Merge branch 'master' into loofah

Conflicts:
	actionpack/CHANGELOG.md
	actionpack/test/controller/integration_test.rb
	actionview/CHANGELOG.md

.travis.yml

@@ -11,7 +11,8 @@ rvm:
   - jruby
 env:
   - "GEM=railties"
-  - "GEM=ap,am,amo,as,av"
+  - "GEM=ap"
+  - "GEM=am,amo,as,av"
   - "GEM=ar:mysql"
   - "GEM=ar:mysql2"
   - "GEM=ar:sqlite3"

CONTRIBUTING.md

@@ -12,5 +12,6 @@ Ruby on Rails is a volunteer effort. We encourage you to pitch in. [Join the tea
 
 * If you have a change or new feature in mind, please [suggest it on the rubyonrails-core mailing list](https://groups.google.com/forum/?fromgroups#!forum/rubyonrails-core) and start writing code.
 
-Thanks! :heart: :heart: :heart:  
+Thanks! :heart: :heart: :heart:
+
 Rails Team

Gemfile

@@ -13,7 +13,7 @@ gem 'mocha', '~> 0.14', require: false
 gem 'rack', github: 'rack/rack'
 gem 'rack-cache', '~> 1.2'
 gem 'jquery-rails', '~> 3.1.0'
-gem 'turbolinks'
+gem 'turbolinks', github: 'rails/turbolinks', branch: 'master'
 gem 'coffee-rails', '~> 4.0.0'
 gem 'arel', github: 'rails/arel', branch: 'master'
 gem 'rails-dom-testing', github: 'rails/rails-dom-testing'
@@ -92,6 +92,12 @@ platforms :jruby do
   end
 end
 
+platforms :rbx do
+  # The rubysl-yaml gem doesn't ship with Psych by default
+  # as it needs libyaml that isn't always available.
+  gem 'psych', '~> 2.0'
+end
+
 # gems that are necessary for ActiveRecord tests with Oracle database
 if ENV['ORACLE_ENHANCED']
   platforms :ruby do

README.md

@@ -67,7 +67,7 @@ independently outside Rails.
     * [Getting Started with Rails](http://guides.rubyonrails.org/getting_started.html)
     * [Ruby on Rails Guides](http://guides.rubyonrails.org)
     * [The API Documentation](http://api.rubyonrails.org)
-    * [Ruby on Rails Tutorial](http://ruby.railstutorial.org/ruby-on-rails-tutorial-book)
+    * [Ruby on Rails Tutorial](http://www.railstutorial.org/book)
 
 ## Contributing
 

actionmailer/CHANGELOG.md

@@ -1,3 +1,16 @@
+*   Deprecate `*_path` helpers in email views. When used they generate
+    non-working links and are not the intention of most developers. Instead
+    we recommend to use `*_url` helper.
+
+    *Richard Schneeman*
+
+*   Raise an exception when attachments are added after `mail` was called.
+    This is a safeguard to prevent invalid emails.
+
+    Fixes #16163.
+
+    *Yves Senn*
+
 *   Add `config.action_mailer.show_previews` configuration option.
 
     This config option can be used to enable the mail preview in environments

actionmailer/lib/action_mailer/base.rb

@@ -394,7 +394,7 @@ module ActionMailer
   #   implement for a custom delivery agent.
   #
   # * <tt>perform_deliveries</tt> - Determines whether emails are actually sent from Action Mailer when you
-  #   call <tt>.deliver</tt> on an mail message or on an Action Mailer method. This is on by default but can
+  #   call <tt>.deliver</tt> on an email message or on an Action Mailer method. This is on by default but can
   #   be turned off to aid in functional testing.
   #
   # * <tt>deliveries</tt> - Keeps an array of all the emails sent out through the Action Mailer with
@@ -649,7 +649,22 @@ def headers(args = nil)
     #  mail.attachments[0]                # => Mail::Part (first attachment)
     #
     def attachments
-      @_message.attachments
+      if @_mail_was_called
+        LateAttachmentsProxy.new(@_message.attachments)
+      else
+        @_message.attachments
+      end
+    end
+
+    class LateAttachmentsProxy < SimpleDelegator
+      def inline; _raise_error end
+      def []=(_name, _content); _raise_error end
+
+      private
+        def _raise_error
+          raise RuntimeError, "Can't add attachments after `mail` was called.\n" \
+                              "Make sure to use `attachments[]=` before calling `mail`."
+        end
     end
 
     # The main method that creates the message and renders the email templates. There are
@@ -882,6 +897,11 @@ def insert_part(container, response, charset) #:nodoc:
       container.add_part(part)
     end
 
+    # Emails do not support relative path links.
+    def self.supports_path?
+      false
+    end
+
     ActiveSupport.run_load_hooks(:action_mailer, self)
   end
 end

actionmailer/lib/action_mailer/log_subscriber.rb

@@ -6,25 +6,27 @@ module ActionMailer
   class LogSubscriber < ActiveSupport::LogSubscriber
     # An email was delivered.
     def deliver(event)
-      return unless logger.info?
-      recipients = Array(event.payload[:to]).join(', ')
-      info("\nSent mail to #{recipients} (#{event.duration.round(1)}ms)")
-      debug(event.payload[:mail])
+      info do
+        recipients = Array(event.payload[:to]).join(', ')
+        "\nSent mail to #{recipients} (#{event.duration.round(1)}ms)"
+      end
+
+      debug { event.payload[:mail] }
     end
 
