Update to Rails 2.3.9 and itextomml 1.3.27

vendor/rails/actionpack/test/controller/integration_test.rb

@@ -266,6 +266,14 @@ class IntegrationProcessTest < ActionController::IntegrationTest
       render :text => "foo(1i): #{params[:"foo(1i)"]}, foo(2i): #{params[:"foo(2i)"]}, filesize: #{params[:file].size}", :status => 200
     end
 
+    def multipart_post_with_nested_params
+      render :text => "foo: #{params[:foo][0]}, #{params[:foo][1]}; [filesize: #{params[:file_list][0][:content].size}, filesize: #{params[:file_list][1][:content].size}]", :status => 200
+    end
+
+    def multipart_post_with_multiparameter_complex_params
+      render :text => "foo(1i): #{params[:"foo(1i)"]}, foo(2i): #{params[:"foo(2i)"]}, [filesize: #{params[:file_list][0][:content].size}, filesize: #{params[:file_list][1][:content].size}]", :status => 200
+    end
+
     def post
       render :text => "Created", :status => 201
     end
@@ -405,6 +413,24 @@ class IntegrationProcessTest < ActionController::IntegrationTest
     end
   end
 
+  def test_multipart_post_with_nested_params
+    with_test_route_set do
+      post '/multipart_post_with_nested_params', :"foo" => ['a', 'b'], :file_list => [{:content => fixture_file_upload(FILES_DIR + "/mona_lisa.jpg", "image/jpg")}, {:content => fixture_file_upload(FILES_DIR + "/mona_lisa.jpg", "image/jpg")}]
+
+      assert_equal 200, status
+      assert_equal "foo: a, b; [filesize: 159528, filesize: 159528]", response.body
+    end
+  end
+
+  def test_multipart_post_with_multiparameter_complex_attribute_parameters
+    with_test_route_set do
+      post '/multipart_post_with_multiparameter_complex_params', :"foo(1i)" => "bar", :"foo(2i)" => "baz", :file_list => [{:content => fixture_file_upload(FILES_DIR + "/mona_lisa.jpg", "image/jpg")}, {:content => fixture_file_upload(FILES_DIR + "/mona_lisa.jpg", "image/jpg")}]
+
+      assert_equal 200, status
+      assert_equal "foo(1i): bar, foo(2i): baz, [filesize: 159528, filesize: 159528]", response.body
+    end
+  end
+
   def test_head
     with_test_route_set do
       head '/get'

vendor/rails/actionpack/test/controller/request/multipart_params_parsing_test.rb

@@ -14,6 +14,10 @@ class MultipartParamsParsingTest < ActionController::IntegrationTest
     def read
       render :text => "File: #{params[:uploaded_data].read}"
     end
+
+    def read_complex
+      render :text => "File: #{params[:level0][:level1][0][:file_data].read}"
+    end
   end
 
   FIXTURE_PATH = File.dirname(__FILE__) + '/../../fixtures/multipart'
@@ -133,6 +137,17 @@ class MultipartParamsParsingTest < ActionController::IntegrationTest
     end
   end
 
+  test "uploads and reads file in complex parameter" do
+    with_test_routing do
+      post '/read_complex',
+      :level0 => {
+        :level1 => [ { :file_data => fixture_file_upload(FIXTURE_PATH + "/hello.txt", "text/plain") }
+                   ]
+      }
+      assert_equal "File: Hello", response.body
+    end
+  end
+
   private
     def fixture(name)
       File.open(File.join(FIXTURE_PATH, name), 'rb') do |file|

vendor/rails/actionpack/test/controller/rescue_test.rb

@@ -281,12 +281,11 @@ class RescueControllerTest < ActionController::TestCase
   end
 
   def test_local_request_when_remote_addr_is_localhost
-    @controller.expects(:request).returns(@request).at_least(4)
-    with_remote_addr '127.0.0.1' do
-      assert @controller.send(:local_request?)
-    end
-    with_remote_addr '::1' do
-      assert @controller.send(:local_request?)
+    @controller.expects(:request).returns(@request).at_least(10)
+    ['127.0.0.1', '127.0.0.127', '::1', '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1%0'].each do |ip_address|
+      with_remote_addr ip_address do
+        assert @controller.send(:local_request?)
+      end
     end
   end
 

vendor/rails/actionpack/test/controller/session/cookie_store_test.rb

@@ -34,6 +34,15 @@ class CookieStoreTest < ActionController::IntegrationTest
       render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}"
     end
 
