This patch is a little fix for a much bigger hidden issues.
The original issue:
1. Set the firstname and surname values of a paontr to utf-8 characters
("wide characters"), for instance 月月
2. Use this patron to login at the staff interface
=> In the header the logged in patron's info (concat of firstname and
surname) are displayed correctly
3. Hit whatever link
=> In the header the info are now displayed incorrectly
("ææ")
What happens?
After that the user loggin, loggedinusername is set with the value from
the DB (borrowers.userid)
On next hits it is picked from the session (which contains the decoded
utf8 value, see first lines of C4::Context->set_userenv)
From C4::Auth::checkauth:
834 $s_userid = $session->param('id') // ''
The quick fix is to use the logged_in_user variable in the template, but
it seems that issues may occurred if external authentication is used
(ldap, shib, cas). Could someone test this?
Test plan:
Make sure the original issue is fixed
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Allow translating the notification saying you cannot change branch or
logout while offline.
Test plan:
1) Enable AllowOfflineCirculation
2) Go to Home -> Circulation -> Built-in offline circulation interface
3) Try to change your branch. Note the notification message
4) Apply patch, install language, translate the notification
5) Repeat 2 and 3 in that language. The message should be translated
Signed-off-by: Pasi Kallinen <pasi.kallinen@joensuu.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch corrects markup errors in header.inc which introduced by
Bug 19851. For id attributes on <span>s have been replaced with classes,
eliminating an HTML validator error about duplicate ids.
Minor unrelated change: Updated an element's id with a more descriptive
name.
Test plan the same as Bug 19851's:
- Log in to the staff client and confirm that the appearance of the
menu bar at the top of the screen looks correct at various browser
widths.
- Confirm that the logged-in user menu label and help link expand and
collapse according to browser width.
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Fix for QA: Corrected ID reference in circ/offline.tt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client offline circulation templates so
that JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
Circulation -> Built-in offline circulation interface
-> Synchronize
-> Download records
-> Check out
-> Check in
-> Synchronize
-> Upload transactions
-> Pending offline circulations
-> Check all, uncheck all
-> Delete
-> Process
Circulation -> Upload offline circulation data
-> Upload .koc file (gerated by the Koha Offline Circulation program,
for instance).
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Before this patch, the user was still allowed to enter a valid date.
Now, if the date is not valid, the input is emptied.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In order to remove accessibility issues due to the readonly attributes
on date inputs, this patch will remove them and introduce a javascript
validation on them.
This patch is not perfect for some reason:
I didn't manage to force the user to select a valid date. One solution
would be to reopen the datepicker plugin until a valid date is inserted.
But it could be annoying for users (and for me: I did not manage to
implement this solution).
You will note that input is emptied if the date is not valid. This is a
quick and efficient solution to prevent submitting invalid date and make
Koha explodes. A proper solution would be to implement the check server
side send a friendly message to the user.
Test plan:
For all inputs, try an invalid and a valid date.
1/ Debar a patron
2/ On the checkout tables (circulation and moremember), add a renewal
due date (at the bottom of the tables)
3/ On the checkout page, specify a due date
4/ On the return page, specify a return date
5/ On the invoice page (acquisition module), enter a shipment and
billing date
6/ On the invoice search page (invoices.pl) use filters shipment and
billing dates
7/ On the offline circ page, specify a due date
8/ On the edit patron page (memberentry), add a debarment
9/ On the reserve page (reserve/request.pl), use the date inputs to
suspend until a defined date
10/ Edit patrons in a batch (tools/modborrowers.pl) and use the
registration and expiry date inputs
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Correcting to a file I missed: circ/offline.tt. This patch corrects the
path to offlinecirc.js.
To test, go to Circulation -> Built-in offline circulation interface.
There should be no errors in the console warning of missing files. The
"Check out" link should work correctly.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
File missed was fixed
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
We should be using Font Awesome for our icons instead of Glyphicons, for
the reasons discussed on bug 13696.
Test Plan:
1) Apply this patch
2) Note all Glyphicons have been replaced with FA icons in the staff intranet
3) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/modules/
should give no results
4) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/includes/
should give no results
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
We need a follow-up to cover the files changes since this
patch was written. Especially to cover the changes in the
label creator modules.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In koha-tmpl/intranet-tmpl/prog/en/modules/circ/offline.tt
- Cleaned up the HTML's missing </div>'s
- Corrected the autobuffer attribute to the newer preload one
- Added into empty title, since it will get replaced
TEST PLAN
---------
1) Run the circ/offline.pl page source through an HTML validator
-- should get a few warnings
2) Apply patch
3) Recheck page source (confirm your page isn't cached!)
