Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
cat-search.inc contains an element with two class attributes, which is
invalid. This patch corrects it.
To test, apply the patch and view any page which uses the cat-search
include file to display the header search boxes. For instance, the
bibliographic detail page.
In the header, the "Search the catalog" box should be selected, and any
text you type in the box should be carried over when you switch to
different search tabs.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Apply patch and update dabase
2 - Check that Search the Catalog links throughout the staff interface
have not changed
3 - Set "IntranetCatalogSearchPulldown" to 'Show'
4 - Verify that 'Search the catalog' links through staff client now have
a dropdwon to select search index
I think viewing one file each that includes updated header should be
sufficient, but please check as many as you can:
cgi-bin/koha/admin/aqbudgetperiods.pl
cgi-bin/koha/admin/admin-home.pl
cgi-bin/koha/cataloguing/addbooks.pl
cgi-bin/koha/circ/returns.pl
cgi-bin/koha/circ/circulation-home.pl
cgi-bin/koha/admin/cities.pl
cgi-bin/koha/admin/aqcontract.pl
cgi-bin/koha/admin/currency.pl
cgi-bin/koha/mainpage.pl
cgi-bin/koha/tools/letter.pl
cgi-bin/koha/members/members-home.pl
cgi-bin/koha/admin/categories.pl
cgi-bin/koha/admin/preferences.pl
cgi-bin/koha/admin/printers.pl
cgi-bin/koha/serials/serials-home.pl
cgi-bin/koha/acqui/newordersuggestion.pl
cgi-bin/koha/admin/z3950servers.pl
Sponsored by:
Northeast Kansas Library System (http://nekls.org/)
Signed-off-by: Heather Braum <hbraum@nekls.org>
Signed-off-by: Barton Chittenden <barton@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the use of "onclick" from all header search forms for
the purpose of triggering the "keep_text" function. This behavior is now
handled in the globally-included JS file.
To test, apply the patch and clear your cache if necessary.
- Enter text in any header search form field. Click to each other tab
in the header and confirm that your text is copied to each.
- Test the behavior of the header search form on at least one page where
each is included:
- The staff client home page
- The advanced search page
- The authorities home page
- The administration home page
- The cataloging home page
- The checkin page
- The circulation home page
- The patrons home page
- Acquisitions -> Vendor -> Contracts
- Administration -> Cities
- Administration -> Currencies and exchange rates
- Administration -> Patron categories
- Administration -> Printers (why is this page still around?)
- Administration -> System preferences
- Administration -> Z39.50/SRU servers
- Tools -> Notices & slips
This patch modifies does not fix the existing (unreported) bug which
prevents the keep text function from working in the include file used on
these pages:
- Acquisitions -> Vendor -> Basket -> New order from suggestion
- Administration -> Budgets
- The serials home page
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
I have only changed this in the includes for the tabs at the top.
Dependent on Bug 12051 as that patch adds extra tabs to the top which would need to be changed later
To test:
1) Apply Bug 12051 first, then this patch
2) Ensure that Check Out/Check In/Renew tabs still work as they should
3) Check patch for errors or pages I've missed
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
UPDATE: Added to checkin-search.inc to show up on returns.pl
To test:
1) Apply patch
2) Confirm that there is now a Renew tab on the pages where there is also a Check-in tab only
3) Attempt to renew a book using this, confirm it works as expected
4) Check if I have missed any pages
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
To test:
Apply the patch and see that the text now is there in the search
box when clicking the tabs: check in, check out etc..
(More files changed for persistent text in searchbox)
Sponsored-by: Halland County Library
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
This is something I have wanted quite a few times over the years...
Tested by going to every main area of Koha, entering some random
text into the search box and then clicking on all the available tabs
to check that the entered text is carried over to all the boxes.
There are a couple of places where text is not carried over, but I
guess that might be because one of the boxes is structurally
different to the others. These are:
- "Vendor search" and "Orders search" in Acquisitions
- "Search subscriptions" in Serials
I have not looked at how this is implemented, just that it works as
it should.
