Merge branch 'master' of git://github.com/rails/rails

.gitignore

@@ -21,4 +21,5 @@ railties/doc
 railties/guides/output
 railties/tmp
 .rvmrc
+.rbenv-version
 RDOC_MAIN.rdoc

.travis.yml

@@ -2,6 +2,7 @@ script: 'ci/travis.rb'
 rvm:
   - 1.8.7
   - 1.9.2
+  - 1.9.3
 env:
   - "GEM=railties"
   - "GEM=ap,am,amo,ares,as"
@@ -11,4 +12,5 @@ env:
 notifications:
   email: false
   irc:
-    - "irc.freenode.org#rails-contrib"
+    - "irc.freenode.org#rails-contrib"
+bundler_args: --path vendor/bundle

Gemfile

@@ -11,12 +11,17 @@ gem "jquery-rails"
 # it being automatically loaded by sprockets
 gem "uglifier", ">= 1.0.0", :require => false
 
-gem "rake",  ">= 0.8.7"
+# Temp fix until rake 0.9.3 is out
+if RUBY_VERSION >= "1.9.3"
+  gem "rake", "0.9.3.beta.1"
+else
+  gem "rake", ">= 0.8.7"
+end
 gem "mocha", ">= 0.9.8"
 
 group :doc do
   gem "rdoc",  "~> 3.4"
-  gem "horo",  "= 1.0.3"
+  gem "sdoc",  "~> 0.3"
   gem "RedCloth", "~> 4.2" if RUBY_VERSION < "1.9.3"
   gem "w3c_validators"
 end

README.rdoc

@@ -8,28 +8,28 @@ into three layers, each with a specific responsibility.
 
 The View layer is composed of "templates" that are responsible for providing 
 appropriate representations of your application's resources. Templates
-can come in a variety of formats, but most view templates are HTML with embedded Ruby 
+can come in a variety of formats, but most view templates are \HTML with embedded Ruby
 code (.erb files). 
 
 The Model layer represents your domain model (such as Account, Product, Person, Post) 
 and encapsulates the business logic that is specific to your application. In Rails, 
-database-backed model classes are derived from ActiveRecord::Base. ActiveRecord allows
+database-backed model classes are derived from ActiveRecord::Base. Active Record allows
 you to present the data from database rows as objects and embellish these data objects 
 with business logic methods. Although most Rails models are backed by a database, models 
 can also be ordinary Ruby classes, or Ruby classes that implement a set of interfaces as
 provided by the ActiveModel module. You can read more about Active Record in its
-{README}[link:blob/master/activerecord/README.rdoc].
+{README}[link:/rails/rails/blob/master/activerecord/README.rdoc].
 
 The Controller layer is responsible for handling incoming HTTP requests and providing a 
-suitable response. Usually this means returning HTML, but Rails controllers can also
+suitable response. Usually this means returning \HTML, but Rails controllers can also
 generate XML, JSON, PDFs, mobile-specific views, and more. Controllers manipulate models 
 and render view templates in order to generate the appropriate HTTP response.
 
 In Rails, the Controller and View layers are handled together by Action Pack.
 These two layers are bundled in a single package due to their heavy interdependence. 
 This is unlike the relationship between Active Record and Action Pack which are
 independent. Each of these packages can be used independently outside of Rails. You 
-can read more about Action Pack in its {README}[link:blob/master/actionpack/README.rdoc].
+can read more about Action Pack in its {README}[link:/rails/rails/blob/master/actionpack/README.rdoc].
 
 == Getting Started
 
@@ -62,7 +62,7 @@ can read more about Action Pack in its {README}[link:blob/master/actionpack/READ
 * The {API Documentation}[http://api.rubyonrails.org].
 
 
-== Contributing
+== Contributing http://travis-ci.org/rails/rails.png
 
 We encourage you to contribute to Ruby on Rails! Please check out the {Contributing to Rails
 guide}[http://edgeguides.rubyonrails.org/contributing_to_ruby_on_rails.html] for guidelines about how

RELEASING_RAILS.rdoc

@@ -145,18 +145,25 @@ commits should be added to the release branch besides regression fixing commits.
 Many of these steps are the same as for the release candidate, so if you need
 more explanation on a particular step, so the RC steps.
 
