closes#942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
issue #938
- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
Fixes#362
- There is no need to set the viewport on functional tests anymore
unless something other
than the default of 1280x1024 is desired.
- There is no need to invoke `casper.run` to trigger `test.done`
anymore for functional tests.
- Each test works independently of the rest; registration is handled
once for the lifetime of the test run and then login/logout can be
invoked automatically as desired.
- Mocha tests all utilize predefined, more realistic fixtures when
appropriate.
- Renamed old api tests that were really model tests as appropraite.
- Added example api test for posts.
issue #858
- there is no guaranteed order to arrays, so sort before testing them
- tests run much faster, date comparisons fail
- settings tests are more explicit, otherwise they fail random validations
- dates must be inserted as date objects
closes#865
- rejigged markdown to have some functionality before showdown runs, and other functionality before.
- autolinking now happens last, so it can be smarter
Added a couple sanity checks to the config during the loadConfig call.
- Check that the config exists for the current NODE_ENV
- Check that the config.url exists and is valid structure
- Check that the config.database exists
- Check that the config.server exists and has a port and host value
closes#705
- uses the file type passed by express/connect
- relies on the type being set correctly by the browser upload
- doesn't reread the file to check
Fixes#825
- Changes the way the error middleware is delivered in server.js, moving
all the logic back into errorHandling.js
- Alters error logging to use console.error (probably more appropriate) instead
of console.log
- Changes error tests to accomodate for these alterations
- Alters user-error and error hbs templates to incorporate stack traces
- Adds additional styling for error pages to accomodate stack traces
- Added logic to parse and deliver formatted stack traces
Notes:
======
- Jslint gets in the way of the regex I've got to use to parse the stack.
(It cites 'security reasons' which are not relevant in this case.)
I needed to add a condition to relax it at the top of errorHandling.js
- The stack trace should probably be added as a partial, but I figured it
was out of scope for this PR.
closes#502
part of #705
- copy the files but then remove the temporary ones
- moving instead of copying was problematic due to moving across devices
- still need to convert code to using promises
closes#295
- Maintain a list of markers for CodeMirror which reference image codes
- Upload start triggers a selection
- Upload success replaces the selection
- No ref-style image markdown handling
- Showdown image URL handling improved at the expense of titles
- Tests updated
- Made a helper called ghostScriptTags that will spit out the relevant
script tags with version parameter; 4 unminified files in development,
1 minified file in production.
- Added grunt concat and uglify tasks to build files into core/built
- Fixed some unit tests by making them native date objects
closes#733
- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
closes#748
- Removed the alpha software warning
- Better error message output for the whole app - can now specify an error, a context, and a help message
- Improved invalid node version, start and stop messaging
- Listens for Ctrl+C and exits nicely
- Minor improvements to handling and errors with old DBs (temporary)
- Commented out import/export tests until they are refactored
- Updating tests to ensure they create objects which conform to the new much stricter schema.
closes#370
- Added new Backbone view for post settings menu
- Moved sass styles to global.scss for post settings menu items
- Added field to change post slug (permalink) using existing slug
validation
closes#619
- check if uploaded image name exists in month/year path
- if unique then save
- if not unique then add -1 to the end of the name eg. image-1.jpg
- if image-1.jpg exists then increment to -2
- keep going until a unique name is found
- uses tail recursion as normal path will be to save the first filename and deep recursion will be the exception
- (the alternative of loading the names of all the files in the directory could result in a large in memory array)
Fixes#352
- Ensure publish button's default status is set in the `render`
function.
- Ensure publish button's popup arrow has animation reverted when a
status has been selected.
- Bumped up timeout in failing mocha test for exports-002.
closes 644
- replaced showdown's implementation of bold and emphasis with a version close to marked's
- reverted the underscore-in-word handling to only deal with 2 or more underscores & commented the test this causes to fail - this was causing problems with double underscores.
Fixes#592
- Added *permanent* redirect to ensure `/page/1/` isn't used and that
`/` is used instead.
