Release 3.0.4

[Cody]

Version 3.0.4 is now available. You can download it at https://account.blest...er/client_main/.

This is a patch release that corrects issues with 3.0.0.

Patching Blesta

See Patching Blesta in the User Manual for instructions.

Release Notes - Blesta Core - Version 3.0.4

## Version 3.0.4
2013-10-07

### Bug
* [CORE-728] - Some email templates contain URL tags not prepended with the HTTP protocol
* [CORE-729] - Some email templates incorrectly have the HTTP(S) protocol prepended to certain URL tags at run time
* [CORE-762] - LogicBoxes: Additional fields are shown when going back to edit service details before creating it
* [CORE-770] - Update "uncanceled service" error message when attempting to delete a module row that is referenced by canceled services
* [CORE-772] - Plugin::getEvents() and Plugin::getActions() not invoked after upgrade
* [CORE-774] - Appending service to existing invoice does not recalculate invoice totals
* [CORE-775] - Changing a tax rule's status to 'inactive' sets it to an invalid status
* [CORE-776] - Transaction fails to apply due to rounding error
* [CORE-777] - Tax Rules Level 2 missing zebra-striping
* [CORE-778] - Universal Module: An empty service option row should not be saved as a valid option
* [CORE-779] - Attempting to void a paid invoice displays an unvoid button on error
* [CORE-780] - Editing a template may cause an undefined property Emails::$parseError if errors are set for the template
* [CORE-781] - Support Manager: Last reply info in ticket is non-determinisitc
* [CORE-782] - Packages with 0 quantity can still be ordered
* [CORE-783] - Import Manager: Invalid join in Blesta 2.5 migrator
* [CORE-784] - API: companies/generatekeypair never completes
* [CORE-793] - Setting package prices to non-double types causes number_format error
* [CORE-794] - Default from addresses contain port number when hostname contains port number
* [CORE-795] - Email Log incorrectly logs email content when HTML is disabled
* [CORE-796] - Security: XSS Vulnerability in message dialogs
* [CORE-797] - Security: Potential XSS Vulnerability in uncaught exception messages
* [CORE-798] - Order Plugin: Cannot add multiple addon services due to error that the parent service ID already exists as a child to another service
* [CORE-799] - 2Checkout: Payment logo URL from 2Checkout is no longer valid
* [CORE-801] - AppController:base_url does not contain port number, if given
* [CORE-802] - Plesk: Canceling a service deletes all customers
* [CORE-803] - Client payments without account set first name as last name
* [CORE-804] - Support Manager: mailto link contains HTTP protocol
* [CORE-805] - Namecheap: Domains not available

---

[Paul]

Please note the download will be available shortly.

[1983ltd]

File downloads but corrupt I think, not extracting properly...

[Paul]

File downloads but corrupt I think, not extracting properly...

 

Try now

[1983ltd]

Downloaded and patched.... Now the main window in all pages is blank.

 

I can get to a client page but get an infinate loop refresh?

 

Pretty messed up for me....

[1983ltd]

Confirmed, I rolled back to V3.0.3 and all is well again... Any ideas?

[Paul]

Confirmed, I rolled back to V3.0.3 and all is well again... Any ideas?

That's pretty odd. Did you run /admin/upgrade after patching the files?

[1983ltd]

Yes, clicked use web version, the got just a button saying something like 'upgrade' which when clicked refreshed the page and back to 'upgrade' again over and over...

 

Just replacing the files I backed up before the upgrade got it back working again so looks like the DB was untouched (luckily)... Could have lost a lot!

 

Dont forget im on IIS

[Paul]

Not sure what since 3.0.3 would cause that on Windows. Anyone else having any trouble?

[Alex]

The upgrade seems to have worked fine for me.

[MemoryX2]

I haven't upgraded yet but I wanted to say I really like how you layed out the security fixes.

The fact that you mentioned their were potential security issues and the fact you fixed them. Well done!

[Paul]

I haven't upgraded yet but I wanted to say I really like how you layed out the security fixes.

The fact that you mentioned their were potential security issues and the fact you fixed them. Well done!

 

Thanks! These were reported to us by Vlad C from NetSec, which we appreciate. We want to be transparent about any security related issues, no matter how small or how large. And, of course, do our very best to write code in such a way that minimizes the potential of any security risk to begin with.

[Michael]

upgraded perfectly  

[MemoryX2]

upgraded perfectly

 

Mine was smooth also. I've upgraded now.

 

@ Paul: Have you seen anymore about the incorrect revenue displayed?

[Paul]

upgraded perfectly

 

Awesome!

 

Mine was smooth also. I've upgraded now.

 

Awesome!

