Fix all the errors to get our tests green on Rails 5.1.

Gemfile.lock

@@ -76,7 +76,7 @@ GEM
     crass (1.0.2)
     debug_inspector (0.0.3)
     diff-lcs (1.3)
-    discourse-qunit-rails (0.0.9)
+    discourse-qunit-rails (0.0.11)
       railties
     discourse_fastimage (2.1.0)
     discourse_image_optim (0.24.5)
@@ -298,7 +298,7 @@ GEM
     rspec-mocks (3.6.0)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.6.0)
-    rspec-rails (3.6.0)
+    rspec-rails (3.6.1)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       railties (>= 3.0)

app/controllers/about_controller.rb

@@ -1,8 +1,8 @@
 require_dependency 'rate_limiter'
 
 class AboutController < ApplicationController
-  skip_before_filter :check_xhr, only: [:index]
+  skip_before_action :check_xhr, only: [:index]
-  before_filter :ensure_logged_in, only: [:live_post_counts]
+  before_action :ensure_logged_in, only: [:live_post_counts]
 
   def index
     return redirect_to path('/login') if SiteSetting.login_required? && current_user.nil?

app/controllers/admin/admin_controller.rb

@@ -1,10 +1,10 @@
 class Admin::AdminController < ApplicationController
 
-  before_filter :ensure_logged_in
+  before_action :ensure_logged_in
-  before_filter :ensure_staff
+  before_action :ensure_staff
 
   def index
-    render nothing: true
+    render body: nil
   end
 
 end

app/controllers/admin/api_controller.rb

@@ -17,7 +17,7 @@ class Admin::ApiController < Admin::AdminController
     raise Discourse::NotFound if api_key.blank?
 
     api_key.destroy
-    render nothing: true
+    render body: nil
   end
 
   def create_master_key

app/controllers/admin/backups_controller.rb

@@ -3,7 +3,7 @@ require "email_backup_token"
 
 class Admin::BackupsController < Admin::AdminController
 
-  skip_before_filter :check_xhr, only: [:index, :show, :logs, :check_backup_chunk, :upload_backup_chunk]
+  skip_before_action :check_xhr, only: [:index, :show, :logs, :check_backup_chunk, :upload_backup_chunk]
 
   def index
     respond_to do |format|
@@ -50,9 +50,9 @@ class Admin::BackupsController < Admin::AdminController
       token = EmailBackupToken.set(current_user.id)
       download_url = "#{url_for(controller: 'backups', action: 'show')}?token=#{token}"
       Jobs.enqueue(:download_backup_email, to_address: current_user.email, backup_file_path: download_url)
-      render nothing: true
+      render body: nil
     else
-      render nothing: true, status: 404
+      render body: nil, status: 404
     end
   end
 
@@ -70,7 +70,7 @@ class Admin::BackupsController < Admin::AdminController
       if @error
         render layout: 'no_ember', status: 422
       else
-        render nothing: true, status: 404
+        render body: nil, status: 404
       end
     end
   end
@@ -79,9 +79,9 @@ class Admin::BackupsController < Admin::AdminController
     if backup = Backup[params.fetch(:id)]
       StaffActionLogger.new(current_user).log_backup_destroy(backup)
       backup.remove
-      render nothing: true
+      render body: nil
     else
-      render nothing: true, status: 404
+      render body: nil, status: 404
     end
   end
 
@@ -125,7 +125,7 @@ class Admin::BackupsController < Admin::AdminController
 
     StaffActionLogger.new(current_user).log_change_readonly_mode(enable)
 
-    render nothing: true
+    render body: nil
   end
 
   def check_backup_chunk
@@ -139,16 +139,16 @@ class Admin::BackupsController < Admin::AdminController
     # check chunk upload status
     status = HandleChunkUpload.check_chunk(chunk, current_chunk_size: current_chunk_size)
 
-    render nothing: true, status: status
+    render body: nil, status: status
   end
 
   def upload_backup_chunk
     filename   = params.fetch(:resumableFilename)
     total_size = params.fetch(:resumableTotalSize).to_i
 
-    return render status: 415, text: I18n.t("backup.backup_file_should_be_tar_gz") unless /\.(tar\.gz|t?gz)$/i =~ filename
+    return render status: 415, plain: I18n.t("backup.backup_file_should_be_tar_gz") unless /\.(tar\.gz|t?gz)$/i =~ filename
-    return render status: 415, text: I18n.t("backup.not_enough_space_on_disk")     unless has_enough_space_on_disk?(total_size)
+    return render status: 415, plain: I18n.t("backup.not_enough_space_on_disk")     unless has_enough_space_on_disk?(total_size)
-    return render status: 415, text: I18n.t("backup.invalid_filename") unless !!(/^[a-zA-Z0-9\._\-]+$/ =~ filename)
+    return render status: 415, plain: I18n.t("backup.invalid_filename") unless !!(/^[a-zA-Z0-9\._\-]+$/ =~ filename)
 
     file               = params.fetch(:file)
     identifier         = params.fetch(:resumableIdentifier)
@@ -168,7 +168,7 @@ class Admin::BackupsController < Admin::AdminController
       Jobs.enqueue_in(5.seconds, :backup_chunks_merger, filename: filename, identifier: identifier, chunks: chunk_number)
     end
 
-    render nothing: true
+    render body: nil
   end
 
   private

app/controllers/admin/badges_controller.rb

@@ -84,7 +84,7 @@ class Admin::BadgesController < Admin::AdminController
 
   def destroy
     find_badge.destroy
-    render nothing: true
+    render body: nil
   end
 
   private

app/controllers/admin/color_schemes_controller.rb

@@ -1,6 +1,6 @@
 class Admin::ColorSchemesController < Admin::AdminController
 
-  before_filter :fetch_color_scheme, only: [:update, :destroy]
+  before_action :fetch_color_scheme, only: [:update, :destroy]
 
   def index
     render_serialized(ColorScheme.base_color_schemes + ColorScheme.order('id ASC').all.to_a, ColorSchemeSerializer)

app/controllers/admin/diagnostics_controller.rb

@@ -2,7 +2,7 @@ require_dependency 'memory_diagnostics'
 
 class Admin::DiagnosticsController < Admin::AdminController
   layout false
-  skip_before_filter :check_xhr
+  skip_before_action :check_xhr
 
   def dump_statement_cache
     statements = Post.exec_sql("select * from pg_prepared_statements").to_a

app/controllers/admin/email_controller.rb

@@ -11,7 +11,7 @@ class Admin::EmailController < Admin::AdminController
     params.require(:email_address)
     begin
       Jobs::TestEmail.new.execute(to_address: params[:email_address])
-      render nothing: true
+      render body: nil
     rescue => e
       render json: { errors: [e.message] }, status: 422
     end

app/controllers/admin/embeddable_hosts_controller.rb

@@ -1,6 +1,6 @@
 class Admin::EmbeddableHostsController < Admin::AdminController
 
-  before_filter :ensure_logged_in, :ensure_staff
+  before_action :ensure_logged_in, :ensure_staff
 
   def create
     save_host(EmbeddableHost.new)

app/controllers/admin/embedding_controller.rb

@@ -2,7 +2,7 @@ require_dependency 'embedding'
 
 class Admin::EmbeddingController < Admin::AdminController
 
-  before_filter :ensure_logged_in, :ensure_staff, :fetch_embedding
+  before_action :ensure_logged_in, :ensure_staff, :fetch_embedding
 
   def show
     render_serialized(@embedding, EmbeddingSerializer, root: 'embedding', rest_serializer: true)

app/controllers/admin/flags_controller.rb

@@ -38,7 +38,7 @@ class Admin::FlagsController < Admin::AdminController
       PostAction.hide_post!(post, post_action_type)
     end
 
-    render nothing: true
+    render body: nil
   end
 
   def disagree
@@ -49,7 +49,7 @@ class Admin::FlagsController < Admin::AdminController
 
     post.unhide!
 
-    render nothing: true
+    render body: nil
   end
 
   def defer
@@ -60,7 +60,7 @@ class Admin::FlagsController < Admin::AdminController
 
     PostDestroyer.new(current_user, post).destroy if params[:delete_post]
 
-    render nothing: true
+    render body: nil
   end
 
 end

app/controllers/admin/groups_controller.rb

@@ -14,11 +14,11 @@ class Admin::GroupsController < Admin::AdminController
   end
 
   def show
-    render nothing: true
+    render body: nil
   end
 
   def bulk
-    render nothing: true
+    render body: nil
   end
 
   def bulk_perform

app/controllers/admin/impersonate_controller.rb

@@ -14,7 +14,7 @@ class Admin::ImpersonateController < Admin::AdminController
     # Log on as the user
     log_on_user(user)
 
-    render nothing: true
+    render body: nil
   end
 
 end

app/controllers/admin/permalinks_controller.rb

@@ -1,6 +1,6 @@
 class Admin::PermalinksController < Admin::AdminController
 
-  before_filter :fetch_permalink, only: [:destroy]
+  before_action :fetch_permalink, only: [:destroy]
 
   def index
     url = params[:filter]

app/controllers/admin/screened_ip_addresses_controller.rb

@@ -2,7 +2,7 @@ require_dependency 'ip_addr'
 
 class Admin::ScreenedIpAddressesController < Admin::AdminController
 
-  before_filter :fetch_screened_ip_address, only: [:update, :destroy]
+  before_action :fetch_screened_ip_address, only: [:update, :destroy]
 
   def index
     filter = params[:filter]

app/controllers/admin/site_settings_controller.rb

@@ -14,7 +14,7 @@ class Admin::SiteSettingsController < Admin::AdminController
     value.strip! if value.is_a?(String)
     raise_access_hidden_setting(id)
     SiteSetting.set_and_log(id, value, current_user)
-    render nothing: true
+    render body: nil
   end
 
   private

app/controllers/admin/themes_controller.rb

@@ -2,7 +2,7 @@ require_dependency 'upload_creator'
 
 class Admin::ThemesController < Admin::AdminController
 
-  skip_before_filter :check_xhr, only: [:show, :preview]
+  skip_before_action :check_xhr, only: [:show, :preview]
 
   def preview
     @theme = Theme.find(params[:id])
@@ -179,9 +179,10 @@ class Admin::ThemesController < Admin::AdminController
     def update_default_theme
       if theme_params.key?(:default)
         is_default = theme_params[:default]
-        if @theme.key == SiteSetting.default_theme_key && !is_default
+
+        if @theme.key == SiteSetting.default_theme_key && is_default == "false"
           Theme.clear_default!
-        elsif is_default
+        elsif is_default == "true"
           @theme.set_default!
         end
       end
@@ -192,6 +193,7 @@ class Admin::ThemesController < Admin::AdminController
         begin
           # deep munge is a train wreck, work around it for now
           params[:theme][:child_theme_ids] ||= [] if params[:theme].key?(:child_theme_ids)
+
           params.require(:theme).permit(
             :name,
             :color_scheme_id,

