Commit Graph

592 Commits

Author SHA1 Message Date
Hannah Wolfe
bc29b14cde Merge pull request #1728 from mjbshaw/clean-admin-regex
Don't use unnecessary (and unescaped) regex
2013-12-22 07:46:31 -08:00
Michael Bradshaw
7ee3235a68 Don't use unnecessary (and unescaped) regex
closes #1731
2013-12-21 16:32:57 -07:00
Hannah Wolfe
a0424a733d Date helper fix, moment breaks with null values
fixes #1730
2013-12-21 21:43:38 +00:00
Hannah Wolfe
e9e99371a6 Merge pull request #1719 from ErisDS/fix-1718
Fix unhandled errors in mail.js
2013-12-21 12:51:35 -08:00
Hannah Wolfe
bdbeffb262 Merge pull request #1716 from ErisDS/post-order
API refactor / cleanup
2013-12-21 12:46:57 -08:00
Sebastian Gierlinger
17225d4928 Set cookie secure flag
closes #1680
- added secure flag for cookies if SSL is forced
2013-12-21 20:18:13 +00:00
Fabian Becker
c81c43a96a Complete subdir support.
fixes #527
- Fix image upload in backend
- Use config.paths().webroot where necessary
2013-12-21 19:43:58 +00:00
Hannah Wolfe
9ec7e4ea38 Merge pull request #1615 from gotdibbs/Issue1227
Switch from multipart to busboy
2013-12-21 10:25:05 -08:00
Hannah Wolfe
78737b35ff API refactor / cleanup
closes #1303

- removed where and orderBy from being passed from the API through to bookshelf, and ultimately knex
- ordering is now consistent across both front and backend, which fixes #1303
- validated / cleaned up all the API parameters
- added API tests for the status and staticPages parameters
2013-12-20 13:07:01 +00:00
Hannah Wolfe
3863f09c5c Fix unhandled errors in mail.js
fixes #1718

- check for existence of mail before using properties
- return the promise properly
2013-12-20 12:57:21 +00:00
Hannah Wolfe
c518e14bfb Merge pull request #1687 from sebgie/issue#1685
Fix 'dbHash' not found
2013-12-20 04:36:44 -08:00
John O'Nolan
fd2a2ad037 Update Ghost logo image fixture 2013-12-19 15:21:26 +00:00
Hannah Wolfe
9c96ec1990 Merge pull request #1677 from nickpfisterer/default-fixture-update
Update default fixture to give clearer direction
2013-12-19 07:07:46 -08:00
William Dibbern
bf7692b151 Switch from multipart to busboy
Fixes #1227

- Removed deprecated `multipart` references.
- Setup `busboy` to pass along file streams and do a naive parse of form
values.
- Updated logic in file storage and db import to handle file streams
instead of the temporary files created by `multipart`.
2013-12-17 17:24:30 -06:00
Sebastian Gierlinger
05ca5edeeb Remove fixed scheme from gravatar url
no issue
- removed scheme from gravatar url

Reason:
Gravatar supports ssl and the fixed scheme will cause ‚insecure
content‘ warnings.
2013-12-17 17:21:00 +01:00
Nick Pfisterer
f7e63eecaa Update default fixture to give better direction
closes #1561
- altered perspective of intro paragraph to reading from the blog
instead of from the content page
- added copy directing users to sign in to the admin area at /ghost/ and
edit the post before reading the 'Getting Started' section
- this should give the Markdown lessons better context and avoid users
getting confused as to what 'the left hand panel of Ghost' is
2013-12-16 18:18:35 -08:00
Sebastian Gierlinger
7ae543289d Fix 'dbHash' not found
closes #1685
- changed dbHash initialization from db direct access to api access
- added dbHash to default-settings.json
- added dbHash to tests
2013-12-16 11:16:06 +01:00
Hannah Wolfe
1c52e3a980 Merge pull request #1636 from hswolff/standardize-path-access
Standardize file path access throughout ghost
2013-12-15 06:42:34 -08:00
Hannah Wolfe
088dac6099 Merge pull request #1675 from sebgie/issue#1640
Improve Helpers
2013-12-15 03:41:03 -08:00
Hannah Wolfe
db362b30cd Bug fixes, undefined should not be a string 2013-12-15 11:36:01 +00:00
Patrick Garman
a914077145 Add Force SSL Configuration/Middleware
Solves #1300
- Adds forceAdminSSL bool config value
- Adds checkSSL middleware
- Adds redirectSSL helper function
2013-12-15 10:01:02 +00:00
Sebastian Gierlinger
05810b318c Improve Helpers
closes #1640
closes #1672
- changed to include config using require
- deleted has_tag helper
- deleted json helper
- removed fileStorage and ghostScriptTags helpers from frontend
- added fileStorage and url helper to admin
2013-12-14 17:28:54 +01:00
Hannah Wolfe
51b9f8972b Merge pull request #1662 from PaulAdamDavis/master
Fixed admin 404 page broken image refrence
2013-12-13 15:11:44 -08:00
Hannah Wolfe
409cc34c1d Merge pull request #1651 from hswolff/issue-1645
Update config.theme() after every settings edit
2013-12-13 15:05:18 -08:00
Harry Wolff
9090764052 Standardize file path access throughout ghost
resolves #1390

