diff options
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/CHANGELOG | 46 | ||||
-rw-r--r-- | actionpack/lib/action_dispatch/routing/mapper.rb | 17 | ||||
-rw-r--r-- | actionpack/lib/action_view/helpers/javascript_helper.rb | 3 | ||||
-rw-r--r-- | actionpack/lib/action_view/helpers/number_helper.rb | 2 | ||||
-rw-r--r-- | actionpack/lib/action_view/template.rb | 3 | ||||
-rw-r--r-- | actionpack/test/abstract/layouts_test.rb | 12 | ||||
-rw-r--r-- | actionpack/test/controller/action_pack_assertions_test.rb | 3 | ||||
-rw-r--r-- | actionpack/test/controller/caching_test.rb | 4 | ||||
-rw-r--r-- | actionpack/test/controller/content_type_test.rb | 1 | ||||
-rw-r--r-- | actionpack/test/template/erb_util_test.rb | 10 | ||||
-rw-r--r-- | actionpack/test/template/javascript_helper_test.rb | 2 | ||||
-rw-r--r-- | actionpack/test/template/number_helper_test.rb | 7 | ||||
-rw-r--r-- | actionpack/test/template/template_test.rb | 5 |
13 files changed, 68 insertions, 47 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 42baf6f45f..1965906df9 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,30 @@ *Rails 3.2.0 (unreleased)* +* Refactor ActionController::TestCase cookies [Andrew White] + + Assigning cookies for test cases should now use cookies[], e.g: + + cookies[:email] = 'user@example.com' + get :index + assert_equal 'user@example.com', cookies[:email] + + To clear the cookies, use clear, e.g: + + cookies.clear + get :index + assert_nil cookies[:email] + + We now no longer write out HTTP_COOKIE and the cookie jar is + persistent between requests so if you need to manipulate the environment + for your test you need to do it before the cookie jar is created. + + +*Rails 3.1.0 (unreleased)* + +* json_escape will now return a SafeBuffer string if it receives SafeBuffer string [tenderlove] + +* Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string [Prem Sichanugrist] + * Fix escape_js to work correctly with the new SafeBuffer restriction [Paul Gallagher] * Brought back alternative convention for namespaced models in i18n [thoefer] @@ -29,27 +54,6 @@ You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb -* Refactor ActionController::TestCase cookies [Andrew White] - - Assigning cookies for test cases should now use cookies[], e.g: - - cookies[:email] = 'user@example.com' - get :index - assert_equal 'user@example.com', cookies[:email] - - To clear the cookies, use clear, e.g: - - cookies.clear - get :index - assert_nil cookies[:email] - - We now no longer write out HTTP_COOKIE and the cookie jar is - persistent between requests so if you need to manipulate the environment - for your test you need to do it before the cookie jar is created. - - -*Rails 3.1.0 (unreleased)* - * Added 'ActionView::Helpers::FormHelper.fields_for_with_index', similar to fields_for but allows to have access to the current iteration index [Jorge Bejar] * Warn if we cannot verify CSRF token authenticity [José Valim] diff --git a/actionpack/lib/action_dispatch/routing/mapper.rb b/actionpack/lib/action_dispatch/routing/mapper.rb index ec76d1da1e..70ea419e81 100644 --- a/actionpack/lib/action_dispatch/routing/mapper.rb +++ b/actionpack/lib/action_dispatch/routing/mapper.rb @@ -49,6 +49,9 @@ module ActionDispatch class Mapping #:nodoc: IGNORE_OPTIONS = [:to, :as, :via, :on, :constraints, :defaults, :only, :except, :anchor, :shallow, :shallow_path, :shallow_prefix] + ANCHOR_CHARACTERS_REGEX = %r{\A(\\A|\^)|(\\Z|\\z|\$)\Z} + SHORTHAND_REGEX = %r{^/[\w/]+$} + WILDCARD_PATH = %r{\*([^/]+)$} def initialize(set, scope, path, options) @set, @scope = set, scope @@ -77,18 +80,18 @@ module ActionDispatch # segment_keys.include?(k.to_s) || k == :controller next unless Regexp === requirement && !constraints[name] - if requirement.source =~ %r{\A(\\A|\^)|(\\Z|\\z|\$)\Z} + if requirement.source =~ ANCHOR_CHARACTERS_REGEX raise ArgumentError, "Regexp anchor characters are not allowed in routing requirements: #{requirement.inspect}" end if requirement.multiline? raise ArgumentError, "Regexp multiline option not allowed in routing requirements: #{requirement.inspect}" end end - end + end # match "account/overview" def using_match_shorthand?(path, options) - path && options.except(:via, :anchor, :to, :as).empty? && path =~ %r{^/[\w\/]+$} + path && options.except(:via, :anchor, :to, :as).empty? && path =~ SHORTHAND_REGEX end def normalize_path(path) @@ -107,7 +110,7 @@ module ActionDispatch # Add a constraint for wildcard route to make it non-greedy and match the # optional format part of the route by default - if path.match(/\*([^\/]+)$/) && @options[:format] != false + if path.match(WILDCARD_PATH) && @options[:format] != false @options.reverse_merge!