This patch adds a helper method for telling if a hold has cancellation
requests. To be used for embedding such information.
To test:
1. Apply this patch
2. Run:
$ ktd --shell
k$ prove t/db_dependent/Koha/Hold.t
=> SUCCESS: Tests pass, the new method is covered by tests.
3. Sign off :-D
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 23cfdf97e3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e932dc8372)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Test plan:
Run t/db_dependent/Koha/Plugins/Biblio_and_Items_plugin_hooks.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ac7581e90a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4aedaed0bc)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch replaces the onclick attributes in midiplayer.js
with Javascript click handlers.
To test:
0. Apply patch
1. Clear browser cache (it may be necessary to go into the
Network tab and explicitly disable cache)
2. Add 031 subfields 2gopnu to Default framework
3. Create a catalogue record with a 031 like follows:
2: pe
g: G-2
o: 4/4
p: 4bB''C2bE/2F4GbB/'bB2''C4D/F2.bE/4GG2bB/4'''C2C4''bB/4bE2G4bB/4bE2.F/
n: xFCGD
4. Enable the following sysprefs:
OPACShowMusicalInscripts
OPACPlayMusicalInscripts
5. Go to OPAC record view and click "Play this sample"
6. Play with the "Pause/Start" and "Stop" buttons
7. If the buttons work, it means the patch worked
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a4bdd27fd9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 87ec1caebc)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
To test:
1. Checkout and item that has a public and nonpublic note.
2. In the checkout table ( Title column ) notice the notes display. If you use the browser dev tools to inspect you'll notice a "-" outside of any HTML element.
3. Apply patch.
4. See the '-' is now inside of a html element with class of seperator.
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6091a938c1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 71b92c80c8)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This change removes the "onclick" attribute for the buttons
on opac-privacy.pl.
Note: The Javascript is placed in a separate file, which is
the preferred way for Javascript to be handled by
Content-Security-Policy
Test plan:
0. Apply the patch
1. Go to http://localhost:8081/cgi-bin/koha/admin/preferences.pl?op=search&searchfield=OPACPrivacy
2. Set syspref to "Allow"
3. Go to http://localhost:8080/cgi-bin/koha/opac-privacy.pl
4. The confirmation modal appears and "OK" and "Cancel" buttons work as
expected
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit c997fe863f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit cdb5734ade)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Replace href from thumbnail link with a # to keep pointer event. The href link gets reconstructed by showCover anyway
Remove return false from on click event, its not triggering a location change anymore because of the above
Remove check for imagenumber, its a non-null primary key, if the image exists, then the imagenumber must also exist
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit bc8a062001)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 167f5aa3bb)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch moves the click handler for thumbnails for opac-imageviewer.pl
out of the inline HTML and out to an existing <script> element.
Test plan:
0. Apply the patch (including dependent patches)
1. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?tab=&op=search&searchfield=localcover
2. Change both *LocalCoverImages sysprefs to "Show"
3. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?tab=&op=search&searchfield=AllowMultipleCovers
4. Change "AllowMultipleCovers" to "Allow"
5. Go to
http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=29
6. Click "Images (0)" tab
7. Download or make two JPEG images
8. Upload the images
9. Go to http://localhost:8080/cgi-bin/koha/opac-imageviewer.pl?biblionumber=29
10. See one large image in the centre and two smaller thumbnails on the right side
11. Click on the thumbnail of the image that isn't displayed in the centre
12. Note that the image changes
13. Click the other thumbnail and note that the image changes back
PA amended patch: Added missing test plan step
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 847b5f0777)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit bebd213c87)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch moves the click handler in the OPAC cart from the inline HTML
and out to an existing <script> element.
