Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the staff client patron card creator templates so
that JavaScript is included in the footer instead of the header.
Also changed: Removed "type" attribute from script tags.
To test, apply the patch and test the JavaScript-driven features of
each modified template: All button controls, DataTables functionality,
form validation, etc.
- Creating and managing layouts
- Creating and managing card batches
- Creating and managing card templates
- Creating and managing printer profiles
- Creating and managing images
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Add a layout grid to patron card creator to figure out the positions of text
fields, barcode and images.
To test:
- Apply on top of patch 18465
- Go to Home > Tools > Patron card creator
- Edit or create a layout
- Turn on new choice 'Guide grid' in section 'General settings'
- Leave 'Units' unchanged
- Crate a PDF using 'Card batches'
- Notice that card is printed with a layout grid that reflects selected unit
with each 5th and 10th line in different color, unit description displayed
bottom left, card dimensions displayed top right in small print inside the
layout grid
- Print PDF. Set printer settings in Adobe Reader or other PDF printing
software to 'Actual size' to prevent scaling to printer's printable
region
- Mesure out printed PDF and verify that grid corresponds to selecte unit.
- Go back to layout definition and choose an other unit, repeat steps
to verify that grid respects selected unit.
- Go back to layout definition, turn grid off, create PDF, verify that grid
does not display in PDF
Note for testers / QAers: Position of card elements (text, image...) do not
respect the unit, this will be fixed in Bug 18550
Followed test plan and it worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
According to https://jquery.com/upgrade-guide/1.9/#attr-versus-prop-
.attr() is no longer correct to access the checked state of a checkbox.
This patch do the following replacements:
.attr('checked') => .prop('checked')
.attr('checked, '') => .prop('checked', false)
.attr('checked, 'checked') => .prop('checked', true)
.attr('checked', boolValue) => .prop('checked', boolValue)
.removeAttr('checked') => .prop('checked', false)
.attr('checked') == 'checked' => .is(':checked')
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
To Test:
check that "implimented" has been changed to "implemented" on both lines
478 and 534
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
The patron card creator should have the Tools area sidebar on its pages. This patch adds it.
To test:
Go to More -> Tools -> Patron card creator
The home page should have the tools sidebar
Click through all of the "New" pages - they should all have the tools sidebar
Click through all of the "Manage" pages - they should all have the tools sidebar
Also verify that on each page, the Patron card creator link in the sidebar is bolded
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Sidebar displayed Ok. No errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch add a few spaces when required and
adds layout_id on title and breadcrumbs (for patroncards)
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the change on the patron cards creator tool too.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
All patches without errors.
More consistent view.
A few spaces and a little fix in followup
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It does so by slightly changing the naming schema, in line with bug 14667
changes.
It also corrects a minor bug in the breadcrumbs for printer profiles.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Reasoning
Librarians will be doing patron card things in the following frequencies, from most frequent to least frequent:
1. Creating new patron card batches - every day/every few days
2. Managing existing card batches - every day/every few days
3. Managing existing card layouts - as needed, infrequent
5. Managing existing card templates - as needed, infrequent
6. Creating new card layouts - as needed, infrequent
7. Creating new card templates - as needed, infrequent
8. Managing existing printer profiles - possibly once only!
9. Creating new printer profiles - possibly once only!
This change to the patron card creator aims to make the most frequently used items easily accessible at the top of the main area,
reduces clutter on the page, and makes the label creator fall in line with UI paradigms found elsewhere in Koha.
I think I've also improved the translatability here somewhat, please check that.
To test:
Open the patron card creator: More -> Tools -> Patron card creator
Note that the toolbar has changed. It should be consistent across all of the patron card creator (it is an include).
+ New menu:
patron card batch
1. make sure it looks ok - toolbar buttons are consistent at the top of the main block.
2. add patrons both by borrowernumber, and by search
3. note that the usual buttons have moved below the textarea, and now have icons.
4. delete and export single patrons using the buttons corresponding to each patron
5. select multiple and use the buttons above the table to remove and export selected patrons
6. export a full batch
7. deduplicate a batch
There should be no regressions in functionality.
Image
1. This menu item should take you directly to the upload/delete images interface
2. Upload an image, note success message is now below the form, eliminating the jumping box.
3. Delete single images using the buttons
4. Delete multiple images using the tickboxes and "Delete selected"
5. Not deletion success message is below the table, eliminating the jumping box.
Layout
1. This menu item should take you directly to the "Edit layout" screen.
2. no functional changes here.
3. note toolbar at top is consistent
Card template
1. this menu item should take you directly to the "Edit patron card template" page.
2. no functional changes here.
3. note toolbar at top is consistent.
Printer profile
1. this menu item should take you directly to the "Edit printer profile" page.
2. no functional changes here.
