Commit graph

17 commits

Author SHA1 Message Date
247dca3064
Bug 23013: Upgrade DataTables in the staff client
This patch upgrades DataTables and makes some style changes to the
default DataTables toolbar style. DataTables assets are now combined and
minified using their download customizer, bundling together these
elements:

 - JSZip 2.5.0
 - pdfmake 0.1.36
 - DataTables 1.10.18
 - Buttons 1.5.6
 - Column visibility 1.5.6
 - HTML5 export 1.5.6
 - Print view 1.5.6
 - FixedHeader 3.1.4

DataTables assets have been moved from lib/jquery/plugins to
lib/datatables. The global header and footer include files are updated
correspondingly.

This patch removes the custom "four_button" pagination configuration and
updates pages which used it to use the built-in "full" type instead.
This is done for the sake of consistency and upgradability. This change
touches a lot of files.

Table-specific CSS has been moved from staff-global.scss to a new
include, _tables.scss. A second common include, _mixins.scss has some
variable definitions used in both files.

Many images have been made obsolete by this change and have been
removed.

To test, apply the patch and regenerate the staff client CSS. View
various pages in the staff client with tables:

 - Not formatted by DataTables:
   - Reports -> Most circulated items
   - Catalog -> Search results
 - Formatted by DataTables without column configuration
   - Acquisitions -> Vendor search
   - Lists
 - Formatted by DataTables with column configuration
   - Administration -> Libraries
   - Administration -> Item types
   - Reports -> Saved SQL reports
 - Non-standard DataTables configurations:
   - Circulation -> Checkouts
   - Administration -> System preferences
   - Reports -> Lost items

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-08-22 15:23:19 +01:00
f447658f85
Bug 23194: Fix other occurences
Throughout staff client and course reserves we also show the field with HTML filter, maybe we shouldn't?

The items lost report also included the note as a title element on title and barcode links, I removed this
as the note displays in that table

To test:
 1 - Add a link to publicnotes for an item
<a href="www.google.com">Cats!</a>
 2 - View opac details, confirm the note is a link
 3 - Same for staff side
 4 - Add item to a course reserve
    UseCourseReserves  preference must be set to 'Use'
    From the course reserves module you will need to add a course (and possibly a department first)
    Adding should be intuitive
 5 - Confirm note is a link in course details on staff and opac
 6 - Perform a batch checkout, confirm the itemnote shows as a link
     You will need to enable the system preference:  BatchCheckouts and add a patron category to:  BatchCheckoutsValidCategories
     Then a link should be available from checkout for a patron in that category
 7 - Mark the item as lost
 8 - Go to Reports->Items lost
 9 - Confirm the note is a URL and that title and barcode links don't show the note
10 - Click the barcode to go to moredetails for the item - in this case note should display as editable text, not a link

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: frederik chenier <frederik.chenier@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-07-15 11:27:58 +01:00
6c7c97f67c Bug 22015: Move DataTables CSS to global include
DataTables are used on enough pages in the staff client that it
doesn't make sense to put inclusion of the CSS into each template
where it is needed. This patch moves includes of datatables.css from
individual templates into the global header file.

To test, apply the patch and view various pages which have DataTables.
View various styles of DataTables, e.g.

 - Full pagination, like item search results
 - Four-button, like Saved SQL reports

Everything should look the same as it was.

Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-02-19 19:40:35 +00:00
1cf849eee0 Bug 21442: Update two-column templates with Bootstrap grid: Circulation part 1
This patch modifies several circulation templates to use the
Bootstrap grid instead of YUI.

This patch also removes obsolete "text/javascript" attributes from
<script> tags and "text/css" attributes from <style> tags in the
modified templates.

