[DRE-commits] [SCM] ruby-actionpack-3.2.git branch, master-experimental, updated. debian/3.2.6-4-14-g8fe61f1

Ondřej Surý ondrej at sury.org
Tue Jan 15 22:18:20 UTC 2013


The following commit has been merged in the master-experimental branch:
commit f468503ed5e63e8e1910a16a7c479cf270b438f9
Author: Ondřej Surý <ondrej at sury.org>
Date:   Fri Oct 12 12:52:58 2012 +0200

    Imported Upstream version 3.2.8

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4b483b2..cc1c6ba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,49 @@
+## Rails 3.2.8 (Aug 9, 2012) ##
+
+*   There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
+    helper doesn't correctly handle malformed html.  As a result an attacker can
+    execute arbitrary javascript through the use of specially crafted malformed
+    html.
+
+    *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
+
+*   When a "prompt" value is supplied to the `select_tag` helper, the "prompt" value is not escaped.
+    If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
+    Vulnerable code will look something like this:
+    select_tag("name", options, :prompt => UNTRUSTED_INPUT)
+
+    *Santiago Pastorino*
+
+*   Reverted the deprecation of `:confirm`. *Rafael Mendonça França*
+
+*   Reverted the deprecation of `:disable_with`. *Rafael Mendonça França*
+
+*   Reverted the deprecation of `:mouseover` option to `image_tag`. *Rafael Mendonça França*
+
+*   Reverted the deprecation of `button_to_function` and `link_to_function` helpers.
+
+    *Rafael Mendonça França*
+
+
+## Rails 3.2.7 (Jul 26, 2012) ##
+
+*   Do not convert digest auth strings to symbols. CVE-2012-3424
+
+*   Bump Journey requirements to 1.0.4
+
+*   Add support for optional root segments containing slashes
+
+*   Fixed bug creating invalid HTML in select options
+
+*   Show in log correct wrapped keys
+
+*   Fix NumberHelper options wrapping to prevent verbatim blocks being rendered instead of line continuations.
+
+*   ActionController::Metal doesn't have logger method, check it and then delegate
+
+*   ActionController::Caching depends on RackDelegation and AbstractController::Callbacks
+
+
 ## Rails 3.2.6 (Jun 12, 2012) ##
 
 *   nil is removed from array parameter values
diff --git a/lib/action_controller/caching.rb b/lib/action_controller/caching.rb
index 112573a..9118806 100644
--- a/lib/action_controller/caching.rb
+++ b/lib/action_controller/caching.rb
@@ -55,6 +55,9 @@ module ActionController #:nodoc:
       end
     end
 
+    include RackDelegation
+    include AbstractController::Callbacks
+
     include ConfigMethods
     include Pages, Actions, Fragments
     include Sweeping if defined?(ActiveRecord)
diff --git a/lib/action_controller/metal/http_authentication.rb b/lib/action_controller/metal/http_authentication.rb
index 9f2f547..fe4ab65 100644
--- a/lib/action_controller/metal/http_authentication.rb
+++ b/lib/action_controller/metal/http_authentication.rb
@@ -227,9 +227,9 @@ module ActionController
       end
 
       def decode_credentials(header)
-        Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
+        HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
           key, value = pair.split('=', 2)
-          [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
+          [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')]
         end]
       end
 
diff --git a/lib/action_controller/metal/params_wrapper.rb b/lib/action_controller/metal/params_wrapper.rb
index 1ab436a..ea71171 100644
--- a/lib/action_controller/metal/params_wrapper.rb
+++ b/lib/action_controller/metal/params_wrapper.rb
@@ -194,7 +194,8 @@ module ActionController
     def process_action(*args)
       if _wrapper_enabled?
         wrapped_hash = _wrap_parameters request.request_parameters
-        wrapped_filtered_hash = _wrap_parameters request.filtered_parameters
+        wrapped_keys = request.request_parameters.keys
+        wrapped_filtered_hash = _wrap_parameters request.filtered_parameters.slice(*wrapped_keys)
 
         # This will make the wrapped hash accessible from controller and view
         request.parameters.merge! wrapped_hash
diff --git a/lib/action_dispatch/middleware/cookies.rb b/lib/action_dispatch/middleware/cookies.rb
index 39ff58a..2f46a37 100644
--- a/lib/action_dispatch/middleware/cookies.rb
+++ b/lib/action_dispatch/middleware/cookies.rb
@@ -1,5 +1,6 @@
 require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/hash/keys'
+require 'active_support/core_ext/module/attribute_accessors'
 
 module ActionDispatch
   class Request
diff --git a/lib/action_dispatch/routing/mapper.rb b/lib/action_dispatch/routing/mapper.rb
index 82062c0..40ff696 100644
--- a/lib/action_dispatch/routing/mapper.rb
+++ b/lib/action_dispatch/routing/mapper.rb
@@ -238,7 +238,7 @@ module ActionDispatch
       # for root cases, where the latter is the correct one.
       def self.normalize_path(path)
         path = Journey::Router::Utils.normalize_path(path)
-        path.gsub!(%r{/(\(+)/?}, '\1/') unless path =~ %r{^/\(+[^/]+\)$}
+        path.gsub!(%r{/(\(+)/?}, '\1/') unless path =~ %r{^/\(+[^)]+\)$}
         path
       end
 