+    def get_session_id_only
+      render :text => "id: #{request.session_options[:id]}"      
+    end
+
+    def call_session_clear
+      session.clear
+      head :ok
+    end
+
     def call_reset_session
       reset_session
       head :ok
@@ -44,6 +53,12 @@ class CookieStoreTest < ActionController::IntegrationTest
       head :ok
     end
 
+    def set_session_value_and_cookie
+      cookies["foo"] = "bar"
+      session[:foo] = "bar"
+      render :text => Rack::Utils.escape(Verifier.generate(session.to_hash))
+    end
+
     def rescue_action(e) raise end
   end
 
@@ -96,7 +111,7 @@ class CookieStoreTest < ActionController::IntegrationTest
     with_test_route_set do
       get '/set_session_value'
       assert_response :success
-      assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
+      assert_equal ["_myapp_session=#{response.body}; path=/; HttpOnly"],
         headers['Set-Cookie']
    end
   end
@@ -121,6 +136,10 @@ class CookieStoreTest < ActionController::IntegrationTest
       get '/get_session_id'
       assert_response :success
       assert_equal "foo: \"bar\"; id: #{session_id}", response.body
+      
+      get '/get_session_id_only'
+      assert_response :success
+      assert_equal "id: #{session_id}", response.body, "should be able to read session id without accessing the session hash"
     end
   end
 
@@ -164,7 +183,7 @@ class CookieStoreTest < ActionController::IntegrationTest
       get '/set_session_value'
       assert_response :success
       session_payload = response.body
-      assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
+      assert_equal ["_myapp_session=#{response.body}; path=/; HttpOnly"],
         headers['Set-Cookie']
 
       get '/call_reset_session'
@@ -178,6 +197,57 @@ class CookieStoreTest < ActionController::IntegrationTest
     end
   end
 
+  def test_setting_session_value_after_session_clear
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      session_payload = response.body
+      assert_equal ["_myapp_session=#{response.body}; path=/; HttpOnly"],
+        headers['Set-Cookie']
+
+      get '/call_session_clear'
+      assert_response :success
+
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: nil', response.body
+    end
+  end
+
+  def test_getting_from_nonexistent_session
+    with_test_route_set do
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: nil', response.body
+      assert_nil headers['Set-Cookie'], "should only create session on write, not read"
+    end
+  end
+
+  # {:foo=>#<SessionAutoloadTest::Foo bar:"baz">, :session_id=>"ce8b0752a6ab7c7af3cdb8a80e6b9e46"}  
+  SignedSerializedCookie = "BAh7BzoIZm9vbzodU2Vzc2lvbkF1dG9sb2FkVGVzdDo6Rm9vBjoJQGJhciIIYmF6Og9zZXNzaW9uX2lkIiVjZThiMDc1MmE2YWI3YzdhZjNjZGI4YTgwZTZiOWU0Ng==--2bf3af1ae8bd4e52b9ac2099258ace0c380e601c"
+  
+  def test_deserializes_unloaded_classes_on_get_id
+    with_test_route_set do
+      with_autoload_path "session_autoload_test" do
+        cookies[SessionKey] = SignedSerializedCookie
+        get '/get_session_id_only'
+        assert_response :success
+        assert_equal 'id: ce8b0752a6ab7c7af3cdb8a80e6b9e46', response.body, "should auto-load unloaded class"
+      end
+    end
+  end  
+  
+  def test_deserializes_unloaded_classes_on_get_value
+    with_test_route_set do
+      with_autoload_path "session_autoload_test" do 
+        cookies[SessionKey] = SignedSerializedCookie
+        get '/get_session_value'
+        assert_response :success
+        assert_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">', response.body, "should auto-load unloaded class"
+      end
+    end
+  end
+
   def test_persistent_session_id
     with_test_route_set do
       cookies[SessionKey] = SignedBar
@@ -193,6 +263,14 @@ class CookieStoreTest < ActionController::IntegrationTest
     end
   end
 
