Same as previously.
For these files it's a bit less obvious.
To make sure these changes won't introduce any regression, check that
the variable returned by GetMember is never used to get something
else than a borrower fields.
The 'flags' should not be get neither.
For opac-user.tt it's different, other keys are got but there are defined
in the pl script.
On the way:
- 'showname' is removed (never used)
- fix scope var issue in opac-user.tt (BORROWER_INF.OPACPatronDetails vs
OPACPatronDetails)
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This subroutine does a lot a processing and should only be called when
necessary.
In the get_template_and_user subroutine (so called from any pages of
Koha), it is call to pass the branchcode, title, firstname, surname and
borrowernumber values for the logged in user.
This subroutine calls GetMemberAccountRecords which retrieve the items
infos for all accountlines entries of the logged in user.
On members/members.pl, let's say you have 74 entries in the accountlines
tables, the page will execute 115 SELECT instead of 35 if you don't have any
accountlines entries.
With this patch, the number of SELECT is always 31.
To test this patch you should have technical skills to know what to do.
Note that USER_INFO was an array of... 1 element. Now it's a hashref.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch set makes the default circ rules and notices/slips to edit
the logged in branch, if one is set.
Test Plan:
1) Apply this patch
2) Log into staff side, and set your library
3) Browse to Administration/Circulation and fines rules
4) Note the rule set selected is for your library
5) Select "All libraries"
6) Note the rule set selected is for "All libraries"
7) Browse to Toos/Notices & slips
8) Note the notice set selected is for your library
9) Select "All libraries"
10) Not the rule set selected is for "All libraries"
11) Click "New Notice"
12) Note the Library field is set to "All libraries"
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes QA script and tests.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Admin -> Transport cost matrix
2) Notice the warns in the error log
3) Apply the patch and refresh page
4) Notice page still works but no warns in error log
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended patch: Init a $op variable, if it must be reused later.
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
If no value for 'no renewal before' is specified, automatic renewal now
falls back on the due date. Also 'no renewal before' can now be zero, so
both automatic and manual renewals can be delayed until due date.
Test plan:
1) Create some circulation rules with different settings for 'No renewal
before' and 'Automatic renewal'. Both daily and hourly loans should
work.
2) Try to renew both manually and automatically before and after a renewal
should be possible. You can run misc/cronjobs/automatic_renewals.pl for
automatic renewal.
3) Confirm that:
* Both automatic and manual renewal with 'No renewal before' set
to 0 do not happen before the due date (exact DateTime).
* Manual renewal with 'No renewal before' set to undef (enter empty
string) is unrestricted.
* Automatic renewal with 'No renewal before' set to undef does not
happen before the due date.
Sponsored-by: Hochschule für Gesundheit (hsg), Germany
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The reason the budget_period_id was not defined was because in
two cases it was not passed! This patch adds those missing
parameters. And as a result, cuts out the attempt to default the
authcat to '' unless the budget_period_id is defined.
Additionally, the start and end months don't seem to be passed,
so rather than have it blow up, checking them forces the else
case logic.
budget_period_id is the budget id. If you have two budgets,
you can craft a URL to work with budget_period_id matching
those two ids. Anything else should trigger the new error which
was modified to reflect more of what the problem is.
Follow the test plan in comment #6. Feel free to also to attempt
crafting URLs and triggering errors.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Well, works and does not explode any more
No errors
To trigger the new message simply put /cgi-bin/koha/admin/aqplan.pl
on your staff page, an intriguing 'Planning for by Asort1' appears :)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
TEST PLAN
---------
0) Back up your database.
1) In mysql client:
> DROP DATABASE {your koha database name};
> CREATE DATABASE {your koha database name};
> QUIT;
2) Go to the staff client, and install all the default
and optional things -- except patrons. :)
3) Log into staff client.
4) Create a patron -> New Patron -> Staff
5) Enter data and Save
6) More -> Set Permissions
7) Make superlibrarian
8) Log out
9) Log in as new superlibrarian
10) Acquisitions -> Budgets -> New Budget
11) Enter a non-active budget with some funds.
