From 23ad1eff0dab4079b7bc68f71df537fc85582d05 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 4 Feb 2010 09:29:18 -0800
Subject: Rationalize railtie dependencies: AC uses AV; AR uses AMo; and Rails
 always uses AS.

---
 actionpack/lib/action_controller/railtie.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb
index 9151de4462..55a5c22ac0 100644
--- a/actionpack/lib/action_controller/railtie.rb
+++ b/actionpack/lib/action_controller/railtie.rb
@@ -1,5 +1,6 @@
 require "action_controller"
 require "rails"
+require "action_view/railtie"
 
 module ActionController
   class Railtie < Rails::Railtie
-- 
cgit v1.2.3


From 78de17cf7095af8e86d192af8d8fbe21e6f193d9 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 4 Feb 2010 14:15:16 -0800
Subject: Expose CSRF tag for UJS adapters

---
 actionpack/lib/action_view/helpers.rb                    |  2 ++
 actionpack/lib/action_view/helpers/csrf_helper.rb        | 12 ++++++++++++
 .../test/controller/request_forgery_protection_test.rb   | 16 +++++++++++++++-
 3 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 actionpack/lib/action_view/helpers/csrf_helper.rb

(limited to 'actionpack')

diff --git a/actionpack/lib/action_view/helpers.rb b/actionpack/lib/action_view/helpers.rb
index ceb0e18d80..b4f649385a 100644
--- a/actionpack/lib/action_view/helpers.rb
+++ b/actionpack/lib/action_view/helpers.rb
@@ -7,6 +7,7 @@ module ActionView #:nodoc:
     autoload :AtomFeedHelper, 'action_view/helpers/atom_feed_helper'
     autoload :CacheHelper, 'action_view/helpers/cache_helper'
     autoload :CaptureHelper, 'action_view/helpers/capture_helper'
+    autoload :CsrfHelper, 'action_view/helpers/csrf_helper'
     autoload :DateHelper, 'action_view/helpers/date_helper'
     autoload :DebugHelper, 'action_view/helpers/debug_helper'
     autoload :FormHelper, 'action_view/helpers/form_helper'
@@ -40,6 +41,7 @@ module ActionView #:nodoc:
     include AtomFeedHelper
     include CacheHelper
     include CaptureHelper
+    include CsrfHelper
     include DateHelper
     include DebugHelper
     include FormHelper
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb
new file mode 100644
index 0000000000..2d6af52180
--- /dev/null
+++ b/actionpack/lib/action_view/helpers/csrf_helper.rb
@@ -0,0 +1,12 @@
+module ActionView
+  module Helpers
+    module CsrfHelper
+      # Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
+      def csrf_meta_tag
+        if protect_against_forgery?
+          %(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
+        end
+      end
+    end
+  end
+end
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index b2a0e2e2a3..55c21bc84a 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -15,13 +15,17 @@ module RequestForgeryProtectionActions
     render :text => 'pwn'
   end
 
+  def meta
+    render :inline => "<%= csrf_meta_tag %>"
+  end
+
   def rescue_action(e) raise e end
 end
 
 # sample controllers
 class RequestForgeryProtectionController < ActionController::Base
   include RequestForgeryProtectionActions
-  protect_from_forgery :only => :index
+  protect_from_forgery :only => %w(index meta)
 end
 
 class FreeCookieController < RequestForgeryProtectionController
@@ -211,6 +215,11 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase
     ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
     ActionController::Base.request_forgery_protection_token = :authenticity_token
   end
+
+  test 'should emit a csrf-token meta tag' do
+    get :meta
+    assert_equal %(<meta name="csrf-token" content="#{@token}"/>), @response.body
+  end
 end
 
 class FreeCookieControllerTest < ActionController::TestCase
@@ -238,6 +247,11 @@ class FreeCookieControllerTest < ActionController::TestCase
       assert_nothing_raised { send(method, :index)}
     end
   end
+
+  test 'should not emit a csrf-token meta tag' do
+    get :meta
+    assert @response.body.blank?
+  end
 end
 
 class CustomAuthenticityParamControllerTest < ActionController::TestCase
-- 
cgit v1.2.3


From 2191aa47acc0a560366c8c09fa9635602cff5f07 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 4 Feb 2010 15:26:24 -0800
Subject: Expose CSRF param name also

