From 543ccf740d57eb7e0b027b74bf2fa2538d39ed5a Mon Sep 17 00:00:00 2001 From: Yves Senn Date: Fri, 22 Nov 2013 14:14:41 +0100 Subject: `ActionView::MissingTemplate` for partials includes underscore. Missing partial folder/_partial instead of folder/partial. Closes #13002. --- actionview/lib/action_view/template/error.rb | 3 +++ 1 file changed, 3 insertions(+) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/template/error.rb b/actionview/lib/action_view/template/error.rb index 7b4b5e13e0..743ef6de0a 100644 --- a/actionview/lib/action_view/template/error.rb +++ b/actionview/lib/action_view/template/error.rb @@ -41,6 +41,9 @@ module ActionView 'template' end + if partial && path.present? + path = path.sub(%r{([^/]+)$}, "_\\1") + end searched_paths = prefixes.map { |prefix| [prefix, path].join("/") } out = "Missing #{template_type} #{searched_paths.join(", ")} with #{details.inspect}. Searched in:\n" -- cgit v1.2.3 From ef0f633c66d8eac6612c118c66ccf1b096bd4d3e Mon Sep 17 00:00:00 2001 From: Akshay Vishnoi Date: Mon, 2 Dec 2013 19:35:02 +0530 Subject: Typo and grammatical fixes [ci skip] --- actionview/lib/action_view/helpers/asset_tag_helper.rb | 2 +- actionview/lib/action_view/helpers/form_options_helper.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/asset_tag_helper.rb b/actionview/lib/action_view/helpers/asset_tag_helper.rb index b1ba9da4cf..163d01c2eb 100644 --- a/actionview/lib/action_view/helpers/asset_tag_helper.rb +++ b/actionview/lib/action_view/helpers/asset_tag_helper.rb @@ -103,7 +103,7 @@ module ActionView }.join("\n").html_safe end - # Returns a link tag that browsers and news readers can use to auto-detect + # Returns a link tag that browsers and feed readers can use to auto-detect # an RSS or Atom feed. The +type+ can either be :rss (default) or # :atom. Control the link options in url_for format using the # +url_options+. You can modify the LINK tag itself in +tag_options+. diff --git a/actionview/lib/action_view/helpers/form_options_helper.rb b/actionview/lib/action_view/helpers/form_options_helper.rb index 4347983bad..f625a9ff49 100644 --- a/actionview/lib/action_view/helpers/form_options_helper.rb +++ b/actionview/lib/action_view/helpers/form_options_helper.rb @@ -260,7 +260,7 @@ module ActionView Tags::GroupedCollectionSelect.new(object, method, self, collection, group_method, group_label_method, option_key_method, option_value_method, options, html_options).render end - # Return select and option tags for the given object and method, using + # Returns select and option tags for the given object and method, using # #time_zone_options_for_select to generate the list of option tags. # # In addition to the :include_blank option documented above, -- cgit v1.2.3 From 83e4f33ea1f39f1e72b7017641f186756206c14f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 2 Dec 2013 20:25:20 -0200 Subject: Make ActionView::Tags loading tread safe --- actionview/lib/action_view.rb | 1 + actionview/lib/action_view/helpers.rb | 6 +++ actionview/lib/action_view/helpers/form_helper.rb | 1 - actionview/lib/action_view/helpers/tags.rb | 64 ++++++++++++----------- 4 files changed, 40 insertions(+), 32 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view.rb b/actionview/lib/action_view.rb index 39c0c6c856..810d82e89b 100644 --- a/actionview/lib/action_view.rb +++ b/actionview/lib/action_view.rb @@ -84,6 +84,7 @@ module ActionView def self.eager_load! super + ActionView::Helpers.eager_load! ActionView::Template.eager_load! HTML.eager_load! end diff --git a/actionview/lib/action_view/helpers.rb b/actionview/lib/action_view/helpers.rb index 8a78685ae1..787e9d67b2 100644 --- a/actionview/lib/action_view/helpers.rb +++ b/actionview/lib/action_view/helpers.rb @@ -27,6 +27,12 @@ module ActionView #:nodoc: autoload :TextHelper autoload :TranslationHelper autoload :UrlHelper + autoload :Tags + + def self.eager_load! + super + Tags.eager_load! + end extend ActiveSupport::Concern diff --git a/actionview/lib/action_view/helpers/form_helper.rb b/actionview/lib/action_view/helpers/form_helper.rb index 38d969ed0c..e672891f7b 100644 --- a/actionview/lib/action_view/helpers/form_helper.rb +++ b/actionview/lib/action_view/helpers/form_helper.rb @@ -3,7 +3,6 @@ require 'action_view/helpers/date_helper' require 'action_view/helpers/tag_helper' require 'action_view/helpers/form_tag_helper' require 'action_view/helpers/active_model_helper' -require 'action_view/helpers/tags' require 'action_view/model_naming' require 'active_support/core_ext/class/attribute_accessors' require 'active_support/core_ext/hash/slice' diff --git a/actionview/lib/action_view/helpers/tags.rb b/actionview/lib/action_view/helpers/tags.rb