ghost 5.1.1 → 5.2.2

package/core/server/data/db/connection.js

@@ -1,4 +1,8 @@
+const _ = require('lodash');
 const knex = require('knex');
+const os = require('os');
+
+const logging = require('@tryghost/logging');
 const config = require('../../../shared/config');
 let knexInstance;
 
@@ -30,6 +34,15 @@ function configure(dbConfig) {
         // Force bthreads to use child_process backend until a worker_thread-compatible version of sqlite3 is published
         // https://github.com/mapbox/node-sqlite3/issues/1386
         process.env.BTHREADS_BACKEND = 'child_process';
+
+        // In the default SQLite test config we set the path to /tmp/ghost-test.db,
+        // but this won't work on Windows, so we need to replace the /tmp bit with
+        // the Windows temp folder
+        const filename = dbConfig.connection.filename;
+        if (process.platform === 'win32' && _.isString(filename) && filename.match(/^\/tmp/)) {
+            dbConfig.connection.filename = filename.replace(/^\/tmp/, os.tmpdir());
+            logging.info(`Ghost DB path: ${dbConfig.connection.filename}`);
+        }
     }
 
     if (client === 'mysql2') {

package/core/server/data/importer/importers/data/products.js

@@ -1,6 +1,7 @@
 const _ = require('lodash');
 const BaseImporter = require('./base');
 const models = require('../../../../models');
+const debug = require('@tryghost/debug')('importer:products');
 
 class ProductsImporter extends BaseImporter {
     constructor(allDataFromFile) {
@@ -8,12 +9,12 @@ class ProductsImporter extends BaseImporter {
             modelName: 'Product',
             dataKeyToImport: 'products',
             requiredFromFile: ['stripe_prices'],
-            requiredExistingData: ['stripe_prices']
+            requiredExistingData: ['stripe_prices', 'products']
         });
     }
 
     fetchExisting(modelOptions) {
-        return models.Product.findAll(_.merge({columns: ['products.id as id']}, modelOptions))
+        return models.Product.findAll(_.merge({columns: ['products.id as id', 'name', 'slug']}, modelOptions))
             .then((existingData) => {
                 this.existingData = existingData.toJSON();
             });
@@ -58,8 +59,34 @@ class ProductsImporter extends BaseImporter {
         this.dataToImport = this.dataToImport.filter(item => !invalidProducts.includes(item.id));
     }
 
+    preventDuplicates() {
+        debug('preventDuplicates');
+        let duplicateProducts = [];
+        _.each(this.dataToImport, (objectInFile) => {
+            const existingObject = _.find(
+                this.requiredExistingData.products,
+                {name: objectInFile.name, slug: objectInFile.slug}
+            );
+            // CASE: tier already exists
+            if (existingObject) {
+                debug(`skipping existing product ${objectInFile.name}`);
+                this.problems.push({
+                    message: 'Entry was not imported and ignored. Detected duplicated entry.',
+                    help: this.modelName,
+                    context: JSON.stringify({
+                        product: objectInFile
+                    })
+                });
+                duplicateProducts.push(objectInFile.id);
+            }
+        });
+        // ignore products that already exist
+        this.dataToImport = this.dataToImport.filter(item => !duplicateProducts.includes(item.id));
+    }
+
     replaceIdentifiers() {
         // this has to be in replaceIdentifiers because it's after required* fields are set
+        this.preventDuplicates();
         this.validateStripePrice();
         return super.replaceIdentifiers();
     }

