no ref
I've discovered email link checkers appear to be using
falsified/scrambled uuids when testing links for a given site. It's
difficult to check against all sites, so instead we'll log to Sentry to
confirm this is the case.
I've put this behind config because I believe it will create a LOT of
entries, and may burden an already burdened workflow during peak
traffic.
ref https://linear.app/ghost/issue/AP-625/implement-notification-grouping-for-follows-and-likes
- Added basic frontend grouping for Follow and Like notifications, so the page is easier to scan through. For each loaded batch of notifications we check if they can be grouped (all follows get grouped, all likes for a certain post get grouped) and then merge those grouped pages of notifications.
- Improved UI for notifications, with notification type icons for each group.
- Added a utility for truncating text.
closes https://linear.app/ghost/issue/PLG-294
- making the `replied to: [removed]` text a link was a bit confusing because clicking it does nothing
- if the replied-to comment doesn't exist (e.g. hidden/deleted and not returned in API response) or has been unpublished we replace the `<a>` with a `<span>` to remove the link behaviour
no issue
- keeps logic inside `<CommentHeader>` single-purpose
- allows for cleaner code when adding logic to remove the link when the replied-to comment is removed
- switched `queryByText` to `getByText` in the test to make debugging easier, the latter will print the current DOM if it fails to find an element
# Conflicts:
# apps/comments-ui/src/components/content/Comment.tsx
REF https://linear.app/ghost/issue/PLG-284
When clicking on a replied-to reference, you scroll up to the parent comment. To guide the eye, the parent comment is highlighted with a yellow background.
- added `dispatchAction` to the `ActionHandler` function call arguments, allowing actions to call other actions
- added `commentIdToHighlight` app context state and associated `highlightComment` action to set it
- updated `Comment` (and related sub-components) to match `commentIdToHighlight` when rendering to determine whether to apply highlighting of comment contents
- for the highlight, `<mark>` is used to wrap any paragraphs inside the comment contents and appropriate tailwind highlight animation classes applied
- uses the inline `<mark>` element so that background highlight only applies to the text bounding boxes rather than the entire wrapping element
---------
Co-authored-by: Ronald Langeveld <hi@ronaldlangeveld.com>
ref [DES-949](https://linear.app/tryghost/issue/DES-949/177e604501
This adds custom fonts feature allowing users to select heading and body
fonts for their themes from a curated list. This allows publishers to
have more control over their brand, and allows themes to have a wider
range of styles to appeal to different audiences.
Without custom fonts support, themes will continue to work as normal,
but users won't be able to customize their typography. As for the
official themes, all of them will support custom fonts.
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [dompurify](https://redirect.github.com/cure53/DOMPurify) |
dependencies | pin | [`^3.2.2` ->
`3.2.2`](https://renovatebot.com/diffs/npm/dompurify/3.2.2/3.2.2) |
Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.
---
### Configuration
📅 **Schedule**: Branch creation - "* * * * 1-5" (UTC), Automerge - At
any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/TryGhost/Ghost).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS40Mi40IiwidXBkYXRlZEluVmVyIjoiMzkuNDIuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
closes https://linear.app/ghost/issue/ENG-1506
- when uploading a SVG image as staff profile picture, we previously had
a validation against malicious `<script>` tags or `on*` attributes
- this has proven to be unsufficient, as malicious scripts can be added
via other tags (e.g. `<foreignObject>`) and other attributes (e.g.
`xlink:href`)
- we now satinize SVGs using the DOMPurify library during validation
- if the file is invalid and cannot be sanitized, we show an error to
the user
- also added support for sanitizing `.svgz` files
- Currently, stale bot is configured to mark issues as stale after 120 days, and close them 7 days later
- The intent is to close anything 4 months old or more, so setting the timer to 113 days means it accounts for the extra 7
Closes https://linear.app/ghost/issue/ENG-1758/product-row-locking-in-linksubscription-causes-slowness-in-high-signup
- The method used a FOR UPDATE query when fetching the Ghost product despite never updating that row.
- In this case, we're only reading the default product to link it with a subscription - we're not actually modifying the default product itself. The operation is read-only in nature, therefore, the forUpdate lock is unnecessary
- The actual update to the product happens later in the code when we call this._productRepository.update() with the stripe price data, and that operation has its own transaction handling and locking mechanisms
ref DES-1011
- previously, we were hiding the old font settings from the official themes without checking if they support the custom fonts or not
- now we use the gscan warning info to check this — only when there's support, we hide the settings which means users with the older version will get the old settings back
- also added two new tests for this procedure
PLG-280
- Added a loading state implementation when changing the ordering of
comments.
- This improves the overall UX particularly with slower connections.
- Due to the nature of how comments and ordering are handled, we
approached it with a simple state that determines whether it's done
loading or not around the API query.
---------
Co-authored-by: Sanne de Vries <sannedv@protonmail.com>
ref https://github.com/TryGhost/Ghost/pull/21765
- This change was split out of
https://github.com/TryGhost/Ghost/pull/21765
- We're adding versioning to all the resources in tinybird so that we
can iterate on them in future in a way that tinybird understands
- The next step is to build an example of what making a change will look
like in versioned world
---------
Co-authored-by: Paco Gonzalez <paco@tinybird.co>
- This changes the Tinybird Materialized Views to circumvent a currently
existing Tinybird bug that prevents iterating the code in its current state.
- The idea is that this will allow us to be more flexible in making changes, as it works
around some restrictions where Tinybird won't let us change the MV because other
parts of the pipe depends on it
- The idea is to remove the dependency to `analytics_hits.pipe` in the
materialized views.
