app/controllers/application_controller.rb config/initializers/session_store.rb vendor/rails/actionmailer/lib/action_mailer/vendor/text_format.rb vendor/rails/actionmailer/lib/action_mailer/vendor/tmail.rb vendor/rails/actionmailer/test/asset_host_test.rb vendor/rails/actionmailer/test/fixtures/asset_host_mailer/email_with_asset.html.erb vendor/rails/actionmailer/test/fixtures/auto_layout_mailer/multipart.text.html.erb vendor/rails/actionmailer/test/fixtures/auto_layout_mailer/multipart.text.plain.erb vendor/rails/actionmailer/test/fixtures/layouts/auto_layout_mailer.text.erb vendor/rails/actionpack/lib/action_controller/failsafe.rb vendor/rails/actionpack/lib/action_controller/middleware_stack.rb vendor/rails/actionpack/lib/action_controller/middlewares.rb vendor/rails/actionpack/lib/action_controller/params_parser.rb vendor/rails/actionpack/lib/action_controller/reloader.rb vendor/rails/actionpack/lib/action_controller/rewindable_input.rb vendor/rails/actionpack/lib/action_controller/session/abstract_store.rb vendor/rails/actionpack/lib/action_controller/uploaded_file.rb vendor/rails/actionpack/lib/action_controller/vendor/html-scanner.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/adapter/camping.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/auth/abstract/handler.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/auth/abstract/request.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/auth/basic.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/auth/digest/md5.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/auth/digest/nonce.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/auth/digest/params.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/auth/digest/request.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/auth/openid.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/builder.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/cascade.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/chunked.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/commonlogger.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/conditionalget.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/content_length.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/content_type.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/deflater.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/directory.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/file.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/handler.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/handler/cgi.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/handler/evented_mongrel.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/handler/fastcgi.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/handler/lsws.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/handler/mongrel.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/handler/scgi.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/handler/swiftiplied_mongrel.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/handler/thin.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/handler/webrick.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/head.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/lint.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/lobster.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/lock.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/methodoverride.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/mime.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/mock.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/recursive.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/reloader.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/request.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/response.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/session/abstract/id.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/session/cookie.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/session/memcache.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/session/pool.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/showexceptions.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/showstatus.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/static.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/urlmap.rb vendor/rails/actionpack/lib/action_controller/vendor/rack-1.0/rack/utils.rb vendor/rails/actionpack/lib/action_view/erb/util.rb vendor/rails/actionpack/lib/action_view/reloadable_template.rb vendor/rails/actionpack/test/controller/http_basic_authentication_test.rb vendor/rails/actionpack/test/controller/http_digest_authentication_test.rb vendor/rails/actionpack/test/controller/middleware_stack_test.rb vendor/rails/actionpack/test/controller/request/json_params_parsing_test.rb vendor/rails/actionpack/test/controller/request/multipart_params_parsing_test.rb vendor/rails/actionpack/test/controller/request/query_string_parsing_test.rb vendor/rails/actionpack/test/controller/request/url_encoded_params_parsing_test.rb vendor/rails/actionpack/test/controller/request/xml_params_parsing_test.rb vendor/rails/actionpack/test/controller/session/test_session_test.rb vendor/rails/actionpack/test/fixtures/alternate_helpers/foo_helper.rb vendor/rails/actionpack/test/fixtures/layout_tests/alt/layouts/alt.rhtml vendor/rails/actionpack/test/fixtures/layouts/default_html.html.erb vendor/rails/actionpack/test/fixtures/layouts/xhr.html.erb vendor/rails/actionpack/test/fixtures/multipart/empty vendor/rails/actionpack/test/fixtures/multipart/hello.txt vendor/rails/actionpack/test/fixtures/multipart/none vendor/rails/actionpack/test/fixtures/public/500.da.html vendor/rails/actionpack/test/fixtures/quiz/questions/_question.html.erb vendor/rails/actionpack/test/fixtures/test/_one.html.erb vendor/rails/actionpack/test/fixtures/test/_two.html.erb vendor/rails/actionpack/test/fixtures/test/dont_pick_me vendor/rails/actionpack/test/fixtures/test/hello_world.da.html.erb vendor/rails/actionpack/test/fixtures/test/hello_world.erb~ vendor/rails/actionpack/test/fixtures/test/hello_world.pt-BR.html.erb vendor/rails/actionpack/test/fixtures/test/malformed/malformed.en.html.erb~ vendor/rails/actionpack/test/fixtures/test/malformed/malformed.erb~ vendor/rails/actionpack/test/fixtures/test/malformed/malformed.html.erb~ vendor/rails/actionpack/test/fixtures/test/render_explicit_html_template.js.rjs vendor/rails/actionpack/test/fixtures/test/render_implicit_html_template.js.rjs vendor/rails/actionpack/test/fixtures/test/render_implicit_html_template_from_xhr_request.da.html.erb vendor/rails/actionpack/test/fixtures/test/render_implicit_html_template_from_xhr_request.html.erb vendor/rails/actionpack/test/fixtures/test/render_implicit_js_template_without_layout.js.erb vendor/rails/actionpack/test/fixtures/test/utf8.html.erb vendor/rails/actionpack/test/view/test_case_test.rb vendor/rails/activerecord/lib/active_record/autosave_association.rb vendor/rails/activerecord/lib/active_record/batches.rb vendor/rails/activerecord/lib/active_record/dynamic_scope_match.rb vendor/rails/activerecord/lib/active_record/nested_attributes.rb vendor/rails/activerecord/lib/active_record/session_store.rb vendor/rails/activerecord/test/cases/autosave_association_test.rb vendor/rails/activerecord/test/cases/batches_test.rb vendor/rails/activerecord/test/cases/connection_pool_test.rb vendor/rails/activerecord/test/cases/nested_attributes_test.rb vendor/rails/activerecord/test/cases/repair_helper.rb vendor/rails/activerecord/test/connections/jdbc_jdbcderby/connection.rb vendor/rails/activerecord/test/connections/jdbc_jdbch2/connection.rb vendor/rails/activerecord/test/connections/jdbc_jdbchsqldb/connection.rb vendor/rails/activerecord/test/connections/jdbc_jdbcmysql/connection.rb vendor/rails/activerecord/test/connections/jdbc_jdbcpostgresql/connection.rb vendor/rails/activerecord/test/connections/jdbc_jdbcsqlite3/connection.rb vendor/rails/activerecord/test/fixtures/member_types.yml vendor/rails/activerecord/test/fixtures/toys.yml vendor/rails/activerecord/test/models/bird.rb vendor/rails/activerecord/test/models/event.rb vendor/rails/activerecord/test/models/member_type.rb vendor/rails/activerecord/test/models/ship_part.rb vendor/rails/activerecord/test/models/toy.rb vendor/rails/activesupport/lib/active_support/backtrace_cleaner.rb vendor/rails/activesupport/lib/active_support/cache/strategy/local_cache.rb vendor/rails/activesupport/lib/active_support/core_ext/array/wrapper.rb vendor/rails/activesupport/lib/active_support/core_ext/try.rb vendor/rails/activesupport/lib/active_support/core_ext/uri.rb vendor/rails/activesupport/lib/active_support/message_encryptor.rb vendor/rails/activesupport/lib/active_support/message_verifier.rb vendor/rails/activesupport/lib/active_support/testing/assertions.rb vendor/rails/activesupport/lib/active_support/testing/declarative.rb vendor/rails/activesupport/lib/active_support/testing/deprecation.rb vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/MIT-LICENSE vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/README.textile vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/Rakefile vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/i18n.gemspec vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/lib/i18n.rb vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/lib/i18n/backend/simple.rb vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/lib/i18n/exceptions.rb vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/test/all.rb vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/test/i18n_exceptions_test.rb vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/test/i18n_test.rb vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/test/locale/en.rb vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/test/locale/en.yml vendor/rails/activesupport/lib/active_support/vendor/i18n-0.1.3/test/simple_backend_test.rb vendor/rails/activesupport/lib/active_support/vendor/memcache-client-1.6.5/memcache.rb vendor/rails/activesupport/lib/active_support/xml_mini.rb vendor/rails/activesupport/lib/active_support/xml_mini/libxml.rb vendor/rails/activesupport/lib/active_support/xml_mini/nokogiri.rb vendor/rails/activesupport/lib/active_support/xml_mini/rexml.rb vendor/rails/railties/configs/initializers/backtrace_silencers.rb vendor/rails/railties/configs/initializers/session_store.rb vendor/rails/railties/dispatches/config.ru vendor/rails/railties/helpers/application_controller.rb vendor/rails/railties/lib/rails/backtrace_cleaner.rb vendor/rails/railties/lib/rails/rack/debugger.rb vendor/rails/railties/lib/rails/rack/log_tailer.rb vendor/rails/railties/lib/rails/rack/metal.rb vendor/rails/railties/lib/rails_generator/generators/applications/app/scm/git.rb vendor/rails/railties/lib/rails_generator/generators/applications/app/scm/scm.rb vendor/rails/railties/lib/rails_generator/generators/applications/app/scm/svn.rb vendor/rails/railties/lib/rails_generator/generators/applications/app/template_runner.rb vendor/rails/railties/lib/rails_generator/generators/components/controller/templates/helper_test.rb vendor/rails/railties/lib/rails_generator/generators/components/helper/USAGE vendor/rails/railties/lib/rails_generator/generators/components/helper/helper_generator.rb vendor/rails/railties/lib/rails_generator/generators/components/helper/templates/helper.rb vendor/rails/railties/lib/rails_generator/generators/components/helper/templates/helper_test.rb vendor/rails/railties/lib/rails_generator/generators/components/metal/USAGE vendor/rails/railties/lib/rails_generator/generators/components/metal/metal_generator.rb vendor/rails/railties/lib/rails_generator/generators/components/metal/templates/metal.rb vendor/rails/railties/lib/rails_generator/generators/components/resource/templates/helper_test.rb vendor/rails/railties/lib/rails_generator/generators/components/scaffold/templates/helper_test.rb vendor/rails/railties/lib/tasks/middleware.rake @@ -5,7 +5,7 @@ # ENV['RAILS_ENV'] ||= 'production' # Specifies gem version of Rails to use when vendor/rails is not present -RAILS_GEM_VERSION = '2.2.2' unless defined? RAILS_GEM_VERSION +RAILS_GEM_VERSION = '2.3.2' unless defined? RAILS_GEM_VERSION # Bootstrap the Rails environment, frameworks, and default configuration require File.join(File.dirname(__FILE__), 'boot') @@ -53,20 +53,6 @@ Rails::Initializer.run do |config| # config.i18n.load_path << Dir[File.join(RAILS_ROOT, 'my', 'locales', '*.{rb,yml}')] # config.i18n.default_locale = :de - # Your secret key for verifying cookie session data integrity. - # If you change this key, all old sessions will become invalid! - # Make sure the secret is at least 30 characters and all random, - # no regular words or you'll be exposed to dictionary attacks. - config.action_controller.session = { - :session_key => '_saas_session', - :secret => 'e9d74e30b51cd25b31620d23093c1ff9cbc4d5a12fabe170e46d732336077fb7a3b005081820ac89178423c5bc058e8559eb0476a9367cff78c05d420f3aa360' - } - - # Use the database for sessions instead of the cookie-based default, - # which shouldn't be used to store highly confidential information - # (create the session table with "rake db:sessions:create") - # config.action_controller.session_store = :active_record_store - # Use SQL instead of Active Record's schema dumper when creating the test database. # This is necessary if your schema can't be completely dumped by the schema dumper, # like if you have constraints or database-specific column types config/environment.rb @@ -214,5 +214,18 @@ You can support it in your app by changing #open_id_authentication { :login => 'nickname', :email => 'email', :display_name => 'fullname' } end +Attribute Exchange OpenID Extension +=================================== + +Some OpenID providers also support the OpenID AX (attribute exchange) protocol for exchanging identity information between endpoints. See more: http://openid.net/specs/openid-attribute-exchange-1_0.html + +Accessing AX data is very similar to the Simple Registration process, described above -- just add the URI identifier for the AX field to your :optional or :required parameters. For example: + + authenticate_with_open_id(identity_url, + :required => [ :email, 'http://schema.openid.net/birthDate' ]) do |result, identity_url, registration| + +This would provide the sreg data for :email, and the AX data for 'http://schema.openid.net/birthDate' + + Copyright (c) 2007 David Heinemeier Hansson, released under the MIT license \ No newline at end of file vendor/plugins/open_id_authentication/README @@ -13,5 +13,6 @@ else end config.to_prepare do + OpenID::Util.logger = Rails.logger ActionController::Base.send :include, OpenIdAuthentication end vendor/plugins/open_id_authentication/init.rb @@ -1,7 +1,10 @@ require 'uri' require 'openid/extensions/sreg' +require 'openid/extensions/ax' require 'openid/store/filesystem' +require File.dirname(__FILE__) + '/open_id_authentication/association' +require File.dirname(__FILE__) + '/open_id_authentication/nonce' require File.dirname(__FILE__) + '/open_id_authentication/db_store' require File.dirname(__FILE__) + '/open_id_authentication/mem_cache_store' require File.dirname(__FILE__) + '/open_id_authentication/request' @@ -70,13 +73,38 @@ module OpenIdAuthentication end end + # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization + def self.normalize_identifier(identifier) + # clean up whitespace + identifier = identifier.to_s.strip + + # if an XRI has a prefix, strip it. + identifier.gsub!(/xri:\/\//i, '') + + # dodge XRIs -- TODO: validate, don't just skip. + unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0)) + # does it begin with http? if not, add it. + identifier = "http://#{identifier}" unless identifier =~ /^http/i + + # strip any fragments + identifier.gsub!(/\#(.*)$/, '') + + begin + uri = URI.parse(identifier) + uri.scheme = uri.scheme.downcase # URI should do this + identifier = uri.normalize.to_s + rescue URI::InvalidURIError + raise InvalidOpenId.new("#{identifier} is not an OpenID identifier") + end + end + + return identifier + end + + # deprecated for OpenID 2.0, where not all OpenIDs are URLs def self.normalize_url(url) - uri = URI.parse(url.to_s.strip) - uri = URI.parse("http://#{uri}") unless uri.scheme - uri.scheme = uri.scheme.downcase # URI should do this - uri.normalize.to_s - rescue URI::InvalidURIError - raise InvalidOpenId.new("#{url} is not an OpenID URL") + ActiveSupport::Deprecation.warn "normalize_url has been deprecated, use normalize_identifier instead" + self.normalize_identifier(url) end protected @@ -84,6 +112,10 @@ module OpenIdAuthentication OpenIdAuthentication.normalize_url(url) end + def normalize_identifier(url) + OpenIdAuthentication.normalize_identifier(url) + end + # The parameter name of "openid_identifier" is used rather than the Rails convention "open_id_identifier" # because that's what the specification dictates in order to get browser auto-complete working across sites def using_open_id?(identity_url = nil) #:doc: @@ -103,12 +135,16 @@ module OpenIdAuthentication private def begin_open_id_authentication(identity_url, options = {}) - identity_url = normalize_url(identity_url) + identity_url = normalize_identifier(identity_url) return_to = options.delete(:return_to) method = options.delete(:method) + + options[:required] ||= [] # reduces validation later + options[:optional] ||= [] open_id_request = open_id_consumer.begin(identity_url) add_simple_registration_fields(open_id_request, options) + add_ax_fields(open_id_request, options) redirect_to(open_id_redirect_url(open_id_request, return_to, method)) rescue OpenIdAuthentication::InvalidOpenId => e yield Result[:invalid], identity_url, nil @@ -121,11 +157,20 @@ module OpenIdAuthentication params_with_path = params.reject { |key, value| request.path_parameters[key] } params_with_path.delete(:format) open_id_response = timeout_protection_from_identity_server { open_id_consumer.complete(params_with_path, requested_url) } - identity_url = normalize_url(open_id_response.display_identifier) if open_id_response.display_identifier + identity_url = normalize_identifier(open_id_response.display_identifier) if open_id_response.display_identifier case open_id_response.status when OpenID::Consumer::SUCCESS - yield Result[:successful], identity_url, OpenID::SReg::Response.from_success_response(open_id_response) + profile_data = {} + + # merge the SReg data and the AX data into a single hash of profile data + [ OpenID::SReg::Response, OpenID::AX::FetchResponse ].each do |data_response| + if data_response.from_success_response( open_id_response ) + profile_data.merge! data_response.from_success_response( open_id_response ).data + end + end + + yield Result[:successful], identity_url, profile_data when OpenID::Consumer::CANCEL yield Result[:canceled], identity_url, nil when OpenID::Consumer::FAILURE @@ -141,21 +186,37 @@ module OpenIdAuthentication def add_simple_registration_fields(open_id_request, fields) sreg_request = OpenID::SReg::Request.new - sreg_request.request_fields(Array(fields[:required]).map(&:to_s), true) if fields[:required] - sreg_request.request_fields(Array(fields[:optional]).map(&:to_s), false) if fields[:optional] + + # filter out AX identifiers (URIs) + required_fields = fields[:required].collect { |f| f.to_s unless f =~ /^https?:\/\// }.compact + optional_fields = fields[:optional].collect { |f| f.to_s unless f =~ /^https?:\/\// }.compact + + sreg_request.request_fields(required_fields, true) unless required_fields.blank? + sreg_request.request_fields(optional_fields, false) unless optional_fields.blank? sreg_request.policy_url = fields[:policy_url] if fields[:policy_url] open_id_request.add_extension(sreg_request) end + + def add_ax_fields( open_id_request, fields ) + ax_request = OpenID::AX::FetchRequest.new + + # look through the :required and :optional fields for URIs (AX identifiers) + fields[:required].each do |f| + next unless f =~ /^https?:\/\// + ax_request.add( OpenID::AX::AttrInfo.new( f, nil, true ) ) + end + fields[:optional].each do |f| + next unless f =~ /^https?:\/\// + ax_request.add( OpenID::AX::AttrInfo.new( f, nil, false ) ) + end + + open_id_request.add_extension( ax_request ) + end + def open_id_redirect_url(open_id_request, return_to = nil, method = nil) open_id_request.return_to_args['_method'] = (method || request.method).to_s open_id_request.return_to_args['open_id_complete'] = '1' - if (method || request.method).to_s != 'get' - begin - open_id_request.return_to_args[request_forgery_protection_token.to_s] = form_authenticity_token - rescue ActionController::InvalidAuthenticityToken - end - end open_id_request.redirect_url(root_url, return_to || requested_url) end @@ -163,7 +224,7 @@ module OpenIdAuthentication relative_url_root = self.class.respond_to?(:relative_url_root) ? self.class.relative_url_root.to_s : request.relative_url_root - "#{request.protocol + request.host_with_port + relative_url_root + request.path}" + "#{request.protocol}#{request.host_with_port}#{ActionController::Base.relative_url_root}#{request.path}" end def timeout_protection_from_identity_server vendor/plugins/open_id_authentication/lib/open_id_authentication.rb @@ -14,4 +14,10 @@ module OpenIdAuthentication end end -ActionController::AbstractRequest.send :include, OpenIdAuthentication::Request +# In Rails 2.3, the request object has been renamed +# from AbstractRequest to Request +if defined? ActionController::Request + ActionController::Request.send :include, OpenIdAuthentication::Request +else + ActionController::AbstractRequest.send :include, OpenIdAuthentication::Request +end vendor/plugins/open_id_authentication/lib/open_id_authentication/request.rb @@ -16,17 +16,17 @@ class NormalizeTest < Test::Unit::TestCase "http://loudthinking.com:8080" => "http://loudthinking.com:8080/", "techno-weenie.net" => "http://techno-weenie.net/", "http://techno-weenie.net" => "http://techno-weenie.net/", - "http://techno-weenie.net " => "http://techno-weenie.net/" + "http://techno-weenie.net " => "http://techno-weenie.net/", + "=name" => "=name" } def test_normalizations NORMALIZATIONS.each do |from, to| - assert_equal to, normalize_url(from) + assert_equal to, normalize_identifier(from) end end - + def test_broken_open_id - assert_raises(InvalidOpenId) { normalize_url(nil) } - assert_raises(InvalidOpenId) { normalize_url("=name") } + assert_raises(InvalidOpenId) { normalize_identifier(nil) } end end vendor/plugins/open_id_authentication/test/normalize_test.rb @@ -4,6 +4,9 @@ require 'rubygems' gem 'activesupport' require 'active_support' +gem 'actionpack' +require 'action_controller' + gem 'mocha' require 'mocha' vendor/plugins/open_id_authentication/test/test_helper.rb @@ -1,3 +1,12 @@ +*2.3.2 [Final] (March 15, 2009)* + +* Fixed that ActionMailer should send correctly formatted Return-Path in MAIL FROM for SMTP #1842 [Matt Jones] + +* Fixed RFC-2045 quoted-printable bug #1421 [squadette] + +* Fixed that no body charset would be set when there are attachments present #740 [Paweł Kondzior] + + *2.2.1 [RC2] (November 14th, 2008)* * Turn on STARTTLS if it is available in Net::SMTP (added in Ruby 1.8.7) and the SMTP server supports it (This is required for Gmail's SMTP server) #1336 [Grant Hollingworth] @@ -5,7 +14,7 @@ *2.2.0 [RC1] (October 24th, 2008)* -* Add layout functionality to mailers [Pratik] +* Add layout functionality to mailers [Pratik Naik] Mailer layouts behaves just like controller layouts, except layout names need to have '_mailer' postfix for them to be automatically picked up. @@ -17,7 +26,7 @@ * Less verbose mail logging: just recipients for :info log level; the whole email for :debug only. #8000 [iaddict, Tarmo Tänav] -* Updated TMail to version 1.2.1 [raasdnil] +* Updated TMail to version 1.2.1 [Mikel Lindsaar] * Fixed that you don't have to call super in ActionMailer::TestCase#setup #10406 [jamesgolick] @@ -29,7 +38,7 @@ *2.0.1* (December 7th, 2007) -* Update ActionMailer so it treats ActionView the same way that ActionController does. Closes #10244 [rick] +* Update ActionMailer so it treats ActionView the same way that ActionController does. Closes #10244 [Rick Olson] * Pass the template_root as an array as ActionView's view_path * Request templates with the "#{mailer_name}/#{action}" as opposed to just "#{action}" @@ -38,11 +47,11 @@ * Update README to use new smtp settings configuration API. Closes #10060 [psq] -* Allow ActionMailer subclasses to individually set their delivery method (so two subclasses can have different delivery methods) #10033 [zdennis] +* Allow ActionMailer subclasses to individually set their delivery method (so two subclasses can have different delivery methods) #10033 [Zach Dennis] -* Update TMail to v1.1.0. Use an updated version of TMail if available. [mikel] +* Update TMail to v1.1.0. Use an updated version of TMail if available. [Mikel Lindsaar] -* Introduce a new base test class for testing Mailers. ActionMailer::TestCase [Koz] +* Introduce a new base test class for testing Mailers. ActionMailer::TestCase [Michael Koziarski] * Fix silent failure of rxml templates. #9879 [jstewart] @@ -77,7 +86,7 @@ *1.3.2* (February 5th, 2007) -* Deprecate server_settings renaming it to smtp_settings, add sendmail_settings to allow you to override the arguments to and location of the sendmail executable. [Koz] +* Deprecate server_settings renaming it to smtp_settings, add sendmail_settings to allow you to override the arguments to and location of the sendmail executable. [Michael Koziarski] *1.3.1* (January 16th, 2007) @@ -97,7 +106,7 @@ * Tighten rescue clauses. #5985 [james@grayproductions.net] -* Automatically included ActionController::UrlWriter, such that URL generation can happen within ActionMailer controllers. [DHH] +* Automatically included ActionController::UrlWriter, such that URL generation can happen within ActionMailer controllers. [David Heinemeier Hansson] * Replace Reloadable with Reloadable::Deprecated. [Nicholas Seckar] vendor/rails/actionmailer/CHANGELOG @@ -1,4 +1,4 @@ -Copyright (c) 2004-2008 David Heinemeier Hansson +Copyright (c) 2004-2009 David Heinemeier Hansson Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the vendor/rails/actionmailer/MIT-LICENSE @@ -55,7 +55,7 @@ spec = Gem::Specification.new do |s| s.rubyforge_project = "actionmailer" s.homepage = "http://www.rubyonrails.org" - s.add_dependency('actionpack', '= 2.2.2' + PKG_BUILD) + s.add_dependency('actionpack', '= 2.3.2' + PKG_BUILD) s.has_rdoc = true s.requirements << 'none' vendor/rails/actionmailer/Rakefile @@ -1,5 +1,5 @@ #-- -# Copyright (c) 2004-2008 David Heinemeier Hansson +# Copyright (c) 2004-2009 David Heinemeier Hansson # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the @@ -31,22 +31,32 @@ rescue LoadError end end -require 'action_mailer/vendor' -require 'tmail' +require 'action_view' -require 'action_mailer/base' -require 'action_mailer/helpers' -require 'action_mailer/mail_helper' -require 'action_mailer/quoting' -require 'action_mailer/test_helper' +module ActionMailer + def self.load_all! + [Base, Part, ::Text::Format, ::Net::SMTP] + end -require 'net/smtp' + autoload :AdvAttrAccessor, 'action_mailer/adv_attr_accessor' + autoload :Base, 'action_mailer/base' + autoload :Helpers, 'action_mailer/helpers' + autoload :Part, 'action_mailer/part' + autoload :PartContainer, 'action_mailer/part_container' + autoload :Quoting, 'action_mailer/quoting' + autoload :TestCase, 'action_mailer/test_case' + autoload :TestHelper, 'action_mailer/test_helper' + autoload :Utils, 'action_mailer/utils' +end -ActionMailer::Base.class_eval do - include ActionMailer::Quoting - include ActionMailer::Helpers +module Text + autoload :Format, 'action_mailer/vendor/text_format' +end - helper MailHelper +module Net + autoload :SMTP, 'net/smtp' end -silence_warnings { TMail::Encoder.const_set("MAX_LINE_LEN", 200) } +autoload :MailHelper, 'action_mailer/mail_helper' + +require 'action_mailer/vendor/tmail' vendor/rails/actionmailer/lib/action_mailer.rb @@ -1,9 +1,3 @@ -require 'action_mailer/adv_attr_accessor' -require 'action_mailer/part' -require 'action_mailer/part_container' -require 'action_mailer/utils' -require 'tmail/net' - module ActionMailer #:nodoc: # Action Mailer allows you to send email from your application using a mailer model and views. # @@ -23,6 +17,7 @@ module ActionMailer #:nodoc: # class Notifier < ActionMailer::Base # def signup_notification(recipient) # recipients recipient.email_address_with_name + # bcc ["bcc@example.com", "Order Watcher <watcher@example.com>"] # from "system@example.com" # subject "New account information" # body :account => recipient @@ -218,6 +213,8 @@ module ActionMailer #:nodoc: # * <tt>:password</tt> - If your mail server requires authentication, set the password in this setting. # * <tt>:authentication</tt> - If your mail server requires authentication, you need to specify the authentication type here. # This is a symbol and one of <tt>:plain</tt>, <tt>:login</tt>, <tt>:cram_md5</tt>. + # * <tt>:enable_starttls_auto</tt> - When set to true, detects if STARTTLS is enabled in your SMTP server and starts to use it. + # It works only on Ruby >= 1.8.7 and Ruby >= 1.9. Default is true. # # * <tt>sendmail_settings</tt> - Allows you to override options for the <tt>:sendmail</tt> delivery method. # * <tt>:location</tt> - The location of the sendmail executable. Defaults to <tt>/usr/sbin/sendmail</tt>. @@ -235,17 +232,20 @@ module ActionMailer #:nodoc: # # * <tt>default_charset</tt> - The default charset used for the body and to encode the subject. Defaults to UTF-8. You can also # pick a different charset from inside a method with +charset+. + # # * <tt>default_content_type</tt> - The default content type used for the main part of the message. Defaults to "text/plain". You # can also pick a different content type from inside a method with +content_type+. + # # * <tt>default_mime_version</tt> - The default mime version used for the message. Defaults to <tt>1.0</tt>. You # can also pick a different value from inside a method with +mime_version+. + # # * <tt>default_implicit_parts_order</tt> - When a message is built implicitly (i.e. multiple parts are assembled from templates # which specify the content type in their filenames) this variable controls how the parts are ordered. Defaults to # <tt>["text/html", "text/enriched", "text/plain"]</tt>. Items that appear first in the array have higher priority in the mail client # and appear last in the mime encoded message. You can also pick a different order from inside a method with # +implicit_parts_order+. class Base - include AdvAttrAccessor, PartContainer + include AdvAttrAccessor, PartContainer, Quoting, Utils if Object.const_defined?(:ActionController) include ActionController::UrlWriter include ActionController::Layout @@ -254,15 +254,18 @@ module ActionMailer #:nodoc: private_class_method :new #:nodoc: class_inheritable_accessor :view_paths + self.view_paths = [] + cattr_accessor :logger @@smtp_settings = { - :address => "localhost", - :port => 25, - :domain => 'localhost.localdomain', - :user_name => nil, - :password => nil, - :authentication => nil + :address => "localhost", + :port => 25, + :domain => 'localhost.localdomain', + :user_name => nil, + :password => nil, + :authentication => nil, + :enable_starttls_auto => true, } cattr_accessor :smtp_settings @@ -426,12 +429,6 @@ module ActionMailer #:nodoc: new.deliver!(mail) end - def register_template_extension(extension) - ActiveSupport::Deprecation.warn( - "ActionMailer::Base.register_template_extension has been deprecated." + - "Use ActionView::Base.register_template_extension instead", caller) - end - def template_root self.view_paths && self.view_paths.first end @@ -482,7 +479,7 @@ module ActionMailer #:nodoc: ) end unless @parts.empty? - @content_type = "multipart/alternative" + @content_type = "multipart/alternative" if @content_type !~ /^multipart/ @parts = sort_parts(@parts, @implicit_parts_order) end end @@ -549,7 +546,12 @@ module ActionMailer #:nodoc: end def render_message(method_name, body) + if method_name.respond_to?(:content_type) + @current_template_content_type = method_name.content_type + end render :file => method_name, :body => body + ensure + @current_template_content_type = nil end def render(opts) @@ -568,11 +570,17 @@ module ActionMailer #:nodoc: end def default_template_format - :html + if @current_template_content_type + Mime::Type.lookup(@current_template_content_type).to_sym + else + :html + end end def candidate_for_layout?(options) - !@template.send(:_exempt_from_layout?, default_template_name) + !self.view_paths.find_template(default_template_name, default_template_format).exempt_from_layout? + rescue ActionView::MissingTemplate + return true end def template_root @@ -588,7 +596,9 @@ module ActionMailer #:nodoc: end def initialize_template_class(assigns) - ActionView::Base.new(view_paths, assigns, self) + template = ActionView::Base.new(self.class.view_paths, assigns, self) + template.template_format = default_template_format + template end def sort_parts(parts, order = []) @@ -637,11 +647,11 @@ module ActionMailer #:nodoc: if @parts.empty? m.set_content_type(real_content_type, nil, ctype_attrs) - m.body = Utils.normalize_new_lines(body) + m.body = normalize_new_lines(body) else if String === body part = TMail::Mail.new - part.body = Utils.normalize_new_lines(body) + part.body = normalize_new_lines(body) part.set_content_type(real_content_type, nil, ctype_attrs) part.set_content_disposition "inline" m.parts << part @@ -664,10 +674,10 @@ module ActionMailer #:nodoc: def perform_delivery_smtp(mail) destinations = mail.destinations mail.ready_to_send - sender = mail['return-path'] || mail.from + sender = (mail['return-path'] && mail['return-path'].spec) || mail.from smtp = Net::SMTP.new(smtp_settings[:address], smtp_settings[:port]) - smtp.enable_starttls_auto if smtp.respond_to?(:enable_starttls_auto) + smtp.enable_starttls_auto if smtp_settings[:enable_starttls_auto] && smtp.respond_to?(:enable_starttls_auto) smtp.start(smtp_settings[:domain], smtp_settings[:user_name], smtp_settings[:password], smtp_settings[:authentication]) do |smtp| smtp.sendmail(mail.encoded, sender, destinations) @@ -687,4 +697,9 @@ module ActionMailer #:nodoc: deliveries << mail end end + + Base.class_eval do + include Helpers + helper MailHelper + end end vendor/rails/actionmailer/lib/action_mailer/base.rb @@ -1,3 +1,5 @@ +require 'active_support/dependencies' + module ActionMailer module Helpers #:nodoc: def self.included(base) #:nodoc: vendor/rails/actionmailer/lib/action_mailer/helpers.rb @@ -1,5 +1,3 @@ -require 'text/format' - module MailHelper # Uses Text::Format to take the text and format it, indented two spaces for # each line, and wrapped at 72 columns. vendor/rails/actionmailer/lib/action_mailer/mail_helper.rb @@ -1,15 +1,10 @@ -require 'action_mailer/adv_attr_accessor' -require 'action_mailer/part_container' -require 'action_mailer/utils' - module ActionMailer # Represents a subpart of an email message. It shares many similar # attributes of ActionMailer::Base. Although you can create parts manually # and add them to the +parts+ list of the mailer, it is easier # to use the helper methods in ActionMailer::PartContainer. class Part - include ActionMailer::AdvAttrAccessor - include ActionMailer::PartContainer + include AdvAttrAccessor, PartContainer, Utils # Represents the body of the part, as a string. This should not be a # Hash (like ActionMailer::Base), but if you want a template to be rendered @@ -64,7 +59,7 @@ module ActionMailer when "base64" then part.body = TMail::Base64.folding_encode(body) when "quoted-printable" - part.body = [Utils.normalize_new_lines(body)].pack("M*") + part.body = [normalize_new_lines(body)].pack("M*") else part.body = body end @@ -93,7 +88,10 @@ module ActionMailer part.parts << prt end - part.set_content_type(real_content_type, nil, ctype_attrs) if real_content_type =~ /multipart/ + if real_content_type =~ /multipart/ + ctype_attrs.delete 'charset' + part.set_content_type(real_content_type, nil, ctype_attrs) + end end headers.each { |k,v| part[k] = v } @@ -102,7 +100,6 @@ module ActionMailer end private - def squish(values={}) values.delete_if { |k,v| v.nil? } end vendor/rails/actionmailer/lib/action_mailer/part.rb @@ -41,7 +41,11 @@ module ActionMailer private def parse_content_type(defaults=nil) - return [defaults && defaults.content_type, {}] if content_type.blank? + if content_type.blank? + return defaults ? + [ defaults.content_type, { 'charset' => defaults.charset } ] : + [ nil, {} ] + end ctype, *attrs = content_type.split(/;\s*/) attrs = attrs.inject({}) { |h,s| k,v = s.split(/=/, 2); h[k] = v; h } [ctype, {"charset" => charset || defaults && defaults.charset}.merge(attrs)] vendor/rails/actionmailer/lib/action_mailer/part_container.rb @@ -12,7 +12,7 @@ module ActionMailer # account multi-byte characters (if executing with $KCODE="u", for instance) def quoted_printable_encode(character) result = "" - character.each_byte { |b| result << "=%02x" % b } + character.each_byte { |b| result << "=%02X" % b } result end vendor/rails/actionmailer/lib/action_mailer/quoting.rb @@ -10,7 +10,7 @@ module ActionMailer end class TestCase < ActiveSupport::TestCase - include ActionMailer::Quoting + include Quoting, TestHelper setup :initialize_test_deliveries setup :set_expected_mail vendor/rails/actionmailer/lib/action_mailer/test_case.rb @@ -58,6 +58,7 @@ module ActionMailer end end +# TODO: Deprecate this module Test module Unit class TestCase vendor/rails/actionmailer/lib/action_mailer/test_helper.rb @@ -3,6 +3,5 @@ module ActionMailer def normalize_new_lines(text) text.to_s.gsub(/\r\n?/, "\n") end - module_function :normalize_new_lines end end vendor/rails/actionmailer/lib/action_mailer/utils.rb @@ -1150,7 +1150,7 @@ if __FILE__ == $0 assert_equal(Text::Format::JUSTIFY, @format_o.format_style) assert_match(/^of freedom, and that government of the people, by the people, for the$/, @format_o.format(GETTYSBURG).split("\n")[-3]) - assert_raises(ArgumentError) { @format_o.format_style = 33 } + assert_raise(ArgumentError) { @format_o.format_style = 33 } end def test_tag_paragraph vendor/rails/actionmailer/lib/action_mailer/vendor/text-format-0.6.3/text/format.rb @@ -1,7 +1,7 @@ module ActionMailer module VERSION #:nodoc: MAJOR = 2 - MINOR = 2 + MINOR = 3 TINY = 2 STRING = [MAJOR, MINOR, TINY].join('.') vendor/rails/actionmailer/lib/action_mailer/version.rb @@ -1,5 +1,9 @@ +require 'rubygems' require 'test/unit' +gem 'mocha', '>= 0.9.5' +require 'mocha' + $:.unshift "#{File.dirname(__FILE__)}/../lib" $:.unshift "#{File.dirname(__FILE__)}/../../activesupport/lib" $:.unshift "#{File.dirname(__FILE__)}/../../actionpack/lib" @@ -9,8 +13,15 @@ require 'action_mailer/test_case' # Show backtraces for deprecated behavior for quicker cleanup. ActiveSupport::Deprecation.debug = true +# Bogus template processors +ActionView::Template.register_template_handler :haml, lambda { |template| "Look its HAML!".inspect } +ActionView::Template.register_template_handler :bak, lambda { |template| "Lame backup".inspect } + $:.unshift "#{File.dirname(__FILE__)}/fixtures/helpers" -ActionMailer::Base.template_root = "#{File.dirname(__FILE__)}/fixtures" + +ActionView::Base.cache_template_loading = true +FIXTURE_LOAD_PATH = File.join(File.dirname(__FILE__), 'fixtures') +ActionMailer::Base.template_root = FIXTURE_LOAD_PATH class MockSMTP def self.deliveries @@ -37,7 +48,6 @@ class Net::SMTP end def uses_gem(gem_name, test_name, version = '> 0') - require 'rubygems' gem gem_name.to_s, version require gem_name.to_s yield @@ -45,13 +55,6 @@ rescue LoadError $stderr.puts "Skipping #{test_name} tests. `gem install #{gem_name}` and try again." end -# Wrap tests that use Mocha and skip if unavailable. -unless defined? uses_mocha - def uses_mocha(test_name, &block) - uses_gem('mocha', test_name, '>= 0.5.5', &block) - end -end - def set_delivery_method(delivery_method) @old_delivery_method = ActionMailer::Base.delivery_method ActionMailer::Base.delivery_method = delivery_method vendor/rails/actionmailer/test/abstract_unit.rb @@ -20,6 +20,14 @@ class AutoLayoutMailer < ActionMailer::Base from "tester@example.com" body render(:inline => "Hello, <%= @world %>", :layout => false, :body => { :world => "Earth" }) end + + def multipart(recipient, type = nil) + recipients recipient + subject "You have a mail" + from "tester@example.com" + + content_type(type) if type + end end class ExplicitLayoutMailer < ActionMailer::Base @@ -56,6 +64,43 @@ class LayoutMailerTest < Test::Unit::TestCase assert_equal "Hello from layout Inside", mail.body.strip end + def test_should_pickup_multipart_layout + mail = AutoLayoutMailer.create_multipart(@recipient) + assert_equal "multipart/alternative", mail.content_type + assert_equal 2, mail.parts.size + + assert_equal 'text/plain', mail.parts.first.content_type + assert_equal "text/plain layout - text/plain multipart", mail.parts.first.body + + assert_equal 'text/html', mail.parts.last.content_type + assert_equal "Hello from layout text/html multipart", mail.parts.last.body + end + + def test_should_pickup_multipartmixed_layout + mail = AutoLayoutMailer.create_multipart(@recipient, "multipart/mixed") + assert_equal "multipart/mixed", mail.content_type + assert_equal 2, mail.parts.size + + assert_equal 'text/plain', mail.parts.first.content_type + assert_equal "text/plain layout - text/plain multipart", mail.parts.first.body + + assert_equal 'text/html', mail.parts.last.content_type + assert_equal "Hello from layout text/html multipart", mail.parts.last.body + end + + def test_should_fix_multipart_layout + mail = AutoLayoutMailer.create_multipart(@recipient, "text/plain") + assert_equal "multipart/alternative", mail.content_type + assert_equal 2, mail.parts.size + + assert_equal 'text/plain', mail.parts.first.content_type + assert_equal "text/plain layout - text/plain multipart", mail.parts.first.body + + assert_equal 'text/html', mail.parts.last.content_type + assert_equal "Hello from layout text/html multipart", mail.parts.last.body + end + + def test_should_pickup_layout_given_to_render mail = AutoLayoutMailer.create_spam(@recipient) assert_equal "Spammer layout Hello, Earth", mail.body.strip vendor/rails/actionmailer/test/mail_layout_test.rb @@ -289,8 +289,6 @@ class TestMailer < ActionMailer::Base end end -uses_mocha 'ActionMailerTest' do - class ActionMailerTest < Test::Unit::TestCase include ActionMailer::Quoting @@ -332,6 +330,7 @@ class ActionMailerTest < Test::Unit::TestCase assert_equal "multipart/mixed", created.content_type assert_equal "multipart/alternative", created.parts.first.content_type assert_equal "bar", created.parts.first.header['foo'].to_s + assert_nil created.parts.first.charset assert_equal "text/plain", created.parts.first.parts.first.content_type assert_equal "text/html", created.parts.first.parts[1].content_type assert_equal "application/octet-stream", created.parts[1].content_type @@ -389,6 +388,8 @@ class ActionMailerTest < Test::Unit::TestCase end def test_custom_templating_extension + assert ActionView::Template.template_handler_extensions.include?("haml"), "haml extension was not registered" + # N.b., custom_templating_extension.text.plain.haml is expected to be in fixtures/test_mailer directory expected = new_mail expected.to = @recipient @@ -799,6 +800,8 @@ EOF end def test_implicitly_multipart_messages + assert ActionView::Template.template_handler_extensions.include?("bak"), "bak extension was not registered" + mail = TestMailer.create_implicitly_multipart_example(@recipient) assert_equal 3, mail.parts.length assert_equal "1.0", mail.mime_version @@ -812,6 +815,8 @@ EOF end def test_implicitly_multipart_messages_with_custom_order + assert ActionView::Template.template_handler_extensions.include?("bak"), "bak extension was not registered" + mail = TestMailer.create_implicitly_multipart_example(@recipient, nil, ["text/yaml", "text/plain"]) assert_equal 3, mail.parts.length assert_equal "text/html", mail.parts[0].content_type @@ -915,6 +920,8 @@ EOF def test_multipart_with_template_path_with_dots mail = FunkyPathMailer.create_multipart_with_template_path_with_dots(@recipient) assert_equal 2, mail.parts.length + assert_equal 'text/plain', mail.parts[0].content_type + assert_equal 'utf-8', mail.parts[0].charset end def test_custom_content_type_attributes @@ -932,6 +939,7 @@ EOF ActionMailer::Base.delivery_method = :smtp TestMailer.deliver_return_path assert_match %r{^Return-Path: <another@somewhere.test>}, MockSMTP.deliveries[0][0] + assert_equal "another@somewhere.test", MockSMTP.deliveries[0][1].to_s end def test_body_is_stored_as_an_ivar @@ -940,6 +948,7 @@ EOF end def test_starttls_is_enabled_if_supported + ActionMailer::Base.smtp_settings[:enable_starttls_auto] = true MockSMTP.any_instance.expects(:respond_to?).with(:enable_starttls_auto).returns(true) MockSMTP.any_instance.expects(:enable_starttls_auto) ActionMailer::Base.delivery_method = :smtp @@ -947,25 +956,34 @@ EOF end def test_starttls_is_disabled_if_not_supported + ActionMailer::Base.smtp_settings[:enable_starttls_auto] = true MockSMTP.any_instance.expects(:respond_to?).with(:enable_starttls_auto).returns(false) MockSMTP.any_instance.expects(:enable_starttls_auto).never ActionMailer::Base.delivery_method = :smtp TestMailer.deliver_signed_up(@recipient) end -end -end # uses_mocha + def test_starttls_is_not_enabled + ActionMailer::Base.smtp_settings[:enable_starttls_auto] = false + MockSMTP.any_instance.expects(:respond_to?).never + MockSMTP.any_instance.expects(:enable_starttls_auto).never + ActionMailer::Base.delivery_method = :smtp + TestMailer.deliver_signed_up(@recipient) + ensure + ActionMailer::Base.smtp_settings[:enable_starttls_auto] = true + end +end class InheritableTemplateRootTest < Test::Unit::TestCase def test_attr expected = "#{File.dirname(__FILE__)}/fixtures/path.with.dots" - assert_equal expected, FunkyPathMailer.template_root + assert_equal expected, FunkyPathMailer.template_root.to_s sub = Class.new(FunkyPathMailer) sub.template_root = 'test/path' - assert_equal 'test/path', sub.template_root - assert_equal expected, FunkyPathMailer.template_root + assert_equal 'test/path', sub.template_root.to_s + assert_equal expected, FunkyPathMailer.template_root.to_s end end @@ -1051,7 +1069,7 @@ class RespondToTest < Test::Unit::TestCase end def test_should_still_raise_exception_with_expected_message_when_calling_an_undefined_method - error = assert_raises NoMethodError do + error = assert_raise NoMethodError do RespondToMailer.not_a_method end vendor/rails/actionmailer/test/mail_service_test.rb @@ -1,6 +1,5 @@ # encoding: utf-8 require 'abstract_unit' -require 'tmail' require 'tempfile' class QuotingTest < Test::Unit::TestCase @@ -49,8 +48,10 @@ class QuotingTest < Test::Unit::TestCase result = execute_in_sandbox(<<-CODE) $:.unshift(File.dirname(__FILE__) + "/../lib/") - $KCODE = 'u' - require 'jcode' + if RUBY_VERSION < '1.9' + $KCODE = 'u' + require 'jcode' + end require 'action_mailer/quoting' include ActionMailer::Quoting quoted_printable(#{original.inspect}, "UTF-8") vendor/rails/actionmailer/test/quoting_test.rb @@ -26,7 +26,7 @@ class TestHelperMailerTest < ActionMailer::TestCase end def test_determine_default_mailer_raises_correct_error - assert_raises(ActionMailer::NonInferrableMailerError) do + assert_raise(ActionMailer::NonInferrableMailerError) do self.class.determine_default_mailer("NotAMailerTest") end end @@ -36,7 +36,7 @@ class TestHelperMailerTest < ActionMailer::TestCase end def test_encode - assert_equal "=?utf-8?Q?=0aasdf=0a?=", encode("\nasdf\n") + assert_equal "=?utf-8?Q?=0Aasdf=0A?=", encode("\nasdf\n") end def test_assert_emails @@ -84,7 +84,7 @@ class TestHelperMailerTest < ActionMailer::TestCase end def test_assert_emails_too_few_sent - error = assert_raises Test::Unit::AssertionFailedError do + error = assert_raise ActiveSupport::TestCase::Assertion do assert_emails 2 do TestHelperMailer.deliver_test end @@ -94,7 +94,7 @@ class TestHelperMailerTest < ActionMailer::TestCase end def test_assert_emails_too_many_sent - error = assert_raises Test::Unit::AssertionFailedError do + error = assert_raise ActiveSupport::TestCase::Assertion do assert_emails 1 do TestHelperMailer.deliver_test TestHelperMailer.deliver_test @@ -105,7 +105,7 @@ class TestHelperMailerTest < ActionMailer::TestCase end def test_assert_no_emails_failure - error = assert_raises Test::Unit::AssertionFailedError do + error = assert_raise ActiveSupport::TestCase::Assertion do assert_no_emails do TestHelperMailer.deliver_test end vendor/rails/actionmailer/test/test_helper_test.rb @@ -1,9 +1,127 @@ -*2.2.2 [2.2 Final]* +*2.3.2 [Final] (March 15, 2009)* -* Deprecated the :file default for ActionView#render to prepare for 2.3's new :partial default [DHH] +* Fixed that redirection would just log the options, not the final url (which lead to "Redirected to #<Post:0x23150b8>") [DHH] +* Added ability to pass in :public => true to fresh_when, stale?, and expires_in to make the request proxy cachable #2095 [Gregg Pollack] -*2.2.1 [RC2] (November 14th, 2008)* +* Fixed that passing a custom form builder would be forwarded to nested fields_for calls #2023 [Eloy Duran/Nate Wiger] + +* Form option helpers now support disabled option tags and the use of lambdas for selecting/disabling option tags from collections #837 [Tekin] + +* Added partial scoping to TranslationHelper#translate, so if you call translate(".foo") from the people/index.html.erb template, you'll actually be calling I18n.translate("people.index.foo") [DHH] + +* Fix a syntax error in current_page?() that was prevent matches against URL's with multiple query parameters #1385, #1868 [chris finne/Andrew White] + +* Added localized rescue template when I18n.locale is set (ex: public/404.da.html) #1835 [José Valim] + +* Make the form_for and fields_for helpers support the new Active Record nested update options. #1202 [Eloy Duran] + + <% form_for @person do |person_form| %> + ... + <% person_form.fields_for :projects do |project_fields| %> + <% if project_fields.object.active? %> + Name: <%= project_fields.text_field :name %> + <% end %> + <% end %> + <% end %> + + +* Added grouped_options_for_select helper method for wrapping option tags in optgroups. #977 [Jon Crawford] + +* Implement HTTP Digest authentication. #1230 [Gregg Kellogg, Pratik Naik] Example : + + class DummyDigestController < ActionController::Base + USERS = { "lifo" => 'world' } + + before_filter :authenticate + + def index + render :text => "Hello Secret" + end + + private + + def authenticate + authenticate_or_request_with_http_digest("Super Secret") do |username| + # Return the user's password + USERS[username] + end + end + end + +* Improved i18n support for the number_to_human_size helper. Changes the storage_units translation data; update your translations accordingly. #1634 [Yaroslav Markin] + storage_units: + # %u is the storage unit, %n is the number (default: 2 MB) + format: "%n %u" + units: + byte: + one: "Byte" + other: "Bytes" + kb: "KB" + mb: "MB" + gb: "GB" + tb: "TB" + +* Added :silence option to BenchmarkHelper#benchmark and turned log_level into a hash parameter and deprecated the old use [DHH] + +* Fixed the AssetTagHelper cache to use the computed asset host as part of the cache key instead of just assuming the its a string #1299 [DHH] + +* Make ActionController#render(string) work as a shortcut for render :file/:template/:action => string. [#1435] [Pratik Naik] Examples: + + # Instead of render(:action => 'other_action') + render('other_action') # argument has no '/' + render(:other_action) + + # Instead of render(:template => 'controller/action') + render('controller/action') # argument must not begin with a '/', but contain a '/' + + # Instead of render(:file => '/Users/lifo/home.html.erb') + render('/Users/lifo/home.html.erb') # argument must begin with a '/' + +* Add :prompt option to date/time select helpers. #561 [Sam Oliver] + +* Fixed that send_file shouldn't set an etag #1578 [Hongli Lai] + +* Allow users to opt out of the spoofing checks in Request#remote_ip. Useful for sites whose traffic regularly triggers false positives. [Darren Boyd] + +* Deprecated formatted_polymorphic_url. [Jeremy Kemper] + +* Added the option to declare an asset_host as an object that responds to call (see http://github.com/dhh/asset-hosting-with-minimum-ssl for an example) [David Heinemeier Hansson] + +* Added support for multiple routes.rb files (useful for plugin engines). This also means that draw will no longer clear the route set, you have to do that by hand (shouldn't make a difference to you unless you're doing some funky stuff) [David Heinemeier Hansson] + +* Dropped formatted_* routes in favor of just passing in :format as an option. This cuts resource routes generation in half #1359 [aaronbatalion] + +* Remove support for old double-encoded cookies from the cookie store. These values haven't been generated since before 2.1.0, and any users who have visited the app in the intervening 6 months will have had their cookie upgraded. [Michael Koziarski] + +* Allow helpers directory to be overridden via ActionController::Base.helpers_dir #1424 [Sam Pohlenz] + +* Remove deprecated ActionController::Base#assign_default_content_type_and_charset + +* Changed the default of ActionView#render to assume partials instead of files when not given an options hash [David Heinemeier Hansson]. Examples: + + # Instead of <%= render :partial => "account" %> + <%= render "account" %> + + # Instead of <%= render :partial => "account", :locals => { :account => @buyer } %> + <%= render "account", :account => @buyer %> + + # @account is an Account instance, so it uses the RecordIdentifier to replace + # <%= render :partial => "accounts/account", :locals => { :account => @account } %> + <%= render(@account) %> + + # @posts is an array of Post instances, so it uses the RecordIdentifier to replace + # <%= render :partial => "posts/post", :collection => @posts %> + <%= render(@posts) %> + +* Remove deprecated render_component. Please use the plugin from http://github.com/rails/render_component/tree/master [Pratik Naik] + +* Fixed RedCloth and BlueCloth shouldn't preload. Instead just assume that they're available if you want to use textilize and markdown and let autoload require them [David Heinemeier Hansson] + + +*2.2.2 (November 21st, 2008)* + +* I18n: translate number_to_human_size. Add storage_units: [Bytes, KB, MB, GB, TB] to your translations. #1448 [Yaroslav Markin] * Restore backwards compatible functionality for setting relative_url_root. Include deprecation @@ -15,7 +133,7 @@ product.resources :images, :except => :destroy end -* Added render :js for people who want to render inline JavaScript replies without using RJS [DHH] +* Added render :js for people who want to render inline JavaScript replies without using RJS [David Heinemeier Hansson] * Fixed that polymorphic_url should compact given array #1317 [hiroshi] @@ -25,9 +143,9 @@ * Fix regression bug that made date_select and datetime_select raise a Null Pointer Exception when a nil date/datetime was passed and only month and year were displayed #1289 [Bernardo Padua/Tor Erik] -* Simplified the logging format for parameters (don't include controller, action, and format as duplicates) [DHH] +* Simplified the logging format for parameters (don't include controller, action, and format as duplicates) [David Heinemeier Hansson] -* Remove the logging of the Session ID when the session store is CookieStore [DHH] +* Remove the logging of the Session ID when the session store is CookieStore [David Heinemeier Hansson] * Fixed regex in redirect_to to fully support URI schemes #1247 [Seth Fitzsimmons] @@ -38,7 +156,7 @@ * Fix incorrect closing CDATA delimiter and that HTML::Node.parse would blow up on unclosed CDATA sections [packagethief] -* Added stale? and fresh_when methods to provide a layer of abstraction above request.fresh? and friends [DHH]. Example: +* Added stale? and fresh_when methods to provide a layer of abstraction above request.fresh? and friends [David Heinemeier Hansson]. Example: class ArticlesController < ApplicationController def show_with_respond_to_block @@ -88,13 +206,13 @@ * Fixed FormTagHelper#submit_tag with :disable_with option wouldn't submit the button's value when was clicked #633 [Jose Fernandez] -* Stopped logging template compiles as it only clogs up the log [DHH] +* Stopped logging template compiles as it only clogs up the log [David Heinemeier Hansson] -* Changed the X-Runtime header to report in milliseconds [DHH] +* Changed the X-Runtime header to report in milliseconds [David Heinemeier Hansson] -* Changed BenchmarkHelper#benchmark to report in milliseconds [DHH] +* Changed BenchmarkHelper#benchmark to report in milliseconds [David Heinemeier Hansson] -* Changed logging format to be millisecond based and skip misleading stats [DHH]. Went from: +* Changed logging format to be millisecond based and skip misleading stats [David Heinemeier Hansson]. Went from: Completed in 0.10000 (4 reqs/sec) | Rendering: 0.04000 (40%) | DB: 0.00400 (4%) | 200 OK [http://example.com] @@ -118,7 +236,7 @@ * Added button_to_remote helper. #3641 [Donald Piret, Tarmo Tänav] -* Deprecate render_component. Please use render_component plugin from http://github.com/rails/render_component/tree/master [Pratik] +* Deprecate render_component. Please use render_component plugin from http://github.com/rails/render_component/tree/master [Pratik Naik] * Routes may be restricted to lists of HTTP methods instead of a single method or :any. #407 [Brennan Dunn, Gaius Centus Novus] map.resource :posts, :collection => { :search => [:get, :post] } @@ -152,7 +270,7 @@ * All 2xx requests are considered successful [Josh Peek] -* Fixed that AssetTagHelper#compute_public_path shouldn't cache the asset_host along with the source or per-request proc's won't run [DHH] +* Fixed that AssetTagHelper#compute_public_path shouldn't cache the asset_host along with the source or per-request proc's won't run [David Heinemeier Hansson] * Removed config.action_view.cache_template_loading, use config.cache_classes instead [Josh Peek] @@ -215,7 +333,7 @@ * Replaced TemplateFinder abstraction with ViewLoadPaths [Josh Peek] -* Added block-call style to link_to [Sam Stephenson/DHH]. Example: +* Added block-call style to link_to [Sam Stephenson/David Heinemeier Hansson]. Example: <% link_to(@profile) do %> <strong><%= @profile.name %></strong> -- <span>Check it out!!