From 32046deced9ab891c59a5474419b69824b3c8803 Mon Sep 17 00:00:00 2001 From: Giorgos Vrettos Date: Thu, 2 Mar 2017 11:54:58 +0200 Subject: Fix malformed asset_url when rendering template with ActionController::Renderer --- actionpack/lib/action_controller/renderer.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/renderer.rb b/actionpack/lib/action_controller/renderer.rb index acb400cd15..e1441bd343 100644 --- a/actionpack/lib/action_controller/renderer.rb +++ b/actionpack/lib/action_controller/renderer.rb @@ -85,6 +85,7 @@ module ActionController def normalize_keys(env) new_env = {} env.each_pair { |k, v| new_env[rack_key_for(k)] = rack_value_for(k, v) } + new_env["rack.url_scheme"] = new_env["HTTPS"] == "on" ? "https" : "http" new_env end -- cgit v1.2.3 From 830ed5a5362ee4547fcbb3e3c66b08f5e1afa391 Mon Sep 17 00:00:00 2001 From: "T.J. Schuck" Date: Tue, 7 Mar 2017 18:09:59 -0500 Subject: Document delegated public methods on AC::Parameters [ci skip] --- .../action_controller/metal/strong_parameters.rb | 71 ++++++++++++++++++++++ 1 file changed, 71 insertions(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 3b293baa73..563c3c0e59 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -112,6 +112,77 @@ module ActionController cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false + ## + # :method: as_json + # + # :call-seq: + # as_json(options=nil) + # + # Returns a hash that can be used as the JSON representation for the params. + + ## + # :method: empty? + # + # :call-seq: + # empty?() + # + # Returns true if the object has no key/value pairs. + + ## + # :method: has_key? + # + # :call-seq: + # has_key?(key) + # + # Returns true if the given key is present in the parameters. + + ## + # :method: has_value? + # + # :call-seq: + # has_value?(value) + # + # Returns true if the given value is present for some key in the parameters. + + ## + # :method: include? + # + # :call-seq: + # include?(key) + # + # Returns true if the given key is present in the parameters. + + ## + # :method: key? + # + # :call-seq: + # key?(key) + # + # Returns true if the given key is present in the parameters. + + ## + # :method: keys + # + # :call-seq: + # keys() + # + # Returns a new array of the keys of the parameters. + + ## + # :method: value? + # + # :call-seq: + # value?(value) + # + # Returns true if the given value is present for some key in the parameters. + + ## + # :method: values + # + # :call-seq: + # values() + # + # Returns a new array of the values of the parameters. delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?, :as_json, to: :@parameters -- cgit v1.2.3 From b85b92176be9abac8f072114e80f4e29eea99f77 Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Tue, 7 Mar 2017 18:58:01 -0500 Subject: params --> parameters [ci skip] --- actionpack/lib/action_controller/metal/strong_parameters.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 563c3c0e59..9690f0ca28 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -118,7 +118,7 @@ module ActionController # :call-seq: # as_json(options=nil) # - # Returns a hash that can be used as the JSON representation for the params. + # Returns a hash that can be used as the JSON representation for the parameters. ## # :method: empty? @@ -126,7 +126,7 @@ module ActionController # :call-seq: # empty?() # - # Returns true if the object has no key/value pairs. + # Returns true if the parameters have no key/value pairs. ## # :method: has_key? -- cgit v1.2.3 From 4d7986283653ff4fbd5a82dd273ed9795a0c6a65 Mon Sep 17 00:00:00 2001 From: Edouard CHIN Date: Thu, 9 Mar 2017 01:42:16 -0500 Subject: Added `reverse_merge`/`reverse_merge!` to AC::Parameters: - This PR adds the `reverse_merge` and `reverse_merge!` method to `ActionController::Parameters` - Fixes #28353 --- .../lib/action_controller/metal/strong_parameters.rb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 9690f0ca28..0217376ab3 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -660,6 +660,21 @@ module ActionController self end + # Returns a new ActionController::Parameters with all keys from + # current hash merged into +other_hash+. + def reverse_merge(other_hash) + new_instance_with_inherited_permitted_status( + other_hash.to_h.merge(@parameters) + ) + end + + # Returns current ActionController::Parameters instance with + # current hash merged into +other_hash+. + def reverse_merge!(other_hash) + @parameters.merge!(other_hash.to_h) { |key, left, right| left } + self + end + # This is required by ActiveModel attribute assignment, so that user can # pass +Parameters+ to a mass assignment methods in a model. It should not # matter as we are using +HashWithIndifferentAccess+ internally. -- cgit v1.2.3 From 95c847a1ffc3fe09e78dca00485c07ce2d6c9f0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hrvoje=20=C5=A0imi=C4=87?= Date: Sat, 11 Mar 2017 13:09:10 +0100 Subject: [docs] remove unnecessary sentence [ci skip] --- actionpack/lib/action_controller/api.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/api.rb b/actionpack/lib/action_controller/api.rb index 5cd8d77ddb..0d1af0d0bd 100644 --- a/actionpack/lib/action_controller/api.rb +++ b/actionpack/lib/action_controller/api.rb @@ -81,10 +81,9 @@ module ActionController # end # end # - # Quite straightforward. Make sure to check the modules included in - # ActionController::Base if you want to use any other - # functionality that is not provided by ActionController::API - # out of the box. + # Make sure to check the modules included in ActionController::Base + # if you want to use any other functionality that is not provided + # by ActionController::API out of the box. class API < Metal abstract! -- cgit v1.2.3 From c5f8fe9379dc144a54ceb5663aa449d35d1bf405 Mon Sep 17 00:00:00 2001 From: alpaca-tc Date: Wed, 8 Mar 2017 18:54:52 +0900 Subject: Fixes ActionController::Rendering#with_defaults `env` is undefined. --- actionpack/lib/action_controller/renderer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/renderer.rb b/actionpack/lib/action_controller/renderer.rb index e1441bd343..3d2edb5242 100644 --- a/actionpack/lib/action_controller/renderer.rb +++ b/actionpack/lib/action_controller/renderer.rb @@ -56,7 +56,7 @@ module ActionController # Create a new renderer for the same controller but with new defaults. def with_defaults(defaults) - self.class.new controller, env, self.defaults.merge(defaults) + self.class.new controller, @env, self.defaults.merge(defaults) end # Accepts a custom Rack environment to render templates in. -- cgit v1.2.3 From b383b346600d5325a211376837bc83b7ae472f46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hrvoje=20=C5=A0imi=C4=87?= Date: Sat, 11 Mar 2017 14:17:44 +0100 Subject: [docs] fix ActionController documentation [ci skip] --- actionpack/lib/action_controller/base.rb | 8 ++++---- actionpack/lib/action_controller/metal.rb | 4 ++-- .../lib/action_controller/metal/etag_with_flash.rb | 4 ++-- actionpack/lib/action_controller/metal/force_ssl.rb | 8 ++++---- .../lib/action_controller/metal/http_authentication.rb | 2 +- .../lib/action_controller/metal/implicit_render.rb | 6 +++--- .../lib/action_controller/metal/instrumentation.rb | 2 +- actionpack/lib/action_controller/metal/live.rb | 8 ++++---- actionpack/lib/action_controller/metal/mime_responds.rb | 4 ++-- .../lib/action_controller/metal/parameter_encoding.rb | 2 +- actionpack/lib/action_controller/metal/params_wrapper.rb | 8 ++++---- actionpack/lib/action_controller/metal/redirecting.rb | 4 ++-- actionpack/lib/action_controller/metal/rendering.rb | 2 +- .../metal/request_forgery_protection.rb | 10 +++++----- actionpack/lib/action_controller/metal/rescue.rb | 2 +- actionpack/lib/action_controller/metal/streaming.rb | 2 +- .../lib/action_controller/metal/strong_parameters.rb | 16 ++++++++-------- actionpack/lib/action_controller/metal/url_for.rb | 2 +- actionpack/lib/action_controller/railtie.rb | 2 +- actionpack/lib/action_controller/renderer.rb | 4 ++-- actionpack/lib/action_controller/test_case.rb | 10 +++++----- 21 files changed, 55 insertions(+), 55 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index ca8066cd82..0fe0853da3 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -8,7 +8,7 @@ module ActionController # on the controller, which will automatically be made accessible to the web-server through \Rails Routes. # # By default, only the ApplicationController in a \Rails application inherits from ActionController::Base. All other - # controllers in turn inherit from ApplicationController. This gives you one class to configure things such as + # controllers inherit from ApplicationController. This gives you one class to configure things such as # request forgery protection and filtering of sensitive request parameters. # # A sample controller could look like this: @@ -30,7 +30,7 @@ module ActionController # # Unlike index, the create action will not render a template. After performing its main purpose (creating a # new post), it initiates a redirect instead. This redirect works by returning an external - # "302 Moved" HTTP response that takes the user to the index action. + # 302 Moved HTTP response that takes the user to the index action. # # These two methods represent the two basic action archetypes used in Action Controllers: Get-and-show and do-and-redirect. # Most actions are variations on these themes. @@ -59,7 +59,7 @@ module ActionController # # # - # A request stemming from a form holding these inputs will include { "post" => { "name" => "david", "address" => "hyacintvej" } }. + # A request coming from a form holding these inputs will include { "post" => { "name" => "david", "address" => "hyacintvej" } }. # If the address input had been named post[address][street], the params would have included # { "post" => { "address" => { "street" => "hyacintvej" } } }. There's no limit to the depth of the nesting. # @@ -74,7 +74,7 @@ module ActionController # # session[:person] = Person.authenticate(user_name, password) # - # And retrieved again through the same hash: + # You can retrieve it again through the same hash: # # Hello #{session[:person]} # diff --git a/actionpack/lib/action_controller/metal.rb b/actionpack/lib/action_controller/metal.rb index 337718afc0..74c4153cd2 100644 --- a/actionpack/lib/action_controller/metal.rb +++ b/actionpack/lib/action_controller/metal.rb @@ -138,7 +138,7 @@ module ActionController false end - # Delegates to the class' controller_name + # Delegates to the class' controller_name. def controller_name self.class.controller_name end @@ -244,7 +244,7 @@ module ActionController end end - # Direct dispatch to the controller. Instantiates the controller, then + # Direct dispatch to the controller. Instantiates the controller, then # executes the action named +name+. def self.dispatch(name, req, res) if middleware_stack.any? diff --git a/actionpack/lib/action_controller/metal/etag_with_flash.rb b/actionpack/lib/action_controller/metal/etag_with_flash.rb index 474d75f02e..7bd338bd7c 100644 --- a/actionpack/lib/action_controller/metal/etag_with_flash.rb +++ b/actionpack/lib/action_controller/metal/etag_with_flash.rb @@ -1,9 +1,9 @@ module ActionController # When you're using the flash, it's generally used as a conditional on the view. # This means the content of the view depends on the flash. Which in turn means - # that the etag for a response should be computed with the content of the flash + # that the ETag for a response should be computed with the content of the flash # in mind. This does that by including the content of the flash as a component - # in the etag that's generated for a response. + # in the ETag that's generated for a response. module EtagWithFlash extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb index 9d43e752ac..876e0feff5 100644 --- a/actionpack/lib/action_controller/metal/force_ssl.rb +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -10,9 +10,9 @@ module ActionController # # Note that if you are really concerned about your application security, # you might consider using +config.force_ssl+ in your config file instead. - # That will ensure all the data transferred via HTTPS protocol and prevent - # the user from getting their session hijacked when accessing the site over - # unsecured HTTP protocol. + # That will ensure all the data is transferred via HTTPS protocol and will + # prevent the user from getting their session hijacked when accessing the + # site over unsecured HTTP protocol. module ForceSSL extend ActiveSupport::Concern include AbstractController::Callbacks @@ -71,7 +71,7 @@ module ActionController # Redirect the existing request to use the HTTPS protocol. # # ==== Parameters - # * host_or_options - Either a host name or any of the url & + # * host_or_options - Either a host name or any of the url and # redirect options available to the force_ssl method. def force_ssl_redirect(host_or_options = nil) unless request.ssl? diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 0575360068..d8bc895265 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -445,7 +445,7 @@ module ActionController end end - # Parses the token and options out of the token authorization header. + # Parses the token and options out of the token Authorization header. # The value for the Authorization header is expected to have the prefix # "Token" or "Bearer". If the header looks like this: # Authorization: Token token="abc", nonce="def" diff --git a/actionpack/lib/action_controller/metal/implicit_render.rb b/actionpack/lib/action_controller/metal/implicit_render.rb index dde924e682..eeb27f99f4 100644 --- a/actionpack/lib/action_controller/metal/implicit_render.rb +++ b/actionpack/lib/action_controller/metal/implicit_render.rb @@ -2,11 +2,11 @@ module ActionController # Handles implicit rendering for a controller action that does not # explicitly respond with +render+, +respond_to+, +redirect+, or +head+. # - # For API controllers, the implicit response is always 204 No Content. + # For API controllers, the implicit response is always 204 No Content. # # For all other controllers, we use these heuristics to decide whether to # render a template, raise an error for a missing template, or respond with - # 204 No Content: + # 204 No Content: # # First, if we DO find a template, it's rendered. Template lookup accounts # for the action name, locales, format, variant, template handlers, and more @@ -23,7 +23,7 @@ module ActionController # ActionView::UnknownFormat