update all string based references to file paths
to use the ./core/server/config/paths file
so that it is the single source of truth
2013-12-12 21:27:07 -05:00
Hannah Wolfe
968176c7d7 Merge pull request #1606 from Gotvitch/issue1203
Bug fixes for partial views
2013-12-12 14:36:47 -08:00
Paul Adam Davis
c1b1b7ace9 Fixed admin 404 page broken image refrence 2013-12-12 21:21:58 +00:00
Seb Gotvitch
fef9b4be25 Bug fixes for partial views
closes #1203
- Update express-hbs module to the new version (0.5.2)
- Use two instance of hbs one for the theme and an other for the admin
- Template helpers are register as partial view
- Partial views of the theme are reload when the theme changed

Remove clear partial cache in handlebars

This code will be move in `express-hbs`.
This doesn't cause a problem to remove this line but it is not clean.

Remove unused hbs instance

Resolve conflict
2013-12-12 12:11:02 -05:00
Sebastian Gierlinger
acce957f7e Change message when unsupported node version is used
no issue
- changed ‚the latest‘ to ‚a supported‘

Reason: the user is asked to update to the **latest** version of
node.js when v0.11.* is installed but v0.10.* is required
2013-12-12 17:47:35 +01:00
Harry Wolff
058b82bba1 Update config.theme() after every settings edit
fixes #1645

- removes server.get('ghost root') as it is only an alias
to config.paths().path, and adds unnecessary indirection
- removes config.theme().path as its just an alias to
config.paths().path, updated all relevant references
- update config.theme.update to only require the api/settings object,
and no longer need the config object
- modify api/settings.edit to call config.theme.update so that
the themeObject is ready for next rendering of template
2013-12-12 08:25:08 -05:00
Harry Wolff
9bbf400dfc Fix loading of static pages in frontend controller
fixes #1644

- Fixes bug in controller/frontend
- Created functional test for posts API to test for this bug
- Created unit tests for frontend controller
- Fixed a global variable leak in core/test/utils/fixtures/data-generator
that was leaking the DataGenerator globally
- Resolved issue that arose from fixing above bug
2013-12-09 22:38:25 -05:00
Harry Wolff
c8c02a65fa Remove ghost.js
fixes #1575
- Moves most code that was in ghost.js into ./core/server/index.js
- Creates ./core/server/config/theme.js to hold all theme configurations 
(which previously lived on ghost.blogGlobals())
- Removed ghost.server, passing it in as an argument where needed 
and allowing middleware to hold onto a reference for lazy use.
2013-12-07 10:10:02 -05:00
Sebastian Gierlinger
078f464197 remove ghost.settings and ghost.notifications
covers 90% of #755
- moved ghost.settings to api.settings
- moved ghost.notifications to api.notifications
- split up api/index.js to notifications.js, posts.js, settings.js,
tags.js and users.js
- added instance.globals as temp workaround for blogglobals (Known
issue: blog title and blog description are updated after restart only)
- added webroot to config() to remove `var root = ...`
- changed `e` and `url` helper to async
- updated tests
2013-12-06 09:51:35 +01:00
Hannah Wolfe
696cfe7018 Swap url.resolve for slash handling 2013-12-04 21:20:24 +00:00
Hannah Wolfe
d2d9db3067 Add url.resolve for password reset email url
fixes #1604
2013-12-01 17:46:10 +00:00
Hannah Wolfe
d69e87b625 Merge pull request #1594 from halfdan/1591-excerpt-helper
Fix excerpt/content helpers
2013-11-30 10:16:26 -08:00
Hannah Wolfe
7c3031507d Merge pull request #1593 from ErisDS/app-proxy-update
Direct api access for app proxy
2013-11-30 10:15:20 -08:00
Hannah Wolfe
4765ca2cce Merge pull request #1589 from javorszky/iss499
Adds login limiter
2013-11-30 10:14:55 -08:00
Fabian Becker
5c1091af10 Fix excerpt/content helpers
fixes #1591
- Convert quoted strings to numbers
- Update code examples
- Update helper tests
2013-11-29 18:58:58 +00:00
Hannah Wolfe
ed6455f5a4 Direct api access for app proxy
- proxy doesn't need a ghost object :)
2013-11-29 16:26:56 +00:00
Gabor Javorszky
c515e20ea3 Adds login limiter
Closes #499
* On wrong passwords, statuses: `active` -> `warn-1` -> `warn-2` -> `warn-3` -> `locked`
* On login check, if user's status is `locked`, login automatically fails and user is encouraged to reset password. Does not even bother to check for passwords.
* login attempts tell user how many attempts she has remaining in notification box
* successful login will reset status to `active`
* resetting password with forgotten password emailed token resets status to `active`
* complete with a test suite
2013-11-29 01:24:25 +00:00
Jakob Gillich
30861fbab8 Permalinks live reloading support
issue #1395
2013-11-28 21:24:31 +01:00
Hannah Wolfe
dedc5d9239 Update activeTheme path on theme switch
fixes #1583

