ghost 5.0.2 → 5.2.0

package/core/frontend/helpers/tiers.js

@@ -3,12 +3,11 @@
 //
 // Returns a string of the tiers with access to the post.
 // By default, tiers are separated by commas.
-const {labs} = require('../services/proxy');
 const {SafeString, escapeExpression} = require('../services/handlebars');
 
 const isString = require('lodash/isString');
 
-function tiers(options = {}) {
+module.exports = function tiers(options = {}) {
     options = options || {};
     options.hash = options.hash || {};
 
@@ -42,18 +41,4 @@ function tiers(options = {}) {
     }
 
     return new SafeString(output);
-}
-
-module.exports = function productsLabsWrapper() {
-    let self = this;
-    let args = arguments;
-
-    return labs.enabledHelper({
-        flagKey: 'multipleProducts',
-        flagName: 'Tiers',
-        helperName: 'tiers',
-        helpUrl: 'https://ghost.org/docs/themes/'
-    }, () => {
-        return tiers.apply(self, args);
-    });
 };

package/core/frontend/services/rendering/context.js

@@ -57,9 +57,6 @@ function setResponseContext(req, res, data) {
         }
     }
 
-    // @TODO: remove first if condition when only page key is returned
-    //        ref.: https://github.com/TryGhost/Ghost/issues/10042
-    // The first if is now used by the preview route
     if (data && data.page) {
         if (!res.locals.context.includes('page')) {
             res.locals.context.push('page');

package/core/frontend/services/rendering/format-response.js

@@ -6,7 +6,7 @@ const {prepareContextResource} = require('../proxy');
  *
  * @return {Object} containing page variables
  */
-function formatPageResponse(result) {
+function formatPageResponse(result, pageAsPost = false) {
     const response = {};
 
     if (result.posts) {
@@ -32,6 +32,10 @@ function formatPageResponse(result) {
         }
     });
 
+    if (pageAsPost && response.page) {
+        response.post = response.page;
+    }
+
     return response;
 }
 

package/core/frontend/services/routing/controllers/static.js

@@ -60,7 +60,10 @@ module.exports = function staticController(req, res, next) {
                 });
             }
 
-            renderer.renderer(req, res, renderer.formatResponse.entries(response));
+            // This flag solves the confusion about whether the output contains a post or page object by duplicating the objects
+            // This is not ideal, but will solve some long standing pain points with dynamic routing until we can overhaul it
+            const duplicatePagesAsPosts = true;
+            renderer.renderer(req, res, renderer.formatResponse.entries(response, duplicatePagesAsPosts));
         })
         .catch(renderer.handleError(next));
 };

package/core/frontend/services/routing/controllers/unsubscribe.js

@@ -1,48 +1,24 @@
 const debug = require('@tryghost/debug')('services:routing:controllers:unsubscribe');
-const path = require('path');
 const url = require('url');
 
 const urlUtils = require('../../../../shared/url-utils');
-const megaService = require('../../../../server/services/mega');
-const renderer = require('../../rendering');
-const labs = require('../../../../shared/labs');
 
 module.exports = async function unsubscribeController(req, res) {
     debug('unsubscribeController');
 
-    if (labs.isSet('multipleNewslettersUI')) {
-        const {query} = url.parse(req.url, true);
+    const {query} = url.parse(req.url, true);
 
-        if (!query || !query.uuid) {
-            res.writeHead(400);
-            return res.end('Email address not found.');
-        }
-
-        const redirectUrl = new URL(urlUtils.urlFor('home', true));
-        redirectUrl.searchParams.append('uuid', query.uuid);
-        if (query.newsletter) {
-            redirectUrl.searchParams.append('newsletter', query.newsletter);
-        }
-        redirectUrl.searchParams.append('action', 'unsubscribe');
-
-        return res.redirect(302, redirectUrl.href);
+    if (!query || !query.uuid) {
+        res.writeHead(400);
+        return res.end('Email address not found.');
     }
 
-    let data = {};
-
-    try {
-        data.member = await megaService.mega.handleUnsubscribeRequest(req);
-    } catch (err) {
-        data.error = err.message;
+    const redirectUrl = new URL(urlUtils.urlFor('home', true));
+    redirectUrl.searchParams.append('uuid', query.uuid);
+    if (query.newsletter) {
+        redirectUrl.searchParams.append('newsletter', query.newsletter);
     }
+    redirectUrl.searchParams.append('action', 'unsubscribe');
 
