From 0697d17d121fcf9f46b5dd2dd1034dffa19ebdf2 Mon Sep 17 00:00:00 2001 From: rick Date: Tue, 6 May 2008 00:42:24 -0700 Subject: Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [#73 state:resolved] --- actionpack/CHANGELOG | 2 ++ .../request_forgery_protection.rb | 2 +- .../controller/request_forgery_protection_test.rb | 29 +++++++++++++++++++--- 3 files changed, 28 insertions(+), 5 deletions(-) (limited to 'actionpack') diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 54030047ba..87f570d55c 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [rick] + * Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) [#80] * Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) [DHH] diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb index 7e6961d25f..1b349baeaf 100644 --- a/actionpack/lib/action_controller/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/request_forgery_protection.rb @@ -99,7 +99,7 @@ module ActionController #:nodoc: end def verifiable_request_format? - request.format.html? || request.format.js? + request.content_type.nil? || request.content_type.html? end # Sets the token value for the current session. Pass a :secret option diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index d0c3c6e224..295075fed4 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -93,19 +93,37 @@ module RequestForgeryProtectionTests post :unsafe assert_response :success end - + def test_should_not_allow_post_without_token assert_raises(ActionController::InvalidAuthenticityToken) { post :index } end - + def test_should_not_allow_put_without_token assert_raises(ActionController::InvalidAuthenticityToken) { put :index } end - + def test_should_not_allow_delete_without_token assert_raises(ActionController::InvalidAuthenticityToken) { delete :index } end - + + def test_should_not_allow_api_formatted_post_without_token + assert_raises(ActionController::InvalidAuthenticityToken) do + post :index, :format => 'xml' + end + end + + def test_should_not_allow_put_without_token + assert_raises(ActionController::InvalidAuthenticityToken) do + put :index, :format => 'xml' + end + end + + def test_should_not_allow_delete_without_token + assert_raises(ActionController::InvalidAuthenticityToken) do + delete :index, :format => 'xml' + end + end + def test_should_not_allow_xhr_post_without_token assert_raises(ActionController::InvalidAuthenticityToken) { xhr :post, :index } end @@ -134,16 +152,19 @@ module RequestForgeryProtectionTests end def test_should_allow_post_with_xml + @request.env['CONTENT_TYPE'] = Mime::XML.to_s post :index, :format => 'xml' assert_response :success end def test_should_allow_put_with_xml + @request.env['CONTENT_TYPE'] = Mime::XML.to_s put :index, :format => 'xml' assert_response :success end def test_should_allow_delete_with_xml + @request.env['CONTENT_TYPE'] = Mime::XML.to_s delete :index, :format => 'xml' assert_response :success end -- cgit v1.2.3 From c8451aeeea200043d8a3e6eae9c49def3a154ddb Mon Sep 17 00:00:00 2001 From: rick Date: Tue, 6 May 2008 02:58:32 -0700 Subject: change ActionController::RequestForgeryProtection to use Mime::Type#verify_request? [#73] --- actionpack/lib/action_controller/mime_type.rb | 19 +++++++-- actionpack/lib/action_controller/mime_types.rb | 2 +- .../request_forgery_protection.rb | 2 +- actionpack/test/controller/mime_type_test.rb | 25 +++++++++-- .../controller/request_forgery_protection_test.rb | 48 ++++++++++++++++++++-- 5 files changed, 84 insertions(+), 12 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/mime_type.rb b/actionpack/lib/action_controller/mime_type.rb index 8c02f20521..f43e2ba06d 100644 --- a/actionpack/lib/action_controller/mime_type.rb +++ b/actionpack/lib/action_controller/mime_type.rb @@ -17,6 +17,10 @@ module Mime # end # end class Type + @@html_types = Set.new [:html, :all] + @@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml] + cattr_reader :html_types, :unverifiable_types + # A simple helper class used in parsing the accept header class AcceptItem #:nodoc: attr_accessor :order, :name, :q @@ -153,12 +157,21 @@ module Mime synonym.to_s == mime_type.to_s || synonym.to_sym == mime_type.to_sym end end - + + # Returns true if ActionPack should check requests using this Mime Type for possible request forgery. See + # ActionController::RequestForgerProtection. + def verify_request? + !@@unverifiable_types.include?(to_sym) + end + + def html? + @@html_types.include?(to_sym) || @string =~ /html/ + end + private def method_missing(method, *args) if method.to_s =~ /(\w+)\?$/ - mime_type = $1.downcase.to_sym - mime_type == @symbol || (mime_type == :html && @symbol == :all) + $1.downcase.to_sym == to_sym else super end diff --git a/actionpack/lib/action_controller/mime_types.rb b/actionpack/lib/action_controller/mime_types.rb index 71706b4c41..01a266d3fe 100644 --- a/actionpack/lib/action_controller/mime_types.rb +++ b/actionpack/lib/action_controller/mime_types.rb @@ -17,4 +17,4 @@ Mime::Type.register "multipart/form-data", :multipart_form Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form # http://www.ietf.org/rfc/rfc4627.txt -Mime::Type.register "application/json", :json, %w( text/x-json ) +Mime::Type.register "application/json", :json, %w( text/x-json ) \ No newline at end of file diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb index 1b349baeaf..b52a2d4ff1 100644 --- a/actionpack/lib/action_controller/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/request_forgery_protection.rb @@ -99,7 +99,7 @@ module ActionController #:nodoc: end def verifiable_request_format? - request.content_type.nil? || request.content_type.html? + request.content_type.nil? || request.content_type.verify_request? end # Sets the token value for the current session. Pass a :secret option diff --git a/actionpack/test/controller/mime_type_test.rb b/actionpack/test/controller/mime_type_test.rb index 03b0f8bad2..f16a3c68b4 100644 --- a/actionpack/test/controller/mime_type_test.rb +++ b/actionpack/test/controller/mime_type_test.rb @@ -52,16 +52,33 @@ class MimeTypeTest < Test::Unit::TestCase end def test_type_convenience_methods - types = [:html, :xml, :png, :pdf, :yaml, :url_encoded_form] + # Don't test Mime::ALL, since it Mime::ALL#html? == true + types = Mime::SET.to_a.map(&:to_sym).uniq - [:all] + + # Remove custom Mime::Type instances set in other tests, like Mime::GIF and Mime::IPHONE + types.delete_if { |type| !Mime.const_defined?(type.to_s.upcase) } + types.each do |type| mime = Mime.const_get(type.to_s.upcase) - assert mime.send("#{type}?"), "Mime::#{type.to_s.upcase} is not #{type}?" - (types - [type]).each { |t| assert !mime.send("#{t}?"), "Mime::#{t.to_s.upcase} is #{t}?" } + assert mime.send("#{type}?"), "#{mime.inspect} is not #{type}?" + (types - [type]).each { |other_type| assert !mime.send("#{other_type}?"), "#{mime.inspect} is #{other_type}?" } end end - + def test_mime_all_is_html assert Mime::ALL.all?, "Mime::ALL is not all?" assert Mime::ALL.html?, "Mime::ALL is not html?" end + + def test_verifiable_mime_types + unverified_types = Mime::Type.unverifiable_types + all_types = Mime::SET.to_a.map(&:to_sym) + all_types.uniq! + # Remove custom Mime::Type instances set in other tests, like Mime::GIF and Mime::IPHONE + all_types.delete_if { |type| !Mime.const_defined?(type.to_s.upcase) } + + unverified, verified = all_types.partition { |type| Mime::Type.unverifiable_types.include? type } + assert verified.all? { |type| Mime.const_get(type.to_s.upcase).verify_request? }, "Not all Mime Types are verified: #{verified.inspect}" + assert unverified.all? { |type| !Mime.const_get(type.to_s.upcase).verify_request? }, "Some Mime Types are verified: #{unverified.inspect}" + end end diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 295075fed4..833e8d8e00 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -107,19 +107,61 @@ module RequestForgeryProtectionTests end def test_should_not_allow_api_formatted_post_without_token - assert_raises(ActionController::InvalidAuthenticityToken) do + assert_raises(ActionController::InvalidAuthenticityToken) do post :index, :format => 'xml' end end - def test_should_not_allow_put_without_token + def test_should_not_allow_api_formatted_put_without_token assert_raises(ActionController::InvalidAuthenticityToken) do put :index, :format => 'xml' end end - def test_should_not_allow_delete_without_token + def test_should_not_allow_api_formatted_delete_without_token + assert_raises(ActionController::InvalidAuthenticityToken) do + delete :index, :format => 'xml' + end + end + + def test_should_not_allow_api_formatted_post_sent_as_url_encoded_form_without_token + assert_raises(ActionController::InvalidAuthenticityToken) do + @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s + post :index, :format => 'xml' + end + end + + def test_should_not_allow_api_formatted_put_sent_as_url_encoded_form_without_token + assert_raises(ActionController::InvalidAuthenticityToken) do + @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s + put :index, :format => 'xml' + end + end + + def test_should_not_allow_api_formatted_delete_sent_as_url_encoded_form_without_token + assert_raises(ActionController::InvalidAuthenticityToken) do + @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s + delete :index, :format => 'xml' + end + end + + def test_should_not_allow_api_formatted_post_sent_as_multipart_form_without_token + assert_raises(ActionController::InvalidAuthenticityToken) do + @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s + post :index, :format => 'xml' + end + end + + def test_should_not_allow_api_formatted_put_sent_as_multipart_form_without_token + assert_raises(ActionController::InvalidAuthenticityToken) do + @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s + put :index, :format => 'xml' + end + end + + def test_should_not_allow_api_formatted_delete_sent_as_multipart_form_without_token assert_raises(ActionController::InvalidAuthenticityToken) do + @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s delete :index, :format => 'xml' end end -- cgit v1.2.3 From b60c8a573e63998b4aa3f93a1728bb9b6c6fb8f9 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Sun, 11 May 2008 18:29:44 -0500 Subject: Making ready for RC1 release --- actionpack/CHANGELOG | 2 +- actionpack/Rakefile | 2 +- actionpack/lib/action_pack/version.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'actionpack') diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 2caaa40bf6..e867666621 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,4 +1,4 @@ -*SVN* +*2.1.0 RC1 (May 11th, 2008)* * Fixed that forgery protection can be used without session tracking (Peter Jones) [#139] diff --git a/actionpack/Rakefile b/actionpack/Rakefile index e460d820ba..0147a5c1e8 100644 --- a/actionpack/Rakefile +++ b/actionpack/Rakefile @@ -76,7 +76,7 @@ spec = Gem::Specification.new do |s| s.has_rdoc = true s.requirements << 'none' - s.add_dependency('activesupport', '= 2.0.2' + PKG_BUILD) + s.add_dependency('activesupport', '= 2.0.991' + PKG_BUILD) s.require_path = 'lib' s.autorequire = 'action_controller' diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb index 7aa6a5db96..70fc1ced8c 100644 --- a/actionpack/lib/action_pack/version.rb +++ b/actionpack/lib/action_pack/version.rb @@ -2,7 +2,7 @@ module ActionPack #:nodoc: module VERSION #:nodoc: MAJOR = 2 MINOR = 0 - TINY = 2 + TINY = 991 STRING = [MAJOR, MINOR, TINY].join('.') end -- cgit v1.2.3 From 00640de861797b258d2dd955b861bcb021d4a3e1 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Sun, 11 May 2008 18:34:05 -0500 Subject: Updated copyright years --- actionpack/MIT-LICENSE | 2 +- actionpack/lib/action_controller.rb | 2 +- actionpack/lib/action_pack.rb | 2 +- actionpack/lib/action_view.rb | 2 +- actionpack/lib/action_view/helpers/javascripts/controls.js | 2 +- actionpack/lib/action_view/helpers/javascripts/dragdrop.js | 2 +- actionpack/lib/action_view/helpers/javascripts/effects.js | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) (limited to 'actionpack') diff --git a/actionpack/MIT-LICENSE b/actionpack/MIT-LICENSE index 007cc942e1..13c90d46e9 100644 --- a/actionpack/MIT-LICENSE +++ b/actionpack/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2004-2007 David Heinemeier Hansson +Copyright (c) 2004-2008 David Heinemeier Hansson Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/actionpack/lib/action_controller.rb b/actionpack/lib/action_controller.rb index 919fbc6c6a..810a5fb9b5 100755 --- a/actionpack/lib/action_controller.rb +++ b/actionpack/lib/action_controller.rb @@ -1,5 +1,5 @@ #-- -# Copyright (c) 2004-2007 David Heinemeier Hansson +# Copyright (c) 2004-2008 David Heinemeier Hansson # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the diff --git a/actionpack/lib/action_pack.rb b/actionpack/lib/action_pack.rb index 006c83dbc8..c7fd3092e7 100644 --- a/actionpack/lib/action_pack.rb +++ b/actionpack/lib/action_pack.rb @@ -1,5 +1,5 @@ #-- -# Copyright (c) 2004-2007 David Heinemeier Hansson +# Copyright (c) 2004-2008 David Heinemeier Hansson # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the diff --git a/actionpack/lib/action_view.rb b/actionpack/lib/action_view.rb index 609334d52d..5f4126e4e9 100644 --- a/actionpack/lib/action_view.rb +++ b/actionpack/lib/action_view.rb @@ -1,5 +1,5 @@ #-- -# Copyright (c) 2004-2007 David Heinemeier Hansson +# Copyright (c) 2004-2008 David Heinemeier Hansson # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the diff --git a/actionpack/lib/action_view/helpers/javascripts/controls.js b/actionpack/lib/action_view/helpers/javascripts/controls.js index fbc4418b83..5aaf0bb2b7 100644 --- a/actionpack/lib/action_view/helpers/javascripts/controls.js +++ b/actionpack/lib/action_view/helpers/javascripts/controls.js @@ -1,4 +1,4 @@ -// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) +// Copyright (c) 2005-2008 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) // (c) 2005-2007 Ivan Krstic (http://blogs.law.harvard.edu/ivan) // (c) 2005-2007 Jon Tirsen (http://www.tirsen.com) // Contributors: diff --git a/actionpack/lib/action_view/helpers/javascripts/dragdrop.js b/actionpack/lib/action_view/helpers/javascripts/dragdrop.js index ccf4a1e45c..bf5cfea66c 100644 --- a/actionpack/lib/action_view/helpers/javascripts/dragdrop.js +++ b/actionpack/lib/action_view/helpers/javascripts/dragdrop.js @@ -1,4 +1,4 @@ -// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) +// Copyright (c) 2005-2008 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) // (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz) // // script.aculo.us is freely distributable under the terms of an MIT-style license. diff --git a/actionpack/lib/action_view/helpers/javascripts/effects.js b/actionpack/lib/action_view/helpers/javascripts/effects.js index 65aed23957..f030b5dbe9 100644 --- a/actionpack/lib/action_view/helpers/javascripts/effects.js +++ b/actionpack/lib/action_view/helpers/javascripts/effects.js @@ -1,4 +1,4 @@ -// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) +// Copyright (c) 2005-2008 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) // Contributors: // Justin Palmer (http://encytemedia.com/) // Mark Pilgrim (http://diveintomark.org/) -- cgit v1.2.3 From cde6a259bf46cdaf1f2fe5fdeb84478ca8fc3046 Mon Sep 17 00:00:00 2001 From: Jeremy Kemper Date: Sat, 10 May 2008 10:58:30 -0500 Subject: Simpler rescue_action condition --- actionpack/lib/action_controller/rescue.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/rescue.rb b/actionpack/lib/action_controller/rescue.rb index 5022c9a815..40ef4ea044 100644 --- a/actionpack/lib/action_controller/rescue.rb +++ b/actionpack/lib/action_controller/rescue.rb @@ -199,10 +199,8 @@ module ActionController #:nodoc: private def perform_action_with_rescue #:nodoc: perform_action_without_rescue - rescue Exception => exception # errors from action performed - return if rescue_action_with_handler(exception) - - rescue_action(exception) + rescue Exception => exception + rescue_action_with_handler(exception) || rescue_action(exception) end def rescues_path(template_name) -- cgit v1.2.3 From a425cd147363a0e8d7e17177ef252dd760197f15 Mon Sep 17 00:00:00 2001 From: Rich Cavanaugh Date: Mon, 12 May 2008 15:25:56 -0700 Subject: Don't double-escape cookie store data. Don't split cookie values with newlines into an array. [#130 state:resolved] Signed-off-by: Jeremy Kemper --- actionpack/lib/action_controller/cgi_ext/cookie.rb | 2 +- actionpack/lib/action_controller/session/cookie_store.rb | 9 ++++++--- actionpack/test/controller/cookie_test.rb | 5 +++++ actionpack/test/controller/session/cookie_store_test.rb | 16 ++++++++++++++-- 4 files changed, 26 insertions(+), 6 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/cgi_ext/cookie.rb b/actionpack/lib/action_controller/cgi_ext/cookie.rb index 3dd374f126..e35bab5f5a 100644 --- a/actionpack/lib/action_controller/cgi_ext/cookie.rb +++ b/actionpack/lib/action_controller/cgi_ext/cookie.rb @@ -37,7 +37,7 @@ class CGI #:nodoc: @path = nil else @name = name['name'] - @value = Array(name['value']) + @value = name['value'].kind_of?