app/controllers/admin/users_controller.rb

@@ -4,7 +4,7 @@ require_dependency 'admin_confirmation'
 
 class Admin::UsersController < Admin::AdminController
 
-  before_filter :fetch_user, only: [:suspend,
+  before_action :fetch_user, only: [:suspend,
                                     :unsuspend,
                                     :refresh_browsers,
                                     :log_out,
@@ -48,7 +48,7 @@ class Admin::UsersController < Admin::AdminController
     @user = User.find_by(id: params[:user_id])
     @user.delete_all_posts!(guardian)
     # staff action logs will have an entry for each post
-    render nothing: true
+    render body: nil
   end
 
   def suspend
@@ -59,7 +59,7 @@ class Admin::UsersController < Admin::AdminController
     @user.revoke_api_key
     StaffActionLogger.new(current_user).log_user_suspend(@user, params[:reason])
     @user.logged_out
-    render nothing: true
+    render body: nil
   end
 
   def unsuspend
@@ -68,7 +68,7 @@ class Admin::UsersController < Admin::AdminController
     @user.suspended_at = nil
     @user.save!
     StaffActionLogger.new(current_user).log_user_unsuspend(@user)
-    render nothing: true
+    render body: nil
   end
 
   def log_out
@@ -83,14 +83,14 @@ class Admin::UsersController < Admin::AdminController
 
   def refresh_browsers
     refresh_browser @user
-    render nothing: true
+    render body: nil
   end
 
   def revoke_admin
     guardian.ensure_can_revoke_admin!(@user)
     @user.revoke_admin!
     StaffActionLogger.new(current_user).log_revoke_admin(@user)
-    render nothing: true
+    render body: nil
   end
 
   def generate_api_key
@@ -100,7 +100,7 @@ class Admin::UsersController < Admin::AdminController
 
   def revoke_api_key
     @user.revoke_api_key
-    render nothing: true
+    render body: nil
   end
 
   def grant_admin
@@ -112,7 +112,7 @@ class Admin::UsersController < Admin::AdminController
     guardian.ensure_can_revoke_moderation!(@user)
     @user.revoke_moderation!
     StaffActionLogger.new(current_user).log_revoke_moderation(@user)
-    render nothing: true
+    render body: nil
   end
 
   def grant_moderation
@@ -129,7 +129,7 @@ class Admin::UsersController < Admin::AdminController
     group.add(@user)
     GroupActionLogger.new(current_user, group).log_add_user_to_group(@user)
 
-    render nothing: true
+    render body: nil
   end
 
   def remove_group
@@ -139,7 +139,7 @@ class Admin::UsersController < Admin::AdminController
     group.remove(@user)
     GroupActionLogger.new(current_user, group).log_remove_user_from_group(@user)
 
-    render nothing: true
+    render body: nil
   end
 
   def primary_group
@@ -158,7 +158,7 @@ class Admin::UsersController < Admin::AdminController
 
     @user.save!
 
-    render nothing: true
+    render body: nil
   end
 
   def trust_level
@@ -204,20 +204,20 @@ class Admin::UsersController < Admin::AdminController
       end
     end
 
-    render nothing: true
+    render body: nil
   end
 
   def approve
     guardian.ensure_can_approve!(@user)
     @user.approve(current_user)
-    render nothing: true
+    render body: nil
   end
 
   def approve_bulk
     User.where(id: params[:users]).each do |u|
       u.approve(current_user) if guardian.can_approve?(u)
     end
-    render nothing: true
+    render body: nil
   end
 
   def activate
@@ -234,19 +234,19 @@ class Admin::UsersController < Admin::AdminController
     @user.deactivate
     StaffActionLogger.new(current_user).log_user_deactivate(@user, I18n.t('user.deactivated_by_staff'))
     refresh_browser @user
-    render nothing: true
+    render body: nil
   end
 
   def block
     guardian.ensure_can_block_user! @user
     UserBlocker.block(@user, current_user, keep_posts: true)
-    render nothing: true
+    render body: nil
   end
 
   def unblock
     guardian.ensure_can_unblock_user! @user
     UserBlocker.unblock(@user, current_user)
-    render nothing: true
+    render body: nil
   end
 
   def reject_bulk
@@ -267,7 +267,9 @@ class Admin::UsersController < Admin::AdminController
     user = User.find_by(id: params[:id].to_i)
     guardian.ensure_can_delete_user!(user)
     begin
-      options = params.slice(:delete_posts, :block_email, :block_urls, :block_ip, :context, :delete_as_spammer)
+      options = params.slice(:block_email, :block_urls, :block_ip, :context, :delete_as_spammer)
+      options[:delete_posts] = ActiveModel::Type::Boolean.new.cast(params[:delete_posts])
+
       if UserDestroyer.new(current_user).destroy(user, options)
         render json: { deleted: true }
       else
@@ -298,7 +300,7 @@ class Admin::UsersController < Admin::AdminController
   end
 
   def sync_sso
-    return render nothing: true, status: 404 unless SiteSetting.enable_sso
+    return render body: nil, status: 404 unless SiteSetting.enable_sso
 
     sso = DiscourseSingleSignOn.parse("sso=#{params[:sso]}&sig=#{params[:sig]}")
 

app/controllers/admin/web_hooks_controller.rb

@@ -1,5 +1,5 @@
 class Admin::WebHooksController < Admin::AdminController
-  before_filter :fetch_web_hook, only: %i(show update destroy list_events bulk_events ping)
+  before_action :fetch_web_hook, only: %i(show update destroy list_events bulk_events ping)
 
   def index
     limit = 50

app/controllers/application_controller.rb

@@ -37,19 +37,19 @@ class ApplicationController < ActionController::Base
   end
 
   before_action :check_readonly_mode
-  before_filter :handle_theme
+  before_action :handle_theme
-  before_filter :set_current_user_for_logs
+  before_action :set_current_user_for_logs
-  before_filter :clear_notifications
+  before_action :clear_notifications
-  before_filter :set_locale
+  before_action :set_locale
-  before_filter :set_mobile_view
+  before_action :set_mobile_view
-  before_filter :block_if_readonly_mode
+  before_action :block_if_readonly_mode
-  before_filter :authorize_mini_profiler
+  before_action :authorize_mini_profiler
-  before_filter :preload_json
+  before_action :preload_json
-  before_filter :redirect_to_login_if_required
+  before_action :redirect_to_login_if_required
-  before_filter :check_xhr
+  before_action :check_xhr
-  after_filter  :add_readonly_header
+  after_action  :add_readonly_header
-  after_filter  :perform_refresh_session
+  after_action  :perform_refresh_session
-  after_filter  :dont_cache_page
+  after_action  :dont_cache_page
 
   layout :set_layout
 
@@ -128,8 +128,8 @@ class ApplicationController < ActionController::Base
   class PluginDisabled < StandardError; end
 
   # Handles requests for giant IDs that throw pg exceptions
-  rescue_from RangeError do |e|
+  rescue_from ActiveModel::RangeError do |e|
-    if e.message =~ /ActiveRecord::ConnectionAdapters::PostgreSQL::OID::Integer/
+    if e.message =~ /ActiveModel::Type::Integer/
       rescue_discourse_actions(:not_found, 404)
     else
       raise e
@@ -169,7 +169,7 @@ class ApplicationController < ActionController::Base
   # If a controller requires a plugin, it will raise an exception if that plugin is
   # disabled. This allows plugins to be disabled programatically.
   def self.requires_plugin(plugin_name)
-    before_filter do
+    before_action do
       raise PluginDisabled.new if Discourse.disabled_plugin_names.include?(plugin_name)
     end
   end

app/controllers/badges_controller.rb

@@ -1,5 +1,5 @@
 class BadgesController < ApplicationController
-  skip_before_filter :check_xhr, only: [:index, :show]
+  skip_before_action :check_xhr, only: [:index, :show]
 
   def index
     raise Discourse::NotFound unless SiteSetting.enable_badges

app/controllers/categories_controller.rb

@@ -2,10 +2,10 @@ require_dependency 'category_serializer'
 
 class CategoriesController < ApplicationController
 
-  before_filter :ensure_logged_in, except: [:index, :categories_and_latest, :show, :redirect, :find_by_slug]
+  before_action :ensure_logged_in, except: [:index, :categories_and_latest, :show, :redirect, :find_by_slug]
-  before_filter :fetch_category, only: [:show, :update, :destroy]
+  before_action :fetch_category, only: [:show, :update, :destroy]
-  before_filter :initialize_staff_action_logger, only: [:create, :update, :destroy]
+  before_action :initialize_staff_action_logger, only: [:create, :update, :destroy]
-  skip_before_filter :check_xhr, only: [:index, :categories_and_latest, :redirect]
+  skip_before_action :check_xhr, only: [:index, :categories_and_latest, :redirect]
 
   def redirect
     redirect_to path("/c/#{params[:path]}")
@@ -107,8 +107,9 @@ class CategoriesController < ApplicationController
 
     by_category.each do |cat, pos|
       cat.position = pos
-      cat.save if cat.position_changed?
+      cat.save! if cat.will_save_change_to_position?
     end
+
     render json: success_json
   end
 
@@ -154,7 +155,7 @@ class CategoriesController < ApplicationController
 
       old_permissions = cat.permissions_params
 
-      if result = cat.update_attributes(category_params)
+      if result = cat.update(category_params)
         Scheduler::Defer.later "Log staff action change category settings" do
           @staff_action_logger.log_category_settings_change(@category, category_params, old_permissions)
         end

app/controllers/category_hashtags_controller.rb

@@ -1,5 +1,5 @@
 class CategoryHashtagsController < ApplicationController
-  before_filter :ensure_logged_in
+  before_action :ensure_logged_in
 
   def check
     category_slugs = params[:category_slugs]

app/controllers/clicks_controller.rb

@@ -1,6 +1,6 @@
 class ClicksController < ApplicationController
 
-  skip_before_filter :check_xhr, :preload_json
+  skip_before_action :check_xhr, :preload_json
 
   def track
     raise Discourse::NotFound unless params[:url]
@@ -15,7 +15,7 @@ class ClicksController < ApplicationController
     # Sometimes we want to record a link without a 302. Since XHR has to load the redirected
     # URL we want it to not return a 302 in those cases.
     if params[:redirect] == 'false' || @redirect_url.blank?
-      render nothing: true
+      render body: nil
     else
       redirect_to(@redirect_url)
     end

app/controllers/composer_messages_controller.rb

@@ -2,7 +2,7 @@ require_dependency 'composer_messages_finder'
 
 class ComposerMessagesController < ApplicationController
 
-  before_filter :ensure_logged_in
+  before_action :ensure_logged_in
 
   def index
     finder = ComposerMessagesFinder.new(current_user, params.slice(:composer_action, :topic_id, :post_id))

app/controllers/directory_items_controller.rb

@@ -47,7 +47,7 @@ class DirectoryItemsController < ApplicationController
     result_count = result.count
     result = result.limit(PAGE_SIZE).offset(PAGE_SIZE * page).to_a
 
