From 986c1a6240b412b89b8210a87fa64fb6981696a4 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Sun, 22 Oct 2006 23:54:41 +0000 Subject: Deprecated UrlHelper#link_to_image and UrlHelper#link_to :post => true (closes #6409) [BobSilva] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5338 5ecf4fe2-1ee6-0310-87b1-e25e094e27de --- actionpack/lib/action_view/helpers/url_helper.rb | 247 ++++++++++++++--------- 1 file changed, 154 insertions(+), 93 deletions(-) (limited to 'actionpack/lib/action_view/helpers/url_helper.rb') diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index 4f52a018a7..d78deb0b5a 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -1,22 +1,21 @@ require File.dirname(__FILE__) + '/javascript_helper' module ActionView - module Helpers - # Provides a set of methods for making easy links and getting urls that depend on the controller and action. This means that - # you can use the same format for links in the views that you do in the controller. The different methods are even named - # synchronously, so link_to uses that same url as is generated by url_for, which again is the same url used for - # redirection in redirect_to. + module Helpers #:nodoc: + # Provides a set of methods for making easy links and getting urls that + # depend on the controller and action. This means that you can use the + # same format for links in the views that you do in the controller. module UrlHelper include JavaScriptHelper - # Returns the URL for the set of +options+ provided. This takes the same options - # as url_for. For a list, see the documentation for ActionController::Base#url_for. - # Note that it'll set :only_path => true so you'll get /controller/action instead of the - # http://example.com/controller/action part (makes it harder to parse httpd log files) - # - # When called from a view, url_for returns an HTML escaped url. If you need an unescaped - # url, pass :escape => false to url_for. - # + # Returns the URL for the set of +options+ provided. This takes the + # same options as url_for in action controller. For a list, see the + # documentation for ActionController::Base#url_for. Note that it'll + # set :only_path => true so you'll get the relative /controller/action + # instead of the fully qualified http://example.com/controller/action. + # + # When called from a view, url_for returns an HTML escaped url. If you + # need an unescaped url, pass :escape => false in the +options+. def url_for(options = {}, *parameters_for_method_reference) if options.kind_of? Hash options = { :only_path => true }.update(options.symbolize_keys) @@ -29,27 +28,41 @@ module ActionView escape ? html_escape(url) : url end - # Creates a link tag of the given +name+ using an URL created by the set of +options+. See the valid options in - # the documentation for ActionController::Base#url_for. It's also possible to pass a string instead of an options hash to - # get a link tag that just points without consideration. If nil is passed as a name, the link itself will become the name. + # Creates a link tag of the given +name+ using a URL created by the set + # of +options+. See the valid options in the documentation for + # ActionController::Base#url_for. It's also possible to pass a string instead + # of an options hash to get a link tag that uses the value of the string as the + # href for the link. If nil is passed as a name, the link itself will become + # the name. # - # The html_options has three special features. One for creating javascript confirm alerts where if you pass :confirm => 'Are you sure?', - # the link will be guarded with a JS popup asking that question. If the user accepts, the link is processed, otherwise not. + # The +html_options+ will accept a hash of html attributes for the link tag. + # It also accepts 3 modifiers that specialize the link behavior. # - # Another for creating a popup window, which is done by either passing :popup with true or the options of the window in - # Javascript form. + # * :confirm => 'question?': This will add a JavaScript confirm + # prompt with the question specified. If the user accepts, the link is + # processed normally, otherwise no action is taken. + # * :popup => true || array of window options: This will force the + # link to open in a popup window. By passing true, a default browser window + # will be opened with the URL. You can also specify an array of options + # that are passed-thru to JavaScripts window.open method. + # * :method => symbol of HTTP verb: This modifier will dynamically + # create an HTML form and immediately submit the form for processing using + # the HTTP verb specified. Useful for having links perform a