     # An email was received.
     def receive(event)
-      return unless logger.info?
-      info("\nReceived mail (#{event.duration.round(1)}ms)")
-      debug(event.payload[:mail])
+      info { "\nReceived mail (#{event.duration.round(1)}ms)" }
+      debug { event.payload[:mail] }
     end
 
     # An email was generated.
     def process(event)
-      return unless logger.debug?
-      mailer = event.payload[:mailer]
-      action = event.payload[:action]
-      debug("\n#{mailer}##{action}: processed outbound mail in #{event.duration.round(1)}ms")
+      debug do
+        mailer = event.payload[:mailer]
+        action = event.payload[:action]
+        "\n#{mailer}##{action}: processed outbound mail in #{event.duration.round(1)}ms"
+      end
     end
 
     # Use the logger configured for ActionMailer::Base

actionmailer/lib/action_mailer/railtie.rb

@@ -30,7 +30,7 @@ class Railtie < Rails::Railtie # :nodoc:
 
       ActiveSupport.on_load(:action_mailer) do
         include AbstractController::UrlFor
-        extend ::AbstractController::Railties::RoutesHelpers.with(app.routes)
+        extend ::AbstractController::Railties::RoutesHelpers.with(app.routes, false)
         include app.routes.mounted_helpers
 
         register_interceptors(options.delete(:interceptors))

actionmailer/test/abstract_unit.rb

@@ -49,3 +49,10 @@ def rubinius_skip(message = '')
 def jruby_skip(message = '')
   skip message if defined?(JRUBY_VERSION)
 end
+
+require 'mocha/setup' # FIXME: stop using mocha
+
+# FIXME: we have tests that depend on run order, we should fix that and
+# remove this method call.
+require 'active_support/test_case'
+ActiveSupport::TestCase.my_tests_are_order_dependent!

actionmailer/test/base_test.rb

@@ -232,6 +232,45 @@ class BaseTest < ActiveSupport::TestCase
     end
   end
 
+  test "adding attachments after mail was called raises exception" do
+    class LateAttachmentMailer < ActionMailer::Base
+      def welcome
+        mail body: "yay", from: "welcome@example.com", to: "to@example.com"
+        attachments['invoice.pdf'] = 'This is test File content'
+      end
+    end
+
+    e = assert_raises(RuntimeError) { LateAttachmentMailer.welcome }
+    assert_match(/Can't add attachments after `mail` was called./, e.message)
+  end
+
+  test "adding inline attachments after mail was called raises exception" do
+    class LateInlineAttachmentMailer < ActionMailer::Base
+      def welcome
+        mail body: "yay", from: "welcome@example.com", to: "to@example.com"
+        attachments.inline['invoice.pdf'] = 'This is test File content'
+      end
+    end
+
+    e = assert_raises(RuntimeError) { LateInlineAttachmentMailer.welcome }
+    assert_match(/Can't add attachments after `mail` was called./, e.message)
+  end
+
+  test "accessing attachments works after mail was called" do
+    class LateAttachmentAccessorMailer < ActionMailer::Base
+      def welcome
+        attachments['invoice.pdf'] = 'This is test File content'
+        mail body: "yay", from: "welcome@example.com", to: "to@example.com"
+
+        unless attachments.map(&:filename) == ["invoice.pdf"]
+          raise Minitest::Assertion, "Should allow access to attachments"
+        end
+      end
+    end
+
+    assert_nothing_raised { LateAttachmentAccessorMailer.welcome }
+  end
+
   # Implicit multipart
   test "implicit multipart" do
     email = BaseMailer.implicit_multipart

actionpack/CHANGELOG.md

@@ -4,6 +4,46 @@
 
     *Kasper Timm Hansen*
 
+*   Extract source code for the entire exception stack trace for
+    better debugging and diagnosis.
+
+    *Ryan Dao*
+
+*   Allows ActionDispatch::Request::LOCALHOST to match any IPv4 127.0.0.0/8
+    loopback address.
+
+    *Earl St Sauver*, *Sven Riedel*
+
+*   Preserve original path in `ShowExceptions` middleware by stashing it as
+    `env["action_dispatch.original_path"]`
+
+    `ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code
+    for the exception defined in `ExceptionWrapper`, so the path
+    the user was visiting when an exception occurred was not previously
+    available to any custom exceptions_app. The original `PATH_INFO` is now
+    stashed in `env["action_dispatch.original_path"]`.
+
+    *Grey Baker*
+
+*   Use `String#bytesize` instead of `String#size` when checking for cookie
+    overflow.
+
+    *Agis Anastasopoulos*
+
+*   `render nothing: true` or rendering a `nil` body no longer add a single
+    space to the response body.
+
+    The old behavior was added as a workaround for a bug in an early version of
+    Safari, where the HTTP headers are not returned correctly if the response
+    body has a 0-length. This is been fixed since and the workaround is no
+    longer necessary.
+
+    Use `render body: ' '` if the old behavior is desired.
+
+    See #14883 for details.
+
+    *Godfrey Chan*
+
 *   Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671
     ("Rosetta Flash")
 
@@ -65,6 +105,8 @@
     application.  Use of a symbol should be replaced with `action: symbol`.
     Use of a string without a "#" should be replaced with `controller: string`.
 
