jamesbloomer
9d114c7fa6
Lock down theme static directory to not serve templates, markdown and text files.
...
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
2013-10-11 18:05:31 +01:00
Hannah Wolfe
6db7e6d96e
Merge pull request #1000 from sebgie/issue#872
2013-10-11 13:19:12 +01:00
Sebastian Gierlinger
b040ea3365
Change from address
...
closes #872
- changed from address to use config.mail.fromaddress
- changed from address to default to settings.email
2013-10-11 12:49:33 +01:00
Hannah Wolfe
a37d487ffd
Merge pull request #992 from pmgarman/spacelys-sprockets-n-sockets
2013-10-10 16:19:42 +01:00
Hannah Wolfe
31e2737cfd
Update config validation to allow for socket only
...
issue #887
2013-10-10 16:13:02 +01:00
Patrick Garman
97f592aa41
Allow Ghost to run using sockets
...
Closes #887
- Adds getSocket function > Returns the socket location if sockets are enabled or false
- Adds startGhost function > Callback for server.listen
2013-10-10 16:12:28 +01:00
Hannah Wolfe
54f8a04779
Merge pull request #996 from ErisDS/0.3.2-tagfixes
...
Improving tag handling in post_class and body_class
2013-10-10 07:05:15 -07:00
Hannah Wolfe
7b28056849
Merge pull request #995 from ErisDS/xss
...
XSS
2013-10-10 07:04:50 -07:00
Hannah Wolfe
f1317b84af
Improving tag handling in post_class and body_class
...
closes #967 , closes #987
- use slug instead of name (it's unique)
- get tags even if we aren't inside the post context
- add tag handling to body_class too
2013-10-09 19:51:55 +01:00
Hannah Wolfe
14ac437763
Updating to latest Casper
...
- triple braces for post titles everywhere
2013-10-09 19:29:38 +01:00
Hannah Wolfe
95f9fce3be
Swapping escape to sanitze
...
issue #938
- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b
Escaping several fields to prevent XSS
...
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
2013-10-09 19:13:13 +01:00
Hannah Wolfe
d169bba3f8
Updated to latest version of express-hbs
...
issue #830
2013-10-07 16:42:25 +01:00
Hannah Wolfe
c95d469eb3
Updated to latest version of express
...
closes #875
2013-10-07 14:31:57 +01:00
Hannah Wolfe
c0d5167f7d
Merge pull request #948 from javorszky/0.3.2-wip
...
Fixes config.example.js
2013-10-05 12:16:32 -07:00
Gabor Javorszky
a37c7958b1
Fixes config.example.js
...
Closes #945
2013-09-30 15:06:54 +01:00
Hannah Wolfe
6bd62538af
Merge branch '0.3.1-wip'
...
Conflicts:
core/server/controllers/admin.js
2013-09-27 17:22:55 +01:00
Hannah Wolfe
0169b78f35
Updating to Latest Casper, more gist fixes
2013-09-27 17:21:06 +01:00
Hannah Wolfe
d866f0f31a
Version bump for 0.3.1 bugfix release
2013-09-27 17:20:52 +01:00
Hannah Wolfe
a5bf8bf1e2
Removing reset button
...
- noone needs this, and someone is bound to press it and then complain.
2013-09-27 17:20:41 +01:00
Hannah Wolfe
4d6455e6d1
Updating to latest Casper, includes fix for gists
2013-09-27 14:17:32 +01:00
Hannah Wolfe
e86958fdb7
Further fix to image markdown
...
issue #866 again
2013-09-27 14:17:19 +01:00
Hannah Wolfe
d841e749f9
Adding extra class for url uploads
2013-09-27 13:34:39 +01:00
Hannah Wolfe
ee8d8102db
Merge pull request #923 from ErisDS/0.3.1-wip-mysql
...
0.3.1 wip mysql
2013-09-27 05:04:45 -07:00
Hannah Wolfe
9ae1dc26db
Merge pull request #914 from gotdibbs/Issue874
2013-09-27 13:03:42 +01:00
William Dibbern
ef8fed3159
Added comments to config for ports
...
Fixes #874
- Added comments to clarify that you should set the port to
`process.env.PORT` when running ghost under iisnode.
