From 3dea6431df899b75197fd44a2106a60b1c71f675 Mon Sep 17 00:00:00 2001
From: Hannah Wolfe <erisds@gmail.com>
Date: Sun, 12 Jan 2014 17:08:12 +0000
Subject: [PATCH] Ensure cookies are only ever set for admin

fixes #1901

- Adds a trailing slash to the cookie path
- Resolves random log-outs
- Adds a test which proves the case
---
 core/server/middleware/index.js              |  3 ++-
 core/test/functional/routes/frontend_test.js | 11 +++++++++++
 core/test/utils/fixtures/data-generator.js   |  4 ++--
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/core/server/middleware/index.js b/core/server/middleware/index.js
index 236028ffb5..889f3248b8 100644
--- a/core/server/middleware/index.js
+++ b/core/server/middleware/index.js
@@ -234,8 +234,9 @@ module.exports = function (server, dbHash) {
     expressServer.use(express.urlencoded());
 
     // ### Sessions
+    // we need the trailing slash in the cookie path. Session handling *must* be after the slash handling
     cookie = {
-        path: subdir + '/ghost',
+        path: subdir + '/ghost/',
         maxAge: 12 * ONE_HOUR_MS
     };
 
diff --git a/core/test/functional/routes/frontend_test.js b/core/test/functional/routes/frontend_test.js
index 56c2ba172f..7c329e9b23 100644
--- a/core/test/functional/routes/frontend_test.js
+++ b/core/test/functional/routes/frontend_test.js
@@ -249,6 +249,17 @@ describe('Frontend Routing', function () {
         });
     });
 
+    describe('Post with Ghost in the url', function () {
+        // All of Ghost's admin depends on the /ghost/ in the url to work properly
+        // Badly formed regexs can cause breakage if a post slug starts with the 5 letters ghost
+        it('should retrieve a blog post with ghost at the start of the url', function (done) {
+            request.get('/ghostly-kitchen-sink/')
+                .expect('Cache-Control', cacheRules['public'])
+                .expect(200)
+                .end(doEnd(done));
+        });
+    });
+
     describe('Static assets', function () {
         it('should retrieve shared assets', function (done) {
             request.get('/shared/img/usr-image.png')
diff --git a/core/test/utils/fixtures/data-generator.js b/core/test/utils/fixtures/data-generator.js
index cafbc38ca0..4098557a8a 100644
--- a/core/test/utils/fixtures/data-generator.js
+++ b/core/test/utils/fixtures/data-generator.js
@@ -10,8 +10,8 @@ DataGenerator.Content = {
             markdown: "<h1>HTML Ipsum Presents</h1><p><strong>Pellentesque habitant morbi tristique</strong> senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. <em>Aenean ultricies mi vitae est.</em> Mauris placerat eleifend leo. Quisque sit amet est et sapien ullamcorper pharetra. Vestibulum erat wisi, condimentum sed, <code>commodo vitae</code>, ornare sit amet, wisi. Aenean fermentum, elit eget tincidunt condimentum, eros ipsum rutrum orci, sagittis tempus lacus enim ac dui. <a href=\"#\">Donec non enim</a> in turpis pulvinar facilisis. Ut felis.</p><h2>Header Level 2</h2><ol><li>Lorem ipsum dolor sit amet, consectetuer adipiscing elit.</li><li>Aliquam tincidunt mauris eu risus.</li></ol><blockquote><p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus magna. Cras in mi at felis aliquet congue. Ut a est eget ligula molestie gravida. Curabitur massa. Donec eleifend, libero at sagittis mollis, tellus est malesuada tellus, at luctus turpis elit sit amet quam. Vivamus pretium ornare est.</p></blockquote><h3>Header Level 3</h3><ul><li>Lorem ipsum dolor sit amet, consectetuer adipiscing elit.</li><li>Aliquam tincidunt mauris eu risus.</li></ul><pre><code>#header h1 a{display: block;width: 300px;height: 80px;}</code></pre>"
         },
         {
-            title: "Kitchen Sink",
-            slug: "kitchen-sink",
+            title: "Ghostly Kitchen Sink",
+            slug: "ghostly-kitchen-sink",
             markdown: "<h1>HTML Ipsum Presents</h1><p><strong>Pellentesque habitant morbi tristique</strong> senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. <em>Aenean ultricies mi vitae est.</em> Mauris placerat eleifend leo. Quisque sit amet est et sapien ullamcorper pharetra. Vestibulum erat wisi, condimentum sed, <code>commodo vitae</code>, ornare sit amet, wisi. Aenean fermentum, elit eget tincidunt condimentum, eros ipsum rutrum orci, sagittis tempus lacus enim ac dui. <a href=\"#\">Donec non enim</a> in turpis pulvinar facilisis. Ut felis.</p><h2>Header Level 2</h2><ol><li>Lorem ipsum dolor sit amet, consectetuer adipiscing elit.</li><li>Aliquam tincidunt mauris eu risus.</li></ol><blockquote><p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus magna. Cras in mi at felis aliquet congue. Ut a est eget ligula molestie gravida. Curabitur massa. Donec eleifend, libero at sagittis mollis, tellus est malesuada tellus, at luctus turpis elit sit amet quam. Vivamus pretium ornare est.</p></blockquote><h3>Header Level 3</h3><ul><li>Lorem ipsum dolor sit amet, consectetuer adipiscing elit.</li><li>Aliquam tincidunt mauris eu risus.</li></ul><pre><code>#header h1 a{display: block;width: 300px;height: 80px;}</code></pre>"
         },
         {