</span> @@ -246,30 +364,30 @@ * Added session(:on) to turn session management back on in a controller subclass if the superclass turned it off (Peter Jones) [#136] -* Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [rick] +* Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [Rick Olson] * InstanceTag#default_time_from_options with hash args uses Time.current as default; respects hash settings when time falls in system local spring DST gap [Geoff Buesing] * select_date defaults to Time.zone.today when config.time_zone is set [Geoff Buesing] * Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) [#80] -* Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) [DHH] +* Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) [David Heinemeier Hansson] -* Reduce number of instance variables being copied from controller to view. [Pratik] +* Reduce number of instance variables being copied from controller to view. [Pratik Naik] * select_datetime and select_time default to Time.zone.now when config.time_zone is set [Geoff Buesing] * datetime_select defaults to Time.zone.now when config.time_zone is set [Geoff Buesing] -* Remove ActionController::Base#view_controller_internals flag. [Pratik] +* Remove ActionController::Base#view_controller_internals flag. [Pratik Naik] * Add conditional options to caches_page method. [Paul Horsfall] -* Move missing template logic to ActionView. [Pratik] +* Move missing template logic to ActionView. [Pratik Naik] -* Introduce ActionView::InlineTemplate class. [Pratik] +* Introduce ActionView::InlineTemplate class. [Pratik Naik] -* Automatically parse posted JSON content for Mime::JSON requests. [rick] +* Automatically parse posted JSON content for Mime::JSON requests. [Rick Olson] POST /posts {"post": {"title": "Breaking News"}} @@ -279,14 +397,14 @@ # ... end -* add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick] +* add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [Rick Olson] * Provide a helper proxy to access helper methods from outside views. Closes #10839 [Josh Peek] e.g. ApplicationController.helpers.simple_format(text) * Improve documentation. [Xavier Noria, leethal, jerome] -* Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 [josh, eventualbuddha, Pratik] +* Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 [Josh Peek, eventualbuddha, Pratik Naik] * Support render :partial => collection of heterogeneous elements. #11491 [Zach Dennis] @@ -298,17 +416,17 @@ * Fixed HTML::Tokenizer (used in sanitize helper) didn't handle unclosed CDATA tags #10071 [esad, packagethief] -* Improve documentation. [Radar, Jan De Poorter, chuyeow, xaviershay, danger, miloops, Xavier Noria, Sunny Ripert] +* Improve documentation. [Ryan Bigg, Jan De Poorter, Cheah Chu Yeow, Xavier Shay, Jack Danger Canty, Emilio Tagua, Xavier Noria, Sunny Ripert] * Fixed that FormHelper#radio_button would produce invalid ids #11298 [harlancrystal] -* Added :confirm option to submit_tag #11415 [miloops] +* Added :confirm option to submit_tag #11415 [Emilio Tagua] * Fixed NumberHelper#number_with_precision to properly round in a way that works equally on Mac, Windows, Linux (closes #11409, #8275, #10090, #8027) [zhangyuanyi] -* Allow the #simple_format text_helper to take an html_options hash for each paragraph. #2448 [Francois Beausoleil, thechrisoshow] +* Allow the #simple_format text_helper to take an html_options hash for each paragraph. #2448 [François Beausoleil, Chris O'Sullivan] -* Fix regression from filter refactoring where re-adding a skipped filter resulted in it being called twice. [rick] +* Fix regression from filter refactoring where re-adding a skipped filter resulted in it being called twice. [Rick Olson] * Refactor filters to use Active Support callbacks. #11235 [Josh Peek] @@ -324,43 +442,43 @@ * Fix nested parameter hash parsing bug. #10797 [thomas.lee] -* Allow using named routes in ActionController::TestCase before any request has been made. Closes #11273 [alloy] +* Allow using named routes in ActionController::TestCase before any request has been made. Closes #11273 [Eloy Duran] -* Fixed that sweepers defined by cache_sweeper will be added regardless of the perform_caching setting. Instead, control whether the sweeper should be run with the perform_caching setting. This makes testing easier when you want to turn perform_caching on/off [DHH] +* Fixed that sweepers defined by cache_sweeper will be added regardless of the perform_caching setting. Instead, control whether the sweeper should be run with the perform_caching setting. This makes testing easier when you want to turn perform_caching on/off [David Heinemeier Hansson] * Make MimeResponds::Responder#any work without explicit types. Closes #11140 [jaw6] * Better error message for type conflicts when parsing params. Closes #7962 [spicycode, matt] -* Remove unused ActionController::Base.template_class. Closes #10787 [Pratik] +* Remove unused ActionController::Base.template_class. Closes #10787 [Pratik Naik] -* Moved template handlers related code from ActionView::Base to ActionView::Template. [Pratik] +* Moved template handlers related code from ActionView::Base to ActionView::Template. [Pratik Naik] -* Tests for div_for and content_tag_for helpers. Closes #11223 [thechrisoshow] +* Tests for div_for and content_tag_for helpers. Closes #11223 [Chris O'Sullivan] * Allow file uploads in Integration Tests. Closes #11091 [RubyRedRick] -* Refactor partial rendering into a PartialTemplate class. [Pratik] +* Refactor partial rendering into a PartialTemplate class. [Pratik Naik] -* Added that requests with JavaScript as the priority mime type in the accept header and no format extension in the parameters will be treated as though their format was :js when it comes to determining which template to render. This makes it possible for JS requests to automatically render action.js.rjs files without an explicit respond_to block [DHH] +* Added that requests with JavaScript as the priority mime type in the accept header and no format extension in the parameters will be treated as though their format was :js when it comes to determining which template to render. This makes it possible for JS requests to automatically render action.js.rjs files without an explicit respond_to block [David Heinemeier Hansson] -* Tests for distance_of_time_in_words with TimeWithZone instances. Closes #10914 [ernesto.jimenez] +* Tests for distance_of_time_in_words with TimeWithZone instances. Closes #10914 [Ernesto Jimenez] * Remove support for multivalued (e.g., '&'-delimited) cookies. [Jamis Buck] * Fix problem with render :partial collections, records, and locals. #11057 [lotswholetime] -* Added support for naming concrete classes in sweeper declarations [DHH] +* Added support for naming concrete classes in sweeper declarations [David Heinemeier Hansson] -* Remove ERB trim variables from trace template in case ActionView::Base.erb_trim_mode is changed in the application. #10098 [tpope, kampers] +* Remove ERB trim variables from trace template in case ActionView::Base.erb_trim_mode is changed in the application. #10098 [Tim Pope, Chris Kampmeier] -* Fix typo in form_helper documentation. #10650 [xaviershay, kampers] +* Fix typo in form_helper documentation. #10650 [Xavier Shay, Chris Kampmeier] * Fix bug with setting Request#format= after the getter has cached the value. #10889 [cch1] -* Correct inconsistencies in RequestForgeryProtection docs. #11032 [mislav] +* Correct inconsistencies in RequestForgeryProtection docs. #11032 [Mislav Marohnić] -* Introduce a Template class to ActionView. #11024 [lifofifo] +* Introduce a Template class to ActionView. #11024 [Pratik Naik] * Introduce the :index option for form_for and fields_for to simplify multi-model forms (see http://railscasts.com/episodes/75). #9883 [rmm5t] @@ -376,7 +494,7 @@ e.g. map.dashboard '/dashboard', :controller=>'dashboard' map.root :dashboard -* Handle corner case with image_tag when passed 'messed up' image names. #9018 [duncanbeevers, mpalmer] +* Handle corner case with image_tag when passed 'messed up' image names. #9018 [Duncan Beevers, mpalmer] * Add label_tag helper for generating elements. #10802 [DefV] @@ -384,15 +502,15 @@ * Performance: optimize route recognition. Large speedup for apps with many resource routes. #10835 [oleganza] -* Make render :partial recognise form builders and use the _form partial. #10814 [djanowski] +* Make render :partial recognise form builders and use the _form partial. #10814 [Damian Janowski] * Allow users to declare other namespaces when using the atom feed helpers. #10304 [david.calavera] * Introduce send_file :x_sendfile => true to send an X-Sendfile response header. [Jeremy Kemper] -* Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used #10739 [jeremyevans] +* Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used #10739 [Jeremy Evans] -* Provide nicer access to HTTP Headers. Instead of request.env["HTTP_REFERRER"] you can now use request.headers["Referrer"]. [Koz] +* Provide nicer access to HTTP Headers. Instead of request.env["HTTP_REFERRER"] you can now use request.headers["Referrer"]. [Michael Koziarski] * UrlWriter respects relative_url_root. #10748 [Cheah Chu Yeow] @@ -402,26 +520,26 @@ * assert_response failures include the exception message. #10688 [Seth Rasmussen] -* All fragment cache keys are now by default prefixed with the "views/" namespace [DHH] +* All fragment cache keys are now by default prefixed with the "views/" namespace [David Heinemeier Hansson] -* Moved the caching stores from ActionController::Caching::Fragments::* to ActiveSupport::Cache::*. If you're explicitly referring to a store, like ActionController::Caching::Fragments::MemoryStore, you need to update that reference with ActiveSupport::Cache::MemoryStore [DHH] +* Moved the caching stores from ActionController::Caching::Fragments::* to ActiveSupport::Cache::*. If you're explicitly referring to a store, like ActionController::Caching::Fragments::MemoryStore, you need to update that reference with ActiveSupport::Cache::MemoryStore [David Heinemeier Hansson] -* Deprecated ActionController::Base.fragment_cache_store for ActionController::Base.cache_store [DHH] +* Deprecated ActionController::Base.fragment_cache_store for ActionController::Base.cache_store [David Heinemeier Hansson] -* Made fragment caching in views work for rjs and builder as well #6642 [zsombor] +* Made fragment caching in views work for rjs and builder as well #6642 [Dee Zsombor] * Fixed rendering of partials with layout when done from site layout #9209 [antramm] -* Fix atom_feed_helper to comply with the atom spec. Closes #10672 [xaviershay] +* Fix atom_feed_helper to comply with the atom spec. Closes #10672 [Xavier Shay] * The tags created do not contain a date (http://feedvalidator.org/docs/error/InvalidTAG.html) * IDs are not guaranteed unique * A default self link was not provided, contrary to the documentation * NOTE: This changes tags for existing atom entries, but at least they validate now. -* Correct indentation in tests. Closes #10671 [l.guidi] +* Correct indentation in tests. Closes #10671 [Luca Guidi] -* Fix that auto_link looks for ='s in url paths (Amazon urls have them). Closes #10640 [bgreenlee] +* Fix that auto_link looks for ='s in url paths (Amazon urls have them). Closes #10640 [Brad Greenlee] * Ensure that test case setup is run even if overridden. #10382 [Josh Peek] @@ -438,7 +556,7 @@ * Added OPTIONS to list of default accepted HTTP methods #10449 [holoway] -* Added option to pass proc to ActionController::Base.asset_host for maximum configurability #10521 [chuyeow]. Example: +* Added option to pass proc to ActionController::Base.asset_host for maximum configurability #10521 [Cheah Chu Yeow]. Example: ActionController::Base.asset_host = Proc.new { |source| if source.starts_with?('/images') @@ -467,45 +585,45 @@ * Fixed send_file/binary_content for testing #8044 [tolsen] -* When a NonInferrableControllerError is raised, make the proposed fix clearer in the error message. Closes #10199 [danger] +* When a NonInferrableControllerError is raised, make the proposed fix clearer in the error message. Closes #10199 [Jack Danger Canty] * Update Prototype to 1.6.0.1. [sam] * Update script.aculo.us to 1.8.0.1. [madrobby] -* Add 'disabled' attribute to <OPTION> separators used in time zone and country selects. Closes #10354 [hasmanyjosh] +* Add 'disabled' attribute to <OPTION> separators used in time zone and country selects. Closes #10354 [Josh Susser] -* Added the same record identification guessing rules to fields_for as form_for has [DHH] +* Added the same record identification guessing rules to fields_for as form_for has [David Heinemeier Hansson] -* Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) [DHH] +* Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) [David Heinemeier Hansson] * Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 [Tarmo Tänav] * Update to Prototype -r8232. [sam] -* Make sure the optimisation code for routes doesn't get used if :host, :anchor or :port are provided in the hash arguments. [pager, Koz] #10292 +* Make sure the optimisation code for routes doesn't get used if :host, :anchor or :port are provided in the hash arguments. [pager, Michael Koziarski] #10292 * Added protection from trailing slashes on page caching #10229 [devrieda] -* Asset timestamps are appended, not prepended. Closes #10276 [mnaberez] +* Asset timestamps are appended, not prepended. Closes #10276 [Mike Naberezny] * Minor inconsistency in description of render example. Closes #10029 [ScottSchram] -* Add #prepend_view_path and #append_view_path instance methods on ActionController::Base for consistency with the class methods. [rick] +* Add #prepend_view_path and #append_view_path instance methods on ActionController::Base for consistency with the class methods. [Rick Olson] -* Refactor sanitizer helpers into HTML classes and make it easy to swap them out with custom implementations. Closes #10129. [rick] +* Refactor sanitizer helpers into HTML classes and make it easy to swap them out with custom implementations. Closes #10129. [Rick Olson] -* Add deprecation for old subtemplate syntax for ActionMailer templates, use render :partial [rick] +* Add deprecation for old subtemplate syntax for ActionMailer templates, use render :partial [Rick Olson] -* Fix TemplateError so it doesn't bomb on exceptions while running tests [rick] +* Fix TemplateError so it doesn't bomb on exceptions while running tests [Rick Olson] -* Fixed that named routes living under resources shouldn't have double slashes #10198 [isaacfeliu] +* Fixed that named routes living under resources shouldn't have double slashes #10198 [Isaac Feliu] -* Make sure that cookie sessions use a secret that is at least 30 chars in length. [Koz] +* Make sure that cookie sessions use a secret that is at least 30 chars in length. [Michael Koziarski] * Fixed that partial rendering should look at the type of the first render to determine its own type if no other clues are available (like when using text.plain.erb as the extension in AM) #10130 [java] -* Fixed that has_many :through associations should render as collections too #9051 [mathie/danger] +* Fixed that has_many :through associations should render as collections too #9051 [mathie/Jack Danger Canty] * Added :mouseover short-cut to AssetTagHelper#image_tag for doing easy image swaps #6893 [joost] @@ -513,7 +631,7 @@ * Fix syntax error in documentation example for cycle method. Closes #8735 [foca] -* Document :with option for link_to_remote. Closes #8765 [ryanb] +* Document :with option for link_to_remote. Closes #8765 [Ryan Bates] * Document :minute_step option for time_select. Closes #8814 [brupm] @@ -523,7 +641,7 @@ * Fix broken tag in assert_tag documentation. Closes #9037 [mfazekas] -* Add documentation for route conditions. Closes #9041 [innu, manfred] +* Add documentation for route conditions. Closes #9041 [innu, Manfred Stienstra] * Fix typo left over from previous typo fix in url helper. Closes #9414 [Henrik N] @@ -531,23 +649,23 @@ * Update Prototype to 1.6.0 and script.aculo.us to 1.8.0. [sam, madrobby] -* Expose the cookie jar as a helper method (before the view would just get the raw cookie hash) [DHH] +* Expose the cookie jar as a helper method (before the view would just get the raw cookie hash) [David Heinemeier Hansson] * Integration tests: get_ and post_via_redirect take a headers hash. #9130 [simonjefford] -* Simplfy #view_paths implementation. ActionView templates get the exact object, not a dup. [Rick] +* Simplfy #view_paths implementation. ActionView templates get the exact object, not a dup. [Rick Olson] -* Update tests for ActiveSupport's JSON escaping change. [rick] +* Update tests for ActiveSupport's JSON escaping change. [Rick Olson] * FormHelper's auto_index should use #to_param instead of #id_before_type_cast. Closes #9994 [mattly] * Doc typo fixes for ActiveRecordHelper. Closes #9973 [mikong] -* Make example parameters in restful routing docs idiomatic. Closes #9993 [danger] +* Make example parameters in restful routing docs idiomatic. Closes #9993 [Jack Danger Canty] * Make documentation comment for mime responders match documentation example. Closes #9357 [yon] -* Introduce a new test case class for functional tests. ActionController::TestCase. [Koz] +* Introduce a new test case class for functional tests. ActionController::TestCase. [Michael Koziarski] * Fix incorrect path in helper rdoc. Closes #9926 [viktor tron] @@ -563,13 +681,13 @@ * Disabled checkboxes don't submit a form value. #9301 [vladr, robinjfisher] -* Added tests for options to ActiveRecordHelper#form. Closes #7213 [richcollins, mikong, mislav] +* Added tests for options to ActiveRecordHelper#form. Closes #7213 [richcollins, mikong, Mislav Marohnić] -* Changed before_filter halting to happen automatically on render or redirect but no longer on simply returning false [DHH] +* Changed before_filter halting to happen automatically on render or redirect but no longer on simply returning false [David Heinemeier Hansson] * Ensure that cookies handle array values correctly. Closes #9937 [queso] -* Make sure resource routes don't clash with internal helpers like javascript_path, image_path etc. #9928 [gbuesing] +* Make sure resource routes don't clash with internal helpers like javascript_path, image_path etc. #9928 [Geoff Buesing] * caches_page uses a single after_filter instead of one per action. #9891 [Pratik Naik] @@ -581,15 +699,15 @@ * error_messages_for also takes :message and :header_message options which defaults to the old "There were problems with the following fields:" and "<count> errors prohibited this <object_name> from being saved". #8270 [rmm5t, zach-inglis-lt3] -* Make sure that custom inflections are picked up by map.resources. #9815 [mislav] +* Make sure that custom inflections are picked up by map.resources. #9815 [Mislav Marohnić] -* Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH] +* Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [David Heinemeier Hansson] -* Extracted sanitization methods from TextHelper to SanitizeHelper [DHH] +* Extracted sanitization methods from TextHelper to SanitizeHelper [David Heinemeier Hansson] * rescue_from accepts :with => lambda { |exception| ... } or a normal block. #9827 [Pratik Naik] -* Add :status to redirect_to allowing users to choose their own response code without manually setting headers. #8297 [codahale, chasgrundy] +* Add :status to redirect_to allowing users to choose their own response code without manually setting headers. #8297 [Coda Hale, chasgrundy] * Add link_to :back which uses your referrer with a fallback to a javascript link. #7366 [eventualbuddha, Tarmo Tänav] @@ -597,13 +715,13 @@ * Fix url_for, redirect_to, etc. with :controller => :symbol instead of 'string'. #8562, #9525 [Justin Lynn, Tarmo Tänav, shoe] -* Use #require_library_or_gem to load the memcache library for the MemCache session and fragment cache stores. Closes #8662. [Rick] +* Use #require_library_or_gem to load the memcache library for the MemCache session and fragment cache stores. Closes #8662. [Rick Olson] -* Move ActionController::Routing.optimise_named_routes to ActionController::Base.optimise_named_routes. Now you can set it in the config. [Rick] +* Move ActionController::Routing.optimise_named_routes to ActionController::Base.optimise_named_routes. Now you can set it in the config. [Rick Olson] config.action_controller.optimise_named_routes = false -* ActionController::Routing::DynamicSegment#interpolation_chunk should call #to_s on all values before calling URI.escape. [Rick] +* ActionController::Routing::DynamicSegment#interpolation_chunk should call #to_s on all values before calling URI.escape. [Rick Olson] * Only accept session ids from cookies, prevents session fixation attacks. [bradediger] @@ -612,7 +730,7 @@ * Fixed that render template did not honor exempt_from_layout #9698 [pezra] -* Better error messages if you leave out the :secret option for request forgery protection. Closes #9670 [rick] +* Better error messages if you leave out the :secret option for request forgery protection. Closes #9670 [Rick Olson] * Allow ability to disable request forgery protection, disable it in test mode by default. Closes #9693 [Pratik Naik] @@ -624,40 +742,40 @@ * Cache asset ids. [Jeremy Kemper] -* Optimized named routes respect AbstractRequest.relative_url_root. #9612 [danielmorrison, Jeremy Kemper] +* Optimized named routes respect AbstractRequest.relative_url_root. #9612 [Daniel Morrison, Jeremy Kemper] * Introduce ActionController::Base.rescue_from to declare exception-handling methods. Cleaner style than the case-heavy rescue_action_in_public. #9449 [Norbert Crombach] -* Rename some RequestForgeryProtection methods. The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'. [Rick] +* Rename some RequestForgeryProtection methods. The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'. [Rick Olson] -* Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. [Rick] +* Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. [Rick Olson] -* Secure #sanitize, #strip_tags, and #strip_links helpers against xss attacks. Closes #8877. [Rick, Pratik Naik, Jacques Distler] +* Secure #sanitize, #strip_tags, and #strip_links helpers against xss attacks. Closes #8877. [Rick Olson, Pratik Naik, Jacques Distler] This merges and renames the popular white_list helper (along with some css sanitizing from Jacques Distler version of the same plugin). Also applied updated versions of #strip_tags and #strip_links from #8877. * Remove use of & logic operator. Closes #8114. [watson] -* Fixed JavaScriptHelper#escape_javascript to also escape closing tags #8023 [rubyruy] +* Fixed JavaScriptHelper#escape_javascript to also escape closing tags #8023 [Ruy Asan] * Fixed TextHelper#word_wrap for multiline strings with extra carrier returns #8663 [seth] * Fixed that setting the :host option in url_for would automatically turn off :only_path (since :host would otherwise not be shown) #9586 [Bounga] -* Added FormHelper#label. #8641, #9850 [jcoglan, jarkko] +* Added FormHelper#label. #8641, #9850 [jcoglan, Jarkko Laine] -* Added AtomFeedHelper (slightly improved from the atom_feed_helper plugin) [DHH] +* Added AtomFeedHelper (slightly improved from the atom_feed_helper plugin) [David Heinemeier Hansson] -* Prevent errors when generating routes for uncountable resources, (i.e. sheep where plural == singluar). map.resources :sheep now creates sheep_index_url for the collection and sheep_url for the specific item. [Koz] +* Prevent errors when generating routes for uncountable resources, (i.e. sheep where plural == singluar). map.resources :sheep now creates sheep_index_url for the collection and sheep_url for the specific item. [Michael Koziarski] -* Added support for HTTP Only cookies (works in IE6+ and FF 2.0.5+) as an improvement for XSS attacks #8895 [Pratik Naik, Spakman] +* Added support for HTTP Only cookies (works in IE6+ and FF 2.0.5+) as an improvement for XSS attacks #8895 [Pratik Naik, Mark Somerville] * Don't warn when a path segment precedes a required segment. Closes #9615. [Nicholas Seckar] * Fixed CaptureHelper#content_for to work with the optional content parameter instead of just the block #9434 [sandofsky/wildchild]. -* Added Mime::Type.register_alias for dealing with different formats using the same mime type [DHH]. Example: +* Added Mime::Type.register_alias for dealing with different formats using the same mime type [David Heinemeier Hansson]. Example: class PostsController < ApplicationController before_filter :adjust_format_for_iphone @@ -680,7 +798,7 @@ end end -* Added that render :json will automatically call .to_json unless it's being passed a string [DHH]. +* Added that render :json will automatically call .to_json unless it's being passed a string [David Heinemeier Hansson]. * Autolink behaves well with emails embedded in URLs. #7313 [Jeremy McAnally, Tarmo Tänav] @@ -692,7 +810,7 @@ * root_path returns '/' not ''. #9563 [Pratik Naik] -* Fixed that setting request.format should also affect respond_to blocks [DHH] +* Fixed that setting request.format should also affect respond_to blocks [David Heinemeier Hansson] * Add option to force binary mode on tempfile used for fixture_file_upload. #6380 [Jonathan Viney] @@ -702,20 +820,20 @@ * Moved ActionController::Macros::InPlaceEditing into the in_place_editor plugin on the official Rails svn. #9513 [Pratik Naik] -* Removed deprecated form of calling xml_http_request/xhr without the first argument being the http verb [DHH] +* Removed deprecated form of calling xml_http_request/xhr without the first argument being the http verb [David Heinemeier Hansson] -* Removed deprecated methods [DHH]: +* Removed deprecated methods [David Heinemeier Hansson]: - ActionController::Base#keep_flash (use flash.keep instead) - ActionController::Base#expire_matched_fragments (just call expire_fragment with a regular expression) - ActionController::Base.template_root/= methods (use ActionController#Base.view_paths/= instead) - ActionController::Base.cookie (use ActionController#Base.cookies[]= instead) -* Removed the deprecated behavior of appending ".png" to image_tag/image_path calls without an existing extension [DHH] +* Removed the deprecated behavior of appending ".png" to image_tag/image_path calls without an existing extension [David Heinemeier Hansson] -* Removed ActionController::Base.scaffold -- it went through the whole idea of scaffolding (card board walls you remove and tweak one by one). Use the scaffold generator instead (it does resources too now!) [DHH] +* Removed ActionController::Base.scaffold -- it went through the whole idea of scaffolding (card board walls you remove and tweak one by one). Use the scaffold generator instead (it does resources too now!) [David Heinemeier Hansson] -* Optimise named route generation when using positional arguments. [Koz] +* Optimise named route generation when using positional arguments. [Michael Koziarski] This change delivers significant performance benefits for the most common usage scenarios for modern rails applications by avoiding the @@ -726,9 +844,9 @@ * Fix layout overriding response status. #9476 [lotswholetime] -* Add field_set_tag for generating field_sets, closes #9477. [djanowski] +* Add field_set_tag for generating field_sets, closes #9477. [Damian Janowski] -* Allow additional parameters to be passed to named route helpers when using positional arguments. Closes #8930 [ian.w.white@gmail.com] +* Allow additional parameters to be passed to named route helpers when using positional arguments. Closes #8930 [Ian White] * Make render :partial work with a :collection of Hashes, previously this wasn't possible due to backwards compatibility restrictions. [Pratik Naik] @@ -738,15 +856,15 @@ * Find layouts even if they're not in the first view_paths directory. Closes #9258 [caio] -* Major improvement to the documentation for the options / select form helpers. Closes #9038 [kampers, jardeon, wesg] +* Major improvement to the documentation for the options / select form helpers. Closes #9038 [Chris Kampmeier, jardeon, wesg] * Fix number_to_human_size when using different precisions. Closes #7536. [RichardStrand, mpalmer] -* Added partial layouts (see example in action_view/lib/partials.rb) [DHH] +* Added partial layouts (see example in action_view/lib/partials.rb) [David Heinemeier Hansson] -* Allow you to set custom :conditions on resource routes. [Rick] +* Allow you to set custom :conditions on resource routes. [Rick Olson] -* Fixed that file.content_type for uploaded files would include a trailing \r #9053 [bgreenlee] +* Fixed that file.content_type for uploaded files would include a trailing \r #9053 [Brad Greenlee] * url_for now accepts a series of symbols representing the namespace of the record [Josh Knowles] @@ -754,7 +872,7 @@ * Make sure missing template exceptions actually say which template they were looking for. Closes #8683 [dasil003] -* Fix errors with around_filters which do not yield, restore 1.1 behaviour with after filters. Closes #8891 [skaes] +* Fix errors with around_filters which do not yield, restore 1.1 behaviour with after filters. Closes #8891 [Stefan Kaes] After filters will *no longer* be run if an around_filter fails to yield, users relying on this behaviour are advised to put the code in question after a yield statement in an around filter. @@ -766,13 +884,13 @@ render :partial => 'show.html.erb' -* Improve capture helper documentation. #8796 [kampers] +* Improve capture helper documentation. #8796 [Chris Kampmeier] * Prefix nested resource named routes with their action name, e.g. new_group_user_path(@group) instead of group_new_user_path(@group). The old nested action named route is deprecated in Rails 1.2.4. #8558 [David Chelimsky] -* Allow sweepers to be created solely for expiring after controller actions, not model changes [DHH] +* Allow sweepers to be created solely for expiring after controller actions, not model changes [David Heinemeier Hansson] -* Added assigns method to ActionController::Caching::Sweeper to easily access instance variables on the controller [DHH] +* Added assigns method to ActionController::Caching::Sweeper to easily access instance variables on the controller [David Heinemeier Hansson] * Give the legacy X-POST_DATA_FORMAT header greater precedence during params parsing for backward compatibility. [Jeremy Kemper] @@ -780,11 +898,11 @@ * Fixed that radio_button_tag should generate unique ids #3353 [Bob Silva, Rebecca, Josh Peek] -* Fixed that HTTP authentication should work if the header is called REDIRECT_X_HTTP_AUTHORIZATION as well #6754 [mislaw] +* Fixed that HTTP authentication should work if the header is called REDIRECT_X_HTTP_AUTHORIZATION as well #6754 [Mislav Marohnić] * Don't mistakenly interpret the request uri as the query string. #8731 [Pratik Naik, Jeremy Kemper] -* Make ActionView#view_paths an attr_accessor for real this time. Also, don't perform an unnecessary #compact on the @view_paths array in #initialize. Closes #8582 [dasil003, julik, rick] +* Make ActionView#view_paths an attr_accessor for real this time. Also, don't perform an unnecessary #compact on the @view_paths array in #initialize. Closes #8582 [dasil003, julik, Rick Olson] * Tolerate missing content type on multipart file uploads. Fix for Safari 3. [Jeremy Kemper] @@ -800,7 +918,7 @@ * Resources: url_for([parent, child]) generates /parents/1/children/2 for the nested resource. Likewise with the other simply helpful methods like form_for and link_to. #6432 [mhw, Jonathan Vaught, lotswholetime] -* Assume html format when rendering partials in RJS. #8076 [Rick] +* Assume html format when rendering partials in RJS. #8076 [Rick Olson] * Don't double-escape url_for in views. #8144 [Rich Collins, Josh Peek] @@ -820,13 +938,13 @@ * Reduce file stat calls when checking for template changes. #7736 [alex] -* Added custom path cache_page/expire_page parameters in addition to the options hashes [DHH]. Example: +* Added custom path cache_page/expire_page parameters in addition to the options hashes [David Heinemeier Hansson]. Example: def index caches_page(response.body, "/index.html") end -* Action Caching speedup. #8231 [skaes] +* Action Caching speedup. #8231 [Stefan Kaes] * Wordsmith resources documentation. #8484 [marclove] @@ -844,21 +962,21 @@ * Added option to suppress :size when using :maxlength for FormTagHelper#text_field #3112 [Tim Pope] -* catch possible WSOD when trying to render a missing partial. Closes #8454 [Catfish] +* catch possible WSOD when trying to render a missing partial. Closes #8454 [Jonathan del Strother] * Rewind request body after reading it, if possible. #8438 [s450r1] -* Resource namespaces are inherited by their has_many subresources. #8280 [marclove, ggarside] +* Resource namespaces are inherited by their has_many subresources. #8280 [marclove, Geoff Garside] * Fix filtered parameter logging with nil parameter values. #8422 [choonkeat] -* Integration tests: alias xhr to xml_http_request and add a request_method argument instead of always using POST. #7124 [Nik Wakelin, Francois Beausoleil, Wizard] +* Integration tests: alias xhr to xml_http_request and add a request_method argument instead of always using POST. #7124 [Nik Wakelin, François Beausoleil, Wizard] * Document caches_action. #5419 [Jarkko Laine] * Update to Prototype 1.5.1. [Sam Stephenson] -* Allow routes to be decalred under namespaces [Tobias Luetke]: +* Allow routes to be decalred under namespaces [Tobias Lütke]: map.namespace :admin do |admin| admin.root :controller => "products" @@ -867,13 +985,13 @@ * Update to script.aculo.us 1.7.1_beta3. [Thomas Fuchs] -* observe_form always sends the serialized form. #5271 [manfred, normelton@gmail.com] +* observe_form always sends the serialized form. #5271 [Manfred Stienstra, normelton@gmail.com] * Parse url-encoded and multipart requests ourselves instead of delegating to CGI. [Jeremy Kemper] * select :include_blank option can be set to a string instead of true, which just uses an empty string. #7664 [Wizard] -* Added url_for usage on render :location, which allows for record identification [DHH]. Example: +* Added url_for usage on render :location, which allows for record identification [David Heinemeier Hansson]. Example: render :xml => person, :status => :created, :location => person @@ -899,7 +1017,7 @@ end end -* Added record identifications to FormHelper#form_for and PrototypeHelper#remote_form_for [DHH]. Examples: +* Added record identifications to FormHelper#form_for and PrototypeHelper#remote_form_for [David Heinemeier Hansson]. Examples: <% form_for(@post) do |f| %> ... @@ -923,28 +1041,28 @@ ... <% end %> -* Rationalize route path escaping according to RFC 2396 section 3.3. #7544, #8307. [Jeremy Kemper, chrisroos, begemot, jugend] +* Rationalize route path escaping according to RFC 2396 section 3.3. #7544, #8307. [Jeremy Kemper, Chris Roos, begemot, jugend] -* Added record identification with polymorphic routes for ActionController::Base#url_for and ActionView::Base#url_for [DHH]. Examples: +* Added record identification with polymorphic routes for ActionController::Base#url_for and ActionView::Base#url_for [David Heinemeier Hansson]. Examples: redirect_to(post) # => redirect_to(posts_url(post)) => Location: http://example.com/posts/1 link_to(post.title, post) # => link_to(post.title, posts_url(post)) => <a href="/posts/1">Hello world</a> Any method that calls url_for on its parameters will automatically benefit from this. -* Removed deprecated parameters_for_method_reference concept (legacy from before named routes) [DHH] +* Removed deprecated parameters_for_method_reference concept (legacy from before named routes) [David Heinemeier Hansson] * Add ActionController::Routing::Helpers, a module to contain common URL helpers such as polymorphic_url. [Nicholas Seckar] -* Included the HttpAuthentication plugin as part of core (ActionController::HttpAuthentication::Basic) [DHH] +* Included the HttpAuthentication plugin as part of core (ActionController::HttpAuthentication::Basic) [David Heinemeier Hansson] -* Modernize documentation for form helpers. [jeremymcanally] +* Modernize documentation for form helpers. [Jeremy McAnally] * Add brief introduction to REST to the resources documentation. [fearoffish] * Fix various documentation typos throughout ActionPack. [Henrik N] -* Enhance documentation and add examples for url_for. [jeremymcanally] +* Enhance documentation and add examples for url_for. [Jeremy McAnally] * Fix documentation typo in routes. [Norbert Crombach, pam] @@ -954,24 +1072,24 @@ * Replace the current block/continuation filter chain handling by an implementation based on a simple loop. #8226 [Stefan Kaes] -* Update UrlWriter to accept :anchor parameter. Closes #6771. [octopod] +* Update UrlWriter to accept :anchor parameter. Closes #6771. [Chris McGrath] -* Added RecordTagHelper for using RecordIdentifier conventions on divs and other container elements [DHH]. Example: +* Added RecordTagHelper for using RecordIdentifier conventions on divs and other container elements [David Heinemeier Hansson]. Example: <% div_for(post) do %> <div id="post_45" class="post"> <%= post.body %> What a wonderful world! <% end %> </div> -* Added page[record] accessor to JavaScriptGenerator that relies on RecordIdentifier to find the right dom id [DHH]. Example: +* Added page[record] accessor to JavaScriptGenerator that relies on RecordIdentifier to find the right dom id [David Heinemeier Hansson]. Example: format.js do # Calls: new Effect.fade('post_45'); render(:update) { |page| page[post].visual_effect(:fade) } end -* Added RecordIdentifier to enforce view conventions on records for dom ids, classes, and partial paths [DHH] +* Added RecordIdentifier to enforce view conventions on records for dom ids, classes, and partial paths [David Heinemeier Hansson] -* Added map.namespace to deal with the common situation of admin sections and the like [DHH] +* Added map.namespace to deal with the common situation of admin sections and the like [David Heinemeier Hansson] Before: @@ -989,7 +1107,7 @@ :has_many => [ :tags, :images, :variants ] end -* Added :name_prefix as standard for nested resources [DHH]. WARNING: May be backwards incompatible with your app +* Added :name_prefix as standard for nested resources [David Heinemeier Hansson]. WARNING: May be backwards incompatible with your app Before: @@ -1007,7 +1125,7 @@ This does mean that if you intended to have comments_url go to /emails/5/comments, then you'll have to set :name_prefix to nil explicitly. -* Added :has_many and :has_one for declaring plural and singular resources beneath the current [DHH] +* Added :has_many and :has_one for declaring plural and singular resources beneath the current [David Heinemeier Hansson] Before: @@ -1021,28 +1139,28 @@ map.resources :notes, :has_many => [ :comments, :attachments ], :has_one => :author -* Added that render :xml will try to call to_xml if it can [DHH]. Makes these work: +* Added that render :xml will try to call to_xml if it can [David Heinemeier Hansson]. Makes these work: render :xml => post render :xml => comments -* Added :location option to render so that the common pattern of rendering a response after creating a new resource is now a 1-liner [DHH] +* Added :location option to render so that the common pattern of rendering a response after creating a new resource is now a 1-liner [David Heinemeier Hansson] render :xml => post.to_xml, :status => :created, :location => post_url(post) -* Ensure that render_text only adds string content to the body of the response [DHH] +* Ensure that render_text only adds string content to the body of the response [David Heinemeier Hansson] * Return the string representation from an Xml Builder when rendering a partial. Closes #5044 [Tim Pope] -* Fixed that parameters from XML should also be presented in a hash with indifferent access [DHH] +* Fixed that parameters from XML should also be presented in a hash with indifferent access [David Heinemeier Hansson] -* Tweak template format rules so that the ACCEPT header is only used if it's text/javascript. This is so ajax actions without a :format param get recognized as Mime::JS. [Rick] +* Tweak template format rules so that the ACCEPT header is only used if it's text/javascript. This is so ajax actions without a :format param get recognized as Mime::JS. [Rick Olson] -* The default respond_to blocks don't set a specific extension anymore, so that both 'show.rjs' and 'show.js.rjs' will work. [Rick] +* The default respond_to blocks don't set a specific extension anymore, so that both 'show.rjs' and 'show.js.rjs' will work. [Rick Olson] * Allow layouts with extension of .html.erb. Closes #8032 [Josh Knowles] -* Change default respond_to templates for xml and rjs formats. [Rick] +* Change default respond_to templates for xml and rjs formats. [Rick Olson] * Default xml template goes from #{action_name}.rxml => #{action_name}.xml.builder. * Default rjs template goes from #{action_name}.rjs => #{action_name}.js.rjs. @@ -1055,21 +1173,21 @@ end end -* Fix WSOD due to modification of a formatted template extension so that requests to templates like 'foo.html.erb' fail on the second hit. [Rick] +* Fix WSOD due to modification of a formatted template extension so that requests to templates like 'foo.html.erb' fail on the second hit. [Rick Olson] -* Fix WSOD when template compilation fails [Rick] +* Fix WSOD when template compilation fails [Rick Olson] -* Change ActionView template defaults. Look for templates using the request format first, such as "show.html.erb" or "show.xml.builder", before looking for the old defaults like "show.erb" or "show.builder" [Rick] +* Change ActionView template defaults. Look for templates using the request format first, such as "show.html.erb" or "show.xml.builder", before looking for the old defaults like "show.erb" or "show.builder" [Rick Olson] * Highlight helper highlights one or many terms in a single pass. [Jeremy Kemper] -* Dropped the use of ; as a separator of non-crud actions on resources and went back to the vanilla slash. It was a neat idea, but lots of the non-crud actions turned out not to be RPC (as the ; was primarily intended to discourage), but legitimate sub-resources, like /parties/recent, which didn't deserve the uglification of /parties;recent. Further more, the semicolon caused issues with caching and HTTP authentication in Safari. Just Not Worth It [DHH] +* Dropped the use of ; as a separator of non-crud actions on resources and went back to the vanilla slash. It was a neat idea, but lots of the non-crud actions turned out not to be RPC (as the ; was primarily intended to discourage), but legitimate sub-resources, like /parties/recent, which didn't deserve the uglification of /parties;recent. Further more, the semicolon caused issues with caching and HTTP authentication in Safari. Just Not Worth It [David Heinemeier Hansson] -* Added that FormTagHelper#submit_tag will return to its original state if the submit fails and you're using :disable_with [DHH] +* Added that FormTagHelper#submit_tag will return to its original state if the submit fails and you're using :disable_with [David Heinemeier Hansson] -* Cleaned up, corrected, and mildly expanded ActionPack documentation. Closes #7190 [jeremymcanally] +* Cleaned up, corrected, and mildly expanded ActionPack documentation. Closes #7190 [Jeremy McAnally] -* Small collection of ActionController documentation cleanups. Closes #7319 [jeremymcanally] +* Small collection of ActionController documentation cleanups. Closes #7319 [Jeremy McAnally] * Make sure the route expiry hash is constructed by comparing the to_param-ized values of each hash. [Jamis Buck] @@ -1099,19 +1217,19 @@ * Allow array and hash query parameters. Array route parameters are converted/to/a/path as before. #6765, #7047, #7462 [bgipsy, Jeremy McAnally, Dan Kubb, brendan] # Add a #dbman attr_reader for CGI::Session and make CGI::Session::CookieStore#generate_digest public so it's easy to generate digests -using the cookie store's secret. [Rick] +using the cookie store's secret. [Rick Olson] -* Added Request#url that returns the complete URL used for the request [DHH] +* Added Request#url that returns the complete URL used for the request [David Heinemeier Hansson] * Extract dynamic scaffolding into a plugin. #7700 [Josh Peek] -* Added user/password options for url_for to add http authentication in a URL [DHH] +* Added user/password options for url_for to add http authentication in a URL [David Heinemeier Hansson] * Fixed that FormTagHelper#text_area_tag should disregard :size option if it's not a string [Brendon Davidson] * Set the original button value in an attribute of the button when using the :disable_with key with submit_tag, so that the original can be restored later. [Jamis Buck] -* session_enabled? works with session :off. #6680 [Catfish] +* session_enabled? works with session :off. #6680 [Jonathan del Strother] * Added :port and :host handling to UrlRewriter (which unified url_for usage, regardless of whether it's called in view or controller) #7616 [alancfrancis] @@ -1123,7 +1241,7 @@ using the cookie store's secret. [Rick] * Cookie session store: empty and unchanged sessions don't write a cookie. [Jeremy Kemper] -* Added helper(:all) as a way to include all helpers from app/helpers/**/*.rb in ApplicationController [DHH] +* Added helper(:all) as a way to include all helpers from app/helpers/**/*.rb in ApplicationController [David Heinemeier Hansson] * Integration tests: introduce methods for other HTTP methods. #6353 [caboose] @@ -1144,7 +1262,7 @@ Roos] * Added .erb and .builder as preferred aliases to the now deprecated .rhtml and .rxml extensions [Chad Fowler]. This is done to separate the renderer from the mime type. .erb templates are often used to render emails, atom, csv, whatever. So labeling them .rhtml doesn't make too much sense. The same goes for .rxml, which can be used to build everything from HTML to Atom to whatever. .rhtml and .rxml will continue to work until Rails 3.0, though. So this is a slow phasing out. All generators and examples will start using the new aliases, though. -* Added caching option to AssetTagHelper#stylesheet_link_tag and AssetTagHelper#javascript_include_tag [DHH]. Examples: +* Added caching option to AssetTagHelper#stylesheet_link_tag and AssetTagHelper#javascript_include_tag [David Heinemeier Hansson]. Examples: stylesheet_link_tag :all, :cache => true # when ActionController::Base.perform_caching is false => <link href="/stylesheets/style1.css" media="screen" rel="Stylesheet" type="text/css" /> @@ -1159,13 +1277,13 @@ Roos] * Work around the two connection per host browser limit: use asset%d.myapp.com to distribute asset requests among asset[0123].myapp.com. Use a DNS wildcard or CNAMEs to map these hosts to your asset server. See http://www.die.net/musings/page_load_time/ for background. [Jeremy Kemper] -* Added default mime type for CSS (Mime::CSS) [DHH] +* Added default mime type for CSS (Mime::CSS) [David Heinemeier Hansson] -* Added that rendering will automatically insert the etag header on 200 OK responses. The etag is calculated using MD5 of the response body. If a request comes in that has a matching etag, the response will be changed to a 304 Not Modified and the response body will be set to an empty string. [DHH] +* Added that rendering will automatically insert the etag header on 200 OK responses. The etag is calculated using MD5 of the response body. If a request comes in that has a matching etag, the response will be changed to a 304 Not Modified and the response body will be set to an empty string. [David Heinemeier Hansson] -* Added X-Runtime to all responses with the request run time [DHH] +* Added X-Runtime to all responses with the request run time [David Heinemeier Hansson] -* Add Mime::Type convenience methods to check the current mime type. [Rick] +* Add Mime::Type convenience methods to check the current mime type. [Rick Olson] request.format.html? # => true if Mime::HTML request.format.jpg? # => true if Mime::JPG @@ -1178,16 +1296,16 @@ Roos] * Add a :url_based_filename => true option to ActionController::Streaming::send_file, which allows URL-based filenames. [Thomas Fuchs] -* Fix that FormTagHelper#submit_tag using :disable_with should trigger the onsubmit handler of its form if available [DHH] +* Fix that FormTagHelper#submit_tag using :disable_with should trigger the onsubmit handler of its form if available [David Heinemeier Hansson] -* Fix #render_file so that TemplateError is called with the correct params and you don't get the WSOD. [Rick] +* Fix #render_file so that TemplateError is called with the correct params and you don't get the WSOD. [Rick Olson] * Fix issue with deprecation messing up #template_root= usage. Add #prepend_view_path and #append_view_path to allow modification of a copy of the -superclass' view_paths. [Rick] +superclass' view_paths. [Rick Olson] * Allow Controllers to have multiple view_paths instead of a single template_root. Closes #2754 [John Long] -* Add much-needed html-scanner tests. Fixed CDATA parsing bug. [Rick] +* Add much-needed html-scanner tests. Fixed CDATA parsing bug. [Rick Olson] * improve error message for Routing for named routes. Closes #7346 [Rob Sanheim] @@ -1195,15 +1313,15 @@ superclass' view_paths. [Rick] * fix form_for example in ActionController::Resources documentation. Closes #7362 [gnarg] -* Make sure that the string returned by TextHelper#truncate is actually a string, not a char proxy -- that should only be used internally while working on a multibyte-safe way of truncating [DHH] +* Make sure that the string returned by TextHelper#truncate is actually a string, not a char proxy -- that should only be used internally while working on a multibyte-safe way of truncating [David Heinemeier Hansson] -* Added FormBuilder#submit as a delegate for FormTagHelper#submit_tag [DHH] +* Added FormBuilder#submit as a delegate for FormTagHelper#submit_tag [David Heinemeier Hansson] * Allow Routes to generate all urls for a set of options by specifying :generate_all => true. Allows caching to properly set or expire all paths for a resource. References #1739. [Nicholas Seckar] * Change the query parser to map empty GET params to "" rather than nil. Closes #5694. [Nicholas Seckar] -* date_select and datetime_select take a :default option. #7052 [nik.wakelin] +* date_select and datetime_select take a :default option. #7052 [Nik Wakelin] date_select "post", "written_on", :default => 3.days.from_now date_select "credit_card", "bill_due", :default => { :day => 20 } @@ -1219,7 +1337,7 @@ superclass' view_paths. [Rick] * Change session restoration to allow namespaced models to be autoloaded. Closes #6348. [Nicholas Seckar] -* Fix doubly appearing parameters due to string and symbol mixups. Closes #2551. [aeden] +* Fix doubly appearing parameters due to string and symbol mixups. Closes #2551. [Anthony Eden] * Fix overly greedy rescues when loading helpers. Fixes #6268. [Nicholas Seckar] @@ -1239,7 +1357,7 @@ superclass' view_paths. [Rick] * Fix #distance_of_time_in_words to report accurately against the Duration class. #7114 [eventualbuddha] -* Refactor #form_tag to allow easy extending. [Rick] +* Refactor #form_tag to allow easy extending. [Rick Olson] * Update to Prototype 1.5.0. [Sam Stephenson] @@ -1251,11 +1369,11 @@ superclass' view_paths. [Rick] * Allow exempt_from_layout :rhtml. #6742, #7026 [Dan Manges, Squeegy] -* Recognize the .txt extension as Mime::TEXT [Rick] +* Recognize the .txt extension as Mime::TEXT [Rick Olson] * Fix parsing of array[] CGI parameters so extra empty values aren't included. #6252 [Nicholas Seckar, aiwilliams, brentrowland] -* link_to_unless_current works with full URLs as well as paths. #6891 [Jarkko Laine, manfred, idrifter] +* link_to_unless_current works with full URLs as well as paths. #6891 [Jarkko Laine, Manfred Stienstra, idrifter] * Lookup the mime type for #auto_discovery_link_tag in the Mime::Type class. Closes #6941 [Josh Peek] @@ -1301,7 +1419,7 @@ superclass' view_paths. [Rick] * Unrescued ActiveRecord::RecordNotFound responds with 404 instead of 500. [Jeremy Kemper] -* Improved auto_link to match more valid urls correctly [Tobias Luetke] +* Improved auto_link to match more valid urls correctly [Tobias Lütke] * Add singleton resources. [Rick Olson] @@ -1324,7 +1442,7 @@ superclass' view_paths. [Rick] * Add :index and @auto_index capability to model driven date/time selects. #847, #2655 [moriq, Doug Fales, Bob Silva] -* Add :order to datetime_select, select_datetime, and select_date. #1427 [Timothee Peignier, patrick@lenz.sh, Bob Silva] +* Add :order to datetime_select, select_datetime, and select_date. #1427 [Timothee Peignier, Patrick Lenz, Bob Silva] * Added time_select to work with time values in models. Update scaffolding. #2489, #2833 [Justin Palmer, Andre Caum, Bob Silva] @@ -1334,15 +1452,15 @@ superclass' view_paths. [Rick] * Adds :time_separator to select_time and :date_separator to select_datetime. Preserves BC. #3811 [Bob Silva] -* Added map.root as an alias for map.connect '' [DHH] +* Added map.root as an alias for map.connect '' [David Heinemeier Hansson] -* Added Request#format to return the format used for the request as a mime type. If no format is specified, the first Request#accepts type is used. This means you can stop using respond_to for anything else than responses [DHH]. Examples: +* Added Request#format to return the format used for the request as a mime type. If no format is specified, the first Request#accepts type is used. This means you can stop using respond_to for anything else than responses [David Heinemeier Hansson]. Examples: GET /posts/5.xml | request.format => Mime::XML GET /posts/5.xhtml | request.format => Mime::HTML GET /posts/5 | request.format => request.accepts.first (usually Mime::HTML for browsers) -* Added the option for extension aliases to mime type registration [DHH]. Example (already in the default routes): +* Added the option for extension aliases to mime type registration [David Heinemeier Hansson]. Example (already in the default routes): Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml ) @@ -1352,9 +1470,9 @@ superclass' view_paths. [Rick] * Added CSV to Mime::SET so that respond_to csv will work [Cody Fauser] -* Fixed that HEAD should return the proper Content-Length header (that is, actually use @body.size, not just 0) [DHH] +* Fixed that HEAD should return the proper Content-Length header (that is, actually use @body.size, not just 0) [David Heinemeier Hansson] -* Added GET-masquarading for HEAD, so request.method will return :get even for HEADs. This will help anyone relying on case request.method to automatically work with HEAD and map.resources will also allow HEADs to all GET actions. Rails automatically throws away the response content in a reply to HEAD, so you don't even need to worry about that. If you, for whatever reason, still need to distinguish between GET and HEAD in some edge case, you can use Request#head? and even Request.headers["REQUEST_METHOD"] for get the "real" answer. Closes #6694 [DHH] +* Added GET-masquarading for HEAD, so request.method will return :get even for HEADs. This will help anyone relying on case request.method to automatically work with HEAD and map.resources will also allow HEADs to all GET actions. Rails automatically throws away the response content in a reply to HEAD, so you don't even need to worry about that. If you, for whatever reason, still need to distinguish between GET and HEAD in some edge case, you can use Request#head? and even Request.headers["REQUEST_METHOD"] for get the "real" answer. Closes #6694 [David Heinemeier Hansson] * Update Routing to complain when :controller is not specified by a route. Closes #6669. [Nicholas Seckar] @@ -1403,13 +1521,13 @@ superclass' view_paths. [Rick] * Update to latest Prototype, which doesn't serialize disabled form elements, adds clone() to arrays, empty/non-string Element.update() and adds a fixes excessive error reporting in WebKit beta versions [Thomas Fuchs] -* Deprecate start_form_tag and end_form_tag. Use form_tag / '</form>' from now on. [Rick] +* Deprecate start_form_tag and end_form_tag. Use form_tag / '</form>' from now on. [Rick Olson] -* Added block-usage to PrototypeHelper#form_remote_tag, document block-usage of FormTagHelper#form_tag [Rick] +* Added block-usage to PrototypeHelper#form_remote_tag, document block-usage of FormTagHelper#form_tag [Rick Olson] -* Add a 0 margin/padding div around the hidden _method input tag that form_tag outputs. [Rick] +* Add a 0 margin/padding div around the hidden _method input tag that form_tag outputs. [Rick Olson] -* Added block-usage to TagHelper#content_tag [DHH]. Example: +* Added block-usage to TagHelper#content_tag [David Heinemeier Hansson]. Example: <% content_tag :div, :class => "strong" %> Hello world! @@ -1418,13 +1536,13 @@ superclass' view_paths. [Rick] Will output: <div class="strong">Hello world!