This patch modifies the maximum size of a patron's image, from 500KB to
2MB. Also, in Home/Patrons/anyPatron, when you try to add an image to a
patron, you can now see the supported file types AND the maximum size.
The following places are affected by this patch:
- Home/Patrons/anyPatron
- Home/Tools/Upload patron images
- Home/Tools/Patron card creator/Images
To test:
1)Search for any patron and go to his page.
2)Hover over the image area on the left and click on the "Add" button.
3)Notice that the message above the choose file button only specifies
file types without the maximum size.
4)Add an image bigger than 500KB.
5)Nothing happens. (This is because the maximum size is 5KB)
6)Apply the patch.
7)Repeat steps from 1 to 3.
8)Notice that the message now includes the maximum size.
9)Add an image bigger than 500KB, but smaller than 2MB.
10)The image is succesfully uploaded.
11)Add an image bigger than 2MB.
12)Nothing happens. (The maximum size is now 2MB)
13)Repeat the steps 9 to 12 in "Home/Tools/Upload patron images" and
"Home/Tools/Patron card creator/Images".
14)Notice that the maximum size is updated.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch removes calls to CGI->param from within the templates
(patroncards-errors.inc) and passes error_* variables with the same
codes from the controllers to the template instead.
This way we can be sure CGI->param is not called in list context.
To test, try those pages and see they don't show warnings anymore.
Verify that error situations still show the error messages.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This renames the selectbranchprinter.pl file to the more
fitting set-library.pl.
To test:
- Change the library with "Set library" from
- The menu in the top navigation bar
- The circulation start page
- Verify the help link on page leads to the correct
section in the manual
- Read the code... and verify all occurences have been caught
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Translation for koha-tmpl/intranet-tmpl/prog/en/includes/patroncards-errors.inc
contains a lot of (partial) template directives like:
%%]%s %sLayout: [%%
This patch fixes it
To test:
- Verify that code changes make sense
- Apply patch
- Create a translation (cd misc/translator , then: perl translate create aa-AA
- Verify that in po/aa-AA-staff-prog.po contains no fragments like %%] or [%%
for patroncards-errors.inc
- Try to get an error: Try a link like
http://[YOUR SERVER]/cgi-bin/koha/patroncards/create-pdf.pl?batch_id=1&template_id=999&layout_id=999&start_card=1
...where template_id and layout_id do not exist
(Amended for comment #2 2017-06-05 mv)
(Amended for comment #6 2017-08-02 mv)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a check for duplicates before uploading the image.
To test:
1) Go to Tools -> Patron card creator -> Manage images
2) If you haven't already, upload an image
3) Try to upload another image with the same image name
4) Notice the first image is replaced with the second image, with no
warning.
5) Apply patch and refresh page
6) Try to upload an image with the same image name again
7) Notice you are now warned about a duplicate image name.
8) Check that uploading an image with a unique name still works.
Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Tools -> Patron Card Creator -> New Image
2) Click Upload without attaching anything
3) Notice typo
4) Apply patch and refresh page (resend information if prompted)
5) Notice typo fixed
Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Change patroncards/create-pdf.pl to redirect with an error message
instead of writing an invalid pdf that does not open in pdf viewer.
To test:
- Apply patch
- Test that pdf creator behaves as before (with valid batches and
patron lists)
- While testing, copy pdf link address from window with title 'Click
the following link(s) to download...'
- Open another staff client browser tab
- Paste link to browser address field, change batch id rsp. patron
list id to an invalid value and submit
- The window should redirect to cgi-bin/koha/patroncards/create-pdf.pl
and display an error message
- Bonus test 1: Create an empty patron list and test patron card
creation. You should get an error message as appropriate.
- Bonus test 2: Use a link with params like the following:
...create-pdf.pl?borrower_number=61&template_id=2&layout_id=1&start_card=1
Verify that you can create a pdf with a valid borrower_number and that
you get the error message with an invalid borrower number
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(Apparently) unlike HTML::Template::Pro, Template Toolkit doesn't like
template variables that are entirely numeric -- in conditionals, it
consider them integers, most of which are Perl true.
This patch changes this by setting the error variable to the error
value.
To test:
[1] Run the test plan from the previous patch. In each
case, verify that the error message is specifically applicable
to the test. For example, if you try uplaoading a patron image
that is larger than 500KB, the error message displayed should
specifically say so.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Thank you Galen for catching this. Error messages showing up
now are much more specific and according to the error codes given.
I testd uploading a file larger then 500KB and triggered several
error messages giving the error code in the URL:
/cgi-bin/koha/patroncards/manage.pl?card_element=profile&error=201
All tests and QA script pass.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The patron card creator error message include uses a non-standard method
for displaying error messages, and is poorly-named.
This patch converts the method of displaying error messages for various
patron card creator options to the standard one ('<div class="dialog
alert">') and renames the include file to make it clear that it relates
only to patron card creator operations.
To test, perform various operations:
- Go to 'manage images' and try to upload a file which exceeds the
500KBfile size limit
- Go to the edit batch page and manually append an error code to the
URL: /cgi-bin/koha/patroncards/edit-batch.pl?op=new&error=403
- Go to one of the manage pages and manually append an error code to the
URL:
/cgi-bin/koha/patroncards/manage.pl?card_element=profile&error=201
Correct display of an error message indicates that the include file is
being found.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes test plan, test suite and QA script.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