(String) ? [name['value']] : Array(name['value']) @domain = name['domain'] @expires = name['expires'] @secure = name['secure'] || false diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index 560491f996..ada1862c3e 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -130,17 +130,20 @@ class CGI::Session::CookieStore # Marshal a session hash into safe cookie data. Include an integrity hash. def marshal(session) data = ActiveSupport::Base64.encode64(Marshal.dump(session)).chop - CGI.escape "#{data}--#{generate_digest(data)}" + "#{data}--#{generate_digest(data)}" end # Unmarshal cookie data to a hash and verify its integrity. def unmarshal(cookie) if cookie - data, digest = CGI.unescape(cookie).split('--') - unless digest == generate_digest(data) + data, digest = cookie.split('--') + + # Do two checks to transparently support old double-escaped data. + unless digest == generate_digest(data) || digest == generate_digest(data = CGI.unescape(data)) delete raise TamperedWithCookie end + Marshal.load(ActiveSupport::Base64.decode64(data)) end end diff --git a/actionpack/test/controller/cookie_test.rb b/actionpack/test/controller/cookie_test.rb index 42f3bd26a4..b8f3c629f4 100644 --- a/actionpack/test/controller/cookie_test.rb +++ b/actionpack/test/controller/cookie_test.rb @@ -137,4 +137,9 @@ class CookieTest < Test::Unit::TestCase cookies = CGI::Cookie.parse('return_to=http://rubyonrails.org/search?term=api&scope=all&global=true') assert_equal({"return_to" => ["http://rubyonrails.org/search?term=api&scope=all&global=true"]}, cookies) end + + def test_cookies_should_not_be_split_on_values_with_newlines + cookies = CGI::Cookie.new("name" => "val", "value" => "this\nis\na\ntest") + assert cookies.size == 1 + end end diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index d308f2a31b..5adaeaf5c5 100755 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -43,7 +43,9 @@ class CookieStoreTest < Test::Unit::TestCase { :empty => ['BAgw--0686dcaccc01040f4bd4f35fe160afe9bc04c330', {}], :a_one => ['BAh7BiIGYWkG--5689059497d7f122a7119f171aef81dcfd807fec', { 'a' => 1 }], :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--9d20154623b9eeea05c62ab819be0e2483238759', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], - :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }] } + :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }], + :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf'), { 'user_id' => 123, 'flash' => {} }] } + end def setup @@ -101,6 +103,15 @@ class CookieStoreTest < Test::Unit::TestCase end end + def test_restores_double_encoded_cookies + set_cookie! cookie_value(:double_escaped) + new_session do |session| + session.dbman.restore + assert_equal session["user_id"], 123 + assert_equal session["flash"], {} + end + end + def test_close_doesnt_write_cookie_if_data_is_blank new_session do |session| assert_no_cookies session @@ -241,6 +252,7 @@ class CookieStoreWithMD5DigestTest < CookieStoreTest { :empty => ['BAgw--0415cc0be9579b14afc22ee2d341aa21', {}], :a_one => ['BAh7BiIGYWkG--5a0ed962089cc6600ff44168a5d59bc8', { 'a' => 1 }], :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--f426763f6ef435b3738b493600db8d64', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], - :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }] } + :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }], + :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51'), { 'user_id' => 123, 'flash' => {} }] } end end -- cgit v1.2.3 From d16fbe53b202d52b5ef12526941ed50da2daf38f Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Mon, 12 May 2008 23:54:21 -0700 Subject: Fix remote_function to escape apostrophes inside the remote url passed to Ajax.Update. [#180 state:resolved] Signed-off-by: Pratik Naik --- actionpack/lib/action_view/helpers/prototype_helper.rb | 2 +- actionpack/test/template/prototype_helper_test.rb | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_view/helpers/prototype_helper.rb b/actionpack/lib/action_view/helpers/prototype_helper.rb index 1b12aa8058..1a0e660d52 100644 --- a/actionpack/lib/action_view/helpers/prototype_helper.rb +++ b/actionpack/lib/action_view/helpers/prototype_helper.rb @@ -458,7 +458,7 @@ module ActionView url_options = options[:url] url_options = url_options.merge(:escape => false) if url_options.is_a?(Hash) - function << "'#{url_for(url_options)}'" + function << "'#{escape_javascript(url_for(url_options))}'" function << ", #{javascript_options})" function = "#{options[:before]}; #{function}" if options[:before] diff --git a/actionpack/test/template/prototype_helper_test.rb b/actionpack/test/template/prototype_helper_test.rb index a84d4e72af..9a1079b297 100644 --- a/actionpack/test/template/prototype_helper_test.rb +++ b/actionpack/test/template/prototype_helper_test.rb @@ -86,6 +86,11 @@ class PrototypeHelperTest < PrototypeHelperBaseTest link_to_remote("Remote outauthor", { :url => { :action => "whatnot" }, :html => { :class => "fine" } }) end + def test_link_to_remote_url_quote_escaping + assert_dom_equal %(Remote), + link_to_remote("Remote", { :url => { :action => "whatnot's" } }) + end + def test_periodically_call_remote assert_dom_equal %(), periodically_call_remote(:update => "schremser_bier", :url => { :action => "mehr_bier" }) -- cgit v1.2.3 From d8bcec6ce6b48f271af5c566791417a58b8a617d Mon Sep 17 00:00:00 2001 From: Rich Cavanaugh Date: Tue, 13 May 2008 12:19:27 -0400 Subject: make CGI::Cookie handle deleting a cookie properly Signed-off-by: Jeremy Kemper --- actionpack/lib/action_controller/cgi_ext/cookie.rb | 2 +- actionpack/test/controller/cookie_test.rb | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/cgi_ext/cookie.rb b/actionpack/lib/action_controller/cgi_ext/cookie.rb index e35bab5f5a..a244e2a39a 100644 --- a/actionpack/lib/action_controller/cgi_ext/cookie.rb +++ b/actionpack/lib/action_controller/cgi_ext/cookie.rb @@ -37,7 +37,7 @@ class CGI #:nodoc: @path = nil else @name = name['name'] - @value = name['value'].kind_of?(String) ? [name['value']] : Array(name['value']) + @value = (name['value'].kind_of?(String) ? [name['value']] : Array(name['value'])).delete_if(&:blank?) @domain = name['domain'] @expires = name['expires'] @secure = name['secure'] || false diff --git a/actionpack/test/controller/cookie_test.rb b/actionpack/test/controller/cookie_test.rb index b8f3c629f4..b45fbb17d3 100644 --- a/actionpack/test/controller/cookie_test.rb +++ b/actionpack/test/controller/cookie_test.rb @@ -82,6 +82,7 @@ class CookieTest < Test::Unit::TestCase def test_expiring_cookie get :logout assert_equal [ CGI::Cookie::new("name" => "user_name", "value" => "", "expires" => Time.at(0)) ], @response.headers["cookie"] + assert_equal CGI::Cookie::new("name" => "user_name", "value" => "", "expires" => Time.at(0)).value, [] end def test_cookiejar_accessor -- cgit v1.2.3 From 7708650f73ddb4db300ea2059c60c1d907a4384e Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Wed, 14 May 2008 12:33:54 -0500 Subject: =?UTF-8?q?Added=20conditional=20support=20to=20caches=5Faction=20?= =?UTF-8?q?[Jos=C3=A9=20Valim]=20[#166=20state:resolved]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../lib/action_controller/caching/actions.rb | 37 +++++----- actionpack/test/controller/caching_test.rb | 80 ++++++++++++++++++---- 2 files changed, 86 insertions(+), 31 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/caching/actions.rb b/actionpack/lib/action_controller/caching/actions.rb index 7b0551c664..1ef9e60a21 100644 --- a/actionpack/lib/action_controller/caching/actions.rb +++ b/actionpack/lib/action_controller/caching/actions.rb @@ -9,7 +9,7 @@ module ActionController #:nodoc: # class ListsController < ApplicationController # before_filter :authenticate, :except => :public # caches_page :public - # caches_action :show, :feed + # caches_action :index, :show, :feed # end # # In this example, the public action doesn't require authentication, so it's possible to use the faster page caching method. But both the @@ -27,15 +27,19 @@ module ActionController #:nodoc: # You can set modify the default action cache path by passing a :cache_path option. This will be passed directly to ActionCachePath.path_for. This is handy # for actions with multiple possible routes that should be cached differently. If a block is given, it is called with the current controller instance. # + # And you can also use :if to pass a Proc that specifies when the action should be cached. + # # class ListsController < ApplicationController # before_filter :authenticate, :except => :public # caches_page :public + # caches_action :index, :if => Proc.new { |c| !c.request.format.json? } # cache if is not a JSON request # caches_action :show, :cache_path => { :project => 1 } - # caches_action :show, :cache_path => Proc.new { |controller| - # controller.params[:user_id] ? + # caches_action :feed, :cache_path => Proc.new { |controller| + # controller.params[:user_id] ? # controller.send(:user_list_url, c.params[:user_id], c.params[:id]) : # controller.send(:list_url, c.params[:id]) } # end + # module Actions def self.included(base) #:nodoc: base.extend(ClassMethods) @@ -49,7 +53,8 @@ module ActionController #:nodoc: # See ActionController::Caching::Actions for details. def caches_action(*actions) return unless cache_configured? - around_filter(ActionCacheFilter.new(*actions)) + options = actions.extract_options! + around_filter(ActionCacheFilter.new(:cache_path => options.delete(:cache_path)), {:only => actions}.merge(options)) end end @@ -67,16 +72,12 @@ module ActionController #:nodoc: end class ActionCacheFilter #:nodoc: - def initialize(*actions, &block) - @options = actions.extract_options! - @actions = Set.new(actions) + def initialize(options, &block) + @options = options end def before(controller) - return unless @actions.include?