Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-13 22:41:32 -05:00
Code Issues Activity
1190 commits 216 branches 1688 tags 525 MiB
Commit graph

850 commits

Author SHA1 Message Date
Fabian Becker
7099091c28 Fix CSRF deprecated warning 2013-10-22 07:33:30 +00:00
Pascal Borreli
14c420c8d1 Fixed typos 2013-10-20 20:33:51 +00:00
Hannah Wolfe
accf525061 Temporarily removing API test 2013-10-20 11:02:06 +01:00
Hannah Wolfe
65dcb17117 Merge branch '0.3.3-wip' 
Conflicts:
	core/client/views/blog.js
	core/server/api.js
	core/server/views/default.hbs
	package.json
 2013-10-20 10:09:39 +01:00
Sebastian Gierlinger
2ee8f96829 Revert sessions to cookieSessions 
no issue
- modified sessions to use cookieSession
- set max-age to 12 hrs
- modified logout to delete cookie completely
 2013-10-18 13:24:01 +02:00
Hannah Wolfe
158d237122 Improved error handling 
fixes #845

- only returns an error page for get requests, otherwise returns a response
- no more admin menu when not logged in
- no more error message about theme error template
- logWarn is available
 2013-10-17 22:49:14 +01:00
Hannah Wolfe
f12a3cecf7 Fixing URL-based image uploads on settings screen 2013-10-17 21:54:51 +01:00
Hannah Wolfe
4f8ac2a4fd Current user data update 2013-10-17 21:38:49 +01:00
Hannah Wolfe
5916844835 Fixes for content screen 
fixes #1125

- fixes an error in the console when there are no posts
- resolves the issue whereby content disappears after scroll
 2013-10-17 21:06:01 +01:00
Hannah Wolfe
e29a598fa5 CSRF for debug screen 2013-10-17 20:52:09 +01:00
Hannah Wolfe
2a6e77752f API JSON updates 2013-10-17 20:52:05 +01:00
Hannah Wolfe
d9c9ca0e33 Merge pull request #4 from sebgie/sec/3 
Sec/3
 2013-10-17 10:49:40 -07:00
Hannah Wolfe
491651da59 Merge pull request #2 from ErisDS/bookshelf-knex-update 
Updating to bookshelf 0.5.7 & knex 0.4.11
 2013-10-17 10:49:28 -07:00
Tim Griesser
13639ad8d1 Updating to bookshelf 0.5.7 & knex 0.4.11 2013-10-17 18:23:36 +01:00
Sebastian Gierlinger
374c41e138 Remove private data from API 
no issue
- added removal to user.browse, posts.read, posts.browse
- fixed removal for user.read
 2013-10-17 17:15:25 +02:00
Sebastian Gierlinger
90176e1f40 Security improvements 
no issue
- added CSRF protection
- changed session handling to express.session
- changed session handling to change session id
- added config property useCookieSession
- added file extension check for /ghost/upload
- removed /ghost/debug/db/reset
 2013-10-17 15:28:28 +02:00
Hannah Wolfe
daa87e92c2 Merge pull request #1026 from jenius/master 
Remove unneeded info from /user api response
 2013-10-17 14:12:13 +01:00
John O'Nolan
1bd8002858 Fixed further firefox display bugs 
See #1090

Conflicts:
	core/client/tpl/settings/user-profile.hbs
 2013-10-17 14:10:49 +01:00
John O'Nolan
c6d805cd28 Merge pull request #1090 from bnchdrff/user-image-ff-fix 
fixes firefox user image disappearance
 2013-10-17 14:04:34 +01:00
Talon
675d02d466 fixed typo in comments of manage.scss 
The mage posts screen is probably supposed to be the manage posts screen.
 2013-10-16 20:43:59 -06:00
Hannah Wolfe
9b879f6edb Merge pull request #1108 from nason/signupErrorHandler 
Add otherwise error callback to redirectToSignup promise. Fixes #1071
 2013-10-16 08:43:23 -07:00
nason
6a5e399997 Add error handling to redirectToSignup promise 
Fixes #1078
- Add an otherwise error callback to the redirectToSignup promise
 2013-10-16 08:39:58 -07:00
John O'Nolan
0e5dc9275c Fixed further firefox display bugs 
See #1090
 2013-10-16 17:26:28 +02:00
John O'Nolan
b1edd889b9 Merge pull request #1090 from bnchdrff/user-image-ff-fix 
fixes firefox user image disappearance
 2013-10-16 07:57:56 -07:00
Benjamin Chodoroff
672bb01d15 fixes firefox user image disappearance 
take advice from @JohnONolan and subtract border-width
 2013-10-16 10:47:06 -04:00
Hannah Wolfe
3eae0a3939 Merge pull request #1103 from b1nd/merge 
Removed unused variables and updated commenting
 2013-10-16 03:31:57 -07:00
Hannah Wolfe
7419e05b3a Merge pull request #1092 from halfdan/uc-helper 
Added new helper to escape URIs called 'encode'
 2013-10-16 02:23:13 -07:00
Fabian Becker
788987d04a Added new helper to escape URIs called 'encode' 
fixes #1089
 2013-10-16 09:19:26 +00:00
John O'Nolan
a76a702e6e Merge pull request #1098 from hansondr/floatingheader 
tweaked .floatingheader background for non-webkit browsers
 2013-10-16 01:18:31 -07:00
Karolis Dzeja
88d0303093 Fix notification bug 
The date stored in the model is in a different format and needs to be converted before being checked. Otherwise, any blur event will trigger the notification that the date has been changed, even if the date is the same.
 2013-10-16 00:30:25 -05:00
b1nd
c61806c1c8 Removed unused variables and updated commenting 2013-10-16 11:32:44 +11:00
Daniel Hanson
0bcc111025 tweaked .floatingheader background for non-webkit browsers 2013-10-15 13:29:56 -06:00
Hannah Wolfe
930309363d Merge pull request #1020 from padhg/omit-uri-scheme 
Allow omission of URI Scheme in config.js url
 2013-10-15 12:26:18 -07:00
William Dibbern
ac33cea0a1 Clean up test database after tests 
Fixes #1064