diff --git a/lib/action_pack/version.rb b/lib/action_pack/version.rb
index 58ccf8e..7296b19 100644
--- a/lib/action_pack/version.rb
+++ b/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 6
+    TINY  = 8
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/lib/action_view/asset_paths.rb b/lib/action_view/asset_paths.rb
index f6115db..c192d37 100644
--- a/lib/action_view/asset_paths.rb
+++ b/lib/action_view/asset_paths.rb
@@ -33,7 +33,13 @@ module ActionView
     # Return the filesystem path for the source
     def compute_source_path(source, dir, ext)
       source = rewrite_extension(source, dir, ext) if ext
-      File.join(config.assets_dir, dir, source)
+
+      sources = []
+      sources << config.assets_dir
+      sources << dir unless source[0] == ?/
+      sources << source
+
+      File.join(sources)
     end
 
     def is_uri?(path)
diff --git a/lib/action_view/helpers/asset_tag_helper.rb b/lib/action_view/helpers/asset_tag_helper.rb
index 51d5d58..caa1a02 100644
--- a/lib/action_view/helpers/asset_tag_helper.rb
+++ b/lib/action_view/helpers/asset_tag_helper.rb
@@ -367,8 +367,6 @@ module ActionView
         end
 
         if mouseover = options.delete(:mouseover)
-          ActiveSupport::Deprecation.warn ":mouseover option is deprecated and will be removed from Rails 4.0"
-
           options[:onmouseover] = "this.src='#{path_to_image(mouseover)}'"
           options[:onmouseout]  = "this.src='#{src}'"
         end
diff --git a/lib/action_view/helpers/controller_helper.rb b/lib/action_view/helpers/controller_helper.rb
index 1a583e6..74ef25f 100644
--- a/lib/action_view/helpers/controller_helper.rb
+++ b/lib/action_view/helpers/controller_helper.rb
@@ -10,14 +10,16 @@ module ActionView
       delegate :request_forgery_protection_token, :params, :session, :cookies, :response, :headers,
                :flash, :action_name, :controller_name, :controller_path, :to => :controller
 
-      delegate :logger, :to => :controller, :allow_nil => true
-
       def assign_controller(controller)
         if @_controller = controller
           @_request = controller.request if controller.respond_to?(:request)
           @_config  = controller.config.inheritable_copy if controller.respond_to?(:config)
         end
       end
+
+      def logger
+        controller.logger if controller.respond_to?(:logger)
+      end
     end
   end
 end
diff --git a/lib/action_view/helpers/form_options_helper.rb b/lib/action_view/helpers/form_options_helper.rb
index f64d390..623c45f 100644
--- a/lib/action_view/helpers/form_options_helper.rb
+++ b/lib/action_view/helpers/form_options_helper.rb
@@ -134,7 +134,7 @@ module ActionView
       #
       # ==== Gotcha
       #
-      # The HTML specification says when +multiple+ parameter passed to select and all options got deselected 
+      # The HTML specification says when +multiple+ parameter passed to select and all options got deselected
       # web browsers do not send any value to server. Unfortunately this introduces a gotcha:
       # if an +User+ model has many +roles+ and have +role_ids+ accessor, and in the form that edits roles of the user
       # the user deselects all roles from +role_ids+ multiple select box, no +role_ids+ parameter is sent. So,
@@ -336,7 +336,7 @@ module ActionView
 
       end
 
-      # Returns a string of option tags that have been compiled by iterating over the +collection+ and assigning 
+      # Returns a string of option tags that have been compiled by iterating over the +collection+ and assigning
       # the result of a call to the +value_method+ as the option value and the +text_method+ as the option text.
       # Example:
       #   options_from_collection_for_select(@people, 'id', 'name')
@@ -616,11 +616,11 @@ module ActionView
       private
         def add_options(option_tags, options, value = nil)
           if options[:include_blank]
-            option_tags = content_tag('option', options[:include_blank].kind_of?(String) ? options[:include_blank] : nil, :value => '') + "\n" + option_tags
+            option_tags = content_tag_string('option', options[:include_blank].kind_of?(String) ? options[:include_blank] : nil, :value => '') + "\n" + option_tags
           end
           if value.blank? && options[:prompt]
             prompt = options[:prompt].kind_of?(String) ? options[:prompt] : I18n.translate('helpers.select.prompt', :default => 'Please select')
-            option_tags = content_tag('option', prompt, :value => '') + "\n" + option_tags
+            option_tags = content_tag_string('option', prompt, :value => '') + "\n" + option_tags
           end
           option_tags
         end
@@ -630,7 +630,7 @@ module ActionView
           add_default_name_and_id(html_options)
           select = content_tag("select", add_options(option_tags, options, value(object)), html_options)
           if html_options["multiple"]
-            tag("input", :disabled => html_options["disabled"], :name => html_options["name"], :type => "hidden", :value => "") + select 
+            tag("input", :disabled => html_options["disabled"], :name => html_options["name"], :type => "hidden", :value => "") + select
           else
             select
           end
diff --git a/lib/action_view/helpers/form_tag_helper.rb b/lib/action_view/helpers/form_tag_helper.rb
index ef27893..9e0ec17 100644
--- a/lib/action_view/helpers/form_tag_helper.rb
+++ b/lib/action_view/helpers/form_tag_helper.rb
@@ -122,11 +122,11 @@ module ActionView
         html_name = (options[:multiple] == true && !name.to_s.ends_with?("[]")) ? "#{name}[]" : name
 