(controller.action_name.intern) - cache_path = ActionCachePath.new(controller, path_options_for(controller, @options)) - if cache = controller.read_fragment(cache_path.path) controller.rendered_action_cache = true set_content_type!(controller, cache_path.extension) @@ -88,7 +89,7 @@ module ActionController #:nodoc: end def after(controller) - return if !@actions.include?(controller.action_name.intern) || controller.rendered_action_cache || !caching_allowed(controller) + return if controller.rendered_action_cache || !caching_allowed(controller) controller.write_fragment(controller.action_cache_path.path, controller.response.body) end @@ -105,16 +106,16 @@ module ActionController #:nodoc: controller.request.get? && controller.response.headers['Status'].to_i == 200 end end - + class ActionCachePath attr_reader :path, :extension - + class << self def path_for(controller, options) new(controller, options).path end end - + def initialize(controller, options = {}) @extension = extract_extension(controller.request.path) path = controller.url_for(options).split('://').last @@ -122,16 +123,16 @@ module ActionController #:nodoc: add_extension!(path, @extension) @path = URI.unescape(path) end - + private def normalize!(path) path << 'index' if path[-1] == ?/ end - + def add_extension!(path, extension) path << ".#{extension}" if extension end - + def extract_extension(file_path) # Don't want just what comes after the last '.' to accommodate multi part extensions # such as tar.gz. @@ -140,4 +141,4 @@ module ActionController #:nodoc: end end end -end \ No newline at end of file +end diff --git a/actionpack/test/controller/caching_test.rb b/actionpack/test/controller/caching_test.rb index ddc1c68383..4aacb4a78a 100644 --- a/actionpack/test/controller/caching_test.rb +++ b/actionpack/test/controller/caching_test.rb @@ -6,6 +6,7 @@ CACHE_DIR = 'test_cache' FILE_STORE_PATH = File.join(File.dirname(__FILE__), '/../temp/', CACHE_DIR) ActionController::Base.page_cache_directory = FILE_STORE_PATH ActionController::Base.cache_store = :file_store, FILE_STORE_PATH +ActionController::Base.view_paths = [ File.dirname(__FILE__) + '/../fixtures/' ] class PageCachingTestController < ActionController::Base caches_page :ok, :no_content, :if => Proc.new { |c| !c.request.format.json? } @@ -128,7 +129,7 @@ class PageCachingTest < Test::Unit::TestCase end end end - + def test_page_caching_conditional_options @request.env['HTTP_ACCEPT'] = 'application/json' get :ok @@ -151,12 +152,15 @@ end class ActionCachingTestController < ActionController::Base - caches_action :index, :redirected, :forbidden + caches_action :index, :redirected, :forbidden, :if => Proc.new { |c| !c.request.format.json? } caches_action :show, :cache_path => 'http://test.host/custom/show' caches_action :edit, :cache_path => Proc.new { |c| c.params[:id] ? "http://test.host/#{c.params[:id]};edit" : "http://test.host/edit" } + caches_action :with_layout + + layout 'talk_from_action.erb' def index - @cache_this = Time.now.to_f.to_s + @cache_this = MockTime.now.to_f.to_s render :text => @cache_this end @@ -169,14 +173,26 @@ class ActionCachingTestController < ActionController::Base headers["Status"] = "403 Forbidden" end + def with_layout + @cache_this = MockTime.now.to_f.to_s + render :text => @cache_this, :layout => true + end + alias_method :show, :index alias_method :edit, :index + alias_method :destroy, :index def expire expire_action :controller => 'action_caching_test', :action => 'index' render :nothing => true end +end +class MockTime < Time + # Let Time spicy to assure that Time.now != Time.now + def to_f + super+rand + end end class ActionCachingMockController @@ -223,6 +239,36 @@ class ActionCacheTest < Test::Unit::TestCase assert_equal cached_time, @response.body end + def test_simple_action_not_cached + get :destroy + cached_time = content_to_cache + assert_equal cached_time, @response.body + assert_cache_does_not_exist 'hostname.com/action_caching_test/destroy' + reset! + + get :destroy + assert_not_equal cached_time, @response.body + end + + def test_action_cache_with_layout + get :with_layout + cached_time = content_to_cache + assert_not_equal cached_time, @response.body + assert_cache_exists 'hostname.com/action_caching_test/with_layout' + reset! + + get :with_layout + assert_not_equal cached_time, @response.body + + assert_equal @response.body, read_fragment('hostname.com/action_caching_test/with_layout') + end + + def test_action_cache_conditional_options + @request.env['HTTP_ACCEPT'] = 'application/json' + get :index + assert_cache_does_not_exist 'hostname.com/action_caching_test' + end + def test_action_cache_with_custom_cache_path get :show cached_time = content_to_cache @@ -350,9 +396,22 @@ class ActionCacheTest < Test::Unit::TestCase end def assert_cache_exists(path) - full_path = File.join(FILE_STORE_PATH, "views", path + '.cache') + full_path = cache_path(path) assert File.exist?(full_path), "#{full_path.inspect} does not exist." end + + def assert_cache_does_not_exist(path) + full_path = cache_path(path) + assert !File.exist?(full_path), "#{full_path.inspect} should not exist." + end + + def cache_path(path) + File.join(FILE_STORE_PATH, 'views', path + '.cache') + end + + def read_fragment(path) + @controller.read_fragment(path) + end end class FragmentCachingTestController < ActionController::Base @@ -516,7 +575,7 @@ class FunctionalFragmentCachingTest < Test::Unit::TestCase def setup ActionController::Base.perform_caching = true @store = ActiveSupport::Cache::MemoryStore.new - ActionController::Base.cache_store = @store + ActionController::Base.cache_store = @store @controller = FunctionalCachingController.new @request = ActionController::TestRequest.new @response = ActionController::TestResponse.new @@ -529,17 +588,17 @@ Hello This bit's fragment cached CACHED assert_equal expected_body, @response.body - + assert_equal "This bit's fragment cached", @store.read('views/test.host/functional_caching/fragment_cached') end - + def test_fragment_caching_in_partials get :html_fragment_cached_with_partial assert_response :success assert_match /Fragment caching in a partial/, @response.body assert_match "Fragment caching in a partial", @store.read('views/test.host/functional_caching/html_fragment_cached_with_partial') end - + def test_fragment_caching_in_rjs_partials xhr :get, :js_fragment_cached_with_partial assert_response :success @@ -547,8 +606,3 @@ CACHED assert_match "Fragment caching in a partial", @store.read('views/test.host/functional_caching/js_fragment_cached_with_partial') end end - - - - - -- cgit v1.2.3 From 8d37bd08eeac6d0e94f76ac6640e288bf64595b2 Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Wed, 14 May 2008 13:00:09 -0500 Subject: =?UTF-8?q?Protect=20#filter=5Fparameters=20created=20by=20filter?= =?UTF-8?q?=5Fparameter=5Flogging=20[Jos=C3=A9=20Valim]=20[#196=20state:re?= =?UTF-8?q?solved]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- actionpack/lib/action_controller/base.rb | 51 ++++++++++++------------ actionpack/test/controller/filter_params_test.rb | 20 ++++++---- 2 files changed, 39 insertions(+), 32 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index e1bf005f39..ea55fe42ce 100755 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -259,12 +259,12 @@ module ActionController #:nodoc: DEFAULT_RENDER_STATUS_CODE = "200 OK" include StatusCodes - + # Controller specific instance variables which will not be accessible inside views. @@protected_view_variables = %w(@assigns @performed_redirect @performed_render @variables_added @request_origin @url @parent_controller @action_name @before_filter_chain_aborted @action_cache_path @_session @_cookies @_headers @_params @_flash @_response) - + # Prepends all the URL-generating helpers from AssetHelper. This makes it possible to easily move javascripts, stylesheets, # and images to a dedicated asset server away from the main web server. Example: # ActionController::Base.asset_host = "http://assets.example.com" @@ -325,7 +325,7 @@ module ActionController #:nodoc: # Controls the default charset for all renders. @@default_charset = "utf-8" cattr_accessor :default_charset - + # The logger is used for generating information on the action run-time (including benchmarking) if available. # Can be set to nil for no logging. Compatible with both Ruby's own Logger and Log4r loggers. cattr_accessor :logger @@ -333,7 +333,7 @@ module ActionController #:nodoc: # Controls the resource