Enhancements
Client Manager
– Statement of Accounts
– Client Modules
– Automated domain expiration notices
– Default billing method CC UI improvements
– Service plan list in add/edit service popup now supports auto complete
– Add links to associated data items from the service details page and the service page in an order
– Attachment support for “Email Client Base”
Device Manager
– Create DNS Zone Settings by Brand
– Import DNS Zone from BIND zone files
– Eaton RPP – Power Graphing & Billing Support
– Limit aggregated report requests for switch devices to 250 ports at a time
– Expand number of units supported by Baytech DS72 to 32
Support Manager
– Use Web Storage for incomplete Support Manager compositions
– Add ‘client viewable’ option to support tickets
– Add support for `##owner_email##` to open ticket module and email template CC fields
– Add ticket notification email for when tickets change status
– Add fields to the rules section of ticket escalations
Order Manager
– ‘Find similar client’ order module
– Update `info` and `progress` fields in orders to JSON instead of XML
– Configurable client or admin origin for Open Ticket order module
– Add ‘subject’ to the displayed items in an order ticket
– Update ‘send templated email’ order module to accept variables in its ‘from’ field
– Add ‘Planned Completion’ and ‘Requested Completion’ date fields to orders
– Update open ticket and send templated email order modules to pull custom field data from live client or service
– Allow for customization of ‘Thank You’ order text
API
– Enhance validation in the `client.domain_add` and `client.domain_update` API methods
General
– Two-Factor Authentication
– Support SAML 2.0 Single Sign On
– Add configuration for default country
– Service plan custom data field applicability
– Support external providers for advisory locking
– Add ACL to limit users ability to change the price of a service
– Add gateway support for Commonwealth Bank of Australia
– Add a license details page to setup and admin
– Provide common way to encrypt fields; Encrypt auth module config
– Have secure fields use placeholder instead of mask
– Move invoice.php failure error to main admin dashboard page
Bugfixes
Client Manager
– Notification association search – number of subscribers column
– Catch errors from `_account_setup()` in `cpanel_host`
– 100% discounted services can no longer renew because they’re unbilled
– Discount not calculating correctly for setup fee services
– Resolve error condition encountered when deactivating a client
– Prorating the change in price when editing an unbilled service no longer shows all relevant details
– Auto-proration on end date fails if the service violates account credit restriction
– Fix client module popup to not discard unchanged secure fields
– Modifications to the account statement feature
– `onafteredit()` request array does not include changes to upgrade options
Device Manager
– Add ability to create/update PTR record if none currently exists
– Fix changing graph periods on Rack View
– Fix Connection popup; don’t lose Details when changing Ownership Info
– Fix connection popup; preserve links on client search or error
Support Manager
– Add owner variable to new ticket related event triggers
– Changing Department in Ticket View doesn’t reload metadata
– My Tickets not appearing
– Correct issue related to the ‘CC’ field encountered when a user has no contact permissions
– Signatures missing leading blank line in response
– Client Ticket replies from client interface missing ‘FROM’ information (email address and name)
Order Manager
– Hide client password when adding a new service to existing client on order forms
– Service level coupon codes are being ignored in orders
– Have order pricing pass client id to tax engine
– Remove sensitive data from order confirmation post
Sales Manager
– Tax engine taxes should be shown on quotes, but note that they are subject to change
– Update quote PDF as SWF (client link) font color
– Undefined variable in `client_quote.php`
– Quote services with setup fees only applied to upgrades are not properly totaled in the .pdf
Reports and Stats