- the active theme path wasn't getting updated when we were switching theme
2013-11-28 16:10:34 +00:00
Harry Wolff
37b2fd93d8 This commit removes a lot of code from ghost.js, including:
Move helper functions registerThemeHelper and registerAsyncThemeHelper
to the helpers module.
Also update the app proxy object to reflect this new code location,
and the tests to reflect that as well

Create ./sore/server/filters which houses all filter related behavior.
Was previously on the ghost singleton.
Also create the filters_spec file for testing
and update all code and tests to use new code location.

Create ./sore/server/helpers/template which houses all template related behavior.
Was previously on the ghost singleton.
Also create the helpers_template_spec file for testing
and update all code and tests to use new code location.

Move ghost.mail instance onto the mail module directly
and update related code and tests to use new location

Move Polyglot instance onto require module directly

Move ghost.availablePlugins to plugins module directly
2013-11-28 09:21:53 -05:00
enahs
dddf2ec5b2 More verbose error message for invalid JSON in config.js
if you enter an invalid json object such as:
```
{
server: "http://foo.com"
host: "0.0.0.0"
}
```
while configuring, you get errors but are still able to run forever and the message previously was not as indicative of other potential configuration problems.
2013-11-28 13:58:28 +00:00
rektide
42dc8b4a8f Accept a config filename as an optional parameter to Ghost start-up.
Closes #1110.
- Promotes config-loader from a validator, to the central place where configuration state is held
- Allow config-loader two means to be told of config file to be used:
  - A preferred first argument passed into Ghost
  - A secondary GHOST_CONFIG environmental variable
- Failing to see either of the above passed in, config-loader will continue to use "config.js"
- Config-loader validates the target configuration (unchanged) & then copies that object into it's own exports
- Components needing to read configuration now require config-loader to retrieve the configuration state
- Config file continues to be loaded via require(): this is assumed to be a static json file
2013-11-28 13:47:00 +00:00
Hannah Wolfe
7b2bf5b98c Merge pull request #1577 from halfdan/527-subdir-admin
Fix Admin interface with sub directories
2013-11-28 05:14:23 -08:00
Hannah Wolfe
6bb92b4394 Swapping url.resolve back out 2013-11-28 13:03:05 +00:00
Hannah Wolfe
76f3730427 Bug fixes for paths / windows & tests
- removed path.join used for urls
- made sure async tests fail/timeout correctly
2013-11-28 11:21:49 +00:00
Harry Wolff
89154ad997 Restore support for using ghost as a npm module fixes #1326 2013-11-27 17:39:14 +00:00
Micheil Smith
3167a9b52c Fix several redirects in frontend and admin
refs #527
2013-11-27 09:57:44 +00:00
Fabian Becker
dcd3b192c1 Subdir support for admin interface
refs #527
2013-11-27 09:57:38 +00:00
Tim Griesser
726014f59a bumping to knex 0.5 and bookshelf 0.6.1 2013-11-26 23:10:31 +00:00
Fabian Becker
0169f47752 Fix failing migration.reset for Postgres.
refs #1333
2013-11-26 23:10:31 +00:00
Sebastian Gierlinger
e95b592028 Remove cookie from Frontend
closes #1437
closes #1472

- changed cookie to path:'/ghost'
- added conditional CSRF middleware
- added redirects for signup, signin, signout to /ghost/sign*/
2013-11-26 10:38:54 +01:00
Hannah Wolfe
330722efdc Merge pull request #1535 from hswolff/create-config-module
Create config module to standardise getting paths and abs URLs
2013-11-25 14:03:29 -08:00
Hannah Wolfe
b7a8ea5945 Merge pull request #1565 from ErisDS/redirect-fixes
Putting back relative redirects
2013-11-25 13:57:07 -08:00
Harry Wolff
b920662790 Create the config module, initially used
to standardise getting paths and absolute URLs.  Easy
to extend for other configurations we may need.
2013-11-25 16:35:16 -05:00
Hannah Wolfe
5ad2d6178b Putting back relative redirects
issue #1523

- also added some comments to indicate the difference between the two custom middleware files.
2013-11-25 21:00:27 +00:00
ali
7946431b8d Issue #1556 - Fix meta_title is undefined
Closes #1556 and #1530