-=== Email the rails security announce list, once for each vulnerability fixed.
-
-You can do this, or ask the security team to do it.
-
-FIXME: I can't remember the email addresses, but we should list them here.
-FIXME: Possibly we should do this the day of the RC?
+Today, do this stuff in this order:
 
 * Apply security patches to the release branch
 * Update CHANGELOG with security fixes.
 * Update RAILS_VERSION to remove the rc
 * Release the gems
-* Email announcement
+* Email security lists
+* Email general announcement lists
+
+=== Emailing the rails security announce list
+
+Email the security announce list once for each vulnerability fixed.
+
+You can do this, or ask the security team to do it.
+
+Email the security reports to:
+
+* rubyonrails-security@googlegroups.com
+* linux-distros@vs.openwall.org
 
 Be sure to note the security fixes in your announcement along with CVE numbers
 and links to each patch.  Some people may not be able to upgrade right away,

Rakefile

@@ -1,6 +1,7 @@
 #!/usr/bin/env rake
 
 require 'rdoc/task'
+require 'sdoc'
 require 'net/http'
 
 $:.unshift File.expand_path('..', __FILE__)
@@ -74,7 +75,10 @@ RDoc::Task.new do |rdoc|
     # since no autolinking happens there and RDoc displays the backslash
     # otherwise.
     rdoc_main.gsub!(/^(?=\S).*?\b(?=Rails)\b/) { "#$&\\" }
-    rdoc_main.gsub!(%r{link:blob/master/(\w+)/README\.rdoc}, "link:files/\\1/README_rdoc.html")
+    rdoc_main.gsub!(%r{link:/rails/rails/blob/master/(\w+)/README\.rdoc}, "link:files/\\1/README_rdoc.html")
+
+    # Remove Travis build status image from API pages. Only GitHub README page gets this image
+    rdoc_main.gsub!("http://travis-ci.org/rails/rails.png", "")
 
     File.open(RDOC_MAIN, 'w') do |f|
       f.write(rdoc_main)
@@ -86,8 +90,10 @@ RDoc::Task.new do |rdoc|
   rdoc.rdoc_dir = 'doc/rdoc'
   rdoc.title    = "Ruby on Rails Documentation"
 
-  rdoc.options << '-f' << 'horo'
+  rdoc.options << '-f' << 'sdoc'
+  rdoc.options << '-T' << 'rails'
   rdoc.options << '-c' << 'utf-8'
+  rdoc.options << '-g' # SDoc flag, link methods to GitHub
   rdoc.options << '-m' << RDOC_MAIN
 
   rdoc.rdoc_files.include('railties/CHANGELOG')

actionpack/CHANGELOG

@@ -30,6 +30,10 @@
 
 *Rails 3.1.0 (unreleased)*
 
+* Param values are `paramified` in controller tests. [David Chelimsky]
+
+* x_sendfile_header now defaults to nil and config/environments/production.rb doesn't set a particular value for it. This allows servers to set it through X-Sendfile-Type. [Santiago Pastorino]
+
 * The submit form helper does not generate an id "object_name_id" anymore. [fbrusatti]
 
 * Make sure respond_with with :js tries to render a template in all cases [José Valim]

actionpack/actionpack.gemspec

@@ -18,13 +18,13 @@ Gem::Specification.new do |s|
 
   s.add_dependency('activesupport',    version)
   s.add_dependency('activemodel',      version)
-  s.add_dependency('rack-cache',       '~> 1.0.2')
+  s.add_dependency('rack-cache',       '~> 1.0.3')
   s.add_dependency('builder',          '~> 3.0.0')
   s.add_dependency('i18n',             '~> 0.6')
   s.add_dependency('rack',             '~> 1.3.2')
-  s.add_dependency('rack-test',        '~> 0.6.0')
-  s.add_dependency('rack-mount',       '~> 0.8.1')
-  s.add_dependency('sprockets',        '~> 2.0.0.beta.12')
+  s.add_dependency('rack-test',        '~> 0.6.1')
+  s.add_dependency('rack-mount',       '~> 0.8.2')
+  s.add_dependency('sprockets',        '~> 2.0.0')
   s.add_dependency('erubis',           '~> 2.7.0')
 
   s.add_development_dependency('tzinfo',           '~> 0.3.29')

actionpack/lib/abstract_controller/view_paths.rb

@@ -1,3 +1,5 @@
+require 'action_view/base'
+
 module AbstractController
   module ViewPaths
     extend ActiveSupport::Concern
@@ -63,7 +65,7 @@ module ClassMethods
       #   the default view path. You may also provide a custom view path
       #   (see ActionView::PathSet for more information)
       def append_view_path(path)
-        self.view_paths = view_paths.dup + Array(path)
+        self._view_paths = view_paths + Array(path)
       end
 