index a05e16979a..45c75d10c0 100644 --- a/actionview/lib/action_view/helpers/tags.rb +++ b/actionview/lib/action_view/helpers/tags.rb @@ -3,37 +3,39 @@ module ActionView module Tags #:nodoc: extend ActiveSupport::Autoload - autoload :Base - autoload :CheckBox - autoload :CollectionCheckBoxes - autoload :CollectionRadioButtons - autoload :CollectionSelect - autoload :ColorField - autoload :DateField - autoload :DateSelect - autoload :DatetimeField - autoload :DatetimeLocalField - autoload :DatetimeSelect - autoload :EmailField - autoload :FileField - autoload :GroupedCollectionSelect - autoload :HiddenField - autoload :Label - autoload :MonthField - autoload :NumberField - autoload :PasswordField - autoload :RadioButton - autoload :RangeField - autoload :SearchField - autoload :Select - autoload :TelField - autoload :TextArea - autoload :TextField - autoload :TimeField - autoload :TimeSelect - autoload :TimeZoneSelect - autoload :UrlField - autoload :WeekField + eager_autoload do + autoload :Base + autoload :CheckBox + autoload :CollectionCheckBoxes + autoload :CollectionRadioButtons + autoload :CollectionSelect + autoload :ColorField + autoload :DateField + autoload :DateSelect + autoload :DatetimeField + autoload :DatetimeLocalField + autoload :DatetimeSelect + autoload :EmailField + autoload :FileField + autoload :GroupedCollectionSelect + autoload :HiddenField + autoload :Label + autoload :MonthField + autoload :NumberField + autoload :PasswordField + autoload :RadioButton + autoload :RangeField + autoload :SearchField + autoload :Select + autoload :TelField + autoload :TextArea + autoload :TextField + autoload :TimeField + autoload :TimeSelect + autoload :TimeZoneSelect + autoload :UrlField + autoload :WeekField + end end end end -- cgit v1.2.3 From 6329d9fa8b2f86a178151be264cccdb805bfaaac Mon Sep 17 00:00:00 2001 From: Genadi Samokovarov Date: Mon, 2 Dec 2013 23:36:58 +0200 Subject: Remove deprecated cattr_* requires --- actionview/lib/action_view/base.rb | 2 +- actionview/lib/action_view/helpers/active_model_helper.rb | 2 +- actionview/lib/action_view/helpers/form_helper.rb | 2 +- actionview/lib/action_view/template/resolver.rb | 2 +- actionview/lib/action_view/template/types.rb | 2 +- actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/base.rb b/actionview/lib/action_view/base.rb index caade8f43b..8eb7072d0c 100644 --- a/actionview/lib/action_view/base.rb +++ b/actionview/lib/action_view/base.rb @@ -1,5 +1,5 @@ require 'active_support/core_ext/module/attr_internal' -require 'active_support/core_ext/class/attribute_accessors' +require 'active_support/core_ext/module/attribute_accessors' require 'active_support/ordered_options' require 'action_view/log_subscriber' require 'action_view/helpers' diff --git a/actionview/lib/action_view/helpers/active_model_helper.rb b/actionview/lib/action_view/helpers/active_model_helper.rb index 901f433c70..d5222e3616 100644 --- a/actionview/lib/action_view/helpers/active_model_helper.rb +++ b/actionview/lib/action_view/helpers/active_model_helper.rb @@ -1,4 +1,4 @@ -require 'active_support/core_ext/class/attribute_accessors' +require 'active_support/core_ext/module/attribute_accessors' require 'active_support/core_ext/enumerable' module ActionView diff --git a/actionview/lib/action_view/helpers/form_helper.rb b/actionview/lib/action_view/helpers/form_helper.rb index 38d969ed0c..81f25d7956 100644 --- a/actionview/lib/action_view/helpers/form_helper.rb +++ b/actionview/lib/action_view/helpers/form_helper.rb @@ -5,7 +5,7 @@ require 'action_view/helpers/form_tag_helper' require 'action_view/helpers/active_model_helper' require 'action_view/helpers/tags' require 'action_view/model_naming' -require 'active_support/core_ext/class/attribute_accessors' +require 'active_support/core_ext/module/attribute_accessors' require 'active_support/core_ext/hash/slice' require 'active_support/core_ext/string/output_safety' require 'active_support/core_ext/string/inflections' diff --git a/actionview/lib/action_view/template/resolver.rb b/actionview/lib/action_view/template/resolver.rb index 3304605c1a..3279f068c9 100644 --- a/actionview/lib/action_view/template/resolver.rb +++ b/actionview/lib/action_view/template/resolver.rb @@ -1,6 +1,6 @@ require "pathname" require "active_support/core_ext/class" -require "active_support/core_ext/class/attribute_accessors" +require "active_support/core_ext/module/attribute_accessors" require "action_view/template" require "thread" require "thread_safe" diff --git a/actionview/lib/action_view/template/types.rb b/actionview/lib/action_view/template/types.rb index db77cb5d19..b84e0281ae 100644 --- a/actionview/lib/action_view/template/types.rb +++ b/actionview/lib/action_view/template/types.rb @@ -1,5 +1,5 @@ require 'set' -require 'active_support/core_ext/class/attribute_accessors' +require 'active_support/core_ext/module/attribute_accessors' module ActionView class Template diff --git a/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb b/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb index 30b6b8b141..ed34eecf55 100644 --- a/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb +++ b/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb @@ -1,6 +1,6 @@ require 'set' require 'cgi' -require 'active_support/core_ext/class/attribute_accessors' +require 'active_support/core_ext/module/attribute_accessors' module HTML class Sanitizer -- cgit v1.2.3 From 2e3c3a87d81e16a2fed442c1cf31360f75737a83 Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Sat, 30 Nov 2013 17:02:53 -0800 Subject: Only use valid mime type symbols as cache keys CVE-2013-6414 --- actionview/lib/action_view/lookup_context.rb | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/lookup_context.rb b/actionview/lib/action_view/lookup_context.rb index f9d5b97fe3..c6ff683827 100644 --- a/actionview/lib/action_view/lookup_context.rb +++ b/actionview/lib/action_view/lookup_context.rb @@ -62,6 +62,13 @@ module ActionView @details_keys = ThreadSafe::Cache.new def self.get(details) + if details[:formats] + details = details.dup + syms = Set.new Mime::SET.symbols + details[:formats] = details[:formats].select { |v| + syms.include? v + } + end @details_keys[details] ||= new end -- cgit v1.2.3 From b31a7a6f1ec3c74f75b4cd12386b08295287418d Mon Sep 17 00:00:00 2001 From: Michael Koziarski Date: Mon, 2 Dec 2013 10:12:47 +1300 Subject: Escape the unit value provided to number_to_currency Previously the unit values were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2013-6415 --- actionview/lib/action_view/helpers/number_helper.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/number_helper.rb b/actionview/lib/action_view/helpers/number_helper.rb index 9adc2c1a8f..13387078a4 100644 --- a/actionview/lib/action_view/helpers/number_helper.rb +++ b/actionview/lib/action_view/helpers/number_helper.rb @@ -394,6 +394,7 @@ module ActionView def escape_unsafe_delimiters_and_separators(options) options[:separator] = ERB::Util.html_escape(options[:separator]) if options[:separator] && !options[:separator].html_safe? options[:delimiter] = ERB::Util.html_escape(options[:delimiter]) if options[:delimiter] && !options[:delimiter].html_safe? + options[:unit] = ERB::Util.html_escape(options[:unit]) if options[:unit] && !options[:unit].html_safe? options end -- cgit v1.2.3 From bea9c9b4c0f9bb7356ea2058118fe40495432010 Mon Sep 17 00:00:00 2001 From: Michael Koziarski Date: Tue, 19 Nov 2013 09:00:08 +1300 Subject: Ensure simple_format escapes its html attributes The previous behavior equated the sanitize option for simple_format with the escape option of content_tag, however these are two distinct concepts. This fixes CVE-2013-6416 Conflicts: actionview/lib/action_view/helpers/text_helper.rb --- actionview/lib/action_view/helpers/text_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb index b0e4aa3cd3..0c956670b6 100644 --- a/actionview/lib/action_view/helpers/text_helper.rb +++ b/actionview/lib/action_view/helpers/text_helper.rb @@ -268,7 +268,7 @@ module ActionView content_tag(wrapper_tag, nil, html_options) else paragraphs.map! { |paragraph| - content_tag(wrapper_tag, paragraph, html_options, false) + content_tag(wrapper_tag, raw(paragraph), html_options, false) }.join("\n\n").html_safe end end -- cgit v1.2.3 From 0c7ac34aed1845044cd1911e5a775366d7ca41c1 Mon Sep 17 00:00:00 2001 From: Michael Koziarski Date: Fri, 1 Nov 2013 11:50:05 +1300 Subject: Stop using i18n's built in HTML error handling. i18n doesn't depend on active support which means it can't use our html_safe code to do its escaping when generating the spans. Rather than try to sanitize the output from i18n, just revert to our old behaviour of rescuing the error and constructing the tag ourselves. Fixes: CVE-2013-4491 --- .../lib/action_view/helpers/translation_helper.rb | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/translation_helper.rb b/actionview/lib/action_view/helpers/translation_helper.rb index ad8eb47f1f..a1a2bebb6e 100644 --- a/actionview/lib/action_view/helpers/translation_helper.rb +++ b/actionview/lib/action_view/helpers/translation_helper.rb @@ -1,24 +1,14 @@ require 'action_view/helpers/tag_helper' require 'i18n/exceptions' -module I18n - class ExceptionHandler - include Module.new { - def call(exception, locale, key, options) - exception.is_a?