[#4942 state:committed]
Signed-off-by: NJosé Valim <jose.valim@gmail.com>

[#4942]
Signed-off-by: NSantiago Pastorino <santiago@wyeworks.com>
Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

HTML specifications recommend the escaping of urls in web pages,
which url_for does by default for string urls and consquently
urls generated by path helpers as these return strings.

Hashes passed to url_for are not escaped by default and this
commit reverses this default so that they are escaped.

Undoes the changes of this commit:
http://github.com/rails/rails/commit/1b3195b63ca44f0a70b61b75fcf4991cb2fbb944Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Deprecate the old router DSL. Since it is still used intensively across ActionPack test suite, patches that translates Rails internal tests to the new router DSL are welcome (note though that a few tests shouldn't be translated since they are testing exactly the old mapper API, like the ones in actionpack/test/controller/resource_test.rb and actionpack/test/controller/routing_test.rb)

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

[#4990 state:resolved]
Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>

Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>

* Specify accept-charset on all forms. All recent browsers,
  as well as IE5+, will use the encoding specified for form
  parameters
* Unfortunately, IE5+ will not look at accept-charset unless
  at least one character in the form's values is not in the
  page's charset. Since the user can override the default
  charset (which Rails sets to UTF-8), we provide a hidden
  input containing a unicode character, forcing IE to look
  at the accept-charset.
* Now that the vast majority of web input is UTF-8, we set
  the inbound parameters to UTF-8. This will eliminate many
  cases of incompatible encodings between ASCII-8BIT and
  UTF-8.
* You can safely ignore params[:_snowman_]

TODO:

* Validate inbound text to confirm it is UTF-8
* Combine the whole_form implementations in form_helper_test
  and form_tag_helper_test

Signed-off-by: NMichael Koziarski <michael@koziarski.com>

Signed-off-by: NXavier Noria <fxn@hashref.com>

[#4411 state:resolved]

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

* Added :autoload to engines path API and redefine usage to be in sync with 6f83a503;
* Do not autoload code in *lib* for applications (now you need to explicitly require them). This makes an application behave closer to an engine (code in lib is still autoloaded for plugins);
* Always autoload code in app/ for engines and plugins. This makes engines behave closer to an application and should allow us to get rid of the unloadable hack required when controllers inside engines inherit from ApplicationController;

Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types.

[#4938]
Signed-off-by: NJosé Valim <jose.valim@gmail.com>

String#[] doesn't return the byte representation on 1.9.2, we should use getbyte that was already added as a Ruby < 1.9 core_ext
Signed-off-by: NJosé Valim <jose.valim@gmail.com>