If you search for "this & that" and delete one of the results, after
it is deleted the search in the reloaded page is for "this " rather
than for "this & that". The template uses the url filter, which is
for filtering an entire URI where :, &, #, etc. should be left alone,
rather than the uri filter which is for filtering a URI component
where they should be encoded.
To test:
1) Go to Authorities > New authority > New from Z39.50/SRU
2) Search for the Author (corporate) this & that collective
3) Actions > Import, Save
4) From the detail for that authority, Edit > Edit as new (duplicate)
5) Edit the 110 field, add 2 at the end and Save
6) Search authorities for this & that
7) For one of the ones you created, Actions > Delete, confirm
8) The page that reloads should have a search for this & that, not
just for this
Signed-off-by: Didier Gautheron <didier.gautheron@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It looks like the functionality was broken when ui tabs were upgraded
and mainmainentry was added
To test:
1 - Browse to Authorities
2 - Search in each tab
3 - Note all search results revert to 'Search main heading a only'
4 - Apply patch
5 - Note selection is retained after search
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds HTML comments to Template::Toolkit include files which
contain <script> tags so that it is clear where the embedded scripts can
be found in the code.
To test, apply the patch and view source on the following pages to
verify the presence of the comments:
Acquisitions home page:
- acquisitions-toolbar.inc
- validtor-strings.inc
- js_includes.inc
- format-price.inc
Acquisitions -> Add order from new record,
Acquisitions -> Receive order:
- additem.js.inc
Cataloging -> Add/Edit item:
- columns_settings.inc
- strings.inc
- select2.inc
- calendar.inc
- str/cataloging_additem.inc
Authorities home page:
- authorities_js.inc
Bibliographic detail page:
- catalog-strings.inc
Cataloging -> Advanced editor:
- cateditor-ui.inc
- cateditor-widgets-marc21.inc
Administration -> Item types:
- greybox.inc
ILL requests:
- ill-list-table-strings.inc
Web installer
- installer-intranet-bottom.inc
Web installer -> Onboarding
- installer-strings.inc
Lists -> List contents -> Merge records
- merge-record-strings.inc
Patrons -> Patron -> Change password
- password_check.inc
- str/members-menu.inc
Patrons -> Patron -> Print summary
- slip-print.inc
Circulation -> Check out
- timepicker.inc
Administration -> System preferences:
- str/tinymce_i18n.inc
- wysiwyg-systempreferences.inc
Cataloging -> Z39.50 Search:
- z3950_search.inc
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch updates the JavaScript which sets cookies during the
authority merge process so that it uses the new js-cookie library.
To test, apply the patch and perform a search in the authority module
which will return multiple results.
- Select "Merge" from the Actions menu next to any result.
- A message should appear at the top of the page: "Merging with
authority: <title>".
- Click "Cancel merge." The message should disappear.
- Select a record to merge again.
- Select another record.
- The page should redirect to the authority merge page.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes a third stab at resolving this issue by reorganizing
the authorities toolbar buttons to more closely match the bibliographic
toolbar buttons:
- "New from Z39.50" has been added to the "New authority" dropdown.
- "Edit" is now a dropdown, like on the bibliographic detail page:
- Edit record
- Edit as new (duplicate)
- Replace record via Z39.50/SRU
- Delete record
To test, apply the patch and go to the authorities module. Testing with
existing Z39.50 authority sources configured:
- On the authorities home page and the authorities search results
page, the "New authority" menu should have a "New from Z39.50" link.
- View the details for an authority record. The menus should appear as
described above. Test each option.
Remove all Z39.50 authority servers and test again. The "New from
Z39.50" link should no longer appear.
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies even more staff client authorities templates so
that JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Authorities
- New from Z39.50
-> Search
-> Results
- New from Z39.50
- Deletion confirmation
- Merge records -> Merge
- Tabs
- Tag selection
-> Authority detail
- Tabs
- Deletion confirmation
- New from Z39.50
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Attempting to merge authorities results in the following error:
Uncaught SyntaxError: Unexpected token u authorities-home.pl:284
showMergingInProgress authorities-home.pl:284
(anonymous function) authorities-home.pl:297
o jquery.js:2
p.fireWith jquery.js:2
e.extend.ready jquery.js:2
c.addEventListener.B
This was the result of the upgrade of jquery-cookie by the patch
for bug 11369; newer versions of jquery-cookie changed the return of
$.cookie('foo') from null to undefined when the cookie is not present.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No test plan, no errors.
Test
1. search some authorities
2. click merge, on browser dev console pops reported error message
'Unexpected token u authorities-home.pl...'
No way to marge auths
3. with pach applied, merging works again
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch rewrites authorities_js.inc so translate
script will process it correctly. To do that I added
<script></script> at the file
To test:
1) Update po files for your preffered language
2) Check occurrence of mergeAuth on staff PO file
or try
egrep -n "Merging with authority: |Cancel merge"
strings appear in a JS func
3) Apply the patch
4) Update translations again, check again, old
strings now begin with #~ (obsoleted) and there
are new entries for the messages
5) Check functionality provided by script
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described and fixes a translation difficulty.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch gives Koha the ability to merge authority records using the
same interface used by bibliographic records, though slightly different
methods for selecting which records to merge. The two ways to select
records are as follows:
1) Records can be selected from authority search results by clicking
the "Merge" link for two records.
2) Authority records can be merged from the reservoir by clicking the
merge-related links in the Manage staged MARC batch screen.
To test:
1) Apply patch.
2) Do a search for an authority record that will turn up multiple
identical records (or at least two records that you don't mind
merging).
3) Click the "Merge" link for the first record.
4) Click the "Merge" link for the second record.
5) Choose which fields from which record you want to appear in the
resulting record.
6) Confirm that those are the fields that exist in the resulting record.
7) Stage an authority record (for example, an authority record you
saved from your catalog.
8) Search for a record to merge with it using the "Search for a record
to merge in a new window" link.
9) Merge these records, confirming that the resulting record (after
going through the entire merging process) matches your expectations.
10) Set up a matching rule for authorities, and export an authority from
your catalog that will match based on that rule. For MARC21, the
following is a good choice for a rule:
Matching rule code: AUTHPER
Description: Personal name main entry
Match threshold: 999
Record type: Authority record
[Match point 1:]
Search index: mainmainentry
Score: 1000
Tag: 100
Subfields: a
11) Stage the record you just exported, choosing the matching rule you
just created.
12) Merge the record using the "Merge" link, confirming that the
resulting record (after going through the entire merging process)
matches your expectations.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Testing notes on last patch in series.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
