Hannah Wolfe
e000207a49
Contributing update
2013-10-14 15:10:13 +01:00
Hannah Wolfe
8ab4552ca0
Merge pull request #1011 from buddhamagnet/amend-readmes
...
Added full stops to READMEs
2013-10-14 06:41:12 -07:00
buddhamagnet
ec00b71b09
added full stops to READMEs
2013-10-14 13:56:09 +01:00
Hannah Wolfe
c76a2410aa
Merge pull request #1010 from moritzh/master
...
Update README.md
2013-10-14 05:28:55 -07:00
moritz haarmann
10fa96a3d1
Update README.md
...
Small typo in Readme fixed
2013-10-14 14:24:33 +02:00
Hannah Wolfe
119b0ea430
Merge branch '0.3.2-wip'
...
Conflicts:
core/client/assets/lib/uploader.js
2013-10-11 20:56:15 +01:00
Hannah Wolfe
b4e04b3650
Fix for image uploads
...
- express 3.4.0 uses connect 2.9.0 which had a sizable change to how multipart woks
- this change resulting in req.files.uploadimage.type going away
2013-10-11 20:26:09 +01:00
Hannah Wolfe
b544ee7ed6
Revert "Updated to latest version of express-hbs"
...
This reverts commit d169bba3f8
.
Conflicts:
package.json
2013-10-11 20:14:58 +01:00
Hannah Wolfe
f30e356e7c
Revert "Updated to latest version of express"
...
This reverts commit c95d469eb3
.
Conflicts:
package.json
2013-10-11 20:13:44 +01:00
Hannah Wolfe
b4d5918fac
Version bump for 0.3.2
...
- added optional mysql dependency
- removed .afignore
- updates to .gitignore to ignore any additional themes or plugins
2013-10-11 18:21:14 +01:00
Hannah Wolfe
d47b19b491
Added grunt release task
...
closes #941
Conflicts:
Gruntfile.js
2013-10-11 18:19:03 +01:00
Hannah Wolfe
4c89422b0d
Added SECURITY.md file
...
closes #989
2013-10-11 18:17:37 +01:00
Hannah Wolfe
e613d88167
Merge pull request #997 from cobbspur/uploadrefactor
2013-10-11 18:15:45 +01:00
cobbspur
c52a10cd1a
fixed image upload url synchronicity and url removed on cancel
...
closes #988 , closes #956 , closes #975
- fixed multiple ids and refactored triggers
- persistence requirement overridden
- trash can now removes url in editor
- if empty url is saved http:// is inserted and dropzone initialized
Conflicts:
core/client/assets/lib/uploader.js
2013-10-11 18:15:17 +01:00
Hannah Wolfe
0bb5e8702a
Merge pull request #980 from jamesbloomer/lockdown-assets-rebase
2013-10-11 18:06:11 +01:00
jamesbloomer
9d114c7fa6
Lock down theme static directory to not serve templates, markdown and text files.
...
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
2013-10-11 18:05:31 +01:00
Hannah Wolfe
6db7e6d96e
Merge pull request #1000 from sebgie/issue#872
2013-10-11 13:19:12 +01:00
Sebastian Gierlinger
b040ea3365
Change from address
...
closes #872
- changed from address to use config.mail.fromaddress
- changed from address to default to settings.email
2013-10-11 12:49:33 +01:00
Hannah Wolfe
c732cd2ccb
Adding xss unit test
...
issue #938
2013-10-10 16:43:25 +01:00
Hannah Wolfe
9466a9753b
Merge branch '0.3.2-wip'
...
Conflicts:
core/test/unit/api_posts_spec.js
2013-10-10 16:37:35 +01:00
Hannah Wolfe
a37d487ffd
Merge pull request #992 from pmgarman/spacelys-sprockets-n-sockets
2013-10-10 16:19:42 +01:00
Hannah Wolfe
31e2737cfd
Update config validation to allow for socket only
...
issue #887
2013-10-10 16:13:02 +01:00
Patrick Garman
97f592aa41
Allow Ghost to run using sockets
...
Closes #887
- Adds getSocket function > Returns the socket location if sockets are enabled or false
- Adds startGhost function > Callback for server.listen
2013-10-10 16:12:28 +01:00
Hannah Wolfe
03ee256da6
Merge pull request #922 from matthojo/SASS-Compress
2013-10-10 15:40:27 +01:00
Matthew Harrison-Jones
5daa46276c
SCSS is now compressed on build
2013-10-10 15:27:07 +01:00
Hannah Wolfe
54f8a04779
Merge pull request #996 from ErisDS/0.3.2-tagfixes
...
