We will have to make sure this filter (HtmlTags) is not used with
unsafe variables.
Generated by:
perl -p -i -e 's/HtmlTags tag([^\|]*)\| html -%]/HtmlTags tag\1-%]/g' **/*.tt **/*.inc
perl -p -i -e 's/HtmlTags tag([^\|]*)\| html %]/HtmlTags tag\1%]/g' **/*.tt **/*.inc
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The step to install optional/mandatory things is broken with
many <br />'s instead of line breaks.
TEST PLAN
---------
1) Back up database
2) Drop database
3) Create empty database
4) Run web installer
-- Notice that step 3 has ugly <br />'s at the last
part of step 3.
5) Apply patch
6) Repeat steps 2-4
-- Notice the <br />'s are now nice line breaks.
NOTE: No promises of perfect positioning!
7) Run koha qa test tools.
Joubu: I have no idea if this is still needed. TO TEST
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
https://bugs.koha-community.org/show_bug.cgi?id=13618
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
OCLC has decided to retire all xISBN services:
https://www.oclc.org/developer/news/2018/xid-decommission.en.html
The code for related features has to be removed from Koha.
Test plan:
You need to be familiar with the different sysprefs (I am not):
- FRBRizeEditions
- SyndeticsEnabled
- SyndeticsEditions
- ThingISBN
Make sure there are no regressions introduced by this patchset.
QA Note: C4/XISBN.pm should be renammed
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Since bug 20226 you cannot longer creation a patron, memberentry.pl will
explode with
Template process failed: undef error - DBIC result _type isn't of the
_type Category at /home/vagrant/kohaclone/koha-tmpl/intranet-tmpl/prog/en/includes/str/members-menu.inc
line 22.
The problem is that "patron" is actually defined and the test in
str/members-menu.inc does not work as expected.
It comes from
commit 7b1d08df0f
Bug 19936: Replace Generate_Userid - Update the occurrences
where I needed $patron to be defined in order to use Koha::Patron->generate_userid
on an blessed object.
But this was actually wrong, as it could have side-effects.
Test plan:
Create a new patron
Edit it
Retest bug 19936 and make sure the userid is generated correctly in the
different situations
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch reindents the template for the staff client cart, basket.tt
- Trailing spaces removed
- Indentation changed to a consistent 4 spaces
- Markup indentation made more consistent
To test, apply the patch and add multiple items to the cart in the staff
client.
View the cart and confirm that it looks as it should both in the "brief"
and "more details" views.
HTML validation before and after the patch should return the same
results.
Signed-off-by: DEVINIM <kohadevinim@devinim.com.tr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch set does several things:
- it removes USER_INFO and BORROWER_INFO
These 2 variables contained logged-in patron's info. They must be
accessed from logged_in_user
- Use patron-title.inc for the breadcrumb at the OPAC, for consistencies
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
1. Open a list of results
2. Use fn+f12 to inspect element
3. Without patch it should show that the image class is 'materialtype'
4. With patch there will be an additional class
-Books = mt_icon_BK
-Kit = mt_icon_MX
-Article = mt_icon_AR
-Continuous resource = mt_icon_CR
-Mixed material = mt_icon_MX
-Computer files = mt_icon_CF
-Map = mt_icon_MP
-Music = mt_icon_MU
-Sound = mt_icon_MU
-Score = mt_icon_PR
-Visual material = mt_icon_VM
OR
1. Try using the classes in css to change the style
-When viewing the details of a record, the material type img should also have the
same changes
-Check that the material type classes in the results page is the same as
the details page
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
I've squashed the patches to make chanes easier readable.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Libraries may want to hide personal patron data from the circulation
page for privacy reasons this syspref introduces that ability for
library staff to control the display of this data themselves without
having to ask support vendors to hide it for them.
Test plan:
1. View circulation page and input a patrons barcode or name
2. Notice if the patron has a phone number, email, street address and
city set then these are displayed in the left hand side of the screen
under the patrons name. Otherwise if all/any of these fields are not
set for the patron then the text: "No <datafield> stored." is
displayed.
3. Apply this patch
4. Run ./updatedatabase.pl from the Koha shell to run the atomicupdate
5. Restart memcached and plack
6. Notice a new systempreference named
'HidePersonalPatronDetailOnCirculation' has been added, which has the
default value 'Dont'
7. Without changing the default value notice the personal patron
information is still displayed on the circulation page
8. Change the value of the syspref to 'Do' and now notice the phone
number, email address, street address and city are now hidden in the
circulation page
Sponsored-By: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Code and variables to deal with the update child feature are not
centralized but copied/pasted in several scripts. Which leads to issues
obsviously (bug 20805 for instance).
