Ghost

mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-24 06:35:49 +03:00

Author	SHA1	Message	Date
Hannah Wolfe	491651da59	Merge pull request #2 from ErisDS/bookshelf-knex-update Updating to bookshelf 0.5.7 & knex 0.4.11	2013-10-17 10:49:28 -07:00
Tim Griesser	13639ad8d1	Updating to bookshelf 0.5.7 & knex 0.4.11	2013-10-17 18:23:36 +01:00
Hannah Wolfe	a230b5adcd	Merge pull request #1 from sebgie/security Security improvements	2013-10-17 07:53:21 -07:00
Sebastian Gierlinger	90176e1f40	Security improvements no issue - added CSRF protection - changed session handling to express.session - changed session handling to change session id - added config property useCookieSession - added file extension check for /ghost/upload - removed /ghost/debug/db/reset	2013-10-17 15:28:28 +02:00
Hannah Wolfe	b544ee7ed6	Revert "Updated to latest version of express-hbs" This reverts commit `d169bba3f8`. Conflicts: package.json	2013-10-11 20:14:58 +01:00
Hannah Wolfe	f30e356e7c	Revert "Updated to latest version of express" This reverts commit `c95d469eb3`. Conflicts: package.json	2013-10-11 20:13:44 +01:00
Hannah Wolfe	b4d5918fac	Version bump for 0.3.2 - added optional mysql dependency - removed .afignore - updates to .gitignore to ignore any additional themes or plugins	2013-10-11 18:21:14 +01:00
Hannah Wolfe	d47b19b491	Added grunt release task closes #941 Conflicts: Gruntfile.js	2013-10-11 18:19:03 +01:00
Hannah Wolfe	4c89422b0d	Added SECURITY.md file closes #989	2013-10-11 18:17:37 +01:00
Hannah Wolfe	e613d88167	Merge pull request #997 from cobbspur/uploadrefactor	2013-10-11 18:15:45 +01:00
cobbspur	c52a10cd1a	fixed image upload url synchronicity and url removed on cancel closes #988, closes #956, closes #975 - fixed multiple ids and refactored triggers - persistence requirement overridden - trash can now removes url in editor - if empty url is saved http:// is inserted and dropzone initialized Conflicts: core/client/assets/lib/uploader.js	2013-10-11 18:15:17 +01:00
Hannah Wolfe	0bb5e8702a	Merge pull request #980 from jamesbloomer/lockdown-assets-rebase	2013-10-11 18:06:11 +01:00
jamesbloomer	9d114c7fa6	Lock down theme static directory to not serve templates, markdown and text files. closes #942 - insert custom middleware to check for blacklisted files - redirect to express.static if file accepted - if not valid return next() to do nothing - currently black listing .hbs, .txt, .md and .json - debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting a theme serve unknown types	2013-10-11 18:05:31 +01:00
Hannah Wolfe	6db7e6d96e	Merge pull request #1000 from sebgie/issue#872	2013-10-11 13:19:12 +01:00
Sebastian Gierlinger	b040ea3365	Change from address closes #872 - changed from address to use config.mail.fromaddress - changed from address to default to settings.email	2013-10-11 12:49:33 +01:00
Hannah Wolfe	a37d487ffd	Merge pull request #992 from pmgarman/spacelys-sprockets-n-sockets	2013-10-10 16:19:42 +01:00
Hannah Wolfe	31e2737cfd	Update config validation to allow for socket only issue #887	2013-10-10 16:13:02 +01:00
Patrick Garman	97f592aa41	Allow Ghost to run using sockets Closes #887 - Adds getSocket function > Returns the socket location if sockets are enabled or false - Adds startGhost function > Callback for server.listen	2013-10-10 16:12:28 +01:00
Hannah Wolfe	54f8a04779	Merge pull request #996 from ErisDS/0.3.2-tagfixes Improving tag handling in post_class and body_class	2013-10-10 07:05:15 -07:00
Hannah Wolfe	7b28056849	Merge pull request #995 from ErisDS/xss XSS	2013-10-10 07:04:50 -07:00
Hannah Wolfe	f1317b84af	Improving tag handling in post_class and body_class closes #967, closes #987 - use slug instead of name (it's unique) - get tags even if we aren't inside the post context - add tag handling to body_class too	2013-10-09 19:51:55 +01:00
Hannah Wolfe	14ac437763	Updating to latest Casper - triple braces for post titles everywhere	2013-10-09 19:29:38 +01:00