-    const templateName = 'unsubscribe';
-
-    res.routerOptions = {
-        type: 'custom',
-        templates: templateName,
-        defaultTemplate: path.resolve(__dirname, '../../../views/', templateName)
-    };
-
-    return renderer.renderer(req, res, data);
+    return res.redirect(302, redirectUrl.href);
 };

package/core/frontend/web/middleware/handle-image-sizes.js

@@ -7,6 +7,8 @@ const activeTheme = require('../../services/theme-engine/active');
 const config = require('../../../shared/config');
 
 const SIZE_PATH_REGEX = /^\/size\/([^/]+)\//;
+const FORMAT_PATH_REGEX = /^\/format\/([^./]+)\//;
+
 const TRAILING_SLASH_REGEX = /\/+$/;
 
 module.exports = function (req, res, next) {
@@ -18,9 +20,29 @@ module.exports = function (req, res, next) {
         return next();
     }
 
-    const [sizeImageDir, requestedDimension] = req.url.match(SIZE_PATH_REGEX);
+    const requestedDimension = req.url.match(SIZE_PATH_REGEX)[1];
+    
+    // Note that we don't use sizeImageDir because we need to keep the trailing slash
+    let imagePath = req.url.replace(`/size/${requestedDimension}`, '');
+
+    // Check if we want to format the image
+    let format = null;
+    const matchedFormat = imagePath.match(FORMAT_PATH_REGEX);
+    if (matchedFormat) {
+        format = matchedFormat[1];
+
+        // Note that we don't use matchedFormat[0] because we need to keep the trailing slash
+        imagePath = imagePath.replace(`/format/${format}`, '');
+    }
+
     const redirectToOriginal = () => {
-        const url = req.originalUrl.replace(`/size/${requestedDimension}`, '');
+        // We need to keep the first slash here
+        let url = req.originalUrl
+            .replace(`/size/${requestedDimension}`, '');
+        
+        if (format) {
+            url = url.replace(`/format/${format}`, '');
+        }
         return res.redirect(url);
     };
 
@@ -31,14 +53,10 @@ module.exports = function (req, res, next) {
         return next();
     }
 
-    // CASE: image transform is not capable of transforming file (e.g. .gif)
-    if (!imageTransform.canTransformFileExtension(requestUrlFileExtension)) {
-        return redirectToOriginal();
-    }
-
     const contentImageSizes = config.get('imageOptimization:contentImageSizes');
+    const internalImageSizes = config.get('imageOptimization:internalImageSizes');
     const themeImageSizes = activeTheme.get().config('image_sizes');
-    const imageSizes = _.merge({}, themeImageSizes, contentImageSizes);
+    const imageSizes = _.merge({}, themeImageSizes, internalImageSizes, contentImageSizes);
 
     // CASE: no image_sizes config (NOTE - unlikely to be reachable now we have content sizes)
     if (!imageSizes) {
@@ -63,6 +81,25 @@ module.exports = function (req, res, next) {
         return redirectToOriginal();
     }
 
+    // CASE: image transform is not capable of transforming some files (e.g. .ico)
+    if (!imageTransform.canTransformFileExtension(requestUrlFileExtension)) {
+        return redirectToOriginal();
+    }
+
+    if (format) {        
+        // CASE: When formatting, we need to check if the imageTransform package supports this specific format
+        if (!imageTransform.canTransformToFormat(format)) {
+            // transform not supported
+            return redirectToOriginal();
+        }
+    }
+
+    // CASE: when transforming is supported, we need to check if it is desired 
+    // (e.g. it is not desired to resize SVGs when not formatting them to a different type)
+    if (!format && !imageTransform.shouldResizeFileExtension(requestUrlFileExtension)) {
+        return redirectToOriginal();
+    }
+
     const storageInstance = storage.getStorage('images');
     // CASE: unsupported storage adapter
     if (typeof storageInstance.saveRaw !== 'function') {
@@ -79,7 +116,6 @@ module.exports = function (req, res, next) {
             return redirectToOriginal();
         }
 
-        const imagePath = path.relative(sizeImageDir, req.url);
         const {dir, name, ext} = path.parse(imagePath);
         const [imageNameMatched, imageName, imageNumber] = name.match(/^(.+?)(-\d+)?$/) || [null];
 