package/core/server/data/importer/importers/data/stripe-products.js

@@ -8,6 +8,7 @@ class StripeProductsImporter extends BaseImporter {
         super(allDataFromFile, {
             modelName: 'StripeProduct',
             dataKeyToImport: 'stripe_products',
+            requiredFromFile: ['products'],
             requiredImportedData: ['products'],
             requiredExistingData: ['products']
         });
@@ -41,11 +42,32 @@ class StripeProductsImporter extends BaseImporter {
                 objectInFile.product_id = importedObject.id;
                 return;
             }
-            const existingObject = _.find(this.requiredExistingData.products, {id: objectInFile.product_id});
+
+            const existingObjectById = _.find(this.requiredExistingData.products, {id: objectInFile.product_id});
             // CASE: the product exists in the db already
-            if (existingObject) {
+            if (existingObjectById) {
                 return;
             }
+
+            // CASE: we skipped product import because a product with the same name and slug exists in the DB
+            debug('lookup product by name and slug');
+            const productFromFile = _.find(
+                this.requiredFromFile.products,
+                {id: objectInFile.product_id}
+            );
+            if (productFromFile) {
+                // look for the existing product with the same name and slug
+                const existingObjectByNameAndSlug = _.find(
+                    this.requiredExistingData.products,
+                    {name: productFromFile.name, slug: productFromFile.slug}
+                );
+                if (existingObjectByNameAndSlug) {
+                    debug(`resolved ${objectInFile.product_id} to ${existingObjectByNameAndSlug.name}`);
+                    objectInFile.product_id = existingObjectByNameAndSlug.id;
+                    return;
+                }
+            }
+
             // CASE: we don't know what product this is for
             debug(`ignoring stripe product ${objectInFile.stripe_product_id}`);
             invalidProducts.push(objectInFile.id);

package/core/server/models/base/bookshelf.js

@@ -61,6 +61,8 @@ ghostBookshelf.plugin(require('./plugins/data-manipulation'));
 
 ghostBookshelf.plugin(require('./plugins/overrides'));
 
+ghostBookshelf.plugin(require('./plugins/relations'));
+
 // Manages nested updates (relationships)
 ghostBookshelf.plugin('bookshelf-relations', {
     allowedOptions: ['context', 'importing', 'migrating'],

package/core/server/models/base/plugins/data-manipulation.js

@@ -31,6 +31,7 @@ module.exports = function (Bookshelf) {
 
             _.each(attrs, function each(value, key) {
                 if (value !== null
+                && Object.prototype.hasOwnProperty.call(schema.tables, self.tableName)
                 && Object.prototype.hasOwnProperty.call(schema.tables[self.tableName], key)
                 && schema.tables[self.tableName][key].type === 'dateTime') {
                     attrs[key] = moment(value).format('YYYY-MM-DD HH:mm:ss');

package/core/server/models/base/plugins/relations.js

@@ -0,0 +1,30 @@
+/**
+ * @param {import('bookshelf')} Bookshelf
+ */
+module.exports = function (Bookshelf) {
+    Bookshelf.Model = Bookshelf.Model.extend({
+        /**
+         * Return a relation, and load it if it hasn't been loaded already (or force a refresh with the forceRefresh option).
+         * refs https://github.com/TryGhost/Team/issues/1626
+         * @param {string} name Name of the relation to load
+         * @param {Object} [options] Options to pass to the fetch when not yet loaded (or when force refreshing) 
+         * @param {boolean} [options.forceRefresh] If true, the relation will be fetched again even if it has already been loaded.
+         * @returns {Promise<import('bookshelf').Model|import('bookshelf').Collection|null>}
+         */
+        getLazyRelation: async function (name, options = {}) {
+            if (this.relations[name] && !options.forceRefresh) {
+                // Relation was already loaded
+                return this.relations[name];
+            }
+
+            if (!this[name]) {
+                return undefined;
+            }
+            // Not yet loaded, or force refresh
+            // Note that we don't use .refresh on the relation on options.forceRefresh
+            // Because the relation can also be a collection, which doesn't have a refresh method
+            this.relations[name] = this[name]();
+            return this.relations[name].fetch(options);
+        }
+    });
+};

package/core/server/models/post.js

@@ -645,12 +645,12 @@ Post = ghostBookshelf.Model.extend({
 
         // ### Business logic for published_at and published_by
         // If the current status is 'published' and published_at is not set, set it to now
-        if (newStatus === 'published' && !publishedAt) {
+        if ((newStatus === 'published' || newStatus === 'sent') && !publishedAt) {
             this.set('published_at', new Date());
         }
 
