0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Commit graph

87 commits

Author SHA1 Message Date
Sebastian Gierlinger
90176e1f40 Security improvements
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
2013-10-17 15:28:28 +02:00
Hannah Wolfe
a5bf8bf1e2 Removing reset button
- noone needs this, and someone is bound to press it and then complain.
2013-09-27 17:20:41 +01:00
John O'Nolan
78775f1976 Added email to username if no name is given
Gets rid of generic "Ghost" - we know a user will always have an email address as it is a required field.
2013-09-26 12:02:48 +01:00
John O'Nolan
bf5ab32fe9 Renamed user image data helper to make more sense 2013-09-26 12:02:44 +01:00
Matthew Harrison-Jones
340958cfcf Updated 'Help / Support' link 2013-09-23 18:46:03 +01:00
John O'Nolan
472406d157 Removed version number from user menu
Fixes #855
2013-09-22 22:54:07 +02:00
Christopher Giffard
9c8b02949a 500 Series Error Handling & Stack Traces
Fixes #825

- Changes the way the error middleware is delivered in server.js, moving
  all the logic back into errorHandling.js
- Alters error logging to use console.error (probably more appropriate) instead
  of console.log
- Changes error tests to accomodate for these alterations
- Alters user-error and error hbs templates to incorporate stack traces
- Adds additional styling for error pages to accomodate stack traces
- Added logic to parse and deliver formatted stack traces

Notes:
======

- Jslint gets in the way of the regex I've got to use to parse the stack.
  (It cites 'security reasons' which are not relevant in this case.)
  I needed to add a condition to relax it at the top of errorHandling.js
- The stack trace should probably be added as a partial, but I figured it
  was out of scope for this PR.
2013-09-19 13:01:20 +10:00
Hannah Wolfe
7193f05376 Default user image and cover
closes #812

- replace defaults with consistently named .png files
- change the settings saving code so that it doesn't double-save images and save the defaults to the db
2013-09-18 15:54:52 +01:00
Hannah Wolfe
ed9259a32e Merge pull request #822 from matthojo/Post-Settings-labels
Bug Fix: Clicking on Post Settings labels now selects relative input
2013-09-18 05:59:01 -07:00
Matthew Harrison-Jones
d70b8d8479 Bug Fix: Clicking on Post Settings labels now selects relative input 2013-09-18 11:29:57 +01:00
Christopher Giffard
e13ac321c9 Default 404/500 Error Message
Fixes #792

- Added default template for errors where a user has not defined a custom
  template (error.hbs) in the theme folder
- Now searches for user-error.hbs in the server view folder should a user
  template not be present.
2013-09-18 15:12:53 +10:00
Hannah Wolfe
7be4362523 404 Page vertical centering
closes #791
2013-09-18 03:07:22 +01:00
Hannah Wolfe
b15b8d03da Clearing out images we don't use 2013-09-17 22:28:28 +01:00
Matthew Harrison-Jones
2305329041 Complete Modal Refactor
* Smoother animations
* Removed blurring in Chrome temporarily
* Centering is now done in CSS (the height is calculated in JS to work in FF and Opera)
* Modals now need close: true to be set to enable the close icon and shortcuts for closing (ESC key, background clicking)
2013-09-17 20:40:19 +01:00
Hannah Wolfe
b165dd3e62 Merge pull request #787 from cgiffard/new-404-handling
Initial 404 Error Handling Support
2013-09-17 07:07:19 -07:00
John O'Nolan
14d07ef98a Restyled delete post-settings menu item 2013-09-17 13:02:20 +01:00
Christopher Giffard
48b75fa396 Initial 404 Error Handling Support
Fixes #356

- Adds new generic methods for handling errors to errorHandling.js
- Initialises generic methods as middleware
- Created error.hbs view in admin
- Error handler searches for error.hbs view file in user theme folder
  and renders it if available, otherwise lets the error fall through
  to express.