(MissingTranslation) && options[:rescue_format] == :html ? super.html_safe : super - end - } - end -end - module ActionView # = Action View Translation Helpers module Helpers module TranslationHelper # Delegates to I18n#translate but also performs three additional functions. # - # First, it'll pass the rescue_format: :html option to I18n so that any - # thrown +MissingTranslation+ messages will be turned into inline spans that + # First, it will ensure that any thrown +MissingTranslation+ messages will be turned + # into inline spans that: # # * have a "translation-missing" class set, # * contain the missing key as a title attribute and @@ -44,8 +34,11 @@ module ActionView # naming convention helps to identify translations that include HTML tags so that # you know what kind of output to expect when you call translate in a template. def translate(key, options = {}) - options.merge!(:rescue_format => :html) unless options.key?(:rescue_format) options[:default] = wrap_translate_defaults(options[:default]) if options[:default] + + # If the user has specified rescue_format then pass it all through, otherwise use + # raise and do the work ourselves + options[:raise] = true unless options.key?(:raise) || options.key?(:rescue_format) if html_safe_translation_key?(key) html_safe_options = options.dup options.except(*I18n::RESERVED_KEYS).each do |name, value| @@ -59,6 +52,9 @@ module ActionView else I18n.translate(scope_key_by_partial(key), options) end + rescue I18n::MissingTranslationData => e + keys = I18n.normalize_keys(e.locale, e.key, e.options[:scope]) + content_tag('span', keys.last.to_s.titleize, :class => 'translation_missing', :title => "translation missing: #{keys.join('.')}") end alias :t :translate -- cgit v1.2.3 From b1b9a0aeca879b1c1bc2c8a74f2c9cabd143b9bb Mon Sep 17 00:00:00 2001 From: Lauro Caetano Date: Tue, 3 Dec 2013 12:04:25 -0200 Subject: Typos. return -> returns. [ci skip] --- actionview/lib/action_view/vendor/html-scanner/html/node.rb | 4 ++-- actionview/lib/action_view/vendor/html-scanner/html/selector.rb | 2 +- actionview/lib/action_view/vendor/html-scanner/html/tokenizer.rb | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/vendor/html-scanner/html/node.rb b/actionview/lib/action_view/vendor/html-scanner/html/node.rb index 7e7cd4f7b6..27f0f2f6f8 100644 --- a/actionview/lib/action_view/vendor/html-scanner/html/node.rb +++ b/actionview/lib/action_view/vendor/html-scanner/html/node.rb @@ -71,12 +71,12 @@ module HTML #:nodoc: @line, @position = line, pos end - # Return a textual representation of the node. + # Returns a textual representation of the node. def to_s @children.join() end - # Return false (subclasses must override this to provide specific matching + # Returns false (subclasses must override this to provide specific matching # behavior.) +conditions+ may be of any type. def match(conditions) false diff --git a/actionview/lib/action_view/vendor/html-scanner/html/selector.rb b/actionview/lib/action_view/vendor/html-scanner/html/selector.rb index 7f8609c408..dfdd724b9b 100644 --- a/actionview/lib/action_view/vendor/html-scanner/html/selector.rb +++ b/actionview/lib/action_view/vendor/html-scanner/html/selector.rb @@ -488,7 +488,7 @@ module HTML end - # Return the next element after this one. Skips sibling text nodes. + # Returns the next element after this one. Skips sibling text nodes. # # With the +name+ argument, returns the next element with that name, # skipping other sibling elements. diff --git a/actionview/lib/action_view/vendor/html-scanner/html/tokenizer.rb b/actionview/lib/action_view/vendor/html-scanner/html/tokenizer.rb index 8ac8d34430..adf4e45930 100644 --- a/actionview/lib/action_view/vendor/html-scanner/html/tokenizer.rb +++ b/actionview/lib/action_view/vendor/html-scanner/html/tokenizer.rb @@ -30,7 +30,7 @@ module HTML #:nodoc: @current_line = 1 end - # Return the next token in the sequence, or +nil+ if there are no more tokens in + # Returns the next token in the sequence, or +nil+ if there are no more tokens in # the stream. def next return nil if @scanner.eos? -- cgit v1.2.3 From da633f81eb529e2a9f3a731ecdf205ecff186cf3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 3 Dec 2013 17:26:49 -0200 Subject: Remove the escaping skip We are generating safe strings in the paragraph, so we can escape the tags --- actionview/lib/action_view/helpers/text_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb index 0c956670b6..e75c6cabc9 100644 --- a/actionview/lib/action_view/helpers/text_helper.rb +++ b/actionview/lib/action_view/helpers/text_helper.rb @@ -268,7 +268,7 @@ module ActionView content_tag(wrapper_tag, nil, html_options) else paragraphs.map! { |paragraph| - content_tag(wrapper_tag, raw(paragraph), html_options, false) + content_tag(wrapper_tag, raw(paragraph), html_options) }.join("\n\n").html_safe end end -- cgit v1.2.3 From 4d648819c5662f375b8ca431a14511ae6a97a29c Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Tue, 3 Dec 2013 14:55:49 -0800 Subject: optimize string literals in erb templates --- actionview/lib/action_view/template/handlers/erb.