Hannah Wolfe	95f9fce3be	Swapping escape to sanitze issue #938 - rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors - added listener for changes to both editor and settings page - added more sanitization to the user model - consistently use triple-braces when outputting blog post titles	2013-10-09 19:13:16 +01:00
Tim Griesser	c9235ccb0b	Escaping several fields to prevent XSS issue #938 - escapes post's title field - escapes settings title, description, email - escapes user's name field - includes test for post title	2013-10-09 19:13:13 +01:00
Hannah Wolfe	d169bba3f8	Updated to latest version of express-hbs issue #830	2013-10-07 16:42:25 +01:00
Hannah Wolfe	c95d469eb3	Updated to latest version of express closes #875	2013-10-07 14:31:57 +01:00
Hannah Wolfe	c0d5167f7d	Merge pull request #948 from javorszky/0.3.2-wip Fixes config.example.js	2013-10-05 12:16:32 -07:00
Gabor Javorszky	a37c7958b1	Fixes config.example.js Closes #945	2013-09-30 15:06:54 +01:00
Hannah Wolfe	6bd62538af	Merge branch '0.3.1-wip' Conflicts: core/server/controllers/admin.js	2013-09-27 17:22:55 +01:00
Hannah Wolfe	0169b78f35	Updating to Latest Casper, more gist fixes	2013-09-27 17:21:06 +01:00
Hannah Wolfe	d866f0f31a	Version bump for 0.3.1 bugfix release	2013-09-27 17:20:52 +01:00
Hannah Wolfe	a5bf8bf1e2	Removing reset button - noone needs this, and someone is bound to press it and then complain.	2013-09-27 17:20:41 +01:00
Hannah Wolfe	4d6455e6d1	Updating to latest Casper, includes fix for gists	2013-09-27 14:17:32 +01:00
Hannah Wolfe	e86958fdb7	Further fix to image markdown issue #866 again	2013-09-27 14:17:19 +01:00
Hannah Wolfe	d841e749f9	Adding extra class for url uploads	2013-09-27 13:34:39 +01:00
Hannah Wolfe	ee8d8102db	Merge pull request #923 from ErisDS/0.3.1-wip-mysql 0.3.1 wip mysql	2013-09-27 05:04:45 -07:00
Hannah Wolfe	9ae1dc26db	Merge pull request #914 from gotdibbs/Issue874	2013-09-27 13:03:42 +01:00
William Dibbern	ef8fed3159	Added comments to config for ports Fixes #874 - Added comments to clarify that you should set the port to `process.env.PORT` when running ghost under iisnode.	2013-09-27 12:57:33 +01:00
Hannah Wolfe	5c10f6608c	Unit Test fixes for MySQL issue #858 - there is no guaranteed order to arrays, so sort before testing them - tests run much faster, date comparisons fail - settings tests are more explicit, otherwise they fail random validations - dates must be inserted as date objects	2013-09-27 12:52:31 +01:00
Hannah Wolfe	11296c0064	Merge pull request #920 from ErisDS/0.3.1-wip-markdown 0.3.1 wip markdown	2013-09-27 04:30:23 -07:00
Hannah Wolfe	d544b4aebb	Custom destroy method for posts issue #858 - correctly handles detaching tags before deleting the post	2013-09-27 11:56:20 +01:00
Hannah Wolfe	e6b779330f	Correctly test for an empty Tag array issue #858 - fixes syntax errors in mysql	2013-09-27 11:55:02 +01:00
Hannah Wolfe	71711c1fd2	Drop tables in correct order issue #858 - unit tests now run for MySQL	2013-09-27 11:54:09 +01:00
Hannah Wolfe	50a16ceb76	Test Cleanup	2013-09-27 11:36:12 +01:00
Hannah Wolfe	e411ed6889	No autolinking inside of code blocks closes #865 - rejigged markdown to have some functionality before showdown runs, and other functionality before. - autolinking now happens last, so it can be smarter	2013-09-27 11:35:44 +01:00
Hannah Wolfe	8c6519fde7	Don't output image tag for empty source closes #866 - ensures we don't end up creating any more empty image tags.	2013-09-27 11:30:41 +01:00
John O'Nolan	9df4955bcb	Fix tiny alignment issue on Ghost logo	2013-09-27 11:23:24 +02:00
John O'Nolan	8ce4d4b7c5	Fixed fucked up modal padding	2013-09-27 11:21:23 +02:00
Hannah Wolfe	6369eb20be	Remove broken image from fixture issue #866 - this fixes the problem inside the fixture	2013-09-27 09:18:02 +01:00
Hannah Wolfe	681aa71bf5	Merge pull request #848 from jamesbloomer/705-image-Upload-file-storage-amends-type Use file mime type to check server side if image upload is a valid file	2013-09-26 15:18:04 -07:00

1 2 3 4 5 ...

1069 Commits