       # Prepend a path to the list of view paths for this controller.
@@ -73,7 +75,7 @@ def append_view_path(path)
       #   the default view path. You may also provide a custom view path
       #   (see ActionView::PathSet for more information)
       def prepend_view_path(path)
-        self.view_paths = Array(path) + view_paths.dup
+        self._view_paths = ActionView::PathSet.new(Array(path) + view_paths)
       end
 
       # A list of all of the default view paths for this controller.
@@ -87,8 +89,7 @@ def view_paths
       # * <tt>paths</tt> - If a PathSet is provided, use that;
       #   otherwise, process the parameter into a PathSet.
       def view_paths=(paths)
-        self._view_paths = ActionView::Base.process_view_paths(paths)
-        self._view_paths.freeze
+        self._view_paths = ActionView::PathSet.new(Array.wrap(paths))
       end
     end
   end

actionpack/lib/action_controller/base.rb

@@ -63,7 +63,7 @@ module ActionController
   #
   # == Sessions
   #
-  # Sessions allows you to store objects in between requests. This is useful for objects that are not yet ready to be persisted,
+  # Sessions allow you to store objects in between requests. This is useful for objects that are not yet ready to be persisted,
   # such as a Signup object constructed in a multi-paged process, or objects that don't change much and are needed all the time, such
   # as a User object for a system that requires login. The session should not be used, however, as a cache for objects where it's likely
   # they could be changed unknowingly. It's usually too much work to keep it all synchronized -- something databases already excel at.

actionpack/lib/action_controller/metal/data_streaming.rb

@@ -17,7 +17,7 @@ module DataStreaming
     protected
       # Sends the file. This uses a server-appropriate method (such as X-Sendfile)
       # via the Rack::Sendfile middleware. The header to use is set via
-      # config.action_dispatch.x_sendfile_header, and defaults to "X-Sendfile".
+      # config.action_dispatch.x_sendfile_header.
       # Your server can also configure this for you by setting the X-Sendfile-Type header.
       #
       # Be careful to sanitize the path parameter if it is coming from a web

actionpack/lib/action_controller/metal/instrumentation.rb

@@ -58,8 +58,8 @@ def send_data(data, options = {})
     def redirect_to(*args)
       ActiveSupport::Notifications.instrument("redirect_to.action_controller") do |payload|
         result = super
-        payload[:status]   = self.status
-        payload[:location] = self.location
+        payload[:status]   = response.status
+        payload[:location] = response.location
         result
       end
     end
@@ -97,4 +97,4 @@ def log_process_action(payload) #:nodoc:
       end
     end
   end
-end
+end

actionpack/lib/action_controller/metal/params_wrapper.rb

@@ -6,31 +6,30 @@
 require 'action_dispatch/http/mime_types'
 
 module ActionController
-  # Wraps parameters hash into nested hash. This will allow client to submit
-  # POST request without having to specify a root element in it.
+  # Wraps the parameters hash into a nested hash. This will allow clients to submit
+  # POST requests without having to specify any root elements.
   #
-  # By default this functionality won't be enabled. You can enable
-  # it globally by setting +ActionController::Base.wrap_parameters+:
-  #
-  #     ActionController::Base.wrap_parameters = [:json]
+  # This functionality is enabled in +config/initializers/wrap_parameters.rb+
+  # and can be customized. If you are upgrading to \Rails 3.1, this file will
+  # need to be created for the functionality to be enabled.
   #
   # You could also turn it on per controller by setting the format array to
-  # non-empty array:
+  # a non-empty array:
   #
   #     class UsersController < ApplicationController
   #       wrap_parameters :format => [:json, :xml]
   #     end
   #
-  # If you enable +ParamsWrapper+ for +:json+ format. Instead of having to
+  # If you enable +ParamsWrapper+ for +:json+ format, instead of having to
   # send JSON parameters like this:
   #
   #     {"user": {"name": "Konata"}}
   #
-  # You can now just send a parameters like this:
+  # You can send parameters like this:
   #
   #     {"name": "Konata"}
   #
-  # And it will be wrapped into a nested hash with the key name matching
+  # And it will be wrapped into a nested hash with the key name matching the
   # controller's name. For example, if you're posting to +UsersController+,
   # your new +params+ hash will look like this:
   #
@@ -82,7 +81,7 @@ module ClassMethods
       #
       # ==== Examples
       #   wrap_parameters :format => :xml
-      #     # enables the parmeter wrapper for XML format
+      #     # enables the parameter wrapper for XML format
       #
       #   wrap_parameters :person
       #     # wraps parameters into +params[:person]+ hash

