Test:
1. Do not apply
2. eslint koha-tmpl/intranet-tmpl/prog/js/ajax.js
3. It should fail
4. ESLINT_USE_FLAT_CONFIG='false' eslint koha-tmpl/intranet-tmpl/prog/js/ajax.js
5. It should work
6. Apply patches
BZ38700 will conflict with BZ38149 on yarn.lock
solve conflict with
sudo yarn install --modules-folder /kohadevbox/node_modules
git bz apply --continue
git will only continue for 38700 and don't actually apply this (38167)
So retry
git bz apply 38167
Don't apply the dependecies are they are already there.
This time you're good :)
(the conflict can't be durably solved because 38770 need to be
applied independently or with BZ38149 depending on what other bug
needs to be tested :/ )
7. Restart KTD to have a clean state of dependencies and check that
provisionning still works.
8. ESLINT_USE_FLAT_CONFIG='false' eslint koha-tmpl/intranet-tmpl/prog/js/ajax.js
9. It should fail
10. eslint koha-tmpl/intranet-tmpl/prog/js/ajax.js
11. It should work
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Fix xt/js_tidy.t and xt/vue_tidy.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
And upgrade eslint-plugin-prettier
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan
1. Apply patch
2. Start KTD (to check that stuff is installed automatically)
3. Run this:
ESLINT_USE_FLAT_CONFIG='false' eslint koha-tmpl/intranet-tmpl/prog/js/ajax.js
4. You should see errors from prettier in addition to others
QA notes:
1. Run this:
yarn why eslint; yarn why prettier; yarn why eslint-config-prettier; yarn why eslint-plugin-prettier
2. See that the version are the latest from NPM website
3. See that they are in devDependencies
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
You need bug 38461 to run successfully this test.
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Yet another visibility bug fix for this specific table.
When the filters are displayed the table is destroyed and recreated.
We should not save the visibility changes made by DT and consider them
changes made by the user.
A temporary variable is used to store the user settings duringt this
action, then we restore them once it's done.
Test plan:
Go to the detail page of bibliographic record with items
Click on "show filters"
=> Only columns displayed should still be displayed
Retry but show/hide some columns before you display the filters
=> Only columns displayed should still be displayed
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
There are known bugs with Cypress trying to play with the clipboard, and
I don't manage to make the tests pass consistently (also tried realClick
from cypress-real-events)
Here I am suggesting to not click on the button, but simply retrieve the
url (which needs a bit of work in the existing code).
We don't test the "Copied!" tooltip and the behaviour of the button, but
at least the tests pass!
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
All this is weird.
I found this and implemented it:
https://stackoverflow.com/questions/69425289/javascript-prompt-cause-document-is-not-focused
It was still not enough to reduce the failures.
The wait and adding the focus to the window seems ok.
If I remove one of those 3 hacks, I still get failures...
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
No need to list all the objects, just retrieve the spec depending on the
"object" var we pass.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This change adds some double quotes where quotes were missing,
and replaces single quotes with double quotes, which prevents XSS.
Test plan:
0. Apply the patch
1. Create a subscription
2. Using the ID from the subscription, go to this page:
http://localhost:8081/cgi-bin/koha/serials/subscription-detail.pl?
print_routing_list_issue=1&subscriptionid=<SUBSCRIPTIONID>
3. Note that you're able to generate a print slip
(You may need to allow popups)
4. To check the security vulnerability is fixed, try the proof-of-concepts
attached to the bug report
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This change adds double quotes to some template strings where
quotes are missing all together or single quotes are used incorrectly.
Test plan:
0. Apply the patch
1. Go to http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=test
2. Click on "Gairm"
3. Use the search result navigation box to go to the next result
On the left of the page. Just bellow the breadcrumb and
left of the record title.
4. Note that everything loads correctly
5. To test that the security hole has been fixed, try some of the
proof-of-concept attacks provided for biblionumber and searchid
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Baptiste Wojtkowski <baptiste.wojtkowski@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This change prevents CSV Formula injection on DataTables exports
by escaping formula with a single quote prefix as per OWASP recommendations.
Test plan:
0. Apply patch
1. Go to http://localhost:8081/cgi-bin/koha/members/memberentry.pl
?op=edit_form&destination=circ&borrowernumber=51
2. Add the following in a "Circulation note"
=SUM(1+1)
3. Go to http://localhost:8081/cgi-bin/koha/members/member.pl
?quicksearch=1&circsearch=1&searchmember=koha
4. Click "Export" and choose "Excel" and "CSV"
5. Open those downloaded files in Excel
6. Note that the =SUM(1+1) function is prefixed with a single quote,
and is not automatically executed
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised. The problematic "cell" is exported as "'=SUM(1+1)".
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch fixes a typo in the description of the
EmailAddressForPatronRegistrations system preference.