         if options.delete(:include_blank)
-          option_tags = "<option value=\"\"></option>".html_safe + option_tags
+          option_tags = content_tag(:option, '', :value => '').safe_concat(option_tags)
         end
 
         if prompt = options.delete(:prompt)
-          option_tags = "<option value=\"\">#{prompt}</option>".html_safe + option_tags
+          option_tags = content_tag(:option, prompt, :value => '').safe_concat(option_tags)
         end
 
         content_tag :select, option_tags, { "name" => html_name, "id" => sanitize_to_id(name) }.update(options.stringify_keys)
@@ -417,14 +417,10 @@ module ActionView
         options = options.stringify_keys
 
         if disable_with = options.delete("disable_with")
-          ActiveSupport::Deprecation.warn ":disable_with option is deprecated and will be removed from Rails 4.0. Use 'data-disable-with' instead"
-
           options["data-disable-with"] = disable_with
         end
 
         if confirm = options.delete("confirm")
-          ActiveSupport::Deprecation.warn ":confirm option is deprecated and will be removed from Rails 4.0. Use ':data => { :confirm => \'Text\' }' instead"
-
           options["data-confirm"] = confirm
         end
 
@@ -471,14 +467,10 @@ module ActionView
         options = options.stringify_keys
 
         if disable_with = options.delete("disable_with")
-          ActiveSupport::Deprecation.warn ":disable_with option is deprecated and will be removed from Rails 4.0. Use 'data-disable-with' instead"
-
           options["data-disable-with"] = disable_with
         end
 
         if confirm = options.delete("confirm")
-          ActiveSupport::Deprecation.warn ":confirm option is deprecated and will be removed from Rails 4.0. Use ':data => { :confirm => \'Text\' }' instead"
-
           options["data-confirm"] = confirm
         end
 
@@ -514,8 +506,6 @@ module ActionView
         options = options.stringify_keys
 
         if confirm = options.delete("confirm")
-          ActiveSupport::Deprecation.warn ":confirm option is deprecated and will be removed from Rails 4.0. Use ':data => { :confirm => \'Text\' }' instead"
-
           options["data-confirm"] = confirm
         end
 
diff --git a/lib/action_view/helpers/javascript_helper.rb b/lib/action_view/helpers/javascript_helper.rb
index 042ac4e..842f4c2 100644
--- a/lib/action_view/helpers/javascript_helper.rb
+++ b/lib/action_view/helpers/javascript_helper.rb
@@ -82,8 +82,6 @@ module ActionView
       #   # => <input class="ok" onclick="alert('Hello world!');" type="button" value="Greeting" />
       #
       def button_to_function(name, function=nil, html_options={})
-        ActiveSupport::Deprecation.warn("button_to_function is deprecated and will be removed from Rails 4.0")
-
         onclick = "#{"#{html_options[:onclick]}; " if html_options[:onclick]}#{function};"
 
         tag(:input, html_options.merge(:type => 'button', :value => name, :onclick => onclick))
@@ -102,8 +100,6 @@ module ActionView
       #   # => <a class="nav_link" href="#" onclick="alert('Hello world!'); return false;">Greeting</a>
       #
       def link_to_function(name, function, html_options={})
-        ActiveSupport::Deprecation.warn("link_to_function is deprecated and will be removed from Rails 4.0")
-
         onclick = "#{"#{html_options[:onclick]}; " if html_options[:onclick]}#{function}; return false;"
         href = html_options[:href] || '#'
 
diff --git a/lib/action_view/helpers/number_helper.rb b/lib/action_view/helpers/number_helper.rb
index b5e33dc..2f372bd 100644
--- a/lib/action_view/helpers/number_helper.rb
+++ b/lib/action_view/helpers/number_helper.rb
@@ -29,17 +29,20 @@ module ActionView
         end
       end
 