with an explanation. # # Finally, if we DON'T find a template AND the request isn't a browser page - # load, then we implicitly respond with 204 No Content. + # load, then we implicitly respond with 204 No Content. module ImplicitRender # :stopdoc: include BasicImplicitRender diff --git a/actionpack/lib/action_controller/metal/instrumentation.rb b/actionpack/lib/action_controller/metal/instrumentation.rb index 924686218f..2485d27cec 100644 --- a/actionpack/lib/action_controller/metal/instrumentation.rb +++ b/actionpack/lib/action_controller/metal/instrumentation.rb @@ -3,7 +3,7 @@ require "abstract_controller/logger" module ActionController # Adds instrumentation to several ends in ActionController::Base. It also provides - # some hooks related with process_action, this allows an ORM like Active Record + # some hooks related with process_action. This allows an ORM like Active Record # and/or DataMapper to plug in ActionController and show related information. # # Check ActiveRecord::Railties::ControllerRuntime for an example. diff --git a/actionpack/lib/action_controller/metal/live.rb b/actionpack/lib/action_controller/metal/live.rb index fed99e6c82..a607ee2309 100644 --- a/actionpack/lib/action_controller/metal/live.rb +++ b/actionpack/lib/action_controller/metal/live.rb @@ -239,8 +239,8 @@ module ActionController error = nil # This processes the action in a child thread. It lets us return the - # response code and headers back up the rack stack, and still process - # the body in parallel with sending data to the client + # response code and headers back up the Rack stack, and still process + # the body in parallel with sending data to the client. new_controller_thread { ActiveSupport::Dependencies.interlock.running do t2 = Thread.current @@ -278,9 +278,9 @@ module ActionController raise error if error end - # Spawn a new thread to serve up the controller in. This is to get + # Spawn a new thread to serve up the controller in. This is to get # around the fact that Rack isn't based around IOs and we need to use - # a thread to stream data from the response bodies. Nobody should call + # a thread to stream data from the response bodies. Nobody should call # this method except in Rails internals. Seriously! def new_controller_thread # :nodoc: Thread.new { diff --git a/actionpack/lib/action_controller/metal/mime_responds.rb b/actionpack/lib/action_controller/metal/mime_responds.rb index f6aabcb102..7b4c7b923e 100644 --- a/actionpack/lib/action_controller/metal/mime_responds.rb +++ b/actionpack/lib/action_controller/metal/mime_responds.rb @@ -181,8 +181,8 @@ module ActionController #:nodoc: # # request.variant = [:tablet, :phone] # - # which will work similarly to formats and MIME types negotiation. If there will be no - # +:tablet+ variant declared, +:phone+ variant will be picked: + # This will work similarly to formats and MIME types negotiation. If there + # is no +:tablet+ variant declared, +:phone+ variant will be picked: # # respond_to do |format| # format.html.none diff --git a/actionpack/lib/action_controller/metal/parameter_encoding.rb b/actionpack/lib/action_controller/metal/parameter_encoding.rb index 962532ff09..ecc691619e 100644 --- a/actionpack/lib/action_controller/metal/parameter_encoding.rb +++ b/actionpack/lib/action_controller/metal/parameter_encoding.rb @@ -39,7 +39,7 @@ module ActionController # end # # The show action in the above controller would have all parameter values - # encoded as ASCII-8BIT. This is useful in the case where an application + # encoded as ASCII-8BIT. This is useful in the case where an application # must handle data but encoding of the data is unknown, like file system data. def skip_parameter_encoding(action) @_parameter_encodings[action.to_s] = true diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb index 7fc898f034..3cca5e8906 100644 --- a/actionpack/lib/action_controller/metal/params_wrapper.rb +++ b/actionpack/lib/action_controller/metal/params_wrapper.rb @@ -213,7 +213,7 @@ module ActionController end # Sets the default wrapper key or model which will be used to determine - # wrapper key and attribute names. Will be called automatically when the + # wrapper key and attribute names. Called automatically when the # module is inherited. def inherited(klass) if klass._wrapper_options.format.any? @@ -225,7 +225,7 @@ module ActionController end end - # Performs parameters wrapping upon the request. Will be called automatically + # Performs parameters wrapping upon the request. Called automatically # by the metal call stack. def process_action(*args) if _wrapper_enabled? @@ -238,11 +238,11 @@ module ActionController wrapped_keys = request.request_parameters.keys wrapped_filtered_hash = _wrap_parameters request.filtered_parameters.slice(*wrapped_keys) - # This will make the wrapped hash accessible from controller and view + # This will make the wrapped hash accessible from controller and view. request.parameters.merge! wrapped_hash request.request_parameters.merge! wrapped_hash - # This will display the wrapped hash in the log file + # This will display the wrapped hash in the log file. request.filtered_parameters.merge! wrapped_filtered_hash end super diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb index 1836a07d4e..fdfe82f96b 100644 --- a/actionpack/lib/action_controller/metal/redirecting.rb +++ b/actionpack/lib/action_controller/metal/redirecting.rb @@ -22,7 +22,7 @@ module ActionController # redirect_to posts_url # redirect_to proc { edit_post_url(@post) } # - # The redirection happens as a "302 Found" header unless otherwise specified using the :status option: + # The redirection happens as a 302 Found header unless otherwise specified using the :status option: # # redirect_to post_url(@post), status: :found # redirect_to action: 'atom', status: :moved_permanently @@ -36,7 +36,7 @@ module ActionController # If you are using XHR requests other than GET or POST and redirecting after the # request then some browsers will follow the redirect using the original request # method. This may lead to undesirable behavior such as a double DELETE. To work - # around this you can return a 303 See Other status code which will be + # around this you can return a 303 See Other status code which will be # followed using a GET request. # # redirect_to posts_url, status: :see_other diff --git a/actionpack/lib/action_controller/metal/rendering.rb b/actionpack/lib/action_controller/metal/rendering.rb index 6b17719381..67f207afc2 100644 --- a/actionpack/lib/action_controller/metal/rendering.rb +++ b/actionpack/lib/action_controller/metal/rendering.rb @@ -36,7 +36,7 @@ module ActionController super end - # Overwrite render_to_string because body can now be set to a rack body. + # Overwrite render_to_string because body can now be set to a Rack body. def render_to_string(*) result = super if result.respond_to?(:each) diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index e8965a6561..d9a8b9c12d 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -262,9 +262,9 @@ module ActionController #:nodoc: # Returns true or false if a request is verified. Checks: # - # * Is it a GET or HEAD request? Gets should be safe and idempotent + # * Is it a GET or HEAD request? GETs should be safe and idempotent # * Does the form_authenticity_token match the given token value from the params? - # * Does the X-CSRF-Token header match the form_authenticity_token + # * Does the X-CSRF-Token header match the form_authenticity_token? def verified_request? # :doc: !protect_against_forgery? || request.get? || request.head? || (valid_request_origin? && any_authenticity_token_valid?) @@ -327,7 +327,7 @@ module ActionController #:nodoc: if masked_token.length == AUTHENTICITY_TOKEN_LENGTH # This is actually an unmasked token. This is expected if # you have just upgraded to masked tokens, but should stop - # happening shortly after installing this gem + # happening shortly after installing this gem. compare_with_real_token masked_token, session elsif masked_token.length == AUTHENTICITY_TOKEN_LENGTH * 2 @@ -336,13 +336,13 @@ module ActionController #:nodoc: compare_with_real_token(csrf_token, session) || valid_per_form_csrf_token?(csrf_token, session) else - false # Token is malformed + false # Token is malformed. end end def unmask_token(masked_token) # :doc: # Split the token into the one-time pad and the encrypted - # value and decrypt it + # value and decrypt it. one_time_pad = masked_token[0...AUTHENTICITY_TOKEN_LENGTH] encrypted_csrf_token = masked_token[AUTHENTICITY_TOKEN_LENGTH..-1] xor_byte_strings(one_time_pad, encrypted_csrf_token) diff --git a/actionpack/lib/action_controller/metal/rescue.rb b/actionpack/lib/action_controller/metal/rescue.rb index 2d99e4045b..25757938f5 100644 --- a/actionpack/lib/action_controller/metal/rescue.rb +++ b/actionpack/lib/action_controller/metal/rescue.rb @@ -10,7 +10,7 @@ module ActionController #:nodoc: # exceptions must be shown. This method is only called when # consider_all_requests_local is false. By default, it returns # false, but someone may set it to `request.local?` so local - # requests in production still shows the detailed exception pages. + # requests in production still show the detailed exception pages. def show_detailed_exceptions? false end diff --git a/actionpack/lib/action_controller/metal/streaming.rb b/actionpack/lib/action_controller/metal/streaming.rb index 877a08b222..58cf60ad2a 100644 --- a/actionpack/lib/action_controller/metal/streaming.rb +++ b/actionpack/lib/action_controller/metal/streaming.rb @@ -3,7 +3,7 @@ require "rack/chunked" module ActionController #:nodoc: # Allows views to be streamed back to the client as they are rendered. # - # The default way Rails renders views is by first rendering the template + # By default, Rails renders views by first rendering the template # and then the layout. The response is sent to the client after the whole # template is rendered, all queries are made, and the layout is processed. # diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 0217376ab3..1190e0ed69 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -262,7 +262,7 @@ module ActionController alias_method :to_unsafe_hash, :to_unsafe_h # Convert all hashes in values into parameters, then yield each pair in - # the same way as Hash#each_pair + # the same way as Hash#each_pair. def each_pair(&block) @parameters.each_pair do |key, value| yield key, convert_hashes_to_parameters(key, value) @@ -410,7 +410,7 @@ module ActionController # # params.permit(preferences: {}) # - # but be careful because this opens the door to arbitrary input. In this + # Be careful because this opens the door to arbitrary input. In this # case, +permit+ ensures values in the returned structure are permitted # scalars and filters out anything else. # @@ -646,15 +646,15 @@ module ActionController end # Returns a new ActionController::Parameters with all keys from - # +other_hash+ merges into current hash. + # +other_hash+ merged into current hash. def merge(other_hash) new_instance_with_inherited_permitted_status( @parameters.merge(other_hash.to_h) ) end - # Returns current ActionController::Parameters instance which - # +other_hash+ merges into current hash. + # Returns current ActionController::Parameters instance with + # +other_hash+ merged into current hash. def merge!(other_hash) @parameters.merge!(other_hash.to_h) self @@ -715,7 +715,7 @@ module ActionController undef_method :to_param - # Returns duplicate of object including all parameters + # Returns duplicate of object including all parameters. def deep_dup self.class.new(@parameters.deep_dup).tap do |duplicate| duplicate.permitted = @permitted @@ -935,7 +935,7 @@ module ActionController # whitelisted. # # In addition, parameters can be marked as required and flow through a - # predefined raise/rescue flow to end up as a 400 Bad Request with no + # predefined raise/rescue flow to end up as a 400 Bad Request with no # effort. # # class PeopleController < ActionController::Base @@ -959,7 +959,7 @@ module ActionController # # private # # Using a private method to encapsulate the permissible parameters is - # # just a good pattern since you'll be able to reuse the same permit + # # a good pattern since you'll be able to reuse the same permit # # list between create and update. Also, you can specialize this method # # with per-user checking of permissible attributes. # def person_params diff --git a/actionpack/lib/action_controller/metal/url_for.rb b/actionpack/lib/action_controller/metal/url_for.rb index 9f3cc099d6..21ed5b4ec8 100644 --- a/actionpack/lib/action_controller/metal/url_for.rb +++ b/actionpack/lib/action_controller/metal/url_for.rb @@ -3,7 +3,7 @@ module ActionController # the _routes method. Otherwise, an exception will be raised. # # In addition to AbstractController::UrlFor, this module accesses the HTTP layer to define - # url options like the +host+. In order to do so, this module requires the host class + # URL options like the +host+. In order to do so, this module requires the host class # to implement +env+ which needs to be Rack-compatible and +request+ # which is either an instance of +ActionDispatch::Request+ or an object # that responds to the +host+, +optional_port+, +protocol+ and diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index a7cdfe6a98..fadfc8de60 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -42,7 +42,7 @@ module ActionController options.javascripts_dir ||= paths["public/javascripts"].first options.stylesheets_dir ||= paths["public/stylesheets"].first - # Ensure readers methods get compiled + # Ensure readers methods get compiled. options.asset_host ||= app.config.asset_host options.relative_url_root ||= app.config.relative_url_root diff --git a/actionpack/lib/action_controller/renderer.rb b/actionpack/lib/action_controller/renderer.rb index e1441bd343..83f9522647 100644 --- a/actionpack/lib/action_controller/renderer.rb +++ b/actionpack/lib/action_controller/renderer.rb @@ -5,7 +5,7 @@ module ActionController # without requirement of being in controller actions. # # You get a concrete renderer class by invoking ActionController::Base#renderer. - # For example, + # For example: # # ApplicationController.renderer # @@ -18,7 +18,7 @@ module ActionController # ApplicationController.render template: '...' # # #render allows you to use the same options that you can use when rendering in a controller. - # For example, + # For example: # # FooController.render :action, locals: { ... }, assigns: { ... } # diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index 7229c67f30..72e29c2c9d 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -13,10 +13,10 @@ module ActionController end module Live - # Disable controller / rendering threads in tests. User tests can access + # Disable controller / rendering threads in tests. User tests can access # the database on the main thread, so they could open a txn, then the # controller thread will open a new connection and try to access data - # that's only visible to the main thread's txn. This is the problem in #23483 + # that's only visible to the main thread's txn. This is the problem in #23483. remove_method :new_controller_thread def new_controller_thread # :nodoc: yield @@ -35,7 +35,7 @@ module ActionController attr_reader :controller_class - # Create a new test request with default `env` values + # Create a new test request with default `env` values. def self.create(controller_class) env = {} env = Rails.application.env_config.merge(env) if defined?