Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Deprecated UrlHelper#link_to_image and UrlHelper#link_to :post => tru…

…e (closes #6409) [BobSilva]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5338 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
commit 986c1a6240b412b89b8210a87fa64fb6981696a4 1 parent cfb7dea
@dhh dhh authored
View
2  actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Deprecated UrlHelper#link_to_image and UrlHelper#link_to :post => true #6409 [BobSilva]
+
* Upgraded NumberHelper with number_to_phone support international formats to comply with ITU E.123 by supporting area codes with less than 3 digits, added precision argument to number_to_human_size (defaults to 1) #6421 [BobSilva]
* Fixed that setting RAILS_ASSET_ID to "" should not add a trailing slash after assets #6454 [BobSilva/chrismear]
View
247 actionpack/lib/action_view/helpers/url_helper.rb
@@ -1,22 +1,21 @@
require File.dirname(__FILE__) + '/javascript_helper'
module ActionView
- module Helpers
- # Provides a set of methods for making easy links and getting urls that depend on the controller and action. This means that
- # you can use the same format for links in the views that you do in the controller. The different methods are even named
- # synchronously, so link_to uses that same url as is generated by url_for, which again is the same url used for
- # redirection in redirect_to.
+ module Helpers #:nodoc:
+ # Provides a set of methods for making easy links and getting urls that
+ # depend on the controller and action. This means that you can use the
+ # same format for links in the views that you do in the controller.
module UrlHelper
include JavaScriptHelper
- # Returns the URL for the set of +options+ provided. This takes the same options
- # as url_for. For a list, see the documentation for ActionController::Base#url_for.
- # Note that it'll set :only_path => true so you'll get /controller/action instead of the
- # http://example.com/controller/action part (makes it harder to parse httpd log files)
- #
- # When called from a view, url_for returns an HTML escaped url. If you need an unescaped
- # url, pass :escape => false to url_for.
- #
+ # Returns the URL for the set of +options+ provided. This takes the
+ # same options as url_for in action controller. For a list, see the
+ # documentation for ActionController::Base#url_for. Note that it'll
+ # set :only_path => true so you'll get the relative /controller/action
+ # instead of the fully qualified http://example.com/controller/action.
+ #
+ # When called from a view, url_for returns an HTML escaped url. If you
+ # need an unescaped url, pass :escape => false in the +options+.
def url_for(options = {}, *parameters_for_method_reference)
if options.kind_of? Hash
options = { :only_path => true }.update(options.symbolize_keys)
@@ -29,27 +28,41 @@ def url_for(options = {}, *parameters_for_method_reference)
escape ? html_escape(url) : url
end
- # Creates a link tag of the given +name+ using an URL created by the set of +options+. See the valid options in
- # the documentation for ActionController::Base#url_for. It's also possible to pass a string instead of an options hash to
- # get a link tag that just points without consideration. If nil is passed as a name, the link itself will become the name.
+ # Creates a link tag of the given +name+ using a URL created by the set
+ # of +options+. See the valid options in the documentation for
+ # ActionController::Base#url_for. It's also possible to pass a string instead
+ # of an options hash to get a link tag that uses the value of the string as the
+ # href for the link. If nil is passed as a name, the link itself will become
+ # the name.
#
- # The html_options has three special features. One for creating javascript confirm alerts where if you pass :confirm => 'Are you sure?',
- # the link will be guarded with a JS popup asking that question. If the user accepts, the link is processed, otherwise not.
+ # The +html_options+ will accept a hash of html attributes for the link tag.
+ # It also accepts 3 modifiers that specialize the link behavior.
#
- # Another for creating a popup window, which is done by either passing :popup with true or the options of the window in
- # Javascript form.
+ # * <tt>:confirm => 'question?'</tt>: This will add a JavaScript confirm
+ # prompt with the question specified. If the user accepts, the link is
+ # processed normally, otherwise no action is taken.