---
 actionpack/lib/action_view/helpers/csrf_helper.rb             | 2 +-
 actionpack/test/controller/request_forgery_protection_test.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb
index 2d6af52180..6f98bd4573 100644
--- a/actionpack/lib/action_view/helpers/csrf_helper.rb
+++ b/actionpack/lib/action_view/helpers/csrf_helper.rb
@@ -4,7 +4,7 @@ module ActionView
       # Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
       def csrf_meta_tag
         if protect_against_forgery?
-          %(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
+          %(<meta name="csrf-param" content="#{Rack::Utils.escape(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
         end
       end
     end
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 55c21bc84a..77d07d8eeb 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -218,7 +218,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase
 
   test 'should emit a csrf-token meta tag' do
     get :meta
-    assert_equal %(<meta name="csrf-token" content="#{@token}"/>), @response.body
+    assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body
   end
 end
 
-- 
cgit v1.2.3


From 3062bc70eff68397a00fc652e8eee4ae8089e0a2 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 4 Feb 2010 17:45:43 -0800
Subject: HTML-escape csrf meta contents

---
 actionpack/lib/action_view/helpers/csrf_helper.rb             | 2 +-
 actionpack/test/controller/request_forgery_protection_test.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb
index 6f98bd4573..41c6b67f91 100644
--- a/actionpack/lib/action_view/helpers/csrf_helper.rb
+++ b/actionpack/lib/action_view/helpers/csrf_helper.rb
@@ -4,7 +4,7 @@ module ActionView
       # Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
       def csrf_meta_tag
         if protect_against_forgery?
-          %(<meta name="csrf-param" content="#{Rack::Utils.escape(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
+          %(<meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/>).html_safe
         end
       end
     end
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 77d07d8eeb..c38ffad748 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -210,7 +210,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase
     @request    = ActionController::TestRequest.new
     @request.format = :html
     @response   = ActionController::TestResponse.new
-    @token      = "cf50faa3fe97702ca1ae"
+    @token      = "cf50faa3fe97702ca1a/=?"
 
     ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
     ActionController::Base.request_forgery_protection_token = :authenticity_token
@@ -227,7 +227,7 @@ class FreeCookieControllerTest < ActionController::TestCase
     @controller = FreeCookieController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
-    @token      = "cf50faa3fe97702ca1ae"
+    @token      = "cf50faa3fe97702ca1a/=?"
 
     ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
   end
-- 
cgit v1.2.3


From 6bf79f02bede6a75a5211de64a1359b10749a2df Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 4 Feb 2010 17:49:23 -0800
Subject: Revert dumb test

---
 actionpack/test/controller/request_forgery_protection_test.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index c38ffad748..77d07d8eeb 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -210,7 +210,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase
     @request    = ActionController::TestRequest.new
     @request.format = :html
     @response   = ActionController::TestResponse.new
-    @token      = "cf50faa3fe97702ca1a/=?"
+    @token      = "cf50faa3fe97702ca1ae"
 
     ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
     ActionController::Base.request_forgery_protection_token = :authenticity_token
@@ -227,7 +227,7 @@ class FreeCookieControllerTest < ActionController::TestCase
     @controller = FreeCookieController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
-    @token      = "cf50faa3fe97702ca1a/=?"
+    @token      = "cf50faa3fe97702ca1ae"
 
     ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
   end
-- 
cgit v1.2.3


From 31f8a59c16d4a29553e2dbf891c891493fd138c0 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 4 Feb 2010 18:03:06 -0800
Subject: Test that csrf meta content is html-escaped, too

---
 actionpack/test/controller/request_forgery_protection_test.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 77d07d8eeb..be05ef6167 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -217,8 +217,9 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase
   end
 
   test 'should emit a csrf-token meta tag' do
+    ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?')
     get :meta
-    assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="#{@token}"/>), @response.body
+    assert_equal %(<meta name="csrf-param" content="authenticity_token"/>\n<meta name="csrf-token" content="cf50faa3fe97702ca1ae&lt;=?"/>), @response.body
   end
 end
 
-- 
cgit v1.2.3


From c1785f32825431d30a5d826066d37dfb0403cd46 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 4 Feb 2010 18:28:45 -0800
Subject: Release using gemcutter gem:push tasks

---
 actionpack/Rakefile | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'actionpack')

diff --git a/actionpack/Rakefile b/actionpack/Rakefile
index 863daa4b44..e675e67dc6 100644
--- a/actionpack/Rakefile
+++ b/actionpack/Rakefile
@@ -4,6 +4,7 @@ require 'rake/testtask'
 require 'rake/rdoctask'
 require 'rake/packagetask'
 require 'rake/gempackagetask'
+require 'rake/gemcutter'
 require File.join(File.dirname(__FILE__), 'lib', 'action_pack', 'version')
 
 PKG_BUILD     = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
@@ -70,6 +71,11 @@ Rake::GemPackageTask.new(spec) do |p|
   p.gem_spec = spec
 end
 
