closes#942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
closes#967, closes#987
- use slug instead of name (it's unique)
- get tags even if we aren't inside the post context
- add tag handling to body_class too
issue #938
- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
issue #977
- As of the addition of when/monitor/console we now get errors about unhandled promises
- This fixes one which appeared when starting up without a DB
closes#937
- fixed bug where ![] is replaced with ![](http://) for image url
- added fileStorage setting to uploader
- added fileStorage helper (could become standard way of providing config data for frontend???)
- added data element to editor and settings
- if no config value is set fileStorage: true is default
closes#886
- removed meta_description which is empty and would have crashed
- added content
- img src converted to absolute path
- a href converted to absolute path
closes#705
- uses the file type passed by express/connect
- relies on the type being set correctly by the browser upload
- doesn't reread the file to check
Fixes#825
- Changes the way the error middleware is delivered in server.js, moving
all the logic back into errorHandling.js
- Alters error logging to use console.error (probably more appropriate) instead
of console.log
- Changes error tests to accomodate for these alterations
- Alters user-error and error hbs templates to incorporate stack traces
- Adds additional styling for error pages to accomodate stack traces
- Added logic to parse and deliver formatted stack traces
Notes:
======
- Jslint gets in the way of the regex I've got to use to parse the stack.
(It cites 'security reasons' which are not relevant in this case.)
I needed to add a condition to relax it at the top of errorHandling.js
- The stack trace should probably be added as a partial, but I figured it
was out of scope for this PR.
closes#812
- replace defaults with consistently named .png files
- change the settings saving code so that it doesn't double-save images and save the defaults to the db
closes#502
part of #705
- copy the files but then remove the temporary ones
- moving instead of copying was problematic due to moving across devices
- still need to convert code to using promises
Fixes#792
- Added default template for errors where a user has not defined a custom
template (error.hbs) in the theme folder
- Now searches for user-error.hbs in the server view folder should a user
template not be present.
- Add new 003.js in import based on 000.js
- Change importPosts and importUsers from the 000.js for new / default values
- Add language setting to black list
Fixes#798
- Now checks the request URL against a whitelist to determine whether the settings
page exists.
**Notes**
- This works in the short term, but a better solution for enumerating the available
settings views or centralising a list of recognised views that are available
to client side code, (the router and sidebar, among others) as well as the backend
controller will be required.
* Smoother animations
* Removed blurring in Chrome temporarily
* Centering is now done in CSS (the height is calculated in JS to work in FF and Opera)
* Modals now need close: true to be set to enable the close icon and shortcuts for closing (ESC key, background clicking)
closes#734
- use models instead of knex so that we know we get correct data
- preprocesses post_tags, adds the right tags back to the posts
TODO
- deduplicate posts (if they have the same title and slug?)
Fixes#356
- Adds new generic methods for handling errors to errorHandling.js
- Initialises generic methods as middleware
- Created error.hbs view in admin
- Error handler searches for error.hbs view file in user theme folder
and renders it if available, otherwise lets the error fall through
to express.
- We *could* change the final behaviour to render a default ghost
template should the user template be missing
- Because it currently isn't possible to require(ghost) in errorHandling.js,
it was necessary to duplicate some aspects of the ghost path init code
inside errorhandling.js. This should be cleaned up and moved back
into ghost.js when possible.
closes#657, closes#761
- Got rid of initTheme from ghost.js (yay)
- Divided up the logic for static assets and views
- Ghost admin static assets are now served from /ghost/
- New logic to figure out if we're on the admin, or a theme and which theme we are on
- Activate theme method reregisters static access and uncaches views
- Re-ordered all of the middleware, and ensured we had a 404 handler at the end
- Activate theme method ensures that middleware maintains order
Fixes#258
- Modified post collection to have default values for paging.
- Added scroll handler to content view to check for more posts and load
as appropriate.
- Sanitized result from server-side post paging, ensure page # is
returned as an integer.
- Added a functional test stub.
Fixes#667
- Removed superfluous as-of-yet-unused options in the publish menu.
- Adjusted display names of publish buttons according to differing
states the publish menu can be in (new post, saved draft, published
post).
- Added red highlight style to "important" status change options in the
publish menu (draft => published, published => unpublished).
- Added suite of functional tests around new labels and classes.
- Made a helper called ghostScriptTags that will spit out the relevant
script tags with version parameter; 4 unminified files in development,
1 minified file in production.