- We *could* change the final behaviour to render a default ghost
  template should the user template be missing
- Because it currently isn't possible to require(ghost) in errorHandling.js,
  it was necessary to duplicate some aspects of the ghost path init code
  inside errorhandling.js. This should be cleaned up and moved back
  into ghost.js when possible.
2013-09-17 20:56:05 +10:00
Hannah Wolfe
83e655701c Post settings menu tweaks
closes #782, #783

- delete button hidden until ID
- publish date works before publish
2013-09-17 11:51:24 +01:00
Hannah Wolfe
c052fe82d8 Merge pull request #749 from cobbspur/urls2 2013-09-17 02:42:28 +01:00
Hannah Wolfe
16329ac6f0 Removing i18n until it's done properly 2013-09-17 02:41:40 +01:00
cobbspur
713e4c0d5c Adds slashes to urls
ref issue #448

- adds slashes to urls, templates and tests

TODO

Add function to add slash to urls automatically
2013-09-17 02:39:55 +01:00
Hannah Wolfe
de7143bc62 Refactoring Ghost middleware
closes #657, closes #761

- Got rid of initTheme from ghost.js (yay)
- Divided up the logic for static assets and views
- Ghost admin static assets are now served from /ghost/
- New logic to figure out if we're on the admin, or a theme and which theme we are on
- Activate theme method reregisters static access and uncaches views
- Re-ordered all of the middleware, and ensured we had a 404 handler at the end
- Activate theme method ensures that middleware maintains order
2013-09-17 01:49:08 +01:00
John O'Nolan
0b89335339 Fix debug tools layout 2013-09-16 18:53:09 +01:00
Hannah Wolfe
e3bc0b3151 Mail documentation link is clickable
closes #760

Also updating notification template missed in issue #729
2013-09-16 18:34:20 +01:00
Hannah Wolfe
cefa0e14ef Merge pull request #764 from matthojo/Flash-Bar
Renamed the notifications container
2013-09-16 06:07:55 -07:00
Hannah Wolfe
522f47a217 Logo in admin goes to blog front
closes #537
2013-09-16 10:25:45 +01:00
Hannah Wolfe
1ee0d51660 Merge pull request #730 from jgable/gruntClientFiles
Compile assets with grunt
2013-09-16 01:57:08 -07:00
Matthew Harrison-Jones
2fe7eda8e2 Renamed the notifications container
Renamed from `#flashbar` to `#notifications`
2013-09-16 09:46:29 +01:00
Hannah Wolfe
8af09e2dd1 Merge pull request #762 from ericterpstra/402-pub-date
Enabled post setting to change published date
2013-09-16 01:10:33 -07:00
ericterpstra
71c99913f6 Enabled post setting to change published date
closes #402
2013-09-15 22:19:53 -05:00
William Dibbern
07629dd9ab Publish button amendments
Fixes #667

- Removed superfluous as-of-yet-unused options in the publish menu.
- Adjusted display names of publish buttons according to differing
states the publish menu can be in (new post, saved draft, published
post).
- Added red highlight style to "important" status change options in the
publish menu (draft => published, published => unpublished).
- Added suite of functional tests around new labels and classes.
2013-09-15 14:52:09 -05:00
Jacob Gable
63eb9581ea Compile assets with grunt
- Made a helper called ghostScriptTags that will spit out the relevant
  script tags with version parameter; 4 unminified files in development,
  1 minified file in production.
- Added grunt concat and uglify tasks to build files into core/built
- Fixed some unit tests by making them native date objects
2013-09-15 14:06:42 -05:00
Sebastian Gierlinger
bd8db968ea Add setting filter
closes #172
- added type to ghost.settings()
- added /api/settings?type=<filter>
- added availableThemes to settingsCache
- removed cachedSettingsRequestHandler
- removed /api/themes (including front end)
- changed activePlugins to type "plugin" in default-settings.json
2013-09-15 18:04:01 +02:00
John O'Nolan
19272a03cc New post title placeholder 2013-09-14 23:18:35 +01:00
Gabor Javorszky
6c99b67ab3 Added client side validation
Closes #581.