+Rake::Gemcutter::Tasks(spec)
+
+desc "Release to gemcutter"
+task :release => [:package, 'gem:push']
+
 task :lines do
   lines, codelines, total_lines, total_codelines = 0, 0, 0, 0
 
-- 
cgit v1.2.3


From 7b81f5981fd6dfcede61a89da80b09a1650e2c02 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 4 Feb 2010 18:44:14 -0800
Subject: Fix task defines

---
 actionpack/Rakefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/Rakefile b/actionpack/Rakefile
index e675e67dc6..5122b44f4e 100644
--- a/actionpack/Rakefile
+++ b/actionpack/Rakefile
@@ -71,7 +71,7 @@ Rake::GemPackageTask.new(spec) do |p|
   p.gem_spec = spec
 end
 
-Rake::Gemcutter::Tasks(spec)
+Rake::Gemcutter::Tasks.new(spec).define
 
 desc "Release to gemcutter"
 task :release => [:package, 'gem:push']
-- 
cgit v1.2.3


From 459ecaf95db12ec64e70c02f8ee58ddb1133021e Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Fri, 5 Feb 2010 00:03:03 -0800
Subject: Submarine the rake-gemcutter dep in Rakefiles

---
 actionpack/Rakefile | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/Rakefile b/actionpack/Rakefile
index 5122b44f4e..c45f88ed04 100644
--- a/actionpack/Rakefile
+++ b/actionpack/Rakefile
@@ -4,7 +4,6 @@ require 'rake/testtask'
 require 'rake/rdoctask'
 require 'rake/packagetask'
 require 'rake/gempackagetask'
-require 'rake/gemcutter'
 require File.join(File.dirname(__FILE__), 'lib', 'action_pack', 'version')
 
 PKG_BUILD     = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
@@ -71,10 +70,12 @@ Rake::GemPackageTask.new(spec) do |p|
   p.gem_spec = spec
 end
 
-Rake::Gemcutter::Tasks.new(spec).define
-
 desc "Release to gemcutter"
-task :release => [:package, 'gem:push']
+task :release => :package do
+  require 'rake/gemcutter'
+  Rake::Gemcutter::Tasks.new(spec).define
+  Rake::Task['gem:push'].invoke
+end
 
 task :lines do
   lines, codelines, total_lines, total_codelines = 0, 0, 0, 0
-- 
cgit v1.2.3


From c548e213658386f3a5b00097bc5b30bf3736e6b4 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Fri, 5 Feb 2010 09:24:12 -0800
Subject: Bump git versions to 3.0.0.beta1 since we've released

---
 actionpack/actionpack.gemspec | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/actionpack.gemspec b/actionpack/actionpack.gemspec
index 2017776661..ef141f2202 100644
--- a/actionpack/actionpack.gemspec
+++ b/actionpack/actionpack.gemspec
@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = 'actionpack'
-  s.version     = '3.0.0.beta'
+  s.version     = '3.0.0.beta1'
   s.summary     = 'Web-flow and rendering framework putting the VC in MVC (part of Rails).'
   s.description = 'Web-flow and rendering framework putting the VC in MVC (part of Rails).'
 
@@ -16,8 +16,8 @@ Gem::Specification.new do |s|
 
   s.has_rdoc = true
 
-  s.add_dependency('activesupport', '= 3.0.0.beta')
-  s.add_dependency('activemodel',   '= 3.0.0.beta')
+  s.add_dependency('activesupport', '= 3.0.0.beta1')
+  s.add_dependency('activemodel',   '= 3.0.0.beta1')
   s.add_dependency('rack',          '~> 1.1.0')
   s.add_dependency('rack-test',     '~> 0.5.0')
   s.add_dependency('rack-mount',    '~> 0.4.0')
-- 
cgit v1.2.3


From fd567785f4670b31db300324642cf2464025313e Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Fri, 5 Feb 2010 12:23:22 -0800
Subject: Make UrlWriter includable in a Module

---
 actionpack/lib/action_controller/metal/url_for.rb | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_controller/metal/url_for.rb b/actionpack/lib/action_controller/metal/url_for.rb
index 51702368c1..4f3ad07be5 100644
--- a/actionpack/lib/action_controller/metal/url_for.rb
+++ b/actionpack/lib/action_controller/metal/url_for.rb
@@ -1,4 +1,5 @@
 require 'active_support/core_ext/class/attribute'
+require 'active_support/core_ext/module/attribute_accessors'
 
 module ActionController
   # In <b>routes.rb</b> one defines URL-to-controller mappings, but the reverse
@@ -87,7 +88,14 @@ module ActionController
 
     included do
       ActionController::Routing::Routes.install_helpers(self)
-      class_attribute :default_url_options
+
+      # Including in a class uses an inheritable hash. Modules get a plain hash.
+      if respond_to?(:class_attribute)
+        class_attribute :default_url_options
+      else
+        mattr_accessor :default_url_options
+      end
+
       self.default_url_options = {}
     end
 