@@ -104,12 +140,16 @@ module.exports = function (req, res, next) {
                 if (originalImageBuffer.length <= 0) {
                     throw new NoContentError();
                 }
-                return imageTransform.resizeFromBuffer(originalImageBuffer, imageDimensionConfig);
+                return imageTransform.resizeFromBuffer(originalImageBuffer, {withoutEnlargement: requestUrlFileExtension !== '.svg', ...imageDimensionConfig, format});
             })
             .then((resizedImageBuffer) => {
                 return storageInstance.saveRaw(resizedImageBuffer, req.url);
             });
     }).then(() => {
+        if (format) {
+            // File extension won't match the new format, so we need to update the Content-Type header manually here
+            res.type(format);
+        }
         next();
     }).catch(function (err) {
         if (err.code === 'SHARP_INSTALLATION' || err.code === 'IMAGE_PROCESSING' || err.errorType === 'NoContentError') {

package/core/frontend/web/middleware/serve-favicon.js

@@ -3,7 +3,6 @@ const path = require('path');
 const crypto = require('crypto');
 const config = require('../../../shared/config');
 const {blogIcon} = require('../../../server/lib/image');
-const storage = require('../../../server/adapters/storage');
 const urlUtils = require('../../../shared/url-utils');
 const settingsCache = require('../../../shared/settings-cache');
 
@@ -26,11 +25,10 @@ const buildContentResponse = (ext, buf) => {
 // ### serveFavicon Middleware
 // Handles requests to favicon.png and favicon.ico
 function serveFavicon() {
-    let iconType;
     let filePath;
 
     return function serveFaviconMiddleware(req, res, next) {
-        if (req.path.match(/^\/favicon\.(ico|png)/i)) {
+        if (req.path.match(/^\/favicon\.(ico|png|jpe?g)/i)) {
             // CASE: favicon is default
             // confusing: if you upload an icon, it's same logic as storing images
             // we store as /content/images, because this is the url path images get requested via the browser
@@ -44,21 +42,8 @@ function serveFavicon() {
 
             // CASE: custom favicon exists, load it from local file storage
             if (settingsCache.get('icon')) {
-                // depends on the uploaded icon extension
-                if (originalExtension !== requestedExtension) {
-                    return res.redirect(302, urlUtils.urlFor({relativeUrl: `/favicon${originalExtension}`}));
-                }
-
-                storage.getStorage('images')
-                    .read({path: filePath})
-                    .then((buf) => {
-                        iconType = blogIcon.getIconType();
-                        content = buildContentResponse(iconType, buf);
-
-                        res.writeHead(200, content.headers);
-                        res.end(content.body);
-                    })
-                    .catch(next);
+                // Always redirect to the icon path, which is never favicon.xxx
+                return res.redirect(302, blogIcon.getIconUrl());
             } else {
                 originalExtension = path.extname(filePath).toLowerCase();
 

package/core/server/api/canary/utils/serializers/output/mappers/posts.js

@@ -13,7 +13,6 @@ const url = require('../utils/url');
 const utils = require('../../../index');
 
 const postsMetaSchema = require('../../../../../../data/schema').tables.posts_meta;
-const labsService = require('../../../../../../../shared/labs');
 
 const getPostServiceInstance = require('../../../../../../services/posts/posts-service');
 const postsService = getPostServiceInstance();
@@ -35,9 +34,7 @@ module.exports = async (model, frame, options = {}) => {
     extraAttrs.forPost(frame, model, jsonModel);
 
     // Attach tiers to custom nql visibility filter
-    if (labsService.isSet('multipleProducts')
-        && jsonModel.visibility
-    ) {
+    if (jsonModel.visibility) {
         if (['members', 'public'].includes(jsonModel.visibility) && jsonModel.tiers) {
             jsonModel.tiers = tiersData || [];
         }

package/core/server/api/canary/utils/serializers/output/members.js

@@ -1,7 +1,6 @@
 //@ts-check
 const debug = require('@tryghost/debug')('api:canary:utils:serializers:output:members');
 const {unparse} = require('@tryghost/members-csv');
-const labsService = require('../../../../../../shared/labs');
 
 module.exports = {
     browse: createSerializer('browse', paginatedMembers),
@@ -142,19 +141,17 @@ function serializeMember(member, options) {
         delete subscription.price.product;
     }
 