Moreover the strings used by the templates are also in several template
files (or .inc)
To deal with that this patch introduces the idea to create 1 .inc file
per .js file
Here we have members-menu.inc for members-menu.js
Test plan:
- Remove all your adult categories (categories.category_type='A')
- Create a patron with a child category
- Try to update to adult category
=> The entry does no longer appears! (This is a change in the behaviour)
- Create one adult category
- Update to adult category
=> There is a JS confirmation message, if you accept the patron will
be updated to the adult category
- Create (at least) another adult category
- Create another child
- Update to adult category
=> No more confirmation message but a popup to select the adult category
- Pick one
=> The patron has been updated to the adult category
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes some unnecessary " "'s from the template for
creating a new basket in acquisitions. This fixes the alignment on the
form fields.
To test, apply the patch and go to Acquisitions -> Vendor -> New basket.
All the form fields should be correctly left-aligned with each other.
Signed-off-by: Pierre-Luc Lapointe <pierreluc.lapointe@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch corrects the title tag on the tags review page.
To test, apply the patch and go to Tools -> Tags. The page title
(probably shown in the browser tab) should start with "Koha ->" instead
of "Home ->".
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
When creating a housebound visit, the names of the chooser and deliverer are the
same as the housebound patron (even though the housebound patron does not have
chooser and deliverer roles).
It has been caused by:
commit 5f80977875
Bug 18403: Use patron-title.inc when hidepatronname is used
patron-title.inc now starts looking for a variable named "patron", which exists in
members/housebound.
A better fix could be to renamed this "patron" variable tested by
patron-title.inc, but at first glance it's the only place this issue
exists.
Test plan:
1- Make sure HouseboundModule is enabled in system preferences
2- Go to a patron file (Patron A)
3- Edit this patron's housebound roles to Chooser
4- Go to another patron file (Patron B)
5- Edit this patron's housebound roles to Deliverer
6- Go to a third patron's file (Patron C)
7- Go to the Housebound tab
8- Fill out the housebound profile for Patron c
9- Click on "Add a new delivery"
10- Fill out day and time
11- Check the Chooser drop down
12- Check the Deliverer drop down
13- Save the delivery
14- Notice the Chooser and Deliverer names are correct
15- Click on the name of the Chooser, it goes to Patron A's file
16- Go back and click on the name of the Deliverer, it goes to Patron B's file
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
No test plan found ;)
But tested bookcount and request-article.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This alternate patch adds a new icon to the sprite image which gives
icons to the link on the staff client home page. It modifies the CSS
positioning for all the links as the new image sprite is somewhat
different.
The SVG file from which the sprite image was generated is also updated,
and the about page has been updated to give credit to the creator of the
icon.
Unrelated change: The cataloging link is moved to the second column.
Although it's probably rare for all modules to be enabled and available,
this puts the same number of links in each column.
To test, apply the patch and clear your browser cache if necessary. With
interlibrary loan enabled, view the staff client home page and confirm
that all the module links look correct, including when you hover your
mouse over them.
Confirm that the about page lists the new icon under the "licenses" tab.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
1 - View the accounts tab for a patron with fines
2 - Note there is no homebranch displayed to see where charges came from
3 - Apply patch
4 - Reload the page and note that you see the 'Home library' column
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Followed the test plan and it works.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The error codes 1 to 7 are used in Uploader.pm or tools/upload.pl.
It would be nice to use alphanumeric codes instead.
No behavior change expected.
Test plan:
[1] Run t/db_dependent/Upload.t
[2] Verify that a regular upload with tools/upload.pl still works.
[3] Rename upload_path in your koha-conf.xml. Restart Plack, flush the cache
and try to upload to a category. Correct error message?
[4] Upload the same file twice to the same category.
Correct error message the second time?
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 19633: (QA follow-up) Really remove these ugly numbers
See BZ comment5. We now remove the numbers also from the constant names.
Test plan:
Read the changes.
Git grep "ERRCODE_"
Run t/db_dependent/Upload.t (Note: You may see one failure here; it is fixed
on bug 20727. So depends on who reaches master first.)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This only pertains to the second (Processing) tab.
