TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-24 06:35:49 +03:00
Code Issues Projects Releases Wiki Activity
1,069 Commits 227 Branches 1,677 Tags 368 MiB
491651da59
Commit Graph

783 Commits

Author SHA1 Message Date
Hannah Wolfe
491651da59 Merge pull request #2 from ErisDS/bookshelf-knex-update 
Updating to bookshelf 0.5.7 & knex 0.4.11
 2013-10-17 10:49:28 -07:00
Tim Griesser
13639ad8d1 Updating to bookshelf 0.5.7 & knex 0.4.11 2013-10-17 18:23:36 +01:00
Sebastian Gierlinger
90176e1f40 Security improvements 
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
 2013-10-17 15:28:28 +02:00
cobbspur
c52a10cd1a fixed image upload url synchronicity and url removed on cancel 
closes #988, closes #956, closes #975

- fixed multiple ids and refactored triggers
- persistence requirement overridden
- trash can now removes url in editor
- if empty url is saved http:// is inserted and dropzone initialized

Conflicts:
	core/client/assets/lib/uploader.js
 2013-10-11 18:15:17 +01:00
jamesbloomer
9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files. 
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
 2013-10-11 18:05:31 +01:00
Sebastian Gierlinger
b040ea3365 Change from address 
closes #872
- changed from address to use config.mail.fromaddress
- changed from address to default to settings.email
 2013-10-11 12:49:33 +01:00
Hannah Wolfe
31e2737cfd Update config validation to allow for socket only 
issue #887
 2013-10-10 16:13:02 +01:00
Patrick Garman
97f592aa41 Allow Ghost to run using sockets 
Closes #887
- Adds getSocket function > Returns the socket location if sockets are enabled or false
- Adds startGhost function > Callback for server.listen
 2013-10-10 16:12:28 +01:00
Hannah Wolfe
54f8a04779 Merge pull request #996 from ErisDS/0.3.2-tagfixes 
Improving tag handling in post_class and body_class
 2013-10-10 07:05:15 -07:00
Hannah Wolfe
f1317b84af Improving tag handling in post_class and body_class 
closes #967, closes #987

- use slug instead of name (it's unique)
- get tags even if we aren't inside the post context
- add tag handling to body_class too
 2013-10-09 19:51:55 +01:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze 
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
 2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b Escaping several fields to prevent XSS 
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
 2013-10-09 19:13:13 +01:00
Hannah Wolfe
6bd62538af Merge branch '0.3.1-wip' 
Conflicts:
	core/server/controllers/admin.js
 2013-09-27 17:22:55 +01:00
Hannah Wolfe
a5bf8bf1e2 Removing reset button 
- noone needs this, and someone is bound to press it and then complain.
 2013-09-27 17:20:41 +01:00
Hannah Wolfe
e86958fdb7 Further fix to image markdown 
issue #866 again
 2013-09-27 14:17:19 +01:00
Hannah Wolfe
d841e749f9 Adding extra class for url uploads 2013-09-27 13:34:39 +01:00
Hannah Wolfe
ee8d8102db Merge pull request #923 from ErisDS/0.3.1-wip-mysql 
0.3.1 wip mysql
 2013-09-27 05:04:45 -07:00
Hannah Wolfe
5c10f6608c Unit Test fixes for MySQL 
issue #858

- there is no guaranteed order to arrays, so sort before testing them
- tests run much faster, date comparisons fail
- settings tests are more explicit, otherwise they fail random validations
- dates must be inserted as date objects
 2013-09-27 12:52:31 +01:00
Hannah Wolfe
d544b4aebb Custom destroy method for posts 
issue #858

- correctly handles detaching tags before deleting the post
 2013-09-27 11:56:20 +01:00
Hannah Wolfe
e6b779330f Correctly test for an empty Tag array 
issue #858

- fixes syntax errors in mysql
 2013-09-27 11:55:02 +01:00
Hannah Wolfe
71711c1fd2 Drop tables in correct order 
issue #858

- unit tests now run for MySQL
 2013-09-27 11:54:09 +01:00
Hannah Wolfe
50a16ceb76 Test Cleanup 2013-09-27 11:36:12 +01:00
Hannah Wolfe
e411ed6889 No autolinking inside of code blocks 
closes #865

- rejigged markdown to have some functionality before showdown runs, and other functionality before.
- autolinking now happens last, so it can be smarter
 2013-09-27 11:35:44 +01:00
Hannah Wolfe
8c6519fde7 Don't output image tag for empty source 
closes #866

 - ensures we don't end up creating any more empty image tags.
 2013-09-27 11:30:41 +01:00
John O'Nolan
9df4955bcb Fix tiny alignment issue on Ghost logo 2013-09-27 11:23:24 +02:00
John O'Nolan
8ce4d4b7c5 Fixed fucked up modal padding 2013-09-27 11:21:23 +02:00
Hannah Wolfe
6369eb20be Remove broken image from fixture 
issue #866