(Rails.application) && Rails.application @@ -131,7 +131,7 @@ module ActionController include Rack::Test::Utils def should_multipart?(params) - # FIXME: lifted from Rack-Test. We should push this separation upstream + # FIXME: lifted from Rack-Test. We should push this separation upstream. multipart = false query = lambda { |value| case value @@ -300,7 +300,7 @@ module ActionController # assert_equal "Dave", cookies[:name] # makes sure that a cookie called :name was set as "Dave" # assert flash.empty? # makes sure that there's nothing in the flash # - # On top of the collections, you have the complete url that a given action redirected to available in redirect_to_url. + # On top of the collections, you have the complete URL that a given action redirected to available in redirect_to_url. # # For redirects within the same controller, you can even call follow_redirect and the redirect will be followed, triggering another # action call which can then be asserted against. -- cgit v1.2.3 From db98b05113f7252073e48520b880e5961dfa2c31 Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Mon, 13 Mar 2017 15:52:46 -0400 Subject: Fix HTTPS grammar [ci skip] --- actionpack/lib/action_controller/metal/force_ssl.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb index 876e0feff5..73e67573ca 100644 --- a/actionpack/lib/action_controller/metal/force_ssl.rb +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -2,15 +2,15 @@ require "active_support/core_ext/hash/except" require "active_support/core_ext/hash/slice" module ActionController - # This module provides a method which will redirect the browser to use HTTPS - # protocol. This will ensure that user's sensitive information will be + # This module provides a method which will redirect the browser to use the secured HTTPS + # protocol. This will ensure that users' sensitive information will be # transferred safely over the internet. You _should_ always force the browser # to use HTTPS when you're transferring sensitive information such as # user authentication, account information, or credit card information. # # Note that if you are really concerned about your application security, # you might consider using +config.force_ssl+ in your config file instead. - # That will ensure all the data is transferred via HTTPS protocol and will + # That will ensure all the data is transferred via HTTPS, and will # prevent the user from getting their session hijacked when accessing the # site over unsecured HTTP protocol. module ForceSSL @@ -23,7 +23,7 @@ module ActionController module ClassMethods # Force the request to this particular controller or specified actions to be - # under HTTPS protocol. + # through the HTTPS protocol. # # If you need to disable this for any reason (e.g. development) then you can use # an +:if+ or +:unless+ condition. -- cgit v1.2.3 From 843345cae59b73e50af685ac1303a419a06b4c91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 21 Mar 2017 13:37:53 -0400 Subject: Revert "Merge pull request #27775 from domcleal/27774-format-reset" This reverts commit c6f9f8c28a720ad4ec7cf3613dddfa451d5968e2, reversing changes made to c309073c7476f50dfb1e796d058580f176101c36. Reason: This is fixing the behavior in the wrong place. Now the request path after the request is nil and there is no way to assert that. Also the test that was added in that PR also fails in 4.2 where the reporter says it was passing. The reason the bahavior changed between Rails 4.2 and Rails 5 is that the format in the path is now respected. The correct way to fix the problem is not doign two requests in the same controller test and use integrations tests. This change caused a regression between Rails 5.0.1 and 5.0.2. --- actionpack/lib/action_controller/test_case.rb | 1 - 1 file changed, 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index 72e29c2c9d..bc42d50205 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -534,7 +534,6 @@ module ActionController @request.delete_header "HTTP_ACCEPT" end @request.query_string = "" - @request.env.delete "PATH_INFO" @response.sent! end -- cgit v1.2.3 From ea5aa2525b4fbc7d8323a7e4c3ee98db2ee5acb4 Mon Sep 17 00:00:00 2001 From: Sid Ngeth Date: Fri, 17 Feb 2017 17:03:09 -0500 Subject: Wrap store accessors in parameters Modified params wrapper to account for model's stored_attributes --- actionpack/lib/action_controller/metal/params_wrapper.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb index 3cca5e8906..a89fc1678b 100644 --- a/actionpack/lib/action_controller/metal/params_wrapper.rb +++ b/actionpack/lib/action_controller/metal/params_wrapper.rb @@ -105,7 +105,11 @@ module ActionController unless super || exclude if m.respond_to?(:attribute_names) && m.attribute_names.any? - self.include = m.attribute_names + if m.respond_to?(:stored_attributes) && !m.stored_attributes.empty? + self.include = m.attribute_names + m.stored_attributes.values.flatten.map(&:to_s) + else + self.include = m.attribute_names + end end end end -- cgit v1.2.3 From 3dd1de8ba4d5862b01e7f5dd3878b21fd98b443b Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Wed, 22 Mar 2017 15:44:19 -0400 Subject: Small grammar fix [ci skip] --- actionpack/lib/action_controller/metal/mime_responds.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/mime_responds.rb b/actionpack/lib/action_controller/metal/mime_responds.rb index 7b4c7b923e..96bd548268 100644 --- a/actionpack/lib/action_controller/metal/mime_responds.rb +++ b/actionpack/lib/action_controller/metal/mime_responds.rb @@ -182,7 +182,7 @@ module ActionController #:nodoc: # request.variant = [:tablet, :phone] # # This will work similarly to formats and MIME types negotiation. If there - # is no +:tablet+ variant declared, +:phone+ variant will be picked: + # is no +:tablet+ variant declared, the +:phone+ variant will be used: # # respond_to do |format| # format.html.none -- cgit v1.2.3 From 0117810cdab34d168b0579a6736c5d58c5ab84c7 Mon Sep 17 00:00:00 2001 From: Matt Casper Date: Wed, 29 Mar 2017 09:56:27 -0500 Subject: Add aliases for reverse_merge to with_defaults In the context of controller parameters, reverse_merge is commonly used to provide defaults for user input. Having an alias to reverse_merge called with_defaults feels more idiomatic for Rails. --- actionpack/lib/action_controller/metal/strong_parameters.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 1190e0ed69..baf15570d5 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -667,6 +667,7 @@ module ActionController other_hash.to_h.merge(@parameters) ) end + alias_method :with_defaults, :reverse_merge # Returns current ActionController::Parameters instance with # current hash merged into +other_hash+. @@ -674,6 +675,7 @@ module ActionController @parameters.merge!(other_hash.to_h) { |key, left, right| left } self end + alias_method :with_defaults!, :reverse_merge! # This is required by ActiveModel attribute assignment, so that user can # pass +Parameters+ to a mass assignment methods in a model. It should not -- cgit v1.2.3 From 9d695743dee0eb57cedd1f0e7a9dc1a16ef0b530 Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Wed, 29 Mar 2017 17:36:54 -0400 Subject: Do not include default response headers for AC::Metal In Rails 4.2, `ActionController::Metal` controllers did not include the default headers from `ActionDispatch::Response`. However, through e16afe6, and a general shift towards having `ActionController::Metal` objects contain `ActionDispatch::Response` objects (instead of just returning an array of status, headers, and body), this behavior was lost. This PR helps to restore the original behavior by having `ActionController::Metal` controllers generate Response objects without the default headers, while `ActionController::Base` now overrides the factory method to make sure its version does have the default headers. --- actionpack/lib/action_controller/base.rb | 6 ++++++ actionpack/lib/action_controller/metal.rb | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 0fe0853da3..b420e00c78 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -261,6 +261,12 @@ module ActionController PROTECTED_IVARS end + def self.make_response!(request) + ActionDispatch::Response.create.tap do |res| + res.request = request + end + end + ActiveSupport.run_load_hooks(:action_controller, self) end end diff --git a/actionpack/lib/action_controller/metal.rb b/actionpack/lib/action_controller/metal.rb index 74c4153cd2..246644dcbd 100644 --- a/actionpack/lib/action_controller/metal.rb +++ b/actionpack/lib/action_controller/metal.rb @@ -129,7 +129,7 @@ module ActionController end def self.make_response!(request) - ActionDispatch::Response.create.tap do |res| + ActionDispatch::Response.new.tap do |res| res.request = request end end -- cgit v1.2.3 From a500b4796f86b05b3fece414f090a496d3cb4298 Mon Sep 17 00:00:00 2001 From: Jon Leighton Date: Thu, 6 Apr 2017 16:03:35 +0100 Subject: Improve logging when Origin header doesn't match I came up against this while dealing with a misconfigured server. The browser was setting the Origin header to "https://example.com", but the Rails app returned "http://example.com" from request.base_url (because it was failing to detect that HTTPS was used). This caused verify_authenticity_token to fail, but the message in the log was "Can't verify CSRF token", which is confusing because the failure had nothing to do with the CSRF token sent in the request. This made it very hard to identify the issue, so hopefully this will make it more obvious for the next person. --- .../lib/action_controller/metal/request_forgery_protection.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index d9a8b9c12d..5051c02a62 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -213,7 +213,11 @@ module ActionController #:nodoc: if !verified_request? if logger && log_warning_on_csrf_failure - logger.warn "Can't verify CSRF token authenticity." + if valid_request_origin? + logger.warn "Can't verify CSRF token authenticity." + else + logger.warn "HTTP Origin header (#{request.origin}) didn't match request.base_url (#{request.base_url})" + end end handle_unverified_request end -- cgit v1.2.3 From 35fac87123df4fdf7cc26b7ccd724932d946be87 Mon Sep 17 00:00:00 2001 From: Julian Nadeau Date: Mon, 13 Mar 2017 17:37:22 -0400 Subject: Add action_controller_api, action_controller_base on_load hook --- actionpack/lib/action_controller/api.rb | 1 + actionpack/lib/action_controller/base.rb | 1 + 2 files changed, 2 insertions(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/api.rb b/actionpack/lib/action_controller/api.rb index 0d1af0d0bd..94698df730 100644 --- a/actionpack/lib/action_controller/api.rb +++ b/actionpack/lib/action_controller/api.rb @@ -141,6 +141,7 @@ module ActionController include mod end + ActiveSupport.run_load_hooks(:action_controller_api, self) ActiveSupport.run_load_hooks(:action_controller, self) end end diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index b420e00c78..8c2b111f89 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -267,6 +267,7 @@ module ActionController end end + ActiveSupport.run_load_hooks(:action_controller_base, self) ActiveSupport.run_load_hooks(:action_controller, self) end end -- cgit v1.2.3 From fd88ccc905549c61e0e4525fcb68b91d20b9afe9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 11 Apr 2017 21:45:39 -0400 Subject: Raise exception when calling to_h in a unfiltered Parameters Before we returned either an empty hash or only the always permitted parameters (:controller and :action by default). The previous behavior was dangerous because in order to get the attributes users usually fallback to use to_unsafe_h that could potentially introduce security issues. The to_unsafe_h API is also not good since Parameters is a object that quacks like a Hash but not in all cases since to_h would return an empty hash and users were forced to check if to_unsafe_h is defined or if the instance is a ActionController::Parameters in order to work with it. This end up coupling a lot of libraries and parts of the application with something that is from the controller layer. --- .../lib/action_controller/metal/strong_parameters.rb | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index baf15570d5..b20ad940ea 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -43,6 +43,18 @@ module ActionController end end + # Raised when a Parameters instance is not marked as permitted and + # an operation to transform it to hash is called. + # + # params = ActionController::Parameters.new(a: "123", b: "456") + # params.to_h + # # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash + class UnfilteredParameters < StandardError + def initialize # :nodoc: + super("unable to convert unpermitted parameters to hash") + end + end + # == Action Controller \Parameters # # Allows you to choose which attributes should be whitelisted for mass updating @@ -234,7 +246,8 @@ module ActionController # name: 'Senjougahara Hitagi', # oddity: 'Heavy stone crab' # }) - # params.to_h # => {} + # params.to_h + # # => ActionController::UnfilteredParameters: unable to convert unfiltered parameters to hash # # safe_params = params.permit(:name) # safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} @@ -242,7 +255,7 @@ module ActionController if permitted? convert_parameters_to_hashes(@parameters, :to_h) else - slice(*self.class.always_permitted_parameters).permit!.to_h + raise UnfilteredParameters end end -- cgit v1.2.3 From 9f4c2632ef28b9622ffa0eca5d02beea8ec809c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 11 Apr 2017 21:56:55 -0400 Subject: Add ActionController::Parameters#to_hash to implict conversion Now methods that implicit convert objects to a hash will be able to work without requiring the users to change their implementation. This method will return a Hash instead of a HashWithIndefirentAccess to mimic the same implementation of HashWithIndefirentAccess#to_hash. --- .../lib/action_controller/metal/strong_parameters.