0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-13 22:41:32 -05:00
Commit graph

61 commits

Author SHA1 Message Date
Matt DuVall
6dc3e05d21 Allow only images to be uploaded in the upload modal
Fixes #1221

- This changes the accepted encodings on the files upload input field to
  be only "image/*" now
-
2013-10-24 14:37:08 +01:00
Enrique Chavez
3edd0e118d Validate negative numbers in the posts per page setting
issue #1236
- added validation to not allow number less than 0
2013-10-22 23:15:38 +01:00
Hannah Wolfe
d64f2cde4c Merge pull request #1051 from nason/settingsResetOnImageUpload
Fixes #1017. Save all settings when the logo or cover is saved
2013-10-22 09:05:38 -07:00
Hannah Wolfe
65dcb17117 Merge branch '0.3.3-wip'
Conflicts:
	core/client/views/blog.js
	core/server/api.js
	core/server/views/default.hbs
	package.json
2013-10-20 10:09:39 +01:00
Hannah Wolfe
f12a3cecf7 Fixing URL-based image uploads on settings screen 2013-10-17 21:54:51 +01:00
Sebastian Gierlinger
90176e1f40 Security improvements
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
2013-10-17 15:28:28 +02:00
Michael Nason
7044d97d73 Save all settings when the logo or cover save button is clicked.
Fixes #1017.
- Call saveSettings for cover and blog logo photos
- Call saveUser for profile and profile cover photos
2013-10-16 08:39:24 -07:00
buddhamagnet
0662817cea Cache selector in afterRender function
- cache selector in a variable to prevent recomputing it in the function.
2013-10-14 20:56:20 +01:00
Hannah Wolfe
9466a9753b Merge branch '0.3.2-wip'
Conflicts:
	core/test/unit/api_posts_spec.js
2013-10-10 16:37:35 +01:00
Hannah Wolfe
95f9fce3be Swapping escape to sanitze
issue #938

- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
2013-10-09 19:13:16 +01:00
Hannah Wolfe
cd929f19b3 Merge pull request #954 from jgable/fixChangePasswordEnter
Fix pressing enter key on user settings
2013-10-05 12:25:26 -07:00
Sebastian Gierlinger
0220cf2448 Disable filestorage
closes #937
- fixed bug where ![] is replaced with ![](http://) for image url
- added fileStorage setting to uploader
- added fileStorage helper (could become standard way of providing config data for frontend???)
- added data element to editor and settings
- if no config value is set fileStorage: true is default
2013-10-02 11:39:34 +02:00
Jacob Gable
986d5c6299 Fix pressing enter key on user settings
Specified type='button' for the buttons in the form so they don't get
pseudo clicked on enter key in inputs.  Added a keyup handler to check
for enter keys in the inputs and do the proper action based on where you
are in the form.
2013-10-01 10:05:12 -05:00
Hannah Wolfe
5528423636 Client & Server side validation for posts per page
closes #839

- caused a 500 error
2013-09-19 07:55:37 +01:00
William Dibbern
4ff6162d79 Expanded spelling of chars to characters
Fixes #834

- Updated error message for password length to use "characters" instead
of "chars".
2013-09-18 21:51:56 -05:00
Hannah Wolfe
7193f05376 Default user image and cover
closes #812

- replace defaults with consistently named .png files
- change the settings saving code so that it doesn't double-save images and save the defaults to the db
2013-09-18 15:54:52 +01:00
Hannah Wolfe
00b60a7a74 Clear notifications before adding new ones
closes #783

 - I think there's probably a nicer solution than putting clearEverything() everywhere, but that would also probably involve significant refactoring.
2013-09-18 02:48:38 +01:00
cobbspur
757ed3a8f5 Added url functionality for image uploads
closes #701, closes #702

- if image upload is called from editor the url icon provides a text field and a save button
- if on settings pages (general and user) the save button will capture the entered url or uploaded url
- both modes have the reset button
- fixed bug that is created by url when image is dragged onto window
2013-09-17 19:15:32 +01:00
cobbspur
713e4c0d5c Adds slashes to urls
ref issue #448