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/template/handlers/erb.rb b/actionview/lib/action_view/template/handlers/erb.rb index c8a0059596..4523060442 100644 --- a/actionview/lib/action_view/template/handlers/erb.rb +++ b/actionview/lib/action_view/template/handlers/erb.rb @@ -18,7 +18,7 @@ module ActionView src << "@output_buffer.safe_append='" src << "\n" * @newline_pending if @newline_pending > 0 src << escape_text(text) - src << "';" + src << "'.freeze;" @newline_pending = 0 end @@ -67,7 +67,7 @@ module ActionView def flush_newline_if_pending(src) if @newline_pending > 0 - src << "@output_buffer.safe_append='#{"\n" * @newline_pending}';" + src << "@output_buffer.safe_append='#{"\n" * @newline_pending}'.freeze;" @newline_pending = 0 end end -- cgit v1.2.3 From 2d3a6a0cb8df0360dd588a4d2fb260dd07cc9bcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Strza=C5=82kowski?= Date: Tue, 3 Dec 2013 11:17:01 +0100 Subject: Action Pack Variants By default, variants in the templates will be picked up if a variant is set and there's a match. The format will be: app/views/projects/show.html.erb app/views/projects/show.html+tablet.erb app/views/projects/show.html+phone.erb If request.variant = :tablet is set, we'll automatically be rendering the html+tablet template. In the controller, we can also tailer to the variants with this syntax: class ProjectsController < ActionController::Base def show respond_to do |format| format.html do |html| @stars = @project.stars html.tablet { @notifications = @project.notifications } html.phone { @chat_heads = @project.chat_heads } end format.js format.atom end end end The variant itself is nil by default, but can be set in before filters, like so: class ApplicationController < ActionController::Base before_action do if request.user_agent =~ /iPad/ request.variant = :tablet end end end This is modeled loosely on custom mime types, but it's specifically not intended to be used together. If you're going to make a custom mime type, you don't need a variant. Variants are for variations on a single mime types. --- actionview/lib/action_view/lookup_context.rb | 1 + actionview/lib/action_view/rendering.rb | 6 +++++- actionview/lib/action_view/template/resolver.rb | 17 ++++++++++------- actionview/lib/action_view/testing/resolvers.rb | 2 +- 4 files changed, 17 insertions(+), 9 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/lookup_context.rb b/actionview/lib/action_view/lookup_context.rb index c6ff683827..e07d9b6314 100644 --- a/actionview/lib/action_view/lookup_context.rb +++ b/actionview/lib/action_view/lookup_context.rb @@ -52,6 +52,7 @@ module ActionView locales end register_detail(:formats) { ActionView::Base.default_formats || [:html, :text, :js, :css, :xml, :json] } + register_detail(:variants) { [] } register_detail(:handlers){ Template::Handlers.extensions } class DetailsKey #:nodoc: diff --git a/actionview/lib/action_view/rendering.rb b/actionview/lib/action_view/rendering.rb index 82db9e26df..99b95fdfb7 100644 --- a/actionview/lib/action_view/rendering.rb +++ b/actionview/lib/action_view/rendering.rb @@ -88,10 +88,14 @@ module ActionView private - # Find and renders a template based on the options given. + # Find and render a template based on the options given. # :api: private def _render_template(options) #:nodoc: + variant = options[:variant] + lookup_context.rendered_format = nil if options[:formats] + lookup_context.variants = [variant] if variant + view_renderer.render(view_context, options) end diff --git a/actionview/lib/action_view/template/resolver.rb b/actionview/lib/action_view/template/resolver.rb index 3279f068c9..3a3b74cdd5 100644 --- a/actionview/lib/action_view/template/resolver.rb +++ b/actionview/lib/action_view/template/resolver.rb @@ -162,8 +162,8 @@ module ActionView # An abstract class that implements a Resolver with path semantics. class PathResolver < Resolver #:nodoc: - EXTENSIONS = [:locale, :formats, :handlers] - DEFAULT_PATTERN = ":prefix/:action{.:locale,}{.:formats,}{.:handlers,}" + EXTENSIONS = { :locale => ".", :formats => ".", :variants => "+", :handlers => "." } + DEFAULT_PATTERN = ":prefix/:action{.:locale,}{.:formats,}{+:variants,}{.:handlers,}" def initialize(pattern=nil) @pattern = pattern || DEFAULT_PATTERN @@ -240,7 +240,9 @@ module ActionView end handler = Template.handler_for_extension(extension) - format = pieces.last && Template::Types[pieces.last] + format = pieces.last && pieces.last.split(EXTENSIONS[:variants], 2).first # remove variant from format + format &&= Template::Types[format] + [handler, format] end end @@ -303,12 +305,13 @@ module ActionView # An Optimized resolver for Rails' most common case. class OptimizedFileSystemResolver < FileSystemResolver #:nodoc: def build_query(path, details) - exts = EXTENSIONS.map { |ext| details[ext] } query = escape_entry(File.join(@path, path)) - query + exts.map { |ext| - "{#{ext.compact.uniq.map { |e| ".