-    more_params = params.slice(:period, :order, :asc)
+    more_params = params.slice(:period, :order, :asc).permit!
     more_params[:page] = page + 1
 
     # Put yourself at the top of the first page

app/controllers/draft_controller.rb

@@ -1,7 +1,7 @@
 class DraftController < ApplicationController
-  before_filter :ensure_logged_in
+  before_action :ensure_logged_in
   # TODO really do we need to skip this?
-  skip_before_filter :check_xhr, :preload_json
+  skip_before_action :check_xhr, :preload_json
 
   def show
     seq = params[:sequence] || DraftSequence.current(current_user, params[:draft_key])

app/controllers/email_controller.rb

@@ -1,8 +1,8 @@
 class EmailController < ApplicationController
-  skip_before_filter :check_xhr, :preload_json, :redirect_to_login_if_required
+  skip_before_action :check_xhr, :preload_json, :redirect_to_login_if_required
   layout 'no_ember'
 
-  before_filter :ensure_logged_in, only: :preferences_redirect
+  before_action :ensure_logged_in, only: :preferences_redirect
 
   def preferences_redirect
     redirect_to(email_preferences_path(current_user.username_lower))

app/controllers/embed_controller.rb

@@ -1,9 +1,9 @@
 class EmbedController < ApplicationController
-  skip_before_filter :check_xhr, :preload_json, :verify_authenticity_token
+  skip_before_action :check_xhr, :preload_json, :verify_authenticity_token
 
-  before_filter :ensure_embeddable, except: [ :info ]
+  before_action :ensure_embeddable, except: [ :info ]
-  before_filter :get_embeddable_css_class, except: [ :info ]
+  before_action :get_embeddable_css_class, except: [ :info ]
-  before_filter :ensure_api_request, only: [ :info ]
+  before_action :ensure_api_request, only: [ :info ]
 
   layout 'embed'
 
@@ -46,7 +46,6 @@ class EmbedController < ApplicationController
         @reply_count = @topic_view.topic.posts_count - 1
         @reply_count = 0 if @reply_count < 0
       end
-
     elsif embed_url.present?
       Jobs.enqueue(:retrieve_topic,
                       user_id: current_user.try(:id),

app/controllers/exceptions_controller.rb

@@ -1,5 +1,5 @@
 class ExceptionsController < ApplicationController
-  skip_before_filter :check_xhr, :preload_json
+  skip_before_action :check_xhr, :preload_json
   before_action :hide_google
 
   def not_found

app/controllers/export_csv_controller.rb

@@ -1,6 +1,6 @@
 class ExportCsvController < ApplicationController
 
-  skip_before_filter :preload_json, :check_xhr, only: [:show]
+  skip_before_action :preload_json, :check_xhr, only: [:show]
 
   def export_entity
     guardian.ensure_can_export_entity!(export_params[:entity])
@@ -20,7 +20,7 @@ class ExportCsvController < ApplicationController
     if export_csv_path && current_user.present? && export_initiated_by_user_id == current_user.id
       send_file export_csv_path
     else
-      render nothing: true, status: 404
+      render body: nil, status: 404
     end
   end
 

app/controllers/extra_locales_controller.rb

@@ -1,7 +1,7 @@
 class ExtraLocalesController < ApplicationController
 
   layout :false
-  skip_before_filter :check_xhr, :preload_json
+  skip_before_action :check_xhr, :preload_json
 
   def show
     bundle = params[:bundle]
@@ -32,6 +32,6 @@ class ExtraLocalesController < ApplicationController
       JS
     end
 
-    render text: js, content_type: "application/javascript"
+    render plain: js, content_type: "application/javascript"
   end
 end

app/controllers/finish_installation_controller.rb

@@ -1,8 +1,8 @@
 class FinishInstallationController < ApplicationController
-  skip_before_filter :check_xhr, :preload_json, :redirect_to_login_if_required
+  skip_before_action :check_xhr, :preload_json, :redirect_to_login_if_required
   layout 'finish_installation'
 
-  before_filter :ensure_no_admins, except: ['confirm_email', 'resend_email']
+  before_action :ensure_no_admins, except: ['confirm_email', 'resend_email']
 
   def index
   end

app/controllers/forums_controller.rb

@@ -1,8 +1,8 @@
 class ForumsController < ApplicationController
 
-  skip_before_filter :preload_json, :check_xhr
+  skip_before_action :preload_json, :check_xhr
-  skip_before_filter :authorize_mini_profiler, only: [:status]
+  skip_before_action :authorize_mini_profiler, only: [:status]
-  skip_before_filter :redirect_to_login_if_required, only: [:status]
+  skip_before_action :redirect_to_login_if_required, only: [:status]
 
   def status
     if $shutdown

app/controllers/groups_controller.rb

@@ -1,6 +1,6 @@
 class GroupsController < ApplicationController
 
-  before_filter :ensure_logged_in, only: [
+  before_action :ensure_logged_in, only: [
     :set_notifications,
     :mentionable,
     :messageable,
@@ -11,7 +11,7 @@ class GroupsController < ApplicationController
     :search
   ]
 
-  skip_before_filter :preload_json, :check_xhr, only: [:posts_feed, :mentions_feed]
+  skip_before_action :preload_json, :check_xhr, only: [:posts_feed, :mentions_feed]
 
   def index
     unless SiteSetting.enable_group_directory?

app/controllers/highlight_js_controller.rb

@@ -1,5 +1,5 @@
 class HighlightJsController < ApplicationController
-  skip_before_filter :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show]
+  skip_before_action :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show]
 
   def show
 
@@ -22,7 +22,7 @@ class HighlightJsController < ApplicationController
       response.headers["Content-Length"] = highlight_js.bytesize.to_s
       immutable_for 1.year
 
-      render text: highlight_js, disposition: nil, content_type: 'application/javascript'
+      render plain: highlight_js, disposition: nil, content_type: 'application/javascript'
     end
   end
 end

app/controllers/inline_onebox_controller.rb

@@ -1,10 +1,10 @@
 require_dependency 'inline_oneboxer'
 
 class InlineOneboxController < ApplicationController
-  before_filter :ensure_logged_in
+  before_action :ensure_logged_in
 
   def show
-    oneboxes = InlineOneboxer.new(params[:urls]).process
+    oneboxes = InlineOneboxer.new(params[:urls] || []).process
     render json: { "inline-oneboxes" => oneboxes }
   end
 end

app/controllers/invites_controller.rb

@@ -2,13 +2,13 @@ require_dependency 'rate_limiter'
 
 class InvitesController < ApplicationController
 
-  skip_before_filter :check_xhr, except: [:perform_accept_invitation]
+  skip_before_action :check_xhr, except: [:perform_accept_invitation]
-  skip_before_filter :preload_json, except: [:show]
+  skip_before_action :preload_json, except: [:show]
-  skip_before_filter :redirect_to_login_if_required
+  skip_before_action :redirect_to_login_if_required
 
-  before_filter :ensure_logged_in, only: [:destroy, :create, :create_invite_link, :rescind_all_invites, :resend_invite, :resend_all_invites, :upload_csv]
+  before_action :ensure_logged_in, only: [:destroy, :create, :create_invite_link, :rescind_all_invites, :resend_invite, :resend_all_invites, :upload_csv]
-  before_filter :ensure_new_registrations_allowed, only: [:show, :perform_accept_invitation]
+  before_action :ensure_new_registrations_allowed, only: [:show, :perform_accept_invitation]
-  before_filter :ensure_not_logged_in, only: [:show, :perform_accept_invitation]
+  before_action :ensure_not_logged_in, only: [:show, :perform_accept_invitation]
 
   def show
     expires_now
@@ -122,14 +122,14 @@ class InvitesController < ApplicationController
     raise Discourse::InvalidParameters.new(:email) if invite.blank?
     invite.trash!(current_user)
 
-    render nothing: true
+    render body: nil
   end
 
   def rescind_all_invites
     guardian.ensure_can_rescind_all_invites!(current_user)
 
     Invite.rescind_all_invites_from(current_user)
-    render nothing: true
+    render body: nil
   end
 
   def resend_invite
@@ -139,7 +139,7 @@ class InvitesController < ApplicationController
     invite = Invite.find_by(invited_by_id: current_user.id, email: params[:email])
     raise Discourse::InvalidParameters.new(:email) if invite.blank?
     invite.resend_invite
-    render nothing: true
+    render body: nil
 
   rescue RateLimiter::LimitExceeded
     render_json_error(I18n.t("rate_limiter.slow_down"))
@@ -149,7 +149,7 @@ class InvitesController < ApplicationController
     guardian.ensure_can_resend_all_invites!(current_user)
 
     Invite.resend_all_invites_from(current_user.id)
-    render nothing: true
+    render body: nil
   end
 
   def upload_csv

app/controllers/list_controller.rb

@@ -3,9 +3,9 @@ require_dependency 'topic_list_responder'
 class ListController < ApplicationController
   include TopicListResponder
 
-  skip_before_filter :check_xhr
+  skip_before_action :check_xhr
 
-  before_filter :set_category, only: [
+  before_action :set_category, only: [
     :category_default,
     # filtered topics lists
     Discourse.filters.map { |f| :"category_#{f}" },
@@ -24,7 +24,7 @@ class ListController < ApplicationController
     :category_feed,
   ].flatten
 
-  before_filter :ensure_logged_in, except: [
+  before_action :ensure_logged_in, except: [
     :topics_by,
     # anonymous filters
     Discourse.anonymous_filters,

app/controllers/metadata_controller.rb

@@ -1,6 +1,6 @@
 class MetadataController < ApplicationController
   layout false
-  skip_before_filter :preload_json, :check_xhr, :redirect_to_login_if_required
+  skip_before_action :preload_json, :check_xhr, :redirect_to_login_if_required
 
   def manifest
     render json: default_manifest.to_json

app/controllers/notifications_controller.rb

@@ -2,7 +2,7 @@ require_dependency 'notification_serializer'
 
 class NotificationsController < ApplicationController
 
-  before_filter :ensure_logged_in
+  before_action :ensure_logged_in
 
   def index
     user =

app/controllers/onebox_controller.rb

@@ -1,7 +1,7 @@
 require_dependency 'oneboxer'
 
 class OneboxController < ApplicationController
-  before_filter :ensure_logged_in
+  before_action :ensure_logged_in
 
   def show
     params.require(:user_id)
@@ -13,7 +13,7 @@ class OneboxController < ApplicationController
     end
 
     # only 1 outgoing preview per user
-    return render(nothing: true, status: 429) if Oneboxer.is_previewing?(params[:user_id])
+    return render(body: nil, status: 429) if Oneboxer.is_previewing?(params[:user_id])
 
     Oneboxer.preview_onebox!(params[:user_id])
 