Test plan:
[1] Have one entry in Pending and zero in Processing.
[2] Click on Processing tab.
[3] Without this patch, you would see Select all/Clear all.
With this patch, you won't.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The repeated prompts for cancelling multiple selected items are
confusing.
The wording is slightly adjusted. The reason is asked only once per
group of selected items.
Test plan:
Create three requests.
Select two requests and cancel (from top menu) for reason A.
Cancel third request (from item menu) for reason B.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes a couple of minor interface changes and updates the way
checkbox change events are handled:
- jQueryUI tabs initialization sets a variable for "active table" which
can be re-used by functions which affect only the visible table.
- The batch "Actions" menu is shown or hidden based on whether there
are checked items.
- The item selection tools are shown or hidden based on whether there
are rows in the table.
To test, apply the patch and test various article request actions:
- Single "process," "complete," and "cancel" operations.
- Select all/ clear all operations on both tabs.
- Batch operations with checked requests.
- Process all pending requests to confirm the selection controls for
that table are hidden.
- Complete all processing requests to confirm the selection controls
for that table are hidden.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Adds a column with a checkbox. Adds buttons under the table for Select,
Clear and Actions menu.
An additional javascript function HandleMulti is placed between the form
and the functions handling individual requests.
Note: The Actions menu below does not contain Print slip. This does not
work in its current form. This could be handled on a separate report.
Test plan:
[1] Enable Article Requests. Add a few requests.
[2] Test the Select all / Clear all functionality on the form.
[3] Verify that the menu options Process, Complete and Cancel work as
expected both from the individual Actions menu as from the shared
Actions menu for selected requests.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Patch applies and functions as described.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch converts staff-global.css to Sass, using SCSS syntax. This
changes the build process for Koha to include installation and execution
of yarn to install npm dependencies and run SCSS -> CSS conversion.
To test, apply the patch and run the following:
$ sudo apt-get install nodejs npm [not necessary in kohadevbox]
$ sudo npm install -g yarn
$ yarn install
$ yarn build
Clear your browser cache if necessary and confirm that CSS styling
throughout the staff client looks correct.
The "yarn build" command triggers a gulp process which compiles SCSS to
CSS, adds automatic vendor-prefixing, and minifies the resulting CSS
file.
There is also a "yarn css" command available which might be used by
developers who are making changes to SCSS. This command does two things
differently:
1. Adds .css.map files which aid CSS debugging using in-browser
inspector tools.
2. Compiles staff-global.css without minification. It can be useful to
see unminified CSS during development, especially to see how SCSS
compiles.
This patch adds a configuration file for sass-lint, .sass-lint.yml.
Currently this configuration is not used during the build process but
can be used in a code editor which supports linting.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes style and markup changes to the patron detail page
template in order to make the display of information somewhat more
compact and to increase the visibility of the edit controls.
To test you should enable the patronimages system preference. Apply the
patch and view the detail page for a patron.
- Check that the page looks correct and that sections like "Alternate
address" and "Alternative contact" are empty when there is no data.
- Check that the "Manage patron image" tool works correctly.
Signed-off-by: Cab Vinton <director@plaistowlibrary.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a more obvious way of see which search terms have been
submitted to filter the table of saved reports.
The patch also moves embedded CSS into a separate file.
To test you should have multiple saved reports.
- Apply the patch and go to Reports -> Use saved.
- Filter the table of reports by submitting one or more terms in the
sidebar "Filter" form.
- Confirm that the terms you submit are shown at the top of the table of
results.
- Confirm that clicking the "Clear" link clears the search filter.
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Followed the test plan and it works.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the patron edit process so that "Housebound roles"
can be edited as a separate step.
To test, apply the patch and open an existing patron's detail page
(moremember.tt). Test the "edit" links for 'Housebound roles' and
'Additional attributes and identifiers' and confirm that each opens its
own edit page, and saving changes works correctly.
Signed-off-by: Cab Vinton <bibliwho@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
When using the WYSIWYG editor for system preferences, the editor only
updates the textarea element if the content is different from the
original content. This means if you change a system preference and
then change it back to the original content, the textarea will have
the 2nd last change you made.
This patch removes the TinyMCE.isDirty() check, which was responsible
for comparing the original and changed content. Every input/keydown/dragend
or TinyMCE command will cause the textarea element to be updated and
trigger the input event which causes the "modified" class to be added
to the element, so that the system preference can be saved.