2013-09-27 12:57:33 +01:00
Hannah Wolfe
5c10f6608c
Unit Test fixes for MySQL
...
issue #858
- there is no guaranteed order to arrays, so sort before testing them
- tests run much faster, date comparisons fail
- settings tests are more explicit, otherwise they fail random validations
- dates must be inserted as date objects
2013-09-27 12:52:31 +01:00
Hannah Wolfe
11296c0064
Merge pull request #920 from ErisDS/0.3.1-wip-markdown
...
0.3.1 wip markdown
2013-09-27 04:30:23 -07:00
Hannah Wolfe
d544b4aebb
Custom destroy method for posts
...
issue #858
- correctly handles detaching tags before deleting the post
2013-09-27 11:56:20 +01:00
Hannah Wolfe
e6b779330f
Correctly test for an empty Tag array
...
issue #858
- fixes syntax errors in mysql
2013-09-27 11:55:02 +01:00
Hannah Wolfe
71711c1fd2
Drop tables in correct order
...
issue #858
- unit tests now run for MySQL
2013-09-27 11:54:09 +01:00
Hannah Wolfe
50a16ceb76
Test Cleanup
2013-09-27 11:36:12 +01:00
Hannah Wolfe
e411ed6889
No autolinking inside of code blocks
...
closes #865
- rejigged markdown to have some functionality before showdown runs, and other functionality before.
- autolinking now happens last, so it can be smarter
2013-09-27 11:35:44 +01:00
Hannah Wolfe
8c6519fde7
Don't output image tag for empty source
...
closes #866
- ensures we don't end up creating any more empty image tags.
2013-09-27 11:30:41 +01:00
John O'Nolan
9df4955bcb
Fix tiny alignment issue on Ghost logo
2013-09-27 11:23:24 +02:00
John O'Nolan
8ce4d4b7c5
Fixed fucked up modal padding
2013-09-27 11:21:23 +02:00
Hannah Wolfe
6369eb20be
Remove broken image from fixture
...
issue #866
- this fixes the problem inside the fixture
2013-09-27 09:18:02 +01:00
Hannah Wolfe
681aa71bf5
Merge pull request #848 from jamesbloomer/705-image-Upload-file-storage-amends-type
...
Use file mime type to check server side if image upload is a valid file
2013-09-26 15:18:04 -07:00
Hannah Wolfe
57d83fe560
Merge pull request #794 from sebgie/issue#570
...
Add invalidate cache headers
2013-09-26 15:17:24 -07:00
Hannah Wolfe
6605ce1c71
Merge pull request #908 from jgable/fixImporterDates
2013-09-26 23:16:08 +01:00
Jacob Gable
a9c0359f18
Add some unit tests for post saving
...
- Confirm published_at for new posts
- Confirm slug generating on saving posts
2013-09-26 23:15:43 +01:00
Hannah Wolfe
c976a094f6
Merge pull request #878 from jgable/configErrorMessages
2013-09-26 23:12:09 +01:00
Jacob Gable
088518936c
Configuration validation in config-loader
...
Added a couple sanity checks to the config during the loadConfig call.
- Check that the config exists for the current NODE_ENV
- Check that the config.url exists and is valid structure
- Check that the config.database exists
- Check that the config.server exists and has a port and host value
2013-09-26 23:07:48 +01:00
Hannah Wolfe
18ca744c98
Merge pull request #913 from ErisDS/0.3.1-html-handling
...
Treat markdown as text in editor
2013-09-26 14:53:37 -07:00
Hannah Wolfe
3fec758e67
Merge branch 'sebgie-issue884' into 0.3.1-wip
2013-09-26 22:49:32 +01:00
Sebastian Gierlinger
59b57b84e0
Fix partials in themes
...
closes #884
- changed init sequence of ghost and helpers
2013-09-26 22:30:45 +02:00
Hannah Wolfe
0ef99ad393
Merge pull request #912 from cobbspur/saveposition
...
fixes position of save button in image uploader
2013-09-26 13:26:01 -07:00
Hannah Wolfe
e6b6c54386
Merge pull request #910 from cobbspur/height
...
Increased visibility of trash can in image uploader for broken url
2013-09-26 13:18:57 -07:00
Hannah Wolfe
fc881229f4
Treat markdown as text in editor
...
closes #857
- markdown is inserted into codemirror with .text() not .html()
2013-09-26 21:06:52 +01:00
cobbspur
3119fc5388
fixes position of save button in image uploader
...
closes #911
- adds display block to save button centre class
2013-09-26 20:15:48 +01:00