Prepare for 2.3.4 release

Addresses CVE-2009-3009

.gitignore

@@ -5,11 +5,16 @@ activerecord/doc
 actionpack/doc
 actionmailer/doc
 activesupport/doc
-railties/doc
 activeresource/pkg
 activerecord/pkg
 actionpack/pkg
 actionmailer/pkg
 activesupport/pkg
 railties/pkg
+railties/test/500.html
+railties/doc/guides/html/images
+railties/doc/guides/html/stylesheets
+railties/guides/output
 *.rbc
+*.swp
+*.swo

Rakefile

@@ -1,6 +1,5 @@
 require 'rake'
 require 'rake/rdoctask'
-require 'rake/contrib/sshpublisher'
 
 env = %(PKG_BUILD="#{ENV['PKG_BUILD']}") if ENV['PKG_BUILD']
 
@@ -74,6 +73,7 @@ end
 
 desc "Publish API docs for Rails as a whole and for each component"
 task :pdoc => :rdoc do
+  require 'rake/contrib/sshpublisher'
   Rake::SshDirPublisher.new("wrath.rubyonrails.org", "public_html/api", "doc/rdoc").upload
   PROJECTS.each do |project|
     system %(cd #{project} && #{env} #{$0} pdoc)

actionmailer/CHANGELOG

@@ -1,6 +1,31 @@
-*2.1.1 (September 4th, 2008)*
+*2.3.4 (September 4, 2009)*
 
-* Included in Rails 2.1.1
+* Minor bug fixes.
+
+*2.3.3 (July 12, 2009)*
+
+* No changes, just a version bump.
+
+*2.3.2 [Final] (March 15, 2009)*
+
+* Fixed that ActionMailer should send correctly formatted Return-Path in MAIL FROM for SMTP #1842 [Matt Jones]
+
+* Fixed RFC-2045 quoted-printable bug #1421 [squadette]
+
+* Fixed that no body charset would be set when there are attachments present #740 [Paweł Kondzior]
+
+
+*2.2.1 [RC2] (November 14th, 2008)*
+
+* Turn on STARTTLS if it is available in Net::SMTP (added in Ruby 1.8.7) and the SMTP server supports it (This is required for Gmail's SMTP server) #1336 [Grant Hollingworth]
+
+
+*2.2.0 [RC1] (October 24th, 2008)*
+
+* Add layout functionality to mailers [Pratik Naik]
+
+  Mailer layouts behaves just like controller layouts, except layout names need to
+  have '_mailer' postfix for them to be automatically picked up.
 
 
 *2.1.0 (May 31st, 2008)*
@@ -9,7 +34,7 @@
 
 * Less verbose mail logging: just recipients for :info log level; the whole email for :debug only.  #8000 [iaddict, Tarmo Tänav]
 
-* Updated TMail to version 1.2.1 [raasdnil]
+* Updated TMail to version 1.2.1 [Mikel Lindsaar]
 
 * Fixed that you don't have to call super in ActionMailer::TestCase#setup #10406 [jamesgolick]
 
@@ -21,7 +46,7 @@
 
 *2.0.1* (December 7th, 2007)
 
-* Update ActionMailer so it treats ActionView the same way that ActionController does.  Closes #10244 [rick]
+* Update ActionMailer so it treats ActionView the same way that ActionController does.  Closes #10244 [Rick Olson]
 
   * Pass the template_root as an array as ActionView's view_path
   * Request templates with the "#{mailer_name}/#{action}" as opposed to just "#{action}"
@@ -30,11 +55,11 @@
 
 * Update README to use new smtp settings configuration API. Closes #10060 [psq]
 
-* Allow ActionMailer subclasses to individually set their delivery method (so two subclasses can have different delivery methods) #10033 [zdennis]
+* Allow ActionMailer subclasses to individually set their delivery method (so two subclasses can have different delivery methods) #10033 [Zach Dennis]
 
-* Update TMail to v1.1.0.  Use an updated version of TMail if available.  [mikel]
+* Update TMail to v1.1.0.  Use an updated version of TMail if available.  [Mikel Lindsaar]
 
-* Introduce a new base test class for testing Mailers.  ActionMailer::TestCase [Koz]
+* Introduce a new base test class for testing Mailers.  ActionMailer::TestCase [Michael Koziarski]
 
 * Fix silent failure of rxml templates.  #9879 [jstewart]
 
@@ -69,7 +94,7 @@
 
 *1.3.2* (February 5th, 2007)
 
-* Deprecate server_settings renaming it to smtp_settings,  add sendmail_settings to allow you to override the arguments to and location of the sendmail executable. [Koz]
+* Deprecate server_settings renaming it to smtp_settings,  add sendmail_settings to allow you to override the arguments to and location of the sendmail executable. [Michael Koziarski]
 
 
 *1.3.1* (January 16th, 2007)
@@ -89,7 +114,7 @@
 
 * Tighten rescue clauses.  #5985 [james@grayproductions.net]
 
-* Automatically included ActionController::UrlWriter, such that URL generation can happen within ActionMailer controllers. [DHH]
+* Automatically included ActionController::UrlWriter, such that URL generation can happen within ActionMailer controllers. [David Heinemeier Hansson]
 
 * Replace Reloadable with Reloadable::Deprecated. [Nicholas Seckar]
 

actionmailer/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2004-2008 David Heinemeier Hansson
+Copyright (c) 2004-2009 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

actionmailer/Rakefile

@@ -4,9 +4,6 @@ require 'rake/testtask'
 require 'rake/rdoctask'
 require 'rake/packagetask'
 require 'rake/gempackagetask'
-require 'rake/contrib/sshpublisher'
-require 'rake/contrib/rubyforgepublisher'
-
 require File.join(File.dirname(__FILE__), 'lib', 'action_mailer', 'version')
 
 PKG_BUILD     = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
@@ -57,7 +54,7 @@ spec = Gem::Specification.new do |s|
   s.rubyforge_project = "actionmailer"
   s.homepage = "http://www.rubyonrails.org"
 
-  s.add_dependency('actionpack', '= 2.1.1' + PKG_BUILD)
+  s.add_dependency('actionpack', '= 2.3.4' + PKG_BUILD)
 
   s.has_rdoc = true
   s.requirements << 'none'
@@ -78,12 +75,14 @@ end
 
 desc "Publish the API documentation"
 task :pgem => [:package] do 
-  Rake::SshFilePublisher.new("david@greed.loudthinking.com", "/u/sites/gems/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
-  `ssh david@greed.loudthinking.com '/u/sites/gems/gemupdate.sh'`
+  require 'rake/contrib/sshpublisher'
+  Rake::SshFilePublisher.new("gems.rubyonrails.org", "/u/sites/gems/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
+  `ssh gems.rubyonrails.org '/u/sites/gems/gemupdate.sh'`
 end
 
 desc "Publish the API documentation"
 task :pdoc => [:rdoc] do 
+  require 'rake/contrib/sshpublisher'
   Rake::SshDirPublisher.new("wrath.rubyonrails.org", "public_html/am", "doc").upload
 end
 

actionmailer/lib/action_mailer.rb

@@ -1,5 +1,5 @@
 #--
-# Copyright (c) 2004-2008 David Heinemeier Hansson
+# Copyright (c) 2004-2009 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -21,32 +21,42 @@
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #++
 
-unless defined?(ActionController)
-  begin
-    $:.unshift "#{File.dirname(__FILE__)}/../../actionpack/lib"
+begin
+  require 'action_controller'
+rescue LoadError
+  actionpack_path = "#{File.dirname(__FILE__)}/../../actionpack/lib"
+  if File.directory?(actionpack_path)
+    $:.unshift actionpack_path
     require 'action_controller'
-  rescue LoadError
-    require 'rubygems'
-    gem 'actionpack', '>= 1.12.5'
   end
 end
 
-require 'action_mailer/vendor'
-require 'tmail'
+require 'action_view'
 
-require 'action_mailer/base'
-require 'action_mailer/helpers'
-require 'action_mailer/mail_helper'
-require 'action_mailer/quoting'
-require 'action_mailer/test_helper'
+module ActionMailer
+  def self.load_all!
+    [Base, Part, ::Text::Format, ::Net::SMTP]
+  end
 
-require 'net/smtp'
-
-ActionMailer::Base.class_eval do
-  include ActionMailer::Quoting
-  include ActionMailer::Helpers
-
-  helper MailHelper
+  autoload :AdvAttrAccessor, 'action_mailer/adv_attr_accessor'
+  autoload :Base, 'action_mailer/base'
+  autoload :Helpers, 'action_mailer/helpers'
+  autoload :Part, 'action_mailer/part'
+  autoload :PartContainer, 'action_mailer/part_container'
+  autoload :Quoting, 'action_mailer/quoting'
+  autoload :TestCase, 'action_mailer/test_case'
+  autoload :TestHelper, 'action_mailer/test_helper'
+  autoload :Utils, 'action_mailer/utils'
 end
 
-silence_warnings { TMail::Encoder.const_set("MAX_LINE_LEN", 200) }
+module Text
+  autoload :Format, 'action_mailer/vendor/text_format'
+end
+
+module Net
+  autoload :SMTP, 'net/smtp'
+end
+
+autoload :MailHelper, 'action_mailer/mail_helper'
+
+require 'action_mailer/vendor/tmail'

actionmailer/lib/action_mailer/base.rb

@@ -1,9 +1,3 @@
-require 'action_mailer/adv_attr_accessor'
-require 'action_mailer/part'
-require 'action_mailer/part_container'
-require 'action_mailer/utils'
-require 'tmail/net'
-
 module ActionMailer #:nodoc:
   # Action Mailer allows you to send email from your application using a mailer model and views.
   #
@@ -23,6 +17,7 @@ module ActionMailer #:nodoc:
   #  class Notifier < ActionMailer::Base
   #    def signup_notification(recipient)
   #      recipients recipient.email_address_with_name
+  #      bcc        ["bcc@example.com", "Order Watcher <watcher@example.com>"]
   #      from       "system@example.com"
   #      subject    "New account information"
   #      body       :account => recipient
@@ -216,8 +211,10 @@ module ActionMailer #:nodoc:
   #   * <tt>:domain</tt> - If you need to specify a HELO domain, you can do it here.
   #   * <tt>:user_name</tt> - If your mail server requires authentication, set the username in this setting.
   #   * <tt>:password</tt> - If your mail server requires authentication, set the password in this setting.
-  #   * <tt>:authentication</tt> - If your mail server requires authentication, you need to specify the authentication type here. 
+  #   * <tt>:authentication</tt> - If your mail server requires authentication, you need to specify the authentication type here.
   #     This is a symbol and one of <tt>:plain</tt>, <tt>:login</tt>, <tt>:cram_md5</tt>.
+  #   * <tt>:enable_starttls_auto</tt> - When set to true, detects if STARTTLS is enabled in your SMTP server and starts to use it.
+  #     It works only on Ruby >= 1.8.7 and Ruby >= 1.9. Default is true.
   #
   # * <tt>sendmail_settings</tt> - Allows you to override options for the <tt>:sendmail</tt> delivery method.
   #   * <tt>:location</tt> - The location of the sendmail executable. Defaults to <tt>/usr/sbin/sendmail</tt>.
@@ -233,36 +230,42 @@ module ActionMailer #:nodoc:
   # * <tt>deliveries</tt> - Keeps an array of all the emails sent out through the Action Mailer with <tt>delivery_method :test</tt>. Most useful
   #   for unit and functional testing.
   #
-  # * <tt>default_charset</tt> - The default charset used for the body and to encode the subject. Defaults to UTF-8. You can also 
+  # * <tt>default_charset</tt> - The default charset used for the body and to encode the subject. Defaults to UTF-8. You can also
   #   pick a different charset from inside a method with +charset+.
+  #
   # * <tt>default_content_type</tt> - The default content type used for the main part of the message. Defaults to "text/plain". You
-  #   can also pick a different content type from inside a method with +content_type+. 
+  #   can also pick a different content type from inside a method with +content_type+.
+  #
   # * <tt>default_mime_version</tt> - The default mime version used for the message. Defaults to <tt>1.0</tt>. You
   #   can also pick a different value from inside a method with +mime_version+.
+  #
   # * <tt>default_implicit_parts_order</tt> - When a message is built implicitly (i.e. multiple parts are assembled from templates
   #   which specify the content type in their filenames) this variable controls how the parts are ordered. Defaults to
   #   <tt>["text/html", "text/enriched", "text/plain"]</tt>. Items that appear first in the array have higher priority in the mail client
   #   and appear last in the mime encoded message. You can also pick a different order from inside a method with
   #   +implicit_parts_order+.
   class Base
-    include AdvAttrAccessor, PartContainer
-    include ActionController::UrlWriter if Object.const_defined?(:ActionController)
+    include AdvAttrAccessor, PartContainer, Quoting, Utils
+    if Object.const_defined?(:ActionController)
+      include ActionController::UrlWriter
+      include ActionController::Layout
+    end
 
     private_class_method :new #:nodoc:
 
-    class_inheritable_accessor :template_root
+    class_inheritable_accessor :view_paths
+    self.view_paths = []
+
     cattr_accessor :logger
 
-    cattr_accessor :template_extensions
-    @@template_extensions = ['erb', 'builder', 'rhtml', 'rxml']
-
     @@smtp_settings = {
-      :address        => "localhost",
-      :port           => 25,
-      :domain         => 'localhost.localdomain',
-      :user_name      => nil,
-      :password       => nil,
-      :authentication => nil
+      :address              => "localhost",
+      :port                 => 25,
+      :domain               => 'localhost.localdomain',
+      :user_name            => nil,
+      :password             => nil,
+      :authentication       => nil,
+      :enable_starttls_auto => true,
     }
     cattr_accessor :smtp_settings
 
@@ -296,6 +299,9 @@ module ActionMailer #:nodoc:
     @@default_implicit_parts_order = [ "text/html", "text/enriched", "text/plain" ]
     cattr_accessor :default_implicit_parts_order
 
+    cattr_reader :protected_instance_variables
+    @@protected_instance_variables = %w(@body)
+
     # Specify the BCC addresses for the message
     adv_attr_accessor :bcc
 
@@ -365,6 +371,7 @@ module ActionMailer #:nodoc:
 
     # The mail object instance referenced by this mailer.
     attr_reader :mail
+    attr_reader :template_name, :default_template_name, :action_name
 
     class << self
       attr_writer :mailer_name
@@ -377,12 +384,20 @@ module ActionMailer #:nodoc:
       alias_method :controller_name, :mailer_name
       alias_method :controller_path, :mailer_name
 
-      def method_missing(method_symbol, *parameters)#:nodoc:
-        case method_symbol.id2name
-          when /^create_([_a-z]\w*)/  then new($1, *parameters).mail
-          when /^deliver_([_a-z]\w*)/ then new($1, *parameters).deliver!
-          when "new" then nil
-          else super
+      def respond_to?(method_symbol, include_private = false) #:nodoc:
+        matches_dynamic_method?(method_symbol) || super
+      end
+
+      def method_missing(method_symbol, *parameters) #:nodoc:
+        if match = matches_dynamic_method?(method_symbol)
+          case match[1]
+            when 'create'  then new(match[2], *parameters).mail
+            when 'deliver' then new(match[2], *parameters).deliver!
+            when 'new'     then nil
+            else super
+          end
+        else
+          super
         end
       end
 
@@ -414,21 +429,19 @@ module ActionMailer #:nodoc:
         new.deliver!(mail)
       end
 
-      # Register a template extension so mailer templates written in a
-      # templating language other than rhtml or rxml are supported.
-      # To use this, include in your template-language plugin's init
-      # code or on a per-application basis, this can be invoked from
-      # <tt>config/environment.rb</tt>:
-      #
-      #   ActionMailer::Base.register_template_extension('haml')
-      def register_template_extension(extension)
-        template_extensions << extension
+      def template_root
+        self.view_paths && self.view_paths.first
       end
 
       def template_root=(root)
-        write_inheritable_attribute(:template_root, root)
-        ActionView::TemplateFinder.process_view_paths(root)
+        self.view_paths = ActionView::Base.process_view_paths(root)
       end
+
+      private
+        def matches_dynamic_method?(method_name) #:nodoc:
+          method_name = method_name.to_s
+          /^(create|deliver)_([_a-z]\w*)/.match(method_name) || /^(new)$/.match(method_name)
+        end
     end
 
     # Instantiate a new mailer object. If +method_name+ is not +nil+, the mailer
@@ -452,19 +465,21 @@ module ActionMailer #:nodoc:
         # "the_template_file.text.html.erb", etc.). Only do this if parts
         # have not already been specified manually.
         if @parts.empty?
-          templates = Dir.glob("#{template_path}/#{@template}.*")
-          templates.each do |path|
-            basename = File.basename(path)
-            template_regex = Regexp.new("^([^\\\.]+)\\\.([^\\\.]+\\\.[^\\\.]+)\\\.(" + template_extensions.join('|') + ")$")
-            next unless md = template_regex.match(basename)
-            template_name = basename
-            content_type = md.captures[1].gsub('.', '/')
-            @parts << Part.new(:content_type => content_type,
-              :disposition => "inline", :charset => charset,
-              :body => render_message(template_name, @body))
+          Dir.glob("#{template_path}/#{@template}.*").each do |path|
+            template = template_root["#{mailer_name}/#{File.basename(path)}"]
+
+            # Skip unless template has a multipart format
+            next unless template && template.multipart?
+
+            @parts << Part.new(
+              :content_type => template.content_type,
+              :disposition => "inline",
+              :charset => charset,
+              :body => render_message(template, @body)
+            )
           end
           unless @parts.empty?
-            @content_type = "multipart/alternative"
+            @content_type = "multipart/alternative" if @content_type !~ /^multipart/
             @parts = sort_parts(@parts, @implicit_parts_order)
           end
         end
@@ -474,7 +489,7 @@ module ActionMailer #:nodoc:
         # normal template exists (or if there were no implicit parts) we render
         # it.
         template_exists = @parts.empty?
-        template_exists ||= Dir.glob("#{template_path}/#{@template}.*").any? { |i| File.basename(i).split(".").length == 2 }
+        template_exists ||= template_root["#{mailer_name}/#{@template}"]
         @body = render_message(@template, @body) if template_exists
 
         # Finally, if there are other message parts and a textual body exists,
@@ -522,24 +537,59 @@ module ActionMailer #:nodoc:
         @content_type ||= @@default_content_type.dup
         @implicit_parts_order ||= @@default_implicit_parts_order.dup
         @template ||= method_name
+        @default_template_name = @action_name = @template
         @mailer_name ||= self.class.name.underscore
         @parts ||= []
         @headers ||= {}
         @body ||= {}
         @mime_version = @@default_mime_version.dup if @@default_mime_version
+        @sent_on ||= Time.now
       end
 
       def render_message(method_name, body)
-        render :file => method_name, :body => body, :use_full_path => true
+        if method_name.respond_to?(:content_type)
+          @current_template_content_type = method_name.content_type
+        end
+        render :file => method_name, :body => body
+      ensure
+        @current_template_content_type = nil
       end
 
       def render(opts)
         body = opts.delete(:body)
-        if opts[:file] && opts[:file] !~ /\//
+        if opts[:file] && (opts[:file] !~ /\// && !opts[:file].respond_to?(:render))
           opts[:file] = "#{mailer_name}/#{opts[:file]}"
         end
-        opts[:use_full_path] = true
-        initialize_template_class(body).render(opts)
+
+        begin
+          old_template, @template = @template, initialize_template_class(body)
+          layout = respond_to?(:pick_layout, true) ? pick_layout(opts) : false
+          @template.render(opts.merge(:layout => layout))
+        ensure
+          @template = old_template
+        end
+      end
+
+      def default_template_format
+        if @current_template_content_type
+          Mime::Type.lookup(@current_template_content_type).to_sym
+        else
+          :html
+        end
+      end
+
+      def candidate_for_layout?(options)
+        !self.view_paths.find_template(default_template_name, default_template_format).exempt_from_layout?
+      rescue ActionView::MissingTemplate
+        return true
+      end
+
+      def template_root
+        self.class.template_root
+      end
+
+      def template_root=(root)
+        self.class.template_root = root
       end
 
       def template_path
@@ -547,7 +597,9 @@ module ActionMailer #:nodoc:
       end
 
       def initialize_template_class(assigns)
-        ActionView::Base.new([template_root], assigns, self)
+        template = ActionView::Base.new(self.class.view_paths, assigns, self)
+        template.template_format = default_template_format
+        template
       end
 
       def sort_parts(parts, order = [])
@@ -596,11 +648,11 @@ module ActionMailer #:nodoc:
 
         if @parts.empty?
           m.set_content_type(real_content_type, nil, ctype_attrs)
-          m.body = Utils.normalize_new_lines(body)
+          m.body = normalize_new_lines(body)
         else
           if String === body
             part = TMail::Mail.new
-            part.body = Utils.normalize_new_lines(body)
+            part.body = normalize_new_lines(body)
             part.set_content_type(real_content_type, nil, ctype_attrs)
             part.set_content_disposition "inline"
             m.parts << part
@@ -623,10 +675,12 @@ module ActionMailer #:nodoc:
       def perform_delivery_smtp(mail)
         destinations = mail.destinations
         mail.ready_to_send
-        sender = mail['return-path'] || mail.from
+        sender = (mail['return-path'] && mail['return-path'].spec) || mail['from']
 
-        Net::SMTP.start(smtp_settings[:address], smtp_settings[:port], smtp_settings[:domain],
-            smtp_settings[:user_name], smtp_settings[:password], smtp_settings[:authentication]) do |smtp|
+        smtp = Net::SMTP.new(smtp_settings[:address], smtp_settings[:port])
+        smtp.enable_starttls_auto if smtp_settings[:enable_starttls_auto] && smtp.respond_to?(:enable_starttls_auto)
+        smtp.start(smtp_settings[:domain], smtp_settings[:user_name], smtp_settings[:password],
+                   smtp_settings[:authentication]) do |smtp|
           smtp.sendmail(mail.encoded, sender, destinations)
         end
       end
@@ -644,4 +698,9 @@ module ActionMailer #:nodoc:
         deliveries << mail
       end
   end
+
+  Base.class_eval do
+    include Helpers
+    helper MailHelper
+  end
 end

actionmailer/lib/action_mailer/helpers.rb

@@ -1,3 +1,5 @@
+require 'active_support/dependencies'
+
 module ActionMailer
   module Helpers #:nodoc:
     def self.included(base) #:nodoc:
@@ -72,7 +74,7 @@ module ActionMailer
         methods.flatten.each do |method|
           master_helper_module.module_eval <<-end_eval
             def #{method}(*args, &block)
-              controller.send!(%(#{method}), *args, &block)
+              controller.__send__(%(#{method}), *args, &block)
             end
           end_eval
         end
@@ -92,7 +94,7 @@ module ActionMailer
           inherited_without_helper(child)
           begin
             child.master_helper_module = Module.new
-            child.master_helper_module.send! :include, master_helper_module
+            child.master_helper_module.__send__(:include, master_helper_module)
             child.helper child.name.to_s.underscore
           rescue MissingSourceFile => e
             raise unless e.is_missing?("helpers/#{child.name.to_s.underscore}_helper")

actionmailer/lib/action_mailer/mail_helper.rb

@@ -1,5 +1,3 @@
-require 'text/format'
-
 module MailHelper
   # Uses Text::Format to take the text and format it, indented two spaces for
   # each line, and wrapped at 72 columns.

actionmailer/lib/action_mailer/part.rb

@@ -1,15 +1,10 @@
-require 'action_mailer/adv_attr_accessor'
-require 'action_mailer/part_container'
-require 'action_mailer/utils'
-
 module ActionMailer
   # Represents a subpart of an email message. It shares many similar
   # attributes of ActionMailer::Base.  Although you can create parts manually
   # and add them to the +parts+ list of the mailer, it is easier
   # to use the helper methods in ActionMailer::PartContainer.
   class Part
-    include ActionMailer::AdvAttrAccessor
-    include ActionMailer::PartContainer
+    include AdvAttrAccessor, PartContainer, Utils
 
     # Represents the body of the part, as a string. This should not be a
     # Hash (like ActionMailer::Base), but if you want a template to be rendered
@@ -64,7 +59,7 @@ module ActionMailer
           when "base64" then
             part.body = TMail::Base64.folding_encode(body)
           when "quoted-printable"
-            part.body = [Utils.normalize_new_lines(body)].pack("M*")
+            part.body = [normalize_new_lines(body)].pack("M*")
           else
             part.body = body
         end
@@ -93,7 +88,10 @@ module ActionMailer
           part.parts << prt
         end
         
-        part.set_content_type(real_content_type, nil, ctype_attrs) if real_content_type =~ /multipart/
+        if real_content_type =~ /multipart/
+          ctype_attrs.delete 'charset'
+          part.set_content_type(real_content_type, nil, ctype_attrs)
+        end
       end
 
       headers.each { |k,v| part[k] = v }
@@ -102,7 +100,6 @@ module ActionMailer
     end
 
     private
-
       def squish(values={})
         values.delete_if { |k,v| v.nil? }
       end

actionmailer/lib/action_mailer/part_container.rb

@@ -41,7 +41,11 @@ module ActionMailer
     private
     
       def parse_content_type(defaults=nil)
-        return [defaults && defaults.content_type, {}] if content_type.blank?
+        if content_type.blank? 
+          return defaults                                                ? 
+            [ defaults.content_type, { 'charset' => defaults.charset } ] : 
+            [ nil, {} ] 
+        end 
         ctype, *attrs = content_type.split(/;\s*/)
         attrs = attrs.inject({}) { |h,s| k,v = s.split(/=/, 2); h[k] = v; h }
         [ctype, {"charset" => charset || defaults && defaults.charset}.merge(attrs)]

actionmailer/lib/action_mailer/quoting.rb

@@ -12,7 +12,7 @@ module ActionMailer
     # account multi-byte characters (if executing with $KCODE="u", for instance)
     def quoted_printable_encode(character)
       result = ""
-      character.each_byte { |b| result << "=%02x" % b }
+      character.each_byte { |b| result << "=%02X" % b }
       result
     end
 

actionmailer/lib/action_mailer/test_case.rb

@@ -10,7 +10,7 @@ module ActionMailer
   end
 
   class TestCase < ActiveSupport::TestCase
-    include ActionMailer::Quoting
+    include Quoting, TestHelper
 
     setup :initialize_test_deliveries
     setup :set_expected_mail

actionmailer/lib/action_mailer/test_helper.rb

@@ -58,6 +58,7 @@ module ActionMailer
   end
 end
 
+# TODO: Deprecate this
 module Test
   module Unit
     class TestCase

actionmailer/lib/action_mailer/utils.rb

@@ -3,6 +3,5 @@ module ActionMailer
     def normalize_new_lines(text)
       text.to_s.gsub(/\r\n?/, "\n")
     end
-    module_function :normalize_new_lines
   end
 end

actionmailer/lib/action_mailer/vendor.rb

@@ -1,14 +0,0 @@
-# Prefer gems to the bundled libs.
-require 'rubygems'
-
-begin
-  gem 'tmail', '~> 1.2.3'
-rescue Gem::LoadError
-  $:.unshift "#{File.dirname(__FILE__)}/vendor/tmail-1.2.3"
-end
-
-begin
-  gem 'text-format', '>= 0.6.3'
-rescue Gem::LoadError
-  $:.unshift "#{File.dirname(__FILE__)}/vendor/text-format-0.6.3"
-end

actionmailer/lib/action_mailer/vendor/text-format-0.6.3/text/format.rb

@@ -1150,7 +1150,7 @@ if __FILE__ == $0
       assert_equal(Text::Format::JUSTIFY, @format_o.format_style)
       assert_match(/^of freedom, and that government of the people, by the  people,  for  the$/,
                    @format_o.format(GETTYSBURG).split("\n")[-3])
-      assert_raises(ArgumentError) { @format_o.format_style = 33 }
+      assert_raise(ArgumentError) { @format_o.format_style = 33 }
     end
 
     def test_tag_paragraph

actionmailer/lib/action_mailer/vendor/text_format.rb

@@ -0,0 +1,10 @@
+# Prefer gems to the bundled libs.
+require 'rubygems'
+
+begin
+  gem 'text-format', '>= 0.6.3'
+rescue Gem::LoadError
+  $:.unshift "#{File.dirname(__FILE__)}/text-format-0.6.3"
+end
+
+require 'text/format'

actionmailer/lib/action_mailer/vendor/tmail-1.2.3/tmail/address.rb

@@ -38,7 +38,7 @@ module TMail
   # = Class Address
   # 
   # Provides a complete handling library for email addresses. Can parse a string of an
-  # address directly or take in preformatted addresses themseleves.  Allows you to add
+  # address directly or take in preformatted addresses themselves.  Allows you to add
   # and remove phrases from the front of the address and provides a compare function for
   # email addresses.
   # 
@@ -143,7 +143,7 @@ module TMail
       
       # This is to catch an unquoted "@" symbol in the local part of the
       # address.  Handles addresses like <"@"@me.com> and makes sure they
-      # stay like <"@"@me.com> (previously were becomming <@@me.com>)
+      # stay like <"@"@me.com> (previously were becoming <@@me.com>)
       if local && (local.join == '@' || local.join =~ /\A[^"].*?@.*?[^"]\Z/)
         @local = "\"#{local.join}\""
       else

actionmailer/lib/action_mailer/vendor/tmail-1.2.3/tmail/header.rb

@@ -59,7 +59,7 @@ module TMail
       #
       # This is because a mailbox doesn't have the : after the From that designates the
       # beginning of the envelope sender (which can be different to the from address of 
-      # the emial)
+      # the email)
       #
       # Other fields can be passed as normal, "Reply-To", "Received" etc.
       #

actionmailer/lib/action_mailer/vendor/tmail-1.2.3/tmail/interface.rb

@@ -42,7 +42,7 @@ module TMail
     # Allows you to query the mail object with a string to get the contents
     # of the field you want.
     # 
-    # Returns a string of the exact contnts of the field
+    # Returns a string of the exact contents of the field
     # 
     #  mail.from = "mikel <mikel@lindsaar.net>"
     #  mail.header_string("From") #=> "mikel <mikel@lindsaar.net>"

actionmailer/lib/action_mailer/vendor/tmail-1.2.3/tmail/mail.rb

@@ -255,7 +255,7 @@ module TMail
     alias fetch []
 
     # Allows you to set or delete TMail header objects at will.
-    # Eamples:
+    # Examples:
     #  @mail = TMail::Mail.new
     #  @mail['to'].to_s       # => 'mikel@test.com.au'
     #  @mail['to'] = 'mikel@elsewhere.org'
@@ -265,7 +265,7 @@ module TMail
     #  @mail['to'].to_s       # => nil
     #  @mail.encoded          # => "\r\n"
     # 
-    # Note: setting mail[] = nil actualy deletes the header field in question from the object,
+    # Note: setting mail[] = nil actually deletes the header field in question from the object,
     # it does not just set the value of the hash to nil
     def []=( key, val )
       dkey = key.downcase

actionmailer/lib/action_mailer/vendor/tmail.rb

@@ -0,0 +1,17 @@
+# Prefer gems to the bundled libs.
+require 'rubygems'
+
+begin
+  gem 'tmail', '~> 1.2.3'
+rescue Gem::LoadError
+  $:.unshift "#{File.dirname(__FILE__)}/tmail-1.2.3"
+end
+
+module TMail
+end
+
+require 'tmail'
+
+silence_warnings do
+  TMail::Encoder.const_set("MAX_LINE_LEN", 200)
+end

actionmailer/lib/action_mailer/version.rb

@@ -1,8 +1,8 @@
 module ActionMailer
   module VERSION #:nodoc:
     MAJOR = 2
-    MINOR = 1
-    TINY  = 1
+    MINOR = 3
+    TINY  = 4
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

actionmailer/test/abstract_unit.rb

@@ -1,14 +1,24 @@
+require 'rubygems'
 require 'test/unit'
 
 $:.unshift "#{File.dirname(__FILE__)}/../lib"
+$:.unshift "#{File.dirname(__FILE__)}/../../activesupport/lib"
+$:.unshift "#{File.dirname(__FILE__)}/../../actionpack/lib"
 require 'action_mailer'
 require 'action_mailer/test_case'
 
 # Show backtraces for deprecated behavior for quicker cleanup.
 ActiveSupport::Deprecation.debug = true
 
+# Bogus template processors
+ActionView::Template.register_template_handler :haml, lambda { |template| "Look its HAML!".inspect }
+ActionView::Template.register_template_handler :bak, lambda { |template| "Lame backup".inspect }
+
 $:.unshift "#{File.dirname(__FILE__)}/fixtures/helpers"
-ActionMailer::Base.template_root = "#{File.dirname(__FILE__)}/fixtures"
+
+ActionView::Base.cache_template_loading = true
+FIXTURE_LOAD_PATH = File.join(File.dirname(__FILE__), 'fixtures')
+ActionMailer::Base.template_root = FIXTURE_LOAD_PATH
 
 class MockSMTP
   def self.deliveries
@@ -22,16 +32,19 @@ class MockSMTP
   def sendmail(mail, from, to)
     @@deliveries << [mail, from, to]
   end
+
+  def start(*args)
+    yield self
+  end
 end
 
 class Net::SMTP
-  def self.start(*args)
-    yield MockSMTP.new
+  def self.new(*args)
+    MockSMTP.new
   end
 end
 
 def uses_gem(gem_name, test_name, version = '> 0')
-  require 'rubygems'
   gem gem_name.to_s, version
   require gem_name.to_s
   yield
@@ -39,13 +52,6 @@ rescue LoadError
   $stderr.puts "Skipping #{test_name} tests. `gem install #{gem_name}` and try again."
 end
 
-# Wrap tests that use Mocha and skip if unavailable.
-unless defined? uses_mocha
-  def uses_mocha(test_name, &block)
-    uses_gem('mocha', test_name, '>= 0.5.5', &block)
-  end
-end
-
 def set_delivery_method(delivery_method)
   @old_delivery_method = ActionMailer::Base.delivery_method
   ActionMailer::Base.delivery_method = delivery_method

actionmailer/test/asset_host_test.rb

@@ -0,0 +1,54 @@
+require 'abstract_unit'
+
+class AssetHostMailer < ActionMailer::Base
+  def email_with_asset(recipient)
+    recipients recipient
+    subject    "testing email containing asset path while asset_host is set"
+    from       "tester@example.com"
+  end
+end
+
+class AssetHostTest < Test::Unit::TestCase
+  def setup
+    set_delivery_method :test
+    ActionMailer::Base.perform_deliveries = true
+    ActionMailer::Base.deliveries = []
+
+    @recipient = 'test@localhost'
+  end
+
+  def teardown
+    restore_delivery_method
+  end
+
+  def test_asset_host_as_string
+    ActionController::Base.asset_host = "http://www.example.com"
+    mail = AssetHostMailer.deliver_email_with_asset(@recipient)
+    assert_equal "<img alt=\"Somelogo\" src=\"http://www.example.com/images/somelogo.png\" />", mail.body.strip
+  end
+
+  def test_asset_host_as_one_arguement_proc
+    ActionController::Base.asset_host = Proc.new { |source|
+      if source.starts_with?('/images')
+        "http://images.example.com"
+      else
+        "http://assets.example.com"
+      end
+    }
+    mail = AssetHostMailer.deliver_email_with_asset(@recipient)
+    assert_equal "<img alt=\"Somelogo\" src=\"http://images.example.com/images/somelogo.png\" />", mail.body.strip
+  end
+
+  def test_asset_host_as_two_arguement_proc
+    ActionController::Base.asset_host = Proc.new {|source,request|
+      if request && request.ssl?
+        "https://www.example.com"
+      else
+        "http://www.example.com"
+      end
+    }
+    mail = nil
+    assert_nothing_raised { mail = AssetHostMailer.deliver_email_with_asset(@recipient) }
+    assert_equal "<img alt=\"Somelogo\" src=\"http://www.example.com/images/somelogo.png\" />", mail.body.strip
+  end
+end

actionmailer/test/fixtures/asset_host_mailer/email_with_asset.html.erb

@@ -0,0 +1 @@
+<%= image_tag "somelogo.png" %>

actionmailer/test/fixtures/auto_layout_mailer/hello.html.erb

@@ -0,0 +1 @@
+Inside

actionmailer/test/fixtures/auto_layout_mailer/multipart.text.html.erb

@@ -0,0 +1 @@
+text/html multipart

actionmailer/test/fixtures/auto_layout_mailer/multipart.text.plain.erb

@@ -0,0 +1 @@
+text/plain multipart

actionmailer/test/fixtures/explicit_layout_mailer/logout.html.erb

@@ -0,0 +1 @@
+You logged out

actionmailer/test/fixtures/explicit_layout_mailer/signup.html.erb

@@ -0,0 +1 @@
+We do not spam

actionmailer/test/fixtures/layouts/auto_layout_mailer.html.erb

@@ -0,0 +1 @@
+Hello from layout <%= yield %>

actionmailer/test/fixtures/layouts/auto_layout_mailer.text.erb

@@ -0,0 +1 @@
+text/plain layout - <%= yield %>

actionmailer/test/fixtures/layouts/spam.html.erb

@@ -0,0 +1 @@
+Spammer layout <%= yield %>

actionmailer/test/fixtures/test_mailer/body_ivar.erb

@@ -0,0 +1,2 @@
+body: <%= @body %>
+bar: <%= @bar %>

actionmailer/test/fixtures/test_mailer/implicitly_multipart_example.text.html.erb~