-    if (labsService.isSet('multipleNewsletters')) {
-        if (json.newsletters) {
-            serialized.newsletters = json.newsletters
-                .filter(newsletter => newsletter.status === 'active')
-                .sort((a, b) => {
-                    return a.sort_order - b.sort_order;
-                });
-        }
-        // override the `subscribed` param to mean "subscribed to any active newsletter"
-        serialized.subscribed = false;
-        if (Array.isArray(serialized.newsletters) && serialized.newsletters.length > 0) {
-            serialized.subscribed = true;
-        }
+    if (json.newsletters) {
+        serialized.newsletters = json.newsletters
+            .filter(newsletter => newsletter.status === 'active')
+            .sort((a, b) => {
+                return a.sort_order - b.sort_order;
+            });
+    }
+    // override the `subscribed` param to mean "subscribed to any active newsletter"
+    serialized.subscribed = false;
+    if (Array.isArray(serialized.newsletters) && serialized.newsletters.length > 0) {
+        serialized.subscribed = true;
     }
 
     return serialized;

package/core/server/api/canary/utils/serializers/output/settings.js

@@ -33,8 +33,21 @@ function serializeSettings(models, apiConfig, frame) {
     // If this is public, we already have the right data, we just need to add an Array wrapper
     if (utils.isContentAPI(frame)) {
         filteredSettings = models;
+        
+        // Change the returned icon location to use a resized version, to prevent serving giant icon files
+        const icon = filteredSettings.icon;
+        if (icon) {
+            filteredSettings.icon = filteredSettings.icon.replace(/\/content\/images\//, '/content/images/size/w256h256/');
+        }
     } else {
         filteredSettings = _.values(settingsFilter(models, frame.options.group));
+
+        // Change the returned icon location to use a resized version, to prevent serving giant icon files
+        // in admin
+        const icon = filteredSettings.find(setting => setting.key === 'icon');
+        if (icon && icon.value) {
+            icon.value = icon.value.replace(/\/content\/images\//, '/content/images/size/w256h256/');
+        }
     }
 
     frame.response = {

package/core/server/api/canary/utils/validators/input/images.js

@@ -6,7 +6,8 @@ const {imageSize, blogIcon} = require('../../../../../lib/image');
 
 const messages = {
     isNotSquare: 'Please select a valid image file with square dimensions.',
-    invalidFile: 'Icon must be a square .ico or .png file between 60px – 1,000px, under 100kb.'
+    invalidIcoFile: 'Ico icons must be square, at least 60x60px, and under 200kB.',
+    invalidFile: 'Icon must be a .jpg, .webp, .svg or .png file, at least 60x60px, under 20MB.'
 };
 
 const profileImage = (frame) => {
@@ -26,14 +27,25 @@ const profileImage = (frame) => {
 const icon = (frame) => {
     const iconExtensions = (config.get('uploads').icons && config.get('uploads').icons.extensions) || [];
 
+    // We don't support resizing .ico files, so we set a lower max upload size
+    const isIco = frame.file.ext.toLowerCase() === '.ico';
+    const isSVG = frame.file.ext.toLowerCase() === '.svg';
+
     const validIconFileSize = (size) => {
-        return (size / 1024) <= 100;
+        if (isIco) {
+            // Keep using kB instead of KB
+            return (size / 1024) <= 200;
+        }
+        // Use MB representation (not MiB)
+        return (size / 1000 / 1000) <= 20;
     };
 
-    // CASE: file should not be larger than 100kb
+    const message = isIco ? messages.invalidIcoFile : messages.invalidFile;
+
+    // CASE: file should not be larger than 20MB
     if (!validIconFileSize(frame.file.size)) {
         return Promise.reject(new errors.ValidationError({
-            message: tpl(messages.invalidFile, {extensions: iconExtensions})
+            message: tpl(message, {extensions: iconExtensions})
         }));
     }
 
@@ -41,25 +53,27 @@ const icon = (frame) => {
         // save the image dimensions in new property for file
         frame.file.dimensions = response;
 
-        // CASE: file needs to be a square
-        if (frame.file.dimensions.width !== frame.file.dimensions.height) {
-            return Promise.reject(new errors.ValidationError({
-                message: tpl(messages.invalidFile, {extensions: iconExtensions})
-            }));
+        if (isIco) {
+            // CASE: file needs to be a square
+            if (frame.file.dimensions.width !== frame.file.dimensions.height) {
+                return Promise.reject(new errors.ValidationError({
+                    message: tpl(message, {extensions: iconExtensions})
+                }));
+            }
+
+            // CASE: icon needs to be smaller than or equal to 1000px
+            if (frame.file.dimensions.width > 1000) {
+                return Promise.reject(new errors.ValidationError({
+                    message: tpl(message, {extensions: iconExtensions})
+                }));
+            }
         }
 
