issue #938
- rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors
- added listener for changes to both editor and settings page
- added more sanitization to the user model
- consistently use triple-braces when outputting blog post titles
closes#937
- fixed bug where ![] is replaced with ![](http://) for image url
- added fileStorage setting to uploader
- added fileStorage helper (could become standard way of providing config data for frontend???)
- added data element to editor and settings
- if no config value is set fileStorage: true is default
Specified type='button' for the buttons in the form so they don't get
pseudo clicked on enter key in inputs. Added a keyup handler to check
for enter keys in the inputs and do the proper action based on where you
are in the form.
closes#812
- replace defaults with consistently named .png files
- change the settings saving code so that it doesn't double-save images and save the defaults to the db
closes#783
- I think there's probably a nicer solution than putting clearEverything() everywhere, but that would also probably involve significant refactoring.
closes#701, closes#702
- if image upload is called from editor the url icon provides a text field and a save button
- if on settings pages (general and user) the save button will capture the entered url or uploaded url
- both modes have the reset button
- fixed bug that is created by url when image is dragged onto window
closes#172
- added type to ghost.settings()
- added /api/settings?type=<filter>
- added availableThemes to settingsCache
- removed cachedSettingsRequestHandler
- removed /api/themes (including front end)
- changed activePlugins to type "plugin" in default-settings.json
Closes#581.
* Basically adds the client side of node validator, that we're already using
* Validator is plonked onto `Ghost.Validator`
* Usage is identical as to https://github.com/chriso/node-validator
* Has sanitizing values et al
* `Ghost.Validator.error` is redefined, it populates Ghost.Validator._errors (Array)
* `Ghost.Validator.handleErrors` is supposed to print out the multiple error messages, if there are multiple (this is broken due to how notifications are presented `.html` instead of `.append`), and also apply class to element
* The ajax calls are wrapped in an if to prevent network traffic if something's not right on client side
* Added validation to general settings and user settings screens.
* On validation error, optionally adds `.input-error` to whatever element you reference, see below (if `el` exists on the error object). This is the only place where usage is different to the original implementation. Redeclared `error()` function in `init.js`
* Usage: `Ghost.Validate.check(valueToCheck, {message: "the error message", el: $('#the element')}).isEmail()`
* The element above will receive the `.input-error` class. `isEmail()` is one of the stuff you can check against.
Closes#345
- added blog description to general screen
- removed content screen from sidebar
- removed beforeRender from settings front end
- removed content screen from tests
closes#280
- adds image uploader to user profile page.
- click on cover picture or change cover button to open file upload modal.
- created new upload modal that extends model to reduce some code duplication
closes#593
- added default setting of 6 posts per page
- added posts per page to settings page
- added limit to frontend.js (setting does not change API behavior)
* Bio field now counts down.
* Bio filed count now turns red when < 20
* Cover image now has gradient
* Change button now has square corners
* Removed "forgot password" link
* Change password button is now red
* Change password button is now aligned with the form
* Hover state on the profile picture now reads "Edit Picture"
issue #432
adds a modal template for image uploads
adds buttons to settings page to upload images for blog logo and icon
once image is uploaded displays an 'X' to reset back to dropzone
saves image and renders settings page.
ToDo
add url field when clicking on url icon
fix position of 'X' for both settings and editor
Added a redirect call to the router instead of defaulting the pane. To
handle using the back button after clicking through to other tabs I
added an event listener on the route:settings event.
closes#488 and #107
- added dropdown for theme selection on general page
- added GET /api/v0.1/themes to retrieve available themes
- modified settings model to get available themes
- modified updateSettignsCache to remove path from settings.activeTheme
Closes#371
- Added a hide and fadeIn() to the render method in Settings.Pane
- Any Settings.Pane which overwrites render should now make sure the parent is called
- Run through grunt validate, all OK.
- introduced validation method in the post and user model
- moved signup validation onto model
- consistent use of validation & error messaging in the admin UI
- helper methods in base view moved to a utils object
closes#174
- Triggering router events for navigation between settings panes
caused the route function to be re-executed, which caused all
kinds of fun.
- Wrapped the settings route function in an if statement to preserve
the current view if it already a settings view.
- Added Ghost pub-sub and using that instead of History API
Closes#374
* Included node-validator as a package
* Implemented server side validation (the client side js is a mess, need a LOT of work)
* Validates email address both on signup and login screens, gives error message on malformed email addresses
* Requires at least 8 chars of password
* Tells user if password is too short
* Tells user if no such user on login
* Tells user if wrong password on login
* Tells user if server responds with a 404 (goes away, dies, etc)
* Added middleware between req and login / signup for validation
Closes#340. Closes#375
* Replaced session with id of current user
* Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy)
* Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't)
* If user has profile picture, that will be used
* If user has name, that will be used
* Password changing doesn't care about your email. Uses cookies. Tasty!
* User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`.
* Added logic to user api to check for `id === 'me'`, and then use the cookie value
* User data saves are now correct
* There is no logout error
Closes#342.
It would be totally cool if we could have a Ghost.PubSub so we could hurl events there and pick them up somewhere else. For some reason all the backbone bits work on models, like `trigger` and `listenTo` and `delegateEvents`.