#{e}," }.join}}" - }.join + exts = EXTENSIONS.map do |ext, prefix| + "{#{details[ext].compact.uniq.map { |e| "#{prefix}#{e}," }.join}}" + end.join + + query + exts end end diff --git a/actionview/lib/action_view/testing/resolvers.rb b/actionview/lib/action_view/testing/resolvers.rb index 7afa2fa613..af53ad3b25 100644 --- a/actionview/lib/action_view/testing/resolvers.rb +++ b/actionview/lib/action_view/testing/resolvers.rb @@ -21,7 +21,7 @@ module ActionView #:nodoc: def query(path, exts, formats) query = "" - EXTENSIONS.each do |ext| + EXTENSIONS.each_key do |ext| query << '(' << exts[ext].map {|e| e && Regexp.escape(".#{e}") }.join('|') << '|)' end query = /^(#{Regexp.escape(path)})#{query}$/ -- cgit v1.2.3 From d261c5cc28d35ae3d493c42edd20d362b61556dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Wed, 4 Dec 2013 10:20:01 -0200 Subject: Fix documentation of number_to_currency helper Now users have to explicit mark the unit as safe if they trust it. Closes #13161 Conflicts: actionpack/lib/action_view/helpers/number_helper.rb actionpack/test/template/number_helper_i18n_test.rb --- actionview/lib/action_view/helpers/number_helper.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/number_helper.rb b/actionview/lib/action_view/helpers/number_helper.rb index 13387078a4..ad825cd1f1 100644 --- a/actionview/lib/action_view/helpers/number_helper.rb +++ b/actionview/lib/action_view/helpers/number_helper.rb @@ -100,10 +100,10 @@ module ActionView # # number_to_currency(-1234567890.50, negative_format: "(%u%n)") # # => ($1,234,567,890.50) - # number_to_currency(1234567890.50, unit: "£", separator: ",", delimiter: "") - # # => £1234567890,50 - # number_to_currency(1234567890.50, unit: "£", separator: ",", delimiter: "", format: "%n %u") - # # => 1234567890,50 £ + # number_to_currency(1234567890.50, unit: "R$", separator: ",", delimiter: "") + # # => R$1234567890,50 + # number_to_currency(1234567890.50, unit: "R$", separator: ",", delimiter: "", format: "%n %u") + # # => 1234567890,50 R$ def number_to_currency(number, options = {}) delegate_number_helper_method(:number_to_currency, number, options) end -- cgit v1.2.3 From a156562762e795c2e5382570c1fc30c11cfa9a24 Mon Sep 17 00:00:00 2001 From: Mario Visic Date: Wed, 4 Dec 2013 13:50:17 +1100 Subject: Fix issue where TextHelper#simple_format was calling missing 'raw' method --- actionview/lib/action_view/helpers/text_helper.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb index e75c6cabc9..3478eadbf2 100644 --- a/actionview/lib/action_view/helpers/text_helper.rb +++ b/actionview/lib/action_view/helpers/text_helper.rb @@ -31,6 +31,8 @@ module ActionView include SanitizeHelper include TagHelper + include OutputSafetyHelper + # The preferred method of outputting text in your views is to use the # <%= "text" %> eRuby syntax. The regular _puts_ and _print_ methods # do not operate as expected in an eRuby code block. If you absolutely must -- cgit v1.2.3 From d8888b94b32b28003ec247d0565e73dee731275e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Strza=C5=82kowski?= Date: Thu, 5 Dec 2013 00:17:39 +0100 Subject: Retain ActionPack dependency on ActionView --- actionview/lib/action_view/railtie.rb | 1 - 1 file changed, 1 deletion(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/railtie.rb b/actionview/lib/action_view/railtie.rb index c2783f6377..7db557ff83 100644 --- a/actionview/lib/action_view/railtie.rb +++ b/actionview/lib/action_view/railtie.rb @@ -38,7 +38,6 @@ module ActionView initializer "action_view.setup_action_pack", before: :add_view_paths do |app| ActiveSupport.on_load(:action_controller) do - ActionController::Base.superclass.send(:include, ActionView::Layouts) ActionView::RoutingUrlFor.send(:include, ActionDispatch::Routing::UrlFor) end end -- cgit v1.2.3 From e064658d64f7fb071ec35764f2d5203e8b58e044 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Strza=C5=82kowski?