TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-26 04:13:30 +03:00
Code Issues Projects Releases Wiki Activity
1,222 Commits 253 Branches 1,686 Tags 400 MiB
3185078238
Commit Graph

305 Commits

Author SHA1 Message Date
Hannah Wolfe
3185078238 Merge pull request #1204 from Gotvitch/error-code 
Keep the status code generate by connect in case of error.
 2013-10-22 14:55:17 -07:00
Hannah Wolfe
2d1e28335c Merge pull request #1197 from halfdan/994-image-uploads 
Show proper error message when image upload fails
 2013-10-22 14:40:47 -07:00
andy matthews
8743766071 Add tooltip text to icons in admin section 
Closes #1178

* Add tooltip text to assorted icons within CMS
* Add tooltip for blog URL to Ghost logo
* Change 'Options' to 'Post Settings'

Change 'Options' to 'Post Settings'
 2013-10-22 22:31:02 +01:00
Fabian Becker
27e66f75f3 Show proper error message when image upload fails 
fixes #994
 2013-10-22 21:08:26 +00:00
Hannah Wolfe
b319e5b800 Merge pull request #1232 from thgaskell/master 
Undefined post data causing server to crash
 2013-10-22 13:35:03 -07:00
Hannah Wolfe
fc53bc8a15 Merge pull request #1152 from jgillich/status-code 
Set correct HTTP status code on error
 2013-10-22 13:05:22 -07:00
Hannah Wolfe
15a2eacaac Merge pull request #1141 from halfdan/246-helper-tests 
Improved test coverage of theme helpers.
 2013-10-22 12:45:07 -07:00
Hannah Wolfe
e2cf362395 Merge pull request #1117 from halfdan/featured-posts 
Add featured class when post is featured
 2013-10-22 12:38:33 -07:00
Hannah Wolfe
4480d3bd02 Merge pull request #1088 from jacobian/postgres-fix 
Fix #896 - work around errors in pagination under Postgresql.
 2013-10-22 07:08:15 -07:00
Tony Gaskell
2809e405d5 fixed bug where an undefined variable could be dereferenced 
which could cause the server to choke.
 2013-10-22 03:20:09 -10:00
Seb Gotvitch
596cd13ca5 Keep the status code generate by connect in case of error. 
The status code generate by connect/express in case of error was always
replace by 500 status.
 2013-10-21 01:53:26 -04:00
Pascal Borreli
14c420c8d1 Fixed typos 2013-10-20 20:33:51 +00:00
Hannah Wolfe
65dcb17117 Merge branch '0.3.3-wip' 
Conflicts:
	core/client/views/blog.js
	core/server/api.js
	core/server/views/default.hbs
	package.json
 2013-10-20 10:09:39 +01:00
Sebastian Gierlinger
2ee8f96829 Revert sessions to cookieSessions 
no issue
- modified sessions to use cookieSession
- set max-age to 12 hrs
- modified logout to delete cookie completely
 2013-10-18 13:24:01 +02:00
Hannah Wolfe
158d237122 Improved error handling 
fixes #845

