[DRE-commits] [SCM] ruby-actionpack-3.2.git branch, master-experimental, updated. debian/3.2.6-4-14-g8fe61f1
Ondřej Surý
ondrej at sury.org
Tue Jan 15 22:18:20 UTC 2013
The following commit has been merged in the master-experimental branch:
commit f468503ed5e63e8e1910a16a7c479cf270b438f9
Author: Ondřej Surý <ondrej at sury.org>
Date: Fri Oct 12 12:52:58 2012 +0200
Imported Upstream version 3.2.8
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4b483b2..cc1c6ba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,49 @@
+## Rails 3.2.8 (Aug 9, 2012) ##
+
+* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
+ helper doesn't correctly handle malformed html. As a result an attacker can
+ execute arbitrary javascript through the use of specially crafted malformed
+ html.
+
+ *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
+
+* When a "prompt" value is supplied to the `select_tag` helper, the "prompt" value is not escaped.
+ If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
+ Vulnerable code will look something like this:
+ select_tag("name", options, :prompt => UNTRUSTED_INPUT)
+
+ *Santiago Pastorino*
+
+* Reverted the deprecation of `:confirm`. *Rafael Mendonça França*
+
+* Reverted the deprecation of `:disable_with`. *Rafael Mendonça França*
+
+* Reverted the deprecation of `:mouseover` option to `image_tag`. *Rafael Mendonça França*
+
+* Reverted the deprecation of `button_to_function` and `link_to_function` helpers.
+
+ *Rafael Mendonça França*
+
+
+## Rails 3.2.7 (Jul 26, 2012) ##
+
+* Do not convert digest auth strings to symbols. CVE-2012-3424
+
+* Bump Journey requirements to 1.0.4
+
+* Add support for optional root segments containing slashes
+
+* Fixed bug creating invalid HTML in select options
+
+* Show in log correct wrapped keys
+
+* Fix NumberHelper options wrapping to prevent verbatim blocks being rendered instead of line continuations.
+
+* ActionController::Metal doesn't have logger method, check it and then delegate
+
+* ActionController::Caching depends on RackDelegation and AbstractController::Callbacks
+
+
## Rails 3.2.6 (Jun 12, 2012) ##
* nil is removed from array parameter values
diff --git a/lib/action_controller/caching.rb b/lib/action_controller/caching.rb
index 112573a..9118806 100644
--- a/lib/action_controller/caching.rb
+++ b/lib/action_controller/caching.rb
@@ -55,6 +55,9 @@ module ActionController #:nodoc:
end
end
+ include RackDelegation
+ include AbstractController::Callbacks
+
include ConfigMethods
include Pages, Actions, Fragments
include Sweeping if defined?(ActiveRecord)
diff --git a/lib/action_controller/metal/http_authentication.rb b/lib/action_controller/metal/http_authentication.rb
index 9f2f547..fe4ab65 100644
--- a/lib/action_controller/metal/http_authentication.rb
+++ b/lib/action_controller/metal/http_authentication.rb
@@ -227,9 +227,9 @@ module ActionController
end
def decode_credentials(header)
- Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
+ HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
key, value = pair.split('=', 2)
- [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
+ [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')]
end]
end
diff --git a/lib/action_controller/metal/params_wrapper.rb b/lib/action_controller/metal/params_wrapper.rb
index 1ab436a..ea71171 100644
--- a/lib/action_controller/metal/params_wrapper.rb
+++ b/lib/action_controller/metal/params_wrapper.rb
@@ -194,7 +194,8 @@ module ActionController
def process_action(*args)
if _wrapper_enabled?
wrapped_hash = _wrap_parameters request.request_parameters
- wrapped_filtered_hash = _wrap_parameters request.filtered_parameters
+ wrapped_keys = request.request_parameters.keys
+ wrapped_filtered_hash = _wrap_parameters request.filtered_parameters.slice(*wrapped_keys)
# This will make the wrapped hash accessible from controller and view
request.parameters.merge! wrapped_hash
diff --git a/lib/action_dispatch/middleware/cookies.rb b/lib/action_dispatch/middleware/cookies.rb
index 39ff58a..2f46a37 100644
--- a/lib/action_dispatch/middleware/cookies.rb
+++ b/lib/action_dispatch/middleware/cookies.rb
@@ -1,5 +1,6 @@
require 'active_support/core_ext/object/blank'
require 'active_support/core_ext/hash/keys'
+require 'active_support/core_ext/module/attribute_accessors'
module ActionDispatch
class Request
diff --git a/lib/action_dispatch/routing/mapper.rb b/lib/action_dispatch/routing/mapper.rb