@@ -0,0 +1,10 @@
+<html>
+  <body>
+    HTML formatted message to <strong><%= @recipient %></strong>.
+  </body>
+</html>
+<html>
+  <body>
+    HTML formatted message to <strong><%= @recipient %></strong>.
+  </body>
+</html>

actionmailer/test/mail_layout_test.rb

@@ -0,0 +1,123 @@
+require 'abstract_unit'
+
+class AutoLayoutMailer < ActionMailer::Base
+  def hello(recipient)
+    recipients recipient
+    subject    "You have a mail"
+    from       "tester@example.com"
+  end
+
+  def spam(recipient)
+    recipients recipient
+    subject    "You have a mail"
+    from       "tester@example.com"
+    body       render(:inline => "Hello, <%= @world %>", :layout => 'spam', :body => { :world => "Earth" })
+  end
+
+  def nolayout(recipient)
+    recipients recipient
+    subject    "You have a mail"
+    from       "tester@example.com"
+    body       render(:inline => "Hello, <%= @world %>", :layout => false, :body => { :world => "Earth" })
+  end
+
+  def multipart(recipient, type = nil)
+    recipients recipient
+    subject    "You have a mail"
+    from       "tester@example.com"
+
+    content_type(type) if type
+  end
+end
+
+class ExplicitLayoutMailer < ActionMailer::Base
+  layout 'spam', :except => [:logout]
+
+  def signup(recipient)
+    recipients recipient
+    subject    "You have a mail"
+    from       "tester@example.com"
+  end
+
+  def logout(recipient)
+    recipients recipient
+    subject    "You have a mail"
+    from       "tester@example.com"
+  end
+end
+
+class LayoutMailerTest < Test::Unit::TestCase
+  def setup
+    set_delivery_method :test
+    ActionMailer::Base.perform_deliveries = true
+    ActionMailer::Base.deliveries = []
+
+    @recipient = 'test@localhost'
+  end
+
+  def teardown
+    restore_delivery_method
+  end
+
+  def test_should_pickup_default_layout
+    mail = AutoLayoutMailer.create_hello(@recipient)
+    assert_equal "Hello from layout Inside", mail.body.strip
+  end
+
+  def test_should_pickup_multipart_layout
+    mail = AutoLayoutMailer.create_multipart(@recipient)
+    assert_equal "multipart/alternative", mail.content_type
+    assert_equal 2, mail.parts.size
+
+    assert_equal 'text/plain', mail.parts.first.content_type
+    assert_equal "text/plain layout - text/plain multipart", mail.parts.first.body
+
+    assert_equal 'text/html', mail.parts.last.content_type
+    assert_equal "Hello from layout text/html multipart", mail.parts.last.body
+  end
+
+  def test_should_pickup_multipartmixed_layout
+    mail = AutoLayoutMailer.create_multipart(@recipient, "multipart/mixed")
+    assert_equal "multipart/mixed", mail.content_type
+    assert_equal 2, mail.parts.size
+
+    assert_equal 'text/plain', mail.parts.first.content_type
+    assert_equal "text/plain layout - text/plain multipart", mail.parts.first.body
+
+    assert_equal 'text/html', mail.parts.last.content_type
+    assert_equal "Hello from layout text/html multipart", mail.parts.last.body
+  end
+
+  def test_should_fix_multipart_layout
+    mail = AutoLayoutMailer.create_multipart(@recipient, "text/plain")
+    assert_equal "multipart/alternative", mail.content_type
+    assert_equal 2, mail.parts.size
+
+    assert_equal 'text/plain', mail.parts.first.content_type
+    assert_equal "text/plain layout - text/plain multipart", mail.parts.first.body
+
+    assert_equal 'text/html', mail.parts.last.content_type
+    assert_equal "Hello from layout text/html multipart", mail.parts.last.body
+  end
+
+
+  def test_should_pickup_layout_given_to_render
+    mail = AutoLayoutMailer.create_spam(@recipient)
+    assert_equal "Spammer layout Hello, Earth", mail.body.strip
+  end
+
+  def test_should_respect_layout_false
+    mail = AutoLayoutMailer.create_nolayout(@recipient)
+    assert_equal "Hello, Earth", mail.body.strip
+  end
+
+  def test_explicit_class_layout
+    mail = ExplicitLayoutMailer.create_signup(@recipient)
+    assert_equal "Spammer layout We do not spam", mail.body.strip
+  end
+
+  def test_explicit_layout_exceptions
+    mail = ExplicitLayoutMailer.create_logout(@recipient)
+    assert_equal "You logged out", mail.body.strip
+  end
+end

actionmailer/test/mail_render_test.rb

@@ -20,13 +20,13 @@ class RenderMailer < ActionMailer::Base
     subject    "rendering rxml template"
     from       "tester@example.com"
   end
-  
+
   def included_subtemplate(recipient)
     recipients recipient
     subject    "Including another template in the one being rendered"
     from       "tester@example.com"
   end
-  
+
   def included_old_subtemplate(recipient)
     recipients recipient
     subject    "Including another template in the one being rendered"
@@ -83,17 +83,11 @@ class RenderHelperTest < Test::Unit::TestCase
     mail = RenderMailer.deliver_rxml_template(@recipient)
     assert_equal "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<test/>", mail.body.strip
   end
-  
+
   def test_included_subtemplate
     mail = RenderMailer.deliver_included_subtemplate(@recipient)
     assert_equal "Hey Ho, let's go!", mail.body.strip
   end
-  
-  def test_deprecated_old_subtemplate
-    assert_raises ActionView::ActionViewError do
-      RenderMailer.deliver_included_old_subtemplate(@recipient)
-    end
-  end
 end
 
 class FirstSecondHelperTest < Test::Unit::TestCase

actionmailer/test/mail_service_test.rb

@@ -18,7 +18,6 @@ class TestMailer < ActionMailer::Base
     @recipients   = recipient
     @subject      = "[Signed up] Welcome #{recipient}"
     @from         = "system@loudthinking.com"
-    @sent_on      = Time.local(2004, 12, 12)
     @body["recipient"] = recipient
   end
 
@@ -219,7 +218,7 @@ class TestMailer < ActionMailer::Base
     end
     attachment :content_type => "application/octet-stream",:filename => "test.txt", :body => "test abcdefghijklmnopqstuvwxyz"
   end
-  
+
   def nested_multipart_with_body(recipient)
     recipients   recipient
     subject      "nested multipart with body"
@@ -273,6 +272,13 @@ class TestMailer < ActionMailer::Base
     headers      "return-path" => "another@somewhere.test"
   end
 
+  def body_ivar(recipient)
+    recipients   recipient
+    subject      "Body as a local variable"
+    from         "test@example.com"
+    body         :body => "foo", :bar => "baz"
+  end
+
   class <<self
     attr_accessor :received_body
   end
@@ -282,8 +288,6 @@ class TestMailer < ActionMailer::Base
   end
 end
 
-uses_mocha 'ActionMailerTest' do
-
 class ActionMailerTest < Test::Unit::TestCase
   include ActionMailer::Quoting
 
@@ -321,10 +325,11 @@ class ActionMailerTest < Test::Unit::TestCase
     assert_nothing_raised { created = TestMailer.create_nested_multipart(@recipient)}
     assert_equal 2,created.parts.size
     assert_equal 2,created.parts.first.parts.size
-    
+
     assert_equal "multipart/mixed", created.content_type
     assert_equal "multipart/alternative", created.parts.first.content_type
     assert_equal "bar", created.parts.first.header['foo'].to_s
+    assert_nil created.parts.first.charset
     assert_equal "text/plain", created.parts.first.parts.first.content_type
     assert_equal "text/html", created.parts.first.parts[1].content_type
     assert_equal "application/octet-stream", created.parts[1].content_type
@@ -350,12 +355,14 @@ class ActionMailerTest < Test::Unit::TestCase
   end
 
   def test_signed_up
+    Time.stubs(:now => Time.now)
+
     expected = new_mail
     expected.to      = @recipient
     expected.subject = "[Signed up] Welcome #{@recipient}"
     expected.body    = "Hello there, \n\nMr. #{@recipient}"
     expected.from    = "system@loudthinking.com"
-    expected.date    = Time.local(2004, 12, 12)
+    expected.date    = Time.now
 
     created = nil
     assert_nothing_raised { created = TestMailer.create_signed_up(@recipient) }
@@ -366,7 +373,7 @@ class ActionMailerTest < Test::Unit::TestCase
     assert_not_nil ActionMailer::Base.deliveries.first
     assert_equal expected.encoded, ActionMailer::Base.deliveries.first.encoded
   end
-  
+
   def test_custom_template
     expected = new_mail
     expected.to      = @recipient
@@ -382,7 +389,8 @@ class ActionMailerTest < Test::Unit::TestCase
   end
 
   def test_custom_templating_extension
-    #
+    assert ActionView::Template.template_handler_extensions.include?("haml"), "haml extension was not registered"
+
     # N.b., custom_templating_extension.text.plain.haml is expected to be in fixtures/test_mailer directory
     expected = new_mail
     expected.to      = @recipient
@@ -390,18 +398,10 @@ class ActionMailerTest < Test::Unit::TestCase
     expected.body    = "Hello there, \n\nMr. #{@recipient}"
     expected.from    = "system@loudthinking.com"
     expected.date    = Time.local(2004, 12, 12)
-    
+
     # Stub the render method so no alternative renderers need be present.
     ActionView::Base.any_instance.stubs(:render).returns("Hello there, \n\nMr. #{@recipient}")
-    
-    # If the template is not registered, there should be no parts.
-    created = nil
-    assert_nothing_raised { created = TestMailer.create_custom_templating_extension(@recipient) }
-    assert_not_nil created
-    assert_equal 0, created.parts.length
-    
-    ActionMailer::Base.register_template_extension('haml')
-    
+
     # Now that the template is registered, there should be one part. The text/plain part.
     created = nil
     assert_nothing_raised { created = TestMailer.create_custom_templating_extension(@recipient) }
@@ -428,7 +428,7 @@ class ActionMailerTest < Test::Unit::TestCase
     assert_not_nil ActionMailer::Base.deliveries.first
     assert_equal expected.encoded, ActionMailer::Base.deliveries.first.encoded
   end
-  
+
   def test_cc_bcc
     expected = new_mail
     expected.to      = @recipient
@@ -550,7 +550,7 @@ class ActionMailerTest < Test::Unit::TestCase
     TestMailer.deliver_signed_up(@recipient)
     assert_equal 1, ActionMailer::Base.deliveries.size
   end
-  
+
   def test_doesnt_raise_errors_when_raise_delivery_errors_is_false
     ActionMailer::Base.raise_delivery_errors = false
     TestMailer.any_instance.expects(:perform_delivery_test).raises(Exception)
@@ -670,7 +670,7 @@ EOF
     assert_not_nil ActionMailer::Base.deliveries.first
     assert_equal expected.encoded, ActionMailer::Base.deliveries.first.encoded
   end
-  
+
   def test_utf8_body_is_not_quoted
     @recipient = "Foo áëô îü <extended@example.net>"
     expected = new_mail "utf-8"
@@ -760,7 +760,7 @@ EOF
     mail = TestMailer.create_multipart_with_mime_version(@recipient)
     assert_equal "1.1", mail.mime_version
   end
-  
+
   def test_multipart_with_utf8_subject
     mail = TestMailer.create_multipart_with_utf8_subject(@recipient)
     assert_match(/\nSubject: =\?utf-8\?Q\?Foo_.*?\?=/, mail.encoded)
@@ -801,6 +801,8 @@ EOF
   end
 
   def test_implicitly_multipart_messages
+    assert ActionView::Template.template_handler_extensions.include?("bak"), "bak extension was not registered"
+
     mail = TestMailer.create_implicitly_multipart_example(@recipient)
     assert_equal 3, mail.parts.length
     assert_equal "1.0", mail.mime_version
@@ -814,6 +816,8 @@ EOF
   end
 
   def test_implicitly_multipart_messages_with_custom_order
+    assert ActionView::Template.template_handler_extensions.include?("bak"), "bak extension was not registered"
+
     mail = TestMailer.create_implicitly_multipart_example(@recipient, nil, ["text/yaml", "text/plain"])
     assert_equal 3, mail.parts.length
     assert_equal "text/html", mail.parts[0].content_type
@@ -825,7 +829,7 @@ EOF
     mail = TestMailer.create_implicitly_multipart_example(@recipient, 'iso-8859-1')
 
     assert_equal "multipart/alternative", mail.header['content-type'].body
-    
+
     assert_equal 'iso-8859-1', mail.parts[0].sub_header("content-type", "charset")
     assert_equal 'iso-8859-1', mail.parts[1].sub_header("content-type", "charset")
     assert_equal 'iso-8859-1', mail.parts[2].sub_header("content-type", "charset")
@@ -852,7 +856,7 @@ EOF
     assert_equal "line #1\nline #2\nline #3\nline #4\n\n", mail.parts[0].body
     assert_equal "<p>line #1</p>\n<p>line #2</p>\n<p>line #3</p>\n<p>line #4</p>\n\n", mail.parts[1].body
   end
-  
+
   def test_headers_removed_on_smtp_delivery
     ActionMailer::Base.delivery_method = :smtp
     TestMailer.deliver_cc_bcc(@recipient)
@@ -917,6 +921,8 @@ EOF
   def test_multipart_with_template_path_with_dots
     mail = FunkyPathMailer.create_multipart_with_template_path_with_dots(@recipient)
     assert_equal 2, mail.parts.length
+    assert_equal 'text/plain', mail.parts[0].content_type
+    assert_equal 'utf-8', mail.parts[0].charset
   end
 
   def test_custom_content_type_attributes
@@ -934,21 +940,51 @@ EOF
     ActionMailer::Base.delivery_method = :smtp
     TestMailer.deliver_return_path
     assert_match %r{^Return-Path: <another@somewhere.test>}, MockSMTP.deliveries[0][0]
+    assert_equal "another@somewhere.test", MockSMTP.deliveries[0][1].to_s
+  end
+
+  def test_body_is_stored_as_an_ivar
+    mail = TestMailer.create_body_ivar(@recipient)
+    assert_equal "body: foo\nbar: baz", mail.body
+  end
+
+  def test_starttls_is_enabled_if_supported
+    ActionMailer::Base.smtp_settings[:enable_starttls_auto] = true
+    MockSMTP.any_instance.expects(:respond_to?).with(:enable_starttls_auto).returns(true)
+    MockSMTP.any_instance.expects(:enable_starttls_auto)
+    ActionMailer::Base.delivery_method = :smtp
+    TestMailer.deliver_signed_up(@recipient)
+  end
+
+  def test_starttls_is_disabled_if_not_supported
+    ActionMailer::Base.smtp_settings[:enable_starttls_auto] = true
+    MockSMTP.any_instance.expects(:respond_to?).with(:enable_starttls_auto).returns(false)
+    MockSMTP.any_instance.expects(:enable_starttls_auto).never
+    ActionMailer::Base.delivery_method = :smtp
+    TestMailer.deliver_signed_up(@recipient)
+  end
+
+  def test_starttls_is_not_enabled
+    ActionMailer::Base.smtp_settings[:enable_starttls_auto] = false
+    MockSMTP.any_instance.expects(:respond_to?).never
+    MockSMTP.any_instance.expects(:enable_starttls_auto).never
+    ActionMailer::Base.delivery_method = :smtp
+    TestMailer.deliver_signed_up(@recipient)
+  ensure
+    ActionMailer::Base.smtp_settings[:enable_starttls_auto] = true
   end
 end
 
-end # uses_mocha
-
 class InheritableTemplateRootTest < Test::Unit::TestCase
   def test_attr
     expected = "#{File.dirname(__FILE__)}/fixtures/path.with.dots"
-    assert_equal expected, FunkyPathMailer.template_root
+    assert_equal expected, FunkyPathMailer.template_root.to_s
 
     sub = Class.new(FunkyPathMailer)
     sub.template_root = 'test/path'
 
-    assert_equal 'test/path', sub.template_root
-    assert_equal expected, FunkyPathMailer.template_root
+    assert_equal 'test/path', sub.template_root.to_s
+    assert_equal expected, FunkyPathMailer.template_root.to_s
   end
 end
 
@@ -977,3 +1013,67 @@ class MethodNamingTest < Test::Unit::TestCase
     end
   end
 end
+
+class RespondToTest < Test::Unit::TestCase
+  class RespondToMailer < ActionMailer::Base; end
+
+  def setup
+    set_delivery_method :test
+  end
+
+  def teardown
+    restore_delivery_method
+  end
+
+  def test_should_respond_to_new
+    assert RespondToMailer.respond_to?(:new)
+  end
+
+  def test_should_respond_to_create_with_template_suffix
+    assert RespondToMailer.respond_to?(:create_any_old_template)
+  end
+
+  def test_should_respond_to_deliver_with_template_suffix
+    assert RespondToMailer.respond_to?(:deliver_any_old_template)
+  end
+
+  def test_should_not_respond_to_new_with_template_suffix
+    assert !RespondToMailer.respond_to?(:new_any_old_template)
+  end
+
+  def test_should_not_respond_to_create_with_template_suffix_unless_it_is_separated_by_an_underscore
+    assert !RespondToMailer.respond_to?(:createany_old_template)
+  end
+
+  def test_should_not_respond_to_deliver_with_template_suffix_unless_it_is_separated_by_an_underscore
+    assert !RespondToMailer.respond_to?(:deliverany_old_template)
+  end
+
+  def test_should_not_respond_to_create_with_template_suffix_if_it_begins_with_a_uppercase_letter
+    assert !RespondToMailer.respond_to?(:create_Any_old_template)
+  end
+
+  def test_should_not_respond_to_deliver_with_template_suffix_if_it_begins_with_a_uppercase_letter
+    assert !RespondToMailer.respond_to?(:deliver_Any_old_template)
+  end
+
+  def test_should_not_respond_to_create_with_template_suffix_if_it_begins_with_a_digit
+    assert !RespondToMailer.respond_to?(:create_1_template)
+  end
+
+  def test_should_not_respond_to_deliver_with_template_suffix_if_it_begins_with_a_digit
+    assert !RespondToMailer.respond_to?(:deliver_1_template)
+  end
+
+  def test_should_not_respond_to_method_where_deliver_is_not_a_suffix
+    assert !RespondToMailer.respond_to?(:foo_deliver_template)
+  end
+
+  def test_should_still_raise_exception_with_expected_message_when_calling_an_undefined_method
+    error = assert_raise NoMethodError do
+      RespondToMailer.not_a_method
+    end
+
+    assert_match /undefined method.*not_a_method/, error.message
+  end
+end

actionmailer/test/quoting_test.rb

@@ -1,6 +1,5 @@
 # encoding: utf-8
 require 'abstract_unit'
-require 'tmail'
 require 'tempfile'
 
 class QuotingTest < Test::Unit::TestCase
@@ -49,8 +48,10 @@ class QuotingTest < Test::Unit::TestCase
 
     result = execute_in_sandbox(<<-CODE)
       $:.unshift(File.dirname(__FILE__) + "/../lib/")
-      $KCODE = 'u'
-      require 'jcode'
+      if RUBY_VERSION < '1.9'
+        $KCODE = 'u'
+        require 'jcode'
+      end
       require 'action_mailer/quoting'
       include ActionMailer::Quoting
       quoted_printable(#{original.inspect}, "UTF-8")

actionmailer/test/test_helper_test.rb

@@ -26,7 +26,7 @@ class TestHelperMailerTest < ActionMailer::TestCase
   end
 
   def test_determine_default_mailer_raises_correct_error
-    assert_raises(ActionMailer::NonInferrableMailerError) do
+    assert_raise(ActionMailer::NonInferrableMailerError) do
       self.class.determine_default_mailer("NotAMailerTest")
     end
   end
@@ -36,7 +36,7 @@ class TestHelperMailerTest < ActionMailer::TestCase
   end
 
   def test_encode
-    assert_equal "=?utf-8?Q?=0aasdf=0a?=", encode("\nasdf\n")
+    assert_equal "=?utf-8?Q?=0Aasdf=0A?=", encode("\nasdf\n")
   end
 
   def test_assert_emails
@@ -84,7 +84,7 @@ class TestHelperMailerTest < ActionMailer::TestCase
   end
   
   def test_assert_emails_too_few_sent
-    error = assert_raises Test::Unit::AssertionFailedError do
+    error = assert_raise ActiveSupport::TestCase::Assertion do
       assert_emails 2 do
         TestHelperMailer.deliver_test
       end
@@ -94,7 +94,7 @@ class TestHelperMailerTest < ActionMailer::TestCase
   end
   
   def test_assert_emails_too_many_sent
-    error = assert_raises Test::Unit::AssertionFailedError do
+    error = assert_raise ActiveSupport::TestCase::Assertion do
       assert_emails 1 do
         TestHelperMailer.deliver_test
         TestHelperMailer.deliver_test
@@ -105,7 +105,7 @@ class TestHelperMailerTest < ActionMailer::TestCase
   end
   
   def test_assert_no_emails_failure
-    error = assert_raises Test::Unit::AssertionFailedError do
+    error = assert_raise ActiveSupport::TestCase::Assertion do
       assert_no_emails do
         TestHelperMailer.deliver_test
       end

actionpack/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2004-2008 David Heinemeier Hansson
+Copyright (c) 2004-2009 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

actionpack/README

@@ -10,7 +10,7 @@ Action Pack implements these actions as public methods on Action Controllers
 and uses Action Views to implement the template rendering. Action Controllers
 are then responsible for handling all the actions relating to a certain part
 of an application. This grouping usually consists of actions for lists and for
-CRUDs revolving around a single (or a few) model objects. So ContactController
+CRUDs revolving around a single (or a few) model objects. So ContactsController
 would be responsible for listing contacts, creating, deleting, and updating
 contacts. A WeblogController could be responsible for both posts and comments.
 
@@ -31,9 +31,9 @@ http://www.rubyonrails.org.
 A short rundown of the major features:
 
 * Actions grouped in controller as methods instead of separate command objects
-  and can therefore share helper methods.
+  and can therefore share helper methods
 
-    BlogController < ActionController::Base
+    CustomersController < ActionController::Base
       def show
         @customer = find_customer
       end
@@ -42,7 +42,7 @@ A short rundown of the major features:
         @customer = find_customer
         @customer.attributes = params[:customer]
         @customer.save ? 
-          redirect_to(:action => "display") : 
+          redirect_to(:action => "show") :
           render(:action => "edit")
       end
       
@@ -59,7 +59,7 @@ A short rundown of the major features:
       Title: <%= post.title %>
     <% end %>
 
-    All post titles: <%= @post.collect{ |p| p.title }.join ", " %>
+    All post titles: <%= @posts.collect{ |p| p.title }.join ", " %>
 
     <% unless @person.is_client? %>
       Not for clients to see...
@@ -123,7 +123,7 @@ A short rundown of the major features:
     <%= text_field "post", "title", "size" => 30 %>
     <%= html_date_select(Date.today) %>
     <%= link_to "New post", :controller => "post", :action => "new" %>
-    <%= truncate(post.title, 25) %>
+    <%= truncate(post.title, :length => 25) %>
  
   {Learn more}[link:classes/ActionView/Helpers.html]
 
@@ -168,7 +168,7 @@ A short rundown of the major features:
   {Learn more}[link:classes/ActionController/Base.html]
 
 
-* Javascript and Ajax integration.
+* Javascript and Ajax integration
 
     link_to_function "Greeting", "alert('Hello world!')"
     link_to_remote "Delete this post", :update => "posts", 
@@ -177,30 +177,9 @@ A short rundown of the major features:
   {Learn more}[link:classes/ActionView/Helpers/JavaScriptHelper.html]
 
 
-* Pagination for navigating lists of results.
-
-    # controller
-    def list
-      @pages, @people =
-        paginate :people, :order => 'last_name, first_name'
-    end
-
-    # view
-    <%= link_to "Previous page", { :page => @pages.current.previous } if @pages.current.previous %>
-    <%= link_to "Next page", { :page => @pages.current.next } if @pages.current.next %>
-
-  {Learn more}[link:classes/ActionController/Pagination.html]
-
-
-* Easy testing of both controller and template result through TestRequest/Response
-
-    class LoginControllerTest < Test::Unit::TestCase
-      def setup
-        @controller = LoginController.new
-        @request    = ActionController::TestRequest.new
-        @response   = ActionController::TestResponse.new
-      end
+* Easy testing of both controller and rendered template through ActionController::TestCase
 
+    class LoginControllerTest < ActionController::TestCase
       def test_failing_authenticate
         process :authenticate, :user_name => "nop", :password => ""
         assert flash.has_key?(:alert)
@@ -208,7 +187,7 @@ A short rundown of the major features:
       end
     end
 
-  {Learn more}[link:classes/ActionController/TestRequest.html]
+  {Learn more}[link:classes/ActionController/TestCase.html]
 
 
 * Automated benchmarking and integrated logging
@@ -221,11 +200,11 @@ A short rundown of the major features:
     If Active Record is used as the model, you'll have the database debugging
     as well:
 
-    Processing WeblogController#create (for 127.0.0.1 at Sat Jun 19 14:04:23)
-    Params: {"controller"=>"weblog", "action"=>"create",  
+    Processing PostsController#create (for 127.0.0.1 at Sat Jun 19 14:04:23)
+    Params: {"controller"=>"posts", "action"=>"create",
              "post"=>{"title"=>"this is good"} }
     SQL (0.000627) INSERT INTO posts (title) VALUES('this is good')
-    Redirected to http://test/weblog/display/5
+    Redirected to http://example.com/posts/5
     Completed in 0.221764 (4 reqs/sec) | DB: 0.059920 (27%)
 
     You specify a logger through a class method, such as:
@@ -262,30 +241,6 @@ A short rundown of the major features:
   {Learn more}[link:classes/ActionController/Caching.html]
 
 
-* Component requests from one controller to another
-
-    class WeblogController < ActionController::Base
-      # Performs a method and then lets hello_world output its render
-      def delegate_action
-        do_other_stuff_before_hello_world
-        render_component :controller => "greeter",  :action => "hello_world"
-      end
-    end
-  
-    class GreeterController < ActionController::Base
-      def hello_world
-        render_text "Hello World!"
-      end
-    end
-  
-    The same can be done in a view to do a partial rendering:
-  
-      Let's see a greeting:
-      <%= render_component :controller => "greeter", :action => "hello_world" %>
-
-  {Learn more}[link:classes/ActionController/Components.html]
-  
-
 * Powerful debugging mechanism for local requests
 
     All exceptions raised on actions performed on the request of a local user
@@ -342,7 +297,7 @@ A short rundown of the major features:
     class WeblogController < ActionController::Base
       def create
         post = Post.create(params[:post])
-        redirect_to :action => "display", :id => post.id
+        redirect_to :action => "show", :id => post.id
       end
     end
 
@@ -368,7 +323,7 @@ methods:
       @posts = Post.find(:all)
     end
     
-    def display
+    def show
       @post = Post.find(params[:id])
     end
     
@@ -378,7 +333,7 @@ methods:
     
     def create
       @post = Post.create(params[:post])
-      redirect_to :action => "display", :id => @post.id
+      redirect_to :action => "show", :id => @post.id
     end
   end
 
@@ -391,48 +346,33 @@ request from the web-server (like to be Apache).
 
 And the templates look like this:
 
-  weblog/layout.erb:
+  weblog/layout.html.erb:
     <html><body>
     <%= yield %>
     </body></html>
 
-  weblog/index.erb:
+  weblog/index.html.erb:
     <% for post in @posts %>
-      <p><%= link_to(post.title, :action => "display", :id => post.id %></p>
+      <p><%= link_to(post.title, :action => "show", :id => post.id) %></p>
     <% end %>
 
-  weblog/display.erb:
+  weblog/show.html.erb:
     <p>
-      <b><%= post.title %></b><br/>
-      <b><%= post.content %></b>
+      <b><%= @post.title %></b><br/>
+      <b><%= @post.content %></b>
     </p>
 
-  weblog/new.erb:
+  weblog/new.html.erb:
     <%= form "post" %>
   
 This simple setup will list all the posts in the system on the index page,
 which is called by accessing /weblog/. It uses the form builder for the Active
 Record model to make the new screen, which in turn hands everything over to
 the create action (that's the default target for the form builder when given a
-new model). After creating the post, it'll redirect to the display page using
-an URL such as /weblog/display/5 (where 5 is the id of the post).
+new model). After creating the post, it'll redirect to the show page using
+an URL such as /weblog/5 (where 5 is the id of the post).
 
 
-== Examples
-
-Action Pack ships with three examples that all demonstrate an increasingly
-detailed view of the possibilities. First is blog_controller that is just a
-single file for the whole MVC (but still split into separate parts). Second is
-the debate_controller that uses separate template files and multiple screens.
-Third is the address_book_controller that uses the layout feature to separate
-template casing from content.
-
-Please note that you might need to change the "shebang" line to 
-#!/usr/local/env ruby, if your Ruby is not placed in /usr/local/bin/ruby
-
-Also note that these examples are all for demonstrating using Action Pack on
-its own. Not for when it's used inside of Rails.
-
 == Download
 
 The latest version of Action Pack can be found at
@@ -466,4 +406,4 @@ And as Jim from Rake says:
 
    Feel free to submit commits or feature requests.  If you send a patch,
    remember to update the corresponding unit tests.  If fact, I prefer
-   new feature to be submitted in the form of new unit tests.
+   new feature to be submitted in the form of new unit tests.

actionpack/Rakefile

@@ -4,9 +4,6 @@ require 'rake/testtask'
 require 'rake/rdoctask'
 require 'rake/packagetask'
 require 'rake/gempackagetask'
-require 'rake/contrib/sshpublisher'
-require 'rake/contrib/rubyforgepublisher'
-
 require File.join(File.dirname(__FILE__), 'lib', 'action_pack', 'version')
 
 PKG_BUILD     = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
@@ -27,14 +24,16 @@ task :default => [ :test ]
 desc "Run all unit tests"
 task :test => [:test_action_pack, :test_active_record_integration]
 
-Rake::TestTask.new(:test_action_pack) { |t|
+Rake::TestTask.new(:test_action_pack) do |t|
   t.libs << "test"
-# make sure we include the tests in alphabetical order as on some systems
-# this will not happen automatically and the tests (as a whole) will error
-  t.test_files=Dir.glob( "test/[cft]*/**/*_test.rb" ).sort
-#  t.pattern = 'test/*/*_test.rb'
+
+  # make sure we include the tests in alphabetical order as on some systems
+  # this will not happen automatically and the tests (as a whole) will error
+  t.test_files = Dir.glob( "test/[cftv]*/**/*_test.rb" ).sort
+
   t.verbose = true
-}
+  #t.warning = true
+end
 
 desc 'ActiveRecord Integration Tests'
 Rake::TestTask.new(:test_active_record_integration) do |t|
@@ -80,7 +79,8 @@ spec = Gem::Specification.new do |s|
   s.has_rdoc = true
   s.requirements << 'none'
 
-  s.add_dependency('activesupport', '= 2.1.1' + PKG_BUILD)
+  s.add_dependency('activesupport', '= 2.3.4' + PKG_BUILD)
+  s.add_dependency('rack', '~> 1.0.0')
 
   s.require_path = 'lib'
   s.autorequire = 'action_controller'
@@ -136,12 +136,14 @@ task :update_js => [ :update_scriptaculous ]
 
 desc "Publish the API documentation"
 task :pgem => [:package] do 
-  Rake::SshFilePublisher.new("david@greed.loudthinking.com", "/u/sites/gems/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
-  `ssh david@greed.loudthinking.com '/u/sites/gems/gemupdate.sh'`
+  require 'rake/contrib/sshpublisher'
+  Rake::SshFilePublisher.new("gems.rubyonrails.org", "/u/sites/gems/gems", "pkg", "#{PKG_FILE_NAME}.gem").upload
+  `ssh gems.rubyonrails.org '/u/sites/gems/gemupdate.sh'`
 end
 
 desc "Publish the API documentation"
 task :pdoc => [:rdoc] do 
+  require 'rake/contrib/sshpublisher'
   Rake::SshDirPublisher.new("wrath.rubyonrails.org", "public_html/ap", "doc").upload
 end
 

actionpack/examples/minimal.rb

@@ -0,0 +1,87 @@
+$:.push File.join(File.dirname(__FILE__), "..", "lib")
+$:.push File.join(File.dirname(__FILE__), "..", "..", "activesupport", "lib")
+require "action_controller"
+
+class Runner
+  def initialize(app, output)
+    @app, @output = app, output
+  end
+
+  def puts(*)
+    super if @output
+  end
+
+  def call(env)
+    env['n'].to_i.times { @app.call(env) }
+    @app.call(env).tap { |response| report(env, response) }
+  end
+
+  def report(env, response)
+    if ENV["DEBUG"]
+      out = env['rack.errors']
+      p response.headers
+      out.puts response.status, response.headers.to_yaml, '---'
+      response.body.each { |part| out.puts part }
+      out.puts '---'
+    end
+  end
+
+  def self.puts(*)
+    super if @output
+  end
+
+  def self.run(app, n, label = nil, uri = "/", output = true)
+    @output = output
+    puts label, '=' * label.size if label
+    env = Rack::MockRequest.env_for(uri).merge('n' => n, 'rack.input' => StringIO.new(''), 'rack.errors' => $stdout)
+    t = Benchmark.realtime { new(app, output).call(env) }
+    puts "%d ms / %d req = %.1f usec/req" % [10**3 * t, n, 10**6 * t / n]
+    puts
+  end
+end
+
+N = (ENV['N'] || 1000).to_i
+
+class BasePostController < ActionController::Base
+  append_view_path "#{File.dirname(__FILE__)}/views"
+
+  def index
+    render :text => 'Hello'
+  end
+
+  def partial
+    render :partial => "/partial"
+  end
+
+  def many_partials
+    render :partial => "/many_partials"
+  end
+
+  def partial_collection
+    render :partial => "/collection", :collection => [1,2,3,4,5,6,7,8,9,10]
+  end
+
+  def show_template
+    render :template => "template"
+  end
+end
+
+# p BasePostController.call(Rack::MockRequest.env_for("/?action=index").merge("REQUEST_URI" => "/")).body
+
+Runner.run(BasePostController, N, 'index', "/?action=index", false)
+Runner.run(BasePostController, N, 'partial', "/?action=partial", false)
+Runner.run(BasePostController, N, 'many partials', "/?action=many_partials", false)
+Runner.run(BasePostController, N, 'collection', "/?action=partial_collection", false)
+Runner.run(BasePostController, N, 'template', "/?action=show_template", false)
+
+(ENV["M"] || 1).to_i.times do
+  Runner.run(BasePostController, N, 'index', "/?action=index")
+  Runner.run(BasePostController, N, 'partial', "/?action=partial")
+  Runner.run(BasePostController, N, 'many partials', "/?action=many_partials")
+  Runner.run(BasePostController, N, 'collection', "/?action=partial_collection")
+  Runner.run(BasePostController, N, 'template', "/?action=show_template")
+end
+  # Runner.run(BasePostController.action(:many_partials), N, 'index')
+  # Runner.run(BasePostController.action(:many_partials), N, 'many_partials')
+  # Runner.run(BasePostController.action(:partial_collection), N, 'collection')
+  # Runner.run(BasePostController.action(:show_template), N, 'template')

actionpack/examples/views/_collection.erb

@@ -0,0 +1 @@
+<%= collection %>

actionpack/examples/views/_hello.erb

@@ -0,0 +1 @@
+Hello

actionpack/examples/views/_many_partials.erb

@@ -0,0 +1,10 @@
+<%= render :partial => '/hello' %>
+<%= render :partial => '/hello' %>
+<%= render :partial => '/hello' %>
+<%= render :partial => '/hello' %>
+<%= render :partial => '/hello' %>
+<%= render :partial => '/hello' %>
+<%= render :partial => '/hello' %>
+<%= render :partial => '/hello' %>
+<%= render :partial => '/hello' %>
+<%= render :partial => '/hello' %>

actionpack/examples/views/_partial.erb

@@ -0,0 +1,10 @@
+<%= "Hello" %>
+<%= "Hello" %>
+<%= "Hello" %>
+<%= "Hello" %>
+<%= "Hello" %>
+<%= "Hello" %>
+<%= "Hello" %>
+<%= "Hello" %>
+<%= "Hello" %>
+<%= "Hello" %>

actionpack/examples/views/layouts/alt.html.erb

@@ -0,0 +1 @@
++ <%= yield %> +

actionpack/examples/views/layouts/kaigi.html.erb

@@ -0,0 +1 @@
+Hello <%= yield %> Goodbye

actionpack/examples/views/template.html.erb

@@ -0,0 +1 @@
+Hello

actionpack/lib/action_controller.rb

@@ -1,5 +1,5 @@
 #--
-# Copyright (c) 2004-2008 David Heinemeier Hansson
+# Copyright (c) 2004-2009 David Heinemeier Hansson
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -21,59 +21,91 @@
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #++
 
-$:.unshift(File.dirname(__FILE__)) unless
-  $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
-
-unless defined?(ActiveSupport)
-  begin
-    $:.unshift "#{File.dirname(__FILE__)}/../../activesupport/lib"
+begin
+  require 'active_support'
+rescue LoadError
+  activesupport_path = "#{File.dirname(__FILE__)}/../../activesupport/lib"
+  if File.directory?(activesupport_path)
+    $:.unshift activesupport_path
     require 'active_support'
-  rescue LoadError
-    require 'rubygems'
-    gem 'activesupport'
   end
 end
 
-$:.unshift "#{File.dirname(__FILE__)}/action_controller/vendor/html-scanner"
+gem 'rack', '~> 1.0.0'
+require 'rack'
 
-require 'action_controller/base'
-require 'action_controller/request'
-require 'action_controller/rescue'
-require 'action_controller/benchmarking'
-require 'action_controller/flash'
-require 'action_controller/filters'
-require 'action_controller/layout'
-require 'action_controller/mime_responds'
-require 'action_controller/helpers'
-require 'action_controller/cookies'
-require 'action_controller/cgi_process'
-require 'action_controller/caching'
-require 'action_controller/verification'
-require 'action_controller/streaming'
-require 'action_controller/session_management'
-require 'action_controller/http_authentication'
-require 'action_controller/components'
-require 'action_controller/record_identifier'
-require 'action_controller/request_forgery_protection'
-require 'action_controller/headers'
+module ActionController
+  # TODO: Review explicit to see if they will automatically be handled by
+  # the initilizer if they are really needed.
+  def self.load_all!
+    [Base, CGIHandler, CgiRequest, Request, Response, Http::Headers, UrlRewriter, UrlWriter]
+  end
+
+  autoload :Base, 'action_controller/base'
+  autoload :Benchmarking, 'action_controller/benchmarking'
+  autoload :Caching, 'action_controller/caching'
+  autoload :Cookies, 'action_controller/cookies'
+  autoload :Dispatcher, 'action_controller/dispatcher'
+  autoload :Failsafe, 'action_controller/failsafe'
+  autoload :Filters, 'action_controller/filters'
+  autoload :Flash, 'action_controller/flash'
+  autoload :Helpers, 'action_controller/helpers'
+  autoload :HttpAuthentication, 'action_controller/http_authentication'
+  autoload :Integration, 'action_controller/integration'
+  autoload :IntegrationTest, 'action_controller/integration'
+  autoload :Layout, 'action_controller/layout'
+  autoload :MiddlewareStack, 'action_controller/middleware_stack'
+  autoload :MimeResponds, 'action_controller/mime_responds'
+  autoload :ParamsParser, 'action_controller/params_parser'
+  autoload :PolymorphicRoutes, 'action_controller/polymorphic_routes'
+  autoload :RecordIdentifier, 'action_controller/record_identifier'
+  autoload :Reloader, 'action_controller/reloader'
+  autoload :Request, 'action_controller/request'
+  autoload :RequestForgeryProtection, 'action_controller/request_forgery_protection'
+  autoload :Rescue, 'action_controller/rescue'
+  autoload :Resources, 'action_controller/resources'
+  autoload :Response, 'action_controller/response'
+  autoload :RewindableInput, 'action_controller/rewindable_input'
+  autoload :Routing, 'action_controller/routing'
+  autoload :SessionManagement, 'action_controller/session_management'
+  autoload :StatusCodes, 'action_controller/status_codes'
+  autoload :Streaming, 'action_controller/streaming'
+  autoload :TestCase, 'action_controller/test_case'
+  autoload :TestProcess, 'action_controller/test_process'
+  autoload :Translation, 'action_controller/translation'
+  autoload :UploadedFile, 'action_controller/uploaded_file'
+  autoload :UploadedStringIO, 'action_controller/uploaded_file'
+  autoload :UploadedTempfile, 'action_controller/uploaded_file'
+  autoload :UrlRewriter, 'action_controller/url_rewriter'
+  autoload :UrlWriter, 'action_controller/url_rewriter'
+  autoload :Verification, 'action_controller/verification'
+
+  module Assertions
+    autoload :DomAssertions, 'action_controller/assertions/dom_assertions'
+    autoload :ModelAssertions, 'action_controller/assertions/model_assertions'
+    autoload :ResponseAssertions, 'action_controller/assertions/response_assertions'
+    autoload :RoutingAssertions, 'action_controller/assertions/routing_assertions'
+    autoload :SelectorAssertions, 'action_controller/assertions/selector_assertions'
+    autoload :TagAssertions, 'action_controller/assertions/tag_assertions'
+  end
+
+  module Http
+    autoload :Headers, 'action_controller/headers'
+  end
+
+  module Session
+    autoload :AbstractStore, 'action_controller/session/abstract_store'
+    autoload :CookieStore, 'action_controller/session/cookie_store'
+    autoload :MemCacheStore, 'action_controller/session/mem_cache_store'
+  end
+
+  # DEPRECATE: Remove CGI support
+  autoload :CgiRequest, 'action_controller/cgi_process'
+  autoload :CGIHandler, 'action_controller/cgi_process'
+end
+
+autoload :Mime, 'action_controller/mime_type'
+
+autoload :HTML, 'action_controller/vendor/html-scanner'
 
 require 'action_view'
-
-ActionController::Base.class_eval do
-  include ActionController::Flash
-  include ActionController::Filters
-  include ActionController::Layout
-  include ActionController::Benchmarking
-  include ActionController::Rescue
-  include ActionController::MimeResponds
-  include ActionController::Helpers
-  include ActionController::Cookies
-  include ActionController::Caching
-  include ActionController::Verification
-  include ActionController::Streaming
-  include ActionController::SessionManagement
-  include ActionController::HttpAuthentication::Basic::ControllerMethods
-  include ActionController::Components
-  include ActionController::RecordIdentifier
-  include ActionController::RequestForgeryProtection
-end

actionpack/lib/action_controller/assertions.rb

@@ -1,69 +0,0 @@
-require 'test/unit/assertions'
-
-module ActionController #:nodoc:
-  # In addition to these specific assertions, you also have easy access to various collections that the regular test/unit assertions
-  # can be used against. These collections are:
-  #
-  # * assigns: Instance variables assigned in the action that are available for the view.
-  # * session: Objects being saved in the session.
-  # * flash: The flash objects currently in the session.
-  # * cookies: Cookies being sent to the user on this request.
-  #
-  # These collections can be used just like any other hash:
-  #
-  #   assert_not_nil assigns(:person) # makes sure that a @person instance variable was set
-  #   assert_equal "Dave", cookies[:name] # makes sure that a cookie called :name was set as "Dave"
-  #   assert flash.empty? # makes sure that there's nothing in the flash
-  #
-  # For historic reasons, the assigns hash uses string-based keys. So assigns[:person] won't work, but assigns["person"] will. To
-  # appease our yearning for symbols, though, an alternative accessor has been devised using a method call instead of index referencing.
-  # So assigns(:person) will work just like assigns["person"], but again, assigns[:person] will not work.
-  #
-  # On top of the collections, you have the complete url that a given action redirected to available in redirect_to_url.
-  #
-  # For redirects within the same controller, you can even call follow_redirect and the redirect will be followed, triggering another
-  # action call which can then be asserted against.
-  #
-  # == Manipulating the request collections
-  #
-  # The collections described above link to the response, so you can test if what the actions were expected to do happened. But
-  # sometimes you also want to manipulate these collections in the incoming request. This is really only relevant for sessions
-  # and cookies, though. For sessions, you just do:
-  #
-  #   @request.session[:key] = "value"
-  #
-  # For cookies, you need to manually create the cookie, like this:
-  #
-  #   @request.cookies["key"] = CGI::Cookie.new("key", "value")
-  #
-  # == Testing named routes
-  #
-  # If you're using named routes, they can be easily tested using the original named routes' methods straight in the test case.
-  # Example:
-  #
-  #  assert_redirected_to page_url(:title => 'foo')
-  module Assertions
-    def self.included(klass)
-      %w(response selector tag dom routing model).each do |kind|
-        require "action_controller/assertions/#{kind}_assertions"
-        klass.module_eval { include const_get("#{kind.camelize}Assertions") }
-      end
-    end
-
-    def clean_backtrace(&block)
-      yield
-    rescue Test::Unit::AssertionFailedError => error
-      framework_path = Regexp.new(File.expand_path("#{File.dirname(__FILE__)}/assertions"))
-      error.backtrace.reject! { |line| File.expand_path(line) =~ framework_path }
-      raise
-    end
-  end
-end
-
-module Test #:nodoc:
-  module Unit #:nodoc:
-    class TestCase #:nodoc:
-      include ActionController::Assertions
-    end
-  end
-end

actionpack/lib/action_controller/assertions/model_assertions.rb

@@ -11,6 +11,7 @@ module ActionController
       #   assert_valid(model)
       #
       def assert_valid(record)
+        ::ActiveSupport::Deprecation.warn("assert_valid is deprecated. Use assert record.valid? instead", caller)
         clean_backtrace do
           assert record.valid?, record.errors.full_messages.join("\n")
         end

actionpack/lib/action_controller/assertions/response_assertions.rb

@@ -1,6 +1,3 @@
-require 'rexml/document'
-require 'html/document'
-
 module ActionController
   module Assertions
     # A small suite of assertions that test responses from Rails applications.
@@ -19,7 +16,7 @@ module ActionController
       # ==== Examples
       #
       #   # assert that the response was a redirection
-      #   assert_response :redirect 
+      #   assert_response :redirect
       #
       #   # assert that the response code was status code 401 (unauthorized)
       #   assert_response 401
@@ -44,7 +41,7 @@ module ActionController
         end
       end
 
-      # Assert that the redirection options passed in match those of the redirect called in the latest action. 
+      # Assert that the redirection options passed in match those of the redirect called in the latest action.
       # This match can be partial, such that assert_redirected_to(:controller => "weblog") will also
       # match the redirection of redirect_to(:controller => "weblog", :action => "show") and so on.
       #
@@ -56,117 +53,108 @@ module ActionController
       #   # assert that the redirection was to the named route login_url
       #   assert_redirected_to login_url
       #
+      #   # assert that the redirection was to the url for @customer
+      #   assert_redirected_to @customer
+      #
       def assert_redirected_to(options = {}, message=nil)
         clean_backtrace do
           assert_response(:redirect, message)
           return true if options == @response.redirected_to
-          ActionController::Routing::Routes.reload if ActionController::Routing::Routes.empty?
 
