The SQL call in displayServers was not using placeholders, leaving itself open
to potential SQL injection attacks. I've rewritten it to use placeholders.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch removes Image::Magick as a dependency and replaces it with
the (much) lighter GD. Functionality of patronimage code has not changed with
this conversion.
Adding errorhandling for corrupted image file and link to return to moremember.pl when called from there
Added notes about supported image mime types.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
C4::Koha::get_itemtypeinfos_of was not using plceholders, opening itself up to
potential SQL injection attacks. This patch refactors it to use placeholders to
bind parameters.
I also had to extend C4::koha::get_infos_of to allow us to pass bind parameters into it.
I'm including a test module for C4::Koha::get_itemtypeinfos_of.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch corrects what appears to me to be a few defficiencies in the documentation
for C4::items::GetItemsForInventory. I noticed them while writing test methods for this sub.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The SQL in C4::Items::GetItemsForInventory wasn't using placeholders and
bind parameters, possibly leaving itself open ot SQL injection attacks. This
patch changes that.
I've also incliuded a test module for C4::items::GetItemsForInventory.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This checks that the enrolmentfee for a category both exists, and is greater than 0, avoiding a spurious charge.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Support multiple timezones via Apache SetEnv. See the perldoc for
admin/env_tz_test.pl on how to configure and test. Minimal changes
to Context itself.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
1. restores a check to itemtype.notforloan to set the norequests flag
2. changes improper boolean OR with AND for checking conditions of setting norequests
3. displays 'Not for loan' for item-level itypes when the itemtype is set to notforloan
4. restores items.notforloan values < 0 allowing holds (ordered items for instance)
We still need a notforhold flag set at the itemtype, and items level
&NewOrder did not save the branchcode posted with a new order. This patch adds that param.
Added code to select the branch the order is for in the branch dropdown list on
acqui/orderreceive.pl
Updating POD and tests
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
It appears that Perl 5.10 does not like ${@$foo}[0] but rather wants $foo->[0]
The latter is also much more readable. This patch makes the change.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
C4::Context->preference was not using placeholders and was potentially vulnerable to
a SQL injectin attack. This patch refactors the method to use placeholders.
Added some tests for C4::Context.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Adding code to refresh "Lists" button lists display in OPAC masthead.inc
Adding javascript to force refresh of parent window to update "Lists" button menu
Adding query limits and ability to specify row count and offset in queries related to Virtualshelves.
Also added the ability to return total record counts for specified virtualshelves.
Adding C4::VirtualShelves::GetRecentShelves which returns a list of the most recently modified shelves for
a given set of parameters. This allows the user to be offered active private and open lists to add books
to in drop down menus while also allowing drop down menus to be limited to a reasonable length.
This also limits the shelves stored in the user's session to a fixed number. A further enhancement might
be to add a syspref to enable a staff member to define the limit. Currently it is hardcoded at 10 per
list type (private/public-open).
Adding pagination to list/shelf related screens
Moving refresh shelves code into C4::VirtualShelves::RefreshShelvesSummary and tidying up a bit
Correcting several inconsistancies in the shelves templates as well as handling shelf management on
the intranet side correctly.
Correcting "Add To:" drop-down list to show only lists the patron has permission to add to
Correcting a few C4::VirtualShelves::GetShelvesSummary API calls
Modifications for template consistancy
Breaking up a 1367 char line of javascript in opac-results.tmpl
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Edit functions here are limited to renaming and changing the type. No one can view
a list except the list owner unless it is public.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Added error catching for bad user input on number of days. I.E., if you
try to filter by "bAd", you now get an error message prompting for valid
digits. Also I updated highlighting to use loop_context_vars.
Fixed filtering to work on either days, vendor or both. Previously, if
you selected a number of days, you had to select a vendor or else got
empty results. DOCUMENTATION NOTE: this supplies the expected behavior,
so specifying vendor is no longer required.
Changed filters form to GET method.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This makes C4::Circulation::AddRenewal update lastreneweddate, then has circulation.pl check today's date against issuedate or lastreneweddate. It also cl
eans up a little parenthesis spacing.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
patch to C4::Members::ModMember to prevent it from deleting the dateofbirth field when none is supplied.
