Updated to svn tags/tracks-1.6

vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb

@@ -0,0 +1,106 @@
+CGI.module_eval { remove_const "Cookie" }
+
+# TODO: document how this differs from stdlib CGI::Cookie
+class CGI #:nodoc:
+  class Cookie < DelegateClass(Array)
+    attr_accessor :name, :value, :path, :domain, :expires
+    attr_reader :secure, :http_only
+
+    # Create a new CGI::Cookie object.
+    #
+    # The contents of the cookie can be specified as a +name+ and one
+    # or more +value+ arguments.  Alternatively, the contents can
+    # be specified as a single hash argument.  The possible keywords of
+    # this hash are as follows:
+    #
+    # name:: the name of the cookie.  Required.
+    # value:: the cookie's value or list of values.
+    # path:: the path for which this cookie applies.  Defaults to the
+    #        base directory of the CGI script.
+    # domain:: the domain for which this cookie applies.
+    # expires:: the time at which this cookie expires, as a +Time+ object.
+    # secure:: whether this cookie is a secure cookie or not (default to
+    #          false).  Secure cookies are only transmitted to HTTPS
+    #          servers.
+    # http_only:: whether this cookie can be accessed by client side scripts (e.g. document.cookie) or only over HTTP 
+    #             More details: http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx
+    #             Defaults to false.
+    # These keywords correspond to attributes of the cookie object.
+    def initialize(name = '', *value)
+      if name.kind_of?(String)
+        @name = name
+        @value = Array(value)
+        @domain = nil
+        @expires = nil
+        @secure = false
+        @http_only = false
+        @path = nil
+      else
+        @name = name['name']
+        @value = Array(name['value'])
+        @domain = name['domain']
+        @expires = name['expires']
+        @secure = name['secure'] || false
+        @http_only = name['http_only'] || false
+        @path = name['path']
+      end
+
+      raise ArgumentError, "`name' required" unless @name
+
+      # simple support for IE
+      unless @path
+        %r|^(.*/)|.match(ENV['SCRIPT_NAME'])
+        @path = ($1 or '')
+      end
+
+      super(@value)
+    end
+
+    # Set whether the Cookie is a secure cookie or not.
+    def secure=(val)
+      @secure = val == true
+    end
+
+    # Set whether the Cookie is an HTTP only cookie or not.
+    def http_only=(val)
+      @http_only = val == true
+    end
+
+    # Convert the Cookie to its string representation.
+    def to_s
+      buf = ''
+      buf << @name << '='
+      buf << (@value.kind_of?(String) ? CGI::escape(@value) : @value.collect{|v| CGI::escape(v) }.join("&"))
+      buf << '; domain=' << @domain if @domain
+      buf << '; path=' << @path if @path
+      buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires
+      buf << '; secure' if @secure
+      buf << '; HttpOnly' if @http_only
+      buf
+    end
+
+    # Parse a raw cookie string into a hash of cookie-name=>Cookie
+    # pairs.
+    #
+    #   cookies = CGI::Cookie::parse("raw_cookie_string")
+    #     # { "name1" => cookie1, "name2" => cookie2, ... }
+    #
+    def self.parse(raw_cookie)
+      cookies = Hash.new([])
+
+      if raw_cookie
+        raw_cookie.split(/[;,]\s?/).each do |pairs|
+          name, values = pairs.split('=',2)
+          next unless name and values
+          name = CGI::unescape(name)
+          values = values.split('&').collect!{|v| CGI::unescape(v) }
+          unless cookies.has_key?(name)
+            cookies[name] = new(name, *values)
+          end
+        end
+      end
+
+      cookies
+    end
+  end # class Cookie
+end

vendor/rails/actionpack/lib/action_controller/cgi_ext/query_extension.rb

@@ -0,0 +1,22 @@
+require 'cgi'
+
+class CGI #:nodoc:
+  module QueryExtension
+    # Remove the old initialize_query method before redefining it.
+    remove_method :initialize_query
+
+    # Neuter CGI parameter parsing.
+    def initialize_query
+      # Fix some strange request environments.
+      env_table['REQUEST_METHOD'] ||= 'GET'
+
+      # POST assumes missing Content-Type is application/x-www-form-urlencoded.
+      if env_table['CONTENT_TYPE'].blank? && env_table['REQUEST_METHOD'] == 'POST'
+        env_table['CONTENT_TYPE'] = 'application/x-www-form-urlencoded'
+      end
+
+      @cookies = CGI::Cookie::parse(env_table['HTTP_COOKIE'] || env_table['COOKIE'])
+      @params = {}
+    end
+  end
+end

vendor/rails/actionpack/lib/action_controller/cgi_ext/session.rb

@@ -0,0 +1,73 @@
+require 'digest/md5'
+require 'cgi/session'
+require 'cgi/session/pstore'
+
+class CGI #:nodoc:
+  # * Expose the CGI instance to session stores.
+  # * Don't require 'digest/md5' whenever a new session id is generated.
+  class Session #:nodoc:
+    begin
+      require 'securerandom'
+
+      # Generate a 32-character unique id using SecureRandom.
+      # This is used to generate session ids but may be reused elsewhere.
+      def self.generate_unique_id(constant = nil)
+        SecureRandom.hex(16)
+      end
+    rescue LoadError
+      # Generate an 32-character unique id based on a hash of the current time,
+      # a random number, the process id, and a constant string. This is used
+      # to generate session ids but may be reused elsewhere.
+      def self.generate_unique_id(constant = 'foobar')
+        md5 = Digest::MD5.new
+        now = Time.now
+        md5 << now.to_s
+        md5 << String(now.usec)
+        md5 << String(rand(0))
+        md5 << String($$)
+        md5 << constant
+        md5.hexdigest
+      end
+    end
+
+    # Make the CGI instance available to session stores.
+    attr_reader :cgi
+    attr_reader :dbman
+    alias_method :initialize_without_cgi_reader, :initialize
+    def initialize(cgi, options = {})
+      @cgi = cgi
+      initialize_without_cgi_reader(cgi, options)
+    end
+
+    private
+      # Create a new session id.
+      def create_new_id
+        @new_session = true
+        self.class.generate_unique_id
+      end
+
+    # * Don't require 'digest/md5' whenever a new session is started.
+    class PStore #:nodoc:
+      def initialize(session, option={})
+        dir = option['tmpdir'] || Dir::tmpdir
+        prefix = option['prefix'] || ''
+        id = session.session_id
+        md5 = Digest::MD5.hexdigest(id)[0,16]
+        path = dir+"/"+prefix+md5
+        path.untaint
+        if File::exist?(path)
+          @hash = nil
+        else
+          unless session.new_session
+            raise CGI::Session::NoSession, "uninitialized session"
+          end
+          @hash = {}
+        end
+        @p = ::PStore.new(path)
+        @p.transaction do |p|
+          File.chmod(0600, p.path)
+        end
+      end
+    end
+  end
+end

vendor/rails/actionpack/lib/action_controller/cgi_ext/stdinput.rb

@@ -0,0 +1,23 @@
+require 'cgi'
+
+module ActionController
+  module CgiExt
+    # Publicize the CGI's internal input stream so we can lazy-read
+    # request.body. Make it writable so we don't have to play $stdin games.
+    module Stdinput
+      def self.included(base)
+        base.class_eval do
+          remove_method :stdinput
+          attr_accessor :stdinput
+        end
+
+        base.alias_method_chain :initialize, :stdinput
+      end
+
+      def initialize_with_stdinput(type = nil, stdinput = $stdin)
+        @stdinput = stdinput
+        initialize_without_stdinput(type || 'query')
+      end
+    end
+  end
+end