-          begin
-            url  = {}
-            original = { :expected => options, :actual => @response.redirected_to.is_a?(Symbol) ? @response.redirected_to : @response.redirected_to.dup }
-            original.each do |key, value|
-              if value.is_a?(Symbol)
-                value = @controller.respond_to?(value, true) ? @controller.send(value) : @controller.send("hash_for_#{value}_url")
-              end
-
-              unless value.is_a?(Hash)
-                request = case value
-                  when NilClass    then nil
-                  when /^\w+:\/\// then recognized_request_for(%r{^(\w+://.*?(/|$|\?))(.*)$} =~ value ? $3 : nil)
-                  else                  recognized_request_for(value)
-                end
-                value = request.path_parameters if request
-              end
-
-              if value.is_a?(Hash) # stringify 2 levels of hash keys
-                if name = value.delete(:use_route)
-                  route = ActionController::Routing::Routes.named_routes[name]
-                  value.update(route.parameter_shell)
-                end
-
-                value.stringify_keys!
-                value.values.select { |v| v.is_a?(Hash) }.collect { |v| v.stringify_keys! }
-                if key == :expected && value['controller'] == @controller.controller_name && original[:actual].is_a?(Hash)
-                  original[:actual].stringify_keys!
-                  value.delete('controller') if original[:actual]['controller'].nil? || original[:actual]['controller'] == value['controller']
-                end
-              end
-
-              if value.respond_to?(:[]) && value['controller']
-                value['controller'] = value['controller'].to_s
-                if key == :actual && value['controller'].first != '/' && !value['controller'].include?('/')
-                  new_controller_path = ActionController::Routing.controller_relative_to(value['controller'], @controller.class.controller_path)
-                  value['controller'] = new_controller_path if value['controller'] != new_controller_path && ActionController::Routing.possible_controllers.include?(new_controller_path) && @response.redirected_to.is_a?(Hash)
-                end
-                value['controller'] = value['controller'][1..-1] if value['controller'].first == '/' # strip leading hash
-              end
-              url[key] = value
+          # Support partial arguments for hash redirections
+          if options.is_a?(Hash) && @response.redirected_to.is_a?(Hash)
+            if options.all? {|(key, value)| @response.redirected_to[key] == value}
+              callstack = caller.dup
+              callstack.slice!(0, 2)
+              ::ActiveSupport::Deprecation.warn("Using assert_redirected_to with partial hash arguments is deprecated. Specify the full set arguments instead", callstack)
+              return true
             end
+          end
 
-            @response_diff = url[:actual].diff(url[:expected]) if url[:actual]
-            msg = build_message(message, "expected a redirect to <?>, found one to <?>, a difference of <?> ", url[:expected], url[:actual], @response_diff)
+          redirected_to_after_normalisation = normalize_argument_to_redirection(@response.redirected_to)
+          options_after_normalisation       = normalize_argument_to_redirection(options)
 
-            assert_block(msg) do
-              url[:expected].keys.all? do |k|
-                if k == :controller then url[:expected][k] == ActionController::Routing.controller_relative_to(url[:actual][k], @controller.class.controller_path)
-                else parameterize(url[:expected][k]) == parameterize(url[:actual][k])
-                end
-              end
-            end
-          rescue ActionController::RoutingError # routing failed us, so match the strings only.
-            msg = build_message(message, "expected a redirect to <?>, found one to <?>", options, @response.redirect_url)
-            url_regexp = %r{^(\w+://.*?(/|$|\?))(.*)$}
-            eurl, epath, url, path = [options, @response.redirect_url].collect do |url|
-              u, p = (url_regexp =~ url) ? [$1, $3] : [nil, url]
-              [u, (p.first == '/') ? p : '/' + p]
-            end.flatten
-
-            assert_equal(eurl, url, msg) if eurl && url
-            assert_equal(epath, path, msg) if epath && path
+          if redirected_to_after_normalisation != options_after_normalisation
+            flunk "Expected response to be a redirect to <#{options_after_normalisation}> but was a redirect to <#{redirected_to_after_normalisation}>"
           end
         end
       end
 
-      # Asserts that the request was rendered with the appropriate template file.
+      # Asserts that the request was rendered with the appropriate template file or partials
       #
       # ==== Examples
       #
       #   # assert that the "new" view template was rendered
       #   assert_template "new"
       #
-      def assert_template(expected = nil, message=nil)
+      #   # assert that the "new" view template was rendered with Symbol
+      #   assert_template :new
+      #
+      #   # assert that the "_customer" partial was rendered twice
+      #   assert_template :partial => '_customer', :count => 2
+      #
+      #   # assert that no partials were rendered
+      #   assert_template :partial => false
+      #
+      def assert_template(options = {}, message = nil)
         clean_backtrace do
-          rendered = expected ? @response.rendered_file(!expected.include?('/')) : @response.rendered_file
-          msg = build_message(message, "expecting <?> but rendering with <?>", expected, rendered)
-          assert_block(msg) do
-            if expected.nil?
-              !@response.rendered_with_file?
-            else
-              expected == rendered
+          case options
+           when NilClass, String, Symbol
+            rendered = @response.rendered[:template].to_s
+            msg = build_message(message,
+                    "expecting <?> but rendering with <?>",
+                    options, rendered)
+            assert_block(msg) do
+              if options.nil?
+                @response.rendered[:template].blank?
+              else
+                rendered.to_s.match(options.to_s)
+              end
             end
+          when Hash
+            if expected_partial = options[:partial]
+              partials = @response.rendered[:partials]
+              if expected_count = options[:count]
+                found = partials.detect { |p, _| p.to_s.match(expected_partial) }
+                actual_count = found.nil? ? 0 : found.second
+                msg = build_message(message,
+                        "expecting ? to be rendered ? time(s) but rendered ? time(s)",
+                         expected_partial, expected_count, actual_count)
+                assert(actual_count == expected_count.to_i, msg)
+              else
+                msg = build_message(message,
+                        "expecting partial <?> but action rendered <?>",
+                        options[:partial], partials.keys)
+                assert(partials.keys.any? { |p| p.to_s.match(expected_partial) }, msg)
+              end
+            else
+              assert @response.rendered[:partials].empty?,
+                "Expected no partials to be rendered"
+            end
+          else
+            raise ArgumentError  
           end
         end
       end
 
       private
-        # Recognizes the route for a given path.
-        def recognized_request_for(path, request_method = nil)
-          path = "/#{path}" unless path.first == '/'
-
-          # Assume given controller
-          request = ActionController::TestRequest.new({}, {}, nil)
-          request.env["REQUEST_METHOD"] = request_method.to_s.upcase if request_method
-          request.path   = path
-
-          ActionController::Routing::Routes.recognize(request)
-          request
-        end
-
         # Proxy to to_param if the object will respond to it.
         def parameterize(value)
           value.respond_to?(:to_param) ? value.to_param : value
         end
+
+        def normalize_argument_to_redirection(fragment)
+          after_routing = @controller.url_for(fragment)
+          if after_routing =~ %r{^\w+://.*}
+            after_routing
+          else
+            # FIXME - this should probably get removed.
+            if after_routing.first != '/'
+              after_routing = '/' + after_routing
+            end
+            @request.protocol + @request.host_with_port + after_routing
+          end
+        end
     end
   end
 end

actionpack/lib/action_controller/assertions/routing_assertions.rb

@@ -2,7 +2,7 @@ module ActionController
   module Assertions
     # Suite of assertions to test routes generated by Rails and the handling of requests made to them.
     module RoutingAssertions
-      # Asserts that the routing of the given +path+ was handled correctly and that the parsed options (given in the +expected_options+ hash) 
+      # Asserts that the routing of the given +path+ was handled correctly and that the parsed options (given in the +expected_options+ hash)
       # match +path+.  Basically, it asserts that Rails recognizes the route given by +expected_options+.
       #
       # Pass a hash in the second argument (+path+) to specify the request method.  This is useful for routes
@@ -10,32 +10,32 @@ module ActionController
       # and a :method containing the required HTTP verb.
       #
       #   # assert that POSTing to /items will call the create action on ItemsController
-      #   assert_recognizes({:controller => 'items', :action => 'create'}, {:path => 'items', :method => :post})
+      #   assert_recognizes {:controller => 'items', :action => 'create'}, {:path => 'items', :method => :post}
       #
       # You can also pass in +extras+ with a hash containing URL parameters that would normally be in the query string.  This can be used
       # to assert that values in the query string string will end up in the params hash correctly.  To test query strings you must use the
-      # extras argument, appending the query string on the path directly will not work.  For example: 
+      # extras argument, appending the query string on the path directly will not work.  For example:
       #
       #   # assert that a path of '/items/list/1?view=print' returns the correct options
-      #   assert_recognizes({:controller => 'items', :action => 'list', :id => '1', :view => 'print'}, 'items/list/1', { :view => "print" }) 
+      #   assert_recognizes {:controller => 'items', :action => 'list', :id => '1', :view => 'print'}, 'items/list/1', { :view => "print" }
       #
-      # The +message+ parameter allows you to pass in an error message that is displayed upon failure. 
+      # The +message+ parameter allows you to pass in an error message that is displayed upon failure.
       #
       # ==== Examples
       #   # Check the default route (i.e., the index action)
-      #   assert_recognizes({:controller => 'items', :action => 'index'}, 'items')    
+      #   assert_recognizes {:controller => 'items', :action => 'index'}, 'items'
       #
       #   # Test a specific action
-      #   assert_recognizes({:controller => 'items', :action => 'list'}, 'items/list')
+      #   assert_recognizes {:controller => 'items', :action => 'list'}, 'items/list'
       #
       #   # Test an action with a parameter
-      #   assert_recognizes({:controller => 'items', :action => 'destroy', :id => '1'}, 'items/destroy/1')
+      #   assert_recognizes {:controller => 'items', :action => 'destroy', :id => '1'}, 'items/destroy/1'
       #
       #   # Test a custom route
-      #   assert_recognizes({:controller => 'items', :action => 'show', :id => '1'}, 'view/item1')
+      #   assert_recognizes {:controller => 'items', :action => 'show', :id => '1'}, 'view/item1'
       #
       #   # Check a Simply RESTful generated route
-      #   assert_recognizes(list_items_url, 'items/list')
+      #   assert_recognizes list_items_url, 'items/list'
       def assert_recognizes(expected_options, path, extras={}, message=nil)
         if path.is_a? Hash
           request_method = path[:method]
@@ -44,16 +44,16 @@ module ActionController
           request_method = nil
         end
 
-        clean_backtrace do 
-          ActionController::Routing::Routes.reload if ActionController::Routing::Routes.empty? 
+        clean_backtrace do
+          ActionController::Routing::Routes.reload if ActionController::Routing::Routes.empty?
           request = recognized_request_for(path, request_method)
-      
+
           expected_options = expected_options.clone
           extras.each_key { |key| expected_options.delete key } unless extras.nil?
-      
+
           expected_options.stringify_keys!
           routing_diff = expected_options.diff(request.path_parameters)
-          msg = build_message(message, "The recognized options <?> did not match <?>, difference: <?>", 
+          msg = build_message(message, "The recognized options <?> did not match <?>, difference: <?>",
               request.path_parameters, expected_options, expected_options.diff(request.path_parameters))
           assert_block(msg) { request.path_parameters == expected_options }
         end
@@ -64,67 +64,67 @@ module ActionController
       # a query string. The +message+ parameter allows you to specify a custom error message for assertion failures.
       #
       # The +defaults+ parameter is unused.
-      # 
+      #
       # ==== Examples
       #   # Asserts that the default action is generated for a route with no action
-      #   assert_generates("/items", :controller => "items", :action => "index")
+      #   assert_generates "/items", :controller => "items", :action => "index"
       #
       #   # Tests that the list action is properly routed
-      #   assert_generates("/items/list", :controller => "items", :action => "list")
+      #   assert_generates "/items/list", :controller => "items", :action => "list"
       #
       #   # Tests the generation of a route with a parameter
-      #   assert_generates("/items/list/1", { :controller => "items", :action => "list", :id => "1" }) 
+      #   assert_generates "/items/list/1", { :controller => "items", :action => "list", :id => "1" }
       #
       #   # Asserts that the generated route gives us our custom route
       #   assert_generates "changesets/12", { :controller => 'scm', :action => 'show_diff', :revision => "12" }
       def assert_generates(expected_path, options, defaults={}, extras = {}, message=nil)
-        clean_backtrace do 
+        clean_backtrace do
           expected_path = "/#{expected_path}" unless expected_path[0] == ?/
           # Load routes.rb if it hasn't been loaded.
-          ActionController::Routing::Routes.reload if ActionController::Routing::Routes.empty? 
-      
+          ActionController::Routing::Routes.reload if ActionController::Routing::Routes.empty?
+
           generated_path, extra_keys = ActionController::Routing::Routes.generate_extras(options, defaults)
           found_extras = options.reject {|k, v| ! extra_keys.include? k}
 
           msg = build_message(message, "found extras <?>, not <?>", found_extras, extras)
           assert_block(msg) { found_extras == extras }
-      
-          msg = build_message(message, "The generated path <?> did not match <?>", generated_path, 
+
+          msg = build_message(message, "The generated path <?> did not match <?>", generated_path,
               expected_path)
           assert_block(msg) { expected_path == generated_path }
         end
       end
 
-      # Asserts that path and options match both ways; in other words, it verifies that <tt>path</tt> generates 
+      # Asserts that path and options match both ways; in other words, it verifies that <tt>path</tt> generates
       # <tt>options</tt> and then that <tt>options</tt> generates <tt>path</tt>.  This essentially combines +assert_recognizes+
       # and +assert_generates+ into one step.
       #
       # The +extras+ hash allows you to specify options that would normally be provided as a query string to the action.  The
-      # +message+ parameter allows you to specify a custom error message to display upon failure.  
+      # +message+ parameter allows you to specify a custom error message to display upon failure.
       #
       # ==== Examples
       #  # Assert a basic route: a controller with the default action (index)
-      #  assert_routing('/home', :controller => 'home', :action => 'index')
+      #  assert_routing '/home', :controller => 'home', :action => 'index'
       #
       #  # Test a route generated with a specific controller, action, and parameter (id)
-      #  assert_routing('/entries/show/23', :controller => 'entries', :action => 'show', id => 23)
+      #  assert_routing '/entries/show/23', :controller => 'entries', :action => 'show', id => 23
       #
       #  # Assert a basic route (controller + default action), with an error message if it fails
-      #  assert_routing('/store', { :controller => 'store', :action => 'index' }, {}, {}, 'Route for store index not generated properly')
+      #  assert_routing '/store', { :controller => 'store', :action => 'index' }, {}, {}, 'Route for store index not generated properly'
       #
       #  # Tests a route, providing a defaults hash
       #  assert_routing 'controller/action/9', {:id => "9", :item => "square"}, {:controller => "controller", :action => "action"}, {}, {:item => "square"}
       #
       #  # Tests a route with a HTTP method
-      #  assert_routing({ :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" })
+      #  assert_routing { :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" }
       def assert_routing(path, options, defaults={}, extras={}, message=nil)
         assert_recognizes(options, path, extras, message)
-        
-        controller, default_controller = options[:controller], defaults[:controller] 
+
+        controller, default_controller = options[:controller], defaults[:controller]
         if controller && controller.include?(?/) && default_controller && default_controller.include?(?/)
           options[:controller] = "/#{controller}"
         end
-         
+
         assert_generates(path.is_a?(Hash) ? path[:path] : path, options, defaults, extras, message)
       end
 
@@ -134,7 +134,7 @@ module ActionController
           path = "/#{path}" unless path.first == '/'
 
           # Assume given controller
-          request = ActionController::TestRequest.new({}, {}, nil)
+          request = ActionController::TestRequest.new
           request.env["REQUEST_METHOD"] = request_method.to_s.upcase if request_method
           request.path   = path
 

actionpack/lib/action_controller/assertions/selector_assertions.rb

@@ -3,9 +3,6 @@
 # Under MIT and/or CC By license.
 #++
 
-require 'rexml/document'
-require 'html/document'
-
 module ActionController
   module Assertions
     unless const_defined?(:NO_STRIP)
@@ -21,10 +18,8 @@ module ActionController
     # from the response HTML or elements selected by the enclosing assertion.
     # 
     # In addition to HTML responses, you can make the following assertions:
-    # * +assert_select_rjs+ - Assertions on HTML content of RJS update and
-    #     insertion operations.
-    # * +assert_select_encoded+ - Assertions on HTML encoded inside XML,
-    #     for example for dealing with feed item descriptions.
+    # * +assert_select_rjs+ - Assertions on HTML content of RJS update and insertion operations.
+    # * +assert_select_encoded+ - Assertions on HTML encoded inside XML, for example for dealing with feed item descriptions.
     # * +assert_select_email+ - Assertions on the HTML body of an e-mail.
     #
     # Also see HTML::Selector to learn how to use selectors.
@@ -114,20 +109,27 @@ module ActionController
       # starting from (and including) that element and all its children in
       # depth-first order.
       #
-      # If no element if specified, calling +assert_select+ will select from the
-      # response HTML. Calling #assert_select inside an +assert_select+ block will
-      # run the assertion for each element selected by the enclosing assertion.
+      # If no element if specified, calling +assert_select+ selects from the
+      # response HTML unless +assert_select+ is called from within an +assert_select+ block.
+      #
+      # When called with a block +assert_select+ passes an array of selected elements
+      # to the block. Calling +assert_select+ from the block, with no element specified,
+      # runs the assertion on the complete set of elements selected by the enclosing assertion.
+      # Alternatively the array may be iterated through so that +assert_select+ can be called
+      # separately for each element.
+      #
       #
       # ==== Example
-      #   assert_select "ol>li" do |elements|
+      # If the response contains two ordered lists, each with four list elements then:
+      #   assert_select "ol" do |elements|
       #     elements.each do |element|
-      #       assert_select element, "li"
+      #       assert_select element, "li", 4
       #     end
       #   end
       #
-      # Or for short:
-      #   assert_select "ol>li" do
-      #     assert_select "li"
+      # will pass, as will:
+      #   assert_select "ol" do
+      #     assert_select "li", 8
       #   end
       #
       # The selector may be a CSS selector expression (String), an expression
@@ -407,6 +409,7 @@ module ActionController
         if rjs_type
           if rjs_type == :insert
             position  = args.shift
+            id = args.shift
             insertion = "insert_#{position}".to_sym
             raise ArgumentError, "Unknown RJS insertion type #{position}" unless RJS_STATEMENTS[insertion]
             statement = "(#{RJS_STATEMENTS[insertion]})"
@@ -451,7 +454,13 @@ module ActionController
           matches
         else
           # RJS statement not found.
-          flunk args.shift || "No RJS statement that replaces or inserts HTML content."
+          case rjs_type
+            when :remove, :show, :hide, :toggle
+              flunk_message = "No RJS statement that #{rjs_type.to_s}s '#{id}' was rendered."
+            else
+              flunk_message = "No RJS statement that replaces or inserts HTML content."
+          end
+          flunk args.shift || flunk_message
         end
       end
 
@@ -586,7 +595,7 @@ module ActionController
         def response_from_page_or_rjs()
           content_type = @response.content_type
 
-          if content_type && content_type =~ /text\/javascript/
+          if content_type && Mime::JS =~ content_type
             body = @response.body.dup
             root = HTML::Node.new(nil)
 

actionpack/lib/action_controller/assertions/tag_assertions.rb

@@ -1,6 +1,3 @@
-require 'rexml/document'
-require 'html/document'
-
 module ActionController
   module Assertions
     # Pair of assertions to testing elements in the HTML output of the response.
@@ -127,4 +124,4 @@ module ActionController
       end
     end
   end
-end
+end

actionpack/lib/action_controller/base.rb

@@ -1,12 +1,3 @@
-require 'action_controller/mime_type'
-require 'action_controller/request'
-require 'action_controller/response'
-require 'action_controller/routing'
-require 'action_controller/resources'
-require 'action_controller/url_rewriter'
-require 'action_controller/status_codes'
-require 'action_view'
-require 'drb'
 require 'set'
 
 module ActionController #:nodoc:
@@ -31,7 +22,7 @@ module ActionController #:nodoc:
     attr_reader :allowed_methods
 
     def initialize(*allowed_methods)
-      super("Only #{allowed_methods.to_sentence} requests are allowed.")
+      super("Only #{allowed_methods.to_sentence(:locale => :en)} requests are allowed.")
       @allowed_methods = allowed_methods
     end
 
@@ -173,8 +164,8 @@ module ActionController #:nodoc:
   #
   # Other options for session storage are:
   #
-  # * ActiveRecordStore - Sessions are stored in your database, which works better than PStore with multiple app servers and,
-  #   unlike CookieStore, hides your session contents from the user. To use ActiveRecordStore, set
+  # * ActiveRecord::SessionStore - Sessions are stored in your database, which works better than PStore with multiple app servers and,
+  #   unlike CookieStore, hides your session contents from the user. To use ActiveRecord::SessionStore, set
   #
   #     config.action_controller.session_store = :active_record_store
   #
@@ -252,7 +243,7 @@ module ActionController #:nodoc:
   #
   #   def do_something
   #     redirect_to(:action => "elsewhere") and return if monkeys.nil?
-  #     render :action => "overthere" # won't be called unless monkeys is nil
+  #     render :action => "overthere" # won't be called if monkeys is nil
   #   end
   #
   class Base
@@ -260,10 +251,11 @@ module ActionController #:nodoc:
 
     include StatusCodes
 
+    cattr_reader :protected_instance_variables
     # Controller specific instance variables which will not be accessible inside views.
-    @@protected_view_variables = %w(@assigns @performed_redirect @performed_render @variables_added @request_origin @url @parent_controller
-                                    @action_name @before_filter_chain_aborted @action_cache_path @_session @_cookies @_headers @_params
-                                    @_flash @_response)
+    @@protected_instance_variables = %w(@assigns @performed_redirect @performed_render @variables_added @request_origin @url @parent_controller
+                                        @action_name @before_filter_chain_aborted @action_cache_path @_session @_headers @_params
+                                        @_flash @_response)
 
     # Prepends all the URL-generating helpers from AssetHelper. This makes it possible to easily move javascripts, stylesheets,
     # and images to a dedicated asset server away from the main web server. Example:
@@ -277,16 +269,9 @@ module ActionController #:nodoc:
     @@consider_all_requests_local = true
     cattr_accessor :consider_all_requests_local
 
-    # Enable or disable the collection of failure information for RoutingErrors.
-    # This information can be extremely useful when tweaking custom routes, but is
-    # pointless once routes have been tested and verified.
-    @@debug_routes = true
-    cattr_accessor :debug_routes
-
-    # Indicates to Mongrel or Webrick whether to allow concurrent action
-    # processing. Your controller actions and any other code they call must
-    # also behave well when called from concurrent threads. Turned off by
-    # default.
+    # Indicates whether to allow concurrent action processing. Your
+    # controller actions and any other code they call must also behave well
+    # when called from concurrent threads. Turned off by default.
     @@allow_concurrency = false
     cattr_accessor :allow_concurrency
 
@@ -316,10 +301,7 @@ module ActionController #:nodoc:
     # A YAML parser is also available and can be turned on with:
     #
     #   ActionController::Base.param_parsers[Mime::YAML] = :yaml
-    @@param_parsers = { Mime::MULTIPART_FORM   => :multipart_form,
-                        Mime::URL_ENCODED_FORM => :url_encoded_form,
-                        Mime::XML              => :xml_simple,
-                        Mime::JSON             => :json }
+    @@param_parsers = {}
     cattr_accessor :param_parsers
 
     # Controls the default charset for all renders.
@@ -342,15 +324,35 @@ module ActionController #:nodoc:
     # sets it to <tt>:authenticity_token</tt> by default.
     cattr_accessor :request_forgery_protection_token
 
+    # Controls the IP Spoofing check when determining the remote IP.
+    @@ip_spoofing_check = true
+    cattr_accessor :ip_spoofing_check
+
     # Indicates whether or not optimise the generated named
     # route helper methods
     cattr_accessor :optimise_named_routes
     self.optimise_named_routes = true
 
+    # Indicates whether the response format should be determined by examining the Accept HTTP header,
+    # or by using the simpler params + ajax rules.
+    #
+    # If this is set to +true+ (the default) then +respond_to+ and +Request#format+ will take the Accept
+    # header into account.  If it is set to false then the request format will be determined solely
+    # by examining params[:format].  If params format is missing, the format will be either HTML or
+    # Javascript depending on whether the request is an AJAX request.
+    cattr_accessor :use_accept_header
+    self.use_accept_header = true
+
     # Controls whether request forgergy protection is turned on or not. Turned off by default only in test mode.
     class_inheritable_accessor :allow_forgery_protection
     self.allow_forgery_protection = true
 
+    # If you are deploying to a subdirectory, you will need to set
+    # <tt>config.action_controller.relative_url_root</tt>
+    # This defaults to ENV['RAILS_RELATIVE_URL_ROOT']
+    cattr_accessor :relative_url_root
+    self.relative_url_root = ENV['RAILS_RELATIVE_URL_ROOT']
+
     # Holds the request object that's primarily used to get environment variables through access like
     # <tt>request.env["REQUEST_URI"]</tt>.
     attr_internal :request
@@ -373,17 +375,17 @@ module ActionController #:nodoc:
     # directive. Values should always be specified as strings.
     attr_internal :headers
 
-    # Holds the hash of variables that are passed on to the template class to be made available to the view. This hash
-    # is generated by taking a snapshot of all the instance variables in the current scope just before a template is rendered.
-    attr_accessor :assigns
-
     # Returns the name of the action this controller is processing.
     attr_accessor :action_name
 
-    # Templates that are exempt from layouts
-    @@exempt_from_layout = Set.new([/\.rjs$/])
-
     class << self
+      def call(env)
+        # HACK: For global rescue to have access to the original request and response
+        request = env["action_controller.rescue.request"] ||= Request.new(env)
+        response = env["action_controller.rescue.response"] ||= Response.new
+        process(request, response)
+      end
+
       # Factory for the standard create, process loop where the controller is discarded after processing.
       def process(request, response) #:nodoc:
         new.process(request, response)
@@ -408,28 +410,27 @@ module ActionController #:nodoc:
       # By default, all methods defined in ActionController::Base and included modules are hidden.
       # More methods can be hidden using <tt>hide_actions</tt>.
       def hidden_actions
-        unless read_inheritable_attribute(:hidden_actions)
-          write_inheritable_attribute(:hidden_actions, ActionController::Base.public_instance_methods.map(&:to_s))
-        end
-
-        read_inheritable_attribute(:hidden_actions)
+        read_inheritable_attribute(:hidden_actions) || write_inheritable_attribute(:hidden_actions, [])
       end
 
       # Hide each of the given methods from being callable as actions.
       def hide_action(*names)
-        write_inheritable_attribute(:hidden_actions, hidden_actions | names.map(&:to_s))
+        write_inheritable_attribute(:hidden_actions, hidden_actions | names.map { |name| name.to_s })
       end
 
-      ## View load paths determine the bases from which template references can be made. So a call to
-      ## render("test/template") will be looked up in the view load paths array and the closest match will be
-      ## returned.
+      # View load paths determine the bases from which template references can be made. So a call to
+      # render("test/template") will be looked up in the view load paths array and the closest match will be
+      # returned.
       def view_paths
-        @view_paths || superclass.view_paths
+        if defined? @view_paths
+          @view_paths
+        else
+          superclass.view_paths
+        end
       end
 
       def view_paths=(value)
-        @view_paths = value
-        ActionView::TemplateFinder.process_view_paths(value)
+        @view_paths = ActionView::Base.process_view_paths(value) if value
       end
 
       # Adds a view_path to the front of the view_paths array.
@@ -440,9 +441,8 @@ module ActionController #:nodoc:
       #   ArticleController.prepend_view_path(["views/default", "views/custom"])
       #
       def prepend_view_path(path)
-        @view_paths = superclass.view_paths.dup if @view_paths.nil?
-        view_paths.unshift(*path)
-        ActionView::TemplateFinder.process_view_paths(path)
+        @view_paths = superclass.view_paths.dup if !defined?(@view_paths) || @view_paths.nil?
+        @view_paths.unshift(*path)
       end
 
       # Adds a view_path to the end of the view_paths array.
@@ -454,8 +454,7 @@ module ActionController #:nodoc:
       #
       def append_view_path(path)
         @view_paths = superclass.view_paths.dup if @view_paths.nil?
-        view_paths.push(*path)
-        ActionView::TemplateFinder.process_view_paths(path)
+        @view_paths.push(*path)
       end
 
       # Replace sensitive parameter data from the request log.
@@ -492,6 +491,15 @@ module ActionController #:nodoc:
               filtered_parameters[key] = '[FILTERED]'
             elsif value.is_a?(Hash)
               filtered_parameters[key] = filter_parameters(value)
+            elsif value.is_a?(Array)
+              filtered_parameters[key] = value.collect do |item|
+                case item
+                when Hash, Array
+                  filter_parameters(item)
+                else
+                  item
+                end
+              end
             elsif block_given?
               key = key.dup
               value = value.dup if value
@@ -507,38 +515,34 @@ module ActionController #:nodoc:
         protected :filter_parameters
       end
 
-      # Don't render layouts for templates with the given extensions.
-      def exempt_from_layout(*extensions)
-        regexps = extensions.collect do |extension|
-          extension.is_a?(Regexp) ? extension : /\.#{Regexp.escape(extension.to_s)}$/
-        end
-        @@exempt_from_layout.merge regexps
-      end
+      delegate :exempt_from_layout, :to => 'ActionView::Template'
     end
 
     public
       # Extracts the action_name from the request parameters and performs that action.
       def process(request, response, method = :perform_action, *arguments) #:nodoc:
+        response.request = request
+
         initialize_template_class(response)
         assign_shortcuts(request, response)
         initialize_current_url
         assign_names
-        forget_variables_added_to_assigns
 
         log_processing
         send(method, *arguments)
 
-        assign_default_content_type_and_charset
-
-        response.request = request
-        response.prepare! unless component_request?
-        response
+        send_response
       ensure
         process_cleanup
       end
 
-      # Returns a URL that has been rewritten according to the options hash and the defined Routes.
-      # (For doing a complete redirect, use redirect_to).
+      def send_response
+        response.prepare!
+        response
+      end
+
+      # Returns a URL that has been rewritten according to the options hash and the defined routes.
+      # (For doing a complete redirect, use +redirect_to+).
       #
       # <tt>url_for</tt> is used to:
       #
@@ -578,7 +582,15 @@ module ActionController #:nodoc:
       # missing values in the current request's parameters. Routes attempts to guess when a value should and should not be
       # taken from the defaults. There are a few simple rules on how this is performed:
       #
-      # * If the controller name begins with a slash, no defaults are used: <tt>url_for :controller => '/home'</tt>
+      # * If the controller name begins with a slash no defaults are used:
+      #
+      #     url_for :controller => '/home'
+      #
+      #   In particular, a leading slash ensures no namespace is assumed. Thus,
+      #   while <tt>url_for :controller => 'users'</tt> may resolve to
+      #   <tt>Admin::UsersController</tt> if the current controller lives under
+      #   that module, <tt>url_for :controller => '/users'</tt> ensures you link
+      #   to <tt>::UsersController</tt> no matter what.
       # * If the controller changes, the action will default to index unless provided
       #
       # The final rule is applied while the URL is being generated and is best illustrated by an example. Let us consider the
@@ -641,18 +653,18 @@ module ActionController #:nodoc:
       end
 
       def session_enabled?
-        request.session_options && request.session_options[:disabled] != false
+        ActiveSupport::Deprecation.warn("Sessions are now lazy loaded. So if you don't access them, consider them disabled.", caller)
       end
 
       self.view_paths = []
 
       # View load paths for controller.
       def view_paths
-        @template.finder.view_paths
+        @template.view_paths
       end
 
       def view_paths=(value)
-        @template.finder.view_paths = value  # Mutex needed
+        @template.view_paths = ActionView::Base.process_view_paths(value)
       end
 
       # Adds a view_path to the front of the view_paths array.
@@ -662,7 +674,7 @@ module ActionController #:nodoc:
       #   self.prepend_view_path(["views/default", "views/custom"])
       #
       def prepend_view_path(path)
-        @template.finder.prepend_view_path(path)  # Mutex needed
+        @template.view_paths.unshift(*path)
       end
 
       # Adds a view_path to the end of the view_paths array.
@@ -672,7 +684,7 @@ module ActionController #:nodoc:
       #   self.append_view_path(["views/default", "views/custom"])
       #
       def append_view_path(path)
-        @template.finder.append_view_path(path)  # Mutex needed
+        @template.view_paths.push(*path)
       end
 
     protected
@@ -713,6 +725,9 @@ module ActionController #:nodoc:
       #   # builds the complete response.
       #   render :partial => "person", :collection => @winners
       #
+      #   # Renders a collection of partials but with a custom local variable name
+      #   render :partial => "admin_person", :collection => @winners, :as => :person
+      #
       #   # Renders the same collection of partials, but also renders the
       #   # person_divider partial between each person partial.
       #   render :partial => "person", :collection => @winners, :spacer_template => "person_divider"
@@ -760,9 +775,6 @@ module ActionController #:nodoc:
       #   render :file => "/path/to/some/template.erb", :layout => true, :status => 404
       #   render :file => "c:/path/to/some/template.erb", :layout => true, :status => 404
       #
-      #   # Renders a template relative to the template root and chooses the proper file extension
-      #   render :file => "some/template", :use_full_path => true
-      #
       # === Rendering text
       #
       # Rendering of text is usually used for tests or for rendering prepared content, such as a cache. By default, text
@@ -781,13 +793,53 @@ module ActionController #:nodoc:
       #   # placed in "app/views/layouts/special.r(html|xml)"
       #   render :text => "Hi there!", :layout => "special"
       #
-      # The <tt>:text</tt> option can also accept a Proc object, which can be used to manually control the page generation. This should
-      # generally be avoided, as it violates the separation between code and content, and because almost everything that can be
-      # done with this method can also be done more cleanly using one of the other rendering methods, most notably templates.
+      # === Streaming data and/or controlling the page generation
+      #
+      # The <tt>:text</tt> option can also accept a Proc object, which can be used to:
+      #
+      # 1. stream on-the-fly generated data to the browser. Note that you should
+      #    use the methods provided by ActionController::Steaming instead if you
+      #    want to stream a buffer or a file.
+      # 2. manually control the page generation. This should generally be avoided,
+      #    as it violates the separation between code and content, and because almost
+      #    everything that can be done with this method can also be done more cleanly
+      #    using one of the other rendering methods, most notably templates.
+      #
+      # Two arguments are passed to the proc, a <tt>response</tt> object and an
+      # <tt>output</tt> object. The response object is equivalent to the return
+      # value of the ActionController::Base#response method, and can be used to
+      # control various things in the HTTP response, such as setting the
+      # Content-Type header. The output object is an writable <tt>IO</tt>-like
+      # object, so one can call <tt>write</tt> and <tt>flush</tt> on it.
+      #
+      # The following example demonstrates how one can stream a large amount of
+      # on-the-fly generated data to the browser:
+      #
+      #   # Streams about 180 MB of generated data to the browser.
+      #   render :text => proc { |response, output|
+      #     10_000_000.times do |i|
+      #       output.write("This is line #{i}\n")
+      #     end
+      #   }
+      #
+      # Another example:
       #
       #   # Renders "Hello from code!"
       #   render :text => proc { |response, output| output.write("Hello from code!") }
       #
+      # === Rendering XML
+      #
+      # Rendering XML sets the content type to application/xml.
+      #
+      #   # Renders '<name>David</name>'
+      #   render :xml => {:name => "David"}.to_xml
+      #
+      # It's not necessary to call <tt>to_xml</tt> on the object you want to render, since <tt>render</tt> will
+      # automatically do that for you:
+      #
+      #   # Also renders '<name>David</name>'
+      #   render :xml => {:name => "David"}
+      #
       # === Rendering JSON
       #
       # Rendering JSON sets the content type to application/json and optionally wraps the JSON in a callback. It is expected
@@ -833,26 +885,46 @@ module ActionController #:nodoc:
       #     page.visual_effect :highlight, 'user_list'
       #   end
       #
-      # === Rendering with status and location headers
+      # === Rendering vanilla JavaScript
       #
+      # In addition to using RJS with render :update, you can also just render vanilla JavaScript with :js.
+      #
+      #   # Renders "alert('hello')" and sets the mime type to text/javascript
+      #   render :js => "alert('hello')"
+      #
+      # === Rendering with status and location headers
       # All renders take the <tt>:status</tt> and <tt>:location</tt> options and turn them into headers. They can even be used together:
       #
       #   render :xml => post.to_xml, :status => :created, :location => post_url(post)
       def render(options = nil, extra_options = {}, &block) #:doc:
         raise DoubleRenderError, "Can only render or redirect once per action" if performed?
 
