To test:
1 - Go to Admin->Z39/SRU servers
2 - Pick a server or add one
3 - Click 'Modify' button for mappings
4 - Copy the HTML of the popup into w3c validator
https://validator.w3.org/#validate_by_input
5 - Note extra closing div
6 - Apply patch
7 - Repeat
8 - Success
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch corrects a regression caused by Bug 21151: The include file
which adds CSS to the page was removed from the template.
To test, apply the patch and go to Administration -> Z39.50/SRU servers
-> New SRU server.
- Click the "Modify" button next to "SRU Search fields mapping"
- Verify that the pop-up window is correctly styled.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
On the OPAC result list, below each result, there is a link:
"Save to Lists".
Patch changes this to "Save to lists" following our
capitalization rules.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the JavaScript which embeds local cover images in
staff client catalog search results. It now adds the "thumbail" class to
the image, matching Amazon cover images.
To test you should have one or more titles with local cover images
attached. Apply the patch and clear your browser cache if necessary.
Enable both the AmazonCoverImages and LocalCoverImages system
preferences and perform a search which will return titles with local
cover images. Confirm that local covers are styled like Amazon covers.
Tested and confirmed local cover images are appearing quite nicely now.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To stay consistent in the DOM structure it would make sense to have it
there as well
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
While the module pull down on adding and editing a letter is
written out and fully translatable, the overview page showed
the internal 'module code'.
Patch also renames the "Members" module into the "Patrons" module
to match Koha's terminology.
To test:
- Before applying the patch:
- Add or edit a notice, look at the pull down for module
- Go back to the overview page
- Verify the module names don't match
- Apply the patch:
- Check again, pull downs should now match
- Verify that Members is now Patrons everywhere
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch corrects some Bootstrap button-related CSS which was causing
some buttons to have the wrong color:
- Circulation -> Check out: "Add a new message" link is black
- Catalog -> Details page: "Print" button is blue
To test, apply the patch and rebuild CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
Clear your browser cache if necessary and view the above pages to
confirm the problem is fixed.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The ROADTYPE category was missing from the default list of
authorised value categories available.
To test:
- Verify ROADTYPE is not listed as authorised value category
- Apply patch and run database update
- Verify ROADTYPE is now listed
- Add an entry, for example: AV = Avenue
- Add or edit a patron, verify a pull down with your entry
shows on the form.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Batch item/record modification/deletion tools does not open uploaded
files in utf-8
Test plan:
Edit and delete records and items using a file which will contain:
valid and invalid barcodes with and without utf-8 chars (💕)
You should see the warning message:
"The *** 39999000💕001679 does not exist in the database."
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Have the same fund code in two budgets
2 - Have budget code defined in MarcItemFieldsToOrder
3 - Stage a file with some order items as defined above
4 - Inspect the fuinds drop down in the item, notice two lines are
marked selected
5 - Apply patch
6 - Repeat
7 - Only one field should be selected, with a preference for active
budget
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We should correct bad data too.
This is a trivial, pragmatic approach. Instead of doing a complex
calculation with holidays etc. (as was done on 12063), we just add
MaxPickupDelay or 7 days to today probably resulting in a little bonus
time. Only for waiting holds. When the ReservesNeedReturns pref was not
Automatic, there should be no changes.
== Test plan ==
1. git checkout c585f1149770ec401f188e061211501897cec0bf~1
This the commit before bug 20724's patches.
We need that to be able to generate "corrupted data"
2. Set ReservesNeedReturns to "Automatically"
3. Place a hold on a specific item
4. The hold should have an *empty* expiration date
record page → Hold → "Expiration" column
5. Apply this patch
6. Run updatedatabase.pl
7. Refresh the page
8. The hold should have an expiration date (not empty)
9. Celebrate! 🎉🎊🥳
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset <victor.grousset@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Bug 20773: (followup) Remove MySQLism
Signed-off-by: Victor Grousset <victor.grousset@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
It failed 3x in the last 6 runs (on node 1), we should mock
DateTime->now to prevent it to fail again.
The error is:
koha_1 | # Failed test at
t/db_dependent/Letters/TemplateToolkit.t line 724.
When comparing <<today>> replacement:
koha_1 | # 08/16/2018 14:25<br />
[...]
koha_1 | # 08/16/2018 14:24<br />
Let's mock DateTime->now to prevent it to fail again.
Test plan:
0. Do not apply this patch
1. Add "sleep(60);" at line ~715, before "# Add a second checkout"
2. Run the tests
=> Fail!
3. Apply this patch
4. Run the tests again
=> Pass!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
See description of the bug for screenshots
I do not really know why we have these issues, but maybe we should
regenerate the .scss in order to catch the other problems?
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
Ideally tested on a working ldap server with bind by auth and no
anonymous bind
1 - Define an LDAP config with bind by auth
2 - Don't define user/pass
3 - Define anonymous_bind = 0
4 - Attempt bind by auth
5 - Error is something like:
LDAP search failed to return object : XXXXXXXXX: LdapErr: XXXX-XXXXXX,
comment: In order to perform this operation a successful bind must
be completed on the connection., data 0, v2580 at
/usr/share/koha/lib/C4/Auth_with_ldap.pm line 102.
6 - Define user/pass
7 - Now bind by auth should work
8 - remove user/pass
9 - Apply patch
10 - Attempt again
11 - Bind by auth shoudl succeed
prove -v t/db_dependent/Auth_with_ldap.t
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Caused by
commit cb336e633b
Bug 18255: Koha::Biblio - Replace GetBiblioItemByBiblioNumber with Koha::Biblio->biblioitem
Can't call method "biblioitem" on an undefined value at /home/vagrant/kohaclone/C4/ILSDI/Services.pm line 212
Test plan:
- Enable ilsdi
- hit /cgi-bin/koha/ilsdi.pl?service=GetRecords&id=X
With X an existing biblionumber and a non existing one
Both requests must succeed
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We are going to say it quietly but this test does not catch the problem
when there are no spaces....shhhh
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
For biblio level holds we got:
TypeError: oObj.itemcallnumber is undefined
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
IntranetUserJS was missing (?!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We want to encode HTML characters for the "key => value"'s
like branchcode => branchname
But not the whole JSON string
We could have done it controller-side but it sounds better to do it as
we do for other places
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This is definitely wrong, html is generated in C4/Creators/Lib.pm (see
FIXME).
We will need to fix it, but let's do that later!
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
On the way the itemtype is not displaying correctly the description
instead of the code (in the relative's checkouts table)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Syntax was wrong:
Template process failed: file error - parse error - bodytag.inc line 4:
unexpected token (_)
It's escaped later so sounds ok here
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We will have to make sure this filter (HtmlTags) is not used with
unsafe variables.
Generated by:
perl -p -i -e 's/HtmlTags tag([^\|]*)\| html -%]/HtmlTags tag\1-%]/g' **/*.tt **/*.inc
perl -p -i -e 's/HtmlTags tag([^\|]*)\| html %]/HtmlTags tag\1%]/g' **/*.tt **/*.inc
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The step to install optional/mandatory things is broken with
many <br />'s instead of line breaks.
TEST PLAN
---------
1) Back up database
2) Drop database
3) Create empty database
4) Run web installer
-- Notice that step 3 has ugly <br />'s at the last
part of step 3.
5) Apply patch
6) Repeat steps 2-4
-- Notice the <br />'s are now nice line breaks.
NOTE: No promises of perfect positioning!
7) Run koha qa test tools.
Joubu: I have no idea if this is still needed. TO TEST
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
https://bugs.koha-community.org/show_bug.cgi?id=13618
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>