index 82062c0..40ff696 100644
--- a/lib/action_dispatch/routing/mapper.rb
+++ b/lib/action_dispatch/routing/mapper.rb
@@ -238,7 +238,7 @@ module ActionDispatch
# for root cases, where the latter is the correct one.
def self.normalize_path(path)
path = Journey::Router::Utils.normalize_path(path)
- path.gsub!(%r{/(\(+)/?}, '\1/') unless path =~ %r{^/\(+[^/]+\)$}
+ path.gsub!(%r{/(\(+)/?}, '\1/') unless path =~ %r{^/\(+[^)]+\)$}
path
end
diff --git a/lib/action_pack/version.rb b/lib/action_pack/version.rb
index 58ccf8e..7296b19 100644
--- a/lib/action_pack/version.rb
+++ b/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 6
+ TINY = 8
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/lib/action_view/asset_paths.rb b/lib/action_view/asset_paths.rb
index f6115db..c192d37 100644
--- a/lib/action_view/asset_paths.rb
+++ b/lib/action_view/asset_paths.rb
@@ -33,7 +33,13 @@ module ActionView
# Return the filesystem path for the source
def compute_source_path(source, dir, ext)
source = rewrite_extension(source, dir, ext) if ext
- File.join(config.assets_dir, dir, source)
+
+ sources = []
+ sources << config.assets_dir
+ sources << dir unless source[0] == ?/
+ sources << source
+
+ File.join(sources)
end
def is_uri?(path)
diff --git a/lib/action_view/helpers/asset_tag_helper.rb b/lib/action_view/helpers/asset_tag_helper.rb
index 51d5d58..caa1a02 100644
--- a/lib/action_view/helpers/asset_tag_helper.rb
+++ b/lib/action_view/helpers/asset_tag_helper.rb
@@ -367,8 +367,6 @@ module ActionView
end
if mouseover = options.delete(:mouseover)
- ActiveSupport::Deprecation.warn ":mouseover option is deprecated and will be removed from Rails 4.0"
-
options[:onmouseover] = "this.src='#{path_to_image(mouseover)}'"
options[:onmouseout] = "this.src='#{src}'"
end
diff --git a/lib/action_view/helpers/controller_helper.rb b/lib/action_view/helpers/controller_helper.rb
index 1a583e6..74ef25f 100644
--- a/lib/action_view/helpers/controller_helper.rb
+++ b/lib/action_view/helpers/controller_helper.rb
@@ -10,14 +10,16 @@ module ActionView
delegate :request_forgery_protection_token, :params, :session, :cookies, :response, :headers,
:flash, :action_name, :controller_name, :controller_path, :to => :controller
- delegate :logger, :to => :controller, :allow_nil => true
-
def assign_controller(controller)
if @_controller = controller
@_request = controller.request if controller.respond_to?(:request)
@_config = controller.config.inheritable_copy if controller.respond_to?(:config)
end
end
+
+ def logger
+ controller.logger if controller.respond_to?(:logger)
+ end
end
end
end
diff --git a/lib/action_view/helpers/form_options_helper.rb b/lib/action_view/helpers/form_options_helper.rb
index f64d390..623c45f 100644
--- a/lib/action_view/helpers/form_options_helper.rb
+++ b/lib/action_view/helpers/form_options_helper.rb
@@ -134,7 +134,7 @@ module ActionView
#
# ==== Gotcha
#
- # The HTML specification says when +multiple+ parameter passed to select and all options got deselected
+ # The HTML specification says when +multiple+ parameter passed to select and all options got deselected
# web browsers do not send any value to server. Unfortunately this introduces a gotcha:
# if an +User+ model has many +roles+ and have +role_ids+ accessor, and in the form that edits roles of the user
# the user deselects all roles from +role_ids+ multiple select box, no +role_ids+ parameter is sent. So,
@@ -336,7 +336,7 @@ module ActionView
end
- # Returns a string of option tags that have been compiled by iterating over the +collection+ and assigning
+ # Returns a string of option tags that have been compiled by iterating over the +collection+ and assigning
# the result of a call to the +value_method+ as the option value and the +text_method+ as the option text.
# Example:
# options_from_collection_for_select(@people, 'id', 'name')
@@ -616,11 +616,11 @@ module ActionView
private
def add_options(option_tags, options, value = nil)
if options[:include_blank]
- option_tags = content_tag('option', options[:include_blank].kind_of?(String) ? options[:include_blank] : nil, :value => '') + "\n" + option_tags
+ option_tags = content_tag_string('option', options[:include_blank].kind_of?(String) ? options[:include_blank] : nil, :value => '') + "\n" + option_tags
end
if value.blank? && options[:prompt]
prompt = options[:prompt].kind_of?(String) ? options[:prompt] : I18n.translate('helpers.select.prompt', :default => 'Please select')
- option_tags = content_tag('option', prompt, :value => '') + "\n" + option_tags
+ option_tags = content_tag_string('option', prompt, :value => '') + "\n" + option_tags
end
option_tags
end
@@ -630,7 +630,7 @@ module ActionView
add_default_name_and_id(html_options)
select = content_tag("select", add_options(option_tags, options, value(object)), html_options)
if html_options["multiple"]
- tag("input", :disabled => html_options["disabled"], :name => html_options["name"], :type => "hidden", :value => "") + select
+ tag("input", :disabled => html_options["disabled"], :name => html_options["name"], :type => "hidden", :value => "") + select
else
select
end
diff --git a/lib/action_view/helpers/form_tag_helper.rb b/lib/action_view/helpers/form_tag_helper.rb
index ef27893..9e0ec17 100644
--- a/lib/action_view/helpers/form_tag_helper.rb
+++ b/lib/action_view/helpers/form_tag_helper.rb
@@ -122,11 +122,11 @@ module ActionView