         // CASE: icon needs to be bigger than or equal to 60px
         // .ico files can contain multiple sizes, we need at least a minimum of 60px (16px is ok, as long as 60px are present as well)
-        if (frame.file.dimensions.width < 60) {
-            return Promise.reject(new errors.ValidationError({
-                message: tpl(messages.invalidFile, {extensions: iconExtensions})
-            }));
-        }
-
-        // CASE: icon needs to be smaller than or equal to 1000px
-        if (frame.file.dimensions.width > 1000) {
+        if (!isSVG && frame.file.dimensions.width < 60) {
             return Promise.reject(new errors.ValidationError({
-                message: tpl(messages.invalidFile, {extensions: iconExtensions})
+                message: tpl(message, {extensions: iconExtensions})
             }));
         }
     });

package/core/server/api/canary/utils/validators/input/settings.js

@@ -45,6 +45,12 @@ module.exports = {
             }
         });
 
+        // Prevent setting icon to the resized one when sending all settings received from browse again in the edit endpoint
+        const icon = frame.data.settings.find(setting => setting.key === 'icon');
+        if (icon && icon.value) {
+            icon.value = icon.value.replace(/\/content\/images\/size\/([^/]+)\//, '/content/images/');
+        }
+
         if (errors.length) {
             return Promise.reject(errors[0]);
         }

package/core/server/data/db/connection.js

@@ -1,4 +1,8 @@
+const _ = require('lodash');
 const knex = require('knex');
+const os = require('os');
+
+const logging = require('@tryghost/logging');
 const config = require('../../../shared/config');
 let knexInstance;
 
@@ -30,6 +34,15 @@ function configure(dbConfig) {
         // Force bthreads to use child_process backend until a worker_thread-compatible version of sqlite3 is published
         // https://github.com/mapbox/node-sqlite3/issues/1386
         process.env.BTHREADS_BACKEND = 'child_process';
+
+        // In the default SQLite test config we set the path to /tmp/ghost-test.db,
+        // but this won't work on Windows, so we need to replace the /tmp bit with
+        // the Windows temp folder
+        const filename = dbConfig.connection.filename;
+        if (process.platform === 'win32' && _.isString(filename) && filename.match(/^\/tmp/)) {
+            dbConfig.connection.filename = filename.replace(/^\/tmp/, os.tmpdir());
+            logging.info(`Ghost DB path: ${dbConfig.connection.filename}`);
+        }
     }
 
     if (client === 'mysql2') {

package/core/server/lib/image/blog-icon.js

@@ -56,53 +56,77 @@ class BlogIcon {
     }
 
     /**
-     * Check if file is `.ico` extension
-     * Always returns {object} isIcoImageType
-     * @param {string} icon
-     * @returns {boolean} true if submitted path is .ico file
+     * Returns the mime type (part after image/) of the favicon that will get served (not the stored one) 
+     * @param {string} [icon]
+     * @returns {'png' | 'x-icon' | 'jpeg'}
      * @description Takes a path and returns boolean value.
      */
-    isIcoImageType(icon) {
-        const blogIcon = icon || this.settingsCache.get('icon');
+    getIconType(icon) {
+        const ext = this.getIconExt(icon);
 
-        return blogIcon.match(/.ico$/i) ? true : false;
+        return ext === 'ico' ? 'x-icon' : ext;
     }
 
     /**
-     * Check if file is `.ico` extension
-     * Always returns {object} isIcoImageType
-     * @param {string} icon
-     * @returns {boolean} true if submitted path is .ico file
-     * @description Takes a path and returns boolean value.
+     * We support the usage of .svg, .gif, .webp extensions, but (for now, until more browser support them) transform them to 
+     * a simular extension
+     * @param {string} [icon]
+     * @returns {'png' | 'ico' | 'jpeg'}
      */
-    getIconType(icon) {
+    getIconExt(icon) {
         const blogIcon = icon || this.settingsCache.get('icon');
 