3. note toolbar at top is consistent.
+ Manage menu:
Card batches
1. This menu item should take you directly to the "currently available batches" page.
2. select a batch to edit using the buttons - it should take you to the editing interface
3. select a batch to delete using the buttons - it should ask for confirm.
4. select several batches using the tickboxes, and select Export selected. Batches should be exported as normal.
5. note toolbar at top is consistent.
Images (this is actually the same page as on the new menu, I included it in both because it does both functions - can change if requested)
1. This menu item should take you directly to the upload/delete images interface
2. Upload an image, note success message is now below the form, eliminating the jumping box.
3. Delete single images using the buttons
4. Delete multiple images using the tickboxes and "Delete selected"
5. Not deletion success message is below the table, eliminating the jumping box.
Layouts
1. This menu item should take you directly to the "currently available layouts" page.
2. select a layout to edit using the buttons
3. select a layout to delete using the buttons
4. note toolbar at top is consistent.
Card templates
1. This menu item should take you directly to the "currently available templates" page.
2. select a template to edit using the buttons
3. select a template to delete using the buttons
4. note toolbar at top is consistent.
Printer profiles
1. This menu item should take you directly to the "currently available profiles" page.
2. select a profile to edit using the buttons
3. select a profile to delete using the buttons
4. note toolbar at top is consistent
+ General
* note that sidebar now only has "labels home" instead of the full "manage" list. It seemed redundant with the toolbar tidied up.
Please note that I am happy to take suggestions/amendments to these changes.
Followed test plan, behaves as advertised.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The size of the barcode in patron card creator was hardcoded to 1% of the card height and 80% of the card width.
This patch exposes both values in the layout editor. If no values are given, the previousely hard coded values (0.01 / 0.8) are used in order to work with existing card definitions.
To test:
- Go to Home > Tools > Patron card creator
- Export a patron card (PDF) from en existing definition
- Apply patch
- Export patron card again, compare results (should be the same)
- Go to Home > Tools > Patron card creator > Manage card layouts
- Edit the layout you use for testing and set barcode scaling values e.g. to 0.03 for height and 0.4 for widht
- Export patron card again, verify that barcode size changed
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Currently, the layout for the Edit/Add Layout screen of the Patron
Card Creator is in complete disarray, when viewed in Internet Explorer
(of any version).
The nav bar is pushed to the bottom of the page, every fieldset is
empty (as their contents have been pushed out into different parts
of the page), and the checkboxes don't work.
The cause appears to be some extraneous mark-up (a few extra fieldset
and li elements)and some missing mark-up (ol elements to wrap the list
elements, especially when nesting lists within each other and within
div elements).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
I didn't test this in IE, but changes are fixing general
problems with HTML validity.
Checking the page with the W3C validator:
Before: 27 Errors, 7 warning(s)
After: 6 Errors, 7 warning(s)
All tests and QA script pass, page looks alright.
Would be nice to see the remaining problems fixed in
a follow-up.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Labels which precede a text input or select typically have a colon
before them:
Name: [____]
This patch cleans up templates where labels in this context lack a
colon. Exceptions to this rule include radio buttons, checkboxes, and
labels inside tables.
To test, view the affected pages and confirm that labels look
consistent.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Patch adds more consistency.
Work for translators could be made easier using CSS instead
of whitespace after colon.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Submit and cancel buttons on patron card creator edit pages should not
be styled differently than other submit and cancel controls.
This patch removes YUI styling of these controls and makes them
consistent with controls on other Koha pages. The "Cancel" button has
been removed altogether from the batch edit page since there is not a
corresponding submit button.
To test, got to the patron card creator and edit a batch, a layout, a
profile, and a template. Submit and cancel controls should look correct
and work correctly.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Work as described. Works and looks well. No errors.
Note: It's true that edit batch has not a submit button, but
on the other managed pages (layout, profile, template) cancel
aborts editing and takes you to a list of objects (layout, etc.)
Now if we selected the wrong batch, we need to click on left menu o
back button (yay). Are we loosing a consistent interface?
Just thinking.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, more consistent with Koha's general interface
patterns.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Upgrade jQuery in the staff client. Besides the change
to the jQuery file syntax has been changed wherever this
syntax was written:
$(foo).attr("checked","");
The new correct way to un-check a checkbox:
$(foo).removeAttr("checked");
I also removed some JavaScript altogether from
branch-transfer-limits.tt which used the old syntax but
which wasn't used on the page at all anymore.
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
After talking to Owen we decided to use 2 classes for those modules. I decided on:
patroncard: tools, pcard
labels: tools, labels
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Found 3 instances of the typo while looking for the typo reference in Bug 7203.
Fixed labels/label-edit-batch.tt, labels/label-edit-layout.tt, and patroncards/edit-layout.tt.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>