- adds slashes to urls, templates and tests

TODO

Add function to add slash to urls automatically
2013-09-17 02:39:55 +01:00
Hannah Wolfe
117f70dcfd Merge pull request #752 from sebgie/settingsapi
Add setting filter
2013-09-15 09:53:23 -07:00
Hannah Wolfe
9338d93b26 Merge pull request #750 from cobbspur/images
Fixed settings general pane to display current blog cover in uploader
2013-09-15 09:15:24 -07:00
Sebastian Gierlinger
bd8db968ea Add setting filter
closes #172
- added type to ghost.settings()
- added /api/settings?type=<filter>
- added availableThemes to settingsCache
- removed cachedSettingsRequestHandler
- removed /api/themes (including front end)
- changed activePlugins to type "plugin" in default-settings.json
2013-09-15 18:04:01 +02:00
cobbspur
2e6e7afe93 Added hover state for blog-logo and blog-cover using existing ids
- blog-logo and blog-cover now have a hover state of cursor: pointer
2013-09-15 16:47:38 +01:00
cobbspur
d86d26b957 Fixed settings general pane to display current blog cover in uploader
- removed unused ids and options.id from uploadImage modal template
2013-09-15 15:54:12 +01:00
Hannah Wolfe
d968495996 Mass renaming of things
Conflicts:
	core/client/views/settings.js
	core/server/models/user.js
2013-09-14 21:56:07 +01:00
Sebastian Gierlinger
35a32279d9 Clean up config (drop 'env')
closes #628
- removed .env from config.js
- ghost.config() returns correct config for NODE_ENV
- removed .env[process.env.NODE_ENV]
- updated tests
- deleted users.hbs, plugins.hbs, appearance.hbs (forgot to delete in PR #649)
2013-09-14 13:14:00 +01:00
Gabor Javorszky
6c99b67ab3 Added client side validation
Closes #581.

* Basically adds the client side of node validator, that we're already using
* Validator is plonked onto `Ghost.Validator`
* Usage is identical as to https://github.com/chriso/node-validator
* Has sanitizing values et al
* `Ghost.Validator.error` is redefined, it populates Ghost.Validator._errors (Array)
* `Ghost.Validator.handleErrors` is supposed to print out the multiple error messages, if there are multiple (this is broken due to how notifications are presented `.html` instead of `.append`), and also apply class to element
* The ajax calls are wrapped in an if to prevent network traffic if something's not right on client side
* Added validation to general settings and user settings screens.
* On validation error, optionally adds `.input-error` to whatever element you reference, see below (if `el` exists on the error object). This is the only place where usage is different to the original implementation. Redeclared `error()` function in `init.js`
* Usage: `Ghost.Validate.check(valueToCheck, {message: "the error message", el: $('#the element')}).isEmail()`
* The element above will receive the `.input-error` class. `isEmail()` is one of the stuff you can check against.
2013-09-14 10:52:27 +01:00
Sebastian Gierlinger
cfb83d6e40 Fix for image upload with clean database
no issue
- reversed workaround for PUT to model
- changed save function for image to unset availableThemes
2013-09-11 16:45:59 +00:00
Hannah Wolfe
6417ef778a Added blog cover image
closes #571

- added blog cove beneath logo, wired it up to the {{@blog}} globals
- updated casper
- also deleted settings/content
2013-09-09 18:13:19 +01:00
Hannah Wolfe
a69cb49105 Merge pull request #649 from sebgie/issue#345
Clean up settings/general screen
2013-09-09 01:32:35 -07:00
Sebastian Gierlinger
e51a14ee90 Clean up settings/general screen
Closes #345
- added blog description to general screen
- removed content screen from sidebar
- removed beforeRender from settings front end
- removed content screen from tests
2013-09-08 22:12:48 +02:00
cobbspur
9ce0e9f4a0 User Profile Image Upload
closes #280

- adds image uploader to user profile page.
- click on cover picture or change cover button to open file upload modal.
- created new upload modal that extends model to reduce some code duplication
2013-09-08 17:19:57 +01:00
Hannah Wolfe
2f6828ed6c Merge pull request #634 from sebgie/issue#593
Add setting for posts per page
2013-09-06 08:45:44 -07:00
Matthew Harrison-Jones
38abb54cad Updated the animation option on Upload Modals to new format 2013-09-06 15:39:26 +01:00
Matthew Harrison-Jones
44deb1c0df Bug Fix: Action modals now have centered content and correct spacing
This also adds functionality to Modals, so they can have multiple
styles, e.g 'wide' and 'centered'.
2013-09-06 15:36:16 +01:00
Sebastian Gierlinger
27ba9289d6 Add setting for posts per page
closes #593
- added default setting of 6 posts per page
- added posts per page to settings page
- added limit to frontend.js (setting does not change API behavior)
2013-09-05 14:56:09 +02:00
Matthew Harrison-Jones
61ac9f7284 Design fixes for the user settings panel
* Bio field now counts down.
* Bio filed count now turns red when < 20
* Cover image now has gradient
* Change button now has square corners
* Removed "forgot password" link
* Change password button is now red
* Change password button is now aligned with the form
* Hover state on the profile picture now reads "Edit Picture"
2013-09-05 10:00:52 +01:00
cobbspur
e61f3684d5 Adds modal Image uploader on settings page
issue #432