-- 
cgit v1.2.3


From e115eb097e3e5704b9861b6f2b92cc25d23de07c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Santiago=20Pastorino=20and=20Jos=C3=A9=20Ignacio=20Costa?=
 <santiago+jose@wyeworks.com>
Date: Thu, 4 Feb 2010 21:14:46 -0200
Subject: More html_safe strings now use the safe_concat method

[#3856 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
---
 actionpack/lib/action_view/helpers/form_helper.rb       | 2 +-
 actionpack/lib/action_view/helpers/form_tag_helper.rb   | 6 +++---
 actionpack/lib/action_view/helpers/javascript_helper.rb | 2 +-
 actionpack/lib/action_view/helpers/tag_helper.rb        | 2 +-
 actionpack/lib/action_view/render/rendering.rb          | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb
index c2ad7e9f77..238f2eb07a 100644
--- a/actionpack/lib/action_view/helpers/form_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_helper.rb
@@ -309,7 +309,7 @@ module ActionView
 
         options[:html][:remote] = true if options.delete(:remote)
 
-        concat(form_tag(options.delete(:url) || {}, options.delete(:html) || {}))
+        safe_concat(form_tag(options.delete(:url) || {}, options.delete(:html) || {}))
         fields_for(object_name, *(args << options), &proc)
         safe_concat('</form>')
       end
diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb
index ba1b0bcc20..6ed6c3101b 100644
--- a/actionpack/lib/action_view/helpers/form_tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb
@@ -441,8 +441,8 @@ module ActionView
       #   # => <fieldset class="format"><p><input id="name" name="name" type="text" /></p></fieldset>
       def field_set_tag(legend = nil, options = nil, &block)
         content = capture(&block)
-        concat(tag(:fieldset, options, true))
-        concat(content_tag(:legend, legend)) unless legend.blank?
+        safe_concat(tag(:fieldset, options, true))
+        safe_concat(content_tag(:legend, legend)) unless legend.blank?
         concat(content)
         safe_concat("</fieldset>")
       end
@@ -477,7 +477,7 @@ module ActionView
 
         def form_tag_in_block(html_options, &block)
           content = capture(&block)
-          concat(form_tag_html(html_options))
+          safe_concat(form_tag_html(html_options))
           concat(content)
           safe_concat("</form>")
         end
diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb
index 7dca9849c0..8fdaa8cf8d 100644
--- a/actionpack/lib/action_view/helpers/javascript_helper.rb
+++ b/actionpack/lib/action_view/helpers/javascript_helper.rb
@@ -86,7 +86,7 @@ module ActionView
         tag = content_tag(:script, javascript_cdata_section(content), html_options.merge(:type => Mime::JS))
 
         if block_called_from_erb?(block)
-          concat(tag)
+          safe_concat(tag)
         else
           tag
         end
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
index ed80e07c78..a3a8185f40 100644
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -72,7 +72,7 @@ module ActionView
           content_tag = content_tag_string(name, capture(&block), options, escape)
 
           if block_called_from_erb?(block)
-            concat(content_tag)
+            safe_concat(content_tag)
           else
             content_tag
           end
diff --git a/actionpack/lib/action_view/render/rendering.rb b/actionpack/lib/action_view/render/rendering.rb
index 7c33f1334a..abc7c09991 100644
--- a/actionpack/lib/action_view/render/rendering.rb
+++ b/actionpack/lib/action_view/render/rendering.rb
@@ -19,7 +19,7 @@ module ActionView
         options[:locals] ||= {}
 
         if block_given?
-          return concat(_render_partial(options.merge(:partial => layout), &block))
+          return safe_concat(_render_partial(options.merge(:partial => layout), &block))
         elsif options.key?(:partial)
           return _render_partial(options)
         end
-- 
cgit v1.2.3


From 59d8a2b4f5ffe97e01c4707278d47c29f1c66741 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Fri, 5 Feb 2010 19:01:11 -0800
Subject: Lookup the status code and rework the Completed line a bit

---
 actionpack/lib/action_controller/railties/subscriber.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_controller/railties/subscriber.rb b/actionpack/lib/action_controller/railties/subscriber.rb
index 1f0e6bf51a..4499e82292 100644
--- a/actionpack/lib/action_controller/railties/subscriber.rb
+++ b/actionpack/lib/action_controller/railties/subscriber.rb
@@ -15,9 +15,8 @@ module ActionController
         payload   = event.payload
         additions = ActionController::Base.log_process_action(payload)
 