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index b20ad940ea..62c654da03 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -259,6 +259,22 @@ module ActionController end end + # Returns a safe Hash representation of this parameter + # with all unpermitted keys removed. + # + # params = ActionController::Parameters.new({ + # name: 'Senjougahara Hitagi', + # oddity: 'Heavy stone crab' + # }) + # params.to_hash + # # => ActionController::UnfilteredParameters: unable to convert unfiltered parameters to hash + # + # safe_params = params.permit(:name) + # safe_params.to_hash # => {"name"=>"Senjougahara Hitagi"} + def to_hash + to_h.to_hash + end + # Returns an unsafe, unfiltered # ActiveSupport::HashWithIndifferentAccess representation of this # parameter. -- cgit v1.2.3 From 29333ddb69e69d0fa99a66bf5fab333e8c5611aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 11 Apr 2017 22:21:14 -0400 Subject: Implement ActionController::Parameters#to_query and #to_param Previously it was raising an error because it may be unsafe to use those methods in a unpermitted parameter. Now we delegate to to_h that already raise an error when the Parameters instance is not permitted. This also fix a bug when using `#to_query` in a hash that contains a `ActionController::Parameters` instance and was returning the name of the class in the string. --- .../action_controller/metal/strong_parameters.rb | 30 ++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 62c654da03..ac8e7eec84 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -275,6 +275,34 @@ module ActionController to_h.to_hash end + # Returns a string representation of the receiver suitable for use as a URL + # query string: + # + # params = ActionController::Parameters.new({ + # name: 'David', + # nationality: 'Danish' + # }) + # params.to_query + # # => "name=David&nationality=Danish" + # + # An optional namespace can be passed to enclose key names: + # + # params = ActionController::Parameters.new({ + # name: 'David', + # nationality: 'Danish' + # }) + # params.to_query('user') + # # => "user%5Bname%5D=David&user%5Bnationality%5D=Danish" + # + # The string pairs "key=value" that conform the query string + # are sorted lexicographically in ascending order. + # + # This method is also aliased as +to_param+. + def to_query(*args) + to_h.to_query(*args) + end + alias_method :to_param, :to_query + # Returns an unsafe, unfiltered # ActiveSupport::HashWithIndifferentAccess representation of this # parameter. @@ -744,8 +772,6 @@ module ActionController end end - undef_method :to_param - # Returns duplicate of object including all parameters. def deep_dup self.class.new(@parameters.deep_dup).tap do |duplicate| -- cgit v1.2.3 From 3ee56f7b3de34aa7f6bc9fc69c93544c3f037798 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 13 Apr 2017 16:11:08 -0400 Subject: Improve documentation We are talking about a list of parameters even so we need to use plural. Even if we were talking about the instance of the Parameters object we would have to use the capital and monospaced font. --- actionpack/lib/action_controller/metal/strong_parameters.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index ac8e7eec84..f816fd7f74 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -240,7 +240,7 @@ module ActionController end # Returns a safe ActiveSupport::HashWithIndifferentAccess - # representation of this parameter with all unpermitted keys removed. + # representation of the parameters with all unpermitted keys removed. # # params = ActionController::Parameters.new({ # name: 'Senjougahara Hitagi', @@ -259,7 +259,7 @@ module ActionController end end - # Returns a safe Hash representation of this parameter + # Returns a safe Hash representation of the parameters # with all unpermitted keys removed. # # params = ActionController::Parameters.new({ @@ -304,8 +304,8 @@ module ActionController alias_method :to_param, :to_query # Returns an unsafe, unfiltered - # ActiveSupport::HashWithIndifferentAccess representation of this - # parameter. + # ActiveSupport::HashWithIndifferentAccess representation of the + # parameters. # # params = ActionController::Parameters.new({ # name: 'Senjougahara Hitagi', -- cgit v1.2.3 From 70c6fb1a06d76d0d6cddb6fb50137aa1341745a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 17 Apr 2017 18:28:02 -0400 Subject: Follow the style guide rules in the documetation --- .../action_controller/metal/strong_parameters.rb | 60 +++++++++++----------- 1 file changed, 30 insertions(+), 30 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index f816fd7f74..ce60026325 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -65,9 +65,9 @@ module ActionController # # params = ActionController::Parameters.new({ # person: { - # name: 'Francesco', + # name: "Francesco", # age: 22, - # role: 'admin' + # role: "admin" # } # }) # @@ -115,7 +115,7 @@ module ActionController # You can fetch values of ActionController::Parameters using either # :key or "key". # - # params = ActionController::Parameters.new(key: 'value') + # params = ActionController::Parameters.new(key: "value") # params[:key] # => "value" # params["key"] # => "value" class Parameters @@ -215,13 +215,13 @@ module ActionController # class Person < ActiveRecord::Base # end # - # params = ActionController::Parameters.new(name: 'Francesco') + # params = ActionController::Parameters.new(name: "Francesco") # params.permitted? # => false # Person.new(params) # => ActiveModel::ForbiddenAttributesError # # ActionController::Parameters.permit_all_parameters = true # - # params = ActionController::Parameters.new(name: 'Francesco') + # params = ActionController::Parameters.new(name: "Francesco") # params.permitted? # => true # Person.new(params) # => # def initialize(parameters = {}) @@ -243,8 +243,8 @@ module ActionController # representation of the parameters with all unpermitted keys removed. # # params = ActionController::Parameters.new({ - # name: 'Senjougahara Hitagi', - # oddity: 'Heavy stone crab' + # name: "Senjougahara Hitagi", + # oddity: "Heavy stone crab" # }) # params.to_h # # => ActionController::UnfilteredParameters: unable to convert unfiltered parameters to hash @@ -263,8 +263,8 @@ module ActionController # with all unpermitted keys removed. # # params = ActionController::Parameters.new({ - # name: 'Senjougahara Hitagi', - # oddity: 'Heavy stone crab' + # name: "Senjougahara Hitagi", + # oddity: "Heavy stone crab" # }) # params.to_hash # # => ActionController::UnfilteredParameters: unable to convert unfiltered parameters to hash @@ -279,8 +279,8 @@ module ActionController # query string: # # params = ActionController::Parameters.new({ - # name: 'David', - # nationality: 'Danish' + # name: "David", + # nationality: "Danish" # }) # params.to_query # # => "name=David&nationality=Danish" @@ -288,10 +288,10 @@ module ActionController # An optional namespace can be passed to enclose key names: # # params = ActionController::Parameters.new({ - # name: 'David', - # nationality: 'Danish' + # name: "David", + # nationality: "Danish" # }) - # params.to_query('user') + # params.to_query("user") # # => "user%5Bname%5D=David&user%5Bnationality%5D=Danish" # # The string pairs "key=value" that conform the query string @@ -308,8 +308,8 @@ module ActionController # parameters. # # params = ActionController::Parameters.new({ - # name: 'Senjougahara Hitagi', - # oddity: 'Heavy stone crab' + # name: "Senjougahara Hitagi", + # oddity: "Heavy stone crab" # }) # params.to_unsafe_h # # => {"name"=>"Senjougahara Hitagi", "oddity" => "Heavy stone crab"} @@ -354,7 +354,7 @@ module ActionController # class Person < ActiveRecord::Base # end # - # params = ActionController::Parameters.new(name: 'Francesco') + # params = ActionController::Parameters.new(name: "Francesco") # params.permitted? # => false # Person.new(params) # => ActiveModel::ForbiddenAttributesError # params.permit! @@ -376,7 +376,7 @@ module ActionController # When passed a single key, if it exists and its associated value is # either present or the singleton +false+, returns said value: # - # ActionController::Parameters.new(person: { name: 'Francesco' }).require(:person) + # ActionController::Parameters.new(person: { name: "Francesco" }).require(:person) # # => "Francesco"} permitted: false> # # Otherwise raises ActionController::ParameterMissing: @@ -409,7 +409,7 @@ module ActionController # Technically this method can be used to fetch terminal values: # # # CAREFUL - # params = ActionController::Parameters.new(person: { name: 'Finn' }) + # params = ActionController::Parameters.new(person: { name: "Finn" }) # name = params.require(:person).require(:name) # CAREFUL # # but take into account that at some point those ones have to be permitted: @@ -439,7 +439,7 @@ module ActionController # for the object to +true+. This is useful for limiting which attributes # should be allowed for mass updating. # - # params = ActionController::Parameters.new(user: { name: 'Francesco', age: 22, role: 'admin' }) + # params = ActionController::Parameters.new(user: { name: "Francesco", age: 22, role: "admin" }) # permitted = params.require(:user).permit(:name, :age) # permitted.permitted? # => true # permitted.has_key?(:name) # => true @@ -459,7 +459,7 @@ module ActionController # You may declare that the parameter should be an array of permitted scalars # by mapping it to an empty array: # - # params = ActionController::Parameters.new(tags: ['rails', 'parameters']) + # params = ActionController::Parameters.new(tags: ["rails", "parameters"]) # params.permit(tags: []) # # Sometimes it is not possible or convenient to declare the valid keys of @@ -475,11 +475,11 @@ module ActionController # # params = ActionController::Parameters.new({ # person: { - # name: 'Francesco', + # name: "Francesco", # age: 22, # pets: [{ - # name: 'Purplish', - # category: 'dogs' + # name: "Purplish", + # category: "dogs" # }] # } # }) @@ -498,8 +498,8 @@ module ActionController # params = ActionController::Parameters.new({ # person: { # contact: { - # email: 'none@test.com', - # phone: '555-1234' + # email: "none@test.com", + # phone: "555-1234" # } # } # }) @@ -532,7 +532,7 @@ module ActionController # Returns a parameter for the given +key+. If not found, # returns +nil+. # - # params = ActionController::Parameters.new(person: { name: 'Francesco' }) + # params = ActionController::Parameters.new(person: { name: "Francesco" }) # params[:person] # => "Francesco"} permitted: false> # params[:none] # => nil def [](key) @@ -551,11 +551,11 @@ module ActionController # if more arguments are given, then that will be returned; if a block # is given, then that will be run and its result returned. # - # params = ActionController::Parameters.new(person: { name: 'Francesco' }) + # params = ActionController::Parameters.new(person: { name: "Francesco" }) # params.fetch(:person) # => "Francesco"} permitted: false> # params.fetch(:none) # => ActionController::ParameterMissing: param is missing or the value is empty: none - # params.fetch(:none, 'Francesco') # => "Francesco" - # params.fetch(:none) { 'Francesco' } # => "Francesco" + # params.fetch(:none, "Francesco") # => "Francesco" + # params.fetch(:none) { "Francesco" } # => "Francesco" def fetch(key, *args) convert_value_to_parameters( @parameters.fetch(key) { -- cgit v1.2.3 From 93034ad7fea7e00562103a7cd0acfab19bbfadf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 17 Apr 2017 18:55:21 -0400 Subject: Reuse the Parameters#to_h check in the routing helpers Since this protection is now in Parameters we can use it instead of reimplementing again. --- actionpack/lib/action_controller/metal/strong_parameters.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index ce60026325..7864f9decd 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -49,7 +49,7 @@ module ActionController # params = ActionController::Parameters.new(a: "123", b: "456") # params.to_h # # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash - class UnfilteredParameters < StandardError + class UnfilteredParameters < ArgumentError def initialize # :nodoc: super("unable to convert unpermitted parameters to hash") end -- cgit v1.2.3 From fb0fae9747ceec065e75867ea83afb713a5b449b Mon Sep 17 00:00:00 2001 From: Eugene Kenny Date: Wed, 10 May 2017 23:48:46 +0100 Subject: Pass block in ActionController::Parameters#delete In order to fully support the same interface as `Hash#delete`, we need to pass the block through to the underlying method, not just the key. This used to work correctly, but it regressed when `ActionController::Parameters` stopped inheriting from `Hash` in 5.0. --- actionpack/lib/action_controller/metal/strong_parameters.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 7864f9decd..20330b5091 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -666,8 +666,8 @@ module ActionController # to key. If the key is not found, returns the default value. If the # optional code block is given and the key is not found, pass in the key # and return the result of block. - def delete(key) - convert_value_to_parameters(@parameters.delete(key)) + def delete(key, &block) + convert_value_to_parameters(@parameters.delete(key, &block)) end # Returns a new instance of ActionController::Parameters with only -- cgit v1.2.3 From 75fa8dd309a84e125b59d01bf182d88419631eaa Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Thu, 18 May 2017 18:12:32 +0200 Subject: Use recyclable cache keys (#29092) --- actionpack/lib/action_controller/log_subscriber.