+ # * <tt>:popup => true || array of window options</tt>: This will force the
+ # link to open in a popup window. By passing true, a default browser window
+ # will be opened with the URL. You can also specify an array of options
+ # that are passed-thru to JavaScripts window.open method.
+ # * <tt>:method => symbol of HTTP verb</tt>: This modifier will dynamically
+ # create an HTML form and immediately submit the form for processing using
+ # the HTTP verb specified. Useful for having links perform a POST operation
+ # in dangerous actions like deleting a record (which search bots can follow
+ # while spidering your site). Supported verbs are :post, :delete and :put.
+ # Note that if the user has JavaScript disabled, the request will fall back
+ # to using GET. If you are relying on the POST behavior, your should check
+ # for it in your controllers action by using the request objects methods
+ # for post?, delete? or put?.
#
- # And a third for making the link do a non-GET request through a dynamically added form element that is instantly submitted.
- # Note that if the user has turned off Javascript, the request will fall back on the GET. So its
- # your responsibility to determine what the action should be once it arrives at the controller. The form is turned on by
- # passing :method with the option of either :post, :delete, or :put as the value. Usually only :post or :delete will make sense, though.
- # Note, it's not possible to use method request and popup targets at the same time (an exception will be thrown).
+ # You can mix and match the +html_options+ with the exception of
+ # :popup and :method which will raise an ActionView::ActionViewError
+ # exception.
#
- # Examples:
- # link_to "Delete this page", { :action => "destroy", :id => @page.id }, :confirm => "Are you sure?"
+ # link_to "Visit Other Site", "http://www.rubyonrails.org/", :confirm => "Are you sure?"
# link_to "Help", { :action => "help" }, :popup => true
- # link_to "Busy loop", { :action => "busy" }, :popup => ['new_window', 'height=300,width=600']
- # link_to "Destroy account", { :action => "destroy" }, :confirm => "Are you sure?", :method => :delete
+ # link_to "View Image", { :action => "view" }, :popup => ['new_window_name', 'height=300,width=600']
+ # link_to "Delete Image", { :action => "delete", :id => @image.id }, :confirm => "Are you sure?", :method => :delete
def link_to(name, options = {}, html_options = nil, *parameters_for_method_reference)
if html_options
html_options = html_options.stringify_keys
@@ -63,57 +76,46 @@ def link_to(name, options = {}, html_options = nil, *parameters_for_method_refer
"<a href=\"#{url}\"#{tag_options}>#{name || url}</a>"
end
- # Generates a form containing a sole button that submits to the
- # URL given by _options_. Use this method instead of +link_to+
- # for actions that do not have the safe HTTP GET semantics
- # implied by using a hypertext link.
- #
- # The parameters are the same as for +link_to+. Any _html_options_
- # that you pass will be applied to the inner +input+ element.
- # In particular, pass
- #
- # :disabled => true/false
- #
- # as part of _html_options_ to control whether the button is
- # disabled. The generated form element is given the class
- # 'button-to', to which you can attach CSS styles for display
- # purposes.
+ # Generates a form containing a single button that submits to the URL created
+ # by the set of +options+. This is the safest method to ensure links that
+ # cause changes to your data are not triggered by search bots or accelerators.
+ # If the HTML button does not work with your layout, you can also consider
+ # using the link_to method with the <tt>:method</tt> modifier as described in
+ # the link_to documentation.
#
- # Example 1:
+ # The generated FORM element has a class name of <tt>button-to</tt>
+ # to allow styling of the form itself and its children. You can control
+ # the form submission and input element behavior using +html_options+.
+ # This method accepts the <tt>:method</tt> and <tt>:confirm</tt> modifiers
+ # described in the link_to documentation. If no <tt>:method</tt> modifier
+ # is given, it will default to performing a POST operation. You can also
+ # disable the button by passing <tt>:disabled => true</tt> in +html_options+.
