andy matthews
8743766071
Add tooltip text to icons in admin section
...
Closes #1178
* Add tooltip text to assorted icons within CMS
* Add tooltip for blog URL to Ghost logo
* Change 'Options' to 'Post Settings'
Change 'Options' to 'Post Settings'
2013-10-22 22:31:02 +01:00
Hannah Wolfe
b319e5b800
Merge pull request #1232 from thgaskell/master
...
Undefined post data causing server to crash
2013-10-22 13:35:03 -07:00
Hannah Wolfe
fc53bc8a15
Merge pull request #1152 from jgillich/status-code
...
Set correct HTTP status code on error
2013-10-22 13:05:22 -07:00
Hannah Wolfe
15a2eacaac
Merge pull request #1141 from halfdan/246-helper-tests
...
Improved test coverage of theme helpers.
2013-10-22 12:45:07 -07:00
Hannah Wolfe
e2cf362395
Merge pull request #1117 from halfdan/featured-posts
...
Add featured class when post is featured
2013-10-22 12:38:33 -07:00
Hannah Wolfe
4480d3bd02
Merge pull request #1088 from jacobian/postgres-fix
...
Fix #896 - work around errors in pagination under Postgresql.
2013-10-22 07:08:15 -07:00
Tony Gaskell
2809e405d5
fixed bug where an undefined variable could be dereferenced
...
which could cause the server to choke.
2013-10-22 03:20:09 -10:00
Pascal Borreli
14c420c8d1
Fixed typos
2013-10-20 20:33:51 +00:00
Hannah Wolfe
65dcb17117
Merge branch '0.3.3-wip'
...
Conflicts:
core/client/views/blog.js
core/server/api.js
core/server/views/default.hbs
package.json
2013-10-20 10:09:39 +01:00
Sebastian Gierlinger
2ee8f96829
Revert sessions to cookieSessions
...
no issue
- modified sessions to use cookieSession
- set max-age to 12 hrs
- modified logout to delete cookie completely
2013-10-18 13:24:01 +02:00
Hannah Wolfe
158d237122
Improved error handling
...
fixes #845
- only returns an error page for get requests, otherwise returns a response
- no more admin menu when not logged in
- no more error message about theme error template
- logWarn is available
2013-10-17 22:49:14 +01:00
Jakob Gillich
0f048eeb79
Set correct HTTP status code on error
...
closes #1055
2013-10-17 21:52:40 +02:00
Hannah Wolfe
e29a598fa5
CSRF for debug screen
2013-10-17 20:52:09 +01:00
Hannah Wolfe
2a6e77752f
API JSON updates
2013-10-17 20:52:05 +01:00
Hannah Wolfe
d9c9ca0e33
Merge pull request #4 from sebgie/sec/3
...
Sec/3
2013-10-17 10:49:40 -07:00
Hannah Wolfe
491651da59
Merge pull request #2 from ErisDS/bookshelf-knex-update
...
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-10-17 10:49:28 -07:00
Tim Griesser
13639ad8d1
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-10-17 18:23:36 +01:00
Sebastian Gierlinger
374c41e138
Remove private data from API
...
no issue
- added removal to user.browse, posts.read, posts.browse
- fixed removal for user.read
2013-10-17 17:15:25 +02:00
Sebastian Gierlinger
90176e1f40
Security improvements
...
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
2013-10-17 15:28:28 +02:00
Hannah Wolfe
daa87e92c2
Merge pull request #1026 from jenius/master
...
Remove unneeded info from /user api response
2013-10-17 14:12:13 +01:00
Fabian Becker
dfa7793d44
Improved test coverage of theme helpers.
...
refs #246
2013-10-17 07:53:11 +00:00
Fabian Becker
f4ac715f97
Add featured class when post is featured
...
fixes #1112
2013-10-16 11:41:49 +00:00
Hannah Wolfe
3eae0a3939
Merge pull request #1103 from b1nd/merge
...
Removed unused variables and updated commenting
2013-10-16 03:31:57 -07:00
Hannah Wolfe
7419e05b3a
Merge pull request #1092 from halfdan/uc-helper
...
Added new helper to escape URIs called 'encode'
2013-10-16 02:23:13 -07:00
Fabian Becker
788987d04a
Added new helper to escape URIs called 'encode'
...
fixes #1089
2013-10-16 09:19:26 +00:00
b1nd
c61806c1c8
Removed unused variables and updated commenting
2013-10-16 11:32:44 +11:00
Hannah Wolfe
930309363d
Merge pull request #1020 from padhg/omit-uri-scheme
...