+        validate_render_arguments(options, extra_options, block_given?)
+
         if options.nil?
-          return render_for_file(default_template_name, nil, true)
-        elsif !extra_options.is_a?(Hash)
-          raise RenderError, "You called render with invalid options : #{options.inspect}, #{extra_options.inspect}"
-        else
-          if options == :update
-            options = extra_options.merge({ :update => true })
-          elsif !options.is_a?(Hash)
-            raise RenderError, "You called render with invalid options : #{options.inspect}"
+          options = { :template => default_template, :layout => true }
+        elsif options == :update
+          options = extra_options.merge({ :update => true })
+        elsif options.is_a?(String) || options.is_a?(Symbol)
+          case options.to_s.index('/')
+          when 0
+            extra_options[:file] = options
+          when nil
+            extra_options[:action] = options
+          else
+            extra_options[:template] = options
           end
+
+          options = extra_options
+        elsif !options.is_a?(Hash)
+          extra_options[:partial] = options
+          options = extra_options
         end
 
+        layout = pick_layout(options)
+        response.layout = layout.path_without_format_and_extension if layout
+        logger.info("Rendering template within #{layout.path_without_format_and_extension}") if logger && layout
+
         if content_type = options[:content_type]
           response.content_type = content_type.to_s
         end
@@ -862,68 +934,57 @@ module ActionController #:nodoc:
         end
 
         if options.has_key?(:text)
-          render_for_text(options[:text], options[:status])
+          text = layout ? @template.render(options.merge(:text => options[:text], :layout => layout)) : options[:text]
+          render_for_text(text, options[:status])
 
         else
           if file = options[:file]
-            render_for_file(file, options[:status], options[:use_full_path], options[:locals] || {})
+            render_for_file(file, options[:status], layout, options[:locals] || {})
 
           elsif template = options[:template]
-            render_for_file(template, options[:status], true, options[:locals] || {})
+            render_for_file(template, options[:status], layout, options[:locals] || {})
 
           elsif inline = options[:inline]
-            add_variables_to_assigns
-            tmpl = ActionView::InlineTemplate.new(@template, options[:inline], options[:locals], options[:type])
-            render_for_text(@template.render_template(tmpl), options[:status])
+            render_for_text(@template.render(options.merge(:layout => layout)), options[:status])
 
           elsif action_name = options[:action]
-            template = default_template_name(action_name.to_s)
-            if options[:layout] && !template_exempt_from_layout?(template)
-              render_with_a_layout(:file => template, :status => options[:status], :use_full_path => true, :layout => true)
-            else
-              render_with_no_layout(:file => template, :status => options[:status], :use_full_path => true)
-            end
+            render_for_file(default_template(action_name.to_s), options[:status], layout)
 
           elsif xml = options[:xml]
             response.content_type ||= Mime::XML
             render_for_text(xml.respond_to?(:to_xml) ? xml.to_xml : xml, options[:status])
 
-          elsif json = options[:json]
-            json = json.to_json unless json.is_a?(String)
+          elsif js = options[:js]
+            response.content_type ||= Mime::JS
+            render_for_text(js, options[:status])
+
+          elsif options.include?(:json)
+            json = options[:json]
+            json = ActiveSupport::JSON.encode(json) unless json.is_a?(String)
             json = "#{options[:callback]}(#{json})" unless options[:callback].blank?
             response.content_type ||= Mime::JSON
             render_for_text(json, options[:status])
 
-          elsif partial = options[:partial]
-            partial = default_template_name if partial == true
-            add_variables_to_assigns
-
-            if collection = options[:collection]
-              render_for_text(
-                @template.send!(:render_partial_collection, partial, collection,
-                options[:spacer_template], options[:locals]), options[:status]
-              )
+          elsif options[:partial]
+            options[:partial] = default_template_name if options[:partial] == true
+            if layout
+              render_for_text(@template.render(:text => @template.render(options), :layout => layout), options[:status])
             else
-              render_for_text(
-                @template.send!(:render_partial, partial,
-                ActionView::Base::ObjectWrapper.new(options[:object]), options[:locals]), options[:status]
-              )
+              render_for_text(@template.render(options), options[:status])
             end
 
           elsif options[:update]
-            add_variables_to_assigns
-            @template.send! :evaluate_assigns
+            @template.send(:_evaluate_assigns_and_ivars)
 
             generator = ActionView::Helpers::PrototypeHelper::JavaScriptGenerator.new(@template, &block)
             response.content_type = Mime::JS
             render_for_text(generator.to_s, options[:status])
 
           elsif options[:nothing]
-            # Safari doesn't pass the headers of the return if the response is zero length
-            render_for_text(" ", options[:status])
+            render_for_text(nil, options[:status])
 
           else
-            render_for_file(default_template_name, options[:status], true)
+            render_for_file(default_template, options[:status], layout)
           end
         end
       end
@@ -933,8 +994,8 @@ module ActionController #:nodoc:
       def render_to_string(options = nil, &block) #:doc:
         render(options, &block)
       ensure
+        response.content_type = nil
         erase_render_results
-        forget_variables_added_to_assigns
         reset_variables_added_to_assigns
       end
 
@@ -966,7 +1027,6 @@ module ActionController #:nodoc:
         render :nothing => true, :status => status
       end
 
-
       # Clears the rendered results, allowing for another render to be performed.
       def erase_render_results #:nodoc:
         response.body = nil
@@ -981,7 +1041,7 @@ module ActionController #:nodoc:
         @performed_redirect = false
         response.redirected_to = nil
         response.redirected_to_method_params = nil
-        response.headers['Status'] = DEFAULT_RENDER_STATUS_CODE
+        response.status = DEFAULT_RENDER_STATUS_CODE
         response.headers.delete('Location')
       end
 
@@ -1016,10 +1076,10 @@ module ActionController #:nodoc:
       #
       # * <tt>Hash</tt> - The URL will be generated by calling url_for with the +options+.
       # * <tt>Record</tt> - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record.
-      # * <tt>String starting with protocol:// (like http://)</tt> - Is passed straight through as the target for redirection.
-      # * <tt>String not containing a protocol</tt> - The current protocol and host is prepended to the string.
+      # * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) - Is passed straight through as the target for redirection.
+      # * <tt>String</tt> not containing a protocol - The current protocol and host is prepended to the string.
       # * <tt>:back</tt> - Back to the page that issued the request. Useful for forms that are triggered from multiple places.
-      #   Short-hand for redirect_to(request.env["HTTP_REFERER"])
+      #   Short-hand for <tt>redirect_to(request.env["HTTP_REFERER"])</tt>
       #
       # Examples:
       #   redirect_to :action => "show", :id => 5
@@ -1051,26 +1111,95 @@ module ActionController #:nodoc:
           status = 302
         end
 
+        response.redirected_to = options
+
         case options
-          when %r{^\w+://.*}
-            raise DoubleRenderError if performed?
-            logger.info("Redirected to #{options}") if logger && logger.info?
-            response.redirect(options, interpret_status(status))
-            response.redirected_to = options
-            @performed_redirect = true
-
+          # The scheme name consist of a letter followed by any combination of
+          # letters, digits, and the plus ("+"), period ("."), or hyphen ("-")
+          # characters; and is terminated by a colon (":").
+          when %r{^\w[\w\d+.-]*:.*}
+            redirect_to_full_url(options, status)
           when String
-            redirect_to(request.protocol + request.host_with_port + options, :status=>status)
-
+            redirect_to_full_url(request.protocol + request.host_with_port + options, status)
           when :back
-            request.env["HTTP_REFERER"] ? redirect_to(request.env["HTTP_REFERER"], :status=>status) : raise(RedirectBackError)
-
-          when Hash
-            redirect_to(url_for(options), :status=>status)
-            response.redirected_to = options
-
+            if referer = request.headers["Referer"]
+              redirect_to(referer, :status=>status)
+            else
+              raise RedirectBackError
+            end
           else
-            redirect_to(url_for(options), :status=>status)
+            redirect_to_full_url(url_for(options), status)
+        end
+      end
+
+      def redirect_to_full_url(url, status)
+        raise DoubleRenderError if performed?
+        logger.info("Redirected to #{url}") if logger && logger.info?
+        response.redirect(url, interpret_status(status))
+        @performed_redirect = true
+      end
+
+      # Sets the etag and/or last_modified on the response and checks it against
+      # the client request. If the request doesn't match the options provided, the
+      # request is considered stale and should be generated from scratch. Otherwise,
+      # it's fresh and we don't need to generate anything and a reply of "304 Not Modified" is sent.
+      #
+      # Parameters:
+      # * <tt>:etag</tt>
+      # * <tt>:last_modified</tt> 
+      # * <tt>:public</tt> By default the Cache-Control header is private, set this to true if you want your application to be cachable by other devices (proxy caches).
+      #
+      # Example:
+      #
+      #   def show
+      #     @article = Article.find(params[:id])
+      #
+      #     if stale?(:etag => @article, :last_modified => @article.created_at.utc)
+      #       @statistics = @article.really_expensive_call
+      #       respond_to do |format|
+      #         # all the supported formats
+      #       end
+      #     end
+      #   end
+      def stale?(options)
+        fresh_when(options)
+        !request.fresh?(response)
+      end
+
+      # Sets the etag, last_modified, or both on the response and renders a
+      # "304 Not Modified" response if the request is already fresh.
+      #
+      # Parameters:
+      # * <tt>:etag</tt>
+      # * <tt>:last_modified</tt> 
+      # * <tt>:public</tt> By default the Cache-Control header is private, set this to true if you want your application to be cachable by other devices (proxy caches).
+      #
+      # Example:
+      #
+      #   def show
+      #     @article = Article.find(params[:id])
+      #     fresh_when(:etag => @article, :last_modified => @article.created_at.utc, :public => true)
+      #   end
+      #
+      # This will render the show template if the request isn't sending a matching etag or
+      # If-Modified-Since header and just a "304 Not Modified" response if there's a match.
+      #
+      def fresh_when(options)
+        options.assert_valid_keys(:etag, :last_modified, :public)
+
+        response.etag          = options[:etag]          if options[:etag]
+        response.last_modified = options[:last_modified] if options[:last_modified]
+        
+        if options[:public] 
+          cache_control = response.headers["Cache-Control"].split(",").map {|k| k.strip }
+          cache_control.delete("private")
+          cache_control.delete("no-cache")
+          cache_control << "public"
+          response.headers["Cache-Control"] = cache_control.join(', ')
+        end
+
+        if request.fresh?(response)
+          head :not_modified
         end
       end
 
@@ -1079,15 +1208,26 @@ module ActionController #:nodoc:
       #
       # Examples:
       #   expires_in 20.minutes
-      #   expires_in 3.hours, :private => false
-      #   expires in 3.hours, 'max-stale' => 5.hours, :private => nil, :public => true
+      #   expires_in 3.hours, :public => true
+      #   expires in 3.hours, 'max-stale' => 5.hours, :public => true
       #
       # This method will overwrite an existing Cache-Control header.
       # See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities.
       def expires_in(seconds, options = {}) #:doc:
-        cache_options = { 'max-age' => seconds, 'private' => true }.symbolize_keys.merge!(options.symbolize_keys)
-        cache_options.delete_if { |k,v| v.nil? or v == false }
-        cache_control = cache_options.map{ |k,v| v == true ? k.to_s : "#{k.to_s}=#{v.to_s}"}
+        cache_control = response.headers["Cache-Control"].split(",").map {|k| k.strip }
+
+        cache_control << "max-age=#{seconds}"
+        cache_control.delete("no-cache")
+        if options[:public]
+          cache_control.delete("private")
+          cache_control << "public"
+        else
+          cache_control << "private"
+        end
+        
+        # This allows for additional headers to be passed through like 'max-stale' => 5.hours
+        cache_control += options.symbolize_keys.reject{|k,v| k == :public || k == :private }.map{ |k,v| v == true ? k.to_s : "#{k.to_s}=#{v.to_s}"}
+        
         response.headers["Cache-Control"] = cache_control.join(', ')
       end
 
@@ -1101,46 +1241,57 @@ module ActionController #:nodoc:
       def reset_session #:doc:
         request.reset_session
         @_session = request.session
-        response.session = @_session
       end
 
-
     private
-      def render_for_file(template_path, status = nil, use_full_path = false, locals = {}) #:nodoc:
-        add_variables_to_assigns
-        logger.info("Rendering #{template_path}" + (status ? " (#{status})" : '')) if logger
-        render_for_text(@template.render_file(template_path, use_full_path, locals), status)
+      def render_for_file(template_path, status = nil, layout = nil, locals = {}) #:nodoc:
+        path = template_path.respond_to?(:path_without_format_and_extension) ? template_path.path_without_format_and_extension : template_path
+        logger.info("Rendering #{path}" + (status ? " (#{status})" : '')) if logger
+        render_for_text @template.render(:file => template_path, :locals => locals, :layout => layout), status
       end
 
       def render_for_text(text = nil, status = nil, append_response = false) #:nodoc:
         @performed_render = true
 
-        response.headers['Status'] = interpret_status(status || DEFAULT_RENDER_STATUS_CODE)
+        response.status = interpret_status(status || DEFAULT_RENDER_STATUS_CODE)
 
         if append_response
           response.body ||= ''
           response.body << text.to_s
         else
-          response.body = text.is_a?(Proc) ? text : text.to_s
+          response.body = case text
+            when Proc then text
+            when nil  then " " # Safari doesn't pass the headers of the return if the response is zero length
+            else           text.to_s
+          end
+        end
+      end
+
+      def validate_render_arguments(options, extra_options, has_block)
+        if options && (has_block && options != :update) && !options.is_a?(String) && !options.is_a?(Hash) && !options.is_a?(Symbol)
+          raise RenderError, "You called render with invalid options : #{options.inspect}"
+        end
+
+        if !extra_options.is_a?(Hash)
+          raise RenderError, "You called render with invalid options : #{options.inspect}, #{extra_options.inspect}"
         end
       end
 
       def initialize_template_class(response)
         response.template = ActionView::Base.new(self.class.view_paths, {}, self)
-        response.template.extend self.class.master_helper_module
+        response.template.helpers.send :include, self.class.master_helper_module
         response.redirected_to = nil
         @performed_render = @performed_redirect = false
       end
 
       def assign_shortcuts(request, response)
-        @_request, @_params, @_cookies = request, request.parameters, request.cookies
+        @_request, @_params = request, request.parameters
 
         @_response         = response
         @_response.session = request.session
 
         @_session = @_response.session
         @template = @_response.template
-        @assigns  = @_response.template.assigns
 
         @_headers = @_response.headers
       end
@@ -1151,27 +1302,48 @@ module ActionController #:nodoc:
 
       def log_processing
         if logger && logger.info?
-          logger.info "\n\nProcessing #{self.class.name}\##{action_name} (for #{request_origin}) [#{request.method.to_s.upcase}]"
-          logger.info "  Session ID: #{@_session.session_id}" if @_session and @_session.respond_to?(:session_id)
-          logger.info "  Parameters: #{respond_to?(:filter_parameters) ? filter_parameters(params).inspect : params.inspect}"
+          log_processing_for_request_id
+          log_processing_for_parameters
         end
       end
 
+      def log_processing_for_request_id
+        request_id = "\n\nProcessing #{self.class.name}\##{action_name} "
+        request_id << "to #{params[:format]} " if params[:format]
+        request_id << "(for #{request_origin}) [#{request.method.to_s.upcase}]"
+
+        logger.info(request_id)
+      end
+
+      def log_processing_for_parameters
+        parameters = respond_to?(:filter_parameters) ? filter_parameters(params) : params.dup
+        parameters = parameters.except!(:controller, :action, :format, :_method)
+
+        logger.info "  Parameters: #{parameters.inspect}" unless parameters.empty?
+      end
+
       def default_render #:nodoc:
         render
       end
 
       def perform_action
-        if self.class.action_methods.include?(action_name)
+        if action_methods.include?(action_name)
           send(action_name)
           default_render unless performed?
         elsif respond_to? :method_missing
           method_missing action_name
           default_render unless performed?
-        elsif template_exists? && template_public?
-          default_render
         else
-          raise UnknownAction, "No action responded to #{action_name}", caller
+          begin
+            default_render
+          rescue ActionView::MissingTemplate => e
+            # Was the implicit template missing, or was it another template?
+            if e.path == default_template_name
+              raise UnknownAction, "No action responded to #{action_name}. Actions: #{action_methods.sort.to_sentence(:locale => :en)}", caller
+            else
+              raise e
+            end
+          end
         end
       end
 
@@ -1183,44 +1355,26 @@ module ActionController #:nodoc:
         @action_name = (params['action'] || 'index')
       end
 
-      def assign_default_content_type_and_charset
-        response.content_type ||= Mime::HTML
-        response.charset      ||= self.class.default_charset unless sending_file?
-      end
-
-      def sending_file?
-        response.headers["Content-Transfer-Encoding"] == "binary"
-      end
-
       def action_methods
         self.class.action_methods
       end
 
       def self.action_methods
-        @action_methods ||= Set.new(public_instance_methods.map(&:to_s)) - hidden_actions
-      end
-
-      def add_variables_to_assigns
-        unless @variables_added
-          add_instance_variables_to_assigns
-          @variables_added = true
-        end
-      end
-
-      def forget_variables_added_to_assigns
-        @variables_added = nil
+        @action_methods ||=
+          # All public instance methods of this class, including ancestors
+          public_instance_methods(true).map { |m| m.to_s }.to_set -
+          # Except for public instance methods of Base and its ancestors
+          Base.public_instance_methods(true).map { |m| m.to_s } +
+          # Be sure to include shadowed public instance methods of this class
+          public_instance_methods(false).map { |m| m.to_s } -
+          # And always exclude explicitly hidden actions
+          hidden_actions
       end
 
       def reset_variables_added_to_assigns
         @template.instance_variable_set("@assigns_added", nil)
       end
 
-      def add_instance_variables_to_assigns
-        (instance_variable_names - @@protected_view_variables).each do |var|
-          @assigns[var[1..-1]] = instance_variable_get(var)
-        end
-      end
-
       def request_origin
         # this *needs* to be cached!
         # otherwise you'd get different results if calling it more than once
@@ -1231,22 +1385,8 @@ module ActionController #:nodoc:
         "#{request.protocol}#{request.host}#{request.request_uri}"
       end
 
-      def close_session
-        @_session.close if @_session && @_session.respond_to?(:close)
-      end
-
-      def template_exists?(template_name = default_template_name)
-        @template.finder.file_exists?(template_name)
-      end
-
-      def template_public?(template_name = default_template_name)
-        @template.file_public?(template_name)
-      end
-
-      def template_exempt_from_layout?(template_name = default_template_name)
-        extension = @template && @template.finder.pick_template_extension(template_name)
-        name_with_extension = !template_name.include?('.') && extension ? "#{template_name}.#{extension}" : template_name
-        @@exempt_from_layout.any? { |ext| name_with_extension =~ ext }
+      def default_template(action_name = self.action_name)
+        self.view_paths.find_template(default_template_name(action_name), default_template_format)
       end
 
       def default_template_name(action_name = self.action_name)
@@ -1256,7 +1396,7 @@ module ActionController #:nodoc:
             action_name = strip_out_controller(action_name)
           end
         end
-        "#{self.class.controller_path}/#{action_name}"
+        "#{self.controller_path}/#{action_name}"
       end
 
       def strip_out_controller(path)
@@ -1264,11 +1404,20 @@ module ActionController #:nodoc:
       end
 
       def template_path_includes_controller?(path)
-        self.class.controller_path.split('/')[-1] == path.split('/')[0]
+        self.controller_path.split('/')[-1] == path.split('/')[0]
       end
 
       def process_cleanup
-        close_session
       end
   end
+
+  Base.class_eval do
+    [ Filters, Layout, Benchmarking, Rescue, Flash, MimeResponds, Helpers,
+      Cookies, Caching, Verification, Streaming, SessionManagement,
+      HttpAuthentication::Basic::ControllerMethods, HttpAuthentication::Digest::ControllerMethods,
+      RecordIdentifier, RequestForgeryProtection, Translation
+    ].each do |mod|
+      include mod
+    end
+  end
 end

actionpack/lib/action_controller/benchmarking.rb

@@ -23,8 +23,8 @@ module ActionController #:nodoc:
       def benchmark(title, log_level = Logger::DEBUG, use_silence = true)
         if logger && logger.level == log_level
           result = nil
-          seconds = Benchmark.realtime { result = use_silence ? silence { yield } : yield }
-          logger.add(log_level, "#{title} (#{'%.5f' % seconds})")
+          ms = Benchmark.ms { result = use_silence ? silence { yield } : yield }
+          logger.add(log_level, "#{title} (#{('%.1f' % ms)}ms)")
           result
         else
           yield
@@ -42,53 +42,66 @@ module ActionController #:nodoc:
 
     protected
       def render_with_benchmark(options = nil, extra_options = {}, &block)
-        unless logger
-          render_without_benchmark(options, extra_options, &block)
-        else
-          db_runtime = ActiveRecord::Base.connection.reset_runtime if Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected?
+        if logger
+          if Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected?
+            db_runtime = ActiveRecord::Base.connection.reset_runtime
+          end
 
           render_output = nil
-          @rendering_runtime = Benchmark::realtime{ render_output = render_without_benchmark(options, extra_options, &block) }
+          @view_runtime = Benchmark.ms { render_output = render_without_benchmark(options, extra_options, &block) }
 
           if Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected?
             @db_rt_before_render = db_runtime
             @db_rt_after_render = ActiveRecord::Base.connection.reset_runtime
-            @rendering_runtime -= @db_rt_after_render
+            @view_runtime -= @db_rt_after_render
           end
 
           render_output
+        else
+          render_without_benchmark(options, extra_options, &block)
         end
       end    
 
     private
       def perform_action_with_benchmark
-        unless logger
-          perform_action_without_benchmark
-        else
-          runtime = [ Benchmark::measure{ perform_action_without_benchmark }.real, 0.0001 ].max
+        if logger
+          ms = [Benchmark.ms { perform_action_without_benchmark }, 0.01].max
+          logging_view          = defined?(@view_runtime)
+          logging_active_record = Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected?
 
-          log_message  = "Completed in #{sprintf("%.5f", runtime)} (#{(1 / runtime).floor} reqs/sec)"
-          log_message << rendering_runtime(runtime) if defined?(@rendering_runtime)
-          log_message << active_record_runtime(runtime) if Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected?
-          log_message << " | #{headers["Status"]}"
+          log_message  = 'Completed in %.0fms' % ms
+
+          if logging_view || logging_active_record
+            log_message << " ("
+            log_message << view_runtime if logging_view
+
+            if logging_active_record
+              log_message << ", " if logging_view
+              log_message << active_record_runtime + ")"
+            else
+              ")"
+            end
+          end
+
+          log_message << " | #{response.status}"
           log_message << " [#{complete_request_uri rescue "unknown"}]"
 
           logger.info(log_message)
-          response.headers["X-Runtime"] = sprintf("%.5f", runtime)
+          response.headers["X-Runtime"] = "%.0f" % ms
+        else
+          perform_action_without_benchmark
         end
       end
 
-      def rendering_runtime(runtime)
-        percentage = @rendering_runtime * 100 / runtime
-        " | Rendering: %.5f (%d%%)" % [@rendering_runtime, percentage.to_i]
+      def view_runtime
+        "View: %.0f" % @view_runtime
       end
 
-      def active_record_runtime(runtime)
-        db_runtime    = ActiveRecord::Base.connection.reset_runtime
-        db_runtime    += @db_rt_before_render if @db_rt_before_render
-        db_runtime    += @db_rt_after_render if @db_rt_after_render
-        db_percentage = db_runtime * 100 / runtime
-        " | DB: %.5f (%d%%)" % [db_runtime, db_percentage.to_i]
+      def active_record_runtime
+        db_runtime = ActiveRecord::Base.connection.reset_runtime
+        db_runtime += @db_rt_before_render if @db_rt_before_render
+        db_runtime += @db_rt_after_render if @db_rt_after_render
+        "DB: %.0f" % db_runtime
       end
   end
 end

actionpack/lib/action_controller/caching.rb

@@ -2,13 +2,6 @@ require 'fileutils'
 require 'uri'
 require 'set'
 
-require 'action_controller/caching/pages'
-require 'action_controller/caching/actions'
-require 'action_controller/caching/sql_cache'
-require 'action_controller/caching/sweeping'
-require 'action_controller/caching/fragments'
-
-
 module ActionController #:nodoc:
   # Caching is a cheap way of speeding up slow applications by keeping the result of calculations, renderings, and database calls
   # around for subsequent requests. Action Controller affords you three approaches in varying levels of granularity: Page, Action, Fragment.
@@ -31,6 +24,12 @@ module ActionController #:nodoc:
   #   ActionController::Base.cache_store = :mem_cache_store, "localhost"
   #   ActionController::Base.cache_store = MyOwnStore.new("parameter")
   module Caching
+    autoload :Actions, 'action_controller/caching/actions'
+    autoload :Fragments, 'action_controller/caching/fragments'
+    autoload :Pages, 'action_controller/caching/pages'
+    autoload :Sweeper, 'action_controller/caching/sweeper'
+    autoload :Sweeping, 'action_controller/caching/sweeping'
+
     def self.included(base) #:nodoc:
       base.class_eval do
         @@cache_store = nil
@@ -42,7 +41,7 @@ module ActionController #:nodoc:
         end
 
         include Pages, Actions, Fragments
-        include Sweeping, SqlCache if defined?(ActiveRecord)
+        include Sweeping if defined?(ActiveRecord)
 
         @@perform_caching = true
         cattr_accessor :perform_caching
@@ -63,10 +62,9 @@ module ActionController #:nodoc:
         end
       end
 
-
-    private    
+    private
       def cache_configured?
         self.class.cache_configured?
       end
   end
-end
+end

actionpack/lib/action_controller/caching/actions.rb

@@ -27,19 +27,23 @@ module ActionController #:nodoc:
     # You can set modify the default action cache path by passing a :cache_path option.  This will be passed directly to ActionCachePath.path_for.  This is handy
     # for actions with multiple possible routes that should be cached differently.  If a block is given, it is called with the current controller instance.
     #
-    # And you can also use :if to pass a Proc that specifies when the action should be cached.
+    # And you can also use :if (or :unless) to pass a Proc that specifies when the action should be cached.
+    #
+    # Finally, if you are using memcached, you can also pass :expires_in.
     #
     #   class ListsController < ApplicationController
     #     before_filter :authenticate, :except => :public
     #     caches_page   :public
     #     caches_action :index, :if => Proc.new { |c| !c.request.format.json? } # cache if is not a JSON request
-    #     caches_action :show, :cache_path => { :project => 1 }
+    #     caches_action :show, :cache_path => { :project => 1 }, :expires_in => 1.hour
     #     caches_action :feed, :cache_path => Proc.new { |controller|
     #       controller.params[:user_id] ?
-    #         controller.send(:user_list_url, c.params[:user_id], c.params[:id]) :
-    #         controller.send(:list_url, c.params[:id]) }
+    #         controller.send(:user_list_url, controller.params[:user_id], controller.params[:id]) :
+    #         controller.send(:list_url, controller.params[:id]) }
     #   end
     #
+    # If you pass :layout => false, it will only cache your action content. It is useful when your layout has dynamic information.
+    #
     module Actions
       def self.included(base) #:nodoc:
         base.extend(ClassMethods)
@@ -54,7 +58,12 @@ module ActionController #:nodoc:
         def caches_action(*actions)
           return unless cache_configured?
           options = actions.extract_options!
-          around_filter(ActionCacheFilter.new(:cache_path => options.delete(:cache_path)), {:only => actions}.merge(options))
+          filter_options = { :only => actions, :if => options.delete(:if), :unless => options.delete(:unless) }
+
+          cache_filter = ActionCacheFilter.new(:layout => options.delete(:layout), :cache_path => options.delete(:cache_path), :store_options => options)
+          around_filter(filter_options) do |controller, action|
+            cache_filter.filter(controller, action)
+          end
         end
       end
 
@@ -64,10 +73,10 @@ module ActionController #:nodoc:
 
           if options[:action].is_a?(Array)
             options[:action].dup.each do |action|
-              expire_fragment(ActionCachePath.path_for(self, options.merge({ :action => action })))
+              expire_fragment(ActionCachePath.path_for(self, options.merge({ :action => action }), false))
             end
           else
-            expire_fragment(ActionCachePath.path_for(self, options))
+            expire_fragment(ActionCachePath.path_for(self, options, false))
           end
         end
 
@@ -76,12 +85,20 @@ module ActionController #:nodoc:
           @options = options
         end
 
+        def filter(controller, action)
+          should_continue = before(controller)
+          action.call if should_continue
+          after(controller)
+        end
+
         def before(controller)
-          cache_path = ActionCachePath.new(controller, path_options_for(controller, @options))
-          if cache = controller.read_fragment(cache_path.path)
+          cache_path = ActionCachePath.new(controller, path_options_for(controller, @options.slice(:cache_path)))
+          if cache = controller.read_fragment(cache_path.path, @options[:store_options])
             controller.rendered_action_cache = true
             set_content_type!(controller, cache_path.extension)
-            controller.send!(:render_for_text, cache)
+            options = { :text => cache }
+            options.merge!(:layout => true) if cache_layout?
+            controller.__send__(:render, options)
             false
           else
             controller.action_cache_path = cache_path
@@ -90,7 +107,8 @@ module ActionController #:nodoc:
 
         def after(controller)
           return if controller.rendered_action_cache || !caching_allowed(controller)
-          controller.write_fragment(controller.action_cache_path.path, controller.response.body)
+          action_content = cache_layout? ? content_for_layout(controller) : controller.response.body
+          controller.write_fragment(controller.action_cache_path.path, action_content, @options[:store_options])
         end
 
         private
@@ -103,7 +121,15 @@ module ActionController #:nodoc:
           end
 
           def caching_allowed(controller)
-            controller.request.get? && controller.response.headers['Status'].to_i == 200
+            controller.request.get? && controller.response.status.to_i == 200
+          end
+
+          def cache_layout?
+            @options[:layout] == false
+          end
+
+          def content_for_layout(controller)
+            controller.response.layout && controller.response.template.instance_variable_get('@cached_content_for_layout')
           end
       end
 
@@ -111,13 +137,20 @@ module ActionController #:nodoc:
         attr_reader :path, :extension
 
         class << self
-          def path_for(controller, options)
-            new(controller, options).path
+          def path_for(controller, options, infer_extension = true)
+            new(controller, options, infer_extension).path
           end
         end
+        
+        # When true, infer_extension will look up the cache path extension from the request's path & format.
+        # This is desirable when reading and writing the cache, but not when expiring the cache -
+        # expire_action should expire the same files regardless of the request format.
+        def initialize(controller, options = {}, infer_extension = true)
+          if infer_extension
+            extract_extension(controller.request)
+            options = options.reverse_merge(:format => @extension) if options.is_a?(Hash)
+          end
 
-        def initialize(controller, options = {})
-          @extension = extract_extension(controller.request.path)
           path = controller.url_for(options).split('://').last
           normalize!(path)
           add_extension!(path, @extension)
@@ -130,13 +163,13 @@ module ActionController #:nodoc:
           end
 
           def add_extension!(path, extension)
-            path << ".#{extension}" if extension
+            path << ".#{extension}" if extension and !path.ends_with?(extension)
           end
-
-          def extract_extension(file_path)
+          
+          def extract_extension(request)
             # Don't want just what comes after the last '.' to accommodate multi part extensions
             # such as tar.gz.
-            file_path[/^[^.]+\.(.+)$/, 1]
+            @extension = request.path[/^[^.]+\.(.+)$/, 1] || request.cache_format
           end
       end
     end

actionpack/lib/action_controller/caching/fragments.rb

@@ -2,7 +2,7 @@ module ActionController #:nodoc:
   module Caching
     # Fragment caching is used for caching various blocks within templates without caching the entire action as a whole. This is useful when
     # certain elements of an action change frequently or depend on complicated state while other parts rarely change or can be shared amongst multiple
-    # parties. The caching is doing using the cache helper available in the Action View. A template with caching might look something like:
+    # parties. The caching is done using the cache helper available in the Action View. A template with caching might look something like:
     #
     #   <b>Hello <%= @name %></b>
     #   <% cache do %>
@@ -10,49 +10,23 @@ module ActionController #:nodoc:
     #     <%= render :partial => "topic", :collection => Topic.find(:all) %>
     #   <% end %>
     #
-    # This cache will bind to the name of the action that called it, so if this code was part of the view for the topics/list action, you would 
-    # be able to invalidate it using <tt>expire_fragment(:controller => "topics", :action => "list")</tt>. 
-    # 
-    # This default behavior is of limited use if you need to cache multiple fragments per action or if the action itself is cached using 
+    # This cache will bind to the name of the action that called it, so if this code was part of the view for the topics/list action, you would
+    # be able to invalidate it using <tt>expire_fragment(:controller => "topics", :action => "list")</tt>.
+    #
+    # This default behavior is of limited use if you need to cache multiple fragments per action or if the action itself is cached using
     # <tt>caches_action</tt>, so we also have the option to qualify the name of the cached fragment with something like:
     #
     #   <% cache(:action => "list", :action_suffix => "all_topics") do %>
     #
-    # That would result in a name such as "/topics/list/all_topics", avoiding conflicts with the action cache and with any fragments that use a 
-    # different suffix. Note that the URL doesn't have to really exist or be callable - the url_for system is just used to generate unique 
-    # cache names that we can refer to when we need to expire the cache. 
-    # 
+    # That would result in a name such as "/topics/list/all_topics", avoiding conflicts with the action cache and with any fragments that use a
+    # different suffix. Note that the URL doesn't have to really exist or be callable - the url_for system is just used to generate unique
+    # cache names that we can refer to when we need to expire the cache.
+    #
     # The expiration call for this example is:
-    # 
+    #
     #   expire_fragment(:controller => "topics", :action => "list", :action_suffix => "all_topics")
     module Fragments
-      def self.included(base) #:nodoc:
-        base.class_eval do
-          class << self
-            def fragment_cache_store=(store_option) #:nodoc:
-              ActiveSupport::Deprecation.warn('The fragment_cache_store= method is now use cache_store=')
-              self.cache_store = store_option
-            end
-          
-            def fragment_cache_store #:nodoc:
-              ActiveSupport::Deprecation.warn('The fragment_cache_store method is now use cache_store')
-              cache_store
-            end
-          end
-
-          def fragment_cache_store=(store_option) #:nodoc:
-            ActiveSupport::Deprecation.warn('The fragment_cache_store= method is now use cache_store=')
-            self.cache_store = store_option
-          end
-        
-          def fragment_cache_store #:nodoc:
-            ActiveSupport::Deprecation.warn('The fragment_cache_store method is now use cache_store')
-            cache_store
-          end
-        end
-      end
-
-      # Given a key (as described in <tt>expire_fragment</tt>), returns a key suitable for use in reading, 
+      # Given a key (as described in <tt>expire_fragment</tt>), returns a key suitable for use in reading,
       # writing, or expiring a cached fragment. If the key is a hash, the generated key is the return
       # value of url_for on that hash (without the protocol). All keys are prefixed with "views/" and uses
       # ActiveSupport::Cache.expand_cache_key for the expansion.
@@ -60,23 +34,23 @@ module ActionController #:nodoc:
         ActiveSupport::Cache.expand_cache_key(key.is_a?(Hash) ? url_for(key).split("://").last : key, :views)
       end
 
-      def fragment_for(block, name = {}, options = nil) #:nodoc:
-        unless perform_caching then block.call; return end
-
-        buffer = yield
-
-        if cache = read_fragment(name, options)
-          buffer.concat(cache)
+      def fragment_for(buffer, name = {}, options = nil, &block) #:nodoc:
+        if perform_caching
+          if cache = read_fragment(name, options)
+            buffer.concat(cache)
+          else
+            pos = buffer.length
+            block.call
+            write_fragment(name, buffer[pos..-1], options)
+          end
         else
-          pos = buffer.length
           block.call
-          write_fragment(name, buffer[pos..-1], options)
         end
       end
 
       # Writes <tt>content</tt> to the location signified by <tt>key</tt> (see <tt>expire_fragment</tt> for acceptable formats)
       def write_fragment(key, content, options = nil)
-        return unless cache_configured?
+        return content unless cache_configured?
 
         key = fragment_cache_key(key)
 
@@ -109,15 +83,23 @@ module ActionController #:nodoc:
         end
       end
 
-      # Name can take one of three forms:
-      # * String: This would normally take the form of a path like "pages/45/notes"
-      # * Hash: Is treated as an implicit call to url_for, like { :controller => "pages", :action => "notes", :id => 45 }
-      # * Regexp: Will destroy all the matched fragments, example:
-      #     %r{pages/\d*/notes}
-      #   Ensure you do not specify start and finish in the regex (^$) because
-      #   the actual filename matched looks like ./cache/filename/path.cache
-      #   Regexp expiration is only supported on caches that can iterate over
-      #   all keys (unlike memcached).
+      # Removes fragments from the cache.
+      #
+      # +key+ can take one of three forms:
+      # * String - This would normally take the form of a path, like
+      #   <tt>"pages/45/notes"</tt>.
+      # * Hash - Treated as an implicit call to +url_for+, like
+      #   <tt>{:controller => "pages", :action => "notes", :id => 45}</tt>
+      # * Regexp - Will remove any fragment that matches, so
+      #   <tt>%r{pages/\d*/notes}</tt> might remove all notes. Make sure you
+      #   don't use anchors in the regex (<tt>^</tt> or <tt>$</tt>) because
+      #   the actual filename matched looks like
+      #   <tt>./cache/filename/path.cache</tt>. Note: Regexp expiration is
+      #   only supported on caches that can iterate over all keys (unlike
+      #   memcached).
+      #
+      # +options+ is passed through to the cache store's <tt>delete</tt>
+      # method (or <tt>delete_matched</tt>, for Regexp keys.)
       def expire_fragment(key, options = nil)
         return unless cache_configured?
 

actionpack/lib/action_controller/caching/pages.rb

@@ -33,28 +33,26 @@ module ActionController #:nodoc:
     #
     # Additionally, you can expire caches using Sweepers that act on changes in the model to determine when a cache is supposed to be
     # expired.
-    #
-    # == Setting the cache directory
-    #
-    # The cache directory should be the document root for the web server and is set using <tt>Base.page_cache_directory = "/document/root"</tt>.
-    # For Rails, this directory has already been set to Rails.public_path (which is usually set to <tt>RAILS_ROOT + "/public"</tt>). Changing
-    # this setting can be useful to avoid naming conflicts with files in <tt>public/</tt>, but doing so will likely require configuring your
-    # web server to look in the new location for cached files.
-    #
-    # == Setting the cache extension
-    #
-    # Most Rails requests do not have an extension, such as <tt>/weblog/new</tt>. In these cases, the page caching mechanism will add one in
-    # order to make it easy for the cached files to be picked up properly by the web server. By default, this cache extension is <tt>.html</tt>.
-    # If you want something else, like <tt>.php</tt> or <tt>.shtml</tt>, just set Base.page_cache_extension. In cases where a request already has an
-    # extension, such as <tt>.xml</tt> or <tt>.rss</tt>, page caching will not add an extension. This allows it to work well with RESTful apps.
     module Pages
       def self.included(base) #:nodoc:
         base.extend(ClassMethods)
         base.class_eval do
           @@page_cache_directory = defined?(Rails.public_path) ? Rails.public_path : ""
+          ##
+          # :singleton-method:
+          # The cache directory should be the document root for the web server and is set using <tt>Base.page_cache_directory = "/document/root"</tt>.
+          # For Rails, this directory has already been set to Rails.public_path (which is usually set to <tt>RAILS_ROOT + "/public"</tt>). Changing
+          # this setting can be useful to avoid naming conflicts with files in <tt>public/</tt>, but doing so will likely require configuring your
+          # web server to look in the new location for cached files.
           cattr_accessor :page_cache_directory
 