#
- # # inside of controller for "feeds"
- # button_to "Edit", :action => 'edit', :id => 3
+ # button_to "New", :action => "new"
#
- # Generates the following HTML (sans formatting):
+ # Generates the following HTML:
#
- # <form method="post" action="/feeds/edit/3" class="button-to">
- # <div><input value="Edit" type="submit" /></div>
+ # <form method="post" action="/controller/new" class="button-to">
+ # <div><input value="New" type="submit" /></div>
# </form>
#
- # Example 2:
+ # If you are using RESTful routes, you can pass the <tt>:method</tt>
+ # to change the HTTP verb used to submit the form.
#
- # button_to "Destroy", { :action => 'destroy', :id => 3 },
+ # button_to "Delete Image", { :action => "delete", :id => @image.id },
# :confirm => "Are you sure?", :method => :delete
#
- # Generates the following HTML (sans formatting):
+ # Which generates the following HTML:
#
- # <form method="post" action="/feeds/destroy/3" class="button-to">
+ # <form method="post" action="/images/delete/1" class="button-to">
# <div>
# <input type="hidden" name="_method" value="delete" />
# <input onclick="return confirm('Are you sure?');"
- # value="Destroy" type="submit" />
+ # value="Delete" type="submit" />
# </div>
# </form>
- #
- # *NOTE*: This method generates HTML code that represents a form.
- # Forms are "block" content, which means that you should not try to
- # insert them into your HTML where only inline content is expected.
- # For example, you can legally insert a form inside of a +div+ or
- # +td+ element or in between +p+ elements, but not in the middle of
- # a run of text, nor can you place a form within another form.
- # (Bottom line: Always validate your HTML before going public.)
- def button_to(name, options = {}, html_options = nil)
- html_options = (html_options || {}).stringify_keys
+ def button_to(name, options = {}, html_options = {})
+ html_options = html_options.stringify_keys
convert_boolean_attributes!(html_options, %w( disabled ))
method_tag = ''
@@ -127,7 +129,7 @@ def button_to(name, options = {}, html_options = nil)
html_options["onclick"] = "return #{confirm_javascript_function(confirm)};"
end
- url = options.is_a?(String) ? options : url_for(options)
+ url = options.is_a?(String) ? options : self.url_for(options)
name ||= url
html_options.merge!("type" => "submit", "value" => name)
@@ -137,7 +139,9 @@ def button_to(name, options = {}, html_options = nil)
end
- # This tag is deprecated. Combine the link_to and AssetTagHelper::image_tag yourself instead, like:
+ # DEPRECATED. It is reccommended to use the AssetTagHelper::image_tag within
+ # a link_to method to generate a linked image.
+ #
# link_to(image_tag("rss", :size => "30x45", :border => 0), "http://www.example.com")
def link_image_to(src, options = {}, html_options = {}, *parameters_for_method_reference)
image_options = { "src" => src.include?("/") ? src : "/images/#{src}" }
@@ -169,18 +173,41 @@ def link_image_to(src, options = {}, html_options = {}, *parameters_for_method_r
link_to(tag("img", image_options), options, html_options, *parameters_for_method_reference)
end
- alias_method :link_to_image, :link_image_to # deprecated name
+ alias_method :link_to_image, :link_image_to
+ deprecate :link_image_to
- # Creates a link tag of the given +name+ using an URL created by the set of +options+, unless the current
- # request uri is the same as the link's, in which case only the name is returned (or the
- # given block is yielded, if one exists). This is useful for creating link bars where you don't want to link
- # to the page currently being viewed.
+ # Creates a link tag of the given +name+ using a URL created by the set of
+ # +options+ unless the current request uri is the same as the links, in
+ # which case only the name is returned (or the given block is yielded, if
+ # one exists). Refer to the documentation for link_to_unless for block usage.