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/log_subscriber.rb b/actionpack/lib/action_controller/log_subscriber.rb index d29a5fe68f..d00fcbcd13 100644 --- a/actionpack/lib/action_controller/log_subscriber.rb +++ b/actionpack/lib/action_controller/log_subscriber.rb @@ -60,9 +60,9 @@ module ActionController class_eval <<-METHOD, __FILE__, __LINE__ + 1 def #{method}(event) return unless logger.info? && ActionController::Base.enable_fragment_cache_logging - key_or_path = event.payload[:key] || event.payload[:path] + key = ActiveSupport::Cache.expand_cache_key(event.payload[:key] || event.payload[:path]) human_name = #{method.to_s.humanize.inspect} - info("\#{human_name} \#{key_or_path} (\#{event.duration.round(1)}ms)") + info("\#{human_name} \#{key} (\#{event.duration.round(1)}ms)") end METHOD end -- cgit v1.2.3 From 1c275d812f35f53f93cd96184a4f319983766cc5 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Mon, 29 May 2017 18:01:50 +0200 Subject: Add option for class_attribute default (#29270) * Allow a default value to be declared for class_attribute * Convert to using class_attribute default rather than explicit setter * Removed instance_accessor option by mistake * False is a valid default value * Documentation --- actionpack/lib/action_controller/metal.rb | 3 +-- actionpack/lib/action_controller/metal/conditional_get.rb | 3 +-- actionpack/lib/action_controller/metal/etag_with_template_digest.rb | 3 +-- actionpack/lib/action_controller/metal/flash.rb | 3 +-- actionpack/lib/action_controller/metal/helpers.rb | 5 ++--- actionpack/lib/action_controller/metal/params_wrapper.rb | 3 +-- actionpack/lib/action_controller/metal/renderers.rb | 3 +-- 7 files changed, 8 insertions(+), 15 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal.rb b/actionpack/lib/action_controller/metal.rb index 246644dcbd..96c708f45a 100644 --- a/actionpack/lib/action_controller/metal.rb +++ b/actionpack/lib/action_controller/metal.rb @@ -208,8 +208,7 @@ module ActionController @_request.reset_session end - class_attribute :middleware_stack - self.middleware_stack = ActionController::MiddlewareStack.new + class_attribute :middleware_stack, default: ActionController::MiddlewareStack.new def self.inherited(base) # :nodoc: base.middleware_stack = middleware_stack.dup diff --git a/actionpack/lib/action_controller/metal/conditional_get.rb b/actionpack/lib/action_controller/metal/conditional_get.rb index eb636fa3f6..0525252c7c 100644 --- a/actionpack/lib/action_controller/metal/conditional_get.rb +++ b/actionpack/lib/action_controller/metal/conditional_get.rb @@ -7,8 +7,7 @@ module ActionController include Head included do - class_attribute :etaggers - self.etaggers = [] + class_attribute :etaggers, default: [] end module ClassMethods diff --git a/actionpack/lib/action_controller/metal/etag_with_template_digest.rb b/actionpack/lib/action_controller/metal/etag_with_template_digest.rb index 798564db96..69c3979a0e 100644 --- a/actionpack/lib/action_controller/metal/etag_with_template_digest.rb +++ b/actionpack/lib/action_controller/metal/etag_with_template_digest.rb @@ -22,8 +22,7 @@ module ActionController include ActionController::ConditionalGet included do - class_attribute :etag_with_template_digest - self.etag_with_template_digest = true + class_attribute :etag_with_template_digest, default: true ActiveSupport.on_load :action_view, yield: true do etag do |options| diff --git a/actionpack/lib/action_controller/metal/flash.rb b/actionpack/lib/action_controller/metal/flash.rb index 347fbf0e74..24d1097ebe 100644 --- a/actionpack/lib/action_controller/metal/flash.rb +++ b/actionpack/lib/action_controller/metal/flash.rb @@ -3,8 +3,7 @@ module ActionController #:nodoc: extend ActiveSupport::Concern included do - class_attribute :_flash_types, instance_accessor: false - self._flash_types = [] + class_attribute :_flash_types, instance_accessor: false, default: [] delegate :flash, to: :request add_flash_types(:alert, :notice) diff --git a/actionpack/lib/action_controller/metal/helpers.rb b/actionpack/lib/action_controller/metal/helpers.rb index 476d081239..913a4b9a04 100644 --- a/actionpack/lib/action_controller/metal/helpers.rb +++ b/actionpack/lib/action_controller/metal/helpers.rb @@ -53,9 +53,8 @@ module ActionController include AbstractController::Helpers included do - class_attribute :helpers_path, :include_all_helpers - self.helpers_path ||= [] - self.include_all_helpers = true + class_attribute :helpers_path, default: [] + class_attribute :include_all_helpers, default: true end module ClassMethods diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb index a89fc1678b..68881b8402 100644 --- a/actionpack/lib/action_controller/metal/params_wrapper.rb +++ b/actionpack/lib/action_controller/metal/params_wrapper.rb @@ -159,8 +159,7 @@ module ActionController end included do - class_attribute :_wrapper_options - self._wrapper_options = Options.from_hash(format: []) + class_attribute :_wrapper_options, default: Options.from_hash(format: []) end module ClassMethods diff --git a/actionpack/lib/action_controller/metal/renderers.rb b/actionpack/lib/action_controller/metal/renderers.rb index 733aca195d..23c21b0501 100644 --- a/actionpack/lib/action_controller/metal/renderers.rb +++ b/actionpack/lib/action_controller/metal/renderers.rb @@ -26,8 +26,7 @@ module ActionController RENDERERS = Set.new included do - class_attribute :_renderers - self._renderers = Set.new.freeze + class_attribute :_renderers, default: Set.new.freeze end # Used in ActionController::Base -- cgit v1.2.3 From b6b0c99ff3e8ace3f42813154dbe4b8ad6a98e6c Mon Sep 17 00:00:00 2001 From: Genadi Samokovarov Date: Wed, 31 May 2017 12:16:20 +0300 Subject: Use mattr_accessor default: option throughout the project --- actionpack/lib/action_controller/metal/strong_parameters.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 20330b5091..cd99e3125f 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -119,8 +119,7 @@ module ActionController # params[:key] # => "value" # params["key"] # => "value" class Parameters - cattr_accessor :permit_all_parameters, instance_accessor: false - self.permit_all_parameters = false + cattr_accessor :permit_all_parameters, instance_accessor: false, default: false cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false @@ -205,8 +204,7 @@ module ActionController # config. For instance: # # config.always_permitted_parameters = %w( controller action format ) - cattr_accessor :always_permitted_parameters - self.always_permitted_parameters = %w( controller action ) + cattr_accessor :always_permitted_parameters, default: %w( controller action ) # Returns a new instance of ActionController::Parameters. # Also, sets the +permitted+ attribute to the default value of -- cgit v1.2.3 From 4cb293af5b6da8c1189ffc5355f5ca372b3c1241 Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Mon, 19 Jun 2017 21:47:00 +0900 Subject: Fix examples for `AC::Parameters#to_query` [ci skip] Without `permit`, `AC::Parameters#to_query` raise `AC::UnfilteredParameters`. ```ruby params = ActionController::Parameters.new({ name: "David", nationality: "Danish" }) params.to_query # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash ``` --- actionpack/lib/action_controller/metal/strong_parameters.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index cd99e3125f..4a60e2eff2 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -281,6 +281,10 @@ module ActionController # nationality: "Danish" # }) # params.to_query + # # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash + # + # safe_params = params.permit(:name, :nationality) + # safe_params.to_query # # => "name=David&nationality=Danish" # # An optional namespace can be passed to enclose key names: @@ -289,7 +293,8 @@ module ActionController # name: "David", # nationality: "Danish" # }) - # params.to_query("user") + # safe_params = params.permit(:name, :nationality) + # safe_params.to_query("user") # # => "user%5Bname%5D=David&user%5Bnationality%5D=Danish" # # The string pairs "key=value" that conform the query string -- cgit v1.2.3 From 3d453b409d037a056d0bcd636a2e020cc7cef4a8 Mon Sep 17 00:00:00 2001 From: Pat Allan Date: Tue, 20 Jun 2017 22:20:04 +1000 Subject: Make ActionView frozen string literal friendly. Plus a couple of related ActionPack patches. --- actionpack/lib/action_controller/log_subscriber.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/log_subscriber.rb b/actionpack/lib/action_controller/log_subscriber.rb index d00fcbcd13..5d75393897 100644 --- a/actionpack/lib/action_controller/log_subscriber.rb +++ b/actionpack/lib/action_controller/log_subscriber.rb @@ -24,7 +24,7 @@ module ActionController exception_class_name = payload[:exception].first status = ActionDispatch::ExceptionWrapper.status_code_for_exception(exception_class_name) end - message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms" + message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms".dup message << " (#{additions.join(" | ".freeze)})" unless additions.empty? message << "\n\n" if defined?(Rails.env) && Rails.env.development? -- cgit v1.2.3 From 8a11fabee48290c2c5c7d0a0531f1b3c00c3cf06 Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Fri, 23 Jun 2017 15:31:31 +0900 Subject: Fix typo in `AC::UnfilteredParameters` message [ci skip] Ref: https://github.com/rails/rails/blob/33b596709388cc48d90ab6d1de99d7bd6e85f916/actionpack/lib/action_controller/metal/strong_parameters.rb#L52..L56 --- actionpack/lib/action_controller/metal/strong_parameters.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 4a60e2eff2..cd6a0c0b98 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -245,7 +245,7 @@ module ActionController # oddity: "Heavy stone crab" # }) # params.to_h - # # => ActionController::UnfilteredParameters: unable to convert unfiltered parameters to hash + # # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash # # safe_params = params.permit(:name) # safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} @@ -265,7 +265,7 @@ module ActionController # oddity: "Heavy stone crab" # }) # params.to_hash - # # => ActionController::UnfilteredParameters: unable to convert unfiltered parameters to hash + # # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash # # safe_params = params.permit(:name) # safe_params.to_hash # => {"name"=>"Senjougahara Hitagi"} -- cgit v1.2.3 From b3966080cc825755ea665693b9529c8ef898c6cb Mon Sep 17 00:00:00 2001 From: Eugene Kenny Date: Sat, 24 Jun 2017 00:48:34 +0100 Subject: Don't wrap parameters if key already exists We shouldn't perform parameter wrapping if it would overwrite one of the parameters sent with the request, as that would interfere with reading the parameter directly from the top level `params` hash. The current implementation has logic for this case, but it doesn't handle `nil`/`false` values, which means these parameters: { "user" => nil } are transformed into this `params` hash: { "user" => { "user" => nil } } and `params["user"]` no longer returns the original parameter value. --- actionpack/lib/action_controller/metal/params_wrapper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb index 68881b8402..44151c9f71 100644 --- a/actionpack/lib/action_controller/metal/params_wrapper.rb +++ b/actionpack/lib/action_controller/metal/params_wrapper.rb @@ -282,7 +282,7 @@ module ActionController return false unless request.has_content_type? ref = request.content_mime_type.ref - _wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters[_wrapper_key] + _wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters.key?(_wrapper_key) end end end -- cgit v1.2.3 From ab491134a355257eec4730c48977b618c04549a7 Mon Sep 17 00:00:00 2001 From: Eugene Kenny Date: Sun, 25 Jun 2017 02:13:05 +0100 Subject: Don't wrap parameters if query parameter exists We want to avoid overwriting a query parameter with the wrapped parameters hash. Previously this was implemented by merging the wrapped parameters at the root level if the key already existed, which was effectively a no-op. The query parameter was still overwritten in the filtered parameters hash, however. We can fix that discrepancy with a simpler implementation and less unnecessary work by skipping parameter wrapping entirely if the key was sent as a query parameter. --- actionpack/lib/action_controller/metal/params_wrapper.rb | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb index 44151c9f71..818af549eb 100644 --- a/actionpack/lib/action_controller/metal/params_wrapper.rb +++ b/actionpack/lib/action_controller/metal/params_wrapper.rb @@ -232,12 +232,7 @@ module ActionController # by the metal call stack. def process_action(*args) if _wrapper_enabled? - if request.parameters[_wrapper_key].present? - wrapped_hash = _extract_parameters(request.parameters) - else - wrapped_hash = _wrap_parameters request.request_parameters - end - + wrapped_hash = _wrap_parameters request.request_parameters wrapped_keys = request.request_parameters.keys wrapped_filtered_hash = _wrap_parameters request.filtered_parameters.slice(*wrapped_keys) @@ -282,7 +277,7 @@ module ActionController return false unless request.has_content_type? ref = request.content_mime_type.ref - _wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters.key?(_wrapper_key) + _wrapper_formats.include?(ref) && _wrapper_key && !request.parameters.key?(_wrapper_key) end end end -- cgit v1.2.3 From da895edf2e43d8c03089df7042a5bff7ef15fff0 Mon Sep 17 00:00:00 2001 From: Kir Shatrov Date: Thu, 29 Jun 2017 20:25:54 +0300 Subject: Fallback Parameters#to_s to Hash#to_s Fixes https://github.com/rails/rails/issues/29617 --- actionpack/lib/action_controller/metal/strong_parameters.