Commit Graph

194 Commits

Author SHA1 Message Date
Hannah Wolfe
119b0ea430 Merge branch '0.3.2-wip'
Conflicts:
	core/client/assets/lib/uploader.js
2013-10-11 20:56:15 +01:00
jamesbloomer
9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files.
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
2013-10-11 18:05:31 +01:00
Hannah Wolfe
c732cd2ccb Adding xss unit test
issue #938
2013-10-10 16:43:25 +01:00
Sebastian Gierlinger
6ff17c78a2 Fix filepaths for config and upload
no issue
- added appRoot to config-loader.js
- modified uploader to use correct path
- modified tests
2013-10-10 12:44:31 +02:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b Escaping several fields to prevent XSS
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
2013-10-09 19:13:13 +01:00
William Dibbern
8ef27f0590 Refactored tests
Fixes #362

- There is no need to set the viewport on functional tests anymore
unless something other
than the default of 1280x1024 is desired.
- There is no need to invoke `casper.run` to trigger `test.done`
anymore for functional tests.
- Each test works independently of the rest; registration is handled
once for the lifetime of the test run and then login/logout can be
invoked automatically as desired.
- Mocha tests all utilize predefined, more realistic fixtures when
appropriate.
- Renamed old api tests that were really model tests as appropraite.
- Added example api test for posts.
2013-10-07 21:05:25 -05:00
John O'Nolan
ba0ae3b4d8 Set sensible admin meta title 2013-09-28 16:21:59 +02:00
Hannah Wolfe
6bd62538af Merge branch '0.3.1-wip'
Conflicts:
	core/server/controllers/admin.js
2013-09-27 17:22:55 +01:00
Hannah Wolfe
ee8d8102db Merge pull request #923 from ErisDS/0.3.1-wip-mysql
0.3.1 wip mysql
2013-09-27 05:04:45 -07:00
Hannah Wolfe
5c10f6608c Unit Test fixes for MySQL
issue #858

- there is no guaranteed order to arrays, so sort before testing them
- tests run much faster, date comparisons fail
- settings tests are more explicit, otherwise they fail random validations
- dates must be inserted as date objects
2013-09-27 12:52:31 +01:00
Hannah Wolfe
50a16ceb76 Test Cleanup 2013-09-27 11:36:12 +01:00
Hannah Wolfe
e411ed6889 No autolinking inside of code blocks
closes #865

- rejigged markdown to have some functionality before showdown runs, and other functionality before.
- autolinking now happens last, so it can be smarter
2013-09-27 11:35:44 +01:00
Hannah Wolfe
8c6519fde7 Don't output image tag for empty source
closes #866

 - ensures we don't end up creating any more empty image tags.
2013-09-27 11:30:41 +01:00
Jacob Gable
a9c0359f18 Add some unit tests for post saving
- Confirm published_at for new posts
- Confirm slug generating on saving posts
2013-09-26 23:15:43 +01:00
Jacob Gable
088518936c Configuration validation in config-loader
Added a couple sanity checks to the config during the loadConfig call.

- Check that the config exists for the current NODE_ENV
- Check that the config.url exists and is valid structure
- Check that the config.database exists
- Check that the config.server exists and has a port and host value
2013-09-26 23:07:48 +01:00
jamesbloomer
55048d6a20 Fix image upload tests on windows
closes #826
- on windows the fs.exists call had windows style back slashes
- set up the test to cope with either (not the most elegant but works)
2013-09-26 15:19:05 +01:00
jamesbloomer
8e3ddcbdcc Trim version number to major and minor numbers only in meta tag
closes #880
- as the version number is under control from package.json use regex to trim
2013-09-26 15:00:05 +01:00
Hannah Wolfe
02a02054e8 Handle duplicate tags on import
closes #890

- importer only adds tags which don't exist.
- added back the import unit tests - these are basic for now
2013-09-25 11:30:59 +01:00
jamesbloomer
c215626d2b Use file mime type rather than extension to check server side if image upload is a valid file
closes #705
- uses the file type passed by express/connect
- relies on the type being set correctly by the browser upload
- doesn't reread the file to check
2013-09-20 13:20:59 +01:00
Hannah Wolfe
477c4c59fa Merge pull request #843 from cgiffard/500-errors
500 Series Error Handling & Stack Traces
2013-09-18 22:52:52 -07:00
Hannah Wolfe
43fe50ca7b New Tag in fixture breaks Tag tests 2013-09-19 06:50:32 +01:00
Christopher Giffard
9c8b02949a 500 Series Error Handling & Stack Traces
Fixes #825

- Changes the way the error middleware is delivered in server.js, moving
  all the logic back into errorHandling.js
- Alters error logging to use console.error (probably more appropriate) instead
  of console.log
- Changes error tests to accomodate for these alterations
- Alters user-error and error hbs templates to incorporate stack traces
- Adds additional styling for error pages to accomodate stack traces
- Added logic to parse and deliver formatted stack traces

Notes:
======

- Jslint gets in the way of the regex I've got to use to parse the stack.
  (It cites 'security reasons' which are not relevant in this case.)
  I needed to add a condition to relax it at the top of errorHandling.js
- The stack trace should probably be added as a partial, but I figured it
  was out of scope for this PR.
2013-09-19 13:01:20 +10:00
Hannah Wolfe
c7a91ffff1 Removing FancyFirstChar plugin
- requires removal of most of the plugin tests
2013-09-18 19:49:10 +01:00
jamesbloomer
36f218abaf Remove temporary files when uploading images
closes #502
part of #705
- copy the files but then remove the temporary ones
- moving instead of copying was problematic due to moving across devices
- still need to convert code to using promises
2013-09-18 09:15:21 +01:00
cobbspur
713e4c0d5c Adds slashes to urls
ref issue #448