actionpack/lib/action_controller/metal/redirecting.rb

@@ -45,7 +45,7 @@ module Redirecting
     # integer, or a symbol representing the downcased, underscored and symbolized description.
     # Note that the status code must be a 3xx HTTP code, or redirection will not occur.
     #
-    # It is also possible to assign a flash message as part of the redirection. There are two special accessors for commonly used the flash names
+    # It is also possible to assign a flash message as part of the redirection. There are two special accessors for the commonly used flash names
     # +alert+ and +notice+ as well as a general purpose +flash+ bucket.
     #
     # Examples:

actionpack/lib/action_controller/metal/url_for.rb

@@ -18,7 +18,7 @@
 #       @url        = root_path # named route from the application.
 #     end
 #   end
-# => 
+# 
 module ActionController
   module UrlFor
     extend ActiveSupport::Concern

actionpack/lib/action_controller/test_case.rb

@@ -180,7 +180,7 @@ def recycle!
       @env.delete_if { |k, v| k =~ /^action_dispatch\.rescue/ }
       @symbolized_path_params = nil
       @method = @request_method = nil
-      @fullpath = @ip = @remote_ip = nil
+      @fullpath = @ip = @remote_ip = @protocol = nil
       @env['action_dispatch.request.query_parameters'] = {}
       @set_cookies ||= {}
       @set_cookies.update(Hash[cookie_jar.instance_variable_get("@set_cookies").map{ |k,o| [k,o[:value]] }])
@@ -401,9 +401,7 @@ def xml_http_request(request_method, action, parameters = nil, session = nil, fl
       def paramify_values(hash_or_array_or_value)
         case hash_or_array_or_value
         when Hash
-          hash_or_array_or_value.each do |key, value|
-            hash_or_array_or_value[key] = paramify_values(value)
-          end
+          Hash[hash_or_array_or_value.map{|key, value| [key, paramify_values(value)] }]
         when Array
           hash_or_array_or_value.map {|i| paramify_values(i)}
         when Rack::Test::UploadedFile
@@ -416,7 +414,7 @@ def paramify_values(hash_or_array_or_value)
       def process(action, parameters = nil, session = nil, flash = nil, http_method = 'GET')
         # Ensure that numbers and symbols passed as params are converted to
         # proper params, as is the case when engaging rack.
-        paramify_values(parameters)
+        parameters = paramify_values(parameters)
 
         # Sanity check for required instance variables so we can give an
         # understandable error message.
@@ -450,7 +448,7 @@ def process(action, parameters = nil, session = nil, flash = nil, http_method =
         @controller.params.merge!(parameters)
         build_request_uri(action, parameters)
         @controller.class.class_eval { include Testing }
-        @controller.recycle! 
+        @controller.recycle!
         @controller.process_with_new_base_test(@request, @response)
         @assigns = @controller.respond_to?(:view_assigns) ? @controller.view_assigns : {}
         @request.session.delete('flash') if @request.session['flash'].blank?

actionpack/lib/action_controller/vendor/html-scanner/html/node.rb

@@ -156,7 +156,7 @@ def parse(parent, line, pos, content, strict=true)
           end
 
           closing = ( scanner.scan(/\//) ? :close : nil )
-          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
+          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[^\s!>\/]+/)
           name.downcase!
 
           unless closing

actionpack/lib/action_dispatch/http/upload.rb

@@ -11,24 +11,13 @@ def initialize(hash)
         raise(ArgumentError, ':tempfile is required') unless @tempfile
       end
 
-      def open
-        @tempfile.open
-      end
-
-      def path
-        @tempfile.path
-      end
-
       def read(*args)
         @tempfile.read(*args)
       end
 
-      def rewind
-        @tempfile.rewind
-      end
-
-      def size
-        @tempfile.size
+      # Delegate these methods to the tempfile.
+      [:open, :path, :rewind, :size].each do |method|
+        class_eval "def #{method}; @tempfile.#{method}; end"
       end
 
       private