__TEST PLAN__
_Before applying_
0. Change "UseWYSIWYGinSystemPreferences" to "Show"
1. Change "opaccredits" to "123a"
2. Click "Save all OPAC preferences"
3. Reload the page
4. Change "opaccredits" to "123"
5. Change "opaccredits" to "123a"
6. Click "Save all OPAC preferences"
7. Reload the page
8. Note that "opaccredits" says "123"
_Apply the patch_
_After applying_
1. Change "opaccredits" to "123a"
2. Change "opaccredits" to "123"
3. Click "Save all OPAC preferences"
4. Reload the page
5. Note that "opaccredits" says "123" (and not "123a")
6. Change "opaccredits" to "1234"
7. Click "Save all OPAC preferences"
8. Reload the page
9. Note that "opaccredits" says "1234"
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The itemnumber list passed from a file in the batch item
modification/deletion tools is not tested.
Like barcodes we should make sure they refer to a valid items in the DB.
Test plan:
- Create a file with barcodes, itemnumbers and random lines
- Use the batch item modification and deletion tools with this file
You should see a table with a list of invalid barcodes and itemnumbers.
Without this patch you got the following error:
Can't call method "title" on an undefined value at
/home/vagrant/kohaclone/tools/batchMod.pl line 580
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
calendar.inc must be in the jsinclude block when jsfooter is set
Test plan:
- Open or create a label batch.
- Click "Add items" to trigger the pop-up search window.
- Date picker should work now
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds some CSS to target mandatory fields on the add item
screen which are styled by the Select2 plugin.
To test you must have at least one item field marked mandatory and
linked to an authorized value.
Open the add item form for an existing record. Try to submit the form
without making a selection in the mandatory dropdown. You should get an
alert warning you that you have empty mandatory fields, and the field
should be highlighted in yellow.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
When a suggestion's status is set to a customized value (AV
SUGGEST_STATUS), the description is not always displayed correctly.
Test plan:
- Create different values for the AV SUGGEST_STATUS
- Create several suggestions
- Change the status using the SUGGEST_STATUS values
- Edit the suggestion and change again the status
- View the suggestions for a given patron
(members/purchase-suggestions.pl?borrowernumber=XX), the statuses must
displayed correctly
Signed-off-by: Lisette Scheer <lisetteslatah@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the JavaScript functions for the select all/clear
all links so that each action triggers the "change" event, required to
enable or disabled the "merge selected patrons" button.
To test, apply the patch and perform a patron search which will return
multiple results.
- Test the "select all" and "clear all" links, and confirm that the
"Merge selected patrons" button is enabled and disabled.
- Test that checking and unchecking multiple checkboxes still works
correctly to enable and disable the button.
Signed-off-by: Pierre-Luc Lapointe <pierreluc.lapointe@inLibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The SRU search fields mapping pop-up comes up as a blank white
page.
To test:
- Go to Administration > Z39.50/SRU servers
- Modify or create an SRU server
- Click on the 'Modify' button to change mappings
- Verify the new window that opens is blank
- Apply patch
- Verify the pop-up now is no longer blank but works
correctly.
Bonus: Spottd some HTML errors while looking for the
problem. Also fixed in the patch.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 19608 incorrectly replaced intranet-bottom by popup-bottom.
Adjusting the new template in the same way.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
- Apply the patch
- Add an SRU authority server in admininistration -> Z39.50/SRU servers
You can try with the French national library, configured as such:
Hostname: catalogue.bnf.fr
Port: 80
Database: api/SRU
Syntax: Unimarc
Record type: authority
Additional SRU options: version=1.2,sru=get
SRU Search fields mapping example:
Keyword (any): aut.anywhere
Name (any): aut.anywhere
Author (any): (aut.type any "pep org") and aut.accesspoint
Author (personal): aut.type=pep and aut.accesspoint
Author (corporate): aut.type=org and aut.accesspoint
Author (meeting/conference): aut.type=org and aut.accesspoint
Subject heading: (aut.type any "geo ram_nc ram_ge ram_pe ram_co") and aut.accesspoint
Subject sub-division: aut.type=ram_pe and aut.accesspoint
Title (any): (aut.type any "tic tut tum ram_tp ram_tu") and aut.accesspoint
Title (uniform):(aut.type any "tut tum ram_tu") and aut.accesspoint
- Try a search from Authorities -> New from Z39.50/SRU
- Check that the authority is correctly displayed in "Show Marc"
- Check that the authority is correclty added to koha in "Import"
- prove t/db_dependent/Breeding.t
Signed-off-by: François Pichenot <fpichenot@ville-roubaix.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This fixes a problem with layout of the page when viewing a closed
basket group. Changed the grid options for basket information when a
basket group is closed.