-      # Formats a +number+ into a US phone number (e.g., (555) 123-9876). You can customize the format
-      # in the +options+ hash.
+      # Formats a +number+ into a US phone number (e.g., (555)
+      # 123-9876). You can customize the format in the +options+ hash.
       #
       # ==== Options
       #
-      # * <tt>:area_code</tt>     - Adds parentheses around the area code.
-      # * <tt>:delimiter</tt>     - Specifies the delimiter to use (defaults to "-").
-      # * <tt>:extension</tt>     - Specifies an extension to add to the end of the
-      #                             generated number.
-      # * <tt>:country_code</tt>  - Sets the country code for the phone number.
-      # * <tt>:raise</tt>         - If true, raises +InvalidNumberError+ when the argument is invalid.
+      # * <tt>:area_code</tt> - Adds parentheses around the area code.
+      # * <tt>:delimiter</tt> - Specifies the delimiter to use
+      #   (defaults to "-").
+      # * <tt>:extension</tt> - Specifies an extension to add to the
+      #   end of the generated number.
+      # * <tt>:country_code</tt> - Sets the country code for the phone
+      #   number.
+      # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+      #   the argument is invalid.
       #
       # ==== Examples
       #
@@ -86,24 +89,31 @@ module ActionView
         ERB::Util.html_escape(str.join)
       end
 
-      # Formats a +number+ into a currency string (e.g., $13.65). You can customize the format
-      # in the +options+ hash.
+      # Formats a +number+ into a currency string (e.g., $13.65). You
+      # can customize the format in the +options+ hash.
       #
       # ==== Options
       #
-      # * <tt>:locale</tt>           - Sets the locale to be used for formatting (defaults to current locale).
-      # * <tt>:precision</tt>        - Sets the level of precision (defaults to 2).
-      # * <tt>:unit</tt>             - Sets the denomination of the currency (defaults to "$").
-      # * <tt>:separator</tt>        - Sets the separator between the units (defaults to ".").
-      # * <tt>:delimiter</tt>        - Sets the thousands delimiter (defaults to ",").
-      # * <tt>:format</tt>           - Sets the format for non-negative numbers (defaults to "%u%n").
-      #                                Fields are <tt>%u</tt> for the currency, and <tt>%n</tt>
-      #                                for the number.
-      # * <tt>:negative_format</tt>  - Sets the format for negative numbers (defaults to prepending
-      #                                an hyphen to the formatted number given by <tt>:format</tt>).
-      #                                Accepts the same fields than <tt>:format</tt>, except
-      #                                <tt>%n</tt> is here the absolute value of the number.
-      # * <tt>:raise</tt>            - If true, raises +InvalidNumberError+ when the argument is invalid.
+      # * <tt>:locale</tt> - Sets the locale to be used for formatting
+      #   (defaults to current locale).
+      # * <tt>:precision</tt> - Sets the level of precision (defaults
+      #   to 2).
+      # * <tt>:unit</tt> - Sets the denomination of the currency
+      #   (defaults to "$").
+      # * <tt>:separator</tt> - Sets the separator between the units
+      #   (defaults to ".").
+      # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+      #   to ",").
+      # * <tt>:format</tt> - Sets the format for non-negative numbers
+      #   (defaults to "%u%n").  Fields are <tt>%u</tt> for the
+      #   currency, and <tt>%n</tt> for the number.
+      # * <tt>:negative_format</tt> - Sets the format for negative
+      #   numbers (defaults to prepending an hyphen to the formatted
+      #   number given by <tt>:format</tt>).  Accepts the same fields
+      #   than <tt>:format</tt>, except <tt>%n</tt> is here the
+      #   absolute value of the number.
+      # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+      #   the argument is invalid.
       #
       # ==== Examples
       #
@@ -156,21 +166,27 @@ module ActionView
 
       end
 
-      # Formats a +number+ as a percentage string (e.g., 65%). You can customize the format in the +options+ hash.
+      # Formats a +number+ as a percentage string (e.g., 65%). You can
+      # customize the format in the +options+ hash.
       #
       # ==== Options
       #
-      # * <tt>:locale</tt>                      - Sets the locale to be used for formatting (defaults to current
-      #                                           locale).
-      # * <tt>:precision</tt>                   - Sets the precision of the number (defaults to 3).
-      # * <tt>:significant</tt>                 - If +true+, precision will be the # of significant_digits. If +false+,
-      #                                           the # of fractional digits (defaults to +false+).
-      # * <tt>:separator</tt>                   - Sets the separator between the fractional and integer digits (defaults
-      #                                           to ".").
-      # * <tt>:delimiter</tt>                   - Sets the thousands delimiter (defaults to "").
-      # * <tt>:strip_insignificant_zeros</tt>   - If +true+ removes insignificant zeros after the decimal separator
-      #                                           (defaults to +false+).
-      # * <tt>:raise</tt>                       - If true, raises +InvalidNumberError+ when the argument is invalid.
+      # * <tt>:locale</tt> - Sets the locale to be used for formatting
+      #   (defaults to current locale).
+      # * <tt>:precision</tt> - Sets the precision of the number
+      #   (defaults to 3).
+      # * <tt>:significant</tt> - If +true+, precision will be the #
+      #   of significant_digits. If +false+, the # of fractional
+      #   digits (defaults to +false+).
+      # * <tt>:separator</tt> - Sets the separator between the
+      #   fractional and integer digits (defaults to ".").
+      # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+      #   to "").
+      # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes
+      #   insignificant zeros after the decimal separator (defaults to
+      #   +false+).
+      # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+      #   the argument is invalid.
       #
       # ==== Examples
       #
@@ -205,15 +221,20 @@ module ActionView
         end
       end
 