action separator @@resource_action_separator = "/" cattr_accessor :resource_action_separator - + # Allow to override path names for default resources' actions @@resources_path_names = { :new => 'new', :edit => 'edit' } cattr_accessor :resources_path_names @@ -433,7 +433,7 @@ module ActionController #:nodoc: end # Adds a view_path to the front of the view_paths array. - # If the current class has no view paths, copy them from + # If the current class has no view paths, copy them from # the superclass. This change will be visible for all future requests. # # ArticleController.prepend_view_path("views/default") @@ -444,9 +444,9 @@ module ActionController #:nodoc: view_paths.unshift(*path) ActionView::TemplateFinder.process_view_paths(path) end - + # Adds a view_path to the end of the view_paths array. - # If the current class has no view paths, copy them from + # If the current class has no view paths, copy them from # the superclass. This change will be visible for all future requests. # # ArticleController.append_view_path("views/default") @@ -457,7 +457,7 @@ module ActionController #:nodoc: view_paths.push(*path) ActionView::TemplateFinder.process_view_paths(path) end - + # Replace sensitive parameter data from the request log. # Filters parameters that have any of the arguments as a substring. # Looks in all subhashes of the param hash for keys to filter. @@ -504,6 +504,7 @@ module ActionController #:nodoc: filtered_parameters end + protected :filter_parameters end # Don't render layouts for templates with the given extensions. @@ -643,12 +644,12 @@ module ActionController #:nodoc: end self.view_paths = [] - + # View load paths for controller. def view_paths @template.finder.view_paths end - + def view_paths=(value) @template.finder.view_paths = value # Mutex needed end @@ -662,7 +663,7 @@ module ActionController #:nodoc: def prepend_view_path(path) @template.finder.prepend_view_path(path) # Mutex needed end - + # Adds a view_path to the end of the view_paths array. # This change affects the current request only. # @@ -874,10 +875,10 @@ module ActionController #:nodoc: elsif action_name = options[:action] template = default_template_name(action_name.to_s) if options[:layout] && !template_exempt_from_layout?(template) - render_with_a_layout(:file => template, :status => options[:status], :use_full_path => true, :layout => true) + render_with_a_layout(:file => template, :status => options[:status], :use_full_path => true, :layout => true) else render_with_no_layout(:file => template, :status => options[:status], :use_full_path => true) - end + end elsif xml = options[:xml] response.content_type ||= Mime::XML @@ -895,12 +896,12 @@ module ActionController #:nodoc: if collection = options[:collection] render_for_text( - @template.send!(:render_partial_collection, partial, collection, + @template.send!(:render_partial_collection, partial, collection, options[:spacer_template], options[:locals]), options[:status] ) else render_for_text( - @template.send!(:render_partial, partial, + @template.send!(:render_partial, partial, ActionView::Base::ObjectWrapper.new(options[:object]), options[:locals]), options[:status] ) end @@ -1024,7 +1025,7 @@ module ActionController #:nodoc: # redirect_to articles_url # redirect_to :back # - # The redirection happens as a "302 Moved" header unless otherwise specified. + # The redirection happens as a "302 Moved" header unless otherwise specified. # # Examples: # redirect_to post_url(@post), :status=>:found @@ -1035,17 +1036,17 @@ module ActionController #:nodoc: # When using redirect_to :back, if there is no referrer, # RedirectBackError will be raised. You may specify some fallback # behavior for this case by rescuing RedirectBackError. - def redirect_to(options = {}, response_status = {}) #:doc: + def redirect_to(options = {}, response_status = {}) #:doc: raise ActionControllerError.new("Cannot redirect to nil!") if options.nil? - if options.is_a?(Hash) && options[:status] - status = options.delete(:status) - elsif response_status[:status] - status = response_status[:status] - else - status = 302 + if options.is_a?(Hash) && options[:status] + status = options.delete(:status) + elsif response_status[:status] + status = response_status[:status] + else + status = 302 end - + case options when %r{^\w+://.*} raise DoubleRenderError if performed? @@ -1119,7 +1120,7 @@ module ActionController #:nodoc: response.body = text.is_a?(Proc) ? text : text.to_s end end - + def initialize_template_class(response) response.template = ActionView::Base.new(self.class.view_paths, {}, self) response.template.extend self.class.master_helper_module diff --git a/actionpack/test/controller/filter_params_test.rb b/actionpack/test/controller/filter_params_test.rb index 11adacb5e3..c9688b2063 100644 --- a/actionpack/test/controller/filter_params_test.rb +++ b/actionpack/test/controller/filter_params_test.rb @@ -7,14 +7,14 @@ class FilterParamTest < Test::Unit::TestCase def setup @controller = FilterParamController.new end - + def test_filter_parameters assert FilterParamController.respond_to?(:filter_parameter_logging) assert !@controller.respond_to?(:filter_parameters) - + FilterParamController.filter_parameter_logging assert @controller.respond_to?(:filter_parameters) - + test_hashes = [[{},{},[]], [{'foo'=>nil},{'foo'=>nil},[]], [{'foo'=>'bar'},{'foo'=>'bar'},[]], @@ -24,11 +24,11 @@ class FilterParamTest < Test::Unit::TestCase [{'foo'=>'bar', 'baz'=>'foo'},{'foo'=>'[FILTERED]', 'baz'=>'[FILTERED]'},%w'foo baz'], [{'bar'=>{'foo'=>'bar','bar'=>'foo'}},{'bar'=>{'foo'=>'[FILTERED]','bar'=>'foo'}},%w'fo'], [{'foo'=>{'foo'=>'bar','bar'=>'foo'}},{'foo'=>'[FILTERED]'},%w'f banana']] - + test_hashes.each do |before_filter, after_filter, filter_words| FilterParamController.filter_parameter_logging(*filter_words) - assert_equal after_filter, @controller.filter_parameters(before_filter) - + assert_equal after_filter, @controller.send!(:filter_parameters, before_filter) + filter_words.push('blah') FilterParamController.filter_parameter_logging(*filter_words) do |key, value| value.reverse! if key =~ /bargain/ @@ -37,7 +37,13 @@ class FilterParamTest < Test::Unit::TestCase before_filter['barg'] = {'bargain'=>'gain', 'blah'=>'bar', 'bar'=>{'bargain'=>{'blah'=>'foo'}}} after_filter['barg'] = {'bargain'=>'niag', 'blah'=>'[FILTERED]', 'bar'=>{'bargain'=>{'blah'=>'[FILTERED]'}}} - assert_equal after_filter, @controller.filter_parameters(before_filter) + assert_equal after_filter, @controller.send!(:filter_parameters, before_filter) end end + + def test_filter_parameters_is_protected + FilterParamController.filter_parameter_logging + assert !@controller.send!(:action_methods).include?(:filter_parameters) + assert (begin @controller.filter_parameters rescue true end) + end end -- cgit v1.2.3 From 1066b16237ad3287f236973748ccf721c1b0f2d8 Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Wed, 14 May 2008 13:38:02 -0500 Subject: =?UTF-8?q?Improve=20test=20coverage=20for=20filter=5Fparameters?= =?UTF-8?q?=20[Jos=C3=A9=20Valim]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- actionpack/test/controller/filter_params_test.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'actionpack') diff --git a/actionpack/test/controller/filter_params_test.rb b/actionpack/test/controller/filter_params_test.rb index c9688b2063..af2b0e1ce4 100644 --- a/actionpack/test/controller/filter_params_test.rb +++ b/actionpack/test/controller/filter_params_test.rb @@ -42,8 +42,8 @@ class FilterParamTest < Test::Unit::TestCase end def test_filter_parameters_is_protected - FilterParamController.filter_parameter_logging - assert !@controller.send!(:action_methods).include?(:filter_parameters) - assert (begin @controller.filter_parameters rescue true end) + FilterParamController.filter_parameter_logging(:foo) + assert !FilterParamController.action_methods.include?('filter_parameters') + assert !(begin @controller.filter_parameters([{'foo' => 'bar'}]) rescue false end) end end -- cgit v1.2.3 From f32b974338cb965a27d521b32304aebd9811a9ba Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Wed, 14 May 2008 13:55:14 -0500 Subject: Clean up previously commited test. --- actionpack/test/controller/filter_params_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack') diff --git a/actionpack/test/controller/filter_params_test.rb b/actionpack/test/controller/filter_params_test.rb index af2b0e1ce4..12048bfa08 100644 --- a/actionpack/test/controller/filter_params_test.rb +++ b/actionpack/test/controller/filter_params_test.rb @@ -43,7 +43,7 @@ class FilterParamTest < Test::Unit::TestCase def test_filter_parameters_is_protected FilterParamController.filter_parameter_logging(:foo) - assert !FilterParamController.action_methods.include?('filter_parameters') - assert !