This should also fix meta_description in #1530 as well as the other bug that is not
filed for body_class
2013-11-25 13:47:56 +00:00
Fabian Becker
e210e75e97 Install in sub-directory support.
refs #527
2013-11-24 21:11:34 +00:00
Hannah Wolfe
53af625c49 Merge pull request #1247 from sebgie/bookshelf-session
Replace cookieSession with session
2013-11-24 10:43:26 -08:00
Sebastian Gierlinger
3f2258e95b Replace cookieSession with session
- changed cookieSession to session
- added session.regenerate for login and logout
- added bookshelf session store
- added session table to database
- added import for databaseVersion 001
- added grunt task test-api
- cleanup of gruntfile to start express when needed only
- moved api tests to functional tests
2013-11-24 15:29:36 +01:00
Hannah Wolfe
80eb56edd2 Merge pull request #1539 from niedbalski/master
[Feature Request] Theme API: add has_tag helper to coreHelpers.
2013-11-24 06:19:18 -08:00
danschumann
4eaf544ad7 Update base.js
No longer need `|| 'development'`, since it is defaulted in the top index.   If we did need `|| 'development'` here, we'd need it on the next line too, otherwise it breaks.
2013-11-23 22:29:08 -08:00
Hannah Wolfe
7db5481f92 Merge pull request #1533 from jgillich/permalinks
Add Customisable Permalinks
2013-11-23 14:29:02 -08:00
Hannah Wolfe
2701f3e664 Merge pull request #1534 from jgable/passwordReset
Improved Password Reset Tool
2013-11-23 08:44:08 -08:00
Jakob Gillich
83d047c0ba Add Customisable Permalinks 2013-11-23 17:02:17 +01:00
Hannah Wolfe
7a1503cf52 Merge pull request #1415 from sebgie/import-transaction
Add transactions for import
2013-11-22 14:14:34 -08:00
Jacob Gable
34e453039b Improved Password Reset Tool
Closes #1471

- add api and User model methods for generating and validating tokens
- add routes and handlers for reset password pages
- add client styles and views for reset password form
- some basic integration tests for User model methods
2013-11-22 10:46:19 -06:00
Jorge Niedbalski
3782e26516 Added has_tag helper to coreHelpers, added has_tag unit tests. passing OK 2013-11-22 11:19:26 -03:00
Hannah Wolfe
216dd75b2c Merge pull request #1524 from jgillich/rss
Set RSS link title to blog title
2013-11-22 02:34:33 -08:00
Hannah Wolfe
cdf268e1d5 Merge pull request #1444 from hswolff/ghostjs-cleanup
Reduce size of server.js, moving code to their related files
2013-11-22 02:26:16 -08:00
Hannah Wolfe
c6f31ec8fd Merge pull request #1482 from jgable/appProxy
Pass proxy Ghost interface to Apps
2013-11-21 14:45:30 -08:00
Sebastian Gierlinger
77ed7f8ac6 Add transactions for import
closes #837
- added transaction handling for import
- added transactions to model functions
- added simple tests for failing imports
2013-11-20 21:36:02 +01:00
Jakob Gillich
0c02161db7 Set RSS link title to blog title 2013-11-20 17:42:37 +01:00
Harry Wolff
985a23f446 Move server middleware configuration to related file 2013-11-19 21:05:57 -05:00
Harry Wolff
ea8d12a607 Reduce size of ghost.js by moving related Routing code to their own files 2013-11-19 21:05:09 -05:00
Hannah Wolfe
1c5a811760 Merge pull request #1449 from sebgie/issue#1398
Add schema.js
2013-11-19 11:45:53 -08:00
Hannah Wolfe
ae233f01d8 Merge pull request #1505 from halfdan/1498-lower-email
Lowercase email address.
2013-11-19 03:10:41 -08:00
Hannah Wolfe
315ca052a9 Merge pull request #1489 from sebgie/issue#1466
Fix wrong error message
2013-11-19 03:00:04 -08:00
Sebastian Gierlinger
639c0d0627 Add schema.js
closes #1398
closes #1399
closes #1400
- added schema.js with database version '000'
- refactored migration to use schema.js
- if new table is added to schema.js and databaseVersion is increased, table will be added
- if new table is deleted to schema.js and databaseVersion is increased, table will be deleted
- alter table from issue #1400 is delayed until knex supports column modification
- changed import pre checks to work again (will be refactored separately)
- added basic PostgreSQL support (Attention: not supported/tested)
- changed error handling in server.js
2013-11-18 15:21:15 +01:00
Fabian Becker
89201a5c84 Lowercase email address.
fixes #1498
2013-11-18 00:34:51 +00:00
Hannah Wolfe
8e9b27f0b5 Remove inline script from default.hbs
closes #1268
2013-11-16 18:47:55 +00:00
Sebastian Gierlinger
fd60a12469 Fix wrong error message
closes #1466
- added status code for error object
- added test for frontend errors
2013-11-15 15:27:06 +01:00
Jacob Gable
ef9f5dc33f Pass proxy Ghost interface to Apps
Closes #1478