</div> -* Deprecated UrlHelper#link_to_image and UrlHelper#link_to :post => true #6409 [BobSilva] +* Deprecated UrlHelper#link_to_image and UrlHelper#link_to :post => true #6409 [Bob Silva] -* Upgraded NumberHelper with number_to_phone support international formats to comply with ITU E.123 by supporting area codes with less than 3 digits, added precision argument to number_to_human_size (defaults to 1) #6421 [BobSilva] +* Upgraded NumberHelper with number_to_phone support international formats to comply with ITU E.123 by supporting area codes with less than 3 digits, added precision argument to number_to_human_size (defaults to 1) #6421 [Bob Silva] -* Fixed that setting RAILS_ASSET_ID to "" should not add a trailing slash after assets #6454 [BobSilva/chrismear] +* Fixed that setting RAILS_ASSET_ID to "" should not add a trailing slash after assets #6454 [Bob Silva/chrismear] -* Force *_url named routes to show the host in ActionView [Rick] +* Force *_url named routes to show the host in ActionView [Rick Olson] <%= url_for ... %> # no host <%= foo_path %> # no host @@ -1434,9 +1552,9 @@ superclass' view_paths. [Rick] * Add JavaScriptGenerator#literal for wrapping a string in an object whose #to_json is the string itself. [Sam Stephenson] -* Add <%= escape_once html %> to escape html while leaving any currently escaped entities alone. Fix button_to double-escaping issue. [Rick] +* Add <%= escape_once html %> to escape html while leaving any currently escaped entities alone. Fix button_to double-escaping issue. [Rick Olson] -* Fix double-escaped entities, such as &amp;amp;, &amp;#123;, etc. [Rick] +* Fix double-escaped entities, such as &amp;amp;, &amp;#123;, etc. [Rick Olson] * Fix deprecation warnings when rendering the template error template. [Nicholas Seckar] @@ -1462,7 +1580,7 @@ superclass' view_paths. [Rick] * Rename test assertion to prevent shadowing. Closes #6306. [psross] -* Fixed that NumberHelper#number_to_delimiter should respect precision of higher than two digits #6231 [phallstrom] +* Fixed that NumberHelper#number_to_delimiter should respect precision of higher than two digits #6231 [Philip Hallstrom] * Fixed that FormHelper#radio_button didn't respect an :id being passed in #6266 [evansj] @@ -1476,7 +1594,7 @@ superclass' view_paths. [Rick] Which is needed for dealing with the IE6 DOM when it's not yet fully loaded. -* Fixed that rescue template path shouldn't be hardcoded, then it's easier to hook in your own #6295 [mnaberez] +* Fixed that rescue template path shouldn't be hardcoded, then it's easier to hook in your own #6295 [Mike Naberezny] * Fixed escaping of backslashes in JavaScriptHelper#escape_javascript #6302 [sven@c3d2.de] @@ -1517,7 +1635,7 @@ superclass' view_paths. [Rick] * Rescue Errno::ECONNRESET to handle an unexpectedly closed socket connection. Improves SCGI reliability. #3368, #6226 [sdsykes, fhanshaw@vesaria.com] -* Added that respond_to blocks will automatically set the content type to be the same as is requested [DHH]. Examples: +* Added that respond_to blocks will automatically set the content type to be the same as is requested [David Heinemeier Hansson]. Examples: respond_to do |format| format.html { render :text => "I'm being sent as text/html" } @@ -1525,9 +1643,9 @@ superclass' view_paths. [Rick] format.atom { render :text => "I'm being sent as application/xml", :content_type => Mime::XML } end -* Added utf-8 as the default charset for all renders. You can change this default using ActionController::Base.default_charset=(encoding) [DHH] +* Added utf-8 as the default charset for all renders. You can change this default using ActionController::Base.default_charset=(encoding) [David Heinemeier Hansson] -* Added proper getters and setters for content type and charset [DHH]. Example of what we used to do: +* Added proper getters and setters for content type and charset [David Heinemeier Hansson]. Example of what we used to do: response.headers["Content-Type"] = "application/atom+xml; charset=utf-8" @@ -1562,7 +1680,7 @@ superclass' view_paths. [Rick] * Load helpers in alphabetical order for consistency. Resolve cyclic javascript_helper dependency. #6132, #6178 [choonkeat@gmail.com] -* Skip params with empty names, such as the &=Save query string from <input type="submit"/>. #2569 [manfred, raphinou@yahoo.com] +* Skip params with empty names, such as the &=Save query string from <input type="submit"/>. #2569 [Manfred Stienstra, raphinou@yahoo.com] * Fix assert_tag so that :content => "foo" does not match substrings, but only exact strings. Use :content => /foo/ to match substrings. #2799 [Eric Hodel] @@ -1572,7 +1690,7 @@ superclass' view_paths. [Rick] * Update UrlWriter to support :only_path. [Nicholas Seckar, Dave Thomas] -* Fixed JavaScriptHelper#link_to_function and JavaScriptHelper#button_to_function to have the script argument be optional [DHH]. So what used to require a nil, like this: +* Fixed JavaScriptHelper#link_to_function and JavaScriptHelper#button_to_function to have the script argument be optional [David Heinemeier Hansson]. So what used to require a nil, like this: link_to("Hider", nil, :class => "hider_link") { |p| p[:something].hide } @@ -1593,7 +1711,7 @@ superclass' view_paths. [Rick] * Fixed that AssetTagHelper#image_tag and others using compute_public_path should not modify the incoming source argument (closes #5102) [eule@space.ch] -* Deprecated the auto-appending of .png to AssetTagHelper#image_tag calls that doesn't have an extension [DHH] +* Deprecated the auto-appending of .png to AssetTagHelper#image_tag calls that doesn't have an extension [David Heinemeier Hansson] * Fixed FormOptionsHelper#select to respect :selected value #5813 @@ -1603,16 +1721,16 @@ superclass' view_paths. [Rick] * Improved resolution of DateHelper#distance_of_time_in_words for better precision #5994 [Bob Silva] -* Changed that uncaught exceptions raised any where in the application will cause RAILS_ROOT/public/500.html to be read and shown instead of just the static "Application error (Rails)" [DHH] +* Changed that uncaught exceptions raised any where in the application will cause RAILS_ROOT/public/500.html to be read and shown instead of just the static "Application error (Rails)" [David Heinemeier Hansson] * Integration tests: thoroughly test ActionController::Integration::Session. #6022 [Kevin Clark] (tests skipped unless you `gem install mocha`) -* Added deprecation language for pagination which will become a plugin by Rails 2.0 [DHH] +* Added deprecation language for pagination which will become a plugin by Rails 2.0 [David Heinemeier Hansson] -* Added deprecation language for in_place_editor and auto_complete_field that both pieces will become plugins by Rails 2.0 [DHH] +* Added deprecation language for in_place_editor and auto_complete_field that both pieces will become plugins by Rails 2.0 [David Heinemeier Hansson] -* Deprecated all of ActionController::Dependencies. All dependency loading is now handled from Active Support [DHH] +* Deprecated all of ActionController::Dependencies. All dependency loading is now handled from Active Support [David Heinemeier Hansson] * Added assert_select* for CSS selector-based testing (deprecates assert_tag) #5936 [assaf.arkin@gmail.com] @@ -1630,7 +1748,7 @@ superclass' view_paths. [Rick] * Add routing tests to assert that RoutingError is raised when conditions aren't met. Closes #6016 [Nathan Witmer] -* Deprecation: update docs. #5998 [jakob@mentalized.net, Kevin Clark] +* Deprecation: update docs. #5998 [Jakob Skjerning, Kevin Clark] * Make auto_link parse a greater subset of valid url formats. [Jamis Buck] @@ -1640,15 +1758,15 @@ superclass' view_paths. [Rick] * Fix send_data documentation typo. #5982 [brad@madriska.com] -* Switch to using FormEncodedPairParser for parsing request parameters. [Nicholas Seckar, DHH] +* Switch to using FormEncodedPairParser for parsing request parameters. [Nicholas Seckar, David Heinemeier Hansson] -* respond_to .html now always renders #{action_name}.rhtml so that registered custom template handlers do not override it in priority. Custom mime types require a block and throw proper error now. [Tobias Luetke] +* respond_to .html now always renders #{action_name}.rhtml so that registered custom template handlers do not override it in priority. Custom mime types require a block and throw proper error now. [Tobias Lütke] * Deprecation: test deprecated instance vars in partials. [Jeremy Kemper] * Add UrlWriter to allow writing urls from Mailers and scripts. [Nicholas Seckar] -* Clean up and run the Active Record integration tests by default. #5854 [kevin.clark@gmail.com, Jeremy Kemper] +* Clean up and run the Active Record integration tests by default. #5854 [Kevin Clark, Jeremy Kemper] * Correct example in cookies docs. #5832 [jessemerriman@warpmail.net] @@ -1676,7 +1794,7 @@ superclass' view_paths. [Rick] * Deprecation! @params, @session, @flash will be removed after 1.2. Use the corresponding instance methods instead. You'll get printed warnings during tests and logged warnings in dev mode when you access either instance variable directly. [Jeremy Kemper] -* Make Routing noisy when an anchor regexp is assigned to a segment. #5674 [francois.beausoleil@gmail.com] +* Make Routing noisy when an anchor regexp is assigned to a segment. #5674 [François Beausoleil] * Added months and years to the resolution of DateHelper#distance_of_time_in_words, such that "60 days ago" becomes "2 months ago" #5611 [pjhyett@gmail.com] @@ -1696,7 +1814,7 @@ superclass' view_paths. [Rick] * Fixed the new_#{resource}_url route and added named route tests for Simply Restful. [Rick Olson] -* Added map.resources from the Simply Restful plugin [DHH]. Examples (the API has changed to use plurals!): +* Added map.resources from the Simply Restful plugin [David Heinemeier Hansson]. Examples (the API has changed to use plurals!): map.resources :messages map.resources :messages, :comments @@ -1704,13 +1822,13 @@ superclass' view_paths. [Rick] * Fixed that integration simulation of XHRs should set Accept header as well [Edward Frederick] -* TestRequest#reset_session should restore a TestSession, not a hash [Koz] +* TestRequest#reset_session should restore a TestSession, not a hash [Michael Koziarski] * Don't search a load-path of '.' for controller files [Jamis Buck] * Update integration.rb to require test_process explicitly instead of via Dependencies. [Nicholas Seckar] -* Fixed that you can still access the flash after the flash has been reset in reset_session. Closes #5584 [lmarlow@yahoo.com] +* Fixed that you can still access the flash after the flash has been reset in reset_session. Closes #5584 [lmarlow] * Allow form_for and fields_for to work with indexed form inputs. [Jeremy Kemper, Matt Lyon] @@ -1719,13 +1837,13 @@ superclass' view_paths. [Rick] * Remove leak in development mode by replacing define_method with module_eval. [Nicholas Seckar] -* Provide support for decimal columns to form helpers. Closes #5672. [dave@pragprog.com] +* Provide support for decimal columns to form helpers. Closes #5672. [Dave Thomas] * Update documentation for erb trim syntax. #5651 [matt@mattmargolis.net] * Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info] -* Reset @html_document between requests so assert_tag works. #4810 [jarkko@jlaine.net, easleydp@gmail.com] +* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com] * Update render :partial documentation. #5646 [matt@mattmargolis.net] @@ -1735,21 +1853,21 @@ superclass' view_paths. [Rick] * Fixed that real files and symlinks should be treated the same when compiling templates #5438 [zachary@panandscan.com] -* Fixed that the flash should be reset when reset_session is called #5584 [shugo@ruby-lang.org] +* Fixed that the flash should be reset when reset_session is called #5584 [Shugo Maeda] * Added special case for "1 Byte" in NumberHelper#number_to_human_size #5593 [murpyh@rubychan.de] -* Fixed proper form-encoded parameter parsing for requests with "Content-Type: application/x-www-form-urlencoded; charset=utf-8" (note the presence of a charset directive) [DHH] +* Fixed proper form-encoded parameter parsing for requests with "Content-Type: application/x-www-form-urlencoded; charset=utf-8" (note the presence of a charset directive) [David Heinemeier Hansson] * Add route_name_path method to generate only the path for a named routes. For example, map.person will add person_path. [Nicholas Seckar] * Avoid naming collision among compiled view methods. [Jeremy Kemper] -* Fix CGI extensions when they expect string but get nil in Windows. Closes #5276 [mislav@nippur.irb.hr] +* Fix CGI extensions when they expect string but get nil in Windows. Closes #5276 [Mislav Marohnić] * Determine the correct template_root for deeply nested components. #2841 [s.brink@web.de] -* Fix that routes with *path segments in the recall can generate URLs. [Rick] +* Fix that routes with *path segments in the recall can generate URLs. [Rick Olson] * Fix strip_links so that it doesn't hang on multiline <acronym> tags [Jamis Buck] @@ -1767,11 +1885,11 @@ superclass' view_paths. [Rick] * Rewind readable CGI params so others may reread them (such as CGI::Session when passing the session id in a multipart form). #210 [mklame@atxeu.com, matthew@walker.wattle.id.au] -* Added Mime::TEXT (text/plain) and Mime::ICS (text/calendar) as new default types [DHH] +* Added Mime::TEXT (text/plain) and Mime::ICS (text/calendar) as new default types [David Heinemeier Hansson] -* Added Mime::Type.register(string, symbol, synonyms = []) for adding new custom mime types [DHH]. Example: Mime::Type.register("image/gif", :gif) +* Added Mime::Type.register(string, symbol, synonyms = []) for adding new custom mime types [David Heinemeier Hansson]. Example: Mime::Type.register("image/gif", :gif) -* Added support for Mime objects in render :content_type option [DHH]. Example: render :text => some_atom, :content_type => Mime::ATOM +* Added support for Mime objects in render :content_type option [David Heinemeier Hansson]. Example: render :text => some_atom, :content_type => Mime::ATOM * Add :status option to send_data and send_file. Defaults to '200 OK'. #5243 [Manfred Stienstra <m.stienstra@fngtps.com>] @@ -1785,7 +1903,7 @@ superclass' view_paths. [Rick] * Accept multipart PUT parameters. #5235 [guy.naor@famundo.com] -* Added interrogation of params[:format] to determine Accept type. If :format is specified and matches a declared extension, like "rss" or "xml", that mime type will be put in front of the accept handler. This means you can link to the same action from different extensions and use that fact to determine output [DHH]. Example: +* Added interrogation of params[:format] to determine Accept type. If :format is specified and matches a declared extension, like "rss" or "xml", that mime type will be put in front of the accept handler. This means you can link to the same action from different extensions and use that fact to determine output [David Heinemeier Hansson]. Example: class WeblogController < ActionController::Base def index @@ -1818,13 +1936,13 @@ superclass' view_paths. [Rick] All this relies on the fact that you have a route that includes .:format. -* Expanded :method option in FormTagHelper#form_tag, FormHelper#form_for, PrototypeHelper#remote_form_for, PrototypeHelper#remote_form_tag, and PrototypeHelper#link_to_remote to allow for verbs other than GET and POST by automatically creating a hidden form field named _method, which will simulate the other verbs over post [DHH] +* Expanded :method option in FormTagHelper#form_tag, FormHelper#form_for, PrototypeHelper#remote_form_for, PrototypeHelper#remote_form_tag, and PrototypeHelper#link_to_remote to allow for verbs other than GET and POST by automatically creating a hidden form field named _method, which will simulate the other verbs over post [David Heinemeier Hansson] -* Added :method option to UrlHelper#link_to, which allows for using other verbs than GET for the link. This replaces the :post option, which is now deprecated. Example: link_to "Destroy", person_url(:id => person), :method => :delete [DHH] +* Added :method option to UrlHelper#link_to, which allows for using other verbs than GET for the link. This replaces the :post option, which is now deprecated. Example: link_to "Destroy", person_url(:id => person), :method => :delete [David Heinemeier Hansson] * follow_redirect doesn't complain about being redirected to the same controller. #5153 [dymo@mk.ukrtelecom.ua] -* Add layout attribute to response object with the name of the layout that was rendered, or nil if none rendered. [Kevin Clark kevin.clark@gmail.com] +* Add layout attribute to response object with the name of the layout that was rendered, or nil if none rendered. [Kevin Clark] * Fix NoMethodError when parsing params like &&. [Adam Greenfield] @@ -1834,7 +1952,7 @@ superclass' view_paths. [Rick] * Excise ingrown code from FormOptionsHelper#options_for_select. #5008 [anonymous] -* Small fix in routing to allow dynamic routes (broken after [4242]) [Rick] +* Small fix in routing to allow dynamic routes (broken after [4242]) [Rick Olson] map.connect '*path', :controller => 'files', :action => 'show' @@ -1846,7 +1964,7 @@ superclass' view_paths. [Rick] * Documentation fix: integration test scripts don't require integration_test. Closes #4914. [Frederick Ros <sl33p3r@free.fr>] -* ActionController::Base Summary documentation rewrite. Closes #4900. [kevin.clark@gmail.com] +* ActionController::Base Summary documentation rewrite. Closes #4900. [Kevin Clark] * Fix text_helper.rb documentation rendering. Closes #4725. [Frederick Ros] @@ -1858,9 +1976,9 @@ superclass' view_paths. [Rick] * Enhance documentation for setting headers in integration tests. Skip auto HTTP prepending when its already there. Closes #4079. [Rick Olson] -* Documentation for AbstractRequest. Closes #4895. [kevin.clark@gmail.com] +* Documentation for AbstractRequest. Closes #4895. [Kevin Clark] -* Refactor various InstanceTag instance method to class methods. Closes #4800. [skaes@web.de] +* Refactor various InstanceTag instance method to class methods. Closes #4800. [Stefan Kaes] * Remove all remaining references to @params in the documentation. [Marcel Molina Jr.] @@ -1868,25 +1986,25 @@ superclass' view_paths. [Rick] * Update layout and content_for documentation to use yield rather than magic @content_for instance variables. [Marcel Molina Jr.] -* Fix assert_redirected_to tests according to real-world usage. Also, don't fail if you add an extra :controller option: [Rick] +* Fix assert_redirected_to tests according to real-world usage. Also, don't fail if you add an extra :controller option: [Rick Olson] redirect_to :action => 'new' assert_redirected_to :controller => 'monkeys', :action => 'new' -* Cache CgiRequest#request_parameters so that multiple calls don't re-parse multipart data. [Rick] +* Cache CgiRequest#request_parameters so that multiple calls don't re-parse multipart data. [Rick Olson] -* Diff compared routing options. Allow #assert_recognizes to take a second arg as a hash to specify optional request method [Rick] +* Diff compared routing options. Allow #assert_recognizes to take a second arg as a hash to specify optional request method [Rick Olson] assert_recognizes({:controller => 'users', :action => 'index'}, 'users') assert_recognizes({:controller => 'users', :action => 'create'}, {:path => 'users', :method => :post}) -* Diff compared options with #assert_redirected_to [Rick] +* Diff compared options with #assert_redirected_to [Rick Olson] * Add support in routes for semicolon delimited "subpaths", like /books/:id;:action [Jamis Buck] * Change link_to_function and button_to_function to (optionally) take an update_page block instead of a JavaScript string. Closes #4804. [zraii@comcast.net, Sam Stephenson] -* Fixed that remote_form_for can leave out the object parameter and default to the instance variable of the object_name, just like form_for [DHH] +* Fixed that remote_form_for can leave out the object parameter and default to the instance variable of the object_name, just like form_for [David Heinemeier Hansson] * Modify routing so that you can say :require => { :method => :post } for a route, and the route will never be selected unless the request method is POST. Only works for route recognition, not for route generation. [Jamis Buck] @@ -1902,14 +2020,14 @@ superclass' view_paths. [Rick] * Apply [5709] to stable. -* session_enabled? works with session :off. #6680 [Catfish] +* session_enabled? works with session :off. #6680 [Jonathan del Strother] * Performance: patch cgi/session to require digest/md5 once rather than per #create_new_id. [Stefan Kaes] *1.13.2* (February 5th, 2007) -* Add much-needed html-scanner tests. Fixed CDATA parsing bug. [Rick] +* Add much-needed html-scanner tests. Fixed CDATA parsing bug. [Rick Olson] * improve error message for Routing for named routes. [Rob Sanheim] @@ -1931,7 +2049,7 @@ superclass' view_paths. [Rick] * Make TextHelper::auto_link recognize URLs with colons in path correctly, fixes #7268. [imajes] -* Improved auto_link to match more valid urls correctly [Tobias Luetke] +* Improved auto_link to match more valid urls correctly [Tobias Lütke] *1.13.1* (January 18th, 2007) @@ -1947,11 +2065,11 @@ superclass' view_paths. [Rick] * Update to Prototype 1.5.0. [Sam Stephenson] -* Allow exempt_from_layout :rhtml. #6742, #7026 [dcmanges, Squeegy] +* Allow exempt_from_layout :rhtml. #6742, #7026 [Dan Manges, Squeegy] * Fix parsing of array[] CGI parameters so extra empty values aren't included. #6252 [Nicholas Seckar, aiwilliams, brentrowland] -* link_to_unless_current works with full URLs as well as paths. #6891 [Jarkko Laine, manfred, idrifter] +* link_to_unless_current works with full URLs as well as paths. #6891 [Jarkko Laine, Manfred Stienstra, idrifter] * Fix HTML::Node to output double quotes instead of single quotes. Closes #6845 [mitreandy] @@ -1993,7 +2111,7 @@ superclass' view_paths. [Rick] * Add :index and @auto_index capability to model driven date/time selects. #847, #2655 [moriq, Doug Fales, Bob Silva] -* Add :order to datetime_select, select_datetime, and select_date. #1427 [Timothee Peignier, patrick@lenz.sh, Bob Silva] +* Add :order to datetime_select, select_datetime, and select_date. #1427 [Timothee Peignier, Patrick Lenz, Bob Silva] * Added time_select to work with time values in models. Update scaffolding. #2489, #2833 [Justin Palmer, Andre Caum, Bob Silva] @@ -2005,9 +2123,9 @@ superclass' view_paths. [Rick] * @response.redirect_url works with 201 Created responses: just return headers['Location'] rather than checking the response status. [Jeremy Kemper] -* Fixed that HEAD should return the proper Content-Length header (that is, actually use @body.size, not just 0) [DHH] +* Fixed that HEAD should return the proper Content-Length header (that is, actually use @body.size, not just 0) [David Heinemeier Hansson] -* Added GET-masquarading for HEAD, so request.method will return :get even for HEADs. This will help anyone relying on case request.method to automatically work with HEAD and map.resources will also allow HEADs to all GET actions. Rails automatically throws away the response content in a reply to HEAD, so you don't even need to worry about that. If you, for whatever reason, still need to distinguish between GET and HEAD in some edge case, you can use Request#head? and even Request.headers["REQUEST_METHOD"] for get the "real" answer. Closes #6694 [DHH] +* Added GET-masquarading for HEAD, so request.method will return :get even for HEADs. This will help anyone relying on case request.method to automatically work with HEAD and map.resources will also allow HEADs to all GET actions. Rails automatically throws away the response content in a reply to HEAD, so you don't even need to worry about that. If you, for whatever reason, still need to distinguish between GET and HEAD in some edge case, you can use Request#head? and even Request.headers["REQUEST_METHOD"] for get the "real" answer. Closes #6694 [David Heinemeier Hansson] *1.13.0 RC1* (r5619, November 22nd, 2006) @@ -2047,13 +2165,13 @@ superclass' view_paths. [Rick] * Deprecate expire_matched_fragments. Use expire_fragment instead. #6535 [Bob Silva] -* Deprecate start_form_tag and end_form_tag. Use form_tag / '</form>' from now on. [Rick] +* Deprecate start_form_tag and end_form_tag. Use form_tag / '</form>' from now on. [Rick Olson] -* Added block-usage to PrototypeHelper#form_remote_tag, document block-usage of FormTagHelper#form_tag [Rick] +* Added block-usage to PrototypeHelper#form_remote_tag, document block-usage of FormTagHelper#form_tag [Rick Olson] -* Add a 0 margin/padding div around the hidden _method input tag that form_tag outputs. [Rick] +* Add a 0 margin/padding div around the hidden _method input tag that form_tag outputs. [Rick Olson] -* Added block-usage to TagHelper#content_tag [DHH]. Example: +* Added block-usage to TagHelper#content_tag [David Heinemeier Hansson]. Example: <% content_tag :div, :class => "strong" %> Hello world! @@ -2062,13 +2180,13 @@ superclass' view_paths. [Rick] Will output: <div class="strong">Hello world!</div> -* Deprecated UrlHelper#link_to_image and UrlHelper#link_to :post => true #6409 [BobSilva] +* Deprecated UrlHelper#link_to_image and UrlHelper#link_to :post => true #6409 [Bob Silva] -* Upgraded NumberHelper with number_to_phone support international formats to comply with ITU E.123 by supporting area codes with less than 3 digits, added precision argument to number_to_human_size (defaults to 1) #6421 [BobSilva] +* Upgraded NumberHelper with number_to_phone support international formats to comply with ITU E.123 by supporting area codes with less than 3 digits, added precision argument to number_to_human_size (defaults to 1) #6421 [Bob Silva] -* Fixed that setting RAILS_ASSET_ID to "" should not add a trailing slash after assets #6454 [BobSilva/chrismear] +* Fixed that setting RAILS_ASSET_ID to "" should not add a trailing slash after assets #6454 [Bob Silva/chrismear] -* Force *_url named routes to show the host in ActionView [Rick] +* Force *_url named routes to show the host in ActionView [Rick Olson] <%= url_for ... %> # no host <%= foo_path %> # no host @@ -2078,9 +2196,9 @@ superclass' view_paths. [Rick] * Add JavaScriptGenerator#literal for wrapping a string in an object whose #to_json is the string itself. [Sam Stephenson] -* Add <%= escape_once html %> to escape html while leaving any currently escaped entities alone. Fix button_to double-escaping issue. [Rick] +* Add <%= escape_once html %> to escape html while leaving any currently escaped entities alone. Fix button_to double-escaping issue. [Rick Olson] -* Fix double-escaped entities, such as &amp;amp;, &amp;#123;, etc. [Rick] +* Fix double-escaped entities, such as &amp;amp;, &amp;#123;, etc. [Rick Olson] * Fix routing to correctly determine when generation fails. Closes #6300. [psross]. @@ -2100,7 +2218,7 @@ superclass' view_paths. [Rick] * Rename test assertion to prevent shadowing. Closes #6306. [psross] -* Fixed that NumberHelper#number_to_delimiter should respect precision of higher than two digits #6231 [phallstrom] +* Fixed that NumberHelper#number_to_delimiter should respect precision of higher than two digits #6231 [Philip Hallstrom] * Fixed that FormHelper#radio_button didn't respect an :id being passed in #6266 [evansj] @@ -2114,7 +2232,7 @@ superclass' view_paths. [Rick] Which is needed for dealing with the IE6 DOM when it's not yet fully loaded. -* Fixed that rescue template path shouldn't be hardcoded, then it's easier to hook in your own #6295 [mnaberez] +* Fixed that rescue template path shouldn't be hardcoded, then it's easier to hook in your own #6295 [Mike Naberezny] * Fixed escaping of backslashes in JavaScriptHelper#escape_javascript #6302 [sven@c3d2.de] @@ -2153,7 +2271,7 @@ superclass' view_paths. [Rick] * Rescue Errno::ECONNRESET to handle an unexpectedly closed socket connection. Improves SCGI reliability. #3368, #6226 [sdsykes, fhanshaw@vesaria.com] -* Added that respond_to blocks will automatically set the content type to be the same as is requested [DHH]. Examples: +* Added that respond_to blocks will automatically set the content type to be the same as is requested [David Heinemeier Hansson]. Examples: respond_to do |format| format.html { render :text => "I'm being sent as text/html" } @@ -2161,9 +2279,9 @@ superclass' view_paths. [Rick] format.atom { render :text => "I'm being sent as application/xml", :content_type => Mime::XML } end -* Added utf-8 as the default charset for all renders. You can change this default using ActionController::Base.default_charset=(encoding) [DHH] +* Added utf-8 as the default charset for all renders. You can change this default using ActionController::Base.default_charset=(encoding) [David Heinemeier Hansson] -* Added proper getters and setters for content type and charset [DHH]. Example of what we used to do: +* Added proper getters and setters for content type and charset [David Heinemeier Hansson]. Example of what we used to do: response.headers["Content-Type"] = "application/atom+xml; charset=utf-8" @@ -2192,7 +2310,7 @@ superclass' view_paths. [Rick] * Load helpers in alphabetical order for consistency. Resolve cyclic javascript_helper dependency. #6132, #6178 [choonkeat@gmail.com] -* Skip params with empty names, such as the &=Save query string from <input type="submit"/>. #2569 [manfred, raphinou@yahoo.com] +* Skip params with empty names, such as the &=Save query string from <input type="submit"/>. #2569 [Manfred Stienstra, raphinou@yahoo.com] * Fix assert_tag so that :content => "foo" does not match substrings, but only exact strings. Use :content => /foo/ to match substrings. #2799 [Eric Hodel] @@ -2200,7 +2318,7 @@ superclass' view_paths. [Rick] * Update UrlWriter to support :only_path. [Nicholas Seckar, Dave Thomas] -* Fixed JavaScriptHelper#link_to_function and JavaScriptHelper#button_to_function to have the script argument be optional [DHH]. So what used to require a nil, like this: +* Fixed JavaScriptHelper#link_to_function and JavaScriptHelper#button_to_function to have the script argument be optional [David Heinemeier Hansson]. So what used to require a nil, like this: link_to("Hider", nil, :class => "hider_link") { |p| p[:something].hide } @@ -2217,7 +2335,7 @@ superclass' view_paths. [Rick] * Fixed that AssetTagHelper#image_tag and others using compute_public_path should not modify the incoming source argument (closes #5102) [eule@space.ch] -* Deprecated the auto-appending of .png to AssetTagHelper#image_tag calls that doesn't have an extension [DHH] +* Deprecated the auto-appending of .png to AssetTagHelper#image_tag calls that doesn't have an extension [David Heinemeier Hansson] * Fixed FormOptionsHelper#select to respect :selected value #5813 @@ -2227,13 +2345,13 @@ superclass' view_paths. [Rick] * Improved resolution of DateHelper#distance_of_time_in_words for better precision #5994 [Bob Silva] -* Changed that uncaught exceptions raised any where in the application will cause RAILS_ROOT/public/500.html to be read and shown instead of just the static "Application error (Rails)" [DHH] +* Changed that uncaught exceptions raised any where in the application will cause RAILS_ROOT/public/500.html to be read and shown instead of just the static "Application error (Rails)" [David Heinemeier Hansson] -* Added deprecation language for pagination which will become a plugin by Rails 2.0 [DHH] +* Added deprecation language for pagination which will become a plugin by Rails 2.0 [David Heinemeier Hansson] -* Added deprecation language for in_place_editor and auto_complete_field that both pieces will become plugins by Rails 2.0 [DHH] +* Added deprecation language for in_place_editor and auto_complete_field that both pieces will become plugins by Rails 2.0 [David Heinemeier Hansson] -* Deprecated all of ActionController::Dependencies. All dependency loading is now handled from Active Support [DHH] +* Deprecated all of ActionController::Dependencies. All dependency loading is now handled from Active Support [David Heinemeier Hansson] * Added assert_select* for CSS selector-based testing (deprecates assert_tag) #5936 [assaf.arkin@gmail.com] @@ -2253,9 +2371,9 @@ superclass' view_paths. [Rick] * Integration tests: headers beginning with X aren't excluded from the HTTP_ prefix, so X-Requested-With becomes HTTP_X_REQUESTED_WITH as expected. [Mike Clark] -* Switch to using FormEncodedPairParser for parsing request parameters. [Nicholas Seckar, DHH] +* Switch to using FormEncodedPairParser for parsing request parameters. [Nicholas Seckar, David Heinemeier Hansson] -* respond_to .html now always renders #{action_name}.rhtml so that registered custom template handlers do not override it in priority. Custom mime types require a block and throw proper error now. [Tobias Luetke] +* respond_to .html now always renders #{action_name}.rhtml so that registered custom template handlers do not override it in priority. Custom mime types require a block and throw proper error now. [Tobias Lütke] * Deprecation: test deprecated instance vars in partials. [Jeremy Kemper] @@ -2281,7 +2399,7 @@ superclass' view_paths. [Rick] * Deprecation! @params, @session, @flash will be removed after 1.2. Use the corresponding instance methods instead. You'll get printed warnings during tests and logged warnings in dev mode when you access either instance variable directly. [Jeremy Kemper] -* Make Routing noisy when an anchor regexp is assigned to a segment. #5674 [francois.beausoleil@gmail.com] +* Make Routing noisy when an anchor regexp is assigned to a segment. #5674 [François Beausoleil] * Added months and years to the resolution of DateHelper#distance_of_time_in_words, such that "60 days ago" becomes "2 months ago" #5611 [pjhyett@gmail.com] @@ -2295,7 +2413,7 @@ superclass' view_paths. [Rick] * Fixed the new_#{resource}_url route and added named route tests for Simply Restful. [Rick Olson] -* Added map.resources from the Simply Restful plugin [DHH]. Examples (the API has changed to use plurals!): +* Added map.resources from the Simply Restful plugin [David Heinemeier Hansson]. Examples (the API has changed to use plurals!): map.resources :messages map.resources :messages, :comments @@ -2303,13 +2421,13 @@ superclass' view_paths. [Rick] * Fixed that integration simulation of XHRs should set Accept header as well [Edward Frederick] -* TestRequest#reset_session should restore a TestSession, not a hash [Koz] +* TestRequest#reset_session should restore a TestSession, not a hash [Michael Koziarski] * Don't search a load-path of '.' for controller files [Jamis Buck] * Update integration.rb to require test_process explicitly instead of via Dependencies. [Nicholas Seckar] -* Fixed that you can still access the flash after the flash has been reset in reset_session. Closes #5584 [lmarlow@yahoo.com] +* Fixed that you can still access the flash after the flash has been reset in reset_session. Closes #5584 [lmarlow] * Allow form_for and fields_for to work with indexed form inputs. [Jeremy Kemper, Matt Lyon] @@ -2318,11 +2436,11 @@ superclass' view_paths. [Rick] * Remove leak in development mode by replacing define_method with module_eval. [Nicholas Seckar] -* Provide support for decimal columns to form helpers. Closes #5672. [dave@pragprog.com] +* Provide support for decimal columns to form helpers. Closes #5672. [Dave Thomas] * Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info] -* Reset @html_document between requests so assert_tag works. #4810 [jarkko@jlaine.net, easleydp@gmail.com] +* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com] * Integration tests behave well with render_component. #4632 [edward.frederick@revolution.com, dev.rubyonrails@maxdunn.com] @@ -2330,21 +2448,21 @@ superclass' view_paths. [Rick] * Fixed that real files and symlinks should be treated the same when compiling templates #5438 [zachary@panandscan.com] -* Fixed that the flash should be reset when reset_session is called #5584 [shugo@ruby-lang.org] +* Fixed that the flash should be reset when reset_session is called #5584 [Shugo Maeda] * Added special case for "1 Byte" in NumberHelper#number_to_human_size #5593 [murpyh@rubychan.de] -* Fixed proper form-encoded parameter parsing for requests with "Content-Type: application/x-www-form-urlencoded; charset=utf-8" (note the presence of a charset directive) [DHH] +* Fixed proper form-encoded parameter parsing for requests with "Content-Type: application/x-www-form-urlencoded; charset=utf-8" (note the presence of a charset directive) [David Heinemeier Hansson] * Add route_name_path method to generate only the path for a named routes. For example, map.person will add person_path. [Nicholas Seckar] * Avoid naming collision among compiled view methods. [Jeremy Kemper] -* Fix CGI extensions when they expect string but get nil in Windows. Closes #5276 [mislav@nippur.irb.hr] +* Fix CGI extensions when they expect string but get nil in Windows. Closes #5276 [Mislav Marohnić] * Determine the correct template_root for deeply nested components. #2841 [s.brink@web.de] -* Fix that routes with *path segments in the recall can generate URLs. [Rick] +* Fix that routes with *path segments in the recall can generate URLs. [Rick Olson] * Fix strip_links so that it doesn't hang on multiline <acronym> tags [Jamis Buck] @@ -2360,11 +2478,11 @@ superclass' view_paths. [Rick] * Rewind readable CGI params so others may reread them (such as CGI::Session when passing the session id in a multipart form). #210 [mklame@atxeu.com, matthew@walker.wattle.id.au] -* Added Mime::TEXT (text/plain) and Mime::ICS (text/calendar) as new default types [DHH] +* Added Mime::TEXT (text/plain) and Mime::ICS (text/calendar) as new default types [David Heinemeier Hansson] -* Added Mime::Type.register(string, symbol, synonyms = []) for adding new custom mime types [DHH]. Example: Mime::Type.register("image/gif", :gif) +* Added Mime::Type.register(string, symbol, synonyms = []) for adding new custom mime types [David Heinemeier Hansson]. Example: Mime::Type.register("image/gif", :gif) -* Added support for Mime objects in render :content_type option [DHH]. Example: render :text => some_atom, :content_type => Mime::ATOM +* Added support for Mime objects in render :content_type option [David Heinemeier Hansson]. Example: render :text => some_atom, :content_type => Mime::ATOM * Add :status option to send_data and send_file. Defaults to '200 OK'. #5243 [Manfred Stienstra <m.stienstra@fngtps.com>] @@ -2378,7 +2496,7 @@ superclass' view_paths. [Rick] * Accept multipart PUT parameters. #5235 [guy.naor@famundo.com] -* Added interrogation of params[:format] to determine Accept type. If :format is specified and matches a declared extension, like "rss" or "xml", that mime type will be put in front of the accept handler. This means you can link to the same action from different extensions and use that fact to determine output [DHH]. Example: +* Added interrogation of params[:format] to determine Accept type. If :format is specified and matches a declared extension, like "rss" or "xml", that mime type will be put in front of the accept handler. This means you can link to the same action from different extensions and use that fact to determine output [David Heinemeier Hansson]. Example: class WeblogController < ActionController::Base def index @@ -2411,13 +2529,13 @@ superclass' view_paths. [Rick] All this relies on the fact that you have a route that includes .:format. -* Expanded :method option in FormTagHelper#form_tag, FormHelper#form_for, PrototypeHelper#remote_form_for, PrototypeHelper#remote_form_tag, and PrototypeHelper#link_to_remote to allow for verbs other than GET and POST by automatically creating a hidden form field named _method, which will simulate the other verbs over post [DHH] +* Expanded :method option in FormTagHelper#form_tag, FormHelper#form_for, PrototypeHelper#remote_form_for, PrototypeHelper#remote_form_tag, and PrototypeHelper#link_to_remote to allow for verbs other than GET and POST by automatically creating a hidden form field named _method, which will simulate the other verbs over post [David Heinemeier Hansson] -* Added :method option to UrlHelper#link_to, which allows for using other verbs than GET for the link. This replaces the :post option, which is now deprecated. Example: link_to "Destroy", person_url(:id => person), :method => :delete [DHH] +* Added :method option to UrlHelper#link_to, which allows for using other verbs than GET for the link. This replaces the :post option, which is now deprecated. Example: link_to "Destroy", person_url(:id => person), :method => :delete [David Heinemeier Hansson] * follow_redirect doesn't complain about being redirected to the same controller. #5153 [dymo@mk.ukrtelecom.ua] -* Add layout attribute to response object with the name of the layout that was rendered, or nil if none rendered. [Kevin Clark kevin.clark@gmail.com] +* Add layout attribute to response object with the name of the layout that was rendered, or nil if none rendered. [Kevin Clark] * Fix NoMethodError when parsing params like &&. [Adam Greenfield] @@ -2425,7 +2543,7 @@ superclass' view_paths. [Rick] * Excise ingrown code from FormOptionsHelper#options_for_select. #5008 [anonymous] -* Small fix in routing to allow dynamic routes (broken after [4242]) [Rick] +* Small fix in routing to allow dynamic routes (broken after [4242]) [Rick Olson] map.connect '*path', :controller => 'files', :action => 'show' @@ -2435,17 +2553,17 @@ superclass' view_paths. [Rick] error_messages_for :account, :user, :subscription, :object_name => :account -* Fix assert_redirected_to tests according to real-world usage. Also, don't fail if you add an extra :controller option: [Rick] +* Fix assert_redirected_to tests according to real-world usage. Also, don't fail if you add an extra :controller option: [Rick Olson] redirect_to :action => 'new' assert_redirected_to :controller => 'monkeys', :action => 'new' -* Diff compared routing options. Allow #assert_recognizes to take a second arg as a hash to specify optional request method [Rick] +* Diff compared routing options. Allow #assert_recognizes to take a second arg as a hash to specify optional request method [Rick Olson] assert_recognizes({:controller => 'users', :action => 'index'}, 'users') assert_recognizes({:controller => 'users', :action => 'create'}, {:path => 'users', :method => :post}) -* Diff compared options with #assert_redirected_to [Rick] +* Diff compared options with #assert_redirected_to [Rick Olson] * Add support in routes for semicolon delimited "subpaths", like /books/:id;:action [Jamis Buck] @@ -2466,9 +2584,9 @@ superclass' view_paths. [Rick] *1.12.4* (August 8th, 2006) -* Cache CgiRequest#request_parameters so that multiple calls don't re-parse multipart data. [Rick] +* Cache CgiRequest#request_parameters so that multiple calls don't re-parse multipart data. [Rick Olson] -* Fixed that remote_form_for can leave out the object parameter and default to the instance variable of the object_name, just like form_for [DHH] +* Fixed that remote_form_for can leave out the object parameter and default to the instance variable of the object_name, just like form_for [David Heinemeier Hansson] * Added ActionController.filter_parameter_logging that makes it easy to remove passwords, credit card numbers, and other sensitive information from being logged when a request is handled. #1897 [jeremye@bsa.ca.gov] @@ -2509,7 +2627,7 @@ superclass' view_paths. [Rick] * Update the diagnostics template skip the useless '<controller not set>' text. [Nicholas Seckar] -* CHANGED DEFAULT: Don't parse YAML input by default, but keep it available as an easy option [DHH] +* CHANGED DEFAULT: Don't parse YAML input by default, but keep it available as an easy option [David Heinemeier Hansson] * Add additional autocompleter options [aballai, Thomas Fuchs] @@ -2517,7 +2635,7 @@ superclass' view_paths. [Rick] * Applied Prototype $() performance patches (#4465, #4477) and updated script.aculo.us [Sam Stephenson, Thomas Fuchs] -* Added automated timestamping to AssetTagHelper methods for stylesheets, javascripts, and images when Action Controller is run under Rails [DHH]. Example: +* Added automated timestamping to AssetTagHelper methods for stylesheets, javascripts, and images when Action Controller is run under Rails [David Heinemeier Hansson]. Example: image_tag("rails.png") # => '<img alt="Rails" src="/images/rails.png?1143664135" />' @@ -2551,9 +2669,9 @@ superclass' view_paths. [Rick] * Fix double url escaping of remote_function. Add :escape => false option to ActionView's url_for. [Nicholas Seckar] -* Add :script option to in_place_editor to support evalScripts (closes #4194) [codyfauser@gmail.com] +* Add :script option to in_place_editor to support evalScripts (closes #4194) [Cody Fauser] -* Fix mixed case enumerable methods in the JavaScript Collection Proxy (closes #4314) [codyfauser@gmail.com] +* Fix mixed case enumerable methods in the JavaScript Collection Proxy (closes #4314) [Cody Fauser] * Undo accidental escaping for mail_to; add regression test. [Nicholas Seckar] @@ -2588,9 +2706,9 @@ superclass' view_paths. [Rick] * XML-formatted requests are typecast according to "type" attributes for :xml_simple [Jamis Buck] -* Added protection against proxy setups treating requests as local even when they're not #3898 [stephen_purcell@yahoo.com] +* Added protection against proxy setups treating requests as local even when they're not #3898 [Steve Purcell] -* Added TestRequest#raw_post that simulate raw_post from CgiRequest #3042 [francois.beausoleil@gmail.com] +* Added TestRequest#raw_post that simulate raw_post from CgiRequest #3042 [François Beausoleil] * Underscore dasherized keys in formatted requests [Jamis Buck] @@ -2606,11 +2724,11 @@ superclass' view_paths. [Rick] * Added simple alert() notifications for RJS exceptions when config.action_view.debug_rjs = true. [Sam Stephenson] -* Added :content_type option to render, so you can change the content type on the fly [DHH]. Example: render :action => "atom.rxml", :content_type => "application/atom+xml" +* Added :content_type option to render, so you can change the content type on the fly [David Heinemeier Hansson]. Example: render :action => "atom.rxml", :content_type => "application/atom+xml" -* CHANGED DEFAULT: The default content type for .rxml is now application/xml instead of type/xml, see http://www.xml.com/pub/a/2004/07/21/dive.html for reason [DHH] +* CHANGED DEFAULT: The default content type for .rxml is now application/xml instead of type/xml, see http://www.xml.com/pub/a/2004/07/21/dive.html for reason [David Heinemeier Hansson] -* Added option to render action/template/file of a specific extension (and here by template type). This means you can have multiple templates with the same name but a different extension [DHH]. Example: +* Added option to render action/template/file of a specific extension (and here by template type). This means you can have multiple templates with the same name but a different extension [David Heinemeier Hansson]. Example: class WeblogController < ActionController::Base def index @@ -2624,7 +2742,7 @@ superclass' view_paths. [Rick] end end -* Added better support for using the same actions to output for different sources depending on the Accept header [DHH]. Example: +* Added better support for using the same actions to output for different sources depending on the Accept header [David Heinemeier Hansson]. Example: class WeblogController < ActionController::Base def create @@ -2641,9 +2759,9 @@ superclass' view_paths. [Rick] end end -* Added Base#render(:xml => xml) that works just like Base#render(:text => text), but sets the content-type to text/xml and the charset to UTF-8 [DHH] +* Added Base#render(:xml => xml) that works just like Base#render(:text => text), but sets the content-type to text/xml and the charset to UTF-8 [David Heinemeier Hansson] -* Integration test's url_for now runs in the context of the last request (if any) so after post /products/show/1 url_for :action => 'new' will yield /product/new [Tobias Luetke] +* Integration test's url_for now runs in the context of the last request (if any) so after post /products/show/1 url_for :action => 'new' will yield /product/new [Tobias Lütke] * Re-added mixed-in helper methods for the JavascriptGenerator. Moved JavascriptGenerators methods to a module that is mixed in after the helpers are added. Also fixed that variables set in the enumeration methods like #collect are set correctly. Documentation added for the enumeration methods [Rick Olson]. Examples: @@ -2663,7 +2781,7 @@ superclass' view_paths. [Rick] # Assign the default XmlSimple to a new content type ActionController::Base.param_parsers['application/backpack+xml'] = :xml_simple -Default YAML web services were retired, ActionController::Base.param_parsers carries an example which shows how to get this functionality back. As part of this new plugin support, request.