Test plan:
0. Apply the patch
1. Go to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1
2. Add the results to the cart
3. Click on the "Cart"
4. One by one click on the title of each row
5. Notice how the parent window changes to the detail record for that title
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9e39d2d671)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 8af48bc9f7)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit b952d2eb99)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit bd47ab5bcb)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4ec7c6a62e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit bac14ffe08)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 7d2ce611f7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 9ea9a7156b)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6989d25df7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit a286990983)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Currently the erm_eholdings_titles table has a field called preceeding_publication_title_id. This should be preceding_publication_title_id
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit cf94eae1ff)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 5a01b6dddc)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 766bdd638a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ff544893a1)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
To test:
1. Apply patch and clear browser cache.
2. Find some patrons with middle_name populated or add new patrons with a middle_name.
3. Make sure PatronAutoComplete is on
4. Try searching for a part of one of the patron's names who has a middle_name.
5. It should appear in the autocomplete dropdown
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a6c77f664c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 92cb177169)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Rather than test that nothing is returned, we want to test that the terms are filtered as expected. This also avoids the possibility of the tests failing in a db where there is a record for Donald Duck
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 3d7b60dc90)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4cc4120322)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Test plan:
1) Launch k-t-d with ES:
-- ktd --es7 pull
-- ktd --es7 up
2) Visit /cgi-bin/koha/authorities/authorities-home.pl and search for 'tim'
3) Edit that, add a dash '-' to 100$a, like 'Bunce, Tim - name'"
4) Do a authority search for 'tim - name', notice it errors out
5) Apply patch
6) Perform the same search, notice it doesn't error and returns the correct record
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 27c6171222)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 14487cd5e0)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
We are dealing ok with ES exceptions for biblio records search,
catching them and raising them to the end user. But we don't for
authorities, where we explode with an ugly 500.
Test plan:
Search for "(term_1*) AND (-) AND (term_2*)" in the authority search and
notice that you don't get a 500 but an error instead saying that you
should try again
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 09b29d06da)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b4187cf2ab)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Test plan:
1) Apply this tests patch only
2) Run: prove t/Koha/SearchEngine/ElasticSearch/Search.t
3) Notice it fails with nasty ES "Failed to parse query" error
4) Apply the other patches
5) Repeat 2) - notice theres no nasty error
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fbd62562e0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f36647c32a)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
No test plan (fixing comment).
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5797079fc5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b8b21c6d11)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Currently --expiration-from-today has the same definition as --update-expiration. The description has now been updated to reflect the fact that it will set the date from today, and not the patron's enrollment date
Test plan:
Look at the patch file and confirm that the POD now mentions today's date rather than the patron's enrollment date
Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 91dd8dd16f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 636c601995)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4988bcdb93)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 66726cca42)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
To test:
1 - Enable RealTimeHoldsQueue system preference
2 - Set UpdateItemLocationOnCheckin to _ALL_: CART
3 - Check in an item
4 - Check the background jobs - the RTHQ is updated
5 - perl -e 'use C4::Items; C4::Items::CartToShelf(##);' -- substitute the itemnumber from above
6 - Check the background jobs - no new update to RTHQ
7 - Confirm item was set back to correct permanent_location
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 84521918d9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1779dddfe8)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch copies the $fee_ack field into the generated
::Transaction::Renew|All objects such that the fee acknowldegement flag
is respected for renewals.
Test plan
To test:
1) Add a rental charge to an itemtype
2) Checkout an item of that itemtype to a user
3) Attempt a renewal of that item via SIP2 and note that it fails
sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 --item 39999000007756 -m renew
4) Pass the fee_acknowledgement bit in renewal and note the renewal
still fails.
sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged Y --patron 23529000035676 --item 39999000007756 -m renew
5) Apply patch and note the above now succeeds
sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged Y --patron 23529000035676 --item 39999000007756 -m renew
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 3a2dcf0733)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 11c73ed5b8)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
When a patron has a guarantee and can see their fines on the opac and
an opac payment plugin is enabled there is an error on the 'Charges'
tab.
The table uses a 'COLSPAN' variable which is set to 5 or 6 depending on
if OPAC payments are enabled. The guarantees table has one less column
than the patron's however, so it is going out of range and causing a JS
error. Additionally, we are adding a column to the child's table which
is not used as their fines cannot be selected for payment at this time.
This patch removes the checkbox column and sets the colspan directly to
4
I also fix an issue where the table is not being set as we need to
reference the patron object in the guarantor info to obtain the id.