         // If the current status is 'published' and the status has just changed ensure published_by is set correctly
-        if (newStatus === 'published' && this.hasChanged('status')) {
+        if ((newStatus === 'published' || newStatus === 'sent') && this.hasChanged('status')) {
             // unless published_by is set and we're importing, set published_by to contextUser
             if (!(this.get('published_by') && options.importing)) {
                 this.set('published_by', String(this.contextUser(options)));
@@ -666,7 +666,7 @@ Post = ghostBookshelf.Model.extend({
         if (options.newsletter
             && !this.get('newsletter_id')
             && this.hasChanged('status')
-            && (newStatus === 'published' || newStatus === 'scheduled')) {
+            && (newStatus === 'published' || newStatus === 'scheduled' || newStatus === 'sent')) {
             // Map the passed slug to the id + validate the passed newsletter
             ops.push(async () => {
                 const newsletter = await Newsletter.findOne({slug: options.newsletter}, {transacting: options.transacting, filter: 'status:active'});
@@ -691,7 +691,7 @@ Post = ghostBookshelf.Model.extend({
         // ensure draft posts have the email_recipient_filter reset unless an email has already been sent
         if (newStatus === 'draft' && this.hasChanged('status')) {
             ops.push(function ensureSendEmailWhenPublishedIsUnchanged() {
-                return self.related('email').fetch({transacting: options.transacting}).then((email) => {
+                return self.getLazyRelation('email', {transacting: options.transacting}).then((email) => {
                     if (!email) {
                         self.set('email_recipient_filter', 'all');
                         self.set('newsletter_id', null);
@@ -705,6 +705,9 @@ Post = ghostBookshelf.Model.extend({
         const hasEmailOnlyFlag = _.get(attrs, 'posts_meta.email_only') || model.related('posts_meta').get('email_only');
         if (hasEmailOnlyFlag && (newStatus === 'published') && this.hasChanged('status')) {
             this.set('status', 'sent');
+        } else if (!hasEmailOnlyFlag && (newStatus === 'sent') && this.hasChanged('status')) {
+            // Prevent setting status to 'sent' for non email only posts
+            this.set('status', 'published');
         }
 
         // If a title is set, not the same as the old title, a draft post, and has never been published

package/core/server/models/user.js

@@ -13,11 +13,17 @@ const validatePassword = require('../lib/validate-password');
 const permissions = require('../services/permissions');
 const urlUtils = require('../../shared/url-utils');
 const activeStates = ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4'];
+const ASSIGNABLE_ROLES = ['Administrator', 'Editor', 'Author', 'Contributor'];
 
 const messages = {
     valueCannotBeBlank: 'Value in [{tableName}.{columnKey}] cannot be blank.',
     onlyOneRolePerUserSupported: 'Only one role per user is supported at the moment.',
     methodDoesNotSupportOwnerRole: 'This method does not support assigning the owner role',
+    invalidRoleValue: {
+        message: 'Role should be an existing role id or a role name',
+        context: 'Invalid role assigned to the user',
+        help: 'Change the provided role to a role id or use a role name.'
+    },
     userNotFound: 'User not found',
     ownerNotFound: 'Owner not found',
     notEnoughPermission: 'You do not have permission to perform this action',
@@ -507,7 +513,7 @@ User = ghostBookshelf.Model.extend({
         }
 
         ops.push(function update() {
-            return ghostBookshelf.Model.edit.call(self, data, options).then((user) => {
+            return ghostBookshelf.Model.edit.call(self, data, options).then(async (user) => {
                 let roleId;
 