[formatted_post?, xml_post?, yaml_post? and post_format] were all deprecated in favor of request.content_type [Tobias Luetke] +Default YAML web services were retired, ActionController::Base.param_parsers carries an example which shows how to get this functionality back. As part of this new plugin support, request.[formatted_post?, xml_post?, yaml_post? and post_format] were all deprecated in favor of request.content_type [Tobias Lütke] * Fixed Effect.Appear in effects.js to work with floats in Safari #3524, #3813, #3044 [Thomas Fuchs] @@ -2693,11 +2811,11 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added various InPlaceEditor options, #3746, #3891, #3896, #3906 [Bill Burcham, ruairi, sl33p3r] -* Added :count option to pagination that'll make it possible for the ActiveRecord::Base.count call to using something else than * for the count. Especially important for count queries using DISTINCT #3839 [skaes] +* Added :count option to pagination that'll make it possible for the ActiveRecord::Base.count call to using something else than * for the count. Especially important for count queries using DISTINCT #3839 [Stefan Kaes] * Update script.aculo.us to V1.5.2 [Thomas Fuchs] -* Added element and collection proxies to RJS [DHH]. Examples: +* Added element and collection proxies to RJS [David Heinemeier Hansson]. Examples: page['blank_slate'] # => $('blank_slate'); page['blank_slate'].show # => $('blank_slate').show(); @@ -2743,7 +2861,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Document the :xhr option for verifications. #3666 [leeo] -* Added :only and :except controls to skip_before/after_filter just like for when you add filters [DHH] +* Added :only and :except controls to skip_before/after_filter just like for when you add filters [David Heinemeier Hansson] * Ensure that the instance variables are copied to the template when performing render :update. [Nicholas Seckar] @@ -2765,13 +2883,13 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fix render(:update) to not render layouts. [Sam Stephenson] -* Fixed that SSL would not correctly be detected when running lighttpd/fcgi behind lighttpd w/mod_proxy #3548 [stephen_purcell@yahoo.com] +* Fixed that SSL would not correctly be detected when running lighttpd/fcgi behind lighttpd w/mod_proxy #3548 [Steve Purcell] * Added the possibility to specify atomatic expiration for the memcachd session container #3571 [Stefan Kaes] * Change layout discovery to take into account the change in semantics with File.join and nil arguments. [Marcel Molina Jr.] -* Raise a RedirectBackError if redirect_to :back is called when there's no HTTP_REFERER defined #3049 [kevin.clark@gmail.com] +* Raise a RedirectBackError if redirect_to :back is called when there's no HTTP_REFERER defined #3049 [Kevin Clark] * Treat timestamps like datetimes for scaffolding purposes #3388 [Maik Schmidt] @@ -2811,15 +2929,15 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Have the form builder output radio button, not check box, when calling the radio button helper. #3331 [LouisStAmour@gmail.com] -* Added assignment of the Autocompleter object created by JavaScriptMacroHelper#auto_complete_field to a local javascript variables [DHH] +* Added assignment of the Autocompleter object created by JavaScriptMacroHelper#auto_complete_field to a local javascript variables [David Heinemeier Hansson] -* Added :on option for PrototypeHelper#observe_field that allows you to specify a different callback hook to have the observer trigger on [DHH] +* Added :on option for PrototypeHelper#observe_field that allows you to specify a different callback hook to have the observer trigger on [David Heinemeier Hansson] -* Added JavaScriptHelper#button_to_function that works just like JavaScriptHelper#link_to_function but uses a button instead of a href [DHH] +* Added JavaScriptHelper#button_to_function that works just like JavaScriptHelper#link_to_function but uses a button instead of a href [David Heinemeier Hansson] -* Added that JavaScriptHelper#link_to_function will honor existing :onclick definitions when adding the function call [DHH] +* Added that JavaScriptHelper#link_to_function will honor existing :onclick definitions when adding the function call [David Heinemeier Hansson] -* Added :disable_with option to FormTagHelper#submit_tag to allow for easily disabled submit buttons with different text [DHH] +* Added :disable_with option to FormTagHelper#submit_tag to allow for easily disabled submit buttons with different text [David Heinemeier Hansson] * Make auto_link handle nil by returning quickly if blank? [Scott Barron] @@ -2837,7 +2955,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car page.visual_effect :fade, 'notice' end -* Add session ID to default logging, but remove the verbose description of every step [DHH] +* Add session ID to default logging, but remove the verbose description of every step [David Heinemeier Hansson] * Add the following RJS methods: [Sam Stephenson] @@ -2859,7 +2977,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Update to Prototype 1.4.0 final [Sam Stephenson] -* Added form_remote_for (form_for meets form_remote_tag) [DHH] +* Added form_remote_for (form_for meets form_remote_tag) [David Heinemeier Hansson] * Update to script.aculo.us 1.5.0_rc6 @@ -2867,7 +2985,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fix docs for text_area_tag. #3083. [Christopher Cotton] -* Change form_for and fields_for method signatures to take object name and object as separate arguments rather than as a Hash. [DHH] +* Change form_for and fields_for method signatures to take object name and object as separate arguments rather than as a Hash. [David Heinemeier Hansson] * Introduce :selected option to the select helper. Allows you to specify a selection other than the current value of object.method. Specify :selected => nil to leave all options unselected. #2991 [Jonathan Viney <jonathan@bluewire.net.nz>] @@ -2885,7 +3003,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Pass multiple arguments to Element.show and Element.hide in JavaScriptGenerator instead of using iterators. [Sam Stephenson] -* Improve expire_fragment documentation. #2966 [court3nay@gmail.com] +* Improve expire_fragment documentation. #2966 [court3nay] * Correct docs for automatic layout assignment. #2610. [Charles M. Gerungan] @@ -2907,7 +3025,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Correct time_zone_options_for_select docs. #2892 [pudeyo@rpi.com] -* Remove the unused, slow response_dump and session_dump variables from error pages. #1222 [lmarlow@yahoo.com] +* Remove the unused, slow response_dump and session_dump variables from error pages. #1222 [lmarlow] * Performance tweaks: use Set instead of Array to speed up prototype helper include? calls. Avoid logging code if logger is nil. Inline commonly-called template presence checks. #2880, #2881, #2882, #2883 [Stefan Kaes] @@ -2937,9 +3055,9 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Update documentation for render :file. #2858 [Tom Werner] -* Only include builtin filters whose filenames match /^[a-z][a-z_]*_helper.rb$/ to avoid including operating system metadata such as ._foo_helper.rb. #2855 [court3nay@gmail.com] +* Only include builtin filters whose filenames match /^[a-z][a-z_]*_helper.rb$/ to avoid including operating system metadata such as ._foo_helper.rb. #2855 [court3nay] -* Added FormHelper#form_for and FormHelper#fields_for that makes it easier to work with forms for single objects also if they don't reside in instance variables [DHH]. Examples: +* Added FormHelper#form_for and FormHelper#fields_for that makes it easier to work with forms for single objects also if they don't reside in instance variables [David Heinemeier Hansson]. Examples: <% form_for :person, @person, :url => { :action => "update" } do |f| %> First name: <%= f.text_field :first_name %> @@ -2972,7 +3090,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car *1.11.0* (November 7th, 2005) -* Added request as instance method to views, so you can do <%= request.env["HTTP_REFERER"] %>, just like you can already access response, session, and the likes [DHH] +* Added request as instance method to views, so you can do <%= request.env["HTTP_REFERER"] %>, just like you can already access response, session, and the likes [David Heinemeier Hansson] * Fix conflict with assert_tag and Glue gem #2255 [david.felstead@gmail.com] @@ -2980,9 +3098,9 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added action_pack.rb stub so that ActionPack::Version loads properly [Sam Stephenson] -* Added short-hand to assert_tag so assert_tag :tag => "span" can be written as assert_tag "span" [DHH] +* Added short-hand to assert_tag so assert_tag :tag => "span" can be written as assert_tag "span" [David Heinemeier Hansson] -* Added skip_before_filter/skip_after_filter for easier control of the filter chain in inheritance hierachies [DHH]. Example: +* Added skip_before_filter/skip_after_filter for easier control of the filter chain in inheritance hierachies [David Heinemeier Hansson]. Example: class ApplicationController < ActionController::Base before_filter :authenticate @@ -2997,7 +3115,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car skip_before_filter :authenticate end -* Added redirect_to :back as a short-hand for redirect_to(request.env["HTTP_REFERER"]) [DHH] +* Added redirect_to :back as a short-hand for redirect_to(request.env["HTTP_REFERER"]) [David Heinemeier Hansson] * Change javascript_include_tag :defaults to not use script.aculo.us loader, which facilitates the use of plugins for future script.aculo.us and third party javascript extensions, and provide register_javascript_include_default for plugins to specify additional JavaScript files to load. Removed slider.js and builder.js from actionpack. [Thomas Fuchs] @@ -3007,7 +3125,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Update script.aculo.us to V1.5_rc4 [Thomas Fuchs] -* Fix that render :text didn't interpolate instance variables #2629, #2626 [skaes] +* Fix that render :text didn't interpolate instance variables #2629, #2626 [Stefan Kaes] * Fix line number detection and escape RAILS_ROOT in backtrace Regexp [Nicholas Seckar] @@ -3026,7 +3144,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car *1.10.2* (October 26th, 2005) -* Reset template variables after using render_to_string [skaes@web.de] +* Reset template variables after using render_to_string [Stefan Kaes] * Expose the session model backing CGI::Session @@ -3042,7 +3160,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car *1.10.0* (October 16th, 2005) -* Make string-keys locals assigns optional. Add documentation describing depreciated state [skaes@web.de] +* Make string-keys locals assigns optional. Add documentation describing depreciated state [Stefan Kaes] * Improve line number detection for template errors [Nicholas Seckar] @@ -3050,7 +3168,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Upgrade to Prototype 1.4.0_rc0 [Sam Stephenson] -* Added assert_vaild. Reports the proper AR error messages as fail message when the passed record is invalid [Tobias Luetke] +* Added assert_vaild. Reports the proper AR error messages as fail message when the passed record is invalid [Tobias Lütke] * Add temporary support for passing locals to render using string keys [Nicholas Seckar] @@ -3058,11 +3176,11 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Raise an exception if an attempt is made to insert more session data into the ActiveRecordStore data column than the column can hold. #2234. [justin@textdrive.com] -* Removed references to assertions.rb from actionpack assert's backtraces. Makes error reports in functional unit tests much less noisy. [Tobias Luetke] +* Removed references to assertions.rb from actionpack assert's backtraces. Makes error reports in functional unit tests much less noisy. [Tobias Lütke] * Updated and clarified documentation for JavaScriptHelper to be more concise about the various options for including the JavaScript libs. [Thomas Fuchs] -* Hide "Retry with Breakpoint" button on error pages until feature is functional. [DHH] +* Hide "Retry with Breakpoint" button on error pages until feature is functional. [David Heinemeier Hansson] * Fix Request#host_with_port to use the standard port when Rails is behind a proxy. [Nicholas Seckar] @@ -3080,7 +3198,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Misc doc fixes (typos/grammar/etc). #2445. [coffee2code] -* Speed improvement for session_options. #2287. [skaes@web.de] +* Speed improvement for session_options. #2287. [Stefan Kaes] * Make cacheing binary files friendly with Windows. #1975. [Rich Olson] @@ -3092,9 +3210,9 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Make assert_tag :children count appropriately. Closes #2181. [jamie@bravenet.com] -* Forced newer versions of RedCloth to use hard breaks [DHH] +* Forced newer versions of RedCloth to use hard breaks [David Heinemeier Hansson] -* Added new scriptaculous options for auto_complete_field #2343 [m.stienstra@fngtps.com] +* Added new scriptaculous options for auto_complete_field #2343 [Manfred Stienstra] * Don't prepend the asset host if the string is already a fully-qualified URL @@ -3108,13 +3226,13 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Keep flash after components are rendered. #2291 [Rick Olson, Scott] -* Shorten IE file upload path to filename only to match other browsers. #1507 [court3nay@gmail.com] +* Shorten IE file upload path to filename only to match other browsers. #1507 [court3nay] * Fix open/save dialog in IE not opening files send with send_file/send_data, #2279 [Thomas Fuchs] -* Fixed that auto_discovery_link_tag couldn't take a string as the URL [DHH] +* Fixed that auto_discovery_link_tag couldn't take a string as the URL [David Heinemeier Hansson] -* Fixed problem with send_file and WEBrick using stdout #1812 [DHH] +* Fixed problem with send_file and WEBrick using stdout #1812 [David Heinemeier Hansson] * Optimized tag_options to not sort keys, which is no longer necessary when assert_dom_equal and friend is available #1995 [skae] @@ -3132,7 +3250,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Speed up cookie use by decreasing string copying #2194 [skae] -* Fixed access to "Host" header with requests made by crappy old HTTP/1.0 clients #2124 [Marcel Molina] +* Fixed access to "Host" header with requests made by crappy old HTTP/1.0 clients #2124 [Marcel Molina Jr.] * Added easy assignment of fragment cache store through use of symbols for included stores (old way still works too) @@ -3182,7 +3300,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Avoid extending view instance with helper modules each request. Closes #1979 -* Performance improvements to CGI methods. Closes #1980 [Skaes] +* Performance improvements to CGI methods. Closes #1980 [Stefan Kaes] * Added :post option to UrlHelper#link_to that makes it possible to do POST requests through normal ahref links using Javascript @@ -3199,13 +3317,13 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Drop trailing \000 if present on RAW_POST_DATA (works around bug in Safari Ajax implementation) #918 -* Fix observe_field to fall back to event-based observation if frequency <= 0 #1916 [michael@schubert.cx] +* Fix observe_field to fall back to event-based observation if frequency <= 0 #1916 [Michael Schubert] * Allow use of the :with option for submit_to_remote #1936 [jon@instance-design.co.uk] -* AbstractRequest#domain returns nil when host is an ip address #2012 [kevin.clark@gmail.com] +* AbstractRequest#domain returns nil when host is an ip address #2012 [Kevin Clark] -* ActionController documentation update #2051 [fbeausoleil@ftml.net] +* ActionController documentation update #2051 [François Beausoleil] * Yield @content_for_ variables to templates #2058 [Sam Stephenson] @@ -3221,7 +3339,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fix Routing to handle :some_param => nil better. [Nicholas Seckar, Luminas] -* Add support for :include with pagination (subject to existing constraints for :include with :limit and :offset) #1478 [michael@schubert.cx] +* Add support for :include with pagination (subject to existing constraints for :include with :limit and :offset) #1478 [Michael Schubert] * Prevent the benchmark module from blowing up if a non-HTTP/1.1 request is processed @@ -3249,7 +3367,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added support for per-action session management #1763 -* Improved rendering speed on complicated templates by up to 100% (the more complex the templates, the higher the speedup) #1234 [Stephan Kaes]. This did necessasitate a change to the internals of ActionView#render_template that now has four parameters. Developers of custom view handlers (like Amrita) need to update for that. +* Improved rendering speed on complicated templates by up to 100% (the more complex the templates, the higher the speedup) #1234 [Stefan Kaes]. This did necessasitate a change to the internals of ActionView#render_template that now has four parameters. Developers of custom view handlers (like Amrita) need to update for that. * Added options hash as third argument to FormHelper#input, so you can do input('person', 'zip', :size=>10) #1719 [jeremye@bsa.ca.gov] @@ -3276,7 +3394,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fixed that Action View should always use the included Builder, never attempt to require the gem, to ensure compatibility -* Added that nil options are not included in tags, so tag("p", :ignore => nil) now returns <p /> not <p ignore="" /> but that tag("p", :ignore => "") still includes it #1465 [michael@schuerig.de] +* Added that nil options are not included in tags, so tag("p", :ignore => nil) now returns <p /> not <p ignore="" /> but that tag("p", :ignore => "") still includes it #1465 [Michael Schuerig] * Fixed that UrlHelper#link_to_unless/link_to_if used html_escape on the name if no link was to be applied. This is unnecessary and breaks its use with images #1649 [joergd@pobox.com] @@ -3314,9 +3432,9 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added javascript_include_tag :defaults shortcut that'll include all the default javascripts included with Action Pack (prototype, effects, controls, dragdrop) -* Cache several controller variables that are expensive to calculate #1229 [skaes@web.de] +* Cache several controller variables that are expensive to calculate #1229 [Stefan Kaes] -* The session class backing CGI::Session::ActiveRecordStore may be replaced with any class that duck-types with a subset of Active Record. See docs for details #1238 [skaes@web.de] +* The session class backing CGI::Session::ActiveRecordStore may be replaced with any class that duck-types with a subset of Active Record. See docs for details #1238 [Stefan Kaes] * Fixed that hashes was not working properly when passed by GET to lighttpd #849 [Nicholas Seckar] @@ -3333,7 +3451,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car <p>Product 2</p> <% end %> -* Added :field_name option to DateHelper#select_(year|month|day) to deviate from the year/month/day defaults #1266 [Marcel Molina] +* Added :field_name option to DateHelper#select_(year|month|day) to deviate from the year/month/day defaults #1266 [Marcel Molina Jr.] * Added JavascriptHelper#draggable_element and JavascriptHelper#drop_receiving_element to facilitate easy dragging and dropping through the script.aculo.us libraries #1578 [Thomas Fuchs] @@ -3377,7 +3495,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added named routes (NEEDS BETTER DESCRIPTION) #1434 [Nicholas Seckar] -* Improved AbstractRequest documentation #1483 [court3nay@gmail.com] +* Improved AbstractRequest documentation #1483 [court3nay] * Added ActionController::Base.allow_concurrency to control whether the application is thread-safe, so multi-threaded servers like WEBrick knows whether to apply a mutex around the performance of each action. Turned off by default. EXPERIMENTAL FEATURE. @@ -3389,7 +3507,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added :xhr => true/false option to verify so you can ensure that a request is coming from an Ajax call or not #1464 [Thomas Fuchs] -* Added tag_options as a third parameter to AssetHelper#auto_discovery_link_tag to control options like the title of the link #1430 [kevin.clark@gmail.com] +* Added tag_options as a third parameter to AssetHelper#auto_discovery_link_tag to control options like the title of the link #1430 [Kevin Clark] * Added option to pass in parameters to CaptureHelper#capture, so you can create more advanced view helper methods #1466 [duane.johnson@gmail.com]. Example: @@ -3415,11 +3533,11 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added button_to as a form-based solution to deal with harmful actions that should be hidden behind POSTs. This makes it just as easy as link_to to create a safe trigger for actions like destroy, although it's limited by being a block element, the fixed look, and a no-no inside other forms. #1371 [tom@moertel.com] -* Fixed image_tag so an exception is not thrown just because the image is missing and alt value can't be generated #1395 [Marcel] +* Fixed image_tag so an exception is not thrown just because the image is missing and alt value can't be generated #1395 [Marcel Molina Jr.] * Added a third parameter to TextHelper#auto_link called href_options for specifying additional tag options on the links generated #1401 [tyler.kovacs@gmail.com]. Example: auto_link(text, :all, { :target => "_blank" }) to have all the generated links open in a new window. -* Fixed TextHelper#highlight to return the text, not nil, if the phrase is blank #1409 [patrick@lenz.sh] +* Fixed TextHelper#highlight to return the text, not nil, if the phrase is blank #1409 [Patrick Lenz] * Fixed TagHelper such that :name and 'name' keys in the options doesn't result in two attributes #1455 [take_tk] @@ -3433,7 +3551,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Allow distance_of_time_in_words to work with any value that responds to #to_time (like dates) #969 -* Support :render option for :verify #1440 [TobiasLuetke] +* Support :render option for :verify #1440 [Tobias Lütke] * Updated vendor copy of html-scanner lib to 0.5.2, for bug fixes and optimizations. The :content option may be used as expected--to find a tag whose textual content is a particular value--in assert_tag, now. @@ -3547,7 +3665,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fixed action/fragment caching using the filestore when a directory and a file wanted to use the same name. Now there's a .cache prefix that sidesteps the conflict #1188 [imbcmdth@hotmail.com] -* Fixed missing id uniqueness in FormTag#radio_button #1207 [Jarkko] +* Fixed missing id uniqueness in FormTag#radio_button #1207 [Jarkko Laine] * Fixed assert_redirected_to to work with :only_path => false #1204 [Alisdair McDiarmid] @@ -3652,7 +3770,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added support for web servers that use PATH_INFO instead of REQUEST_URI like IIS #1014 [BradG/Nicholas Seckar] -* Added graceful handling of PUT, DELETE, and OPTIONS requests for a complete coverage of REST functionality #1136 [joshknowles@gmail.com] +* Added graceful handling of PUT, DELETE, and OPTIONS requests for a complete coverage of REST functionality #1136 [Josh Knowles] * Fixed that you can now pass an alternative :href option to link_to_function/remote in order to point to somewhere other than # if the javascript fails or is turned off. You can do the same with form_remote_tag by passing in :action. #1113 [Sam Stephenson] @@ -3676,7 +3794,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fixed pagination to work with joins #1034 [scott@sigkill.org] -* Fixed that *rest parameter in map.connect couldn't accept an empty list #1037 [Dee.Zsombor@gmail.com] +* Fixed that *rest parameter in map.connect couldn't accept an empty list #1037 [Dee Zsombor] * Added :confirm option to link_to_remote just like link_to has #1082 [yrashk@fp.org.ua] @@ -3696,7 +3814,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added JavascriptHelper#periodically_call_remote in order to create areas of a page that update automatically at a set interval #945 [Jon Tirsen] -* Fixed Cache#expire_matched_fragments that couldn't recognize the difference between string and url_for options #1030 [skaes@web.de] +* Fixed Cache#expire_matched_fragments that couldn't recognize the difference between string and url_for options #1030 [Stefan Kaes] * Added simulation of @request.request_uri in functional tests #1038 [Jamis Buck] @@ -3739,7 +3857,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added :position option to link_to_remote/form_remote_tag that can be either :before, :top, :bottom, or :after and specifies where the return from the method should be inserted #952 [Matthew McCray/Sam Stephenson] -* Added Effect.Highlight to prototype.js to do Yellow Fade Technique (of 37signals' fame) on any container #952 [Sam Stephenson/courtenay] +* Added Effect.Highlight to prototype.js to do Yellow Fade Technique (of 37signals' fame) on any container #952 [Sam Stephenson/court3nay] * Added include_seconds option as the third parameter to distance_of_time_in_words which will render "less than a minute" in higher resolution ("less than 10 seconds" etc) #944 [thomas@fesch.at] @@ -3753,9 +3871,9 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added trailing_slash option to url_for, so you can generate urls ending in a slash. Note that is currently not recommended unless you need it for special reasons since it breaks caching #937 [stian@grytoyr.net] -* Added expire_matched_fragments(regular_expression) to clear out a lot of fragment caches at once #927 [technoweenie@gmail.com] +* Added expire_matched_fragments(regular_expression) to clear out a lot of fragment caches at once #927 [Rick Olson] -* Fixed the problems with : and ? in file names for fragment caches on Windows #927 [technoweenie@gmail.com] +* Fixed the problems with : and ? in file names for fragment caches on Windows #927 [Rick Olson] * Added TextHelper#human_size for formatting file sizes, like human_size(1234567) => 1.2 MB #943 [thomas@fesch.at] @@ -3772,7 +3890,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added pagination support through both a controller and helper add-on #817 [Sam Stephenson] -* Fixed routing and helpers to make Rails work on non-vhost setups #826 [Nicholas Seckar/Tobias Luetke] +* Fixed routing and helpers to make Rails work on non-vhost setups #826 [Nicholas Seckar/Tobias Lütke] * Added a much improved Flash module that allows for finer-grained control on expiration and allows you to flash the current action #839 [Caio Chassot]. Example of flash.now: @@ -3831,7 +3949,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fixed options_for_select on selected line issue #624 [Florian Weber] -* Added CaptureHelper with CaptureHelper#capture and CaptureHelper#content_for. See documentation in helper #837 [Tobias Luetke] +* Added CaptureHelper with CaptureHelper#capture and CaptureHelper#content_for. See documentation in helper #837 [Tobias Lütke] * Fixed :anchor use in url_for #821 [Nicholas Seckar] @@ -3967,7 +4085,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fixed the ordering of attributes in the xml-decleration of Builder #540 [woeye] -* Added @request.raw_post as a convenience access to @request.env['RAW_POST_DATA'] #534 [Tobias Luetke] +* Added @request.raw_post as a convenience access to @request.env['RAW_POST_DATA'] #534 [Tobias Lütke] * Added support for automatic id-based indexing for lists of items #532 [dblack]. Example: @@ -4057,13 +4175,13 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fixed url rewriter confusion when the controller or action name was a substring of the controller_prefix or action_prefix -* Added conditional layouts like <tt>layout "weblog_standard", :except => :rss</tt> #452 [Marcel Molina] +* Added conditional layouts like <tt>layout "weblog_standard", :except => :rss</tt> #452 [Marcel Molina Jr.] * Fixed that MemCacheStore wasn't included by default and added default MemCache object pointing to localhost #447 [Lucas Carlson] -* Added fourth argument to render_collection_of_partials that allows you to specify local_assigns -- just like render_partial #432 [zenspider] +* Added fourth argument to render_collection_of_partials that allows you to specify local_assigns -- just like render_partial #432 [Ryan Davis] -* Fixed that host would choke when cgi.host returned nil #432 [Tobias Luetke] +* Fixed that host would choke when cgi.host returned nil #432 [Tobias Lütke] * Added that form helpers now take an index option #448 [Tim Bates] @@ -4095,7 +4213,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car redirect_to(:controller => "account", :action => "login") unless @session[:authenticated] end -* Added conditional filters #431 [Marcel]. Example: +* Added conditional filters #431 [Marcel Molina Jr.]. Example: class JournalController < ActionController::Base # only require authentication if the current action is edit or delete @@ -4129,7 +4247,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added second boolean parameter to Base.redirect_to_url and Response#redirect to control whether the redirect is permanent or not (301 vs 302) #375 [Hodel] -* Fixed redirects when the controller and action is named the same. Still haven't fixed same controller, module, and action, though #201 [Josh] +* Fixed redirects when the controller and action is named the same. Still haven't fixed same controller, module, and action, though #201 [Josh Peek] * Fixed problems with running multiple functional tests in Rails under 1.8.2 by including hack for test/unit weirdness @@ -4139,7 +4257,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car *1.1.0* * Added search through session to clear out association caches at the end of each request. This makes it possible to place Active Record objects - in the session without worrying about stale data in the associations (the main object is still subject to caching, naturally) #347 [Tobias Luetke] + in the session without worrying about stale data in the associations (the main object is still subject to caching, naturally) #347 [Tobias Lütke] * Added more informative exception when using helper :some_helper and the helper requires another file that fails, you'll get an error message tells you what file actually failed to load, rather than falling back on assuming it was the helper file itself #346 [dblack] @@ -4159,7 +4277,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fixed that textilize and markdown would instantiate their engines even on empty strings. This also fixes #333 [Ulysses] -* Fixed UrlHelper#link_to_unless so it doesn't care if the id is a string or fixnum [zenspider] +* Fixed UrlHelper#link_to_unless so it doesn't care if the id is a string or fixnum [Ryan Davis] *1.0.1* @@ -4176,7 +4294,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fixed DateHelper#date_select so that you can pass include_blank as an option even if you don't use start_year and end_year #59 [what-a-day] * Added that controllers will now search for a layout in $template_root/layouts/$controller_name.r(html|xml), so PostsController will look - for layouts/posts.rhtml or layouts/posts.rxml and automatically configure this layout if found #307 [Marcel] + for layouts/posts.rhtml or layouts/posts.rxml and automatically configure this layout if found #307 [Marcel Molina Jr.] * Added FormHelper#radio_button to work with radio buttons like its already possible with check boxes [Michael Koziarski] @@ -4221,11 +4339,11 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added that render_partial will always by default include a counter with value 1 unless there is a counter passed in via the local_assigns hash that overrides it. As a result, render_collection_of_partials can still be written in terms of render_partial and partials that make use of a counter can be called without problems from both render_collection_of_partials as well as - render_partial #295 [marcel] + render_partial #295 [Marcel Molina Jr.] * Fixed CgiRequest#out to fall back to #write if $stdout doesn't have #syswrite [Jeremy Kemper] -* Fixed all helpers so that they use XHTML compliant double quotes for values instead of single quotes [htonl/bitsweat] +* Fixed all helpers so that they use XHTML compliant double quotes for values instead of single quotes [htonl/Jeremy Kemper] * Added link_to_image(src, options = {}, html_options = {}). Documentation: @@ -4245,11 +4363,11 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Fixed to_input_field_tag so it no longer explicitly uses InstanceTag.value if value was specified in the options hash [evl] -* Added the possibility of having validate be protected for assert_(in)valid_column #263 [Tobias Luetke] +* Added the possibility of having validate be protected for assert_(in)valid_column #263 [Tobias Lütke] * Added that ActiveRecordHelper#form now calls url_for on the :action option. -* Added all the HTTP methods as alternatives to the generic "process" for functional testing #276 [Tobias Luetke]. Examples: +* Added all the HTTP methods as alternatives to the generic "process" for functional testing #276 [Tobias Lütke]. Examples: # Calls Controller#miletone with a GET request process :milestone @@ -4406,9 +4524,9 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added a hidden field to checkboxes generated with FormHelper#check_box that will make sure that the unchecked value (usually 0) is sent even if the checkbox is not checked. This relieves the controller from doing custom checking if the checkbox wasn't - checked. BEWARE: This might conflict with your run-on-the-mill work-around code. [Tobias Luetke] + checked. BEWARE: This might conflict with your run-on-the-mill work-around code. [Tobias Lütke] -* Fixed error_message_on to just use the first if more than one error had been added [marcel] +* Fixed error_message_on to just use the first if more than one error had been added [Marcel Molina Jr.] * Fixed that URL rewriting with /controller/ was working but /controller was not and that you couldn't use :id on index [geech] @@ -4528,7 +4646,7 @@ Default YAML web services were retired, ActionController::Base.param_parsers car * Added caching for compiled ERb templates. On Basecamp, it gave between 8.5% and 71% increase in performance [Andreas Schwarz]. -* Added implicit counter variable to render_collection_of_partials [Marcel]. From the docs: +* Added implicit counter variable to render_collection_of_partials [Marcel Molina Jr.]. From the docs: <%= render_collection_of_partials "ad", @advertisements %> vendor/rails/actionpack/CHANGELOG @@ -1,4 +1,4 @@ -Copyright (c) 2004-2008 David Heinemeier Hansson +Copyright (c) 2004-2009 David Heinemeier Hansson Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the vendor/rails/actionpack/MIT-LICENSE @@ -10,7 +10,7 @@ Action Pack implements these actions as public methods on Action Controllers and uses Action Views to implement the template rendering. Action Controllers are then responsible for handling all the actions relating to a certain part of an application. This grouping usually consists of actions for lists and for -CRUDs revolving around a single (or a few) model objects. So ContactController +CRUDs revolving around a single (or a few) model objects. So ContactsController would be responsible for listing contacts, creating, deleting, and updating contacts. A WeblogController could be responsible for both posts and comments. @@ -33,7 +33,7 @@ A short rundown of the major features: * Actions grouped in controller as methods instead of separate command objects and can therefore share helper methods - BlogController < ActionController::Base + CustomersController < ActionController::Base def show @customer = find_customer end @@ -42,7 +42,7 @@ A short rundown of the major features: @customer = find_customer @customer.attributes = params[:customer] @customer.save ? - redirect_to(:action => "display") : + redirect_to(:action => "show") : render(:action => "edit") end @@ -59,7 +59,7 @@ A short rundown of the major features: Title: <%= post.title %> <% end %> - All post titles: <%= @post.collect{ |p| p.title }.join ", " %> + All post titles: <%= @posts.collect{ |p| p.title }.join ", " %> <% unless @person.is_client? %> Not for clients to see... @@ -123,7 +123,7 @@ A short rundown of the major features: <%= text_field "post", "title", "size" => 30 %> <%= html_date_select(Date.today) %> <%= link_to "New post", :controller => "post", :action => "new" %> - <%= truncate(post.title, 25) %> + <%= truncate(post.title, :length => 25) %> {Learn more}[link:classes/ActionView/Helpers.html] @@ -177,21 +177,6 @@ A short rundown of the major features: {Learn more}[link:classes/ActionView/Helpers/JavaScriptHelper.html] -* Pagination for navigating lists of results - - # controller - def list - @pages, @people = - paginate :people, :order => 'last_name, first_name' - end - - # view - <%= link_to "Previous page", { :page => @pages.current.previous } if @pages.current.previous %> - <%= link_to "Next page", { :page => @pages.current.next } if @pages.current.next %> - - {Learn more}[link:classes/ActionController/Pagination.html] - - * Easy testing of both controller and rendered template through ActionController::TestCase class LoginControllerTest < ActionController::TestCase @@ -215,11 +200,11 @@ A short rundown of the major features: If Active Record is used as the model, you'll have the database debugging as well: - Processing WeblogController#create (for 127.0.0.1 at Sat Jun 19 14:04:23) - Params: {"controller"=>"weblog", "action"=>"create", + Processing PostsController#create (for 127.0.0.1 at Sat Jun 19 14:04:23) + Params: {"controller"=>"posts", "action"=>"create", "post"=>{"title"=>"this is good"} } SQL (0.000627) INSERT INTO posts (title) VALUES('this is good') - Redirected to http://test/weblog/display/5 + Redirected to http://example.com/posts/5 Completed in 0.221764 (4 reqs/sec) | DB: 0.059920 (27%) You specify a logger through a class method, such as: @@ -256,30 +241,6 @@ A short rundown of the major features: {Learn more}[link:classes/ActionController/Caching.html] -* Component requests from one controller to another - - class WeblogController < ActionController::Base - # Performs a method and then lets hello_world output its render - def delegate_action - do_other_stuff_before_hello_world - render_component :controller => "greeter", :action => "hello_world" - end - end - - class GreeterController < ActionController::Base - def hello_world - render_text "Hello World!" - end - end - - The same can be done in a view to do a partial rendering: - - Let's see a greeting: - <%= render_component :controller => "greeter", :action => "hello_world" %> - - {Learn more}[link:classes/ActionController/Components.html] - - * Powerful debugging mechanism for local requests All exceptions raised on actions performed on the request of a local user @@ -336,7 +297,7 @@ A short rundown of the major features: class WeblogController < ActionController::Base def create post = Post.create(params[:post]) - redirect_to :action => "display", :id => post.id + redirect_to :action => "show", :id => post.id end end @@ -362,7 +323,7 @@ methods: @posts = Post.find(:all) end - def display + def show @post = Post.find(params[:id]) end @@ -372,7 +333,7 @@ methods: def create @post = Post.create(params[:post]) - redirect_to :action => "display", :id => @post.id + redirect_to :action => "show", :id => @post.id end end @@ -385,47 +346,32 @@ request from the web-server (like to be Apache). And the templates look like this: - weblog/layout.erb: + weblog/layout.html.erb: <html><body> <%= yield %> </body></html> - weblog/index.erb: + weblog/index.html.erb: <% for post in @posts %> - <p><%= link_to(post.title, :action => "display", :id => post.id %></p> + <p><%= link_to(post.title, :action => "show", :id => post.id) %></p> <% end %> - weblog/display.erb: + weblog/show.html.erb: <p> - <b><%= post.title %></b><br/> - <b><%= post.content %></b> + <b><%= @post.title %></b><br/> + <b><%= @post.content %></b> </p> - weblog/new.erb: + weblog/new.html.erb: <%= form "post" %> This simple setup will list all the posts in the system on the index page, which is called by accessing /weblog/. It uses the form builder for the Active Record model to make the new screen, which in turn hands everything over to the create action (that's the default target for the form builder when given a -new model). After creating the post, it'll redirect to the display page using -an URL such as /weblog/display/5 (where 5 is the id of the post). - - -== Examples - -Action Pack ships with three examples that all demonstrate an increasingly -detailed view of the possibilities. First is blog_controller that is just a -single file for the whole MVC (but still split into separate parts). Second is -the debate_controller that uses separate template files and multiple screens. -Third is the address_book_controller that uses the layout feature to separate -template casing from content. - -Please note that you might need to change the "shebang" line to -#!/usr/local/env ruby, if your Ruby is not placed in /usr/local/bin/ruby +new model). After creating the post, it'll redirect to the show page using +an URL such as /weblog/5 (where 5 is the id of the post). -Also note that these examples are all for demonstrating using Action Pack on -its own. Not for when it's used inside of Rails. == Download @@ -460,4 +406,4 @@ And as Jim from Rake says: Feel free to submit commits or feature requests. If you send a patch, remember to update the corresponding unit tests. If fact, I prefer - new feature to be submitted in the form of new unit tests. \ No newline at end of file + new feature to be submitted in the form of new unit tests. vendor/rails/actionpack/README @@ -80,7 +80,7 @@ spec = Gem::Specification.new do |s| s.has_rdoc = true s.requirements << 'none' - s.add_dependency('activesupport', '= 2.2.2' + PKG_BUILD) + s.add_dependency('activesupport', '= 2.3.2' + PKG_BUILD) s.require_path = 'lib' s.autorequire = 'action_controller' vendor/rails/actionpack/Rakefile @@ -1,5 +1,5 @@ #-- -# Copyright (c) 2004-2008 David Heinemeier Hansson +# Copyright (c) 2004-2009 David Heinemeier Hansson # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the @@ -31,49 +31,86 @@ rescue LoadError end end -$:.unshift "#{File.dirname(__FILE__)}/action_controller/vendor/html-scanner" +begin + gem 'rack', '~> 1.0.0' + require 'rack' +rescue Gem::LoadError + require 'action_controller/vendor/rack-1.0/rack' +end -require 'action_controller/base' -require 'action_controller/request' -require 'action_controller/rescue' -require 'action_controller/benchmarking' -require 'action_controller/flash' -require 'action_controller/filters' -require 'action_controller/layout' -require 'action_controller/mime_responds' -require 'action_controller/helpers' -require 'action_controller/cookies' -require 'action_controller/cgi_process' -require 'action_controller/caching' -require 'action_controller/verification' -require 'action_controller/streaming' -require 'action_controller/session_management' -require 'action_controller/http_authentication' -require 'action_controller/components' -require 'action_controller/rack_process' -require 'action_controller/record_identifier' -require 'action_controller/request_forgery_protection' -require 'action_controller/headers' -require 'action_controller/translation' +module ActionController + # TODO: Review explicit to see if they will automatically be handled by + # the initilizer if they are really needed. + def self.load_all! + [Base, CGIHandler, CgiRequest, Request, Response, Http::Headers, UrlRewriter, UrlWriter] + end -require 'action_view' + autoload :AbstractRequest, 'action_controller/request' + autoload :Base, 'action_controller/base' + autoload :Benchmarking, 'action_controller/benchmarking' + autoload :Caching, 'action_controller/caching' + autoload :Cookies, 'action_controller/cookies' + autoload :Dispatcher, 'action_controller/dispatcher' + autoload :Failsafe, 'action_controller/failsafe' + autoload :Filters, 'action_controller/filters' + autoload :Flash, 'action_controller/flash' + autoload :Helpers, 'action_controller/helpers' + autoload :HttpAuthentication, 'action_controller/http_authentication' + autoload :Integration, 'action_controller/integration' + autoload :IntegrationTest, 'action_controller/integration' + autoload :Layout, 'action_controller/layout' + autoload :MiddlewareStack, 'action_controller/middleware_stack' + autoload :MimeResponds, 'action_controller/mime_responds' + autoload :ParamsParser, 'action_controller/params_parser' + autoload :PolymorphicRoutes, 'action_controller/polymorphic_routes' + autoload :RecordIdentifier, 'action_controller/record_identifier' + autoload :Reloader, 'action_controller/reloader' + autoload :Request, 'action_controller/request' + autoload :RequestForgeryProtection, 'action_controller/request_forgery_protection' + autoload :Rescue, 'action_controller/rescue' + autoload :Resources, 'action_controller/resources' + autoload :Response, 'action_controller/response' + autoload :RewindableInput, 'action_controller/rewindable_input' + autoload :Routing, 'action_controller/routing' + autoload :SessionManagement, 'action_controller/session_management' + autoload :StatusCodes, 'action_controller/status_codes' + autoload :Streaming, 'action_controller/streaming' + autoload :TestCase, 'action_controller/test_case' + autoload :TestProcess, 'action_controller/test_process' + autoload :Translation, 'action_controller/translation' + autoload :UploadedFile, 'action_controller/uploaded_file' + autoload :UploadedStringIO, 'action_controller/uploaded_file' + autoload :UploadedTempfile, 'action_controller/uploaded_file' + autoload :UrlRewriter, 'action_controller/url_rewriter' + autoload :UrlWriter, 'action_controller/url_rewriter' + autoload :Verification, 'action_controller/verification' + + module Assertions + autoload :DomAssertions, 'action_controller/assertions/dom_assertions' + autoload :ModelAssertions, 'action_controller/assertions/model_assertions' + autoload :ResponseAssertions, 'action_controller/assertions/response_assertions' + autoload :RoutingAssertions, 'action_controller/assertions/routing_assertions' + autoload :SelectorAssertions, 'action_controller/assertions/selector_assertions' + autoload :TagAssertions, 'action_controller/assertions/tag_assertions' + end + + module Http + autoload :Headers, 'action_controller/headers' + end + + module Session + autoload :AbstractStore, 'action_controller/session/abstract_store' + autoload :CookieStore, 'action_controller/session/cookie_store' + autoload :MemCacheStore, 'action_controller/session/mem_cache_store' + end -ActionController::Base.class_eval do - include ActionController::Flash - include ActionController::Filters - include ActionController::Layout - include ActionController::Benchmarking - include ActionController::Rescue - include ActionController::MimeResponds - include ActionController::Helpers - include ActionController::Cookies - include ActionController::Caching - include ActionController::Verification - include ActionController::Streaming - include ActionController::SessionManagement - include ActionController::HttpAuthentication::Basic::ControllerMethods - include ActionController::Components - include ActionController::RecordIdentifier - include ActionController::RequestForgeryProtection - include ActionController::Translation + # DEPRECATE: Remove CGI support + autoload :CgiRequest, 'action_controller/cgi_process' + autoload :CGIHandler, 'action_controller/cgi_process' end + +autoload :Mime, 'action_controller/mime_type' + +autoload :HTML, 'action_controller/vendor/html-scanner' + +require 'action_view' vendor/rails/actionpack/lib/action_controller.rb @@ -11,6 +11,7 @@ module ActionController # assert_valid(model) # def assert_valid(record) + ::ActiveSupport::Deprecation.warn("assert_valid is deprecated. Use assert record.valid? instead", caller) clean_backtrace do assert record.valid?, record.errors.full_messages.join("\n") end vendor/rails/actionpack/lib/action_controller/assertions/model_assertions.rb @@ -1,6 +1,3 @@ -require 'rexml/document' -require 'html/document' - module ActionController module Assertions # A small suite of assertions that test responses from Rails applications. @@ -19,7 +16,7 @@ module ActionController # ==== Examples # # # assert that the response was a redirection - # assert_response :redirect + # assert_response :redirect # # # assert that the response code was status code 401 (unauthorized) # assert_response 401 @@ -44,7 +41,7 @@ module ActionController end end - # Assert that the redirection options passed in match those of the redirect called in the latest action. + # Assert that the redirection options passed in match those of the redirect called in the latest action. # This match can be partial, such that assert_redirected_to(:controller => "weblog") will also # match the redirection of redirect_to(:controller => "weblog", :action => "show") and so on. # @@ -63,12 +60,12 @@ module ActionController clean_backtrace do assert_response(:redirect, message) return true if options == @response.redirected_to - + # Support partial arguments for hash redirections if options.is_a?(Hash) && @response.redirected_to.is_a?(Hash) return true if options.all? {|(key, value)| @response.redirected_to[key] == value} end - + redirected_to_after_normalisation = normalize_argument_to_redirection(@response.redirected_to) options_after_normalisation = normalize_argument_to_redirection(options) @@ -78,29 +75,59 @@ module ActionController end end - # Asserts that the request was rendered with the appropriate template file. + # Asserts that the request was rendered with the appropriate template file or partials # # ==== Examples # # # assert that the "new" view template was rendered # assert_template "new" # - def assert_template(expected = nil, message=nil) + # # assert that the "_customer" partial was rendered twice + # assert_template :partial => '_customer', :count => 2 + # + # # assert that no partials were rendered + # assert_template :partial => false + # + def assert_template(options = {}, message = nil) clean_backtrace do - rendered = @response.rendered_template.to_s - msg = build_message(message, "expecting <?> but rendering with <?>", expected, rendered) - assert_block(msg) do - if expected.nil? - @response.rendered_template.blank? + case options + when NilClass, String + rendered = @response.rendered[:template].to_s + msg = build_message(message, + "expecting <?> but rendering with <?>", + options, rendered) + assert_block(msg) do + if options.nil? + @response.rendered[:template].blank? + else + rendered.to_s.match(options) + end + end + when Hash + if expected_partial = options[:partial] + partials = @response.rendered[:partials] + if expected_count = options[:count] + found = partials.detect { |p, _| p.to_s.match(expected_partial) } + actual_count = found.nil? ? 0 : found.second + msg = build_message(message, + "expecting ? to be rendered ? time(s) but rendered ? time(s)", + expected_partial, expected_count, actual_count) + assert(actual_count == expected_count.to_i, msg) + else + msg = build_message(message, + "expecting partial <?> but action rendered <?>", + options[:partial], partials.keys) + assert(partials.keys.any? { |p| p.to_s.match(expected_partial) }, msg) + end else - rendered.to_s.match(expected) + assert @response.rendered[:partials].empty?, + "Expected no partials to be rendered" end end end end private - # Proxy to to_param if the object will respond to it. def parameterize(value) value.respond_to?(:to_param) ? value.to_param : value vendor/rails/actionpack/lib/action_controller/assertions/response_assertions.rb @@ -134,7 +134,7 @@ module ActionController path = "/#{path}" unless path.first == '/' # Assume given controller - request = ActionController::TestRequest.new({}, {}, nil) + request = ActionController::TestRequest.new request.env["REQUEST_METHOD"] = request_method.to_s.upcase if request_method request.path = path vendor/rails/actionpack/lib/action_controller/assertions/routing_assertions.rb @@ -3,9 +3,6 @@ # Under MIT and/or CC By license. #++ -require 'rexml/document' -require 'html/document' - module ActionController module Assertions unless const_defined?