Leaderboard

To disable CSRF for a specific resource, see https://docs.blesta.com/display/user/Configuration+Files#ConfigurationFiles-Encryption Specifically: Blesta.csrf_bypass You may also disable CSRF system wide, but we highly recommend against that.

Mike wants to run code from our master branch lol

You're more than welcome.

You may want to look at https://docs.blesta.com/display/dev/Event+Handlers Using an Event/Hook will allow you to tie into something like Invoices.add or Invoices.edit to trigger your plugin to immediately modify the invoice to reflect whatever discounts you want to reflect. Blesta also supports price overrides, which can be set for each service individually. Overrides override the normal package price, but not any configurable options.

Yes you can but csf token is regenerated very often...you can disable it... <form action="https://your_order_form_url" method="post"> <input name="_csrf_token" value="your_csfr_token" type="hidden"> this need to be disabled since it will work for short time..till new token is generated <input name="domain" value="" placeholder="yourdomain.com" type="text"> <select name="tlds[]"> <option name="tlds[]" value=".com" id="t.com">.com</option> <option name="tlds[]" value=".org" id="t.org">.org</option> <option name="tlds[]" value=".net" id="t.net">.net</option> <option name="tlds[]" value=".in" id="t.in">.in</option> <option name="tlds[]" value=".co" id="t.co">.co</option> <option name="tlds[]" value=".biz" id="t.biz">.biz</option> </select> <input name="lookup" type="submit" value="Go">

We've been replying via ticket, but the most likely cause is that the Blesta.system_key does not match the database. This is a good place for someone with the same issue to start: https://docs.blesta.com/display/support/Encrypted+Data+Won't+Decrypt

You would have your own track, pre-beta releases

thank you very much! Regards

Are you saying that services ordered where a package is set to use pro rata to the 1st, generates the invoice correctly but the service renew date is not based on the pro rata date, but rather the anniversary date of the order?

We are installing Blesta 4.0.0 and notice that during the installation process an alert was issued saying that our cache directory was not writable. This was strange to us because in our environment, the user who runs PHP has write access (we use suPHP for security reasons). Upon closer look we notice that Blesta 4.0.0 does not ship with an empty cache directory (as defined by CACHEDIR). Rather, the code assumes that the cache directory already exists. You can see this below: app/controllers/install.php 807 'cache_writable' => [ 808 'message' => Language::_('SystemRequirements.!warning.cache_writable.recommended', true, CACHEDIR), 809 'req' => true, 810 'cur' => is_writable(CACHEDIR) 811 ], // To cache view files for performance The PHP function is_writable does two things: checks if the user can write AND if the file exists. Since Blesta does not ship with an empty CACHEDIR (nor was anything mentioned to create one in the README), we get an error for no reason. Below is a patch for a proposed fix. It checks to see if a file exists, if it does, then performs the is_writable test. Otherwise, attempt to create a directory and check if we can write to it The second test is probably pointless cause if you can create a directory you should be able to write to it, but edge cases can be tricky if parent folder has sticky bits enable, etc. -Adam diff --git a/app/controllers/install.php b/app/controllers/install.php index a6c462e..414d3a8 100644 --- a/app/controllers/install.php +++ b/app/controllers/install.php @@ -807,7 +807,7 @@ class Install extends Controller 'cache_writable' => [ 'message' => Language::_('SystemRequirements.!warning.cache_writable.recommended', true, CACHEDIR), 'req' => true, - 'cur' => is_writable(CACHEDIR) + 'cur' => (file_exists(CACHEDIR)) ? is_writable(CACHEDIR) : (mkdir(CACHEDIR, 0755) && is_writable(CACHEDIR)) ? true : false ], // To cache view files for performance 'ext-simplexml' => [ 'message' => Language::_('SystemRequirements.!warning.simplexml.recommended', true),

I did some debugging, and it appears that the client/contact name is not available as a tag. If we were to add it, I think we'd want to first identify all of the support manager templates that it should be included in that it isn't currently, as well as the scope of the information to be included. Address? Email? Phone number?

I don't think it makes sense to log actions that are planned to happen. Logs are historical records. If you want to get a picture of what is going to happen, it may make sense if that was shown in Blesta someplace that it can be dynamically determined.

Because the cache directory was empty, it was removed automatically by our build process. This was corrected in CORE-2366 for the full build of 4.0.1, and will ship with full builds going forward.