+ #
+ # <ul id="navbar">
+ # <li><%= link_to_unless_current("Home", { :action => "index" }) %></li>
+ # <li><%= link_to_unless_current("About Us", { :action => "about" }) %></li>
+ # </ul>
+ #
+ # This will render the following HTML when on the about us page:
+ #
+ # <ul id="navbar">
+ # <li><a href="/controller/index">Home</a></li>
+ # <li>About Us</li>
+ # </ul>
def link_to_unless_current(name, options = {}, html_options = {}, *parameters_for_method_reference, &block)
link_to_unless current_page?(options), name, options, html_options, *parameters_for_method_reference, &block
end
- # Create a link tag of the given +name+ using an URL created by the set of +options+, unless +condition+
- # is true, in which case only the name is returned (or the given block is yielded, if one exists).
+ # Creates a link tag of the given +name+ using a URL created by the set of
+ # +options+ unless +condition+ is true, in which case only the name is
+ # returned. To specialize the default behavior, you can pass a block that
+ # accepts the name or the full argument list for link_to_unless (see the example).
+ #
+ # <%= link_to_unless(@current_user.nil?, "Reply", { :action => "reply" }) %>
+ #
+ # This example uses a block to modify the link if the condition isn't met.
+ #
+ # <%= link_to_unless(@current_user.nil?, "Reply", { :action => "reply" }) do |name|
+ # link_to(name, { :controller => "accounts", :action => "signup" })
+ # end %>
def link_to_unless(condition, name, options = {}, html_options = {}, *parameters_for_method_reference, &block)
if condition
if block_given?
@@ -193,30 +220,56 @@ def link_to_unless(condition, name, options = {}, html_options = {}, *parameters
end
end
- # Create a link tag of the given +name+ using an URL created by the set of +options+, if +condition+
- # is true, in which case only the name is returned (or the given block is yielded, if one exists).
+ # Creates a link tag of the given +name+ using a URL created by the set of
+ # +options+ if +condition+ is true, in which case only the name is
+ # returned. To specialize the default behavior, you can pass a block that
+ # accepts the name or the full argument list for link_to_unless (see the examples
+ # in link_to_unless).
def link_to_if(condition, name, options = {}, html_options = {}, *parameters_for_method_reference, &block)
link_to_unless !condition, name, options, html_options, *parameters_for_method_reference, &block
end
- # Creates a link tag for starting an email to the specified <tt>email_address</tt>, which is also used as the name of the
- # link unless +name+ is specified. Additional HTML options, such as class or id, can be passed in the <tt>html_options</tt> hash.
+ # Creates a mailto link tag to the specified +email_address+, which is
+ # also used as the name of the link unless +name+ is specified. Additional
+ # html attributes for the link can be passed in +html_options+.
+ #
+ # mail_to has several methods for hindering email harvestors and customizing
+ # the email itself by passing special keys to +html_options+.
+ #
+ # Special HTML Options:
+ #
+ # * <tt>:encode</tt> - This key will accept the strings "javascript" or "hex".
+ # Passing "javascript" will dynamically create and encode the mailto: link then
+ # eval it into the DOM of the page. This method will not show the link on
+ # the page if the user has JavaScript disabled. Passing "hex" will hex
+ # encode the +email_address+ before outputting the mailto: link.
+ # * <tt>:replace_at</tt> - When the link +name+ isn't provided, the
+ # +email_address+ is used for the link label. You can use this option to
+ # obfuscate the +email_address+ by substituting the @ sign with the string
+ # given as the value.
+ # * <tt>:replace_dot</tt> - When the link +name+ isn't provided, the
+ # +email_address+ is used for the link label. You can use this option to
+ # obfuscate the +email_address+ by substituting the . in the email with the
+ # string given as the value.
+ # * <tt>:subject</tt> - Preset the subject line of the email.
+ # * <tt>:body</tt> - Preset the body of the email.
+ # * <tt>:cc</tt> - Carbon Copy addition recipients on the email.