@@ -25,7 +25,7 @@ class OneboxController < ApplicationController
     }
 
     if preview.blank?
-      render nothing: true, status: 404
+      render body: nil, status: 404
     else
       render plain: preview
     end

app/controllers/permalinks_controller.rb

@@ -1,5 +1,5 @@
 class PermalinksController < ApplicationController
-  skip_before_filter :check_xhr, :preload_json
+  skip_before_action :check_xhr, :preload_json
 
   def show
     url = request.fullpath

app/controllers/post_actions_controller.rb

@@ -1,9 +1,9 @@
 require_dependency 'discourse'
 
 class PostActionsController < ApplicationController
-  before_filter :ensure_logged_in
+  before_action :ensure_logged_in
-  before_filter :fetch_post_from_params
+  before_action :fetch_post_from_params
-  before_filter :fetch_post_action_type_id_from_params
+  before_action :fetch_post_action_type_id_from_params
 
   def create
     raise Discourse::NotFound if @post.blank?

app/controllers/posts_controller.rb

@@ -8,9 +8,9 @@ require_dependency 'new_post_result_serializer'
 class PostsController < ApplicationController
 
   # Need to be logged in for all actions here
-  before_filter :ensure_logged_in, except: [:show, :replies, :by_number, :short_link, :reply_history, :revisions, :latest_revision, :expand_embed, :markdown_id, :markdown_num, :cooked, :latest, :user_posts_feed]
+  before_action :ensure_logged_in, except: [:show, :replies, :by_number, :short_link, :reply_history, :revisions, :latest_revision, :expand_embed, :markdown_id, :markdown_num, :cooked, :latest, :user_posts_feed]
 
-  skip_before_filter :preload_json, :check_xhr, only: [:markdown_id, :markdown_num, :short_link, :latest, :user_posts_feed]
+  skip_before_action :preload_json, :check_xhr, only: [:markdown_id, :markdown_num, :short_link, :latest, :user_posts_feed]
 
   def markdown_id
     markdown Post.find(params[:id].to_i)
@@ -239,7 +239,7 @@ class PostsController < ApplicationController
     destroyer = PostDestroyer.new(current_user, post, context: params[:context])
     destroyer.destroy
 
-    render nothing: true
+    render body: nil
   end
 
   def expand_embed
@@ -272,7 +272,7 @@ class PostsController < ApplicationController
       posts.each { |p| PostDestroyer.new(current_user, p).destroy }
     end
 
-    render nothing: true
+    render body: nil
   end
 
   def merge_posts
@@ -280,7 +280,7 @@ class PostsController < ApplicationController
     posts = Post.where(id: params[:post_ids]).order(:id)
     raise Discourse::InvalidParameters.new(:post_ids) if posts.pluck(:id) == params[:post_ids]
     PostMerger.new(current_user, posts).merge
-    render nothing: true
+    render body: nil
   end
 
   # Direct replies to this post
@@ -312,7 +312,7 @@ class PostsController < ApplicationController
     post.public_version -= 1
     post.save
 
-    render nothing: true
+    render body: nil
   end
 
   def show_revision
@@ -325,7 +325,7 @@ class PostsController < ApplicationController
     post.public_version += 1
     post.save
 
-    render nothing: true
+    render body: nil
   end
 
   def revert
@@ -365,6 +365,7 @@ class PostsController < ApplicationController
 
     post_serializer = PostSerializer.new(post, scope: guardian, root: false)
     post_serializer.draft_sequence = DraftSequence.current(current_user, topic.draft_key)
+
     link_counts = TopicLink.counts_for(guardian, topic, [post])
     post_serializer.single_post_link_counts = link_counts[post.id] if link_counts.present?
 
@@ -401,7 +402,7 @@ class PostsController < ApplicationController
 
     post.revise(current_user, wiki: params[:wiki])
 
-    render nothing: true
+    render body: nil
   end
 
   def post_type
@@ -410,7 +411,7 @@ class PostsController < ApplicationController
     post = find_post_from_params
     post.revise(current_user, post_type: params[:post_type].to_i)
 
-    render nothing: true
+    render body: nil
   end
 
   def rebake
@@ -419,7 +420,7 @@ class PostsController < ApplicationController
     post = find_post_from_params
     post.rebake!(invalidate_oneboxes: true)
 
-    render nothing: true
+    render body: nil
   end
 
   def unhide
@@ -429,7 +430,7 @@ class PostsController < ApplicationController
 
     post.unhide!
 
-    render nothing: true
+    render body: nil
   end
 
   def flagged_posts
@@ -624,11 +625,13 @@ class PostsController < ApplicationController
       result[:target_group_names] = groups.join(",")
     end
 
-    result
+    result.permit!
+    result.to_h
   end
 
   def signature_for(args)
     "post##" << Digest::SHA1.hexdigest(args
+      .to_h
       .to_a
       .concat([["user", current_user.id]])
       .sort { |x, y| x[0] <=> y[0] }.join do |x, y|

app/controllers/queued_posts_controller.rb

@@ -2,7 +2,7 @@ require_dependency 'queued_post_serializer'
 
 class QueuedPostsController < ApplicationController
 
-  before_filter :ensure_staff
+  before_action :ensure_staff
 
   def index
     state = QueuedPost.states[(params[:state] || 'new').to_sym]

app/controllers/robots_txt_controller.rb

@@ -1,6 +1,6 @@
 class RobotsTxtController < ApplicationController
   layout false
-  skip_before_filter :preload_json, :check_xhr, :redirect_to_login_if_required
+  skip_before_action :preload_json, :check_xhr, :redirect_to_login_if_required
 
   def index
     path = SiteSetting.allow_index_in_robots_txt ? :index : :no_index

app/controllers/safe_mode_controller.rb

@@ -1,6 +1,6 @@
 class SafeModeController < ApplicationController
   layout 'no_ember'
-  skip_before_filter :preload_json, :check_xhr
+  skip_before_action :preload_json, :check_xhr
 
   def index
   end

app/controllers/search_controller.rb

@@ -2,7 +2,7 @@ require_dependency 'search'
 
 class SearchController < ApplicationController
 
-  skip_before_filter :check_xhr, only: :show
+  skip_before_action :check_xhr, only: :show
 
   def self.valid_context_types
     %w{user topic category private_messages}
@@ -77,14 +77,14 @@ class SearchController < ApplicationController
     params.require(:search_result_id)
 
     if params[:search_result_type] == 'topic'
-      where = { id: params[:search_log_id] }
+      attributes = { id: params[:search_log_id] }
       if current_user.present?
-        where[:user_id] = current_user.id
+        attributes[:user_id] = current_user.id
       else
-        where[:ip_address] = request.remote_ip
+        attributes[:ip_address] = request.remote_ip
       end
 
-      SearchLog.where(where).update_all(
+      SearchLog.where(attributes).update_all(
         clicked_topic_id: params[:search_result_id]
       )
     end

app/controllers/session_controller.rb

@@ -4,12 +4,12 @@ require_dependency 'single_sign_on'
 class SessionController < ApplicationController
   class LocalLoginNotAllowed < StandardError; end
   rescue_from LocalLoginNotAllowed do
-    render nothing: true, status: 500
+    render body: nil, status: 500
   end
 
-  before_filter :check_local_login_allowed, only: %i(create forgot_password)
+  before_action :check_local_login_allowed, only: %i(create forgot_password)
-  skip_before_filter :redirect_to_login_if_required
+  skip_before_action :redirect_to_login_if_required
-  skip_before_filter :preload_json, :check_xhr, only: ['sso', 'sso_login', 'become', 'sso_provider', 'destroy']
+  skip_before_action :preload_json, :check_xhr, only: ['sso', 'sso_login', 'become', 'sso_provider', 'destroy']
 
   ACTIVATE_USER_KEY = "activate_user"
 
@@ -36,7 +36,7 @@ class SessionController < ApplicationController
       end
       redirect_to sso.to_url
     else
-      render nothing: true, status: 404
+      render body: nil, status: 404
     end
   end
 
@@ -67,7 +67,7 @@ class SessionController < ApplicationController
         redirect_to path('/login')
       end
     else
-      render nothing: true, status: 404
+      render body: nil, status: 404
     end
   end
 
@@ -261,7 +261,7 @@ class SessionController < ApplicationController
     if current_user.present?
       render_serialized(current_user, CurrentUserSerializer)
     else
-      render nothing: true, status: 404
+      render body: nil, status: 404
     end
   end
 
@@ -269,7 +269,7 @@ class SessionController < ApplicationController
     reset_session
     log_off_user
     if request.xhr?
-      render nothing: true
+      render body: nil
     else
       redirect_to (params[:return_url] || path("/"))
     end
@@ -331,8 +331,9 @@ class SessionController < ApplicationController
 
     if payload = session.delete(:sso_payload)
       sso_provider(payload)
+    else
+      render_serialized(user, UserSerializer)
     end
-    render_serialized(user, UserSerializer)
   end
 
   def render_sso_error(status:, text:)

app/controllers/site_controller.rb

@@ -2,8 +2,8 @@ require_dependency 'site_serializer'
 
 class SiteController < ApplicationController
   layout false
-  skip_before_filter :preload_json, :check_xhr
+  skip_before_action :preload_json, :check_xhr
-  skip_before_filter :redirect_to_login_if_required, only: ['basic_info', 'statistics']
+  skip_before_action :redirect_to_login_if_required, only: ['basic_info', 'statistics']
 
   def site
     render json: Site.json_for(guardian)

app/controllers/static_controller.rb

@@ -3,8 +3,8 @@ require_dependency 'file_helper'
 
 class StaticController < ApplicationController
 
-  skip_before_filter :check_xhr, :redirect_to_login_if_required
+  skip_before_action :check_xhr, :redirect_to_login_if_required
-  skip_before_filter :verify_authenticity_token, only: [:brotli_asset, :cdn_asset, :enter, :favicon]
+  skip_before_action :verify_authenticity_token, only: [:brotli_asset, :cdn_asset, :enter, :favicon]
 
   PAGES_WITH_EMAIL_PARAM = ['login', 'password_reset', 'signup']
 
