Browse Source

Bug 28959: Fix other cases

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
21.11/bug30761
Tomás Cohen Arazi 1 year ago
committed by Jonathan Druart
parent
commit
d821cf9c9c
  1. 6
      koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt
  2. 6
      opac/opac-shareshelf.pl
  3. 8
      t/db_dependent/selenium/regressions.t
  4. 16
      virtualshelves/addbybiblionumber.pl

6
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt

@ -16,10 +16,10 @@
<li class="breadcrumb-item"><a href="/cgi-bin/koha/opac-user.pl">[% INCLUDE 'patron-title.inc' patron = logged_in_user %]</a></li>
[% END %]
<li class="breadcrumb-item">
[% IF shelf.category == 1 %]
<a href="/cgi-bin/koha/opac-shelves.pl?op=list&amp;public=0">Your lists</a>
[% ELSE %]
[% IF shelf.public %]
<a href="/cgi-bin/koha/opac-shelves.pl?op=list&amp;public=1">Public lists</a>
[% ELSE %]
<a href="/cgi-bin/koha/opac-shelves.pl?op=list&amp;public=0">Your lists</a>
[% END %]
</li>
<li class="breadcrumb-item active">

6
opac/opac-shareshelf.pl

@ -81,7 +81,7 @@ sub _init {
$shelf = Koha::Virtualshelves->find( $shelfnumber ) unless $param->{errcode};
$param->{shelfname} = $shelf ? $shelf->shelfname : q||;
$param->{owner} = $shelf ? $shelf->owner : -1;
$param->{category} = $shelf ? $shelf->category : -1;
$param->{public} = $shelf ? $shelf->public : 0;
load_template($param);
return $param;
@ -128,7 +128,7 @@ sub show_accept {
# You must not be the owner and the list must be private
if( !$shelf ) {
$param->{errcode} = 2;
} elsif( $shelf->category == 2 ) {
} elsif( $shelf->public ) {
$param->{errcode} = 5;
} elsif( $shelf->owner == $param->{loggedinuser} ) {
$param->{errcode} = 8;
@ -264,7 +264,7 @@ sub check_owner_category {
#sharing user should be the owner
#list should be private
$param->{errcode} = 4 if $param->{owner} != $param->{loggedinuser};
$param->{errcode} = 5 if !$param->{errcode} && $param->{category} != 1;
$param->{errcode} = 5 if !$param->{errcode} && $param->{public};
return !defined $param->{errcode};
}

8
t/db_dependent/selenium/regressions.t

@ -179,7 +179,7 @@ subtest 'XSS vulnerabilities in pagination' => sub {
{
class => 'Koha::Virtualshelves',
value => {
category => 2,
public => 1,
allow_change_from_owner => 1,
allow_change_from_others => 0,
owner => $patron->borrowernumber
@ -193,7 +193,7 @@ subtest 'XSS vulnerabilities in pagination' => sub {
$patron->set_password({ password => $password });
$s->opac_auth( $patron->userid, $password );
my $public_lists = $s->opac_base_url . q|opac-shelves.pl?op=list&category=2|;
my $public_lists = $s->opac_base_url . q|opac-shelves.pl?op=list&public=1|;
$driver->get($public_lists);
$s->remove_error_handler;
@ -202,7 +202,7 @@ subtest 'XSS vulnerabilities in pagination' => sub {
is( $alert_text, undef, 'No alert box displayed' );
my $booh_alert = 'booh!';
$public_lists = $s->opac_base_url . qq|opac-shelves.pl?op=list&category=2"><script>alert('$booh_alert')</script>|;
$public_lists = $s->opac_base_url . qq|opac-shelves.pl?op=list&public=1"><script>alert('$booh_alert')</script>|;
$driver->get($public_lists);
$s->remove_error_handler;
@ -211,7 +211,7 @@ subtest 'XSS vulnerabilities in pagination' => sub {
is( $alert_text, undef, 'No alert box displayed, even if evil intent' );
my $second_page = $driver->find_element('//div[@class="pages"]/span[@class="currentPage"]/following-sibling::a');
like( $second_page->get_attribute('href'), qr{(?|&)category=2(&|$)}, 'The second page should display category without the invalid value' );
like( $second_page->get_attribute('href'), qr{(?|&)public=1(&|$)}, 'The second page should display category without the invalid value' );
push @cleanup, $patron, $patron->category, $patron->library;

16
virtualshelves/addbybiblionumber.pl

@ -44,9 +44,9 @@ addbybiblionumber.pl
if this parameter exists, then it must be equals to the name of the shelf
to add.
=item category
=item public
if this script has to add a shelf, it add one with this category.
if this script has to add a shelf, it adds one with this 'public' setting.
=item newshelf
@ -69,7 +69,7 @@ my $query = CGI->new;
my $shelfnumber = $query->param('shelfnumber');
my $newvirtualshelf = $query->param('newvirtualshelf');
my $newshelf = $query->param('newshelf');
my $category = $query->param('category');
my $public = $query->param('public');
my $sortfield = $query->param('sortfield');
my $confirmed = $query->param('confirmed') || 0;
my ( $errcode, $authorized ) = ( 0, 1 );
@ -95,7 +95,7 @@ if ($newvirtualshelf) {
Koha::Virtualshelf->new(
{
shelfname => $newvirtualshelf,
category => $category,
public => $public,
sortfield => $sortfield,
owner => $loggedinuser,
}
@ -149,21 +149,21 @@ if ($newvirtualshelf) {
} else {
my $private_shelves = Koha::Virtualshelves->search(
{ category => 1,
owner => $loggedinuser,
{ public => 0,
owner => $loggedinuser,
allow_change_from_owner => 1,
},
{ order_by => 'shelfname' }
);
my $shelves_shared_with_me = Koha::Virtualshelves->search(
{ category => 1,
{ public => 0,
'virtualshelfshares.borrowernumber' => $loggedinuser,
allow_change_from_others => 1,
},
{ join => 'virtualshelfshares', }
);
my $public_shelves = Koha::Virtualshelves->search(
{ category => 2,
{ public => 1,
-or => [
-and => {
allow_change_from_owner => 1,

Loading…
Cancel
Save