issue #938
- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
closes#937
- fixed bug where ![] is replaced with ![](http://) for image url
- added fileStorage setting to uploader
- added fileStorage helper (could become standard way of providing config data for frontend???)
- added data element to editor and settings
- if no config value is set fileStorage: true is default
Specified type='button' for the buttons in the form so they don't get
pseudo clicked on enter key in inputs. Added a keyup handler to check
for enter keys in the inputs and do the proper action based on where you
are in the form.
Fixes#877
- Updated the blog/content view to check `collection.length` before
attempting to pull another record.
- In the event an item is removed and the collection now has zero items,
still redraw the preview pane, just with no data.
Fixes#825
- Changes the way the error middleware is delivered in server.js, moving
all the logic back into errorHandling.js
- Alters error logging to use console.error (probably more appropriate) instead
of console.log
- Changes error tests to accomodate for these alterations
- Alters user-error and error hbs templates to incorporate stack traces
- Adds additional styling for error pages to accomodate stack traces
- Added logic to parse and deliver formatted stack traces
Notes:
======
- Jslint gets in the way of the regex I've got to use to parse the stack.
(It cites 'security reasons' which are not relevant in this case.)
I needed to add a condition to relax it at the top of errorHandling.js
- The stack trace should probably be added as a partial, but I figured it
was out of scope for this PR.
closes#812
- replace defaults with consistently named .png files
- change the settings saving code so that it doesn't double-save images and save the defaults to the db
Fixes#788
- Toggles now close all any other open toggles.
- Added .active class for post settings menu to ensure highlight stays
on settings icon/button until it is closed, not just on hover.
closes#783
- I think there's probably a nicer solution than putting clearEverything() everywhere, but that would also probably involve significant refactoring.
Closes#666.
* Adding new error notifications (removed post name, cleaned up statuses) when creating/updating a post
* Removing scheduled from the maps and changing the text of publish-on
* Made temporary "Scheduled publishing is not supported yet." message display in a proper error container, plus a slight grammar fix.
* Removed ; from the start of validation errors on post error, as the previous sentence finishes with a .
* Smoother animations
* Removed blurring in Chrome temporarily
* Centering is now done in CSS (the height is calculated in JS to work in FF and Opera)
* Modals now need close: true to be set to enable the close icon and shortcuts for closing (ESC key, background clicking)
Issue #149
- added back button to content preview and settings
- added hammer.js interactions
- needs some tweaking for mobile view
- problems with touch events (additional click event after 300ms)
closes#701, closes#702
- if image upload is called from editor the url icon provides a text field and a save button
- if on settings pages (general and user) the save button will capture the entered url or uploaded url
- both modes have the reset button
- fixed bug that is created by url when image is dragged onto window
closes#295
- Maintain a list of markers for CodeMirror which reference image codes
- Upload start triggers a selection
- Upload success replaces the selection
- No ref-style image markdown handling
- Showdown image URL handling improved at the expense of titles
- Tests updated
Fixes#258
- Modified post collection to have default values for paging.
- Added scroll handler to content view to check for more posts and load
as appropriate.
- Sanitized result from server-side post paging, ensure page # is
returned as an integer.
- Added a functional test stub.
Fixes#667
- Removed superfluous as-of-yet-unused options in the publish menu.
- Adjusted display names of publish buttons according to differing
states the publish menu can be in (new post, saved draft, published
post).
- Added red highlight style to "important" status change options in the
publish menu (draft => published, published => unpublished).
- Added suite of functional tests around new labels and classes.
- Made a helper called ghostScriptTags that will spit out the relevant
script tags with version parameter; 4 unminified files in development,
1 minified file in production.
- Added grunt concat and uglify tasks to build files into core/built
- Fixed some unit tests by making them native date objects
closes#172
- added type to ghost.settings()
- added /api/settings?type=<filter>
- added availableThemes to settingsCache
- removed cachedSettingsRequestHandler
- removed /api/themes (including front end)
- changed activePlugins to type "plugin" in default-settings.json
Closes#581.
* Basically adds the client side of node validator, that we're already using
* Validator is plonked onto `Ghost.Validator`
* Usage is identical as to https://github.com/chriso/node-validator
* Has sanitizing values et al
* `Ghost.Validator.error` is redefined, it populates Ghost.Validator._errors (Array)
* `Ghost.Validator.handleErrors` is supposed to print out the multiple error messages, if there are multiple (this is broken due to how notifications are presented `.html` instead of `.append`), and also apply class to element
* The ajax calls are wrapped in an if to prevent network traffic if something's not right on client side
* Added validation to general settings and user settings screens.