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index cd6a0c0b98..3c16bde09c 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -179,6 +179,13 @@ module ActionController # # Returns a new array of the keys of the parameters. + ## + # :method: to_s + # + # :call-seq: + # to_s() + # Returns the content of the parameters as a string. + ## # :method: value? # @@ -195,7 +202,7 @@ module ActionController # # Returns a new array of the values of the parameters. delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?, - :as_json, to: :@parameters + :as_json, :to_s, to: :@parameters # By default, never raise an UnpermittedParameters exception if these # params are present. The default includes both 'controller' and 'action' -- cgit v1.2.3 From cfade1ec7ee7b5b51f3c1578e3474f9c156f2971 Mon Sep 17 00:00:00 2001 From: Kir Shatrov Date: Thu, 22 Jun 2017 22:59:18 -0400 Subject: Enforce frozen string in Rubocop --- actionpack/lib/action_controller/api.rb | 1 + actionpack/lib/action_controller/api/api_rendering.rb | 1 + actionpack/lib/action_controller/base.rb | 1 + actionpack/lib/action_controller/caching.rb | 1 + actionpack/lib/action_controller/form_builder.rb | 1 + actionpack/lib/action_controller/log_subscriber.rb | 1 + actionpack/lib/action_controller/metal.rb | 1 + actionpack/lib/action_controller/metal/basic_implicit_render.rb | 1 + actionpack/lib/action_controller/metal/conditional_get.rb | 1 + actionpack/lib/action_controller/metal/cookies.rb | 1 + actionpack/lib/action_controller/metal/data_streaming.rb | 1 + actionpack/lib/action_controller/metal/etag_with_flash.rb | 1 + actionpack/lib/action_controller/metal/etag_with_template_digest.rb | 1 + actionpack/lib/action_controller/metal/exceptions.rb | 1 + actionpack/lib/action_controller/metal/flash.rb | 1 + actionpack/lib/action_controller/metal/force_ssl.rb | 1 + actionpack/lib/action_controller/metal/head.rb | 1 + actionpack/lib/action_controller/metal/helpers.rb | 1 + actionpack/lib/action_controller/metal/http_authentication.rb | 1 + actionpack/lib/action_controller/metal/implicit_render.rb | 1 + actionpack/lib/action_controller/metal/instrumentation.rb | 1 + actionpack/lib/action_controller/metal/live.rb | 1 + actionpack/lib/action_controller/metal/mime_responds.rb | 1 + actionpack/lib/action_controller/metal/parameter_encoding.rb | 1 + actionpack/lib/action_controller/metal/params_wrapper.rb | 1 + actionpack/lib/action_controller/metal/redirecting.rb | 1 + actionpack/lib/action_controller/metal/renderers.rb | 1 + actionpack/lib/action_controller/metal/rendering.rb | 1 + actionpack/lib/action_controller/metal/request_forgery_protection.rb | 1 + actionpack/lib/action_controller/metal/rescue.rb | 1 + actionpack/lib/action_controller/metal/streaming.rb | 1 + actionpack/lib/action_controller/metal/strong_parameters.rb | 1 + actionpack/lib/action_controller/metal/testing.rb | 1 + actionpack/lib/action_controller/metal/url_for.rb | 1 + actionpack/lib/action_controller/railtie.rb | 1 + actionpack/lib/action_controller/railties/helpers.rb | 1 + actionpack/lib/action_controller/renderer.rb | 1 + actionpack/lib/action_controller/template_assertions.rb | 1 + actionpack/lib/action_controller/test_case.rb | 1 + 39 files changed, 39 insertions(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/api.rb b/actionpack/lib/action_controller/api.rb index 94698df730..3060afd1f8 100644 --- a/actionpack/lib/action_controller/api.rb +++ b/actionpack/lib/action_controller/api.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "action_view" require "action_controller" require "action_controller/log_subscriber" diff --git a/actionpack/lib/action_controller/api/api_rendering.rb b/actionpack/lib/action_controller/api/api_rendering.rb index 3a08d28c39..5ff11cf855 100644 --- a/actionpack/lib/action_controller/api/api_rendering.rb +++ b/actionpack/lib/action_controller/api/api_rendering.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController module ApiRendering extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 8c2b111f89..ff9e6702dc 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "action_view" require "action_controller/log_subscriber" require "action_controller/metal/params_wrapper" diff --git a/actionpack/lib/action_controller/caching.rb b/actionpack/lib/action_controller/caching.rb index 954265ad97..86c1194ce0 100644 --- a/actionpack/lib/action_controller/caching.rb +++ b/actionpack/lib/action_controller/caching.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController # \Caching is a cheap way of speeding up slow applications by keeping the result of # calculations, renderings, and database calls around for subsequent requests. diff --git a/actionpack/lib/action_controller/form_builder.rb b/actionpack/lib/action_controller/form_builder.rb index f2656ca894..f636c81829 100644 --- a/actionpack/lib/action_controller/form_builder.rb +++ b/actionpack/lib/action_controller/form_builder.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController # Override the default form builder for all views rendered by this # controller and any of its descendants. Accepts a subclass of diff --git a/actionpack/lib/action_controller/log_subscriber.rb b/actionpack/lib/action_controller/log_subscriber.rb index d00fcbcd13..a2abc2356f 100644 --- a/actionpack/lib/action_controller/log_subscriber.rb +++ b/actionpack/lib/action_controller/log_subscriber.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController class LogSubscriber < ActiveSupport::LogSubscriber INTERNAL_PARAMS = %w(controller action format _method only_path) diff --git a/actionpack/lib/action_controller/metal.rb b/actionpack/lib/action_controller/metal.rb index 96c708f45a..5d9983eb49 100644 --- a/actionpack/lib/action_controller/metal.rb +++ b/actionpack/lib/action_controller/metal.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "active_support/core_ext/array/extract_options" require "action_dispatch/middleware/stack" require "action_dispatch/http/request" diff --git a/actionpack/lib/action_controller/metal/basic_implicit_render.rb b/actionpack/lib/action_controller/metal/basic_implicit_render.rb index cef65a362c..b993a6afdf 100644 --- a/actionpack/lib/action_controller/metal/basic_implicit_render.rb +++ b/actionpack/lib/action_controller/metal/basic_implicit_render.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController module BasicImplicitRender # :nodoc: def send_action(method, *args) diff --git a/actionpack/lib/action_controller/metal/conditional_get.rb b/actionpack/lib/action_controller/metal/conditional_get.rb index 0525252c7c..cbf87d2ec9 100644 --- a/actionpack/lib/action_controller/metal/conditional_get.rb +++ b/actionpack/lib/action_controller/metal/conditional_get.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "active_support/core_ext/hash/keys" module ActionController diff --git a/actionpack/lib/action_controller/metal/cookies.rb b/actionpack/lib/action_controller/metal/cookies.rb index 44925641a1..6616d9665e 100644 --- a/actionpack/lib/action_controller/metal/cookies.rb +++ b/actionpack/lib/action_controller/metal/cookies.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController #:nodoc: module Cookies extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/metal/data_streaming.rb b/actionpack/lib/action_controller/metal/data_streaming.rb index 731e03e2fc..333efcf6aa 100644 --- a/actionpack/lib/action_controller/metal/data_streaming.rb +++ b/actionpack/lib/action_controller/metal/data_streaming.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "action_controller/metal/exceptions" module ActionController #:nodoc: diff --git a/actionpack/lib/action_controller/metal/etag_with_flash.rb b/actionpack/lib/action_controller/metal/etag_with_flash.rb index 7bd338bd7c..f5f9c6267a 100644 --- a/actionpack/lib/action_controller/metal/etag_with_flash.rb +++ b/actionpack/lib/action_controller/metal/etag_with_flash.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController # When you're using the flash, it's generally used as a conditional on the view. # This means the content of the view depends on the flash. Which in turn means diff --git a/actionpack/lib/action_controller/metal/etag_with_template_digest.rb b/actionpack/lib/action_controller/metal/etag_with_template_digest.rb index 69c3979a0e..4c563d5072 100644 --- a/actionpack/lib/action_controller/metal/etag_with_template_digest.rb +++ b/actionpack/lib/action_controller/metal/etag_with_template_digest.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController # When our views change, they should bubble up into HTTP cache freshness # and bust browser caches. So the template digest for the current action diff --git a/actionpack/lib/action_controller/metal/exceptions.rb b/actionpack/lib/action_controller/metal/exceptions.rb index 175dd9eb9e..9bff006e2b 100644 --- a/actionpack/lib/action_controller/metal/exceptions.rb +++ b/actionpack/lib/action_controller/metal/exceptions.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController class ActionControllerError < StandardError #:nodoc: end diff --git a/actionpack/lib/action_controller/metal/flash.rb b/actionpack/lib/action_controller/metal/flash.rb index 24d1097ebe..e0708a9421 100644 --- a/actionpack/lib/action_controller/metal/flash.rb +++ b/actionpack/lib/action_controller/metal/flash.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController #:nodoc: module Flash extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb index 73e67573ca..99daa20d1c 100644 --- a/actionpack/lib/action_controller/metal/force_ssl.rb +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "active_support/core_ext/hash/except" require "active_support/core_ext/hash/slice" diff --git a/actionpack/lib/action_controller/metal/head.rb b/actionpack/lib/action_controller/metal/head.rb index 0c50894bce..33a1e4d70f 100644 --- a/actionpack/lib/action_controller/metal/head.rb +++ b/actionpack/lib/action_controller/metal/head.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController module Head # Returns a response that has no content (merely headers). The options diff --git a/actionpack/lib/action_controller/metal/helpers.rb b/actionpack/lib/action_controller/metal/helpers.rb index 913a4b9a04..ad3aaf4232 100644 --- a/actionpack/lib/action_controller/metal/helpers.rb +++ b/actionpack/lib/action_controller/metal/helpers.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController # The \Rails framework provides a large number of helpers for working with assets, dates, forms, # numbers and model objects, to name a few. These helpers are available to all templates diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index d8bc895265..1d38e3504a 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "base64" require "active_support/security_utils" diff --git a/actionpack/lib/action_controller/metal/implicit_render.rb b/actionpack/lib/action_controller/metal/implicit_render.rb index eeb27f99f4..3cfbf01805 100644 --- a/actionpack/lib/action_controller/metal/implicit_render.rb +++ b/actionpack/lib/action_controller/metal/implicit_render.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController # Handles implicit rendering for a controller action that does not # explicitly respond with +render+, +respond_to+, +redirect+, or +head+. diff --git a/actionpack/lib/action_controller/metal/instrumentation.rb b/actionpack/lib/action_controller/metal/instrumentation.rb index 2485d27cec..d9be52bc71 100644 --- a/actionpack/lib/action_controller/metal/instrumentation.rb +++ b/actionpack/lib/action_controller/metal/instrumentation.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "benchmark" require "abstract_controller/logger" diff --git a/actionpack/lib/action_controller/metal/live.rb b/actionpack/lib/action_controller/metal/live.rb index a607ee2309..4bd59ea482 100644 --- a/actionpack/lib/action_controller/metal/live.rb +++ b/actionpack/lib/action_controller/metal/live.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "action_dispatch/http/response" require "delegate" require "active_support/json" diff --git a/actionpack/lib/action_controller/metal/mime_responds.rb b/actionpack/lib/action_controller/metal/mime_responds.rb index 96bd548268..ca4bb100d3 100644 --- a/actionpack/lib/action_controller/metal/mime_responds.rb +++ b/actionpack/lib/action_controller/metal/mime_responds.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "abstract_controller/collector" module ActionController #:nodoc: diff --git a/actionpack/lib/action_controller/metal/parameter_encoding.rb b/actionpack/lib/action_controller/metal/parameter_encoding.rb index ecc691619e..b16c2f636a 100644 --- a/actionpack/lib/action_controller/metal/parameter_encoding.rb +++ b/actionpack/lib/action_controller/metal/parameter_encoding.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController # Specify binary encoding for parameters for a given action. module ParameterEncoding diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb index 44151c9f71..86919aebf5 100644 --- a/actionpack/lib/action_controller/metal/params_wrapper.rb +++ b/actionpack/lib/action_controller/metal/params_wrapper.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "active_support/core_ext/hash/slice" require "active_support/core_ext/hash/except" require "active_support/core_ext/module/anonymous" diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb index fdfe82f96b..c021699b0d 100644 --- a/actionpack/lib/action_controller/metal/redirecting.rb +++ b/actionpack/lib/action_controller/metal/redirecting.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController module Redirecting extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/metal/renderers.rb b/actionpack/lib/action_controller/metal/renderers.rb index 23c21b0501..79314fa505 100644 --- a/actionpack/lib/action_controller/metal/renderers.rb +++ b/actionpack/lib/action_controller/metal/renderers.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "set" module ActionController diff --git a/actionpack/lib/action_controller/metal/rendering.rb b/actionpack/lib/action_controller/metal/rendering.rb index 67f207afc2..ff75c558ee 100644 --- a/actionpack/lib/action_controller/metal/rendering.rb +++ b/actionpack/lib/action_controller/metal/rendering.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "active_support/core_ext/string/filters" module ActionController diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 5051c02a62..0616840a56 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "rack/session/abstract/id" require "action_controller/metal/exceptions" require "active_support/security_utils" diff --git a/actionpack/lib/action_controller/metal/rescue.rb b/actionpack/lib/action_controller/metal/rescue.rb index 25757938f5..35e3cae985 100644 --- a/actionpack/lib/action_controller/metal/rescue.rb +++ b/actionpack/lib/action_controller/metal/rescue.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController #:nodoc: # This module is responsible for providing `rescue_from` helpers # to controllers and configuring when detailed exceptions must be diff --git a/actionpack/lib/action_controller/metal/streaming.rb b/actionpack/lib/action_controller/metal/streaming.rb index 58cf60ad2a..407ae95086 100644 --- a/actionpack/lib/action_controller/metal/streaming.rb +++ b/actionpack/lib/action_controller/metal/streaming.