html_name = (options[:multiple] == true && !name.to_s.ends_with?("[]")) ? "#{name}[]" : name
if options.delete(:include_blank)
- option_tags = "<option value=\"\"></option>".html_safe + option_tags
+ option_tags = content_tag(:option, '', :value => '').safe_concat(option_tags)
end
if prompt = options.delete(:prompt)
- option_tags = "<option value=\"\">#{prompt}</option>".html_safe + option_tags
+ option_tags = content_tag(:option, prompt, :value => '').safe_concat(option_tags)
end
content_tag :select, option_tags, { "name" => html_name, "id" => sanitize_to_id(name) }.update(options.stringify_keys)
@@ -417,14 +417,10 @@ module ActionView
options = options.stringify_keys
if disable_with = options.delete("disable_with")
- ActiveSupport::Deprecation.warn ":disable_with option is deprecated and will be removed from Rails 4.0. Use 'data-disable-with' instead"
-
options["data-disable-with"] = disable_with
end
if confirm = options.delete("confirm")
- ActiveSupport::Deprecation.warn ":confirm option is deprecated and will be removed from Rails 4.0. Use ':data => { :confirm => \'Text\' }' instead"
-
options["data-confirm"] = confirm
end
@@ -471,14 +467,10 @@ module ActionView
options = options.stringify_keys
if disable_with = options.delete("disable_with")
- ActiveSupport::Deprecation.warn ":disable_with option is deprecated and will be removed from Rails 4.0. Use 'data-disable-with' instead"
-
options["data-disable-with"] = disable_with
end
if confirm = options.delete("confirm")
- ActiveSupport::Deprecation.warn ":confirm option is deprecated and will be removed from Rails 4.0. Use ':data => { :confirm => \'Text\' }' instead"
-
options["data-confirm"] = confirm
end
@@ -514,8 +506,6 @@ module ActionView
options = options.stringify_keys
if confirm = options.delete("confirm")
- ActiveSupport::Deprecation.warn ":confirm option is deprecated and will be removed from Rails 4.0. Use ':data => { :confirm => \'Text\' }' instead"
-
options["data-confirm"] = confirm
end
diff --git a/lib/action_view/helpers/javascript_helper.rb b/lib/action_view/helpers/javascript_helper.rb
index 042ac4e..842f4c2 100644
--- a/lib/action_view/helpers/javascript_helper.rb
+++ b/lib/action_view/helpers/javascript_helper.rb
@@ -82,8 +82,6 @@ module ActionView
# # => <input class="ok" onclick="alert('Hello world!');" type="button" value="Greeting" />
#
def button_to_function(name, function=nil, html_options={})
- ActiveSupport::Deprecation.warn("button_to_function is deprecated and will be removed from Rails 4.0")
-
onclick = "#{"#{html_options[:onclick]}; " if html_options[:onclick]}#{function};"
tag(:input, html_options.merge(:type => 'button', :value => name, :onclick => onclick))
@@ -102,8 +100,6 @@ module ActionView
# # => <a class="nav_link" href="#" onclick="alert('Hello world!'); return false;">Greeting</a>
#
def link_to_function(name, function, html_options={})
- ActiveSupport::Deprecation.warn("link_to_function is deprecated and will be removed from Rails 4.0")
-
onclick = "#{"#{html_options[:onclick]}; " if html_options[:onclick]}#{function}; return false;"
href = html_options[:href] || '#'
diff --git a/lib/action_view/helpers/number_helper.rb b/lib/action_view/helpers/number_helper.rb
index b5e33dc..2f372bd 100644
--- a/lib/action_view/helpers/number_helper.rb
+++ b/lib/action_view/helpers/number_helper.rb
@@ -29,17 +29,20 @@ module ActionView
end
end
- # Formats a +number+ into a US phone number (e.g., (555) 123-9876). You can customize the format
- # in the +options+ hash.
+ # Formats a +number+ into a US phone number (e.g., (555)
+ # 123-9876). You can customize the format in the +options+ hash.
#
# ==== Options
#
- # * <tt>:area_code</tt> - Adds parentheses around the area code.
- # * <tt>:delimiter</tt> - Specifies the delimiter to use (defaults to "-").
- # * <tt>:extension</tt> - Specifies an extension to add to the end of the
- # generated number.
- # * <tt>:country_code</tt> - Sets the country code for the phone number.
- # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when the argument is invalid.
+ # * <tt>:area_code</tt> - Adds parentheses around the area code.
+ # * <tt>:delimiter</tt> - Specifies the delimiter to use
+ # (defaults to "-").
+ # * <tt>:extension</tt> - Specifies an extension to add to the
+ # end of the generated number.
+ # * <tt>:country_code</tt> - Sets the country code for the phone
+ # number.
+ # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+ # the argument is invalid.
#
# ==== Examples
#
@@ -86,24 +89,31 @@ module ActionView
ERB::Util.html_escape(str.join)
end
- # Formats a +number+ into a currency string (e.g., $13.65). You can customize the format
- # in the +options+ hash.
+ # Formats a +number+ into a currency string (e.g., $13.65). You
+ # can customize the format in the +options+ hash.
#
# ==== Options
#
- # * <tt>:locale</tt> - Sets the locale to be used for formatting (defaults to current locale).
- # * <tt>:precision</tt> - Sets the level of precision (defaults to 2).
- # * <tt>:unit</tt> - Sets the denomination of the currency (defaults to "$").
- # * <tt>:separator</tt> - Sets the separator between the units (defaults to ".").
- # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults to ",").
- # * <tt>:format</tt> - Sets the format for non-negative numbers (defaults to "%u%n").
- # Fields are <tt>%u</tt> for the currency, and <tt>%n</tt>
- # for the number.