- adds slashes to urls, templates and tests

TODO

Add function to add slash to urls automatically
2013-09-17 02:39:55 +01:00
Hannah Wolfe
8c76706bb0 Merge pull request #758 from ErisDS/uploads-in-editor
Save image uploads in the editor
2013-09-16 13:37:49 -07:00
Hannah Wolfe
0021fb7a95 Save image uploads in the editor
closes #295

- Maintain a list of markers for CodeMirror which reference image codes
- Upload start triggers a selection
- Upload success replaces the selection
- No ref-style image markdown handling
- Showdown image URL handling improved at the expense of titles
- Tests updated
2013-09-16 18:08:49 +01:00
Sebastian Gierlinger
141361c40e Escape RSS post title
closes #755
- added html escape for post title
- changed author for rss feed to current user
- added simple test to check rss is working
2013-09-16 13:11:53 +02:00
Hannah Wolfe
1ee0d51660 Merge pull request #730 from jgable/gruntClientFiles
Compile assets with grunt
2013-09-16 01:57:08 -07:00
Hannah Wolfe
281177d08e Merge pull request #757 from gotdibbs/Issue258
Infinite Scroll Pagination for content screen
2013-09-16 01:05:27 -07:00
William Dibbern
4b8806ec1d Infinite Scroll Pagination for content screen
Fixes #258

- Modified post collection to have default values for paging.
- Added scroll handler to content view to check for more posts and load
as appropriate.
- Sanitized result from server-side post paging, ensure page # is
returned as an integer.
- Added a functional test stub.
2013-09-15 18:34:23 -05:00
Hannah Wolfe
881e861295 Merge pull request #754 from gotdibbs/Iss667
Publish button amendments
2013-09-15 15:16:41 -07:00
John O'Nolan
fe17e1f385 User profile refactor
Fixes #708
2013-09-15 22:42:30 +01:00
William Dibbern
07629dd9ab Publish button amendments
Fixes #667

- Removed superfluous as-of-yet-unused options in the publish menu.
- Adjusted display names of publish buttons according to differing
states the publish menu can be in (new post, saved draft, published
post).
- Added red highlight style to "important" status change options in the
publish menu (draft => published, published => unpublished).
- Added suite of functional tests around new labels and classes.
2013-09-15 14:52:09 -05:00
Jacob Gable
63eb9581ea Compile assets with grunt
- Made a helper called ghostScriptTags that will spit out the relevant
  script tags with version parameter; 4 unminified files in development,
  1 minified file in production.
- Added grunt concat and uglify tasks to build files into core/built
- Fixed some unit tests by making them native date objects
2013-09-15 14:06:42 -05:00
Hannah Wolfe
8d038b8bf2 One exporter to rule them all
closes #733

- Exporter will read meta data to determine the tables which are present and export all data from those tables
- Exporter figures out which version to export, rather than requiring that information
- deleted old exporters
2013-09-15 17:04:42 +01:00
Hannah Wolfe
71a92194ca Improved error messaging
closes #748

- Removed the alpha software warning
- Better error message output for the whole app - can now specify an error, a context, and a help message
- Improved invalid node version, start and stop messaging
- Listens for Ctrl+C and exits nicely
- Minor improvements to handling and errors with old DBs (temporary)
2013-09-15 13:52:58 +01:00
Hannah Wolfe
a144d677e6 Updating unit tests
- Commented out import/export tests until they are refactored
- Updating tests to ensure they create objects which conform to the new much stricter schema.
2013-09-15 00:22:16 +01:00
Hannah Wolfe
9fcc0a6ed6 Renamed currentVersion setting to databaseVersion to avoid confusion with software version 2013-09-14 22:13:59 +01:00
Hannah Wolfe
d968495996 Mass renaming of things
Conflicts:
	core/client/views/settings.js
	core/server/models/user.js
2013-09-14 21:56:07 +01:00
Hannah Wolfe
0b1ffcd1f5 Updating settings types
- issue #573, issue #632
2013-09-14 19:04:41 +01:00
Hannah Wolfe
3fab1f708a Merge pull request #728 from skattyadz/default-settings-validations
Conflicts:
	Gruntfile.js
	core/server.js
	core/server/data/default-settings.json
	core/test/unit/admin_spec.js
2013-09-14 14:37:52 +01:00
Adam Howard
3823d10c35 Restructure default-settings.json and add validations to important settings. 2013-09-14 14:29:27 +01:00
Hannah Wolfe
63d8cbb87c Unit tests require config file to be present.
Conflicts:
	Gruntfile.js
	core/test/unit/admin_spec.js
2013-09-14 14:07:05 +01:00
Sebastian Gierlinger
35a32279d9 Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-14 13:14:00 +01:00
ericterpstra
e2bc5257a6 Added post-settings menu with edit permalink field
closes #370
- Added new Backbone view for post settings menu
- Moved sass styles to global.scss for post settings menu items
- Added field to change post slug (permalink) using existing slug
  validation
2013-09-13 12:36:38 -05:00
Hannah Wolfe
e9d2646997 Refactoring tests to always run as expected
closes #721

- we now have grunt test-unit for safely running unit tests.
2013-09-13 15:12:38 +01:00
Adam Howard
f6b86a98ff Fix bug preventing tags from being saved when a Post is created.
Fixes #658
2013-09-13 14:30:22 +01:00
Hannah Wolfe
7d3eb512f6 Unit tests require config file to be present. 2013-09-13 08:24:28 +01:00