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "rack/chunked" module ActionController #:nodoc: diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index cd6a0c0b98..e0b521367e 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "active_support/core_ext/hash/indifferent_access" require "active_support/core_ext/hash/transform_values" require "active_support/core_ext/array/wrap" diff --git a/actionpack/lib/action_controller/metal/testing.rb b/actionpack/lib/action_controller/metal/testing.rb index 9bb416178a..4fd0fb40de 100644 --- a/actionpack/lib/action_controller/metal/testing.rb +++ b/actionpack/lib/action_controller/metal/testing.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController module Testing extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/metal/url_for.rb b/actionpack/lib/action_controller/metal/url_for.rb index 21ed5b4ec8..068ad00130 100644 --- a/actionpack/lib/action_controller/metal/url_for.rb +++ b/actionpack/lib/action_controller/metal/url_for.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController # Includes +url_for+ into the host class. The class has to provide a +RouteSet+ by implementing # the _routes method. Otherwise, an exception will be raised. diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index fadfc8de60..0eec7b383c 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "rails" require "action_controller" require "action_dispatch/railtie" diff --git a/actionpack/lib/action_controller/railties/helpers.rb b/actionpack/lib/action_controller/railties/helpers.rb index 3985c6b273..4417ebdedb 100644 --- a/actionpack/lib/action_controller/railties/helpers.rb +++ b/actionpack/lib/action_controller/railties/helpers.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController module Railties module Helpers diff --git a/actionpack/lib/action_controller/renderer.rb b/actionpack/lib/action_controller/renderer.rb index cbb719d8b2..c35a778d46 100644 --- a/actionpack/lib/action_controller/renderer.rb +++ b/actionpack/lib/action_controller/renderer.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "active_support/core_ext/hash/keys" module ActionController diff --git a/actionpack/lib/action_controller/template_assertions.rb b/actionpack/lib/action_controller/template_assertions.rb index 0179f4afcd..086c42fea7 100644 --- a/actionpack/lib/action_controller/template_assertions.rb +++ b/actionpack/lib/action_controller/template_assertions.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true module ActionController module TemplateAssertions def assert_template(options = {}, message = nil) diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index bc42d50205..9df9381be8 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true require "rack/session/abstract/id" require "active_support/core_ext/hash/conversions" require "active_support/core_ext/object/to_query" -- cgit v1.2.3 From e3e3a61b9b05c34b87e9d04bfb40cdd27f709b8f Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Sat, 1 Jul 2017 09:52:01 +0900 Subject: Fix format of `ActionController::Parameters#to_s` doc [ci skip] --- actionpack/lib/action_controller/metal/strong_parameters.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 3c16bde09c..a1b8b7cd6e 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -184,6 +184,7 @@ module ActionController # # :call-seq: # to_s() + # # Returns the content of the parameters as a string. ## -- cgit v1.2.3 From d1fe1dcf8ab1c0210a37c2a78c1ee52cf199a66d Mon Sep 17 00:00:00 2001 From: Akira Matsuda Date: Fri, 30 Jun 2017 14:13:13 +0900 Subject: [Action Controller] require => require_relative --- actionpack/lib/action_controller/api.rb | 2 +- actionpack/lib/action_controller/base.rb | 4 ++-- actionpack/lib/action_controller/metal/data_streaming.rb | 2 +- actionpack/lib/action_controller/metal/request_forgery_protection.rb | 2 +- actionpack/lib/action_controller/railtie.rb | 2 +- actionpack/lib/action_controller/test_case.rb | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/api.rb b/actionpack/lib/action_controller/api.rb index 94698df730..2bfa65021d 100644 --- a/actionpack/lib/action_controller/api.rb +++ b/actionpack/lib/action_controller/api.rb @@ -1,6 +1,6 @@ require "action_view" require "action_controller" -require "action_controller/log_subscriber" +require_relative "log_subscriber" module ActionController # API Controller is a lightweight version of ActionController::Base, diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 8c2b111f89..6e195fa359 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -1,6 +1,6 @@ require "action_view" -require "action_controller/log_subscriber" -require "action_controller/metal/params_wrapper" +require_relative "log_subscriber" +require_relative "metal/params_wrapper" module ActionController # Action Controllers are the core of a web request in \Rails. They are made up of one or more actions that are executed diff --git a/actionpack/lib/action_controller/metal/data_streaming.rb b/actionpack/lib/action_controller/metal/data_streaming.rb index 731e03e2fc..3dbdd4a1b6 100644 --- a/actionpack/lib/action_controller/metal/data_streaming.rb +++ b/actionpack/lib/action_controller/metal/data_streaming.rb @@ -1,4 +1,4 @@ -require "action_controller/metal/exceptions" +require_relative "exceptions" module ActionController #:nodoc: # Methods for sending arbitrary data and for streaming files to the browser, diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 5051c02a62..4468cbb2fc 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -1,5 +1,5 @@ require "rack/session/abstract/id" -require "action_controller/metal/exceptions" +require_relative "exceptions" require "active_support/security_utils" module ActionController #:nodoc: diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index fadfc8de60..054fe9e396 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -2,7 +2,7 @@ require "rails" require "action_controller" require "action_dispatch/railtie" require "abstract_controller/railties/routes_helpers" -require "action_controller/railties/helpers" +require_relative "railties/helpers" require "action_view/railtie" module ActionController diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index bc42d50205..9d8240e46d 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -4,7 +4,7 @@ require "active_support/core_ext/object/to_query" require "active_support/core_ext/module/anonymous" require "active_support/core_ext/hash/keys" require "active_support/testing/constant_lookup" -require "action_controller/template_assertions" +require_relative "template_assertions" require "rails-dom-testing" module ActionController -- cgit v1.2.3 From 87b3e226d65ac1ed371620bfdcd2f950c87cfece Mon Sep 17 00:00:00 2001 From: Matthew Draper Date: Sun, 2 Jul 2017 02:15:17 +0930 Subject: Revert "Merge pull request #29540 from kirs/rubocop-frozen-string" This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa. --- actionpack/lib/action_controller/api.rb | 1 - actionpack/lib/action_controller/api/api_rendering.rb | 1 - actionpack/lib/action_controller/base.rb | 1 - actionpack/lib/action_controller/caching.rb | 1 - actionpack/lib/action_controller/form_builder.rb | 1 - actionpack/lib/action_controller/log_subscriber.rb | 1 - actionpack/lib/action_controller/metal.rb | 1 - actionpack/lib/action_controller/metal/basic_implicit_render.rb | 1 - actionpack/lib/action_controller/metal/conditional_get.rb | 1 - actionpack/lib/action_controller/metal/cookies.rb | 1 - actionpack/lib/action_controller/metal/data_streaming.rb | 1 - actionpack/lib/action_controller/metal/etag_with_flash.rb | 1 - actionpack/lib/action_controller/metal/etag_with_template_digest.rb | 1 - actionpack/lib/action_controller/metal/exceptions.rb | 1 - actionpack/lib/action_controller/metal/flash.rb | 1 - actionpack/lib/action_controller/metal/force_ssl.rb | 1 - actionpack/lib/action_controller/metal/head.rb | 1 - actionpack/lib/action_controller/metal/helpers.rb | 1 - actionpack/lib/action_controller/metal/http_authentication.rb | 1 - actionpack/lib/action_controller/metal/implicit_render.rb | 1 - actionpack/lib/action_controller/metal/instrumentation.rb | 1 - actionpack/lib/action_controller/metal/live.rb | 1 - actionpack/lib/action_controller/metal/mime_responds.rb | 1 - actionpack/lib/action_controller/metal/parameter_encoding.rb | 1 - actionpack/lib/action_controller/metal/params_wrapper.rb | 1 - actionpack/lib/action_controller/metal/redirecting.rb | 1 - actionpack/lib/action_controller/metal/renderers.rb | 1 - actionpack/lib/action_controller/metal/rendering.rb | 1 - actionpack/lib/action_controller/metal/request_forgery_protection.rb | 1 - actionpack/lib/action_controller/metal/rescue.rb | 1 - actionpack/lib/action_controller/metal/streaming.rb | 1 - actionpack/lib/action_controller/metal/strong_parameters.rb | 1 - actionpack/lib/action_controller/metal/testing.rb | 1 - actionpack/lib/action_controller/metal/url_for.rb | 1 - actionpack/lib/action_controller/railtie.rb | 1 - actionpack/lib/action_controller/railties/helpers.rb | 1 - actionpack/lib/action_controller/renderer.rb | 1 - actionpack/lib/action_controller/template_assertions.rb | 1 - actionpack/lib/action_controller/test_case.rb | 1 - 39 files changed, 39 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/api.rb b/actionpack/lib/action_controller/api.rb index 3060afd1f8..94698df730 100644 --- a/actionpack/lib/action_controller/api.rb +++ b/actionpack/lib/action_controller/api.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "action_view" require "action_controller" require "action_controller/log_subscriber" diff --git a/actionpack/lib/action_controller/api/api_rendering.rb b/actionpack/lib/action_controller/api/api_rendering.rb index 5ff11cf855..3a08d28c39 100644 --- a/actionpack/lib/action_controller/api/api_rendering.rb +++ b/actionpack/lib/action_controller/api/api_rendering.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController module ApiRendering extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index ff9e6702dc..8c2b111f89 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "action_view" require "action_controller/log_subscriber" require "action_controller/metal/params_wrapper" diff --git a/actionpack/lib/action_controller/caching.rb b/actionpack/lib/action_controller/caching.rb index 86c1194ce0..954265ad97 100644 --- a/actionpack/lib/action_controller/caching.rb +++ b/actionpack/lib/action_controller/caching.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController # \Caching is a cheap way of speeding up slow applications by keeping the result of # calculations, renderings, and database calls around for subsequent requests. diff --git a/actionpack/lib/action_controller/form_builder.rb b/actionpack/lib/action_controller/form_builder.rb index f636c81829..f2656ca894 100644 --- a/actionpack/lib/action_controller/form_builder.rb +++ b/actionpack/lib/action_controller/form_builder.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController # Override the default form builder for all views rendered by this # controller and any of its descendants. Accepts a subclass of diff --git a/actionpack/lib/action_controller/log_subscriber.rb b/actionpack/lib/action_controller/log_subscriber.rb index 61f8adb2c1..5d75393897 100644 --- a/actionpack/lib/action_controller/log_subscriber.rb +++ b/actionpack/lib/action_controller/log_subscriber.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController class LogSubscriber < ActiveSupport::LogSubscriber INTERNAL_PARAMS = %w(controller action format _method only_path) diff --git a/actionpack/lib/action_controller/metal.rb b/actionpack/lib/action_controller/metal.rb index 5d9983eb49..96c708f45a 100644 --- a/actionpack/lib/action_controller/metal.rb +++ b/actionpack/lib/action_controller/metal.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "active_support/core_ext/array/extract_options" require "action_dispatch/middleware/stack" require "action_dispatch/http/request" diff --git a/actionpack/lib/action_controller/metal/basic_implicit_render.rb b/actionpack/lib/action_controller/metal/basic_implicit_render.rb index b993a6afdf..cef65a362c 100644 --- a/actionpack/lib/action_controller/metal/basic_implicit_render.rb +++ b/actionpack/lib/action_controller/metal/basic_implicit_render.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController module BasicImplicitRender # :nodoc: def send_action(method, *args) diff --git a/actionpack/lib/action_controller/metal/conditional_get.rb b/actionpack/lib/action_controller/metal/conditional_get.rb index cbf87d2ec9..0525252c7c 100644 --- a/actionpack/lib/action_controller/metal/conditional_get.rb +++ b/actionpack/lib/action_controller/metal/conditional_get.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "active_support/core_ext/hash/keys" module ActionController diff --git a/actionpack/lib/action_controller/metal/cookies.rb b/actionpack/lib/action_controller/metal/cookies.rb index 6616d9665e..44925641a1 100644 --- a/actionpack/lib/action_controller/metal/cookies.rb +++ b/actionpack/lib/action_controller/metal/cookies.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController #:nodoc: module Cookies extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/metal/data_streaming.rb b/actionpack/lib/action_controller/metal/data_streaming.rb index 333efcf6aa..731e03e2fc 100644 --- a/actionpack/lib/action_controller/metal/data_streaming.rb +++ b/actionpack/lib/action_controller/metal/data_streaming.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "action_controller/metal/exceptions" module ActionController #:nodoc: diff --git a/actionpack/lib/action_controller/metal/etag_with_flash.rb b/actionpack/lib/action_controller/metal/etag_with_flash.rb index f5f9c6267a..7bd338bd7c 100644 --- a/actionpack/lib/action_controller/metal/etag_with_flash.rb +++ b/actionpack/lib/action_controller/metal/etag_with_flash.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController # When you're using the flash, it's generally used as a conditional on the view. # This means the content of the view depends on the flash. Which in turn means diff --git a/actionpack/lib/action_controller/metal/etag_with_template_digest.rb b/actionpack/lib/action_controller/metal/etag_with_template_digest.rb index 4c563d5072..69c3979a0e 100644 --- a/actionpack/lib/action_controller/metal/etag_with_template_digest.rb +++ b/actionpack/lib/action_controller/metal/etag_with_template_digest.