- only returns an error page for get requests, otherwise returns a response
- no more admin menu when not logged in
- no more error message about theme error template
- logWarn is available
 2013-10-17 22:49:14 +01:00
Jakob Gillich
0f048eeb79 Set correct HTTP status code on error 
closes #1055
 2013-10-17 21:52:40 +02:00
Hannah Wolfe
e29a598fa5 CSRF for debug screen 2013-10-17 20:52:09 +01:00
Hannah Wolfe
2a6e77752f API JSON updates 2013-10-17 20:52:05 +01:00
Hannah Wolfe
d9c9ca0e33 Merge pull request #4 from sebgie/sec/3 
Sec/3
 2013-10-17 10:49:40 -07:00
Hannah Wolfe
491651da59 Merge pull request #2 from ErisDS/bookshelf-knex-update 
Updating to bookshelf 0.5.7 & knex 0.4.11
 2013-10-17 10:49:28 -07:00
Tim Griesser
13639ad8d1 Updating to bookshelf 0.5.7 & knex 0.4.11 2013-10-17 18:23:36 +01:00
Sebastian Gierlinger
374c41e138 Remove private data from API 
no issue
- added removal to user.browse, posts.read, posts.browse
- fixed removal for user.read
 2013-10-17 17:15:25 +02:00
Sebastian Gierlinger
90176e1f40 Security improvements 
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
 2013-10-17 15:28:28 +02:00
Hannah Wolfe
daa87e92c2 Merge pull request #1026 from jenius/master 
Remove unneeded info from /user api response
 2013-10-17 14:12:13 +01:00
Fabian Becker
dfa7793d44 Improved test coverage of theme helpers. 
refs #246
 2013-10-17 07:53:11 +00:00
Fabian Becker
f4ac715f97 Add featured class when post is featured 
fixes #1112
 2013-10-16 11:41:49 +00:00
Hannah Wolfe
3eae0a3939 Merge pull request #1103 from b1nd/merge 
Removed unused variables and updated commenting
 2013-10-16 03:31:57 -07:00
Hannah Wolfe
7419e05b3a Merge pull request #1092 from halfdan/uc-helper 
Added new helper to escape URIs called 'encode'
 2013-10-16 02:23:13 -07:00
Fabian Becker
788987d04a Added new helper to escape URIs called 'encode' 
fixes #1089
 2013-10-16 09:19:26 +00:00
b1nd
c61806c1c8 Removed unused variables and updated commenting 2013-10-16 11:32:44 +11:00
Hannah Wolfe
930309363d Merge pull request #1020 from padhg/omit-uri-scheme 
Allow omission of URI Scheme in config.js url
 2013-10-15 12:26:18 -07:00
Jacob Kaplan-Moss
2acb546028 Fix #896 - work around errors in pagination under Postgresql. 2013-10-15 11:09:08 -05:00
Jeff Escalante
44973ba255 remove unneeded info from user api response 2013-10-14 15:07:52 -04:00
Ryan Powell
dc1cf3b509 changes to support URI's without a scheme in config.js. 
also removed "http:" from google fonts link to prevent a mixed content warning.
 2013-10-14 10:42:08 -04:00
Hannah Wolfe
119b0ea430 Merge branch '0.3.2-wip' 
Conflicts:
	core/client/assets/lib/uploader.js
 2013-10-11 20:56:15 +01:00
Hannah Wolfe
b4e04b3650 Fix for image uploads 
- express 3.4.0 uses connect 2.9.0 which had a sizable change to how multipart woks
- this change resulting in req.files.uploadimage.type going away
 2013-10-11 20:26:09 +01:00
jamesbloomer
9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files. 
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
 2013-10-11 18:05:31 +01:00
Sebastian Gierlinger
b040ea3365 Change from address 
closes #872
- changed from address to use config.mail.fromaddress
- changed from address to default to settings.email
 2013-10-11 12:49:33 +01:00
Hannah Wolfe
9466a9753b Merge branch '0.3.2-wip' 
Conflicts:
	core/test/unit/api_posts_spec.js
 2013-10-10 16:37:35 +01:00
Hannah Wolfe
54f8a04779 Merge pull request #996 from ErisDS/0.3.2-tagfixes 
Improving tag handling in post_class and body_class
 2013-10-10 07:05:15 -07:00
Sebastian Gierlinger
6ff17c78a2 Fix filepaths for config and upload 
no issue
- added appRoot to config-loader.js
- modified uploader to use correct path
- modified tests
 2013-10-10 12:44:31 +02:00
Hannah Wolfe
f1317b84af Improving tag handling in post_class and body_class 
closes #967, closes #987

- use slug instead of name (it's unique)
- get tags even if we aren't inside the post context
- add tag handling to body_class too
 2013-10-09 19:51:55 +01:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze 
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
 2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b Escaping several fields to prevent XSS 
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
 2013-10-09 19:13:13 +01:00
Hannah Wolfe
59d69f273e Merge pull request #984 from matthojo/Loading-Bar 
Loading bar
 2013-10-09 09:32:13 -07:00
Hannah Wolfe
b5c5d531d1 Fix for unhandled promise on fresh db startup 
issue #977

- As of the addition of when/monitor/console we now get errors about unhandled promises
- This fixes one which appeared when starting up without a DB
 2013-10-09 16:58:50 +01:00
Matthew Harrison-Jones
fdf5e3d69e Revert "loading bar implementation" 
This reverts commit de6b8ee9b3 and 16742bcaef
 2013-10-08 14:12:46 +01:00
John O'Nolan
34762ce1be Move webfonts to // rather than http:// 
https://en.ghost.org/forum/bugs-suggestions/475-suggestion-remove-system-dependence-on-google-web-fonts
 2013-10-04 09:48:51 +02:00
Hannah Wolfe
ba0b6982a4 Trailing slashes for cache invalidation headers 
issue #963
 2013-10-02 16:14:35 +01:00
Sebastian Gierlinger
0220cf2448 Disable filestorage 
closes #937
- fixed bug where ![] is replaced with ![](http://) for image url
- added fileStorage setting to uploader
- added fileStorage helper (could become standard way of providing config data for frontend???)
- added data element to editor and settings
- if no config value is set fileStorage: true is default
 2013-10-02 11:39:34 +02:00