.png")).mtime.to_i.to_s diff --git a/actionpack/test/template/tag_helper_test.rb b/actionpack/test/template/tag_helper_test.rb index 256d9bdcde..ec5fe3d1d7 100644 --- a/actionpack/test/template/tag_helper_test.rb +++ b/actionpack/test/template/tag_helper_test.rb @@ -39,6 +39,8 @@ class TagHelperTest < ActionView::TestCase content_tag("a", "Create", :href => "create") assert_equal "<p><script>evil_js</script></p>", content_tag(:p, '<script>evil_js</script>') + assert_equal "<p><script>evil_js</script></p>", + content_tag(:p, '<script>evil_js</script>', nil, false) end def test_content_tag_with_block_in_erb diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index bb808b77a5..64f1d46413 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -7,6 +7,12 @@ rescue LoadError $stderr.puts "Skipping textilize tests. `gem install RedCloth` to enable." end +begin + require 'bluecloth' +rescue LoadError + $stderr.puts "Skipping markdown tests. 'gem install bluecloth' to enable." +end + class TextHelperTest < ActionView::TestCase tests ActionView::Helpers::TextHelper include TestingSandbox @@ -45,19 +51,42 @@ class TextHelperTest < ActionView::TestCase assert simple_format("<b> test with html tags </b>").html_safe? end - def test_simple_format_should_escape_unsafe_input - assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b>") + def test_simple_format_should_sanitize_unsafe_input + assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b><script>code!</script>") + end + + def test_simple_format_should_not_sanitize_input_if_safe_option + assert_equal "<p><b> test with unsafe string </b><script>code!</script></p>", simple_format("<b> test with unsafe string </b><script>code!</script>", {}, :safe => true) end - def test_simple_format_should_not_escape_safe_input + def test_simple_format_should_not_sanitize_safe_input assert_equal "<p><b> test with safe string </b></p>", simple_format("<b> test with safe string </b>".html_safe) end + def test_truncate_should_be_html_safe + assert truncate("Hello World!", :length => 12).html_safe? + end + def test_truncate assert_equal "Hello World!", truncate("Hello World!", :length => 12) assert_equal "Hello Wor...", truncate("Hello World!!", :length => 12) end + def test_truncate_should_sanitize_unsafe_input + assert_equal "Hello World!", truncate("Hello <script>code!</script>World!", :length => 12) + assert_equal "Hello Wor...", truncate("Hello <script>code!</script>World!!", :length => 12) + end + + def test_truncate_should_not_sanitize_input_if_safe_option + assert_equal "Hello <sc...", truncate("Hello <script>code!</script>World!", :length => 12, :safe => true) + assert_equal "Hello <sc...", truncate("Hello <script>code!</script>World!!", :length => 12, :safe => true) + end + + def test_truncate_should_not_sanitize_safe_input + assert_equal "Hello <sc...", truncate("Hello <script>code!</script>World!".html_safe, :length => 12) + assert_equal "Hello <sc...", truncate("Hello <script>code!</script>World!!".html_safe, :length => 12) + end + def test_truncate_should_use_default_length_of_30 str = "This is a string that will go longer then the default truncate length of 30" assert_equal str[0...27] + "...", truncate(str) @@ -93,7 +122,11 @@ class TextHelperTest < ActionView::TestCase end end - def test_highlighter + def test_highlight_should_be_html_safe + assert highlight("This is a beautiful morning", "beautiful").html_safe? + end + + def test_highlight assert_equal( "This is a <strong class=\"highlight\">beautiful</strong> morning", highlight("This is a beautiful morning", "beautiful") @@ -117,6 +150,27 @@ class TextHelperTest < ActionView::TestCase assert_equal ' ', highlight(' ', 'blank text is returned verbatim') end + def test_highlight_should_sanitize_unsafe_input + assert_equal( + "This is a <strong class=\"highlight\">beautiful</strong> morning", + highlight("This is a beautiful morning<script>code!