-- Once saved, it should list in the inactive budgets.
12) Click on the name.
13) Click on one of the Planning submenu options.
14) Click the 'Submit' button in the Filter area.
-- This should trigger the blow up.
15) Apply the patch
16) Repeat steps 12-15
-- The kaboom is avoided and a nice message given.
NOTE: This does not solve all the problems in this ugly, ugly
module area. It does solve the one thing it is meant to:
that nasty kaboom.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Find another place where there is a patron search (add user to a basket,
add users to a fund or edit owner of a fund, set a guarantor to a child,
etc.).
Do a search a confirm that the results are now sorted by name instead of
cardnumber.
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Add/edit/remove patron categories from the administration module
(admin/categories.pl).
You should get message feedback after each action.
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Operations in admin/category is unchanged, and functionnal
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the variable name to avoid a double-up that made it
impossible to turn off the sounds in general. If AudioAlerts
are turned off, they will only work on the audio administration
page now so you can set up and test the different sounds there.
Also fixes a little typo in the help file.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch set replaces and extends Koha's current sound options.
This is implemented be removing the existing sound system, and
re-engineering using a table of selector/sound combinations such that
the highest precedence selector that is found in the DOM will trigger
and audio alert. The existing audio behaviors are implemented as a set
of default audio alerts.
Test Plan:
1) Apply this patch set
2) Run updatedatabase.pl
3) Enable the AudioAlerts system preference
4) Test existing sounds
5) Enter the new alerts editor in the admin section
6) Add a new audo alert with the following selector:
"body:contains('Check in message')",
choose any sound alert you wish, make sure it's not one of the 3
sounds already used! Make this selector precedence 1
4) Browse to the checkins page, you should hear the default sound
5) Attempt to return an invalid barcode, you should hear your custom sound!
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
This has been introduced by bug 14949, recently pushed.
So I don't think we need to update the DB, only devs will face this
problem.
The hardduedate was inserted as 0000-00-00 because was en empty string.
To be inserted as NULL, the value should be undef.
Test plan:
0/ Don't apply this patch
1/ Edit a circ rules and don't fill the hard due date
2/ Look at the DB, the value is 0000-00-00
3/ Apply this patch and confirm that the value is now NULL
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Confirmed
+--------------+----------+-------------+
| categorycode | itemtype | hardduedate |
+--------------+----------+-------------+
| * | * | NULL |
+--------------+----------+-------------+
No koha-qa errors
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds loading of hideinopac and searchgroup
when showing/editing itemtypes
To test:
1) Put some values in ITEMTYPCAT auth value
2) Edit an item type, select a value for
search category & check 'Hide in OPAC'
Save
3) Results do no show on list of item types
4) Edit same item type, values are default/empty
5) Apply the patch
6) Edit again, change again, save
Now values shows in list
7) Edit again, values are now correct
Values were saved on db, but not loaded from it
How this happen?
Side note: searching for searchcategory I found
installer/data/mysql/kohastructure.sql: searchcategory varchar(80) default NULL, -- Group this item type with others w
installer/data/mysql/updatedatabase.pl: ADD searchcategory VARCHAR(20) DEFAULT NULL
Its varchar(80) in kohastructure and varchar(20) in updatedatabase
We need more eyes :)
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
- Avoid 1 call to dt_from_string in some cases
- Do not use $_
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Go to Home > Acquisitions, search for an active vendor and view the vendor
- Click on 'Contracts' at the left
(admin/aqcontract.pl)
- Create and edit contracts and verify that it works OK.