I also added a KohaTest::random_date method to help generate randomish dates for the test suite.
Added some tests for Member::ModMember. This is an easy method to test, and this bug shows that it
could use some closer examiniation.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
A valid test of this patch is this command:
perl -MC4::Output -e 'print pagination_bar("my/script?query=foobar",5,2,"page"),"\n";'
The output before patch begins:
<a href="my/script?query=foobar?page=1" rel="start"><<</a>
and AFTER patch:
<a href="my/script?query=foobar&page=1" rel="start"><<</a>
The double "?" in QUERY_STRING are now avoided.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
C4::Search::SimpleSearch was alredy patched to let you pass in the number of results you want back.
These instances were not using the new API. This patch makes all calls to SimpleSearch specify a limit.
I improved the documentation of SimpleSearch a bit to include the third returned value.
I believe there's a bug in C4::Output::pagination_bar, in that it doesn't deal well with URLs
with only one pair of parameter=value passed to it. I'm getting around this by passing in a second
pair that does nothing.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The C4::Date module is deprecated. It is also no longer used anywhere in Koha.
This patch removes it and the associated tests.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
running misc/cronjobs/overdue_notices.pl with warnings on has uncovered some warnings in
C4::Members. This patch eliminates them.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch adds the misc/cronjobs/overdue_notices.pl script that is intended to replace
overduenotices.pl, overduenotices-30.pl and overduenotices-csv.pl. It adds messages to
the message_queue to be sent later (by process_message_queue.pl). It also marks borrowers
as debarred if their issues become too overdue.
It is intended to be run from cron nightly with usage something like:
0 2 * * * misc/cronjobs/overdue_notices.pl
C4::Members:
- improved documentation on ModMember
- made ModMember return a useful value (the return value of the database call)
- added a DebarMember method
- adding t/lib/KohaTest/Members/DebarMember.pm to test ModMember
misc/cronjobs/overdue_notices.pl
- designed to replace overduenotices.pl, overduenotices-30.pl, and overduenotice-csv
Changes to C4::Letters:
- EnqueueLetter now lets you pass in to_address and from_address which can override defaults
- _send_message_by_email pays attention to these defaults.
- now handles attachments with MIME::Lite
C4::Overdues
- added GetBranchcodesWithOverdueRules
- added t/lib/KohaTest/Overdues/GerBranchcodesWithOverdueRules.pm to test that.
circ/overdue.pl
- replaced call to obsolete overduenotices-csv.pl with call to overdue_notices.pl
KohaTest:
- added three helper methods: random_phone, random_email, random_ip
- these can be used to populate example records
- you can now pass an optional lengh to random_string
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
When generating the display form of a heading that
happens to (invalidly) have a regular expression
metacharacter as a subfield label, do not crash.
An example of such a heading field is:
<datafield tag="650" ind1=" " ind2="0">
<subfield code="a">Dalziel, Andrew (Fictitious character</subfield>
<subfield code=")">xFiction.</subfield>
</datafield>
The error message associated with the crash is:
Unmatched ) in regex; marked by <-- HERE in m/) <-- HERE / at
/home/koha-pro/kohaclone/C4/Heading/MARC21.pm line 220.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
I wrapped the use of the SMS::Send module in an eval to make failures graceful if it
is not present.
I also fixed an error with the number of tests in the SMS::Send tests.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This code is intended to replace current value_builder code in 3.2, but
it does not affect it directly (yet) and is safe to include in 3.0.
This structure will be used to handle more complicated formats, like those
with checkdigits. Please note that "incremental" format is still STRONGLY
recommended because it will always perform the best, and most flexibly.
The desire to include other information (like branchcode) should compel
the proper use of the barcode generator to print the info ON the barcode,
not IN the barcode.
One of the nicer features of this structure is that you are able to
create a new barcode (of the same type) based on any previous Barcodes object.
That means you can create an array of 51 consecutive barcodes like:
my $x = C4::Barcodes->new('annual'); # for example
my @set = ($x);
for (1..50) {
push @set, $x=$x->new;
}
Importantly, this can happen without referencing the database after the
first constructor.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