-        return this.isIcoImageType(blogIcon) ? 'x-icon' : 'png';
+        // If the native format is supported, return the native format
+        if (blogIcon.match(/.ico$/i)) {
+            return 'ico';
+        }
+
+        if (blogIcon.match(/.jpe?g$/i)) {
+            return 'jpeg';
+        }
+
+        if (blogIcon.match(/.png$/i)) {
+            return 'png';
+        }
+
+        // Default to png for all other types
+        return 'png';
+    }
+
+    getSourceIconExt(icon) {
+        const blogIcon = icon || this.settingsCache.get('icon');
+        return path.extname(blogIcon).toLowerCase().substring(1);
     }
 
     /**
-     * Return URL for Blog icon: [subdirectory or not]favicon.[ico or png]
+     * Return URL for Blog icon: [subdirectory or not]favicon.[ico, jpeg, or png]
      * Always returns {string} getIconUrl
-     * @returns {string} [subdirectory or not]favicon.[ico or png]
+     * @returns {string} [subdirectory or not]favicon.[ico, jpeg, or png]
      * @description Checks if we have a custom uploaded icon and the extension of it. If no custom uploaded icon
      * exists, we're returning the default `favicon.ico`
      */
-    getIconUrl(absolut) {
+    getIconUrl(absolute) {
         const blogIcon = this.settingsCache.get('icon');
 
-        if (absolut) {
-            if (blogIcon) {
-                return this.isIcoImageType(blogIcon) ? this.urlUtils.urlFor({relativeUrl: '/favicon.ico'}, true) : this.urlUtils.urlFor({relativeUrl: '/favicon.png'}, true);
-            } else {
-                return this.urlUtils.urlFor({relativeUrl: '/favicon.ico'}, true);
+        if (blogIcon) {
+            // Resize + format icon to one of the supported file extensions
+            const sourceExt = this.getSourceIconExt(blogIcon);
+            const destintationExt = this.getIconExt(blogIcon);
+
+            if (sourceExt === 'ico') {
+                // Resize not supported (prevent a redirect)
+                return this.urlUtils.urlFor({relativeUrl: blogIcon}, absolute ? true : undefined);
             }
-        } else {
-            if (blogIcon) {
-                return this.isIcoImageType(blogIcon) ? this.urlUtils.urlFor({relativeUrl: '/favicon.ico'}) : this.urlUtils.urlFor({relativeUrl: '/favicon.png'});
-            } else {
-                return this.urlUtils.urlFor({relativeUrl: '/favicon.ico'});
+
+            if (sourceExt !== destintationExt) {
+                const formattedIcon = blogIcon.replace(/\/content\/images\//, `/content/images/size/w256h256/format/${this.getIconExt(blogIcon)}/`);
+                return this.urlUtils.urlFor({relativeUrl: formattedIcon}, absolute ? true : undefined);
             }
+
+            const sizedIcon = blogIcon.replace(/\/content\/images\//, '/content/images/size/w256h256/');
+            return this.urlUtils.urlFor({relativeUrl: sizedIcon}, absolute ? true : undefined);
+        } else {
+            return this.urlUtils.urlFor({relativeUrl: '/favicon.ico'}, absolute ? true : undefined);
         }
     }
 

package/core/server/lib/mobiledoc.js

@@ -38,7 +38,7 @@ module.exports = {
 
                     // NOTE: the "saveRaw" check is smelly
                     return imageTransform.canTransformFiles()
-                        && imageTransform.canTransformFileExtension(ext)
+                        && imageTransform.shouldResizeFileExtension(ext)
                         && typeof storage.getStorage('images').saveRaw === 'function';
                 }
             });

package/core/server/models/base/bookshelf.js

@@ -61,6 +61,8 @@ ghostBookshelf.plugin(require('./plugins/data-manipulation'));
 
 ghostBookshelf.plugin(require('./plugins/overrides'));
 
+ghostBookshelf.plugin(require('./plugins/relations'));
+
 // Manages nested updates (relationships)
 ghostBookshelf.plugin('bookshelf-relations', {
     allowedOptions: ['context', 'importing', 'migrating'],

package/core/server/models/base/plugins/data-manipulation.js

@@ -31,6 +31,7 @@ module.exports = function (Bookshelf) {
 
             _.each(attrs, function each(value, key) {
                 if (value !== null
+                && Object.prototype.hasOwnProperty.call(schema.tables, self.tableName)
                 && Object.prototype.hasOwnProperty.call(schema.tables[self.tableName], key)
                 && schema.tables[self.tableName][key].type === 'dateTime') {
                     attrs[key] = moment(value).format('YYYY-MM-DD HH:mm:ss');