TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-24 06:35:49 +03:00
Code Issues Projects Releases Wiki Activity
1,066 Commits 227 Branches 1,677 Tags 368 MiB
13639ad8d1
Commit Graph

1066 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim Griesser
13639ad8d1 Updating to bookshelf 0.5.7 & knex 0.4.11 2013-10-17 18:23:36 +01:00
Hannah Wolfe
b544ee7ed6 Revert "Updated to latest version of express-hbs" 
This reverts commit d169bba3f8.

Conflicts:
	package.json
 2013-10-11 20:14:58 +01:00
Hannah Wolfe
f30e356e7c Revert "Updated to latest version of express" 
This reverts commit c95d469eb3.

Conflicts:
	package.json
 2013-10-11 20:13:44 +01:00
Hannah Wolfe
b4d5918fac Version bump for 0.3.2 
- added optional mysql dependency
- removed .afignore
- updates to .gitignore to ignore any additional themes or plugins
 2013-10-11 18:21:14 +01:00
Hannah Wolfe
d47b19b491 Added grunt release task 
closes #941

Conflicts:
	Gruntfile.js
 2013-10-11 18:19:03 +01:00
Hannah Wolfe
4c89422b0d Added SECURITY.md file 
closes #989
 2013-10-11 18:17:37 +01:00
Hannah Wolfe
e613d88167 Merge pull request #997 from cobbspur/uploadrefactor 2013-10-11 18:15:45 +01:00
cobbspur
c52a10cd1a fixed image upload url synchronicity and url removed on cancel 
closes #988, closes #956, closes #975

- fixed multiple ids and refactored triggers
- persistence requirement overridden
- trash can now removes url in editor
- if empty url is saved http:// is inserted and dropzone initialized

Conflicts:
	core/client/assets/lib/uploader.js
 2013-10-11 18:15:17 +01:00
Hannah Wolfe
0bb5e8702a Merge pull request #980 from jamesbloomer/lockdown-assets-rebase 2013-10-11 18:06:11 +01:00
jamesbloomer
9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files. 
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
 2013-10-11 18:05:31 +01:00
Hannah Wolfe
6db7e6d96e Merge pull request #1000 from sebgie/issue#872 2013-10-11 13:19:12 +01:00
Sebastian Gierlinger
b040ea3365 Change from address 
closes #872
- changed from address to use config.mail.fromaddress
- changed from address to default to settings.email
 2013-10-11 12:49:33 +01:00
Hannah Wolfe
a37d487ffd Merge pull request #992 from pmgarman/spacelys-sprockets-n-sockets 2013-10-10 16:19:42 +01:00
Hannah Wolfe
31e2737cfd Update config validation to allow for socket only 
issue #887
 2013-10-10 16:13:02 +01:00
Patrick Garman
97f592aa41 Allow Ghost to run using sockets 
Closes #887
- Adds getSocket function > Returns the socket location if sockets are enabled or false
- Adds startGhost function > Callback for server.listen
 2013-10-10 16:12:28 +01:00
Hannah Wolfe
54f8a04779 Merge pull request #996 from ErisDS/0.3.2-tagfixes 
Improving tag handling in post_class and body_class
 2013-10-10 07:05:15 -07:00
Hannah Wolfe
7b28056849 Merge pull request #995 from ErisDS/xss 
XSS
 2013-10-10 07:04:50 -07:00
Hannah Wolfe
f1317b84af Improving tag handling in post_class and body_class 
closes #967, closes #987