(Note: there is no help for this page, see Bug 14929)
Amended for comment #7 25.10.2015 / mv
Signed-off-by: Jesse Weaver <pianohacker@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes C4::Dates from:
- admin/aqbudgets.pl
- admin/aqplan.pl
- admin/aqcontract.pl
To test:
- Apply patch
- Go to Home > Adminstration > Budgets > All funds
(admin/aqbudgets.pl)
- Verify that everything displays as before
- Edit one of the funds and click on 'Planning - Plan by months'
(admin/aqplan.pl)
- Verify that planning works as before
- Go to Home > Acquisitions, search for an active vendor and view the vendor
- Click on 'Contracts' at the left
(admin/aqcontract.pl)
- Create and edit contracts and verify that it works OK.
(Note: there is no help for this page, see Bug 14929)
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised. Tested with dateformat syspref
Dates in planning by months not needed to be on iso format, aqplan.pl
uses instead Date::Calc
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
1/ update the Schema (misc/devel/update_dbix_class_files.pl)
2/ Translate templates for some languages (es-DE, de-DE for instance)
3/ Enable them in the pref (search for 'lang') for the staff interface
4/ Go on the item type admin page (admin/itemtypes.pl)
5/ Edit one
6/ Click on the 'translate for other languages' link
7/ You are now on the interface to translate the item type's description
in the languages you want. So translate some :)
8/ Go back on the item type list view (admin/itemtypes.pl)
9/ You should see the original description (non translated)
10/ Switch the language
11/ You should see the translated description in the correct language.
If the description is non translated, the original description is
displayed.
12/ On the different page where the item type is displayed, confirm that
the translated description appears.
Think further / Todo:
1/ Update all occurrences of the item type's description (DONE)
2/ Implement for authorised values
3/ Implement for syspref value (at least textarea)
4/ Implement for branch names
5/ Centralize all the translation on a single page in the admin area
...
N/ Implement a webservice to centralize all the translations and give
the ability to sync the item types/authorised values description with
the rest of the world (push and pull).
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes a remaining C4::Dates from admin/categroie.pl and fixes
the display of "Enrollment period" on the confirmation screen for deleting.
To verify and test pls. refer to comments #5 and #6
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch fixes the regresseion as described in comment #3
To test:
- Go on smart-rules.pl and edit a line. Do not define a Hard due date, save.
The value is "None defined".
- Edit the line, do not change anything and save.
The value should be "None defined"
- Edit the line, define a hard due date, save.
The date should display as expected.
- Edit the line agein, remove the hard due date, save.
The value should be "None defined"
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug to remove C4::Dates from
- admin/smart-rules.pl
- admin/categorie.pl
To test:
- Apply patch
- Go to Home > Administration > Circulation and fine rules (smart-rules.pl)
- Edit or add a rule
- Verify that 'Hard due date' displays and saves fine
- Go to Home > Administration > Patron categories
- Edit or add a category
- Verify that 'Until date' displays and saves fine
Note: The date picker does not warn about wrong date formats as e.g. while
editing patrons, but that is not in the scope of this bug
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Right now, Koha only charges fines at the end of a given charge period.
For example, let us assume a circulation rule has a charge period of one
week ( 7 days ) and a fine of $5. This means that an item can be overdue
for 6 days without accruing a fine. Koha should allow circulation rules
to be configured to place the charge at the start of the end of the
charge period so the library can decide when the fine should accrue.
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) prove t/db_dependent/Circulation_Issuingrule.t
4) prove t/db_dependent/Circulation.t
5) prove t/db_dependent/Fines.t
6) Ensure you can still create/edit circulation rules
Edit: I removed the DBIx changes after a couple minutes fighting with them.
Will regenerate as usual in a RM followup / Tomas
Signed-off-by: Daniel Grobani <dgrobani@samuelmerritt.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
- "Item" and not "Document" is the word used throughout Koha.
- Moved the updates to an atomic update
- changed searchcategory from varchar(20) to (80)
- cleanup
This allows to group certain item types in a category, to be displayed (and searched) as such in OPAC's advanced search. For example, you can group Reserve 2h and Reserve 12h into a Reserve category. The 2 and 12h types won't appear anymore.
This also allows to simply prevent an item type from displaying as a search option.