@@ -121,13 +121,13 @@ class StaticController < ApplicationController
     if data.bytesize == 0
       @@default_favicon ||= File.read(Rails.root + "public/images/default-favicon.png")
       response.headers["Content-Length"] = @@default_favicon.bytesize.to_s
-      render text: @@default_favicon, content_type: "image/png"
+      render plain: @@default_favicon, content_type: "image/png"
     else
       immutable_for 1.year
       response.headers["Expires"] = 1.year.from_now.httpdate
       response.headers["Content-Length"] = data.bytesize.to_s
       response.headers["Last-Modified"] = Time.new('2000-01-01').httpdate
-      render text: data, content_type: "image/png"
+      render plain: data, content_type: "image/png"
     end
   end
 

app/controllers/steps_controller.rb

@@ -4,9 +4,9 @@ require_dependency 'wizard/step_updater'
 
 class StepsController < ApplicationController
 
-  before_filter :ensure_wizard_enabled
+  before_action :ensure_wizard_enabled
-  before_filter :ensure_logged_in
+  before_action :ensure_logged_in
-  before_filter :ensure_admin
+  before_action :ensure_admin
 
   def update
     wizard = Wizard::Builder.new(current_user).build

app/controllers/stylesheets_controller.rb

@@ -1,5 +1,5 @@
 class StylesheetsController < ApplicationController
-  skip_before_filter :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_source_map]
+  skip_before_action :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_source_map]
 
   def show_source_map
     show_resource(source_map: true)
@@ -56,7 +56,7 @@ class StylesheetsController < ApplicationController
     end
 
     if cache_time && stylesheet_time && stylesheet_time <= cache_time
-      return render nothing: true, status: 304
+      return render body: nil, status: 304
     end
 
     unless File.exist?(location)

app/controllers/tag_groups_controller.rb

@@ -1,7 +1,7 @@
 class TagGroupsController < ApplicationController
-  skip_before_filter :check_xhr, only: [:index, :show]
+  skip_before_action :check_xhr, only: [:index, :show]
-  before_filter :ensure_logged_in, except: [:index, :show]
+  before_action :ensure_logged_in, except: [:index, :show]
-  before_filter :fetch_tag_group, only: [:show, :update, :destroy]
+  before_action :fetch_tag_group, only: [:show, :update, :destroy]
 
   def index
     tag_groups = TagGroup.order('name ASC').includes(:parent_tag).preload(:tags).all

app/controllers/tags_controller.rb

@@ -5,10 +5,10 @@ require_dependency 'topic_query'
 class TagsController < ::ApplicationController
   include TopicListResponder
 
-  before_filter :ensure_tags_enabled
+  before_action :ensure_tags_enabled
 
-  skip_before_filter :check_xhr, only: [:tag_feed, :show, :index]
+  skip_before_action :check_xhr, only: [:tag_feed, :show, :index]
-  before_filter :ensure_logged_in, except: [
+  before_action :ensure_logged_in, except: [
     :index,
     :show,
     :tag_feed,
@@ -16,7 +16,7 @@ class TagsController < ::ApplicationController
     :check_hashtag,
     Discourse.anonymous_filters.map { |f| :"show_#{f}" }
   ].flatten
-  before_filter :set_category_from_params, except: [:index, :update, :destroy, :tag_feed, :search, :notifications, :update_notifications]
+  before_action :set_category_from_params, except: [:index, :update, :destroy, :tag_feed, :search, :notifications, :update_notifications]
 
   def index
     categories = Category.where("id in (select category_id from category_tags)")
@@ -139,9 +139,9 @@ class TagsController < ::ApplicationController
 
     json_response = { results: tags }
 
-    if Tag.where(name: params[:q]).exists? && !tags.find { |h| h[:id] == t }
+    if Tag.where(name: params[:q]).exists? && !tags.find { |h| h[:id] == params[:q] }
       # filter_allowed_tags determined that the tag entered is not allowed
-      json_response[:forbidden] = t
+      json_response[:forbidden] = params[:q]
     end
 
     render json: json_response

app/controllers/topics_controller.rb

@@ -6,7 +6,7 @@ require_dependency 'discourse_event'
 require_dependency 'rate_limiter'
 
 class TopicsController < ApplicationController
-  before_filter :ensure_logged_in, only: [:timings,
+  before_action :ensure_logged_in, only: [:timings,
                                           :destroy_timings,
                                           :update,
                                           :star,
@@ -32,9 +32,9 @@ class TopicsController < ApplicationController
                                           :convert_topic,
                                           :bookmark]
 
-  before_filter :consider_user_for_promotion, only: :show
+  before_action :consider_user_for_promotion, only: :show
 
-  skip_before_filter :check_xhr, only: [:show, :unsubscribe, :feed]
+  skip_before_action :check_xhr, only: [:show, :unsubscribe, :feed]
 
   def id_for_slug
     topic = Topic.find_by(slug: params[:slug].downcase)
@@ -218,7 +218,7 @@ class TopicsController < ApplicationController
 
   def destroy_timings
     PostTiming.destroy_for(current_user.id, [params[:topic_id].to_i])
-    render nothing: true
+    render body: nil
   end
 
   def update
@@ -234,6 +234,7 @@ class TopicsController < ApplicationController
     changes.delete(:category_id) if topic.category_id.to_i == changes[:category_id].to_i
 
     success = true
+
     if changes.length > 0
       first_post = topic.ordered_posts.first
       success = PostRevisor.new(first_post, topic).revise!(current_user, changes, validate_post: false)
@@ -332,7 +333,7 @@ class TopicsController < ApplicationController
 
     topic.make_banner!(current_user)
 
-    render nothing: true
+    render body: nil
   end
 
   def remove_banner
@@ -341,7 +342,7 @@ class TopicsController < ApplicationController
 
     topic.remove_banner!(current_user)
 
-    render nothing: true
+    render body: nil
   end
 
   def remove_bookmarks
@@ -354,7 +355,7 @@ class TopicsController < ApplicationController
       PostAction.remove_act(current_user, pa.post, PostActionType.types[:bookmark])
     end
 
-    render nothing: true
+    render body: nil
   end
 
   def archive_message
@@ -396,7 +397,7 @@ class TopicsController < ApplicationController
       name = Group.find_by(id: group_id).try(:name)
       render_json_dump(group_name: name)
     else
-      render nothing: true
+      render body: nil
     end
   end
 
@@ -408,7 +409,7 @@ class TopicsController < ApplicationController
 
     PostAction.act(current_user, first_post, PostActionType.types[:bookmark])
 
-    render nothing: true
+    render body: nil
   end
 
   def destroy
@@ -418,7 +419,7 @@ class TopicsController < ApplicationController
     first_post = topic.ordered_posts.first
     PostDestroyer.new(current_user, first_post, context: params[:context]).destroy
 
-    render nothing: true
+    render body: nil
   end
 
   def recover
@@ -428,11 +429,11 @@ class TopicsController < ApplicationController
     first_post = topic.posts.with_deleted.order(:post_number).first
     PostDestroyer.new(current_user, first_post).recover
 
-    render nothing: true
+    render body: nil
   end
 
   def excerpt
-    render nothing: true
+    render body: nil
   end
 
   def remove_allowed_user
@@ -573,26 +574,25 @@ class TopicsController < ApplicationController
     topic = Topic.find_by(id: params[:topic_id].to_i)
     guardian.ensure_can_see!(topic)
     topic.clear_pin_for(current_user)
-    render nothing: true
+    render body: nil
   end
 
   def re_pin
     topic = Topic.find_by(id: params[:topic_id].to_i)
     guardian.ensure_can_see!(topic)
     topic.re_pin_for(current_user)
-    render nothing: true
+    render body: nil
   end
 
   def timings
     PostTiming.process_timings(
       current_user,
-      params[:topic_id].to_i,
+      topic_params[:topic_id].to_i,
-      params[:topic_time].to_i,
+      topic_params[:topic_time].to_i,
-      (params[:timings] || {}).map { |post_number, t| [post_number.to_i, t.to_i] },
+      (topic_params[:timings].to_h || {}).map { |post_number, t| [post_number.to_i, t.to_i] },
       mobile: view_context.mobile_view?
     )
-
+    render body: nil
-    render nothing: true
   end
 
   def feed
@@ -613,7 +613,10 @@ class TopicsController < ApplicationController
       raise ActionController::ParameterMissing.new(:topic_ids)
     end
 
-    operation = params.require(:operation).symbolize_keys
+    operation = params.require(:operation)
+    operation.permit!
+    operation = operation.to_h.symbolize_keys
+
     raise ActionController::ParameterMissing.new(:operation_type) if operation[:type].blank?
     operator = TopicsBulkAction.new(current_user, topic_ids, operation, group: operation[:group])
     changed_topic_ids = operator.perform!
@@ -622,7 +625,7 @@ class TopicsController < ApplicationController
 
   def reset_new
     current_user.user_stat.update_column(:new_since, Time.now)
-    render nothing: true
+    render body: nil
   end
 
   def convert_topic
@@ -643,12 +646,20 @@ class TopicsController < ApplicationController
 
   private
 
+  def topic_params
+    params.permit(
+      :topic_id,
+      :topic_time,
+      timings: {}
+    )
+  end
+
   def toggle_mute
     @topic = Topic.find_by(id: params[:topic_id].to_i)
     guardian.ensure_can_see!(@topic)
 
     @topic.toggle_mute(current_user)
-    render nothing: true
+    render body: nil
   end
 
   def consider_user_for_promotion

app/controllers/uploads_controller.rb

@@ -2,12 +2,12 @@ require "mini_mime"
 require_dependency 'upload_creator'
 
 class UploadsController < ApplicationController
-  before_filter :ensure_logged_in, except: [:show]
+  before_action :ensure_logged_in, except: [:show]
-  skip_before_filter :preload_json, :check_xhr, :redirect_to_login_if_required, only: [:show]
+  skip_before_action :preload_json, :check_xhr, :redirect_to_login_if_required, only: [:show]
 
   def create
     # 50 characters ought to be enough for the upload type
-    type = params.require(:type).parameterize("_")[0..50]
+    type = params.require(:type).parameterize(separator: "_")[0..50]
 
     if type == "avatar" && (SiteSetting.sso_overrides_avatar || !SiteSetting.allow_uploaded_avatars)
       return render json: failed_json, status: 422

app/controllers/user_api_keys_controller.rb

@@ -2,9 +2,9 @@ class UserApiKeysController < ApplicationController
 
   layout 'no_ember'
 
-  skip_before_filter :redirect_to_login_if_required, only: [:new]
+  skip_before_action :redirect_to_login_if_required, only: [:new]
-  skip_before_filter :check_xhr, :preload_json
+  skip_before_action :check_xhr, :preload_json
-  before_filter :ensure_logged_in, only: [:create, :revoke, :undo_revoke]
+  before_action :ensure_logged_in, only: [:create, :revoke, :undo_revoke]
 
   AUTH_API_VERSION ||= 2
 

app/controllers/user_avatars_controller.rb

@@ -2,7 +2,7 @@ require_dependency 'letter_avatar'
 
 class UserAvatarsController < ApplicationController
 
-  skip_before_filter :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter, :show_proxy_letter]
+  skip_before_action :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter, :show_proxy_letter]
 
   def refresh_gravatar
     user = User.find_by(username_lower: params[:username].downcase)

app/controllers/users/omniauth_callbacks_controller.rb

@@ -14,7 +14,7 @@ class Users::OmniauthCallbacksController < ApplicationController
     Auth::InstagramAuthenticator.new
   ]
 
-  skip_before_filter :redirect_to_login_if_required
+  skip_before_action :redirect_to_login_if_required
 
   layout false
 
@@ -23,11 +23,11 @@ class Users::OmniauthCallbacksController < ApplicationController
   end
 