= Date: Thu, 5 Dec 2013 00:22:50 +0100 Subject: Include AV::Layouts directly in AM::Base No need to do this in railtie as AM depends on AV either way --- actionview/lib/action_view/railtie.rb | 6 ------ 1 file changed, 6 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/railtie.rb b/actionview/lib/action_view/railtie.rb index 7db557ff83..e930ba9aae 100644 --- a/actionview/lib/action_view/railtie.rb +++ b/actionview/lib/action_view/railtie.rb @@ -42,12 +42,6 @@ module ActionView end end - initializer "action_view.setup_action_mailer", before: :add_view_paths do |app| - ActiveSupport.on_load(:action_mailer) do - ActionMailer::Base.send(:include, ActionView::Layouts) - end - end - rake_tasks do load "action_view/tasks/dependencies.rake" end -- cgit v1.2.3 From c1d5477b63e73dadec9f284fa55ec22d81f3bf36 Mon Sep 17 00:00:00 2001 From: "Shota Fukumori (sora_h)" Date: Wed, 4 Dec 2013 12:48:21 +0900 Subject: Escalate missing error when :raise is true Before ec16ba75a5493b9da972eea08bae630eba35b62f, ActionView::Helpers::TranslationHelper#translate has raised errors with specifying options[:raise] to true. This should work by this fix: begin t(:"translations.missing", raise: true) rescue I18n::MissingTranslationData p :hello! end --- actionview/lib/action_view/helpers/translation_helper.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/translation_helper.rb b/actionview/lib/action_view/helpers/translation_helper.rb index a1a2bebb6e..3ae1df04fe 100644 --- a/actionview/lib/action_view/helpers/translation_helper.rb +++ b/actionview/lib/action_view/helpers/translation_helper.rb @@ -38,7 +38,13 @@ module ActionView # If the user has specified rescue_format then pass it all through, otherwise use # raise and do the work ourselves - options[:raise] = true unless options.key?(:raise) || options.key?(:rescue_format) + if options.key?(:raise) || options.key?(:rescue_format) + raise_error = options[:raise] || options[:rescue_format] + else + raise_error = false + options[:raise] = true + end + if html_safe_translation_key?(key) html_safe_options = options.dup options.except(*I18n::RESERVED_KEYS).each do |name, value| @@ -53,6 +59,8 @@ module ActionView I18n.translate(scope_key_by_partial(key), options) end rescue I18n::MissingTranslationData => e + raise e if raise_error + keys = I18n.normalize_keys(e.locale, e.key, e.options[:scope]) content_tag('span', keys.last.to_s.titleize, :class => 'translation_missing', :title => "translation missing: #{keys.join('.')}") end -- cgit v1.2.3 From fe13e711627ffe304a85b711cd16d10b1d2e29f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 5 Dec 2013 16:34:22 -0200 Subject: Remove the explicit order set for the initializer This will fix the regression added on b068e20b35797aa6deaa377a48c990759734f515. See tests added at ff08d31 to a better understanding about the problem --- actionview/lib/action_view/railtie.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/railtie.rb b/actionview/lib/action_view/railtie.rb index e930ba9aae..81f9c40b85 100644 --- a/actionview/lib/action_view/railtie.rb +++ b/actionview/lib/action_view/railtie.rb @@ -36,7 +36,7 @@ module ActionView end end - initializer "action_view.setup_action_pack", before: :add_view_paths do |app| + initializer "action_view.setup_action_pack" do |app| ActiveSupport.on_load(:action_controller) do ActionView::RoutingUrlFor.send(:include, ActionDispatch::Routing::UrlFor) end -- cgit v1.2.3 From ec19c77ca570919a78efcf2a801863e0eefe98c3 Mon Sep 17 00:00:00 2001 From: Andriel Nuernberg Date: Sun, 1 Dec 2013 04:50:21 -0200 Subject: Label only accepts `:index` and `:namespace` attributes from the input --- actionview/lib/action_view/helpers/tags/collection_helpers.rb | 2 +- actionview/lib/action_view/helpers/tags/label.rb | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/tags/collection_helpers.rb b/actionview/lib/action_view/helpers/tags/collection_helpers.rb index 787039c82e..991f32cea2 100644 --- a/actionview/lib/action_view/helpers/tags/collection_helpers.rb +++ b/actionview/lib/action_view/helpers/tags/collection_helpers.rb @@ -18,7 +18,7 @@ module ActionView end def label(label_html_options={}, &block) - html_options = label_html_options.merge(@input_html_options) + html_options = @input_html_options.slice(:index, :namespace).merge(label_html_options) @template_object.label(@object_name, @sanitized_attribute_name, @text, html_options, &block) end end diff --git a/actionview/lib/action_view/helpers/tags/label.rb b/actionview/lib/action_view/helpers/tags/label.rb index 180aa9ac27..35d3ba8434 100644 --- a/actionview/lib/action_view/helpers/tags/label.rb +++ b/actionview/lib/action_view/helpers/tags/label.rb @@ -30,7 +30,6 @@ module ActionView add_default_name_and_id_for_value(tag_value, name_and_id) options.delete("index") options.delete("namespace") - options.delete("multiple") options["for"] = name_and_id["id"] unless options.key?