- Added grunt concat and uglify tasks to build files into core/built
- Fixed some unit tests by making them native date objects
closes#733
- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
closes#172
- added type to ghost.settings()
- added /api/settings?type=<filter>
- added availableThemes to settingsCache
- removed cachedSettingsRequestHandler
- removed /api/themes (including front end)
- changed activePlugins to type "plugin" in default-settings.json
- url first, replaced with temporary URL with documentation
- mail config is a commented out example
- mail documentation link in config and mail file
- no more staging
- gruntfile updated to generate correct docs
closes#748
- Removed the alpha software warning
- Better error message output for the whole app - can now specify an error, a context, and a help message
- Improved invalid node version, start and stop messaging
- Listens for Ctrl+C and exits nicely
- Minor improvements to handling and errors with old DBs (temporary)
closes#731, closes#732
- fixtures are imported using the models, rather than knex
- migration treats fresh installs differently
- migration throws errors for un-initialisable databases
- small amount of extra code to deal with old DBs still using currentVersion & give them a nice error message
issue #632
- removed old schemas
- updated base model to reflect all of the consistent behaviours and properties across the models
- updated all models to match the new schema
TODO
- no fixtures are currently loaded except settings
- need to rename properties across the codebase
Closes#581.
* Basically adds the client side of node validator, that we're already using
* Validator is plonked onto `Ghost.Validator`
* Usage is identical as to https://github.com/chriso/node-validator
* Has sanitizing values et al
* `Ghost.Validator.error` is redefined, it populates Ghost.Validator._errors (Array)
* `Ghost.Validator.handleErrors` is supposed to print out the multiple error messages, if there are multiple (this is broken due to how notifications are presented `.html` instead of `.append`), and also apply class to element
* The ajax calls are wrapped in an if to prevent network traffic if something's not right on client side
* Added validation to general settings and user settings screens.
* On validation error, optionally adds `.input-error` to whatever element you reference, see below (if `el` exists on the error object). This is the only place where usage is different to the original implementation. Redeclared `error()` function in `init.js`
* Usage: `Ghost.Validate.check(valueToCheck, {message: "the error message", el: $('#the element')}).isEmail()`
* The element above will receive the `.input-error` class. `isEmail()` is one of the stuff you can check against.
closes#370
- Added new Backbone view for post settings menu
- Moved sass styles to global.scss for post settings menu items
- Added field to change post slug (permalink) using existing slug
validation
* Signup now focuses on 'name' on load
* Fixed fade in on auth forms to work with `display: table`
* The 'name' field is required on Sign up forms
* The length check on the Signup form is in order of inputs
* Added check for password length
* Changed the auth form class names to better represent individual pages
* Updated CasperJS tests
closes#619
- check if uploaded image name exists in month/year path
- if unique then save
- if not unique then add -1 to the end of the name eg. image-1.jpg
- if image-1.jpg exists then increment to -2
- keep going until a unique name is found
- uses tail recursion as normal path will be to save the first filename and deep recursion will be the exception
- (the alternative of loading the names of all the files in the directory could result in a large in memory array)
Fixes#592
- Added *permanent* redirect to ensure `/page/1/` isn't used and that
`/` is used instead.
- Added pageUrl helper (and unit tests) to generate client side url
fragment for blog pages conforming to the above standard.
- Updated pagination helper to use new `pageUrl` theme helper.
- Added functional tests for redirects and added scaffolding for
functional frontend tests in general.
closes#280
- adds image uploader to user profile page.
- click on cover picture or change cover button to open file upload modal.
- created new upload modal that extends model to reduce some code duplication
closes#625
- removed defaultLang, forceI18n and activePlugins from config
- added values to default-settings.json
- updated to use values from settings
closes#593
- added default setting of 6 posts per page
- added posts per page to settings page
- added limit to frontend.js (setting does not change API behavior)
closes#603, issue #395
- Changed hard-coded 'JOE BLOGGS' to use author data
- We still had api calls loading data server side before rendering pages.. which is unnecessary.
- Only thing using this was editor title, which is now populated client side
- May improve content screen load time.
closes#618
- don't send a welcome email. This appeared to be breaking tests.
- make sure we handle errors from sending emails properly
- use promises when adding notifications
Closes#288
* I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`)
* Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
closes#367closes#368
- Adds Tag model with a many-to-many relationship with Post
- Adds Tag API to retrieve all previously used Tags (needed for suggestions)
- Allows setting and retrieval of Tags for a post through the Post's existing API endpoints.