adds a modal template for image uploads
adds buttons to settings page to upload images for blog logo and icon
once image is uploaded displays an 'X' to reset back to dropzone
saves image and renders settings page.

ToDo

add url field when clicking on url icon

fix position of 'X' for both settings and editor
2013-09-04 22:03:55 +01:00
Sebastian
4abaa8ceee Fix for settings view
no issue
- removed/added availableThemes before/after saving the model
2013-09-04 16:24:59 +01:00
Hannah Wolfe
d38faddca1 Merge pull request #605 from jgable/settingsBackButton
Fix settings back button functionality
2013-09-03 04:20:25 -07:00
Jacob Gable
972aeac037 Fix settings back button functionality
Added a redirect call to the router instead of defaulting the pane. To
handle using the back button after clicking through to other tabs I
added an event listener on the route:settings event.
2013-09-01 22:54:19 -05:00
Sebastian
4525c355af Adding theme switcher to settings/general
closes #488 and #107
- added dropdown for theme selection on general page
- added GET /api/v0.1/themes to retrieve available themes
- modified settings model to get available themes
- modified updateSettignsCache to remove path from settings.activeTheme
2013-08-30 13:20:30 +02:00
James Inman
b4a0b1498f Adding fade transitions between settings tabs.
Closes #371
- Added a hide and fadeIn() to the render method in Settings.Pane
- Any Settings.Pane which overwrites render should now make sure the parent is called
- Run through grunt validate, all OK.
2013-08-29 18:36:33 +01:00
Hannah Wolfe
41e36cca7e Validation consistency
- introduced validation method in the post and user model
- moved signup validation onto model
- consistent use of validation & error messaging in the admin UI
- helper methods in base view moved to a utils object
2013-08-25 18:10:12 +01:00
Hannah Wolfe
9092ed95ba Improvements to settings pane switching
closes #174

- Triggering router events for navigation between settings panes
caused the route function to be re-executed, which caused all
kinds of fun.
- Wrapped the settings route function in an if statement to preserve
the current view if it already a settings view.
- Added Ghost pub-sub and using that instead of History API
2013-08-22 08:08:43 +01:00
Hannah Wolfe
0ce2958ee7 Updating password length validation
- setting it back to 7 chars so that people who have 7 char passwords, which were valid, can login.
2013-08-20 10:43:11 +01:00
Gabor Javorszky
be7ed2dfdc Added validation for signup and login screens
Closes #374
* Included node-validator as a package
* Implemented server side validation (the client side js is a mess, need a LOT of work)
* Validates email address both on signup and login screens, gives error message on malformed email addresses
* Requires at least 8 chars of password
* Tells user if password is too short
* Tells user if no such user on login
* Tells user if wrong password on login
* Tells user if server responds with a 404 (goes away, dies, etc)
* Added middleware between req and login / signup for validation
2013-08-20 09:42:42 +01:00
Gabor Javorszky
f6d164b5d8 Current user added
Closes #340. Closes #375
* Replaced session with id of current user
* Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy)
* Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't)
* If user has profile picture, that will be used
* If user has name, that will be used
* Password changing doesn't care about your email. Uses cookies. Tasty!
* User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`.
* Added logic to user api to check for `id === 'me'`, and then use the cookie value
* User data saves are now correct
* There is no logout error
2013-08-17 22:02:46 +01:00
Gabor Javorszky
1d9b2d916e Passive notifications are dismissed on settings pane change
Closes #342.
It would be totally cool if we could have a Ghost.PubSub so we could hurl events there and pick them up somewhere else. For some reason all the backbone bits work on models, like `trigger` and `listenTo` and `delegateEvents`.
2013-08-15 23:18:10 +01:00
Hannah Wolfe
2f11f053ab Minor code cleanup, docs and other bits & pieces 2013-08-06 22:24:40 +01:00