(begin @controller.filter_parameters([{'foo' => 'bar'}]) rescue false end) + assert !FilterParamController.action_methods.include?(:filter_parameters) + assert_raise(NoMethodError) { @controller.filter_parameters([{'password' => '[FILTERED]'}]) } end end -- cgit v1.2.3 From 3b0e1d90938e3d4c98830e037b3da15b3f736f7f Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Wed, 14 May 2008 14:09:49 -0500 Subject: Prefer string core_ext inflector methods over directly accessing Inflector. --- actionpack/lib/action_controller/caching/sweeping.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/caching/sweeping.rb b/actionpack/lib/action_controller/caching/sweeping.rb index 3164e14f6f..61559e9ec7 100644 --- a/actionpack/lib/action_controller/caching/sweeping.rb +++ b/actionpack/lib/action_controller/caching/sweeping.rb @@ -28,7 +28,7 @@ module ActionController #:nodoc: # class ListsController < ApplicationController # caches_action :index, :show, :public, :feed # cache_sweeper OpenBar::Sweeper, :only => [ :edit, :destroy, :share ] - # end + # end module Sweeping def self.included(base) #:nodoc: base.extend(ClassMethods) @@ -40,7 +40,7 @@ module ActionController #:nodoc: sweepers.each do |sweeper| ActiveRecord::Base.observers << sweeper if defined?(ActiveRecord) and defined?(ActiveRecord::Base) - sweeper_instance = (sweeper.is_a?(Symbol) ? Object.const_get(Inflector.classify(sweeper)) : sweeper).instance + sweeper_instance = (sweeper.is_a?(Symbol) ? Object.const_get(sweeper.to_s.classify) : sweeper).instance if sweeper_instance.is_a?(Sweeper) around_filter(sweeper_instance, :only => configuration[:only]) @@ -94,4 +94,4 @@ module ActionController #:nodoc: end end end -end \ No newline at end of file +end -- cgit v1.2.3 From bc3cc91a3f53816cc205f791cba34514ce0a113e Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Wed, 14 May 2008 14:14:23 -0500 Subject: One last fix to test_filter_parameters_is_protected. --- actionpack/test/controller/filter_params_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack') diff --git a/actionpack/test/controller/filter_params_test.rb b/actionpack/test/controller/filter_params_test.rb index 12048bfa08..c4de10181d 100644 --- a/actionpack/test/controller/filter_params_test.rb +++ b/actionpack/test/controller/filter_params_test.rb @@ -43,7 +43,7 @@ class FilterParamTest < Test::Unit::TestCase def test_filter_parameters_is_protected FilterParamController.filter_parameter_logging(:foo) - assert !FilterParamController.action_methods.include?(:filter_parameters) + assert !FilterParamController.action_methods.include?('filter_parameters') assert_raise(NoMethodError) { @controller.filter_parameters([{'password' => '[FILTERED]'}]) } end end -- cgit v1.2.3 From 603c853a340c9dbf6a959e74116487b870b7a893 Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Wed, 14 May 2008 14:34:28 -0500 Subject: Don't fallback to just adding "'s" in TextHelper#pluralize, because the Inflector is always loaded. --- actionpack/lib/action_view/helpers/text_helper.rb | 127 ++++++++++------------ actionpack/test/template/text_helper_test.rb | 39 +++---- 2 files changed, 73 insertions(+), 93 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index f8c3b67474..9d220c546a 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -3,19 +3,19 @@ require 'html/document' module ActionView module Helpers #:nodoc: - # The TextHelper module provides a set of methods for filtering, formatting - # and transforming strings, which can reduce the amount of inline Ruby code in - # your views. These helper methods extend ActionView making them callable + # The TextHelper module provides a set of methods for filtering, formatting + # and transforming strings, which can reduce the amount of inline Ruby code in + # your views. These helper methods extend ActionView making them callable # within your template files. - module TextHelper - # The preferred method of outputting text in your views is to use the - # <%= "text" %> eRuby syntax. The regular _puts_ and _print_ methods - # do not operate as expected in an eRuby code block. If you absolutely must + module TextHelper + # The preferred method of outputting text in your views is to use the + # <%= "text" %> eRuby syntax. The regular _puts_ and _print_ methods + # do not operate as expected in an eRuby code block. If you absolutely must # output text within a non-output code block (i.e., <% %>), you can use the concat method. # # ==== Examples - # <% - # concat "hello", binding + # <% + # concat "hello", binding # # is the equivalent of <%= "hello" %> # # if (logged_in == true): @@ -30,15 +30,15 @@ module ActionView end if RUBY_VERSION < '1.9' - # If +text+ is longer than +length+, +text+ will be truncated to the length of + # If +text+ is longer than +length+, +text+ will be truncated to the length of # +length+ (defaults to 30) and the last characters will be replaced with the +truncate_string+ # (defaults to "..."). # # ==== Examples - # truncate("Once upon a time in a world far far away", 14) + # truncate("Once upon a time in a world far far away", 14) # # => Once upon a... # - # truncate("Once upon a time in a world far far away") + # truncate("Once upon a time in a world far far away") # # => Once upon a time in a world f... # # truncate("And they found that many people were sleeping better.", 25, "(clipped)") @@ -63,20 +63,20 @@ module ActionView end # Highlights one or more +phrases+ everywhere in +text+ by inserting it into - # a +highlighter+ string. The highlighter can be specialized by passing +highlighter+ + # a +highlighter+ string. The highlighter can be specialized by passing +highlighter+ # as a single-quoted string with \1 where the phrase is to be inserted (defaults to # '\1') # # ==== Examples - # highlight('You searched for: rails', 'rails') + # highlight('You searched for: rails', 'rails') # # => You searched for: rails # # highlight('You searched for: ruby, rails, dhh', 'actionpack') - # # => You searched for: ruby, rails, dhh + # # => You searched for: ruby, rails, dhh # - # highlight('You searched for: rails', ['for', 'rails'], '\1') + # highlight('You searched for: rails', ['for', 'rails'], '\1') # # => You searched for: rails - # + # # highlight('You searched for: rails', 'rails', "\1") # # => You searched for: \1') @@ -89,23 +89,23 @@ module ActionView end if RUBY_VERSION < '1.9' - # Extracts an excerpt from +text+ that matches the first instance of +phrase+. + # Extracts an excerpt from +text+ that matches the first instance of +phrase+. # The +radius+ expands the excerpt on each side of the first occurrence of +phrase+ by the number of characters # defined in +radius+ (which defaults to 100). If the excerpt radius overflows the beginning or end of the +text+, # then the +excerpt_string+ will be prepended/appended accordingly. The resulting string will be stripped in any case. # If the +phrase+ isn't found, nil is returned. # # ==== Examples - # excerpt('This is an example', 'an', 5) + # excerpt('This is an example', 'an', 5) # # => "...s is an exam..." # - # excerpt('This is an example', 'is', 5) + # excerpt('This is an example', 'is', 5) # # => "This is a..." # - # excerpt('This is an example', 'is') + # excerpt('This is an example', 'is') # # => "This is an example" # - # excerpt('This next thing is an example', 'ex', 2) + # excerpt('This next thing is an example', 'ex', 2) # # => "...next..." # # excerpt('This is also an example', 'an', 8, ' ') @@ -147,33 +147,24 @@ module ActionView end end - # Attempts to pluralize the +singular+ word unless +count+ is 1. If +plural+ - # is supplied, it will use that when count is > 1, if the ActiveSupport Inflector - # is loaded, it will use the Inflector to determine the plural form, otherwise - # it will just add an 's' to the +singular+ word. + # Attempts to pluralize the +singular+ word unless +count+ is 1. If + # +plural+ is supplied, it will use that when count is > 1, otherwise + # it will use the Inflector to determine the plural form # # ==== Examples - # pluralize(1, 'person') + # pluralize(1, 'person') # # => 1 person # - # pluralize(2, 'person') + # pluralize(2, 'person') # # => 2 people # - # pluralize(3, 'person', 'users') + # pluralize(3, 'person', 'users') # # => 3 users # # pluralize(0, 'person') # # => 0 people def pluralize(count, singular, plural = nil) - "#{count || 0} " + if count == 1 || count == '1' - singular - elsif plural - plural - elsif Object.const_defined?("Inflector") - Inflector.pluralize(singular) - else - singular + "s" - end + "#{count || 0} " + ((count == 1 || count == '1') ? singular : (plural || singular.pluralize)) end # Wraps the +text+ into lines no longer than +line_width+ width. This method @@ -229,7 +220,7 @@ module ActionView end end - # Returns the text with all the Textile codes turned into HTML tags, + # Returns the text with all the Textile codes turned into HTML tags, # but without the bounding