- Hooks up the editor's tag suggestion box to the Ghost install's previously used tags
- Tidies the client code for adding tags, and encapsulates the functionality into a Backbone view
Fixes#469
- Added client-side trimming of title on blur if it is not already
trimmed.
- Added server-side trimming of title on 'saving' event of post model.
closes#488 and #107
- added dropdown for theme selection on general page
- added GET /api/v0.1/themes to retrieve available themes
- modified settings model to get available themes
- modified updateSettignsCache to remove path from settings.activeTheme
Fixes#352
- Removed one-off styles and code for the publish button. Publish button
now uses data-toggle attribute wired up in toggle.js and forms.scss.
- Ensured split button common styles are up to date to conform with
vendor prefixing of transform properties.
Closes#556
* New Ghost Logo Icon
* New Lightning Icon for plugins screen
* Remove old Ghost Logo Icon
* Moved #ghost to .ghost-logo to clean up conflicts with editor, previously fixed with dodgy overnesting
closes#422, issue #295
- Added GFM mode to codemirror
- Took the github.js extension for Showdown and added all useful behaviour
- Now supports strikethrough, line breaking and
multiple underscores, and auto linking urls & emails without breaking
definition urls
- Also added definition url handling in preparation for #295
- Added unit tests for the extentions individually and integrated with
showdown
- Made fail warning and button display none to reduce DOM content.
- Made toolbar red for fail not orange
- Fixed loading-cat which was persistent in cases of low bandwidth (particularly downstream)
closes#528
- adds method (isPost)to models index.js that returns true if content, content_raw, title and slug are valid properties
- adds url helper which checks context is post using isPost method
- adds unit test to check a url is prefixed with /
-adds unit test which checks for empty string if either of the 4 properties above are not present.
Pagination could conceivably be used in more than one place on a page (eg. both top and bottom). For that reason it should probably have a class rather than an ID.
- fixes#517
- prevents this from occuring again in future with other relations
- validation function & stripping done for all models
- casper test for flow, plus validation & logged out tests
- introduced validation method in the post and user model
- moved signup validation onto model
- consistent use of validation & error messaging in the admin UI
- helper methods in base view moved to a utils object
closes#382, closes#383
- added helper called ghost_head to insert meta data with current version of ghost
- added helper called ghost_foot to insert script tag for jquery
- added unit test for both helpers
- removed trailing slash from ghost.js for 'shared' path and removed from outside of loop as it is shared on front and backend
Fixes#358
- Altered post model to enable eager loading of author and
user relationships
- Fixed broken base model toJSON method, which prevented
eager resolution of relationships (thanks @tgriesser)
- Passes author information to template.
- Added unit tests for author helper.
- Added unit tests for findOne and findAll additions to Post Model
which take into account the eager relationships
Usage:
`{{author}}` -- returns the full name of the post author
`{{author.attribute}}` -- returns property of the current post author
as described by the user model
Closes half of #468
* adds a 2 second limit until you can retry logging in, otherwise sends you a 401.
* bounce: 2ms, checks the pw: 254ms on my machine
* added a test to the casper suite
Closes#374
* Included node-validator as a package
* Implemented server side validation (the client side js is a mess, need a LOT of work)
* Validates email address both on signup and login screens, gives error message on malformed email addresses
* Requires at least 8 chars of password
* Tells user if password is too short
* Tells user if no such user on login
* Tells user if wrong password on login
* Tells user if server responds with a 404 (goes away, dies, etc)
* Added middleware between req and login / signup for validation
Closes#354
* Reintroduced the redirect functionality (not logged in, tries to go to `/settings/user/`, is sent to `/login/` with info notification, after login user is taken to `/settings/user/)
* Reintroduced the "Successfully logged out" message
* Added middleware to scrub passive notifications from `ghost.notifications` after one use basically mimicing client side passive notifications
* Removed flash from everywhere. Even from package.json.
* Renamed flashed.hbs to notifications.hbs, modified default.hbs accordingly
* Added function to parse GET variables on client side
Closes#364
- Confirmed integration with local mysql installation works.
- Updated fixtures and migration with appropriate schema-conforming
values.
- Updated schema with appropriate defaults and nullable columns.
- Updated fixDates function on model base to appropriately deserialize
values coming from SQLite now that dates are stored as actual DateTime
objects/ISO strings.