POST operation + # in dangerous actions like deleting a record (which search bots can follow + # while spidering your site). Supported verbs are :post, :delete and :put. + # Note that if the user has JavaScript disabled, the request will fall back + # to using GET. If you are relying on the POST behavior, your should check + # for it in your controllers action by using the request objects methods + # for post?, delete? or put?. # - # And a third for making the link do a non-GET request through a dynamically added form element that is instantly submitted. - # Note that if the user has turned off Javascript, the request will fall back on the GET. So its - # your responsibility to determine what the action should be once it arrives at the controller. The form is turned on by - # passing :method with the option of either :post, :delete, or :put as the value. Usually only :post or :delete will make sense, though. - # Note, it's not possible to use method request and popup targets at the same time (an exception will be thrown). + # You can mix and match the +html_options+ with the exception of + # :popup and :method which will raise an ActionView::ActionViewError + # exception. # - # Examples: - # link_to "Delete this page", { :action => "destroy", :id => @page.id }, :confirm => "Are you sure?" + # link_to "Visit Other Site", "http://www.rubyonrails.org/", :confirm => "Are you sure?" # link_to "Help", { :action => "help" }, :popup => true - # link_to "Busy loop", { :action => "busy" }, :popup => ['new_window', 'height=300,width=600'] - # link_to "Destroy account", { :action => "destroy" }, :confirm => "Are you sure?", :method => :delete + # link_to "View Image", { :action => "view" }, :popup => ['new_window_name', 'height=300,width=600'] + # link_to "Delete Image", { :action => "delete", :id => @image.id }, :confirm => "Are you sure?", :method => :delete def link_to(name, options = {}, html_options = nil, *parameters_for_method_reference) if html_options html_options = html_options.stringify_keys @@ -63,57 +76,46 @@ module ActionView "#{name || url}" end - # Generates a form containing a sole button that submits to the - # URL given by _options_. Use this method instead of +link_to+ - # for actions that do not have the safe HTTP GET semantics - # implied by using a hypertext link. - # - # The parameters are the same as for +link_to+. Any _html_options_ - # that you pass will be applied to the inner +input+ element. - # In particular, pass - # - # :disabled => true/false - # - # as part of _html_options_ to control whether the button is - # disabled. The generated form element is given the class - # 'button-to', to which you can attach CSS styles for display - # purposes. + # Generates a form containing a single button that submits to the URL created + # by the set of +options+. This is the safest method to ensure links that + # cause changes to your data are not triggered by search bots or accelerators. + # If the HTML button does not work with your layout, you can also consider + # using the link_to method with the :method modifier as described in + # the link_to documentation. # - # Example 1: + # The generated FORM element has a class name of button-to + # to allow styling of the form itself and its children. You can control + # the form submission and input element behavior using +html_options+. + # This method accepts the :method and :confirm modifiers + # described in the link_to documentation. If no :method modifier + # is given, it will default to performing a POST operation. You can also + # disable the button by passing :disabled => true in +html_options+. # - # # inside of controller for "feeds" - # button_to "Edit", :action => 'edit', :id => 3 + # button_to "New", :action => "new" # - # Generates the following HTML (sans formatting): + # Generates the following HTML: # - #
- #
+ # + #
#
# - # Example 2: + # If you are using RESTful routes, you can pass the :method + # to change the HTTP verb used to submit the form. # - # button_to "Destroy", { :action => 'destroy', :id => 3 }, + # button_to "Delete Image", { :action => "delete", :id => @image.id }, # :confirm => "Are you sure?", :method => :delete # - # Generates the following HTML (sans formatting): + # Which generates the following HTML: # - #
+ # #
