no issue
- added check that a combination of email + expires is rejected after
10 attempts
- changed comparison to time independent method
Thanks to @chiiph for reporting this issue!
closes#1866, fixes#2067, fixes#2068
- Upgrade client side moment to 2.4.0 to match the server side script.
- Add a guard to pub date to fix#2067
- Add new format to close#1866
closes#1837
- moved admin theme static resource service above 'checkSSL', otherwise
when forceAdminSSL is true it will try to redirect them to HTTPS, and
error pages will be unstyled
closes#1836
- adding server.enable('trust proxy') to let connect framework do the work
of detecting X-Forwarded-Proto header
- replacing explicit checking for the X-Forwarded-Proto header with just
'req.secure' boolean check
Closes#1605
* Move styling for `#signup`, `#forgotten`, `#reset`, `#login`, `#usermenu` and `#notifications` to classes
No IDs have been added or removed, so any events shouldn't be affected and it passes all tests.
closes#2028
- Instead of binding and unbinding the click event, bind the data to the
outer scope so we can use a standard click handler.
- Use removeProp instead of setting the property to false when enabling.
- Use the `disabled` as value when disabling.
fixes#1908
- each individual update function handles rendering its own item on success or failure, rather than re-rendering the whole group
- also resolved a bug where the published date didn't get reset properly on error
Fixes#1841
* Added initial flag "no" for submission into Signup View
* Flag set to "yes" if submit button clicked
* Error thrown if flag is "yes", thus no subsequent submission sent to API
* Flag set to "no" if ajax returns with error
issue #2015
- this is another little workaround / improvement to try to reduce the number of people who end up with a published post with no published_at set
- I assume we need to complete #1655 to fix this properly
fixes#2011
- rather than trigger NProgress for fetch calls
I’ve moved it to be used for all sync calls
- issue #2011 was a result of NProgress only being
called during a fetch() call, which when saving
is not used - save() is. Sync is used by all
ajax calls.
fixes#2000
- resolves errors when attempting to start Ghost without the active theme present
- the frontend will render a 500 error page safely
- issues with themes that have an error template are resolved separately in #2018
fixes#1964, fixes#1975
- Issues with partial handling which caused #1964 have been part fixed by handlebars, part worked around by express-hbs, we must use `registerPartials` to ensure partials are handled correctly.
- Issue with error handling which caused #1975 has also been fixed in express-hbs, which now catches the error from handlebars and passes it to express so that we can handle the error with an error page.
fixes#1782
- added builtFilesExist function to check for files during startup.
If built files do not exist Ghost startup is stopped and a link
to the documentation is displayed.
- exported a scriptFiles object from server/helpers.
- added a builtScriptPath to the paths module.
- removed "js-msg" about missing javascript from the UI.
closes#1947
- added fieldtype: medium for posts.html
- changed fieldtype: medium for posts.markdown
- added method to fix databases created with wrong field type
- added tests for database version 002
fixes#1498
- emails are no longer converted to lowercase, local mailbox can validly
be mixed case
- getByEmail uses JS to compare emails to ensure we can support unicode
- tests that users can be retrieved by their email address with case
insensitivity