- Create new proxy.js that exposes createProxy method
- Pass proxy to App activate/install in lieu of Ghost instance
2013-11-14 20:36:27 -06:00
Hannah Wolfe
9d55e68689 Merge pull request #1458 from mjbshaw/svg
Add support for SVG images
2013-11-14 12:53:26 -08:00
Harry Wolff
688dd363cd Move plugin init code into plugin.js and have it called from server.js 2013-11-12 22:52:31 -05:00
Michael Bradshaw
0d4283176e Add support for SVG images 2013-11-12 11:37:54 -07:00
Hannah Wolfe
3235a3a3e2 Merge pull request #1442 from Decad/user-gravatar
Add users Gravatar on signup
2013-11-12 03:53:49 -08:00
Hannah Wolfe
b8a98660fb Merge pull request #1440 from JohnONolan/post-settings
Post settings refactor
2013-11-12 03:50:56 -08:00
John O'Nolan
4ee1b9849b Complete post-settings menu refactor 2013-11-12 09:19:02 +01:00
Declan cook
cbe8c15dc8 Add users Gravatar on signup
When a user registers try to find their gravatar.
2013-11-11 23:45:47 +00:00
Hannah Wolfe
15da975c06 image upload controller refactor
issue #635

- upload controller shouldn't assume fs
- filesystem module proxies all the fs work
- proxies and exposes middleware for serving images
- creating a date based path and unique filename is a base object util
- unit tests updated
2013-11-11 16:10:57 +00:00
Harry Wolff
901d189bf0 Move middleware functions into middleware module and create associated tests
Note: this only moves middleware functions that have associated tests.
2013-11-07 23:05:51 -05:00
Hannah Wolfe
ae236068dd Merge pull request #1412 from egdelwonk/feature/1329_page_template
Render a page template if it exists in a theme for a post marked as page
2013-11-06 12:31:14 -08:00
William Golden
766ce1ac51 Render a page template if it exists in a theme for a post marked as page.
Closes #1329.
2013-11-05 21:43:13 -06:00
Fabian Becker
88d7682605 Automatically replace unicode characters with ascii characters for slugs.
fixes #1285
2013-11-05 21:00:29 +00:00
Sebastian Gierlinger
8574813660 Bugfixes for tests 2013-11-05 15:02:12 +00:00
Sebastian Gierlinger
bb17e1c0e9 Add API tests
closes #1189
- added tests
- added request module
- added status codes to API calls
- fixed return values of API calls
- fixed that drafts caused an error when being deleted
- fixed X-Invalidate-Cache headers
- moved testUtils.js to utils/index.js
2013-11-03 18:13:19 +01:00
Hannah Wolfe
dee054e2c3 Merge pull request #1388 from germanrcuriel/add-canonical-support
Add rel='canonical' support
2013-11-03 06:50:35 -08:00
germanrcuriel
97bd8c40ea Add rel='canonical' support
closes #1341
- Added canonical link to header using ghost_head helper.
2013-11-03 14:37:33 +01:00
Fabian Becker
48d3b10649 Fix image upload issue.
fixes #1377
2013-11-02 11:16:00 +00:00
Hannah Wolfe
6b29d4392a Merge pull request #1375 from jamesbloomer/image-refactor2
Tidy up the local file storage for images
2013-11-01 08:48:12 -07:00
jamesbloomer
f42e977fa7 Tidy up the local file storage for images 2013-11-01 13:08:27 +00:00
Hannah Wolfe
0db907ada2 Bump grunt-jslint and fix issues 2013-11-01 12:12:01 +00:00
Ben Gladwell
69d3a1460d Remove unparam:true from jslint config in Gruntfile.js
issue #1365
- added /*jslint unparam:true*/ to functions where absolutely necessary
- added /*jslint unparam:true*/ to functions in which keeping parameter
  list added clarity to the underlying api, even when those parameters
  are not currently used
- removed unused parameters in a few places
2013-10-31 14:02:34 -04:00
jamesbloomer
ec79069a1c Convert local file system image storage to use promises
Part of #635
2013-10-31 08:25:25 +00:00
jamesbloomer
6e44280b96 Moving file system storage to a module
issue #635

- refactored file system storage into module
- convert save to return a promise
- convert admin controller to use storage module
2013-10-31 08:25:24 +00:00
Jacob Gable
507174a00b Plugin API Refactor: Filter and Theme Helpers
issue #769

- Refactor doFilter to allow returning a promise from a filter handler
  and to also return a promise itself
- Move the logic out of the registerThemeHelper calls and into their own methods so
  we could test them in isolation.
- Assign the server to the ghost instance so the initPlugins method can
  get access to it.
2013-10-29 11:27:52 +00:00
Hannah Wolfe
ddece0464b Merge pull request #1301 from ErisDS/js-build-warn
Adding a warning message if js is not built
2013-10-28 15:24:19 -07:00
Hannah Wolfe
68f78c9cc4 Merge pull request #1315 from cobbspur/suffix
added suffix to tag helper
2013-10-28 15:24:11 -07:00
Fabian Becker
798e5b1a4e Allow user to mark a post as static page
- Increased post-settings width to properly display "Static Page"
- Changed templates to display "Static Page" if set
- Added unit test for body_class helper

fixes #969
2013-10-28 22:01:03 +00:00
cobbspur
d605100709 added suffix to tag helper
closes #607

