[Blesta OTP QR code does not include Issuer]

If a client enables 2-factor authentication in its Blesta account, Google Authenticator does not show Issuer information.

in blesta/app/views/client/bootstrap/client_main_edit.pdt

Below code 

<img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo $this->Html->safe('otpauth://totp/' . urlencode($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' . $this->Html->ifSet($two_factor_issuer));?>" alt="" />

should be 

<img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo urlencode('otpauth://totp/' . $this->Html->safe($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' .$this->Html->safe($this->Html->ifSet($two_factor_issuer)));?>" alt="" />

which encodes chs parameter correctly. 

[Order History Pagination is broken]

If you have more than 20 orders(default pagination limit), pagination is broken on order history page.

It seems default blesta_pagination could not provide pagination and pagination-sm classes for surround element.
 

[Contact edit page email_verification error]

Hello,

Email verification has a problem on client side. If you open contact edit page for a special contact, it generates an error. Special contact does not have any record on email_verifications table. These contacts can be created when you upgraded to newest Blesta version(in our case).  If you decided to disable email verification then enable again, special contacts can be created because created contacts does not have any email_verifications record . ClientContacts controller gets $email_verification variable as false then Blesta try to access contact_id property of "false" variable. 

// Check if the email address has been verified
$this->uses(['EmailVerifications']);
$email_verification = $this->EmailVerifications->getByContactId($contact->id);

$time = time();
$hash = $this->Clients->systemHash('c=' . $email_verification->contact_id . '|t=' . $time);
$message = Language::_(
    'ClientContacts.!info.unverified_email',
    true,
    $email_verification->email
);
$options = [
    'info_buttons' => [
        [
            'url' => $this->base_uri . 'verify/send/?sid=' . rawurlencode(
                    $this->Clients->systemEncrypt(
                        'c=' . $email_verification->contact_id . '|t=' . $time . '|h=' . substr($hash, -16)
                    )
                ),
            'label' => Language::_('ClientContacts.!info.unverified_email_button', true),
            'icon_class' => 'fa-share'
        ]
    ]
];

 

$email_verification->contact_id should be $contact->id and that verify button part should be visible only email verification is enabled.

[Incorrect length calculation on minLength, maxLength, betweenLength functions in Input.php]

Hello,

 

Blesta accepts UTF-8 characters. However validations functions calculates string lengths incorrect.

public static function minLength($str, $length)
{
	return strlen($str) >= $length;
}

As you can see strlen counts as bytes. And "ü" character is counted as 2 rather than 1. Blesta needs to change strlen to mb_strlen which is more safe to unicode characters.

php > echo strlen("Türkish");
8
php > echo mb_strlen("Türkish");
7

 

[Upload mimetype control]

If you rename a txt file(txt.txt) to txt.pdf, file can pass mime type control of Blesta when upload files. Here is a patch to correct this behavior.