# # + # value="Delete" type="submit" /> #
#
- # - # *NOTE*: This method generates HTML code that represents a form. - # Forms are "block" content, which means that you should not try to - # insert them into your HTML where only inline content is expected. - # For example, you can legally insert a form inside of a +div+ or - # +td+ element or in between +p+ elements, but not in the middle of - # a run of text, nor can you place a form within another form. - # (Bottom line: Always validate your HTML before going public.) - def button_to(name, options = {}, html_options = nil) - html_options = (html_options || {}).stringify_keys + def button_to(name, options = {}, html_options = {}) + html_options = html_options.stringify_keys convert_boolean_attributes!(html_options, %w( disabled )) method_tag = '' @@ -127,7 +129,7 @@ module ActionView html_options["onclick"] = "return #{confirm_javascript_function(confirm)};" end - url = options.is_a?(String) ? options : url_for(options) + url = options.is_a?(String) ? options : self.url_for(options) name ||= url html_options.merge!("type" => "submit", "value" => name) @@ -137,7 +139,9 @@ module ActionView end - # This tag is deprecated. Combine the link_to and AssetTagHelper::image_tag yourself instead, like: + # DEPRECATED. It is reccommended to use the AssetTagHelper::image_tag within + # a link_to method to generate a linked image. + # # link_to(image_tag("rss", :size => "30x45", :border => 0), "http://www.example.com") def link_image_to(src, options = {}, html_options = {}, *parameters_for_method_reference) image_options = { "src" => src.include?("/") ? src : "/images/#{src}" } @@ -169,18 +173,41 @@ module ActionView link_to(tag("img", image_options), options, html_options, *parameters_for_method_reference) end - alias_method :link_to_image, :link_image_to # deprecated name + alias_method :link_to_image, :link_image_to + deprecate :link_image_to - # Creates a link tag of the given +name+ using an URL created by the set of +options+, unless the current - # request uri is the same as the link's, in which case only the name is returned (or the - # given block is yielded, if one exists). This is useful for creating link bars where you don't want to link - # to the page currently being viewed. + # Creates a link tag of the given +name+ using a URL created by the set of + # +options+ unless the current request uri is the same as the links, in + # which case only the name is returned (or the given block is yielded, if + # one exists). Refer to the documentation for link_to_unless for block usage. + # + # + # + # This will render the following HTML when on the about us page: + # + # def link_to_unless_current(name, options = {}, html_options = {}, *parameters_for_method_reference, &block) link_to_unless current_page?(options), name, options, html_options, *parameters_for_method_reference, &block end - # Create a link tag of the given +name+ using an URL created by the set of +options+, unless +condition+ - # is true, in which case only the name is returned (or the given block is yielded, if one exists). + # Creates a link tag of the given +name+ using a URL created by the set of + # +options+ unless +condition+ is true, in which case only the name is + # returned. To specialize the default behavior, you can pass a block that + # accepts the name or the full argument list for link_to_unless (see the example). + # + # <%= link_to_unless(@current_user.nil?, "Reply", { :action => "reply" }) %> + # + # This example uses a block to modify the link if the condition isn't met. + # + # <%= link_to_unless(@current_user.nil?, "Reply", { :action => "reply" }) do |name| + # link_to(name, { :controller => "accounts", :action => "signup" }) + # end %> def link_to_unless(condition, name, options = {}, html_options = {}, *parameters_for_method_reference, &block) if condition if block_given? @@ -193,30 +220,56 @@ module ActionView end end - # Create a link tag of the given +name+ using an URL created by the set of +options+, if +condition+ - # is true, in which case only the name is returned (or the given block is yielded, if one exists). + # Creates a link tag of the given +name+ using a URL created by the set of + # +options+ if +condition+ is true, in which case only the name is + # returned. To specialize the default behavior, you can pass a block that + # accepts the name or the full argument list for link_to_unless (see the examples + # in link_to_unless). def link_to_if(condition, name, options = {}, html_options = {}, *parameters_for_method_reference, &block) link_to_unless !condition, name, options, html_options, *parameters_for_method_reference, &block end - # Creates a link tag for starting an email to the specified email_address, which is also used as the name of the - # link unless +name+ is specified. Additional HTML options, such as class or id, can be passed in the html_options hash. + # Creates a mailto link tag to the specified +email_address+, which is + # also used as the name of the link unless +name+ is