TEST PLAN
------------------
0) Back up database, so you can reset and retest easily. ;)
1) Apply the patch
2) Run Koha QA tool.
3) prove -v t/db_dependent/Koha.t
-- all tests should pass.
4) run ./installer/data/mysql/updatedatabase.pl to add the
two columns to itemtypes
-- Does a meaningful message get printed?
Are the columns added?
"DESCRIBE itemtypes;" should list hideinopac and searchcategory.
5) You need to add a category to group your item types:
a) In Intranet/Koha Admin/Authorized values,
select DOCTYPECAT in the 'Show category:' dropdown
i) If you do not have a DOCTYPECAT category, create one.
b) Click button "New authorized value for DOCTYPECAT"
c) Enter
Authorized value: HARDWARE
Description : Hardware
Description (OPAC): Hardware
6) Group your items under that new category
a) In Intranet/Koha Admin/Item types, choose (at least)
two item types and for each:
- Click action/Edit on the right column
- Third row (below Description) is the Search category list box, select Hardware
- click Save changes at the bottom
7) Select at least one item to be hidden in the OPAC search
a) In Intranet/Koha Admin/Item types (again), choose a different item type:
- Click action/Edit
- Click the checkbox "Hide in OPAC" below the list of icons.
8) Go test your modifications
a) Go to OPAC/Adv search.
b) Validate that all items modified above (hidden or grouped) do not appear in Item type list
c) Validate that new item type Hardware does appear instead.
d) Select item Hardware, start Search.
) Validate returned items are the of the two types that were grouped into the Hardware category in step 4.
Sponsored-by: Vanier college
Signed-off-by: Nick <nick@quecheelibrary.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Now we have packages, we need use them in the pl script.
Test plan:
Verify there are no regression on addind/editing/deleting authorised
values.
Done forget to test the branch limitation.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 9481 added the "Fine" columns to the checkouts table and bug 13492
added the columns settings to these table.
They overlapped each others in the bugs queue.
Test plan:
Confirm that you are able to hide/show the "Fine" columns on both
checkouts table.
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds the new fields maxonsiteissueqty as a copy of the
existing maxissueqty field.
There is no brainy code here, it only adds the ability to fill the new
field from the admin interface (admin/smart-rules.pl).
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Add/edit/remove cities from the administration module
(admin/cities.pl).
You should get message feedback after each action.
Tested both patches together, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Per a conversation with Jonathan Druart, add all columns that could be
reasonably mapped, and order them the same as in kohastructure.sql.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This patch adds the table of items on additem.pl to the columns
customizer.
Test plan:
1. Open item editor on a record, and verify that all columns are visible.
2. Apply patch.
3. Reload editor, and verify that column visibility hasn't changed.
4. Open "Hide/show columns," and verify that you can add and remove
columns.
5. Change the visibility and togglability of some columns in
columns_settings.pl, and verify that these correctly apply to
additem.pl.
NOTE: The columns that are configurable are selected from the non-hidden
columns that have mappings to MARC subfields in the default MARC21
framework (and can thus be displayed in the item editor).
Signed-off-by: Jenny Schmidt <jschmidt@switchinc.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
A patch from bug 11714 removes 'budget_name_indent', which was useless.
The script and the template should use the budget_name value.
Note that this patch impacts the CSV export, which does not work, so it cannot be
tested.
Test plan:
Edit a fund and click on one of the Planning value (by months, etc.)
The "Fund name" column should be correctly populated with the fund
names.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
On creating an item type, if it already exists, it will replace the
existing one.
This patch prevent that and display a message to the interface.
Note: The fields are lost.
Test plan:
1/ Create an item type 'AAA', description 'AAA'
2/ Edit it, update the description with 'BBB'
3/ Create an item type 'AAA' with a description 'CCC' => you should get
a warning "already exists".
Works well, no errors
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Warning message is triggered.
Adding, editing and deleting item types still works.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds the ability to use a WYSIWYG editor for system preferences.