Bug 14189 refactor after failed QA.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Amended patch: replace tabs with spaces
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The recent upgrade to jQueryUI didn't take into account the new method
for forcing selection of a tab by adding a class to the tab markup. This
patch corrects this by updating the class name.
This patch also updates one instance where it was necessary to switch to
the new function for selecting a tab by ID, introduced by Bug 12075.
To test, view the following pages:
- Perform a catalog search in the staff client. On the search results
page the "Search the catalog" tab should be selected.
- In Acquisitions, view the basket groups page for a vendor which has
open and closed basket groups
(/cgi-bin/koha/acqui/basketgroup.pl?booksellerid=X). Append
"&listclosed=1" to the URL. The "Closed" tab should be selected.
- In Administration -> Authorized values, modify an authorized value for
which an icon has been selected. When the edit form loads the
corresponding icon tab should be selected.
- In Administration -> Item types, modify an itemtype for which an icon
has been selected. When the edit form loads the corresponding icon tab
should be selected.
- In Cataloging, open an existing record and select any tab besides the
first one. Choose "Save and continue editing" from the Save menu. When
the page reloads you should be returned to the tab you selected
before.
- In Suggestions, markup for selected the tab has been removed because
it didn't appear to be performing any function. The first tab is
selected by default. The template doesn't need to explicitly add a
class to make it so.
- In Tools -> CSV profiles, choose an existing profile for editing. When
the page loads the "Edit existing profile" tab should be selected.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Unable to duplicate Cataloging step issue, but there is no
visible regression with the patch. The second part of the
addbiblio.tt portion of the patch is clearly correct,
because it is the same type of change as made in the other
sections.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Current jQuery-driven tabs are done using a very old
version of the tabs plugin. This patch upgrades jQueryUI
to the latest version and adds the tabs widget dependency
to the jqueryui js file and updates the syntax for existing
tabs:
- $("#foo > ul").tabs(); changes to $("#foo").tabs();
- Remove full URL from tab links (use #anchor only).
Pages with "static" tabs (tabs which are built in the
markup rather than generated by the plugin) have been
modified to use their own style. Examples: pay.tt in
the staff client and opac-readingrecord.tt in the OPAC.
Edit: Minor revision to some uncorrected markup
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
In order to facilitate a more painless process for converting
to jQueryUI I will submit separate patches for various "widgets,"
starting with Autocomplete.
This patch replaces all instances of YUI autocomplete with
a jQueryUI version. The patch includes an up-to-date version
of jQuery and jQueryUI libraries.
The patch also moves some markup in instances where it should
have been removed in favor of a different include.
To test, find the various autocomplete instances and confirm
that they are working:
- Circulation search header autocomplete
- Overdues patron attribute authorized value filter (must
have patron attributes enabled, and a patron attribute
defined which uses authorized values.
- Authorities search plugin. Edit a MARC record and use
an authorities plugin link to do a search for authority
records.
Incomplete: There is a YUI autocomplete instance in a UNIMARC
plugin (unimarc_field_210c_bis.tt) which I couldn't figure out
how to test, even on a sandbox set up with UNIMARC. I could use
help with a follow-up.
http://bugs.koha-community.org/show_bug.cgi?id=7447
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Passes all tests outlined, is quite pretty.
Passes t xt
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
This reverts commit 38884abf65.
This commit results in failed searches all over the place, I'm reverting
the revert :-)
Conflicts:
koha-tmpl/intranet-tmpl/prog/fr/includes/circ-search-autocompl.inc
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The patch default search on kw-wrdl is bugguy, as there ca be 2 idx (maybe an API limit,not sure)
So i've reverted it and added kw,wrdl on every place there is a query (the search boxes)
QUESTION : isn't it possible to have a single query for catalogue, that is TMPL_INCLUDE'd ?
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>