– Use `time()` instead of `unix_timestamp()` in “Service Cancellations” report
API
– Backward compatibility with service plan APIs with new global upgrade options
General
– Upgrade Braintree support library
– Fix limit statement in `list_credits()` query
– Check for availability of `mod_headers` during setup
– Add ‘viewable’ to SOLR `schema.xml`
– Fix undefined indexes in `class.service_pricing.php`
– Editing the API variable name of an upgrade returns a fatal error
– Access denied to Edit Service Discount
– Email address not displayed on contact profile page in the client interface
– Stale(?) session locks not always deleted from Zookeeper
– Adjust Two-Factor logic in `admin_add()` and `admin_edit()`
– Running setup via UI broken after twofactor added
– Fix database schema to support `STRICT_TRANS_TABLES`
– Fix “Error loading Authentication Modules” before upgrading
– Ensure cursor is in username field in login screen
– Fix CSS for two-factor login forms
– Fix SAML “SP x509 Private Key” tool tip
– Logging in as contact goes to SAML login
– Fix Optimal gateways to enforce string lengths
Bugfixes
Client Manager
Bandwidth billing module does not honor local discount setting
Invoice PDF file names are inconsistent
class.ticket_billing.php not calculating/reporting ticket times/included time per tier
Add pre-authorization support to CyberSource integration
Invoice date range for services that last 1 day should only show start date
Tax engines need new method to provide tax results with explicit line items indicated
Applying a 100% discount to a $0 setup fee creates an empty service
The invoicedetail service module event is run on disabled modules
Invoices can be credited against more than once
SSL order feature not updating in Ubersmith UI
Enom returns invalid data when attempting to update name servers
The value that replaces ##total_due## in overdue invoice notices is inaccurate
Update add service popup to use “default payment method” instead of the specific default card
“Renew Now” link not functional
Remove conditional deletion of invoice records
Domain Renewal Failure: Call to a member function domain_details() on a non-object
Add dialog box warning when specifying a payment amount more than is due on the invoice
New mailing list member search only shows one page of results
Tax engine taxes are broken on invoice previews
Quick Edit Date picker (Renew Date, Last Renew, End Date, Etc) not working when selecting multiple services
Selecting a department on the email client popup improperly reloads the page
Effective Discount logic
Correct typo in client/ajax.device_module_call.php
Remove role functionality from clients
Successful retried charges do not store the proper last 4 digits of the card that was used
“Include Advanced Search Mail List” on mass mail popup doesn’t work.
Email client base feature is missing
Adjustment credits created when a service is edited should start at a logical time
Auto-prorate should pro-rate to the next chronological month, not based on the start date
Pro-rate service popup doesn’t update balance due in all cases
$ -> & in edit role links on contact_profile.php
Group service edit bugs
Adding an MSA to a client overwrites the default msa file
Undefined index “” in client and sales changelog popup files
Notification association search page rendering issues for large result sets
Notification association search args mismatch
Domain registration handling throwing false fatal errors
Updates to end date based proration
Add configuration option to bandwidth billing module regarding getting a discount from the parent service
Ending a service during a period that has not been invoices creates a credit when it shouldn’t
Backup Billing module shows ‘invalid period’ error in invoice detail.
Remove ‘billable’ request check for port listing when using virtual switch
Device Manager
Check for both ’emulator’ and ‘system’ for virtualized Chef nodes
Viewing Cage linked to client shows all services rather than just clients services
Power devices included in “unracked devices” on rack view
Log changes to device types and type groups
dm_virtualip::summary_api() definition incorrect
