Commit Graph

38013 Commits

Author SHA1 Message Date
Ghost CI
be6916f066 Merged v5.74.5 into main 2023-11-28 12:58:26 +00:00
Ghost CI
df3eea908a v5.74.5 2023-11-28 12:58:24 +00:00
Fabien "egg" O'Carroll
07f9564eea 🔐 Restricted reading files from outside the theme directory
closes https://github.com/TryGhost/Product/issues/4191

Without this patch, themes can read arbitrary files from your system and
expose them to the internet via the layout feature of express-hbs.

For example `{{!< ../../../../config.production.json}}` would spit out config,
which can contain secrets.

As theme upload is restricted to users with the Admin role, this mostly effects
hosting providers which use their own secret keys for e.g. mail or database config
2023-11-28 12:46:06 +00:00
EchoBilisim
4d4b150fd8
Update comments.json (#19110) 2023-11-28 13:41:52 +01:00
Fabien 'egg' O'Carroll
616247b6d5
Indexed over members_newsletters(newsletter_id, member_id) (#19156)
refs https://github.com/TryGhost/Product/issues/4181

We were seeing slow queries when joining on this table, and the index
speeds them up. The down migration is tricky because when we add the
index MySQL can optimise away some `KEY` indexes on the `newsletter_id`
column. When we then go to remove the newly created index, there is no
index for the FK! 

We also remove the use of `force index` as 1. the index we're forcing is
optimised away and 2. we don't need it anymore!


Co-authored-by: Daniel Lockyer <hi@daniellockyer.com>
2023-11-28 12:20:14 +00:00
renovate[bot]
7d564d4173 Update dependency fs-extra to v11.2.0 2023-11-28 11:54:44 +01:00
Sodbileg Gansukh
9ae45adda1
Added sorting direction option to individual sort option (#19154)
no issues

- SortMenu component used to have only one global default direction
option, however, the sorting options needed individual default sorting
direction. e.g. desc for created data, or asc for name etc
- this adds an optional sorting direction option to sorting options, so
when they're defined, they'd override the global default sorting
direction
2023-11-28 09:32:13 +00:00
Ronald Langeveld
9f3c644e2a
Added validation to Offers X input fields (#19153)
refs https://github.com/TryGhost/Product/issues/4206

- added validation to input fields when creating a new offer
2023-11-28 07:59:53 +00:00
Steve Larson
e2807475f8
Updated editor packages (#19151)
closes TryGhost/Product#4204
- updated editor packages to get improvements to TK Plugin
2023-11-27 18:02:26 -06:00
Sag
54ee8d3389
Updated newsletter email verification to render the verified address (#19148)
refs GRO-80
- added a new meta field "email_verified" to the /verification endpoint
for newsletters. This meta field contains which email has been verified,
"sender_email" or "sender_reply_to"
- updated copy in newsletter settings, based on which email has been
verified
2023-11-27 18:28:57 +00:00
Sodbileg Gansukh
2f0cd97011 Added a message to offers tied to an archived tier 2023-11-27 21:48:17 +08:00
Simon Backx
6c37382bc3
Fixed requiring verification email for default address (#19140)
fixes GRO-79

When changing the Reply-To to the default address, the verification
email is now skipped.
2023-11-27 10:45:34 +00:00
Sodbileg Gansukh
b9de456026
Better no offers handling in offers list screen (#19138)
no issues

- active/archived tabs are no longer hidden, they're always visible
regardless of if there's an offer or not
- same for the modal footer, it's always visible
- used a simple NoValueLabel component instead of custom no offers view
2023-11-27 09:01:47 +00:00
Ronald Langeveld
b9d7c2d3a5
Fixed portal not loading on deep linking to Add new Offer (#19137)
no issue

- fixed an issue that caused the portal iframe embed not to load when
visiting the `offers/add` url directly.
2023-11-27 10:51:05 +02:00
Ghost CI
d30a6633ab v5.74.4 2023-11-27 07:56:41 +00:00
Ghost CI
bae7ca957d 🎨 Updated Source to v1.1.1 2023-11-27 07:56:41 +00:00
Daniel Lockyer
28e59b5444
Merged tag 'v5.74.3' into main
v5.74.3
2023-11-27 08:48:04 +01:00
Sodbileg Gansukh
c2ee21a345 Added frontend validation to the offers add/edit modals in AdminX 2023-11-27 15:08:32 +08:00
Sodbileg Gansukh
b111b7c719 Improved mobile styles for the offers in AdminX 2023-11-27 14:17:58 +08:00
Kevin Ansfield
b4ee76af5e
🐛 Fixed error when loading editor in Safari versions earlier than 16.4 (#19127)
no issue