-- should be clean
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Improves HTML validity, no regressions found.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
http://bugs.koha-community.org/show_bug.cgi?id=12150
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No bug number on description
No commit message
No test plan
No koha-qa errors
I only signed this because it's useful for translations
but we can live without it, so is up to QA now
Tested some easy messages (e.g. syspref saving), and
updated PO files to check new strings.
Inspected the code, I think that there are no errors.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Currently translating Javascript strings with variables in them is hard,
because the strings are created from separate parts. For example:
_("Are you sure you want to delete the") + " " + count + " " +
_("attached items?")
This is translated in two different parts, and the translator cannot
affect the place where the count-variable is.
Now, if the javascript strings allowed placeholders, similar to how the
template strings do, the above could be written as:
_("Are you sure you want to delete the %s attached
items?").format(count)
This would make translation much easier.
Attached patch adds a Javascript string formatter, and changes all the
concatenated translatable JS strings used in intranet to use that.
To test:
1) cd misc/translator
2) perl translate update xx-YY
3) grep ^msgid po/xx-YY-i-staff-t-prog-v-3006000.po | sort | uniq >
xx-YY-pre
4) apply patch
5) perl translate update xx-YY
6) grep ^msgid po/xx-YY-i-staff-t-prog-v-3006000.po | sort | uniq >
xx-YY-post
7) compare the files: diff -Nurd xx-YY-pre xx-yy-post | less
should show the javascript strings that changed.
8) Test the UIs where the formatted js strings are used.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I tested *most* of the changed files. There were some instances where it
wasn't clear to me how to trigger the warnings which were modified,
especially tags/review.tt, admin/manage-marc-import.tt, and holidays.tt.
Everything I was able to test worked correctly.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely, no regressions found. Thx!
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
We handle internationalization of the jQuery datepicker by adding
language configuration strings to calendar.inc which can be processed by
the translation script. This patch adds a similar configuration file for
the timepicker.
This patch also upgrades the timepicker plugin to the latest version,
minified, and places it outside the prog template directory for global
use. The path in templates has been updated accordingly.
CSS has been added to more completely hide the controls for seconds,
milliseconds, and microseconds.
To test, apply the patch and clear your cache so that the browser
loads the new version of the jQuery plugin. Confirm that date and time
selection still function correctly on the circulation page, the patron
detail page, and the offline circulation page (circ/offline.pl).
Test at least one datepicker instance which does not use the
timepicker.
Run translate update on a po file and confirm that the timepicker
strings are now present.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Works as expected, no regression found.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
At some point in rebasing I managed to remove the part of the code
that saved fine payments. This patch re-adds that feature. This patch
also corrects the label on the check out tab to not mention partial
names for checkouts when offline, and partial name searches are not
supported in offline circ.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch improves the alert messages to be slightly better English
and warns the librarian if a patron's card has expired. Like all alerts,
this is non-fatal since in the case of network failure there is no
particular reason to expect that the offline database is current.
To test this particular patch you can try checking something out to an
expired patron, otherwise test plan remains the same as above.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Logging out/setting the library does not work while using offline
mode, so it makes no sense to present those options to the user.
Much better is some sort of explanatory message informing them that
those two links don't work.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Fix the following two issues:
1) After paying a fine when offline the fine amount becomes NaN.
2) For previous checkouts for a patron, the title and barcode
fields have the wrong infomation in them (i.e. they have been swapped)
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
When uploading transactions, we were not checking that authentication
had succeeded before deleting the transactions from the local database.
That was bad. With this patch, we check. That is good.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Address the following issues:
1/ Address minor qa issues with the templates:
FAIL koha-tmpl/intranet-tmpl/prog/en/modules/circ/offline-mf.tt
FAIL forbidden patterns
forbidden pattern: intranet-tmpl should certainly
replaced with [% interface %] (line 24)
[etc.]
OK tt_valid
OK valid_template
FAIL koha-tmpl/intranet-tmpl/prog/en/modules/circ/offline.tt
FAIL forbidden patterns
forbidden pattern: intranet-tmpl should certainly
replaced with [% interface %] (line 509)
[etc.]