F5 BIGIP per-vip graphs non-functional
reboot_client lookup_reboot_unit_port() method is slow
Facility contact notification emails sent too frequently
Location usage report is slow
DNS manager will not delete all records
Inactive Locations cause inconsistencies
Cannot delete devices
DNS Monitor cannot monitor PTR, possibly other records
Bandwidth graph transfer totals don’t respect per-port date ranges
‘Content’ field in dns_zone table needs to be expanded > 255
Correct regex typo in dm_ipmi proxy code
Use of devtype_list() & devtype_info()
Device Manager search not finding all devices
Improper conditions for display of ‘Duplicate Device’ link
Replace the links to device_view.php in admin/devicemgr/rack_view.php with links to view.php
We should handle links to/from deleted devices better
DNS classes call log_device_event() without including devices.inc.php
DNS manager links for add/edit/delete zone missing
Aggregate bandwidth view reports “Not a valid vname…”
Revisit dm_pdu permissions
DEVICE_EVENT device change log popup detail link is malformed
DEVICE_EVENT detail popup has no prev/next links
Errors ignored when saving zone data
device_type methods should return uber_base::error() not PEAR_Error
Preserve search terms when adding/editing connections
Block device deletion if it is part of a connection
Fix bandwidth monitoring edits
Get Bandwidth Monitoring working via device_add()
Finalize Bandwidth Monitoring / Connection Manager relationship
dm_reboot: preg_match() expects parameter 2 to be string, array given
Indicate occupied ports in each link’s port select list
Bandwidth Monitoring switch_port_eth% regex too
Bandwidth Monitoring refinements
Display warning if device label has colon in it
Show switch’s graph when no remote switches involved
Bandwidth Monitoring: get all ports when enabling/disabling
Block creating connection to interface that’s in use
Deleting devices / connections when connection inactive but links are active
Better UX for inactive and deleted connections
Way for connection lists to see inactive connections
Indicate non-active ports in connection edit interface dropdowns
Device Interface list loses chosen status when editing
Enhance switch_port_eth% metadata conversion process
Bad parameter to http_build_query() in class.chef_api.php
Display warning on colons and spaces in interface names
Clients cannot edit PDU outlet descriptions
SSL URL needs to be built properly in DirectAdmin control panel integration
Support Manager
Store basic before/after info for ticket events
Mark all as read ignores the current list and always marks everything as read
Multiple contacts within a client email associations
Ticket Timers should require at least one action
Editing of Time-Tracking on initial comment/reply in support tickets broken
Contact without email interaction with support manager
Slow load times on tickets in instances with high numbers of concurrent users
Unassign tickets in ticket list
Undefined variable $q_id in popup_dept.php
Ticket info preview tooltip jQuery UI issue
Error on delete department – misspelled ticketq_classification table
Saving classifications bug
Fix reversion of invalid classification id
‘My Tickets’ no longer defaults to ALL My Tickets
Linked ticket box collapse fails under Google Chrome
Advanced search fixes for Owner (ticket assignment) against Support Manager
Make Manage Departments page robust
ticket_timer method returns uber_base::error(), not PEAR_Error
Set ticket.disposition for pre-existing tickets
Add template selection support to ticket comments
Don’t use alert/modal for XHR ‘ticket not found’ when presenting linkified ticket content
cron/ticket_timers.php causing session table lockups
Undo device autocomplete in ticket view page
Order Manager
Orders paid by Worldpay link back to broken url
Order manager notification setting should always be set as universal not brand specific
Undefined index: order_queue_id in config_order_forms.php
Incorrect screen refresh when issuing refund via Order Manager
Replies to specific order ticket follow ups ignore people who were cc’d
Onapp order module doesn’t always set the proper custom field.