   # need to be able to call this
-  skip_before_filter :check_xhr
+  skip_before_action :check_xhr
 
   # this is the only spot where we allow CSRF, our openid / oauth redirect
   # will not have a CSRF token, however the payload is all validated so its safe
-  skip_before_filter :verify_authenticity_token, only: :complete
+  skip_before_action :verify_authenticity_token, only: :complete
 
   def complete
     auth = request.env["omniauth.auth"]

app/controllers/users_controller.rb

@@ -7,19 +7,19 @@ require_dependency 'admin_confirmation'
 
 class UsersController < ApplicationController
 
-  skip_before_filter :authorize_mini_profiler, only: [:avatar]
+  skip_before_action :authorize_mini_profiler, only: [:avatar]
-  skip_before_filter :check_xhr, only: [:show, :password_reset, :update, :account_created, :activate_account, :perform_account_activation, :user_preferences_redirect, :avatar, :my_redirect, :toggle_anon, :admin_login, :confirm_admin]
+  skip_before_action :check_xhr, only: [:show, :password_reset, :update, :account_created, :activate_account, :perform_account_activation, :user_preferences_redirect, :avatar, :my_redirect, :toggle_anon, :admin_login, :confirm_admin]
 
-  before_filter :ensure_logged_in, only: [:username, :update, :user_preferences_redirect, :upload_user_image,
+  before_action :ensure_logged_in, only: [:username, :update, :user_preferences_redirect, :upload_user_image,
                                           :pick_avatar, :destroy_user_image, :destroy, :check_emails, :topic_tracking_state]
 
-  before_filter :respond_to_suspicious_request, only: [:create]
+  before_action :respond_to_suspicious_request, only: [:create]
 
   # we need to allow account creation with bad CSRF tokens, if people are caching, the CSRF token on the
   #  page is going to be empty, this means that server will see an invalid CSRF and blow the session
   #  once that happens you can't log in with social
-  skip_before_filter :verify_authenticity_token, only: [:create]
+  skip_before_action :verify_authenticity_token, only: [:create]
-  skip_before_filter :redirect_to_login_if_required, only: [:check_username,
+  skip_before_action :redirect_to_login_if_required, only: [:check_username,
                                                             :create,
                                                             :get_honeypot_value,
                                                             :account_created,
@@ -89,7 +89,7 @@ class UsersController < ApplicationController
       user.user_profile.update_column(:card_image_badge_id, nil)
     end
 
-    render nothing: true
+    render body: nil
   end
 
   def user_preferences_redirect
@@ -99,9 +99,10 @@ class UsersController < ApplicationController
   def update
     user = fetch_user_from_params
     guardian.ensure_can_edit!(user)
+    attributes = user_params.merge!(custom_fields: params[:custom_fields])
 
     if params[:user_fields].present?
-      params[:custom_fields] = {} unless params[:custom_fields].present?
+      attributes[:custom_fields] = {} unless params[:custom_fields].present?
 
       fields = UserField.all
       fields = fields.where(editable: true) unless current_user.staff?
@@ -111,13 +112,13 @@ class UsersController < ApplicationController
         val = val[0...UserField.max_length] if val
 
         return render_json_error(I18n.t("login.missing_user_field")) if val.blank? && f.required?
-        params[:custom_fields]["user_field_#{f.id}"] = val
+        attributes[:custom_fields]["user_field_#{f.id}"] = val
       end
     end
 
     json_result(user, serializer: UserSerializer, additional_errors: [:user_profile]) do |u|
       updater = UserUpdater.new(current_user, user)
-      updater.update(params)
+      updater.update(attributes.permit!)
     end
   end
 
@@ -177,11 +178,11 @@ class UsersController < ApplicationController
       user.save!
     end
 
-    render nothing: true
+    render body: nil
   end
 
   def preferences
-    render nothing: true
+    render body: nil
   end
 
   def my_redirect
@@ -345,7 +346,7 @@ class UsersController < ApplicationController
     authentication = UserAuthenticator.new(user, session)
 
     if !authentication.has_authenticator? && !SiteSetting.enable_local_logins
-      return render nothing: true, status: 500
+      return render body: nil, status: 500
     end
 
     authentication.start
@@ -660,7 +661,7 @@ class UsersController < ApplicationController
     else
       @email_token = @user.email_tokens.unconfirmed.active.first
       enqueue_activation_email
-      render nothing: true
+      render body: nil
     end
   end
 
@@ -848,10 +849,20 @@ class UsersController < ApplicationController
     end
 
     def user_params
-      result = params.permit(:name, :email, :password, :username, :date_of_birth)
+      result = params.permit(
-        .merge(ip_address: request.remote_ip,
+        :name,
-               registration_ip_address: request.remote_ip,
+        :email,
-               locale: user_locale)
+        :password,
+        :username,
+        :date_of_birth,
+        :muted_usernames,
+        :theme_key,
+        :locale
+      ).reverse_merge(
+        ip_address: request.remote_ip,
+        registration_ip_address: request.remote_ip,
+        locale: user_locale
+      )
 
       if !UsernameCheckerService.is_developer?(result['email']) &&
           is_api? &&

app/controllers/users_email_controller.rb

@@ -4,10 +4,10 @@ require_dependency 'email_updater'
 
 class UsersEmailController < ApplicationController
 
-  before_filter :ensure_logged_in, only: [:index, :update]
+  before_action :ensure_logged_in, only: [:index, :update]
 
-  skip_before_filter :check_xhr, only: [:confirm]
+  skip_before_action :check_xhr, only: [:confirm]
-  skip_before_filter :redirect_to_login_if_required, only: [:confirm]
+  skip_before_action :redirect_to_login_if_required, only: [:confirm]
 
   def index
   end
@@ -26,7 +26,7 @@ class UsersEmailController < ApplicationController
       return render_json_error(updater.errors.full_messages)
     end
 
-    render nothing: true
+    render body: nil
   rescue RateLimiter::LimitExceeded
     render_json_error(I18n.t("rate_limiter.slow_down"))
   end

app/controllers/webhooks_controller.rb

@@ -54,7 +54,7 @@ class WebhooksController < ActionController::Base
       end
     end
 
-    render nothing: true, status: 200
+    render body: nil, status: 200
   end
 
   def mailjet
@@ -71,7 +71,7 @@ class WebhooksController < ActionController::Base
       end
     end
 
-    render nothing: true, status: 200
+    render body: nil, status: 200
   end
 
   def mandrill
@@ -88,7 +88,7 @@ class WebhooksController < ActionController::Base
       end
     end
 
-    render nothing: true, status: 200
+    render body: nil, status: 200
   end
 
   def sparkpost
@@ -114,17 +114,17 @@ class WebhooksController < ActionController::Base
       end
     end
 
-    render nothing: true, status: 200
+    render body: nil, status: 200
   end
 
   private
 
     def mailgun_failure
-      render nothing: true, status: 406
+      render body: nil, status: 406
     end
 
     def mailgun_success
-      render nothing: true, status: 200
+      render body: nil, status: 200
     end
 
     def mailgun_verify(timestamp, token, signature)

app/controllers/wizard_controller.rb

@@ -2,11 +2,11 @@ require_dependency 'wizard'
 require_dependency 'wizard/builder'
 
 class WizardController < ApplicationController
-  before_filter :ensure_wizard_enabled, only: [:index]
+  before_action :ensure_wizard_enabled, only: [:index]
-  before_filter :ensure_logged_in, except: [:qunit]
+  before_action :ensure_logged_in, except: [:qunit]
-  before_filter :ensure_admin, except: [:qunit]
+  before_action :ensure_admin, except: [:qunit]
 
-  skip_before_filter :check_xhr, :preload_json
+  skip_before_action :check_xhr, :preload_json
 
   layout false
 

app/models/api_key.rb

@@ -1,6 +1,6 @@
 class ApiKey < ActiveRecord::Base
   belongs_to :user
-  belongs_to :created_by, class_name: User
+  belongs_to :created_by, class_name: 'User'
 
   validates :user_id, uniqueness: true
   validates_presence_of :key

app/models/category.rb

@@ -32,7 +32,7 @@ class Category < ActiveRecord::Base
   has_and_belongs_to_many :web_hooks
 
   validates :user_id, presence: true
-  validates :name, if: Proc.new { |c| c.new_record? || c.name_changed? },
+  validates :name, if: Proc.new { |c| c.new_record? || c.will_save_change_to_name? },
                    presence: true,
                    uniqueness: { scope: :parent_category_id, case_sensitive: false },
                    length: { in: 1..50 }
@@ -60,8 +60,8 @@ class Category < ActiveRecord::Base
 
   after_create :delete_category_permalink
 
-  after_update :rename_category_definition, if: :name_changed?
+  after_update :rename_category_definition, if: :saved_change_to_name?
-  after_update :create_category_permalink, if: :slug_changed?
+  after_update :create_category_permalink, if: :saved_change_to_slug?
 
   belongs_to :parent_category, class_name: 'Category'
   has_many :subcategories, class_name: 'Category', foreign_key: 'parent_category_id'
@@ -75,6 +75,7 @@ class Category < ActiveRecord::Base
 
   scope :secured, -> (guardian = nil) {
     ids = guardian.secure_category_ids if guardian
+
     if ids.present?
       where("NOT categories.read_restricted OR categories.id IN (:cats)", cats: ids).references(:categories)
     else
@@ -456,7 +457,7 @@ SQL
   # If the name changes, try and update the category definition topic too if it's
   # an exact match
   def rename_category_definition
-    old_name = changed_attributes["name"]
+    old_name = saved_changes.transform_values(&:first)["name"]
     return unless topic.present?
     if topic.title == I18n.t("category.topic_prefix", category: old_name)
       topic.update_attribute(:title, I18n.t("category.topic_prefix", category: name))
@@ -464,7 +465,7 @@ SQL
   end
 
   def create_category_permalink
-    old_slug = changed_attributes["slug"]
+    old_slug = saved_changes.transform_values(&:first)["slug"]
     if self.parent_category
       url = "c/#{self.parent_category.slug}/#{old_slug}"
     else

app/models/category_featured_topic.rb

@@ -40,7 +40,7 @@ class CategoryFeaturedTopic < ActiveRecord::Base
     return if results == existing
 
     CategoryFeaturedTopic.transaction do
-      CategoryFeaturedTopic.delete_all(category_id: c.id)
+      CategoryFeaturedTopic.where(category_id: c.id).delete_all
       if results
         results.each_with_index do |topic_id, idx|
           begin

app/models/category_featured_user.rb

@@ -36,7 +36,8 @@ class CategoryFeaturedUser < ActiveRecord::Base
     return if current == user_ids
 
     transaction do
-      CategoryFeaturedUser.delete_all category_id: category_id
+      CategoryFeaturedUser.where(category_id: category_id).delete_all
+
       user_ids.each do |user_id|
         create(category_id: category_id, user_id: user_id)
       end

app/models/concerns/trashable.rb

@@ -16,7 +16,7 @@ module Trashable
       #
       scope = self.all
 
-      scope.where_values.delete(with_deleted_scope_sql)
+      scope.where_clause.send(:predicates).delete(with_deleted_scope_sql)
       scope
     end
 

app/models/emoji_set_site_setting.rb

@@ -7,7 +7,7 @@ class EmojiSetSiteSetting < EnumSiteSetting
     if site_setting.name.to_s == "emoji_set" && site_setting.value_changed?
       Emoji.clear_cache
 
-      previous_value = site_setting.value_was || SiteSetting.defaults[:emoji_set]
+      previous_value = site_setting.attribute_in_database(:value) || SiteSetting.defaults[:emoji_set]
       before = "/images/emoji/#{previous_value}/"
       after = "/images/emoji/#{site_setting.value}/"
 

app/models/group.rb

@@ -30,7 +30,7 @@ class Group < ActiveRecord::Base
   after_save :update_title
 
   after_save :enqueue_update_mentions_job,
-    if: Proc.new { |g| g.name_was && g.name_changed? }
+    if: Proc.new { |g| g.name_before_last_save && g.saved_change_to_name? }
 
   after_save :expire_cache
   after_destroy :expire_cache
@@ -552,7 +552,7 @@ class Group < ActiveRecord::Base
     def update_title
       return if new_record? && !self.title.present?
 
