Sync with upstream Ghost v6.20.0#53
Open
madewithlove-machine-user wants to merge 18 commits intomainfrom
Open
Conversation
fixes https://linear.app/ghost/issue/ONC-1510 Sites using a subdirectory/proxy setup (e.g. `example.com/blog/ghost/`) could not sign out via the UI — the sign-out handler redirected to `/ghost` instead of `/blog/ghost/`, resulting in a "Cannot GET /ghost" error. - Replaced hardcoded `/ghost/api/admin/session` fetch URL with `getGhostPaths().apiRoot` which derives the correct subdirectory from the current URL - Replaced hardcoded `/ghost` redirect with `getGhostPaths().adminRoot` so the post-signout redirect respects the subdirectory
ref TryGhost#26640 The subdirectory signout bug was caused by hardcoded /ghost/ paths that don't account for subdirectory installations. This adds a custom lint rule to catch string literals and template literals starting with /ghost/ in src files, guiding developers to use getGhostPaths() instead.
This PR adds i18n ("t") wrapping for the private.hbs, pagination.hbs,
and content-cta.hbs templates.
Note that content-cta required a little bit of a logic restructuring to
make them more translatable. (Substituting in "page"/"post" was more
likely to be a-grammatical or confusing vs splitting out two version of
the string.
At the present time, translations will be pulled from the
theme/locales/xx.json file, with fallback first to en, then to the key.
Thus, no effects on page render are expected until we add translations.
A separate PR will handle a shared set of translations so that each
theme doesn't need to reproduce the work of translating these shared
strings.
Note: I needed to update tests to make the 't' helper available.
Additionally, since we have two different paths for t (based on
feature-flagging the i18n/i18next swap), I did a restructure to test
both routes.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Low behavioral risk but moderate template-rendering risk: multiple
shared frontend templates now rely on `t` helper bindings and changed
string composition, which could affect output if helpers/locales aren’t
registered or interpolation is wrong.
>
> **Overview**
> Adds theme i18n support to core frontend templates by wrapping
user-facing strings in `{{t}}` across `private.hbs`, `pagination.hbs`,
and the paywall `content-cta.hbs` (including parameterized `Page {page}
of {totalPages}` and tier-list interpolation).
>
> Refactors `content-cta.hbs` copy to split page vs post variants for
better translation grammar, and updates tests to register `t` plus
verify translations/fallbacks for both legacy `themeI18n` and new
`themeI18next` paths via a new `i18n-test-utils` harness and expanded
locale fixtures (en/de).
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c5bfec9. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Steve Larson <9larsons@gmail.com>
no-issue Moved URL decoding and path normalization to a single place at the top of the request handler, rather than having each helper function decode independently. isDeniedFile and isAllowedFile are now pure functions that operate on an already-decoded path. Extracted denylist and allowlist constants to module level for clarity.
closes https://linear.app/ghost/issue/NY-1097 This change should have no user impact. It's just a cleanup.
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [eslint-plugin-playwright](https://redirect.github.com/mskelton/eslint-plugin-playwright) | [`2.7.1` → `2.8.0`](https://renovatebot.com/diffs/npm/eslint-plugin-playwright/2.7.1/2.8.0) |  |  | --- ### Release Notes <details> <summary>mskelton/eslint-plugin-playwright (eslint-plugin-playwright)</summary> ### [`v2.8.0`](https://redirect.github.com/mskelton/eslint-plugin-playwright/releases/tag/v2.8.0) [Compare Source](https://redirect.github.com/mskelton/eslint-plugin-playwright/compare/v2.7.1...v2.8.0) ##### Bug Fixes - Add missing test coverage and fix several minor bugs ([#&TryGhost#8203;434](https://redirect.github.com/mskelton/eslint-plugin-playwright/issues/434)) ([e3398ec](https://redirect.github.com/mskelton/eslint-plugin-playwright/commit/e3398ec61da52de205e7c9af2896633357769f74)) - **missing-playwright-await:** Handle spread elements ([df30163](https://redirect.github.com/mskelton/eslint-plugin-playwright/commit/df3016323819f7bc335fd1841971dccc2ae64f51)), closes [#&TryGhost#8203;430](https://redirect.github.com/mskelton/eslint-plugin-playwright/issues/430) - **missing-playwright-await:** Support more promise edge cases ([b4cdcbd](https://redirect.github.com/mskelton/eslint-plugin-playwright/commit/b4cdcbd010a2b4dfc7ee14ab5bdc655897389f19)) ##### Features - Auto-detect `test.extend()` fixtures and import aliases ([#&TryGhost#8203;432](https://redirect.github.com/mskelton/eslint-plugin-playwright/issues/432)) ([8b22ee7](https://redirect.github.com/mskelton/eslint-plugin-playwright/commit/8b22ee7b1f7823d81bafda82e240dd51106726dd)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - Only on Sunday and Saturday ( * * * * 0,6 ), Between 12:00 AM and 12:59 PM, only on Monday ( * 0-12 * * 1 ) in timezone Etc/UTC. 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/TryGhost/Ghost). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
no ref This types-only change should have no user impact.