The key files that I touch are:
1) admin/systempreferences.pl
2) koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences.tt
3) koha-tmpl/intranet-tmpl/prog/en/modules/admin/systempreferences.tt
I also add:
4) koha-tmpl/intranet-tmpl/prog/en/includes/wysiwyg-systempreferences.inc
and
5) koha-tmpl/intranet-tmpl/lib/tiny_mce/plugins/advimage
This plugin is part of the TinyMCE distribution. It used to be in Koha, but
then someone removed it. It's useful for preferences like "opacheader" though.
*If you're using anything except IE, this should work super well. If
you're using IE, it'll probably only work for keyboard input and dragging
text within the editor box but not from outside of it. IE has worse
security, so you can probably paste using the context menu paste.
*While I think a WYSIWYG editor can be useful, there might be times
where the content is displayed differently than it is in the editor
because of higher level CSS and Javascript.
Signed-off-by: Martin Persson <xarragon@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch make inactive vendors really inactive.
That means an inactive vendor would not be able to add a basket / add an order.
Revised test plan
=================
1/ In the acquisition module create 2 vendors: 1 active and 1 inactive.
2/ On the acqui/booksellers.pl, acqui/uncertainprice.pl,
admin/aqcontract.pl and acqui/supplier.pl (pages which include the
acq toolbar), you should be able to, for both the 'active' as well
as the inactive vendor :
(a) add new basket
(b) add order items to the basket
Remark: This is *wrong*. You should be able to do so only for active
vendor.
3/ Apply the patch
4/ Go to the links in step #2 above and select the inactive vendor
you should no longer be able to:
(a) add new basket
(b) add order items to the basket
Remark: This is the *correct* behaviour
5/ No change should be noted for vendor marked "active", and should
be able to undertake operations 4 (a), 4 (b) and 4 (c).
Remark: This is the *correct* behaviour.
6/ run koha qa tests tool
Bug 12054: (follow-up) Inactive vendors should be inactive
Don't display "add order""block and buttons if the vendor is inactive.
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This patch fixes a SQL injection vulnerability in the local use
system preferences.
_TEST PLAN_
Before applying:
1) Go to Global System Preferences
2) Click on the "Local use" tab
3) Add a new preference with the value "') or '1' = '1' -- "
(be sure to include the space at the end after the comment --).
4) When the page refreshes, you should now see about 99 other system
preferences which shouldn't be showing up.
5) Apply the patch
6) Refresh the page
7) Note that you now only see a system preference for "') or '1' = '1' -- "
and the other actual local use system preferences.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Happily this was only used for intranetdir.
It's time to remove it and replace existing calls.
I used the following commands to catch calls to C4::Context:
git grep 'C4::Context\->' | grep -v 'C4::Context->preference' | grep -v
'C4::Context->config' | grep -v 'C4::Context->userenv' | grep -v
'C4::Context->IsSuperLibrarian' | grep -v 'C4::Context->dbh' | grep -v
'C4::Context->set_preference' | grep -v '_syspref_cache' | grep -v
_userenv | grep -v 'C4::Context->interface' | grep -v
'C4::Context->Zconn' | grep -v 'C4::Context->queryparser' | grep -v
'C4::Context->tz' | grep -v 'C4::Context->boolean_preference' | grep -v
'C4::Context->memcached'
NOTE: I applied 14428, and then did what I suggested in comment #2.
Only intranetdir references appeared.
I applied this patch, and repeated.
Nothing appeared. This means the autoload references are
properly removed.
koha qa test tools complained about whitespace, I just fixed
those. Though, we may wish to perltidy
auth_fields_substructure.pl on another bug.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Jonathan Druart agreed that C4::Input is vestigial code that should be removed.
Here is how I checked. First I found where C4::Input was used. Then, I checked
what functions are in the package: just checkdigit. Then, I confirmed that
checkdigit is not used at all in any acquisition, administration, or member
related perl scripts. Lastly, I took a look at our supposed test file for the
package. It was painfully sparse.