-      # Formats a +number+ with grouped thousands using +delimiter+ (e.g., 12,324). You can
-      # customize the format in the +options+ hash.
+      # Formats a +number+ with grouped thousands using +delimiter+
+      # (e.g., 12,324). You can customize the format in the +options+
+      # hash.
       #
       # ==== Options
       #
-      # * <tt>:locale</tt>     - Sets the locale to be used for formatting (defaults to current locale).
-      # * <tt>:delimiter</tt>  - Sets the thousands delimiter (defaults to ",").
-      # * <tt>:separator</tt>  - Sets the separator between the fractional and integer digits (defaults to ".").
-      # * <tt>:raise</tt>      - If true, raises +InvalidNumberError+ when the argument is invalid.
+      # * <tt>:locale</tt> - Sets the locale to be used for formatting
+      #   (defaults to current locale).
+      # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+      #   to ",").
+      # * <tt>:separator</tt> - Sets the separator between the
+      #   fractional and integer digits (defaults to ".").
+      # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+      #   the argument is invalid.
       #
       # ==== Examples
       #
@@ -251,23 +272,32 @@ module ActionView
 
       end
 
-      # Formats a +number+ with the specified level of <tt>:precision</tt> (e.g., 112.32 has a precision
-      # of 2 if +:significant+ is +false+, and 5 if +:significant+ is +true+).
+      # Formats a +number+ with the specified level of
+      # <tt>:precision</tt> (e.g., 112.32 has a precision of 2 if
+      # +:significant+ is +false+, and 5 if +:significant+ is +true+).
       # You can customize the format in the +options+ hash.
       #
       # ==== Options
-      # * <tt>:locale</tt>                     - Sets the locale to be used for formatting (defaults to current locale).
-      # * <tt>:precision</tt>                  - Sets the precision of the number (defaults to 3).
-      # * <tt>:significant</tt>                - If +true+, precision will be the # of significant_digits. If +false+,
-      #                                          the # of fractional digits (defaults to +false+).
-      # * <tt>:separator</tt>                  - Sets the separator between the fractional and integer digits (defaults
-      #                                          to ".").
-      # * <tt>:delimiter</tt>                  - Sets the thousands delimiter (defaults to "").
-      # * <tt>:strip_insignificant_zeros</tt>  - If +true+ removes insignificant zeros after the decimal separator
-      #                                          (defaults to +false+).
-      # * <tt>:raise</tt>                      - If true, raises +InvalidNumberError+ when the argument is invalid.
+      #
+      # * <tt>:locale</tt> - Sets the locale to be used for formatting
+      #   (defaults to current locale).
+      # * <tt>:precision</tt> - Sets the precision of the number
+      #   (defaults to 3).
+      # * <tt>:significant</tt> - If +true+, precision will be the #
+      #   of significant_digits. If +false+, the # of fractional
+      #   digits (defaults to +false+).
+      # * <tt>:separator</tt> - Sets the separator between the
+      #   fractional and integer digits (defaults to ".").
+      # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+      #   to "").
+      # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes
+      #   insignificant zeros after the decimal separator (defaults to
+      #   +false+).
+      # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+      #   the argument is invalid.
       #
       # ==== Examples
+      #
       #  number_with_precision(111.2345)                                            # => 111.235
       #  number_with_precision(111.2345, :precision => 2)                           # => 111.23
       #  number_with_precision(13, :precision => 5)                                 # => 13.00000
@@ -330,23 +360,37 @@ module ActionView
 