To test:
1 - Set system preference: AllowStaffToSetFinesVisibilityForGuarantor to
allow
2 - Find a patron
3 - Add some fines to their account
4 - Install and enable an opac payment plugin
(https://github.com/bywatersolutions/koha-plugin-pay-via-govolution
for example)
5 - Sign in to OPAC as borrower
6 - Go to 'Charges' tab
7 - Select a fee
8 - Confirm 'Make payment' button enabled and 'amount to pay' is
updated
9 - Add a guarantee to patron in staff interface
10 - Set 'Show charges to guarantors' to 'Yes'
11 - Add and pay a fine for the child
12 - View guarantor account on the OPAC
13 - Confirm you now see child's charges
14 - Confirm selecting your own fees does not enable the button or
update amount to pay
15 - Note JS error in console
16 - Apply patch
17 - Reload patrons page
18 - Confirm the table loads correctly (no JS error)
19 - Confirm selecting a fine updates the total and enables button
20 - Disable the payment plugin
21 - Confirm the display is still correct, no errors
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a3e40408ea)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c61c182fda)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
For consistency with other options I opted to have the fee acknowledged
parameter to expect a string and as it's an optional parameter I've
dropped the default value of 'N' too.
Test plan
1) Prior to this patch
1a) Attempt a checkout without passing -fa/--fee_acknowledged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 --item 39999000007756 -m checkout`
The final field of the SIP request will be '|BON', the default
1b) Attempt a checkout passing -fa/--fee_acknowledged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged --patron 23529000035676 --item 39999000007756 -m checkout`
The final field of the SIP request will still be '|BON', failure
1c) Attempt a checkout passing a string for fee_acknoewledeged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged Y --patron 23529000035676 --item 39999000007756 -m checkout`
The final field of the SIP request will still be '|BON', failure
2) Apply the patch
2a) Attempt a checkout without passing -fa/--fee_acknowledged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 --item 39999000007756 -m checkout`
The optional `|BO` element should not be present
2b) Attempt a checkout passing -fa/--fee_acknowledged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged N --patron 23529000035676 --item 39999000007756 -m checkout`
The final field of the SIP request will now be '|BON', success
2c) Attempt a checkout passing a string for fee_acknoewledeged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged Y --patron 23529000035676 --item 39999000007756 -m checkout`
The final field of the SIP request will now be '|BOY', success
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0e9603bb49)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7c07d7b6a6)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
To test:
1. Go to patron card creator and make a patron card batch, card layout, and card template.
2. In the card layout leave some values blank for Lower left X coordinate and Lower left Y coordinate.
3. Now go create a card batch while tailing the plack-intranet-error log/
4. Notice in the logs:
[2023/08/14 20:50:54] [WARN] Argument "" isn't numeric in multiplication (*) at /kohadevbox/koha/C4/Patroncards/Patroncard.pm line 109.
[2023/08/14 20:50:54] [WARN] Argument "" isn't numeric in multiplication (*) at /kohadevbox/koha/C4/Patroncards/Patroncard.pm line 248.
[2023/08/14 20:50:54] [WARN] Argument "" isn't numeric in multiplication (*) at /kohadevbox/koha/C4/Patroncards/Patroncard.pm line 249.
5. Apply patch, restart_all
6. Try again and notice the WARNS should be gone from the logs now.
7. Make sure you can still create patron cards and the PDF's the generate look right.
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1164402b49)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit fb988b42c4)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch adds the requirements that updating a system preference
requires a CSRF token. (Also, adding and deleting local system preferences.)
0. Apply patch
1. koha-plack --reload kohadev
2. Add local system preference
3. Update local system preference
4. Delete local system preference
5. Update normal system preference
6. Note no errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
</script> tags are interpreted in JSON strings as HTML, which can
lead to XSS attacks.
This patch puts HTML escaped JSON in the value of a hidden HTML element.
The Javascript then takes the value as a string, parses it as JSON,
and is able to use it to save search filters without triggering a
XSS attack.
This patch also adds DataTable's built-in HTML escaping for the query
and limits on the admin UI for the search filters.
