ghost 6.0.7 → 6.0.8

package/core/frontend/src/utils/url-attribution.js

@@ -3,63 +3,76 @@
  */
 
 /**
- * Parses URL parameters to extract attribution information
- * 
- * @param {string} url - The URL to parse
- * @returns {Object} Parsed attribution data
+ * @typedef {Object} AttributionData
+ * @property {string|null} source - Primary attribution source (ref || source || utm_source)
+ * @property {string|null} medium - UTM medium parameter
+ * @property {string|null} url - Browser's document.referrer
+ * @property {string|null} utmSource - UTM source parameter
+ * @property {string|null} utmMedium - UTM medium parameter
+ * @property {string|null} utmTerm - UTM term/keyword parameter
+ * @property {string|null} utmCampaign - UTM campaign parameter
+ * @property {string|null} utmContent - UTM content/variant parameter
  */
-export function parseReferrer(url) {
-    // Extract current URL parameters
-    const currentUrl = new URL(url || window.location.href);
-    
-    // Parse source parameters
-    const refParam = currentUrl.searchParams.get('ref');
-    const sourceParam = currentUrl.searchParams.get('source');
-    const utmSourceParam = currentUrl.searchParams.get('utm_source');
-    const utmMediumParam = currentUrl.searchParams.get('utm_medium');
+
+/**
+ * Extracts attribution parameters from URL search params
+ * @private
+ * @param {URLSearchParams} searchParams - The search params to parse
+ * @returns {AttributionData} Parsed attribution data with all UTM parameters
+ */
+function extractParams(searchParams) {
+    const refParam = searchParams.get('ref');
+    const sourceParam = searchParams.get('source');
+    const utmSourceParam = searchParams.get('utm_source');
+    const utmMediumParam = searchParams.get('utm_medium');
+    const utmTermParam = searchParams.get('utm_term');
+    const utmCampaignParam = searchParams.get('utm_campaign');
+    const utmContentParam = searchParams.get('utm_content');
     
     // Determine primary source
     const referrerSource = refParam || sourceParam || utmSourceParam || null;
     
-    // Check portal hash if needed
-    if (!referrerSource && currentUrl.hash && currentUrl.hash.includes('#/portal')) {
-        return parsePortalHash(currentUrl);
-    }
-    
     return {
         source: referrerSource,
         medium: utmMediumParam || null,
-        url: window.document.referrer || null
+        url: window.document.referrer || null,
+        utmSource: utmSourceParam || null,
+        utmMedium: utmMediumParam || null,
+        utmTerm: utmTermParam || null,
+        utmCampaign: utmCampaignParam || null,
+        utmContent: utmContentParam || null
     };
 }
 
 /**
- * Parses attribution data from portal hash URLs
+ * Parses URL parameters to extract complete referrer/attribution data
  * 
- * @param {URL} url - URL object with a portal hash
- * @returns {Object} Parsed attribution data
+ * @param {string} url - The URL to parse (defaults to current URL)
+ * @returns {AttributionData} Complete attribution data including all UTM parameters
  */
-export function parsePortalHash(url) {
-    const hashUrl = new URL(url.href.replace('/#/portal', ''));
-    const refParam = hashUrl.searchParams.get('ref');
-    const sourceParam = hashUrl.searchParams.get('source');
-    const utmSourceParam = hashUrl.searchParams.get('utm_source');
-    const utmMediumParam = hashUrl.searchParams.get('utm_medium');
+export function parseReferrerData(url) {
+    // Extract current URL parameters
+    const currentUrl = new URL(url || window.location.href);
+    let searchParams = currentUrl.searchParams;
     
-    return {
-        source: refParam || sourceParam || utmSourceParam || null,
-        medium: utmMediumParam || null,
-        url: window.document.referrer || null
-    };
+    // Handle portal hash URLs - extract params from hash instead
+    if (currentUrl.hash && currentUrl.hash.includes('#/portal')) {
+        const hashUrl = new URL(currentUrl.href.replace('/#/portal', ''));
+        searchParams = hashUrl.searchParams;
+    }
+    
+    return extractParams(searchParams);
 }
 
 /**
- * Gets the final referrer value based on parsed data
- * 
- * @param {Object} referrerData - Parsed referrer data
- * @returns {string|null} Final referrer value or null
+ * Selects the primary referrer value from parsed attribution data
+ * Prioritizes: source → medium → url
+ * Filters out same-domain referrers
+ * @private
+ * @param {AttributionData} referrerData - Parsed referrer data
+ * @returns {string|null} Primary referrer value or null
  */
-export function getFinalReferrer(referrerData) {
+function selectPrimaryReferrer(referrerData) {
     const { source, medium, url } = referrerData;
     const finalReferrer = source || medium || url || null;
     
@@ -87,6 +100,6 @@ export function getFinalReferrer(referrerData) {
  * @returns {string|null} Final referrer value
  */
 export function getReferrer(url) {
-    const referrerData = parseReferrer(url);
-    return getFinalReferrer(referrerData);
+    const referrerData = parseReferrerData(url);
+    return selectPrimaryReferrer(referrerData);
 }

package/core/server/api/endpoints/utils/serializers/input/posts.js

@@ -19,10 +19,10 @@ const messages = {
 
 /**
  * Selects all allowed columns for the given frame.
- * 
+ *
  * NOTE: This doesn't stop them from being FETCHED, just returned in the response. This causes
  *   the output serializer to remove them from the data object before returning.
- * 
+ *
  * NOTE: This is only intended for the Content API. We need these fields within Admin API responses.
  *
  * @param {Object} frame - The frame object.
@@ -37,10 +37,10 @@ function removeSourceFormats(frame) {
 
