This fixes CVE-2011-0449

Fix header capitalization by explicitly upcasing first letter of every word, and avoiding capitalize. [#5636 state:resolved]

code gardening: we have assert_(nil|blank|present), more concise, with better default failure messages - let's use them

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

This reverts commit ade756fe.

This reverts commits af0d1a88 and 64d109e3.

* Default Encoding.default_internal to UTF-8
* Eliminated the use of file-wide magic comments to coerce code evaluated inside the file
* Read templates as BINARY, use default_external or template-wide magic comments
  inside the Template to set the initial encoding
  * This means that template handlers in Ruby 1.9 will receive Strings encoded
    in default_internal (UTF-8 by default)
* Create a better Exception for encoding issues, and use it when the template
  source has bytes that are not compatible with the specified encoding
* Allow template handlers to opt-into handling BINARY. If they do so, they
  need to do some of their own manual encoding work
* Added a "Configuration Gotchas" section to the intro Rails Guide instructing
  users to use UTF-8 for everything
* Use config.encoding= in Ruby 1.8, and raise if a value that is an invalid
  $KCODE value is used

Also:
* Fixed a few tests that were assert() rather than assert_equal() and
  were caught by Minitest requiring a String for the message
* Fixed a test where an assert_select was misformed, also caught by
  Minitest being more restrictive
* Fixed a test where a Rack response was returning a String rather
  than an Enumerable

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>

Modify assert_template to use notifications. Also, remove ActionController::Base#template since it is no longer needed.

Remove ActionView inline logging to ActiveSupport::Notifications and create ActionController::Base#log_event, so everything can be logged within one listener. Also expose log_process_action as a hook for different modules to include their own information during the action processing. This allow ActiveRecord to hook and any other ORM. Finally, this commit changes 'Processing' and 'Rendering' in logs to 'Processed' and 'Rendered' because at the point it's logged, everying already happened.

  This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.

Cleanup route reloading in tests. Prefer with_routing over using ActionController::Routing::Routes directly

  * only one of partial_name or :as will be available as a local
  * `object` is removed
  * Simplify _layout_for in most cases.
    * Remove <% render :partial do |args| %>
    * <% render :partial do %> still works fine

Add destroyed? to ActiveRecord, include tests for polymorphic urls for destroyed objects and refactor mime responds tests and documentation.