closes#1854
- added blueimp file upload to debug.js
- changed POST /ghost/api/v0.1/db to be used with AJAX
- cache invalidation header should now work for import
- moved busboy middleware invocation to routes/api and routes/admin
- moved api.db.import to api.db.importContent (I hated the [] notation)
- moved api.db.export to api.db.exportContent (see above)
- use hex instead of base64 as this can cause errors when trying to reopen the file due to characters like '/' appearing
- added basic console log to errors.
issue #1378fixes#1328
- xss santization does some odd things. This isn't needed until we have multi-user support, and we are investigating better solutions.
fixes#1765fixes#1811
issue #1833
New UrlFor functions
- moved body of url helper to config.path.urlFor, which can generate a URL for various scenarios
- urlFor can take a string (name) or object (relativeUrl: '/') as the first
argument - this is the first step towards issue #1833
- also added config.path.urlForPost which is async and handles getting
permalink setting
- frontend controller, ghost_head helper, cache invalidation all now use
urlFor or urlForPost all urls should be correct and consistent
URL Consistency Improvements
- refactored invalidateCache into cacheInvalidationHeader which returns a
promise so that url can be generated properly by urlForPost
- moved isPost from models to schema, and refactored schema to have a tables object
- deleted posts now return the whole object, not just id and slug,
ensuring cache invalidation header can be set on delete
- frontend controller rss and archive page redirects work properly with subdirectory
- removes {{url}} helper from admin and client, and replaced with adminUrl
helper which also uses urlFor
- in res.locals ghostRoot becomes relativeUrl, and path is removed
closes#1801
- adding fixBools method to `server/models/base.js` to convert bools to 1/0 to be consistent with MySQL & sqlite3 data providers (based on @ErisDS recommendation)
- this in turn fixes the check in `server/controllers/frontend.js`, which does an explicit `post.page === 0` comparison (in pgsql this is a `boolean`, since the schema declares it as "bool" in `server/data/schema.js`, but MySQL/sqlite3 don't have concept of Boolean, only an integer or bit)
- any model retrieved from persistence will pass through this (possible future refactoring is to combine fixBools & fixDates into one "canonicalize()" to have a single loop pass)
throttle list
- once a user has successfully logged into ghost
they no longer are a malicious user and as such
their IP address should be removed from the
array of login attempts
- should also reduce the memory usage of Ghost
as the loginSecurity array gets pruned upon
every successful login
- this also fixes a race condition i was experiencing
during functional tests wherein i would receive
the login throttle message during regular testing.
Seems my machine is able to run casper fast enough
that it could complete each test under an amount
of time that tripped the login throttle message.
fixes#1810
- updates frontend.single route to accept ‘edit’
as the last param
- updates controller.frontend to handle redirection
only when we would otherwise have rendered the page
- added unit tests for this behavior
fixes#1774
- Delayed showing the tag suggestions popup unless matching tags were found
- Changed the padding-left on the added tag container to 8px from 20px to fall in line with the left shadow overlay
- Currently the test is taking the response date
which is in UTC and passes it through moment()
which by default parses input as local time. We
then add 12 hours to this now local time
and when compared against the response set-cookie
header the time spread is wrong.
- To fix we’re parsing the response date with
moment.utc which parses the date in UTC.
closes#1661
- disables save button at beginning of image upload
- enable save button at image upload fail, at image upload and download success and also at dropzone init
issue #1789
- we can do this step a bit earlier and it aids with neatness
- also means for tests that config.load() is enough to get config & paths initialised
closes#1470
issue #1405
- added cache control middleware
- added defaults for all routes, assets, etc
- updated asset helper to add a query string with a timestamp hash to all assets
- added unit tests for asset and ghostScriptTags helpers
- added cache-control checks to route tests