(:NO_STRIP) @@ -112,20 +109,27 @@ module ActionController # starting from (and including) that element and all its children in # depth-first order. # - # If no element if specified, calling +assert_select+ will select from the - # response HTML. Calling #assert_select inside an +assert_select+ block will - # run the assertion for each element selected by the enclosing assertion. + # If no element if specified, calling +assert_select+ selects from the + # response HTML unless +assert_select+ is called from within an +assert_select+ block. + # + # When called with a block +assert_select+ passes an array of selected elements + # to the block. Calling +assert_select+ from the block, with no element specified, + # runs the assertion on the complete set of elements selected by the enclosing assertion. + # Alternatively the array may be iterated through so that +assert_select+ can be called + # separately for each element. + # # # ==== Example - # assert_select "ol>li" do |elements| + # If the response contains two ordered lists, each with four list elements then: + # assert_select "ol" do |elements| # elements.each do |element| - # assert_select element, "li" + # assert_select element, "li", 4 # end # end # - # Or for short: - # assert_select "ol>li" do - # assert_select "li" + # will pass, as will: + # assert_select "ol" do + # assert_select "li", 8 # end # # The selector may be a CSS selector expression (String), an expression @@ -405,6 +409,7 @@ module ActionController if rjs_type if rjs_type == :insert position = args.shift + id = args.shift insertion = "insert_#{position}".to_sym raise ArgumentError, "Unknown RJS insertion type #{position}" unless RJS_STATEMENTS[insertion] statement = "(#{RJS_STATEMENTS[insertion]})" @@ -590,7 +595,7 @@ module ActionController def response_from_page_or_rjs() content_type = @response.content_type - if content_type && content_type =~ /text\/javascript/ + if content_type && Mime::JS =~ content_type body = @response.body.dup root = HTML::Node.new(nil) vendor/rails/actionpack/lib/action_controller/assertions/selector_assertions.rb @@ -1,6 +1,3 @@ -require 'rexml/document' -require 'html/document' - module ActionController module Assertions # Pair of assertions to testing elements in the HTML output of the response. @@ -127,4 +124,4 @@ module ActionController end end end -end \ No newline at end of file +end vendor/rails/actionpack/lib/action_controller/assertions/tag_assertions.rb @@ -1,12 +1,3 @@ -require 'action_controller/mime_type' -require 'action_controller/request' -require 'action_controller/response' -require 'action_controller/routing' -require 'action_controller/resources' -require 'action_controller/url_rewriter' -require 'action_controller/status_codes' -require 'action_view' -require 'drb' require 'set' module ActionController #:nodoc: @@ -31,7 +22,7 @@ module ActionController #:nodoc: attr_reader :allowed_methods def initialize(*allowed_methods) - super("Only #{allowed_methods.to_sentence} requests are allowed.") + super("Only #{allowed_methods.to_sentence(:locale => :en)} requests are allowed.") @allowed_methods = allowed_methods end @@ -173,8 +164,8 @@ module ActionController #:nodoc: # # Other options for session storage are: # - # * ActiveRecordStore - Sessions are stored in your database, which works better than PStore with multiple app servers and, - # unlike CookieStore, hides your session contents from the user. To use ActiveRecordStore, set + # * ActiveRecord::SessionStore - Sessions are stored in your database, which works better than PStore with multiple app servers and, + # unlike CookieStore, hides your session contents from the user. To use ActiveRecord::SessionStore, set # # config.action_controller.session_store = :active_record_store # @@ -263,7 +254,7 @@ module ActionController #:nodoc: cattr_reader :protected_instance_variables # Controller specific instance variables which will not be accessible inside views. @@protected_instance_variables = %w(@assigns @performed_redirect @performed_render @variables_added @request_origin @url @parent_controller - @action_name @before_filter_chain_aborted @action_cache_path @_session @_cookies @_headers @_params + @action_name @before_filter_chain_aborted @action_cache_path @_session @_headers @_params @_flash @_response) # Prepends all the URL-generating helpers from AssetHelper. This makes it possible to easily move javascripts, stylesheets, @@ -310,10 +301,7 @@ module ActionController #:nodoc: # A YAML parser is also available and can be turned on with: # # ActionController::Base.param_parsers[Mime::YAML] = :yaml - @@param_parsers = { Mime::MULTIPART_FORM => :multipart_form, - Mime::URL_ENCODED_FORM => :url_encoded_form, - Mime::XML => :xml_simple, - Mime::JSON => :json } + @@param_parsers = {} cattr_accessor :param_parsers # Controls the default charset for all renders. @@ -336,6 +324,10 @@ module ActionController #:nodoc: # sets it to <tt>:authenticity_token</tt> by default. cattr_accessor :request_forgery_protection_token + # Controls the IP Spoofing check when determining the remote IP. + @@ip_spoofing_check = true + cattr_accessor :ip_spoofing_check + # Indicates whether or not optimise the generated named # route helper methods cattr_accessor :optimise_named_routes @@ -387,6 +379,13 @@ module ActionController #:nodoc: attr_accessor :action_name class << self + def call(env) + # HACK: For global rescue to have access to the original request and response + request = env["action_controller.rescue.request"] ||= Request.new(env) + response = env["action_controller.rescue.response"] ||= Response.new + process(request, response) + end + # Factory for the standard create, process loop where the controller is discarded after processing. def process(request, response) #:nodoc: new.process(request, response) @@ -507,7 +506,7 @@ module ActionController #:nodoc: protected :filter_parameters end - delegate :exempt_from_layout, :to => 'ActionView::Base' + delegate :exempt_from_layout, :to => 'ActionView::Template' end public @@ -529,7 +528,7 @@ module ActionController #:nodoc: end def send_response - response.prepare! unless component_request? + response.prepare! response end @@ -645,7 +644,7 @@ module ActionController #:nodoc: end def session_enabled? - request.session_options && request.session_options[:disabled] != false + ActiveSupport::Deprecation.warn("Sessions are now lazy loaded. So if you don't access them, consider them disabled.", caller) end self.view_paths = [] @@ -785,9 +784,37 @@ module ActionController #:nodoc: # # placed in "app/views/layouts/special.r(html|xml)" # render :text => "Hi there!", :layout => "special" # - # The <tt>:text</tt> option can also accept a Proc object, which can be used to manually control the page generation. This should - # generally be avoided, as it violates the separation between code and content, and because almost everything that can be - # done with this method can also be done more cleanly using one of the other rendering methods, most notably templates. + # === Streaming data and/or controlling the page generation + # + # The <tt>:text</tt> option can also accept a Proc object, which can be used to: + # + # 1. stream on-the-fly generated data to the browser. Note that you should + # use the methods provided by ActionController::Steaming instead if you + # want to stream a buffer or a file. + # 2. manually control the page generation. This should generally be avoided, + # as it violates the separation between code and content, and because almost + # everything that can be done with this method can also be done more cleanly + # using one of the other rendering methods, most notably templates. + # + # Two arguments are passed to the proc, a <tt>response</tt> object and an + # <tt>output</tt> object. The response object is equivalent to the return + # value of the ActionController::Base#response method, and can be used to + # control various things in the HTTP response, such as setting the + # Content-Type header. The output object is an writable <tt>IO</tt>-like + # object, so one can call <tt>write</tt> and <tt>flush</tt> on it. + # + # The following example demonstrates how one can stream a large amount of + # on-the-fly generated data to the browser: + # + # # Streams about 180 MB of generated data to the browser. + # render :text => proc { |response, output| + # 10_000_000.times do |i| + # output.write("This is line #{i}\n") + # output.flush + # end + # } + # + # Another example: # # # Renders "Hello from code!" # render :text => proc { |response, output| output.write("Hello from code!") } @@ -864,20 +891,31 @@ module ActionController #:nodoc: def render(options = nil, extra_options = {}, &block) #:doc: raise DoubleRenderError, "Can only render or redirect once per action" if performed? + validate_render_arguments(options, extra_options, block_given?) + if options.nil? - return render(:file => default_template_name, :layout => true) - elsif !extra_options.is_a?(Hash) - raise RenderError, "You called render with invalid options : #{options.inspect}, #{extra_options.inspect}" - else - if options == :update - options = extra_options.merge({ :update => true }) - elsif !options.is_a?(Hash) - raise RenderError, "You called render with invalid options : #{options.inspect}" + options = { :template => default_template, :layout => true } + elsif options == :update + options = extra_options.merge({ :update => true }) + elsif options.is_a?(String) || options.is_a?(Symbol) + case options.to_s.index('/') + when 0 + extra_options[:file] = options + when nil + extra_options[:action] = options + else + extra_options[:template] = options end + + options = extra_options + elsif !options.is_a?(Hash) + extra_options[:partial] = options + options = extra_options end - response.layout = layout = pick_layout(options) - logger.info("Rendering template within #{layout}") if logger && layout + layout = pick_layout(options) + response.layout = layout.path_without_format_and_extension if layout + logger.info("Rendering template within #{layout.path_without_format_and_extension}") if logger && layout if content_type = options[:content_type] response.content_type = content_type.to_s @@ -902,7 +940,7 @@ module ActionController #:nodoc: render_for_text(@template.render(options.merge(:layout => layout)), options[:status]) elsif action_name = options[:action] - render_for_file(default_template_name(action_name.to_s), options[:status], layout) + render_for_file(default_template(action_name.to_s), options[:status], layout) elsif xml = options[:xml] response.content_type ||= Mime::XML @@ -937,7 +975,7 @@ module ActionController #:nodoc: render_for_text(nil, options[:status]) else - render_for_file(default_template_name, options[:status], layout) + render_for_file(default_template, options[:status], layout) end end end @@ -994,7 +1032,7 @@ module ActionController #:nodoc: @performed_redirect = false response.redirected_to = nil response.redirected_to_method_params = nil - response.headers['Status'] = DEFAULT_RENDER_STATUS_CODE + response.status = DEFAULT_RENDER_STATUS_CODE response.headers.delete('Location') end @@ -1065,7 +1103,6 @@ module ActionController #:nodoc: end response.redirected_to = options - logger.info("Redirected to #{options}") if logger && logger.info? case options # The scheme name consist of a letter followed by any combination of @@ -1088,6 +1125,7 @@ module ActionController #:nodoc: def redirect_to_full_url(url, status) raise DoubleRenderError if performed? + logger.info("Redirected to #{url}") if logger && logger.info? response.redirect(url, interpret_status(status)) @performed_redirect = true end @@ -1097,6 +1135,11 @@ module ActionController #:nodoc: # request is considered stale and should be generated from scratch. Otherwise, # it's fresh and we don't need to generate anything and a reply of "304 Not Modified" is sent. # + # Parameters: + # * <tt>:etag</tt> + # * <tt>:last_modified</tt> + # * <tt>:public</tt> By default the Cache-Control header is private, set this to true if you want your application to be cachable by other devices (proxy caches). + # # Example: # # def show @@ -1115,22 +1158,36 @@ module ActionController #:nodoc: end # Sets the etag, last_modified, or both on the response and renders a - # "304 Not Modified" response if the request is already fresh. + # "304 Not Modified" response if the request is already fresh. + # + # Parameters: + # * <tt>:etag</tt> + # * <tt>:last_modified</tt> + # * <tt>:public</tt> By default the Cache-Control header is private, set this to true if you want your application to be cachable by other devices (proxy caches). # # Example: # # def show # @article = Article.find(params[:id]) - # fresh_when(:etag => @article, :last_modified => @article.created_at.utc) + # fresh_when(:etag => @article, :last_modified => @article.created_at.utc, :public => true) # end - # - # This will render the show template if the request isn't sending a matching etag or + # + # This will render the show template if the request isn't sending a matching etag or # If-Modified-Since header and just a "304 Not Modified" response if there's a match. + # def fresh_when(options) - options.assert_valid_keys(:etag, :last_modified) + options.assert_valid_keys(:etag, :last_modified, :public) response.etag = options[:etag] if options[:etag] response.last_modified = options[:last_modified] if options[:last_modified] + + if options[:public] + cache_control = response.headers["Cache-Control"].split(",").map {|k| k.strip } + cache_control.delete("private") + cache_control.delete("no-cache") + cache_control << "public" + response.headers["Cache-Control"] = cache_control.join(', ') + end if request.fresh?(response) head :not_modified @@ -1142,15 +1199,26 @@ module ActionController #:nodoc: # # Examples: # expires_in 20.minutes - # expires_in 3.hours, :private => false - # expires in 3.hours, 'max-stale' => 5.hours, :private => nil, :public => true + # expires_in 3.hours, :public => true + # expires in 3.hours, 'max-stale' => 5.hours, :public => true # # This method will overwrite an existing Cache-Control header. # See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities. def expires_in(seconds, options = {}) #:doc: - cache_options = { 'max-age' => seconds, 'private' => true }.symbolize_keys.merge!(options.symbolize_keys) - cache_options.delete_if { |k,v| v.nil? or v == false } - cache_control = cache_options.map{ |k,v| v == true ? k.to_s : "#{k.to_s}=#{v.to_s}"} + cache_control = response.headers["Cache-Control"].split(",").map {|k| k.strip } + + cache_control << "max-age=#{seconds}" + cache_control.delete("no-cache") + if options[:public] + cache_control.delete("private") + cache_control << "public" + else + cache_control << "private" + end + + # This allows for additional headers to be passed through like 'max-stale' => 5.hours + cache_control += options.symbolize_keys.reject{|k,v| k == :public || k == :private }.map{ |k,v| v == true ? k.to_s : "#{k.to_s}=#{v.to_s}"} + response.headers["Cache-Control"] = cache_control.join(', ') end @@ -1164,20 +1232,19 @@ module ActionController #:nodoc: def reset_session #:doc: request.reset_session @_session = request.session - response.session = @_session end - private def render_for_file(template_path, status = nil, layout = nil, locals = {}) #:nodoc: - logger.info("Rendering #{template_path}" + (status ? " (#{status})" : '')) if logger + path = template_path.respond_to?(:path_without_format_and_extension) ? template_path.path_without_format_and_extension : template_path + logger.info("Rendering #{path}" + (status ? " (#{status})" : '')) if logger render_for_text @template.render(:file => template_path, :locals => locals, :layout => layout), status end def render_for_text(text = nil, status = nil, append_response = false) #:nodoc: @performed_render = true - response.headers['Status'] = interpret_status(status || DEFAULT_RENDER_STATUS_CODE) + response.status = interpret_status(status || DEFAULT_RENDER_STATUS_CODE) if append_response response.body ||= '' @@ -1191,6 +1258,16 @@ module ActionController #:nodoc: end end + def validate_render_arguments(options, extra_options, has_block) + if options && (has_block && options != :update) && !options.is_a?(String) && !options.is_a?(Hash) && !options.is_a?(Symbol) + raise RenderError, "You called render with invalid options : #{options.inspect}" + end + + if !extra_options.is_a?(Hash) + raise RenderError, "You called render with invalid options : #{options.inspect}, #{extra_options.inspect}" + end + end + def initialize_template_class(response) response.template = ActionView::Base.new(self.class.view_paths, {}, self) response.template.helpers.send :include, self.class.master_helper_module @@ -1199,7 +1276,7 @@ module ActionController #:nodoc: end def assign_shortcuts(request, response) - @_request, @_params, @_cookies = request, request.parameters, request.cookies + @_request, @_params = request, request.parameters @_response = response @_response.session = request.session @@ -1217,11 +1294,10 @@ module ActionController #:nodoc: def log_processing if logger && logger.info? log_processing_for_request_id - log_processing_for_session_id log_processing_for_parameters end end - + def log_processing_for_request_id request_id = "\n\nProcessing #{self.class.name}\##{action_name} " request_id << "to #{params[:format]} " if params[:format] @@ -1230,17 +1306,10 @@ module ActionController #:nodoc: logger.info(request_id) end - def log_processing_for_session_id - if @_session && @_session.respond_to?(:session_id) && @_session.respond_to?(:dbman) && - !@_session.dbman.is_a?(CGI::Session::CookieStore) - logger.info " Session ID: #{@_session.session_id}" - end - end - def log_processing_for_parameters parameters = respond_to?(:filter_parameters) ? filter_parameters(params) : params.dup parameters = parameters.except!(:controller, :action, :format, :_method) - + logger.info " Parameters: #{parameters.inspect}" unless parameters.empty? end @@ -1255,10 +1324,17 @@ module ActionController #:nodoc: elsif respond_to? :method_missing method_missing action_name default_render unless performed? - elsif template_exists? - default_render else - raise UnknownAction, "No action responded to #{action_name}. Actions: #{action_methods.sort.to_sentence}", caller + begin + default_render + rescue ActionView::MissingTemplate => e + # Was the implicit template missing, or was it another template? + if e.path == default_template_name + raise UnknownAction, "No action responded to #{action_name}. Actions: #{action_methods.sort.to_sentence(:locale => :en)}", caller + else + raise e + end + end end end @@ -1270,11 +1346,6 @@ module ActionController #:nodoc: @action_name = (params['action'] || 'index') end - def assign_default_content_type_and_charset - response.assign_default_content_type_and_charset! - end - deprecate :assign_default_content_type_and_charset => :'response.assign_default_content_type_and_charset!' - def action_methods self.class.action_methods end @@ -1305,14 +1376,8 @@ module ActionController #:nodoc: "#{request.protocol}#{request.host}#{request.request_uri}" end - def close_session - @_session.close if @_session && @_session.respond_to?(:close) - end - - def template_exists?(template_name = default_template_name) - @template.send(:_pick_template, template_name) ? true : false - rescue ActionView::MissingTemplate - false + def default_template(action_name = self.action_name) + self.view_paths.find_template(default_template_name(action_name), default_template_format) end def default_template_name(action_name = self.action_name) @@ -1334,7 +1399,16 @@ module ActionController #:nodoc: end def process_cleanup - close_session end end + + Base.class_eval do + [ Filters, Layout, Benchmarking, Rescue, Flash, MimeResponds, Helpers, + Cookies, Caching, Verification, Streaming, SessionManagement, + HttpAuthentication::Basic::ControllerMethods, HttpAuthentication::Digest::ControllerMethods, + RecordIdentifier, RequestForgeryProtection, Translation + ].each do |mod| + include mod + end + end end vendor/rails/actionpack/lib/action_controller/base.rb @@ -23,8 +23,8 @@ module ActionController #:nodoc: def benchmark(title, log_level = Logger::DEBUG, use_silence = true) if logger && logger.level == log_level result = nil - seconds = Benchmark.realtime { result = use_silence ? silence { yield } : yield } - logger.add(log_level, "#{title} (#{('%.1f' % (seconds * 1000))}ms)") + ms = Benchmark.ms { result = use_silence ? silence { yield } : yield } + logger.add(log_level, "#{title} (#{('%.1f' % ms)}ms)") result else yield @@ -48,7 +48,7 @@ module ActionController #:nodoc: end render_output = nil - @view_runtime = Benchmark::realtime { render_output = render_without_benchmark(options, extra_options, &block) } + @view_runtime = Benchmark.ms { render_output = render_without_benchmark(options, extra_options, &block) } if Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected? @db_rt_before_render = db_runtime @@ -65,11 +65,11 @@ module ActionController #:nodoc: private def perform_action_with_benchmark if logger - seconds = [ Benchmark::measure{ perform_action_without_benchmark }.real, 0.0001 ].max + ms = [Benchmark.ms { perform_action_without_benchmark }, 0.01].max logging_view = defined?(@view_runtime) logging_active_record = Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected? - log_message = "Completed in #{sprintf("%.0f", seconds * 1000)}ms" + log_message = 'Completed in %.0fms' % ms if logging_view || logging_active_record log_message << " (" @@ -83,25 +83,25 @@ module ActionController #:nodoc: end end - log_message << " | #{headers["Status"]}" + log_message << " | #{response.status}" log_message << " [#{complete_request_uri rescue "unknown"}]" logger.info(log_message) - response.headers["X-Runtime"] = "#{sprintf("%.0f", seconds * 1000)}ms" + response.headers["X-Runtime"] = "%.0f" % ms else perform_action_without_benchmark end end def view_runtime - "View: %.0f" % (@view_runtime * 1000) + "View: %.0f" % @view_runtime end def active_record_runtime db_runtime = ActiveRecord::Base.connection.reset_runtime db_runtime += @db_rt_before_render if @db_rt_before_render db_runtime += @db_rt_after_render if @db_rt_after_render - "DB: %.0f" % (db_runtime * 1000) + "DB: %.0f" % db_runtime end end end vendor/rails/actionpack/lib/action_controller/benchmarking.rb @@ -2,13 +2,6 @@ require 'fileutils' require 'uri' require 'set' -require 'action_controller/caching/pages' -require 'action_controller/caching/actions' -require 'action_controller/caching/sql_cache' -require 'action_controller/caching/sweeping' -require 'action_controller/caching/fragments' - - module ActionController #:nodoc: # Caching is a cheap way of speeding up slow applications by keeping the result of calculations, renderings, and database calls # around for subsequent requests. Action Controller affords you three approaches in varying levels of granularity: Page, Action, Fragment. @@ -31,6 +24,12 @@ module ActionController #:nodoc: # ActionController::Base.cache_store = :mem_cache_store, "localhost" # ActionController::Base.cache_store = MyOwnStore.new("parameter") module Caching + autoload :Actions, 'action_controller/caching/actions' + autoload :Fragments, 'action_controller/caching/fragments' + autoload :Pages, 'action_controller/caching/pages' + autoload :Sweeper, 'action_controller/caching/sweeping' + autoload :Sweeping, 'action_controller/caching/sweeping' + def self.included(base) #:nodoc: base.class_eval do @@cache_store = nil @@ -42,7 +41,7 @@ module ActionController #:nodoc: end include Pages, Actions, Fragments - include Sweeping, SqlCache if defined?(ActiveRecord) + include Sweeping if defined?(ActiveRecord) @@perform_caching = true cattr_accessor :perform_caching @@ -63,10 +62,9 @@ module ActionController #:nodoc: end end - - private + private def cache_configured? self.class.cache_configured? end end -end \ No newline at end of file +end vendor/rails/actionpack/lib/action_controller/caching.rb @@ -113,7 +113,7 @@ module ActionController #:nodoc: end def caching_allowed(controller) - controller.request.get? && controller.response.headers['Status'].to_i == 200 + controller.request.get? && controller.response.status.to_i == 200 end def cache_layout? @@ -129,24 +129,23 @@ module ActionController #:nodoc: attr_reader :path, :extension class << self - def path_for(controller, options, infer_extension=true) + def path_for(controller, options, infer_extension = true) new(controller, options, infer_extension).path end end # When true, infer_extension will look up the cache path extension from the request's path & format. - # This is desirable when reading and writing the cache, but not when expiring the cache - expire_action should expire the same files regardless of the request format. - def initialize(controller, options = {}, infer_extension=true) - if infer_extension and options.is_a? Hash - request_extension = extract_extension(controller.request) - options = options.reverse_merge(:format => request_extension) + # This is desirable when reading and writing the cache, but not when expiring the cache - + # expire_action should expire the same files regardless of the request format. + def initialize(controller, options = {}, infer_extension = true) + if infer_extension + extract_extension(controller.request) + options = options.reverse_merge(:format => @extension) if options.is_a?(Hash) end + path = controller.url_for(options).split('://').last normalize!(path) - if infer_extension - @extension = request_extension - add_extension!(path, @extension) - end + add_extension!(path, @extension) @path = URI.unescape(path) end @@ -162,13 +161,7 @@ module ActionController #:nodoc: def extract_extension(request) # Don't want just what comes after the last '.' to accommodate multi part extensions # such as tar.gz. - extension = request.path[/^[^.]+\.(.+)$/, 1] - - # If there's no extension in the path, check request.format - if extension.nil? - extension = request.cache_format - end - extension + @extension = request.path[/^[^.]+\.(.+)$/, 1] || request.cache_format end end end vendor/rails/actionpack/lib/action_controller/caching/actions.rb @@ -10,23 +10,23 @@ module ActionController #:nodoc: # <%= render :partial => "topic", :collection => Topic.find(:all) %> # <% end %> # - # This cache will bind to the name of the action that called it, so if this code was part of the view for the topics/list action, you would - # be able to invalidate it using <tt>expire_fragment(:controller => "topics", :action => "list")</tt>. - # - # This default behavior is of limited use if you need to cache multiple fragments per action or if the action itself is cached using + # This cache will bind to the name of the action that called it, so if this code was part of the view for the topics/list action, you would + # be able to invalidate it using <tt>expire_fragment(:controller => "topics", :action => "list")</tt>. + # + # This default behavior is of limited use if you need to cache multiple fragments per action or if the action itself is cached using # <tt>caches_action</tt>, so we also have the option to qualify the name of the cached fragment with something like: # # <% cache(:action => "list", :action_suffix => "all_topics") do %> # - # That would result in a name such as "/topics/list/all_topics", avoiding conflicts with the action cache and with any fragments that use a - # different suffix. Note that the URL doesn't have to really exist or be callable - the url_for system is just used to generate unique - # cache names that we can refer to when we need to expire the cache. - # + # That would result in a name such as "/topics/list/all_topics", avoiding conflicts with the action cache and with any fragments that use a + # different suffix. Note that the URL doesn't have to really exist or be callable - the url_for system is just used to generate unique + # cache names that we can refer to when we need to expire the cache. + # # The expiration call for this example is: - # + # # expire_fragment(:controller => "topics", :action => "list", :action_suffix => "all_topics") module Fragments - # Given a key (as described in <tt>expire_fragment</tt>), returns a key suitable for use in reading, + # Given a key (as described in <tt>expire_fragment</tt>), returns a key suitable for use in reading, # writing, or expiring a cached fragment. If the key is a hash, the generated key is the return # value of url_for on that hash (without the protocol). All keys are prefixed with "views/" and uses # ActiveSupport::Cache.expand_cache_key for the expansion. @@ -50,7 +50,7 @@ module ActionController #:nodoc: # Writes <tt>content</tt> to the location signified by <tt>key</tt> (see <tt>expire_fragment</tt> for acceptable formats) def write_fragment(key, content, options = nil) - return unless cache_configured? + return content unless cache_configured? key = fragment_cache_key(key) @@ -83,15 +83,23 @@ module ActionController #:nodoc: end end - # Name can take one of three forms: - # * String: This would normally take the form of a path like "pages/45/notes" - # * Hash: Is treated as an implicit call to url_for, like { :controller => "pages", :action => "notes", :id => 45 } - # * Regexp: Will destroy all the matched fragments, example: - # %r{pages/\d*/notes} - # Ensure you do not specify start and finish in the regex (^$) because - # the actual filename matched looks like ./cache/filename/path.cache - # Regexp expiration is only supported on caches that can iterate over - # all keys (unlike memcached). + # Removes fragments from the cache. + # + # +key+ can take one of three forms: + # * String - This would normally take the form of a path, like + # <tt>"pages/45/notes"</tt>. + # * Hash - Treated as an implicit call to +url_for+, like + # <tt>{:controller => "pages", :action => "notes", :id => 45}</tt> + # * Regexp - Will remove any fragment that matches, so + # <tt>%r{pages/\d*/notes}</tt> might remove all notes. Make sure you + # don't use anchors in the regex (<tt>^</tt> or <tt>$</tt>) because + # the actual filename matched looks like + # <tt>./cache/filename/path.cache</tt>. Note: Regexp expiration is + # only supported on caches that can iterate over all keys (unlike + # memcached). + # + # +options+ is passed through to the cache store's <tt>delete</tt> + # method (or <tt>delete_matched</tt>, for Regexp keys.) def expire_fragment(key, options = nil) return unless cache_configured? vendor/rails/actionpack/lib/action_controller/caching/fragments.rb @@ -33,28 +33,26 @@ module ActionController #:nodoc: # # Additionally, you can expire caches using Sweepers that act on changes in the model to determine when a cache is supposed to be # expired. - # - # == Setting the cache directory - # - # The cache directory should be the document root for the web server and is set using <tt>Base.page_cache_directory = "/document/root"</tt>. - # For Rails, this directory has already been set to Rails.public_path (which is usually set to <tt>RAILS_ROOT + "/public"</tt>). Changing - # this setting can be useful to avoid naming conflicts with files in <tt>public/</tt>, but doing so will likely require configuring your - # web server to look in the new location for cached files. - # - # == Setting the cache extension - # - # Most Rails requests do not have an extension, such as <tt>/weblog/new</tt>. In these cases, the page caching mechanism will add one in - # order to make it easy for the cached files to be picked up properly by the web server. By default, this cache extension is <tt>.html</tt>. - # If you want something else, like <tt>.php</tt> or <tt>.shtml</tt>, just set Base.page_cache_extension. In cases where a request already has an - # extension, such as <tt>.xml</tt> or <tt>.rss</tt>, page caching will not add an extension. This allows it to work well with RESTful apps. module Pages def self.included(base) #:nodoc: base.extend(ClassMethods) base.class_eval do @@page_cache_directory = defined?(Rails.public_path) ? Rails.public_path : "" + ## + # :singleton-method: + # The cache directory should be the document root for the web server and is set using <tt>Base.page_cache_directory = "/document/root"</tt>. + # For Rails, this directory has already been set to Rails.public_path (which is usually set to <tt>RAILS_ROOT + "/public"</tt>). Changing + # this setting can be useful to avoid naming conflicts with files in <tt>public/</tt>, but doing so will likely require configuring your + # web server to look in the new location for cached files. cattr_accessor :page_cache_directory @@page_cache_extension = '.html' + ## + # :singleton-method: + # Most Rails requests do not have an extension, such as <tt>/weblog/new</tt>. In these cases, the page caching mechanism will add one in + # order to make it easy for the cached files to be picked up properly by the web server. By default, this cache extension is <tt>.html</tt>. + # If you want something else, like <tt>.php</tt> or <tt>.shtml</tt>, just set Base.page_cache_extension. In cases where a request already has an + # extension, such as <tt>.xml</tt> or <tt>.rss</tt>, page caching will not add an extension. This allows it to work well with RESTful apps. cattr_accessor :page_cache_extension end end @@ -147,7 +145,7 @@ module ActionController #:nodoc: private def caching_allowed - request.get? && response.headers['Status'].to_i == 200 + request.get? && response.status.to_i == 200 end end end vendor/rails/actionpack/lib/action_controller/caching/pages.rb @@ -87,9 +87,9 @@ module ActionController #:nodoc: __send__(action_callback_method_name) if respond_to?(action_callback_method_name, true) end - def method_missing(method, *arguments) + def method_missing(method, *arguments, &block) return if @controller.nil? - @controller.__send__(method, *arguments) + @controller.__send__(method, *arguments, &block) end end end vendor/rails/actionpack/lib/action_controller/caching/sweeping.rb @@ -1,7 +1,6 @@ require 'action_controller/cgi_ext/stdinput' require 'action_controller/cgi_ext/query_extension' require 'action_controller/cgi_ext/cookie' -require 'action_controller/cgi_ext/session' class CGI #:nodoc: include ActionController::CgiExt::Stdinput vendor/rails/actionpack/lib/action_controller/cgi_ext.rb @@ -1,3 +1,5 @@ +require 'delegate' + CGI.module_eval { remove_const "Cookie" } # TODO: document how this differs from stdlib CGI::Cookie vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb @@ -1,185 +1,77 @@ require 'action_controller/cgi_ext' -require 'action_controller/session/cookie_store' module ActionController #:nodoc: - class Base - # Process a request extracted from a CGI object and return a response. Pass false as <tt>session_options</tt> to disable - # sessions (large performance increase if sessions are not needed). The <tt>session_options</tt> are the same as for CGI::Session: - # - # * <tt>:database_manager</tt> - standard options are CGI::Session::FileStore, CGI::Session::MemoryStore, and CGI::Session::PStore - # (default). Additionally, there is CGI::Session::DRbStore and CGI::Session::ActiveRecordStore. Read more about these in - # lib/action_controller/session. - # * <tt>:session_key</tt> - the parameter name used for the session id. Defaults to '_session_id'. - # * <tt>:session_id</tt> - the session id to use. If not provided, then it is retrieved from the +session_key+ cookie, or - # automatically generated for a new session. - # * <tt>:new_session</tt> - if true, force creation of a new session. If not set, a new session is only created if none currently - # exists. If false, a new session is never created, and if none currently exists and the +session_id+ option is not set, - # an ArgumentError is raised. - # * <tt>:session_expires</tt> - the time the current session expires, as a Time object. If not set, the session will continue - # indefinitely. - # * <tt>:session_domain</tt> - the hostname domain for which this session is valid. If not set, defaults to the hostname of the - # server. - # * <tt>:session_secure</tt> - if +true+, this session will only work over HTTPS. - # * <tt>:session_path</tt> - the path for which this session applies. Defaults to the directory of the CGI script. - # * <tt>:cookie_only</tt> - if +true+ (the default), session IDs will only be accepted from cookies and not from - # the query string or POST parameters. This protects against session fixation attacks. - def self.process_cgi(cgi = CGI.new, session_options = {}) - new.process_cgi(cgi, session_options) - end - - def process_cgi(cgi, session_options = {}) #:nodoc: - process(CgiRequest.new(cgi, session_options), CgiResponse.new(cgi)).out - end - end - - class CgiRequest < AbstractRequest #:nodoc: - attr_accessor :cgi, :session_options - class SessionFixationAttempt < StandardError #:nodoc: - end - - DEFAULT_SESSION_OPTIONS = { - :database_manager => CGI::Session::CookieStore, # store data in cookie - :prefix => "ruby_sess.", # prefix session file names - :session_path => "/", # available to all paths in app - :session_key => "_session_id", - :cookie_only => true, - :session_http_only=> true - } - - def initialize(cgi, session_options = {}) - @cgi = cgi - @session_options = session_options - @env = @cgi.__send__(:env_table) - super() - end - - def query_string - qs = @cgi.query_string if @cgi.respond_to?(:query_string) - if !qs.blank? - qs - else - super - end - end - - def body_stream #:nodoc: - @cgi.stdinput - end - - def cookies - @cgi.cookies.freeze - end - - def session - unless defined?(@session) - if @session_options == false - @session = Hash.new - else - stale_session_check! do - if cookie_only? && query_parameters[session_options_with_string_keys['session_key']] - raise SessionFixationAttempt - end - case value = session_options_with_string_keys['new_session'] - when true - @session = new_session - when false - begin - @session = CGI::Session.new(@cgi, session_options_with_string_keys) - # CGI::Session raises ArgumentError if 'new_session' == false - # and no session cookie or query param is present. - rescue ArgumentError - @session = Hash.new - end - when nil - @session = CGI::Session.new(@cgi, session_options_with_string_keys) - else - raise ArgumentError, "Invalid new_session option: #{value}" - end - @session['__valid_session'] - end + class CGIHandler + module ProperStream + def each + while line = gets + yield line end end - @session - end - def reset_session - @session.delete if defined?(@session) && @session.is_a?(CGI::Session) - @session = new_session - end - - def method_missing(method_id, *arguments) - @cgi.__send__(method_id, *arguments) rescue super - end - - private - # Delete an old session if it exists then create a new one. - def new_session - if @session_options == false - Hash.new + def read(*args) + if args.empty? + super || "" else - CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => false)).delete rescue nil - CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => true)) + super end end + end - def cookie_only? - session_options_with_string_keys['cookie_only'] - end - - def stale_session_check! - yield - rescue ArgumentError => argument_error - if argument_error.message =~ %r{undefined class/module ([\w:]*\w)} - begin - # Note that the regexp does not allow $1 to end with a ':' - $1.constantize - rescue LoadError, NameError => const_error - raise ActionController::SessionRestoreError, <<-end_msg -Session contains objects whose class definition isn\'t available. -Remember to require the classes for all objects kept in the session. -(Original exception: #{const_error.message} [#{const_error.class}]) -end_msg - end + def self.dispatch_cgi(app, cgi, out = $stdout) + env = cgi.__send__(:env_table) + env.delete "HTTP_CONTENT_LENGTH" - retry - else - raise - end - end + cgi.stdinput.extend ProperStream - def session_options_with_string_keys - @session_options_with_string_keys ||= DEFAULT_SESSION_OPTIONS.merge(@session_options).stringify_keys - end - end + env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/" - class CgiResponse < AbstractResponse #:nodoc: - def initialize(cgi) - @cgi = cgi - super() - end + env.update({ + "rack.version" => [0,1], + "rack.input" => cgi.stdinput, + "rack.errors" => $stderr, + "rack.multithread" => false, + "rack.multiprocess" => true, + "rack.run_once" => false, + "rack.url_scheme" => ["yes", "on", "1"].include?(env["HTTPS"]) ? "https" : "http" + }) - def out(output = $stdout) - output.binmode if output.respond_to?(:binmode) - output.sync = false if output.respond_to?(:sync=) + env["QUERY_STRING"] ||= "" + env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"] + env["REQUEST_PATH"] ||= "/" + env.delete "PATH_INFO" if env["PATH_INFO"] == "" + status, headers, body = app.call(env) begin - output.write(@cgi.header(@headers)) + out.binmode if out.respond_to?(:binmode) + out.sync = false if out.respond_to?(:sync=) - if @cgi.__send__(:env_table)['REQUEST_METHOD'] == 'HEAD' - return - elsif @body.respond_to?(:call) - # Flush the output now in case the @body Proc uses - # #syswrite. - output.flush if output.respond_to?(:flush) - @body.call(self, output) - else - output.write(@body) + headers['Status'] = status.to_s + + if headers.include?('Set-Cookie') + headers['cookie'] = headers.delete('Set-Cookie').split("\n") end - output.flush if output.respond_to?(:flush) - rescue Errno::EPIPE, Errno::ECONNRESET - # lost connection to parent process, ignore output + out.write(cgi.header(headers)) + + body.each { |part| + out.write part + out.flush if out.respond_to?(:flush) + } + ensure + body.close if body.respond_to?(:close) end end end + + class CgiRequest #:nodoc: + DEFAULT_SESSION_OPTIONS = { + :database_manager => nil, + :prefix => "ruby_sess.", + :session_path => "/", + :session_key => "_session_id", + :cookie_only => true, + :session_http_only => true + } + end end vendor/rails/actionpack/lib/action_controller/cgi_process.rb @@ -41,7 +41,7 @@ module ActionController #:nodoc: # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object. # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers. # Default is +false+. - # * <tt>:http_only</tt> - Whether this cookie is accessible via scripting or + # * <tt>:httponly</tt> - Whether this cookie is accessible via scripting or # only HTTP. Defaults to +false+. module Cookies def self.included(base) @@ -64,43 +64,31 @@ module ActionController #:nodoc: # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists. def [](name) - cookie = @cookies[name.to_s] - if cookie && cookie.respond_to?(:value) - cookie.size > 1 ? cookie.value : cookie.value[0] - end + super(name.to_s) end # Sets the cookie named +name+. The second argument may be the very cookie # value, or a hash of options as documented above. - def []=(name, options) + def []=(key, options) if options.is_a?(Hash) - options = options.inject({}) { |options, pair| options[pair.first.to_s] = pair.last; options } - options["name"] = name.to_s + options.symbolize_keys! else - options = { "name" => name.to_s, "value" => options } + options = { :value => options } end - set_cookie(options) + options[:path] = "/" unless options.has_key?(:path) + super(key.to_s, options[:value]) + @controller.response.set_cookie(key, options) end # Removes the cookie on the client machine by setting the value to an empty string # and setting its expiration date into the past. Like <tt>[]=</tt>, you can pass in # an options hash to delete cookies with extra data such as a <tt>:path</tt>. - def delete(name, options = {}) - options.stringify_keys! - set_cookie(options.merge("name" => name.to_s, "value" => "", "expires" => Time.at(0))) + def delete(key, options = {}) + options.symbolize_keys! + options[:path] = "/" unless options.has_key?(:path) + super(key.to_s) + @controller.response.delete_cookie(key, options) end - - private - # Builds a CGI::Cookie object and adds the cookie to the response headers. - # - # The path of the cookie defaults to "/" if there's none in +options+, and - # everything is passed to the CGI::Cookie constructor. - def set_cookie(options) #:doc: - options["path"] = "/" unless options["path"] - cookie = CGI::Cookie.new(options) - @controller.logger.info "Cookie set: #{cookie}" unless @controller.logger.nil? - @controller.response.headers["cookie"] << cookie - end end end vendor/rails/actionpack/lib/action_controller/cookies.rb @@ -2,27 +2,17 @@ module ActionController # Dispatches requests to the appropriate controller and takes care of # reloading the app after each request when Dependencies.load? is true. class Dispatcher - @@guard = Mutex.new - class << self def define_dispatcher_callbacks(cache_classes) unless cache_classes - # Development mode callbacks - before_dispatch :reload_application - after_dispatch :cleanup_application - end - - # Common callbacks - to_prepare :load_application_controller do - begin - require_dependency 'application' unless defined?(::ApplicationController) - rescue LoadError => error - raise unless error.message =~ /application\.rb/ + unless self.middleware.include?(Reloader) + self.middleware.insert_after(Failsafe, Reloader) end + + ActionView::Helpers::AssetTagHelper.cache_asset_timestamps = false end if defined?(ActiveRecord) - after_dispatch :checkin_connections to_prepare(:activerecord_instantiate_observers) { ActiveRecord::Base.instantiate_observers } end @@ -33,8 +23,7 @@ module ActionController end end - # Backward-compatible class method takes CGI-specific args. Deprecated - # in favor of Dispatcher.new(output, request, response).dispatch. + # DEPRECATE: Remove CGI support def dispatch(cgi = nil, session_options = CgiRequest::DEFAULT_SESSION_OPTIONS, output = $stdout) new(output).dispatch_cgi(cgi, session_options) end @@ -53,144 +42,77 @@ module ActionController @prepare_dispatch_callbacks.replace_or_append!(callback) end - # If the block raises, send status code as a last-ditch response. - def failsafe_response(fallback_output, status, originating_exception = nil) - yield - rescue Exception => exception - begin - log_failsafe_exception(status, originating_exception || exception) - body = failsafe_response_body(status) - fallback_output.write "Status: #{status}\r\nContent-Type: text/html\r\n\r\n#{body}" - nil - rescue Exception => failsafe_error # Logger or IO errors - $stderr.puts "Error during failsafe response: #{failsafe_error}" - $stderr.puts "(originally #{originating_exception})" if originating_exception + def run_prepare_callbacks + if defined?(Rails) && Rails.logger + logger = Rails.logger + else + logger = Logger.new($stderr) end + + new(logger).send :run_callbacks, :prepare_dispatch end - private - def failsafe_response_body(status) - error_path = "#{error_file_path}/#{status.to_s[0..3]}.html" + def reload_application + # Run prepare callbacks before every request in development mode + run_prepare_callbacks - if File.exist?(error_path) - File.read(error_path) - else - "<html><body><h1>#{status}</h1></body></html>" - end - end - - def log_failsafe_exception(status, exception) - message = "/!\\ FAILSAFE /!\\ #{Time.now}\n Status: #{status}\n" - message << " #{exception}\n #{exception.backtrace.join("\n ")}" if exception - failsafe_logger.fatal message - end + Routing::Routes.reload + end - def failsafe_logger - if defined?(::RAILS_DEFAULT_LOGGER) && !::RAILS_DEFAULT_LOGGER.nil? - ::RAILS_DEFAULT_LOGGER - else - Logger.new($stderr) - end - end + def cleanup_application + # Cleanup the application before processing the current request. + ActiveRecord::Base.reset_subclasses if defined?(ActiveRecord) + ActiveSupport::Dependencies.clear + ActiveRecord::Base.clear_reloadable_connections! if defined?(ActiveRecord) + end end - cattr_accessor :error_file_path - self.error_file_path = Rails.public_path if defined?(Rails.public_path) + cattr_accessor :middleware + self.middleware = MiddlewareStack.new do |middleware| + middlewares = File.join(File.dirname(__FILE__), "middlewares.rb") + middleware.instance_eval(File.read(middlewares)) + end include ActiveSupport::Callbacks define_callbacks :prepare_dispatch, :before_dispatch, :after_dispatch + # DEPRECATE: Remove arguments, since they are only used by CGI def initialize(output = $stdout, request = nil, response = nil) - @output, @request, @response = output, request, response + @output = output + @app = @@middleware.build(lambda { |env| self.dup._call(env) }) end - def dispatch_unlocked + def dispatch begin run_callbacks :before_dispatch - handle_request + Routing::Routes.call(@env) rescue Exception => exception - failsafe_rescue exception + if controller ||= (::ApplicationController rescue Base) + controller.call_with_exception(@env, exception).to_a + else + raise exception + end ensure run_callbacks :after_dispatch, :enumerator => :reverse_each end end - def dispatch - if ActionController::Base.allow_concurrency - dispatch_unlocked - else - @@guard.synchronize do - dispatch_unlocked - end - end - end - + # DEPRECATE: Remove CGI support def dispatch_cgi(cgi, session_options) - if cgi ||= self.class.failsafe_response(@output, '400 Bad Request') { CGI.new } - @request = CgiRequest.new(cgi, session_options) - @response = CgiResponse.new(cgi) - dispatch - end - rescue Exception => exception - failsafe_rescue exception + CGIHandler.dispatch_cgi(self, cgi, @output) end def call(env) - @request = RackRequest.new(env) - @response = RackResponse.new(@request) - dispatch - end - - def reload_application - # Run prepare callbacks before every request in development mode - run_callbacks :prepare_dispatch - - Routing::Routes.reload - ActionController::Base.view_paths.reload! - ActionView::Helpers::AssetTagHelper::AssetTag::Cache.clear + @app.call(env) end - # Cleanup the application by clearing out loaded classes so they can - # be reloaded on the next request without restarting the server. - def cleanup_application - ActiveRecord::Base.reset_subclasses if defined?(ActiveRecord) - ActiveSupport::Dependencies.clear - ActiveRecord::Base.clear_reloadable_connections! if defined?(ActiveRecord) + def _call(env) + @env = env + dispatch end def flush_logger Base.logger.flush end - - def mark_as_test_request! - @test_request = true - self - end - - def test_request? - @test_request - end - - def checkin_connections - # Don't return connection (and peform implicit rollback) if this request is a part of integration test - return if test_request? - ActiveRecord::Base.clear_active_connections! - end - - protected - def handle_request - @controller = Routing::Routes.recognize(@request) - @controller.process(@request, @response).out(@output) - end - - def failsafe_rescue(exception) - self.class.failsafe_response(@output, '500 Internal Server Error', exception) do - if @controller ||= defined?(::ApplicationController) ? ::ApplicationController : Base - @controller.process_with_exception(@request, @response, exception).out(@output) - else - raise exception - end - end - end end end vendor/rails/actionpack/lib/action_controller/dispatcher.rb @@ -4,20 +4,22 @@ module ActionController #:nodoc: # action that sets <tt>flash[:notice] = "Successfully created"</tt> before redirecting to a display action that can # then expose the flash to its template. Actually, that exposure is automatically done. Example: # - # class WeblogController < ActionController::Base + # class PostsController < ActionController::Base # def create # # save post # flash[:notice] = "Successfully created post" - # redirect_to :action => "display", :params => { :id => post.id } + # redirect_to posts_path(@post) # end # - # def display + # def show # # doesn't need to assign the flash notice to the template, that's done automatically # end # end # - # display.erb - # <% if flash[:notice] %><div class="notice"><%= flash[:notice] %></div><% end %> + # show.html.erb + # <% if flash[:notice] %> + # <div class="notice"><%= flash[:notice] %></div> + # <% end %> # # This example just places a string in the flash, but you can put any object in there. And of course, you can put as # many as you like at a time too. Just remember: They'll be gone by the time the next action has been performed. @@ -27,55 +29,54 @@ module ActionController #:nodoc: def self.included(base) base.class_eval do include InstanceMethods - alias_method_chain :assign_shortcuts, :flash - alias_method_chain :reset_session, :flash + alias_method_chain :perform_action, :flash + alias_method_chain :reset_session, :flash end end - - + class FlashNow #:nodoc: def initialize(flash) @flash = flash end - + def []=(k, v) @flash[k] = v @flash.discard(k) v end - + def [](k) @flash[k] end end - + class FlashHash < Hash def initialize #:nodoc: super @used = {} end - + def []=(k, v) #:nodoc: keep(k) super end - + def update(h) #:nodoc: h.keys.each { |k| keep(k) } super end - + alias :merge! :update - + def replace(h) #:nodoc: @used = {} super end - + # Sets a flash that will not be available to the next action, only to the current. # # flash.now[:message] = "Hello current action" - # + # # This method enables you to use the flash as a central messaging system in your app. # When you need to pass an object to the next action, you use the standard flash assign (<tt>[]=</tt>). # When you need to pass an object to the current action, you use <tt>now</tt>, and your object will @@ -85,7 +86,7 @@ module ActionController #:nodoc: def now FlashNow.new(self) end - + # Keeps either the entire current flash or a specific flash entry available for the next action: # # flash.keep # keeps the entire flash @@ -93,7 +94,7 @@ module ActionController #:nodoc: def keep(k = nil) use(k, false) end - + # Marks the entire flash or a single flash entry to be discarded by the end of the current action: # # flash.discard # discard the entire flash at the end of the current action @@ -101,12 +102,12 @@ module ActionController #:nodoc: def discard(k = nil) use(k) end - + # Mark for removal entries that were kept, and delete unkept ones. # # This method is called automatically by filters, so you generally don't need to care about it. def sweep #:nodoc: - keys.each do |k| + keys.each do |k| unless @used[k] use(k) else @@ -118,7 +119,7 @@ module ActionController #:nodoc: # clean up after keys that could have been left over by calling reject! or shift on the flash (@used.keys - keys).each{ |k| @used.delete(k) } end - + private # Used internally by the <tt>keep</tt> and <tt>discard</tt> methods # use() # marks the entire flash as used @@ -136,37 +137,27 @@ module ActionController #:nodoc: module InstanceMethods #:nodoc: protected + def perform_action_with_flash + perform_action_without_flash + remove_instance_variable(:@_flash) if defined? @_flash + end + def reset_session_with_flash reset_session_without_flash - remove_instance_variable(:@_flash) - flash(:refresh) + remove_instance_variable(:@_flash) if defined? @_flash end - - # Access the contents of the flash. Use <tt>flash["notice"]</tt> to read a notice you put there or - # <tt>flash["notice"] = "hello"</tt> to put a new one. - # Note that if sessions are disabled only flash.now will work. - def flash(refresh = false) #:doc: - if !defined?(@_flash) || refresh - @_flash = - if session.is_a?