 

@ Paul: Have you seen anymore about the incorrect revenue displayed?

 

I believe it is a time issue. The revenue is correct, just not for the time period you expect. We need to investigate a bit more.

[mitsos]

Just when I finished editing the theme files .

Anyone knows how to upgrade without manually diffing files for changes? Perhaps some steps need to be implemented in blesta to preserve files, or perhaps make a themes folder to keep the customised theme, that does not get overriden with an upgrade. Personally I like the folder approach, since I'm planning on merging css files (I don't like how the colors are separated from the rest of the attributes and would like to keep them all in a single css file for easier management). From my point of use (point of view), I have made numerous changes to the themeing files and blesta cannot be easily distinguished from the looks of the rest of the website. Don't want to loose those, since what I've read so far about an upgrade, says to override all the files with the new unzipped files.

 

Can some developers look into the themes? What would work best for me and others customizing the look would be:

Settings>Company>Themes> Selecting a theme. Each theme should be kept in a different folder, and the upgrade process should ignore user configured themes. What should be in that folder is css files, header and footer (for changing the default header and footer contents). Blesta should then be clever enough to include those files when the page rendering happens.

 

Yes I know that sometimes something could be fixed in the default css/header/footer files and the change needs to be carried over to the customized theme. A security fix (IMHO) should be applied immediatedly, hence the separated files, so the upgrade is something that needs to be installed ASAP. A broken border-radius for example (just saying) can then be looked after in the website's administrator's spare time. A security fix that needs to be installed ASAP and takes down the entire look/formating of the website is not something that will work long term though, so (IMHO) we need a way to preserve the looks and at the same time allowing for the speedy core files upgrade.

 

I hope I'm making sense, if anyone can add anything to this post, please do. If I completely missed something about the upgrade process, please let me know.

 

Thanks all for your time. So far evaluation is going very well, and I'm just a few steps from hitting that order button for a blesta license. After that's done, I'll begin gathering information to make an ispconfig module, since that's what I'm using instead of cpanel. If anyone wishes to take over that task while I'm done mumbling, here's a link to an API example: http://www.howtoforge.com/how-to-create-remote-api-scripts-for-ispconfig-3.

 

Edit: for now I'll be applying the 3.0.0-3.0.4 patch and keep my fingers crossed. Then I'll have to redo my changes documenting each and everyone of them in a file for the future.

 

Edit2: patch seems to have preserved my formatting. Hooray!!! the only things that got changed is the header and footer. Easy fixes so far. Will poke around and see if anything else got changed in ways that it shouldn't.

[Alex]

Perhaps some steps need to be implemented in blesta to preserve files, or perhaps make a themes folder to keep the customised theme, that does not get overriden with an upgrade.

I agree, this would be nice.

[Michael]

All I do is remove the app/views/client/structure.pdt (That is the only file used for integrations) unless you edited any other file yourself.

[Paul]

Thanks for the feedback mitsos, we are definitely interested in making patches easier to install and eliminating, as far as is possible, the need to merge style/template changes. This is something we will most certainly revisit once we get caught up on some highly requested features.

[mitsos]

All I do is remove the app/views/client/structure.pdt (That is the only file used for integrations) unless you edited any other file yourself.

Made changes to the client login page, the structure file, the css files (both for admin and clients). It's a long list of changes.

 

Thanks for the feedback mitsos, we are definitely interested in making patches easier to install and eliminating, as far as is possible, the need to merge style/template changes. This is something we will most certainly revisit once we get caught up on some highly requested features.

Happy to provide feedback. It's what makes us all better

[Michael]

Made changes to the client login page, the structure file, the css files (both for admin and clients). It's a long list of changes.

 

Happy to provide feedback. It's what makes us all better

 

You can not copy the css folder over / login / structure but the login doesn't change much, I've not seen it in the patches, just the structure.

[hostingDifferent-Scott]

Trying to upgrade  now and go to /admin/upgrade and it brings me to the install page and says cannot install unless database is empty. What am I doing wrong?

[Michael]

Trying to upgrade  now and go to /admin/upgrade and it brings me to the install page and says cannot install unless database is empty. What am I doing wrong?

 

Have you overwritten your blesta.php file? config/blesta.php

[Paul]

Does config/blesta.php exist? It should. If not, restore your files from before patching. Then re-patch and ensure that the no files are deleted. Some FTP programs wipe everything when they should just overwrite some files.

[hostingDifferent-Scott]

Got it to work. My ftp program was not only rewriting over the files, but also deleting all the other files. So I had it MERGE and it worked.

 

Now, any ideas how to get domains that are already registered to connect with logicboxes. I had them in now, but they don't communicate with logicboxes at all, though new domains work fine.