ghost

14068 commits 234 branches 1697 tags 546 MiB

Author SHA1 Message Date

Author	SHA1	Message	Date
Hannah Wolfe	9e96b04542	Moved server unit tests into the server folder - this is a small part of a bit of cleanup of our test files - the goal is to make the existing tests clearer with a view to making it easier to write more tests - this makes the test structure follow the codebase structure more closely - eventually we will colocate the tests as we break the codebase down further	2021-10-06 12:01:09 +01:00
Daniel Lockyer	93e4b2eafd	🔒 Fixed remote command injection when using `sendmail` email transport refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm refs https://github.com/advisories/GHSA-48ww-j4fc-435p - a vulnerability in `nodemailer` means that the `sendmail` transport is vulnerable to command injection for flags passed to the `sendmail` binary - updating to the latest version of Nodemailer required creating `@tryghost/nodemailer`, which is a wrapper around Nodemailer and several plugins that used to be in the core - this commit switches to using that package, and fixes up some small code + test changes	2021-09-17 16:46:51 +01:00
Hannah Wolfe	f08a55c21f	Renamed tests to .test.js & updated commands refs: https://github.com/TryGhost/Team/issues/856 refs: https://github.com/TryGhost/Team/issues/756 - The .test.js extension is better than _spec.js as it's more obvious that it's an extension - It also meaans we can use the --extension parameter in mocha, which should result in a better default behaviour for `yarn test` - It also highlights that some of our tests were named incorrectly and were not (and still will not be) run (see https://github.com/TryGhost/Team/issues/856) - Note: even with this change, `yarn test` is throwing errors, I believe because of this issue https://github.com/TryGhost/Team/issues/756	2021-07-06 20:45:01 +01:00

Hannah Wolfe

9e96b04542

Moved server unit tests into the server folder

- this is a small part of a bit of cleanup of our test files
- the goal is to make the existing tests clearer with a view to making it easier to write more tests
- this makes the test structure follow the codebase structure more closely
- eventually we will colocate the tests as we break the codebase down further

2021-10-06 12:01:09 +01:00

Daniel Lockyer

93e4b2eafd

🔒 Fixed remote command injection when using sendmail email transport

refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes

2021-09-17 16:46:51 +01:00

Hannah Wolfe

f08a55c21f

Renamed tests to .test.js & updated commands

refs: https://github.com/TryGhost/Team/issues/856
refs: https://github.com/TryGhost/Team/issues/756

- The .test.js extension is better than _spec.js as it's more obvious that it's an extension
- It also meaans we can use the --extension parameter in mocha, which should result in a better default behaviour for `yarn test`
- It also highlights that some of our tests were named incorrectly and were not (and still will not be) run (see https://github.com/TryGhost/Team/issues/856)
- Note: even with this change, `yarn test` is throwing errors, I believe because of this issue https://github.com/TryGhost/Team/issues/756

2021-07-06 20:45:01 +01:00

Renamed from test/unit/services/mail/GhostMailer_spec.js (Browse further)

3 commits