Commit Graph

90 Commits

Author SHA1 Message Date
Hannah Wolfe
15da975c06 image upload controller refactor
issue #635

- upload controller shouldn't assume fs
- filesystem module proxies all the fs work
- proxies and exposes middleware for serving images
- creating a date based path and unique filename is a base object util
- unit tests updated
2013-11-11 16:10:57 +00:00
William Golden
766ce1ac51 Render a page template if it exists in a theme for a post marked as page.
Closes #1329.
2013-11-05 21:43:13 -06:00
Fabian Becker
48d3b10649 Fix image upload issue.
fixes #1377
2013-11-02 11:16:00 +00:00
Hannah Wolfe
6b29d4392a Merge pull request #1375 from jamesbloomer/image-refactor2
Tidy up the local file storage for images
2013-11-01 08:48:12 -07:00
jamesbloomer
f42e977fa7 Tidy up the local file storage for images 2013-11-01 13:08:27 +00:00
Hannah Wolfe
0db907ada2 Bump grunt-jslint and fix issues 2013-11-01 12:12:01 +00:00
Ben Gladwell
69d3a1460d Remove unparam:true from jslint config in Gruntfile.js
issue #1365
- added /*jslint unparam:true*/ to functions where absolutely necessary
- added /*jslint unparam:true*/ to functions in which keeping parameter
  list added clarity to the underlying api, even when those parameters
  are not currently used
- removed unused parameters in a few places
2013-10-31 14:02:34 -04:00
jamesbloomer
ec79069a1c Convert local file system image storage to use promises
Part of #635
2013-10-31 08:25:25 +00:00
jamesbloomer
6e44280b96 Moving file system storage to a module
issue #635

- refactored file system storage into module
- convert save to return a promise
- convert admin controller to use storage module
2013-10-31 08:25:24 +00:00
Jacob Gable
507174a00b Plugin API Refactor: Filter and Theme Helpers
issue #769

- Refactor doFilter to allow returning a promise from a filter handler
  and to also return a promise itself
- Move the logic out of the registerThemeHelper calls and into their own methods so
  we could test them in isolation.
- Assign the server to the ghost instance so the initPlugins method can
  get access to it.
2013-10-29 11:27:52 +00:00
Hannah Wolfe
5c33a707e9 Merge pull request #1164 from halfdan/1162-unpublished-posts
Unpublished Post should not be accessible
2013-10-25 13:18:39 -07:00
Simone D'Amico
c4bf0123c8 Added quotes to changepw admin controller 2013-10-25 20:11:33 +02:00
Fabian Becker
aa5c0cc620 Unpublished Post should not be accessible
fixes #1162
2013-10-24 21:29:10 +00:00
Sebastian Gierlinger
c558cb7648 Add validation for importer
closes #952
- moved api.js to api/index.js
- added api/db.js for import and export functions
- moved /ghost/debug/db/export to GET /api/v0.1/db
- moved /ghost/debug/db/import to POST /api/v0.1/db
- removed /ghost/debug/db/reset
- added validation for import
- added constraints object to migration
2013-10-23 19:42:55 +01:00
Fabian Becker
27e66f75f3 Show proper error message when image upload fails
fixes #994
2013-10-22 21:08:26 +00:00
Hannah Wolfe
65dcb17117 Merge branch '0.3.3-wip'
Conflicts:
	core/client/views/blog.js
	core/server/api.js
	core/server/views/default.hbs
	package.json
2013-10-20 10:09:39 +01:00
Sebastian Gierlinger
2ee8f96829 Revert sessions to cookieSessions
no issue
- modified sessions to use cookieSession
- set max-age to 12 hrs
- modified logout to delete cookie completely
2013-10-18 13:24:01 +02:00
Hannah Wolfe
2a6e77752f API JSON updates 2013-10-17 20:52:05 +01:00
Hannah Wolfe
d9c9ca0e33 Merge pull request #4 from sebgie/sec/3
Sec/3
2013-10-17 10:49:40 -07:00
Sebastian Gierlinger
374c41e138 Remove private data from API
no issue
- added removal to user.browse, posts.read, posts.browse
- fixed removal for user.read
2013-10-17 17:15:25 +02:00
Sebastian Gierlinger
90176e1f40 Security improvements
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
2013-10-17 15:28:28 +02:00
Hannah Wolfe
b4e04b3650 Fix for image uploads
- express 3.4.0 uses connect 2.9.0 which had a sizable change to how multipart woks
- this change resulting in req.files.uploadimage.type going away
2013-10-11 20:26:09 +01:00
Sebastian Gierlinger
6ff17c78a2 Fix filepaths for config and upload
no issue
- added appRoot to config-loader.js
- modified uploader to use correct path
- modified tests
2013-10-10 12:44:31 +02:00
Gabor Javorszky
f709dcb798 Adds error message to blog import on empty / bad file
Closes #840
* Checks file to be size > 0
* Checks file to be .json
* Fails if either of them are not good
2013-09-28 15:42:42 +01:00
Hannah Wolfe
6bd62538af Merge branch '0.3.1-wip'
Conflicts:
	core/server/controllers/admin.js
2013-09-27 17:22:55 +01:00
Hannah Wolfe
681aa71bf5 Merge pull request #848 from jamesbloomer/705-image-Upload-file-storage-amends-type
Use file mime type to check server side if image upload is a valid file
2013-09-26 15:18:04 -07:00
Sebastian Gierlinger
fa43ca79d3 Add content to RSS
closes #886
- removed meta_description which is empty and would have crashed
- added content
- img src converted to absolute path
- a href converted to absolute path
2013-09-26 15:37:25 +01:00
John O'Nolan
d1957958e3 Cleanup indentation and quotes
Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-26 15:06:31 +01:00
Sebastian Gierlinger
6697d8a097 Add invalidate cache headers
closes #570
- added X-Cach-Invalidate headers for PUT, POST, DELETE requests
2013-09-24 17:21:43 +02:00
jamesbloomer
c215626d2b Use file mime type rather than extension to check server side if image upload is a valid file
closes #705
- uses the file type passed by express/connect
- relies on the type being set correctly by the browser upload
- doesn't reread the file to check
2013-09-20 13:20:59 +01:00
Hannah Wolfe
ee78f87c47 Import > Signout
- uncommitting the thing I shouldn't have commited
2013-09-18 16:11:21 +01:00
Hannah Wolfe
f717aed96f Merge pull request #820 from jamesbloomer/705-image-Upload-file-storage-amends
Remove temporary files when uploading images
2013-09-18 08:08:48 -07:00
Sebastian Gierlinger
1cac1acded RSS without User
closes #817
- no user, no rss author
2013-09-18 10:17:56 +02:00
jamesbloomer
36f218abaf Remove temporary files when uploading images
closes #502
part of #705
- copy the files but then remove the temporary ones
- moving instead of copying was problematic due to moving across devices
- still need to convert code to using promises
2013-09-18 09:15:21 +01:00
Hannah Wolfe
e0edb6455d Temporary Importer
closes #735

