Commit graph

16 commits

Author SHA1 Message Date
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
9b9803b69c Bug 15758: Koha::Libraries - Remove GetBranchesLoop
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 14:36:02 +00:00
99acd38edb Bug 14902 - Add qualifier menu to staff side "Search the Catalog"
To test:
1 - Apply patch and update dabase
2 - Check that Search the Catalog links throughout the staff interface
have not changed
3 - Set "IntranetCatalogSearchPulldown" to 'Show'
4 - Verify that 'Search the catalog' links through staff client now have
a dropdwon to  select search index

I think viewing one file each that includes updated header should be
sufficient, but please check as many as you can:

cgi-bin/koha/admin/aqbudgetperiods.pl
cgi-bin/koha/admin/admin-home.pl
cgi-bin/koha/cataloguing/addbooks.pl
cgi-bin/koha/circ/returns.pl
cgi-bin/koha/circ/circulation-home.pl
cgi-bin/koha/admin/cities.pl
cgi-bin/koha/admin/aqcontract.pl
cgi-bin/koha/admin/currency.pl
cgi-bin/koha/mainpage.pl
cgi-bin/koha/tools/letter.pl
cgi-bin/koha/members/members-home.pl
cgi-bin/koha/admin/categories.pl
cgi-bin/koha/admin/preferences.pl
cgi-bin/koha/admin/printers.pl
cgi-bin/koha/serials/serials-home.pl
cgi-bin/koha/acqui/newordersuggestion.pl
cgi-bin/koha/admin/z3950servers.pl

Sponsored by:
  Northeast Kansas Library System (http://nekls.org/)

Signed-off-by: Heather Braum <hbraum@nekls.org>

Signed-off-by: Barton Chittenden <barton@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 13:57:59 +00:00
6524e6d957 Bug 16549 - Remove the use of "onclick" from header search forms
This patch removes the use of "onclick" from all header search forms for
the purpose of triggering the "keep_text" function. This behavior is now
handled in the globally-included JS file.

To test, apply the patch and clear your cache if necessary.

- Enter text in any header search form field. Click to each other tab
  in the header and confirm that your text is copied to each.
- Test the behavior of the header search form on at least one page where
  each is included:

  - The staff client home page
  - The advanced search page
  - The authorities home page
  - The administration home page
  - The cataloging home page
  - The checkin page
  - The circulation home page
  - The patrons home page
  - Acquisitions -> Vendor -> Contracts
  - Administration -> Cities
  - Administration -> Currencies and exchange rates
  - Administration -> Patron categories
  - Administration -> Printers (why is this page still around?)
  - Administration -> System preferences
  - Administration -> Z39.50/SRU servers
  - Tools -> Notices & slips

This patch modifies does not fix the existing (unreported) bug which
prevents the keep text function from working in the include file used on
these pages:

  - Acquisitions -> Vendor -> Basket -> New order from suggestion
  - Administration -> Budgets
  - The serials home page

Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 13:48:24 +00:00
Aleisha
f4bcd98d9a Bug 15706: Changing to circulate_remaining_permissions
I have only changed this in the includes for the tabs at the top.
Dependent on Bug 12051 as that patch adds extra tabs to the top which would need to be changed later

To test:
1) Apply Bug 12051 first, then this patch
2) Ensure that Check Out/Check In/Renew tabs still work as they should
3) Check patch for errors or pages I've missed

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-02-23 22:38:46 +00:00
Eivin Giske Skaaren
c656cff676 Bug 14189: Made text persist when clicking the tabs under the searchbox
To test:
Apply the patch and see that the text now is there in the search
box when clicking the tabs: check in, check out etc..

(More files changed for persistent text in searchbox)

Sponsored-by: Halland County Library

Signed-off-by: Magnus Enger <magnus@enger.priv.no>
This is something I have wanted quite a few times over the years...

Tested by going to every main area of Koha, entering some random
text into the search box and then clicking on all the available tabs
to check that the entered text is carried over to all the boxes.

There are a couple of places where text is not carried over, but I
guess that might be because one of the boxes is structurally
different to the others. These are:
- "Vendor search" and "Orders search" in Acquisitions
- "Search subscriptions" in Serials

I have not looked at how this is implemented, just that it works as
it should.

Bug 14189 refactor after failed QA.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Amended patch: replace tabs with spaces

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-07-07 15:37:11 -03:00
90b13b00c3 Bug 8522 - Markup errors cause problems with customized CSS
Some includes and templates contained duplicate "header" ids in
the markup. The problem should have come up in routine page
validation, but was obvious when custom CSS was applied.