+  def test_setting_session_value_and_cookie
+    with_test_route_set do
+      get '/set_session_value_and_cookie'
+      assert_response :success
+      assert_equal({"_myapp_session" => response.body, "foo" => "bar"}, cookies)
+    end
+  end
+
   private
     def with_test_route_set
       with_routing do |set|

vendor/rails/actionpack/test/controller/session/mem_cache_store_test.rb

@@ -12,12 +12,16 @@ class MemCacheStoreTest < ActionController::IntegrationTest
       head :ok
     end
 
+    def set_serialized_session_value
+      session[:foo] = SessionAutoloadTest::Foo.new
+      head :ok
+    end
+
     def get_session_value
       render :text => "foo: #{session[:foo].inspect}"
     end
 
     def get_session_id
-      session[:foo]
       render :text => "#{request.session_options[:id]}"
     end
 
@@ -82,6 +86,34 @@ class MemCacheStoreTest < ActionController::IntegrationTest
       end
     end
 
+    def test_getting_session_value_after_session_reset
+      with_test_route_set do
+        get '/set_session_value'
+        assert_response :success
+        assert cookies['_session_id']
+        session_id = cookies["_session_id"]
+
+        get '/call_reset_session'
+        assert_response :success
+        assert_not_equal [], headers['Set-Cookie']
+
+        cookies["_session_id"] = session_id # replace our new session_id with our old, pre-reset session_id
+
+        get '/get_session_value'
+        assert_response :success
+        assert_equal 'foo: nil', response.body, "data for this session should have been obliterated from memcached"
+      end
+    end
+
+    def test_getting_from_nonexistent_session
+      with_test_route_set do
+        get '/get_session_value'
+        assert_response :success
+        assert_equal 'foo: nil', response.body
+        assert_nil cookies['_session_id'], "should only create session on write, not read"
+      end
+    end
+
     def test_getting_session_id
       with_test_route_set do
         get '/set_session_value'
@@ -91,7 +123,38 @@ class MemCacheStoreTest < ActionController::IntegrationTest
 
         get '/get_session_id'
         assert_response :success
-        assert_equal session_id, response.body
+        assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"
+      end
+    end
+
+    def test_doesnt_write_session_cookie_if_session_id_is_already_exists
+      with_test_route_set do
+        get '/set_session_value'
+        assert_response :success
+        assert cookies['_session_id']
+
+        get '/get_session_value'
+        assert_response :success
+        assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
+      end
+    end
+    
+    def test_deserializes_unloaded_class
+      with_test_route_set do
+        with_autoload_path "session_autoload_test" do        
+          get '/set_serialized_session_value'
+          assert_response :success
+          assert cookies['_session_id']
+        end
+        with_autoload_path "session_autoload_test" do                
+          get '/get_session_id'
+          assert_response :success
+        end
+        with_autoload_path "session_autoload_test" do                
+          get '/get_session_value'
+          assert_response :success
+          assert_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">', response.body, "should auto-load unloaded class"
+        end
       end
     end
 

vendor/rails/actionpack/test/controller/url_rewriter_test.rb

@@ -134,9 +134,15 @@ class UrlWriterTests < ActionController::TestCase
     )
   end
 
-  def test_anchor_should_be_cgi_escaped
-    assert_equal('/c/a#anc%2Fhor',
-      W.new.url_for(:only_path => true, :controller => 'c', :action => 'a', :anchor => Struct.new(:to_param).new('anc/hor'))
+  def test_anchor_should_escape_unsafe_pchar
+    assert_equal('/c/a#%23anchor',
+      W.new.url_for(:only_path => true, :controller => 'c', :action => 'a', :anchor => Struct.new(:to_param).new('#anchor'))
+    )
+  end
+
+  def test_anchor_should_not_escape_safe_pchar
+    assert_equal('/c/a#name=user&email=user@domain.com',
+      W.new.url_for(:only_path => true, :controller => 'c', :action => 'a', :anchor => Struct.new(:to_param).new('name=user&email=user@domain.com'))
     )
   end