Commit Graph

14 Commits

Author SHA1 Message Date
Toby Zerner
6cf1dbe648 Add HTMLPurifier after formatters are run.
After a morning of searching, it seems there is no PHP Markdown library
that has built-in XSS/sanitization support. The recommended solution is
to use HTMLPurifier.

This actually works out OK, though, as it’s probably a good idea to
enforce sanitization regardless of which formatters are enabled, and to
not leave them with the responsibility of sanitization (it’s a big
responsibility). Since we cache rendered posts, the slow speed of
HTMLPurifier isn’t a concern.

Note that HTMLPurifier requires a file to be loaded by Composer, but
Studio does not yet support this, so for now I have included it
manually.
2015-06-02 11:36:25 +09:30
Franz Liedke
119980e8ee Update PHPCS dependency 2015-05-19 01:22:52 +02:00
Toby Zerner
0e74bf4340 Update deps (including the addition of codesniffer, which should fix travis builds) 2015-05-18 14:09:05 +09:30
Toby Zerner
59d8d63acd Add preliminary avatar resizing 2015-05-07 13:59:07 +09:30
Toby Zerner
40a6d77e74 Big front-end asset/filestructure refactor
- Extract shared Ember components into a “flarum-common” ember-cli
addon. This can be used by both the forum + admin Ember apps, keeping
things DRY
- Move LESS styles into their own top-level directory and do a similar
thing (extract common styles)
- Add LESS/JS compilation and versioning to PHP (AssetManager)
- Set up admin entry point

(Theoretical) upgrade instructions:
- Delete everything in [app_root]/public
- Set up tooling in forum/admin Ember apps (npm install/update, bower
install/update) and then build them (ember build)
- php artisan vendor:publish
- Upgrade flarum/flarum repo (slight change in a config file)
- If you need to trigger a LESS/JS recompile, delete the .css/.js files
in [app_root]/public/flarum. I set up LiveReload to do this for me when
I change files in less/ or ember/

Todo:
- Start writing admin app!
- Remove bootstrap/font-awesome from repo and instead depend on their
composer packages? Maybe? (Bower is not an option here)
2015-03-29 22:13:26 +10:30
Toby Zerner
e710a2c93e Update dependencies 2015-03-28 15:43:57 +10:30
Toby Zerner
a62e04f956 Upgrade to JSON-API RC3 + latest version of tobscure/json-api
Note: npm source for ember-json-api changed to a fork, but I still had
to apply a custom change to get polymorphic relationships to work (see
https://github.com/kurko/ember-json-api/pull/71#issuecomment-85257281)
2015-03-24 15:04:24 +10:30
Toby Zerner
d16ba15440 Update dependencies 2015-02-24 21:46:46 +10:30
Toby Zerner
2c46888db5 Upgrade to L5 + huge refactor + more. closes #2
New stuff:
- Signup + email confirmation.
- Updated authentication strategy with remember cookies. closes #5
- New search system with some example gambits! This is cool - check out
the source. Fulltext drivers will be implemented as decorators
overriding the EloquentPostRepository’s findByContent method.
- Lay down the foundation for bootstrapping the Ember app.
- Update Web layer’s asset manager to properly publish CSS/JS files.
- Console commands to run installation migrations and seeds.

Refactoring:
- New structure: move models, repositories, commands, and events into
their own namespaces, rather than grouping by entity.
- All events are classes.
- Use L5 middleware and command bus implementations.
- Clearer use of repositories and the Active Record pattern.
Repositories are used only for retrieval of ActiveRecord objects, and
then save/delete operations are called directly on those ActiveRecords.
This way, we don’t over-abstract at the cost of Eloquent magic, but
testing is still easy.
- Refactor of Web layer so that it uses the Actions routing
architecture.
- “Actor” concept instead of depending on Laravel’s Auth.
- General cleanup!
2015-02-24 20:33:18 +10:30
Toby Zerner
af94f22334 Rejig post formatting 2015-02-09 09:49:48 +10:30
Toby Zerner
6ceefa0f85 Update + add some deps for testing 2015-01-21 12:00:38 +10:30
Toby Zerner
f08ae1cceb Update deps 2015-01-19 20:40:51 +10:30
Toby Zerner
4f2407bba3 Relocate to workbench so that dev dependencies are loaded properly. 2014-12-23 22:59:15 +10:30
Mike Dugan
bf94197dcd add codeception, update gitignore 2014-12-22 08:28:01 -05:00