-        message = "Completed in %.0fms" % event.duration
+        message = "Completed #{payload[:status]} #{Rack::Utils::HTTP_STATUS_CODES[payload[:status]]} in %.0fms" % event.duration
         message << " (#{additions.join(" | ")})" unless additions.blank?
-        message << " with #{payload[:status]}"
 
         info(message)
       end
-- 
cgit v1.2.3


From 5384df5589c7adccff845e943ce594f556397e77 Mon Sep 17 00:00:00 2001
From: Yehuda Katz <yehudakatz@99-204-89-33.pools.spcsdns.net>
Date: Fri, 5 Feb 2010 22:48:13 -0800
Subject: Updates subscriber test for new output

---
 actionpack/test/controller/subscriber_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/test/controller/subscriber_test.rb b/actionpack/test/controller/subscriber_test.rb
index 119a18ebc5..d7c1166f14 100644
--- a/actionpack/test/controller/subscriber_test.rb
+++ b/actionpack/test/controller/subscriber_test.rb
@@ -73,7 +73,7 @@ class ACSubscriberTest < ActionController::TestCase
     wait
     assert_equal 2, logs.size
     assert_match /Completed/, logs.last
-    assert_match /with 200/, logs.last
+    assert_match /200 OK/, logs.last
   end
 
   def test_process_action_without_parameters
-- 
cgit v1.2.3


From 4d177d46d95d77e06c88241c3bf809945fbd3a92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Sat, 6 Feb 2010 11:39:51 +0100
Subject: Routes should not swallow all NameErrors [#3862 status:resolved].

---
 actionpack/lib/action_dispatch/routing/route_set.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb
index c49ac70562..dcf98b729b 100644
--- a/actionpack/lib/action_dispatch/routing/route_set.rb
+++ b/actionpack/lib/action_dispatch/routing/route_set.rb
@@ -44,7 +44,8 @@ module ActionDispatch
             controller = "#{params[:controller].camelize}Controller"
             ActiveSupport::Inflector.constantize(controller)
           end
-        rescue NameError
+        rescue NameError => e
+          raise unless e.message.include?(controller)
           nil
         end
 
-- 
cgit v1.2.3


From 22c0390085eed6fa2c4b78e1a9465ae3b7861568 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Sat, 6 Feb 2010 11:52:28 +0100
Subject: Add a test which ensures namespaced roots.

---
 actionpack/test/dispatch/routing_test.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'actionpack')

diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb
index dfe824fd70..bcb97e4ae0 100644
--- a/actionpack/test/dispatch/routing_test.rb
+++ b/actionpack/test/dispatch/routing_test.rb
@@ -118,6 +118,8 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest
         match 'description', :to => "account#description", :as => "description"
         resource :subscription, :credit, :credit_card
 
+        root :to => "account#index"
+
         namespace :admin do
           resource :subscription
         end
@@ -659,6 +661,14 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest
     end
   end
 
+  def test_namespaced_roots
+    with_test_routes do
+      assert_equal '/account', account_root_path
+      get '/account'
+      assert_equal 'account#index', @response.body
+    end
+  end
+
   def test_optional_scoped_root
     with_test_routes do
       assert_equal '/en', root_path("en")
-- 
cgit v1.2.3


From 1d9d9d2d89a90a85f27a1909e3c435c070bc1b40 Mon Sep 17 00:00:00 2001
From: Prem Sichanugrist <s@sikachu.com>
Date: Sat, 6 Feb 2010 21:36:46 +0700
Subject: Fix tiny version number from '3.0.0beta' to '3.0.0.beta1', so 'rake
 install' will be run correctly [#3879 status:resolved]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: José Valim <jose.valim@gmail.com>
---
 actionpack/lib/action_pack/version.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb
index 4dde21dd40..67f89e1627 100644
--- a/actionpack/lib/action_pack/version.rb
+++ b/actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 0
-    TINY  = "0.beta"
+    TINY  = "0.beta1"
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end
-- 
cgit v1.2.3


From de69c798db5535f19bfd585da83117fe1dacd6d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Sat, 6 Feb 2010 20:55:25 +0100
Subject: Fix nested attributes with specified collection.