- added suffix as optional parameter to tag helper
2013-10-28 21:38:36 +00:00
Hannah Wolfe
6869c01a28 Adding a warning message if js is not built
closes #1205
2013-10-27 15:16:34 +00:00
Hannah Wolfe
5c33a707e9 Merge pull request #1164 from halfdan/1162-unpublished-posts
Unpublished Post should not be accessible
2013-10-25 13:18:39 -07:00
Hannah Wolfe
dfced52abc Merge pull request #1281 from halfdan/regression
Fixes regression introduced in #1218.
2013-10-25 13:13:38 -07:00
Fabian Becker
134f9a2b10 Fixes regression introduced in #1218. 2013-10-25 19:31:53 +00:00
Simone D'Amico
c4bf0123c8 Added quotes to changepw admin controller 2013-10-25 20:11:33 +02:00
Fabian Becker
0997eae716 Remove .txt from blacklist.
fixes #1263
2013-10-25 00:15:39 +00:00
Fabian Becker
aa5c0cc620 Unpublished Post should not be accessible
fixes #1162
2013-10-24 21:29:10 +00:00
Hannah Wolfe
ca6bc7525d Merge pull request #1238 from jgable/exposeKnex
Store the Bookshelf instance on the Bookshelf module
2013-10-24 08:18:29 -07:00
Hannah Wolfe
5b8048506e Merge pull request #1251 from sebgie/api-refactor-move
Move /api to /ghost/api
2013-10-24 07:52:49 -07:00
Hannah Wolfe
a190a209c0 Merge pull request #1252 from halfdan/531-lines-to-spaces
Replace new-lines with spaces in excerpt helper.
2013-10-24 07:30:49 -07:00
Sebastian Gierlinger
6505986f6b Move /api to /ghost/api
closes #1249
- changed routes
- changed apiRoots
2013-10-24 14:50:17 +02:00
Fabian Becker
16f72ba865 Replace new-lines with spaces in excerpt helper.
fixes #531
2013-10-23 20:28:36 +00:00
Fabian Becker
fc019fe675 Fixed style of modal in preview.
fixes #1179
2013-10-23 21:13:29 +01:00
Hannah Wolfe
5ba8959e83 Merge pull request #986 from sebgie/issue#952 2013-10-23 19:43:12 +01:00
Sebastian Gierlinger
c558cb7648 Add validation for importer
closes #952
- moved api.js to api/index.js
- added api/db.js for import and export functions
- moved /ghost/debug/db/export to GET /api/v0.1/db
- moved /ghost/debug/db/import to POST /api/v0.1/db
- removed /ghost/debug/db/reset
- added validation for import
- added constraints object to migration
2013-10-23 19:42:55 +01:00
Hannah Wolfe
6356ff9e94 Merge pull request #1248 from halfdan/bcryptjs
Replace nodejs-bcrypt with bcryptjs
2013-10-23 11:41:03 -07:00
Fabian Becker
1af17725fc Replace nodejs-bcrypt with bcryptjs
* https://github.com/shaneGirish/bcrypt-nodejs
* https://github.com/dcodeIO/bcrypt.js
2013-10-23 15:43:45 +00:00
Hannah Wolfe
80bbcf7205 Merge pull request #1239 from cobbspur/tagsprefix
adds prefix option to tag helper
2013-10-23 08:11:22 -07:00
Hannah Wolfe
40ba763f0f Merge pull request #1218 from halfdan/1212-themable-error-pages
Allow themes to provide custom error template.
2013-10-23 08:00:56 -07:00
b1nd
8f74eb0b83 Added server validation for location field 2013-10-22 23:00:12 +01:00
cobbspur
b85e5b6196 adds prefix option to tag helper
closes #607

 - added prefix attributetor tags helper
 - will add prefix only if tags are present
 - adds unit tests for prefix
2013-10-22 22:57:31 +01:00
Hannah Wolfe
3185078238 Merge pull request #1204 from Gotvitch/error-code
Keep the status code generate by connect in case of error.
2013-10-22 14:55:17 -07:00
Hannah Wolfe
2d1e28335c Merge pull request #1197 from halfdan/994-image-uploads
Show proper error message when image upload fails
2013-10-22 14:40:47 -07:00
andy matthews
8743766071 Add tooltip text to icons in admin section
Closes #1178

* Add tooltip text to assorted icons within CMS
* Add tooltip for blog URL to Ghost logo
* Change 'Options' to 'Post Settings'