* On validation error, optionally adds `.input-error` to whatever element you reference, see below (if `el` exists on the error object). This is the only place where usage is different to the original implementation. Redeclared `error()` function in `init.js`
* Usage: `Ghost.Validate.check(valueToCheck, {message: "the error message", el: $('#the element')}).isEmail()`
* The element above will receive the `.input-error` class. `isEmail()` is one of the stuff you can check against.
closes#370
- Added new Backbone view for post settings menu
- Moved sass styles to global.scss for post settings menu items
- Added field to change post slug (permalink) using existing slug
validation
* Signup now focuses on 'name' on load
* Fixed fade in on auth forms to work with `display: table`
* The 'name' field is required on Sign up forms
* The length check on the Signup form is in order of inputs
* Added check for password length
* Changed the auth form class names to better represent individual pages
* Updated CasperJS tests
Fixes#352
- Ensure publish button's default status is set in the `render`
function.
- Ensure publish button's popup arrow has animation reverted when a
status has been selected.
- Bumped up timeout in failing mocha test for exports-002.
This breaks focus on focused element to keep layout. This is because the
layout still breaks if an element is focused, and you cannot trigger
the system keyboard through Javascript to refocus an element after.
Closes#345
- added blog description to general screen
- removed content screen from sidebar
- removed beforeRender from settings front end
- removed content screen from tests
closes#280
- adds image uploader to user profile page.
- click on cover picture or change cover button to open file upload modal.
- created new upload modal that extends model to reduce some code duplication
Closes#560, #436, #545, #437
* Added .s to the end of all post notification messages, per #437.
* Added nice message when saving a draft per #436, also for other post statuses (your post will be published), etc.
* Removed post name from notifications per #560 and #545.
* Changed delete post error message to be "Your post could not be deleted. Please try again."
NB: There may be an issue with the format of error messages which could be a separate bug?
closes#593
- added default setting of 6 posts per page
- added posts per page to settings page
- added limit to frontend.js (setting does not change API behavior)
* Bio field now counts down.
* Bio filed count now turns red when < 20
* Cover image now has gradient
* Change button now has square corners
* Removed "forgot password" link
* Change password button is now red
* Change password button is now aligned with the form
* Hover state on the profile picture now reads "Edit Picture"
issue #432
adds a modal template for image uploads
adds buttons to settings page to upload images for blog logo and icon
once image is uploaded displays an 'X' to reset back to dropzone
saves image and renders settings page.
ToDo
add url field when clicking on url icon
fix position of 'X' for both settings and editor
closes#603, issue #395
- Changed hard-coded 'JOE BLOGGS' to use author data
- We still had api calls loading data server side before rendering pages.. which is unnecessary.
- Only thing using this was editor title, which is now populated client side
- May improve content screen load time.
Added a redirect call to the router instead of defaulting the pane. To
handle using the back button after clicking through to other tabs I
added an event listener on the route:settings event.
Closes#288
* I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`)
* Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
closes#367closes#368
- Adds Tag model with a many-to-many relationship with Post
- Adds Tag API to retrieve all previously used Tags (needed for suggestions)
- Allows setting and retrieval of Tags for a post through the Post's existing API endpoints.
- Hooks up the editor's tag suggestion box to the Ghost install's previously used tags
- Tidies the client code for adding tags, and encapsulates the functionality into a Backbone view
Fixes#469
- Added client-side trimming of title on blur if it is not already
trimmed.
- Added server-side trimming of title on 'saving' event of post model.
closes#488 and #107
- added dropdown for theme selection on general page
- added GET /api/v0.1/themes to retrieve available themes
- modified settings model to get available themes
- modified updateSettignsCache to remove path from settings.activeTheme
Fixes#352
- Removed one-off styles and code for the publish button. Publish button
now uses data-toggle attribute wired up in toggle.js and forms.scss.
- Ensured split button common styles are up to date to conform with
vendor prefixing of transform properties.
Closes#371
- Added a hide and fadeIn() to the render method in Settings.Pane
- Any Settings.Pane which overwrites render should now make sure the parent is called
- Run through grunt validate, all OK.
Closes#556
* New Ghost Logo Icon
* New Lightning Icon for plugins screen
* Remove old Ghost Logo Icon
* Moved #ghost to .ghost-logo to clean up conflicts with editor, previously fixed with dodgy overnesting
closes#422, issue #295
- Added GFM mode to codemirror
- Took the github.js extension for Showdown and added all useful behaviour
- Now supports strikethrough, line breaking and
multiple underscores, and auto linking urls & emails without breaking
definition urls
- Also added definition url handling in preparation for #295
- Added unit tests for the extentions individually and integrated with
showdown
This also includes a new jQuery function to get the transition duration of an element.