specified. Additional + # html attributes for the link can be passed in +html_options+. + # + # mail_to has several methods for hindering email harvestors and customizing + # the email itself by passing special keys to +html_options+. + # + # Special HTML Options: + # + # * :encode - This key will accept the strings "javascript" or "hex". + # Passing "javascript" will dynamically create and encode the mailto: link then + # eval it into the DOM of the page. This method will not show the link on + # the page if the user has JavaScript disabled. Passing "hex" will hex + # encode the +email_address+ before outputting the mailto: link. + # * :replace_at - When the link +name+ isn't provided, the + # +email_address+ is used for the link label. You can use this option to + # obfuscate the +email_address+ by substituting the @ sign with the string + # given as the value. + # * :replace_dot - When the link +name+ isn't provided, the + # +email_address+ is used for the link label. You can use this option to + # obfuscate the +email_address+ by substituting the . in the email with the + # string given as the value. + # * :subject - Preset the subject line of the email. + # * :body - Preset the body of the email. + # * :cc - Carbon Copy addition recipients on the email. + # * :bcc - Blind Carbon Copy additional recipients on the email. # - # You can also make it difficult for spiders to harvest email address by obfuscating them. # Examples: + # mail_to "me@domain.com" # => me@domain.com # mail_to "me@domain.com", "My email", :encode => "javascript" # => - # + # # # mail_to "me@domain.com", "My email", :encode => "hex" # => # My email # - # You can also specify the cc address, bcc address, subject, and body parts of the message header to create a complex e-mail using the - # corresponding +cc+, +bcc+, +subject+, and +body+ html_options keys. Each of these options are URI escaped and then appended to - # the email_address before being output. Be aware that javascript keywords will not be escaped and may break this feature - # when encoding with javascript. - # Examples: - # mail_to "me@domain.com", "My email", :cc => "ccaddress@domain.com", :bcc => "bccaddress@domain.com", :subject => "This is an example email", :body => "This is the body of the message." # => - # My email + # mail_to "me@domain.com", nil, :replace_at => "_at_", :replace_dot => "_dot_", :class => "email" # => + # me_at_domain_dot_com + # + # mail_to "me@domain.com", "My email", :cc => "ccaddress@domain.com", + # :subject => "This is an example email" # => + # My email def mail_to(email_address, name = nil, html_options = {}) html_options = html_options.stringify_keys encode = html_options.delete("encode") @@ -230,17 +283,19 @@ module ActionView extras << "subject=#{CGI.escape(subject).gsub("+", "%20")}&" unless subject.nil? extras = "?" << extras.gsub!(/&?$/,"") unless extras.empty? + email_address = email_address.to_s + email_address_obfuscated = email_address.dup email_address_obfuscated.gsub!(/@/, html_options.delete("replace_at")) if html_options.has_key?("replace_at") email_address_obfuscated.gsub!(/\./, html_options.delete("replace_dot")) if html_options.has_key?("replace_dot") - if encode == 'javascript' - tmp = "document.write('#{content_tag("a", name || email_address, html_options.merge({ "href" => "mailto:"+email_address.to_s+extras }))}');" + if encode == "javascript" + tmp = "document.write('#{content_tag("a", name || email_address, html_options.merge({ "href" => "mailto:"+email_address+extras }))}');" for i in 0...tmp.length string << sprintf("%%%x",tmp[i]) end "" - elsif encode == 'hex' + elsif encode == "hex" for i in 0...email_address.length if email_address[i,1] =~ /\w/ string << sprintf("%%%x",email_address[i]) @@ -254,9 +309,9 @@ module ActionView end end - # Returns true if the current page uri is generated by the options passed (in url_for format). + # Returns true if the current page uri is generated by the +options+ passed. def current_page?(options) - CGI.escapeHTML(url_for(options)) == @controller.request.request_uri + CGI.escapeHTML(self.url_for(options)) == @controller.request.request_uri end private @@ -265,7 +320,13 @@ module ActionView # post is deprecated, but if its specified and method is not, assume that method = :post method, post = html_options.delete("method"), html_options.delete("post") - method = :post if !method && post + if !method && post + ActiveSupport::Deprecation.warn( + "Passing :post as a link modifier is deprecated. " + + "Use :method => \"post\" instead. :post will be removed in Rails 2.0." + ) + method = :post + end html_options["onclick"] = case when popup && method -- cgit v1.2.3