- Updated default language to be 'en_US'.
Closes#340. Closes#375
* Replaced session with id of current user
* Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy)
* Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't)
* If user has profile picture, that will be used
* If user has name, that will be used
* Password changing doesn't care about your email. Uses cookies. Tasty!
* User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`.
* Added logic to user api to check for `id === 'me'`, and then use the cookie value
* User data saves are now correct
* There is no logout error
This is simply a commit which improves the mobile interactions. This does not fix UI problems on mobiles.
New interactions;
Menu
* Swipe right on header to show sidebar
* Swipe left on sidebar to hide
Content
* Tap / Swipe left on item to show preview
* Swipe right to show content list
Settings
* Tap / Swipe left on link to show settings
* Swipe right on settings to show links
fixes#392
- adds appRoot, and uses this to calculate other paths
- removes path calculations from loader
- remove the themedir setting in config.. completely unnecessary
- highlights just how important #360 is
Fixes#256
- Developed and linked new module, downsize, for tag-safe truncation
- Altered existing content handler to accept options for truncation
- Added tests for handler
Using truncation:
{{content words=10}}
{{content characters=256}}
Closes#282
* Added a new route
* Added new methods
* Triple security!
* Passwords are actually changed
* Also added a change password button, because 'save' has too much baggage.
On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords.
Caveats:
* didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh?
* Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
issue #40 and issue #280
- Adds uploader jquery plugin
- includes settings for enabling/disabling upload progress bar
- adds routing for image uploads
- adds directories by year and month based on upload date
- Implements plugin on settings - general pane
- Implements plugin on editor
- adjusted general tab to save uploaded image src
TODO:
- Add error handling
- Storing information on editor
- Add events
closes#276
- settings screen now loads a model when a pane is requested, rather than when the whole screen is requested
- added browse, read and edit methods and routes for users to the API
- added user model & template to client and wired everything up.
- provided default images for cover and profile picture
Implements basic functionality described in #227 for loading plugins
from a specific directory and having a specific workflow with an init()
method and a disable() method.
Closes#333
* Refactored the Ghost.Notifications View bundle
* Added a new initialization of the NotificationCollection (hacky, but at least satisfies JSLint). This was needed as the reason the persistent success notification couldn't be dismissed was that prerendered DOM elements weren't picked up as BB Views beforehand, and thus no events were bound to them.
- added line to index.js to set node_env to development if it is not set
- fixed a small bug with the persistent notifications and used them on debug page from server side
- added 002 files to manage export and import for 002
- 002 import is somewhat smarter than 001, merging settings (except version), replacing user & clearing primary keys
- added reset to models and migration, which does the down operation the same way that init does the up operation
- import and reset clear session & redirect to login / signup
- additional unit tests
closes#171, closes#314, closes#315
- added settings for blog logo and icon
- all other settings will need to be added as needed as it's impossible to guess what the default value should be
- added tables for post tags
- added tables for post custom data
- added location column to users
- fixeed minor bug in migrations
- Ghost.View now extends Ghost.TemplateView giving all views access to subviews and templates
- Views which implemented templates no longer need to
- Some views needed to re-override render which is a bit annoying
- Settings screen now has sub-templates for each pane and for the sidebar
- Additional Casper tests for settings screen
This introduces a new class of `.form-group` to replace the label containing the elements.
I have also included `name=""` attributes to inputs where there were non.
This is simply a commit which improves the mobile interactions. This does not fix UI problems on mobiles.
New interactions;
Menu
* Swipe right on header to show sidebar
* Swipe left on sidebar to hide
Content
* Tap / Swipe left on item to show preview
* Swipe right to show content list
Settings
* Tap / Swipe left on link to show settings
* Swipe right on settings to show links
Should close#37. There are persistent and passive notifications.
Persistent ones:
* are stored on `ghost.notifications`.
* have an api made to add / remove them with client side ajax logic (probably not the most elegant, but works)
* uses a modified `flashes.hbs` template
* will only disappear if user closes the bar
* stack
Passive
* added with backbone view / collection combo
* stack
* disappears on navigation and when user closes it
- This is a first pass at getting a more logical structure. The focus is on moving from admin/frontend to client/server.
- The location of the databases is highly important, this isn't expected to change again
In the future
- client/assets should probably become public/
- more stuff should be shared (helpers etc)
- cleanup some confusion around tpl and views