* Basically adds the client side of node validator, that we're already using
* Validator is plonked onto `Ghost.Validator`
* Usage is identical as to https://github.com/chriso/node-validator
* Has sanitizing values et al
* `Ghost.Validator.error` is redefined, it populates Ghost.Validator._errors (Array)
* `Ghost.Validator.handleErrors` is supposed to print out the multiple error messages, if there are multiple (this is broken due to how notifications are presented `.html` instead of `.append`), and also apply class to element
* The ajax calls are wrapped in an if to prevent network traffic if something's not right on client side
* Added validation to general settings and user settings screens.
* On validation error, optionally adds `.input-error` to whatever element you reference, see below (if `el` exists on the error object). This is the only place where usage is different to the original implementation. Redeclared `error()` function in `init.js`
* Usage: `Ghost.Validate.check(valueToCheck, {message: "the error message", el: $('#the element')}).isEmail()`
* The element above will receive the `.input-error` class. `isEmail()` is one of the stuff you can check against.
2013-09-14 10:52:27 +01:00
ericterpstra
e2bc5257a6 Added post-settings menu with edit permalink field
closes #370
- Added new Backbone view for post settings menu
- Moved sass styles to global.scss for post settings menu items
- Added field to change post slug (permalink) using existing slug
  validation
2013-09-13 12:36:38 -05:00
Hannah Wolfe
cc785cc981 Merge pull request #686 from matthojo/Sign-up-screen-UI
Improved Auth screen markup and validation checks
2013-09-12 06:25:27 -07:00
Matthew Harrison-Jones
2678de902d Improved Auth screen markup and validation checks
* Signup now focuses on 'name' on load
* Fixed fade in on auth forms to work with `display: table`
* The 'name' field is required on Sign up forms
* The length check on the Signup form is in order of inputs
* Added check for password length
* Changed the auth form class names to better represent individual pages
* Updated CasperJS tests
2013-09-12 09:59:58 +01:00
Matthew Harrison-Jones
a85e8e1efc Temporarily removed the Dashboard and all references
This also updates the CasperJS to match the new changes.
2013-09-11 15:38:09 +01:00
Matthew Harrison-Jones
2280276fdd Removed unused user menu items and linked "Help / Support" to the right place
Also updated CasperJS tests to support changes
2013-09-10 15:05:42 +01:00
Matthew Harrison-Jones
84c2767da6 Temporarily remove unused Post Menu options 2013-09-10 13:53:01 +01:00
John O'Nolan
42a011d6a9 Introducing chromeframe, correcting content type meta tag. 2013-09-09 13:03:36 +02:00
John O'Nolan
935afbf873 Remove detection for IE7 and lower 2013-09-09 12:58:48 +02:00
Hannah Wolfe
4307f48084 Merge pull request #655 from cobbspur/userprofile
User Profile Image Upload
2013-09-09 00:59:57 -07:00
cobbspur
9ce0e9f4a0 User Profile Image Upload
closes #280

- adds image uploader to user profile page.
- click on cover picture or change cover button to open file upload modal.
- created new upload modal that extends model to reduce some code duplication
2013-09-08 17:19:57 +01:00
John O'Nolan
4b40bb5aab Center login form with CSS instead of JS 2013-09-08 17:12:25 +02:00
Hannah Wolfe
ddcc7b78b6 Removing api calls from server side
closes #603, issue #395

- Changed hard-coded 'JOE BLOGGS' to use author data
- We still had api calls loading data server side before rendering pages.. which is unnecessary.
- Only thing using this was editor title, which is now populated client side
- May improve content screen load time.
2013-09-04 21:51:54 +01:00
Hannah Wolfe
76c2ff6818 Merge pull request #574 from sebgie/issue#488-2
Adding theme switcher to settings/general
2013-09-02 03:25:10 -07:00
Hannah Wolfe
7570599252 Merge pull request #564 from skattyadz/tags-squashed
Add post tagging functionality
2013-09-01 17:50:21 -07:00
Adam Howard
d90df55b75 Add post tagging functionality
closes #367
closes #368

- Adds Tag model with a many-to-many relationship with Post
- Adds Tag API to retrieve all previously used Tags (needed for suggestions)
- Allows setting and retrieval of Tags for a post through the Post's existing API endpoints.
- Hooks up the editor's tag suggestion box to the Ghost install's previously used tags
- Tidies the client code for adding tags, and encapsulates the functionality into a Backbone view
2013-08-30 16:20:22 +01:00