Rails 2.1.1

Among other things, a security fix.

vendor/rails/activeresource/lib/active_resource/base.rb

@@ -356,6 +356,9 @@ module ActiveResource
         # Replace :placeholders with '#{embedded options[:lookups]}'
         prefix_call = value.gsub(/:\w+/) { |key| "\#{options[#{key}]}" }
 
+        # Clear prefix parameters in case they have been cached
+        @prefix_parameters = nil
+
         # Redefine the new methods.
         code = <<-end_code
           def prefix_source() "#{value}" end
@@ -538,7 +541,7 @@ module ActiveResource
           prefix_options, query_options = split_options(options[:params])
           path = element_path(id, prefix_options, query_options)
           response = connection.head(path, headers)
-          response.code == 200
+          response.code.to_i == 200
         end
         # id && !find_single(id, options).nil?
       rescue ActiveResource::ResourceNotFound
@@ -840,8 +843,13 @@ module ActiveResource
     #
     #   my_group.to_xml(:skip_instruct => true)
     #   # => <subsidiary_group> [...] </subsidiary_group>
-    def to_xml(options={})
-      attributes.to_xml({:root => self.class.element_name}.merge(options))
+    def encode(options={})
+      case self.class.format
+        when ActiveResource::Formats[:xml]
+          self.class.format.encode(attributes, {:root => self.class.element_name}.merge(options))
+        else
+          self.class.format.encode(attributes, options)
+      end
     end
 
     # A method to reload the attributes of this object from the remote web service.
@@ -926,14 +934,14 @@ module ActiveResource
 
       # Update the resource on the remote service.
       def update
-        returning connection.put(element_path(prefix_options), to_xml, self.class.headers) do |response|
+        returning connection.put(element_path(prefix_options), encode, self.class.headers) do |response|
           load_attributes_from_response(response)
         end
       end
 
       # Create (i.e., save to the remote service) the new resource.
       def create
-        returning connection.post(collection_path, to_xml, self.class.headers) do |response|
+        returning connection.post(collection_path, encode, self.class.headers) do |response|
           self.id = id_from_response(response)
           load_attributes_from_response(response)
         end
@@ -988,7 +996,11 @@ module ActiveResource
           self.class.const_get(resource_name)
         end
       rescue NameError
-        resource = self.class.const_set(resource_name, Class.new(ActiveResource::Base))
+        if self.class.const_defined?(resource_name)
+          resource = self.class.const_get(resource_name)
+        else
+          resource = self.class.const_set(resource_name, Class.new(ActiveResource::Base))
+        end
         resource.prefix = self.class.prefix
         resource.site   = self.class.site
         resource

vendor/rails/activeresource/lib/active_resource/connection.rb

@@ -63,6 +63,13 @@ module ActiveResource
   # This class is used by ActiveResource::Base to interface with REST
   # services.
   class Connection
+
+    HTTP_FORMAT_HEADER_NAMES = {  :get => 'Accept',
+      :put => 'Content-Type',
+      :post => 'Content-Type',
+      :delete => 'Accept'
+    }
+
     attr_reader :site, :user, :password, :timeout
     attr_accessor :format
 
@@ -106,25 +113,25 @@ module ActiveResource
     # Execute a GET request.
     # Used to get (find) resources.
     def get(path, headers = {})
-      format.decode(request(:get, path, build_request_headers(headers)).body)
+      format.decode(request(:get, path, build_request_headers(headers, :get)).body)
     end
 
     # Execute a DELETE request (see HTTP protocol documentation if unfamiliar).
     # Used to delete resources.
     def delete(path, headers = {})
-      request(:delete, path, build_request_headers(headers))
+      request(:delete, path, build_request_headers(headers, :delete))
     end
 
     # Execute a PUT request (see HTTP protocol documentation if unfamiliar).
     # Used to update resources.
     def put(path, body = '', headers = {})
-      request(:put, path, body.to_s, build_request_headers(headers))
+      request(:put, path, body.to_s, build_request_headers(headers, :put))
     end
 
     # Execute a POST request.
     # Used to create new resources.
     def post(path, body = '', headers = {})
-      request(:post, path, body.to_s, build_request_headers(headers))
+      request(:post, path, body.to_s, build_request_headers(headers, :post))
     end
 
     # Execute a HEAD request.
@@ -187,12 +194,12 @@ module ActiveResource
       end
 
       def default_header
-        @default_header ||= { 'Content-Type' => format.mime_type }
+        @default_header ||= {}
       end
 
       # Builds headers for request to remote service.
-      def build_request_headers(headers)
-        authorization_header.update(default_header).update(headers)
+      def build_request_headers(headers, http_method=nil)
+        authorization_header.update(default_header).update(headers).update(http_format_header(http_method))
       end
 