           @@page_cache_extension = '.html'
+          ##
+          # :singleton-method:
+          # Most Rails requests do not have an extension, such as <tt>/weblog/new</tt>. In these cases, the page caching mechanism will add one in
+          # order to make it easy for the cached files to be picked up properly by the web server. By default, this cache extension is <tt>.html</tt>.
+          # If you want something else, like <tt>.php</tt> or <tt>.shtml</tt>, just set Base.page_cache_extension. In cases where a request already has an
+          # extension, such as <tt>.xml</tt> or <tt>.rss</tt>, page caching will not add an extension. This allows it to work well with RESTful apps.
           cattr_accessor :page_cache_extension
         end
       end
@@ -147,7 +145,7 @@ module ActionController #:nodoc:
 
       private
         def caching_allowed
-          request.get? && response.headers['Status'].to_i == 200
+          request.get? && response.status.to_i == 200
         end
     end
   end

actionpack/lib/action_controller/caching/sql_cache.rb

@@ -1,18 +0,0 @@
-module ActionController #:nodoc:
-  module Caching
-    module SqlCache
-      def self.included(base) #:nodoc:
-        if defined?(ActiveRecord) && ActiveRecord::Base.respond_to?(:cache)
-          base.alias_method_chain :perform_action, :caching
-        end
-      end
-
-      protected
-        def perform_action_with_caching
-          ActiveRecord::Base.cache do
-            perform_action_without_caching
-          end
-        end
-    end
-  end
-end

actionpack/lib/action_controller/caching/sweeper.rb

@@ -0,0 +1,45 @@
+require 'active_record'
+
+module ActionController #:nodoc:
+  module Caching
+    class Sweeper < ActiveRecord::Observer #:nodoc:
+      attr_accessor :controller
+
+      def before(controller)
+        self.controller = controller
+        callback(:before) if controller.perform_caching
+      end
+
+      def after(controller)
+        callback(:after) if controller.perform_caching
+        # Clean up, so that the controller can be collected after this request
+        self.controller = nil
+      end
+
+      protected
+        # gets the action cache path for the given options.
+        def action_path_for(options)
+          ActionController::Caching::Actions::ActionCachePath.path_for(controller, options)
+        end
+
+        # Retrieve instance variables set in the controller.
+        def assigns(key)
+          controller.instance_variable_get("@#{key}")
+        end
+
+      private
+        def callback(timing)
+          controller_callback_method_name = "#{timing}_#{controller.controller_name.underscore}"
+          action_callback_method_name     = "#{controller_callback_method_name}_#{controller.action_name}"
+
+          __send__(controller_callback_method_name) if respond_to?(controller_callback_method_name, true)
+          __send__(action_callback_method_name)     if respond_to?(action_callback_method_name, true)
+        end
+
+        def method_missing(method, *arguments, &block)
+          return if @controller.nil?
+          @controller.__send__(method, *arguments, &block)
+        end
+    end
+  end
+end

actionpack/lib/action_controller/caching/sweeping.rb

@@ -51,47 +51,5 @@ module ActionController #:nodoc:
         end
       end
     end
-
-    if defined?(ActiveRecord) and defined?(ActiveRecord::Observer)
-      class Sweeper < ActiveRecord::Observer #:nodoc:
-        attr_accessor :controller
-
-        def before(controller)
-          self.controller = controller
-          callback(:before) if controller.perform_caching
-        end
-
-        def after(controller)
-          callback(:after) if controller.perform_caching
-          # Clean up, so that the controller can be collected after this request
-          self.controller = nil
-        end
-
-        protected
-          # gets the action cache path for the given options.
-          def action_path_for(options)
-            ActionController::Caching::Actions::ActionCachePath.path_for(controller, options)
-          end
-
-          # Retrieve instance variables set in the controller.
-          def assigns(key)
-            controller.instance_variable_get("@#{key}")
-          end
-
-        private
-          def callback(timing)
-            controller_callback_method_name = "#{timing}_#{controller.controller_name.underscore}"
-            action_callback_method_name     = "#{controller_callback_method_name}_#{controller.action_name}"
-
-            send!(controller_callback_method_name) if respond_to?(controller_callback_method_name, true)
-            send!(action_callback_method_name)     if respond_to?(action_callback_method_name, true)
-          end
-
-          def method_missing(method, *arguments)
-            return if @controller.nil?
-            @controller.send!(method, *arguments)
-          end
-      end
-    end
   end
 end

actionpack/lib/action_controller/cgi_ext.rb

@@ -1,7 +1,6 @@
 require 'action_controller/cgi_ext/stdinput'
 require 'action_controller/cgi_ext/query_extension'
 require 'action_controller/cgi_ext/cookie'
-require 'action_controller/cgi_ext/session'
 
 class CGI #:nodoc:
   include ActionController::CgiExt::Stdinput

actionpack/lib/action_controller/cgi_ext/cookie.rb

@@ -1,3 +1,5 @@
+require 'delegate'
+
 CGI.module_eval { remove_const "Cookie" }
 
 # TODO: document how this differs from stdlib CGI::Cookie

actionpack/lib/action_controller/cgi_ext/session.rb

@@ -1,73 +0,0 @@
-require 'digest/md5'
-require 'cgi/session'
-require 'cgi/session/pstore'
-
-class CGI #:nodoc:
-  # * Expose the CGI instance to session stores.
-  # * Don't require 'digest/md5' whenever a new session id is generated.
-  class Session #:nodoc:
-    begin
-      require 'securerandom'
-
-      # Generate a 32-character unique id using SecureRandom.
-      # This is used to generate session ids but may be reused elsewhere.
-      def self.generate_unique_id(constant = nil)
-        SecureRandom.hex(16)
-      end
-    rescue LoadError
-      # Generate an 32-character unique id based on a hash of the current time,
-      # a random number, the process id, and a constant string. This is used
-      # to generate session ids but may be reused elsewhere.
-      def self.generate_unique_id(constant = 'foobar')
-        md5 = Digest::MD5.new
-        now = Time.now
-        md5 << now.to_s
-        md5 << String(now.usec)
-        md5 << String(rand(0))
-        md5 << String($$)
-        md5 << constant
-        md5.hexdigest
-      end
-    end
-
-    # Make the CGI instance available to session stores.
-    attr_reader :cgi
-    attr_reader :dbman
-    alias_method :initialize_without_cgi_reader, :initialize
-    def initialize(cgi, options = {})
-      @cgi = cgi
-      initialize_without_cgi_reader(cgi, options)
-    end
-
-    private
-      # Create a new session id.
-      def create_new_id
-        @new_session = true
-        self.class.generate_unique_id
-      end
-
-    # * Don't require 'digest/md5' whenever a new session is started.
-    class PStore #:nodoc:
-      def initialize(session, option={})
-        dir = option['tmpdir'] || Dir::tmpdir
-        prefix = option['prefix'] || ''
-        id = session.session_id
-        md5 = Digest::MD5.hexdigest(id)[0,16]
-        path = dir+"/"+prefix+md5
-        path.untaint
-        if File::exist?(path)
-          @hash = nil
-        else
-          unless session.new_session
-            raise CGI::Session::NoSession, "uninitialized session"
-          end
-          @hash = {}
-        end
-        @p = ::PStore.new(path)
-        @p.transaction do |p|
-          File.chmod(0600, p.path)
-        end
-      end
-    end
-  end
-end

actionpack/lib/action_controller/cgi_process.rb

@@ -1,223 +1,77 @@
 require 'action_controller/cgi_ext'
-require 'action_controller/session/cookie_store'
 
 module ActionController #:nodoc:
-  class Base
-    # Process a request extracted from a CGI object and return a response. Pass false as <tt>session_options</tt> to disable
-    # sessions (large performance increase if sessions are not needed). The <tt>session_options</tt> are the same as for CGI::Session:
-    #
-    # * <tt>:database_manager</tt> - standard options are CGI::Session::FileStore, CGI::Session::MemoryStore, and CGI::Session::PStore
-    #   (default). Additionally, there is CGI::Session::DRbStore and CGI::Session::ActiveRecordStore. Read more about these in
-    #   lib/action_controller/session.
-    # * <tt>:session_key</tt> - the parameter name used for the session id. Defaults to '_session_id'.
-    # * <tt>:session_id</tt> - the session id to use.  If not provided, then it is retrieved from the +session_key+ cookie, or 
-    #   automatically generated for a new session.
-    # * <tt>:new_session</tt> - if true, force creation of a new session.  If not set, a new session is only created if none currently
-    #   exists.  If false, a new session is never created, and if none currently exists and the +session_id+ option is not set,
-    #   an ArgumentError is raised.
-    # * <tt>:session_expires</tt> - the time the current session expires, as a Time object.  If not set, the session will continue
-    #   indefinitely.
-    # * <tt>:session_domain</tt> - the hostname domain for which this session is valid. If not set, defaults to the hostname of the
-    #   server.
-    # * <tt>:session_secure</tt> - if +true+, this session will only work over HTTPS.
-    # * <tt>:session_path</tt> - the path for which this session applies.  Defaults to the directory of the CGI script.
-    # * <tt>:cookie_only</tt> - if +true+ (the default), session IDs will only be accepted from cookies and not from
-    #   the query string or POST parameters. This protects against session fixation attacks.
-    def self.process_cgi(cgi = CGI.new, session_options = {})
-      new.process_cgi(cgi, session_options)
-    end
-
-    def process_cgi(cgi, session_options = {}) #:nodoc:
-      process(CgiRequest.new(cgi, session_options), CgiResponse.new(cgi)).out
-    end
-  end
-
-  class CgiRequest < AbstractRequest #:nodoc:
-    attr_accessor :cgi, :session_options
-    class SessionFixationAttempt < StandardError #:nodoc:
-    end
-
-    DEFAULT_SESSION_OPTIONS = {
-      :database_manager => CGI::Session::CookieStore, # store data in cookie
-      :prefix           => "ruby_sess.",    # prefix session file names
-      :session_path     => "/",             # available to all paths in app
-      :session_key      => "_session_id",
-      :cookie_only      => true
-    } unless const_defined?(:DEFAULT_SESSION_OPTIONS)
-
-    def initialize(cgi, session_options = {})
-      @cgi = cgi
-      @session_options = session_options
-      @env = @cgi.send!(:env_table)
-      super()
-    end
-
-    def query_string
-      qs = @cgi.query_string if @cgi.respond_to?(:query_string)
-      if !qs.blank?
-        qs
-      else
-        super
-      end
-    end
-
-    # The request body is an IO input stream. If the RAW_POST_DATA environment
-    # variable is already set, wrap it in a StringIO.
-    def body
-      if raw_post = env['RAW_POST_DATA']
-        raw_post.force_encoding(Encoding::BINARY) if raw_post.respond_to?(:force_encoding)
-        StringIO.new(raw_post)
-      else
-        @cgi.stdinput
-      end
-    end
-
-    def query_parameters
-      @query_parameters ||= self.class.parse_query_parameters(query_string)
-    end
-
-    def request_parameters
-      @request_parameters ||= parse_formatted_request_parameters
-    end
-
-    def cookies
-      @cgi.cookies.freeze
-    end
-
-    def host_with_port_without_standard_port_handling
-      if forwarded = env["HTTP_X_FORWARDED_HOST"]
-        forwarded.split(/,\s?/).last
-      elsif http_host = env['HTTP_HOST']
-        http_host
-      elsif server_name = env['SERVER_NAME']
-        server_name
-      else
-        "#{env['SERVER_ADDR']}:#{env['SERVER_PORT']}"
-      end
-    end
-
-    def host
-      host_with_port_without_standard_port_handling.sub(/:\d+$/, '')
-    end
-
-    def port
-      if host_with_port_without_standard_port_handling =~ /:(\d+)$/
-        $1.to_i
-      else
-        standard_port
-      end
-    end
-
-    def session
-      unless defined?(@session)
-        if @session_options == false
-          @session = Hash.new
-        else
-          stale_session_check! do
-            if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
-              raise SessionFixationAttempt
-            end
-            case value = session_options_with_string_keys['new_session']
-              when true
-                @session = new_session
-              when false
-                begin
-                  @session = CGI::Session.new(@cgi, session_options_with_string_keys)
-                # CGI::Session raises ArgumentError if 'new_session' == false
-                # and no session cookie or query param is present.
-                rescue ArgumentError
-                  @session = Hash.new
-                end
-              when nil
-                @session = CGI::Session.new(@cgi, session_options_with_string_keys)
-              else
-                raise ArgumentError, "Invalid new_session option: #{value}"
-            end
-            @session['__valid_session']
-          end
-        end
-      end
-      @session
-    end
-
-    def reset_session
-      @session.delete if defined?(@session) && @session.is_a?(CGI::Session)
-      @session = new_session
-    end
-
-    def method_missing(method_id, *arguments)
-      @cgi.send!(method_id, *arguments) rescue super
-    end
-
-    private
-      # Delete an old session if it exists then create a new one.
-      def new_session
-        if @session_options == false
-          Hash.new
-        else
-          CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => false)).delete rescue nil
-          CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => true))
+  class CGIHandler
+    module ProperStream
+      def each
+        while line = gets
+          yield line
         end
       end
 
-      def cookie_only?
-        session_options_with_string_keys['cookie_only']
-      end
-
-      def stale_session_check!
-        yield
-      rescue ArgumentError => argument_error
-        if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
-          begin
-            # Note that the regexp does not allow $1 to end with a ':'
-            $1.constantize
-          rescue LoadError, NameError => const_error
-            raise ActionController::SessionRestoreError, <<-end_msg
-Session contains objects whose class definition isn\'t available.
-Remember to require the classes for all objects kept in the session.
-(Original exception: #{const_error.message} [#{const_error.class}])
-end_msg
-          end
-
-          retry
+      def read(*args)
+        if args.empty?
+          super || ""
         else
-          raise
+          super
         end
       end
-
-      def session_options_with_string_keys
-        @session_options_with_string_keys ||= DEFAULT_SESSION_OPTIONS.merge(@session_options).stringify_keys
-      end
-  end
-
-  class CgiResponse < AbstractResponse #:nodoc:
-    def initialize(cgi)
-      @cgi = cgi
-      super()
     end
 
-    def out(output = $stdout)
-      output.binmode      if output.respond_to?(:binmode)
-      output.sync = false if output.respond_to?(:sync=)
+    def self.dispatch_cgi(app, cgi, out = $stdout)
+      env = cgi.__send__(:env_table)
+      env.delete "HTTP_CONTENT_LENGTH"
 
+      cgi.stdinput.extend ProperStream
+
+      env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/"
+
+      env.update({
+        "rack.version" => [0,1],
+        "rack.input" => cgi.stdinput,
+        "rack.errors" => $stderr,
+        "rack.multithread" => false,
+        "rack.multiprocess" => true,
+        "rack.run_once" => false,
+        "rack.url_scheme" => ["yes", "on", "1"].include?(env["HTTPS"]) ? "https" : "http"
+      })
+
+      env["QUERY_STRING"] ||= ""
+      env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
+      env["REQUEST_PATH"] ||= "/"
+      env.delete "PATH_INFO" if env["PATH_INFO"] == ""
+
+      status, headers, body = app.call(env)
       begin
-        output.write(@cgi.header(@headers))
+        out.binmode if out.respond_to?(:binmode)
+        out.sync = false if out.respond_to?(:sync=)
 
-        if @cgi.send!(:env_table)['REQUEST_METHOD'] == 'HEAD'
-          return
-        elsif @body.respond_to?(:call)
-          # Flush the output now in case the @body Proc uses
-          # #syswrite.
-          output.flush if output.respond_to?(:flush)
-          @body.call(self, output)
-        else
-          output.write(@body)
+        headers['Status'] = status.to_s
+
+        if headers.include?('Set-Cookie')
+          headers['cookie'] = headers.delete('Set-Cookie').split("\n")
         end
 
-        output.flush if output.respond_to?(:flush)
-      rescue Errno::EPIPE, Errno::ECONNRESET
-        # lost connection to parent process, ignore output
+        out.write(cgi.header(headers))
+
+        body.each { |part|
+          out.write part
+          out.flush if out.respond_to?(:flush)
+        }
+      ensure
+        body.close if body.respond_to?(:close)
       end
     end
   end
+
+  class CgiRequest #:nodoc:
+    DEFAULT_SESSION_OPTIONS = {
+      :database_manager  => nil,
+      :prefix            => "ruby_sess.",
+      :session_path      => "/",
+      :session_key       => "_session_id",
+      :cookie_only       => true,
+      :session_http_only => true
+    }
+  end
 end

actionpack/lib/action_controller/components.rb

@@ -1,166 +0,0 @@
-module ActionController #:nodoc:
-  # Components allow you to call other actions for their rendered response while executing another action. You can either delegate
-  # the entire response rendering or you can mix a partial response in with your other content.
-  #
-  #   class WeblogController < ActionController::Base
-  #     # Performs a method and then lets hello_world output its render
-  #     def delegate_action
-  #       do_other_stuff_before_hello_world
-  #       render_component :controller => "greeter",  :action => "hello_world", :params => { :person => "david" }
-  #     end
-  #   end
-  #
-  #   class GreeterController < ActionController::Base
-  #     def hello_world
-  #       render :text => "#{params[:person]} says, Hello World!"
-  #     end
-  #   end
-  #
-  # The same can be done in a view to do a partial rendering:
-  #
-  #   Let's see a greeting:
-  #   <%= render_component :controller => "greeter", :action => "hello_world" %>
-  #
-  # It is also possible to specify the controller as a class constant, bypassing the inflector
-  # code to compute the controller class at runtime:
-  #
-  # <%= render_component :controller => GreeterController, :action => "hello_world" %>
-  #
-  # == When to use components
-  #
-  # Components should be used with care. They're significantly slower than simply splitting reusable parts into partials and
-  # conceptually more complicated. Don't use components as a way of separating concerns inside a single application. Instead,
-  # reserve components to those rare cases where you truly have reusable view and controller elements that can be employed
-  # across many applications at once.
-  #
-  # So to repeat: Components are a special-purpose approach that can often be replaced with better use of partials and filters.
-  module Components
-    def self.included(base) #:nodoc:
-      base.class_eval do
-        include InstanceMethods
-        extend ClassMethods
-        helper HelperMethods
-
-        # If this controller was instantiated to process a component request,
-        # +parent_controller+ points to the instantiator of this controller.
-        attr_accessor :parent_controller
-
-        alias_method_chain :process_cleanup, :components
-        alias_method_chain :set_session_options, :components
-        alias_method_chain :flash, :components
-
-        alias_method :component_request?, :parent_controller
-      end
-    end
-
-    module ClassMethods
-      # Track parent controller to identify component requests
-      def process_with_components(request, response, parent_controller = nil) #:nodoc:
-        controller = new
-        controller.parent_controller = parent_controller
-        controller.process(request, response)
-      end
-    end
-
-    module HelperMethods
-      def render_component(options)
-        @controller.send!(:render_component_as_string, options)
-      end
-    end
-
-    module InstanceMethods
-      # Extracts the action_name from the request parameters and performs that action.
-      def process_with_components(request, response, method = :perform_action, *arguments) #:nodoc:
-        flash.discard if component_request?
-        process_without_components(request, response, method, *arguments)
-      end
-
-      protected
-        # Renders the component specified as the response for the current method
-        def render_component(options) #:doc:
-          component_logging(options) do
-            render_for_text(component_response(options, true).body, response.headers["Status"])
-          end
-        end
-
-        # Returns the component response as a string
-        def render_component_as_string(options) #:doc:
-          component_logging(options) do
-            response = component_response(options, false)
-
-            if redirected = response.redirected_to
-              render_component_as_string(redirected)
-            else
-              response.body
-            end
-          end
-        end
-
-        def flash_with_components(refresh = false) #:nodoc:
-          if !defined?(@_flash) || refresh
-            @_flash =
-              if defined?(@parent_controller)
-                @parent_controller.flash
-              else
-                flash_without_components
-              end
-          end
-          @_flash
-        end
-
-      private
-        def component_response(options, reuse_response)
-          klass    = component_class(options)
-          request  = request_for_component(klass.controller_name, options)
-          new_response = reuse_response ? response : response.dup
-
-          klass.process_with_components(request, new_response, self)
-        end
-
-        # determine the controller class for the component request
-        def component_class(options)
-          if controller = options[:controller]
-            controller.is_a?(Class) ? controller : "#{controller.camelize}Controller".constantize
-          else
-            self.class
-          end
-        end
-
-        # Create a new request object based on the current request.
-        # The new request inherits the session from the current request,
-        # bypassing any session options set for the component controller's class
-        def request_for_component(controller_name, options)
-          new_request         = request.dup
-          new_request.session = request.session
-
-          new_request.instance_variable_set(
-            :@parameters,
-            (options[:params] || {}).with_indifferent_access.update(
-              "controller" => controller_name, "action" => options[:action], "id" => options[:id]
-            )
-          )
-
-          new_request
-        end
-
-        def component_logging(options)
-          if logger
-            logger.info "Start rendering component (#{options.inspect}): "
-            result = yield
-            logger.info "\n\nEnd of component rendering"
-            result
-          else
-            yield
-          end
-        end
-
-        def set_session_options_with_components(request)
-          set_session_options_without_components(request) unless component_request?
-        end
-
-        def process_cleanup_with_components
-          process_cleanup_without_components unless component_request?
-        end
-    end
-  end
-end

actionpack/lib/action_controller/cookies.rb

@@ -22,6 +22,16 @@ module ActionController #:nodoc:
   #
   #   cookies.delete :user_name
   #
+  # Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
+  #
+  #  cookies[:key] = {
+  #    :value => 'a yummy cookie',
+  #    :expires => 1.year.from_now,
+  #    :domain => 'domain.com'
+  #  }
+  #
+  #  cookies.delete(:key, :domain => 'domain.com')
+  #
   # The option symbols for setting cookies are:
   #
   # * <tt>:value</tt> - The cookie's value or list of values (as an array).
@@ -31,7 +41,7 @@ module ActionController #:nodoc:
   # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object.
   # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers.
   #   Default is +false+.
-  # * <tt>:http_only</tt> - Whether this cookie is accessible via scripting or
+  # * <tt>:httponly</tt> - Whether this cookie is accessible via scripting or
   #   only HTTP. Defaults to +false+.
   module Cookies
     def self.included(base)
@@ -41,7 +51,7 @@ module ActionController #:nodoc:
     protected
       # Returns the cookie container, which operates as described above.
       def cookies
-        CookieJar.new(self)
+        @cookies ||= CookieJar.new(self)
       end
   end
 
@@ -54,43 +64,31 @@ module ActionController #:nodoc:
 
     # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists.
     def [](name)
-      cookie = @cookies[name.to_s]
-      if cookie && cookie.respond_to?(:value)
-        cookie.size > 1 ? cookie.value : cookie.value[0]
-      end
+      super(name.to_s)
     end
 
     # Sets the cookie named +name+. The second argument may be the very cookie
     # value, or a hash of options as documented above.
-    def []=(name, options)
+    def []=(key, options)
       if options.is_a?(Hash)
-        options = options.inject({}) { |options, pair| options[pair.first.to_s] = pair.last; options }
-        options["name"] = name.to_s
+        options.symbolize_keys!
       else
-        options = { "name" => name.to_s, "value" => options }
+        options = { :value => options }
       end
 
-      set_cookie(options)
+      options[:path] = "/" unless options.has_key?(:path)
+      super(key.to_s, options[:value])
+      @controller.response.set_cookie(key, options)
     end
 
     # Removes the cookie on the client machine by setting the value to an empty string
     # and setting its expiration date into the past. Like <tt>[]=</tt>, you can pass in
     # an options hash to delete cookies with extra data such as a <tt>:path</tt>.
-    def delete(name, options = {})
-      options.stringify_keys!
-      set_cookie(options.merge("name" => name.to_s, "value" => "", "expires" => Time.at(0)))
+    def delete(key, options = {})
+      options.symbolize_keys!
+      options[:path] = "/" unless options.has_key?(:path)
+      super(key.to_s)
+      @controller.response.delete_cookie(key, options)
     end
-
-    private
-      # Builds a CGI::Cookie object and adds the cookie to the response headers.
-      #
-      # The path of the cookie defaults to "/" if there's none in +options+, and
-      # everything is passed to the CGI::Cookie constructor.
-      def set_cookie(options) #:doc:
-        options["path"] = "/" unless options["path"]
-        cookie = CGI::Cookie.new(options)
-        @controller.logger.info "Cookie set: #{cookie}" unless @controller.logger.nil?
-        @controller.response.headers["cookie"] << cookie
-      end
   end
 end

actionpack/lib/action_controller/dispatcher.rb

@@ -2,35 +2,27 @@ module ActionController
   # Dispatches requests to the appropriate controller and takes care of
   # reloading the app after each request when Dependencies.load? is true.
   class Dispatcher
-    @@guard = Mutex.new
+    @@cache_classes = true
 
     class << self
       def define_dispatcher_callbacks(cache_classes)
+        @@cache_classes = cache_classes
         unless cache_classes
-          # Development mode callbacks
-          before_dispatch :reload_application
-          after_dispatch :cleanup_application
-        end
-
-        # Common callbacks
-        to_prepare :load_application_controller do
-          begin
-            require_dependency 'application' unless defined?(::ApplicationController)
-          rescue LoadError => error
-            raise unless error.message =~ /application\.rb/
-          end
+          ActionView::Helpers::AssetTagHelper.cache_asset_timestamps = false
         end
 
         if defined?(ActiveRecord)
-          before_dispatch { ActiveRecord::Base.verify_active_connections! }
           to_prepare(:activerecord_instantiate_observers) { ActiveRecord::Base.instantiate_observers }
         end
 
-        after_dispatch :flush_logger if defined?(RAILS_DEFAULT_LOGGER) && RAILS_DEFAULT_LOGGER.respond_to?(:flush)
+        after_dispatch :flush_logger if Base.logger && Base.logger.respond_to?(:flush)
+
+        to_prepare do
+          I18n.reload!
+        end
       end
 
-      # Backward-compatible class method takes CGI-specific args. Deprecated
-      # in favor of Dispatcher.new(output, request, response).dispatch.
+      # DEPRECATE: Remove CGI support
       def dispatch(cgi = nil, session_options = CgiRequest::DEFAULT_SESSION_OPTIONS, output = $stdout)
         new(output).dispatch_cgi(cgi, session_options)
       end
@@ -38,7 +30,7 @@ module ActionController
       # Add a preparation callback. Preparation callbacks are run before every
       # request in development mode, and before the first request in production
       # mode.
-      # 
+      #
       # An optional identifier may be supplied for the callback. If provided,
       # to_prepare may be called again with the same identifier to replace the
       # existing callback. Passing an identifier is a suggested practice if the
@@ -46,117 +38,96 @@ module ActionController
       def to_prepare(identifier = nil, &block)
         @prepare_dispatch_callbacks ||= ActiveSupport::Callbacks::CallbackChain.new
         callback = ActiveSupport::Callbacks::Callback.new(:prepare_dispatch, block, :identifier => identifier)
-        @prepare_dispatch_callbacks | callback
+        @prepare_dispatch_callbacks.replace_or_append!(callback)
       end
 
-      # If the block raises, send status code as a last-ditch response.
-      def failsafe_response(fallback_output, status, originating_exception = nil)
-        yield
-      rescue Exception => exception
-        begin
-          log_failsafe_exception(status, originating_exception || exception)
-          body = failsafe_response_body(status)
-          fallback_output.write "Status: #{status}\r\nContent-Type: text/html\r\n\r\n#{body}"
-          nil
-        rescue Exception => failsafe_error # Logger or IO errors
-          $stderr.puts "Error during failsafe response: #{failsafe_error}"
-          $stderr.puts "(originally #{originating_exception})" if originating_exception
+      def run_prepare_callbacks
+        if defined?(Rails) && Rails.logger
+          logger = Rails.logger
+        else
+          logger = Logger.new($stderr)
         end
+
+        new(logger).send :run_callbacks, :prepare_dispatch
       end
 
-      private
-        def failsafe_response_body(status)
-          error_path = "#{error_file_path}/#{status.to_s[0..3]}.html"
+      def reload_application
+        # Run prepare callbacks before every request in development mode
+        run_prepare_callbacks
 
-          if File.exist?(error_path)
-            File.read(error_path)
-          else
-            "<html><body><h1>#{status}</h1></body></html>"
-          end
-        end
+        Routing::Routes.reload
+      end
 
-        def log_failsafe_exception(status, exception)
-          message = "/!\\ FAILSAFE /!\\  #{Time.now}\n  Status: #{status}\n"
-          message << "  #{exception}\n    #{exception.backtrace.join("\n    ")}" if exception
-          failsafe_logger.fatal message
-        end
-
-        def failsafe_logger
-          if defined?(::RAILS_DEFAULT_LOGGER) && !::RAILS_DEFAULT_LOGGER.nil?
-            ::RAILS_DEFAULT_LOGGER
-          else
-            Logger.new($stderr)
-          end
-        end
+      def cleanup_application
+        # Cleanup the application before processing the current request.
+        ActiveRecord::Base.reset_subclasses if defined?(ActiveRecord)
+        ActiveSupport::Dependencies.clear
+        ActiveRecord::Base.clear_reloadable_connections! if defined?(ActiveRecord)
+      end
     end
 
-    cattr_accessor :error_file_path
-    self.error_file_path = Rails.public_path if defined?(Rails.public_path)
+    cattr_accessor :middleware
+    self.middleware = MiddlewareStack.new do |middleware|
+      middlewares = File.join(File.dirname(__FILE__), "middlewares.rb")
+      middleware.instance_eval(File.read(middlewares))
+    end
 
     include ActiveSupport::Callbacks
     define_callbacks :prepare_dispatch, :before_dispatch, :after_dispatch
 
-    def initialize(output, request = nil, response = nil)
-      @output, @request, @response = output, request, response
+    # DEPRECATE: Remove arguments, since they are only used by CGI
+    def initialize(output = $stdout, request = nil, response = nil)
+      @output = output
+      build_middleware_stack if @@cache_classes
     end
 
     def dispatch
-      @@guard.synchronize do
-        begin
-          run_callbacks :before_dispatch
-          handle_request
-        rescue Exception => exception
-          failsafe_rescue exception
-        ensure
-          run_callbacks :after_dispatch, :enumerator => :reverse_each
+      begin
+        run_callbacks :before_dispatch
+        Routing::Routes.call(@env)
+      rescue Exception => exception
+        if controller ||= (::ApplicationController rescue Base)
+          controller.call_with_exception(@env, exception).to_a
+        else
+          raise exception
+        end
+      ensure
+        run_callbacks :after_dispatch, :enumerator => :reverse_each
+      end
+    end
+
+    # DEPRECATE: Remove CGI support
+    def dispatch_cgi(cgi, session_options)
+      CGIHandler.dispatch_cgi(self, cgi, @output)
+    end
+
+    def call(env)
+      if @@cache_classes
+        @app.call(env)
+      else
+        Reloader.run do
+          # When class reloading is turned on, we will want to rebuild the
+          # middleware stack every time we process a request. If we don't
+          # rebuild the middleware stack, then the stack may contain references
+          # to old classes metal classes, which will b0rk class reloading.
+          build_middleware_stack
+          @app.call(env)
         end
       end
     end
 
-    def dispatch_cgi(cgi, session_options)
-      if cgi ||= self.class.failsafe_response(@output, '400 Bad Request') { CGI.new }
-        @request = CgiRequest.new(cgi, session_options)
-        @response = CgiResponse.new(cgi)
-        dispatch
-      end
-    rescue Exception => exception
-      failsafe_rescue exception
-    end
-
-    def reload_application
-      # Run prepare callbacks before every request in development mode
-      run_callbacks :prepare_dispatch
-
-      Routing::Routes.reload
-      ActionView::TemplateFinder.reload! unless ActionView::Base.cache_template_loading
-    end
-
-    # Cleanup the application by clearing out loaded classes so they can
-    # be reloaded on the next request without restarting the server.
-    def cleanup_application
-      ActiveRecord::Base.reset_subclasses if defined?(ActiveRecord)
-      ActiveSupport::Dependencies.clear
-      ActiveRecord::Base.clear_reloadable_connections! if defined?(ActiveRecord)
+    def _call(env)
+      @env = env
+      dispatch
     end
 
     def flush_logger
-      RAILS_DEFAULT_LOGGER.flush
+      Base.logger.flush
     end
 
-    protected
-      def handle_request
-        @controller = Routing::Routes.recognize(@request)
-        @controller.process(@request, @response).out(@output)
-      end
-
-      def failsafe_rescue(exception)
-        self.class.failsafe_response(@output, '500 Internal Server Error', exception) do
-          if @controller ||= defined?(::ApplicationController) ? ::ApplicationController : Base
-            @controller.process_with_exception(@request, @response, exception).out(@output)
-          else
-            raise exception
-          end
-        end
+    private
+      def build_middleware_stack
+        @app = @@middleware.build(lambda { |env| self.dup._call(env) })
       end
   end
 end

actionpack/lib/action_controller/failsafe.rb

@@ -0,0 +1,86 @@
+require 'erb'
+
+module ActionController
+  # The Failsafe middleware is usually the top-most middleware in the Rack
+  # middleware chain. It returns the underlying middleware's response, but if
+  # the underlying middle raises an exception then Failsafe will log the
+  # exception into the Rails log file, and will attempt to return an error
+  # message response.
+  #
+  # Failsafe is a last resort for logging errors and for telling the HTTP
+  # client that something went wrong. Do not confuse this with the
+  # ActionController::Rescue module, which is responsible for catching
+  # exceptions at deeper levels. Unlike Failsafe, which is as simple as
+  # possible, Rescue provides features that allow developers to hook into
+  # the error handling logic, and can customize the error message response
+  # based on the HTTP client's IP.
+  class Failsafe
+    cattr_accessor :error_file_path
+    self.error_file_path = Rails.public_path if defined?(Rails.public_path)
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      @app.call(env)
+    rescue Exception => exception
+      # Reraise exception in test environment
+      if defined?(Rails) && Rails.env.test?
+        raise exception
+      else
+        failsafe_response(exception)
+      end
+    end
+
+    private
+      def failsafe_response(exception)
+        log_failsafe_exception(exception)
+        [500, {'Content-Type' => 'text/html'}, [failsafe_response_body]]
+      rescue Exception => failsafe_error # Logger or IO errors
+        $stderr.puts "Error during failsafe response: #{failsafe_error}"
+      end
+
+      def failsafe_response_body
+        error_template_path = "#{self.class.error_file_path}/500.html"
+        if File.exist?(error_template_path)
+          begin
+            result = render_template(error_template_path)
+          rescue Exception
+            result = nil
+          end
+        else
+          result = nil
+        end
+        if result.nil?
+          result = "<html><body><h1>500 Internal Server Error</h1>" <<
+            "If you are the administrator of this website, then please read this web " <<
+            "application's log file to find out what went wrong.</body></html>"
+        end
+        result
+      end
+      
+      # The default 500.html uses the h() method.
+      def h(text) # :nodoc:
+        ERB::Util.h(text)
+      end
+      
+      def render_template(filename)
+        ERB.new(File.read(filename)).result(binding)
+      end
+
+      def log_failsafe_exception(exception)
+        message = "/!\\ FAILSAFE /!\\  #{Time.now}\n  Status: 500 Internal Server Error\n"
+        message << "  #{exception}\n    #{exception.backtrace.join("\n    ")}" if exception
+        failsafe_logger.fatal(message)
+      end
+
+      def failsafe_logger
+        if defined?(Rails) && Rails.logger
+          Rails.logger
+        else
+          Logger.new($stderr)
+        end
+      end
+  end
+end

actionpack/lib/action_controller/filters.rb

@@ -94,7 +94,7 @@ module ActionController #:nodoc:
           map! do |filter|
             if filters.include?(filter)
               new_filter = filter.dup
-              new_filter.options.merge!(options)
+              new_filter.update_options!(options)
               new_filter
             else
               filter
@@ -104,16 +104,34 @@ module ActionController #:nodoc:
     end
 
     class Filter < ActiveSupport::Callbacks::Callback #:nodoc:
+      def initialize(kind, method, options = {})
+        super
+        update_options! options
+      end
+
+      # override these to return true in appropriate subclass
       def before?
-        self.class == BeforeFilter
+        false
       end
 
       def after?
-        self.class == AfterFilter
+        false
       end
 
       def around?
-        self.class == AroundFilter
+        false
+      end
+
+      # Make sets of strings from :only/:except options
+      def update_options!(other)
+        if other
+          convert_only_and_except_options_to_sets_of_strings(other)
+          if other[:skip]
+            convert_only_and_except_options_to_sets_of_strings(other[:skip])
+          end
+        end
+
+        options.update(other)
       end
 
       private
@@ -127,9 +145,9 @@ module ActionController #:nodoc:
 
         def included_in_action?(controller, options)
           if options[:only]
-            Array(options[:only]).map(&:to_s).include?(controller.action_name)
+            options[:only].include?(controller.action_name)
           elsif options[:except]
-            !Array(options[:except]).map(&:to_s).include?(controller.action_name)
+            !options[:except].include?(controller.action_name)
           else
             true
           end
@@ -138,6 +156,14 @@ module ActionController #:nodoc:
         def should_run_callback?(controller)
           should_not_skip?(controller) && included_in_action?(controller, options) && super
         end
+
+        def convert_only_and_except_options_to_sets_of_strings(opts)
+          [:only, :except].each do |key|
+            if values = opts[key]
+              opts[key] = Array(values).map(&:to_s).to_set
+            end
+          end
+        end
     end
 
     class AroundFilter < Filter #:nodoc:
@@ -145,6 +171,10 @@ module ActionController #:nodoc:
         :around
       end
 
+      def around?
+        true
+      end
+
       def call(controller, &block)
         if should_run_callback?(controller)
           method = filter_responds_to_before_and_after? ? around_proc : self.method
@@ -169,8 +199,8 @@ module ActionController #:nodoc:
           Proc.new do |controller, action|
             method.before(controller)
 
-            if controller.send!(:performed?)
-              controller.send!(:halt_filter_chain, method, :rendered_or_redirected)
+            if controller.__send__(:performed?)
+              controller.__send__(:halt_filter_chain, method, :rendered_or_redirected)
             else
               begin
                 action.call
@@ -187,10 +217,14 @@ module ActionController #:nodoc:
         :before
       end
 
+      def before?
+        true
+      end
+
       def call(controller, &block)
         super
-        if controller.send!(:performed?)
-          controller.send!(:halt_filter_chain, method, :rendered_or_redirected)
+        if controller.__send__(:performed?)
+          controller.__send__(:halt_filter_chain, method, :rendered_or_redirected)
         end
       end
     end
@@ -199,6 +233,10 @@ module ActionController #:nodoc:
       def type
         :after
       end
+
+      def after?
+        true
+      end
     end
 