- # * <tt>:negative_format</tt> - Sets the format for negative numbers (defaults to prepending
- # an hyphen to the formatted number given by <tt>:format</tt>).
- # Accepts the same fields than <tt>:format</tt>, except
- # <tt>%n</tt> is here the absolute value of the number.
- # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when the argument is invalid.
+ # * <tt>:locale</tt> - Sets the locale to be used for formatting
+ # (defaults to current locale).
+ # * <tt>:precision</tt> - Sets the level of precision (defaults
+ # to 2).
+ # * <tt>:unit</tt> - Sets the denomination of the currency
+ # (defaults to "$").
+ # * <tt>:separator</tt> - Sets the separator between the units
+ # (defaults to ".").
+ # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+ # to ",").
+ # * <tt>:format</tt> - Sets the format for non-negative numbers
+ # (defaults to "%u%n"). Fields are <tt>%u</tt> for the
+ # currency, and <tt>%n</tt> for the number.
+ # * <tt>:negative_format</tt> - Sets the format for negative
+ # numbers (defaults to prepending an hyphen to the formatted
+ # number given by <tt>:format</tt>). Accepts the same fields
+ # than <tt>:format</tt>, except <tt>%n</tt> is here the
+ # absolute value of the number.
+ # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+ # the argument is invalid.
#
# ==== Examples
#
@@ -156,21 +166,27 @@ module ActionView
end
- # Formats a +number+ as a percentage string (e.g., 65%). You can customize the format in the +options+ hash.
+ # Formats a +number+ as a percentage string (e.g., 65%). You can
+ # customize the format in the +options+ hash.
#
# ==== Options
#
- # * <tt>:locale</tt> - Sets the locale to be used for formatting (defaults to current
- # locale).
- # * <tt>:precision</tt> - Sets the precision of the number (defaults to 3).
- # * <tt>:significant</tt> - If +true+, precision will be the # of significant_digits. If +false+,
- # the # of fractional digits (defaults to +false+).
- # * <tt>:separator</tt> - Sets the separator between the fractional and integer digits (defaults
- # to ".").
- # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults to "").
- # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes insignificant zeros after the decimal separator
- # (defaults to +false+).
- # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when the argument is invalid.
+ # * <tt>:locale</tt> - Sets the locale to be used for formatting
+ # (defaults to current locale).
+ # * <tt>:precision</tt> - Sets the precision of the number
+ # (defaults to 3).
+ # * <tt>:significant</tt> - If +true+, precision will be the #
+ # of significant_digits. If +false+, the # of fractional
+ # digits (defaults to +false+).
+ # * <tt>:separator</tt> - Sets the separator between the
+ # fractional and integer digits (defaults to ".").
+ # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+ # to "").
+ # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes
+ # insignificant zeros after the decimal separator (defaults to
+ # +false+).
+ # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+ # the argument is invalid.
#
# ==== Examples
#
@@ -205,15 +221,20 @@ module ActionView
end
end
- # Formats a +number+ with grouped thousands using +delimiter+ (e.g., 12,324). You can
- # customize the format in the +options+ hash.
+ # Formats a +number+ with grouped thousands using +delimiter+
+ # (e.g., 12,324). You can customize the format in the +options+
+ # hash.
#
# ==== Options
#
- # * <tt>:locale</tt> - Sets the locale to be used for formatting (defaults to current locale).
- # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults to ",").
- # * <tt>:separator</tt> - Sets the separator between the fractional and integer digits (defaults to ".").
- # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when the argument is invalid.
+ # * <tt>:locale</tt> - Sets the locale to be used for formatting
+ # (defaults to current locale).
+ # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+ # to ",").
+ # * <tt>:separator</tt> - Sets the separator between the
+ # fractional and integer digits (defaults to ".").
+ # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+ # the argument is invalid.
#
# ==== Examples
#
@@ -251,23 +272,32 @@ module ActionView
end
- # Formats a +number+ with the specified level of <tt>:precision</tt> (e.g., 112.32 has a precision
- # of 2 if +:significant+ is +false+, and 5 if +:significant+ is +true+).
+ # Formats a +number+ with the specified level of
+ # <tt>:precision</tt> (e.g., 112.32 has a precision of 2 if
+ # +:significant+ is +false+, and 5 if +:significant+ is +true+).
# You can customize the format in the +options+ hash.
#
# ==== Options
- # * <tt>:locale</tt> - Sets the locale to be used for formatting (defaults to current locale).
- # * <tt>:precision</tt> - Sets the precision of the number (defaults to 3).
- # * <tt>:significant</tt> - If +true+, precision will be the # of significant_digits. If +false+,
- # the # of fractional digits (defaults to +false+).
- # * <tt>:separator</tt> - Sets the separator between the fractional and integer digits (defaults
- # to ".").
- # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults to "").
- # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes insignificant zeros after the decimal separator
- # (defaults to +false+).
- # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when the argument is invalid.
+ #
+ # * <tt>:locale</tt> - Sets the locale to be used for formatting
+ # (defaults to current locale).
+ # * <tt>:precision</tt> - Sets the precision of the number
+ # (defaults to 3).
+ # * <tt>:significant</tt> - If +true+, precision will be the #
+ # of significant_digits. If +false+, the # of fractional
+ # digits (defaults to +false+).
+ # * <tt>:separator</tt> - Sets the separator between the
+ # fractional and integer digits (defaults to ".").
+ # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+ # to "").
+ # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes
+ # insignificant zeros after the decimal separator (defaults to
+ # +false+).
+ # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+ # the argument is invalid.
#
# ==== Examples
+ #
# number_with_precision(111.2345) # => 111.235
# number_with_precision(111.2345, :precision => 2) # => 111.23
# number_with_precision(13, :precision => 5) # => 13.00000
@@ -330,23 +360,37 @@ module ActionView
STORAGE_UNITS = [:byte, :kb, :mb, :gb, :tb].freeze
- # Formats the bytes in +number+ into a more understandable representation
- # (e.g., giving it 1500 yields 1.5 KB). This method is useful for
- # reporting file sizes to users. You can customize the
- # format in the +options+ hash.
+ # Formats the bytes in +number+ into a more understandable
+ # representation (e.g., giving it 1500 yields 1.5 KB). This
+ # method is useful for reporting file sizes to users. You can
+ # customize the format in the +options+ hash.
#
- # See <tt>number_to_human</tt> if you want to pretty-print a generic number.
+ # See <tt>number_to_human</tt> if you want to pretty-print a
+ # generic number.
#
# ==== Options
- # * <tt>:locale</tt> - Sets the locale to be used for formatting (defaults to current locale).
- # * <tt>:precision</tt> - Sets the precision of the number (defaults to 3).
- # * <tt>:significant</tt> - If +true+, precision will be the # of significant_digits. If +false+, the # of fractional digits (defaults to +true+)
- # * <tt>:separator</tt> - Sets the separator between the fractional and integer digits (defaults to ".").
- # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults to "").
- # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes insignificant zeros after the decimal separator (defaults to +true+)
- # * <tt>:prefix</tt> - If +:si+ formats the number using the SI prefix (defaults to :binary)
- # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when the argument is invalid.
+ #
+ # * <tt>:locale</tt> - Sets the locale to be used for formatting
+ # (defaults to current locale).
+ # * <tt>:precision</tt> - Sets the precision of the number
+ # (defaults to 3).
+ # * <tt>:significant</tt> - If +true+, precision will be the #
+ # of significant_digits. If +false+, the # of fractional
+ # digits (defaults to +true+)
+ # * <tt>:separator</tt> - Sets the separator between the
+ # fractional and integer digits (defaults to ".").
+ # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+ # to "").
+ # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes
+ # insignificant zeros after the decimal separator (defaults to
+ # +true+)
+ # * <tt>:prefix</tt> - If +:si+ formats the number using the SI
+ # prefix (defaults to :binary)
+ # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+ # the argument is invalid.
+ #
# ==== Examples
+ #
# number_to_human_size(123) # => 123 Bytes
# number_to_human_size(1234) # => 1.21 KB
# number_to_human_size(12345) # => 12.1 KB
@@ -357,8 +401,10 @@ module ActionView
# number_to_human_size(483989, :precision => 2) # => 470 KB
# number_to_human_size(1234567, :precision => 2, :separator => ',') # => 1,2 MB
#
- # Non-significant zeros after the fractional separator are stripped out by default (set
- # <tt>:strip_insignificant_zeros</tt> to +false+ to change that):
+ # Non-significant zeros after the fractional separator are
+ # stripped out by default (set
+ # <tt>:strip_insignificant_zeros</tt> to +false+ to change
+ # that):
# number_to_human_size(1234567890123, :precision => 5) # => "1.1229 TB"
# number_to_human_size(524288000, :precision => 5) # => "500 MB"
def number_to_human_size(number, options = {})
@@ -406,33 +452,55 @@ module ActionView
DECIMAL_UNITS = {0 => :unit, 1 => :ten, 2 => :hundred, 3 => :thousand, 6 => :million, 9 => :billion, 12 => :trillion, 15 => :quadrillion,
-1 => :deci, -2 => :centi, -3 => :mili, -6 => :micro, -9 => :nano, -12 => :pico, -15 => :femto}.freeze
- # Pretty prints (formats and approximates) a number in a way it is more readable by humans
- # (eg.: 1200000000 becomes "1.2 Billion"). This is useful for numbers that
- # can get very large (and too hard to read).
+ # Pretty prints (formats and approximates) a number in a way it
+ # is more readable by humans (eg.: 1200000000 becomes "1.2
+ # Billion"). This is useful for numbers that can get very large
+ # (and too hard to read).
#
- # See <tt>number_to_human_size</tt> if you want to print a file size.
+ # See <tt>number_to_human_size</tt> if you want to print a file
+ # size.
#
- # You can also define you own unit-quantifier names if you want to use other decimal units
- # (eg.: 1500 becomes "1.5 kilometers", 0.150 becomes "150 milliliters", etc). You may define
- # a wide range of unit quantifiers, even fractional ones (centi, deci, mili, etc).
+ # You can also define you own unit-quantifier names if you want
+ # to use other decimal units (eg.: 1500 becomes "1.5
+ # kilometers", 0.150 becomes "150 milliliters", etc). You may
+ # define a wide range of unit quantifiers, even fractional ones
+ # (centi, deci, mili, etc).
#
# ==== Options
- # * <tt>:locale</tt> - Sets the locale to be used for formatting (defaults to current locale).
- # * <tt>:precision</tt> - Sets the precision of the number (defaults to 3).