(Hash) - # don't put flash in session if disabled - FlashHash.new - else - # otherwise, session is a CGI::Session or a TestSession - # so make sure it gets retrieved from/saved to session storage after request processing - session["flash"] ||= FlashHash.new - end + + # Access the contents of the flash. Use <tt>flash["notice"]</tt> to + # read a notice you put there or <tt>flash["notice"] = "hello"</tt> + # to put a new one. + def flash #:doc: + unless defined? @_flash + @_flash = session["flash"] ||= FlashHash.new + @_flash.sweep end @_flash end - - private - def assign_shortcuts_with_flash(request, response) #:nodoc: - assign_shortcuts_without_flash(request, response) - flash(:refresh) - flash.sweep if @_session && !component_request? - end end end end vendor/rails/actionpack/lib/action_controller/flash.rb @@ -1,13 +1,17 @@ +require 'active_support/dependencies' + # FIXME: helper { ... } is broken on Ruby 1.9 module ActionController #:nodoc: module Helpers #:nodoc: - HELPERS_DIR = (defined?(RAILS_ROOT) ? "#{RAILS_ROOT}/app/helpers" : "app/helpers") - def self.included(base) # Initialize the base module to aggregate its helpers. base.class_inheritable_accessor :master_helper_module base.master_helper_module = Module.new + # Set the default directory for helpers + base.class_inheritable_accessor :helpers_dir + base.helpers_dir = (defined?(RAILS_ROOT) ? "#{RAILS_ROOT}/app/helpers" : "app/helpers") + # Extend base with class methods to declare helpers. base.extend(ClassMethods) @@ -88,8 +92,8 @@ module ActionController #:nodoc: # When the argument is a module it will be included directly in the template class. # helper FooHelper # => includes FooHelper # - # When the argument is the symbol <tt>:all</tt>, the controller will include all helpers from - # <tt>app/helpers/**/*.rb</tt> under RAILS_ROOT. + # When the argument is the symbol <tt>:all</tt>, the controller will include all helpers beneath + # <tt>ActionController::Base.helpers_dir</tt> (defaults to <tt>app/helpers/**/*.rb</tt> under RAILS_ROOT). # helper :all # # Additionally, the +helper+ class method can receive and evaluate a block, making the methods defined available @@ -159,9 +163,9 @@ module ActionController #:nodoc: def helper_method(*methods) methods.flatten.each do |method| master_helper_module.module_eval <<-end_eval - def #{method}(*args, &block) - controller.send(%(#{method}), *args, &block) - end + def #{method}(*args, &block) # def current_user(*args, &block) + controller.send(%(#{method}), *args, &block) # controller.send(%(current_user), *args, &block) + end # end end_eval end end @@ -213,8 +217,8 @@ module ActionController #:nodoc: # Extract helper names from files in app/helpers/**/*.rb def all_application_helpers - extract = /^#{Regexp.quote(HELPERS_DIR)}\/?(.*)_helper.rb$/ - Dir["#{HELPERS_DIR}/**/*_helper.rb"].map { |file| file.sub extract, '\1' } + extract = /^#{Regexp.quote(helpers_dir)}\/?(.*)_helper.rb$/ + Dir["#{helpers_dir}/**/*_helper.rb"].map { |file| file.sub extract, '\1' } end end end vendor/rails/actionpack/lib/action_controller/helpers.rb @@ -1,42 +1,42 @@ module ActionController module HttpAuthentication # Makes it dead easy to do HTTP Basic authentication. - # + # # Simple Basic example: - # + # # class PostsController < ApplicationController # USER_NAME, PASSWORD = "dhh", "secret" - # + # # before_filter :authenticate, :except => [ :index ] - # + # # def index # render :text => "Everyone can see me!" # end - # + # # def edit # render :text => "I'm only accessible if you know the password" # end - # + # # private # def authenticate - # authenticate_or_request_with_http_basic do |user_name, password| + # authenticate_or_request_with_http_basic do |user_name, password| # user_name == USER_NAME && password == PASSWORD # end # end # end - # - # - # Here is a more advanced Basic example where only Atom feeds and the XML API is protected by HTTP authentication, + # + # + # Here is a more advanced Basic example where only Atom feeds and the XML API is protected by HTTP authentication, # the regular HTML interface is protected by a session approach: - # + # # class ApplicationController < ActionController::Base # before_filter :set_account, :authenticate - # + # # protected # def set_account # @account = Account.find_by_url_name(request.subdomains.first) # end - # + # # def authenticate # case request.format # when Mime::XML, Mime::ATOM @@ -54,24 +54,55 @@ module ActionController # end # end # end - # - # + # # In your integration tests, you can do something like this: - # + # # def test_access_granted_from_xml # get( - # "/notes/1.xml", nil, + # "/notes/1.xml", nil, # :authorization => ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password) # ) - # + # # assert_equal 200, status # end - # - # + # + # Simple Digest example: + # + # require 'digest/md5' + # class PostsController < ApplicationController + # REALM = "SuperSecret" + # USERS = {"dhh" => "secret", #plain text password + # "dap" => Digest:MD5::hexdigest(["dap",REALM,"secret"].join(":")) #ha1 digest password + # + # before_filter :authenticate, :except => [:index] + # + # def index + # render :text => "Everyone can see me!" + # end + # + # def edit + # render :text => "I'm only accessible if you know the password" + # end + # + # private + # def authenticate + # authenticate_or_request_with_http_digest(REALM) do |username| + # USERS[username] + # end + # end + # end + # + # NOTE: The +authenticate_or_request_with_http_digest+ block must return the user's password or the ha1 digest hash so the framework can appropriately + # hash to check the user's credentials. Returning +nil+ will cause authentication to fail. + # Storing the ha1 hash: MD5(username:realm:password), is better than storing a plain password. If + # the password file or database is compromised, the attacker would be able to use the ha1 hash to + # authenticate as the user at this +realm+, but would not have the user's password to try using at + # other sites. + # # On shared hosts, Apache sometimes doesn't pass authentication headers to # FCGI instances. If your environment matches this description and you cannot # authenticate, try this rule in your Apache setup: - # + # # RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L] module Basic extend self @@ -99,14 +130,14 @@ module ActionController def user_name_and_password(request) decode_credentials(request).split(/:/, 2) end - + def authorization(request) request.env['HTTP_AUTHORIZATION'] || request.env['X-HTTP_AUTHORIZATION'] || request.env['X_HTTP_AUTHORIZATION'] || request.env['REDIRECT_X_HTTP_AUTHORIZATION'] end - + def decode_credentials(request) ActiveSupport::Base64.decode64(authorization(request).split.last || '') end @@ -120,5 +151,154 @@ module ActionController controller.__send__ :render, :text => "HTTP Basic: Access denied.\n", :status => :unauthorized end end + + module Digest + extend self + + module ControllerMethods + def authenticate_or_request_with_http_digest(realm = "Application", &password_procedure) + authenticate_with_http_digest(realm, &password_procedure) || request_http_digest_authentication(realm) + end + + # Authenticate with HTTP Digest, returns true or false + def authenticate_with_http_digest(realm = "Application", &password_procedure) + HttpAuthentication::Digest.authenticate(self, realm, &password_procedure) + end + + # Render output including the HTTP Digest authentication header + def request_http_digest_authentication(realm = "Application", message = nil) + HttpAuthentication::Digest.authentication_request(self, realm, message) + end + end + + # Returns false on a valid response, true otherwise + def authenticate(controller, realm, &password_procedure) + authorization(controller.request) && validate_digest_response(controller.request, realm, &password_procedure) + end + + def authorization(request) + request.env['HTTP_AUTHORIZATION'] || + request.env['X-HTTP_AUTHORIZATION'] || + request.env['X_HTTP_AUTHORIZATION'] || + request.env['REDIRECT_X_HTTP_AUTHORIZATION'] + end + + # Raises error unless the request credentials response value matches the expected value. + # First try the password as a ha1 digest password. If this fails, then try it as a plain + # text password. + def validate_digest_response(request, realm, &password_procedure) + credentials = decode_credentials_header(request) + valid_nonce = validate_nonce(request, credentials[:nonce]) + + if valid_nonce && realm == credentials[:realm] && opaque == credentials[:opaque] + password = password_procedure.call(credentials[:username]) + + [true, false].any? do |password_is_ha1| + expected = expected_response(request.env['REQUEST_METHOD'], request.env['REQUEST_URI'], credentials, password, password_is_ha1) + expected == credentials[:response] + end + end + end + + # Returns the expected response for a request of +http_method+ to +uri+ with the decoded +credentials+ and the expected +password+ + # Optional parameter +password_is_ha1+ is set to +true+ by default, since best practice is to store ha1 digest instead + # of a plain-text password. + def expected_response(http_method, uri, credentials, password, password_is_ha1=true) + ha1 = password_is_ha1 ? password : ha1(credentials, password) + ha2 = ::Digest::MD5.hexdigest([http_method.to_s.upcase, uri].join(':')) + ::Digest::MD5.hexdigest([ha1, credentials[:nonce], credentials[:nc], credentials[:cnonce], credentials[:qop], ha2].join(':')) + end + + def ha1(credentials, password) + ::Digest::MD5.hexdigest([credentials[:username], credentials[:realm], password].join(':')) + end + + def encode_credentials(http_method, credentials, password, password_is_ha1) + credentials[:response] = expected_response(http_method, credentials[:uri], credentials, password, password_is_ha1) + "Digest " + credentials.sort_by {|x| x[0].to_s }.inject([]) {|a, v| a << "#{v[0]}='#{v[1]}'" }.join(', ') + end + + def decode_credentials_header(request) + decode_credentials(authorization(request)) + end + + def decode_credentials(header) + header.to_s.gsub(/^Digest\s+/,'').split(',').inject({}) do |hash, pair| + key, value = pair.split('=', 2) + hash[key.strip.to_sym] = value.to_s.gsub(/^"|"$/,'').gsub(/'/, '') + hash + end + end + + def authentication_header(controller, realm) + controller.headers["WWW-Authenticate"] = %(Digest realm="#{realm}", qop="auth", algorithm=MD5, nonce="#{nonce}", opaque="#{opaque}") + end + + def authentication_request(controller, realm, message = nil) + message ||= "HTTP Digest: Access denied.\n" + authentication_header(controller, realm) + controller.__send__ :render, :text => message, :status => :unauthorized + end + + # Uses an MD5 digest based on time to generate a value to be used only once. + # + # A server-specified data string which should be uniquely generated each time a 401 response is made. + # It is recommended that this string be base64 or hexadecimal data. + # Specifically, since the string is passed in the header lines as a quoted string, the double-quote character is not allowed. + # + # The contents of the nonce are implementation dependent. + # The quality of the implementation depends on a good choice. + # A nonce might, for example, be constructed as the base 64 encoding of + # + # => time-stamp H(time-stamp ":" ETag ":" private-key) + # + # where time-stamp is a server-generated time or other non-repeating value, + # ETag is the value of the HTTP ETag header associated with the requested entity, + # and private-key is data known only to the server. + # With a nonce of this form a server would recalculate the hash portion after receiving the client authentication header and + # reject the request if it did not match the nonce from that header or + # if the time-stamp value is not recent enough. In this way the server can limit the time of the nonce's validity. + # The inclusion of the ETag prevents a replay request for an updated version of the resource. + # (Note: including the IP address of the client in the nonce would appear to offer the server the ability + # to limit the reuse of the nonce to the same client that originally got it. + # However, that would break proxy farms, where requests from a single user often go through different proxies in the farm. + # Also, IP address spoofing is not that hard.) + # + # An implementation might choose not to accept a previously used nonce or a previously used digest, in order to + # protect against a replay attack. Or, an implementation might choose to use one-time nonces or digests for + # POST or PUT requests and a time-stamp for GET requests. For more details on the issues involved see Section 4 + # of this document. + # + # The nonce is opaque to the client. Composed of Time, and hash of Time with secret + # key from the Rails session secret generated upon creation of project. Ensures + # the time cannot be modifed by client. + def nonce(time = Time.now) + t = time.to_i + hashed = [t, secret_key] + digest = ::Digest::MD5.hexdigest(hashed.join(":")) + Base64.encode64("#{t}:#{digest}").gsub("\n", '') + end + + # Might want a shorter timeout depending on whether the request + # is a PUT or POST, and if client is browser or web service. + # Can be much shorter if the Stale directive is implemented. This would + # allow a user to use new nonce without prompting user again for their + # username and password. + def validate_nonce(request, value, seconds_to_timeout=5*60) + t = Base64.decode64(value).split(":").first.to_i + nonce(t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout + end + + # Opaque based on random generation - but changing each request? + def opaque() + ::Digest::MD5.hexdigest(secret_key) + end + + # Set in /initializers/session_store.rb, and loaded even if sessions are not in use. + def secret_key + ActionController::Base.session_options[:secret] + end + + end end end vendor/rails/actionpack/lib/action_controller/http_authentication.rb @@ -1,9 +1,6 @@ -require 'active_support/test_case' -require 'action_controller/dispatcher' -require 'action_controller/test_process' - require 'stringio' require 'uri' +require 'active_support/test_case' module ActionController module Integration #:nodoc: @@ -12,19 +9,26 @@ module ActionController # multiple sessions and run them side-by-side, you can also mimic (to some # limited extent) multiple simultaneous users interacting with your system. # - # Typically, you will instantiate a new session using IntegrationTest#open_session, - # rather than instantiating Integration::Session directly. + # Typically, you will instantiate a new session using + # IntegrationTest#open_session, rather than instantiating + # Integration::Session directly. class Session include Test::Unit::Assertions - include ActionController::Assertions + include ActionController::TestCase::Assertions include ActionController::TestProcess + # Rack application to use + attr_accessor :application + # The integer HTTP status code of the last request. attr_reader :status # The status message that accompanied the status code of the last request. attr_reader :status_message + # The body of the last request. + attr_reader :body + # The URI of the last request. attr_reader :path @@ -60,7 +64,8 @@ module ActionController end # Create and initialize a new Session instance. - def initialize + def initialize(app = nil) + @application = app || ActionController::Dispatcher.new reset! end @@ -79,11 +84,13 @@ module ActionController self.host = "www.example.com" self.remote_addr = "127.0.0.1" - self.accept = "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + self.accept = "text/xml,application/xml,application/xhtml+xml," + + "text/html;q=0.9,text/plain;q=0.8,image/png," + + "*/*;q=0.5" unless defined? @named_routes_configured # install the named routes in this session instance. - klass = class<<self; self; end + klass = class << self; self; end Routing::Routes.install_helpers(klass) # the helpers are made protected by default--we make them public for @@ -97,7 +104,7 @@ module ActionController # # session.https! # session.https!(false) - def https!(flag=true) + def https!(flag = true) @https = flag end @@ -122,7 +129,7 @@ module ActionController # performed on the location header. def follow_redirect! raise "not a redirect! #{@status} #{@status_message}" unless redirect? - get(interpret_uri(headers['location'].first)) + get(interpret_uri(headers['location'])) status end @@ -167,17 +174,21 @@ module ActionController # Performs a GET request with the given parameters. # - # - +path+: The URI (as a String) on which you want to perform a GET request. - # - +parameters+: The HTTP parameters that you want to pass. This may be +nil+, + # - +path+: The URI (as a String) on which you want to perform a GET + # request. + # - +parameters+: The HTTP parameters that you want to pass. This may + # be +nil+, # a Hash, or a String that is appropriately encoded - # (<tt>application/x-www-form-urlencoded</tt> or <tt>multipart/form-data</tt>). + # (<tt>application/x-www-form-urlencoded</tt> or + # <tt>multipart/form-data</tt>). # - +headers+: Additional HTTP headers to pass, as a Hash. The keys will # automatically be upcased, with the prefix 'HTTP_' added if needed. # - # This method returns an AbstractResponse object, which one can use to inspect - # the details of the response. Furthermore, if this method was called from an - # ActionController::IntegrationTest object, then that object's <tt>@response</tt> - # instance variable will point to the same response object. + # This method returns an Response object, which one can use to + # inspect the details of the response. Furthermore, if this method was + # called from an ActionController::IntegrationTest object, then that + # object's <tt>@response</tt> instance variable will point to the same + # response object. # # You can also perform POST, PUT, DELETE, and HEAD requests with +post+, # +put+, +delete+, and +head+. @@ -185,22 +196,26 @@ module ActionController process :get, path, parameters, headers end - # Performs a POST request with the given parameters. See get() for more details. + # Performs a POST request with the given parameters. See get() for more + # details. def post(path, parameters = nil, headers = nil) process :post, path, parameters, headers end - # Performs a PUT request with the given parameters. See get() for more details. + # Performs a PUT request with the given parameters. See get() for more + # details. def put(path, parameters = nil, headers = nil) process :put, path, parameters, headers end - # Performs a DELETE request with the given parameters. See get() for more details. + # Performs a DELETE request with the given parameters. See get() for + # more details. def delete(path, parameters = nil, headers = nil) process :delete, path, parameters, headers end - # Performs a HEAD request with the given parameters. See get() for more details. + # Performs a HEAD request with the given parameters. See get() for more + # details. def head(path, parameters = nil, headers = nil) process :head, path, parameters, headers end @@ -215,8 +230,7 @@ module ActionController def xml_http_request(request_method, path, parameters = nil, headers = nil) headers ||= {} headers['X-Requested-With'] = 'XMLHttpRequest' - headers['Accept'] ||= 'text/javascript, text/html, application/xml, text/xml, */*' - + headers['Accept'] ||= [Mime::JS, Mime::HTML, Mime::XML, 'text/xml', Mime::ALL].join(', ') process(request_method, path, parameters, headers) end alias xhr :xml_http_request @@ -224,7 +238,9 @@ module ActionController # Returns the URL for the given options, according to the rules specified # in the application's routes. def url_for(options) - controller ? controller.url_for(options) : generic_url_rewriter.rewrite(options) + controller ? + controller.url_for(options) : + generic_url_rewriter.rewrite(options) end private @@ -250,17 +266,35 @@ module ActionController data = nil end + env["QUERY_STRING"] ||= "" + + data = data.is_a?(IO) ? data : StringIO.new(data || '') + env.update( - "REQUEST_METHOD" => method.to_s.upcase, + "REQUEST_METHOD" => method.to_s.upcase, + "SERVER_NAME" => host, + "SERVER_PORT" => (https? ? "443" : "80"), + "HTTPS" => https? ? "on" : "off", + "rack.url_scheme" => https? ? "https" : "http", + "SCRIPT_NAME" => "", + "REQUEST_URI" => path, + "PATH_INFO" => path, "HTTP_HOST" => host, "REMOTE_ADDR" => remote_addr, - "SERVER_PORT" => (https? ? "443" : "80"), "CONTENT_TYPE" => "application/x-www-form-urlencoded", "CONTENT_LENGTH" => data ? data.length.to_s : nil, "HTTP_COOKIE" => encode_cookies, - "HTTPS" => https? ? "on" : "off", - "HTTP_ACCEPT" => accept + "HTTP_ACCEPT" => accept, + + "rack.version" => [0,1], + "rack.input" => data, + "rack.errors" => StringIO.new, + "rack.multithread" => true, + "rack.multiprocess" => true, + "rack.run_once" => false, + + "rack.test" => true ) (headers || {}).each do |key, value| @@ -269,54 +303,67 @@ module ActionController env[key] = value end - unless ActionController::Base.respond_to?(:clear_last_instantiation!) - ActionController::Base.module_eval { include ControllerCapture } + [ControllerCapture, ActionController::ProcessWithTest].each do |mod| + unless ActionController::Base < mod + ActionController::Base.class_eval { include mod } + end end ActionController::Base.clear_last_instantiation! - env['rack.input'] = data.is_a?(IO) ? data : StringIO.new(data || '') - @status, @headers, result_body = ActionController::Dispatcher.new.mark_as_test_request!.call(env) - @request_count += 1 - - @controller = ActionController::Base.last_instantiation - @request = @controller.request - @response = @controller.response + app = @application + # Rack::Lint doesn't accept String headers or bodies in Ruby 1.9 + unless RUBY_VERSION >= '1.9.0' && Rack.release <= '0.9.0' + app = Rack::Lint.new(app) + end - # Decorate the response with the standard behavior of the TestResponse - # so that things like assert_response can be used in integration - # tests. - @response.extend(TestResponseBehavior) + status, headers, body = app.call(env) + @request_count += 1 @html_document = nil - # Inject status back in for backwords compatibility with CGI - @headers['Status'] = @status + @status = status.to_i + @status_message = StatusCodes::STATUS_CODES[@status] - @status, @status_message = @status.split(/ /) - @status = @status.to_i + @headers = Rack::Utils::HeaderHash.new(headers) - cgi_headers = Hash.new { |h,k| h[k] = [] } - @headers.each do |key, value| - cgi_headers[key.downcase] << value - end - cgi_headers['set-cookie'] = cgi_headers['set-cookie'].first - @headers = cgi_headers - - @response.headers['cookie'] ||= [] - (@headers['set-cookie'] || []).each do |cookie| + (@headers['Set-Cookie'] || "").split("\n").each do |cookie| name, value = cookie.match(/^([^=]*)=([^;]*);/)[1,2] @cookies[name] = value + end - # Fake CGI cookie header - # DEPRECATE: Use response.headers["Set-Cookie"] instead - @response.headers['cookie'] << CGI::Cookie::new("name" => name, "value" => value) + @body = "" + if body.is_a?(String) + @body << body + else + body.each { |part| @body << part } end - return status + if @controller = ActionController::Base.last_instantiation + @request = @controller.request + @response = @controller.response + @controller.send(:set_test_assigns) + else + # Decorate responses from Rack Middleware and Rails Metal + # as an Response for the purposes of integration testing + @response = Response.new + @response.status = status.to_s + @response.headers.replace(@headers) + @response.body = @body + end + + # Decorate the response with the standard behavior of the + # TestResponse so that things like assert_response can be + # used in integration tests. + @response.extend(TestResponseBehavior) + + return @status rescue MultiPartNeededException boundary = "----------XnJLe9ZIbbGUYtzPQJ16u1" - status = process(method, path, multipart_body(parameters, boundary), (headers || {}).merge({"CONTENT_TYPE" => "multipart/form-data; boundary=#{boundary}"})) + status = process(method, path, + multipart_body(parameters, boundary), + (headers || {}).merge( + {"CONTENT_TYPE" => "multipart/form-data; boundary=#{boundary}"})) return status end @@ -338,7 +385,7 @@ module ActionController "SERVER_PORT" => https? ? "443" : "80", "HTTPS" => https? ? "on" : "off" } - ActionController::UrlRewriter.new(ActionController::RackRequest.new(env), {}) + UrlRewriter.new(Request.new(env), {}) end def name_with_prefix(prefix, name) @@ -352,9 +399,13 @@ module ActionController raise MultiPartNeededException elsif Hash === parameters return nil if parameters.empty? - parameters.map { |k,v| requestify(v, name_with_prefix(prefix, k)) }.join("&") + parameters.map { |k,v| + requestify(v, name_with_prefix(prefix, k)) + }.join("&") elsif Array === parameters - parameters.map { |v| requestify(v, name_with_prefix(prefix, "")) }.join("&") + parameters.map { |v| + requestify(v, name_with_prefix(prefix, "")) + }.join("&") elsif prefix.nil? parameters else @@ -380,7 +431,7 @@ module ActionController def multipart_body(params, boundary) multipart_requestify(params).map do |key, value| if value.respond_to?(:original_filename) - File.open(value.path) do |f| + File.open(value.path, "rb") do |f| f.set_encoding(Encoding::BINARY) if f.respond_to?(:set_encoding) <<-EOF @@ -460,8 +511,8 @@ EOF # By default, a single session is automatically created for you, but you # can use this method to open multiple sessions that ought to be tested # simultaneously. - def open_session - session = Integration::Session.new + def open_session(application = nil) + session = Integration::Session.new(application) # delegate the fixture accessors back to the test instance extras = Module.new { attr_accessor :delegate, :test_result } @@ -469,12 +520,16 @@ EOF self.class.fixture_table_names.each do |table_name| name = table_name.tr(".", "_") next unless respond_to?(name) - extras.__send__(:define_method, name) { |*args| delegate.send(name, *args) } + extras.__send__(:define_method, name) { |*args| + delegate.send(name, *args) + } end end # delegate add_assertion to the test case - extras.__send__(:define_method, :add_assertion) { test_result.add_assertion } + extras.__send__(:define_method, :add_assertion) { + test_result.add_assertion + } session.extend(extras) session.delegate = self session.test_result = @_result @@ -602,7 +657,8 @@ EOF # would potentially have to set their values for both Test::Unit::TestCase # ActionController::IntegrationTest, since by the time the value is set on # TestCase, IntegrationTest has already been defined and cannot inherit - # changes to those variables. So, we make those two attributes copy-on-write. + # changes to those variables. So, we make those two attributes + # copy-on-write. class << self def use_transactional_fixtures=(flag) #:nodoc: vendor/rails/actionpack/lib/action_controller/integration.rb @@ -172,16 +172,8 @@ module ActionController #:nodoc: @layout_conditions ||= read_inheritable_attribute(:layout_conditions) end - def default_layout(format) #:nodoc: - layout = read_inheritable_attribute(:layout) - return layout unless read_inheritable_attribute(:auto_layout) - @default_layout ||= {} - @default_layout[format] ||= default_layout_with_format(format, layout) - @default_layout[format] - end - def layout_list #:nodoc: - Array(view_paths).sum([]) { |path| Dir["#{path}/layouts/**/*"] } + Array(view_paths).sum([]) { |path| Dir["#{path.to_str}/layouts/**/*"] } end private @@ -200,45 +192,38 @@ module ActionController #:nodoc: def normalize_conditions(conditions) conditions.inject({}) {|hash, (key, value)| hash.merge(key => [value].flatten.map {|action| action.to_s})} end - - def default_layout_with_format(format, layout) - list = layout_list - if list.grep(%r{layouts/#{layout}\.#{format}(\.[a-z][0-9a-z]*)+$}).empty? - (!list.grep(%r{layouts/#{layout}\.([a-z][0-9a-z]*)+$}).empty? && format == :html) ? layout : nil - else - layout - end - end end # Returns the name of the active layout. If the layout was specified as a method reference (through a symbol), this method # is called and the return value is used. Likewise if the layout was specified as an inline method (through a proc or method # object). If the layout was defined without a directory, layouts is assumed. So <tt>layout "weblog/standard"</tt> will return # weblog/standard, but <tt>layout "standard"</tt> will return layouts/standard. - def active_layout(passed_layout = nil) - layout = passed_layout || self.class.default_layout(default_template_format) + def active_layout(passed_layout = nil, options = {}) + layout = passed_layout || default_layout + return layout if layout.respond_to?(:render) + active_layout = case layout - when String then layout when Symbol then __send__(layout) when Proc then layout.call(self) + else layout end - # Explicitly passed layout names with slashes are looked up relative to the template root, - # but auto-discovered layouts derived from a nested controller will contain a slash, though be relative - # to the 'layouts' directory so we have to check the file system to infer which case the layout name came from. - if active_layout - if active_layout.include?('/') && ! layout_directory?(active_layout) - active_layout - else - "layouts/#{active_layout}" - end - end + find_layout(active_layout, default_template_format, options[:html_fallback]) if active_layout end private - def candidate_for_layout?(options) - options.values_at(:text, :xml, :json, :file, :inline, :partial, :nothing, :update).compact.empty? && - !@template.__send__(:_exempt_from_layout?, options[:template] || default_template_name(options[:action])) + def default_layout #:nodoc: + layout = self.class.read_inheritable_attribute(:layout) + return layout unless self.class.read_inheritable_attribute(:auto_layout) + find_layout(layout, default_template_format) + rescue ActionView::MissingTemplate + nil + end + + def find_layout(layout, format, html_fallback=false) #:nodoc: + view_paths.find_template(layout.to_s =~ /layouts\// ? layout : "layouts/#{layout}", format, html_fallback) + rescue ActionView::MissingTemplate + raise if Mime::Type.lookup_by_extension(format.to_s).html? end def pick_layout(options) @@ -247,9 +232,9 @@ module ActionController #:nodoc: when FalseClass nil when NilClass, TrueClass - active_layout if action_has_layout? && !@template.__send__(:_exempt_from_layout?, default_template_name) + active_layout if action_has_layout? && candidate_for_layout?(:template => default_template_name) else - active_layout(layout) + active_layout(layout, :html_fallback => true) end else active_layout if action_has_layout? && candidate_for_layout?(options) @@ -271,14 +256,26 @@ module ActionController #:nodoc: end end - def layout_directory?(layout_name) - @template.__send__(:_pick_template, "#{File.join('layouts', layout_name)}.#{@template.template_format}") ? true : false + def candidate_for_layout?(options) + template = options[:template] || default_template(options[:action]) + if options.values_at(:text, :xml, :json, :file, :inline, :partial, :nothing, :update).compact.empty? + begin + template_object = self.view_paths.find_template(template, default_template_format) + # this restores the behavior from 2.2.2, where response.template.template_format was reset + # to :html for :js requests with a matching html template. + # see v2.2.2, ActionView::Base, lines 328-330 + @real_format = :html if response.template.template_format == :js && template_object.format == "html" + !template_object.exempt_from_layout? + rescue ActionView::MissingTemplate + true + end + end rescue ActionView::MissingTemplate false end def default_template_format - response.template.template_format + @real_format || response.template.template_format end end end vendor/rails/actionpack/lib/action_controller/layout.rb @@ -143,12 +143,27 @@ module ActionController #:nodoc: custom(@mime_type_priority.first, &block) end end + + def self.generate_method_for_mime(mime) + sym = mime.is_a?(Symbol) ? mime : mime.to_sym + const = sym.to_s.upcase + class_eval <<-RUBY, __FILE__, __LINE__ + 1 + def #{sym}(&block) # def html(&block) + custom(Mime::#{const}, &block) # custom(Mime::HTML, &block) + end # end + RUBY + end - def method_missing(symbol, &block) - mime_constant = symbol.to_s.upcase + Mime::SET.each do |mime| + generate_method_for_mime(mime) + end - if Mime::SET.include?(Mime.const_get(mime_constant)) - custom(Mime.const_get(mime_constant), &block) + def method_missing(symbol, &block) + mime_constant = Mime.const_get(symbol.to_s.upcase) + + if Mime::SET.include?(mime_constant) + self.class.generate_method_for_mime(mime_constant) + send(symbol, &block) else super end vendor/rails/actionpack/lib/action_controller/mime_responds.rb @@ -176,6 +176,14 @@ module Mime end end + def =~(mime_type) + return false if mime_type.blank? + regexp = Regexp.new(Regexp.quote(mime_type.to_s)) + (@synonyms + [ self ]).any? do |synonym| + synonym.to_s =~ regexp + end + end + # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See # ActionController::RequestForgeryProtection. def verify_request? vendor/rails/actionpack/lib/action_controller/mime_type.rb @@ -1,4 +1,3 @@ -require 'action_controller/integration' require 'active_support/testing/performance' require 'active_support/testing/default' vendor/rails/actionpack/lib/action_controller/performance_test.rb @@ -36,12 +36,11 @@ module ActionController # # * <tt>edit_polymorphic_url</tt>, <tt>edit_polymorphic_path</tt> # * <tt>new_polymorphic_url</tt>, <tt>new_polymorphic_path</tt> - # * <tt>formatted_polymorphic_url</tt>, <tt>formatted_polymorphic_path</tt> # # Example usage: # # edit_polymorphic_path(@post) # => "/posts/1/edit" - # formatted_polymorphic_path([@post, :pdf]) # => "/posts/1.pdf" + # polymorphic_path(@post, :format => :pdf) # => "/posts/1.pdf" module PolymorphicRoutes # Constructs a call to a named RESTful route for the given record and returns the # resulting URL string. For example: @@ -55,7 +54,7 @@ module ActionController # ==== Options # # * <tt>:action</tt> - Specifies the action prefix for the named route: - # <tt>:new</tt>, <tt>:edit</tt>, or <tt>:formatted</tt>. Default is no prefix. + # <tt>:new</tt> or <tt>:edit</tt>. Default is no prefix. # * <tt>:routing_type</tt> - Allowed values are <tt>:path</tt> or <tt>:url</tt>. # Default is <tt>:url</tt>. # @@ -78,9 +77,8 @@ module ActionController end record = extract_record(record_or_hash_or_array) - format = extract_format(record_or_hash_or_array, options) namespace = extract_namespace(record_or_hash_or_array) - + args = case record_or_hash_or_array when Hash; [ record_or_hash_or_array ] when Array; record_or_hash_or_array.dup @@ -100,11 +98,10 @@ module ActionController end args.delete_if {|arg| arg.is_a?(Symbol) || arg.is_a?(String)} - args << format if format - + named_route = build_named_route_call(record_or_hash_or_array, namespace, inflection, options) - url_options = options.except(:action, :routing_type, :format) + url_options = options.except(:action, :routing_type) unless url_options.empty? args.last.kind_of?(Hash) ? args.last.merge!(url_options) : args << url_options end @@ -119,21 +116,37 @@ module ActionController polymorphic_url(record_or_hash_or_array, options) end - %w(edit new formatted).each do |action| + %w(edit new).each do |action| module_eval <<-EOT, __FILE__, __LINE__ - def #{action}_polymorphic_url(record_or_hash, options = {}) - polymorphic_url(record_or_hash, options.merge(:action => "#{action}")) - end - - def #{action}_polymorphic_path(record_or_hash, options = {}) - polymorphic_url(record_or_hash, options.merge(:action => "#{action}", :routing_type => :path)) - end + def #{action}_polymorphic_url(record_or_hash, options = {}) # def edit_polymorphic_url(record_or_hash, options = {}) + polymorphic_url( # polymorphic_url( + record_or_hash, # record_or_hash, + options.merge(:action => "#{action}")) # options.merge(:action => "edit")) + end # end + # + def #{action}_polymorphic_path(record_or_hash, options = {}) # def edit_polymorphic_path(record_or_hash, options = {}) + polymorphic_url( # polymorphic_url( + record_or_hash, # record_or_hash, + options.merge(:action => "#{action}", :routing_type => :path)) # options.merge(:action => "edit", :routing_type => :path)) + end # end EOT end + def formatted_polymorphic_url(record_or_hash, options = {}) + ActiveSupport::Deprecation.warn("formatted_polymorphic_url has been deprecated. Please pass :format to the polymorphic_url method instead", caller) + options[:format] = record_or_hash.pop if Array === record_or_hash + polymorphic_url(record_or_hash, options) + end + + def formatted_polymorphic_path(record_or_hash, options = {}) + ActiveSupport::Deprecation.warn("formatted_polymorphic_path has been deprecated. Please pass :format to the polymorphic_path method instead", caller) + options[:format] = record_or_hash.pop if record_or_hash === Array + polymorphic_url(record_or_hash, options.merge(:routing_type => :path)) + end + private def action_prefix(options) - options[:action] ? "#{options[:action]}_" : options[:format] ? "formatted_" : "" + options[:action] ? "#{options[:action]}_" : '' end def routing_type(options) @@ -150,7 +163,8 @@ module ActionController if parent.is_a?(Symbol) || parent.is_a?(String) string << "#{parent}_" else - string << "#{RecordIdentifier.__send__("singular_class_name", parent)}_" + string << "#{RecordIdentifier.__send__("plural_class_name", parent)}".singularize + string << "_" end end end @@ -158,7 +172,9 @@ module ActionController if record.is_a?(Symbol) || record.is_a?(String) route << "#{record}_" else - route << "#{RecordIdentifier.__send__("#{inflection}_class_name", record)}_" + route << "#{RecordIdentifier.__send__("plural_class_name", record)}" + route = route.singularize if inflection == :singular + route << "_" end action_prefix(options) + namespace + route + routing_type(options).to_s @@ -171,17 +187,7 @@ module ActionController else record_or_hash_or_array end end - - def extract_format(record_or_hash_or_array, options) - if options[:action].to_s == "formatted" && record_or_hash_or_array.is_a?(Array) - record_or_hash_or_array.pop - elsif options[:format] - options[:format] - else - nil - end - end - + # Remove the first symbols from the array and return the url prefix # implied by those symbols. def extract_namespace(record_or_hash_or_array) vendor/rails/actionpack/lib/action_controller/polymorphic_routes.rb @@ -3,39 +3,42 @@ require 'stringio' require 'strscan' require 'active_support/memoizable' +require 'action_controller/cgi_ext' module ActionController - # CgiRequest and TestRequest provide concrete implementations. - class AbstractRequest - extend ActiveSupport::Memoizable + class Request < Rack::Request - def self.relative_url_root=(relative_url_root) - ActiveSupport::Deprecation.warn( - "ActionController::AbstractRequest.relative_url_root= has been renamed." + - "You can now set it with config.action_controller.relative_url_root=", caller) - ActionController::Base.relative_url_root=relative_url_root + %w[ AUTH_TYPE GATEWAY_INTERFACE + PATH_TRANSLATED REMOTE_HOST + REMOTE_IDENT REMOTE_USER REMOTE_ADDR + SERVER_NAME SERVER_PROTOCOL + + HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING + HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM + HTTP_NEGOTIATE HTTP_PRAGMA HTTP_REFERER HTTP_USER_AGENT ].each do |env| + define_method(env.sub(/^HTTP_/n, '').downcase) do + @env[env] + end + end + + def key?(key) + @env.key?(key) end HTTP_METHODS = %w(get head put post delete options) HTTP_METHOD_LOOKUP = HTTP_METHODS.inject({}) { |h, m| h[m] = h[m.upcase] = m.to_sym; h } - # The hash of environment variables for this request, - # such as { 'RAILS_ENV' => 'production' }. - attr_reader :env - - # The true HTTP request \method as a lowercase symbol, such as <tt>:get</tt>. - # UnknownHttpMethod is raised for invalid methods not listed in ACCEPTED_HTTP_METHODS. + # Returns the true HTTP request \method as a lowercase symbol, such as + # <tt>:get</tt>. If the request \method is not listed in the HTTP_METHODS + # constant above, an UnknownHttpMethod exception is raised. def request_method - method = @env['REQUEST_METHOD'] - method = parameters[:_method] if method == 'POST' && !parameters[:_method].blank? - - HTTP_METHOD_LOOKUP[method] || raise(UnknownHttpMethod, "#{method}, accepted HTTP methods are #{HTTP_METHODS.to_sentence}") + @request_method ||= HTTP_METHOD_LOOKUP[super] || raise(UnknownHttpMethod, "#{super}, accepted HTTP methods are #{HTTP_METHODS.to_sentence(:locale => :en)}") end - memoize :request_method - # The HTTP request \method as a lowercase symbol, such as <tt>:get</tt>. - # Note, HEAD is returned as <tt>:get</tt> since the two are functionally - # equivalent from the application's perspective. + # Returns the HTTP request \method used for action processing as a + # lowercase symbol, such as <tt>:post</tt>. (Unlike #request_method, this + # method returns <tt>:get</tt> for a HEAD request because the two are + # functionally equivalent from the application's perspective.) def method request_method == :head ? :get : request_method end @@ -70,43 +73,46 @@ module ActionController # # request.headers["Content-Type"] # => "text/plain" def headers - ActionController::Http::Headers.new(@env) + @headers ||= ActionController::Http::Headers.new(@env) end - memoize :headers # Returns the content length of the request as an integer. def content_length - @env['CONTENT_LENGTH'].to_i + super.to_i end - memoize :content_length # The MIME type of the HTTP request, such as Mime::XML. # # For backward compatibility, the post \format is extracted from the # X-Post-Data-Format HTTP header if present. def content_type - Mime::Type.lookup(content_type_without_parameters) + @content_type ||= begin + if @env['CONTENT_TYPE'] =~ /^([^,\;]*)/ + Mime::Type.lookup($1.strip.downcase) + else + nil + end + end end - memoize :content_type # Returns the accepted MIME type for the request. def accepts - header = @env['HTTP_ACCEPT'].to_s.strip + @accepts ||= begin + header = @env['HTTP_ACCEPT'].to_s.strip - if header.empty? - [content_type, Mime::ALL].compact - else - Mime::Type.parse(header) + if header.empty? + [content_type, Mime::ALL].compact + else + Mime::Type.parse(header) + end end end - memoize :accepts def if_modified_since if since = env['HTTP_IF_MODIFIED_SINCE'] Time.rfc2822(since) rescue nil end end - memoize :if_modified_since def if_none_match env['HTTP_IF_NONE_MATCH'] @@ -125,15 +131,15 @@ module ActionController # supplied, both must match, or the request is not considered fresh. def fresh?(response) case - when if_modified_since && if_none_match - not_modified?(response.last_modified) && etag_matches?(response.etag) - when if_modified_since - not_modified?(response.last_modified) - when if_none_match - etag_matches?(response.etag) - else - false - end + when if_modified_since && if_none_match + not_modified?(response.last_modified) && etag_matches?(response.etag) + when if_modified_since + not_modified?(response.last_modified) + when if_none_match + etag_matches?(response.etag) + else + false + end end # Returns the Mime type for the \format used in the request. @@ -209,7 +215,7 @@ module ActionController # delimited list in the case of multiple chained proxies; the last # address which is not trusted is the originating IP. def remote_ip - remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].split(',').collect(&:strip) + remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/) unless remote_addr_list.blank? not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES} @@ -218,7 +224,7 @@ module ActionController remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',') if @env.include? 'HTTP_CLIENT_IP' - if remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) + if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) # We don't know which came from the proxy, and which from the user raise ActionControllerError.new(<<EOM) IP spoofing attack?! @@ -240,26 +246,21 @@ EOM @env['REMOTE_ADDR'] end - memoize :remote_ip # Returns the lowercase name of the HTTP server software. def server_software (@env['SERVER_SOFTWARE'] && /^([a-zA-Z]+)/ =~ @env['SERVER_SOFTWARE']) ? $1.downcase : nil end - memoize :server_software - # Returns the complete URL used for this request. def url protocol + host_with_port + request_uri end - memoize :url # Returns 'https://' if this is an SSL request and 'http://' otherwise. def protocol ssl? ? 'https://' : 'http://' end - memoize :protocol # Is this an SSL request? def ssl? @@ -271,7 +272,7 @@ EOM if forwarded = env["HTTP_X_FORWARDED_HOST"] forwarded.split(/,\s?/).last else - env['HTTP_HOST'] || env['SERVER_NAME'] || "#{env['SERVER_ADDR']}:#{env['SERVER_PORT']}" + env['HTTP_HOST'] || "#{env['SERVER_NAME'] || env['SERVER_ADDR']}:#{env['SERVER_PORT']}" end end @@ -279,14 +280,12 @@ EOM def host raw_host_with_port.sub(/:\d+$/, '') end - memoize :host # Returns a \host:\port string for this request, such as "example.com" or # "example.com:8080". def host_with_port "#{host}#{port_string}" end - memoize :host_with_port # Returns the port number of this request as an integer. def port @@ -296,7 +295,6 @@ EOM standard_port end end - memoize :port # Returns the standard \port number for this request's protocol. def standard_port @@ -332,13 +330,8 @@ EOM # Returns the query string, accounting for server idiosyncrasies. def query_string - if uri = @env['REQUEST_URI'] - uri.split('?', 2)[1] || '' - else - @env['QUERY_STRING'] || '' - end + @env['QUERY_STRING'].present? ? @env['QUERY_STRING'] : (@env['REQUEST_URI'].split('?', 2)[1] || '') end - memoize :query_string # Returns the request URI, accounting for server idiosyncrasies. # WEBrick includes the full URL. IIS leaves REQUEST_URI blank. @@ -364,36 +357,33 @@ EOM end end end - memoize :request_uri # Returns the interpreted \path to requested resource after all the installation # directory of this application was taken into account. def path - path = (uri = request_uri) ? uri.split('?').first.to_s : '' - - # Cut off the path to the installation directory if given - path.sub!(%r/^#{ActionController::Base.relative_url_root}/, '') - path || '' + path = request_uri.to_s[/\A[^\?]*/] + path.sub!(/\A#{ActionController::Base.relative_url_root}/, '') + path end - memoize :path # Read the request \body. This is useful for web services that need to # work with raw requests directly. def raw_post - unless env.include? 'RAW_POST_DATA' - env['RAW_POST_DATA'] = body.read(content_length) + unless @env.include? 'RAW_POST_DATA' + @env['RAW_POST_DATA'] = body.read(@env['CONTENT_LENGTH'].to_i) body.rewind if body.respond_to?(:rewind) end - env['RAW_POST_DATA'] + @env['RAW_POST_DATA'] end # Returns both GET and POST \parameters in a single hash. def parameters @parameters ||= request_parameters.merge(query_parameters).update(path_parameters).with_indifferent_access end + alias_method :params, :parameters def path_parameters=(parameters) #:nodoc: - @path_parameters = parameters + @env["rack.routing_args"] = parameters @symbolized_path_parameters = @parameters = nil end @@ -409,464 +399,91 @@ EOM # # See <tt>symbolized_path_parameters</tt> for symbolized keys. def path_parameters - @path_parameters ||= {} + @env["rack.routing_args"] ||= {} end # The request body is an IO input stream. If the RAW_POST_DATA environment # variable is already set, wrap it in a StringIO. def body - if raw_post = env['RAW_POST_DATA'] + if raw_post = @env['RAW_POST_DATA'] raw_post.force_encoding(Encoding::BINARY) if raw_post.respond_to?(:force_encoding) StringIO.new(raw_post) else - body_stream + @env['rack.input'] end end - def remote_addr - @env['REMOTE_ADDR'] + def form_data? + FORM_DATA_MEDIA_TYPES.include?(content_type.to_s) end - def referrer - @env['HTTP_REFERER'] + # Override Rack's GET method to support indifferent access + def GET + @env["action_controller.request.query_parameters"] ||= normalize_parameters(super) end - alias referer referrer + alias_method :query_parameters, :GET - - def query_parameters - @query_parameters ||= self.class.parse_query_parameters(query_string) - end - - def request_parameters - @request_parameters ||= parse_formatted_request_parameters + # Override Rack's POST method to support indifferent access + def POST + @env["action_controller.request.request_parameters"] ||= normalize_parameters(super) end - - - #-- - # Must be implemented in the concrete request - #++ + alias_method :request_parameters, :POST def body_stream #:nodoc: + @env['rack.input'] end - def cookies #:nodoc: - end - - def session #:nodoc: + def session + @env['rack.session'] ||= {} end def session=(session) #:nodoc: - @session = session + @env['rack.session'] = session end - def reset_session #:nodoc: + def reset_session + @env['rack.session.options'].delete(:id) + @env['rack.session'] = {} end - protected - # The raw content type string. Use when you need parameters such as - # charset or boundary which aren't included in the content_type MIME type. - # Overridden by the X-POST_DATA_FORMAT header for backward compatibility. - def content_type_with_parameters - content_type_from_legacy_post_data_format_header || - env['CONTENT_TYPE'].to_s - end - - # The raw content type string with its parameters stripped off. - def content_type_without_parameters - self.class.extract_content_type_without_parameters(content_type_with_parameters) - end - memoize :content_type_without_parameters - - private - def content_type_from_legacy_post_data_format_header - if x_post_format = @env['HTTP_X_POST_DATA_FORMAT'] - case x_post_format.to_s.downcase - when 'yaml'; 'application/x-yaml' - when 'xml'; 'application/xml' - end - end - end - - def parse_formatted_request_parameters - return {} if content_length.zero? - - content_type, boundary = self.class.extract_multipart_boundary(content_type_with_parameters) - - # Don't parse params for unknown requests. - return {} if content_type.blank? - - mime_type = Mime::Type.lookup(content_type) - strategy = ActionController::Base.param_parsers[mime_type] - - # Only multipart form parsing expects a stream. - body = (strategy && strategy != :multipart_form) ? raw_post : self.body - - case strategy - when Proc - strategy.call(body) - when :url_encoded_form - self.class.clean_up_ajax_request_body! body - self.class.parse_query_parameters(body) - when :multipart_form - self.class.parse_multipart_form_parameters(body, boundary, content_length, env) - when :xml_simple, :xml_node - body.blank? ? {} : Hash.from_xml(body).with_indifferent_access - when :yaml - YAML.load(body) - when :json - if body.blank? - {} - else - data = ActiveSupport::JSON.decode(body) - data = {:_json => data} unless data.is_a?(Hash) - data.with_indifferent_access - end - else - {} - end - rescue Exception => e # YAML, XML or Ruby code block errors - raise - { "body" => body, - "content_type" => content_type_with_parameters, - "content_length" => content_length, - "exception" => "#{e.message} (#{e.class})", - "backtrace" => e.backtrace } - end - - def named_host?(host) - !(host.nil? || /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.match(host)) - end - - class << self - def parse_query_parameters(query_string) - return {} if query_string.blank? - - pairs = query_string.split('&').collect do |chunk| - next if chunk.empty? - key, value = chunk.split('=', 2) - next if key.empty? - value = value.nil? ? nil : CGI.unescape(value) - [ CGI.unescape(key), value ] - end.compact - - UrlEncodedPairParser.new(pairs).result - end - - def parse_request_parameters(params) - parser = UrlEncodedPairParser.new - - params = params.dup - until params.empty? - for key, value in params - if key.blank? - params.delete key - elsif !key.include?('[') - # much faster to test for the most common case first (GET) - # and avoid the call to build_deep_hash - parser.result[key] = get_typed_value(value[0]) - params.delete key - elsif value.is_a?(Array) - parser.parse(key, get_typed_value(value.shift)) - params.delete key if value.empty? - else - raise TypeError, "Expected array, found #{value.inspect}" - end - end - end - - parser.result - end - - def parse_multipart_form_parameters(body, boundary, body_size, env) - parse_request_parameters(read_multipart(body, boundary, body_size, env)) - end - - def extract_multipart_boundary(content_type_with_parameters) - if content_type_with_parameters =~ MULTIPART_BOUNDARY - ['multipart/form-data', $1.dup] - else - extract_content_type_without_parameters(content_type_with_parameters) - end - end - - def extract_content_type_without_parameters(content_type_with_parameters) - $1.strip.downcase if content_type_with_parameters =~ /^([^,\;]*)/ - end - - def clean_up_ajax_request_body!(body) - body.chop! if body[-1] == 0 - body.gsub!(/&_=$/, '') - end - - - private - def get_typed_value(value) - case value - when String - value - when NilClass - '' - when Array - value.map { |v| get_typed_value(v) } - else - if value.respond_to? :original_filename - # Uploaded file - if value.original_filename - value - # Multipart param - else - result = value.read - value.rewind - result - end - # Unknown value, neither string nor multipart. - else - raise "Unknown form value: #{value.inspect}" - end - end - end - - MULTIPART_BOUNDARY = %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|n - - EOL = "\015\012" - - def read_multipart(body, boundary, body_size, env) - params = Hash.new([]) - boundary = "--" + boundary - quoted_boundary = Regexp.quote(boundary) - buf = "" - bufsize = 10 * 1024 - boundary_end="" - - # start multipart/form-data - body.binmode if defined? body.binmode - case body - when File - body.set_encoding(Encoding::BINARY) if body.respond_to?(:set_encoding) - when StringIO - body.string.force_encoding(Encoding::BINARY) if body.string.respond_to?(:force_encoding) - end - boundary_size = boundary.size + EOL.size - body_size -= boundary_size - status = body.read(boundary_size) - if nil == status - raise EOFError, "no content body" - elsif boundary + EOL != status - raise EOFError, "bad content body" - end - - loop do - head = nil - content = - if 10240 < body_size - UploadedTempfile.new("CGI") - else - UploadedStringIO.new - end - content.binmode if defined? content.binmode - - until head and /#{quoted_boundary}(?:#{EOL}|--)/n.match(buf) - - if (not head) and /#{EOL}#{EOL}/n.match(buf) - buf = buf.sub(/\A((?:.|\n)*?#{EOL})#{EOL}/n) do - head = $1.dup - "" - end - next - end - - if head and ( (EOL + boundary + EOL).size < buf.size ) - content.print buf[0 ... (buf.size - (EOL + boundary + EOL).size)] - buf[0 ... (buf.size - (EOL + boundary + EOL).size)] = "" - end - - c = if bufsize < body_size - body.read(bufsize) - else - body.read(body_size) - end - if c.nil? || c.empty? - raise EOFError, "bad content body" - end - buf.concat(c) - body_size -= c.size - end - - buf = buf.sub(/\A((?:.|\n)*?)(?:[\r\n]{1,2})?#{quoted_boundary}([\r\n]{1,2}|--)/n) do - content.print $1 - if "--" == $2 - body_size = -1 - end - boundary_end = $2.dup - "" - end - - content.rewind - - head =~ /Content-Disposition:.