To test, apply the patch and go to Acquisitions -> Vendor -> Basket
groups. You should have multiple baskets and basket groups to test with.
- Edit an open basket group. The layout should look correct, with basket
group information in the form in the left column and ungrouped basket
in the right column. Grouping and ungrouping baskets should work
correctly.
- View a closed basket group. The basket group information should
display in a single column that spans the main part of the page.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch addresses the lack of sanitization of the "notes" field on
the OPAC "View Interlibrary loan request" page.
To test:
- Apply the patch
- As an OPAC user, create an ILL request
- Navigate to the request's "View Interlibrary loan request" page
- Add the following note:
Hello
<h1>TESTING</h1>
<script>alert('pwned');</script>
- Click "Submit modifications"
- TEST: Observe, when the page reloads, only the following is preserved in the
"Notes" textarea:
Hello
TESTING
- As a staff user, naviate to the ILL requests table
- Select "Manage request" for the request you created
- TEST: Observe that the Notes field only contains:
Hello
TESTING
- TEST: Observe that no Javascript alert is displayed
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When the user is not superlibrarian or has the manage_suggestions
permission, the suggestion box on the left of the acq start page
needs to be hidden.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Without this patch only catalogue permission was required
for managing suggestions. This patch adds a new permission
in the acquisition module do manage suggestions and updates
staff user permissions accordingly.
To test:
- Make sure there is a pending suggestion
- Create a few users with different permission sets:
- User 1: only catalogue
- User 2: any acquisition permission
- User 3: cataloguing permission
- Check all of them can access: /cgi-bin/koha/suggestion/suggestion.pl
- Apply the patch
- Verify all of them now have the suggestions_manage permission
- Verify everything displays correctly on:
- intranet start page
- patron account in staff
- acquisition start page
- suggestion page (try to access by URL too)
- Remove suggestions_manage for a staff user
- Repeat tests above, access should be denied/links not visible
Bonus:
- Fixes the link on the acquisition start page for late orders
to mage the permissions of the page itself: order_receive
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
It's safer to send what we need from C4::Auth it's needed from a whole
module.
The SELECT COUNT(*) query will only be done when needed (so not made
from scripts outside of circ)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
1. body tag was missing
2. make "Date" column sortable correctly
3. remove CDATA and type="text/javascript"
4. Handle server-side errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
3. In the JS console: "ReferenceError: $ is not defined", I did not
investigate it.
Where do you see this in the console? I cannot recreate on opac-user.pl
or on circ/checkout-notes.pl.
5. The alert id=error is displayed then hide in JS, but it's then
displayed half a second. We should hide it by default (css)
Fixed in this patch
6. I would move the "mark seen" and "mark not seen" buttons at the
top of the table
Fixed in this patch
8. Cursor on "Select all" and "Clear all" links must be adjusted
Fixed in this patch
9. $(".btn-xs").click(function(event){
The selector should be $("button.seen, button.notseen"), you
do not want to apply this function to all other btn-xs on
the page (maybe there are only two for now, but who knows
later?)
Fixed in this patch
12. Important: When a note is updated, it's still marked as
seen. Is it the expected behavior?
I don't see this behaviour. When a note is updated it is
marked as not seen.
opav/svc/checkout_notes:79: $issue->set({ notedate =>
dt_from_string(), note => $clean_note, noteseen => 0
})->store;
13. What will happen when hundred of notes will be on this
table? Not blocker but we will need a "hide seen" buttons to
filters the already seen notes.
Added in this patch
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch includes some changes required on comment 57:
1. Bad resolution conflict, permission self_checkout is re-add
2. The IGNORE modifier is missing in the INSERT statement
4. When I hit /circ/checkout-notes.pl from the side bar, the page displays "Checkout notes", nothing else. We should add "There is no checkout notes".
7. I would display the table on the confirmation screen as well
10. html filters are missing
11. span element should surround translatable string, to help translators
14. patron-title.inc must be used to display patron's info
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>