tag that RedCloth adds. # # You can learn more about Textile's syntax at its website[http://www.textism.com/tools/textile]. @@ -273,25 +264,25 @@ module ActionView # # => "

We like to write code, not just read it!

" # # markdown("The [Markdown website](http://daringfireball.net/projects/markdown/) has more information.") - # # => "

The Markdown website + # # => "

The Markdown website # # has more information.

" # # markdown('![The ROR logo](http://rubyonrails.com/images/rails.png "Ruby on Rails")') - # # => '

The ROR logo

' + # # => '

The ROR logo

' def markdown(text) text.blank? ? "" : BlueCloth.new(text).to_html end rescue LoadError # We can't really help what's not there end - + # Returns +text+ transformed into HTML using simple formatting rules. - # Two or more consecutive newlines(\n\n) are considered as a + # Two or more consecutive newlines(\n\n) are considered as a # paragraph and wrapped in

tags. One newline (\n) is # considered as a linebreak and a
tag is appended. This - # method does not remove the newlines from the +text+. + # method does not remove the newlines from the +text+. # - # You can pass any HTML attributes into html_options. These + # You can pass any HTML attributes into html_options. These # will be added to all created paragraphs. # ==== Examples # my_text = "Here is some basic text...\n...with a line break." @@ -316,19 +307,19 @@ module ActionView text << "

" end - # Turns all URLs and e-mail addresses into clickable links. The +link+ parameter + # Turns all URLs and e-mail addresses into clickable links. The +link+ parameter # will limit what should be linked. You can add HTML attributes to the links using - # +href_options+. Options for +link+ are :all (default), - # :email_addresses, and :urls. If a block is given, each URL and + # +href_options+. Options for +link+ are :all (default), + # :email_addresses, and :urls. If a block is given, each URL and # e-mail address is yielded and the result is used as the link text. # # ==== Examples - # auto_link("Go to http://www.rubyonrails.org and say hello to david@loudthinking.com") + # auto_link("Go to http://www.rubyonrails.org and say hello to david@loudthinking.com") # # => "Go to http://www.rubyonrails.org and # # say hello to david@loudthinking.com" # # auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :urls) - # # => "Visit http://www.loudthinking.com/ + # # => "Visit http://www.loudthinking.com/ # # or e-mail david@loudthinking.com" # # auto_link("Visit http://www.loudthinking.com/ or e-mail david@loudthinking.com", :email_addresses) @@ -338,9 +329,9 @@ module ActionView # auto_link(post_body, :all, :target => '_blank') do |text| # truncate(text, 15) # end - # # => "Welcome to my new blog at http://www.m.... + # # => "Welcome to my new blog at http://www.m.... # Please e-mail me at me@email.com." - # + # def auto_link(text, link = :all, href_options = {}, &block) return '' if text.blank? case link @@ -349,15 +340,15 @@ module ActionView when :urls then auto_link_urls(text, href_options, &block) end end - + # Creates a Cycle object whose _to_s_ method cycles through elements of an - # array every time it is called. This can be used for example, to alternate - # classes for table rows. You can use named cycles to allow nesting in loops. - # Passing a Hash as the last parameter with a :name key will create a - # named cycle. You can manually reset a cycle by calling reset_cycle and passing the + # array every time it is called. This can be used for example, to alternate + # classes for table rows. You can use named cycles to allow nesting in loops. + # Passing a Hash as the last parameter with a :name key will create a + # named cycle. You can manually reset a cycle by calling reset_cycle and passing the # name of the cycle. # - # ==== Examples + # ==== Examples # # Alternate CSS classes for even and odd numbers... # @items = [1,2,3,4] # @@ -370,8 +361,8 @@ module ActionView # # # # Cycle CSS classes for rows, and text colors for values within each row - # @items = x = [{:first => 'Robert', :middle => 'Daniel', :last => 'James'}, - # {:first => 'Emily', :middle => 'Shannon', :maiden => 'Pike', :last => 'Hicks'}, + # @items = x = [{:first => 'Robert', :middle => 'Daniel', :last => 'James'}, + # {:first => 'Emily', :middle => 'Shannon', :maiden => 'Pike', :last => 'Hicks'}, # {:first => 'June', :middle => 'Dae', :last => 'Jones'}] # <% @items.each do |item| %> # "row_class") -%>"> @@ -401,8 +392,8 @@ module ActionView end return cycle.to_s end - - # Resets a cycle so that it starts from the first element the next time + + # Resets a cycle so that it starts from the first element the next time # it is called. Pass in +name+ to reset a named cycle. # # ==== Example @@ -428,12 +419,12 @@ module ActionView class Cycle #:nodoc: attr_reader :values - + def initialize(first_value, *values) @values = values.unshift(first_value) reset end - + def reset @index = 0 end @@ -453,7 +444,7 @@ module ActionView @_cycles = Hash.new unless defined?(@_cycles) return @_cycles[name] end - + def set_cycle(name, cycle_object) @_cycles = Hash.new unless defined?(@_cycles) @_cycles[name] = cycle_object @@ -462,13 +453,13 @@ module ActionView AUTO_LINK_RE = %r{ ( # leading text <\w+.*?>| # leading HTML tag, or - [^=!:'"/]| # leading punctuation, or + [^=!:'"/]| # leading punctuation, or ^ # beginning of line ) ( (?:https?://)| # protocol spec, or (?:www\.) # www.* - ) + ) ( [-\w]+ # subdomain or domain (?:\.[-\w]+)* # remaining subdomains or domain @@ -502,7 +493,7 @@ module ActionView body = text.dup text.gsub(/([\w\.!#\$%\-+.]+@[A-Za-z0-9\-]+(\.[A-Za-z0-9\-]+)+)/) do text = $1 - + if body.match(/]*>(.*)(#{Regexp.escape(text)})(.*)<\/a>/) text else diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index 25ecda687f..b803e7fa11 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -23,9 +23,9 @@ class TextHelperTest < ActionView::TestCase text = "A\r\n \nB\n\n\r\n\t\nC\nD".freeze assert_equal "