Allow omission of URI Scheme in config.js url
2013-10-15 12:26:18 -07:00
Jacob Kaplan-Moss
2acb546028
Fix #896 - work around errors in pagination under Postgresql.
2013-10-15 11:09:08 -05:00
Jeff Escalante
44973ba255
remove unneeded info from user api response
2013-10-14 15:07:52 -04:00
Ryan Powell
dc1cf3b509
changes to support URI's without a scheme in config.js.
...
also removed "http:" from google fonts link to prevent a mixed content warning.
2013-10-14 10:42:08 -04:00
Hannah Wolfe
119b0ea430
Merge branch '0.3.2-wip'
...
Conflicts:
core/client/assets/lib/uploader.js
2013-10-11 20:56:15 +01:00
Hannah Wolfe
b4e04b3650
Fix for image uploads
...
- express 3.4.0 uses connect 2.9.0 which had a sizable change to how multipart woks
- this change resulting in req.files.uploadimage.type going away
2013-10-11 20:26:09 +01:00
jamesbloomer
9d114c7fa6
Lock down theme static directory to not serve templates, markdown and text files.
...
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
2013-10-11 18:05:31 +01:00
Sebastian Gierlinger
b040ea3365
Change from address
...
closes #872
- changed from address to use config.mail.fromaddress
- changed from address to default to settings.email
2013-10-11 12:49:33 +01:00
Hannah Wolfe
9466a9753b
Merge branch '0.3.2-wip'
...
Conflicts:
core/test/unit/api_posts_spec.js
2013-10-10 16:37:35 +01:00
Hannah Wolfe
54f8a04779
Merge pull request #996 from ErisDS/0.3.2-tagfixes
...
Improving tag handling in post_class and body_class
2013-10-10 07:05:15 -07:00
Sebastian Gierlinger
6ff17c78a2
Fix filepaths for config and upload
...
no issue
- added appRoot to config-loader.js
- modified uploader to use correct path
- modified tests
2013-10-10 12:44:31 +02:00
Hannah Wolfe
f1317b84af
Improving tag handling in post_class and body_class
...
closes #967 , closes #987
- use slug instead of name (it's unique)
- get tags even if we aren't inside the post context
- add tag handling to body_class too
2013-10-09 19:51:55 +01:00
Hannah Wolfe
95f9fce3be
Swapping escape to sanitze
...
issue #938
- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b
Escaping several fields to prevent XSS
...
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
2013-10-09 19:13:13 +01:00
Hannah Wolfe
59d69f273e
Merge pull request #984 from matthojo/Loading-Bar
...
Loading bar
2013-10-09 09:32:13 -07:00
Hannah Wolfe
b5c5d531d1
Fix for unhandled promise on fresh db startup
...
issue #977
- As of the addition of when/monitor/console we now get errors about unhandled promises
- This fixes one which appeared when starting up without a DB
2013-10-09 16:58:50 +01:00
Matthew Harrison-Jones
fdf5e3d69e
Revert "loading bar implementation"
...
This reverts commit de6b8ee9b3
and 16742bcaef
2013-10-08 14:12:46 +01:00
John O'Nolan
34762ce1be
Move webfonts to // rather than http://
...
https://en.ghost.org/forum/bugs-suggestions/475-suggestion-remove-system-dependence-on-google-web-fonts
2013-10-04 09:48:51 +02:00
Hannah Wolfe
ba0b6982a4
Trailing slashes for cache invalidation headers
...
issue #963
2013-10-02 16:14:35 +01:00
Sebastian Gierlinger
0220cf2448
Disable filestorage
...
closes #937
- fixed bug where ![] is replaced with ![](http://) for image url
- added fileStorage setting to uploader
- added fileStorage helper (could become standard way of providing config data for frontend???)
- added data element to editor and settings
- if no config value is set fileStorage: true is default
2013-10-02 11:39:34 +02:00
John O'Nolan
16742bcaef
Initial loading bar implementation
...
See #726
Becomes visible when <body> has a class of `js-loading`
2013-09-30 11:17:06 +02:00
Hannah Wolfe
17a0bd37b0
Merge pull request #930 from javorszky/iss840
...
Adds error message to blog import on empty / bad file
2013-09-29 11:10:08 -07:00
Gabor Javorszky
f709dcb798
Adds error message to blog import on empty / bad file
...
Closes #840
* Checks file to be size > 0
* Checks file to be .json
* Fails if either of them are not good
2013-09-28 15:42:42 +01:00
John O'Nolan
ba0ae3b4d8
Set sensible admin meta title
2013-09-28 16:21:59 +02:00