FAIL tt_valid
lines 5, 5
2/ Run perltidy on new scripts
3/ download.pl returns data.finished = 1 if number of returned
data < 5000 (avoids 1 ajax call)
4/ Replace qq{} around sql queries with q{}
Also, a race condition existed that resulted in pending transactions
only getting deleted from the local database in certain circumstances
(fast connections under Chrome, mostly). This patch fixes that so that
successfully-uploaded transactions are always deleted.
This patch also addresses Jonathan's suggestion:
3/ add a message on check in (currently the input becomes empty but the
user is not informed).
... and Magnus's suggestion about moving the Synchronize link to the
right on the homepage.
Also, this addresses the further issues Jonathan noted:
- The tab of checkouts always shows "*0* Checkouts"
- If I am not well-educated, I click on the "Check out" link on the
offline home page, I enter a barcode, click on "Check out" and I get a
js error (without user message): "TypeError: curpatron is undefined"
(with chromium I get: Numeric transaction modes are deprecated in
IDBDatabase.transaction. Use "readonly" or "readwrite").
- There is a "border-right" css rule on the h5.patron-title. It is
display when there is no patron selected) [really minor!].
- tables are displayed even if there is no data
- The "Clear screen" link (X) points to an old script:
circ/offline-circulation.pl
- There is a warning when clicking on the "Synchronize" link when the
user is offline, but not for the "Pending offline circulation actions"
link.
- Still exists:
> The "Checked in item." message text never disappear (even if I go on the
> offline home page (circ/offline.pl#offline-home)).
Finally, this patch adds a link to the Pending offline operations page
on the synchronize page for easier navigation.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch adds an HTML5-based offline mode to Koha's existing
circulation module, allowing librarians to check out items using a
basically familiar interface. The feature will be implemented using
the Application Cache and IndexedDB features of the HTML5 specification,
both of which are fully supported on Firefox 10+ and Chrome 23+, with
limited support going back to Firefox 4 and Chrome 11. The basic
workflow enabled by this patch is as follows:
Part 1: While connected to the Internet
1. Enable offline functionality by turning on the
"AllowOfflineCirculation" system preference.
2. Sync the offline circulation database on the computer that will be
used for offline circulation by following the "Offline circulation
interface" link on the Circulation home page, choosing "Synchronize (must be online)",
and clicking the "Download records" button. This process may take a while.
3. Bookmark /cgi-bin/koha/circ/offline.pl (the page you are currently
on) for easy access when offline.
Part 2: While disconnected from the Internet
4. Navigate to /cgi-bin/koha/circ/offline.pl using the bookmark you
created while online.
5. Start checking books in by scanning the barcode of an item that has
been returned into the box in the "Check in" tab.
6. Scan the barcodes of any additional items that have been returned.
7. Start checking out books to a patron by scanning the patron's barcode
in the box in the "Check out" tab.
8. Set a due date (the "Remember for session" box will be checked by
default, since circulation rules are not computed during offline
transactions and therefore a due date must be specified by the
librarian).
9. Scan an item barcode (if you did not set a due date, it will prompt
you) to check the item out to the patron.
10. If a patron has a fine you can see the total amount (current to when
the offline module was synced), and record a payment. Unlike when in
online mode, there will be no breakdown of what item(s) fines are
for, and you will only be able to record the payment amount and not
associate it with a particular item.
Part 3: While connected to the Internet
11. Click the "Synchronize" link and choose "Upload transactions" to
upload the transactions recorded during the offline circulation
session.
12. Navigate to /cgi-bin/koha/offline_circ/list.pl (there will be a
link from the Offline circulation page) and review the
transactions, as described in the documentation for the Firefox
Offline circulation plugin:
http://wiki.koha-community.org/wiki/Offline_circulation_firefox_plugin
RM note: the IndexedDB jQuery plugin bundled with this patch is
copyright 2012 by Parashuram Narasimhan and other contributors and is
licensed under the MIT license. The home page for the plugin is
http://nparashuram.com/jquery-indexeddb/.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Works very well, no koha-qa errors
Test with Firefox 24.0
1) did some checkouts pre sync
2) synchronize database (Download)
3) go offline
4) Proceed to checkin some items from patron
5) Proceed to checkout items to patrons, setting date
6) Proceed to checkout to expired patron, warning appears
7) go online
8) Upload records
9) go to review transacctions and proceed
10) verified on patrons that checkin/out are done
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
