Koha-community
/
Koha
13
5
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Bug 28959: Fix other cases 

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
21.11.x
Tomás Cohen Arazi 3 years ago
committed by Jonathan Druart
parent
35d03d6cf6
commit
d821cf9c9c
4 changed files with 18 additions and 18 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt
  2. 6
      opac/opac-shareshelf.pl
  3. 8
      t/db_dependent/selenium/regressions.t
  4. 16
      virtualshelves/addbybiblionumber.pl

6
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt
View File

@ -16,10 +16,10 @@
<li class="breadcrumb-item"><a href="/cgi-bin/koha/opac-user.pl">[% INCLUDE 'patron-title.inc' patron = logged_in_user %]</a></li>
[% END %]
<li class="breadcrumb-item">
[% IF shelf.category == 1 %]
<a href="/cgi-bin/koha/opac-shelves.pl?op=list&amp;public=0">Your lists</a>
[% ELSE %]
[% IF shelf.public %]
<a href="/cgi-bin/koha/opac-shelves.pl?op=list&amp;public=1">Public lists</a>
[% ELSE %]
<a href="/cgi-bin/koha/opac-shelves.pl?op=list&amp;public=0">Your lists</a>
[% END %]
</li>
<li class="breadcrumb-item active">

6
opac/opac-shareshelf.pl
View File

@ -81,7 +81,7 @@ sub _init {
$shelf = Koha::Virtualshelves->find( $shelfnumber ) unless $param->{errcode};
$param->{shelfname} = $shelf ? $shelf->shelfname : q||;
$param->{owner} = $shelf ? $shelf->owner : -1;
$param->{category} = $shelf ? $shelf->category : -1;
$param->{public} = $shelf ? $shelf->public : 0;
load_template($param);
return $param;
@ -128,7 +128,7 @@ sub show_accept {
# You must not be the owner and the list must be private
if( !$shelf ) {
$param->{errcode} = 2;
} elsif( $shelf->category == 2 ) {
} elsif( $shelf->public ) {
$param->{errcode} = 5;
} elsif( $shelf->owner == $param->{loggedinuser} ) {
$param->{errcode} = 8;
@ -264,7 +264,7 @@ sub check_owner_category {
#sharing user should be the owner
#list should be private
$param->{errcode} = 4 if $param->{owner} != $param->{loggedinuser};
$param->{errcode} = 5 if !$param->{errcode} && $param->{category} != 1;
$param->{errcode} = 5 if !$param->{errcode} && $param->{public};
return !defined $param->{errcode};
}

8
t/db_dependent/selenium/regressions.t
View File

@ -179,7 +179,7 @@ subtest 'XSS vulnerabilities in pagination' => sub {
{
class => 'Koha::Virtualshelves',
value => {
category => 2,
public => 1,
allow_change_from_owner => 1,
allow_change_from_others => 0,
owner => $patron->borrowernumber
@ -193,7 +193,7 @@ subtest 'XSS vulnerabilities in pagination' => sub {
$patron->set_password({ password => $password });
$s->opac_auth( $patron->userid, $password );
my $public_lists = $s->opac_base_url . q|opac-shelves.pl?op=list&category=2|;
my $public_lists = $s->opac_base_url . q|opac-shelves.pl?op=list&public=1|;
$driver->get($public_lists);
$s->remove_error_handler;
@ -202,7 +202,7 @@ subtest 'XSS vulnerabilities in pagination' => sub {
is( $alert_text, undef, 'No alert box displayed' );
my $booh_alert = 'booh!';
$public_lists = $s->opac_base_url . qq|opac-shelves.pl?op=list&category=2"><script>alert('$booh_alert')</script>|;
$public_lists = $s->opac_base_url . qq|opac-shelves.pl?op=list&public=1"><script>alert('$booh_alert')</script>|;
$driver->get($public_lists);
$s->remove_error_handler;
@ -211,7 +211,7 @@ subtest 'XSS vulnerabilities in pagination' => sub {
is( $alert_text, undef, 'No alert box displayed, even if evil intent' );
my $second_page = $driver->find_element('//div[@class="pages"]/span[@class="currentPage"]/following-sibling::a');
like( $second_page->get_attribute('href'), qr{(?|&)category=2(&|$)}, 'The second page should display category without the invalid value' );
like( $second_page->get_attribute('href'), qr{(?|&)public=1(&|$)}, 'The second page should display category without the invalid value' );
push @cleanup, $patron, $patron->category, $patron->library;

16
virtualshelves/addbybiblionumber.pl
View File

@ -44,9 +44,9 @@ addbybiblionumber.pl
if this parameter exists, then it must be equals to the name of the shelf
to add.
=item category
=item public
if this script has to add a shelf, it add one with this category.
if this script has to add a shelf, it adds one with this 'public' setting.
=item newshelf
@ -69,7 +69,7 @@ my $query = CGI->new;
my $shelfnumber = $query->param('shelfnumber');
my $newvirtualshelf = $query->param('newvirtualshelf');
my $newshelf = $query->param('newshelf');
my $category = $query->param('category');
my $public = $query->param('public');
my $sortfield = $query->param('sortfield');
my $confirmed = $query->param('confirmed') || 0;
my ( $errcode, $authorized ) = ( 0, 1 );
@ -95,7 +95,7 @@ if ($newvirtualshelf) {
Koha::Virtualshelf->new(
{
shelfname => $newvirtualshelf,
category => $category,
public => $public,
sortfield => $sortfield,
owner => $loggedinuser,
}
@ -149,21 +149,21 @@ if ($newvirtualshelf) {
} else {
my $private_shelves = Koha::Virtualshelves->search(
{ category => 1,
owner => $loggedinuser,
{ public => 0,
owner => $loggedinuser,
allow_change_from_owner => 1,
},
{ order_by => 'shelfname' }
);
my $shelves_shared_with_me = Koha::Virtualshelves->search(
{ category => 1,
{ public => 0,
'virtualshelfshares.borrowernumber' => $loggedinuser,
allow_change_from_others => 1,
},
{ join => 'virtualshelfshares', }
);
my $public_shelves = Koha::Virtualshelves->search(
{ category => 2,
{ public => 1,
-or => [
-and => {
allow_change_from_owner => 1,

Write Preview
Loading…
Cancel
Save