- bumped `@tryghost/koenig-lexical` to version that no longer uses negative lookbehind in a regex which wasn't supported in Safari until version 16.4
2023-11-24 15:33:18 +00:00
Ghost CI
c6b86abb12 v5.74.3 2023-11-24 14:55:14 +00:00
Kevin Ansfield
761cc65d8f
🐛 Fixed error when loading editor in Safari versions earlier than 16.4
no issue

- bumped `@tryghost/koenig-lexical` to version that no longer uses negative lookbehind in a regex which wasn't supported in Safari until version 16.4
2023-11-24 14:41:43 +00:00
Ronald Langeveld
d729e7aa21
Fixed exit route on offers modal (#19126)
no issue

- when clicking outside the Edit or Add modal, it would clear the modal,
but not the route. This modifies the route to clear as well.
2023-11-24 12:18:50 +00:00
Ronald Langeveld
62b71fb4c0
Fixed offers index pricing decimals (#19125)
no issue

- changes the price tags on the offer cards to two decimal places.
2023-11-24 14:06:19 +02:00
Ronald Langeveld
41ee387af2
Fixed Offers portal preview edge cases (#19124)
no issue

- cleaned up offers portal preview.
- fixes a few logic errors and potential edge cases and making it easier
to maintain.
2023-11-24 12:32:45 +02:00
Sag
819ddccc72
Fixed validation and edge cases for managed email UI (#19121)
refs GRO-73

- fixed validation for reply-to address
- fixed rendering of default values for reply-to and sender-from fields
- added a temporary generic message for the verification confirmation,
so that it's compatible with both reply-to and from address changes. The
message will be improved in a follow-up commit (pending an API change).
2023-11-23 22:30:28 +00:00
Peter Zimon
8a5e9fb9f6
Admin X Design System docs (#19120)
refs. https://github.com/TryGhost/Product/issues/4169

- Added Layout documentation to design system
- Added note about usage of Toast component
2023-11-23 16:18:59 +01:00
Jono M
759848caad
Remove Toaster from AdminX demo (#19119)
no issue

It's already rendered by `DesignSystemApp` so we shouldn't need to add
it explicitly.
2023-11-23 14:59:36 +00:00
Simon Backx
a037ce3dde
Added calculated email address settings (#19115)
fixes GRO-73

We need to avoid duplicating the complex logic for determining the
default email address and the support email address. So these are now
exposed as calculated settings.
2023-11-23 13:07:15 +00:00
Jono M
a8083960d8
Added test examples to AdminX demo (#19116)
refs https://github.com/TryGhost/Product/issues/4182

Updated framework to include shared test config for easier app setup.
2023-11-23 12:59:48 +00:00
Simon Backx
17ec1e8937
Added email address alignment protections (#19094)
ref GRO-54
fixes GRO-63
fixes GRO-62
fixes GRO-69

When the config `hostSettings:managedEmail:enabled` is enabled, or the
new flag (`newEmailAddresses`) is enabled for self-hosters, we'll start
to check the from addresses of all outgoing emails more strictly.

- Current flow: nothing changes if the managedEmail config is not set or
the `newEmailAddresses` feature flag is not set
- When managedEmail is enabled: never allow to send an email from any
chosen email. We always use `mail.from` for all outgoing emails. Custom
addresses should be set as replyTo instead. Changing the newsletter
sender_email is not allowed anymore (and ignored if it is set).
- When managedEmail is enabled with a custom sending domain: if a from
address doesn't match the sending domain, we'll default to mail.from and
use the original as a replyTo if appropriate and only when no other
replyTo was set. A newsletter sender email addresss can only be set to
an email address on this domain.
- When `newEmailAddresses` is enabled: self hosters are free to set all
email addresses to whatever they want, without verification. In addition
to that, we stop making up our own email addresses and send from
`mail.from` by default instead of generating a `noreply`+ `@` +
`sitedomain.com` address

A more in depth example of all cases can be seen in
`ghost/core/test/integration/services/email-addresses.test.js`

Includes lots of new E2E tests for most new situations. Apart from that,
all email snapshots are changed because the from and replyTo addresses
are now included in snapshots (so we can see unexpected changes in the
future).