+    *Aaron Patterson*
+
 *   Fix URL generation with `:trailing_slash` such that it does not add
     a trailing slash after `.:format`
 

actionpack/lib/abstract_controller/base.rb

@@ -164,6 +164,14 @@ def available_action?(action_name)
       _find_action_name(action_name).present?
     end
 
+    # Returns true if the given controller is capable of rendering
+    # a path. A subclass of +AbstractController::Base+
+    # may return false. An Email controller for example does not
+    # support paths, only full URLs.
+    def self.supports_path?
+      true
+    end
+
     private
 
       # Returns true if the name can be considered an action because

actionpack/lib/abstract_controller/railties/routes_helpers.rb

@@ -1,14 +1,14 @@
 module AbstractController
   module Railties
     module RoutesHelpers
-      def self.with(routes)
+      def self.with(routes, include_path_helpers = true)
         Module.new do
           define_method(:inherited) do |klass|
             super(klass)
             if namespace = klass.parents.detect { |m| m.respond_to?(:railtie_routes_url_helpers) }
-              klass.send(:include, namespace.railtie_routes_url_helpers)
+              klass.send(:include, namespace.railtie_routes_url_helpers(include_path_helpers))
             else
-              klass.send(:include, routes.url_helpers)
+              klass.send(:include, routes.url_helpers(include_path_helpers))
             end
           end
         end

actionpack/lib/action_controller/log_subscriber.rb

@@ -16,50 +16,51 @@ def start_processing(event)
     end
 
     def process_action(event)
-      return unless logger.info?
-
-      payload   = event.payload
-      additions = ActionController::Base.log_process_action(payload)
-
-      status = payload[:status]
-      if status.nil? && payload[:exception].present?
-        exception_class_name = payload[:exception].first
-        status = ActionDispatch::ExceptionWrapper.status_code_for_exception(exception_class_name)
+      info do
+        payload   = event.payload
+        additions = ActionController::Base.log_process_action(payload)
+
+        status = payload[:status]
+        if status.nil? && payload[:exception].present?
+          exception_class_name = payload[:exception].first
+          status = ActionDispatch::ExceptionWrapper.status_code_for_exception(exception_class_name)
+        end
+        message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
+        message << " (#{additions.join(" | ")})" unless additions.blank?
+        message
       end
-      message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
-      message << " (#{additions.join(" | ")})" unless additions.blank?
-
-      info(message)
     end
 
     def halted_callback(event)
-      info("Filter chain halted as #{event.payload[:filter].inspect} rendered or redirected")
+      info { "Filter chain halted as #{event.payload[:filter].inspect} rendered or redirected" }
     end
 
     def send_file(event)
-      info("Sent file #{event.payload[:path]} (#{event.duration.round(1)}ms)")
+      info { "Sent file #{event.payload[:path]} (#{event.duration.round(1)}ms)" }
     end
 
     def redirect_to(event)
-      info("Redirected to #{event.payload[:location]}")
+      info { "Redirected to #{event.payload[:location]}" }
     end
 
     def send_data(event)
-      info("Sent data #{event.payload[:filename]} (#{event.duration.round(1)}ms)")
+      info { "Sent data #{event.payload[:filename]} (#{event.duration.round(1)}ms)" }
     end
 
     def unpermitted_parameters(event)
-      unpermitted_keys = event.payload[:keys]
-      debug("Unpermitted parameter#{'s' if unpermitted_keys.size > 1}: #{unpermitted_keys.join(", ")}")
+      debug do
+        unpermitted_keys = event.payload[:keys]
+        "Unpermitted parameter#{'s' if unpermitted_keys.size > 1}: #{unpermitted_keys.join(", ")}"
+      end
     end
 
     def deep_munge(event)
-      message = "Value for params[:#{event.payload[:keys].join('][:')}] was set "\
-                "to nil, because it was one of [], [null] or [null, null, ...]. "\
-                "Go to http://guides.rubyonrails.org/security.html#unsafe-query-generation "\
-                "for more information."\
-
-      debug(message)
+      debug do
+        "Value for params[:#{event.payload[:keys].join('][:')}] was set "\
+        "to nil, because it was one of [], [null] or [null, null, ...]. "\
+        "Go to http://guides.rubyonrails.org/security.html#unsafe-query-generation "\
+        "for more information."\
+      end
     end
 
     %w(write_fragment read_fragment exist_fragment?

actionpack/lib/action_controller/metal.rb

@@ -182,7 +182,8 @@ def response_body=(body)
       body = [body] unless body.nil? || body.respond_to?(:each)
       super
     end
-
+
+    # Tests if render or redirect has already happened.
     def performed?
       response_body || (response && response.committed?)
     end