Test plan:
0. Apply patch
1. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?op=search&searchfield=SavedSearchFilters
2. Enable the system preference
3. Go to http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=e
4. Click "Save search as filter"
5. Checkbox "Show in staff interface?"
6. Type "E-TEST" into box and click 'Save'
7. Go to
http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=e
8. Click "E-TEST" under "Custom search filters"
9. Note that you see search results
10. Go to
http://localhost:8081/cgi-bin/koha/admin/search_filters.pl
11. Note that for "E-TEST" you see a "Query" like
{"operators":[],"operands":["e"],"indexes":[]}
12. Note that for "E-TEST" you see a "Limits" like
{"limits":[]}
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4e32b76198)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This change validates and escapes inputs for task scheduler.
Test plan:
0. Apply patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/tools/scheduler.pl
3. Input a time a minute in the future and leave the date blank
4. Choose an existing report and output format
5. Type a malicious string which is also a valid email address
into the Email field
6. Click "Save"
7. Note that the job is added but the Email is wrapped in single
quotes
8. Try using a non-malicious email address with a single quote.
9. Note that the single quote is escaped, so that it will still
be used by runreport.pl
JD amended patch: tidy
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Removed pars for $email =~ regex, removed old commented lines.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit dcd698a4b4)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 332b95b250)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit abbbc5924d)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit bb581fe78b)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch sets the $auth_state to failed when changing auth sessions,
so that the new login attempt gets processed correctly (instead
of skipping the authorization step).
Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?tab=&op=search&searchfield=baseurl
3. Log in as an OPAC user with 0 permissions
4. Note the auth screen "Error: You do not have permission to access this page"
5. Click "Log in"
6. Note that you're still shown a login screen (and that you've been logged out of
your previous authenticated session)
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 16da12cbbc)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Bug 29664 removed payments with a void status, however, the query also
removed any payments with no status set
Test Plan:
1 - Set up your cash registers and enable POS and add a debit type that is able to be sold
2 - Take 2 payments via POS
3 - Void one payment
4 - Go to Reports->Statistics wizards->Cash register
4) Verify neither shows for the "All payments to the library" and
"Payment" transaction type filters
5) Apply this patch
6) Restart all the things!
7) Verify the non-voided fee shows for the "All payments to the library" and
"Payment" transaction type filters and the voided fee does not
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6ee6bea6bf)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7d977be3e9)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
An embed that is not supported in 22.11 was added as part of a refactoring patch. This commit removes that embed to allow the ERM module to function properly
When trying to manually transfer an item that is on hold, we have the
choice to cancel the hold and try the transfer again. When choosing
this option, the hold is correctly cancelled but the transfer is not
tried again.
This patch fixes that
Test plan:
1. Place a hold on a specific item
2. Try to transfer it manually (Circulation » Transfer)
3. Choose the option to "Cancel hold and then attempt transfer"
4. See that the hold was cancelled, but no transfer was made
5. Apply the patch
6. Repeat step 1-3
7. See that the hold was cancelled, and the transfer was made
Signed-off-by: Nicolas Giraud <nicolas.giraud@inlibro.com>
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 68b97cc7e4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4352e97a28)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch adds an order_by clause to ensure consistent ordering of the
returned status and status_alias statuses from the database between
MySQL 8 and other DB engines.
This fixes the failing tests introducd in bug 34223.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 7f9ff906d9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 9b1ff4d540)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch makes a minor simplifying change to the check-in template
around how to style the barcode input field in dropbox or fine-exempt
mode.
To test, apply the patch and go to Circulation.
- If necessary, check some items out to patrons so that you have items
to check in.
- Go to the check-in page and click the icon inside the barcode field to
expand the panel of options.
- Check the "book drop mode" checkbox. The barcode field should now be
highlighted yellow.
- Check in an item. When the page redisplays, the barcode field should
have the same highlighted style.
- If necessary, enable the finesMode system preference.
- On the check-in page, in the panel of options, check the "Forgive
overdue fines" checkbox. Test checking in again, confirming the same
style consistency in the barcode field.
Signed-off-by: Inkeri <inkeri.hakulinen@helsinki.fi>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit edb9787fc8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit edf7c67661)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>