       # Sets authorization header
@@ -200,6 +207,10 @@ module ActiveResource
         (@user || @password ? { 'Authorization' => 'Basic ' + ["#{@user}:#{ @password}"].pack('m').delete("\r\n") } : {})
       end
 
+      def http_format_header(http_method)
+        {HTTP_FORMAT_HEADER_NAMES[http_method] => format.mime_type}
+      end
+
       def logger #:nodoc:
         ActiveResource::Base.logger
       end

vendor/rails/activeresource/lib/active_resource/custom_methods.rb

@@ -30,7 +30,7 @@ module ActiveResource
   #   Person.get(:active)  # GET /people/active.xml
   #   # => [{:id => 1, :name => 'Ryan'}, {:id => 2, :name => 'Joe'}]
   #
-  module CustomMethods 
+  module CustomMethods
     def self.included(base)
       base.class_eval do
         extend ActiveResource::CustomMethods::ClassMethods
@@ -83,24 +83,25 @@ module ActiveResource
         "#{prefix(prefix_options)}#{collection_name}/#{method_name}.#{format.extension}#{query_string(query_options)}"
       end
     end
-    
+
     module InstanceMethods
       def get(method_name, options = {})
         connection.get(custom_method_element_url(method_name, options), self.class.headers)
       end
-      
-      def post(method_name, options = {}, body = '')
+
+      def post(method_name, options = {}, body = nil)
+        request_body = body.nil? ? encode : body
         if new?
-          connection.post(custom_method_new_element_url(method_name, options), (body.nil? ? to_xml : body), self.class.headers)
+          connection.post(custom_method_new_element_url(method_name, options), request_body, self.class.headers)
         else
-          connection.post(custom_method_element_url(method_name, options), body, self.class.headers)
+          connection.post(custom_method_element_url(method_name, options), request_body, self.class.headers)
         end
       end
-      
+
       def put(method_name, options = {}, body = '')
         connection.put(custom_method_element_url(method_name, options), body, self.class.headers)
       end
-      
+
       def delete(method_name, options = {})
         connection.delete(custom_method_element_url(method_name, options), self.class.headers)
       end
@@ -110,7 +111,7 @@ module ActiveResource
         def custom_method_element_url(method_name, options = {})
           "#{self.class.prefix(prefix_options)}#{self.class.collection_name}/#{id}/#{method_name}.#{self.class.format.extension}#{self.class.send!(:query_string, options)}"
         end
-      
+
         def custom_method_new_element_url(method_name, options = {})
           "#{self.class.prefix(prefix_options)}#{self.class.collection_name}/new/#{method_name}.#{self.class.format.extension}#{self.class.send!(:query_string, options)}"
         end

vendor/rails/activeresource/lib/active_resource/formats/json_format.rb

@@ -2,22 +2,22 @@ module ActiveResource
   module Formats
     module JsonFormat
       extend self
-      
+
       def extension
         "json"
       end
-      
+
       def mime_type
         "application/json"
       end
-      
-      def encode(hash)
+
+      def encode(hash, options={})
         hash.to_json
       end
-      
+
       def decode(json)
         ActiveSupport::JSON.decode(json)
       end
     end
   end
-end
+end

vendor/rails/activeresource/lib/active_resource/formats/xml_format.rb

@@ -2,23 +2,23 @@ module ActiveResource
   module Formats
     module XmlFormat
       extend self
-      
+
       def extension
         "xml"
       end
-      
+
       def mime_type
         "application/xml"
       end
-      
-      def encode(hash)
-        hash.to_xml
+
+      def encode(hash, options={})
+        hash.to_xml(options)
       end
-      
+
       def decode(xml)
         from_xml_data(Hash.from_xml(xml))
       end
-      
+
       private
         # Manipulate from_xml Hash, because xml_simple is not exactly what we
         # want for Active Resource.
@@ -28,7 +28,7 @@ module ActiveResource
           else
             data
           end
-        end      
+        end
     end
   end
-end
+end

vendor/rails/activeresource/lib/active_resource/http_mock.rb

@@ -146,7 +146,7 @@ module ActiveResource
     attr_accessor :path, :method, :body, :headers
 
     def initialize(method, path, body = nil, headers = {})
-      @method, @path, @body, @headers = method, path, body, headers.reverse_merge('Content-Type' => 'application/xml')
+      @method, @path, @body, @headers = method, path, body, headers.merge(ActiveResource::Connection::HTTP_FORMAT_HEADER_NAMES[method] => 'application/xml')
     end
 
     def ==(other_request)

vendor/rails/activeresource/lib/active_resource/version.rb

@@ -2,7 +2,7 @@ module ActiveResource
   module VERSION #:nodoc:
     MAJOR = 2
     MINOR = 1
-    TINY  = 0
+    TINY  = 1
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end