- # * <tt>:significant</tt> - If +true+, precision will be the # of significant_digits. If +false+, the # of fractional digits (defaults to +true+)
- # * <tt>:separator</tt> - Sets the separator between the fractional and integer digits (defaults to ".").
- # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults to "").
- # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes insignificant zeros after the decimal separator (defaults to +true+)
- # * <tt>:units</tt> - A Hash of unit quantifier names. Or a string containing an i18n scope where to find this hash. It might have the following keys:
- # * *integers*: <tt>:unit</tt>, <tt>:ten</tt>, <tt>:hundred</tt>, <tt>:thousand</tt>, <tt>:million</tt>, <tt>:billion</tt>, <tt>:trillion</tt>, <tt>:quadrillion</tt>
- # * *fractionals*: <tt>:deci</tt>, <tt>:centi</tt>, <tt>:mili</tt>, <tt>:micro</tt>, <tt>:nano</tt>, <tt>:pico</tt>, <tt>:femto</tt>
- # * <tt>:format</tt> - Sets the format of the output string (defaults to "%n %u"). The field types are:
- # %u The quantifier (ex.: 'thousand')
- # %n The number
- # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when the argument is invalid.
#
+ # * <tt>:locale</tt> - Sets the locale to be used for formatting
+ # (defaults to current locale).
+ # * <tt>:precision</tt> - Sets the precision of the number
+ # (defaults to 3).
+ # * <tt>:significant</tt> - If +true+, precision will be the #
+ # of significant_digits. If +false+, the # of fractional
+ # digits (defaults to +true+)
+ # * <tt>:separator</tt> - Sets the separator between the
+ # fractional and integer digits (defaults to ".").
+ # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+ # to "").
+ # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes
+ # insignificant zeros after the decimal separator (defaults to
+ # +true+)
+ # * <tt>:units</tt> - A Hash of unit quantifier names. Or a
+ # string containing an i18n scope where to find this hash. It
+ # might have the following keys:
+ # * *integers*: <tt>:unit</tt>, <tt>:ten</tt>,
+ # *<tt>:hundred</tt>, <tt>:thousand</tt>, <tt>:million</tt>,
+ # *<tt>:billion</tt>, <tt>:trillion</tt>,
+ # *<tt>:quadrillion</tt>
+ # * *fractionals*: <tt>:deci</tt>, <tt>:centi</tt>,
+ # *<tt>:mili</tt>, <tt>:micro</tt>, <tt>:nano</tt>,
+ # *<tt>:pico</tt>, <tt>:femto</tt>
+ # * <tt>:format</tt> - Sets the format of the output string
+ # (defaults to "%n %u"). The field types are:
+ # * %u - The quantifier (ex.: 'thousand')
+ # * %n - The number
+ # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+ # the argument is invalid.
#
# ==== Examples
+ #
# number_to_human(123) # => "123"
# number_to_human(1234) # => "1.23 Thousand"
# number_to_human(12345) # => "12.3 Thousand"
@@ -449,8 +517,9 @@ module ActionView
# :separator => ',',
# :significant => false) # => "1,2 Million"
#
- # Unsignificant zeros after the decimal separator are stripped out by default (set
- # <tt>:strip_insignificant_zeros</tt> to +false+ to change that):
+ # Non-significant zeros after the decimal separator are stripped
+ # out by default (set <tt>:strip_insignificant_zeros</tt> to
+ # +false+ to change that):
# number_to_human(12345012345, :significant_digits => 6) # => "12.345 Billion"
# number_to_human(500000000, :precision => 5) # => "500 Million"
#
diff --git a/lib/action_view/helpers/sanitize_helper.rb b/lib/action_view/helpers/sanitize_helper.rb
index 7768c8c..0f6a5ed 100644
--- a/lib/action_view/helpers/sanitize_helper.rb
+++ b/lib/action_view/helpers/sanitize_helper.rb
@@ -80,7 +80,7 @@ module ActionView
# strip_tags("<div id='top-bar'>Welcome to my website!</div>")
# # => Welcome to my website!
def strip_tags(html)
- self.class.full_sanitizer.sanitize(html).try(:html_safe)
+ self.class.full_sanitizer.sanitize(html)
end
# Strips all link tags from +text+ leaving just the link text.
diff --git a/lib/action_view/helpers/url_helper.rb b/lib/action_view/helpers/url_helper.rb
index d044afa..1f1cd3c 100644
--- a/lib/action_view/helpers/url_helper.rb
+++ b/lib/action_view/helpers/url_helper.rb
@@ -301,7 +301,7 @@ module ActionView
# # <div><input value="Create" type="submit" /></div>
# # </form>"
#
- #
+ #
# <%= button_to "Delete Image", { :action => "delete", :id => @image.id },
# :confirm => "Are you sure?", :method => :delete %>
# # => "<form method="post" action="/images/delete/1" class="button_to">
@@ -317,7 +317,7 @@ module ActionView
# # => "<form class='button_to' method='post' action='http://www.example.com' data-remote='true'>
# # <div>
# # <input name='_method' value='delete' type='hidden' />
- # # <input value='Destroy' type='submit' data-disable-with='loading...' data-confirm='Are you sure?' />
+ # # <input value='Destroy' type='submit' disable_with='loading...' data-confirm='Are you sure?' />
# # </div>
# # </form>"
# #
@@ -333,9 +333,9 @@ module ActionView
form_method = method.to_s == 'get' ? 'get' : 'post'
form_options = html_options.delete('form') || {}
form_options[:class] ||= html_options.delete('form_class') || 'button_to'
-
+
remote = html_options.delete('remote')
-
+
request_token_tag = ''
if form_method == 'post' && protect_against_forgery?