no ref - added yarn dev:mailgun script to bypass mailpit when needing to use a real service for testing trx emails
towards https://linear.app/ghost/issue/NY-1101 ref TryGhost/Koenig#1750 You can now paste URLs and use the bookmark card in the welcome email editor. https://github.com/user-attachments/assets/ca7d2be9-488c-4433-b679-8beccdcb1714 Co-authored-by: Steve Larson <9larsons@gmail.com>
ref https://linear.app/ghost/issue/NY-1114/ - added card styles to member email editor to support image, button, callout, etc cards
ref https://linear.app/ghost/issue/NY-1109/ - added use link suggestions hook in framework - added adapter hook in settings for ease - added link suggestions functionality to welcome email editor This PR adds link suggestions similar to the editor implementation. It's largely a rewrite of the hooks used there that'll later be used for all of admin.  Co-authored-by: Evan Hahn <evan@ghost.org>
…26641) no ref When someone signs up with a [Feedbin] email address, we now have a link to take them straight to the app. (Feedbin is an RSS reader that has custom email inboxes you can use to read everything all in one place.) Note that Feedbin doesn't have an Android app, so we use the regular desktop link for both. [Feedbin]: https://feedbin.com/ Co-authored-by: Cathy Sarisky <42299862+cathysarisky@users.noreply.github.com>
## Summary - Removed @cmraible and @ibalosh from `/e2e/` code ownership - Added @EvanHahn to `**/tinybird/` code ownership ## Why? The `/e2e/` package is changed in a lot of pull requests. Having 3 people tagged for review on any PR that touched the e2e package isn't ideal, because it makes the ownership unclear - which of the 3 of us will actually review each PR? Adding a single owner eliminates this confusion. The tinybird files are a different case - these change rarely, so it makes sense to have the whole team as owners — not necessarily so we will all review each PR, but so we all at least _see_ any PR that changes these files, even if retroactively.
…st#26655) refs https://linear.app/tryghost/issue/ONC-1518 ## Summary - Added `labels-manager` service with shared paginated label cache, debounced server-side search, and `sortLabels`/`findBySlug` helpers — all label dropdowns share one cache instead of each fetching independently - Rewrote `gh-member-label-input` to lazy-load labels on dropdown open with infinite scroll and automatic server-side/client-side search toggle based on whether all labels have been loaded - Converted `gh-member-single-label-input` from `OneWaySelect` to `PowerSelect` with search and infinite scroll support - Added `power-select-options-with-scroll` component for infinite-scroll pagination in `PowerSelect` dropdowns (segment select, recipient select) - Added cache invalidation to the shared label cache: `addLabel()`/`removeLabel()` for targeted mutations (member save, label delete), `reset()` for full reload on `refreshData` --------- Co-authored-by: Steve Larson <9larsons@gmail.com>
ref https://linear.app/ghost/issue/ONC-1521/ We should follow best practice to not trust any server-provided content, even when we're sanitizing input on the server. - Added `escapeHtml()` for template interpolations in reader iframe srcdoc - Added DOMPurify sanitization for all `dangerouslySetInnerHTML` usages
no issue This should prevent the flakiness we've seen where the domain tests take too long to run. Instead of using the ORM layer, we're bulk inserting / deleting using the knex layer. I wouldn't want to do this in the source, but in tests this feels like a suitable optimisation to check bulk cases quickly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Syncing fork to upstream release
v6.20.0.