* filename=(?:"((?:\\.|[^\"])*)"|([^;]*))/ni - if filename = $1 || $2 - if /Mac/ni.match(env['HTTP_USER_AGENT']) and - /Mozilla/ni.match(env['HTTP_USER_AGENT']) and - (not /MSIE/ni.match(env['HTTP_USER_AGENT'])) - filename = CGI.unescape(filename) - end - content.original_path = filename.dup - end - - head =~ /Content-Type: ([^\r]*)/ni - content.content_type = $1.dup if $1 - - head =~ /Content-Disposition:.* name="?([^\";]*)"?/ni - name = $1.dup if $1 - - if params.has_key?(name) - params[name].push(content) - else - params[name] = [content] - end - break if body_size == -1 - end - raise EOFError, "bad boundary end of body part" unless boundary_end=~/--/ - - begin - body.rewind if body.respond_to?(:rewind) - rescue Errno::ESPIPE - # Handles exceptions raised by input streams that cannot be rewound - # such as when using plain CGI under Apache - end - - params - end + def session_options + @env['rack.session.options'] ||= {} end - end - - class UrlEncodedPairParser < StringScanner #:nodoc: - attr_reader :top, :parent, :result - def initialize(pairs = []) - super('') - @result = {} - pairs.each { |key, value| parse(key, value) } + def session_options=(options) + @env['rack.session.options'] = options end - KEY_REGEXP = %r{([^\[\]=&]+)} - BRACKETED_KEY_REGEXP = %r{\[([^\[\]=&]+)\]} - - # Parse the query string - def parse(key, value) - self.string = key - @top, @parent = result, nil - - # First scan the bare key - key = scan(KEY_REGEXP) or return - key = post_key_check(key) - - # Then scan as many nestings as present - until eos? - r = scan(BRACKETED_KEY_REGEXP) or return - key = self[1] - key = post_key_check(key) - end - - bind(key, value) + def server_port + @env['SERVER_PORT'].to_i end private - # After we see a key, we must look ahead to determine our next action. Cases: - # - # [] follows the key. Then the value must be an array. - # = follows the key. (A value comes next) - # & or the end of string follows the key. Then the key is a flag. - # otherwise, a hash follows the key. - def post_key_check(key) - if scan(/\[\]/) # a[b][] indicates that b is an array - container(key, Array) - nil - elsif check(/\[[^\]]/) # a[b] indicates that a is a hash - container(key, Hash) - nil - else # End of key? We do nothing. - key - end - end - - # Add a container to the stack. - def container(key, klass) - type_conflict! klass, top[key] if top.is_a?(Hash) && top.key?(key) && ! top[key].is_a?(klass) - value = bind(key, klass.new) - type_conflict! klass, value unless value.is_a?(klass) - push(value) - end - - # Push a value onto the 'stack', which is actually only the top 2 items. - def push(value) - @parent, @top = @top, value + def named_host?(host) + !(host.nil? || /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.match(host)) end - # Bind a key (which may be nil for items in an array) to the provided value. - def bind(key, value) - if top.is_a? Array - if key - if top[-1].is_a?(Hash) && ! top[-1].key?(key) - top[-1][key] = value - else - top << {key => value}.with_indifferent_access - push top.last - value = top[key] - end + # Convert nested Hashs to HashWithIndifferentAccess and replace + # file upload hashs with UploadedFile objects + def normalize_parameters(value) + case value + when Hash + if value.has_key?(:tempfile) + upload = value[:tempfile] + upload.extend(UploadedFile) + upload.original_path = value[:filename] + upload.content_type = value[:type] + upload else - top << value + h = {} + value.each { |k, v| h[k] = normalize_parameters(v) } + h.with_indifferent_access end - elsif top.is_a? Hash - key = CGI.unescape(key) - parent << (@top = {}) if top.key?(key) && parent.is_a?(Array) - top[key] ||= value - return top[key] + when Array + value.map { |e| normalize_parameters(e) } else - raise ArgumentError, "Don't know what to do: top is #{top.inspect}" + value end - - return value - end - - def type_conflict!(klass, value) - raise TypeError, "Conflicting types for parameter containers. Expected an instance of #{klass} but found an instance of #{value.class}. This can be caused by colliding Array and Hash parameters like qs[]=value&qs[key]=value. (The parameters received were #{value.inspect}.)" - end - end - - module UploadedFile - def self.included(base) - base.class_eval do - attr_accessor :original_path, :content_type - alias_method :local_path, :path end - end - - # Take the basename of the upload's original filename. - # This handles the full Windows paths given by Internet Explorer - # (and perhaps other broken user agents) without affecting - # those which give the lone filename. - # The Windows regexp is adapted from Perl's File::Basename. - def original_filename - unless defined? @original_filename - @original_filename = - unless original_path.blank? - if original_path =~ /^(?:.*[:\\\/])?(.*)/m - $1 - else - File.basename original_path - end - end - end - @original_filename - end - end - - class UploadedStringIO < StringIO - include UploadedFile - end - - class UploadedTempfile < Tempfile - include UploadedFile end end vendor/rails/actionpack/lib/action_controller/request.rb @@ -5,8 +5,6 @@ module ActionController #:nodoc: module RequestForgeryProtection def self.included(base) base.class_eval do - class_inheritable_accessor :request_forgery_protection_options - self.request_forgery_protection_options = {} helper_method :form_authenticity_token helper_method :protect_against_forgery? end @@ -14,7 +12,7 @@ module ActionController #:nodoc: end # Protecting controller actions from CSRF attacks by ensuring that all forms are coming from the current web application, not a - # forged link from another site, is done by embedding a token based on the session (which an attacker wouldn't know) in all + # forged link from another site, is done by embedding a token based on a random string stored in the session (which an attacker wouldn't know) in all # forms and Ajax requests generated by Rails and then verifying the authenticity of that token in the controller. Only # HTML/JavaScript requests are checked, so this will not protect your XML API (presumably you'll have a different authentication # scheme there anyway). Also, GET requests are not protected as these should be idempotent anyway. @@ -57,12 +55,8 @@ module ActionController #:nodoc: # Example: # # class FooController < ApplicationController - # # uses the cookie session store (then you don't need a separate :secret) # protect_from_forgery :except => :index # - # # uses one of the other session stores that uses a session_id value. - # protect_from_forgery :secret => 'my-little-pony', :except => :index - # # # you can disable csrf protection on controller-by-controller basis: # skip_before_filter :verify_authenticity_token # end @@ -70,13 +64,12 @@ module ActionController #:nodoc: # Valid Options: # # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call. Set which actions are verified. - # * <tt>:secret</tt> - Custom salt used to generate the <tt>form_authenticity_token</tt>. - # Leave this off if you are using the cookie session store. - # * <tt>:digest</tt> - Message digest used for hashing. Defaults to 'SHA1'. def protect_from_forgery(options = {}) self.request_forgery_protection_token ||= :authenticity_token before_filter :verify_authenticity_token, :only => options.delete(:only), :except => options.delete(:except) - request_forgery_protection_options.update(options) + if options[:secret] || options[:digest] + ActiveSupport::Deprecation.warn("protect_from_forgery only takes :only and :except options now. :digest and :secret have no effect", caller) + end end end @@ -90,7 +83,7 @@ module ActionController #:nodoc: # # * is the format restricted? By default, only HTML and AJAX requests are checked. # * is it a GET request? Gets should be safe and idempotent - # * Does the form_authenticity_token match the given _token value from the params? + # * Does the form_authenticity_token match the given token value from the params? def verified_request? !protect_against_forgery? || request.method == :get || @@ -105,34 +98,9 @@ module ActionController #:nodoc: # Sets the token value for the current session. Pass a <tt>:secret</tt> option # in +protect_from_forgery+ to add a custom salt to the hash. def form_authenticity_token - @form_authenticity_token ||= if !session.respond_to?(:session_id) - raise InvalidAuthenticityToken, "Request Forgery Protection requires a valid session. Use #allow_forgery_protection to disable it, or use a valid session." - elsif request_forgery_protection_options[:secret] - authenticity_token_from_session_id - elsif session.respond_to?(:dbman) && session.dbman.respond_to?(:generate_digest) - authenticity_token_from_cookie_session - else - raise InvalidAuthenticityToken, "No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store)." - end - end - - # Generates a unique digest using the session_id and the CSRF secret. - def authenticity_token_from_session_id - key = if request_forgery_protection_options[:secret].respond_to?(:call) - request_forgery_protection_options[:secret].call(@session) - else - request_forgery_protection_options[:secret] - end - digest = request_forgery_protection_options[:digest] ||= 'SHA1' - OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(digest), key.to_s, session.session_id.to_s) - end - - # No secret was given, so assume this is a cookie session store. - def authenticity_token_from_cookie_session - session[:csrf_id] ||= CGI::Session.generate_unique_id - session.dbman.generate_digest(session[:csrf_id]) + session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32) end - + def protect_against_forgery? allow_forgery_protection && request_forgery_protection_token end vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb @@ -1,13 +1,19 @@ module ActionController #:nodoc: - # Actions that fail to perform as expected throw exceptions. These exceptions can either be rescued for the public view - # (with a nice user-friendly explanation) or for the developers view (with tons of debugging information). The developers view - # is already implemented by the Action Controller, but the public view should be tailored to your specific application. - # - # The default behavior for public exceptions is to render a static html file with the name of the error code thrown. If no such - # file exists, an empty response is sent with the correct status code. + # Actions that fail to perform as expected throw exceptions. These + # exceptions can either be rescued for the public view (with a nice + # user-friendly explanation) or for the developers view (with tons of + # debugging information). The developers view is already implemented by + # the Action Controller, but the public view should be tailored to your + # specific application. # - # You can override what constitutes a local request by overriding the <tt>local_request?</tt> method in your own controller. - # Custom rescue behavior is achieved by overriding the <tt>rescue_action_in_public</tt> and <tt>rescue_action_locally</tt> methods. + # The default behavior for public exceptions is to render a static html + # file with the name of the error code thrown. If no such file exists, an + # empty response is sent with the correct status code. + # + # You can override what constitutes a local request by overriding the + # <tt>local_request?</tt> method in your own controller. Custom rescue + # behavior is achieved by overriding the <tt>rescue_action_in_public</tt> + # and <tt>rescue_action_locally</tt> methods. module Rescue LOCALHOST = '127.0.0.1'.freeze @@ -32,6 +38,9 @@ module ActionController #:nodoc: 'ActionView::TemplateError' => 'template_error' } + RESCUES_TEMPLATE_PATH = ActionView::Template::EagerPath.new_and_loaded( + File.join(File.dirname(__FILE__), "templates")) + def self.included(base) #:nodoc: base.cattr_accessor :rescue_responses base.rescue_responses = Hash.new(DEFAULT_RESCUE_RESPONSE) @@ -50,47 +59,60 @@ module ActionController #:nodoc: end module ClassMethods - def process_with_exception(request, response, exception) #:nodoc: + def call_with_exception(env, exception) #:nodoc: + request = env["action_controller.rescue.request"] ||= Request.new(env) + response = env["action_controller.rescue.response"] ||= Response.new new.process(request, response, :rescue_action, exception) end end protected - # Exception handler called when the performance of an action raises an exception. + # Exception handler called when the performance of an action raises + # an exception. def rescue_action(exception) - rescue_with_handler(exception) || rescue_action_without_handler(exception) + rescue_with_handler(exception) || + rescue_action_without_handler(exception) end - # Overwrite to implement custom logging of errors. By default logs as fatal. + # Overwrite to implement custom logging of errors. By default + # logs as fatal. def log_error(exception) #:doc: ActiveSupport::Deprecation.silence do if ActionView::TemplateError === exception logger.fatal(exception.to_s) else logger.fatal( - "\n\n#{exception.class} (#{exception.message}):\n " + - clean_backtrace(exception).join("\n ") + - "\n\n" + "\n#{exception.class} (#{exception.message}):\n " + + clean_backtrace(exception).join("\n ") + "\n\n" ) end end end - # Overwrite to implement public exception handling (for requests answering false to <tt>local_request?</tt>). By - # default will call render_optional_error_file. Override this method to provide more user friendly error messages. + # Overwrite to implement public exception handling (for requests + # answering false to <tt>local_request?</tt>). By default will call + # render_optional_error_file. Override this method to provide more + # user friendly error messages. def rescue_action_in_public(exception) #:doc: render_optional_error_file response_code_for_rescue(exception) end - - # Attempts to render a static error page based on the <tt>status_code</tt> thrown, - # or just return headers if no such file exists. For example, if a 500 error is - # being handled Rails will first attempt to render the file at <tt>public/500.html</tt>. - # If the file doesn't exist, the body of the response will be left empty. + + # Attempts to render a static error page based on the + # <tt>status_code</tt> thrown, or just return headers if no such file + # exists. At first, it will try to render a localized static page. + # For example, if a 500 error is being handled Rails and locale is :da, + # it will first attempt to render the file at <tt>public/500.da.html</tt> + # then attempt to render <tt>public/500.html</tt>. If none of them exist, + # the body of the response will be left empty. def render_optional_error_file(status_code) status = interpret_status(status_code) + locale_path = "#{Rails.public_path}/#{status[0,3]}.#{I18n.locale}.html" if I18n.locale path = "#{Rails.public_path}/#{status[0,3]}.html" - if File.exist?(path) - render :file => path, :status => status + + if locale_path && File.exist?(locale_path) + render :file => locale_path, :status => status, :content_type => Mime::HTML + elsif File.exist?(path) + render :file => path, :status => status, :content_type => Mime::HTML else head status end @@ -107,11 +129,13 @@ module ActionController #:nodoc: # a controller action. def rescue_action_locally(exception) @template.instance_variable_set("@exception", exception) - @template.instance_variable_set("@rescues_path", File.dirname(rescues_path("stub"))) - @template.instance_variable_set("@contents", @template.render(:file => template_path_for_local_rescue(exception))) + @template.instance_variable_set("@rescues_path", RESCUES_TEMPLATE_PATH) + @template.instance_variable_set("@contents", + @template.render(:file => template_path_for_local_rescue(exception))) response.content_type = Mime::HTML - render_for_file(rescues_path("layout"), response_code_for_rescue(exception)) + render_for_file(rescues_path("layout"), + response_code_for_rescue(exception)) end def rescue_action_without_handler(exception) @@ -139,7 +163,7 @@ module ActionController #:nodoc: end def rescues_path(template_name) - "#{File.dirname(__FILE__)}/templates/rescues/#{template_name}.erb" + RESCUES_TEMPLATE_PATH["rescues/#{template_name}.erb"] end def template_path_for_local_rescue(exception) @@ -151,13 +175,9 @@ module ActionController #:nodoc: end def clean_backtrace(exception) - if backtrace = exception.backtrace - if defined?(RAILS_ROOT) - backtrace.map { |line| line.sub RAILS_ROOT, '' } - else - backtrace - end - end + defined?(Rails) && Rails.respond_to?(:backtrace_cleaner) ? + Rails.backtrace_cleaner.clean(exception.backtrace) : + exception.backtrace end end end vendor/rails/actionpack/lib/action_controller/rescue.rb @@ -42,7 +42,7 @@ module ActionController # # Read more about REST at http://en.wikipedia.org/wiki/Representational_State_Transfer module Resources - INHERITABLE_OPTIONS = :namespace, :shallow, :actions + INHERITABLE_OPTIONS = :namespace, :shallow class Resource #:nodoc: DEFAULT_ACTIONS = :index, :create, :new, :edit, :show, :update, :destroy @@ -91,7 +91,7 @@ module ActionController end def shallow_path_prefix - @shallow_path_prefix ||= "#{path_prefix unless @options[:shallow]}" + @shallow_path_prefix ||= @options[:shallow] ? @options[:namespace].try(:sub, /\/$/, '') : path_prefix end def member_path @@ -103,7 +103,7 @@ module ActionController end def shallow_name_prefix - @shallow_name_prefix ||= "#{name_prefix unless @options[:shallow]}" + @shallow_name_prefix ||= @options[:shallow] ? @options[:namespace].try(:gsub, /\//, '_') : name_prefix end def nesting_name_prefix @@ -119,7 +119,7 @@ module ActionController end def has_action?(action) - !DEFAULT_ACTIONS.include?(action) || @options[:actions].nil? || @options[:actions].include?(action) + !DEFAULT_ACTIONS.include?(action) || action_allowed?(action) end protected @@ -135,24 +135,29 @@ module ActionController end def set_allowed_actions - only = @options.delete(:only) - except = @options.delete(:except) + only, except = @options.values_at(:only, :except) + @allowed_actions ||= {} - if only && except - raise ArgumentError, 'Please supply either :only or :except, not both.' - elsif only == :all || except == :none - options[:actions] = DEFAULT_ACTIONS + if only == :all || except == :none + only = nil + except = [] elsif only == :none || except == :all - options[:actions] = [] - elsif only - options[:actions] = DEFAULT_ACTIONS & Array(only).map(&:to_sym) + only = [] + except = nil + end + + if only + @allowed_actions[:only] = Array(only).map(&:to_sym) elsif except - options[:actions] = DEFAULT_ACTIONS - Array(except).map(&:to_sym) - else - # leave options[:actions] alone + @allowed_actions[:except] = Array(except).map(&:to_sym) end end + def action_allowed?(action) + only, except = @allowed_actions.values_at(:only, :except) + (!only || only.include?(action)) && (!except || !except.include?(action)) + end + def set_prefixes @path_prefix = options.delete(:path_prefix) @name_prefix = options.delete(:name_prefix) @@ -283,7 +288,12 @@ module ActionController # * <tt>:new</tt> - Same as <tt>:collection</tt>, but for actions that operate on the new \resource action. # * <tt>:controller</tt> - Specify the controller name for the routes. # * <tt>:singular</tt> - Specify the singular name used in the member routes. - # * <tt>:requirements</tt> - Set custom routing parameter requirements. + # * <tt>:requirements</tt> - Set custom routing parameter requirements; this is a hash of either + # regular expressions (which must match for the route to match) or extra parameters. For example: + # + # map.resource :profile, :path_prefix => ':name', :requirements => { :name => /[a-zA-Z]+/, :extra => 'value' } + # + # will only match if the first part is alphabetic, and will pass the parameter :extra to the controller. # * <tt>:conditions</tt> - Specify custom routing recognition conditions. \Resources sets the <tt>:method</tt> value for the method-specific routes. # * <tt>:as</tt> - Specify a different \resource name to use in the URL path. For example: # # products_path == '/productos' @@ -398,8 +408,6 @@ module ActionController # # --> POST /posts/1/comments (maps to the CommentsController#create action) # # --> PUT /posts/1/comments/1 (fails) # - # The <tt>:only</tt> and <tt>:except</tt> options are inherited by any nested resource(s). - # # If <tt>map.resources</tt> is called with multiple resources, they all get the same options applied. # # Examples: @@ -535,9 +543,9 @@ module ActionController with_options :controller => resource.controller do |map| map_collection_actions(map, resource) - map_default_singleton_actions(map, resource) map_new_actions(map, resource) map_member_actions(map, resource) + map_default_singleton_actions(map, resource) map_associations(resource, options) @@ -622,7 +630,7 @@ module ActionController action_path = resource.options[:path_names][action] if resource.options[:path_names].is_a?(Hash) action_path ||= Base.resources_path_names[action] || action - map_resource_routes(map, resource, action, "#{resource.member_path}#{resource.action_separator}#{action_path}", "#{action}_#{resource.shallow_name_prefix}#{resource.singular}", m) + map_resource_routes(map, resource, action, "#{resource.member_path}#{resource.action_separator}#{action_path}", "#{action}_#{resource.shallow_name_prefix}#{resource.singular}", m, { :force_id => true }) end end end @@ -633,16 +641,14 @@ module ActionController map_resource_routes(map, resource, :destroy, resource.member_path, route_path) end - def map_resource_routes(map, resource, action, route_path, route_name = nil, method = nil) + def map_resource_routes(map, resource, action, route_path, route_name = nil, method = nil, resource_options = {} ) if resource.has_action?(action) - action_options = action_options_for(action, resource, method) + action_options = action_options_for(action, resource, method, resource_options) formatted_route_path = "#{route_path}.:format" if route_name && @set.named_routes[route_name.to_sym].nil? - map.named_route(route_name, route_path, action_options) - map.named_route("formatted_#{route_name}", formatted_route_path, action_options) + map.named_route(route_name, formatted_route_path, action_options) else - map.connect(route_path, action_options) map.connect(formatted_route_path, action_options) end end @@ -654,9 +660,10 @@ module ActionController end end - def action_options_for(action, resource, method = nil) + def action_options_for(action, resource, method = nil, resource_options = {}) default_options = { :action => action.to_s } require_id = !resource.kind_of?(SingletonResource) + force_id = resource_options[:force_id] && !resource.kind_of?(SingletonResource) case default_options[:action] when "index", "new"; default_options.merge(add_conditions_for(resource.conditions, method || :get)).merge(resource.requirements) @@ -664,12 +671,8 @@ module ActionController when "show", "edit"; default_options.merge(add_conditions_for(resource.conditions, method || :get)).merge(resource.requirements(require_id)) when "update"; default_options.merge(add_conditions_for(resource.conditions, method || :put)).merge(resource.requirements(require_id)) when "destroy"; default_options.merge(add_conditions_for(resource.conditions, method || :delete)).merge(resource.requirements(require_id)) - else default_options.merge(add_conditions_for(resource.conditions, method)).merge(resource.requirements) + else default_options.merge(add_conditions_for(resource.conditions, method)).merge(resource.requirements(force_id)) end end end end - -class ActionController::Routing::RouteSet::Mapper - include ActionController::Resources -end vendor/rails/actionpack/lib/action_controller/resources.rb @@ -1,24 +1,25 @@ require 'digest/md5' module ActionController # :nodoc: - # Represents an HTTP response generated by a controller action. One can use an - # ActionController::AbstractResponse object to retrieve the current state of the - # response, or customize the response. An AbstractResponse object can either - # represent a "real" HTTP response (i.e. one that is meant to be sent back to the - # web browser) or a test response (i.e. one that is generated from integration - # tests). See CgiResponse and TestResponse, respectively. + # Represents an HTTP response generated by a controller action. One can use + # an ActionController::Response object to retrieve the current state + # of the response, or customize the response. An Response object can + # either represent a "real" HTTP response (i.e. one that is meant to be sent + # back to the web browser) or a test response (i.e. one that is generated + # from integration tests). See CgiResponse and TestResponse, respectively. # - # AbstractResponse is mostly a Ruby on Rails framework implement detail, and should - # never be used directly in controllers. Controllers should use the methods defined - # in ActionController::Base instead. For example, if you want to set the HTTP - # response's content MIME type, then use ActionControllerBase#headers instead of - # AbstractResponse#headers. + # Response is mostly a Ruby on Rails framework implement detail, and + # should never be used directly in controllers. Controllers should use the + # methods defined in ActionController::Base instead. For example, if you want + # to set the HTTP response's content MIME type, then use + # ActionControllerBase#headers instead of Response#headers. # - # Nevertheless, integration tests may want to inspect controller responses in more - # detail, and that's when AbstractResponse can be useful for application developers. - # Integration test methods such as ActionController::Integration::Session#get and - # ActionController::Integration::Session#post return objects of type TestResponse - # (which are of course also of type AbstractResponse). + # Nevertheless, integration tests may want to inspect controller responses in + # more detail, and that's when Response can be useful for application + # developers. Integration test methods such as + # ActionController::Integration::Session#get and + # ActionController::Integration::Session#post return objects of type + # TestResponse (which are of course also of type Response). # # For example, the following demo integration "test" prints the body of the # controller response to the console: @@ -29,25 +30,25 @@ module ActionController # :nodoc: # puts @response.body # end # end - class AbstractResponse + class Response < Rack::Response DEFAULT_HEADERS = { "Cache-Control" => "no-cache" } attr_accessor :request - # The body content (e.g. HTML) of the response, as a String. - attr_accessor :body - # The headers of the response, as a Hash. It maps header names to header values. - attr_accessor :headers - attr_accessor :session, :cookies, :assigns, :template, :layout + attr_accessor :session, :assigns, :template, :layout attr_accessor :redirected_to, :redirected_to_method_params delegate :default_charset, :to => 'ActionController::Base' def initialize - @body, @headers, @session, @assigns = "", DEFAULT_HEADERS.merge("cookie" => []), [], [] - end + @status = 200 + @header = Rack::Utils::HeaderHash.new(DEFAULT_HEADERS) + + @writer = lambda { |x| @body << x } + @block = nil - def status; headers['Status'] end - def status=(status) headers['Status'] = status end + @body = "", + @session, @assigns = [], [] + end def location; headers['Location'] end def location=(url) headers['Location'] = url end @@ -109,13 +110,17 @@ module ActionController # :nodoc: def etag headers['ETag'] end - + def etag? headers.include?('ETag') end - + def etag=(etag) - headers['ETag'] = %("#{Digest::MD5.hexdigest(ActiveSupport::Cache.expand_cache_key(etag))}") + if etag.blank? + headers.delete('ETag') + else + headers['ETag'] = %("#{Digest::MD5.hexdigest(ActiveSupport::Cache.expand_cache_key(etag))}") + end end def redirect(url, status) @@ -138,26 +143,58 @@ module ActionController # :nodoc: handle_conditional_get! set_content_length! convert_content_type! + convert_language! + convert_cookies! + end + + def each(&callback) + if @body.respond_to?(:call) + @writer = lambda { |x| callback.call(x) } + @body.call(self, self) + elsif @body.is_a?(String) + @body.each_line(&callback) + else + @body.each(&callback) + end + + @writer = callback + @block.call(self) if @block + end + + def write(str) + @writer.call str.to_s + str + end + + def set_cookie(key, value) + if value.has_key?(:http_only) + ActiveSupport::Deprecation.warn( + "The :http_only option in ActionController::Response#set_cookie " + + "has been renamed. Please use :httponly instead.", caller) + value[:httponly] ||= value.delete(:http_only) + end + + super(key, value) end private - def handle_conditional_get! - if etag? || last_modified? - set_conditional_cache_control! - elsif nonempty_ok_response? - self.etag = body - - if request && request.etag_matches?(etag) - self.status = '304 Not Modified' - self.body = '' - end - - set_conditional_cache_control! - end + def handle_conditional_get! + if etag? || last_modified? + set_conditional_cache_control! + elsif nonempty_ok_response? + self.etag = body + + if request && request.etag_matches?(etag) + self.status = '304 Not Modified' + self.body = '' + end + + set_conditional_cache_control! + end end def nonempty_ok_response? - ok = !status || status[0..2] == '200' + ok = !status || status.to_s[0..2] == '200' ok && body.is_a?(String) && !body.empty? end @@ -168,23 +205,28 @@ module ActionController # :nodoc: end def convert_content_type! - if content_type = headers.delete("Content-Type") - self.headers["type"] = content_type - end - if content_type = headers.delete("Content-type") - self.headers["type"] = content_type - end - if content_type = headers.delete("content-type") - self.headers["type"] = content_type - end + headers['Content-Type'] ||= "text/html" + headers['Content-Type'] += "; charset=" + headers.delete('charset') if headers['charset'] end - - # Don't set the Content-Length for block-based bodies as that would mean reading it all into memory. Not nice - # for, say, a 2GB streaming file. + + # Don't set the Content-Length for block-based bodies as that would mean + # reading it all into memory. Not nice for, say, a 2GB streaming file. def set_content_length! - unless body.respond_to?(:call) || (status && status[0..2] == '304') - self.headers["Content-Length"] ||= body.size + if status && status.to_s[0..2] == '204' + headers.delete('Content-Length') + elsif length = headers['Content-Length'] + headers['Content-Length'] = length.to_s + elsif !body.respond_to?(:call) && (!status || status.to_s[0..2] != '304') + headers["Content-Length"] = (body.respond_to?(:bytesize) ? body.bytesize : body.size).to_s end end + + def convert_language! + headers["Content-Language"] = headers.delete("language") if headers["language"] + end + + def convert_cookies! + headers['Set-Cookie'] = Array(headers['Set-Cookie']).compact + end end end vendor/rails/actionpack/lib/action_controller/response.rb @@ -1,6 +1,5 @@ require 'cgi' require 'uri' -require 'action_controller/polymorphic_routes' require 'action_controller/routing/optimisations' require 'action_controller/routing/routing_ext' require 'action_controller/routing/route' @@ -84,9 +83,11 @@ module ActionController # This sets up +blog+ as the default controller if no other is specified. # This means visiting '/' would invoke the blog controller. # - # More formally, you can define defaults in a route with the <tt>:defaults</tt> key. + # More formally, you can include arbitrary parameters in the route, thus: # - # map.connect ':controller/:action/:id', :action => 'show', :defaults => { :page => 'Dashboard' } + # map.connect ':controller/:action/:id', :action => 'show', :page => 'Dashboard' + # + # This will pass the :page parameter to all incoming requests that match this route. # # Note: The default routes, as provided by the Rails generator, make all actions in every # controller accessible via GET requests. You should consider removing them or commenting @@ -192,9 +193,8 @@ module ActionController # # map.connect '*path' , :controller => 'blog' , :action => 'unrecognized?' # - # will glob all remaining parts of the route that were not recognized earlier. This idiom - # must appear at the end of the path. The globbed values are in <tt>params[:path]</tt> in - # this case. + # will glob all remaining parts of the route that were not recognized earlier. + # The globbed values are in <tt>params[:path]</tt> as an array of path segments. # # == Route conditions # @@ -267,7 +267,7 @@ module ActionController module Routing SEPARATORS = %w( / . ? ) - HTTP_METHODS = [:get, :head, :post, :put, :delete] + HTTP_METHODS = [:get, :head, :post, :put, :delete, :options] ALLOWED_REQUIREMENTS_FOR_OPTIMISATION = [:controller, :action].to_set vendor/rails/actionpack/lib/action_controller/routing.rb @@ -34,6 +34,8 @@ module ActionController def segment_for(string) segment = case string + when /\A\.(:format)?\// + OptionalFormatSegment.new when /\A:(\w+)/ key = $1.to_sym key == :controller ? ControllerSegment.new(key) : DynamicSegment.new(key) @@ -157,7 +159,8 @@ module ActionController path = "/#{path}" unless path[0] == ?/ path = "#{path}/" unless path[-1] == ?/ - path = "/#{options[:path_prefix].to_s.gsub(/^\//,'')}#{path}" if options[:path_prefix] + prefix = options[:path_prefix].to_s.gsub(/^\//,'') + path = "/#{prefix}#{path}" unless prefix.blank? segments = segments_for_route_path(path) defaults, requirements, conditions = divide_route_options(segments, options) vendor/rails/actionpack/lib/action_controller/routing/builder.rb @@ -65,7 +65,7 @@ module ActionController # rather than triggering the expensive logic in +url_for+. class PositionalArguments < Optimiser def guard_conditions - number_of_arguments = route.segment_keys.size + number_of_arguments = route.required_segment_keys.size # if they're using foo_url(:id=>2) it's one # argument, but we don't want to generate /foos/id2 if number_of_arguments == 1 vendor/rails/actionpack/lib/action_controller/routing/optimisations.rb @@ -56,7 +56,7 @@ module ActionController result = recognize_optimized(path, environment) and return result # Route was not recognized. Try to find out why (maybe wrong verb). - allows = HTTP_METHODS.select { |verb| routes.find { |r| r.recognize(path, :method => verb) } } + allows = HTTP_METHODS.select { |verb| routes.find { |r| r.recognize(path, environment.merge(:method => verb)) } } if environment[:method] && !HTTP_METHODS.include?(environment[:method]) raise NotImplemented.new(*allows) @@ -98,7 +98,6 @@ module ActionController if Array === item i += 1 start = (i == 1) - final = (i == list.size) tag, sub = item if tag == :dynamic body += padding + "#{start ? 'if' : 'elsif'} true\n" vendor/rails/actionpack/lib/action_controller/routing/recognition_optimisation.rb @@ -35,6 +35,11 @@ module ActionController segment.key if segment.respond_to? :key end.compact end + + def required_segment_keys + required_segments = segments.select {|seg| (!seg.optional? && !seg.is_a?(DividerSegment)) || seg.is_a?(PathSegment) } + required_segments.collect { |seg| seg.key if seg.respond_to?(:key)}.compact + end # Build a query string from the keys of the given hash. If +only_keys+ # is given (as an array), only the keys indicated will be used to build @@ -122,6 +127,16 @@ module ActionController super end + def generate(options, hash, expire_on = {}) + path, hash = generate_raw(options, hash, expire_on) + append_query_string(path, hash, extra_keys(options)) + end + + def generate_extras(options, hash, expire_on = {}) + path, hash = generate_raw(options, hash, expire_on) + [path, extra_keys(options)] + end + private def requirement_for(key) return requirements[key] if requirements.key? key @@ -150,11 +165,6 @@ module ActionController # the query string. (Never use keys from the recalled request when building the # query string.) - method_decl = "def generate(#{args})\npath, hash = generate_raw(options, hash, expire_on)\nappend_query_string(path, hash, extra_keys(options))\nend" - instance_eval method_decl, "generated code (#{__FILE__}:#{__LINE__})" - - method_decl = "def generate_extras(#{args})\npath, hash = generate_raw(options, hash, expire_on)\n[path, extra_keys(options)]\nend" - instance_eval method_decl, "generated code (#{__FILE__}:#{__LINE__})" raw_method end vendor/rails/actionpack/lib/action_controller/routing/route.rb @@ -7,6 +7,8 @@ module ActionController # Mapper instances have relatively few instance methods, in order to avoid # clashes with named routes. class Mapper #:doc: + include ActionController::Resources + def initialize(set) #:nodoc: @set = set end @@ -136,13 +138,17 @@ module ActionController end end + def named_helper_module_eval(code, *args) + @module.module_eval(code, *args) + end + def define_hash_access(route, name, kind, options) selector = hash_access_name(name, kind) - @module.module_eval <<-end_eval # We use module_eval to avoid leaks - def #{selector}(options = nil) - options ? #{options.inspect}.merge(options) : #{options.inspect} - end - protected :#{selector} + named_helper_module_eval <<-end_eval # We use module_eval to avoid leaks + def #{selector}(options = nil) # def hash_for_users_url(options = nil) + options ? #{options.inspect}.merge(options) : #{options.inspect} # options ? {:only_path=>false}.merge(options) : {:only_path=>false} + end # end + protected :#{selector} # protected :hash_for_users_url end_eval helpers << selector end @@ -166,33 +172,44 @@ module ActionController # # foo_url(bar, baz, bang, :sort_by => 'baz') # - @module.module_eval <<-end_eval # We use module_eval to avoid leaks - def #{selector}(*args) - - #{generate_optimisation_block(route, kind)} - - opts = if args.empty? || Hash === args.first - args.first || {} - else - options = args.extract_options! - args = args.zip(#{route.segment_keys.inspect}).inject({}) do |h, (v, k)| - h[k] = v - h - end - options.merge(args) - end - - url_for(#{hash_access_method}(opts)) - end - protected :#{selector} + named_helper_module_eval <<-end_eval # We use module_eval to avoid leaks + def #{selector}(*args) # def users_url(*args) + # + #{generate_optimisation_block(route, kind)} # #{generate_optimisation_block(route, kind)} + # + opts = if args.empty? || Hash === args.first # opts = if args.empty? || Hash === args.first + args.first || {} # args.first || {} + else # else + options = args.extract_options! # options = args.extract_options! + args = args.zip(#{route.segment_keys.inspect}).inject({}) do |h, (v, k)| # args = args.zip([]).inject({}) do |h, (v, k)| + h[k] = v # h[k] = v + h # h + end # end + options.merge(args) # options.merge(args) + end # end + # + url_for(#{hash_access_method}(opts)) # url_for(hash_for_users_url(opts)) + # + end # end + #Add an alias to support the now deprecated formatted_* URL. # #Add an alias to support the now deprecated formatted_* URL. + def formatted_#{selector}(*args) # def formatted_users_url(*args) + ActiveSupport::Deprecation.warn( # ActiveSupport::Deprecation.warn( + "formatted_#{selector}() has been deprecated. " + # "formatted_users_url() has been deprecated. " + + "Please pass format to the standard " + # "Please pass format to the standard " + + "#{selector} method instead.", caller) # "users_url method instead.", caller) + #{selector}(*args) # users_url(*args) + end # end + protected :#{selector} # protected :users_url end_eval helpers << selector end end - attr_accessor :routes, :named_routes, :configuration_file + attr_accessor :routes, :named_routes, :configuration_files def initialize + self.configuration_files = [] + self.routes = [] self.named_routes = NamedRouteCollection.new @@ -206,7 +223,6 @@ module ActionController end def draw - clear! yield Mapper.new(self) install_helpers end @@ -230,8 +246,22 @@ module ActionController routes.empty? end + def add_configuration_file(path) + self.configuration_files << path + end + + # Deprecated accessor + def configuration_file=(path) + add_configuration_file(path) + end + + # Deprecated accessor + def configuration_file + configuration_files + end + def load! - Routing.use_controllers! nil # Clear the controller cache so we may discover new ones + Routing.use_controllers!(nil) # Clear the controller cache so we may discover new ones clear! load_routes! end @@ -240,24 +270,39 @@ module ActionController alias reload! load! def reload - if @routes_last_modified && configuration_file - mtime = File.stat(configuration_file).mtime - # if it hasn't been changed, then just return - return if mtime == @routes_last_modified - # if it has changed then record the new time and fall to the load! below - @routes_last_modified = mtime + if configuration_files.any? && @routes_last_modified + if routes_changed_at == @routes_last_modified + return # routes didn't change, don't reload + else + @routes_last_modified = routes_changed_at + end end + load! end def load_routes! - if configuration_file - load configuration_file - @routes_last_modified = File.stat(configuration_file).mtime + if configuration_files.any? + configuration_files.each { |config| load(config) } + @routes_last_modified = routes_changed_at else add_route ":controller/:action/:id" end end + + def routes_changed_at + routes_changed_at = nil + + configuration_files.each do |config| + config_changed_at = File.stat(config).mtime + + if routes_changed_at.nil? || config_changed_at > routes_changed_at + routes_changed_at = config_changed_at + end + end + + routes_changed_at + end def add_route(path, options = {}) route = builder.build(path, options) @@ -359,7 +404,7 @@ module ActionController end # don't use the recalled keys when determining which routes to check - routes = routes_by_controller[controller][action][options.keys.sort_by { |x| x.object_id }] + routes = routes_by_controller[controller][action][options.reject {|k,v| !v}.keys.sort_by { |x| x.object_id }] routes.each do |route| results = route.__send__(method, options, merged, expire_on) @@ -382,6 +427,12 @@ module ActionController end end + def call(env) + request = Request.new(env) + app = Routing::Routes.recognize(request) + app.call(env).to_a + end + def recognize(request) params = recognize_path(request.path, extract_request_environment(request)) request.path_parameters = params.with_indifferent_access vendor/rails/actionpack/lib/action_controller/routing/route_set.rb @@ -3,7 +3,11 @@ module ActionController class Segment #:nodoc: RESERVED_PCHAR = ':@&=+$,;' SAFE_PCHAR = "#{URI::REGEXP::PATTERN::UNRESERVED}#{RESERVED_PCHAR}" - UNSAFE_PCHAR = Regexp.new("[^#{SAFE_PCHAR}]", false, 'N').freeze + if RUBY_VERSION >= '1.9' + UNSAFE_PCHAR = Regexp.new("[^#{SAFE_PCHAR}]", false).freeze + else + UNSAFE_PCHAR = Regexp.new("[^#{SAFE_PCHAR}]", false, 'N').freeze + end # TODO: Convert :is_optional accessor to read only attr_accessor :is_optional @@ -191,23 +195,19 @@ module ActionController end def regexp_chunk - if regexp - if regexp_has_modifiers? - "(#{regexp.to_s})" - else - "(#{regexp.source})" - end - else - "([^#{Routing::SEPARATORS.join}]+)" - end + regexp ? regexp_string : default_regexp_chunk + end + + def regexp_string + regexp_has_modifiers? ? "(#{regexp.to_s})" : "(#{regexp.source})" + end + + def default_regexp_chunk + "([^#{Routing::SEPARATORS.join}]+)" end def number_of_captures - if regexp - regexp.number_of_captures + 1 - else - 1 - end + regexp ? regexp.number_of_captures + 1 : 1 end def build_pattern(pattern) @@ -244,10 +244,6 @@ module ActionController "(?i-:(#{(regexp || Regexp.union(*possible_names)).source}))" end - def number_of_captures - 1 - end - # Don't URI.escape the controller name since it may contain slashes. def interpolation_chunk(value_code = local_name) "\#{#{value_code}.to_s}" @@ -289,8 +285,8 @@ module ActionController "params[:#{key}] = PathSegment::Result.new_escaped((match[#{next_capture}]#{" || " + default.inspect if default}).split('/'))#{" if match[" + next_capture + "]" if !default}" end - def regexp_chunk - regexp || "(.*)" + def default_regexp_chunk + "(.*)" end def number_of_captures @@ -308,5 +304,40 @@ module ActionController end end end + + # The OptionalFormatSegment allows for any resource route to have an optional + # :format, which decreases the amount of routes created by 50%. + class OptionalFormatSegment < DynamicSegment + + def initialize(key = nil, options = {}) + super(:format, {:optional => true}.merge(options)) + end + + def interpolation_chunk + "." + super + end + + def regexp_chunk + '/|(\.[^/?\.]+)?' + end + + def to_s + '(.:format)?' + end + + def extract_value + "#{local_name} = options[:#{key}] && options[:#{key}].to_s.downcase" + end + + #the value should not include the period (.) + def match_extraction(next_capture) + %[ + if (m = match[#{next_capture}]) + params[:#{key}] = URI.unescape(m.from(1)) + end + ] + end + end + end end vendor/rails/actionpack/lib/action_controller/routing/segments.rb @@ -1,167 +1,221 @@ -require 'cgi' -require 'cgi/session' -require 'openssl' # to generate the HMAC message digest - -# This cookie-based session store is the Rails default. Sessions typically -# contain at most a user_id and flash message; both fit within the 4K cookie -# size limit. Cookie-based sessions are dramatically faster than the -# alternatives. -# -# If you have more than 4K of session data or don't want your data to be -# visible to the user, pick another session store. -# -# CookieOverflow is raised if you attempt to store more than 4K of data. -# TamperedWithCookie is raised if the data integrity check fails. -# -# A message digest is included with the cookie to ensure data integrity: -# a user cannot alter his +user_id+ without knowing the secret key included in -# the hash. New apps are generated with a pregenerated secret in -# config/environment.rb. Set your own for old apps you're upgrading. -# -# Session options: -# -# * <tt>:secret</tt>: An application-wide key string or block returning a string -# called per generated digest. The block is called with the CGI::Session -# instance as an argument. It's important that the secret is not vulnerable to -# a dictionary attack. Therefore, you should choose a secret consisting of -# random numbers and letters and more than 30 characters. Examples: -# -# :secret => '449fe2e7daee471bffae2fd8dc02313d' -# :secret => Proc.new { User.current_user.secret_key } -# -# * <tt>:digest</tt>: The message digest algorithm used to verify session -# integrity defaults to 'SHA1' but may be any digest provided by OpenSSL, -# such as 'MD5', 'RIPEMD160', 'SHA256', etc. -# -# To generate a secret key for an existing application, run -# "rake secret" and set the key in config/environment.rb. -# -# Note that changing digest or secret invalidates all existing sessions! -class CGI::Session::CookieStore - # Cookies can typically store 4096 bytes. - MAX = 4096 - SECRET_MIN_LENGTH = 30 # characters - - # Raised when storing more than 4K of session data. - class CookieOverflow < StandardError; end - - # Raised when the cookie fails its integrity check. - class TamperedWithCookie < StandardError; end - - # Called from CGI::Session only. - def initialize(session, options = {}) - # The session_key option is required. - if options['session_key'].blank? - raise ArgumentError, 'A session_key is required to write a cookie containing the session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase" } in config/environment.rb' - end +module ActionController + module Session + # This cookie-based session store is the Rails default. Sessions typically + # contain at most a user_id and flash message; both fit within the 4K cookie + # size limit. Cookie-based sessions are dramatically faster than the + # alternatives. + # + # If you have more than 4K of session data or don't want your data to be + # visible to the user, pick another session store. + # + # CookieOverflow is raised if you attempt to store more than 4K of data. + # + # A message digest is included with the cookie to ensure data integrity: + # a user cannot alter his +user_id+ without knowing the secret key + # included in the hash. New apps are generated with a pregenerated secret + # in config/environment.rb. Set your own for old apps you're upgrading. + # + # Session options: + # + # * <tt>:secret</tt>: An application-wide key string or block returning a + # string called per generated digest. The block is called with the + # CGI::Session instance as an argument. It's important that the secret + # is not vulnerable to a dictionary attack. Therefore, you should choose + # a secret consisting of random numbers and letters and more than 30 + # characters. Examples: + # + # :secret => '449fe2e7daee471bffae2fd8dc02313d' + # :secret => Proc.new { User.current_user.secret_key } + # + # * <tt>:digest</tt>: The message digest algorithm used to verify session + # integrity defaults to 'SHA1' but may be any digest provided by OpenSSL, + # such as 'MD5', 'RIPEMD160', 'SHA256', etc. + # + # To generate a secret key for an existing application, run + # "rake secret" and set the key in config/environment.rb. + # + # Note that changing digest or secret invalidates all existing sessions! + class CookieStore + # Cookies can typically store 4096 bytes. + MAX = 4096 + SECRET_MIN_LENGTH = 30 # characters + + DEFAULT_OPTIONS = { + :key => '_session_id', + :domain => nil, + :path => "/", + :expire_after => nil, + :httponly => true + }.freeze + + ENV_SESSION_KEY = "rack.session".freeze + ENV_SESSION_OPTIONS_KEY = "rack.session.options".freeze + HTTP_SET_COOKIE = "Set-Cookie".freeze + + # Raised when storing more than 4K of session data. + class CookieOverflow < StandardError; end + + def initialize(app, options = {}) + # Process legacy CGI options + options = options.symbolize_keys + if options.has_key?(:session_path) + options[:path] = options.delete(:session_path) + end + if options.has_key?(:session_key) + options[:key] = options.delete(:session_key) + end + if options.has_key?(:session_http_only) + options[:httponly] = options.delete(:session_http_only) + end - # The secret option is required. - ensure_secret_secure(options['secret']) - - # Keep the session and its secret on hand so we can read and write cookies. - @session, @secret = session, options['secret'] - - # Message digest defaults to SHA1. - @digest = options['digest'] || 'SHA1' - - # Default cookie options derived from session settings. - @cookie_options = { - 'name' => options['session_key'], - 'path' => options['session_path'], - 'domain' => options['session_domain'], - 'expires' => options['session_expires'], - 'secure' => options['session_secure'], - 'http_only' => options['session_http_only'] - } - - # Set no_hidden and no_cookies since the session id is unused and we - # set our own data cookie. - options['no_hidden'] = true - options['no_cookies'] = true - end + @app = app - # To prevent users from using something insecure like "Password" we make sure that the - # secret they've provided is at least 30 characters in length. - def ensure_secret_secure(secret) - # There's no way we can do this check if they've provided a proc for the - # secret. - return true if secret.is_a?(Proc) + # The session_key option is required. + ensure_session_key(options[:key]) + @key = options.delete(:key).freeze - if secret.blank? - raise ArgumentError, %Q{A secret is required to generate an integrity hash for cookie session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase of at least #{SECRET_MIN_LENGTH} characters" } in config/environment.rb} - end + # The secret option is required. + ensure_secret_secure(options[:secret]) + @secret = options.delete(:secret).freeze - if secret.length < SECRET_MIN_LENGTH - raise ArgumentError, %Q{Secret should be something secure, like "#{CGI::Session.generate_unique_id}". The value you provided, "#{secret}", is shorter than the minimum length of #{SECRET_MIN_LENGTH} characters} - end - end + @digest = options.delete(:digest) || 'SHA1' + @verifier = verifier_for(@secret, @digest) - # Restore session data from the cookie. - def restore - @original = read_cookie - @data = unmarshal(@original) || {} - end + @default_options = DEFAULT_OPTIONS.merge(options).freeze + + freeze + end - # Wait until close to write the session data cookie. - def update; end + def call(env) + env[ENV_SESSION_KEY] = AbstractStore::SessionHash.new(self, env) + env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup - # Write the session data cookie if it was loaded and has changed. - def close - if defined?(@data) && !@data.blank? - updated = marshal(@data) - raise CookieOverflow if updated.size > MAX - write_cookie('value' => updated) unless updated == @original - end - end + status, headers, body = @app.call(env) - # Delete the session data by setting an expired cookie with no data. - def delete - @data = nil - clear_old_cookie_value - write_cookie('value' => nil, 'expires' => 1.year.ago) - end + session_data = env[ENV_SESSION_KEY] + options = env[ENV_SESSION_OPTIONS_KEY] - # Generate the HMAC keyed message digest. Uses SHA1 by default. - def generate_digest(data) - key = @secret.respond_to?(:call) ? @secret.call(@session) : @secret - OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(@digest), key, data) - end + if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after] + session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?) + session_data = marshal(session_data.to_hash) - private - # Marshal a session hash into safe cookie data. Include an integrity hash. - def marshal(session) - data = ActiveSupport::Base64.encode64s(Marshal.dump(session)) - "#{data}--#{generate_digest(data)}" - end + raise CookieOverflow if session_data.size > MAX - # Unmarshal cookie data to a hash and verify its integrity. - def unmarshal(cookie) - if cookie - data, digest = cookie.split('--') + cookie = Hash.new + cookie[:value] = session_data + unless options[:expire_after].nil? + cookie[:expires] = Time.now + options[:expire_after] + end - # Do two checks to transparently support old double-escaped data. - unless digest == generate_digest(data) || digest == generate_digest(data = CGI.unescape(data)) - delete - raise TamperedWithCookie + cookie = build_cookie(@key, cookie.merge(options)) + unless headers[HTTP_SET_COOKIE].blank? + headers[HTTP_SET_COOKIE] << "\n#{cookie}" + else + headers[HTTP_SET_COOKIE] = cookie + end end - Marshal.load(ActiveSupport::Base64.decode64(data)) + [status, headers, body] end - end - # Read the session data cookie. - def read_cookie - @session.cgi.cookies[@cookie_options['name']].first - end + private + # Should be in Rack::Utils soon + def build_cookie(key, value) + case value + when Hash + domain = "; domain=" + value[:domain] if value[:domain] + path = "; path=" + value[:path] if value[:path] + # According to RFC 2109, we need dashes here. + # N.B.: cgi.rb uses spaces... + expires = "; expires=" + value[:expires].clone.gmtime. + strftime("%a, %d-%b-%Y %H:%M:%S GMT") if value[:expires] + secure = "; secure" if value[:secure] + httponly = "; HttpOnly" if value[:httponly] + value = value[:value] + end + value = [value] unless Array === value + cookie = Rack::Utils.escape(key) + "=" + + value.map { |v| Rack::Utils.escape(v) }.join("&") + + "#{domain}#{path}#{expires}#{secure}#{httponly}" + end - # CGI likes to make you hack. - def write_cookie(options) - cookie = CGI::Cookie.new(@cookie_options.merge(options)) - @session.cgi.send :instance_variable_set, '@output_cookies', [cookie] - end + def load_session(env) + request = Rack::Request.new(env) + session_data = request.cookies[@key] + data = unmarshal(session_data) || persistent_session_id!