Modals animations now start when `.in` is applied to the modal container.
- Made fail warning and button display none to reduce DOM content.
- Made toolbar red for fail not orange
- Fixed loading-cat which was persistent in cases of low bandwidth (particularly downstream)
- CSS classes directly correspond to notification 'types'
- Error, warn and info are reasonably standard terms for descending priority 'log levels', using these to denote red, orange and blue notifications.
- introduced validation method in the post and user model
- moved signup validation onto model
- consistent use of validation & error messaging in the admin UI
- helper methods in base view moved to a utils object
Closed#514
Reverting change from @c46a0c6 where I moved the new word breaking CSS rules to the body tag to apply everywhere. This doesn't play nicely everywhere - so this change moves them back to just the content preview areas where they are needed.
closes#174
- Triggering router events for navigation between settings panes
caused the route function to be re-executed, which caused all
kinds of fun.
- Wrapped the settings route function in an if statement to preserve
the current view if it already a settings view.
- Added Ghost pub-sub and using that instead of History API
Closes#352
- Updated editor.scss to break out transition shorthand into its
constituent properties so that bourbon appends the correct vendor
prefixes.
- Added full set of publish options to the statusMap.
- Added setActiveStatus function to handle toggling the active action
for the publish menu.
- Cleaned up handleStatus and updatePost functions to match desired
functionality of menu items toggling the selected action and the actual
button on the split button invoking said action.
First pass at refactoring editor styles to make the Ghost writing experience more pleasurable.
- Larger font
- Bold title
- More space for writing
- Minor code standards cleanup
This change reduces the margin on the post editor between the title and body content from 15px to 5px. This change keeps the aesthetic of the editor, while enabling a little bit more body content to be on the screen at the same time. Small but significant adjustment.
Fixes#427
- Removed break-all, which was causing excessive behaviour detailed in the issue
- Removed -webkit- hyphen prefix, as both Chrome and Safari are ignoring it
- Firefox is currently the only browser respecting hyphens, the others simply break without hyphenating
closes#452
- changed keyboard shortcut to insert ![].. not !image[]
- changed regex in ghostdown to only work for ![]
- added a further regex in ghostdown to properly match for URLs inside the parens
Issue #465
- converted email fields throughout the site to be of type email
- converted the user website field to be of type url
- removed the browser validation by setting novalidate on the form, not the element
Closes#374
* Included node-validator as a package
* Implemented server side validation (the client side js is a mess, need a LOT of work)
* Validates email address both on signup and login screens, gives error message on malformed email addresses
* Requires at least 8 chars of password
* Tells user if password is too short
* Tells user if no such user on login
* Tells user if wrong password on login
* Tells user if server responds with a 404 (goes away, dies, etc)
* Added middleware between req and login / signup for validation
New standard - ALL .scss files are now indented 4 spaces, no tabs. I want to keep this *consistent* because it has been getting incredibly messy. This applies to all native Ghost sass - 3rd party files (normalize, typeplate, bourbon, breakpoint, etc) are not included. /cc @matthojo @erisds
Closes#354
* Reintroduced the redirect functionality (not logged in, tries to go to `/settings/user/`, is sent to `/login/` with info notification, after login user is taken to `/settings/user/)
* Reintroduced the "Successfully logged out" message
* Added middleware to scrub passive notifications from `ghost.notifications` after one use basically mimicing client side passive notifications
* Removed flash from everywhere. Even from package.json.
* Renamed flashed.hbs to notifications.hbs, modified default.hbs accordingly
* Added function to parse GET variables on client side
Show the model.validationError if one is present and also coalesce the
empty title for a more meaningful message. Also, reset the button text
after failure.
Closes#340. Closes#375
* Replaced session with id of current user
* Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy)
* Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't)
* If user has profile picture, that will be used
* If user has name, that will be used
* Password changing doesn't care about your email. Uses cookies. Tasty!
* User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`.
* Added logic to user api to check for `id === 'me'`, and then use the cookie value
* User data saves are now correct
* There is no logout error
This is simply a commit which improves the mobile interactions. This does not fix UI problems on mobiles.
New interactions;
Menu
* Swipe right on header to show sidebar
* Swipe left on sidebar to hide
Content
* Tap / Swipe left on item to show preview
* Swipe right to show content list
Settings
* Tap / Swipe left on link to show settings
* Swipe right on settings to show links
Closes#342.
It would be totally cool if we could have a Ghost.PubSub so we could hurl events there and pick them up somewhere else. For some reason all the backbone bits work on models, like `trigger` and `listenTo` and `delegateEvents`.