Commit Graph

57 Commits

Author SHA1 Message Date
Fabian Becker
aa5c0cc620 Unpublished Post should not be accessible
fixes #1162
2013-10-24 21:29:10 +00:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b Escaping several fields to prevent XSS
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
2013-10-09 19:13:13 +01:00
Hannah Wolfe
d544b4aebb Custom destroy method for posts
issue #858

- correctly handles detaching tags before deleting the post
2013-09-27 11:56:20 +01:00
Hannah Wolfe
e6b779330f Correctly test for an empty Tag array
issue #858

- fixes syntax errors in mysql
2013-09-27 11:55:02 +01:00
John O'Nolan
d1957958e3 Cleanup indentation and quotes
Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-26 15:06:31 +01:00
Hannah Wolfe
0c545d5f2e Cleanup 2013-09-19 08:51:01 +01:00
Hannah Wolfe
32d1076d35 Correct validation message for short passwords
closes #833
2013-09-19 08:41:04 +01:00
Hannah Wolfe
83e655701c Post settings menu tweaks
closes #782, #783

- delete button hidden until ID
- publish date works before publish
2013-09-17 11:51:24 +01:00
Hannah Wolfe
8c26249d46 Adding extra paths to not allow slugs for 2013-09-17 01:48:56 +01:00
William Dibbern
4b8806ec1d Infinite Scroll Pagination for content screen
Fixes #258

- Modified post collection to have default values for paging.
- Added scroll handler to content view to check for more posts and load
as appropriate.
- Sanitized result from server-side post paging, ensure page # is
returned as an integer.
- Added a functional test stub.
2013-09-15 18:34:23 -05:00
Hannah Wolfe
8d038b8bf2 One exporter to rule them all
closes #733

- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
2013-09-15 17:04:42 +01:00
Hannah Wolfe
71a92194ca Improved error messaging
closes #748

- Removed the alpha software warning
- Better error message output for the whole app - can now specify an error, a context, and a help message
- Improved invalid node version, start and stop messaging
- Listens for Ctrl+C and exits nicely
- Minor improvements to handling and errors with old DBs (temporary)
2013-09-15 13:52:58 +01:00
Hannah Wolfe
b902f8109c Renaming default to defaultValue as default is reserved 2013-09-14 22:39:31 +01:00
Hannah Wolfe
d968495996 Mass renaming of things
Conflicts:
	core/client/views/settings.js
	core/server/models/user.js
2013-09-14 21:56:07 +01:00
Hannah Wolfe
d587a845d4 Set migrations to use new 000 schema
issue #632

- removed old schemas
- updated base model to reflect all of the consistent behaviours and properties across the models
- updated all models to match the new schema

TODO

- no fixtures are currently loaded except settings
- need to rename properties across the codebase
2013-09-14 20:01:46 +01:00
Hannah Wolfe
70824a247f Merge branch 'migrations-003' into new-version
Conflicts:
	.gitignore
	config.example.js
	core/server/models/post.js
	package.json
2013-09-14 19:15:04 +01:00
Hannah Wolfe
0b1ffcd1f5 Updating settings types
- issue #573, issue #632
2013-09-14 19:04:41 +01:00
Hannah Wolfe
3fab1f708a Merge pull request #728 from skattyadz/default-settings-validations
Conflicts:
	Gruntfile.js
	core/server.js
	core/server/data/default-settings.json
	core/test/unit/admin_spec.js
2013-09-14 14:37:52 +01:00
Adam Howard
3823d10c35 Restructure default-settings.json and add validations to important settings. 2013-09-14 14:29:27 +01:00
Sebastian Gierlinger
35a32279d9 Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-14 13:14:00 +01:00
Hannah Wolfe
486b2406b1 Merge pull request #722 from ericterpstra/370-post-settings-permalink
Added post-settings menu with edit permalink field
2013-09-13 14:31:49 -07:00
Hannah Wolfe
420986de62 Updating tag saving logic to never save duplicates 2013-09-13 21:38:53 +01:00
ericterpstra
e2bc5257a6 Added post-settings menu with edit permalink field
closes #370
- Added new Backbone view for post settings menu
- Moved sass styles to global.scss for post settings menu items
- Added field to change post slug (permalink) using existing slug
  validation
2013-09-13 12:36:38 -05:00
Hannah Wolfe
01f6551bf2 Small model update for tags and users
- tags are now created with uuid & timestamps
- user role is no longer a model, just a join done with attach
2013-09-13 15:06:17 +01:00
Adam Howard
f6b86a98ff Fix bug preventing tags from being saved when a Post is created.
Fixes #658
2013-09-13 14:30:22 +01:00
Sebastian Gierlinger
212521712d Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-12 15:25:58 +01:00
Hannah Wolfe
bbbfed9921 Temporary aliasing on the User model
issue #389

- Output only aliases (saving data with these keys won't work) gives us the right names in the theme API
2013-09-09 15:25:20 +01:00
Hannah Wolfe
5bae29a0db Merge branch 'master' into migrations-003
Conflicts:
	core/server/data/migration/index.js
	core/server/models/post.js
2013-09-05 12:40:43 +01:00
Adam Howard
e24b5c3382 Proper settings infrastructure, allowing new features without compromising old data.
On server load, check for settings which have not been set, and apply a default value to the settings table from a JSON file.
2013-09-03 22:56:34 +01:00
Hannah Wolfe
36874badd5 Merge pull request #587 from javorszky/iss288
Email sending with Sendgrid plus password reset
2013-09-02 15:44:48 -07:00
Hannah Wolfe
1ff9550e1f User property aliases
issue #389

