4 files changed, 54 insertions, 77 deletions

diff --git a/guides/source/action_view_overview.textile b/guides/source/action_view_overview.textile
index 734fdd895b..fdfa97effa 100644
--- a/guides/source/action_view_overview.textile
+++ b/guides/source/action_view_overview.textile
@@ -454,7 +454,7 @@ input("post", "title") # =>
 
 h4. RecordTagHelper
 
-This module provides methods for generating a container tag, such as a +<div>+, for your record. This is the recommended way of creating a container for render your Active Record object, as it adds an appropriate class and id attributes to that container. You can then refer to those containers easily by following the convention, instead of having to think about which class or id attribute you should use.
+This module provides methods for generating container tags, such as +div+, for your record. This is the recommended way of creating a container for render your Active Record object, as it adds an appropriate class and id attributes to that container. You can then refer to those containers easily by following the convention, instead of having to think about which class or id attribute you should use.
 
 h5. content_tag_for
 
@@ -580,13 +580,13 @@ h5. image_path
 Computes the path to an image asset in the +app/assets/images+ directory. Full paths from the document root will be passed through. Used internally by +image_tag+ to build the image path.
 
 <ruby>
-image_path("edit.png") # => /images/edit.png
+image_path("edit.png") # => /assets/edit.png
 </ruby>
 
 Fingerprint will be added to the filename if config.assets.digest is set to true.
 
 <ruby>
-image_path("edit.png") # => /images/edit-2d1a2db63fc738690021fedb5a65b68e.png
+image_path("edit.png") # => /assets/edit-2d1a2db63fc738690021fedb5a65b68e.png
 </ruby>
 
 h5. image_url
@@ -594,7 +594,7 @@ h5. image_url
 Computes the url to an image asset in the +app/asset/images+ directory. This will call +image_path+ internally and merge with your current host or your asset host.
 
 <ruby>
-image_url("edit.png") # => http://www.example.com/images/edit.png
+image_url("edit.png") # => http://www.example.com/assets/edit.png
 </ruby>
 
 h5. image_tag
@@ -602,7 +602,7 @@ h5. image_tag
 Returns an html image tag for the source. The source can be a full path or a file that exists in your +app/assets/images+ directory.
 
 <ruby>
-image_tag("icon.png") # => <img src="/images/icon.png" alt="Icon" />
+image_tag("icon.png") # => <img src="/assets/icon.png" alt="Icon" />
 </ruby>
 
 h5. javascript_include_tag
@@ -610,8 +610,7 @@ h5. javascript_include_tag
 Returns an html script tag for each of the sources provided. You can pass in the filename (+.js+ extension is optional) of JavaScript files that exist in your +app/assets/javascripts+ directory for inclusion into the current page or you can pass the full path relative to your document root.
 
 <ruby>
-javascript_include_tag "common" # =>
-  <script src="/javascripts/common.js"></script>
+javascript_include_tag "common" # => <script src="/assets/common.js"></script>
 </ruby>
 
 If the application does not use the asset pipeline, to include the jQuery JavaScript library in your application, pass +:defaults+ as the source. When using +:defaults+, if an +application.js+ file exists in your +app/assets/javascripts+ directory, it will be included as well.
@@ -638,7 +637,7 @@ h5. javascript_path
 Computes the path to a JavaScript asset in the +app/assets/javascripts+ directory. If the source filename has no extension, +.js+ will be appended. Full paths from the document root will be passed through. Used internally by +javascript_include_tag+ to build the script path.
 
 <ruby>
-javascript_path "common" # => /javascripts/common.js
+javascript_path "common" # => /assets/common.js
 </ruby>
 
 h5. javascript_url
@@ -646,7 +645,7 @@ h5. javascript_url
 Computes the url to a JavaScript asset in the +app/assets/javascripts+ directory. This will call +javascript_path+ internally and merge with your current host or your asset host.
 
 <ruby>
-javascript_url "common" # => http://www.example.com/javascripts/common.js
+javascript_url "common" # => http://www.example.com/assets/common.js
 </ruby>
 
 h5. stylesheet_link_tag
@@ -654,8 +653,7 @@ h5. stylesheet_link_tag
 Returns a stylesheet link tag for the sources specified as arguments. If you don't specify an extension, +.css+ will be appended automatically.
 