+ # * <tt>:bcc</tt> - Blind Carbon Copy additional recipients on the email.
#
- # You can also make it difficult for spiders to harvest email address by obfuscating them.
# Examples:
+ # mail_to "me@domain.com" # => <a href="mailto:me@domain.com">me@domain.com</a>
# mail_to "me@domain.com", "My email", :encode => "javascript" # =>
- # <script type="text/javascript" language="javascript">eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))</script>
+ # <script type="text/javascript">eval(unescape('%64%6f%63...%6d%65%6e'))</script>
#
# mail_to "me@domain.com", "My email", :encode => "hex" # =>
# <a href="mailto:%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d">My email</a>
#
- # You can also specify the cc address, bcc address, subject, and body parts of the message header to create a complex e-mail using the
- # corresponding +cc+, +bcc+, +subject+, and +body+ <tt>html_options</tt> keys. Each of these options are URI escaped and then appended to
- # the <tt>email_address</tt> before being output. <b>Be aware that javascript keywords will not be escaped and may break this feature
- # when encoding with javascript.</b>
- # Examples:
- # mail_to "me@domain.com", "My email", :cc => "ccaddress@domain.com", :bcc => "bccaddress@domain.com", :subject => "This is an example email", :body => "This is the body of the message." # =>
- # <a href="mailto:me@domain.com?cc="ccaddress@domain.com"&bcc="bccaddress@domain.com"&body="This%20is%20the%20body%20of%20the%20message."&subject="This%20is%20an%20example%20email">My email</a>
+ # mail_to "me@domain.com", nil, :replace_at => "_at_", :replace_dot => "_dot_", :class => "email" # =>
+ # <a href="mailto:me@domain.com" class="email">me_at_domain_dot_com</a>
+ #
+ # mail_to "me@domain.com", "My email", :cc => "ccaddress@domain.com",
+ # :subject => "This is an example email" # =>
+ # <a href="mailto:me@domain.com?cc=ccaddress@domain.com&subject=This%20is%20an%20example%20email">My email</a>
def mail_to(email_address, name = nil, html_options = {})
html_options = html_options.stringify_keys
encode = html_options.delete("encode")
@@ -230,17 +283,19 @@ def mail_to(email_address, name = nil, html_options = {})
extras << "subject=#{CGI.escape(subject).gsub("+", "%20")}&" unless subject.nil?
extras = "?" << extras.gsub!(/&?$/,"") unless extras.empty?
+ email_address = email_address.to_s
+
email_address_obfuscated = email_address.dup
email_address_obfuscated.gsub!(/@/, html_options.delete("replace_at")) if html_options.has_key?("replace_at")
email_address_obfuscated.gsub!(/\./, html_options.delete("replace_dot")) if html_options.has_key?("replace_dot")
- if encode == 'javascript'
- tmp = "document.write('#{content_tag("a", name || email_address, html_options.merge({ "href" => "mailto:"+email_address.to_s+extras }))}');"
+ if encode == "javascript"
+ tmp = "document.write('#{content_tag("a", name || email_address, html_options.merge({ "href" => "mailto:"+email_address+extras }))}');"
for i in 0...tmp.length
string << sprintf("%%%x",tmp[i])
end
"<script type=\"text/javascript\">eval(unescape('#{string}'))</script>"
- elsif encode == 'hex'
+ elsif encode == "hex"
for i in 0...email_address.length
if email_address[i,1] =~ /\w/
string << sprintf("%%%x",email_address[i])
@@ -254,9 +309,9 @@ def mail_to(email_address, name = nil, html_options = {})
end
end
- # Returns true if the current page uri is generated by the options passed (in url_for format).