- This does create code duplication, but we can clean that up later using includes,
or refactor the pipe again later if Tinybird fixes the issues
---------
Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>
ref https://linear.app/ghost/issue/ENG-1811/
- added first migration for truncating column length; required in order
to be able to add an index
- added second migration for creating the index
After sending a newsletter, Ghost can struggle with the amount of
incoming traffic (particularly link scanners) with particularly large
pools of recipients. Part of this is link lookup, which an index has
shown to help with when added manually on the db. Given that, this
change is to make it native.
I ran a stats service query to gather data on usage, as well as did code
review, and I've not seen any use of this table that isn't using the 8
digit slug, i.e. /r/12345678, or 11 characters total. I made this 191 in
case that use case changes, while still allowing us the value of an
index.
Note: SQLite does not support altering columns to my knowledge, so we
have to create a temp table with the new column data to push back in.
This should be ok because use of SQLite should be limited. In the past,
I've seen migrations skipped for SQLite and I'd rather not do that here
if able.
closes https://github.com/TryGhost/Ghost/issues/14882
ref
https://github.com/TryGhost/Ghost/issues/14882#issuecomment-2395498636
- As per the comment on the issue, the last reference to bluebird in
Ghost itself was removed over a year ago.
- We added this code blocking bluebird debug over 6 years ago.
- We do still use bluebird through dependencies so we could still have
memory issues BUT
- This change only affects development, and really should not be a
problem anymore.
- Leaning towards deleting the weird old edge-case code as it should not
be an issue, and finding out the hard way if I'm wrong :D
ref https://linear.app/ghost/issue/AP-622/add-support-for-rich-text-formatting-of-notes
- Until now we only had plain text with line breaks and links inside `note` objects. But WordPress is very flexible and allows users to put almost all of their blocks inside a `note`, like headings, lists and blockquotes. We now support those in Ghost, but with minimal formatting to keep the feed clean and easy to scan through.
no issue
- bumped minor to delay comments-ui update until next Ghost release
- includes numerous styling fixes, display of replies when editing a comment, and updates to in-reply-to snippets when deleting/hiding comments
closes https://linear.app/ghost/issue/PLG-263/
When hiding a reply as an Admin, if there were other replies that referenced it then those snippets would still show the hidden content because there was no immediate update in the comments-ui client. This made it look like hidden content would still be visible even though at the API level snippets were entirely removed so no other user would see it.
- added client-side handling so in-reply-to snippets immediately show `[hidden/removed]` which means we don't have to fetch every reply from the API
- updated the API to use `[hidden/removed]` as the snippet when referencing a hidden reply instead of removing all `in_reply_to_` data
- keeping `in_reply_to_id` and `in_reply_to_snippet` means comments-ui still displays the replied-to reference text (albeit not directly showing the API-supplied string so `[hidden/removed]` can be translated)
- returns the full `in_reply_to_snippet` text for Admin API requests so that showing a comment that has been loaded from the API can immediately show the contents for any displayed references to the comment
REF https://linear.app/ghost/issue/PLG-274/
- Currently, replies are hidden when the parent comment is being edited. This PR ensures that replies remain visible when the parent comment is being edited.
- To achieve this, the `CommentComponent` now checks if the parent comment is being edited. If so, the comment content is swapped by the EditForm, while the comment's avatar, header, menu, and replies remain visible.
- The Form component now only renders the FormEditor. A FormWrapper component is used to wrap the avatar and comment header.
- This Form component is used in the EditForm without the FormWrapper, as it is already wrapped in the CommentComponent.
- The ReplyForm and the MainForm use the FormWrapper.
- The Avatar component now also accepts a `member` prop, which is used to display the avatar image. This is because it's no longer used inside the Form component.
ref https://linear.app/ghost/issue/PLG-270/
If the API is returning replies that are not shown in the UI then the comments-ui app isn't able to paginate correctly. This should be true across all comments endpoints with no inconsistency across browse by page or comment, or when fetching individual comments.
- expectations for public comments endpoints:
- hidden/deleted comments are never returned unless they have published replies
- hidden/deleted replies are never returned
- expectations for admin comments endpoints:
- deleted comments are never returned unless they have published replies
- deleted replies are never returned
- hidden comments+replies are always returned (necessary to allow hidden comments to be toggled back to visible)
Fixed by:
- using bookshelf `withRelated` callback function for `replies` relation in `defaultRelations` (and again in `findPage` which uses `withRelations` to load relations individually)
- cleaned up now-unnecessary additional filtering in `CommentsService`
- added additional tests to ensure behaviour and lack of regressions
ref https://linear.app/ghost/issue/AP-613/make-drawer-wider-when-displaying-articles-on-larger-screens
- Added a prop to Modal which allows you to interact with the page
behind the Modal, so the main navigation could still be used while the
Article modal is opened
- Removed the breakpoint we only use in one place, and switched to using
an arbitrary Tailwind breakpoint that matches the one in admin instead
closes
https://linear.app/ghost/issue/ENG-1807/further-deprecate-amp-by-removing-the-ui
- AMP has been deprecated for a year, and will be removed in Ghost 6.0
- As the next step towards removing it, we're removing the UI, meaning
new sites can't enable it
- This will hopefully help the transition to dropping it be smoother and
especially prevent newer users from spending a lot of time on AMP in the
run up to it going away
- NOTE: this only removes the UI. All the logic remains, you can still enable AMP via the API/settings table in the DB.
