Paul

What is its location? Also, your temp directory is set and writable, correct?

I think it would be good to be able to see if a PayPal account from which payment was made is verified or not, and possibly be able to put orders on hold that were paid with unverified accounts. If nothing else, it's one more tool in the bucket when reviewing an order for possible fraud.

Make sure you have the mysqldump binary on your server, mysqldump is used to generate the backup.

No need to run an upgrade script, since you are just moving from 2.5.4 with SG to 2.5.4 with Ioncube.. same version.

All files included in the zip should overwrite your existing files. The zip should not contain your config file, which is in inc/config.php. It's important that your FTP program not delete everything, and then upload the files, otherwise your config file will be gone and it will act like you're doing a fresh installation. Again, back up everything first.

Thanks for the report. Can anyone else confirm?

You should switch to the Ioncube version, I believe SG has problems with PHP 5.4. You also may need an updated b-invoices.php (I think this is the one) file for proper PDF invoice creation. Try opening a PDF invoice first, and if you get an error open a ticket or just email me at sales and include the error and I'll forward you the right file. Back up everything, files + database before doing anything.. and then just overwrite your files with the ioncube version on this page https://account.blesta.com/client/plugin/download_manager/client_main/index/1/

We are planning to add an export/import feature for universal module products. This will allow you to import products created by others, and essentially clone existing ones. Email notification for the universal module product is for admins. Clients are notified through the package welcome email. This should be used for provisioning purposes, to notify the right person of the order so they can manually provision if not using the API using a POST URL.

You associate addons to services by creating an addon package group for which your addon services belong, and assigning one or more parent groups to the addon package. This associates the addon group to a standard group, and any packages within that addon group will become available addons to those in the associated standard group.

Just an update, this has been completed for 3.1.

google.com does

Computationally it's becoming more and more feasible. A lot of websites now force SSL. More people use SFTP instead of FTP for file transfers. More people check and send email securely now (it's a requirement for all of us here). Sure, there are some services that may not necessarily benefit from encryption, or where encryption may be too expensive to implement due to processing power. BGP may be a good example of that. I'm not arguing that there should be any laws or regulations to enforce encryption and I don't think those would pass anyway, governments love to get their hands on information. I always argue against such regulations. But, I think that people are becoming more and more security conscious, and that the result is that more and more traffic is becoming encrypted. I think that's a good thing.

It does seem to reinforce the idea that encryption is increasingly necessary, and not just for the most sensitive information. An Internet where virtually all traffic is encrypted is one that I think we're necessarily heading towards. Necessity drives innovation, and I think it'll happen naturally.

Issued

There probably should have been a unit test for this, point taken. We may have been able to discover and resolve the issue sooner. But lets look at what happened.. 10:15am issue reported 4:37pm hotfix issued

I have confirmed Google has changed the URL and I have assigned this to CORE-879 so we can take a look into it. Thanks for the report!

I saw this article mentioned in the ARIN mailing list recently, and found it quite interesting. http://www.renesys.com/2013/11/mitm-internet-hijacking/ Apparently, route hijacking has been on the rise in 2013. Worth the read if you have a few minutes.

I know, crazy huh.. our old forum was vbulletin 3.7, which apparently isn't affected. I never could get myself to upgrade to v4 or v5, and opted to go a different route.

Restarted the server running the forums this afternoon (around 4pm pacific time) and it wouldn't come back up.. kernel panic. ugh So, I had to restore it and we may have lost a few posts, as the most recent backup was apparently corrupt.. so the one from an hour previous was restored. We back up the forums every hour, with significant retention, and I'm considering backing up more frequently. The client area is on another server, so completely unaffected.. and that one is backed up more frequently. If we lost one of your posts, sorry about that. I'm guessing we may have lost a couple.

Disabling CSRF tokens on the login page is just a configuration file change, and will eliminate CSRF as an obstacle to logging in in a non-standard way.

There is an ongoing discussion on this here -- http://www.blesta.com/forums/index.php?/topic/1480-login-with-curl-to-blesta/

Looks good, nice work! Doesn't seem to be any call records for any of the services, so can't test all functionality but it's looking really nice.

Settings are inherited, though I don't think this would work here, but you can give it a try. You could try adding 2 rows to the company_settings table. 1. key: maintenance_mode value: true (or false) 2. key: maintenance_reason value: We are currently undergoing maintenance (or whatever you want it to say) Make sure the company_id is correct, and encrypted is 0. Try this at your own risk, I'm doubtful it will work.

If other emails are going out, then the content of this template may have issues. Check to make sure there are no invalid tags in the template in either the html or text sections. Also, make sure Settings > Company > Automation > Payment Reminders is checked, and scheduled to run at a certain time. You can cross reference the cron log under Tools > Log for this time, and see if an attempt to run it was made.

Not yet. A lot of the work has been done for a while, but there are some things we need to finish up after 3.1.