- use slug instead of name (it's unique)
- get tags even if we aren't inside the post context
- add tag handling to body_class too
 2013-10-09 19:51:55 +01:00
Hannah Wolfe
14ac437763 Updating to latest Casper 
- triple braces for post titles everywhere
 2013-10-09 19:29:38 +01:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze 
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
 2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b Escaping several fields to prevent XSS 
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
 2013-10-09 19:13:13 +01:00
Hannah Wolfe
d169bba3f8 Updated to latest version of express-hbs 
issue #830
 2013-10-07 16:42:25 +01:00
Hannah Wolfe
c95d469eb3 Updated to latest version of express 
closes #875
 2013-10-07 14:31:57 +01:00
Hannah Wolfe
c0d5167f7d Merge pull request #948 from javorszky/0.3.2-wip 
Fixes config.example.js
 2013-10-05 12:16:32 -07:00
Gabor Javorszky
a37c7958b1 Fixes config.example.js 
Closes #945
 2013-09-30 15:06:54 +01:00
Hannah Wolfe
6bd62538af Merge branch '0.3.1-wip' 
Conflicts:
	core/server/controllers/admin.js
 2013-09-27 17:22:55 +01:00
Hannah Wolfe
0169b78f35 Updating to Latest Casper, more gist fixes 2013-09-27 17:21:06 +01:00
Hannah Wolfe
d866f0f31a Version bump for 0.3.1 bugfix release 2013-09-27 17:20:52 +01:00
Hannah Wolfe
a5bf8bf1e2 Removing reset button 
- noone needs this, and someone is bound to press it and then complain.
 2013-09-27 17:20:41 +01:00
Hannah Wolfe
4d6455e6d1 Updating to latest Casper, includes fix for gists 2013-09-27 14:17:32 +01:00
Hannah Wolfe
e86958fdb7 Further fix to image markdown 
issue #866 again
 2013-09-27 14:17:19 +01:00
Hannah Wolfe
d841e749f9 Adding extra class for url uploads 2013-09-27 13:34:39 +01:00
Hannah Wolfe
ee8d8102db Merge pull request #923 from ErisDS/0.3.1-wip-mysql 
0.3.1 wip mysql
 2013-09-27 05:04:45 -07:00
Hannah Wolfe
9ae1dc26db Merge pull request #914 from gotdibbs/Issue874 2013-09-27 13:03:42 +01:00
William Dibbern
ef8fed3159 Added comments to config for ports 
Fixes #874

- Added comments to clarify that you should set the port to
`process.env.PORT` when running ghost under iisnode.
 2013-09-27 12:57:33 +01:00
Hannah Wolfe
5c10f6608c Unit Test fixes for MySQL 
issue #858

- there is no guaranteed order to arrays, so sort before testing them
- tests run much faster, date comparisons fail
- settings tests are more explicit, otherwise they fail random validations
- dates must be inserted as date objects
 2013-09-27 12:52:31 +01:00
Hannah Wolfe
11296c0064 Merge pull request #920 from ErisDS/0.3.1-wip-markdown 
0.3.1 wip markdown
 2013-09-27 04:30:23 -07:00
Hannah Wolfe
d544b4aebb Custom destroy method for posts 
issue #858

- correctly handles detaching tags before deleting the post
 2013-09-27 11:56:20 +01:00
Hannah Wolfe
e6b779330f Correctly test for an empty Tag array 
issue #858

- fixes syntax errors in mysql
 2013-09-27 11:55:02 +01:00
Hannah Wolfe
71711c1fd2 Drop tables in correct order 
issue #858

- unit tests now run for MySQL
 2013-09-27 11:54:09 +01:00
Hannah Wolfe
50a16ceb76 Test Cleanup 2013-09-27 11:36:12 +01:00
Hannah Wolfe
e411ed6889 No autolinking inside of code blocks 
closes #865

- rejigged markdown to have some functionality before showdown runs, and other functionality before.
- autolinking now happens last, so it can be smarter
 2013-09-27 11:35:44 +01:00
Hannah Wolfe
8c6519fde7 Don't output image tag for empty source 
closes #866

 - ensures we don't end up creating any more empty image tags.
 2013-09-27 11:30:41 +01:00
John O'Nolan
9df4955bcb Fix tiny alignment issue on Ghost logo 2013-09-27 11:23:24 +02:00
John O'Nolan
8ce4d4b7c5 Fixed fucked up modal padding 2013-09-27 11:21:23 +02:00
Hannah Wolfe
6369eb20be Remove broken image from fixture 
issue #866

- this fixes the problem inside the fixture
 2013-09-27 09:18:02 +01:00
Hannah Wolfe
681aa71bf5 Merge pull request #848 from jamesbloomer/705-image-Upload-file-storage-amends-type 
Use file mime type to check server side if image upload is a valid file
 2013-09-26 15:18:04 -07:00
Hannah Wolfe
57d83fe560 Merge pull request #794 from sebgie/issue#570 
Add invalidate cache headers
 2013-09-26 15:17:24 -07:00
Hannah Wolfe
6605ce1c71 Merge pull request #908 from jgable/fixImporterDates 2013-09-26 23:16:08 +01:00
Jacob Gable
a9c0359f18 Add some unit tests for post saving 
- Confirm published_at for new posts
- Confirm slug generating on saving posts
 2013-09-26 23:15:43 +01:00