("for") if block_given? -- cgit v1.2.3 From 1eaa521273399d789565af1933a0e6e4462511a4 Mon Sep 17 00:00:00 2001 From: Kristian Freeman Date: Tue, 26 Nov 2013 12:09:52 -0800 Subject: A Cycle object should accept an array and cycle through it as it would with a set of comma-separated objects. --- actionview/lib/action_view/helpers/text_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb index b0e4aa3cd3..a6ff15af7e 100644 --- a/actionview/lib/action_view/helpers/text_helper.rb +++ b/actionview/lib/action_view/helpers/text_helper.rb @@ -314,7 +314,7 @@ module ActionView options = values.extract_options! name = options.fetch(:name, 'default') - values.unshift(first_value) + values.unshift(*first_value) cycle = get_cycle(name) unless cycle && cycle.values == values -- cgit v1.2.3 From 1cd965000bd0fe02b08cfb973f743d5867f763b4 Mon Sep 17 00:00:00 2001 From: Semyon Perepelitsa Date: Wed, 11 Dec 2013 03:03:49 +0800 Subject: Fix typo in docs, missing colon in Symbol literal [ci skip] --- actionview/lib/action_view/helpers/form_tag_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/form_tag_helper.rb b/actionview/lib/action_view/helpers/form_tag_helper.rb index 142c27ace0..7ceb56625f 100644 --- a/actionview/lib/action_view/helpers/form_tag_helper.rb +++ b/actionview/lib/action_view/helpers/form_tag_helper.rb @@ -465,7 +465,7 @@ module ActionView # # Ask me! # # # - # button_tag "Checkout", data: { disable_with => "Please wait..." } + # button_tag "Checkout", data: { :disable_with => "Please wait..." } # # => # def button_tag(content_or_options = nil, options = nil, &block) -- cgit v1.2.3 From 4a9e54ef35766ec49a51805a603241019ca4e4be Mon Sep 17 00:00:00 2001 From: Aayush khandelwal Date: Thu, 12 Dec 2013 11:29:23 +0530 Subject: typos rectified [ci skip] --- actionview/lib/action_view/renderer/streaming_template_renderer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/renderer/streaming_template_renderer.rb b/actionview/lib/action_view/renderer/streaming_template_renderer.rb index 9cf6eb0c65..3ab2cd36fc 100644 --- a/actionview/lib/action_view/renderer/streaming_template_renderer.rb +++ b/actionview/lib/action_view/renderer/streaming_template_renderer.rb @@ -58,7 +58,7 @@ module ActionView def delayed_render(buffer, template, layout, view, locals) # Wrap the given buffer in the StreamingBuffer and pass it to the - # underlying template handler. Now, everytime something is concatenated + # underlying template handler. Now, every time something is concatenated # to the buffer, it is not appended to an array, but streamed straight # to the client. output = ActionView::StreamingBuffer.new(buffer) -- cgit v1.2.3 From c0a2d474c50a3a096229f956d9696d9e91f1557a Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Tue, 17 Dec 2013 16:05:28 -0800 Subject: Get ready to release 4.1.0.beta1 --- actionview/lib/action_view/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/version.rb b/actionview/lib/action_view/version.rb index 094dd474df..edb6d8f116 100644 --- a/actionview/lib/action_view/version.rb +++ b/actionview/lib/action_view/version.rb @@ -1,7 +1,7 @@ module ActionView # Returns the version of the currently loaded ActionView as a Gem::Version def self.version - Gem::Version.new "4.1.0.beta" + Gem::Version.new "4.1.0.beta1" end module VERSION #:nodoc: -- cgit v1.2.3 From cd58745a7d6619366adde02fcb0baac6981c421a Mon Sep 17 00:00:00 2001 From: Kuldeep Aggarwal Date: Wed, 18 Dec 2013 12:24:08 +0530 Subject: allow video_tag to accept `size` as `Number` for square shaped videos --- actionview/lib/action_view/helpers/asset_tag_helper.rb | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/helpers/asset_tag_helper.rb b/actionview/lib/action_view/helpers/asset_tag_helper.rb index 163d01c2eb..bc5007b11d 100644 --- a/actionview/lib/action_view/helpers/asset_tag_helper.rb +++ b/actionview/lib/action_view/helpers/asset_tag_helper.rb @@ -251,9 +251,9 @@ module ActionView # # * :poster - Set an image (like a screenshot) to be shown # before the video loads. The path is calculated like the +src+ of +image_tag+. - # * :size - Supplied as "{Width}x{Height}", so "30x45" becomes - # width="30" and height="45". :size will be ignored if the - # value is not in the correct format. + # * :size - Supplied as "{Width}x{Height}" or "{Number}", so "30x45" becomes + # width="30" and height="45", and "50" becomes width="50" and height="50". + # :size will be ignored if the value is not in the correct format. # # ==== Examples # @@ -267,6 +267,8 @@ module ActionView # # =>