---
 actionpack/lib/action_view/helpers/form_helper.rb | 18 +++++++++++-------
 actionpack/test/template/form_helper_test.rb      | 22 ++++++++++++++++++++++
 2 files changed, 33 insertions(+), 7 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb
index 238f2eb07a..ce21af9923 100644
--- a/actionpack/lib/action_view/helpers/form_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_helper.rb
@@ -1172,7 +1172,9 @@ module ActionView
 
         def fields_for_with_nested_attributes(association_name, args, block)
           name = "#{object_name}[#{association_name}_attributes]"
-          association = args.first.to_model if args.first.respond_to?(:to_model)
+          options = args.extract_options!
+          association = args.shift
+          association = association.to_model if association.respond_to?(:to_model)
 
           if association.respond_to?(:new_record?)
             association = [association] if @object.send(association_name).is_a?(Array)
@@ -1181,20 +1183,22 @@ module ActionView
           end
 
           if association.is_a?(Array)
-            explicit_child_index = args.last[:child_index] if args.last.is_a?(Hash)
+            explicit_child_index = options[:child_index]
             association.map do |child|
-              fields_for_nested_model("#{name}[#{explicit_child_index || nested_child_index(name)}]", child, args, block)
+              fields_for_nested_model("#{name}[#{explicit_child_index || nested_child_index(name)}]", child, options, block)
             end.join
           elsif association
-            fields_for_nested_model(name, association, args, block)
+            fields_for_nested_model(name, association, options, block)
           end
         end
 
-        def fields_for_nested_model(name, object, args, block)
+        def fields_for_nested_model(name, object, options, block)
+          object = object.to_model if object.respond_to?(:to_model)
+
           if object.new_record?
-            @template.fields_for(name, object, *args, &block)
+            @template.fields_for(name, object, options, &block)
           else
-            @template.fields_for(name, object, *args) do |builder|
+            @template.fields_for(name, object, options) do |builder|
               block.call(builder)
               @template.concat builder.hidden_field(:id) unless builder.emitted_hidden_id?
             end
diff --git a/actionpack/test/template/form_helper_test.rb b/actionpack/test/template/form_helper_test.rb
index f2d524bd1b..7b909fff82 100644
--- a/actionpack/test/template/form_helper_test.rb
+++ b/actionpack/test/template/form_helper_test.rb
@@ -918,6 +918,28 @@ class FormHelperTest < ActionView::TestCase
     assert_dom_equal expected, output_buffer
   end
 
+  def test_nested_fields_for_with_existing_records_on_a_supplied_nested_attributes_collection_different_from_record_one
+    comments = Array.new(2) { |id| Comment.new(id + 1) }
+    @post.comments = []
+
+    form_for(:post, @post) do |f|
+      concat f.text_field(:title)
+      f.fields_for(:comments, comments) do |cf|
+        concat cf.text_field(:name)
+      end
+    end
+
+    expected = '<form action="http://www.example.com" method="post">' +
+               '<input name="post[title]" size="30" type="text" id="post_title" value="Hello World" />' +
+               '<input id="post_comments_attributes_0_name" name="post[comments_attributes][0][name]" size="30" type="text" value="comment #1" />' +
+               '<input id="post_comments_attributes_0_id" name="post[comments_attributes][0][id]" type="hidden" value="1" />' +
+               '<input id="post_comments_attributes_1_name" name="post[comments_attributes][1][name]" size="30" type="text" value="comment #2" />' +
+               '<input id="post_comments_attributes_1_id" name="post[comments_attributes][1][id]" type="hidden" value="2" />' +
+               '</form>'
+
+    assert_dom_equal expected, output_buffer
+  end
+
   def test_nested_fields_for_on_a_nested_attributes_collection_association_yields_only_builder
     @post.comments = [Comment.new(321), Comment.new]
     yielded_comments = []
-- 
cgit v1.2.3


From b235af702a086dd06fa9849ee47942e8ce82090d Mon Sep 17 00:00:00 2001
From: Gabriel Mansour <gabrielmansour@gmail.com>
Date: Sat, 30 Jan 2010 12:38:33 -0500
Subject: Fix pluralization for numbers formatted like '1.00'

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
---
 actionpack/lib/action_view/helpers/text_helper.rb | 2 +-
 actionpack/test/template/text_helper_test.rb      | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb
index 412e0c82cb..b63617322f 100644
--- a/actionpack/lib/action_view/helpers/text_helper.rb
+++ b/actionpack/lib/action_view/helpers/text_helper.rb
@@ -187,7 +187,7 @@ module ActionView
       #   pluralize(0, 'person')
       #   # => 0 people
       def pluralize(count, singular, plural = nil)
-        "#{count || 0} " + ((count == 1 || count == '1') ? singular : (plural || singular.pluralize))
+        "#{count || 0} " + ((count == 1 || count =~ /^1(\.0+)?$/) ? singular : (plural || singular.pluralize))
       end
 