A\n
\n
B

\n\n

\t\n
C\n
D

", simple_format(text) - + assert_equal %q(

This is a classy test

), simple_format("This is a classy test", :class => 'test') - assert_equal %Q(

para 1

\n\n

para 2

), simple_format("para 1\n\npara 2", :class => 'test') + assert_equal %Q(

para 1

\n\n

para 2

), simple_format("para 1\n\npara 2", :class => 'test') end def test_truncate @@ -41,7 +41,7 @@ class TextHelperTest < ActionView::TestCase if RUBY_VERSION < '1.9.0' def test_truncate_multibyte with_kcode 'none' do - assert_equal "\354\225\210\353\205\225\355...", truncate("\354\225\210\353\205\225\355\225\230\354\204\270\354\232\224", 10) + assert_equal "\354\225\210\353\205\225\355...", truncate("\354\225\210\353\205\225\355\225\230\354\204\270\354\232\224", 10) end with_kcode 'u' do assert_equal "\354\225\204\353\246\254\353\236\221 \354\225\204\353\246\254 ...", @@ -73,7 +73,7 @@ class TextHelperTest < ActionView::TestCase "This is a beautiful morning, but also a beautiful day", highlight("This is a beautiful morning, but also a beautiful day", "beautiful", '\1') ) - + assert_equal( "This text is not changed because we supplied an empty phrase", highlight("This text is not changed because we supplied an empty phrase", nil) @@ -166,18 +166,7 @@ class TextHelperTest < ActionView::TestCase assert_equal("2 counters", pluralize(2, "count", "counters")) assert_equal("0 counters", pluralize(nil, "count", "counters")) assert_equal("2 people", pluralize(2, "person")) - assert_equal("10 buffaloes", pluralize(10, "buffalo")) - end - - uses_mocha("should_just_add_s_for_pluralize_without_inflector_loaded") do - def test_should_just_add_s_for_pluralize_without_inflector_loaded - Object.expects(:const_defined?).with("Inflector").times(4).returns(false) - assert_equal("1 count", pluralize(1, "count")) - assert_equal("2 persons", pluralize(2, "person")) - assert_equal("2 personss", pluralize("2", "persons")) - assert_equal("2 counts", pluralize(2, "count")) - assert_equal("10 buffalos", pluralize(10, "buffalo")) - end + assert_equal("10 buffaloes", pluralize(10, "buffalo")) end def test_auto_link_parsing @@ -298,7 +287,7 @@ class TextHelperTest < ActionView::TestCase assert_equal("2", value.to_s) assert_equal("3", value.to_s) end - + def test_cycle_class_with_no_arguments assert_raise(ArgumentError) { value = Cycle.new() } end @@ -311,11 +300,11 @@ class TextHelperTest < ActionView::TestCase assert_equal("2", cycle("one", 2, "3")) assert_equal("3", cycle("one", 2, "3")) end - + def test_cycle_with_no_arguments assert_raise(ArgumentError) { value = cycle() } end - + def test_cycle_resets_with_new_values assert_equal("even", cycle("even", "odd")) assert_equal("odd", cycle("even", "odd")) @@ -325,7 +314,7 @@ class TextHelperTest < ActionView::TestCase assert_equal("3", cycle(1, 2, 3)) assert_equal("1", cycle(1, 2, 3)) end - + def test_named_cycles assert_equal("1", cycle(1, 2, 3, :name => "numbers")) assert_equal("red", cycle("red", "blue", :name => "colors")) @@ -334,24 +323,24 @@ class TextHelperTest < ActionView::TestCase assert_equal("3", cycle(1, 2, 3, :name => "numbers")) assert_equal("red", cycle("red", "blue", :name => "colors")) end - + def test_default_named_cycle assert_equal("1", cycle(1, 2, 3)) assert_equal("2", cycle(1, 2, 3, :name => "default")) assert_equal("3", cycle(1, 2, 3)) end - + def test_reset_cycle assert_equal("1", cycle(1, 2, 3)) assert_equal("2", cycle(1, 2, 3)) reset_cycle assert_equal("1", cycle(1, 2, 3)) end - + def test_reset_unknown_cycle reset_cycle("colors") end - + def test_recet_named_cycle assert_equal("1", cycle(1, 2, 3, :name => "numbers")) assert_equal("red", cycle("red", "blue", :name => "colors")) @@ -361,7 +350,7 @@ class TextHelperTest < ActionView::TestCase assert_equal("2", cycle(1, 2, 3, :name => "numbers")) assert_equal("red", cycle("red", "blue", :name => "colors")) end - + def test_cycle_no_instance_variable_clashes @cycles = %w{Specialized Fuji Giant} assert_equal("red", cycle("red", "blue")) -- cgit v1.2.3 From 6df995bbf2f0fcb26b7a1ba8d4e41ed9de77b6c8 Mon Sep 17 00:00:00 2001 From: Robby Russell Date: Wed, 14 May 2008 17:17:24 -0700 Subject: Adding an example test case for pluralize for (y) -> (ies) --- actionpack/test/template/text_helper_test.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'actionpack') diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index b803e7fa11..06e1fd1929 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -167,6 +167,8 @@ class TextHelperTest < ActionView::TestCase assert_equal("0 counters", pluralize(nil, "count", "counters")) assert_equal("2 people", pluralize(2, "person")) assert_equal("10 buffaloes", pluralize(10, "buffalo")) + assert_equal("1 berry", pluralize(1, "berry")) + assert_equal("12 berries", pluralize(12, "berry")) end def test_auto_link_parsing -- cgit v1.2.3 From d6ecce66f4e125531875006eea8022b73fe135b5 Mon Sep 17 00:00:00 2001 From: Michael Hartl Date: Thu, 15 May 2008 10:46:40 -0700 Subject: Expanded and updated the link_to documentation link_to is the primary interface much of the Rails URL machinery, including url_for and routes. The new examples (with explanations) are designed to reflect this importance, and are especially designed to be friendly to less experienced Rails programmers. The new docs are also updated to use RESTful routes. --- actionpack/lib/action_view/helpers/url_helper.rb | 63 ++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 4 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index 375ebfcdc5..856cb0d79f 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -120,17 +120,72 @@ module ActionView # exception. # # ==== Examples + # Because it relies on url_for, link_to supports both older-style controller/action/id arguments + # and newer RESTful routes. Current Rails style favors + # RESTful routes whenever possible, so use + # + # link_to "Profile", profile_path(@profile) + # # => Profile + # + # or the even pithier + # + # link_to "Profile", @profile + # # => Profile + # + # in place of the more verbose + # + # link_to "Profile", :controller => "profiles", :action => "show", :id => @profile.id + # # => Profile + # + # Similarly, + # + # link_to "Profiles", profiles_path + # # => Profiles + # + # is better than + # + # link_to "Profiles", :controller => "profiles" + # # => Profiles + # + # Classes and ids for CSS are easy to produce: + # + # link_to "Articles", articles_path, :id => "news", :class => "article" + # # => Articles + # + # Be careful when using the older argument style, as an extra literal hash is needed: + # + # link_to "Articles", { :controller => "articles" }, :id => "news", :class => "article" + # # => Articles + # + # Leaving the hash off gives the wrong link: + # + # link_to "WRONG!", :controller => "articles", :id => "news", :class => "article" + # # => WRONG! + # + # link_to can also produce links with anchors or query strings: + # + # link_to "Comment wall", profile_path(@profile, :anchor => "wall") + # # => Comment wall + # + # link_to "Ruby on Rails search", :controller => "searches", :query => "ruby on rails" + # # => Ruby on Rails search + # + # link_to "Nonsense search", searches_path(:foo => "bar", :baz => "quux") + # # => Nonsense search + # + # The three options specfic to link_to (confirm, popup, and method) are used as follows: + # # link_to "Visit Other Site", "http://www.rubyonrails.org/", :confirm => "Are you sure?" # # => Visit Other Site # # link_to "Help", { :action => "help" }, :popup => true # # => Help # - # link_to "View Image", { :action => "view" }, :popup => ['new_window_name', 'height=300,width=600'] - # # => View Image + # link_to "View Image", @image, :popup => ['new_window_name', 'height=300,width=600'] + # # => View Image # - # link_to "Delete Image", { :action => "delete", :id => @image.id }, :confirm => "Are you sure?", :method => :delete - # # => "Are you sure?", :method => :delete + # # => Delete Image -- cgit v1.2.3 From 4e2bc02163aa646ab1304b1b5bec98a7af8927f5 Mon Sep 17 00:00:00 2001 From: Xavier Noria Date: Fri, 16 May 2008 00:43:03 +0200 Subject: minor revision in url_for docs Made explicit that RESTful and controller/action styles are not interchangeable, and revised some markup. --- actionpack/lib/action_view/helpers/url_helper.rb | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index 856cb0d79f..38c8d18cb0 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -120,9 +120,9 @@ module ActionView # exception. # # ==== Examples - # Because it relies on url_for, link_to supports both older-style controller/action/id arguments - # and newer RESTful routes. Current Rails style favors - # RESTful routes whenever possible, so use + # Because it relies on +url_for+, +link_to+ supports both older-style controller/action/id arguments + # and newer RESTful routes. Current Rails style favors RESTful routes whenever possible, so base + # your application on resources and use # # link_to "Profile", profile_path(@profile) # # => Profile @@ -132,9 +132,9 @@ module ActionView # link_to "Profile", @profile # # => Profile # - # in place of the more verbose + # in place of the older more verbose, non-resource-oriented # - # link_to "Profile", :controller => "profiles", :action => "show", :id => @profile.id + # link_to "Profile", :controller => "profiles", :action => "show", :id => @profile # # => Profile # # Similarly, @@ -162,7 +162,7 @@ module ActionView # link_to "WRONG!", :controller => "articles", :id => "news", :class => "article" # # => WRONG! # - # link_to can also produce links with anchors or query strings: + # +link_to+ can also produce links with anchors or query strings: # # link_to "Comment wall", profile_path(@profile, :anchor => "wall") # # => Comment wall @@ -173,7 +173,7 @@ module ActionView # link_to "Nonsense search", searches_path(:foo => "bar", :baz => "quux") # # => Nonsense search # - # The three options specfic to link_to (confirm, popup, and method) are used as follows: + # The three options specfic to +link_to+ (:confirm, :popup, and :method) are used as follows: # # link_to "Visit Other Site", "http://www.rubyonrails.org/", :confirm => "Are you sure?" # # => Visit Other Site -- cgit v1.2.3