                 if (!data.roles || !data.roles.length) {
@@ -521,7 +527,29 @@ User = ghostBookshelf.Model.extend({
                     if (roles.models[0].id === roleId) {
                         return;
                     }
-                    return ghostBookshelf.model('Role').findOne({id: roleId});
+
+                    if (ASSIGNABLE_ROLES.includes(roleId)) {
+                        // return if the role is already assigned
+                        if (roles.models[0].get('name') === roleId) {
+                            return;
+                        }
+
+                        return ghostBookshelf.model('Role').findOne({
+                            name: roleId
+                        });
+                    } else if (ObjectId.isValid(roleId)){
+                        return ghostBookshelf.model('Role').findOne({
+                            id: roleId
+                        });
+                    } else {
+                        return Promise.reject(
+                            new errors.ValidationError({
+                                message: tpl(messages.invalidRoleValue.message),
+                                context: tpl(messages.invalidRoleValue.context),
+                                help: tpl(messages.invalidRoleValue.help)
+                            })
+                        );
+                    }
                 }).then((roleToAssign) => {
                     if (roleToAssign && roleToAssign.get('name') === 'Owner') {
                         return Promise.reject(
@@ -529,9 +557,9 @@ User = ghostBookshelf.Model.extend({
                                 message: tpl(messages.methodDoesNotSupportOwnerRole)
                             })
                         );
-                    } else {
+                    } else if (roleToAssign) {
                         // assign all other roles
-                        return user.roles().updatePivot({role_id: roleId});
+                        return user.roles().updatePivot({role_id: roleToAssign.id});
                     }
                 }).then(() => {
                     options.status = 'all';

package/core/server/services/bulk-email/bulk-email-processor.js

@@ -168,7 +168,7 @@ module.exports = {
 
         try {
             // Load newsletter data on email
-            await emailBatchModel.relations.email.related('newsletter').fetch(Object.assign({}, {require: false}, knexOptions));
+            await emailBatchModel.relations.email.getLazyRelation('newsletter', {require: false, ...knexOptions});
 
             // send the email
             const sendResponse = await this.send(emailBatchModel.relations.email.toJSON(), recipientRows, memberSegment);

package/core/server/services/mega/email-preview.js

@@ -10,7 +10,7 @@ class EmailPreview {
      * @returns {Promise<Object>}
      */
     async generateEmailContent(post, {newsletter, memberSegment} = {}) {
-        let newsletterModel = post.relations.newsletter ?? await post.related('newsletter').fetch();
+        let newsletterModel = await post.getLazyRelation('newsletter');
         if (!newsletterModel) {
             if (newsletter) {
                 newsletterModel = await models.Newsletter.findOne({slug: newsletter});

package/core/server/services/mega/mega.js

@@ -51,7 +51,7 @@ const getReplyToAddress = (fromAddress, replyAddressOption) => {
  * @param {Object} options
  */
 const getEmailData = async (postModel, options) => {
-    let newsletter = postModel.relations.newsletter ?? await postModel.related('newsletter').fetch();
+    let newsletter = await postModel.getLazyRelation('newsletter');
     if (!newsletter) {
         // The postModel doesn't have a newsletter in test emails
         newsletter = await models.Newsletter.getDefaultNewsletter();
@@ -194,9 +194,8 @@ const addEmail = async (postModel, options) => {
 
     const knexOptions = _.pick(options, ['transacting', 'forUpdate']);
     const filterOptions = {...knexOptions, limit: 1};
-
-    // TODO: this is a hack for https://github.com/TryGhost/Team/issues/1626
-    const newsletter = postModel.relations.newsletter ?? await postModel.related('newsletter').fetch({require: true, ..._.pick(options, ['transacting'])});
+    const sharedOptions = _.pick(options, ['transacting']);
+    const newsletter = await postModel.getLazyRelation('newsletter', {require: true, ...sharedOptions});
 
     if (newsletter.get('status') !== 'active') {
         // A post might have been scheduled to an archived newsletter.
@@ -360,9 +359,10 @@ async function sendEmailJob({emailModel, options}) {
  */
 async function getEmailMemberRows({emailModel, memberSegment, options}) {
     const knexOptions = _.pick(options, ['transacting', 'forUpdate']);
+    const sharedOptions = _.pick(options, ['transacting']);
     const filterOptions = Object.assign({}, knexOptions);
 