 <ruby>
-stylesheet_link_tag "application" # =>
-  <link href="/assets/application.css" media="screen" rel="stylesheet" />
+stylesheet_link_tag "application" # => <link href="/assets/application.css" media="screen" rel="stylesheet" />
 </ruby>
 
 You can also include all styles in the stylesheet directory using :all as the source:
@@ -668,7 +666,7 @@ You can also cache multiple stylesheets into one file, which requires less HTTP
 
 <ruby>
 stylesheet_link_tag :all, :cache => true
-  <link href="/assets/all.css"  media="screen" rel="stylesheet" />
+# => <link href="/assets/all.css" media="screen" rel="stylesheet" />
 </ruby>
 
 h5. stylesheet_path
diff --git a/guides/source/active_support_instrumentation.textile b/guides/source/active_support_instrumentation.textile
index 430549fba4..666110495c 100644
--- a/guides/source/active_support_instrumentation.textile
+++ b/guides/source/active_support_instrumentation.textile
@@ -15,7 +15,7 @@ h3. Introduction to instrumentation
 
 The instrumentation API provided by ActiveSupport allows developers to provide hooks which other developers may hook into. There are several of these within the Rails framework, as described below in <TODO: link to section detailing each hook point>. With this API, developers can choose to be notified when certain events occur inside their application or another piece of Ruby code.
 
-For example, there is a hook provided within Active Record that is called every time Active Record uses a SQL query on a database. This hook could be *subscribed* to, and used to track the number of queries during a certain action. There's another hook around the processing of an action of a controller. This could be used, for instance, to track how long a specific action has taken.
+For example, there is a hook provided within Active Record that is called every time Active Record uses an SQL query on a database. This hook could be *subscribed* to, and used to track the number of queries during a certain action. There's another hook around the processing of an action of a controller. This could be used, for instance, to track how long a specific action has taken.
 
 You are even able to create your own events inside your application which you can later subscribe to.
 
diff --git a/guides/source/initialization.textile b/guides/source/initialization.textile
index 913ff24290..48d4373afe 100644
--- a/guides/source/initialization.textile
+++ b/guides/source/initialization.textile
@@ -57,7 +57,7 @@ else
 end
 </ruby>
 
-The +rbconfig+ file from the Ruby standard library provides us with the +RbConfig+ class which contains detailed information about the Ruby environment, including how Ruby was compiled. We can see thisin use in +railties/lib/rails/script_rails_loader+.
+The +rbconfig+ file from the Ruby standard library provides us with the +RbConfig+ class which contains detailed information about the Ruby environment, including how Ruby was compiled. We can see this in use in +railties/lib/rails/script_rails_loader+.
 
 <ruby>
 require 'pathname'
@@ -157,11 +157,11 @@ The gems that a Rails 4 application depends on are as follows:
 TODO: change these when the Rails 4 release is near.
 
 * abstract (1.0.0)
-* actionmailer (3.1.0.beta)
-* actionpack (3.1.0.beta)
-* activemodel (3.1.0.beta)
-* activerecord (3.1.0.beta)
-* activesupport (3.1.0.beta)
+* actionmailer (4.0.0.beta)
+* actionpack (4.0.0.beta)
+* activemodel (4.0.0.beta)
+* activerecord (4.0.0.beta)
+* activesupport (4.0.0.beta)
 * arel (2.0.7)
 * builder (3.0.0)
 * bundler (1.0.6)
@@ -174,8 +174,8 @@ TODO: change these when the Rails 4 release is near.
 * rack-cache (0.5.3)
 * rack-mount (0.6.13)
 * rack-test (0.5.6)
-* rails (3.1.0.beta)
-* railties (3.1.0.beta)
+* rails (4.0.0.beta)
+* railties (4.0.0.beta)
 * rake (0.8.7)
 * sqlite3-ruby (1.3.2)
 * thor (0.14.6)
@@ -191,6 +191,7 @@ ARGV << '--help' if ARGV.empty?
 
 aliases = {
   "g"  => "generate",
+  "d"  => "destroy",
   "c"  => "console",
   "s"  => "server",
   "db" => "dbconsole",
@@ -579,28 +580,6 @@ this time to the +Array+ and +Hash+ classes. This file defines an
 +extract_options!+ method which Rails uses to extract options from
 parameters.
 
-<ruby>
-class Array
-  # Extracts options from a set of arguments. Removes and returns the
-  # last
-  # element in the array if it's a hash, otherwise returns a blank hash.
-  #
-  #   def options(*args)
-  #     args.extract_options!
-  #   end
-  #
-  #   options(1, 2)           # => {}
-  #   options(1, 2, :a => :b) # => {:a=>:b}
-  def extract_options!
-    if last.is_a?(Hash) && last.extractable_options?
-      pop
-    else
-      {}
-    end
-  end
-end
-</ruby>
-
 h4. +railties/lib/rails/application.rb+
 
 The next file required by +railties/lib/rails.rb+ is +application.rb+.
@@ -612,8 +591,7 @@ Before the +Rails::Application+ class is
 defined however, +rails/engine+ is also loaded, which is responsible for
 handling the behavior and definitions of Rails engines.
 
-TIP: You can read more about engines in the "Getting Started with Engines":engines.html
-guide.
+TIP: You can read more about engines in the "Getting Started with Engines":engines.html guide.
 
 Among other things, Rails Engine is also responsible for loading the
 Railtie class.
@@ -678,7 +656,7 @@ h4. +activesupport/lib/active_support/deprecation/proxy_wrappers.rb+
 +proxy_wrappers.rb+ defines deprecation wrappers for methods, instance variables and constants. Previously, this was used for the +RAILS_ENV+ and +RAILS_ROOT+ constants for 3.0 but since then these constants have been removed. The deprecation message that would be raised from these would be something like:
 
 <plain>
-  BadConstant is deprecated! Use GoodConstant instead.
+BadConstant is deprecated! Use GoodConstant instead.
 </plain>
 
 h4. +active_support/ordered_options+
@@ -689,7 +667,7 @@ The next file required is +active_support/core_ext/hash/deep_dup+ which is cover
 
 h4. +active_support/core_ext/object+
 
-This file is responsible for requiring many more core extensions:
+This file is responsible for requiring many more Active Support core extensions:
 
 <ruby>
 require 'active_support/core_ext/object/acts_like'
@@ -947,7 +925,7 @@ The +initializers_chain+ method referenced in the +initializers_for+ method is d
 <ruby>
 def initializers_chain
   initializers = Collection.new
- ancestors.reverse_each do | klass |
+  ancestors.reverse_each do |klass|
     next unless klass.respond_to?(:initializers)
     initializers = initializers + klass.initializers
   end
@@ -1010,46 +988,35 @@ This file defines the +ActiveSupport::Railtie+ constant which like the +I18n::Ra
 
 Then this Railtie sets up three more initializers:
 
-* +active_support.initialize_whiny_nils+
 * +active_support.deprecation_behavior+
 * +active_support.initialize_time_zone+
+* +active_support.set_configs+
 
 We will cover what each of these initializers do when they run.
 
 Once the +active_support/railtie+ file has finished loading the next file required from +railties/lib/rails.rb+ is the +action_dispatch/railtie+.
 
-h4. +activesupport/lib/action_dispatch/railtie.rb+
+h4. +actionpack/lib/action_dispatch/railtie.rb+
 
 This file defines the +ActionDispatch::Railtie+ class, but not before requiring +action_dispatch+.
 
-h4. +activesupport/lib/action_dispatch.rb+
-
-This file attempts to locate the +active_support+ and +active_model+ libraries by looking a couple of directories back from the current file and then adds the +active_support+ and +active_model+ +lib+ directories to the load path, but only if they aren't already, which they are.
-
-<ruby>
-activesupport_path = File.expand_path('../../../activesupport/lib', __FILE__)
-$:.unshift(activesupport_path) if File.directory?(activesupport_path) && !$:.include?(activesupport_path)
-
-activemodel_path = File.expand_path('../../../activemodel/lib', __FILE__)
-$:.unshift(activemodel_path) if File.directory?(activemodel_path) && !$:.include?(activemodel_path)
-</ruby>
-
-In effect, these lines only define the +activesupport_path+ and +activemodel_path+ variables and nothing more.
+h4. +actionpack/lib/action_dispatch.rb+
 
-The next two requires in this file are already done, so they are not run:
+This file starts off with the following requires:
 
 <ruby>
 require 'active_support'
 require 'active_support/dependencies/autoload'
+require 'active_support/core_ext/module/attribute_accessors'
 </ruby>
 
-The following require is to +action_pack+ (+activesupport/lib/action_pack.rb+) which has a 22-line copyright notice at the top of it and ends in a simple require to +action_pack/version+. This file, like other +version.rb+ files before it, defines the +ActionPack::VERSION+ constant:
+The following require is to +action_pack+ (+actionpack/lib/action_pack.rb+) which contains a simple require to +action_pack/version+. This file, like other +version.rb+ files before it, defines the +ActionPack::VERSION+ constant:
 
 <ruby>
 module ActionPack
   module VERSION #:nodoc:
-    MAJOR = 3
-    MINOR = 1
+    MAJOR = 4
+    MINOR = 0
     TINY  = 0
     PRE   = "beta"
 
@@ -1067,8 +1034,8 @@ This file makes a require to +active_model/version+ which defines the version fo
 <ruby>
 module ActiveModel
   module VERSION #:nodoc:
-    MAJOR = 3
-    MINOR = 1
+    MAJOR = 4
+    MINOR = 0
     TINY  = 0
     PRE   = "beta"
 
@@ -1105,7 +1072,7 @@ Once it has finished loading, the +I18n.load_path+ method is used to add the +ac
 
 The loading of this file finishes the loading of +active_model+ and so we go back to +action_dispatch+.
 
-h4. Back to +activesupport/lib/action_dispatch.rb+
+h4. Back to +actionpack/lib/action_dispatch.rb+
 
 The remainder of this file requires the +rack+ file from the Rack gem which defines the +Rack+ module. After +rack+, there's autoloads defined for the +Rack+, +ActionDispatch+, +ActionDispatch::Http+, +ActionDispatch::Session+. A new method called +autoload_under+ is used here, and this simply prefixes the files where the modules are autoloaded from with the path specified. For example here:
 
@@ -1119,7 +1086,7 @@ The +Assertions+ module is in the +action_dispatch/testing+ folder rather than s
 
 Finally, this file defines a top-level autoload, the +Mime+ constant.
 
-h4. Back to +activesupport/lib/action_dispatch/railtie.rb+
+h4. Back to +actionpack/lib/action_dispatch/railtie.rb+
 
 After +action_dispatch+ is required in this file, the +ActionDispatch::Railtie+ class is defined and is yet another class that inherits from +Rails::Railtie+. This class defines some initial configuration option defaults for +config.action_dispatch+ before setting up a single initializer called +action_dispatch.configure+.
 
@@ -1141,22 +1108,21 @@ h4. +activerecord/lib/active_record.rb+
 
 This file begins by detecting if the +lib+ directories of +active_support+ and +active_model+ are not in the load path and if they aren't then adds them. As we saw back in +action_dispatch.rb+, these directories are already there.
 
-The first three requires have already been done by other files and so aren't loaded here, but the 4th require, the one to +arel+ will require the file provided by the Arel gem, which defines the +Arel+ module.
+The first couple of requires have already been done by other files and so aren't loaded here, but the next one to +arel+ will require the file provided by the Arel gem, which defines the +Arel+ module.
 
 <ruby>
 require 'active_support'
-require 'active_support/i18n'
 require 'active_model'
 require 'arel'
 </ruby>
 
-The 5th require in this file is one to +active_record/version+ which defines the +ActiveRecord::VERSION+ constant:
+The file required next is +active_record/version+ which defines the +ActiveRecord::VERSION+ constant:
 
 <ruby>
 module ActiveRecord
   module VERSION #:nodoc:
-    MAJOR = 3
-    MINOR = 1
+    MAJOR = 4
+    MINOR = 0
     TINY  = 0
     PRE   = "beta"
 
@@ -1180,7 +1146,9 @@ This will set the engine for +Arel::Table+ to be +ActiveRecord::Base+.
 The file then finishes with this line:
 
 <ruby>
-I18n.load_path << File.dirname(__FILE__) + '/active_record/locale/en.yml'
+ActiveSupport.on_load(:i18n) do
+  I18n.load_path << File.dirname(__FILE__) + '/active_record/locale/en.yml'
+end
 </ruby>
 
 This will add the translations from +activerecord/lib/active_record/locale/en.yml+ to the load path for +I18n+, with this file being parsed when all the translations are loaded.
diff --git a/guides/source/security.textile b/guides/source/security.textile
index ac55d60368..cc0894fc77 100644
--- a/guides/source/security.textile
+++ b/guides/source/security.textile
@@ -236,6 +236,17 @@ protect_from_forgery :secret => "123456789012345678901234567890..."
 
 This will automatically include a security token, calculated from the current session and the server-side secret, in all forms and Ajax requests generated by Rails. You won't need the secret, if you use CookieStorage as session storage. If the security token doesn't match what was expected, the session will be reset. *Note:* In Rails versions prior to 3.0.4, this raised an <tt>ActionController::InvalidAuthenticityToken</tt> error.
 
+It is common to use persistent cookies to store user information, with +cookies.permanent+ for example. In this case, the cookies will not be cleared and the out of the box CSRF protection will not be effective. If you are using a different cookie store than the session for this information, you must handle what to do with it yourself:
+
+<ruby>
+def handle_unverified_request
+  super
+  sign_out_user # Example method that will destroy the user cookies.
+end
+</ruby>
+
+The above method can be placed in the +ApplicationController+ and will be called when a CSRF token is not present on a non-GET request.
+
 Note that _(highlight)cross-site scripting (XSS) vulnerabilities bypass all CSRF protections_. XSS gives the attacker access to all elements on a page, so he can read the CSRF security token from a form or directly submit the form. Read <a href="#cross-site-scripting-xss">more about XSS</a> later.
 
 h3. Redirection and Files