</script>", "beautiful") + ) + end + + def test_highlight_should_not_sanitize_input_if_safe_option + assert_equal( + "This is a <strong class=\"highlight\">beautiful</strong> morning<script>code!</script>", + highlight("This is a beautiful morning<script>code!</script>", "beautiful", :safe => true) + ) + end + + def test_highlight_should_not_sanitize_safe_input + assert_equal( + "This is a <strong class=\"highlight\">beautiful</strong> morning<script>code!</script>", + highlight("This is a beautiful morning<script>code!</script>".html_safe, "beautiful") + ) + end + def test_highlight_with_regexp assert_equal( "This is a <strong class=\"highlight\">beautiful!</strong> morning", @@ -163,7 +217,7 @@ class TextHelperTest < ActionView::TestCase highlight("<p class=\"beautiful\">This is a beautiful morning, but also a beautiful day</p>", "beautiful") ) assert_equal( - "<p>This is a <strong class=\"highlight\">beautiful</strong> <a href=\"http://example.com/beautiful\#top?what=beautiful%20morning&when=now+then\">morning</a>, but also a <strong class=\"highlight\">beautiful</strong> day</p>", + "<p>This is a <strong class=\"highlight\">beautiful</strong> <a href=\"http://example.com/beautiful\#top?what=beautiful%20morning&when=now+then\">morning</a>, but also a <strong class=\"highlight\">beautiful</strong> day</p>", highlight("<p>This is a beautiful <a href=\"http://example.com/beautiful\#top?what=beautiful%20morning&when=now+then\">morning</a>, but also a beautiful day</p>", "beautiful") ) end @@ -286,7 +340,17 @@ class TextHelperTest < ActionView::TestCase %{<a href="#{CGI::escapeHTML href}">#{CGI::escapeHTML link_text}</a>} end - def test_auto_linking + def test_auto_link_should_be_html_safe + email_raw = 'santiago@wyeworks.com' + link_raw = 'http://www.rubyonrails.org' + + assert auto_link(nil).html_safe? + assert auto_link('').html_safe? + assert auto_link("#{link_raw} #{link_raw} #{link_raw}").html_safe? + assert auto_link("hello #{email_raw}").html_safe? + end + + def test_auto_link email_raw = 'david@loudthinking.com' email_result = %{<a href="mailto:#{email_raw}">#{email_raw}</a>} link_raw = 'http://www.rubyonrails.com' @@ -378,6 +442,21 @@ class TextHelperTest < ActionView::TestCase assert_equal %(<p>#{link10_result} Link</p>), auto_link("<p>#{link10_raw} Link</p>") end + def test_auto_link_should_sanitize_unsafe_input + link_raw = %{http://www.rubyonrails.com?id=1&num=2} + assert_equal %{<a href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a>}, auto_link(link_raw) + end + + def test_auto_link_should_sanitize_unsafe_input + link_raw = %{http://www.rubyonrails.com?id=1&num=2} + assert_equal %{<a href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a>}, auto_link(link_raw, :safe => true) + end + + def test_auto_link_should_not_sanitize_safe_input + link_raw = %{http://www.rubyonrails.com?id=1&num=2} + assert_equal %{<a href="http://www.rubyonrails.com?id=1&num=2">http://www.rubyonrails.com?id=1&num=2</a>}, auto_link(link_raw.html_safe) + end + def test_auto_link_other_protocols ftp_raw = 'ftp://example.com/file.txt' assert_equal %(Download #{generate_result(ftp_raw)}), auto_link("Download #{ftp_raw}") @@ -587,7 +666,12 @@ class TextHelperTest < ActionView::TestCase assert_equal(%w{Specialized Fuji Giant}, @cycles) end + # TODO test textilize_without_paragraph and markdown if defined? RedCloth + def test_textilize_should_be_html_safe + assert textilize("*This is Textile!* Rejoice!").html_safe? + end + def test_textilize assert_equal("<p><strong>This is Textile!</strong> Rejoice!</p>", textilize("*This is Textile!