To test:
1. Apply patch
2. Go to Administration > System preferences
3. Search for EmailAddressForPatronRegistrations
4. Read the description (2nd line) and make sure the spelling is correct
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
updates "Field suppresion" to "Field suppression"
to test:
- go to Administration/Authority types/Default framework/Tag 090
- verify description for subfield t is Field suppresion, FSP (RLIN)
- apply patch
- reset database or reset_all
- verify description has changed to Field suppression,FSP (RLIN)
Signed-off-by: William Lavoie <william.lavoie@inLibro.com>
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This fixes some database update messages to improve their
consistency with the database update guidelines
https://wiki.koha-community.org/wiki/Database_updates
Test plan:
1. Apply the patch.
2. Review the differences to make sure the messages make
sense and are consistent with the database update
guidelines:
2.1 Review the diff attached to the bug
or
2.2 Run: git show
3. Sign off D:
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Leo Stoyanov <leo.stoyanov@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch makes it so that the noItemTypeImages system preference is
the one that controls the display of item type images in the staff
interface advanced search page. It was previously erroneously managed by
the OpacNoItemTypeImages system preference.
To test:
1. Add images to item types, if there aren't any already (KTD has them by default)
1.1. Go to Administration > Item types
1.2. Click 'Edit' next to one of the item types
1.3. Choose an icon
1.4. Click 'Save changes'
2. Disable OpacNoItemTypeImages
3. Enable noItemTypeImages (already enabled in KTD)
4. Go to the advanced search page
--> The item types don't have any images next to them
5. Apply patch and refresh the page
--> The item type images should be displayed
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
test plan:
1. check run order of scripts in the cron
2. apply patch
3. koha-run-backups is now at the beginning of the cron
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This should have been removed by bug 22056
Signed-off-by: William Lavoie <william.lavoie@inLibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
prove t/db_dependent/Koha/ILL/Requests.t
Signed-off-by: Ray Delahunty <r.delahunty@arts.ac.uk>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan, before applying patches:
1) Enable ILLModule system preferece.
2) Create a book ILL request:
<staff_url>/cgi-bin/koha/ill/ill-requests.pl?method=create&backend=Standard
3) After creating a Book ILL request, go to its detail page and click on the newly created linked biblio
4) On the biblio detail, click 'NEW' -> 'New item', add type and home library + current library (dont enter a barcode)
5) Repeat 2) -> Click confirm request and continue.
6) Click "Check out" -> If theres a problem with the patron (expired or max checkouts hit) it'll say "A problem with patron occurred". Fix that adn click c"check out" again.
7) Notice the message "An unknown error occurred while trying to checkout the item"
8) Apply patches. Repeat. Notice the message you now get is 'The bibliographic record's item contains an unknown (or empty) barcode.'.
This patch also adds a link to the respective biblio for Staff members'
convenience.
Signed-off-by: Ray Delahunty <r.delahunty@arts.ac.uk>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Cosmetic changes only.
Signed-off-by: Ray Delahunty <r.delahunty@arts.ac.uk>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Before applying this patch, apply the CanBookBeIssued preparation: tests patch and run that,
Verify it fails, apply this patch. Run that same tests file again.
----- About this change -----
CanBookBeIssued wants to find one item given a barcode.
If a falsy (undef, empty) barcode is supplied, UNKNOWN_BARCODE should be returned.
Ensure this change does not introduce any regressions:
prove t/db_dependent/Circulation*
prove t/db_dependent/DecreaseLoanHighHolds.t
prove t/db_dependent/rollingloans.t
prove t/db_dependent/api/v1/checkouts.t
prove t/db_dependent/Patron/Borrower_PrevCheckout.t
Signed-off-by: Ray Delahunty <r.delahunty@arts.ac.uk>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
prove t/db_dependent/Circulation.t
Signed-off-by: Ray Delahunty <r.delahunty@arts.ac.uk>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This particular script has POD at the end rather than inline POD. This
patch simply moves the POD addition for this patchset into the bottom
section.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
The linked biblio_id of a generated test ILL request needs to be created by build_sample_biblio->AddBiblio.
Or else the related biblio is created by just 'build' and is not indexed + its related metadata is missing.
To test:
1) Apply the [DONT PUSH] patch and enable ILLModule
2) Run the script for ILL requests:
misc/devel/create_test_data.pl -n 5 -s Illrequest -d backend=Standard
3) Visit the ILLModule:
http://<intra_url>/cgi-bin/koha/ill/ill-requests.pl
4) Notice it loads 5 test ILL requests correctly
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test Plan:
1) Apply this patch
2) Run: misc/devel/create_test_data.pl -n 99 -s Borrower -d surname=Hall -d zipcode=111111
3) Search patrons' for the name "Hall"
4) Note there are 99 Hall's in your results!
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Bug 37448: Make use of build_sample_biblio and build_sample_item
The script is brilliant, but for biblios and items we should make use of build_sample_biblio and build_sample_item or this data does not get indexed + linked tables rows get missed
To test, before this patch, run:
1) misc/devel/create_test_data.pl -n 5 -s Biblio -d title=Test
Notice the 'Test' biblio is created on the database, but doesnt show on searches, and accessing it directly through URL throws a 500 error (because metadata does not exist for the biblio)
2) Apply this patch. Repeat the step above. Notice it now shows on searches and visiting the biblio directly shows no errors
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 37448: (QA follow-up) Tidy script
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Make use of newly updated ILL::Request->extended_attributes method instead of creating the query manually
The test plan in bug 38819 fails without this patch (page explodes with duplicate ID error).
It's the same cause as the one being fixed here in bug 38751 so I'm submitting this here.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Make use of newly updated ILL::Request->extended_attributes method instead of
creating the query manually
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
prove t/db_dependent/Koha/ILL/Request.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