({}) + [data[:session_id], data] + end + + # Marshal a session hash into safe cookie data. Include an integrity hash. + def marshal(session) + @verifier.generate(persistent_session_id!(session)) + end + + # Unmarshal cookie data to a hash and verify its integrity. + def unmarshal(cookie) + persistent_session_id!(@verifier.verify(cookie)) if cookie + rescue ActiveSupport::MessageVerifier::InvalidSignature + nil + end - # Clear cookie value so subsequent new_session doesn't reload old data. - def clear_old_cookie_value - @session.cgi.cookies[@cookie_options['name']].clear + def ensure_session_key(key) + if key.blank? + raise ArgumentError, 'A key is required to write a ' + + 'cookie containing the session data. Use ' + + 'config.action_controller.session = { :key => ' + + '"_myapp_session", :secret => "some secret phrase" } in ' + + 'config/environment.rb' + end + end + + # To prevent users from using something insecure like "Password" we make sure that the + # secret they've provided is at least 30 characters in length. + def ensure_secret_secure(secret) + # There's no way we can do this check if they've provided a proc for the + # secret. + return true if secret.is_a?(Proc) + + if secret.blank? + raise ArgumentError, "A secret is required to generate an " + + "integrity hash for cookie session data. Use " + + "config.action_controller.session = { :key => " + + "\"_myapp_session\", :secret => \"some secret phrase of at " + + "least #{SECRET_MIN_LENGTH} characters\" } " + + "in config/environment.rb" + end + + if secret.length < SECRET_MIN_LENGTH + raise ArgumentError, "Secret should be something secure, " + + "like \"#{ActiveSupport::SecureRandom.hex(16)}\". The value you " + + "provided, \"#{secret}\", is shorter than the minimum length " + + "of #{SECRET_MIN_LENGTH} characters" + end + end + + def verifier_for(secret, digest) + key = secret.respond_to?(:call) ? secret.call : secret + ActiveSupport::MessageVerifier.new(key, digest) + end + + def generate_sid + ActiveSupport::SecureRandom.hex(16) + end + + def persistent_session_id!(data) + (data ||= {}).merge!(inject_persistent_session_id(data)) + end + + def inject_persistent_session_id(data) + requires_session_id?(data) ? { :session_id => generate_sid } : {} + end + + def requires_session_id?(data) + if data + data.respond_to?(:key?) && !data.key?(:session_id) + else + true + end + end end + end end vendor/rails/actionpack/lib/action_controller/session/cookie_store.rb @@ -1,95 +1,48 @@ -# cgi/session/memcached.rb - persistent storage of marshalled session data -# -# == Overview -# -# This file provides the CGI::Session::MemCache class, which builds -# persistence of storage data on top of the MemCache library. See -# cgi/session.rb for more details on session storage managers. -# - begin - require 'cgi/session' require_library_or_gem 'memcache' - class CGI - class Session - # MemCache-based session storage class. - # - # This builds upon the top-level MemCache class provided by the - # library file memcache.rb. Session data is marshalled and stored - # in a memcached cache. - class MemCacheStore - def check_id(id) #:nodoc:# - /[^0-9a-zA-Z]+/ =~ id.to_s ? false : true - end + module ActionController + module Session + class MemCacheStore < AbstractStore + def initialize(app, options = {}) + # Support old :expires option + options[:expire_after] ||= options[:expires] - # Create a new CGI::Session::MemCache instance - # - # This constructor is used internally by CGI::Session. The - # user does not generally need to call it directly. - # - # +session+ is the session for which this instance is being - # created. The session id must only contain alphanumeric - # characters; automatically generated session ids observe - # this requirement. - # - # +options+ is a hash of options for the initializer. The - # following options are recognized: - # - # cache:: an instance of a MemCache client to use as the - # session cache. - # - # expires:: an expiry time value to use for session entries in - # the session cache. +expires+ is interpreted in seconds - # relative to the current time if it’s less than 60*60*24*30 - # (30 days), or as an absolute Unix time (e.g., Time#to_i) if - # greater. If +expires+ is +0+, or not passed on +options+, - # the entry will never expire. - # - # This session's memcache entry will be created if it does - # not exist, or retrieved if it does. - def initialize(session, options = {}) - id = session.session_id - unless check_id(id) - raise ArgumentError, "session_id '%s' is invalid" % id - end - @cache = options['cache'] || MemCache.new('localhost') - @expires = options['expires'] || 0 - @session_key = "session:#{id}" - @session_data = {} - # Add this key to the store if haven't done so yet - unless @cache.get(@session_key) - @cache.add(@session_key, @session_data, @expires) - end - end + super - # Restore session state from the session's memcache entry. - # - # Returns the session state as a hash. - def restore - @session_data = @cache[@session_key] || {} - end + @default_options = { + :namespace => 'rack:session', + :memcache_server => 'localhost:11211' + }.merge(@default_options) - # Save session state to the session's memcache entry. - def update - @cache.set(@session_key, @session_data, @expires) - end - - # Update and close the session's memcache entry. - def close - update - end + @pool = options[:cache] || MemCache.new(@default_options[:memcache_server], @default_options) + unless @pool.servers.any? { |s| s.alive? } + raise "#{self} unable to find server during initialization." + end + @mutex = Mutex.new - # Delete the session's memcache entry. - def delete - @cache.delete(@session_key) - @session_data = {} - end - - def data - @session_data + super end + private + def get_session(env, sid) + sid ||= generate_sid + begin + session = @pool.get(sid) || {} + rescue MemCache::MemCacheError, Errno::ECONNREFUSED + session = {} + end + [sid, session] + end + + def set_session(env, sid, session_data) + options = env['rack.session.options'] + expiry = options[:expire_after] || 0 + @pool.set(sid, session_data, expiry) + return true + rescue MemCache::MemCacheError, Errno::ECONNREFUSED + return false + end end end end vendor/rails/actionpack/lib/action_controller/session/mem_cache_store.rb @@ -1,17 +1,8 @@ -require 'action_controller/session/cookie_store' -require 'action_controller/session/drb_store' -require 'action_controller/session/mem_cache_store' -if Object.const_defined?(:ActiveRecord) - require 'action_controller/session/active_record_store' -end - module ActionController #:nodoc: module SessionManagement #:nodoc: def self.included(base) base.class_eval do extend ClassMethods - alias_method_chain :process, :session_management_support - alias_method_chain :process_cleanup, :session_management_support end end @@ -19,144 +10,45 @@ module ActionController #:nodoc: # Set the session store to be used for keeping the session data between requests. # By default, sessions are stored in browser cookies (<tt>:cookie_store</tt>), # but you can also specify one of the other included stores (<tt>:active_record_store</tt>, - # <tt>:p_store</tt>, <tt>:drb_store</tt>, <tt>:mem_cache_store</tt>, or - # <tt>:memory_store</tt>) or your own custom class. + # <tt>:mem_cache_store</tt>, or your own custom class. def session_store=(store) - ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager] = - store.is_a?(Symbol) ? CGI::Session.const_get(store == :drb_store ? "DRbStore" : store.to_s.camelize) : store + if store == :active_record_store + self.session_store = ActiveRecord::SessionStore + else + @@session_store = store.is_a?(Symbol) ? + Session.const_get(store.to_s.camelize) : + store + end end # Returns the session store class currently used. def session_store - ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager] + if defined? @@session_store + @@session_store + else + Session::CookieStore + end + end + + def session=(options = {}) + self.session_store = nil if options.delete(:disabled) + session_options.merge!(options) end # Returns the hash used to configure the session. Example use: # - # ActionController::Base.session_options[:session_secure] = true # session only available over HTTPS + # ActionController::Base.session_options[:secure] = true # session only available over HTTPS def session_options - ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS - end - - # Specify how sessions ought to be managed for a subset of the actions on - # the controller. Like filters, you can specify <tt>:only</tt> and - # <tt>:except</tt> clauses to restrict the subset, otherwise options - # apply to all actions on this controller. - # - # The session options are inheritable, as well, so if you specify them in - # a parent controller, they apply to controllers that extend the parent. - # - # Usage: - # - # # turn off session management for all actions. - # session :off - # - # # turn off session management for all actions _except_ foo and bar. - # session :off, :except => %w(foo bar) - # - # # turn off session management for only the foo and bar actions. - # session :off, :only => %w(foo bar) - # - # # the session will only work over HTTPS, but only for the foo action - # session :only => :foo, :session_secure => true - # - # # the session by default uses HttpOnly sessions for security reasons. - # # this can be switched off. - # session :only => :foo, :session_http_only => false - # - # # the session will only be disabled for 'foo', and only if it is - # # requested as a web service - # session :off, :only => :foo, - # :if => Proc.new { |req| req.parameters[:ws] } - # - # # the session will be disabled for non html/ajax requests - # session :off, - # :if => Proc.new { |req| !(req.format.html? || req.format.js?) } - # - # # turn the session back on, useful when it was turned off in the - # # application controller, and you need it on in another controller - # session :on - # - # All session options described for ActionController::Base.process_cgi - # are valid arguments. - def session(*args) - options = args.extract_options! - - options[:disabled] = false if args.delete(:on) - options[:disabled] = true if !args.empty? - options[:only] = [*options[:only]].map { |o| o.to_s } if options[:only] - options[:except] = [*options[:except]].map { |o| o.to_s } if options[:except] - if options[:only] && options[:except] - raise ArgumentError, "only one of either :only or :except are allowed" - end - - write_inheritable_array(:session_options, [options]) - end - - # So we can declare session options in the Rails initializer. - alias_method :session=, :session - - def cached_session_options #:nodoc: - @session_options ||= read_inheritable_attribute(:session_options) || [] + @session_options ||= {} end - def session_options_for(request, action) #:nodoc: - if (session_options = cached_session_options).empty? - {} - else - options = {} - - action = action.to_s - session_options.each do |opts| - next if opts[:if] && !opts[:if].call(request) - if opts[:only] && opts[:only].include?(action) - options.merge!(opts) - elsif opts[:except] && !opts[:except].include?(action) - options.merge!(opts) - elsif !opts[:only] && !opts[:except] - options.merge!(opts) - end - end - - if options.empty? then options - else - options.delete :only - options.delete :except - options.delete :if - options[:disabled] ? false : options - end - end + def session(*args) + ActiveSupport::Deprecation.warn( + "Disabling sessions for a single controller has been deprecated. " + + "Sessions are now lazy loaded. So if you don't access them, " + + "consider them off. You can still modify the session cookie " + + "options with request.session_options.", caller) end end - - def process_with_session_management_support(request, response, method = :perform_action, *arguments) #:nodoc: - set_session_options(request) - process_without_session_management_support(request, response, method, *arguments) - end - - private - def set_session_options(request) - request.session_options = self.class.session_options_for(request, request.parameters["action"] || "index") - end - - def process_cleanup_with_session_management_support - clear_persistent_model_associations - process_cleanup_without_session_management_support - end - - # Clear cached associations in session data so they don't overflow - # the database field. Only applies to ActiveRecordStore since there - # is not a standard way to iterate over session data. - def clear_persistent_model_associations #:doc: - if defined?(@_session) && @_session.respond_to?(:data) - session_data = @_session.data - - if session_data && session_data.respond_to?(:each_value) - session_data.each_value do |obj| - obj.clear_association_cache if obj.respond_to?(:clear_association_cache) - end - end - end - end end end vendor/rails/actionpack/lib/action_controller/session_management.rb @@ -1,5 +1,6 @@ module ActionController #:nodoc: - # Methods for sending files and streams to the browser instead of rendering. + # Methods for sending arbitrary data and for streaming files to the browser, + # instead of rendering. module Streaming DEFAULT_SEND_FILE_OPTIONS = { :type => 'application/octet-stream'.freeze, @@ -24,7 +25,8 @@ module ActionController #:nodoc: # Options: # * <tt>:filename</tt> - suggests a filename for the browser to use. # Defaults to <tt>File.basename(path)</tt>. - # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'. + # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify + # either a string or a symbol for a registered type register with <tt>Mime::Type.register</tt>, for example :json # * <tt>:length</tt> - used to manually override the length (in bytes) of the content that # is going to be sent to the client. Defaults to <tt>File.size(path)</tt>. # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded. @@ -102,12 +104,16 @@ module ActionController #:nodoc: end end - # Send binary data to the user as a file download. May set content type, apparent file name, - # and specify whether to show data inline or download as an attachment. + # Sends the given binary data to the browser. This method is similar to + # <tt>render :text => data</tt>, but also allows you to specify whether + # the browser should display the response as a file attachment (i.e. in a + # download dialog) or as inline data. You may also set the content type, + # the apparent file name, and other things. # # Options: # * <tt>:filename</tt> - suggests a filename for the browser to use. - # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'. + # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify + # either a string or a symbol for a registered type register with <tt>Mime::Type.register</tt>, for example :json # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded. # Valid values are 'inline' and 'attachment' (default). # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to '200 OK'. @@ -125,6 +131,10 @@ module ActionController #:nodoc: # send_data image.data, :type => image.content_type, :disposition => 'inline' # # See +send_file+ for more information on HTTP Content-* headers and caching. + # + # <b>Tip:</b> if you want to stream large amounts of on-the-fly generated + # data to the browser, then use <tt>render :text => proc { ... }</tt> + # instead. See ActionController::Base#render for more information. def send_data(data, options = {}) #:doc: logger.info "Sending data #{options[:filename]}" if logger send_file_headers! options.merge(:length => data.size) @@ -143,9 +153,16 @@ module ActionController #:nodoc: disposition <<= %(; filename="#{options[:filename]}") if options[:filename] - headers.update( + content_type = options[:type] + if content_type.is_a?(Symbol) + raise ArgumentError, "Unknown MIME type #{options[:type]}" unless Mime::EXTENSION_LOOKUP.has_key?(content_type.to_s) + content_type = Mime::Type.lookup_by_extension(content_type.to_s) + end + content_type = content_type.to_s.strip # fixes a problem with extra '\r' with some browsers + + headers.merge!( 'Content-Length' => options[:length], - 'Content-Type' => options[:type].to_s.strip, # fixes a problem with extra '\r' with some browsers + 'Content-Type' => content_type, 'Content-Disposition' => disposition, 'Content-Transfer-Encoding' => 'binary' ) vendor/rails/actionpack/lib/action_controller/streaming.rb @@ -6,6 +6,6 @@ </h1> <pre><%=h @exception.clean_message %></pre> -<%= render(:file => @rescues_path + "/_trace.erb") %> +<%= render :file => @rescues_path["rescues/_trace.erb"] %> -<%= render(:file => @rescues_path + "/_request_and_response.erb") %> +<%= render :file => @rescues_path["rescues/_request_and_response.erb"] %> vendor/rails/actionpack/lib/action_controller/templates/rescues/diagnostics.erb @@ -15,7 +15,7 @@ <% @real_exception = @exception @exception = @exception.original_exception || @exception %> -<%= render(:file => @rescues_path + "/_trace.erb") %> +<%= render :file => @rescues_path["rescues/_trace.erb"] %> <% @exception = @real_exception %> -<%= render(:file => @rescues_path + "/_request_and_response.erb") %> +<%= render :file => @rescues_path["rescues/_request_and_response.erb"] %> vendor/rails/actionpack/lib/action_controller/templates/rescues/template_error.erb @@ -1,20 +1,7 @@ require 'active_support/test_case' +require 'action_controller/test_process' module ActionController - class NonInferrableControllerError < ActionControllerError - def initialize(name) - @name = name - super "Unable to determine the controller to test from #{name}. " + - "You'll need to specify it using 'tests YourController' in your " + - "test case definition. This could mean that #{inferred_controller_name} does not exist " + - "or it contains syntax errors" - end - - def inferred_controller_name - @name.sub(/Test$/, '') - end - end - # Superclass for ActionController functional tests. Functional tests allow you to # test a single controller action per test method. This should not be confused with # integration tests (see ActionController::IntegrationTest), which are more like @@ -74,7 +61,65 @@ module ActionController # class SpecialEdgeCaseWidgetsControllerTest < ActionController::TestCase # tests WidgetController # end + # + # == Testing controller internals + # + # In addition to these specific assertions, you also have easy access to various collections that the regular test/unit assertions + # can be used against. These collections are: + # + # * assigns: Instance variables assigned in the action that are available for the view. + # * session: Objects being saved in the session. + # * flash: The flash objects currently in the session. + # * cookies: Cookies being sent to the user on this request. + # + # These collections can be used just like any other hash: + # + # assert_not_nil assigns(:person) # makes sure that a @person instance variable was set + # assert_equal "Dave", cookies[:name] # makes sure that a cookie called :name was set as "Dave" + # assert flash.empty? # makes sure that there's nothing in the flash + # + # For historic reasons, the assigns hash uses string-based keys. So assigns[:person] won't work, but assigns["person"] will. To + # appease our yearning for symbols, though, an alternative accessor has been devised using a method call instead of index referencing. + # So assigns(:person) will work just like assigns["person"], but again, assigns[:person] will not work. + # + # On top of the collections, you have the complete url that a given action redirected to available in redirect_to_url. + # + # For redirects within the same controller, you can even call follow_redirect and the redirect will be followed, triggering another + # action call which can then be asserted against. + # + # == Manipulating the request collections + # + # The collections described above link to the response, so you can test if what the actions were expected to do happened. But + # sometimes you also want to manipulate these collections in the incoming request. This is really only relevant for sessions + # and cookies, though. For sessions, you just do: + # + # @request.session[:key] = "value" + # @request.cookies["key"] = "value" + # + # == Testing named routes + # + # If you're using named routes, they can be easily tested using the original named routes' methods straight in the test case. + # Example: + # + # assert_redirected_to page_url(:title => 'foo') class TestCase < ActiveSupport::TestCase + include TestProcess + + module Assertions + %w(response selector tag dom routing model).each do |kind| + include ActionController::Assertions.const_get("#{kind.camelize}Assertions") + end + + def clean_backtrace(&block) + yield + rescue ActiveSupport::TestCase::Assertion => error + framework_path = Regexp.new(File.expand_path("#{File.dirname(__FILE__)}/assertions")) + error.backtrace.reject! { |line| File.expand_path(line) =~ framework_path } + raise + end + end + include Assertions + # When the request.remote_addr remains the default for testing, which is 0.0.0.0, the exception is simply raised inline # (bystepping the regular exception handling from rescue_action). If the request.remote_addr is anything else, the regular # rescue_action process takes place. This means you can test your rescue_action code by setting remote_addr to something else @@ -82,17 +127,23 @@ module ActionController # # The exception is stored in the exception accessor for further inspection. module RaiseActionExceptions - attr_accessor :exception - - def rescue_action_without_handler(e) - self.exception = e - - if request.remote_addr == "0.0.0.0" - raise(e) - else - super(e) + def self.included(base) + base.class_eval do + attr_accessor :exception + protected :exception, :exception= end end + + protected + def rescue_action_without_handler(e) + self.exception = e + + if request.remote_addr == "0.0.0.0" + raise(e) + else + super(e) + end + end end setup :setup_controller_request_and_response @@ -107,7 +158,7 @@ module ActionController end def controller_class=(new_class) - prepare_controller_class(new_class) + prepare_controller_class(new_class) if new_class write_inheritable_attribute(:controller_class, new_class) end @@ -122,7 +173,7 @@ module ActionController def determine_default_controller_class(name) name.sub(/Test$/, '').constantize rescue NameError - raise NonInferrableControllerError.new(name) + nil end def prepare_controller_class(new_class) @@ -131,17 +182,23 @@ module ActionController end def setup_controller_request_and_response - @controller = self.class.controller_class.new - @controller.request = @request = TestRequest.new + @request = TestRequest.new @response = TestResponse.new - @controller.params = {} - @controller.send(:initialize_current_url) + if klass = self.class.controller_class + @controller ||= klass.new rescue nil + end + + if @controller + @controller.request = @request + @controller.params = {} + @controller.send(:initialize_current_url) + end end # Cause the action to be rescued according to the regular rules for rescue_action when the visitor is not local def rescue_action_in_public! @request.remote_addr = '208.77.188.166' # example.com end - end + end end vendor/rails/actionpack/lib/action_controller/test_case.rb @@ -1,51 +1,25 @@ -require 'action_controller/assertions' -require 'action_controller/test_case' - module ActionController #:nodoc: - class Base - attr_reader :assigns + class TestRequest < Request #:nodoc: + attr_accessor :cookies, :session_options + attr_accessor :query_parameters, :path, :session + attr_accessor :host - # Process a test request called with a TestRequest object. - def self.process_test(request) - new.process_test(request) + def self.new(env = {}) + super end - def process_test(request) #:nodoc: - process(request, TestResponse.new) - end + def initialize(env = {}) + super(Rack::MockRequest.env_for("/").merge(env)) - def process_with_test(*args) - returning process_without_test(*args) do - @assigns = {} - (instance_variable_names - @@protected_instance_variables).each do |var| - value = instance_variable_get(var) - @assigns[var[1..-1]] = value - response.template.assigns[var[1..-1]] = value if response - end - end - end + @query_parameters = {} + @session = TestSession.new - alias_method_chain :process, :test - end - - class TestRequest < AbstractRequest #:nodoc: - attr_accessor :cookies, :session_options - attr_accessor :query_parameters, :request_parameters, :path, :session - attr_accessor :host, :user_agent - - def initialize(query_parameters = nil, request_parameters = nil, session = nil) - @query_parameters = query_parameters || {} - @request_parameters = request_parameters || {} - @session = session || TestSession.new - - initialize_containers initialize_default_values - - super() + initialize_containers end def reset_session - @session = TestSession.new + @session.reset end # Wraps raw_post in a StringIO. @@ -56,12 +30,15 @@ module ActionController #:nodoc: # Either the RAW_POST_DATA environment variable or the URL-encoded request # parameters. def raw_post - env['RAW_POST_DATA'] ||= returning(url_encoded_request_parameters) { |b| b.force_encoding(Encoding::BINARY) if b.respond_to?(:force_encoding) } + @env['RAW_POST_DATA'] ||= begin + data = url_encoded_request_parameters + data.force_encoding(Encoding::BINARY) if data.respond_to?(:force_encoding) + data + end end def port=(number) @env["SERVER_PORT"] = number.to_i - port(true) end def action=(action_name) @@ -75,8 +52,6 @@ module ActionController #:nodoc: @env["REQUEST_URI"] = value @request_uri = nil @path = nil - request_uri(true) - path(true) end def request_uri=(uri) @@ -84,9 +59,13 @@ module ActionController #:nodoc: @path = uri.split("?").first end + def request_method=(method) + @request_method = method + end + def accept=(mime_types) @env["HTTP_ACCEPT"] = Array(mime_types).collect { |mime_types| mime_types.to_s }.join(",") - accepts(true) + @accepts = nil end def if_modified_since=(last_modified) @@ -102,11 +81,11 @@ module ActionController #:nodoc: end def request_uri(*args) - @request_uri || super + @request_uri || super() end def path(*args) - @path || super + @path || super() end def assign_parameters(controller_path, action, parameters) @@ -126,26 +105,30 @@ module ActionController #:nodoc: path_parameters[key.to_s] = value end end + raw_post # populate env['RAW_POST_DATA'] @parameters = nil # reset TestRequest#parameters to use the new path_parameters end def recycle! - self.request_parameters = {} self.query_parameters = {} self.path_parameters = {} - unmemoize_all + @headers, @request_method, @accepts, @content_type = nil, nil, nil, nil + end + + def user_agent=(user_agent) + @env['HTTP_USER_AGENT'] = user_agent end private def initialize_containers - @env, @cookies = {}, {} + @cookies = {} end def initialize_default_values @host = "test.host" @request_uri = "/" - @user_agent = "Rails Testing" - self.remote_addr = "0.0.0.0" + @env['HTTP_USER_AGENT'] = "Rails Testing" + @env['REMOTE_ADDR'] = "0.0.0.0" @env["SERVER_PORT"] = 80 @env['REQUEST_METHOD'] = "GET" end @@ -167,7 +150,7 @@ module ActionController #:nodoc: module TestResponseBehavior #:nodoc: # The response code of the request def response_code - status[0,3].to_i rescue 0 + status.to_s[0,3].to_i rescue 0 end # Returns a String to ensure compatibility with Net::HTTPResponse @@ -201,6 +184,11 @@ module ActionController #:nodoc: alias_method :server_error?, :error? + # Was there a client client? + def client_error? + (400..499).include?(response_code) + end + # Returns the redirection location or nil def redirect_url headers['Location'] @@ -217,8 +205,8 @@ module ActionController #:nodoc: # Returns the template of the file which was used to # render this response (or nil) - def rendered_template - template.instance_variable_get(:@_first_render) + def rendered + template.instance_variable_get(:@_rendered) end # A shortcut to the flash. Returns an empty hash if no session flash exists. @@ -228,7 +216,7 @@ module ActionController #:nodoc: # Do we have a flash? def has_flash? - !session['flash'].empty? + !flash.empty? end # Do we have a flash that has contents? @@ -256,11 +244,16 @@ module ActionController #:nodoc: !template_objects[name].nil? end - # Returns the response cookies, converted to a Hash of (name => CGI::Cookie) pairs + # Returns the response cookies, converted to a Hash of (name => value) pairs # - # assert_equal ['AuthorOfNewPage'], r.cookies['author'].value + # assert_equal 'AuthorOfNewPage', r.cookies['author'] def cookies - headers['cookie'].inject({}) { |hash, cookie| hash[cookie.name] = cookie; hash } + cookies = {} + Array(headers['Set-Cookie']).each do |cookie| + key, value = cookie.split(";").first.split("=") + cookies[key] = value + end + cookies end # Returns binary content (downloadable file), converted to a String @@ -281,48 +274,72 @@ module ActionController #:nodoc: # TestResponse, which represent the HTTP response results of the requested # controller actions. # - # See AbstractResponse for more information on controller response objects. - class TestResponse < AbstractResponse + # See Response for more information on controller response objects. + class TestResponse < Response include TestResponseBehavior - + def recycle! headers.delete('ETag') headers.delete('Last-Modified') end end - class TestSession #:nodoc: + class TestSession < Hash #:nodoc: attr_accessor :session_id def initialize(attributes = nil) - @session_id = '' - @attributes = attributes.nil? ? nil : attributes.stringify_keys - @saved_attributes = nil + reset_session_id + replace_attributes(attributes) + end + + def reset + reset_session_id + replace_attributes({ }) end def data - @attributes ||= @saved_attributes || {} + to_hash end def [](key) - data[key.to_s] + super(key.to_s) end def []=(key, value) - data[key.to_s] = value + super(key.to_s, value) end - def update - @saved_attributes = @attributes + def update(hash = nil) + if hash.nil? + ActiveSupport::Deprecation.warn('use replace instead', caller) + replace({}) + else + super(hash) + end end - def delete - @attributes = nil + def delete(key = nil) + if key.nil? + ActiveSupport::Deprecation.warn('use clear instead', caller) + clear + else + super(key.to_s) + end end def close - update - delete + ActiveSupport::Deprecation.warn('sessions should no longer be closed', caller) + end + + private + + def reset_session_id + @session_id = '' + end + + def replace_attributes(attributes = nil) + attributes ||= {} + replace(attributes.stringify_keys) end end @@ -333,10 +350,10 @@ module ActionController #:nodoc: # a file upload. # # Usage example, within a functional test: - # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(Test::Unit::TestCase.fixture_path + '/files/spongebob.png', 'image/png') + # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + '/files/spongebob.png', 'image/png') # # Pass a true third parameter to ensure the uploaded file is opened in binary mode (only required for Windows): - # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(Test::Unit::TestCase.fixture_path + '/files/spongebob.png', 'image/png', :binary) + # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + '/files/spongebob.png', 'image/png', :binary) require 'tempfile' class TestUploadedFile # The filename, *not* including the path, of the "uploaded" file @@ -368,20 +385,33 @@ module ActionController #:nodoc: module TestProcess def self.included(base) - # execute the request simulating a specific HTTP method and set/volley the response - # TODO: this should be un-DRY'ed for the sake of API documentation. - %w( get post put delete head ).each do |method| - base.class_eval <<-EOV, __FILE__, __LINE__ - def #{method}(action, parameters = nil, session = nil, flash = nil) - @request.env['REQUEST_METHOD'] = "#{method.upcase}" if defined?(@request) - process(action, parameters, session, flash) - end - EOV + # Executes a request simulating GET HTTP method and set/volley the response + def get(action, parameters = nil, session = nil, flash = nil) + process(action, parameters, session, flash, "GET") + end + + # Executes a request simulating POST HTTP method and set/volley the response + def post(action, parameters = nil, session = nil, flash = nil) + process(action, parameters, session, flash, "POST") + end + + # Executes a request simulating PUT HTTP method and set/volley the response + def put(action, parameters = nil, session = nil, flash = nil) + process(action, parameters, session, flash, "PUT") + end + + # Executes a request simulating DELETE HTTP method and set/volley the response + def delete(action, parameters = nil, session = nil, flash = nil) + process(action, parameters, session, flash, "DELETE") + end + + # Executes a request simulating HEAD HTTP method and set/volley the response + def head(action, parameters = nil, session = nil, flash = nil) + process(action, parameters, session, flash, "HEAD") end end - # execute the request and set/volley the response - def process(action, parameters = nil, session = nil, flash = nil) + def process(action, parameters = nil, session = nil, flash = nil, http_method = 'GET') # Sanity check for required instance variables so we can give an # understandable error message. %w(@controller @request @response).each do |iv_name| @@ -394,7 +424,7 @@ module ActionController #:nodoc: @response.recycle! @html_document = nil - @request.env['REQUEST_METHOD'] ||= "GET" + @request.env['REQUEST_METHOD'] = http_method @request.action = action.to_s @@ -404,12 +434,14 @@ module ActionController #:nodoc: @request.session = ActionController::TestSession.new(session) unless session.nil? @request.session["flash"] = ActionController::Flash::FlashHash.new.update(flash) if flash build_request_uri(action, parameters) - @controller.process(@request, @response) + + Base.class_eval { include ProcessWithTest } unless Base < ProcessWithTest + @controller.process_with_test(@request, @response) end def xml_http_request(request_method, action, parameters = nil, session = nil, flash = nil) @request.env['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest' - @request.env['HTTP_ACCEPT'] = 'text/javascript, text/html, application/xml, text/xml, */*' + @request.env['HTTP_ACCEPT'] = [Mime::JS, Mime::HTML, Mime::XML, 'text/xml', Mime::ALL].join(', ') returning __send__(request_method, action, parameters, session, flash) do @request.env.delete 'HTTP_X_REQUESTED_WITH' @request.env.delete 'HTTP_ACCEPT' @@ -426,7 +458,7 @@ module ActionController #:nodoc: end def session - @response.session + @request.session end def flash @@ -464,15 +496,15 @@ module ActionController #:nodoc: html_document.find_all(conditions) end - def method_missing(selector, *args) - if ActionController::Routing::Routes.named_routes.helpers.include?(selector) - @controller.send(selector, *args) + def method_missing(selector, *args, &block) + if @controller && ActionController::Routing::Routes.named_routes.helpers.include?(selector) + @controller.send(selector, *args, &block) else super end end - # Shortcut for <tt>ActionController::TestUploadedFile.new(Test::Unit::TestCase.fixture_path + path, type)</tt>: + # Shortcut for <tt>ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + path, type)</tt>: # # post :change_avatar, :avatar => fixture_file_upload('/files/spongebob.png', 'image/png') # @@ -481,11 +513,8 @@ module ActionController #:nodoc: # # post :change_avatar, :avatar => fixture_file_upload('/files/spongebob.png', 'image/png', :binary) def fixture_file_upload(path, mime_type = nil, binary = false) - ActionController::TestUploadedFile.new( - Test::Unit::TestCase.respond_to?(:fixture_path) ? Test::Unit::TestCase.fixture_path + path : path, - mime_type, - binary - ) + fixture_path = ActionController::TestCase.send(:fixture_path) if ActionController::TestCase.respond_to?(:fixture_path) + ActionController::TestUploadedFile.new("#{fixture_path}#{path}", mime_type, binary) end # A helper to make it easier to test different route configurations. @@ -520,12 +549,24 @@ module ActionController #:nodoc: ActionController::Routing.const_set(:Routes, real_routes) if real_routes end end -end -module Test - module Unit - class TestCase #:nodoc: - include ActionController::TestProcess + module ProcessWithTest #:nodoc: + def self.included(base) + base.class_eval { attr_reader :assigns } + end + + def process_with_test(*args) + process(*args).tap { set_test_assigns } end + + private + def set_test_assigns + @assigns = {} + (instance_variable_names - self.class.protected_instance_variables).each do |var| + name, value = var[1..-1], instance_variable_get(var) + @assigns[name] = value + response.template.assigns[name] = value if response + end + end end end vendor/rails/actionpack/lib/action_controller/test_process.rb @@ -92,15 +92,12 @@ module ActionController # end # end module UrlWriter - # The default options for urls written by this writer. Typically a <tt>:host</tt> - # pair is provided. - mattr_accessor :default_url_options - self.default_url_options = {} - def self.included(base) #:nodoc: ActionController::Routing::Routes.install_helpers(base) base.mattr_accessor :default_url_options - base.default_url_options ||= default_url_options + + # The default options for urls written by this writer. Typically a <tt>:host</tt> pair is provided. + base.default_url_options ||= {} end # Generate a url based on the options provided, default_url_options and the vendor/rails/actionpack/lib/action_controller/url_rewriter.rb @@ -556,7 +556,7 @@ module HTML end # Attribute value. - next if statement.sub!(/^\[\s*([[:alpha:]][\w\-]*)\s*((?:[~|^$*])?=)?\s*('[^']*'|"[^*]"|[^\]]*)\s*\]/) do |match| + next if statement.sub!(/^\[\s*([[:alpha:]][\w\-:]*)\s*((?:[~|^$*])?=)?\s*('[^']*'|"[^*]"|[^\]]*)\s*\]/) do |match| name, equality, value = $1, $2, $3 if value == "?" value = values.shift vendor/rails/actionpack/lib/action_controller/vendor/html-scanner/html/selector.rb @@ -90,7 +90,7 @@ module ActionController #:nodoc: def verify_action(options) #:nodoc: if prereqs_invalid?(options) flash.update(options[:add_flash]) if options[:add_flash] - response.headers.update(options[:add_headers]) if options[:add_headers] + response.headers.merge!(options[:add_headers]) if options[:add_headers] apply_remaining_actions(options) unless performed? end end vendor/rails/actionpack/lib/action_controller/verification.rb @@ -1,5 +1,5 @@ #-- -# Copyright (c) 2004-2008 David Heinemeier Hansson +# Copyright (c) 2004-2009 David Heinemeier Hansson # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the vendor/rails/actionpack/lib/action_pack.rb @@ -1,7 +1,7 @@ module ActionPack #:nodoc: module VERSION #:nodoc: MAJOR = 2 - MINOR = 2 + MINOR = 3 TINY = 2 STRING = [MAJOR, MINOR, TINY].join('.') vendor/rails/actionpack/lib/action_pack/version.rb @@ -1,5 +1,5 @@ #-- -# Copyright (c) 2004-2008 David Heinemeier Hansson +# Copyright (c) 2004-2009 David Heinemeier Hansson # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the @@ -31,23 +31,28 @@ rescue LoadError end end -require 'action_view/template_handlers' -require 'action_view/renderable' -require 'action_view/renderable_partial' +module ActionView + def self.load_all! + [Base, InlineTemplate, TemplateError] + end -require 'action_view/template' -require 'action_view/inline_template' -require 'action_view/paths' + autoload :Base, 'action_view/base' + autoload :Helpers, 'action_view/helpers' + autoload :InlineTemplate, 'action_view/inline_template' + autoload :Partials, 'action_view/partials' + autoload :PathSet, 'action_view/paths' + autoload :Renderable, 'action_view/renderable' + autoload :RenderablePartial, 'action_view/renderable_partial' + autoload :Template, 'action_view/template' + autoload :ReloadableTemplate, 'action_view/reloadable_template' + autoload :TemplateError, 'action_view/template_error' + autoload :TemplateHandler, 'action_view/template_handler' + autoload :TemplateHandlers, 'action_view/template_handlers' + autoload :Helpers, 'action_view/helpers' +end -require 'action_view/base' -require 'action_view/partials' -require 'action_view/template_error' +class ERB + autoload :Util, 'action_view/erb/util' +end I18n.load_path << "#{File.dirname(__FILE__)}/action_view/locale/en.yml" - -require 'action_view/helpers' - -ActionView::Base.class_eval do - include ActionView::Partials - include ActionView::Helpers -end vendor/rails/actionpack/lib/action_view.rb @@ -3,9 +3,12 @@ module ActionView #:nodoc: end class MissingTemplate < ActionViewError #:nodoc: + attr_reader :path + def initialize(paths, path, template_format = nil) + @path = path full_template_path = path.include?('.') ? path : "#{path}.erb" - display_paths = paths.join(':') + display_paths = paths.compact.join(":") template_type = (path =~ /layouts/i) ? 'layout' : 'template' super("Missing #{template_type} #{full_template_path} in view path #{display_paths}") end @@ -157,7 +160,7 @@ module ActionView #:nodoc: # # See the ActionView::Helpers::PrototypeHelper::GeneratorMethods documentation for more details. class Base - include ERB::Util + include Helpers, Partials, ::ERB::Util extend ActiveSupport::Memoizable attr_accessor :base_path, :assigns, :template_extension @@ -172,25 +175,21 @@ module ActionView #:nodoc: delegate :logger, :to => 'ActionController::Base' end - # Templates that are exempt from layouts - @@exempt_from_layout = Set.new([/\.rjs$/]) - - # Don't render layouts for templates with the given extensions. - def self.exempt_from_layout(*extensions) - regexps = extensions.collect do |extension| - extension.is_a?(Regexp) ? extension : /\.#{Regexp.escape(extension.to_s)}$/ - end - @@exempt_from_layout.merge(regexps) - end - + @@debug_rjs = false + ## + # :singleton-method: # Specify whether RJS responses should be wrapped in a try/catch block # that alert()s the caught exception (and then re-raises it). - @@debug_rjs = false cattr_accessor :debug_rjs - # A warning will be displayed whenever an action results in a cache miss on your view paths. - @@warn_cache_misses = false - cattr_accessor :warn_cache_misses + # Specify whether templates should be cached. Otherwise the file we be read everytime it is accessed. + # Automatically reloading templates are not thread safe and should only be used in development mode. + @@cache_template_loading = nil + cattr_accessor :cache_template_loading + + def self.cache_template_loading? + ActionController::Base.allow_concurrency || (cache_template_loading.nil? ? !ActiveSupport::Dependencies.load? : cache_template_loading) + end attr_internal :request @@ -222,38 +221,43 @@ module ActionView #:nodoc: def initialize(view_paths = [], assigns_for_first_render = {}, controller = nil)#:nodoc: @assigns = assigns_for_first_render @assigns_added = nil - @_render_stack = [] @controller = controller @helpers = ProxyModule.new(self) self.view_paths = view_paths + + @_first_render = nil + @_current_render = nil end attr_reader :view_paths def view_paths=(paths) @view_paths = self.class.process_view_paths(paths) + # we might be using ReloadableTemplates, so we need to let them know this a new request + @view_paths.load! end - # Renders the template present at <tt>template_path</tt> (relative to the view_paths array). - # The hash in <tt>local_assigns</tt> is made available as local variables. + # Returns the result of a render that's dictated by the options hash. The primary options are: + # + # * <tt>:partial</tt> - See ActionView::Partials. + # * <tt>:update</tt> - Calls update_page with the block given. + # * <tt>:file</tt> - Renders an explicit template file (this used to be the old default), add :locals to pass in those. + # * <tt>:inline</tt> - Renders an inline template similar to how it's done in the controller. + # * <tt>:text</tt> - Renders the text passed in out. + # + # If no options hash is passed or :update specified, the default is to render a partial and use the second parameter + # as the locals hash. def render(options = {}, local_assigns = {}, &block) #:nodoc: local_assigns ||= {} - if options.is_a?(String) - ActiveSupport::Deprecation.warn( - "Calling render with a string will render a partial from Rails 2.3. " + - "Change this call to render(:file => '#{options}', :locals => locals_hash)." - ) - - render(:file => options, :locals => local_assigns) - elsif options == :update - update_page(&block) - elsif options.is_a?(Hash) + case options + when Hash options = options.reverse_merge(:locals => {}) if options[:layout] _render_with_layout(options, local_assigns, &block) elsif options[:file] - _pick_template(options[:file]).render_template(self, options[:locals]) + template = self.view_paths.find_template(options[:file], template_format) + template.render_template(self, options[:locals]) elsif options[:partial] render_partial(options) elsif options[:inline] @@ -261,6 +265,10 @@ module ActionView #:nodoc: elsif options[:text] options[:text] end + when :update + update_page(&block) + else + render_partial(:partial => options, :locals => local_assigns) end end @@ -271,7 +279,7 @@ module ActionView #:nodoc: if defined? @template_format @template_format elsif controller && controller.respond_to?(:request) - @template_format = controller.request.template_format + @template_format = controller.request.template_format.to_sym else @template_format = :html end @@ -280,7 +288,19 @@ module ActionView #:nodoc: # Access the current template being rendered. # Returns a ActionView::Template object. def template - @_render_stack.last + @_current_render + end + + def template=(template) #:nodoc: + @_first_render ||= template + @_current_render = template + end + + def with_template(current_template) + last_template, self.template = template, current_template + yield + ensure + self.template = last_template end private @@ -307,50 +327,6 @@ module ActionView #:nodoc: end end - def _pick_template(template_path) - return template_path if template_path.respond_to?(:render) - - path = template_path.sub(/^\//, '') - if m = path.match(/(.*)\.(\w+)$/) - template_file_name, template_file_extension = m[1], m[2] - else - template_file_name = path - end - - # OPTIMIZE: Checks to lookup template in view path - if template = self.view_paths["#{template_file_name}.#{template_format}"] - template - elsif template = self.view_paths[template_file_name] - template - elsif (first_render = @_render_stack.first) && first_render.respond_to?(:format_and_extension) && - (template = self.view_paths["#{template_file_name}.#{first_render.format_and_extension}"]) - template - elsif template_format == :js && template = self.view_paths["#{template_file_name}.html"] - @template_format = :html - template - else - template = Template.new(template_path, view_paths) - - if self.class.warn_cache_misses && logger - logger.debug "[PERFORMANCE] Rendering a template that was " + - "not found in view path. Templates outside the view path are " + - "not cached and result in expensive disk operations. Move this " + - "file into #{view_paths.join(':')} or add the folder to your " + - "view path list" - end - - template - end - end - memoize :_pick_template - - def _exempt_from_layout?(template_path) #:nodoc: - template = _pick_template(template_path).to_s - @@exempt_from_layout.any? { |ext| template =~ ext } - rescue ActionView::MissingTemplate - return false - end - def _render_with_layout(options, local_assigns, &block) #:nodoc: partial_layout = options.delete(:layout) vendor/rails/actionpack/lib/action_view/base.rb @@ -1,10 +1,28 @@ -Dir.entries(File.expand_path("#{File.dirname(__FILE__)}/helpers")).sort.each do |file| - next unless file =~ /^([a-z][a-z_]*_helper).rb$/ - require "action_view/helpers/#{$1}" -end - module ActionView #:nodoc: module Helpers #:nodoc: + autoload :ActiveRecordHelper, 'action_view/helpers/active_record_helper' + autoload :AssetTagHelper, 'action_view/helpers/asset_tag_helper' + autoload :AtomFeedHelper, 'action_view/helpers/atom_feed_helper' + autoload :BenchmarkHelper, 'action_view/helpers/benchmark_helper' + autoload :CacheHelper, 'action_view/helpers/cache_helper' + autoload :CaptureHelper, 'action_view/helpers/capture_helper' + autoload :DateHelper, 'action_view/helpers/date_helper' + autoload :DebugHelper, 'action_view/helpers/debug_helper' + autoload :FormHelper, 'action_view/helpers/form_helper' + autoload :FormOptionsHelper, 'action_view/helpers/form_options_helper' + autoload :FormTagHelper, 'action_view/helpers/form_tag_helper' + autoload :JavascriptHelper, 'action_view/helpers/javascript_helper' + autoload :NumberHelper, 'action_view/helpers/number_helper' + autoload :PrototypeHelper, 'action_view/helpers/prototype_helper' + autoload :RecordIdentificationHelper, 'action_view/helpers/record_identification_helper' + autoload :RecordTagHelper, 'action_view/helpers/record_tag_helper' + autoload :SanitizeHelper, 'action_view/helpers/sanitize_helper' + autoload :ScriptaculousHelper, 'action_view/helpers/scriptaculous_helper' + autoload :TagHelper, 'action_view/helpers/tag_helper' + autoload :TextHelper, 'action_view/helpers/text_helper' + autoload :TranslationHelper, 'action_view/helpers/translation_helper' + autoload :UrlHelper, 'action_view/helpers/url_helper' + def self.included(base) base.extend(ClassMethods) end @@ -24,6 +42,7 @@ module ActionView #:nodoc: include FormHelper include FormOptionsHelper include FormTagHelper + include JavaScriptHelper include NumberHelper include PrototypeHelper include RecordIdentificationHelper vendor/rails/actionpack/lib/action_view/helpers.rb @@ -121,7 +121,7 @@ module ActionView if (obj = (object.respond_to?(:errors) ? object : instance_variable_get("@#{object}"))) && (errors = obj.errors.on(method)) content_tag("div", - "#{options[:prepend_text]}#{errors.is_a?(Array) ? errors.first : errors}#{options[:append_text]}", + "#{options[:prepend_text]}#{ERB::Util.html_escape(errors.is_a?(Array) ? errors.first : errors)}#{options[:append_text]}", :class => options[:css_class] ) else @@ -198,7 +198,7 @@ module ActionView locale.t :header, :count => count, :model => object_name end message = options.include?(:message) ? options[:message] : locale.t(:body) - error_messages = objects.sum {|object| object.errors.full_messages.map {|msg| content_tag(:li, msg) } }.join + error_messages = objects.sum {|object| object.errors.full_messages.map {|msg| content_tag(:li, ERB::Util.html_escape(msg)) } }.join contents = '' contents << content_tag(options[:header_tag] || :h2, header_message) unless header_message.blank? vendor/rails/actionpack/lib/action_view/helpers/active_record_helper.rb @@ -6,54 +6,70 @@ module ActionView module Helpers #:nodoc: # This module provides methods for generating HTML that links views to assets such # as images, javascripts, stylesheets, and feeds. These methods do not verify - # the assets exist before linking to them. + # the assets exist before linking to them: + # + # image_tag("rails.png") + # # => <img alt="Rails src="/images/rails.png?1230601161" /> + # stylesheet_link_tag("application") + # # => <link href="/stylesheets/application.css?1232285206" media="screen" rel="stylesheet" type="text/css" /> # # === Using asset hosts + # # By default, Rails links to these assets on the current host in the public - # folder, but you can direct Rails to link to assets from a dedicated assets server by - # setting ActionController::Base.asset_host in your <tt>config/environment.rb</tt>. For example, - # let's say your asset host is <tt>assets.example.com</tt>. + # folder, but you can direct Rails to link to assets from a dedicated asset + # server by setting ActionController::Base.asset_host in the application + # configuration, typically in <tt>config/environments/production.rb</tt>. + # For example, you'd define <tt>assets.example.com</tt> to be your asset + # host this way: # # ActionController::Base.asset_host = "assets.example.com" + # + # Helpers take that into account: + # # image_tag("rails.png") - # => <img src="http://assets.example.com/images/rails.png" alt="Rails" /> + # # => <img alt="Rails" src="http://assets.example.com/images/rails.png?1230601161" /> # stylesheet_link_tag("application") - # => <link href="http://assets.example.com/stylesheets/application.css" media="screen" rel="stylesheet" type="text/css" /> + # # => <link href="http://assets.example.com/stylesheets/application.css?1232285206" media="screen" rel="stylesheet" type="text/css" /> # - # This is useful since browsers typically open at most two connections to a single host, - # which means your assets often wait in single file for their turn to load. You can - # alleviate this by using a <tt>%d</tt> wildcard in <tt>asset_host</tt> (for example, "assets%d.example.com") - # to automatically distribute asset requests among four hosts (e.g., "assets0.example.com" through "assets3.example.com") - # so browsers will open eight connections rather than two. + # Browsers typically open at most two simultaneous connections to a single + # host, which means your assets often have to wait for other assets to finish + # downloading. You can alleviate this by using a <tt>%d</tt> wildcard in the + # +asset_host+. For example, "assets%d.example.com". If that wildcard is + # present Rails distributes asset requests among the corresponding four hosts + # "assets0.example.com", ..., "assets3.example.com". With this trick browsers + # will open eight simultaneous connections rather than two. # # image_tag("rails.png") - # => <img src="http://assets0.example.com/images/rails.png" alt="Rails" /> + # # => <img alt="Rails" src="http://assets0.example.com/images/rails.png?1230601161" /> # stylesheet_link_tag("application") - # => <link href="http://assets3.example.com/stylesheets/application.css" media="screen" rel="stylesheet" type="text/css" /> + # # => <link