       STORAGE_UNITS = [:byte, :kb, :mb, :gb, :tb].freeze
 
-      # Formats the bytes in +number+ into a more understandable representation
-      # (e.g., giving it 1500 yields 1.5 KB). This method is useful for
-      # reporting file sizes to users. You can customize the
-      # format in the +options+ hash.
+      # Formats the bytes in +number+ into a more understandable
+      # representation (e.g., giving it 1500 yields 1.5 KB). This
+      # method is useful for reporting file sizes to users. You can
+      # customize the format in the +options+ hash.
       #
-      # See <tt>number_to_human</tt> if you want to pretty-print a generic number.
+      # See <tt>number_to_human</tt> if you want to pretty-print a
+      # generic number.
       #
       # ==== Options
-      # * <tt>:locale</tt>     - Sets the locale to be used for formatting (defaults to current locale).
-      # * <tt>:precision</tt>  - Sets the precision of the number (defaults to 3).
-      # * <tt>:significant</tt>  - If +true+, precision will be the # of significant_digits. If +false+, the # of fractional digits (defaults to +true+)
-      # * <tt>:separator</tt>  - Sets the separator between the fractional and integer digits (defaults to ".").
-      # * <tt>:delimiter</tt>  - Sets the thousands delimiter (defaults to "").
-      # * <tt>:strip_insignificant_zeros</tt>  - If +true+ removes insignificant zeros after the decimal separator (defaults to +true+)
-      # * <tt>:prefix</tt>  - If +:si+ formats the number using the SI prefix (defaults to :binary)
-      # * <tt>:raise</tt>         - If true, raises +InvalidNumberError+ when the argument is invalid.
+      #
+      # * <tt>:locale</tt> - Sets the locale to be used for formatting
+      #   (defaults to current locale).
+      # * <tt>:precision</tt> - Sets the precision of the number
+      #   (defaults to 3).
+      # * <tt>:significant</tt> - If +true+, precision will be the #
+      #   of significant_digits. If +false+, the # of fractional
+      #   digits (defaults to +true+)
+      # * <tt>:separator</tt> - Sets the separator between the
+      #   fractional and integer digits (defaults to ".").
+      # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+      #   to "").
+      # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes
+      #   insignificant zeros after the decimal separator (defaults to
+      #   +true+)
+      # * <tt>:prefix</tt> - If +:si+ formats the number using the SI
+      #   prefix (defaults to :binary)
+      # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+      #   the argument is invalid.
+      #
       # ==== Examples
+      #
       #  number_to_human_size(123)                                          # => 123 Bytes
       #  number_to_human_size(1234)                                         # => 1.21 KB
       #  number_to_human_size(12345)                                        # => 12.1 KB
@@ -357,8 +401,10 @@ module ActionView
       #  number_to_human_size(483989, :precision => 2)                      # => 470 KB
       #  number_to_human_size(1234567, :precision => 2, :separator => ',')  # => 1,2 MB
       #
-      # Non-significant zeros after the fractional separator are stripped out by default (set
-      # <tt>:strip_insignificant_zeros</tt> to +false+ to change that):
+      # Non-significant zeros after the fractional separator are
+      # stripped out by default (set
+      # <tt>:strip_insignificant_zeros</tt> to +false+ to change
+      # that):
       #  number_to_human_size(1234567890123, :precision => 5)        # => "1.1229 TB"
       #  number_to_human_size(524288000, :precision => 5)            # => "500 MB"
       def number_to_human_size(number, options = {})
@@ -406,33 +452,55 @@ module ActionView
       DECIMAL_UNITS = {0 => :unit, 1 => :ten, 2 => :hundred, 3 => :thousand, 6 => :million, 9 => :billion, 12 => :trillion, 15 => :quadrillion,
         -1 => :deci, -2 => :centi, -3 => :mili, -6 => :micro, -9 => :nano, -12 => :pico, -15 => :femto}.freeze
 