     # Filters enable controllers to run shared pre- and post-processing code for its actions. These filters can be used to do

actionpack/lib/action_controller/flash.rb

@@ -4,20 +4,22 @@ module ActionController #:nodoc:
   # action that sets <tt>flash[:notice] = "Successfully created"</tt> before redirecting to a display action that can
   # then expose the flash to its template. Actually, that exposure is automatically done. Example:
   #
-  #   class WeblogController < ActionController::Base
+  #   class PostsController < ActionController::Base
   #     def create
   #       # save post
   #       flash[:notice] = "Successfully created post"
-  #       redirect_to :action => "display", :params => { :id => post.id }
+  #       redirect_to posts_path(@post)
   #     end
   #
-  #     def display
+  #     def show
   #       # doesn't need to assign the flash notice to the template, that's done automatically
   #     end
   #   end
   #
-  #   display.erb
-  #     <% if flash[:notice] %><div class="notice"><%= flash[:notice] %></div><% end %>
+  #   show.html.erb
+  #     <% if flash[:notice] %>
+  #       <div class="notice"><%= flash[:notice] %></div>
+  #     <% end %>
   #
   # This example just places a string in the flash, but you can put any object in there. And of course, you can put as
   # many as you like at a time too. Just remember: They'll be gone by the time the next action has been performed.
@@ -27,55 +29,54 @@ module ActionController #:nodoc:
     def self.included(base)
       base.class_eval do
         include InstanceMethods
-        alias_method_chain :assign_shortcuts, :flash
-        alias_method_chain :reset_session,    :flash
+        alias_method_chain :perform_action, :flash
+        alias_method_chain :reset_session,  :flash
       end
     end
-    
-    
+
     class FlashNow #:nodoc:
       def initialize(flash)
         @flash = flash
       end
-      
+
       def []=(k, v)
         @flash[k] = v
         @flash.discard(k)
         v
       end
-      
+
       def [](k)
         @flash[k]
       end
     end
-    
+
     class FlashHash < Hash
       def initialize #:nodoc:
         super
         @used = {}
       end
-      
+
       def []=(k, v) #:nodoc:
         keep(k)
         super
       end
-      
+
       def update(h) #:nodoc:
         h.keys.each { |k| keep(k) }
         super
       end
-      
+
       alias :merge! :update
-      
+
       def replace(h) #:nodoc:
         @used = {}
         super
       end
-    
+
       # Sets a flash that will not be available to the next action, only to the current.
       #
       #     flash.now[:message] = "Hello current action"
-      # 
+      #
       # This method enables you to use the flash as a central messaging system in your app.
       # When you need to pass an object to the next action, you use the standard flash assign (<tt>[]=</tt>).
       # When you need to pass an object to the current action, you use <tt>now</tt>, and your object will
@@ -85,7 +86,7 @@ module ActionController #:nodoc:
       def now
         FlashNow.new(self)
       end
-    
+
       # Keeps either the entire current flash or a specific flash entry available for the next action:
       #
       #    flash.keep            # keeps the entire flash
@@ -93,7 +94,7 @@ module ActionController #:nodoc:
       def keep(k = nil)
         use(k, false)
       end
-    
+
       # Marks the entire flash or a single flash entry to be discarded by the end of the current action:
       #
       #     flash.discard              # discard the entire flash at the end of the current action
@@ -101,12 +102,12 @@ module ActionController #:nodoc:
       def discard(k = nil)
         use(k)
       end
-    
+
       # Mark for removal entries that were kept, and delete unkept ones.
       #
       # This method is called automatically by filters, so you generally don't need to care about it.
       def sweep #:nodoc:
-        keys.each do |k| 
+        keys.each do |k|
           unless @used[k]
             use(k)
           else
@@ -118,7 +119,12 @@ module ActionController #:nodoc:
         # clean up after keys that could have been left over by calling reject! or shift on the flash
         (@used.keys - keys).each{ |k| @used.delete(k) }
       end
-    
+
+      def store(session, key = "flash")
+        return if self.empty?
+        session[key] = self
+      end
+
       private
         # Used internally by the <tt>keep</tt> and <tt>discard</tt> methods
         #     use()               # marks the entire flash as used
@@ -136,37 +142,30 @@ module ActionController #:nodoc:
 
     module InstanceMethods #:nodoc:
       protected
+        def perform_action_with_flash
+          perform_action_without_flash
+          if defined? @_flash
+            @_flash.store(session)
+            remove_instance_variable(:@_flash)
+          end
+        end
+
         def reset_session_with_flash
           reset_session_without_flash
-          remove_instance_variable(:@_flash)
-          flash(:refresh)
+          remove_instance_variable(:@_flash) if defined? @_flash
         end
-      
-        # Access the contents of the flash. Use <tt>flash["notice"]</tt> to read a notice you put there or 
-        # <tt>flash["notice"] = "hello"</tt> to put a new one.
-        # Note that if sessions are disabled only flash.now will work.
-        def flash(refresh = false) #:doc:
-          if !defined?(@_flash) || refresh
-            @_flash =
-              if session.is_a?(Hash)
-                # don't put flash in session if disabled
-                FlashHash.new
-              else
-                # otherwise, session is a CGI::Session or a TestSession
-                # so make sure it gets retrieved from/saved to session storage after request processing
-                session["flash"] ||= FlashHash.new
-              end
+
+        # Access the contents of the flash. Use <tt>flash["notice"]</tt> to
+        # read a notice you put there or <tt>flash["notice"] = "hello"</tt>
+        # to put a new one.
+        def flash #:doc:
+          if !defined?(@_flash)
+            @_flash = session["flash"] || FlashHash.new
+            @_flash.sweep
           end
 
           @_flash
         end
-
-      private
-        def assign_shortcuts_with_flash(request, response) #:nodoc:
-          assign_shortcuts_without_flash(request, response)
-          flash(:refresh)
-          flash.sweep if @_session && !component_request?
-        end
     end
   end
 end

actionpack/lib/action_controller/headers.rb

@@ -1,31 +1,33 @@
+require 'active_support/memoizable'
+
 module ActionController
   module Http
     class Headers < ::Hash
-      
-      def initialize(constructor = {})
-         if constructor.is_a?(Hash)
+      extend ActiveSupport::Memoizable
+
+      def initialize(*args)
+         if args.size == 1 && args[0].is_a?(Hash)
            super()
-           update(constructor)
+           update(args[0])
          else
-           super(constructor)
+           super
          end
        end
-      
+
       def [](header_name)
         if include?(header_name)
-          super 
+          super
         else
-          super(normalize_header(header_name))
+          super(env_name(header_name))
         end
       end
-      
-      
+
       private
-        # Takes an HTTP header name and returns it in the 
-        # format 
-        def normalize_header(header_name)
+        # Converts a HTTP header name to an environment variable name.
+        def env_name(header_name)
           "HTTP_#{header_name.upcase.gsub(/-/, '_')}"
         end
+        memoize :env_name
     end
   end
-end
+end

actionpack/lib/action_controller/helpers.rb

@@ -1,13 +1,17 @@
+require 'active_support/dependencies'
+
 # FIXME: helper { ... } is broken on Ruby 1.9
 module ActionController #:nodoc:
   module Helpers #:nodoc:
-    HELPERS_DIR = (defined?(RAILS_ROOT) ? "#{RAILS_ROOT}/app/helpers" : "app/helpers")
-
     def self.included(base)
       # Initialize the base module to aggregate its helpers.
       base.class_inheritable_accessor :master_helper_module
       base.master_helper_module = Module.new
 
+      # Set the default directory for helpers
+      base.class_inheritable_accessor :helpers_dir
+      base.helpers_dir = (defined?(RAILS_ROOT) ? "#{RAILS_ROOT}/app/helpers" : "app/helpers")
+
       # Extend base with class methods to declare helpers.
       base.extend(ClassMethods)
 
@@ -88,8 +92,8 @@ module ActionController #:nodoc:
       # When the argument is a module it will be included directly in the template class.
       #   helper FooHelper # => includes FooHelper
       #
-      # When the argument is the symbol <tt>:all</tt>, the controller will include all helpers from 
-      # <tt>app/helpers/**/*.rb</tt> under RAILS_ROOT.
+      # When the argument is the symbol <tt>:all</tt>, the controller will include all helpers beneath
+      # <tt>ActionController::Base.helpers_dir</tt> (defaults to <tt>app/helpers/**/*.rb</tt> under RAILS_ROOT).
       #   helper :all
       #
       # Additionally, the +helper+ class method can receive and evaluate a block, making the methods defined available 
@@ -159,9 +163,9 @@ module ActionController #:nodoc:
       def helper_method(*methods)
         methods.flatten.each do |method|
           master_helper_module.module_eval <<-end_eval
-            def #{method}(*args, &block)
-              controller.send(%(#{method}), *args, &block)
-            end
+            def #{method}(*args, &block)                    # def current_user(*args, &block)
+              controller.send(%(#{method}), *args, &block)  #   controller.send(%(current_user), *args, &block)
+            end                                             # end
           end_eval
         end
       end
@@ -204,8 +208,8 @@ module ActionController #:nodoc:
 
           begin
             child.master_helper_module = Module.new
-            child.master_helper_module.send! :include, master_helper_module
-            child.send! :default_helper_module!
+            child.master_helper_module.__send__ :include, master_helper_module
+            child.__send__ :default_helper_module!
           rescue MissingSourceFile => e
             raise unless e.is_missing?("helpers/#{child.controller_path}_helper")
           end
@@ -213,8 +217,8 @@ module ActionController #:nodoc:
 
         # Extract helper names from files in app/helpers/**/*.rb
         def all_application_helpers
-          extract = /^#{Regexp.quote(HELPERS_DIR)}\/?(.*)_helper.rb$/
-          Dir["#{HELPERS_DIR}/**/*_helper.rb"].map { |file| file.sub extract, '\1' }
+          extract = /^#{Regexp.quote(helpers_dir)}\/?(.*)_helper.rb$/
+          Dir["#{helpers_dir}/**/*_helper.rb"].map { |file| file.sub extract, '\1' }
         end
     end
   end

actionpack/lib/action_controller/http_authentication.rb

@@ -1,42 +1,42 @@
 module ActionController
   module HttpAuthentication
     # Makes it dead easy to do HTTP Basic authentication.
-    # 
+    #
     # Simple Basic example:
-    # 
+    #
     #   class PostsController < ApplicationController
     #     USER_NAME, PASSWORD = "dhh", "secret"
-    #   
+    #
     #     before_filter :authenticate, :except => [ :index ]
-    #   
+    #
     #     def index
     #       render :text => "Everyone can see me!"
     #     end
-    #   
+    #
     #     def edit
     #       render :text => "I'm only accessible if you know the password"
     #     end
-    #   
+    #
     #     private
     #       def authenticate
-    #         authenticate_or_request_with_http_basic do |user_name, password| 
+    #         authenticate_or_request_with_http_basic do |user_name, password|
     #           user_name == USER_NAME && password == PASSWORD
     #         end
     #       end
     #   end
-    # 
-    # 
-    # Here is a more advanced Basic example where only Atom feeds and the XML API is protected by HTTP authentication, 
+    #
+    #
+    # Here is a more advanced Basic example where only Atom feeds and the XML API is protected by HTTP authentication,
     # the regular HTML interface is protected by a session approach:
-    # 
+    #
     #   class ApplicationController < ActionController::Base
     #     before_filter :set_account, :authenticate
-    #   
+    #
     #     protected
     #       def set_account
     #         @account = Account.find_by_url_name(request.subdomains.first)
     #       end
-    #   
+    #
     #       def authenticate
     #         case request.format
     #         when Mime::XML, Mime::ATOM
@@ -54,24 +54,55 @@ module ActionController
     #         end
     #       end
     #   end
-    # 
-    # 
+    #
     # In your integration tests, you can do something like this:
-    # 
+    #
     #   def test_access_granted_from_xml
     #     get(
-    #       "/notes/1.xml", nil, 
+    #       "/notes/1.xml", nil,
     #       :authorization => ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
     #     )
-    # 
+    #
     #     assert_equal 200, status
     #   end
-    #  
-    #  
+    #
+    # Simple Digest example:
+    #
+    #   require 'digest/md5'
+    #   class PostsController < ApplicationController
+    #     REALM = "SuperSecret"
+    #     USERS = {"dhh" => "secret", #plain text password
+    #              "dap" => Digest:MD5::hexdigest(["dap",REALM,"secret"].join(":"))  #ha1 digest password
+    #
+    #     before_filter :authenticate, :except => [:index]
+    #
+    #     def index
+    #       render :text => "Everyone can see me!"
+    #     end
+    #
+    #     def edit
+    #       render :text => "I'm only accessible if you know the password"
+    #     end
+    #
+    #     private
+    #       def authenticate
+    #         authenticate_or_request_with_http_digest(REALM) do |username|
+    #           USERS[username]
+    #         end
+    #       end
+    #   end
+    #
+    # NOTE: The +authenticate_or_request_with_http_digest+ block must return the user's password or the ha1 digest hash so the framework can appropriately
+    #       hash to check the user's credentials. Returning +nil+ will cause authentication to fail.
+    #       Storing the ha1 hash: MD5(username:realm:password), is better than storing a plain password. If
+    #       the password file or database is compromised, the attacker would be able to use the ha1 hash to
+    #       authenticate as the user at this +realm+, but would not have the user's password to try using at
+    #       other sites.
+    #
     # On shared hosts, Apache sometimes doesn't pass authentication headers to
     # FCGI instances. If your environment matches this description and you cannot
     # authenticate, try this rule in your Apache setup:
-    # 
+    #
     #   RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
     module Basic
       extend self
@@ -99,16 +130,16 @@ module ActionController
       def user_name_and_password(request)
         decode_credentials(request).split(/:/, 2)
       end
-  
+
       def authorization(request)
         request.env['HTTP_AUTHORIZATION']   ||
         request.env['X-HTTP_AUTHORIZATION'] ||
         request.env['X_HTTP_AUTHORIZATION'] ||
         request.env['REDIRECT_X_HTTP_AUTHORIZATION']
       end
-    
+
       def decode_credentials(request)
-        ActiveSupport::Base64.decode64(authorization(request).split.last || '')
+        ActiveSupport::Base64.decode64(authorization(request).split(' ', 2).last || '')
       end
 
       def encode_credentials(user_name, password)
@@ -117,8 +148,161 @@ module ActionController
 
       def authentication_request(controller, realm)
         controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
-        controller.send! :render, :text => "HTTP Basic: Access denied.\n", :status => :unauthorized
+        controller.__send__ :render, :text => "HTTP Basic: Access denied.\n", :status => :unauthorized
       end
     end
+
+    module Digest
+      extend self
+
+      module ControllerMethods
+        def authenticate_or_request_with_http_digest(realm = "Application", &password_procedure)
+          authenticate_with_http_digest(realm, &password_procedure) || request_http_digest_authentication(realm)
+        end
+
+        # Authenticate with HTTP Digest, returns true or false
+        def authenticate_with_http_digest(realm = "Application", &password_procedure)
+          HttpAuthentication::Digest.authenticate(self, realm, &password_procedure)
+        end
+
+        # Render output including the HTTP Digest authentication header
+        def request_http_digest_authentication(realm = "Application", message = nil)
+          HttpAuthentication::Digest.authentication_request(self, realm, message)
+        end
+      end
+
+      # Returns false on a valid response, true otherwise
+      def authenticate(controller, realm, &password_procedure)
+        authorization(controller.request) && validate_digest_response(controller.request, realm, &password_procedure)
+      end
+
+      def authorization(request)
+        request.env['HTTP_AUTHORIZATION']   ||
+        request.env['X-HTTP_AUTHORIZATION'] ||
+        request.env['X_HTTP_AUTHORIZATION'] ||
+        request.env['REDIRECT_X_HTTP_AUTHORIZATION']
+      end
+
+      # Returns false unless the request credentials response value matches the expected value.
+      # First try the password as a ha1 digest password. If this fails, then try it as a plain
+      # text password.
+      def validate_digest_response(request, realm, &password_procedure)
+        credentials = decode_credentials_header(request)
+        valid_nonce = validate_nonce(request, credentials[:nonce])
+
+        if valid_nonce && realm == credentials[:realm] && opaque == credentials[:opaque]
+          password = password_procedure.call(credentials[:username])
+          return false unless password
+
+          method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
+          uri    = credentials[:uri][0,1] == '/' ? request.request_uri : request.url
+
+         [true, false].any? do |password_is_ha1|
+           expected = expected_response(method, uri, credentials, password, password_is_ha1)
+           expected == credentials[:response]
+         end
+        end
+      end
+
+      # Returns the expected response for a request of +http_method+ to +uri+ with the decoded +credentials+ and the expected +password+
+      # Optional parameter +password_is_ha1+ is set to +true+ by default, since best practice is to store ha1 digest instead
+      # of a plain-text password.
+      def expected_response(http_method, uri, credentials, password, password_is_ha1=true)
+        ha1 = password_is_ha1 ? password : ha1(credentials, password)
+        ha2 = ::Digest::MD5.hexdigest([http_method.to_s.upcase, uri].join(':'))
+        ::Digest::MD5.hexdigest([ha1, credentials[:nonce], credentials[:nc], credentials[:cnonce], credentials[:qop], ha2].join(':'))
+      end
+
+      def ha1(credentials, password)
+        ::Digest::MD5.hexdigest([credentials[:username], credentials[:realm], password].join(':'))
+      end
+
+      def encode_credentials(http_method, credentials, password, password_is_ha1)
+        credentials[:response] = expected_response(http_method, credentials[:uri], credentials, password, password_is_ha1)
+        "Digest " + credentials.sort_by {|x| x[0].to_s }.inject([]) {|a, v| a << "#{v[0]}='#{v[1]}'" }.join(', ')
+      end
+
+      def decode_credentials_header(request)
+        decode_credentials(authorization(request))
+      end
+
+      def decode_credentials(header)
+        header.to_s.gsub(/^Digest\s+/,'').split(',').inject({}) do |hash, pair|
+          key, value = pair.split('=', 2)
+          hash[key.strip.to_sym] = value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')
+          hash
+        end
+      end
+
+      def authentication_header(controller, realm)
+        controller.headers["WWW-Authenticate"] = %(Digest realm="#{realm}", qop="auth", algorithm=MD5, nonce="#{nonce}", opaque="#{opaque}")
+      end
+
+      def authentication_request(controller, realm, message = nil)
+        message ||= "HTTP Digest: Access denied.\n"
+        authentication_header(controller, realm)
+        controller.__send__ :render, :text => message, :status => :unauthorized
+      end
+
+      # Uses an MD5 digest based on time to generate a value to be used only once.
+      #
+      # A server-specified data string which should be uniquely generated each time a 401 response is made.
+      # It is recommended that this string be base64 or hexadecimal data.
+      # Specifically, since the string is passed in the header lines as a quoted string, the double-quote character is not allowed.
+      #
+      # The contents of the nonce are implementation dependent.
+      # The quality of the implementation depends on a good choice.
+      # A nonce might, for example, be constructed as the base 64 encoding of
+      #
+      # => time-stamp H(time-stamp ":" ETag ":" private-key)
+      #
+      # where time-stamp is a server-generated time or other non-repeating value,
+      # ETag is the value of the HTTP ETag header associated with the requested entity,
+      # and private-key is data known only to the server.
+      # With a nonce of this form a server would recalculate the hash portion after receiving the client authentication header and
+      # reject the request if it did not match the nonce from that header or
+      # if the time-stamp value is not recent enough. In this way the server can limit the time of the nonce's validity.
+      # The inclusion of the ETag prevents a replay request for an updated version of the resource.
+      # (Note: including the IP address of the client in the nonce would appear to offer the server the ability
+      # to limit the reuse of the nonce to the same client that originally got it.
+      # However, that would break proxy farms, where requests from a single user often go through different proxies in the farm.
+      # Also, IP address spoofing is not that hard.)
+      #
+      # An implementation might choose not to accept a previously used nonce or a previously used digest, in order to
+      # protect against a replay attack. Or, an implementation might choose to use one-time nonces or digests for
+      # POST or PUT requests and a time-stamp for GET requests. For more details on the issues involved see Section 4
+      # of this document.
+      #
+      # The nonce is opaque to the client. Composed of Time, and hash of Time with secret
+      # key from the Rails session secret generated upon creation of project. Ensures
+      # the time cannot be modifed by client.
+      def nonce(time = Time.now)
+        t = time.to_i
+        hashed = [t, secret_key]
+        digest = ::Digest::MD5.hexdigest(hashed.join(":"))
+        Base64.encode64("#{t}:#{digest}").gsub("\n", '')
+      end
+
+      # Might want a shorter timeout depending on whether the request
+      # is a PUT or POST, and if client is browser or web service.
+      # Can be much shorter if the Stale directive is implemented. This would
+      # allow a user to use new nonce without prompting user again for their
+      # username and password.
+      def validate_nonce(request, value, seconds_to_timeout=5*60)
+        t = Base64.decode64(value).split(":").first.to_i
+        nonce(t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout
+      end
+
+      # Opaque based on random generation - but changing each request?
+      def opaque()
+        ::Digest::MD5.hexdigest(secret_key)
+      end
+
+      # Set in /initializers/session_store.rb, and loaded even if sessions are not in use.
+      def secret_key
+        ActionController::Base.session_options[:secret]
+      end
+
+    end
   end
 end

actionpack/lib/action_controller/integration.rb

@@ -1,29 +1,34 @@
 require 'stringio'
 require 'uri'
-
-require 'action_controller/dispatcher'
-require 'action_controller/test_process'
+require 'active_support/test_case'
 
 module ActionController
   module Integration #:nodoc:
     # An integration Session instance represents a set of requests and responses
-    # performed sequentially by some virtual user. Becase you can instantiate
+    # performed sequentially by some virtual user. Because you can instantiate
     # multiple sessions and run them side-by-side, you can also mimic (to some
     # limited extent) multiple simultaneous users interacting with your system.
     #
-    # Typically, you will instantiate a new session using IntegrationTest#open_session,
-    # rather than instantiating Integration::Session directly.
+    # Typically, you will instantiate a new session using
+    # IntegrationTest#open_session, rather than instantiating
+    # Integration::Session directly.
     class Session
       include Test::Unit::Assertions
-      include ActionController::Assertions
+      include ActionController::TestCase::Assertions
       include ActionController::TestProcess
 
+      # Rack application to use
+      attr_accessor :application
+
       # The integer HTTP status code of the last request.
       attr_reader :status
 
       # The status message that accompanied the status code of the last request.
       attr_reader :status_message
 
+      # The body of the last request.
+      attr_reader :body
+
       # The URI of the last request.
       attr_reader :path
 
@@ -59,7 +64,8 @@ module ActionController
       end
 
       # Create and initialize a new Session instance.
-      def initialize
+      def initialize(app = nil)
+        @application = app || ActionController::Dispatcher.new
         reset!
       end
 
@@ -78,11 +84,13 @@ module ActionController
 
         self.host        = "www.example.com"
         self.remote_addr = "127.0.0.1"
-        self.accept      = "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
+        self.accept      = "text/xml,application/xml,application/xhtml+xml," +
+                           "text/html;q=0.9,text/plain;q=0.8,image/png," +
+                           "*/*;q=0.5"
 
         unless defined? @named_routes_configured
           # install the named routes in this session instance.
-          klass = class<<self; self; end
+          klass = class << self; self; end
           Routing::Routes.install_helpers(klass)
 
           # the helpers are made protected by default--we make them public for
@@ -96,11 +104,11 @@ module ActionController
       #
       #   session.https!
       #   session.https!(false)
-      def https!(flag=true)
+      def https!(flag = true)
         @https = flag
       end
 
-      # Return +true+ if the session is mimicing a secure HTTPS request.
+      # Return +true+ if the session is mimicking a secure HTTPS request.
       #
       #   if session.https?
       #     ...
@@ -121,7 +129,7 @@ module ActionController
       # performed on the location header.
       def follow_redirect!
         raise "not a redirect! #{@status} #{@status_message}" unless redirect?
-        get(interpret_uri(headers['location'].first))
+        get(interpret_uri(headers['location']))
         status
       end
 
@@ -164,11 +172,23 @@ module ActionController
         status/100 == 3
       end
 
-      # Performs a GET request with the given parameters. The parameters may
-      # be +nil+, a Hash, or a string that is appropriately encoded
-      # (<tt>application/x-www-form-urlencoded</tt> or <tt>multipart/form-data</tt>).
-      # The headers should be a hash. The keys will automatically be upcased, with the
-      # prefix 'HTTP_' added if needed.
+      # Performs a GET request with the given parameters.
+      #
+      # - +path+: The URI (as a String) on which you want to perform a GET
+      #   request.
+      # - +parameters+: The HTTP parameters that you want to pass. This may
+      #   be +nil+,
+      #   a Hash, or a String that is appropriately encoded
+      #   (<tt>application/x-www-form-urlencoded</tt> or
+      #   <tt>multipart/form-data</tt>).
+      # - +headers+: Additional HTTP headers to pass, as a Hash. The keys will
+      #   automatically be upcased, with the prefix 'HTTP_' added if needed.
+      #
+      # This method returns an Response object, which one can use to
+      # inspect the details of the response. Furthermore, if this method was
+      # called from an ActionController::IntegrationTest object, then that
+      # object's <tt>@response</tt> instance variable will point to the same
+      # response object.
       #
       # You can also perform POST, PUT, DELETE, and HEAD requests with +post+,
       # +put+, +delete+, and +head+.
@@ -176,22 +196,26 @@ module ActionController
         process :get, path, parameters, headers
       end
 
-      # Performs a POST request with the given parameters. See get() for more details.
+      # Performs a POST request with the given parameters. See get() for more
+      # details.
       def post(path, parameters = nil, headers = nil)
         process :post, path, parameters, headers
       end
 
-      # Performs a PUT request with the given parameters. See get() for more details.
+      # Performs a PUT request with the given parameters. See get() for more
+      # details.
       def put(path, parameters = nil, headers = nil)
         process :put, path, parameters, headers
       end
 
-      # Performs a DELETE request with the given parameters. See get() for more details.
+      # Performs a DELETE request with the given parameters. See get() for
+      # more details.
       def delete(path, parameters = nil, headers = nil)
         process :delete, path, parameters, headers
       end
 
-      # Performs a HEAD request with the given parameters. See get() for more details.
+      # Performs a HEAD request with the given parameters. See get() for more
+      # details.
       def head(path, parameters = nil, headers = nil)
         process :head, path, parameters, headers
       end
@@ -206,8 +230,7 @@ module ActionController
       def xml_http_request(request_method, path, parameters = nil, headers = nil)
         headers ||= {}
         headers['X-Requested-With'] = 'XMLHttpRequest'
-        headers['Accept'] ||= 'text/javascript, text/html, application/xml, text/xml, */*'
-
+        headers['Accept'] ||= [Mime::JS, Mime::HTML, Mime::XML, 'text/xml', Mime::ALL].join(', ')
         process(request_method, path, parameters, headers)
       end
       alias xhr :xml_http_request
@@ -215,25 +238,12 @@ module ActionController
       # Returns the URL for the given options, according to the rules specified
       # in the application's routes.
       def url_for(options)
-        controller ? controller.url_for(options) : generic_url_rewriter.rewrite(options)
+        controller ?
+          controller.url_for(options) :
+          generic_url_rewriter.rewrite(options)
       end
 
       private
-        class StubCGI < CGI #:nodoc:
-          attr_accessor :stdinput, :stdoutput, :env_table
-
-          def initialize(env, stdinput = nil)
-            self.env_table = env
-            self.stdoutput = StringIO.new
-
-            super
-
-            stdinput.set_encoding(Encoding::BINARY) if stdinput.respond_to?(:set_encoding)
-            stdinput.force_encoding(Encoding::BINARY) if stdinput.respond_to?(:force_encoding)
-            @stdinput = stdinput.is_a?(IO) ? stdinput : StringIO.new(stdinput || '')
-          end
-        end
-
         # Tailors the session based on the given URI, setting the HTTPS value
         # and the hostname.
         def interpret_uri(path)
@@ -256,17 +266,33 @@ module ActionController
             data = nil
           end
 
+          env["QUERY_STRING"] ||= ""
+
+          data = data.is_a?(IO) ? data : StringIO.new(data || '')
+
           env.update(
-            "REQUEST_METHOD" => method.to_s.upcase,
+            "REQUEST_METHOD"  => method.to_s.upcase,
+            "SERVER_NAME"     => host,
+            "SERVER_PORT"     => (https? ? "443" : "80"),
+            "HTTPS"           => https? ? "on" : "off",
+            "rack.url_scheme" => https? ? "https" : "http",
+            "SCRIPT_NAME"     => "",
+
             "REQUEST_URI"    => path,
+            "PATH_INFO"      => path,
             "HTTP_HOST"      => host,
             "REMOTE_ADDR"    => remote_addr,
-            "SERVER_PORT"    => (https? ? "443" : "80"),
             "CONTENT_TYPE"   => "application/x-www-form-urlencoded",
             "CONTENT_LENGTH" => data ? data.length.to_s : nil,
             "HTTP_COOKIE"    => encode_cookies,
-            "HTTPS"          => https? ? "on" : "off",
-            "HTTP_ACCEPT"    => accept
+            "HTTP_ACCEPT"    => accept,
+
+            "rack.version"      => [0,1],
+            "rack.input"        => data,
+            "rack.errors"       => StringIO.new,
+            "rack.multithread"  => true,
+            "rack.multiprocess" => true,
+            "rack.run_once"     => false
           )
 
           (headers || {}).each do |key, value|
@@ -275,54 +301,63 @@ module ActionController
             env[key] = value
           end
 
-          unless ActionController::Base.respond_to?(:clear_last_instantiation!)
-            ActionController::Base.module_eval { include ControllerCapture }
+          [ControllerCapture, ActionController::ProcessWithTest].each do |mod|
+            unless ActionController::Base < mod
+              ActionController::Base.class_eval { include mod }
+            end
           end
 
           ActionController::Base.clear_last_instantiation!
 
-          cgi = StubCGI.new(env, data)
-          ActionController::Dispatcher.dispatch(cgi, ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS, cgi.stdoutput)
-          @result = cgi.stdoutput.string
+          app = Rack::Lint.new(@application)
+          status, headers, body = app.call(env)
           @request_count += 1
 
-          @controller = ActionController::Base.last_instantiation
-          @request = @controller.request
-          @response = @controller.response
-
-          # Decorate the response with the standard behavior of the TestResponse
-          # so that things like assert_response can be used in integration
-          # tests.
-          @response.extend(TestResponseBehavior)
-
           @html_document = nil
 
-          parse_result
-          return status
-        rescue MultiPartNeededException
-          boundary = "----------XnJLe9ZIbbGUYtzPQJ16u1"
-          status = process(method, path, multipart_body(parameters, boundary), (headers || {}).merge({"CONTENT_TYPE" => "multipart/form-data; boundary=#{boundary}"}))
-          return status
-        end
+          @status = status.to_i
+          @status_message = StatusCodes::STATUS_CODES[@status]
 
-        # Parses the result of the response and extracts the various values,
-        # like cookies, status, headers, etc.
-        def parse_result
-          response_headers, result_body = @result.split(/\r\n\r\n/, 2)
+          @headers = Rack::Utils::HeaderHash.new(headers)
 
-          @headers = Hash.new { |h,k| h[k] = [] }
-          response_headers.to_s.each_line do |line|
-            key, value = line.strip.split(/:\s*/, 2)
-            @headers[key.downcase] << value
-          end
-
-          (@headers['set-cookie'] || [] ).each do |string|
-            name, value = string.match(/^([^=]*)=([^;]*);/)[1,2]
+          (@headers['Set-Cookie'] || "").split("\n").each do |cookie|
+            name, value = cookie.match(/^([^=]*)=([^;]*);/)[1,2]
             @cookies[name] = value
           end
 
-          @status, @status_message = @headers["status"].first.to_s.split(/ /)
-          @status = @status.to_i
+          @body = ""
+          if body.respond_to?(:to_str)
+            @body << body
+          else
+            body.each { |part| @body << part }
+          end
+
+          if @controller = ActionController::Base.last_instantiation
+            @request = @controller.request
+            @response = @controller.response
+            @controller.send(:set_test_assigns)
+          else
+            # Decorate responses from Rack Middleware and Rails Metal
+            # as an Response for the purposes of integration testing
+            @response = Response.new
+            @response.status = status.to_s
+            @response.headers.replace(@headers)
+            @response.body = @body
+          end
+
+          # Decorate the response with the standard behavior of the
+          # TestResponse so that things like assert_response can be
+          # used in integration tests.
+          @response.extend(TestResponseBehavior)
+
+          return @status
+        rescue MultiPartNeededException
+          boundary = "----------XnJLe9ZIbbGUYtzPQJ16u1"
+          status = process(method, path,
+            multipart_body(parameters, boundary),
+            (headers || {}).merge(
+              {"CONTENT_TYPE" => "multipart/form-data; boundary=#{boundary}"}))
+          return status
         end
 
         # Encode the cookies hash in a format suitable for passing to a
@@ -335,13 +370,15 @@ module ActionController
 
         # Get a temporary URL writer object
         def generic_url_rewriter
-          cgi = StubCGI.new('REQUEST_METHOD' => "GET",
-                            'QUERY_STRING'   => "",
-                            "REQUEST_URI"    => "/",
-                            "HTTP_HOST"      => host,
-                            "SERVER_PORT"    => https? ? "443" : "80",
-                            "HTTPS"          => https? ? "on" : "off")
-          ActionController::UrlRewriter.new(ActionController::CgiRequest.new(cgi), {})
+          env = {
+            'REQUEST_METHOD' => "GET",
+            'QUERY_STRING'   => "",
+            "REQUEST_URI"    => "/",
+            "HTTP_HOST"      => host,
+            "SERVER_PORT"    => https? ? "443" : "80",
+            "HTTPS"          => https? ? "on" : "off"
+          }
+          UrlRewriter.new(Request.new(env), {})
         end
 
         def name_with_prefix(prefix, name)
@@ -355,9 +392,13 @@ module ActionController
             raise MultiPartNeededException
           elsif Hash === parameters
             return nil if parameters.empty?
-            parameters.map { |k,v| requestify(v, name_with_prefix(prefix, k)) }.join("&")
+            parameters.map { |k,v|
+              requestify(v, name_with_prefix(prefix, k))
+            }.join("&")
           elsif Array === parameters
-            parameters.map { |v| requestify(v, name_with_prefix(prefix, "")) }.join("&")
+            parameters.map { |v|
+              requestify(v, name_with_prefix(prefix, ""))
+            }.join("&")
           elsif prefix.nil?
             parameters
           else
@@ -368,7 +409,7 @@ module ActionController
         def multipart_requestify(params, first=true)
           returning Hash.new do |p|
             params.each do |key, value|
-              k = first ? CGI.escape(key.to_s) : "[#{CGI.escape(key.to_s)}]"
+              k = first ? key.to_s : "[#{key.to_s}]"
               if Hash === value
                 multipart_requestify(value, false).each do |subkey, subvalue|
                   p[k + subkey] = subvalue
@@ -383,7 +424,7 @@ module ActionController
         def multipart_body(params, boundary)
           multipart_requestify(params).map do |key, value|
             if value.respond_to?(:original_filename)
-              File.open(value.path) do |f|
+              File.open(value.path, "rb") do |f|
                 f.set_encoding(Encoding::BINARY) if f.respond_to?(:set_encoding)
 
                 <<-EOF
@@ -442,12 +483,12 @@ EOF
       end
 
       %w(get post put head delete cookies assigns
-         xml_http_request get_via_redirect post_via_redirect).each do |method|
+         xml_http_request xhr get_via_redirect post_via_redirect).each do |method|
         define_method(method) do |*args|
           reset! unless @integration_session
           # reset the html_document variable, but only for new get/post calls
           @html_document = nil unless %w(cookies assigns).include?(method)
-          returning @integration_session.send!(method, *args) do
+          returning @integration_session.__send__(method, *args) do
             copy_session_variables!
           end
         end
@@ -463,8 +504,8 @@ EOF
       # By default, a single session is automatically created for you, but you
       # can use this method to open multiple sessions that ought to be tested
       # simultaneously.
-      def open_session
-        session = Integration::Session.new
+      def open_session(application = nil)
+        session = Integration::Session.new(application)
 
         # delegate the fixture accessors back to the test instance
         extras = Module.new { attr_accessor :delegate, :test_result }
@@ -472,12 +513,16 @@ EOF
           self.class.fixture_table_names.each do |table_name|
             name = table_name.tr(".", "_")
             next unless respond_to?(name)
-            extras.send!(:define_method, name) { |*args| delegate.send(name, *args) }
+            extras.__send__(:define_method, name) { |*args|
+              delegate.send(name, *args)
+            }
           end
         end
 
         # delegate add_assertion to the test case
-        extras.send!(:define_method, :add_assertion) { test_result.add_assertion }
+        extras.__send__(:define_method, :add_assertion) {
+          test_result.add_assertion
+        }
         session.extend(extras)
         session.delegate = self
         session.test_result = @_result
@@ -491,14 +536,14 @@ EOF
       def copy_session_variables! #:nodoc:
         return unless @integration_session
         %w(controller response request).each do |var|
-          instance_variable_set("@#{var}", @integration_session.send!(var))
+          instance_variable_set("@#{var}", @integration_session.__send__(var))
         end
       end
 
       # Delegate unhandled messages to the current session instance.
       def method_missing(sym, *args, &block)
         reset! unless @integration_session
-        returning @integration_session.send!(sym, *args, &block) do
+        returning @integration_session.__send__(sym, *args, &block) do
           copy_session_variables!
         end
       end
@@ -580,7 +625,7 @@ EOF
   #         end
   #       end
   #   end
-  class IntegrationTest < Test::Unit::TestCase
+  class IntegrationTest < ActiveSupport::TestCase
     include Integration::Runner
 
     # Work around a bug in test/unit caused by the default test being named
@@ -605,7 +650,8 @@ EOF
     # would potentially have to set their values for both Test::Unit::TestCase
     # ActionController::IntegrationTest, since by the time the value is set on
     # TestCase, IntegrationTest has already been defined and cannot inherit
-    # changes to those variables. So, we make those two attributes copy-on-write.
+    # changes to those variables. So, we make those two attributes
+    # copy-on-write.
 
     class << self
       def use_transactional_fixtures=(flag) #:nodoc:

actionpack/lib/action_controller/layout.rb

@@ -3,11 +3,6 @@ module ActionController #:nodoc:
     def self.included(base)
       base.extend(ClassMethods)
       base.class_eval do
-        # NOTE: Can't use alias_method_chain here because +render_without_layout+ is already
-        # defined as a publicly exposed method
-        alias_method :render_with_no_layout, :render
-        alias_method :render, :render_with_a_layout
-
         class << self
           alias_method_chain :inherited, :layout
         end
@@ -169,24 +164,16 @@ module ActionController #:nodoc:
       # performance and have access to them as any normal template would.
       def layout(template_name, conditions = {}, auto = false)
         add_layout_conditions(conditions)
-        write_inheritable_attribute "layout", template_name
-        write_inheritable_attribute "auto_layout", auto
+        write_inheritable_attribute(:layout, template_name)
+        write_inheritable_attribute(:auto_layout, auto)
       end
 
       def layout_conditions #:nodoc:
-        @layout_conditions ||= read_inheritable_attribute("layout_conditions")
-      end
-
-      def default_layout(format) #:nodoc:
-        layout = read_inheritable_attribute("layout")
-        return layout unless read_inheritable_attribute("auto_layout")
-        @default_layout ||= {}
-        @default_layout[format] ||= default_layout_with_format(format, layout)
-        @default_layout[format]
+        @layout_conditions ||= read_inheritable_attribute(:layout_conditions)
       end
 
       def layout_list #:nodoc:
-        Array(view_paths).sum([]) { |path| Dir["#{path}/layouts/**/*"] }
+        Array(view_paths).sum([]) { |path| Dir["#{path.to_str}/layouts/**/*"] }
       end
 
       private
@@ -199,92 +186,58 @@ module ActionController #:nodoc:
         end
 
         def add_layout_conditions(conditions)
-          write_inheritable_hash "layout_conditions", normalize_conditions(conditions)
+          write_inheritable_hash(:layout_conditions, normalize_conditions(conditions))
         end
 
         def normalize_conditions(conditions)
           conditions.inject({}) {|hash, (key, value)| hash.merge(key => [value].flatten.map {|action| action.to_s})}
         end
-
-        def default_layout_with_format(format, layout)
-          list = layout_list
-          if list.grep(%r{layouts/#{layout}\.#{format}(\.[a-z][0-9a-z]*)+$}).empty?
-            (!list.grep(%r{layouts/#{layout}\.([a-z][0-9a-z]*)+$}).empty? && format == :html) ? layout : nil
-          else
-            layout
-          end
-        end
     end
 