-    const newsletter = emailModel.relations.newsletter ?? await emailModel.related('newsletter').fetch(Object.assign({}, {require: true}, _.pick(options, ['transacting'])));
+    const newsletter = await emailModel.getLazyRelation('newsletter', {require: true, ...sharedOptions});
     const recipientFilter = transformEmailRecipientFilter(newsletter, emailModel.get('recipient_filter'), 'recipient_filter');
     filterOptions.filter = recipientFilter;
 
@@ -541,7 +541,8 @@ module.exports = {
     _partitionMembersBySegment: partitionMembersBySegment,
     _getEmailMemberRows: getEmailMemberRows,
     _getFromAddress: getFromAddress,
-    _getReplyToAddress: getReplyToAddress
+    _getReplyToAddress: getReplyToAddress,
+    _sendEmailJob: sendEmailJob
 };
 
 /**

package/core/server/web/admin/views/default-prod.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.1%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.2%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -38,7 +38,7 @@
 
     
                 <link rel="stylesheet" href="assets/vendor.min-ba66b98f7c24fa40e061c7ffc94f4e23.css">
-                <link rel="stylesheet" href="assets/ghost.min-e8119caef1eb246cf596cd83eb67b97e.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-c74f50609022cebf13ad28810def68b6.css" title="light">
             
 
     
@@ -57,7 +57,7 @@
 
 
                 <script src="assets/vendor.min-ea369e6487643585f35409d474b06789.js"></script>
-                <script src="assets/ghost.min-95041d583ba9b90f587a92839509ebd6.js"></script>
+                <script src="assets/ghost.min-971a0ff706bbf9e24f0b0a5770c8fc41.js"></script>
             
 </body>
 </html>

package/core/server/web/admin/views/default.html

@@ -8,7 +8,7 @@
     <title>Ghost Admin</title>
 
     
-<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.1%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
+<meta name="ghost-admin/config/environment" content="%7B%22modulePrefix%22%3A%22ghost-admin%22%2C%22environment%22%3A%22production%22%2C%22rootURL%22%3A%22%2F%22%2C%22locationType%22%3A%22trailing-hash%22%2C%22EmberENV%22%3A%7B%22FEATURES%22%3A%7B%7D%2C%22EXTEND_PROTOTYPES%22%3A%7B%22Date%22%3Afalse%2C%22Array%22%3Atrue%2C%22String%22%3Atrue%2C%22Function%22%3Afalse%7D%2C%22_APPLICATION_TEMPLATE_WRAPPER%22%3Afalse%2C%22_JQUERY_INTEGRATION%22%3Atrue%2C%22_TEMPLATE_ONLY_GLIMMER_COMPONENTS%22%3Atrue%7D%2C%22APP%22%3A%7B%22version%22%3A%225.2%22%2C%22name%22%3A%22ghost-admin%22%7D%2C%22ember-simple-auth%22%3A%7B%7D%2C%22moment%22%3A%7B%22includeTimezone%22%3A%22all%22%7D%2C%22%40sentry%2Fember%22%3A%7B%22disablePerformance%22%3Atrue%2C%22sentry%22%3A%7B%7D%7D%2C%22ember-cli-mirage%22%3A%7B%22usingProxy%22%3Afalse%2C%22useDefaultPassthroughs%22%3Atrue%7D%2C%22exportApplicationGlobal%22%3Afalse%2C%22ember-load%22%3A%7B%22loadingIndicatorClass%22%3A%22ember-load-indicator%22%7D%7D" />
 
     <meta name="HandheldFriendly" content="True" />
     <meta name="MobileOptimized" content="320" />
@@ -38,7 +38,7 @@
 
     
                 <link rel="stylesheet" href="assets/vendor.min-ba66b98f7c24fa40e061c7ffc94f4e23.css">
-                <link rel="stylesheet" href="assets/ghost.min-e8119caef1eb246cf596cd83eb67b97e.css" title="light">
+                <link rel="stylesheet" href="assets/ghost.min-c74f50609022cebf13ad28810def68b6.css" title="light">
             
 
     