 - Temporary aliases for user model, schema will be changed soon, in the meantime we want themes to be built using the right properties
2013-09-02 20:58:49 +01:00
Hannah Wolfe
7570599252 Merge pull request #564 from skattyadz/tags-squashed
Add post tagging functionality
2013-09-01 17:50:21 -07:00
Gabor Javorszky
5999d01b7d Repaired email sending, implement password reset
Closes #288
* I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`)
* Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 00:20:12 +02:00
Adam Howard
d90df55b75 Add post tagging functionality
closes #367
closes #368

- Adds Tag model with a many-to-many relationship with Post
- Adds Tag API to retrieve all previously used Tags (needed for suggestions)
- Allows setting and retrieval of Tags for a post through the Post's existing API endpoints.
- Hooks up the editor's tag suggestion box to the Ghost install's previously used tags
- Tidies the client code for adding tags, and encapsulates the functionality into a Backbone view
2013-08-30 16:20:22 +01:00
William Dibbern
94f262a697 Strip whitespace on titles
Fixes #469

- Added client-side trimming of title on blur if it is not already
trimmed.
- Added server-side trimming of title on 'saving' event of post model.
2013-08-30 08:04:32 -05:00
Hannah Wolfe
f318d164d4 Adding Github Flavored Markdown support
closes #422, issue #295

- Added GFM mode to codemirror
- Took the github.js extension for Showdown and added all useful behaviour
- Now supports strikethrough, line breaking and
  multiple underscores, and auto linking urls & emails without breaking
  definition urls
- Also added definition url handling in preparation for #295
- Added unit tests for the extentions individually and integrated with
  showdown
2013-08-29 14:32:09 +01:00
cobbspur
5c12c78d00 added url handlebars helper
closes #528

- adds method (isPost)to models index.js that returns true if content, content_raw, title and slug are valid properties
- adds url helper which checks context is post using  isPost method
- adds unit test to check a url is prefixed with  /
-adds unit test which checks for empty string if either of the 4 properties above are not present.
2013-08-26 23:58:35 +01:00
Hannah Wolfe
c70dfde7e3 Agressive stripping of the model attributes
- fixes #517
- prevents this from occuring again in future with other relations
- validation function & stripping done for all models
- casper test for flow, plus validation & logged out tests
2013-08-25 18:12:27 +01:00
Hannah Wolfe
41e36cca7e Validation consistency
- introduced validation method in the post and user model
- moved signup validation onto model
- consistent use of validation & error messaging in the admin UI
- helper methods in base view moved to a utils object
2013-08-25 18:10:12 +01:00
Hannah Wolfe
6f05812377 Merge pull request #503 from sebgie/questionmarkbug
Fix for post with '?'
2013-08-24 08:06:51 -07:00
Hannah Wolfe
60c7643a58 Merge pull request #438 from cgiffard/hbs-helper-author
Template Helpers: Added author hbs helper
2013-08-24 07:45:36 -07:00
Sebastian
9ee91b3547 Fix for post with '?'
closes #433
- if slug is empty after trimming use "post" as slug instead
2013-08-23 18:49:45 +02:00
Christopher Giffard
4397bcf86e Template Helpers: Added author hbs helper
Fixes #358

 - Altered post model to enable eager loading of author and
   user relationships
 - Fixed broken base model toJSON method, which prevented
   eager resolution of relationships (thanks @tgriesser)
 - Passes author information to template.
 - Added unit tests for author helper.
 - Added unit tests for findOne and findAll additions to Post Model
   which take into account the eager relationships

 Usage:
 `{{author}}` -- returns the full name of the post author
 `{{author.attribute}}` -- returns property of the current post author
 as described by the user model
2013-08-23 19:13:32 +10:00
Tim Griesser
c83835a811 fixes incorrect toJSON extension, for eager loaded models 2013-08-22 13:53:46 -04:00
Gabor Javorszky
be7ed2dfdc Added validation for signup and login screens
Closes #374
* Included node-validator as a package
* Implemented server side validation (the client side js is a mess, need a LOT of work)
* Validates email address both on signup and login screens, gives error message on malformed email addresses
* Requires at least 8 chars of password
* Tells user if password is too short
* Tells user if no such user on login
* Tells user if wrong password on login
* Tells user if server responds with a 404 (goes away, dies, etc)
* Added middleware between req and login / signup for validation
2013-08-20 09:42:42 +01:00
Jacob Gable
a1d00b56b2 Trim title and don't allow negative pages
Added a .trim() to the slug generation and redirect to the first page if
the page parameter is parsed as less than 1.
2013-08-19 21:18:39 -05:00
William Dibbern
4f2421fac7 MySQL Support
Closes #364
- Confirmed integration with local mysql installation works.
- Updated fixtures and migration with appropriate schema-conforming
values.
- Updated schema with appropriate defaults and nullable columns.
- Updated fixDates function on model base to appropriately deserialize
values coming from SQLite now that dates are stored as actual DateTime
objects/ISO strings.
- Updated default language to be 'en_US'.
2013-08-19 17:25:02 -05:00
Hannah Wolfe
fd33b276a0 Merge pull request #419 from jgable/postPermissions
Edit Post Permissions
2013-08-18 12:11:55 -07:00
Jacob Gable
53061a4c04 Fix multiple title slug generation
Change slug generation to not append multiple hyphens
2013-08-18 13:23:15 -05:00