       # Wraps the +text+ into lines no longer than +line_width+ width. This method
diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb
index 088c07b8bb..39bea12501 100644
--- a/actionpack/test/template/text_helper_test.rb
+++ b/actionpack/test/template/text_helper_test.rb
@@ -228,6 +228,8 @@ class TextHelperTest < ActionView::TestCase
     assert_equal("2 counts", pluralize('2', "count"))
     assert_equal("1,066 counts", pluralize('1,066', "count"))
     assert_equal("1.25 counts", pluralize('1.25', "count"))
+    assert_equal("1.0 count", pluralize('1.0', "count"))
+    assert_equal("1.00 count", pluralize('1.00', "count"))
     assert_equal("2 counters", pluralize(2, "count", "counters"))
     assert_equal("0 counters", pluralize(nil, "count", "counters"))
     assert_equal("2 people", pluralize(2, "person"))
-- 
cgit v1.2.3


From 5fe3dc4bf52eb315310a714c0fc1f627d47428fa Mon Sep 17 00:00:00 2001
From: Mikel Lindsaar <raasdnil@gmail.com>
Date: Mon, 8 Feb 2010 15:30:10 +1100
Subject: Adding ruby version spec to all gemspec files to at least 1.8.7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: José Valim <jose.valim@gmail.com>
---
 actionpack/actionpack.gemspec | 1 +
 1 file changed, 1 insertion(+)

(limited to 'actionpack')

diff --git a/actionpack/actionpack.gemspec b/actionpack/actionpack.gemspec
index ef141f2202..a35c4aac72 100644
--- a/actionpack/actionpack.gemspec
+++ b/actionpack/actionpack.gemspec
@@ -4,6 +4,7 @@ Gem::Specification.new do |s|
   s.version     = '3.0.0.beta1'
   s.summary     = 'Web-flow and rendering framework putting the VC in MVC (part of Rails).'
   s.description = 'Web-flow and rendering framework putting the VC in MVC (part of Rails).'
+  s.required_ruby_version = '>= 1.8.7'
 
   s.author            = 'David Heinemeier Hansson'
   s.email             = 'david@loudthinking.com'
-- 
cgit v1.2.3


From fa2ff95d4b783751f42378447331385c469e4775 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Tue, 9 Feb 2010 17:23:48 -0800
Subject: Its not a deprecation if you actually just ignore the call

---
 actionpack/lib/action_controller/metal/compatibility.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_controller/metal/compatibility.rb b/actionpack/lib/action_controller/metal/compatibility.rb
index 1d4a719aa6..a1cfa32d4d 100644
--- a/actionpack/lib/action_controller/metal/compatibility.rb
+++ b/actionpack/lib/action_controller/metal/compatibility.rb
@@ -76,6 +76,7 @@ module ActionController
       def consider_all_requests_local=(value)
         ActiveSupport::Deprecation.warn "ActionController::Base.consider_all_requests_local= is no longer effective. " <<
           "Please configure it on your application with config.consider_all_requests_local="
+        Rails.application.config.consider_all_requests_local = value
       end
 
       def allow_concurrency
@@ -87,6 +88,7 @@ module ActionController
       def allow_concurrency=(value)
         ActiveSupport::Deprecation.warn "ActionController::Base.allow_concurrency= is no longer effective. " <<
           "Please configure it on your application with config.allow_concurrency="
+        Rails.application.config.allow_concurrency = value
       end
 
       def rescue_action(env)
-- 
cgit v1.2.3


From 9b14b13422de0ebf323dc1c43662f285d538150a Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 11 Feb 2010 17:26:45 -0800
Subject: Bump rack-mount dep to 0.5.3

---
 actionpack/actionpack.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/actionpack.gemspec b/actionpack/actionpack.gemspec
index a35c4aac72..f13f24f64b 100644
--- a/actionpack/actionpack.gemspec
+++ b/actionpack/actionpack.gemspec
@@ -21,6 +21,6 @@ Gem::Specification.new do |s|
   s.add_dependency('activemodel',   '= 3.0.0.beta1')
   s.add_dependency('rack',          '~> 1.1.0')
   s.add_dependency('rack-test',     '~> 0.5.0')
-  s.add_dependency('rack-mount',    '~> 0.4.0')
+  s.add_dependency('rack-mount',    '~> 0.5.3')
   s.add_dependency('erubis',        '~> 2.6.5')
 end
-- 
cgit v1.2.3


From 86a696fc300f828f10b56b24178ee1fddce5f6f2 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 11 Feb 2010 17:29:14 -0800
Subject: Wups, rack-mount 0.5.0