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController # When our views change, they should bubble up into HTTP cache freshness # and bust browser caches. So the template digest for the current action diff --git a/actionpack/lib/action_controller/metal/exceptions.rb b/actionpack/lib/action_controller/metal/exceptions.rb index 9bff006e2b..175dd9eb9e 100644 --- a/actionpack/lib/action_controller/metal/exceptions.rb +++ b/actionpack/lib/action_controller/metal/exceptions.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController class ActionControllerError < StandardError #:nodoc: end diff --git a/actionpack/lib/action_controller/metal/flash.rb b/actionpack/lib/action_controller/metal/flash.rb index e0708a9421..24d1097ebe 100644 --- a/actionpack/lib/action_controller/metal/flash.rb +++ b/actionpack/lib/action_controller/metal/flash.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController #:nodoc: module Flash extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb index 99daa20d1c..73e67573ca 100644 --- a/actionpack/lib/action_controller/metal/force_ssl.rb +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "active_support/core_ext/hash/except" require "active_support/core_ext/hash/slice" diff --git a/actionpack/lib/action_controller/metal/head.rb b/actionpack/lib/action_controller/metal/head.rb index 33a1e4d70f..0c50894bce 100644 --- a/actionpack/lib/action_controller/metal/head.rb +++ b/actionpack/lib/action_controller/metal/head.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController module Head # Returns a response that has no content (merely headers). The options diff --git a/actionpack/lib/action_controller/metal/helpers.rb b/actionpack/lib/action_controller/metal/helpers.rb index ad3aaf4232..913a4b9a04 100644 --- a/actionpack/lib/action_controller/metal/helpers.rb +++ b/actionpack/lib/action_controller/metal/helpers.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController # The \Rails framework provides a large number of helpers for working with assets, dates, forms, # numbers and model objects, to name a few. These helpers are available to all templates diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 1d38e3504a..d8bc895265 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "base64" require "active_support/security_utils" diff --git a/actionpack/lib/action_controller/metal/implicit_render.rb b/actionpack/lib/action_controller/metal/implicit_render.rb index 3cfbf01805..eeb27f99f4 100644 --- a/actionpack/lib/action_controller/metal/implicit_render.rb +++ b/actionpack/lib/action_controller/metal/implicit_render.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController # Handles implicit rendering for a controller action that does not # explicitly respond with +render+, +respond_to+, +redirect+, or +head+. diff --git a/actionpack/lib/action_controller/metal/instrumentation.rb b/actionpack/lib/action_controller/metal/instrumentation.rb index d9be52bc71..2485d27cec 100644 --- a/actionpack/lib/action_controller/metal/instrumentation.rb +++ b/actionpack/lib/action_controller/metal/instrumentation.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "benchmark" require "abstract_controller/logger" diff --git a/actionpack/lib/action_controller/metal/live.rb b/actionpack/lib/action_controller/metal/live.rb index 4bd59ea482..a607ee2309 100644 --- a/actionpack/lib/action_controller/metal/live.rb +++ b/actionpack/lib/action_controller/metal/live.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "action_dispatch/http/response" require "delegate" require "active_support/json" diff --git a/actionpack/lib/action_controller/metal/mime_responds.rb b/actionpack/lib/action_controller/metal/mime_responds.rb index ca4bb100d3..96bd548268 100644 --- a/actionpack/lib/action_controller/metal/mime_responds.rb +++ b/actionpack/lib/action_controller/metal/mime_responds.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "abstract_controller/collector" module ActionController #:nodoc: diff --git a/actionpack/lib/action_controller/metal/parameter_encoding.rb b/actionpack/lib/action_controller/metal/parameter_encoding.rb index b16c2f636a..ecc691619e 100644 --- a/actionpack/lib/action_controller/metal/parameter_encoding.rb +++ b/actionpack/lib/action_controller/metal/parameter_encoding.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController # Specify binary encoding for parameters for a given action. module ParameterEncoding diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb index 86919aebf5..44151c9f71 100644 --- a/actionpack/lib/action_controller/metal/params_wrapper.rb +++ b/actionpack/lib/action_controller/metal/params_wrapper.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "active_support/core_ext/hash/slice" require "active_support/core_ext/hash/except" require "active_support/core_ext/module/anonymous" diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb index c021699b0d..fdfe82f96b 100644 --- a/actionpack/lib/action_controller/metal/redirecting.rb +++ b/actionpack/lib/action_controller/metal/redirecting.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController module Redirecting extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/metal/renderers.rb b/actionpack/lib/action_controller/metal/renderers.rb index 79314fa505..23c21b0501 100644 --- a/actionpack/lib/action_controller/metal/renderers.rb +++ b/actionpack/lib/action_controller/metal/renderers.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "set" module ActionController diff --git a/actionpack/lib/action_controller/metal/rendering.rb b/actionpack/lib/action_controller/metal/rendering.rb index ff75c558ee..67f207afc2 100644 --- a/actionpack/lib/action_controller/metal/rendering.rb +++ b/actionpack/lib/action_controller/metal/rendering.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "active_support/core_ext/string/filters" module ActionController diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 0616840a56..5051c02a62 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "rack/session/abstract/id" require "action_controller/metal/exceptions" require "active_support/security_utils" diff --git a/actionpack/lib/action_controller/metal/rescue.rb b/actionpack/lib/action_controller/metal/rescue.rb index 35e3cae985..25757938f5 100644 --- a/actionpack/lib/action_controller/metal/rescue.rb +++ b/actionpack/lib/action_controller/metal/rescue.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController #:nodoc: # This module is responsible for providing `rescue_from` helpers # to controllers and configuring when detailed exceptions must be diff --git a/actionpack/lib/action_controller/metal/streaming.rb b/actionpack/lib/action_controller/metal/streaming.rb index 407ae95086..58cf60ad2a 100644 --- a/actionpack/lib/action_controller/metal/streaming.rb +++ b/actionpack/lib/action_controller/metal/streaming.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "rack/chunked" module ActionController #:nodoc: diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 6f57a3d626..a1b8b7cd6e 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "active_support/core_ext/hash/indifferent_access" require "active_support/core_ext/hash/transform_values" require "active_support/core_ext/array/wrap" diff --git a/actionpack/lib/action_controller/metal/testing.rb b/actionpack/lib/action_controller/metal/testing.rb index 4fd0fb40de..9bb416178a 100644 --- a/actionpack/lib/action_controller/metal/testing.rb +++ b/actionpack/lib/action_controller/metal/testing.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController module Testing extend ActiveSupport::Concern diff --git a/actionpack/lib/action_controller/metal/url_for.rb b/actionpack/lib/action_controller/metal/url_for.rb index 068ad00130..21ed5b4ec8 100644 --- a/actionpack/lib/action_controller/metal/url_for.rb +++ b/actionpack/lib/action_controller/metal/url_for.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController # Includes +url_for+ into the host class. The class has to provide a +RouteSet+ by implementing # the _routes method. Otherwise, an exception will be raised. diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index 0eec7b383c..fadfc8de60 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "rails" require "action_controller" require "action_dispatch/railtie" diff --git a/actionpack/lib/action_controller/railties/helpers.rb b/actionpack/lib/action_controller/railties/helpers.rb index 4417ebdedb..3985c6b273 100644 --- a/actionpack/lib/action_controller/railties/helpers.rb +++ b/actionpack/lib/action_controller/railties/helpers.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController module Railties module Helpers diff --git a/actionpack/lib/action_controller/renderer.rb b/actionpack/lib/action_controller/renderer.rb index c35a778d46..cbb719d8b2 100644 --- a/actionpack/lib/action_controller/renderer.rb +++ b/actionpack/lib/action_controller/renderer.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "active_support/core_ext/hash/keys" module ActionController diff --git a/actionpack/lib/action_controller/template_assertions.rb b/actionpack/lib/action_controller/template_assertions.rb index 086c42fea7..0179f4afcd 100644 --- a/actionpack/lib/action_controller/template_assertions.rb +++ b/actionpack/lib/action_controller/template_assertions.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true module ActionController module TemplateAssertions def assert_template(options = {}, message = nil) diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index 9df9381be8..bc42d50205 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -1,4 +1,3 @@ -# frozen_string_literal: true require "rack/session/abstract/id" require "active_support/core_ext/hash/conversions" require "active_support/core_ext/object/to_query" -- cgit v1.2.3 From 4c8332c2963a33cef5d75fdcaabb65b8947fbfcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 4 Jul 2017 15:32:26 -0400 Subject: Load the Parameters configurations on the right time We need to configure it only when ActionController::Base is loaded otherwise configs on initializers will not work. Closes #29527. --- actionpack/lib/action_controller/railtie.rb | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index 054fe9e396..eab0f11c52 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -22,13 +22,14 @@ module ActionController initializer "action_controller.parameters_config" do |app| options = app.config.action_controller - ActionController::Parameters.permit_all_parameters = options.delete(:permit_all_parameters) { false } - if app.config.action_controller[:always_permitted_parameters] - ActionController::Parameters.always_permitted_parameters = - app.config.action_controller.delete(:always_permitted_parameters) - end - ActionController::Parameters.action_on_unpermitted_parameters = options.delete(:action_on_unpermitted_parameters) do - (Rails.env.test? || Rails.env.development?) ? :log : false + ActiveSupport.on_load(:action_controller) do + ActionController::Parameters.permit_all_parameters = options.delete(:permit_all_parameters) { false } + if app.config.action_controller[:always_permitted_parameters] + ActionController::Parameters.always_permitted_parameters = + app.config.action_controller.delete(:always_permitted_parameters) + end + ActionController::Parameters.action_on_unpermitted_parameters = options.delete(:action_on_unpermitted_parameters) do + (Rails.env.test? || Rails.env.development?) ? :log : false end end -- cgit v1.2.3 From 9b3054384b3233c6be4284779010997ab7bc15b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 4 Jul 2017 16:09:00 -0400 Subject: Fix end --- actionpack/lib/action_controller/railtie.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index eab0f11c52..31db7518f1 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -30,6 +30,7 @@ module ActionController end ActionController::Parameters.action_on_unpermitted_parameters = options.delete(:action_on_unpermitted_parameters) do (Rails.env.test? || Rails.env.development?) ? :log : false + end end end -- cgit v1.2.3 From ec4a836919c021c0a5cf9ebeebb4db5e02104a55 Mon Sep 17 00:00:00 2001 From: Lisa Ugray Date: Mon, 10 Jul 2017 11:12:45 -0400 Subject: Protect from forgery by default Rather than protecting from forgery in the generated ApplicationController, add it to ActionController::Base by config. This configuration defaults to false to support older versions which have removed it from their ApplicationController, but is set to true for Rails 5.2. --- .../lib/action_controller/metal/request_forgery_protection.rb | 4 ++++ actionpack/lib/action_controller/railtie.rb | 8 ++++++++ 2 files changed, 12 insertions(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 4468cbb2fc..117dee2219 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -85,6 +85,10 @@ module ActionController #:nodoc: config_accessor :per_form_csrf_tokens self.per_form_csrf_tokens = false + # Controls whether forgery protection is enabled by default. + config_accessor :default_protect_from_forgery + self.default_protect_from_forgery = false + helper_method :form_authenticity_token helper_method :protect_against_forgery? end diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index 31db7518f1..1c1cd58732 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -69,5 +69,13 @@ module ActionController config.compile_methods! if config.respond_to?(:compile_methods!) end end + + initializer "action_controller.request_forgery_protection" do |app| + ActiveSupport.on_load(:action_controller_base) do + if app.config.action_controller.default_protect_from_forgery + protect_from_forgery with: :exception + end + end + end end end -- cgit v1.2.3 From 73b944eca721be750e1263c15d221f153d1396d0 Mon Sep 17 00:00:00 2001 From: Lisa Ugray Date: Mon, 10 Jul 2017 15:44:12 -0400 Subject: Add ActionController::Base.skip_forgery_protection Since we now default to `protect_from_forgery with: :exception`, provide a wrapper to `skip_before_action :verify_authenticity_token` for disabling forgery protection. --- .../lib/action_controller/metal/request_forgery_protection.rb | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 117dee2219..027dae60fa 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -132,6 +132,15 @@ module ActionController #:nodoc: append_after_action :verify_same_origin_request end + # Turn off request forgery protection. This is a wrapper for: + # + # skip_before_action :verify_authenticity_token + # + # See +skip_before_action+ for allowed options. + def skip_forgery_protection(options = {}) + skip_before_action :verify_authenticity_token, options + end + private def protection_method_class(name) -- cgit v1.2.3