Order queue creation is not creating the associated resource
Add service id numbers to the service list in the activate services order module
Need error handling for empty order info parameters in order_pricing::credit_summary()
Order form config pages: fix errors, security, HTML
Excessive whitespace in ordermgr/ticket_view.php when an unassociated ticket wants to be associated to a client
Problems encountered when editing a service in an order to a quantity of 0
The activate services order module need to be made smarter about post-renew services
Ensure pack prorate_date > $last_date in order::save()
Sales Manager
Fix issues with Sales Quoting
100% discounted setup fees do not appear in quote contracts
Remove stray trigger_error() from class.quote.php
Secure acceptance blocks signing quote without entering new credit card
Orders generated from a quote always charge the default payment method
Allow Quoting value ignored when adding a service plan
Undefined constant error when adding lead via Sales Manager
Account Mgmt tab broken in Sales Manager
Fix permission checks in admin/salesmgr/client_menu.php
CyberSource secure acceptance JS causes quote submission to hang
Undefined index in view leads
Sales Manager’s Add Lead success message says “Array”
Email contact link missing in Sales Manager’s Lead Contacts page
Reports and Stats
Download CSV link on starts calendar page loads the full month of data
Update Support Manager reports to use admin_initial_response
Service Status report errors
Top customers report should be brand specific
Update normalized_billed.php to use new address class
The global outstanding services report never displays a suspend or cancel on date
Tweaks to the Expired Credit Cards report
Sort by ‘days past due’ broken on Aged Invoices report
Prevent memory exhaustion by report_permission_users.php
Appliance
Appliance’s update.php writes a session to disk when run interactively, shouldn’t
Extend appliance timeout
Add Gigabit ethernet support to HP Procurve driver
Fix permission handling in config_abi.php
Undefined property $snmpv in device_tripplite classes
Rework appliance response error checking
Remove appliance call to bugs.ubersmith.com for error reporting
API
support.ticket_count doesn’t accept client_id
Support passing owner=0 when editing devices
Undefined index “value” when creating client/contact via API
API 2.0 client.quote_get failure
Example API output for device.monitor_list is not helpful
Service Plan get API function needs better brand handling
“list” API calls need a few parameters documented
Add undocumented parameters to device.ip_assignment_add API method
Change version number at the top of the API documentation pdf
client.contact_update does not properly support active param
Error in device.vlan_get_available
support.ticket_post_list doesn’t stream response
order.respond API function doesn’t email attachments
Suretax not being factored into orders submitted via the API
Update Authnet CIM integration to allow for tokens to be passed directly via the API
client.contact_add & client.contact_update should fail if improper roles or acls are provided
API response streaming handling of objects
Bugs in new service plan api scripts
Credit Card refunds processed through the API always use the default brand’s gateway config
device.get – error: json_encode(): recursion detected
Update client.cc_add to require either cc_num or cc_token
Adjust API for deleting connections
Better logging for API auth failures, to aid brute force detection
client.service_update not updating the cost of the pack
Clarify “pricing” API parameter description
Service plan api no longer return the correct cost due to discount change
General
Cybersource Partial VOID not supported
Add custom fields to event triggers
New admin users are not sent password notifications
Add some method to clear invoice PDFs out of /tmp
Address possible CSRF vulnerabilities
Remove old credit cards
Custom data uniqueness check includes deleted items
Enforce password rules when setting passwords administratively
Cannot use string offset as an array
uber_base should implement to_xmlnode()
Extend timeout for search_prune.php
Audit of the advanced search
Fatal error in database upgrade process in setup
Undefined index payment_number
dit_client() doesn’t check result of acl_create_client()
Fix error handling for ticket_split()
DSN socket is not being handled properly during setup
ubersmith.admin_priv_timeout not set on fresh uber install
LDAP login should bail out if a user can not be created
Issues related to the implementation of CSRF protection
Fatal error in setup: undefined function timer_reset()
Remove configuration option that allows for CVV2 Storage
Coalfire Penetration Testing / Security updates
Remove debugging call to trigger_error
Correct event_trigger.php bug trigger
Make the spelling of ‘canceled’ more consistent throughout Ubersmith
Better handle ‘non-fatal’ fatal errors
Handle ereg deprecation
Duplication of CSRF key/token fields causes form authentication problems
“headers already sent” for cron jobs / enhance uber_interface()
Correct fatal error undefined function get_iso_countries()
Remove s* fieldtypes from Solr schema
Don’t ask TCPDF to render tables without rows
Undefined index: SERVER_ADDR
Advanced search: “before” dates should be > 0
Fix metadata config and make method for creatingentities
Only add “ORDER BY” if fields exist
Undefined index error in class.uber_search_document.php
Upgrade NuSOAP
Undefined function acl_create in awesom_misc.php
ACL display bug triggered
Advanced search result insufficient permission checks
uber.check_login broken
Newly installed instance creates a user with no access
Cannot use reset() or end() on dbresult_iterator objects
Global “List Items” setting is not saved properly
Number of admins listed on the user management page never changes
Undefined index midnight in new_inv_initialize()
re-add mimeDecode package
PEAR module HTML_Quickform causing Fatal error
clean up error messaging in mail.inc.php
“Undefined variable: key” in class.gui.php line 160
Update CLIENT.created when a lead is made a full client
fix error strings in comments.inc.php
Changing upgrade option on edit package results in an additional database row
Track down IE8 incompatibility in admin/config/popup_dept.php
Correct permission restriction for config_authentication.php
error: json_encode(): recursion detected
Database updates introduced in ticket #3641/4249 fail
Add indexes to metadata_config.variable and metadata_values.value
SQL error in updatedb from #4348
Decoding of UTF-8 headers fails using updated PEAR/Mail
Links to hidden fields and form wizard unintentionally removed from the advanced form editor
Fix “action” formatting in logevent() calls
frame_comments duplicate permission checks
Global upgrade backward compatibility issues.