---
 actionpack/actionpack.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/actionpack.gemspec b/actionpack/actionpack.gemspec
index f13f24f64b..254a4e8396 100644
--- a/actionpack/actionpack.gemspec
+++ b/actionpack/actionpack.gemspec
@@ -21,6 +21,6 @@ Gem::Specification.new do |s|
   s.add_dependency('activemodel',   '= 3.0.0.beta1')
   s.add_dependency('rack',          '~> 1.1.0')
   s.add_dependency('rack-test',     '~> 0.5.0')
-  s.add_dependency('rack-mount',    '~> 0.5.3')
+  s.add_dependency('rack-mount',    '~> 0.5.0')
   s.add_dependency('erubis',        '~> 2.6.5')
 end
-- 
cgit v1.2.3


From 5188c11d2eb7053a2471222de52cad5786febfc3 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Fri, 12 Feb 2010 09:05:41 -0800
Subject: Revert to rack-mount 0.4.7

---
 actionpack/actionpack.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/actionpack.gemspec b/actionpack/actionpack.gemspec
index 254a4e8396..8a7169bfa1 100644
--- a/actionpack/actionpack.gemspec
+++ b/actionpack/actionpack.gemspec
@@ -21,6 +21,6 @@ Gem::Specification.new do |s|
   s.add_dependency('activemodel',   '= 3.0.0.beta1')
   s.add_dependency('rack',          '~> 1.1.0')
   s.add_dependency('rack-test',     '~> 0.5.0')
-  s.add_dependency('rack-mount',    '~> 0.5.0')
+  s.add_dependency('rack-mount',    '~> 0.4.7')
   s.add_dependency('erubis',        '~> 2.6.5')
 end
-- 
cgit v1.2.3


From 325fa58ef585b4303a41270e231918f298ee30bd Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Fri, 12 Feb 2010 16:38:24 -0800
Subject: Safely concat the ending tag to simple_format or it will be escaped

---
 actionpack/lib/action_view/helpers/text_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb
index b63617322f..d84515d5b5 100644
--- a/actionpack/lib/action_view/helpers/text_helper.rb
+++ b/actionpack/lib/action_view/helpers/text_helper.rb
@@ -332,7 +332,7 @@ module ActionView
         text.gsub!(/\n\n+/, "</p>\n\n#{start_tag}")  # 2+ newline  -> paragraph
         text.gsub!(/([^\n]\n)(?=[^\n])/, '\1<br />') # 1 newline   -> br
         text.insert 0, start_tag
-        text << "</p>"
+        text.safe_concat("</p>")
       end
 
       # Turns all URLs and e-mail addresses into clickable links. The <tt>:link</tt> option
-- 
cgit v1.2.3


From d68f8ba5c303556ecb8625dd146184d68b704e83 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Fri, 12 Feb 2010 17:24:04 -0800
Subject: simple_format returns a safe buffer escaping unsafe input [Santiago
 Pastorino]

---
 actionpack/lib/action_view/helpers/text_helper.rb |  2 +-
 actionpack/test/template/text_helper_test.rb      | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb
index d84515d5b5..b19a9754f4 100644
--- a/actionpack/lib/action_view/helpers/text_helper.rb
+++ b/actionpack/lib/action_view/helpers/text_helper.rb
@@ -327,7 +327,7 @@ module ActionView
       #   # => "<p class='description'>Look ma! A class!</p>"
       def simple_format(text, html_options={})
         start_tag = tag('p', html_options, true)
-        text = text.to_s.dup
+        text = h(text)
         text.gsub!(/\r\n?/, "\n")                    # \r\n and \r -> \n
         text.gsub!(/\n\n+/, "</p>\n\n#{start_tag}")  # 2+ newline  -> paragraph
         text.gsub!(/([^\n]\n)(?=[^\n])/, '\1<br />') # 1 newline   -> br
diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb
index 39bea12501..9962b7af3f 100644
--- a/actionpack/test/template/text_helper_test.rb
+++ b/actionpack/test/template/text_helper_test.rb
@@ -40,6 +40,18 @@ class TextHelperTest < ActionView::TestCase
      assert_equal %Q(<p class="test">para 1</p>\n\n<p class="test">para 2</p>), simple_format("para 1\n\npara 2", :class => 'test')
   end
 
+  def test_simple_format_should_be_html_safe
+    assert simple_format("<b> test with html tags </b>").html_safe?
+  end
+
+  def test_simple_format_should_escape_unsafe_input
+    assert_equal "<p>&lt;b&gt; test with unsafe string &lt;/b&gt;</p>", simple_format("<b> test with unsafe string </b>")
+  end
+
+  def test_simple_format_should_not_escape_safe_input
+    assert_equal "<p><b> test with safe string </b></p>", simple_format("<b> test with safe string </b>".html_safe)
+  end
+
   def test_truncate
     assert_equal "Hello World!", truncate("Hello World!", :length => 12)
     assert_equal "Hello Wor...", truncate("Hello World!!", :length => 12)
-- 
cgit v1.2.3