- Added pageUrl helper (and unit tests) to generate client side url
fragment for blog pages conforming to the above standard.
- Updated pagination helper to use new `pageUrl` theme helper.
- Added functional tests for redirects and added scaffolding for
functional frontend tests in general.
closes#577
- auto-linking was interfering with things that were already a link
- now checks to ensure we are not in a HTML or markdown link already
- added tonnes of new tests
closes#367closes#368
- Adds Tag model with a many-to-many relationship with Post
- Adds Tag API to retrieve all previously used Tags (needed for suggestions)
- Allows setting and retrieval of Tags for a post through the Post's existing API endpoints.
- Hooks up the editor's tag suggestion box to the Ghost install's previously used tags
- Tidies the client code for adding tags, and encapsulates the functionality into a Backbone view
Fixes#469
- Added client-side trimming of title on blur if it is not already
trimmed.
- Added server-side trimming of title on 'saving' event of post model.
closes#422, issue #295
- Added GFM mode to codemirror
- Took the github.js extension for Showdown and added all useful behaviour
- Now supports strikethrough, line breaking and
multiple underscores, and auto linking urls & emails without breaking
definition urls
- Also added definition url handling in preparation for #295
- Added unit tests for the extentions individually and integrated with
showdown
closes#528
- adds method (isPost)to models index.js that returns true if content, content_raw, title and slug are valid properties
- adds url helper which checks context is post using isPost method
- adds unit test to check a url is prefixed with /
-adds unit test which checks for empty string if either of the 4 properties above are not present.
Pagination could conceivably be used in more than one place on a page (eg. both top and bottom). For that reason it should probably have a class rather than an ID.
- fixes#517
- prevents this from occuring again in future with other relations
- validation function & stripping done for all models
- casper test for flow, plus validation & logged out tests
closes#382, closes#383
- added helper called ghost_head to insert meta data with current version of ghost
- added helper called ghost_foot to insert script tag for jquery
- added unit test for both helpers
- removed trailing slash from ghost.js for 'shared' path and removed from outside of loop as it is shared on front and backend
Temporary patch for #362
- Split out database teardown and initialization so they each have their
own 2 second timeout.
- Added some test-specific increased timeouts.
Fixes#358
- Altered post model to enable eager loading of author and
user relationships
- Fixed broken base model toJSON method, which prevented
eager resolution of relationships (thanks @tgriesser)
- Passes author information to template.
- Added unit tests for author helper.
- Added unit tests for findOne and findAll additions to Post Model
which take into account the eager relationships
Usage:
`{{author}}` -- returns the full name of the post author
`{{author.attribute}}` -- returns property of the current post author
as described by the user model
closes#452
- changed keyboard shortcut to insert ![].. not !image[]
- changed regex in ghostdown to only work for ![]
- added a further regex in ghostdown to properly match for URLs inside the parens
Fixes#256
- Developed and linked new module, downsize, for tag-safe truncation
- Altered existing content handler to accept options for truncation
- Added tests for handler
Using truncation:
{{content words=10}}
{{content characters=256}}
Implements basic functionality described in #227 for loading plugins
from a specific directory and having a specific workflow with an init()
method and a disable() method.
- added line to index.js to set node_env to development if it is not set
- fixed a small bug with the persistent notifications and used them on debug page from server side
- added 002 files to manage export and import for 002
- 002 import is somewhat smarter than 001, merging settings (except version), replacing user & clearing primary keys
- added reset to models and migration, which does the down operation the same way that init does the up operation
- import and reset clear session & redirect to login / signup
- additional unit tests
(RE: discussion in pull #317)
- Unit tests enforce well formedness of ghostdown processor function
and what it returns.
- Ensures image markup is recognised and replaced accurately.
Hacky implementation of a suite of casper tests. This is here so that we can start to build up some tests.
Main thing missing is being able to simulate keypresses for CodeMirror
Making the tests run nicely with grunt, travis and be independent rather than interdependent can all come later.
- See tests/functional/base.js for full usage instructions & implementation notes