Dropped test coverage requirement, because tests were failing coverage
locally, but not in CI

Fixed settings test that set the site title to an array - bug tracked in
GRO-68
2023-11-23 10:25:30 +01:00
Sodbileg Gansukh
17804dd3ac Various design fixes for offers in Adminx 2023-11-23 17:15:03 +08:00
Peter Zimon
7f451b2627
Admin X demo detail page (#19105)
refs. https://github.com/TryGhost/Product/issues/4169

- the detail page for the Admin X proto app was empty
- the asc/desc selector of the SortMenu component in the design system needed a bit of refinement
- page toolbar was not set
2023-11-23 08:18:41 +01:00
Princi Vershwal
876f13c075
Fixed no offer screen and tab view
Ref: https://github.com/TryGhost/Product/issues/4188
2023-11-23 07:01:53 +00:00
Chris Raible
a97e2b823e
Added error handling to Sentry's beforeSend (#19109)
refs TryGhost/Product#4175

- Added error handling to Sentry's beforeSend function in both Admin and
Core, so if there is any error in beforeSend, we will still send the
unmodified event to Sentry
- This is in response to an incident yesterday wherein the beforeSend
function threw an error due to an unexpected missing value in the
exception. The event sent to Sentry was the error in the beforeSend
function, and the original error never reached Sentry.
- If the original event had reached Sentry, even if unmodified by the
logic in beforeSend, we could have been alerted to the issue sooner and
more easily identified all affected sites.
- Also added defensive logic to protect for certain values in the
exception passed to beforeSend not existing and added unit tests for the
beforeSend function in admin and core
2023-11-23 02:46:50 +00:00
Sag
ff70ffec67
Updated newsletter settings UI for managed email (#19082)
refs GRO-59
refs GRO-56
refs GRO-52

- When email is managed without a custom domain, do not allow the Sender
Email address to be changed, but allow Reply-to address to be changed to
any address the publisher can verify
- When email is managed with a custom domain, allow both Sender and
Reply-to addresses to be changed without verification, but not their
domain names

---------

Co-authored-by: Djordje Vlaisavljevic <dzvlais@gmail.com>
2023-11-23 02:07:14 +00:00
Steve Larson
f981993ba4
Revert "🎨 Updated editor layout to be more mobile friendly (#19103)" (#19108)
no refs

This reverts commit 329488139a.

- updates for mobile result in the locator queries finding two elements
instead of one, causing tests to fail
- reverting for now until we take a look closer with mobile, as it seems
CI is running at a mobile size
2023-11-22 19:26:17 +00:00
Steve Larson
4b1f61f947
Wired up TK count to confirmation flow (#19107)
closes TryGhost/Product#4185
- display TK count in the TK reminder/confirmation modal
2023-11-22 19:12:50 +00:00
Princi Vershwal
4f518153aa
Fixed offers for archive tiers 2023-11-22 18:42:24 +00:00
Kevin Ansfield
5c32b6ccbf
Wired up TK reminder step in publish flow (#19104)
refs https://github.com/TryGhost/Product/issues/4184

- set up property on the editor controller for tracking number of TKs, action for updating it, and reset mechanism to ensure we go back to 0 when switching post
- uses random number for now pending `<TkPlugin>` being updated to expose the TK count
- passed TK count data to the publish flow modal so it can show a reminder step before the publish options step when there are still TKs in the post content
- added `onCountChange` prop to `<TkPlugin>` ready for the count feature to be implemented
2023-11-22 17:19:19 +00:00
Sanne de Vries
329488139a
🎨 Updated editor layout to be more mobile friendly (#19103)
Refs https://github.com/TryGhost/Product/issues/3712
2023-11-22 16:55:25 +00:00
Peter Zimon
82a775086c
Admin X design system updates (#19102)
refs. https://github.com/TryGhost/Product/issues/4169

- some of the new components were not prepared for mobile sizes and dark
mode
- Storybook settings had to be updated to include mobile sizes that
reflect the actual system
2023-11-22 15:53:23 +00:00
Jono M
9848469568
Added detail page routing to AdminX demo app (#19101)
refs https://github.com/TryGhost/Product/issues/4183
2023-11-22 15:43:03 +00:00
Sanne de Vries
ec332520eb
Added static TK reminder step to publishing flow (#19049)
Refs https://github.com/TryGhost/Product/issues/4165
2023-11-22 15:36:20 +00:00
Jono Mingard
efc0f68b96 Merge tag 'v5.74.2'
v5.74.2
2023-11-22 14:53:42 +00:00
renovate[bot]
5969614a58 Update dependency miragejs to v0.1.48 2023-11-22 15:50:35 +01:00
Steve Larson
98215c6fea
Updated TK Reminders plugin use (#19100)
refs TryGhost/Product#4155
- moved plugin to top level so we can pass in props
2023-11-22 14:48:05 +00:00
Ghost CI
5299d1176e v5.74.2 2023-11-22 14:37:51 +00:00
Steve Larson
0954e08cf9
🐛 Fixed creating posts with an empty root (#19098) (#19099)
refs TryGhost/Product#4156
- bumped renderer package to handle empty root node
2023-11-22 08:26:09 -06:00
Steve Larson
03fec65fd5
🐛 Fixed creating posts with an empty root (#19098)
refs TryGhost/Product#4156
- bumped renderer package to handle empty root node
2023-11-22 14:18:26 +00:00