request_token_tag = tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token)
@@ -350,7 +350,7 @@ module ActionView
form_options.merge!(:method => form_method, :action => url)
form_options.merge!("data-remote" => "true") if remote
-
+
"#{tag(:form, form_options, true)}<div>#{method_tag}#{tag("input", html_options)}#{request_token_tag}</div></form>".html_safe
end
@@ -622,19 +622,9 @@ module ActionView
confirm = html_options.delete('confirm')
method = html_options.delete('method')
- if disable_with
- ActiveSupport::Deprecation.warn ":disable_with option is deprecated and will be removed from Rails 4.0. Use 'data-disable-with' instead"
-
- html_options["data-disable-with"] = disable_with
- end
-
- if confirm
- ActiveSupport::Deprecation.warn ":confirm option is deprecated and will be removed from Rails 4.0. Use ':data => { :confirm => \'Text\' }' instead"
-
- html_options["data-confirm"] = confirm
- end
-
- add_method_to_attributes!(html_options, method) if method
+ html_options["data-disable-with"] = disable_with if disable_with
+ html_options["data-confirm"] = confirm if confirm
+ add_method_to_attributes!(html_options, method) if method
html_options
else
diff --git a/metadata.yml b/metadata.yml
index db6c20b..0129d15 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -1,190 +1,183 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
name: actionpack
-version: !ruby/object:Gem::Version
- hash: 3
+version: !ruby/object:Gem::Version
+ version: 3.2.8
prerelease:
- segments:
- - 3
- - 2
- - 6
- version: 3.2.6
platform: ruby
-authors:
+authors:
- David Heinemeier Hansson
autorequire:
bindir: bin
cert_chain: []
-
-date: 2012-06-12 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2012-08-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
name: activesupport
- prerelease: false
- requirement: &id001 !ruby/object:Gem::Requirement
+ requirement: !ruby/object:Gem::Requirement
none: false
- requirements:
- - - "="
- - !ruby/object:Gem::Version
- hash: 3
- segments:
- - 3
- - 2
- - 6
- version: 3.2.6
+ requirements:
+ - - '='
+ - !ruby/object:Gem::Version
+ version: 3.2.8
type: :runtime
- version_requirements: *id001
-- !ruby/object:Gem::Dependency
- name: activemodel
prerelease: false
- requirement: &id002 !ruby/object:Gem::Requirement
+ version_requirements: !ruby/object:Gem::Requirement
+ none: false
+ requirements:
+ - - '='
+ - !ruby/object:Gem::Version
+ version: 3.2.8
+- !ruby/object:Gem::Dependency
+ name: activemodel
+ requirement: !ruby/object:Gem::Requirement
none: false
- requirements:
- - - "="
- - !ruby/object:Gem::Version
- hash: 3
- segments:
- - 3
- - 2
- - 6
- version: 3.2.6
+ requirements:
+ - - '='
+ - !ruby/object:Gem::Version
+ version: 3.2.8
type: :runtime
- version_requirements: *id002
-- !ruby/object:Gem::Dependency
- name: rack-cache
prerelease: false
- requirement: &id003 !ruby/object:Gem::Requirement
+ version_requirements: !ruby/object:Gem::Requirement
none: false
- requirements:
+ requirements:
+ - - '='
+ - !ruby/object:Gem::Version
+ version: 3.2.8
+- !ruby/object:Gem::Dependency
+ name: rack-cache
+ requirement: !ruby/object:Gem::Requirement
+ none: false
+ requirements:
- - ~>
- - !ruby/object:Gem::Version
- hash: 11
- segments:
- - 1
- - 2
- version: "1.2"
+ - !ruby/object:Gem::Version
+ version: '1.2'
type: :runtime
- version_requirements: *id003
-- !ruby/object:Gem::Dependency
- name: builder
prerelease: false
- requirement: &id004 !ruby/object:Gem::Requirement
+ version_requirements: !ruby/object:Gem::Requirement
+ none: false
+ requirements:
+ - - ~>
+ - !ruby/object:Gem::Version
+ version: '1.2'
+- !ruby/object:Gem::Dependency
+ name: builder
+ requirement: !ruby/object:Gem::Requirement
none: false
- requirements:
+ requirements:
- - ~>
- - !ruby/object:Gem::Version
- hash: 7
- segments:
- - 3
- - 0
- - 0
+ - !ruby/object:Gem::Version
version: 3.0.0
type: :runtime
- version_requirements: *id004
-- !ruby/object:Gem::Dependency
- name: rack
prerelease: false
- requirement: &id005 !ruby/object:Gem::Requirement
+ version_requirements: !ruby/object:Gem::Requirement
+ none: false
+ requirements:
+ - - ~>
+ - !ruby/object:Gem::Version
+ version: 3.0.0
+- !ruby/object:Gem::Dependency
+ name: rack
+ requirement: !ruby/object:Gem::Requirement
none: false
- requirements:
+ requirements:
- - ~>
- - !ruby/object:Gem::Version
- hash: 7
- segments:
- - 1
- - 4
- - 0
+ - !ruby/object:Gem::Version
version: 1.4.0
type: :runtime
- version_requirements: *id005