-      # Pretty prints (formats and approximates) a number in a way it is more readable by humans
-      # (eg.: 1200000000 becomes "1.2 Billion"). This is useful for numbers that
-      # can get very large (and too hard to read).
+      # Pretty prints (formats and approximates) a number in a way it
+      # is more readable by humans (eg.: 1200000000 becomes "1.2
+      # Billion"). This is useful for numbers that can get very large
+      # (and too hard to read).
       #
-      # See <tt>number_to_human_size</tt> if you want to print a file size.
+      # See <tt>number_to_human_size</tt> if you want to print a file
+      # size.
       #
-      # You can also define you own unit-quantifier names if you want to use other decimal units
-      # (eg.: 1500 becomes "1.5 kilometers", 0.150 becomes "150 milliliters", etc). You may define
-      # a wide range of unit quantifiers, even fractional ones (centi, deci, mili, etc).
+      # You can also define you own unit-quantifier names if you want
+      # to use other decimal units (eg.: 1500 becomes "1.5
+      # kilometers", 0.150 becomes "150 milliliters", etc). You may
+      # define a wide range of unit quantifiers, even fractional ones
+      # (centi, deci, mili, etc).
       #
       # ==== Options
-      # * <tt>:locale</tt>     - Sets the locale to be used for formatting (defaults to current locale).
-      # * <tt>:precision</tt>  - Sets the precision of the number (defaults to 3).
-      # * <tt>:significant</tt>  - If +true+, precision will be the # of significant_digits. If +false+, the # of fractional digits (defaults to +true+)
-      # * <tt>:separator</tt>  - Sets the separator between the fractional and integer digits (defaults to ".").
-      # * <tt>:delimiter</tt>  - Sets the thousands delimiter (defaults to "").
-      # * <tt>:strip_insignificant_zeros</tt>  - If +true+ removes insignificant zeros after the decimal separator (defaults to +true+)
-      # * <tt>:units</tt> - A Hash of unit quantifier names. Or a string containing an i18n scope where to find this hash. It might have the following keys:
-      #   * *integers*: <tt>:unit</tt>, <tt>:ten</tt>, <tt>:hundred</tt>, <tt>:thousand</tt>,  <tt>:million</tt>,  <tt>:billion</tt>, <tt>:trillion</tt>, <tt>:quadrillion</tt>
-      #   * *fractionals*: <tt>:deci</tt>, <tt>:centi</tt>, <tt>:mili</tt>, <tt>:micro</tt>, <tt>:nano</tt>, <tt>:pico</tt>, <tt>:femto</tt>
-      # * <tt>:format</tt> - Sets the format of the output string (defaults to "%n %u"). The field types are:
-      #     %u  The quantifier (ex.: 'thousand')
-      #     %n  The number
-      # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when the argument is invalid.
       #
+      # * <tt>:locale</tt> - Sets the locale to be used for formatting
+      #   (defaults to current locale).
+      # * <tt>:precision</tt> - Sets the precision of the number
+      #   (defaults to 3).
+      # * <tt>:significant</tt> - If +true+, precision will be the #
+      #   of significant_digits. If +false+, the # of fractional
+      #   digits (defaults to +true+)
+      # * <tt>:separator</tt> - Sets the separator between the
+      #   fractional and integer digits (defaults to ".").
+      # * <tt>:delimiter</tt> - Sets the thousands delimiter (defaults
+      #   to "").
+      # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes
+      #   insignificant zeros after the decimal separator (defaults to
+      #   +true+)
+      # * <tt>:units</tt> - A Hash of unit quantifier names. Or a
+      #   string containing an i18n scope where to find this hash. It
+      #   might have the following keys:
+      #   * *integers*: <tt>:unit</tt>, <tt>:ten</tt>,
+      #     *<tt>:hundred</tt>, <tt>:thousand</tt>, <tt>:million</tt>,
+      #     *<tt>:billion</tt>, <tt>:trillion</tt>,
+      #     *<tt>:quadrillion</tt>
+      #   * *fractionals*: <tt>:deci</tt>, <tt>:centi</tt>,
+      #     *<tt>:mili</tt>, <tt>:micro</tt>, <tt>:nano</tt>,
+      #     *<tt>:pico</tt>, <tt>:femto</tt>
+      # * <tt>:format</tt> - Sets the format of the output string
+      #   (defaults to "%n %u"). The field types are:
+      #   * %u - The quantifier (ex.: 'thousand')
+      #   * %n - The number
+      # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when
+      #   the argument is invalid.
       #
       # ==== Examples
+      #
       #  number_to_human(123)                                          # => "123"
       #  number_to_human(1234)                                         # => "1.23 Thousand"
       #  number_to_human(12345)                                        # => "12.3 Thousand"
@@ -449,8 +517,9 @@ module ActionView
       #                           :separator => ',',
       #                           :significant => false)               # => "1,2 Million"
       #
-      # Unsignificant zeros after the decimal separator are stripped out by default (set
-      # <tt>:strip_insignificant_zeros</tt> to +false+ to change that):
+      # Non-significant zeros after the decimal separator are stripped
+      # out by default (set <tt>:strip_insignificant_zeros</tt> to
+      # +false+ to change that):
       #  number_to_human(12345012345, :significant_digits => 6)       # => "12.345 Billion"
       #  number_to_human(500000000, :precision => 5)                  # => "500 Million"
       #
diff --git a/lib/action_view/helpers/sanitize_helper.rb b/lib/action_view/helpers/sanitize_helper.rb
index 7768c8c..0f6a5ed 100644
--- a/lib/action_view/helpers/sanitize_helper.rb
+++ b/lib/action_view/helpers/sanitize_helper.rb
@@ -80,7 +80,7 @@ module ActionView
       #   strip_tags("<div id='top-bar'>Welcome to my website!</div>")
       #   # => Welcome to my website!
       def strip_tags(html)
-        self.class.full_sanitizer.sanitize(html).try(:html_safe)
+        self.class.full_sanitizer.sanitize(html)
       end
 
       # Strips all link tags from +text+ leaving just the link text.
diff --git a/lib/action_view/helpers/url_helper.rb b/lib/action_view/helpers/url_helper.rb
index d044afa..1f1cd3c 100644
--- a/lib/action_view/helpers/url_helper.rb
+++ b/lib/action_view/helpers/url_helper.rb
@@ -301,7 +301,7 @@ module ActionView
       #   #      <div><input value="Create" type="submit" /></div>
       #   #    </form>"
       #
-      #
+      #      
       #   <%= button_to "Delete Image", { :action => "delete", :id => @image.id },
       #             :confirm => "Are you sure?", :method => :delete %>
       #   # => "<form method="post" action="/images/delete/1" class="button_to">
@@ -317,7 +317,7 @@ module ActionView
       #   # => "<form class='button_to' method='post' action='http://www.example.com' data-remote='true'>
       #   #       <div>
       #   #         <input name='_method' value='delete' type='hidden' />
-      #   #         <input value='Destroy' type='submit' data-disable-with='loading...' data-confirm='Are you sure?' />
+      #   #         <input value='Destroy' type='submit' disable_with='loading...' data-confirm='Are you sure?' />
       #   #       </div>
       #   #     </form>"
       #   #
@@ -333,9 +333,9 @@ module ActionView
         form_method = method.to_s == 'get' ? 'get' : 'post'
         form_options = html_options.delete('form') || {}
         form_options[:class] ||= html_options.delete('form_class') || 'button_to'
-
+        
         remote = html_options.delete('remote')
-
+        
         request_token_tag = ''
         if form_method == 'post' && protect_against_forgery?
           request_token_tag = tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token)
@@ -350,7 +350,7 @@ module ActionView
 