(:"#{$1}" => /.+?/) end @@ -1102,9 +1105,9 @@ module ActionDispatch # # The +comments+ resource here will have the following routes generated for it: # - # post_comments GET /sekret/posts/:post_id/comments(.:format) - # post_comments POST /sekret/posts/:post_id/comments(.:format) - # new_post_comment GET /sekret/posts/:post_id/comments/new(.:format) + # post_comments GET /posts/:post_id/comments(.:format) + # post_comments POST /posts/:post_id/comments(.:format) + # new_post_comment GET /posts/:post_id/comments/new(.:format) # edit_comment GET /sekret/comments/:id/edit(.:format) # comment GET /sekret/comments/:id(.:format) # comment PUT /sekret/comments/:id(.:format) diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index 8a6f2e84be..4484390fde 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -18,7 +18,8 @@ module ActionView # $('some_element').replaceWith('<%=j render 'some/element_template' %>'); def escape_javascript(javascript) if javascript - javascript.gsub(/(\\|<\/|\r\n|[\n\r"'])/) {|match| JS_ESCAPE_MAP[match] } + result = javascript.gsub(/(\\|<\/|\r\n|[\n\r"'])/) {|match| JS_ESCAPE_MAP[match] } + javascript.html_safe? ? result.html_safe : result else '' end diff --git a/actionpack/lib/action_view/helpers/number_helper.rb b/actionpack/lib/action_view/helpers/number_helper.rb index 4dafb7739a..fe0288521f 100644 --- a/actionpack/lib/action_view/helpers/number_helper.rb +++ b/actionpack/lib/action_view/helpers/number_helper.rb @@ -211,7 +211,7 @@ module ActionView defaults = I18n.translate(:'number.format', :locale => options[:locale], :default => {}) options = options.reverse_merge(defaults) - parts = number.to_s.split('.') + parts = number.to_s.to_str.split('.') parts[0].gsub!(/(\d)(?=(\d\d\d)+(?!\d))/, "\\1#{options[:delimiter]}") parts.join(options[:separator]).html_safe diff --git a/actionpack/lib/action_view/template.rb b/actionpack/lib/action_view/template.rb index 10797c010f..9c59d18310 100644 --- a/actionpack/lib/action_view/template.rb +++ b/actionpack/lib/action_view/template.rb @@ -218,6 +218,9 @@ module ActionView method_name = self.method_name if source.encoding_aware? + # Avoid performing in-place mutation for SafeBuffer + @source = source.to_str if source.html_safe? + # Look for # encoding: *. If we find one, we'll encode the # String in that encoding, otherwise, we'll use the # default external encoding. diff --git a/actionpack/test/abstract/layouts_test.rb b/actionpack/test/abstract/layouts_test.rb index 5ed6aa68b5..86208899f8 100644 --- a/actionpack/test/abstract/layouts_test.rb +++ b/actionpack/test/abstract/layouts_test.rb @@ -87,18 +87,6 @@ module AbstractControllerTests end end - class WithSymbolReturningString < Base - layout :no_hello - - def index - render :template => ActionView::Template::Text.new("Hello missing symbol!") - end - private - def no_hello - nil - end - end - class WithSymbolReturningNil < Base layout :nilz diff --git a/actionpack/test/controller/action_pack_assertions_test.rb b/actionpack/test/controller/action_pack_assertions_test.rb index 7f3d943bba..a714e8bbcc 100644 --- a/actionpack/test/controller/action_pack_assertions_test.rb +++ b/actionpack/test/controller/action_pack_assertions_test.rb @@ -100,9 +100,6 @@ class AssertResponseWithUnexpectedErrorController < ActionController::Base end end -class UserController < ActionController::Base -end - module Admin class InnerModuleController < ActionController::Base def index diff --git a/actionpack/test/controller/caching_test.rb b/actionpack/test/controller/caching_test.rb index 82c2c23607..da3314fe6d 100644 --- a/actionpack/test/controller/caching_test.rb +++ b/actionpack/test/controller/caching_test.rb @@ -127,7 +127,7 @@ class PageCachingTest < ActionController::TestCase assert_equal 'I am xml', @response.body end - def test_should_cache_with_trailing_slash_on_url + def test_cached_page_should_not_have_trailing_slash_even_if_url_has_trailing_slash @controller.class.cache_page 'cached content', '/page_caching_test/trailing_slash/' assert File.exist?