EuroDomenii Posted July 4, 2019 Report Posted July 4, 2019 How to replicate Change /config/routes.php ( see https://www.blesta.com/forums/index.php?/topic/3469-ability-to-change-admin-url/) Configure::set("Route.admin", "a"); 2) Clearing blesta cache from /cache/1/nav/1 3) The 404 not found behaviour is present in many pages from logged client area: -/client/accounts/ -client/contacts/ ( when there’s no contact) -lack of invoice, transactions listings from dashboard Debugging The issue was deceiving, because logged in as admin, everything works flawless. Only after debugging the issue, logged in as a client, I’ve noticed at first run that $controllerClass comes as ClientAccounts, but at subsequent runs comes wrongly as AdminAccounts, that triggers the _404 not found controller, due to lack of permissions. See \web\vendors\minphp\bridge\src\Lib\Dispatcher.php, public static function dispatch($requestUri, $isCli = false) if (!class_exists($controllerClass) || !method_exists($controllerClass, 'preAction')) { throw new Exception( sprintf('%s is not a valid controller', $controllerClass), 404 ); } So for, values like “a”, or “in” for admin_url triggers that behavior. I guess that some kind of escaping is required, but I haven't investigated further. On the other hand , Configure::set("Route.admin", "x"); works flawless. Also, there’s not problem with longer admin paths. But, lazy/efficient admins might prefer one letter url admin. Thx!
EuroDomenii Posted July 4, 2019 Author Report Posted July 4, 2019 Configure::set("Route.admin", "x"); also creates problems when viewing invoices.
Michael Posted July 5, 2019 Report Posted July 5, 2019 Yeah you are setting a route which conflicts with other urls. Why do you want something short that any tom, dick or harry could guess?
EuroDomenii Posted July 5, 2019 Author Report Posted July 5, 2019 44 minutes ago, Blesta.Store said: Yeah you are setting a route which conflicts with other urls. The "buggy" admin_urls ( a,x,in) doesn't exist in blesta. Anyway, blesta should have a validation in place. 44 minutes ago, Blesta.Store said: Why do you want something short that any tom, dick or harry could guess? There are pro and cons security throughobscurity. From my point of view, anyway I shall restrict by IP the admin url. I just love the idea of having one letter admin_url. It's fast and fun. activa 1
Tyson Posted July 8, 2019 Report Posted July 8, 2019 The admin route you have set conflicts with other routes in the system, which is why you encounter that behavior. We may be able to resolve that issue though, which we will look into shortly. Thanks! EuroDomenii 1
Tyson Posted September 12, 2019 Report Posted September 12, 2019 This is fixed in v4.7.0. EuroDomenii 1
Recommended Posts