 /**
  * Selects all allowed columns for the given frame.
- * 
+ *
  * This removes the lexical and mobiledoc columns from the query. This is a performance improvement as we never intend
  *  to expose those columns in the content API and they are very large datasets to be passing around and de/serializing.
- * 
+ *
  * NOTE: This is only intended for the Content API. We need these fields within Admin API responses.
  *
  * @param {Object} frame - The frame object.
@@ -97,7 +97,9 @@ function setDefaultOrder(frame) {
     }
 
     if (!frame.options.order && !frame.options.autoOrder) {
-        frame.options.order = 'published_at desc';
+        // use id as fallback to ensure consistent ordering across pages when posts
+        // have the same published_at timestamp
+        frame.options.order = 'published_at desc, id desc';
     }
 }
 

package/core/server/services/members/emails/signin.js

@@ -112,8 +112,9 @@ module.exports = ({t, siteTitle, email, url, otc, accentColor = '#15212A', siteD
 
             <!-- START CENTERED CONTAINER -->
             <span class="preheader" style="color: transparent; display: none; height: 0; max-height: 0; max-width: 0; opacity: 0; overflow: hidden; mso-hide: all; visibility: hidden; width: 0;">${otc ? t('Welcome back to {siteTitle}! Your verification code is {otc}.', {siteTitle, otc, interpolation: {escapeValue: false}}) : t('Welcome back to {siteTitle}!', {siteTitle, interpolation: {escapeValue: false}})}</span>
+            <!-- SPACING FOR PREVIEW TEXT -->
             <div style="display:none; max-height:0; overflow:hidden; mso-hide: all;" aria-hidden="true" role="presentation">
-              &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+              ${'&zwnj;&nbsp;'.repeat(75)}
             </div>
             <table class="main" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; background: #ffffff; border-radius: 8px;">
 
@@ -151,7 +152,7 @@ module.exports = ({t, siteTitle, email, url, otc, accentColor = '#15212A', siteD
                             </tr>
                           </tbody>
                         </table>
-                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 15px; color: #3A464C; font-weight: normal; margin: 0; line-height: 24px;">${t('You can also copy & paste this URL into your browser:')}:</p>`
+                        <p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 15px; color: #3A464C; font-weight: normal; margin: 0; line-height: 24px;">${t('You can also copy & paste this URL into your browser:')}</p>`
                         :
                         `<p style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 16px; color: #3A464C; font-weight: normal; margin: 0; line-height: 24px; margin-bottom: 32px;">${t('Welcome back! Use this link to securely sign in to your {siteTitle} account:', {siteTitle, interpolation: {escapeValue: false}})}</p>
                         <table border="0" cellpadding="0" cellspacing="0" class="btn btn-primary" style="border-collapse: separate; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 100%; box-sizing: border-box;">

package/core/server/services/tinybird/TinybirdService.js

@@ -53,7 +53,12 @@ const TINYBIRD_PIPES = [
     'api_top_locations',
     'api_top_os',
     'api_top_pages',
-    'api_top_sources'
+    'api_top_sources',
+    'api_top_utm_sources',
+    'api_top_utm_mediums',
+    'api_top_utm_campaigns',
+    'api_top_utm_contents',
+    'api_top_utm_terms'
 ];
 
 /**

package/core/server/services/update-check/UpdateCheckService.js

@@ -189,7 +189,7 @@ class UpdateCheckService {
 
         try {
             const response = await this.request(checkEndpoint, reqObj);
-            return response.body;
+            return JSON.parse(response.body);
         } catch (err) {
             // CASE: no notifications available, ignore
             if (err.statusCode === 404) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ghost",
-  "version": "6.0.7",
+  "version": "6.0.8",
   "description": "The professional publishing platform",
   "author": "Ghost Foundation",
   "homepage": "https://ghost.org",
@@ -86,7 +86,7 @@
     "@tryghost/helpers": "1.1.97",
     "@tryghost/html-to-plaintext": "1.0.4",
     "@tryghost/http-cache-utils": "0.1.20",
-    "@tryghost/i18n": "file:components/tryghost-i18n-6.0.7.tgz",
+    "@tryghost/i18n": "file:components/tryghost-i18n-6.0.8.tgz",
     "@tryghost/image-transform": "1.4.6",
     "@tryghost/job-manager": "1.0.3",
     "@tryghost/kg-card-factory": "5.1.2",
@@ -166,7 +166,7 @@
     "heic-convert": "2.1.0",
     "html-to-text": "5.1.1",
     "html5parser": "2.0.2",
-    "human-number": "2.0.5",
+    "human-number": "2.0.6",
     "iconv-lite": "0.6.3",
     "image-size": "1.2.1",
     "intl": "1.2.5",
@@ -232,7 +232,7 @@
     "@types/bookshelf": "1.2.9",
     "@types/common-tags": "1.8.4",
     "@types/jsonwebtoken": "9.0.10",
-    "@types/node": "22.18.1",
+    "@types/node": "22.18.3",
     "@types/node-jose": "1.1.13",
     "@types/nodemailer": "6.4.19",
     "@types/sinon": "17.0.4",
@@ -273,7 +273,7 @@
     "jackspeak": "2.3.6",
     "moment": "2.24.0",
     "moment-timezone": "0.5.45",
-    "@tryghost/i18n": "file:components/tryghost-i18n-6.0.7.tgz"
+    "@tryghost/i18n": "file:components/tryghost-i18n-6.0.8.tgz"
   },
   "nx": {
     "targets": {