popup_user_info_brand.php fixup
User access CSV output does not include actual access settings
Mass Mail from advanced search doesn’t work
Ignore ajax errors where needed
Ensure remaining front end ajax calls are secure
HTML and AJAX safety in modules
Undefined variable ‘discount’
Error on upgrade script when migrating discounts
Make drag and drop actions safe & translate “Note” text consistently
Prevent updatedb from creating duplicate connections
HTML safety in client/order_response.php
Error when copying a service plan from the admin screen
Need to add po_data to the global in addition to plan level
AJAX and JS safety in popup_duplicate_sp_item.php
AJAX / HTML safety and correct error strings in popup_add_plan_option.php
Notices in cybersource_token backend
Audit / fix SERVER_NAME & HTTP_HOST usage to protect against Host header injection
Truncate dc_notes to 2048 characters in PayJunction? gateway
Fix fatal error and translation in setup
Deactivated plans show up on the assign upgrade popup window
Welcome to Ubersmith wizard does not respect language choice in Command Line PHP step
Stop user / email disclosure in password reset
Undefined variable: classify_ajax
Failed SQL query when upgrading to latest trunk
Advanced search not showing all client’s services
HTML safety displaying warnings, notices, success when $is_html is true
E_STRICT, E_DEPRECATED fixes & Upgrade jpgraph, FPDI, PEAR, DB, HTML_QuickForm
Disable XML parsing of external entities
Filtered total link on the payments received report always uses the current time for its end date
Missing discount fields on edit service causes UI miscalculation
Undefined index on uber.plan_option_list call and missing documentation of uber.plan_option_assign parameter
Update logo in product
Remove the requirement of plan_id for edit_pack on updates with price changes
Add service discount log
Fix the ability for users to add cards to cybersource
Remove debug statement from include/class.authentication_module.php
Address SQL injection potential in include file
ext_log should ignore “file” if file is not writable
Upgrade from Net_DNS to Net_DNS2
Undefined variable: field in uber_search_solr.inc.php
Function signature incompatibilities in uber_search_zend_lucene.inc.php
Remove unnecessary parameters from module methods
Sanitize SERVER_NAME usage in ubersmith & appliance
Remove preg_replace() with “e” modifier
Assigning the return value of new by reference is deprecated in PEAR::Auth
Updating token error
E_STRICT from cron/invoice.php
Make typemap methods static
Remove old order form wizard code
PEAR mimeDecode uses /e modifier for preg_replace
Get rid of last preg_replace /e uses
Fix fatal error when saving service taxes
Add priority ordering of options within a service plan
Upgrade of 3.1 database to 3.2 codebase is broken (re device_info())
Fix colspan for admin/config/log.php
E_STRICT fixes for cp_host files
Update _check_tld to have an upper bound of 63 characters, the limit imposed by the DNS RFC
Fix brand recognition in sb->execute
Update Ubersmith and Uberlicense PKI
Update Stripe Gateway to properly support pre-auth and capture
Fix token handling for Braintree
Admin count reports active and deactivated users to the licensing system
Fix limit statement in list_credits() query