Details
-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 5.1.2
-
Component/s: None
-
Labels:None
Description
From a client in the ticket system
If a client enables 2-factor authentication in its Blesta account, Google Authenticator does not show Issuer information.
in blesta/app/views/client/bootstrap/client_main_edit.pdt
Below code
<img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo $this->Html->safe('otpauth://totp/' . urlencode($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' . $this->Html->ifSet($two_factor_issuer));?>" alt="" />
should be<img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo urlencode('otpauth://totp/' . $this->Html->safe($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' .$this->Html->safe($this->Html->ifSet($two_factor_issuer)));?>" alt="" />
which encodes chs parameter correctly.In current situation, issuer information cannot be parsed from authenticator application because &issuer= changed to `&issuer='.