     # Returns the name of the active layout. If the layout was specified as a method reference (through a symbol), this method
     # is called and the return value is used. Likewise if the layout was specified as an inline method (through a proc or method
     # object). If the layout was defined without a directory, layouts is assumed. So <tt>layout "weblog/standard"</tt> will return
     # weblog/standard, but <tt>layout "standard"</tt> will return layouts/standard.
-    def active_layout(passed_layout = nil)
-      layout = passed_layout || self.class.default_layout(response.template.template_format)
+    def active_layout(passed_layout = nil, options = {})
+      layout = passed_layout || default_layout
+      return layout if layout.respond_to?(:render)
+
       active_layout = case layout
-        when String then layout
-        when Symbol then send!(layout)
+        when Symbol then __send__(layout)
         when Proc   then layout.call(self)
+        else layout
       end
 
-      # Explicitly passed layout names with slashes are looked up relative to the template root,
-      # but auto-discovered layouts derived from a nested controller will contain a slash, though be relative
-      # to the 'layouts' directory so we have to check the file system to infer which case the layout name came from.
-      if active_layout
-        if active_layout.include?('/') && ! layout_directory?(active_layout)
-          active_layout
-        else
-          "layouts/#{active_layout}"
-        end
-      end
+      find_layout(active_layout, default_template_format, options[:html_fallback]) if active_layout
     end
 
-    protected
-      def render_with_a_layout(options = nil, extra_options = {}, &block) #:nodoc:
-        template_with_options = options.is_a?(Hash)
-
-        if (layout = pick_layout(template_with_options, options)) && apply_layout?(template_with_options, options)
-          options = options.merge :layout => false if template_with_options
-          logger.info("Rendering template within #{layout}") if logger
-
-          content_for_layout = render_with_no_layout(options, extra_options, &block)
-          erase_render_results
-          add_variables_to_assigns
-          @template.instance_variable_set("@content_for_layout", content_for_layout)
-          response.layout = layout
-          status = template_with_options ? options[:status] : nil
-          render_for_text(@template.render_file(layout, true), status)
-        else
-          render_with_no_layout(options, extra_options, &block)
-        end
-      end
-
-
     private
-      def apply_layout?(template_with_options, options)
-        return false if options == :update
-        template_with_options ?  candidate_for_layout?(options) : !template_exempt_from_layout?
+      def default_layout #:nodoc:
+        layout = self.class.read_inheritable_attribute(:layout)
+        return layout unless self.class.read_inheritable_attribute(:auto_layout)
+        find_layout(layout, default_template_format)
+      rescue ActionView::MissingTemplate
+        nil
       end
 
-      def candidate_for_layout?(options)
-        (options.has_key?(:layout) && options[:layout] != false) ||
-          options.values_at(:text, :xml, :json, :file, :inline, :partial, :nothing).compact.empty? &&
-          !template_exempt_from_layout?(options[:template] || default_template_name(options[:action]))
+      def find_layout(layout, format, html_fallback=false) #:nodoc:
+        view_paths.find_template(layout.to_s =~ /layouts\// ? layout : "layouts/#{layout}", format, html_fallback)
+      rescue ActionView::MissingTemplate
+        raise if Mime::Type.lookup_by_extension(format.to_s).html?
       end
 
-      def pick_layout(template_with_options, options)
-        if template_with_options
-          case layout = options[:layout]
-            when FalseClass
-              nil
-            when NilClass, TrueClass
-              active_layout if action_has_layout?
-            else
-              active_layout(layout)
+      def pick_layout(options)
+        if options.has_key?(:layout)
+          case layout = options.delete(:layout)
+          when FalseClass
+            nil
+          when NilClass, TrueClass
+            active_layout if action_has_layout? && candidate_for_layout?(:template => default_template_name)
+          else
+            active_layout(layout, :html_fallback => true)
           end
         else
-          active_layout if action_has_layout?
+          active_layout if action_has_layout? && candidate_for_layout?(options)
         end
       end
 
@@ -303,8 +256,26 @@ module ActionController #:nodoc:
         end
       end
 
-      def layout_directory?(layout_name)
-        @template.finder.find_template_extension_from_handler(File.join('layouts', layout_name))
+      def candidate_for_layout?(options)
+        template = options[:template] || default_template(options[:action])
+        if options.values_at(:text, :xml, :json, :file, :inline, :partial, :nothing, :update).compact.empty?
+          begin
+            template_object = self.view_paths.find_template(template, default_template_format)
+            # this restores the behavior from 2.2.2, where response.template.template_format was reset
+            # to :html for :js requests with a matching html template.
+            # see v2.2.2, ActionView::Base, lines 328-330
+            @real_format = :html if response.template.template_format == :js && template_object.format == "html"
+            !template_object.exempt_from_layout?
+          rescue ActionView::MissingTemplate
+            true
+          end
+        end
+      rescue ActionView::MissingTemplate
+        false
+      end
+
+      def default_template_format
+        @real_format || response.template.template_format
       end
   end
 end

actionpack/lib/action_controller/middleware_stack.rb

@@ -0,0 +1,119 @@
+module ActionController
+  class MiddlewareStack < Array
+    class Middleware
+      def self.new(klass, *args, &block)
+        if klass.is_a?(self)
+          klass
+        else
+          super
+        end
+      end
+
+      attr_reader :args, :block
+
+      def initialize(klass, *args, &block)
+        @klass = klass
+
+        options = args.extract_options!
+        if options.has_key?(:if)
+          @conditional = options.delete(:if)
+        else
+          @conditional = true
+        end
+        args << options unless options.empty?
+
+        @args = args
+        @block = block
+      end
+
+      def klass
+        if @klass.respond_to?(:call)
+          @klass.call
+        elsif @klass.is_a?(Class)
+          @klass
+        else
+          @klass.to_s.constantize
+        end
+      rescue NameError
+        @klass
+      end
+
+      def active?
+        return false unless klass
+
+        if @conditional.respond_to?(:call)
+          @conditional.call
+        else
+          @conditional
+        end
+      end
+
+      def ==(middleware)
+        case middleware
+        when Middleware
+          klass == middleware.klass
+        when Class
+          klass == middleware
+        else
+          klass == middleware.to_s.constantize
+        end
+      end
+
+      def inspect
+        str = klass.to_s
+        args.each { |arg| str += ", #{arg.inspect}" }
+        str
+      end
+
+      def build(app)
+        if block
+          klass.new(app, *build_args, &block)
+        else
+          klass.new(app, *build_args)
+        end
+      end
+
+      private
+
+        def build_args
+          Array(args).map { |arg| arg.respond_to?(:call) ? arg.call : arg }
+        end
+    end
+
+    def initialize(*args, &block)
+      super(*args)
+      block.call(self) if block_given?
+    end
+
+    def insert(index, *args, &block)
+      index = self.index(index) unless index.is_a?(Integer)
+      middleware = Middleware.new(*args, &block)
+      super(index, middleware)
+    end
+
+    alias_method :insert_before, :insert
+
+    def insert_after(index, *args, &block)
+      index = self.index(index) unless index.is_a?(Integer)
+      insert(index + 1, *args, &block)
+    end
+
+    def swap(target, *args, &block)
+      insert_before(target, *args, &block)
+      delete(target)
+    end
+
+    def use(*args, &block)
+      middleware = Middleware.new(*args, &block)
+      push(middleware)
+    end
+
+    def active
+      find_all { |middleware| middleware.active? }
+    end
+
+    def build(app)
+      active.reverse.inject(app) { |a, e| e.build(a) }
+    end
+  end
+end

actionpack/lib/action_controller/middlewares.rb

@@ -0,0 +1,12 @@
+use "Rack::Lock", :if => lambda {
+  !ActionController::Base.allow_concurrency
+}
+
+use "ActionController::Failsafe"
+
+use lambda { ActionController::Base.session_store },
+    lambda { ActionController::Base.session_options }
+
+use "ActionController::ParamsParser"
+use "Rack::MethodOverride"
+use "Rack::Head"

actionpack/lib/action_controller/mime_responds.rb

@@ -114,7 +114,11 @@ module ActionController #:nodoc:
         @request    = controller.request
         @response   = controller.response
 
-        @mime_type_priority = Array(Mime::Type.lookup_by_extension(@request.parameters[:format]) || @request.accepts)
+        if ActionController::Base.use_accept_header
+          @mime_type_priority = Array(Mime::Type.lookup_by_extension(@request.parameters[:format]) || @request.accepts)
+        else
+          @mime_type_priority = [@request.format]
+        end
 
         @order     = []
         @responses = {}
@@ -139,12 +143,27 @@ module ActionController #:nodoc:
           custom(@mime_type_priority.first, &block)
         end
       end
+      
+      def self.generate_method_for_mime(mime)
+        sym = mime.is_a?(Symbol) ? mime : mime.to_sym
+        const = sym.to_s.upcase
+        class_eval <<-RUBY, __FILE__, __LINE__ + 1
+          def #{sym}(&block)                # def html(&block)
+            custom(Mime::#{const}, &block)  #   custom(Mime::HTML, &block)
+          end                               # end
+        RUBY
+      end
+
+      Mime::SET.each do |mime|
+        generate_method_for_mime(mime)
+      end
 
       def method_missing(symbol, &block)
-        mime_constant = symbol.to_s.upcase
-
-        if Mime::SET.include?(Mime.const_get(mime_constant))
-          custom(Mime.const_get(mime_constant), &block)
+        mime_constant = Mime.const_get(symbol.to_s.upcase)
+      
+        if Mime::SET.include?(mime_constant)
+          self.class.generate_method_for_mime(mime_constant)
+          send(symbol, &block)
         else
           super
         end

actionpack/lib/action_controller/mime_type.rb

@@ -1,3 +1,5 @@
+require 'set'
+
 module Mime
   SET              = []
   EXTENSION_LOOKUP = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
@@ -18,8 +20,20 @@ module Mime
   #   end
   class Type
     @@html_types = Set.new [:html, :all]
+    cattr_reader :html_types
+
+    # These are the content types which browsers can generate without using ajax, flash, etc
+    # i.e. following a link, getting an image or posting a form.  CSRF protection
+    # only needs to protect against these types.
+    @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
+    cattr_reader :browser_generated_types
+
+
     @@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml]
-    cattr_reader :html_types, :unverifiable_types
+    def self.unverifiable_types
+      ActiveSupport::Deprecation.warn("unverifiable_types is deprecated and has no effect", caller)
+      @@unverifiable_types
+    end
 
     # A simple helper class used in parsing the accept header
     class AcceptItem #:nodoc:
@@ -72,57 +86,61 @@ module Mime
       end
 
       def parse(accept_header)
-        # keep track of creation order to keep the subsequent sort stable
-        list = []
-        accept_header.split(/,/).each_with_index do |header, index| 
-          params, q = header.split(/;\s*q=/)       
-          if params
-            params.strip!          
-            list << AcceptItem.new(index, params, q) unless params.empty?
-          end
-        end
-        list.sort!
-
-        # Take care of the broken text/xml entry by renaming or deleting it
-        text_xml = list.index("text/xml")
-        app_xml = list.index(Mime::XML.to_s)
-
-        if text_xml && app_xml
-          # set the q value to the max of the two
-          list[app_xml].q = [list[text_xml].q, list[app_xml].q].max
-
-          # make sure app_xml is ahead of text_xml in the list
-          if app_xml > text_xml
-            list[app_xml], list[text_xml] = list[text_xml], list[app_xml]
-            app_xml, text_xml = text_xml, app_xml
-          end
-
-          # delete text_xml from the list
-          list.delete_at(text_xml)
-
-        elsif text_xml
-          list[text_xml].name = Mime::XML.to_s
-        end
-
-        # Look for more specific XML-based types and sort them ahead of app/xml
-
-        if app_xml
-          idx = app_xml
-          app_xml_type = list[app_xml]
-
-          while(idx < list.length)
-            type = list[idx]
-            break if type.q < app_xml_type.q
-            if type.name =~ /\+xml$/
-              list[app_xml], list[idx] = list[idx], list[app_xml]
-              app_xml = idx
+        if accept_header !~ /,/
+          [Mime::Type.lookup(accept_header)]
+        else
+          # keep track of creation order to keep the subsequent sort stable
+          list = []
+          accept_header.split(/,/).each_with_index do |header, index| 
+            params, q = header.split(/;\s*q=/)       
+            if params
+              params.strip!          
+              list << AcceptItem.new(index, params, q) unless params.empty?
             end
-            idx += 1
           end
-        end
+          list.sort!
 
-        list.map! { |i| Mime::Type.lookup(i.name) }.uniq!
-        list
+          # Take care of the broken text/xml entry by renaming or deleting it
+          text_xml = list.index("text/xml")
+          app_xml = list.index(Mime::XML.to_s)
+
+          if text_xml && app_xml
+            # set the q value to the max of the two
+            list[app_xml].q = [list[text_xml].q, list[app_xml].q].max
+
+            # make sure app_xml is ahead of text_xml in the list
+            if app_xml > text_xml
+              list[app_xml], list[text_xml] = list[text_xml], list[app_xml]
+              app_xml, text_xml = text_xml, app_xml
+            end
+
+            # delete text_xml from the list
+            list.delete_at(text_xml)
+
+          elsif text_xml
+            list[text_xml].name = Mime::XML.to_s
+          end
+
+          # Look for more specific XML-based types and sort them ahead of app/xml
+
+          if app_xml
+            idx = app_xml
+            app_xml_type = list[app_xml]
+
+            while(idx < list.length)
+              type = list[idx]
+              break if type.q < app_xml_type.q
+              if type.name =~ /\+xml$/
+                list[app_xml], list[idx] = list[idx], list[app_xml]
+                app_xml = idx
+              end
+              idx += 1
+            end
+          end
+
+          list.map! { |i| Mime::Type.lookup(i.name) }.uniq!
+          list
+        end
       end
     end
     
@@ -158,16 +176,28 @@ module Mime
       end
     end
 
+    def =~(mime_type)
+      return false if mime_type.blank?
+      regexp = Regexp.new(Regexp.quote(mime_type.to_s))
+      (@synonyms + [ self ]).any? do |synonym|
+        synonym.to_s =~ regexp
+      end
+    end
+
     # Returns true if Action Pack should check requests using this Mime Type for possible request forgery.  See
-    # ActionController::RequestForgerProtection.
+    # ActionController::RequestForgeryProtection.
     def verify_request?
-      !@@unverifiable_types.include?(to_sym)
+      browser_generated?
     end
 
     def html?
       @@html_types.include?(to_sym) || @string =~ /html/
     end
 
+    def browser_generated?
+      @@browser_generated_types.include?(to_sym)
+    end
+
     private
       def method_missing(method, *args)
         if method.to_s =~ /(\w+)\?$/

actionpack/lib/action_controller/mime_types.rb

@@ -17,4 +17,5 @@ Mime::Type.register "multipart/form-data", :multipart_form
 Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form
 
 # http://www.ietf.org/rfc/rfc4627.txt
-Mime::Type.register "application/json", :json, %w( text/x-json )
+# http://www.json.org/JSONRequest.html
+Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest )

actionpack/lib/action_controller/params_parser.rb

@@ -0,0 +1,77 @@
+module ActionController
+  class ParamsParser
+    ActionController::Base.param_parsers[Mime::XML] = :xml_simple
+    ActionController::Base.param_parsers[Mime::JSON] = :json
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      if params = parse_formatted_parameters(env)
+        env["action_controller.request.request_parameters"] = params
+      end
+
+      @app.call(env)
+    end
+
+    private
+      def parse_formatted_parameters(env)
+        request = Request.new(env)
+
+        return false if request.content_length.zero?
+
+        mime_type = content_type_from_legacy_post_data_format_header(env) || request.content_type
+        strategy = ActionController::Base.param_parsers[mime_type]
+
+        return false unless strategy
+
+        case strategy
+          when Proc
+            strategy.call(request.raw_post)
+          when :xml_simple, :xml_node
+            body = request.raw_post
+            body.blank? ? {} : Hash.from_xml(body).with_indifferent_access
+          when :yaml
+            YAML.load(request.raw_post)
+          when :json
+            body = request.raw_post
+            if body.blank?
+              {}
+            else
+              data = ActiveSupport::JSON.decode(body)
+              data = {:_json => data} unless data.is_a?(Hash)
+              data.with_indifferent_access
+            end
+          else
+            false
+        end
+      rescue Exception => e # YAML, XML or Ruby code block errors
+        logger.debug "Error occurred while parsing request parameters.\nContents:\n\n#{request.raw_post}"
+
+        raise
+          { "body" => request.raw_post,
+            "content_type" => request.content_type,
+            "content_length" => request.content_length,
+            "exception" => "#{e.message} (#{e.class})",
+            "backtrace" => e.backtrace }
+      end
+
+      def content_type_from_legacy_post_data_format_header(env)
+        if x_post_format = env['HTTP_X_POST_DATA_FORMAT']
+          case x_post_format.to_s.downcase
+            when 'yaml'
+              return Mime::YAML
+            when 'xml'
+              return Mime::XML
+          end
+        end
+
+        nil
+      end
+
+      def logger
+        defined?(Rails.logger) ? Rails.logger : Logger.new($stderr)
+      end
+  end
+end

actionpack/lib/action_controller/performance_test.rb

@@ -0,0 +1,15 @@
+require 'active_support/testing/performance'
+require 'active_support/testing/default'
+
+module ActionController
+  # An integration test that runs a code profiler on your test methods.
+  # Profiling output for combinations of each test method, measurement, and
+  # output format are written to your tmp/performance directory.
+  #
+  # By default, process_time is measured and both flat and graph_html output
+  # formats are written, so you'll have two output files per test method.
+  class PerformanceTest < ActionController::IntegrationTest
+    include ActiveSupport::Testing::Performance
+    include ActiveSupport::Testing::Default
+  end
+end

actionpack/lib/action_controller/polymorphic_routes.rb

@@ -36,12 +36,11 @@ module ActionController
   #
   # * <tt>edit_polymorphic_url</tt>, <tt>edit_polymorphic_path</tt>
   # * <tt>new_polymorphic_url</tt>, <tt>new_polymorphic_path</tt>
-  # * <tt>formatted_polymorphic_url</tt>, <tt>formatted_polymorphic_path</tt>
   #
   # Example usage:
   #
   #   edit_polymorphic_path(@post)              # => "/posts/1/edit"
-  #   formatted_polymorphic_path([@post, :pdf]) # => "/posts/1.pdf"
+  #   polymorphic_path(@post, :format => :pdf)  # => "/posts/1.pdf"
   module PolymorphicRoutes
     # Constructs a call to a named RESTful route for the given record and returns the
     # resulting URL string. For example:
@@ -55,7 +54,7 @@ module ActionController
     # ==== Options
     #
     # * <tt>:action</tt> - Specifies the action prefix for the named route:
-    #   <tt>:new</tt>, <tt>:edit</tt>, or <tt>:formatted</tt>. Default is no prefix.
+    #   <tt>:new</tt> or <tt>:edit</tt>. Default is no prefix.
     # * <tt>:routing_type</tt> - Allowed values are <tt>:path</tt> or <tt>:url</tt>.
     #   Default is <tt>:url</tt>.
     #
@@ -73,13 +72,13 @@ module ActionController
     #
     def polymorphic_url(record_or_hash_or_array, options = {})
       if record_or_hash_or_array.kind_of?(Array)
-        record_or_hash_or_array = record_or_hash_or_array.dup
+        record_or_hash_or_array = record_or_hash_or_array.compact
+        record_or_hash_or_array = record_or_hash_or_array[0] if record_or_hash_or_array.size == 1
       end
 
       record    = extract_record(record_or_hash_or_array)
-      format    = extract_format(record_or_hash_or_array, options)
       namespace = extract_namespace(record_or_hash_or_array)
-      
+
       args = case record_or_hash_or_array
         when Hash;  [ record_or_hash_or_array ]
         when Array; record_or_hash_or_array.dup
@@ -99,10 +98,15 @@ module ActionController
         end
 
       args.delete_if {|arg| arg.is_a?(Symbol) || arg.is_a?(String)}
-      args << format if format
-      
+
       named_route = build_named_route_call(record_or_hash_or_array, namespace, inflection, options)
-      send!(named_route, *args)
+
+      url_options = options.except(:action, :routing_type)
+      unless url_options.empty?
+        args.last.kind_of?(Hash) ? args.last.merge!(url_options) : args << url_options
+      end
+
+      __send__(named_route, *args)
     end
 
     # Returns the path component of a URL for the given record. It uses
@@ -112,21 +116,37 @@ module ActionController
       polymorphic_url(record_or_hash_or_array, options)
     end
 
-    %w(edit new formatted).each do |action|
+    %w(edit new).each do |action|
       module_eval <<-EOT, __FILE__, __LINE__
-        def #{action}_polymorphic_url(record_or_hash)
-          polymorphic_url(record_or_hash, :action => "#{action}")
-        end
-
-        def #{action}_polymorphic_path(record_or_hash)
-          polymorphic_url(record_or_hash, :action => "#{action}", :routing_type => :path)
-        end
+        def #{action}_polymorphic_url(record_or_hash, options = {})         # def edit_polymorphic_url(record_or_hash, options = {})
+          polymorphic_url(                                                  #   polymorphic_url(
+            record_or_hash,                                                 #     record_or_hash,
+            options.merge(:action => "#{action}"))                          #     options.merge(:action => "edit"))
+        end                                                                 # end
+                                                                            #
+        def #{action}_polymorphic_path(record_or_hash, options = {})        # def edit_polymorphic_path(record_or_hash, options = {})
+          polymorphic_url(                                                  #   polymorphic_url(
+            record_or_hash,                                                 #     record_or_hash,
+            options.merge(:action => "#{action}", :routing_type => :path))  #     options.merge(:action => "edit", :routing_type => :path))
+        end                                                                 # end
       EOT
     end
 
+    def formatted_polymorphic_url(record_or_hash, options = {})
+      ActiveSupport::Deprecation.warn("formatted_polymorphic_url has been deprecated. Please pass :format to the polymorphic_url method instead", caller)
+      options[:format] = record_or_hash.pop if Array === record_or_hash
+      polymorphic_url(record_or_hash, options)
+    end
+
+    def formatted_polymorphic_path(record_or_hash, options = {})
+      ActiveSupport::Deprecation.warn("formatted_polymorphic_path has been deprecated. Please pass :format to the polymorphic_path method instead", caller)
+      options[:format] = record_or_hash.pop if record_or_hash === Array
+      polymorphic_url(record_or_hash, options.merge(:routing_type => :path))
+    end
+
     private
       def action_prefix(options)
-        options[:action] ? "#{options[:action]}_" : ""
+        options[:action] ? "#{options[:action]}_" : ''
       end
 
       def routing_type(options)
@@ -143,7 +163,8 @@ module ActionController
             if parent.is_a?(Symbol) || parent.is_a?(String)
               string << "#{parent}_"
             else
-              string << "#{RecordIdentifier.send!("singular_class_name", parent)}_"
+              string << "#{RecordIdentifier.__send__("plural_class_name", parent)}".singularize
+              string << "_"
             end
           end
         end
@@ -151,7 +172,9 @@ module ActionController
         if record.is_a?(Symbol) || record.is_a?(String)
           route << "#{record}_"
         else
-          route << "#{RecordIdentifier.send!("#{inflection}_class_name", record)}_"
+          route << "#{RecordIdentifier.__send__("plural_class_name", record)}"
+          route = route.singularize if inflection == :singular
+          route << "_"
         end
 
         action_prefix(options) + namespace + route + routing_type(options).to_s
@@ -164,17 +187,7 @@ module ActionController
           else        record_or_hash_or_array
         end
       end
-      
-      def extract_format(record_or_hash_or_array, options)
-        if options[:action].to_s == "formatted" && record_or_hash_or_array.is_a?(Array)
-          record_or_hash_or_array.pop
-        elsif options[:format]
-          options[:format]
-        else
-          nil
-        end
-      end
-      
+
       # Remove the first symbols from the array and return the url prefix
       # implied by those symbols.
       def extract_namespace(record_or_hash_or_array)

actionpack/lib/action_controller/reloader.rb

@@ -0,0 +1,54 @@
+require 'thread'
+
+module ActionController
+  class Reloader
+    @@default_lock = Mutex.new
+    cattr_accessor :default_lock
+
+    class BodyWrapper
+      def initialize(body, lock)
+        @body = body
+        @lock = lock
+      end
+
+      def close
+        @body.close if @body.respond_to?(:close)
+      ensure
+        Dispatcher.cleanup_application
+        @lock.unlock
+      end
+
+      def method_missing(*args, &block)
+        @body.send(*args, &block)
+      end
+
+      def respond_to?(symbol, include_private = false)
+        symbol == :close || @body.respond_to?(symbol, include_private)
+      end
+    end
+
+    def self.run(lock = @@default_lock)
+      lock.lock
+      begin
+        Dispatcher.reload_application
+        status, headers, body = yield
+        # We do not want to call 'cleanup_application' in an ensure block
+        # because the returned Rack response body may lazily generate its data. This
+        # is for example the case if one calls
+        #
+        #   render :text => lambda { ... code here which refers to application models ... }
+        #
+        # in an ActionController.
+        #
+        # Instead, we will want to cleanup the application code after the request is
+        # completely finished. So we wrap the body in a BodyWrapper class so that
+        # when the Rack handler calls #close during the end of the request, we get to
+        # run our cleanup code.
+        [status, headers, BodyWrapper.new(body, lock)]
+      rescue Exception
+        lock.unlock
+        raise
+      end
+    end
+  end
+end

actionpack/lib/action_controller/request.rb

@@ -2,35 +2,43 @@ require 'tempfile'
 require 'stringio'
 require 'strscan'
 
+require 'active_support/memoizable'
+require 'action_controller/cgi_ext'
+
 module ActionController
-  # HTTP methods which are accepted by default. 
-  ACCEPTED_HTTP_METHODS = Set.new(%w( get head put post delete options ))
+  class Request < Rack::Request
 
-  # CgiRequest and TestRequest provide concrete implementations.
-  class AbstractRequest
-    cattr_accessor :relative_url_root
-    remove_method :relative_url_root
+    %w[ AUTH_TYPE GATEWAY_INTERFACE
+        PATH_TRANSLATED REMOTE_HOST
+        REMOTE_IDENT REMOTE_USER REMOTE_ADDR
+        SERVER_NAME SERVER_PROTOCOL
 
-    # The hash of environment variables for this request,
-    # such as { 'RAILS_ENV' => 'production' }.
-    attr_reader :env
-
-    # The true HTTP request method as a lowercase symbol, such as <tt>:get</tt>.
-    # UnknownHttpMethod is raised for invalid methods not listed in ACCEPTED_HTTP_METHODS.
-    def request_method
-      @request_method ||= begin
-        method = ((@env['REQUEST_METHOD'] == 'POST' && !parameters[:_method].blank?) ? parameters[:_method].to_s : @env['REQUEST_METHOD']).downcase
-        if ACCEPTED_HTTP_METHODS.include?(method)
-          method.to_sym
-        else
-          raise UnknownHttpMethod, "#{method}, accepted HTTP methods are #{ACCEPTED_HTTP_METHODS.to_a.to_sentence}"
-        end
+        HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING
+        HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM
+        HTTP_NEGOTIATE HTTP_PRAGMA HTTP_REFERER HTTP_USER_AGENT ].each do |env|
+      define_method(env.sub(/^HTTP_/n, '').downcase) do
+        @env[env]
       end
     end
 
-    # The HTTP request method as a lowercase symbol, such as <tt>:get</tt>.
-    # Note, HEAD is returned as <tt>:get</tt> since the two are functionally
-    # equivalent from the application's perspective.
+    def key?(key)
+      @env.key?(key)
+    end
+
+    HTTP_METHODS = %w(get head put post delete options)
+    HTTP_METHOD_LOOKUP = HTTP_METHODS.inject({}) { |h, m| h[m] = h[m.upcase] = m.to_sym; h }
+
+    # Returns the true HTTP request \method as a lowercase symbol, such as
+    # <tt>:get</tt>. If the request \method is not listed in the HTTP_METHODS
+    # constant above, an UnknownHttpMethod exception is raised.
+    def request_method
+      @request_method ||= HTTP_METHOD_LOOKUP[super] || raise(UnknownHttpMethod, "#{super}, accepted HTTP methods are #{HTTP_METHODS.to_sentence(:locale => :en)}")
+    end
+
+    # Returns the HTTP request \method used for action processing as a
+    # lowercase symbol, such as <tt>:post</tt>. (Unlike #request_method, this
+    # method returns <tt>:get</tt> for a HEAD request because the two are
+    # functionally equivalent from the application's perspective.)
     def method
       request_method == :head ? :get : request_method
     end
@@ -55,57 +63,114 @@ module ActionController
       request_method == :delete
     end
 
-    # Is this a HEAD request? <tt>request.method</tt> sees HEAD as <tt>:get</tt>,
-    # so check the HTTP method directly.
+    # Is this a HEAD request? Since <tt>request.method</tt> sees HEAD as <tt>:get</tt>,
+    # this \method checks the actual HTTP \method directly.
     def head?
       request_method == :head
     end
 
-    # Provides acccess to the request's HTTP headers, for example:
-    #  request.headers["Content-Type"] # => "text/plain"
+    # Provides access to the request's HTTP headers, for example:
+    #
+    #   request.headers["Content-Type"] # => "text/plain"
     def headers
       @headers ||= ActionController::Http::Headers.new(@env)
     end
 
+    # Returns the content length of the request as an integer.
     def content_length
-      @content_length ||= env['CONTENT_LENGTH'].to_i
+      super.to_i
     end
 
     # The MIME type of the HTTP request, such as Mime::XML.
     #
-    # For backward compatibility, the post format is extracted from the
+    # For backward compatibility, the post \format is extracted from the
     # X-Post-Data-Format HTTP header if present.
     def content_type
-      @content_type ||= Mime::Type.lookup(content_type_without_parameters)
-    end
-
-    # Returns the accepted MIME type for the request
-    def accepts
-      @accepts ||=
-        if @env['HTTP_ACCEPT'].to_s.strip.empty?
-          [ content_type, Mime::ALL ].compact # make sure content_type being nil is not included
+      @content_type ||= begin
+        if @env['CONTENT_TYPE'] =~ /^([^,\;]*)/
+          Mime::Type.lookup($1.strip.downcase)
         else
-          Mime::Type.parse(@env['HTTP_ACCEPT'])
+          nil
         end
+      end
     end
 
-    # Returns the Mime type for the format used in the request. If there is no format available, the first of the 
-    # accept types will be used. Examples:
+    def media_type
+      content_type.to_s
+    end
+
+    # Returns the accepted MIME type for the request.
+    def accepts
+      @accepts ||= begin
+        header = @env['HTTP_ACCEPT'].to_s.strip
+
+        if header.empty?
+          [content_type, Mime::ALL].compact
+        else
+          Mime::Type.parse(header)
+        end
+      end
+    end
+
+    def if_modified_since
+      if since = env['HTTP_IF_MODIFIED_SINCE']
+        Time.rfc2822(since) rescue nil
+      end
+    end
+
+    def if_none_match
+      env['HTTP_IF_NONE_MATCH']
+    end
+
+    def not_modified?(modified_at)
+      if_modified_since && modified_at && if_modified_since >= modified_at
+    end
+
+    def etag_matches?(etag)
+      if_none_match && if_none_match == etag
+    end
+
+    # Check response freshness (Last-Modified and ETag) against request
+    # If-Modified-Since and If-None-Match conditions. If both headers are
+    # supplied, both must match, or the request is not considered fresh.
+    def fresh?(response)
+      case
+      when if_modified_since && if_none_match
+        not_modified?(response.last_modified) && etag_matches?(response.etag)
+      when if_modified_since
+        not_modified?(response.last_modified)
+      when if_none_match
+        etag_matches?(response.etag)
+      else
+        false
+      end
+    end
+
+    # Returns the Mime type for the \format used in the request.
     #
     #   GET /posts/5.xml   | request.format => Mime::XML
     #   GET /posts/5.xhtml | request.format => Mime::HTML
-    #   GET /posts/5       | request.format => request.accepts.first (usually Mime::HTML for browsers)
+    #   GET /posts/5       | request.format => Mime::HTML or MIME::JS, or request.accepts.first depending on the value of <tt>ActionController::Base.use_accept_header</tt>
     def format
-      @format ||= parameters[:format] ? Mime::Type.lookup_by_extension(parameters[:format]) : accepts.first
+      @format ||=
+        if parameters[:format]
+          Mime::Type.lookup_by_extension(parameters[:format])
+        elsif ActionController::Base.use_accept_header
+          accepts.first
+        elsif xhr?
+          Mime::Type.lookup_by_extension("js")
+        else
+          Mime::Type.lookup_by_extension("html")
+        end
     end
-    
-    
-    # Sets the format by string extension, which can be used to force custom formats that are not controlled by the extension.
-    # Example:
+
+
+    # Sets the \format by string extension, which can be used to force custom formats
+    # that are not controlled by the extension.
     #
     #   class ApplicationController < ActionController::Base
     #     before_filter :adjust_format_for_iphone
-    #   
+    #
     #     private
     #       def adjust_format_for_iphone
     #         request.format = :iphone if request.env["HTTP_USER_AGENT"][/iPhone/]
@@ -116,6 +181,25 @@ module ActionController
       @format = Mime::Type.lookup_by_extension(parameters[:format])
     end
 
+    # Returns a symbolized version of the <tt>:format</tt> parameter of the request.
+    # If no \format is given it returns <tt>:js</tt>for Ajax requests and <tt>:html</tt>
+    # otherwise.
+    def template_format
+      parameter_format = parameters[:format]
+
+      if parameter_format
+        parameter_format
+      elsif xhr?
+        :js
+      else
+        :html
+      end
+    end
+
+    def cache_format
+      parameters[:format]
+    end
+
     # Returns true if the request's "X-Requested-With" header contains
     # "XMLHttpRequest". (The Prototype Javascript library sends this header with
     # every Ajax request.)
@@ -128,14 +212,14 @@ module ActionController
     # the right-hand-side of X-Forwarded-For
     TRUSTED_PROXIES = /^127\.0\.0\.1$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\./i
 
-    # Determine originating IP address.  REMOTE_ADDR is the standard
+    # Determines originating IP address.  REMOTE_ADDR is the standard
     # but will fail if the user is behind a proxy.  HTTP_CLIENT_IP and/or
     # HTTP_X_FORWARDED_FOR are set by proxies so check for these if
     # REMOTE_ADDR is a proxy.  HTTP_X_FORWARDED_FOR may be a comma-
     # delimited list in the case of multiple chained proxies; the last
     # address which is not trusted is the originating IP.
     def remote_ip
-      remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].split(',').collect(&:strip)
+      remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/)
 
       unless remote_addr_list.blank?
         not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
@@ -144,7 +228,7 @@ module ActionController
       remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
 
       if @env.include? 'HTTP_CLIENT_IP'
-        if remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
+        if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
           # We don't know which came from the proxy, and which from the user
           raise ActionControllerError.new(<<EOM)
 IP spoofing attack?!
@@ -172,13 +256,12 @@ EOM
       (@env['SERVER_SOFTWARE'] && /^([a-zA-Z]+)/ =~ @env['SERVER_SOFTWARE']) ? $1.downcase : nil
     end
 
-
-    # Returns the complete URL used for this request
+    # Returns the complete URL used for this request.
     def url
       protocol + host_with_port + request_uri
     end
 
-    # Return 'https://' if this is an SSL request and 'http://' otherwise.
+    # Returns 'https://' if this is an SSL request and 'http://' otherwise.
     def protocol
       ssl? ? 'https://' : 'http://'
     end
@@ -188,22 +271,36 @@ EOM
       @env['HTTPS'] == 'on' || @env['HTTP_X_FORWARDED_PROTO'] == 'https'
     end
 
-    # Returns the host for this request, such as example.com.
-    def host
+    # Returns the \host for this request, such as "example.com".
+    def raw_host_with_port
+      if forwarded = env["HTTP_X_FORWARDED_HOST"]
+        forwarded.split(/,\s?/).last
+      else
+        env['HTTP_HOST'] || "#{env['SERVER_NAME'] || env['SERVER_ADDR']}:#{env['SERVER_PORT']}"
+      end
     end
 
-    # Returns a host:port string for this request, such as example.com or
-    # example.com:8080.
+    # Returns the host for this request, such as example.com.
+    def host
+      raw_host_with_port.sub(/:\d+$/, '')
+    end
+
+    # Returns a \host:\port string for this request, such as "example.com" or
+    # "example.com:8080".
     def host_with_port
-      @host_with_port ||= host + port_string
+      "#{host}#{port_string}"
     end
 
     # Returns the port number of this request as an integer.
     def port
-      @port_as_int ||= @env['SERVER_PORT'].to_i
+      if raw_host_with_port =~ /:(\d+)$/
+        $1.to_i
+      else
+        standard_port
+      end
     end
 
-    # Returns the standard port number for this request's protocol
+    # Returns the standard \port number for this request's protocol.
     def standard_port
       case protocol
         when 'https://' then 443
@@ -211,13 +308,13 @@ EOM
       end
     end
 
-    # Returns a port suffix like ":8080" if the port number of this request
-    # is not the default HTTP port 80 or HTTPS port 443.
+    # Returns a \port suffix like ":8080" if the \port number of this request
+    # is not the default HTTP \port 80 or HTTPS \port 443.
     def port_string
-      (port == standard_port) ? '' : ":#{port}"
+      port == standard_port ? '' : ":#{port}"
     end
 
-    # Returns the domain part of a host, such as rubyonrails.org in "www.rubyonrails.org". You can specify
+    # Returns the \domain part of a \host, such as "rubyonrails.org" in "www.rubyonrails.org". You can specify
     # a different <tt>tld_length</tt>, such as 2 to catch rubyonrails.co.uk in "www.rubyonrails.co.uk".
     def domain(tld_length = 1)
       return nil unless named_host?(host)
@@ -225,8 +322,9 @@ EOM
       host.split('.').last(1 + tld_length).join('.')
     end
 
-    # Returns all the subdomains as an array, so ["dev", "www"] would be returned for "dev.www.rubyonrails.org".
-    # You can specify a different <tt>tld_length</tt>, such as 2 to catch ["www"] instead of ["www", "rubyonrails"]
+    # Returns all the \subdomains as an array, so <tt>["dev", "www"]</tt> would be
+    # returned for "dev.www.rubyonrails.org". You can specify a different <tt>tld_length</tt>,
+    # such as 2 to catch <tt>["www"]</tt> instead of <tt>["www", "rubyonrails"]</tt>
     # in "www.rubyonrails.co.uk".
     def subdomains(tld_length = 1)
       return [] unless named_host?(host)
@@ -234,16 +332,12 @@ EOM
       parts[0..-(tld_length+2)]
     end
 
-    # Return the query string, accounting for server idiosyncracies.
+    # Returns the query string, accounting for server idiosyncrasies.
     def query_string
-      if uri = @env['REQUEST_URI']
-        uri.split('?', 2)[1] || ''
-      else
-        @env['QUERY_STRING'] || ''
-      end
+      @env['QUERY_STRING'].present? ? @env['QUERY_STRING'] : (@env['REQUEST_URI'].split('?', 2)[1] || '')
     end
 
-    # Return the request URI, accounting for server idiosyncracies.
+    # Returns the request URI, accounting for server idiosyncrasies.
     # WEBrick includes the full URL. IIS leaves REQUEST_URI blank.
     def request_uri
       if uri = @env['REQUEST_URI']
@@ -251,514 +345,149 @@ EOM
         (%r{^\w+\://[^/]+(/.*|$)$} =~ uri) ? $1 : uri
       else
         # Construct IIS missing REQUEST_URI from SCRIPT_NAME and PATH_INFO.
-        script_filename = @env['SCRIPT_NAME'].to_s.match(%r{[^/]+$})
-        uri = @env['PATH_INFO']
-        uri = uri.sub(/#{script_filename}\//, '') unless script_filename.nil?
-        unless (env_qs = @env['QUERY_STRING']).nil? || env_qs.empty?
-          uri << '?' << env_qs
+        uri = @env['PATH_INFO'].to_s
+
+        if script_filename = @env['SCRIPT_NAME'].to_s.match(%r{[^/]+$})
+          uri = uri.sub(/#{script_filename}\//, '')
         end
 