+ # Returns true if the current page uri is generated by the +options+ passed.
def current_page?(options)
- CGI.escapeHTML(url_for(options)) == @controller.request.request_uri
+ CGI.escapeHTML(self.url_for(options)) == @controller.request.request_uri
end
private
@@ -265,7 +320,13 @@ def convert_options_to_javascript!(html_options)
# post is deprecated, but if its specified and method is not, assume that method = :post
method, post = html_options.delete("method"), html_options.delete("post")
- method = :post if !method && post
+ if !method && post
+ ActiveSupport::Deprecation.warn(
+ "Passing :post as a link modifier is deprecated. " +
+ "Use :method => \"post\" instead. :post will be removed in Rails 2.0."
+ )
+ method = :post
+ end
html_options["onclick"] = case
when popup && method
View
31 actionpack/test/template/url_helper_test.rb
@@ -13,7 +13,7 @@ class UrlHelperTest < Test::Unit::TestCase
def setup
@controller = Class.new do
- attr_accessor :url
+ attr_accessor :url, :request
def url_for(options, *parameters_for_method_reference)
url
end
@@ -143,10 +143,19 @@ def test_link_tag_with_popup_and_javascript_confirm
)
end
+ def test_link_tag_with_post_is_deprecated
+ assert_deprecated 'post' do
+ assert_dom_equal(
+ "<a href='http://www.example.com' onclick=\"var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;f.submit();return false;\">Hello</a>",
+ link_to("Hello", "http://www.example.com", :post => true)
+ )
+ end
+ end
+
def test_link_tag_using_post_javascript
assert_dom_equal(
"<a href='http://www.example.com' onclick=\"var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;f.submit();return false;\">Hello</a>",
- link_to("Hello", "http://www.example.com", :post => true)
+ link_to("Hello", "http://www.example.com", :method => :post)
)
end
@@ -160,12 +169,12 @@ def test_link_tag_using_delete_javascript
def test_link_tag_using_post_javascript_and_confirm
assert_dom_equal(
"<a href=\"http://www.example.com\" onclick=\"if (confirm('Are you serious?')) { var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;f.submit(); };return false;\">Hello</a>",
- link_to("Hello", "http://www.example.com", :post => true, :confirm => "Are you serious?")
+ link_to("Hello", "http://www.example.com", :method => :post, :confirm => "Are you serious?")
)
end
def test_link_tag_using_post_javascript_and_popup
- assert_raises(ActionView::ActionViewError) { link_to("Hello", "http://www.example.com", :popup => true, :post => true, :confirm => "Are you serious?") }
+ assert_raises(ActionView::ActionViewError) { link_to("Hello", "http://www.example.com", :popup => true, :method => :post, :confirm => "Are you serious?") }
end
def test_link_to_unless
@@ -189,14 +198,14 @@ def test_link_to_if
assert_equal "Showing", link_to_if(false, "Showing", :action => "show", :controller => "weblog", :id => 1)
end
- def xtest_link_unless_current
- @request = RequestMock.new("http://www.example.com")
- assert_equal "Showing", link_to_unless_current("Showing", :action => "show", :controller => "weblog")
- @request = RequestMock.new("http://www.example.org")
- assert "<a href=\"http://www.example.com\">Listing</a>", link_to_unless_current("Listing", :action => "list", :controller => "weblog")
+ def test_link_unless_current
+ @controller.request = RequestMock.new("http://www.example.com/weblog/show")
+ @controller.url = "http://www.example.com/weblog/show"
+ assert_equal "Showing", link_to_unless_current("Showing", { :action => "show", :controller => "weblog" })
- @request = RequestMock.new("http://www.example.com")
- assert_equal "Showing", link_to_unless_current("Showing", :action => "show", :controller => "weblog", :id => 1)
+ @controller.request = RequestMock.new("http://www.example.com/weblog/show")
+ @controller.url = "http://www.example.com/weblog/list"
+ assert_equal "<a href=\"http://www.example.com/weblog/list\">Listing</a>", link_to_unless_current("Listing", :action => "list", :controller => "weblog")
end
def test_mail_to
Please sign in to comment.
Something went wrong with that request. Please try again.