To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:

 - Circulation -> Pending on-site checkouts (enable OnSiteCheckouts
   preference).
    - Test with the CircSidebar system preference both on and off
 - Circulation -> Overdues
 - Circulation -> Holds to pull
 - Circulation -> Renew
    - Test with the CircSidebar system preference both on and off
 - Circulation -> Bibliographic detail page -> Request article (enable
   ArticleRequests system preferences)
 - Circulation -> Hold ratios

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-11 13:25:02 +00:00
5825026448 Bug 21526: uri escape TT variables when used in 'a href'
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-26 17:09:57 +00:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
Julian Maurice
ed7543287b Bug 20538: Remove the need of writing [% KOHA_VERSION %] everywhere
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
  mechanism, it will be tedious

This patch:
- adds a Template::Toolkit plugin that generates <script> and
  <link> tags for JS and CSS files, and inserts automatically the Koha
  version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable

Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
   checking your browser's dev tools (there should be no 404 for JS and
   CSS files, and the Koha version should appear in filenames) and the
   server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-13 11:49:44 -03:00
fd70cdcc31 Bug 12904: Add KOHA_VERSION to few more .css
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:01:19 -03:00
44e7d5e84b Bug 19700: Move template JavaScript to the footer: Some circulation pages
This patch modifies some staff client circulation templates so that
JavaScript is included in the footer instead of the header.

To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.

- Article requests (enable ArticleRequests system preference, have at
  least one outstanding article request)
  - Request article (Bibliographic detail page -> Request article).
- Item circulation statistics (Bibliographic detail page -> Items ->
  View item's checkout history).
- On-site checkouts (enable OnSiteCheckouts system preference; Check out
  some items as on-site checkouts; Go to Circulation ->
  Pending on-site checkouts
- Overdues report (Circulation -> Overdues).
- Holds to pull (Circulation -> Holds to pull).
- Renew
- Holds ratios (Circulation -> Holds ratios).
- Check in
- Transfers to receive (Circulation -> Transfers to receive).
- Holds queue (Circulation -> Holds queue).
- Holds awaiting pickup (Circulation -> Holds awaiting pickup).

Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-11 11:34:23 -03:00
Aleisha
1edb8cbeee Bug 16530: Adding a circ sidebar navigation menu and circSidebar syspref to activate/deactivate
Edit: Fast cataloging link should now show on all pages, removed offline circulation links
Edit 2: Creates the syspref to activate or deactivate the sidebar
Edit 3: Fixing merge conflicts, using Koha::BiblioFrameworks to find FA
framework and adding sidebar to on-site checkouts

This adds a sidebar to
circ/branchoverdues.tt
circ/circulation.tt (I also fixed up some of the indentation in this file to make it easier to see where the divs started and ended)
circ/renew.tt
circ/returns.tt
circ/selectbranchprinter.tt
circ/transferstoreceive.tt
circ/view_holdsqueue.tt
circ/waitingreserves.tt
circ/branchtransfers.tt
circ/on-site_checkouts.tt

To test:
1) Confirm syspref CircSidebar is activated
2) Go to all of the above pages and confirm the sidebar menu shows up
3) Confirm fast cataloguing link and transfer link are there
4) Trigger any error messages you can possibly think of (i.e. on renew.pl: barcode does not exist). Confirm that this does not mess up the layout of the page
5) Go to a user account page, Check out tab. (Since this is a circ/circulation.pl page). Ensure the circ nav sidebar doesn't show up (confirm it looks as it usually does)
6) Deactivate circSidebar
7) Confirm pages all look normal

Sponsored-by: Catalyst IT

Signed-off-by: Jan Kissig <jkissig@th-wildau.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-03 18:34:36 +00:00
6381d1853d Bug 16241 - Move staff client CSS out of language directory
The staff client CSS is not language-specific, so it can be moved out of
the en/ directory and thus not be duplicated for every translation.

In order to be able to have a generic path to the YUI CSS files, the YUI
directory is moved by this patch to the staff client's lib/ directory.

To test, apply the patch and visit various pages in the staff client.
Look in particular at pages which include more than the standard CSS.
For example:

- The staff client login page.
- The staff client home page.
- Patron -> Set permissions.
- The advanced cataloging editor.
- Acquisitions -> Vendor -> Basket groups.
- Tools -> News -> Edit news.
- Administration -> System preferences.

Revised: I intended for this to be built on top of Bug 15883. Now it is.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

On top of 15883
Works as described, all pages on test plan
No Errors

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 13:54:37 +00:00
a8942c2884 Revert bug 13618 - "Prevent XSS in the Staff Client and the OPAC" due to performance issues
Revert "DBRev to make notes of the XSS patches and the new important dependency."