-- !ruby/object:Gem::Dependency
- name: rack-test
prerelease: false
- requirement: &id006 !ruby/object:Gem::Requirement
+ version_requirements: !ruby/object:Gem::Requirement
none: false
- requirements:
+ requirements:
- - ~>
- - !ruby/object:Gem::Version
- hash: 5
- segments:
- - 0
- - 6
- - 1
+ - !ruby/object:Gem::Version
+ version: 1.4.0
+- !ruby/object:Gem::Dependency
+ name: rack-test
+ requirement: !ruby/object:Gem::Requirement
+ none: false
+ requirements:
+ - - ~>
+ - !ruby/object:Gem::Version
version: 0.6.1
type: :runtime
- version_requirements: *id006
-- !ruby/object:Gem::Dependency
- name: journey
prerelease: false
- requirement: &id007 !ruby/object:Gem::Requirement
+ version_requirements: !ruby/object:Gem::Requirement
none: false
- requirements:
+ requirements:
- - ~>
- - !ruby/object:Gem::Version
- hash: 21
- segments:
- - 1
- - 0
- - 1
- version: 1.0.1
+ - !ruby/object:Gem::Version
+ version: 0.6.1
+- !ruby/object:Gem::Dependency
+ name: journey
+ requirement: !ruby/object:Gem::Requirement
+ none: false
+ requirements:
+ - - ~>
+ - !ruby/object:Gem::Version
+ version: 1.0.4
type: :runtime
- version_requirements: *id007
-- !ruby/object:Gem::Dependency
- name: sprockets
prerelease: false
- requirement: &id008 !ruby/object:Gem::Requirement
+ version_requirements: !ruby/object:Gem::Requirement
none: false
- requirements:
+ requirements:
- - ~>
- - !ruby/object:Gem::Version
- hash: 13
- segments:
- - 2
- - 1
- - 3
+ - !ruby/object:Gem::Version
+ version: 1.0.4
+- !ruby/object:Gem::Dependency
+ name: sprockets
+ requirement: !ruby/object:Gem::Requirement
+ none: false
+ requirements:
+ - - ~>
+ - !ruby/object:Gem::Version
version: 2.1.3
type: :runtime
- version_requirements: *id008
-- !ruby/object:Gem::Dependency
- name: erubis
prerelease: false
- requirement: &id009 !ruby/object:Gem::Requirement
+ version_requirements: !ruby/object:Gem::Requirement
+ none: false
+ requirements:
+ - - ~>
+ - !ruby/object:Gem::Version
+ version: 2.1.3
+- !ruby/object:Gem::Dependency
+ name: erubis
+ requirement: !ruby/object:Gem::Requirement
none: false
- requirements:
+ requirements:
- - ~>
- - !ruby/object:Gem::Version
- hash: 19
- segments:
- - 2
- - 7
- - 0
+ - !ruby/object:Gem::Version
version: 2.7.0
type: :runtime
- version_requirements: *id009
-- !ruby/object:Gem::Dependency
- name: tzinfo
prerelease: false
- requirement: &id010 !ruby/object:Gem::Requirement
+ version_requirements: !ruby/object:Gem::Requirement
none: false
- requirements:
+ requirements:
- - ~>
- - !ruby/object:Gem::Version
- hash: 41
- segments:
- - 0
- - 3
- - 29
+ - !ruby/object:Gem::Version
+ version: 2.7.0
+- !ruby/object:Gem::Dependency
+ name: tzinfo
+ requirement: !ruby/object:Gem::Requirement
+ none: false
+ requirements:
+ - - ~>
+ - !ruby/object:Gem::Version
version: 0.3.29
type: :development
- version_requirements: *id010
-description: Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
+ prerelease: false
+ version_requirements: !ruby/object:Gem::Requirement
+ none: false
+ requirements:
+ - - ~>
+ - !ruby/object:Gem::Version
+ version: 0.3.29
+description: Web apps on Rails. Simple, battle-tested conventions for building and
+ testing MVC web applications. Works with any Rack-compatible server.
email: david at loudthinking.com
executables: []
-
extensions: []
-
extra_rdoc_files: []
-
-files:
+files:
- CHANGELOG.md
- README.rdoc
- MIT-LICENSE
@@ -378,38 +371,30 @@ files:
- lib/sprockets/static_compiler.rb
homepage: http://www.rubyonrails.org
licenses: []
-
post_install_message:
rdoc_options: []
-
-require_paths:
+require_paths:
- lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement
none: false
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- hash: 57
- segments:
- - 1
- - 8
- - 7
+ requirements:
+ - - ! '>='
+ - !ruby/object:Gem::Version
version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement
+required_rubygems_version: !ruby/object:Gem::Requirement
none: false
- requirements:
- - - ">="
- - !ruby/object:Gem::Version
- hash: 3
- segments:
+ requirements:
+ - - ! '>='
+ - !ruby/object:Gem::Version
+ version: '0'
+ segments:
- 0
- version: "0"
-requirements:
+ hash: 4400436490322718554
+requirements:
- none
rubyforge_project:
-rubygems_version: 1.8.22
+rubygems_version: 1.8.24
signing_key:
specification_version: 3
summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
test_files: []
-
--
ruby-actionpack-3.2.git
More information about the Pkg-ruby-extras-commits
mailing list