-        if uri.nil?
+        env_qs = @env['QUERY_STRING'].to_s
+        uri += "?#{env_qs}" unless env_qs.empty?
+
+        if uri.blank?
           @env.delete('REQUEST_URI')
-          uri
         else
           @env['REQUEST_URI'] = uri
         end
       end
     end
 
-    # Returns the interpreted path to requested resource after all the installation directory of this application was taken into account
+    # Returns the interpreted \path to requested resource after all the installation
+    # directory of this application was taken into account.
     def path
-      path = (uri = request_uri) ? uri.split('?').first.to_s : ''
-
-      # Cut off the path to the installation directory if given
-      path.sub!(%r/^#{relative_url_root}/, '')
-      path || ''      
-    end
-    
-    # Returns the path minus the web server relative installation directory.
-    # This can be set with the environment variable RAILS_RELATIVE_URL_ROOT.
-    # It can be automatically extracted for Apache setups. If the server is not
-    # Apache, this method returns an empty string.
-    def relative_url_root
-      @@relative_url_root ||= case
-        when @env["RAILS_RELATIVE_URL_ROOT"]
-          @env["RAILS_RELATIVE_URL_ROOT"]
-        when server_software == 'apache'
-          @env["SCRIPT_NAME"].to_s.sub(/\/dispatch\.(fcgi|rb|cgi)$/, '')
-        else
-          ''
-      end
+      path = request_uri.to_s[/\A[^\?]*/]
+      path.sub!(/\A#{ActionController::Base.relative_url_root}/, '')
+      path
     end
 
-
-    # Read the request body. This is useful for web services that need to
+    # Read the request \body. This is useful for web services that need to
     # work with raw requests directly.
     def raw_post
-      unless env.include? 'RAW_POST_DATA'
-        env['RAW_POST_DATA'] = body.read(content_length)
+      unless @env.include? 'RAW_POST_DATA'
+        @env['RAW_POST_DATA'] = body.read(@env['CONTENT_LENGTH'].to_i)
         body.rewind if body.respond_to?(:rewind)
       end
-      env['RAW_POST_DATA']
+      @env['RAW_POST_DATA']
     end
 
-    # Returns both GET and POST parameters in a single hash.
+    # Returns both GET and POST \parameters in a single hash.
     def parameters
       @parameters ||= request_parameters.merge(query_parameters).update(path_parameters).with_indifferent_access
     end
+    alias_method :params, :parameters
 
     def path_parameters=(parameters) #:nodoc:
-      @path_parameters = parameters
+      @env["action_controller.request.path_parameters"] = parameters
       @symbolized_path_parameters = @parameters = nil
     end
 
-    # The same as <tt>path_parameters</tt> with explicitly symbolized keys 
-    def symbolized_path_parameters 
+    # The same as <tt>path_parameters</tt> with explicitly symbolized keys.
+    def symbolized_path_parameters
       @symbolized_path_parameters ||= path_parameters.symbolize_keys
     end
 
-    # Returns a hash with the parameters used to form the path of the request.
-    # Returned hash keys are strings.  See <tt>symbolized_path_parameters</tt> for symbolized keys.
-    #
-    # Example: 
+    # Returns a hash with the \parameters used to form the \path of the request.
+    # Returned hash keys are strings:
     #
     #   {'action' => 'my_action', 'controller' => 'my_controller'}
+    #
+    # See <tt>symbolized_path_parameters</tt> for symbolized keys.
     def path_parameters
-      @path_parameters ||= {}
+      @env["action_controller.request.path_parameters"] ||= {}
     end
 
-
-    #--
-    # Must be implemented in the concrete request
-    #++
-
-    # The request body is an IO input stream.
+    # The request body is an IO input stream. If the RAW_POST_DATA environment
+    # variable is already set, wrap it in a StringIO.
     def body
+      if raw_post = @env['RAW_POST_DATA']
+        raw_post.force_encoding(Encoding::BINARY) if raw_post.respond_to?(:force_encoding)
+        StringIO.new(raw_post)
+      else
+        @env['rack.input']
+      end
     end
 
-    def query_parameters #:nodoc:
+    def form_data?
+      FORM_DATA_MEDIA_TYPES.include?(content_type.to_s)
     end
 
-    def request_parameters #:nodoc:
+    # Override Rack's GET method to support indifferent access
+    def GET
+      @env["action_controller.request.query_parameters"] ||= normalize_parameters(super)
+    end
+    alias_method :query_parameters, :GET
+
+    # Override Rack's POST method to support indifferent access
+    def POST
+      @env["action_controller.request.request_parameters"] ||= normalize_parameters(super)
+    end
+    alias_method :request_parameters, :POST
+
+    def body_stream #:nodoc:
+      @env['rack.input']
     end
 
-    def cookies #:nodoc:
-    end
-
-    def session #:nodoc:
+    def session
+      @env['rack.session'] ||= {}
     end
 
     def session=(session) #:nodoc:
-      @session = session
+      @env['rack.session'] = session
     end
 
-    def reset_session #:nodoc:
+    def reset_session
+      @env['rack.session.options'].delete(:id)
+      @env['rack.session'] = {}
     end
 
-    protected
-      # The raw content type string. Use when you need parameters such as
-      # charset or boundary which aren't included in the content_type MIME type.
-      # Overridden by the X-POST_DATA_FORMAT header for backward compatibility.
-      def content_type_with_parameters
-        content_type_from_legacy_post_data_format_header ||
-          env['CONTENT_TYPE'].to_s
-      end
+    def session_options
+      @env['rack.session.options'] ||= {}
+    end
 
-      # The raw content type string with its parameters stripped off.
-      def content_type_without_parameters
-        @content_type_without_parameters ||= self.class.extract_content_type_without_parameters(content_type_with_parameters)
-      end
+    def session_options=(options)
+      @env['rack.session.options'] = options
+    end
+
+    def server_port
+      @env['SERVER_PORT'].to_i
+    end
 
     private
-      def content_type_from_legacy_post_data_format_header
-        if x_post_format = @env['HTTP_X_POST_DATA_FORMAT']
-          case x_post_format.to_s.downcase
-            when 'yaml';  'application/x-yaml'
-            when 'xml';   'application/xml'
-          end
-        end
-      end
-
-      def parse_formatted_request_parameters
-        return {} if content_length.zero?
-
-        content_type, boundary = self.class.extract_multipart_boundary(content_type_with_parameters)
-
-        # Don't parse params for unknown requests.
-        return {} if content_type.blank?
-
-        mime_type = Mime::Type.lookup(content_type)
-        strategy = ActionController::Base.param_parsers[mime_type]
-
-        # Only multipart form parsing expects a stream.
-        body = (strategy && strategy != :multipart_form) ? raw_post : self.body
-
-        case strategy
-          when Proc
-            strategy.call(body)
-          when :url_encoded_form
-            self.class.clean_up_ajax_request_body! body
-            self.class.parse_query_parameters(body)
-          when :multipart_form
-            self.class.parse_multipart_form_parameters(body, boundary, content_length, env)
-          when :xml_simple, :xml_node
-            body.blank? ? {} : Hash.from_xml(body).with_indifferent_access
-          when :yaml
-            YAML.load(body)
-          when :json
-            if body.blank?
-              {}
-            else
-              data = ActiveSupport::JSON.decode(body)
-              data = {:_json => data} unless data.is_a?(Hash)
-              data.with_indifferent_access
-            end
-          else
-            {}
-        end
-      rescue Exception => e # YAML, XML or Ruby code block errors
-        raise
-        { "body" => body,
-          "content_type" => content_type_with_parameters,
-          "content_length" => content_length,
-          "exception" => "#{e.message} (#{e.class})",
-          "backtrace" => e.backtrace }
-      end
-
       def named_host?(host)
         !(host.nil? || /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.match(host))
       end
 
-    class << self
-      def parse_query_parameters(query_string)
-        return {} if query_string.blank?
-
-        pairs = query_string.split('&').collect do |chunk|
-          next if chunk.empty?
-          key, value = chunk.split('=', 2)
-          next if key.empty?
-          value = value.nil? ? nil : CGI.unescape(value)
-          [ CGI.unescape(key), value ]
-        end.compact
-
-        UrlEncodedPairParser.new(pairs).result
-      end
-
-      def parse_request_parameters(params)
-        parser = UrlEncodedPairParser.new
-
-        params = params.dup
-        until params.empty?
-          for key, value in params
-            if key.blank?
-              params.delete key
-            elsif !key.include?('[')
-              # much faster to test for the most common case first (GET)
-              # and avoid the call to build_deep_hash
-              parser.result[key] = get_typed_value(value[0])
-              params.delete key
-            elsif value.is_a?(Array)
-              parser.parse(key, get_typed_value(value.shift))
-              params.delete key if value.empty?
-            else
-              raise TypeError, "Expected array, found #{value.inspect}"
-            end
-          end
-        end
-
-        parser.result
-      end
-
-      def parse_multipart_form_parameters(body, boundary, body_size, env)
-        parse_request_parameters(read_multipart(body, boundary, body_size, env))
-      end
-
-      def extract_multipart_boundary(content_type_with_parameters)
-        if content_type_with_parameters =~ MULTIPART_BOUNDARY
-          ['multipart/form-data', $1.dup]
-        else
-          extract_content_type_without_parameters(content_type_with_parameters)
-        end
-      end
-
-      def extract_content_type_without_parameters(content_type_with_parameters)
-        $1.strip.downcase if content_type_with_parameters =~ /^([^,\;]*)/
-      end
-
-      def clean_up_ajax_request_body!(body)
-        body.chop! if body[-1] == 0
-        body.gsub!(/&_=$/, '')
-      end
-
-
-      private
-        def get_typed_value(value)
-          case value
-            when String
-              value
-            when NilClass
-              ''
-            when Array
-              value.map { |v| get_typed_value(v) }
-            else
-              if value.respond_to? :original_filename
-                # Uploaded file
-                if value.original_filename
-                  value
-                # Multipart param
-                else
-                  result = value.read
-                  value.rewind
-                  result
-                end
-              # Unknown value, neither string nor multipart.
-              else
-                raise "Unknown form value: #{value.inspect}"
-              end
-          end
-        end
-
-        MULTIPART_BOUNDARY = %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|n
-
-        EOL = "\015\012"
-
-        def read_multipart(body, boundary, body_size, env)
-          params = Hash.new([])
-          boundary = "--" + boundary
-          quoted_boundary = Regexp.quote(boundary)
-          buf = ""
-          bufsize = 10 * 1024
-          boundary_end=""
-
-          # start multipart/form-data
-          body.binmode if defined? body.binmode
-          case body
-          when File
-            body.set_encoding(Encoding::BINARY) if body.respond_to?(:set_encoding)
-          when StringIO
-            body.string.force_encoding(Encoding::BINARY) if body.string.respond_to?(:force_encoding)
-          end
-          boundary_size = boundary.size + EOL.size
-          body_size -= boundary_size
-          status = body.read(boundary_size)
-          if nil == status
-            raise EOFError, "no content body"
-          elsif boundary + EOL != status
-            raise EOFError, "bad content body"
-          end
-
-          loop do
-            head = nil
-            content =
-              if 10240 < body_size
-                UploadedTempfile.new("CGI")
-              else
-                UploadedStringIO.new
-              end
-            content.binmode if defined? content.binmode
-
-            until head and /#{quoted_boundary}(?:#{EOL}|--)/n.match(buf)
-
-              if (not head) and /#{EOL}#{EOL}/n.match(buf)
-                buf = buf.sub(/\A((?:.|\n)*?#{EOL})#{EOL}/n) do
-                  head = $1.dup
-                  ""
-                end
-                next
-              end
-
-              if head and ( (EOL + boundary + EOL).size < buf.size )
-                content.print buf[0 ... (buf.size - (EOL + boundary + EOL).size)]
-                buf[0 ... (buf.size - (EOL + boundary + EOL).size)] = ""
-              end
-
-              c = if bufsize < body_size
-                    body.read(bufsize)
-                  else
-                    body.read(body_size)
-                  end
-              if c.nil? || c.empty?
-                raise EOFError, "bad content body"
-              end
-              buf.concat(c)
-              body_size -= c.size
-            end
-
-            buf = buf.sub(/\A((?:.|\n)*?)(?:[\r\n]{1,2})?#{quoted_boundary}([\r\n]{1,2}|--)/n) do
-              content.print $1
-              if "--" == $2
-                body_size = -1
-              end
-              boundary_end = $2.dup
-              ""
-            end
-
-            content.rewind
-
-            head =~ /Content-Disposition:.* filename=(?:"((?:\\.|[^\"])*)"|([^;]*))/ni
-            if filename = $1 || $2
-              if /Mac/ni.match(env['HTTP_USER_AGENT']) and
-                  /Mozilla/ni.match(env['HTTP_USER_AGENT']) and
-                  (not /MSIE/ni.match(env['HTTP_USER_AGENT']))
-                filename = CGI.unescape(filename)
-              end
-              content.original_path = filename.dup
-            end
-
-            head =~ /Content-Type: ([^\r]*)/ni
-            content.content_type = $1.dup if $1
-
-            head =~ /Content-Disposition:.* name="?([^\";]*)"?/ni
-            name = $1.dup if $1
-
-            if params.has_key?(name)
-              params[name].push(content)
-            else
-              params[name] = [content]
-            end
-            break if body_size == -1
-          end
-          raise EOFError, "bad boundary end of body part" unless boundary_end=~/--/
-
-          begin
-            body.rewind if body.respond_to?(:rewind)
-          rescue Errno::ESPIPE
-            # Handles exceptions raised by input streams that cannot be rewound
-            # such as when using plain CGI under Apache
-          end
-
-          params
-        end
-    end
-  end
-
-  class UrlEncodedPairParser < StringScanner #:nodoc:
-    attr_reader :top, :parent, :result
-
-    def initialize(pairs = [])
-      super('')
-      @result = {}
-      pairs.each { |key, value| parse(key, value) }
-    end
-
-    KEY_REGEXP = %r{([^\[\]=&]+)}
-    BRACKETED_KEY_REGEXP = %r{\[([^\[\]=&]+)\]}
-
-    # Parse the query string
-    def parse(key, value)
-      self.string = key
-      @top, @parent = result, nil
-
-      # First scan the bare key
-      key = scan(KEY_REGEXP) or return
-      key = post_key_check(key)
-
-      # Then scan as many nestings as present
-      until eos?
-        r = scan(BRACKETED_KEY_REGEXP) or return
-        key = self[1]
-        key = post_key_check(key)
-      end
-
-      bind(key, value)
-    end
-
-    private
-      # After we see a key, we must look ahead to determine our next action. Cases:
-      #
-      #   [] follows the key. Then the value must be an array.
-      #   = follows the key. (A value comes next)
-      #   & or the end of string follows the key. Then the key is a flag.
-      #   otherwise, a hash follows the key.
-      def post_key_check(key)
-        if scan(/\[\]/) # a[b][] indicates that b is an array
-          container(key, Array)
-          nil
-        elsif check(/\[[^\]]/) # a[b] indicates that a is a hash
-          container(key, Hash)
-          nil
-        else # End of key? We do nothing.
-          key
-        end
-      end
-
-      # Add a container to the stack.
-      def container(key, klass)
-        type_conflict! klass, top[key] if top.is_a?(Hash) && top.key?(key) && ! top[key].is_a?(klass)
-        value = bind(key, klass.new)
-        type_conflict! klass, value unless value.is_a?(klass)
-        push(value)
-      end
-
-      # Push a value onto the 'stack', which is actually only the top 2 items.
-      def push(value)
-        @parent, @top = @top, value
-      end
-
-      # Bind a key (which may be nil for items in an array) to the provided value.
-      def bind(key, value)
-        if top.is_a? Array
-          if key
-            if top[-1].is_a?(Hash) && ! top[-1].key?(key)
-              top[-1][key] = value
-            else
-              top << {key => value}.with_indifferent_access
-              push top.last
-              value = top[key]
-            end
+      # Convert nested Hashs to HashWithIndifferentAccess and replace
+      # file upload hashs with UploadedFile objects
+      def normalize_parameters(value)
+        case value
+        when Hash
+          if value.has_key?(:tempfile)
+            upload = value[:tempfile]
+            upload.extend(UploadedFile)
+            upload.original_path = value[:filename]
+            upload.content_type = value[:type]
+            upload
           else
-            top << value
+            h = {}
+            value.each { |k, v| h[k] = normalize_parameters(v) }
+            h.with_indifferent_access
           end
-        elsif top.is_a? Hash
-          key = CGI.unescape(key)
-          parent << (@top = {}) if top.key?(key) && parent.is_a?(Array)
-          top[key] ||= value
-          return top[key]
+        when Array
+          value.map { |e| normalize_parameters(e) }
         else
-          raise ArgumentError, "Don't know what to do: top is #{top.inspect}"
+          value
         end
-
-        return value
       end
-
-      def type_conflict!(klass, value)
-        raise TypeError, "Conflicting types for parameter containers. Expected an instance of #{klass} but found an instance of #{value.class}. This can be caused by colliding Array and Hash parameters like qs[]=value&qs[key]=value. (The parameters received were #{value.inspect}.)"
-      end
-  end
-
-  module UploadedFile
-    def self.included(base)
-      base.class_eval do
-        attr_accessor :original_path, :content_type
-        alias_method :local_path, :path
-      end
-    end
-
-    # Take the basename of the upload's original filename.
-    # This handles the full Windows paths given by Internet Explorer
-    # (and perhaps other broken user agents) without affecting
-    # those which give the lone filename.
-    # The Windows regexp is adapted from Perl's File::Basename.
-    def original_filename
-      unless defined? @original_filename
-        @original_filename =
-          unless original_path.blank?
-            if original_path =~ /^(?:.*[:\\\/])?(.*)/m
-              $1
-            else
-              File.basename original_path
-            end
-          end
-      end
-      @original_filename
-    end
-  end
-
-  class UploadedStringIO < StringIO
-    include UploadedFile
-  end
-
-  class UploadedTempfile < Tempfile
-    include UploadedFile
   end
 end

actionpack/lib/action_controller/request_forgery_protection.rb

@@ -5,8 +5,6 @@ module ActionController #:nodoc:
   module RequestForgeryProtection
     def self.included(base)
       base.class_eval do
-        class_inheritable_accessor :request_forgery_protection_options
-        self.request_forgery_protection_options = {}
         helper_method :form_authenticity_token
         helper_method :protect_against_forgery?
       end
@@ -14,10 +12,10 @@ module ActionController #:nodoc:
     end
     
     # Protecting controller actions from CSRF attacks by ensuring that all forms are coming from the current web application, not a
-    # forged link from another site, is done by embedding a token based on the session (which an attacker wouldn't know) in all
+    # forged link from another site, is done by embedding a token based on a random string stored in the session (which an attacker wouldn't know) in all
     # forms and Ajax requests generated by Rails and then verifying the authenticity of that token in the controller.  Only
     # HTML/JavaScript requests are checked, so this will not protect your XML API (presumably you'll have a different authentication
-    # scheme there anyway).  Also, GET requests are not protected as these should be indempotent anyway.
+    # scheme there anyway).  Also, GET requests are not protected as these should be idempotent anyway.
     #
     # This is turned on with the <tt>protect_from_forgery</tt> method, which will check the token and raise an
     # ActionController::InvalidAuthenticityToken if it doesn't match what was expected. You can customize the error message in
@@ -57,12 +55,8 @@ module ActionController #:nodoc:
       # Example:
       #
       #   class FooController < ApplicationController
-      #     # uses the cookie session store (then you don't need a separate :secret)
       #     protect_from_forgery :except => :index
       #
-      #     # uses one of the other session stores that uses a session_id value.
-      #     protect_from_forgery :secret => 'my-little-pony', :except => :index
-      #
       #     # you can disable csrf protection on controller-by-controller basis:
       #     skip_before_filter :verify_authenticity_token
       #   end
@@ -70,13 +64,12 @@ module ActionController #:nodoc:
       # Valid Options:
       #
       # * <tt>:only/:except</tt> - Passed to the <tt>before_filter</tt> call.  Set which actions are verified.
-      # * <tt>:secret</tt> - Custom salt used to generate the <tt>form_authenticity_token</tt>.
-      #   Leave this off if you are using the cookie session store.
-      # * <tt>:digest</tt> - Message digest used for hashing.  Defaults to 'SHA1'.
       def protect_from_forgery(options = {})
         self.request_forgery_protection_token ||= :authenticity_token
         before_filter :verify_authenticity_token, :only => options.delete(:only), :except => options.delete(:except)
-        request_forgery_protection_options.update(options)
+        if options[:secret] || options[:digest]
+          ActiveSupport::Deprecation.warn("protect_from_forgery only takes :only and :except options now. :digest and :secret have no effect", caller)
+        end
       end
     end
 
@@ -88,51 +81,27 @@ module ActionController #:nodoc:
       
       # Returns true or false if a request is verified.  Checks:
       #
-      # * is the format restricted?  By default, only HTML and AJAX requests are checked.
+      # * is the format restricted?  By default, only HTML requests are checked.
       # * is it a GET request?  Gets should be safe and idempotent
-      # * Does the form_authenticity_token match the given _token value from the params?
+      # * Does the form_authenticity_token match the given token value from the params?
       def verified_request?
         !protect_against_forgery?     ||
           request.method == :get      ||
+          request.xhr?                ||
           !verifiable_request_format? ||
           form_authenticity_token == params[request_forgery_protection_token]
       end
     
       def verifiable_request_format?
-        request.content_type.nil? || request.content_type.verify_request?
+        !request.content_type.nil? && request.content_type.verify_request?
       end
     
       # Sets the token value for the current session.  Pass a <tt>:secret</tt> option
       # in +protect_from_forgery+ to add a custom salt to the hash.
       def form_authenticity_token
-        @form_authenticity_token ||= if !session.respond_to?(:session_id)
-          raise InvalidAuthenticityToken, "Request Forgery Protection requires a valid session.  Use #allow_forgery_protection to disable it, or use a valid session."
-        elsif request_forgery_protection_options[:secret]
-          authenticity_token_from_session_id
-        elsif session.respond_to?(:dbman) && session.dbman.respond_to?(:generate_digest)
-          authenticity_token_from_cookie_session
-        else
-          raise InvalidAuthenticityToken, "No :secret given to the #protect_from_forgery call.  Set that or use a session store capable of generating its own keys (Cookie Session Store)."
-        end
+        session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32)
       end
-      
-      # Generates a unique digest using the session_id and the CSRF secret.
-      def authenticity_token_from_session_id
-        key = if request_forgery_protection_options[:secret].respond_to?(:call)
-          request_forgery_protection_options[:secret].call(@session)
-        else
-          request_forgery_protection_options[:secret]
-        end
-        digest = request_forgery_protection_options[:digest] ||= 'SHA1'
-        OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(digest), key.to_s, session.session_id.to_s)
-      end
-      
-      # No secret was given, so assume this is a cookie session store.
-      def authenticity_token_from_cookie_session
-        session[:csrf_id] ||= CGI::Session.generate_unique_id
-        session.dbman.generate_digest(session[:csrf_id])
-      end
-      
+
       def protect_against_forgery?
         allow_forgery_protection && request_forgery_protection_token
       end

actionpack/lib/action_controller/request_profiler.rb

@@ -1,169 +0,0 @@
-require 'optparse'
-require 'action_controller/integration'
-
-module ActionController
-  class RequestProfiler
-    # Wrap up the integration session runner.
-    class Sandbox
-      include Integration::Runner
-
-      def self.benchmark(n, script)
-        new(script).benchmark(n)
-      end
-
-      def initialize(script_path)
-        @quiet = false
-        define_run_method(script_path)
-        reset!
-      end
-
-      def benchmark(n, profiling = false)
-        @quiet = true
-        print '  '
-
-        result = Benchmark.realtime do
-          n.times do |i|
-            run(profiling)
-            print_progress(i)
-          end
-        end
-
-        puts
-        result
-      ensure
-        @quiet = false
-      end
-
-      def say(message)
-        puts "  #{message}" unless @quiet
-      end
-
-      private
-        def define_run_method(script_path)
-          script = File.read(script_path)
-
-          source = <<-end_source
-            def run(profiling = false)
-              if profiling
-                RubyProf.resume do
-                  #{script}
-                end
-              else
-                #{script}
-              end
-
-              old_request_count = request_count
-              reset!
-              self.request_count = old_request_count
-            end
-          end_source
-
-          instance_eval source, script_path, 1
-        end
-
-        def print_progress(i)
-          print "\n  " if i % 60 == 0
-          print ' ' if i % 10 == 0
-          print '.'
-          $stdout.flush
-        end
-    end
-
-
-    attr_reader :options
-
-    def initialize(options = {})
-      @options = default_options.merge(options)
-    end
-
-
-    def self.run(args = nil, options = {})
-      profiler = new(options)
-      profiler.parse_options(args) if args
-      profiler.run
-    end
-
-    def run
-      sandbox = Sandbox.new(options[:script])
-
-      puts 'Warming up once'
-
-      elapsed = warmup(sandbox)
-      puts '%.2f sec, %d requests, %d req/sec' % [elapsed, sandbox.request_count, sandbox.request_count / elapsed]
-      puts "\n#{options[:benchmark] ? 'Benchmarking' : 'Profiling'} #{options[:n]}x"
-
-      options[:benchmark] ? benchmark(sandbox) : profile(sandbox)
-    end
-
-    def profile(sandbox)
-      load_ruby_prof
-
-      benchmark(sandbox, true)
-      results = RubyProf.stop
-
-      show_profile_results results
-      results
-    end
-
-    def benchmark(sandbox, profiling = false)
-      sandbox.request_count = 0
-      elapsed = sandbox.benchmark(options[:n], profiling).to_f
-      count = sandbox.request_count.to_i
-      puts '%.2f sec, %d requests, %d req/sec' % [elapsed, count, count / elapsed]
-    end
-
-    def warmup(sandbox)
-      Benchmark.realtime { sandbox.run(false) }
-    end
-
-    def default_options
-      { :n => 100, :open => 'open %s &' }
-    end
-
-    # Parse command-line options
-    def parse_options(args)
-      OptionParser.new do |opt|
-        opt.banner = "USAGE: #{$0} [options] [session script path]"
-
-        opt.on('-n', '--times [100]', 'How many requests to process. Defaults to 100.') { |v| options[:n] = v.to_i if v }
-        opt.on('-b', '--benchmark', 'Benchmark instead of profiling') { |v| options[:benchmark] = v }
-        opt.on('-m', '--measure [mode]', 'Which ruby-prof measure mode to use: process_time, wall_time, cpu_time, allocations, or memory. Defaults to process_time.') { |v| options[:measure] = v }
-        opt.on('--open [CMD]', 'Command to open profile results. Defaults to "open %s &"') { |v| options[:open] = v }
-        opt.on('-h', '--help', 'Show this help') { puts opt; exit }
-
-        opt.parse args
-
-        if args.empty?
-          puts opt
-          exit
-        end
-        options[:script] = args.pop
-      end
-    end
-
-    protected
-      def load_ruby_prof
-        begin
-          gem 'ruby-prof', '>= 0.6.1'
-          require 'ruby-prof'
-          if mode = options[:measure]
-            RubyProf.measure_mode = RubyProf.const_get(mode.upcase)
-          end
-        rescue LoadError
-          abort '`gem install ruby-prof` to use the profiler'
-        end
-      end
-
-      def show_profile_results(results)
-        File.open "#{RAILS_ROOT}/tmp/profile-graph.html", 'w' do |file|
-          RubyProf::GraphHtmlPrinter.new(results).print(file)
-          `#{options[:open] % file.path}` if options[:open]
-        end
-
-        File.open "#{RAILS_ROOT}/tmp/profile-flat.txt", 'w' do |file|
-          RubyProf::FlatPrinter.new(results).print(file)
-          `#{options[:open] % file.path}` if options[:open]
-        end
-      end
-  end
-end

actionpack/lib/action_controller/rescue.rb

@@ -1,13 +1,19 @@
 module ActionController #:nodoc:
-  # Actions that fail to perform as expected throw exceptions. These exceptions can either be rescued for the public view
-  # (with a nice user-friendly explanation) or for the developers view (with tons of debugging information). The developers view
-  # is already implemented by the Action Controller, but the public view should be tailored to your specific application. 
-  # 
-  # The default behavior for public exceptions is to render a static html file with the name of the error code thrown.  If no such 
-  # file exists, an empty response is sent with the correct status code.
+  # Actions that fail to perform as expected throw exceptions. These
+  # exceptions can either be rescued for the public view (with a nice
+  # user-friendly explanation) or for the developers view (with tons of
+  # debugging information). The developers view is already implemented by
+  # the Action Controller, but the public view should be tailored to your
+  # specific application.
   #
-  # You can override what constitutes a local request by overriding the <tt>local_request?</tt> method in your own controller.
-  # Custom rescue behavior is achieved by overriding the <tt>rescue_action_in_public</tt> and <tt>rescue_action_locally</tt> methods.
+  # The default behavior for public exceptions is to render a static html
+  # file with the name of the error code thrown.  If no such file exists, an
+  # empty response is sent with the correct status code.
+  #
+  # You can override what constitutes a local request by overriding the
+  # <tt>local_request?</tt> method in your own controller. Custom rescue
+  # behavior is achieved by overriding the <tt>rescue_action_in_public</tt>
+  # and <tt>rescue_action_locally</tt> methods.
   module Rescue
     LOCALHOST = '127.0.0.1'.freeze
 
@@ -32,6 +38,9 @@ module ActionController #:nodoc:
       'ActionView::TemplateError'         => 'template_error'
     }
 
+    RESCUES_TEMPLATE_PATH = ActionView::Template::EagerPath.new_and_loaded(
+      File.join(File.dirname(__FILE__), "templates"))
+
     def self.included(base) #:nodoc:
       base.cattr_accessor :rescue_responses
       base.rescue_responses = Hash.new(DEFAULT_RESCUE_RESPONSE)
@@ -41,77 +50,95 @@ module ActionController #:nodoc:
       base.rescue_templates = Hash.new(DEFAULT_RESCUE_TEMPLATE)
       base.rescue_templates.update DEFAULT_RESCUE_TEMPLATES
 
-      base.class_inheritable_array :rescue_handlers
-      base.rescue_handlers = []
-
       base.extend(ClassMethods)
+      base.send :include, ActiveSupport::Rescuable
+
       base.class_eval do
         alias_method_chain :perform_action, :rescue
       end
     end
 
     module ClassMethods
-      def process_with_exception(request, response, exception) #:nodoc:
+      def call_with_exception(env, exception) #:nodoc:
+        request = env["action_controller.rescue.request"] ||= Request.new(env)
+        response = env["action_controller.rescue.response"] ||= Response.new
         new.process(request, response, :rescue_action, exception)
       end
-
-      # Rescue exceptions raised in controller actions.
-      #
-      # <tt>rescue_from</tt> receives a series of exception classes or class
-      # names, and a trailing <tt>:with</tt> option with the name of a method
-      # or a Proc object to be called to handle them. Alternatively a block can
-      # be given.
-      #
-      # Handlers that take one argument will be called with the exception, so
-      # that the exception can be inspected when dealing with it.
-      #
-      # Handlers are inherited. They are searched from right to left, from
-      # bottom to top, and up the hierarchy. The handler of the first class for
-      # which <tt>exception.is_a?(klass)</tt> holds true is the one invoked, if
-      # any.
-      #
-      #   class ApplicationController < ActionController::Base
-      #     rescue_from User::NotAuthorized, :with => :deny_access # self defined exception
-      #     rescue_from ActiveRecord::RecordInvalid, :with => :show_errors
-      #
-      #     rescue_from 'MyAppError::Base' do |exception|
-      #       render :xml => exception, :status => 500
-      #     end
-      #
-      #     protected
-      #       def deny_access
-      #         ...
-      #       end
-      #
-      #       def show_errors(exception)
-      #         exception.record.new_record? ? ...
-      #       end
-      #   end
-      def rescue_from(*klasses, &block)
-        options = klasses.extract_options!
-        unless options.has_key?(:with)
-          block_given? ? options[:with] = block : raise(ArgumentError, "Need a handler. Supply an options hash that has a :with key as the last argument.")
-        end
-
-        klasses.each do |klass|
-          key = if klass.is_a?(Class) && klass <= Exception
-            klass.name
-          elsif klass.is_a?(String)
-            klass
-          else
-            raise(ArgumentError, "#{klass} is neither an Exception nor a String")
-          end
-
-          # Order is important, we put the pair at the end. When dealing with an
-          # exception we will follow the documented order going from right to left.
-          rescue_handlers << [key, options[:with]]
-        end
-      end
     end
 
     protected
-      # Exception handler called when the performance of an action raises an exception.
+      # Exception handler called when the performance of an action raises
+      # an exception.
       def rescue_action(exception)
+        rescue_with_handler(exception) ||
+          rescue_action_without_handler(exception)
+      end
+
+      # Overwrite to implement custom logging of errors. By default
+      # logs as fatal.
+      def log_error(exception) #:doc:
+        ActiveSupport::Deprecation.silence do
+          if ActionView::TemplateError === exception
+            logger.fatal(exception.to_s)
+          else
+            logger.fatal(
+              "\n#{exception.class} (#{exception.message}):\n  " +
+              clean_backtrace(exception).join("\n  ") + "\n\n"
+            )
+          end
+        end
+      end
+
+      # Overwrite to implement public exception handling (for requests
+      # answering false to <tt>local_request?</tt>).  By default will call
+      # render_optional_error_file.  Override this method to provide more
+      # user friendly error messages.
+      def rescue_action_in_public(exception) #:doc:
+        render_optional_error_file response_code_for_rescue(exception)
+      end
+
+      # Attempts to render a static error page based on the
+      # <tt>status_code</tt> thrown, or just return headers if no such file
+      # exists. At first, it will try to render a localized static page.
+      # For example, if a 500 error is being handled Rails and locale is :da,
+      # it will first attempt to render the file at <tt>public/500.da.html</tt>
+      # then attempt to render <tt>public/500.html</tt>. If none of them exist,
+      # the body of the response will be left empty.
+      def render_optional_error_file(status_code)
+        status = interpret_status(status_code)
+        locale_path = "#{Rails.public_path}/#{status[0,3]}.#{I18n.locale}.html" if I18n.locale
+        path = "#{Rails.public_path}/#{status[0,3]}.html"
+
+        if locale_path && File.exist?(locale_path)
+          render :file => locale_path, :status => status, :content_type => Mime::HTML
+        elsif File.exist?(path)
+          render :file => path, :status => status, :content_type => Mime::HTML
+        else
+          head status
+        end
+      end
+
+      # True if the request came from localhost, 127.0.0.1. Override this
+      # method if you wish to redefine the meaning of a local request to
+      # include remote IP addresses or other criteria.
+      def local_request? #:doc:
+        request.remote_addr == LOCALHOST && request.remote_ip == LOCALHOST
+      end
+
+      # Render detailed diagnostics for unhandled exceptions rescued from
+      # a controller action.
+      def rescue_action_locally(exception)
+        @template.instance_variable_set("@exception", exception)
+        @template.instance_variable_set("@rescues_path", RESCUES_TEMPLATE_PATH)
+        @template.instance_variable_set("@contents",
+          @template.render(:file => template_path_for_local_rescue(exception)))
+
+        response.content_type = Mime::HTML
+        render_for_file(rescues_path("layout"),
+          response_code_for_rescue(exception))
+      end
+
+      def rescue_action_without_handler(exception)
         log_error(exception) if logger
         erase_results if performed?
 
@@ -128,83 +155,15 @@ module ActionController #:nodoc:
         end
       end
 
-      # Overwrite to implement custom logging of errors. By default logs as fatal.
-      def log_error(exception) #:doc:
-        ActiveSupport::Deprecation.silence do
-          if ActionView::TemplateError === exception
-            logger.fatal(exception.to_s)
-          else
-            logger.fatal(
-              "\n\n#{exception.class} (#{exception.message}):\n    " +
-              clean_backtrace(exception).join("\n    ") +
-              "\n\n"
-            )
-          end
-        end
-      end
-
-      # Overwrite to implement public exception handling (for requests answering false to <tt>local_request?</tt>).  By
-      # default will call render_optional_error_file.  Override this method to provide more user friendly error messages.s
-      def rescue_action_in_public(exception) #:doc:
-        render_optional_error_file response_code_for_rescue(exception)
-      end
-      
-      # Attempts to render a static error page based on the <tt>status_code</tt> thrown,
-      # or just return headers if no such file exists. For example, if a 500 error is 
-      # being handled Rails will first attempt to render the file at <tt>public/500.html</tt>. 
-      # If the file doesn't exist, the body of the response will be left empty.
-      def render_optional_error_file(status_code)
-        status = interpret_status(status_code)
-        path = "#{Rails.public_path}/#{status[0,3]}.html"
-        if File.exist?(path)
-          render :file => path, :status => status
-        else
-          head status
-        end
-      end
-
-      # True if the request came from localhost, 127.0.0.1. Override this
-      # method if you wish to redefine the meaning of a local request to
-      # include remote IP addresses or other criteria.
-      def local_request? #:doc:
-        request.remote_addr == LOCALHOST && request.remote_ip == LOCALHOST
-      end
-
-      # Render detailed diagnostics for unhandled exceptions rescued from
-      # a controller action.
-      def rescue_action_locally(exception)
-        add_variables_to_assigns
-        @template.instance_variable_set("@exception", exception)
-        @template.instance_variable_set("@rescues_path", File.dirname(rescues_path("stub")))
-        @template.send!(:assign_variables_from_controller)
-
-        @template.instance_variable_set("@contents", @template.render_file(template_path_for_local_rescue(exception), false))
-
-        response.content_type = Mime::HTML
-        render_for_file(rescues_path("layout"), response_code_for_rescue(exception))
-      end
-
-      # Tries to rescue the exception by looking up and calling a registered handler.
-      def rescue_action_with_handler(exception)
-        if handler = handler_for_rescue(exception)
-          if handler.arity != 0
-            handler.call(exception)
-          else
-            handler.call
-          end
-          true # don't rely on the return value of the handler
-        end
-      end
-
     private
       def perform_action_with_rescue #:nodoc:
         perform_action_without_rescue
       rescue Exception => exception
-        rescue_action_with_handler(exception) || rescue_action(exception)
+        rescue_action(exception)
       end
 
       def rescues_path(template_name)
-        "#{File.dirname(__FILE__)}/templates/rescues/#{template_name}.erb"
+        RESCUES_TEMPLATE_PATH["rescues/#{template_name}.erb"]
       end
 
       def template_path_for_local_rescue(exception)
@@ -215,44 +174,10 @@ module ActionController #:nodoc:
         rescue_responses[exception.class.name]
       end
 
-      def handler_for_rescue(exception)
-        # We go from right to left because pairs are pushed onto rescue_handlers
-        # as rescue_from declarations are found.
-        _, handler = *rescue_handlers.reverse.detect do |klass_name, handler|
-          # The purpose of allowing strings in rescue_from is to support the
-          # declaration of handler associations for exception classes whose
-          # definition is yet unknown.
-          #
-          # Since this loop needs the constants it would be inconsistent to
-          # assume they should exist at this point. An early raised exception
-          # could trigger some other handler and the array could include
-          # precisely a string whose corresponding constant has not yet been
-          # seen. This is why we are tolerant to unknown constants.
-          #
-          # Note that this tolerance only matters if the exception was given as
-          # a string, otherwise a NameError will be raised by the interpreter
-          # itself when rescue_from CONSTANT is executed.
-          klass = self.class.const_get(klass_name) rescue nil
-          klass ||= klass_name.constantize rescue nil
-          exception.is_a?(klass) if klass
-        end
-
-        case handler
-        when Symbol
-          method(handler)
-        when Proc
-          handler.bind(self)
-        end
-      end
-
       def clean_backtrace(exception)
-        if backtrace = exception.backtrace
-          if defined?(RAILS_ROOT)
-            backtrace.map { |line| line.sub RAILS_ROOT, '' }
-          else
-            backtrace
-          end
-        end
+        defined?(Rails) && Rails.respond_to?(:backtrace_cleaner) ?
+          Rails.backtrace_cleaner.clean(exception.backtrace) :
+          exception.backtrace
       end
   end
 end