Commit Graph

91 Commits

Author SHA1 Message Date
Hannah Wolfe
491651da59 Merge pull request #2 from ErisDS/bookshelf-knex-update
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-10-17 10:49:28 -07:00
Tim Griesser
13639ad8d1 Updating to bookshelf 0.5.7 & knex 0.4.11 2013-10-17 18:23:36 +01:00
Sebastian Gierlinger
90176e1f40 Security improvements
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
2013-10-17 15:28:28 +02:00
jamesbloomer
9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files.
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
2013-10-11 18:05:31 +01:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b Escaping several fields to prevent XSS
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
2013-10-09 19:13:13 +01:00
Hannah Wolfe
6bd62538af Merge branch '0.3.1-wip'
Conflicts:
	core/server/controllers/admin.js
2013-09-27 17:22:55 +01:00
Hannah Wolfe
ee8d8102db Merge pull request #923 from ErisDS/0.3.1-wip-mysql
0.3.1 wip mysql
2013-09-27 05:04:45 -07:00
Hannah Wolfe
5c10f6608c Unit Test fixes for MySQL
issue #858

- there is no guaranteed order to arrays, so sort before testing them
- tests run much faster, date comparisons fail
- settings tests are more explicit, otherwise they fail random validations
- dates must be inserted as date objects
2013-09-27 12:52:31 +01:00
Hannah Wolfe
50a16ceb76 Test Cleanup 2013-09-27 11:36:12 +01:00
Hannah Wolfe
e411ed6889 No autolinking inside of code blocks
closes #865

- rejigged markdown to have some functionality before showdown runs, and other functionality before.
- autolinking now happens last, so it can be smarter
2013-09-27 11:35:44 +01:00
Hannah Wolfe
8c6519fde7 Don't output image tag for empty source
closes #866

 - ensures we don't end up creating any more empty image tags.
2013-09-27 11:30:41 +01:00
Jacob Gable
a9c0359f18 Add some unit tests for post saving
- Confirm published_at for new posts
- Confirm slug generating on saving posts
2013-09-26 23:15:43 +01:00
Jacob Gable
088518936c Configuration validation in config-loader
Added a couple sanity checks to the config during the loadConfig call.

- Check that the config exists for the current NODE_ENV
- Check that the config.url exists and is valid structure
- Check that the config.database exists
- Check that the config.server exists and has a port and host value
2013-09-26 23:07:48 +01:00
jamesbloomer
55048d6a20 Fix image upload tests on windows
closes #826
- on windows the fs.exists call had windows style back slashes
- set up the test to cope with either (not the most elegant but works)
2013-09-26 15:19:05 +01:00
jamesbloomer
8e3ddcbdcc Trim version number to major and minor numbers only in meta tag
closes #880
- as the version number is under control from package.json use regex to trim
2013-09-26 15:00:05 +01:00
Hannah Wolfe
02a02054e8 Handle duplicate tags on import
closes #890

- importer only adds tags which don't exist.
- added back the import unit tests - these are basic for now
2013-09-25 11:30:59 +01:00
jamesbloomer
c215626d2b Use file mime type rather than extension to check server side if image upload is a valid file
closes #705
- uses the file type passed by express/connect
- relies on the type being set correctly by the browser upload
- doesn't reread the file to check
2013-09-20 13:20:59 +01:00
Hannah Wolfe
477c4c59fa Merge pull request #843 from cgiffard/500-errors
500 Series Error Handling & Stack Traces
2013-09-18 22:52:52 -07:00
Hannah Wolfe
43fe50ca7b New Tag in fixture breaks Tag tests 2013-09-19 06:50:32 +01:00
Christopher Giffard
9c8b02949a 500 Series Error Handling & Stack Traces
Fixes #825

- Changes the way the error middleware is delivered in server.js, moving
  all the logic back into errorHandling.js
- Alters error logging to use console.error (probably more appropriate) instead
  of console.log
- Changes error tests to accomodate for these alterations
- Alters user-error and error hbs templates to incorporate stack traces
- Adds additional styling for error pages to accomodate stack traces
- Added logic to parse and deliver formatted stack traces

Notes:
======

- Jslint gets in the way of the regex I've got to use to parse the stack.
  (It cites 'security reasons' which are not relevant in this case.)
  I needed to add a condition to relax it at the top of errorHandling.js
- The stack trace should probably be added as a partial, but I figured it
  was out of scope for this PR.
2013-09-19 13:01:20 +10:00
Hannah Wolfe
c7a91ffff1 Removing FancyFirstChar plugin
- requires removal of most of the plugin tests
2013-09-18 19:49:10 +01:00
jamesbloomer
36f218abaf Remove temporary files when uploading images
closes #502
part of #705
- copy the files but then remove the temporary ones
- moving instead of copying was problematic due to moving across devices
- still need to convert code to using promises
2013-09-18 09:15:21 +01:00
cobbspur
713e4c0d5c Adds slashes to urls
ref issue #448

- adds slashes to urls, templates and tests

TODO

Add function to add slash to urls automatically
2013-09-17 02:39:55 +01:00
Hannah Wolfe
0021fb7a95 Save image uploads in the editor
closes #295

- Maintain a list of markers for CodeMirror which reference image codes
- Upload start triggers a selection
- Upload success replaces the selection
- No ref-style image markdown handling
- Showdown image URL handling improved at the expense of titles
- Tests updated
2013-09-16 18:08:49 +01:00
Jacob Gable
63eb9581ea Compile assets with grunt
- Made a helper called ghostScriptTags that will spit out the relevant
  script tags with version parameter; 4 unminified files in development,
  1 minified file in production.
- Added grunt concat and uglify tasks to build files into core/built
- Fixed some unit tests by making them native date objects
2013-09-15 14:06:42 -05:00
Hannah Wolfe
8d038b8bf2 One exporter to rule them all
closes #733

- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
2013-09-15 17:04:42 +01:00
Hannah Wolfe
71a92194ca Improved error messaging
closes #748

- Removed the alpha software warning
- Better error message output for the whole app - can now specify an error, a context, and a help message
- Improved invalid node version, start and stop messaging
- Listens for Ctrl+C and exits nicely
- Minor improvements to handling and errors with old DBs (temporary)
2013-09-15 13:52:58 +01:00
Hannah Wolfe
a144d677e6 Updating unit tests
- Commented out import/export tests until they are refactored
- Updating tests to ensure they create objects which conform to the new much stricter schema.
2013-09-15 00:22:16 +01:00
Hannah Wolfe
9fcc0a6ed6 Renamed currentVersion setting to databaseVersion to avoid confusion with software version 2013-09-14 22:13:59 +01:00
Hannah Wolfe
d968495996 Mass renaming of things
Conflicts:
	core/client/views/settings.js
	core/server/models/user.js
2013-09-14 21:56:07 +01:00
Hannah Wolfe
0b1ffcd1f5 Updating settings types
- issue #573, issue #632
2013-09-14 19:04:41 +01:00
Hannah Wolfe
3fab1f708a Merge pull request #728 from skattyadz/default-settings-validations
Conflicts:
	Gruntfile.js
	core/server.js
	core/server/data/default-settings.json
	core/test/unit/admin_spec.js
2013-09-14 14:37:52 +01:00
Adam Howard
3823d10c35 Restructure default-settings.json and add validations to important settings. 2013-09-14 14:29:27 +01:00
Hannah Wolfe
63d8cbb87c Unit tests require config file to be present.
Conflicts:
	Gruntfile.js
	core/test/unit/admin_spec.js
2013-09-14 14:07:05 +01:00
Sebastian Gierlinger
35a32279d9 Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-14 13:14:00 +01:00
ericterpstra
e2bc5257a6 Added post-settings menu with edit permalink field
closes #370
- Added new Backbone view for post settings menu
- Moved sass styles to global.scss for post settings menu items
- Added field to change post slug (permalink) using existing slug
  validation
2013-09-13 12:36:38 -05:00
Hannah Wolfe
e9d2646997 Refactoring tests to always run as expected
closes #721

- we now have grunt test-unit for safely running unit tests.
2013-09-13 15:12:38 +01:00
Adam Howard
f6b86a98ff Fix bug preventing tags from being saved when a Post is created.
Fixes #658
2013-09-13 14:30:22 +01:00
Hannah Wolfe
7d3eb512f6 Unit tests require config file to be present. 2013-09-13 08:24:28 +01:00
Sebastian Gierlinger
212521712d Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-12 15:25:58 +01:00
Hannah Wolfe
821106b5f0 Merge pull request #697 from jamesbloomer/619-image-upload-overwrites-existing-images-merge
Ensure image uploads do not overwrite if they have the same name
2013-09-11 06:51:55 -07:00
jamesbloomer
3e28803672 Ensure image uploads do not overwrite if they have the same name
closes #619
- check if uploaded image name exists in month/year path
- if unique then save
- if not unique then add -1 to the end of the name eg. image-1.jpg
- if image-1.jpg exists then increment to -2
- keep going until a unique name is found
- uses tail recursion as normal path will be to save the first filename and deep recursion will be the exception
- (the alternative of loading the names of all the files in the directory could result in a large in memory array)
2013-09-10 22:02:28 +01:00
William Dibbern
2329b34be7 Publish button fixes
Fixes #352

- Ensure publish button's default status is set in the `render`
function.
- Ensure publish button's popup arrow has animation reverted when a
status has been selected.
- Bumped up timeout in failing mocha test for exports-002.
2013-09-10 09:32:02 -05:00
Hannah Wolfe
773fe0f3d9 Further improvements to markdown implementation
closes 644

- replaced showdown's implementation of bold and emphasis with a version close to marked's
- reverted the underscore-in-word handling to only deal with 2 or more underscores & commented the test this causes to fail - this was causing problems with double underscores.
2013-09-09 22:55:32 +01:00
William Dibbern
9064914829 Added redirect to get rid of /page/1/
Fixes #592

- Added *permanent* redirect to ensure `/page/1/` isn't used and that
`/` is used instead.
- Added pageUrl helper (and unit tests) to generate client side url
fragment for blog pages conforming to the above standard.
- Updated pagination helper to use new `pageUrl` theme helper.
- Added functional tests for redirects and added scaffolding for
functional frontend tests in general.
2013-09-09 18:32:44 +01:00
Sebastian Gierlinger
1da0a15be2 Remove {{nav}} helper
closes #626
- removed nav from config.js
- removed navHelper
- removed navHelper tests
- removed core/server/filters
2013-09-09 13:00:56 +02:00
Jacob Gable
e56a0badb5 Fix FancyFirstChar nested tag content
Added some white space skipping and inner tag checking to the fancify
method.
2013-09-06 20:32:20 -05:00
Hannah Wolfe
630c03d4d4 Fixing issues with {{url}}
closes #639

Updated url helper to work
Updated tests
Changed helper.js in tests/unit to be called testUtil to avoid confusion
2013-09-06 18:23:22 +01:00
Hannah Wolfe
c469d05c46 Mail settings are per environment
closes #624

- example mail setting in development config
- updated mail module & tests
2013-09-04 16:15:21 +01:00