Change 'Options' to 'Post Settings'
2013-10-22 22:31:02 +01:00
Fabian Becker
27e66f75f3 Show proper error message when image upload fails
fixes #994
2013-10-22 21:08:26 +00:00
Hannah Wolfe
b319e5b800 Merge pull request #1232 from thgaskell/master
Undefined post data causing server to crash
2013-10-22 13:35:03 -07:00
Jacob Gable
34343e893d Store the Bookshelf instance on the Bookshelf module
- Assigns the ghostBookshelf instance to the Bookshelf.ghost property
2013-10-22 15:32:46 -05:00
Hannah Wolfe
fc53bc8a15 Merge pull request #1152 from jgillich/status-code
Set correct HTTP status code on error
2013-10-22 13:05:22 -07:00
Hannah Wolfe
15a2eacaac Merge pull request #1141 from halfdan/246-helper-tests
Improved test coverage of theme helpers.
2013-10-22 12:45:07 -07:00
Hannah Wolfe
e2cf362395 Merge pull request #1117 from halfdan/featured-posts
Add featured class when post is featured
2013-10-22 12:38:33 -07:00
Hannah Wolfe
4480d3bd02 Merge pull request #1088 from jacobian/postgres-fix
Fix #896 - work around errors in pagination under Postgresql.
2013-10-22 07:08:15 -07:00
Tony Gaskell
2809e405d5 fixed bug where an undefined variable could be dereferenced
which could cause the server to choke.
2013-10-22 03:20:09 -10:00
Fabian Becker
57bd929d2c Allow themes to provide custom error template.
fixes #1212, #1213
2013-10-21 19:12:22 +00:00
Seb Gotvitch
596cd13ca5 Keep the status code generate by connect in case of error.
The status code generate by connect/express in case of error was always
replace by 500 status.
2013-10-21 01:53:26 -04:00
Pascal Borreli
14c420c8d1 Fixed typos 2013-10-20 20:33:51 +00:00
Hannah Wolfe
65dcb17117 Merge branch '0.3.3-wip'
Conflicts:
	core/client/views/blog.js
	core/server/api.js
	core/server/views/default.hbs
	package.json
2013-10-20 10:09:39 +01:00
Sebastian Gierlinger
2ee8f96829 Revert sessions to cookieSessions
no issue
- modified sessions to use cookieSession
- set max-age to 12 hrs
- modified logout to delete cookie completely
2013-10-18 13:24:01 +02:00
Hannah Wolfe
158d237122 Improved error handling
fixes #845

- only returns an error page for get requests, otherwise returns a response
- no more admin menu when not logged in
- no more error message about theme error template
- logWarn is available
2013-10-17 22:49:14 +01:00
Jakob Gillich
0f048eeb79 Set correct HTTP status code on error
closes #1055
2013-10-17 21:52:40 +02:00
Hannah Wolfe
e29a598fa5 CSRF for debug screen 2013-10-17 20:52:09 +01:00
Hannah Wolfe
2a6e77752f API JSON updates 2013-10-17 20:52:05 +01:00
Hannah Wolfe
d9c9ca0e33 Merge pull request #4 from sebgie/sec/3
Sec/3
2013-10-17 10:49:40 -07:00
Hannah Wolfe
491651da59 Merge pull request #2 from ErisDS/bookshelf-knex-update
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-10-17 10:49:28 -07:00
Tim Griesser
13639ad8d1 Updating to bookshelf 0.5.7 & knex 0.4.11 2013-10-17 18:23:36 +01:00
Sebastian Gierlinger
374c41e138 Remove private data from API
no issue
- added removal to user.browse, posts.read, posts.browse
- fixed removal for user.read
2013-10-17 17:15:25 +02:00
Sebastian Gierlinger
90176e1f40 Security improvements
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
2013-10-17 15:28:28 +02:00
Hannah Wolfe
daa87e92c2 Merge pull request #1026 from jenius/master
Remove unneeded info from /user api response
2013-10-17 14:12:13 +01:00
Fabian Becker
dfa7793d44 Improved test coverage of theme helpers.
refs #246
2013-10-17 07:53:11 +00:00
Fabian Becker
f4ac715f97 Add featured class when post is featured
fixes #1112
2013-10-16 11:41:49 +00:00
Hannah Wolfe
3eae0a3939 Merge pull request #1103 from b1nd/merge
Removed unused variables and updated commenting
2013-10-16 03:31:57 -07:00
Hannah Wolfe
7419e05b3a Merge pull request #1092 from halfdan/uc-helper
Added new helper to escape URIs called 'encode'
2013-10-16 02:23:13 -07:00
Fabian Becker
788987d04a Added new helper to escape URIs called 'encode'
fixes #1089
2013-10-16 09:19:26 +00:00
b1nd
c61806c1c8 Removed unused variables and updated commenting 2013-10-16 11:32:44 +11:00
Hannah Wolfe
930309363d Merge pull request #1020 from padhg/omit-uri-scheme
Allow omission of URI Scheme in config.js url
2013-10-15 12:26:18 -07:00
Jacob Kaplan-Moss
2acb546028 Fix #896 - work around errors in pagination under Postgresql. 2013-10-15 11:09:08 -05:00
Jeff Escalante
44973ba255 remove unneeded info from user api response 2013-10-14 15:07:52 -04:00
Ryan Powell
dc1cf3b509 changes to support URI's without a scheme in config.js.
also removed "http:" from google fonts link to prevent a mixed content warning.
2013-10-14 10:42:08 -04:00
Hannah Wolfe
119b0ea430 Merge branch '0.3.2-wip'
Conflicts:
	core/client/assets/lib/uploader.js
2013-10-11 20:56:15 +01:00
Hannah Wolfe
b4e04b3650 Fix for image uploads
- express 3.4.0 uses connect 2.9.0 which had a sizable change to how multipart woks
- this change resulting in req.files.uploadimage.type going away
2013-10-11 20:26:09 +01:00
jamesbloomer
9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files.
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
2013-10-11 18:05:31 +01:00
Sebastian Gierlinger
b040ea3365 Change from address
closes #872
- changed from address to use config.mail.fromaddress
- changed from address to default to settings.email
2013-10-11 12:49:33 +01:00
Hannah Wolfe
9466a9753b Merge branch '0.3.2-wip'
Conflicts:
	core/test/unit/api_posts_spec.js
2013-10-10 16:37:35 +01:00
Hannah Wolfe
54f8a04779 Merge pull request #996 from ErisDS/0.3.2-tagfixes
Improving tag handling in post_class and body_class
2013-10-10 07:05:15 -07:00
Sebastian Gierlinger
6ff17c78a2 Fix filepaths for config and upload
no issue
- added appRoot to config-loader.js
- modified uploader to use correct path
- modified tests
2013-10-10 12:44:31 +02:00
Hannah Wolfe
f1317b84af Improving tag handling in post_class and body_class
closes #967, closes #987

- use slug instead of name (it's unique)
- get tags even if we aren't inside the post context
- add tag handling to body_class too
2013-10-09 19:51:55 +01:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b Escaping several fields to prevent XSS
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
2013-10-09 19:13:13 +01:00
Hannah Wolfe
59d69f273e Merge pull request #984 from matthojo/Loading-Bar
Loading bar
2013-10-09 09:32:13 -07:00
Hannah Wolfe
b5c5d531d1 Fix for unhandled promise on fresh db startup
issue #977

- As of the addition of when/monitor/console we now get errors about unhandled promises
- This fixes one which appeared when starting up without a DB
2013-10-09 16:58:50 +01:00
Matthew Harrison-Jones
fdf5e3d69e Revert "loading bar implementation"
This reverts commit de6b8ee9b3 and 16742bcaef
2013-10-08 14:12:46 +01:00
John O'Nolan
34762ce1be Move webfonts to // rather than http://
https://en.ghost.org/forum/bugs-suggestions/475-suggestion-remove-system-dependence-on-google-web-fonts
2013-10-04 09:48:51 +02:00
Hannah Wolfe
ba0b6982a4 Trailing slashes for cache invalidation headers
issue #963
2013-10-02 16:14:35 +01:00
Sebastian Gierlinger
0220cf2448 Disable filestorage
closes #937
- fixed bug where ![] is replaced with ![](http://) for image url
- added fileStorage setting to uploader
- added fileStorage helper (could become standard way of providing config data for frontend???)
- added data element to editor and settings
- if no config value is set fileStorage: true is default
2013-10-02 11:39:34 +02:00
John O'Nolan
16742bcaef Initial loading bar implementation
See #726

Becomes visible when <body> has a class of `js-loading`
2013-09-30 11:17:06 +02:00
Hannah Wolfe
17a0bd37b0 Merge pull request #930 from javorszky/iss840
Adds error message to blog import on empty / bad file
2013-09-29 11:10:08 -07:00
Gabor Javorszky
f709dcb798 Adds error message to blog import on empty / bad file
Closes #840
* Checks file to be size > 0
* Checks file to be .json
* Fails if either of them are not good
2013-09-28 15:42:42 +01:00
John O'Nolan
ba0ae3b4d8 Set sensible admin meta title 2013-09-28 16:21:59 +02:00
John O'Nolan
137a8dfc58 Adding support for Apple, Android, and Microsoft app icons 2013-09-28 15:54:12 +02:00
John O'Nolan
82f048c8fd Tidied up indentation/properties for default admin template 2013-09-28 15:00:17 +02:00
Hannah Wolfe
6bd62538af Merge branch '0.3.1-wip'
Conflicts:
	core/server/controllers/admin.js
2013-09-27 17:22:55 +01:00
Hannah Wolfe
a5bf8bf1e2 Removing reset button
- noone needs this, and someone is bound to press it and then complain.
2013-09-27 17:20:41 +01:00
Hannah Wolfe
ee8d8102db Merge pull request #923 from ErisDS/0.3.1-wip-mysql
0.3.1 wip mysql
2013-09-27 05:04:45 -07:00
Hannah Wolfe
d544b4aebb Custom destroy method for posts
issue #858

- correctly handles detaching tags before deleting the post
2013-09-27 11:56:20 +01:00
Hannah Wolfe
e6b779330f Correctly test for an empty Tag array
issue #858

- fixes syntax errors in mysql
2013-09-27 11:55:02 +01:00
Hannah Wolfe
71711c1fd2 Drop tables in correct order
issue #858

- unit tests now run for MySQL
2013-09-27 11:54:09 +01:00
Hannah Wolfe
6369eb20be Remove broken image from fixture
issue #866

- this fixes the problem inside the fixture
2013-09-27 09:18:02 +01:00