Improving tag handling in post_class and body_class
2013-10-10 07:05:15 -07:00
Hannah Wolfe
7b28056849
Merge pull request #995 from ErisDS/xss
...
XSS
2013-10-10 07:04:50 -07:00
Hannah Wolfe
e31622aa3b
Merge pull request #998 from sebgie/config-file-path
...
Fix filepaths for config
2013-10-10 07:03:05 -07:00
Sebastian Gierlinger
6ff17c78a2
Fix filepaths for config and upload
...
no issue
- added appRoot to config-loader.js
- modified uploader to use correct path
- modified tests
2013-10-10 12:44:31 +02:00
Hannah Wolfe
f1317b84af
Improving tag handling in post_class and body_class
...
closes #967 , closes #987
- use slug instead of name (it's unique)
- get tags even if we aren't inside the post context
- add tag handling to body_class too
2013-10-09 19:51:55 +01:00
Hannah Wolfe
f5d617d8d4
Merge pull request #925 from matthojo/New-line
...
Added new paragraph keyboard shortcut
2013-10-09 11:32:43 -07:00
Hannah Wolfe
14ac437763
Updating to latest Casper
...
- triple braces for post titles everywhere
2013-10-09 19:29:38 +01:00
Hannah Wolfe
95f9fce3be
Swapping escape to sanitze
...
issue #938
- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Tim Griesser
c9235ccb0b
Escaping several fields to prevent XSS
...
issue #938
- escapes post's title field
- escapes settings title, description, email
- escapes user's name field
- includes test for post title
2013-10-09 19:13:13 +01:00
Hannah Wolfe
59d69f273e
Merge pull request #984 from matthojo/Loading-Bar
...
Loading bar
2013-10-09 09:32:13 -07:00
Hannah Wolfe
b5c5d531d1
Fix for unhandled promise on fresh db startup
...
issue #977
- As of the addition of when/monitor/console we now get errors about unhandled promises
- This fixes one which appeared when starting up without a DB
2013-10-09 16:58:50 +01:00
Matthew Harrison-Jones
58417c2a8d
Added in functionality for a working loading bar
2013-10-08 16:39:07 +01:00
Matthew Harrison-Jones
fdf5e3d69e
Revert "loading bar implementation"
...
This reverts commit de6b8ee9b3
and 16742bcaef
2013-10-08 14:12:46 +01:00
Hannah Wolfe
53dc1b4466
Merge pull request #983 from gotdibbs/Issue362
...
Refactored tests
2013-10-08 03:04:15 -07:00
William Dibbern
8ef27f0590
Refactored tests
...
Fixes #362
- There is no need to set the viewport on functional tests anymore
unless something other
than the default of 1280x1024 is desired.
- There is no need to invoke `casper.run` to trigger `test.done`
anymore for functional tests.
- Each test works independently of the rest; registration is handled
once for the lifetime of the test run and then login/logout can be
invoked automatically as desired.
- Mocha tests all utilize predefined, more realistic fixtures when
appropriate.
- Renamed old api tests that were really model tests as appropraite.
- Added example api test for posts.
2013-10-07 21:05:25 -05:00
Hannah Wolfe
d169bba3f8
Updated to latest version of express-hbs
...
issue #830
2013-10-07 16:42:25 +01:00
Hannah Wolfe
d58e379c83
Merge pull request #977 from tgriesser/debugging
...
Adding when/monitor/console
2013-10-07 06:39:09 -07:00
Hannah Wolfe
c95d469eb3
Updated to latest version of express
...
closes #875
2013-10-07 14:31:57 +01:00
Tim Griesser
ccd7b211f2
adding when/monitor/console
2013-10-07 09:28:53 -04:00
Hannah Wolfe
00bf88472a
Merge branch '0.3.2-wip'
2013-10-06 20:33:53 +01:00
Hannah Wolfe
cd929f19b3
Merge pull request #954 from jgable/fixChangePasswordEnter
...
Fix pressing enter key on user settings
2013-10-05 12:25:26 -07:00
Hannah Wolfe
c0d5167f7d
Merge pull request #948 from javorszky/0.3.2-wip
...
Fixes config.example.js
2013-10-05 12:16:32 -07:00
John O'Nolan
34762ce1be
Move webfonts to // rather than http://
...
https://en.ghost.org/forum/bugs-suggestions/475-suggestion-remove-system-dependence-on-google-web-fonts
2013-10-04 09:48:51 +02:00
Hannah Wolfe
4bc8db57cc
Merge pull request #918 from gotdibbs/Issue877
...
Fix a couple of issues when there are no posts
2013-10-03 07:40:11 -07:00
Hannah Wolfe
ba0b6982a4
Trailing slashes for cache invalidation headers
...
issue #963
2013-10-02 16:14:35 +01:00