This reverts commit e140603a59.

Revert "Bug 13618: Specific for branches.opac_info"

This reverts commit 06e4a50f00.

Revert "Bug 13618: (follow-up) Specific for other prefs"

This reverts commit d6475a111f.

Revert "Bug 13618: Fix for debarredcomment and patron messages"

This reverts commit dd98c9df92.

Revert "Bug 13618: Do not display html tags in patron's notices"

This reverts commit a065b243fe.

Revert "Bug 13618: Do not display &nbsp; and html tags in item fields content"

This reverts commit baeeaffbf8.

Revert "Bug 13618: Fix for system preference description"

This reverts commit a967a09261.

Revert "Bug 13618: Remove html filters for newly pushed code"

This reverts commit 0e98662b10.

Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"

This reverts commit fc2fb605e5.

Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"

This reverts commit bc308fdd9c.

Revert "Bug 13618: Fix for edit biblios and items"

This reverts commit 811c4e8402.

Revert "Bug 13618: followup to remove tabs"

This reverts commit ca8e8c397c.

Revert "Bug 13618: Fix last occurrences recently introduced to master"

This reverts commit bb417b256b.

Revert "Bug 13618: Fix for news"

This reverts commit ae5b98020a.

Revert "Bug 13618: Fix escape on sending baskets or shelves by email"

This reverts commit a7731ffe25.

Revert "Bug 13618: Specific for XSLTBloc"

This reverts commit 11fa38dc29.

Revert "Bug 13618: Specific for Salutation on editing a patron"

This reverts commit 36c07ad6d3.

Revert "Bug 13618: Specific for other prefs"

This reverts commit e6ea281a3b.

Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"

This reverts commit 7824874557.

Revert "Bug 13618: Specific for ColumnsSettings"

This reverts commit 1834da3da3.

Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"

This reverts commit 21ae62b253.

Revert "Bug 13618: Fix error 'Not a GLOB reference'"

This reverts commit 602bdbab4c.

Revert "Bug 13618: Specific for the ISBD view"

This reverts commit d254362435.

Revert "Bug 13618: Specific for pagination_bar"

This reverts commit 8837a8ae68.

Revert "Bug 13618: Specific places where we don't need to escape variables - intra"

This reverts commit 00eff140b3.

Revert "Bug 13618: Remove html filters at the intranet"

This reverts commit 7db851ff03.

Revert "Bug 13618: Specific places where we don't need to escape variables"

This reverts commit 49a3738b8d.

Revert "Bug 13618: Remove html filters at the OPAC"

This reverts commit cedaa0e23e.

Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"

This reverts commit 01b38d3b13.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-02-11 19:39:53 +00:00
Jonathan Druart
7db851ff03 Bug 13618: Remove html filters at the intranet
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:12 +00:00
Katrin Fischer
b7d5ce5f9a Bug 11201 - QA follow-up - Pending on-site checkouts
Changes page name to "Pending on-site checkouts" as
agreed during the hackfest.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 11:30:55 -03:00
Jonathan Druart
e0e80e0efb Bug 11201: qa-followup
- move h4 to h1
- Make the link on the circ home page depending on the pref

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 11:30:55 -03:00
Jonathan Druart
9871417d44 Bug 11201: Display overdues in red
On the pending on-site checkout list, the date for overdues are now
displayed in red.

Test plan:
Make sure you have on-site checkouts created today and before.
The date for the ones created before today should be displayed in red.

Signed-off-by: Nicole <nicole@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 11:30:55 -03:00
Jonathan Druart
e887ae544d Bug 11201: Add a in-house use list pages
The circulation page has a new entry: a link to a list of the pending
in-house use.

Bug 10860 introduces a new way for managing in-house uses.
This patch adds a new page (from the circulation home page) to list all
pending in-house uses.

Test plan:
Go on the circulation home page and click on the in-house use link.
Verify all your in-house uses are listed and information are consistent.

Bug 11201: Display lib instead of AV code

This patch assumes that items.location is linked the the LOC
authorised values.

Signed-off-by: Nicole <nicole@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 11:30:55 -03:00