         form_options.merge!(:method => form_method, :action => url)
         form_options.merge!("data-remote" => "true") if remote
-
+        
         "#{tag(:form, form_options, true)}<div>#{method_tag}#{tag("input", html_options)}#{request_token_tag}</div></form>".html_safe
       end
 
@@ -622,19 +622,9 @@ module ActionView
             confirm = html_options.delete('confirm')
             method  = html_options.delete('method')
 
-            if disable_with
-              ActiveSupport::Deprecation.warn ":disable_with option is deprecated and will be removed from Rails 4.0. Use 'data-disable-with' instead"
-
-              html_options["data-disable-with"] = disable_with
-            end
-
-            if confirm
-              ActiveSupport::Deprecation.warn ":confirm option is deprecated and will be removed from Rails 4.0. Use ':data => { :confirm => \'Text\' }' instead"
-
-              html_options["data-confirm"] = confirm
-            end
-
-            add_method_to_attributes!(html_options, method) if method
+            html_options["data-disable-with"] = disable_with if disable_with
+            html_options["data-confirm"] = confirm if confirm
+            add_method_to_attributes!(html_options, method)   if method
 
             html_options
           else
diff --git a/metadata.yml b/metadata.yml
index db6c20b..0129d15 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -1,190 +1,183 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: actionpack
-version: !ruby/object:Gem::Version 
-  hash: 3
+version: !ruby/object:Gem::Version
+  version: 3.2.8
   prerelease: 
-  segments: 
-  - 3
-  - 2
-  - 6
-  version: 3.2.6
 platform: ruby
-authors: 
+authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-06-12 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2012-08-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: activesupport
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 3
-        - 2
-        - 6
-        version: 3.2.6
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.2.8
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: activemodel
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.2.8
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 3
-        - 2
-        - 6
-        version: 3.2.6
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.2.8
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: rack-cache
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.2.8
+- !ruby/object:Gem::Dependency
+  name: rack-cache
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 2
-        version: "1.2"
+      - !ruby/object:Gem::Version
+        version: '1.2'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: builder
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: builder
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        - 0
+      - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: rack
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 1
-        - 4
-        - 0
+      - !ruby/object:Gem::Version
         version: 1.4.0
   type: :runtime
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: rack-test
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 0
-        - 6
-        - 1
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 0.6.1
   type: :runtime
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: journey
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 21
-        segments: 
-        - 1
-        - 0
-        - 1
-        version: 1.0.1
+      - !ruby/object:Gem::Version
+        version: 0.6.1
+- !ruby/object:Gem::Dependency
+  name: journey
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.0.4
   type: :runtime
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency 
-  name: sprockets
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 13
-        segments: 
-        - 2
-        - 1
-        - 3
+      - !ruby/object:Gem::Version
+        version: 1.0.4
+- !ruby/object:Gem::Dependency
+  name: sprockets
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 2.1.3
   type: :runtime
-  version_requirements: *id008
-- !ruby/object:Gem::Dependency 
-  name: erubis
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.1.3
+- !ruby/object:Gem::Dependency
+  name: erubis
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 19
-        segments: 
-        - 2
-        - 7
-        - 0
+      - !ruby/object:Gem::Version
         version: 2.7.0
   type: :runtime
-  version_requirements: *id009
-- !ruby/object:Gem::Dependency 
-  name: tzinfo
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 41
-        segments: 
-        - 0
-        - 3
-        - 29
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+- !ruby/object:Gem::Dependency
+  name: tzinfo
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 0.3.29
   type: :development
-  version_requirements: *id010
-description: Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.29
+description: Web apps on Rails. Simple, battle-tested conventions for building and
+  testing MVC web applications. Works with any Rack-compatible server.
 email: david at loudthinking.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - CHANGELOG.md
 - README.rdoc
 - MIT-LICENSE
@@ -378,38 +371,30 @@ files:
 - lib/sprockets/static_compiler.rb
 homepage: http://www.rubyonrails.org
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 57
-      segments: 
-      - 1
-      - 8
-      - 7
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement 
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
       - 0
-      version: "0"
-requirements: 
+      hash: 4400436490322718554
+requirements:
 - none
 rubyforge_project: 
-rubygems_version: 1.8.22
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
 test_files: []
-

-- 
ruby-actionpack-3.2.git



More information about the Pkg-ruby-extras-commits mailing list