As such, this patch removes the test file and the package file, and removes
C4::Input references from these six files:
- acqui/addorderiso2709.pl
- acqui/basketgroup.pl
- acqui/neworderempty.pl
- acqui/uncertainprice.pl
- admin/aqplan.pl
- members/memberentry.pl
NOTE: neworderempty had 3 lines of it?! Didn't anyone see that?!
Here is the output of what I did to confirm this correction:
mtompset@debian:~/kohaclone$ git reset --hard origin/master
HEAD is now at 6e9086f Bug 3206: (QA followup) missing comma on sysprefs.sql
mtompset@debian:~/kohaclone$ git grep C4::Input
C4/Input.pm:package C4::Input; #assumes C4/Input
C4/Input.pm:C4::Input - Miscellaneous sanity checks
C4/Input.pm: use C4::Input;
acqui/addorderiso2709.pl:use C4::Input;
acqui/basketgroup.pl:use C4::Input;
acqui/neworderempty.pl:use C4::Input;
acqui/neworderempty.pl:use C4::Input;
acqui/neworderempty.pl:use C4::Input;
acqui/uncertainprice.pl:use C4::Input;
admin/aqplan.pl:use C4::Input;
members/memberentry.pl:use C4::Input;
t/Input.t: use_ok('C4::Input');
mtompset@debian:~/kohaclone$ grep sub C4/Input.pm
sub checkdigit ($;$) {
my $temp2 = substr($infl,$i,1);
if ($rem eq substr($infl,8,1)) {
} # sub checkdigit
mtompset@debian:~/kohaclone$ grep checkdigit `find acqui -type f`
mtompset@debian:~/kohaclone$ grep checkdigit `find admin -type f`
mtompset@debian:~/kohaclone$ grep checkdigit `find members -type f`
mtompset@debian:~/kohaclone$ cat t/Input.t
use strict;
use warnings;
use Test::More tests => 1;
BEGIN {
use_ok('C4::Input');
}
Apply this patch, and the output of git grep C4::Input will be empty.
Run koha qa test tools (kind of overkill)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The category type was always set to 'searchdomain', because it's the
first of the dropdown list.
Test plan:
1/ Create or edit a library group
2/ Set the category type to "properties"
3/ Edit it again
4/ Confirm "properties" is correctly selected
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Most of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The problem with the odd number of hashes happens when not everything is selected.
The grep returns undef, because it isn't found in @values.
By turning the grep into a ternary-operator truth value, we can set a value (1 or 0) expressly.
The next problem is when nothing is selected in these multiple lists, $value is
undefined, so you can't split it. By splitting the definition of @values from
the actual splitting, we can split only if $value is defined, thus eliminating the
warning message.
TEST PLAN
---------
1) back up your koha error log file
2) blank your koha error log file
3) log in to the staff client
4) Home -> Koha administration -> Global system preferences
5) Click on every tab, EXCEPT local use.
6) notice the koha error log file has warnings.
7) blank the koha error log file again
8) apply this patch
9) Click on every tab, EXCEPT local use, again.
10) notice the koha error log file has no warnings.
11) koha qa test tools.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
I like more this version
Works as described
No koha-qa errors
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
To reproduce: go on the OPAC tab, OpacAdvSearchMoreOptions or
OpacAdvSearchOptions should not have all options selected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The default authority type cannot be defined.
The authtypecode is en empty string and the tests should be done on
"defined", not "exist".
Test plan:
Edit the default authority type, save it.
Note: There is no way to create an authority with an empty string, with
you deleted you won't be able to recreate it.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The code was just badly placed.
It should be executed on update but also on insert.
Test plan:
1/ Create a new patron category and select 1+ branch limitations
2/ Confirm it's correctly saved
3/ Edit it and change the branch limitations
4/ Confirm it's correctly saved
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Not a C4 or Koha library, so tests not required. Though,
this code could be cleaned up and have the DB stuff put
into some sort of library with tests to prevent regression.
However, that dream is beyond the scope of this bug.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