To test, load any of the affected pages and validate the
generated HTML. There should be no errors about 'ID "header"
already defined." Or, add custom CSS to intranetusercss:

...and confirm that only the topmost menu background is affected.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-31 18:42:04 +02:00
68b30468c3 Bug 8143 [REVISED] Upgrade jQuery tabs to current jQueryUI version
Current jQuery-driven tabs are done using a very old
version of the tabs plugin. This patch upgrades jQueryUI
to the latest version and adds the tabs widget dependency
to the jqueryui js file and updates the syntax for existing
tabs:

- $("#foo > ul").tabs(); changes to $("#foo").tabs();
- Remove full URL from tab links (use #anchor only).

Pages with "static" tabs (tabs which are built in the
markup rather than generated by the plugin) have been
modified to use their own style. Examples: pay.tt in
the staff client and opac-readingrecord.tt in the OPAC.

Edit: Minor revision to some uncorrected markup

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-10 15:22:58 +02:00
ef0cf7b9a6 Bug 7747 - Replace YUI autocomplete with jQueryUI
In order to facilitate a more painless process for converting
to jQueryUI I will submit separate patches for various "widgets,"
starting with Autocomplete.

This patch replaces all instances of YUI autocomplete with
a jQueryUI version. The patch includes an up-to-date version
of jQuery and jQueryUI libraries.

The patch also moves some markup in instances where it should
have been removed in favor of a different include.

To test, find the various autocomplete instances and confirm
that they are working:

 - Circulation search header autocomplete
 - Overdues patron attribute authorized value filter (must
   have patron attributes enabled, and a patron attribute
   defined which uses authorized values.
 - Authorities search plugin. Edit a MARC record and use
   an authorities plugin link to do a search for authority
   records.

Incomplete: There is a YUI autocomplete instance in a UNIMARC
plugin (unimarc_field_210c_bis.tt) which I couldn't figure out
how to test, even on a sandbox set up with UNIMARC. I could use
help with a follow-up.

http://bugs.koha-community.org/show_bug.cgi?id=7447
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Passes all tests outlined, is quite pretty.

Passes t xt

Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
2012-05-31 18:07:55 +02:00
Liz Rea
42a38e4a2a Bug 7998 - CSS fixes for new interface
Omnibus of changes thus far:

adds slight transparency for news so logo shows through on mainpage..
Fixes purple header gradient in Chrome-based browsers.
remove list from returns.tt options so checkboxes do not have bullets.
fix missing gradient class on returns.tt.
reverse colors of menu div - blue for inactive, grey for active.

turns searchheader blue, rounds corners, improves spacing for sort form.

Adds padding, rounded corners, and a 1px border to the now-blue toolbar.

increase width of intranet nav div to width 40%

add a bit of padding to #searchheader

fieldset.action changes - removed background, added a little padding to make it look better in all of the uses I could find of it.

Bug 7998 - followup - make facets header background blue

bug 7998 - followup - fixing headers on search.pl to be blue, rounded.

bug 7998 - followup - consistency tweaks

match menu borders to the search header tabs (green border)
hover menus a very light grey instead of #eee.
make fieldset.brief have a consistent border with the rest of the fieldsets.

bug 7998 - followup - more tabs/borders updating to fit in new look

boraccount.pl

bug 7998 - followup - add gradient div to prefs-admin-search.inc

Bug 7998 - Change toolbar to be lighter, with barely discernible border

Will need to be applied after the other patch.

Bug 7998 - add gradient to roadtype admin panel

Bug 7998 - adds gradient to patrons-admin-search.tt

Bug 7998 - add gradient to budgets-admin-search.inc

bug 7998 - add gradient to z3950-admin-search.inc

Bug 7998 - add gradient to cities-admin-search.inc

bug 7998 - active tab on checkout table now has green border like side menu

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-05-14 16:07:11 +02:00
Katrin Fischer
39e5477f56 Bug 3969: Budget search in acquisition doesn't work (string changes)
String changes:
- Correcting tab name from "Search budgets" to "Seach funds"
- Changing search option from "Name" to "Fund code"

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Strings look a-ok.
2012-05-07 21:42:34 +02:00
4800a515c5 Bug 2780 - Capitalize strings consistently (Budgets)
Correcting Budgets-related includes.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-04-04 17:51:27 +02:00
aab0d9fba2 Fix for Bug 6458 - incorrect parsing result in translation processing
Fixing improperly nested template logic inside HTML tags in
budgets admin search form.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-09-14 10:09:04 +12:00
Chris Cormack
5884fb1000 Bug 5917 : Swapping templates over 2011-04-10 20:38:30 +12:00
Nahuel ANGELINETTI
d399ff3494 [biblibre-newacq](bug #3611) fix user interface and others
This big patch, fix xhtml code, and user interface.
It Delete the term of budget period and use it as "Root Budget".
It add improvment on UI, adding tooltip, and table tree.
2009-09-30 11:30:34 +02:00
Paul Poulain
4ec7a86abe Budget management
* budget period management
* budget management (budgets lines are defined for a given budget period)

budget_owner_search is the popup to select a librarian as budget owner
2009-09-30 11:30:16 +02:00