@@ -57,7 +57,7 @@
 
 
                 <script src="assets/vendor.min-ea369e6487643585f35409d474b06789.js"></script>
-                <script src="assets/ghost.min-95041d583ba9b90f587a92839509ebd6.js"></script>
+                <script src="assets/ghost.min-971a0ff706bbf9e24f0b0a5770c8fc41.js"></script>
             
 </body>
 </html>

package/core/server/web/api/canary/admin/app.js

@@ -16,8 +16,8 @@ module.exports = function setupApiApp() {
     // API middleware
 
     // Body parsing
-    apiApp.use(bodyParser.json({limit: '1mb'}));
-    apiApp.use(bodyParser.urlencoded({extended: true, limit: '1mb'}));
+    apiApp.use(bodyParser.json({limit: '50mb'}));
+    apiApp.use(bodyParser.urlencoded({extended: true, limit: '50mb'}));
 
     // Query parsing
     apiApp.use(boolParser());

package/core/server/web/api/canary/content/app.js

@@ -15,7 +15,7 @@ module.exports = function setupApiApp() {
     // API middleware
 
     // @NOTE: req.body is undefined if we don't use this parser, this can trouble if components rely on req.body being present
-    apiApp.use(bodyParser.json({limit: '1mb'}));
+    apiApp.use(bodyParser.json({limit: '50mb'}));
 
     // Query parsing
     apiApp.use(boolParser());

package/core/server/web/members/app.js

@@ -36,12 +36,12 @@ module.exports = function setupMembersApp() {
 
     // Manage newsletter subscription via unsubscribe link
     membersApp.get('/api/member/newsletters', middleware.getMemberNewsletters);
-    membersApp.put('/api/member/newsletters', bodyParser.json({limit: '1mb'}), middleware.updateMemberNewsletters);
+    membersApp.put('/api/member/newsletters', bodyParser.json({limit: '50mb'}), middleware.updateMemberNewsletters);
 
     // Get and update member data
     membersApp.get('/api/member', middleware.getMemberData);
-    membersApp.put('/api/member', bodyParser.json({limit: '1mb'}), middleware.updateMemberData);
-    membersApp.post('/api/member/email', bodyParser.json({limit: '1mb'}), (req, res) => membersService.api.middleware.updateEmailAddress(req, res));
+    membersApp.put('/api/member', bodyParser.json({limit: '50mb'}), middleware.updateMemberData);
+    membersApp.post('/api/member/email', bodyParser.json({limit: '50mb'}), (req, res) => membersService.api.middleware.updateEmailAddress(req, res));
 
     // Manage session
     membersApp.get('/api/session', middleware.getIdentityToken);

package/core/shared/config/defaults.json

@@ -128,8 +128,8 @@
         "emailAnalytics": true
     },
     "portal": {
-        "url": "https://unpkg.com/@tryghost/portal@~2.1.0/umd/portal.min.js",
-        "version": "2.1"
+        "url": "https://unpkg.com/@tryghost/portal@~2.2.0/umd/portal.min.js",
+        "version": "2.2"
     },
     "tenor": {
         "publicReadOnlyApiKey": null,

package/core/shared/config/utils.js

@@ -1,6 +1,5 @@
 const path = require('path');
 const fs = require('fs-extra');
-const os = require('os');
 const _ = require('lodash');
 
 /**
@@ -73,14 +72,6 @@ const sanitizeDatabaseProperties = function sanitizeDatabaseProperties(nconf) {
 
     if (nconf.get('database:client') === 'sqlite3') {
         makePathsAbsolute(nconf, nconf.get('database:connection'), 'database:connection');
-
-        // In the default SQLite test config we set the path to /tmp/ghost-test.db,
-        // but this won't work on Windows, so we need to replace the /tmp bit with
-        // the Windows temp folder
-        const filename = nconf.get('database:connection:filename');
-        if (_.isString(filename) && filename.match(/^\/tmp/)) {
-            nconf.set('database:connection:filename', filename.replace(/^\/tmp/, os.tmpdir()));
-        }
     }
 };