-      if self.title_changed?
+      if self.saved_change_to_title?
         sql = <<-SQL.squish
           UPDATE users
              SET title = :title
@@ -561,14 +561,14 @@ class Group < ActiveRecord::Base
              AND id IN (SELECT user_id FROM group_users WHERE group_id = :id)
         SQL
 
-        self.class.exec_sql(sql, title: title, title_was: title_was, id: id)
+        self.class.exec_sql(sql, title: title, title_was: title_before_last_save, id: id)
       end
     end
 
     def update_primary_group
       return if new_record? && !self.primary_group?
 
-      if self.primary_group_changed?
+      if self.saved_change_to_primary_group?
         sql = <<~SQL
           UPDATE users
           /*set*/
@@ -613,7 +613,7 @@ class Group < ActiveRecord::Base
 
     def enqueue_update_mentions_job
       Jobs.enqueue(:update_group_mentions,
-        previous_name: self.name_was,
+        previous_name: self.name_before_last_save,
         group_id: self.id
       )
     end

app/models/notification.rb

@@ -15,10 +15,7 @@ class Notification < ActiveRecord::Base
   attr_accessor :skip_send_email
 
   after_commit :send_email, on: :create
-  # This is super weird because the tests fail if we don't specify `on: :destroy`
+  after_commit :refresh_notification_count, on: [:create, :update, :destroy]
-  # TODO: Revert back to default in Rails 5
-  after_commit :refresh_notification_count, on: :destroy
-  after_commit :refresh_notification_count, on: [:create, :update]
 
   def self.ensure_consistency!
     Notification.exec_sql <<-SQL

app/models/post.rb

@@ -563,7 +563,7 @@ class Post < ActiveRecord::Base
   before_save do
     self.last_editor_id ||= user_id
 
-    if !new_record? && raw_changed?
+    if !new_record? && will_save_change_to_raw?
       self.cooked = cook(raw, topic_id: topic_id)
     end
 

app/models/post_action.rb

@@ -258,7 +258,6 @@ SQL
   end
 
   def self.act(user, post, post_action_type_id, opts = {})
-
     limit_action!(user, post, post_action_type_id)
 
     related_post_id = create_message_for_post_action(user, post, post_action_type_id, opts)

app/models/post_mover.rb

@@ -79,7 +79,9 @@ class PostMover
 
     PostReply.where("reply_id IN (:post_ids) OR post_id IN (:post_ids)", post_ids: post_ids).each do |post_reply|
       if post_reply.post && post_reply.reply && post_reply.reply.topic_id != post_reply.post.topic_id
-        PostReply.delete_all(reply_id: post_reply.reply.id, post_id: post_reply.post.id)
+        PostReply
+          .where(reply_id: post_reply.reply.id, post_id: post_reply.post.id)
+          .delete_all
       end
     end
   end

app/models/post_timing.rb

@@ -61,8 +61,13 @@ class PostTiming < ActiveRecord::Base
 
   def self.destroy_for(user_id, topic_ids)
     PostTiming.transaction do
-      PostTiming.delete_all(['user_id = ? and topic_id in (?)', user_id, topic_ids])
+      PostTiming
-      TopicUser.delete_all(['user_id = ? and topic_id in (?)', user_id, topic_ids])
+        .where('user_id = ? and topic_id in (?)', user_id, topic_ids)
+        .delete_all
+
+      TopicUser
+        .where('user_id = ? and topic_id in (?)', user_id, topic_ids)
+        .delete_all
     end
   end
 

app/models/theme.rb

@@ -28,13 +28,13 @@ class Theme < ActiveRecord::Base
     changed_fields.each(&:save!)
     changed_fields.clear
 
-    Theme.expire_site_cache! if user_selectable_changed? || name_changed?
+    Theme.expire_site_cache! if saved_change_to_user_selectable? || saved_change_to_name?
 
     @dependant_themes = nil
     @included_themes = nil
 
     remove_from_cache!
-    notify_scheme_change if color_scheme_id_changed?
+    notify_scheme_change if saved_change_to_color_scheme_id?
   end
 
   after_destroy do

app/models/theme_field.rb

@@ -93,11 +93,13 @@ COMPILED
   def ensure_baked!
     if ThemeField.html_fields.include?(self.name)
       if !self.value_baked || compiler_version != COMPILER_VERSION
-
         self.value_baked, self.error = process_html(self.value)
         self.compiler_version = COMPILER_VERSION
 
-        if self.value_baked_changed? || compiler_version.changed? || self.error_changed?
+        if self.will_save_change_to_value_baked? ||
+           self.will_save_change_to_compiler_version? ||
+           self.will_save_change_to_error?
+
           self.update_columns(value_baked: value_baked,
                               compiler_version: compiler_version,
                               error: error)
@@ -119,7 +121,7 @@ COMPILED
         self.error = e.message
       end
 
-      if error_changed?
+      if will_save_change_to_error?
         update_columns(error: self.error)
       end
 
@@ -131,7 +133,7 @@ COMPILED
   end
 
   before_save do
-    if value_changed? && !value_baked_changed?
+    if will_save_change_to_value? && !will_save_change_to_value_baked?
       self.value_baked = nil
     end
   end

app/models/topic.rb

@@ -83,7 +83,8 @@ class Topic < ActiveRecord::Base
 
   validates :featured_link, allow_nil: true, format: URI::regexp(%w(http https))
   validate if: :featured_link do
-    errors.add(:featured_link, :invalid_category) unless !featured_link_changed? || Guardian.new.can_edit_featured_link?(category_id)
+    errors.add(:featured_link, :invalid_category) unless !featured_link_changed? ||
+      Guardian.new.can_edit_featured_link?(category_id)
   end
 
   before_validation do
@@ -101,8 +102,8 @@ class Topic < ActiveRecord::Base
   has_many :group_archived_messages, dependent: :destroy
   has_many :user_archived_messages, dependent: :destroy
 
-  has_many :allowed_group_users, through: :allowed_groups, source: :users
   has_many :allowed_groups, through: :topic_allowed_groups, source: :group
+  has_many :allowed_group_users, through: :allowed_groups, source: :users
   has_many :allowed_users, through: :topic_allowed_users, source: :user
   has_many :queued_posts
 
@@ -125,7 +126,7 @@ class Topic < ActiveRecord::Base
   has_many :topic_timers, dependent: :destroy
 
   has_one :user_warning
-  has_one :first_post, -> { where post_number: 1 }, class_name: Post
+  has_one :first_post, -> { where post_number: 1 }, class_name: 'Post'
   has_one :topic_search_data
   has_one :topic_embed, dependent: :destroy
 
@@ -196,7 +197,7 @@ class Topic < ActiveRecord::Base
   after_save do
     banner = "banner".freeze
 
-    if archetype_was == banner || archetype == banner
+    if archetype_before_last_save == banner || archetype == banner
       ApplicationController.banner_json_cache.clear
     end
 

app/models/topic_converter.rb

@@ -71,7 +71,7 @@ class TopicConverter
   def watch_topic(topic)
     @topic.notifier.watch_topic!(topic.user_id)
 
-    @topic.topic_allowed_users(true).each do |tau|
+    @topic.reload.topic_allowed_users.each do |tau|
       next if tau.user_id < 0 || tau.user_id == topic.user_id
       topic.notifier.watch!(tau.user_id)
     end

app/models/topic_link.rb

@@ -214,17 +214,29 @@ SQL
 
       # Remove links that aren't there anymore
       if added_urls.present?
-        TopicLink.delete_all ["(url not in (:urls)) AND (post_id = :post_id AND NOT reflection)", urls: added_urls, post_id: post.id]
+        TopicLink.where(
+          "(url not in (:urls)) AND (post_id = :post_id AND NOT reflection)",
+          urls: added_urls, post_id: post.id
+        ).delete_all
 
         reflected_ids.compact!
         if reflected_ids.present?
-          TopicLink.delete_all ["(id not in (:reflected_ids)) AND (link_post_id = :post_id AND reflection)",
+          TopicLink.where(
-                                reflected_ids: reflected_ids, post_id: post.id]
+            "(id not in (:reflected_ids)) AND (link_post_id = :post_id AND reflection)",
+            reflected_ids: reflected_ids, post_id: post.id
+          ).delete_all
         else
-          TopicLink.delete_all ["link_post_id = :post_id AND reflection", post_id: post.id]
+          TopicLink
+            .where("link_post_id = :post_id AND reflection", post_id: post.id)
+            .delete_all
         end
       else
-        TopicLink.delete_all ["(post_id = :post_id AND NOT reflection) OR (link_post_id = :post_id AND reflection)", post_id: post.id]
+        TopicLink
+          .where(
+            "(post_id = :post_id AND NOT reflection) OR (link_post_id = :post_id AND reflection)",
+            post_id: post.id
+          )
+          .delete_all
       end
     end
   end

app/models/topic_timer.rb

@@ -19,13 +19,16 @@ class TopicTimer < ActiveRecord::Base
     self.created_at ||= Time.zone.now if execute_at
     self.public_type = self.public_type?
 