("#{FILE_STORE_PATH}/page_caching_test/trailing_slash.html") end @@ -141,7 +141,7 @@ class PageCachingTest < ActionController::TestCase [:ok, :no_content, :found, :not_found].each do |status| [:get, :post, :put, :delete].each do |method| - unless method == :get and status == :ok + unless method == :get && status == :ok define_method "test_shouldnt_cache_#{method}_with_#{status}_status" do send(method, status) assert_response status diff --git a/actionpack/test/controller/content_type_test.rb b/actionpack/test/controller/content_type_test.rb index b12c798302..d51882066d 100644 --- a/actionpack/test/controller/content_type_test.rb +++ b/actionpack/test/controller/content_type_test.rb @@ -74,6 +74,7 @@ class ContentTypeTest < ActionController::TestCase get :render_defaults assert_equal "utf-16", @response.charset assert_equal Mime::HTML, @response.content_type + ensure OldContentTypeController.default_charset = "utf-8" end diff --git a/actionpack/test/template/erb_util_test.rb b/actionpack/test/template/erb_util_test.rb index 30f6d1a213..790ab1c74c 100644 --- a/actionpack/test/template/erb_util_test.rb +++ b/actionpack/test/template/erb_util_test.rb @@ -16,6 +16,16 @@ class ErbUtilTest < Test::Unit::TestCase end end + def test_json_escape_returns_unsafe_strings_when_passed_unsafe_strings + value = json_escape("asdf") + assert !value.html_safe? + end + + def test_json_escape_returns_safe_strings_when_passed_safe_strings + value = json_escape("asdf".html_safe) + assert value.html_safe? + end + def test_html_escape_is_html_safe escaped = h("<p>") assert_equal "<p>", escaped diff --git a/actionpack/test/template/javascript_helper_test.rb b/actionpack/test/template/javascript_helper_test.rb index 15bd6b4c47..dd8b7b7cd5 100644 --- a/actionpack/test/template/javascript_helper_test.rb +++ b/actionpack/test/template/javascript_helper_test.rb @@ -35,6 +35,8 @@ class JavaScriptHelperTest < ActionView::TestCase expect = %(\\'quoted\\' \\"double-quoted\\" new-line:\\n <\\/closed>) assert_equal expect, escape_javascript(given) assert_equal expect, escape_javascript(ActiveSupport::SafeBuffer.new(given)) + assert_instance_of String, escape_javascript(given) + assert_instance_of ActiveSupport::SafeBuffer, escape_javascript(ActiveSupport::SafeBuffer.new(given)) end def test_button_to_function diff --git a/actionpack/test/template/number_helper_test.rb b/actionpack/test/template/number_helper_test.rb index 0104c20bc7..0e3475d98b 100644 --- a/actionpack/test/template/number_helper_test.rb +++ b/actionpack/test/template/number_helper_test.rb @@ -283,33 +283,40 @@ class NumberHelperTest < ActionView::TestCase assert number_to_human(1).html_safe? assert !number_to_human("<script></script>").html_safe? assert number_to_human("asdf".html_safe).html_safe? + assert number_to_human("1".html_safe).html_safe? assert number_to_human_size(1).html_safe? assert number_to_human_size(1000000).html_safe? assert !number_to_human_size("<script></script>").html_safe? assert number_to_human_size("asdf".html_safe).html_safe? + assert number_to_human_size("1".html_safe).html_safe? assert number_with_precision(1, :strip_insignificant_zeros => false).html_safe? assert number_with_precision(1, :strip_insignificant_zeros => true).html_safe? assert !number_with_precision("<script></script>").html_safe? assert number_with_precision("asdf".html_safe).html_safe? + assert number_with_precision("1".html_safe).html_safe? assert number_to_currency(1).html_safe? assert !number_to_currency("<script></script>").html_safe? assert number_to_currency("asdf".html_safe).html_safe? + assert number_to_currency("1".html_safe).html_safe? assert number_to_percentage(1).html_safe? assert !number_to_percentage("<script></script>").html_safe? assert number_to_percentage("asdf".html_safe).html_safe? + assert number_to_percentage("1".html_safe).html_safe? assert number_to_phone(1).html_safe? assert_equal "<script></script>", number_to_phone("<script></script>") assert number_to_phone("<script></script>").html_safe? assert number_to_phone("asdf".html_safe).html_safe? + assert number_to_phone("1".html_safe).html_safe? assert number_with_delimiter(1).html_safe? assert !number_with_delimiter("<script></script>").html_safe? assert number_with_delimiter("asdf".html_safe).html_safe? + assert number_with_delimiter("1".html_safe).html_safe? end def test_number_helpers_should_raise_error_if_invalid_when_specified diff --git a/actionpack/test/template/template_test.rb b/actionpack/test/template/template_test.rb index b0ca7de0b6..2beb168a9d 100644 --- a/actionpack/test/template/template_test.rb +++ b/actionpack/test/template/template_test.rb @@ -172,5 +172,10 @@ class TestERBTemplate < ActiveSupport::TestCase ensure silence_warnings { Encoding.default_external = old } end + + def test_render_inline_safebuffer_should_not_raise_error + @template = new_template("Hello".html_safe) + render + end end end |