- Updated grunt config for unit and functional tests to remove the test
database after each is run.
- Cleaned up a couple of issues with the functional tests that may have
been causing travis builds to fail randomly, including: the start page
is now `about:blank` instead of whatever page the last test suite left
off at, added some checks in the logout tests to ensure they're truly
independent of the other test suites.
 2013-10-14 22:39:52 -05:00
Hannah Wolfe
18f78875ed Merge pull request #1050 from jgable/fixCssErrors 
Fix extra semi-colon in sass
 2013-10-14 14:53:25 -07:00
buddhamagnet
0662817cea Cache selector in afterRender function 
- cache selector in a variable to prevent recomputing it in the function.
 2013-10-14 20:56:20 +01:00
Hannah Wolfe
3cb955fb44 Merge pull request #1041 from halfdan/markdown-modal 
Fix emphasize notation in Markdown modal.
 2013-10-14 12:20:01 -07:00
Jeff Escalante
44973ba255 remove unneeded info from user api response 2013-10-14 15:07:52 -04:00
Fabian Becker
72f7404d2f Fix emphasize notation in Markdown modal. 
fixes #1008
 2013-10-14 18:12:55 +00:00
Jacob Gable
c153a3ca01 Fix extra semi-colon in sass 
Related to #1033 but needs TryGhost/Casper#32 to close

- Remove extra semi-colon
 2013-10-14 12:45:46 -05:00
Ryan Powell
dc1cf3b509 changes to support URI's without a scheme in config.js. 
also removed "http:" from google fonts link to prevent a mixed content warning.
 2013-10-14 10:42:08 -04:00
Hannah Wolfe
119b0ea430 Merge branch '0.3.2-wip' 
Conflicts:
	core/client/assets/lib/uploader.js
 2013-10-11 20:56:15 +01:00
Hannah Wolfe
b4e04b3650 Fix for image uploads 
- express 3.4.0 uses connect 2.9.0 which had a sizable change to how multipart woks
- this change resulting in req.files.uploadimage.type going away
 2013-10-11 20:26:09 +01:00
cobbspur
c52a10cd1a fixed image upload url synchronicity and url removed on cancel 
closes #988, closes #956, closes #975

- fixed multiple ids and refactored triggers
- persistence requirement overridden
- trash can now removes url in editor
- if empty url is saved http:// is inserted and dropzone initialized

Conflicts:
	core/client/assets/lib/uploader.js
 2013-10-11 18:15:17 +01:00
jamesbloomer
9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files. 
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
 2013-10-11 18:05:31 +01:00
Sebastian Gierlinger
b040ea3365 Change from address 
closes #872
- changed from address to use config.mail.fromaddress
- changed from address to default to settings.email
 2013-10-11 12:49:33 +01:00
Hannah Wolfe
c732cd2ccb Adding xss unit test 
issue #938
 2013-10-10 16:43:25 +01:00
Hannah Wolfe
9466a9753b Merge branch '0.3.2-wip' 
Conflicts:
	core/test/unit/api_posts_spec.js
 2013-10-10 16:37:35 +01:00
Hannah Wolfe
31e2737cfd Update config validation to allow for socket only 
issue #887
 2013-10-10 16:13:02 +01:00
Patrick Garman
97f592aa41 Allow Ghost to run using sockets 
Closes #887
- Adds getSocket function > Returns the socket location if sockets are enabled or false
- Adds startGhost function > Callback for server.listen
 2013-10-10 16:12:28 +01:00