-    if (execute_at_changed? && !execute_at_was.nil?) || user_id_changed?
+    if (will_save_change_to_execute_at? &&
+       !attribute_in_database(:execute_at).nil?) ||
+       will_save_change_to_user_id?
+
       self.send("cancel_auto_#{self.class.types[status_type]}_job")
     end
   end
 
   after_save do
-    if (execute_at_changed? || user_id_changed?)
+    if (saved_change_to_execute_at? || saved_change_to_user_id?)
       now = Time.zone.now
       time = execute_at < now ? now : execute_at
 

app/models/topic_tracking_state.rb

@@ -155,7 +155,7 @@ class TopicTrackingState
                 always: User::NewTopicDuration::ALWAYS,
                 default_duration: SiteSetting.default_other_new_topic_duration_minutes,
                 min_date: Time.at(SiteSetting.min_new_topics_time).to_datetime
-              ).where_values[0]
+              ).where_clause.send(:predicates)[0]
   end
 
   def self.report(user, topic_id = nil)
@@ -185,14 +185,18 @@ class TopicTrackingState
       if opts && opts[:skip_unread]
         "1=0"
       else
-        TopicQuery.unread_filter(Topic, -999, staff: opts && opts[:staff]).where_values.join(" AND ").sub("-999", ":user_id")
+        TopicQuery
+          .unread_filter(Topic, -999, staff: opts && opts[:staff])
+          .where_clause.send(:predicates)
+          .join(" AND ")
+          .gsub("-999", ":user_id")
       end
 
     new =
       if opts && opts[:skip_new]
         "1=0"
       else
-        TopicQuery.new_filter(Topic, "xxx").where_values.join(" AND ").gsub!("'xxx'", treat_as_new_topic_clause)
+        TopicQuery.new_filter(Topic, "xxx").where_clause.send(:predicates).join(" AND ").gsub!("'xxx'", treat_as_new_topic_clause)
       end
 
     select = (opts && opts[:select]) || "

app/models/user.rb

@@ -72,15 +72,15 @@ class User < ActiveRecord::Base
 
   belongs_to :uploaded_avatar, class_name: 'Upload'
 
-  has_many :acting_group_histories, dependent: :destroy, foreign_key: :acting_user_id, class_name: GroupHistory
+  has_many :acting_group_histories, dependent: :destroy, foreign_key: :acting_user_id, class_name: 'GroupHistory'
-  has_many :targeted_group_histories, dependent: :destroy, foreign_key: :target_user_id, class_name: GroupHistory
+  has_many :targeted_group_histories, dependent: :destroy, foreign_key: :target_user_id, class_name: 'GroupHistory'
 
   delegate :last_sent_email_address, to: :email_logs
 
   validates_presence_of :username
-  validate :username_validator, if: :username_changed?
+  validate :username_validator, if: :will_save_change_to_username?
   validate :password_validator
-  validates :name, user_full_name: true, if: :name_changed?, length: { maximum: 255 }
+  validates :name, user_full_name: true, if: :will_save_change_to_name?, length: { maximum: 255 }
   validates :ip_address, allowed_ip_address: { on: :create, message: :signup_not_allowed }
   validates :primary_email, presence: true
   validates_associated :primary_email, message: -> (_, user_email) { user_email[:value]&.errors[:email]&.first }
@@ -110,8 +110,8 @@ class User < ActiveRecord::Base
 
   before_destroy do
     # These tables don't have primary keys, so destroying them with activerecord is tricky:
-    PostTiming.delete_all(user_id: self.id)
+    PostTiming.where(user_id: self.id).delete_all
-    TopicViewItem.delete_all(user_id: self.id)
+    TopicViewItem.where(user_id: self.id).delete_all
   end
 
   # Skip validating email, for example from a particular auth provider plugin
@@ -819,7 +819,7 @@ class User < ActiveRecord::Base
     end
 
     # mark all the user's quoted posts as "needing a rebake"
-    Post.rebake_all_quoted_posts(self.id) if self.uploaded_avatar_id_changed?
+    Post.rebake_all_quoted_posts(self.id) if self.will_save_change_to_uploaded_avatar_id?
   end
 
   def first_post_created_at
@@ -950,7 +950,7 @@ class User < ActiveRecord::Base
   end
 
   def expire_old_email_tokens
-    if password_hash_changed? && !id_changed?
+    if saved_change_to_password_hash? && !saved_change_to_id?
       email_tokens.where('not expired').update_all(expired: true)
     end
   end
@@ -1023,7 +1023,7 @@ class User < ActiveRecord::Base
     username_format_validator || begin
       lower = username.downcase
       existing = User.find_by(username_lower: lower)
-      if username_changed? && existing && existing.id != self.id
+      if will_save_change_to_username? && existing && existing.id != self.id
         errors.add(:username, I18n.t(:'user.username.unique'))
       end
     end

app/models/user_badge.rb

@@ -5,7 +5,11 @@ class UserBadge < ActiveRecord::Base
   belongs_to :notification, dependent: :destroy
   belongs_to :post
 
-  validates :badge_id, presence: true, uniqueness: { scope: :user_id }, if: 'badge.single_grant?'
+  validates :badge_id,
+    presence: true,
+    uniqueness: { scope: :user_id },
+    if: :single_grant_badge?
+
   validates :user_id, presence: true
   validates :granted_at, presence: true
   validates :granted_by, presence: true
@@ -19,6 +23,12 @@ class UserBadge < ActiveRecord::Base
     Badge.decrement_counter 'grant_count', self.badge_id
     DiscourseEvent.trigger(:user_badge_removed, self.badge_id, self.user_id)
   end
+
+  private
+
+    def single_grant_badge?
+      self.badge.single_grant?
+    end
 end
 
 # == Schema Information

app/models/user_option.rb

@@ -60,7 +60,7 @@ class UserOption < ActiveRecord::Base
   end
 
   def update_tracked_topics
-    return unless auto_track_topics_after_msecs_changed?
+    return unless saved_change_to_auto_track_topics_after_msecs?
     TrackedTopicsUpdater.new(id, auto_track_topics_after_msecs).call
   end
 

app/services/color_scheme_revisor.rb

@@ -27,7 +27,12 @@ class ColorSchemeRevisor
         @color_scheme.clear_colors_cache
       end
 
-      @color_scheme.save if has_colors || @color_scheme.name_changed? || @color_scheme.base_scheme_id_changed?
+      if has_colors ||
+         @color_scheme.saved_change_to_name? ||
+         @color_scheme.saved_change_to_base_scheme_id?
+
+        @color_scheme.save
+      end
     end
     @color_scheme
   end

app/services/post_owner_changer.rb

@@ -26,7 +26,11 @@ class PostOwnerChanger
       end
 
       @topic.update_statistics
-      @new_owner.user_stat.update(first_post_created_at: @new_owner.posts(true).order('created_at ASC').first.try(:created_at))
+
+      @new_owner.user_stat.update(
+        first_post_created_at: @new_owner.reload.posts.order('created_at ASC').first&.created_at
+      )
+
       @topic.save!
     end
   end

app/services/search_indexer.rb

@@ -91,7 +91,7 @@ class SearchIndexer
   def self.index(obj, force: false)
     return if @disabled
 
-    if obj.class == Post && (obj.cooked_changed? || force)
+    if obj.class == Post && (obj.saved_change_to_cooked? || force)
       if obj.topic
         category_name = obj.topic.category.name if obj.topic.category
         SearchIndexer.update_posts_index(obj.id, obj.cooked, obj.topic.title, category_name)
@@ -101,11 +101,11 @@ class SearchIndexer
       end
     end
 
-    if obj.class == User && (obj.username_changed? || obj.name_changed? || force)
+    if obj.class == User && (obj.saved_change_to_username? || obj.saved_change_to_name? || force)
       SearchIndexer.update_users_index(obj.id, obj.username_lower || '', obj.name ? obj.name.downcase : '')
     end
 
-    if obj.class == Topic && (obj.title_changed? || force)
+    if obj.class == Topic && (obj.saved_change_to_title? || force)
       if obj.posts
         post = obj.posts.find_by(post_number: 1)
         if post
@@ -116,11 +116,11 @@ class SearchIndexer
       end
     end
 
-    if obj.class == Category && (obj.name_changed? || force)
+    if obj.class == Category && (obj.saved_change_to_name? || force)
       SearchIndexer.update_categories_index(obj.id, obj.name)
     end
 
-    if obj.class == Tag && (obj.name_changed? || force)
+    if obj.class == Tag && (obj.saved_change_to_name? || force)
       SearchIndexer.update_tags_index(obj.id, obj.name)
     end
   end

app/services/spam_rule/auto_block.rb

@@ -45,7 +45,7 @@ class SpamRule::AutoBlock
   def num_users_who_flagged_spam_against_user
     post_ids = Post.where('user_id = ? and spam_count > 0', @user.id).pluck(:id)
     return 0 if post_ids.empty?
-    PostAction.spam_flags.where(post_id: post_ids).uniq.pluck(:user_id).size
+    PostAction.spam_flags.where(post_id: post_ids).pluck(:user_id).uniq.size
   end
 
   def num_tl3_flags_against_user

app/views/robots_txt/no_index.erb

@@ -1,6 +1,4 @@
 # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
 #
-User-Agent: *
+User-agent: *
 Disallow: /
-
-

bin/rails

@@ -1,4 +1,4 @@
 #!/usr/bin/env ruby
-APP_PATH = File.expand_path('../../config/application',  __FILE__)
+APP_PATH = File.expand_path('../config/application', __dir__)
 require_relative '../config/boot'
 require 'rails/commands'

config/application.rb

@@ -134,14 +134,9 @@ module Discourse
     # Version of your assets, change this if you want to expire all your assets
     config.assets.version = '1.2.4'
 
-    # We need to be able to spin threads
-    config.active_record.thread_safe!
-
     # see: http://stackoverflow.com/questions/11894180/how-does-one-correctly-add-custom-sql-dml-in-migrations/11894420#11894420
     config.active_record.schema_format = :sql
 
-    config.active_record.raise_in_transactional_callbacks = true
-
     # per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
     config.pbkdf2_iterations = 64000
     config.pbkdf2_algorithm = "sha256"

config/initializers/005-site_settings.rb

@@ -24,7 +24,7 @@ reload_settings = lambda {
 reload_settings.call
 
 if !Rails.configuration.cache_classes
-  ActionDispatch::Reloader.to_prepare do
+  ActiveSupport::Reloader.to_prepare do
     reload_settings.call
   end
 end

config/initializers/099-anon-cache.rb

@@ -9,5 +9,5 @@ enabled =
 
 if !ENV['DISCOURSE_DISABLE_ANON_CACHE'] && enabled
   # in an ideal world this is position 0, but mobile detection uses ... session and request and params
-  Rails.configuration.middleware.insert_after ActionDispatch::ParamsParser, Middleware::AnonymousCache
+  Rails.configuration.middleware.insert_after ActionDispatch::Flash, Middleware::AnonymousCache
 end

config/initializers/100-logster.rb

@@ -8,11 +8,6 @@ if Rails.env.production?
     /^ActionController::UnknownFormat/,
     /^ActionController::UnknownHttpMethod/,
     /^AbstractController::ActionNotFound/,
-
-    # alihack is really annoying, nothing really we can do about this
-    # (795: unexpected token at 'alihack<%eval request("alihack.com")%> '):
-    /^ActionDispatch::ParamsParser::ParseError/,
-
     # ignore any empty JS errors that contain blanks or zeros for line and column fields
     #
     # Line: