From e9f48cdcf482c5a878267a18fb9ed352f5f30dea Mon Sep 17 00:00:00 2001 From: Damien Mathieu <42@dmathieu.com> Date: Thu, 8 Sep 2011 09:53:41 +0200 Subject: make gsub and sub unavailable in SafeBuffers - Closes #1555 --- .../active_support/core_ext/string/output_safety.rb | 19 ++++++++++++++++--- activesupport/lib/active_support/inflector/methods.rb | 16 ++++++++-------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index f111c8e5a3..24b617578f 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -75,7 +75,8 @@ end module ActiveSupport #:nodoc: class SafeBuffer < String - UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "gsub", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "sub", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze + UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze + UNAVAILABLE_STRING_METHODS = ["gsub", "sub"] alias_method :original_concat, :concat private :original_concat @@ -143,17 +144,29 @@ module ActiveSupport #:nodoc: UNSAFE_STRING_METHODS.each do |unsafe_method| class_eval <<-EOT, __FILE__, __LINE__ - def #{unsafe_method}(*args, &block) # def gsub(*args, &block) + def #{unsafe_method}(*args, &block) # def capitalize(*args, &block) to_str.#{unsafe_method}(*args, &block) # to_str.gsub(*args, &block) end # end - def #{unsafe_method}!(*args) # def gsub!(*args) + def #{unsafe_method}!(*args) # def capitalize!(*args) @dirty = true # @dirty = true super # super end # end EOT end + UNAVAILABLE_STRING_METHODS.each do |unavailable_method| + class_eval <<-EOT, __FILE__, __LINE__ + def #{unavailable_method}(*args) # def gsub(*args) + raise NoMethodError, "#{unavailable_method} cannot be used with a Safe Buffer object. You should use object.to_str.#{unavailable_method}" + end # end + + def #{unavailable_method}!(*args) # def gsub!(*args) + raise NoMethodError, "#{unavailable_method} cannot be used with a Safe Buffer object. You should use object.to_str.#{unavailable_method}" + end # end + EOT + end + protected def dirty? diff --git a/activesupport/lib/active_support/inflector/methods.rb b/activesupport/lib/active_support/inflector/methods.rb index 423b5abd20..e006eddc0c 100644 --- a/activesupport/lib/active_support/inflector/methods.rb +++ b/activesupport/lib/active_support/inflector/methods.rb @@ -21,7 +21,7 @@ module ActiveSupport # "words".pluralize # => "words" # "CamelOctopus".pluralize # => "CamelOctopi" def pluralize(word) - result = word.to_s.dup + result = word.to_str.dup if word.empty? || inflections.uncountables.include?(result.downcase) result @@ -40,7 +40,7 @@ module ActiveSupport # "word".singularize # => "word" # "CamelOctopi".singularize # => "CamelOctopus" def singularize(word) - result = word.to_s.dup + result = word.to_str.dup if inflections.uncountables.any? { |inflection| result =~ /\b(#{inflection})\Z/i } result @@ -66,7 +66,7 @@ module ActiveSupport # # "SSLError".underscore.camelize # => "SslError" def camelize(term, uppercase_first_letter = true) - string = term.to_s + string = term.to_str if uppercase_first_letter string = string.sub(/^[a-z\d]*/) { inflections.acronyms[$&] || $&.capitalize } else @@ -88,7 +88,7 @@ module ActiveSupport # # "SSLError".underscore.camelize # => "SslError" def underscore(camel_cased_word) - word = camel_cased_word.to_s.dup + word = camel_cased_word.to_str.dup word.gsub!(/::/, '/') word.gsub!(/(?:([A-Za-z\d])|^)(#{inflections.acronym_regex})(?=\b|[^a-z])/) { "#{$1}#{$1 && '_'}#{$2.downcase}" } word.gsub!(/([A-Z\d]+)([A-Z][a-z])/,'\1_\2') @@ -105,7 +105,7 @@ module ActiveSupport # "employee_salary" # => "Employee salary" # "author_id" # => "Author" def humanize(lower_case_and_underscored_word) - result = lower_case_and_underscored_word.to_s.dup + result = lower_case_and_underscored_word.to_str.dup inflections.humans.each { |(rule, replacement)| break if result.gsub!(rule, replacement) } result.gsub!(/_id$/, "") result.gsub(/(_)?([a-z\d]*)/i) { "#{$1 && ' '}#{inflections.acronyms[$2] || $2.downcase}" }.gsub(/^\w/) { $&.upcase } @@ -149,7 +149,7 @@ module ActiveSupport # "business".classify # => "Busines" def classify(table_name) # strip out any leading schema name - camelize(singularize(table_name.to_s.sub(/.*\./, ''))) + camelize(singularize(table_name.to_str.sub(/.*\./, ''))) end # Replaces underscores with dashes in the string. @@ -157,7 +157,7 @@ module ActiveSupport # Example: # "puni_puni" # => "puni-puni" def dasherize(underscored_word) - underscored_word.gsub(/_/, '-') + underscored_word.to_str.gsub(/_/, '-') end # Removes the module part from the expression in the string. @@ -166,7 +166,7 @@ module ActiveSupport # "ActiveRecord::CoreExtensions::String::Inflections".demodulize # => "Inflections" # "Inflections".demodulize # => "Inflections" def demodulize(class_name_in_module) - class_name_in_module.to_s.gsub(/^.*::/, '') + class_name_in_module.to_str.gsub(/^.*::/, '') end # Creates a foreign key name from a class name. -- cgit v1.2.3