 - make sure the importer gets loaded
 - additional preprocessing to ensure data can be loaded
 - removed old importers
2013-09-18 04:20:21 +01:00
Christopher Giffard
8fa1ce96ff Settings: Return 404 for unrecognised pages
Fixes #798

- Now checks the request URL against a whitelist to determine whether the settings
  page exists.

**Notes**

- This works in the short term, but a better solution for enumerating the available
  settings views or centralising a list of recognised views that are available
  to client side code, (the router and sidebar, among others) as well as the backend
  controller will be required.
2013-09-18 12:31:43 +10:00
Hannah Wolfe
658a21bcf8 Quick file type amend
- adding .jpeg spelling to allowed extensions, #705 will fix this properly
2013-09-18 02:53:08 +01:00
Sebastian Gierlinger
60d93bd3f3 Fix for images with special chars
closes #780
- added replacing of special chars with '_'
2013-09-17 22:11:22 +02:00
Hannah Wolfe
750c19014a Populating admin email with user signup email
closes #775
2013-09-17 03:08:36 +01:00
Hannah Wolfe
79f75865a1 Error handling for the frontend routes 2013-09-17 01:54:36 +01:00
Sebastian Gierlinger
141361c40e Escape RSS post title
closes #755
- added html escape for post title
- changed author for rss feed to current user
- added simple test to check rss is working
2013-09-16 13:11:53 +02:00
Sebastian Gierlinger
8f22737f04 Make settings() 'magic'
- access value directly by using ghost.settings('key')
- removed use of <key>.value
- removed workaround for activeTheme path
2013-09-15 19:52:37 +02:00
Hannah Wolfe
117f70dcfd Merge pull request #752 from sebgie/settingsapi
Add setting filter
2013-09-15 09:53:23 -07:00
Hannah Wolfe
8d038b8bf2 One exporter to rule them all
closes #733

- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
2013-09-15 17:04:42 +01:00
Sebastian Gierlinger
bd8db968ea Add setting filter
closes #172
- added type to ghost.settings()
- added /api/settings?type=<filter>
- added availableThemes to settingsCache
- removed cachedSettingsRequestHandler
- removed /api/themes (including front end)
- changed activePlugins to type "plugin" in default-settings.json
2013-09-15 18:04:01 +02:00
Hannah Wolfe
9fcc0a6ed6 Renamed currentVersion setting to databaseVersion to avoid confusion with software version 2013-09-14 22:13:59 +01:00
Hannah Wolfe
d968495996 Mass renaming of things
Conflicts:
	core/client/views/settings.js
	core/server/models/user.js
2013-09-14 21:56:07 +01:00
Sebastian Gierlinger
35a32279d9 Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-14 13:14:00 +01:00
Hannah Wolfe
486c2b4eea Use software version in RSS
closes #723

 Still waiting on https://github.com/dylang/node-rss/pull/16 to get this to actually output
2013-09-14 12:12:27 +01:00
Hannah Wolfe
cc785cc981 Merge pull request #686 from matthojo/Sign-up-screen-UI
Improved Auth screen markup and validation checks
2013-09-12 06:25:27 -07:00