no issue
- Split context out of frontend controller
- Add 100% test coverage for context
- Add tests for preview & improve other bits of coverage
- Further refactors (WIP) will make it easier to reach 100% coverage on the frontend
refs #5923
- add read-themes module to get a list of themes
- replace readDirectory() usage with readThemes(), where only themes are needed
- test read-themes
- test read-directory
- test validate-themes
- test parse-package-json
- add tempfile testing utility to generate temporary paths
no issue
- update grunt-jscs dependency
- fix deprecated `validateJSDoc` configuration
- fix numerous linting errors, including:
- use of future-reserved `public` and `private` variable names
- use of `[]` instead of dot-notation (especially `express['static']` and `cacheRules['x']`)
- extra spaces in `const { run } = Ember` style constructs
One issue that did become apparent is that there are conflicting rules that prevent the use of object function shorthand such that both of these:
```
{ myFunc() {} }
{ myFunc () {} }
```
are called out due to either the missing or the extra space before the `(`
closes#5492
- remove core/server/require-tree.js and split it into modules
- add read-directory module to recursively read directories
- add validate-themes module to scan themes and return errors/warnings
- add parse-package-json module to parse json and validate requirements
- rewrite core/server/models/index.js to manually require models
closes#5913
Sitemap deletion is based on the page.unpublished event. The previous
logic was always sending post.unpublished instead. If page or post
event is triggered is based on the ‘page’ attribute of the model. When
the destroyed handler all attributes are already cleared from the model
which makes this logic always fall back to post.
The fix is to move to the destroying event which still has all the
model values in place.
closes#4439
- adds basic get helper which works with the current API
- allows theme developers to make requests against the API
- supports block params and @error message
- includes 100% test coverage using posts
----
The `{{#get}}` helper is an asynchronous block helper which allows for making
requests for data from the API. This allows theme developers to customise the
data which can be shown on a particular page of a blog.
Requests can be made to the posts, tags or users API endpoints:
```
{{#get "posts" limit="3"}}
{{#foreach posts}}
<a href="{{url}}">{{title}}</a>
{{/foreach}}
{{/get}}
```
The `{{#get}}` helper must be used as a block helper, it supports `{{else}}`
logic, for when no data matching the request is available or if an error has
occurred:
```
{{#get "posts" tag="photo"}}
...
{{else}}
{{#if @error}}
<p>Something went wrong: {{@error}}</p>
{{else}}
<p>No posts found</p>
{{/if}}
{{/get}}
```
The helper also supports block params, meaning the data it outputs can be
given a different name:
```
{{#get "posts" featured="true" as |featured|}}
{{#foreach featured}}
...
{{/foreach}}
{{/get}}
```
Please Note: At present asynchronous helpers cannot be nested.
refs #5909, #4577
- removes accidental '.only' which was hiding issues with the findAll changes
- deleteAllContent and importer still need to use a hard 'findAll' as findPage({limit: 'all'}) doesn't have the same behaviour
fixes#5905
- update context patterns to correctly match author & tag pages
- remove 'tag' and 'tags' from reserved slugs - we'll handle this in terms of overrides in future
closes#5872
- added random secret for new databases
- added temporary fix for existing databases
- secret is still static (`not_available`) during tests
- fixed fork mechanism to keep active environment (never change
NODE_ENV!!!)
- published_by should be set by business logic, rather than by users
Credits: An anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program
refs #5808
- Fix the API to return a single 422 error when an invalid value is passed
- Only affects Browse, and not Read at present due to differences in how they are handled
- Frontend was changed to always 404 in #5851
- Adds tests to ensure all cases are covered
no issue
- Uncapitalise was dropping the subdirectory when redirecting - so the base url has been added where present
- Uncapitalise was also working differently in node 0.10 and 0.12 - so the path is decoded before testing for uppercase
- Adds some test coverage
- password changes should only be possible from the password change endpoint
Credits: An anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program
- currently, the plural helper doesn't replace % with the number when the number is zero, which is inconsistent
- this change ensures that theme developers can choose to show the number or a plain string
closes#5808
refs #5816
- adds additional filtering any 'slug' containing content in `renderChannel` for frontend
- adds test for invalid characters in tag slug