- this fixes the problem inside the fixture
 2013-09-27 09:18:02 +01:00
Hannah Wolfe
681aa71bf5 Merge pull request #848 from jamesbloomer/705-image-Upload-file-storage-amends-type 
Use file mime type to check server side if image upload is a valid file
 2013-09-26 15:18:04 -07:00
Hannah Wolfe
57d83fe560 Merge pull request #794 from sebgie/issue#570 
Add invalidate cache headers
 2013-09-26 15:17:24 -07:00
Jacob Gable
a9c0359f18 Add some unit tests for post saving 
- Confirm published_at for new posts
- Confirm slug generating on saving posts
 2013-09-26 23:15:43 +01:00
Jacob Gable
088518936c Configuration validation in config-loader 
Added a couple sanity checks to the config during the loadConfig call.

- Check that the config exists for the current NODE_ENV
- Check that the config.url exists and is valid structure
- Check that the config.database exists
- Check that the config.server exists and has a port and host value
 2013-09-26 23:07:48 +01:00
Hannah Wolfe
18ca744c98 Merge pull request #913 from ErisDS/0.3.1-html-handling 
Treat markdown as text in editor
 2013-09-26 14:53:37 -07:00
Sebastian Gierlinger
59b57b84e0 Fix partials in themes 
closes #884
- changed init sequence of ghost and helpers
 2013-09-26 22:30:45 +02:00
Hannah Wolfe
0ef99ad393 Merge pull request #912 from cobbspur/saveposition 
fixes position of save button in image uploader
 2013-09-26 13:26:01 -07:00
Hannah Wolfe
fc881229f4 Treat markdown as text in editor 
closes #857

- markdown is inserted into codemirror with .text() not .html()
 2013-09-26 21:06:52 +01:00
cobbspur
3119fc5388 fixes position of save button in image uploader 
closes #911

- adds display block to save button centre class
 2013-09-26 20:15:48 +01:00
cobbspur
2a55595191 Increased visibility of trash can in image uploader for broken url 
closes #838

- adds a min height value to pre-image-uploader scss
 2013-09-26 18:33:09 +01:00
Sebastian Gierlinger
3def65ee11 Fix for sendmail problem 
closes #871
- added solution from email
- tested on OSX
 2013-09-26 15:45:34 +01:00
Sebastian Gierlinger
fa43ca79d3 Add content to RSS 
closes #886
- removed meta_description which is empty and would have crashed
- added content
- img src converted to absolute path
- a href converted to absolute path
 2013-09-26 15:37:25 +01:00
John O'Nolan
58873a9fc3 Stripped obsolete CSS3 prefixes 2013-09-26 15:26:00 +01:00
jamesbloomer
55048d6a20 Fix image upload tests on windows 
closes #826
- on windows the fs.exists call had windows style back slashes
- set up the test to cope with either (not the most elegant but works)
 2013-09-26 15:19:05 +01:00
John O'Nolan
d1957958e3 Cleanup indentation and quotes 
Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
 2013-09-26 15:06:31 +01:00
jamesbloomer
8e3ddcbdcc Trim version number to major and minor numbers only in meta tag 
closes #880
- as the version number is under control from package.json use regex to trim
 2013-09-26 15:00:05 +01:00
Hannah Wolfe
b787cc6639 Image upload start event fired earlier 
issue #882
 2013-09-26 12:35:03 +01:00
cobbspur
90e4637ede Image Upload URl saves in the right place 
closes #864

- adds trigger - uploadstart to url handler
 2013-09-26 12:34:59 +01:00
Hannah Wolfe
0b87c42e84 Merge pull request #891 from ErisDS/0.3.1-importerfix 
0.3.1 Import & Export fixes
 2013-09-26 04:14:56 -07:00
John O'Nolan
78775f1976 Added email to username if no name is given 
Gets rid of generic "Ghost" - we know a user will always have an email address as it is a required field.
 2013-09-26 12:02:48 +01:00
John O'Nolan
bf5ab32fe9 Renamed user image data helper to make more sense 2013-09-26 12:02:44 +01:00
Matthew Harrison-Jones
67132ff28b Bug Fix: Date Keyboard Shortcut no-longer crashes the browser 2013-09-26 11:22:02 +01:00
jamesbloomer
6941b73168 Fix admin redirect issue 
closes #850
- the aliases for the ghost admin link were causing redirects of the
form /ghost//admin etc.
- simplest solution is to split the route into two with the first one
just redirecting and the second doing the auth
 2013-09-26 10:46:45 +01:00