* Rejoice!")) end @@ -600,8 +684,82 @@ class TextHelperTest < ActionView::TestCase assert_equal("<p>This is worded <strong>strongly</strong></p>", textilize("This is worded <strong>strongly</strong>", :filter_html)) end + def test_textilize_should_sanitize_unsafe_input + assert_equal("<p>This is worded <strong>strongly</strong></p>", textilize("This is worded <strong>strongly</strong><script>code!</script>")) + end + + def test_textilize_should_not_sanitize_input_if_safe_option + assert_equal("<p>This is worded <strong>strongly</strong><script>code!</script></p>", textilize("This is worded <strong>strongly</strong><script>code!</script>", :safe)) + end + + def test_textilize_should_not_sanitize_safe_input + assert_equal("<p>This is worded <strong>strongly</strong><script>code!</script></p>", textilize("This is worded <strong>strongly</strong><script>code!</script>".html_safe)) + end + def test_textilize_with_hard_breaks assert_equal("<p>This is one scary world.<br />\n True.</p>", textilize("This is one scary world.\n True.")) end + + def test_textilize_without_paragraph_should_be_html_safe + textilize_without_paragraph("*This is Textile!* Rejoice!").html_safe? + end + + def test_textilize_without_paragraph + assert_equal("<strong>This is Textile!</strong> Rejoice!", textilize_without_paragraph("*This is Textile!* Rejoice!")) + end + + def test_textilize_without_paragraph_with_blank + assert_equal("", textilize_without_paragraph("")) + end + + def test_textilize_without_paragraph_with_options + assert_equal("This is worded <strong>strongly</strong>", textilize_without_paragraph("This is worded <strong>strongly</strong>", :filter_html)) + end + + def test_textilize_without_paragraph_should_sanitize_unsafe_input + assert_equal("This is worded <strong>strongly</strong>", textilize_without_paragraph("This is worded <strong>strongly</strong><script>code!</script>")) + end + + def test_textilize_without_paragraph_should_not_sanitize_input_if_safe_option + assert_equal("This is worded <strong>strongly</strong><script>code!</script>", textilize_without_paragraph("This is worded <strong>strongly</strong><script>code!</script>", :safe)) + end + + def test_textilize_without_paragraph_should_not_sanitize_safe_input + assert_equal("This is worded <strong>strongly</strong><script>code!</script>", textilize_without_paragraph("This is worded <strong>strongly</strong><script>code!</script>".html_safe)) + end + + def test_textilize_without_paragraph_with_hard_breaks + assert_equal("This is one scary world.<br />\n True.", textilize_without_paragraph("This is one scary world.\n True.")) + end + end + + if defined? BlueCloth + def test_markdown_should_be_html_safe + assert markdown("We are using __Markdown__ now!").html_safe? + end + + def test_markdown + assert_equal("<p>We are using <strong>Markdown</strong> now!</p>", markdown("We are using __Markdown__ now!")) + end + + def test_markdown_with_blank + assert_equal("", markdown("")) + end + + def test_markdown_should_sanitize_unsafe_input + assert_equal("<p>This is worded <strong>strongly</strong></p>", markdown("This is worded <strong>strongly</strong><script>code!</script>")) + end + + def test_markdown_should_not_sanitize_input_if_safe_option + assert_equal("<p>This is worded <strong>strongly</strong><script>code!</script></p>", markdown("This is worded <strong>strongly</strong><script>code!</script>", :safe)) + end + + def test_markdown_should_not_sanitize_safe_input + assert_equal("<p>This is worded <strong>strongly</strong><script>code!</script></p>", markdown("This is worded <strong>strongly</strong><script>code!</script>".html_safe)) + end + + def test_markdown_with_hard_breaks + assert_equal("<p>This is one scary world.</p>\n\n<p>True.</p>", markdown("This is one scary world.\n\nTrue.")) + end end end |