At a later development stage, exceptions where added for bad addresses.
This wasn't addressed in the controllers.
This patch makes the basket and list sending controller scripts move
email creation inside the try/catch block to handle those situations. It
also UTF-8 encodes the attached marc.
On broadly testing this I found that if the TT templates that are used
to build the email contains non-latin characters, those get
double-encoded. So this patch also removes an explicit encoding that is
done, which colides with Email::MIME implicit encoding.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adapts controller scripts that used sendmail. Also the syntax
for Koha::Email has changed and this patch adapts it.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It defaults to 0 in get_template_and_user
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This is a follow-up of bug 5371
The following command must not return anything:
grep ^output_html_with_http_headers `git grep -l -P "authnotrequired\s*=>\s*0" opac`|grep -v force_no_caching
This must be a test somehwere to prevent further regressions.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The subject of the cart and list emails is not correctly
encoded and displays incorrectly in some email clients.
To test:
Lists:
- Create a list, name it using umlauts or other diacritics
Example: Jugendbücher (books for youths in German)
- Add some items to your list
- Email yourself the list
- Verify that the email subject is broken
Cart:
- Install another language with non-latin characters like Greek
- Fill the cart with some titles
- Send yourself the cart
- Verify that the email subject is broken
Note: Some email clients display correctly, others not.
It's known to be incorrect in Outlook and web.de,
displaying nicely in Thunderbird.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested all four scripts by manipulating the cart text too in templates.
Follow-up handles intranet sendshelf.
Note: I asked Katrin to remove the encode UTF-8 statements, since we
convert to MIME and the subject line should never be UTF-8.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch was generated using codespell
Test plan:
Read through changes and confirm they make sense
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=21706
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
- Added missing GetHiddenItems parameter change case
Without this prove t had a failure.
- Always use mocks, not set_preference
- Tweaks so t/db_dependent/00-strict.t passes
There was a typo botcat vs borcat and borrowernumber was never
defined. Grabbing from userenv, like other code does.
- Tweak t/db_dependent/Items.t to fully test changes
This will test all the if structures fully in GetHiddenItemnumbers.
prove t/db_dependent/Items.t
- Tweak borrower category code
$borrower->{categorycode} on a Koha::Patron is not the
same as $borrower->categorycode. Fixed error.
- Search was returning URLS for wrong interface
There was one search context place wrong. Changed it to $is_opac
as the logic for setting $is_opac was modified correctly.
- Corrected issues with category code.
When a user isn't logged in, $borrower is undef and causes error
when determining category code. Added conditional check.
- Properly trigger all changes in C4/Search.pm
- Fix QA Test tool failures
C4/Search.pm had some tabs.
- Add some commenting to make sense of logic
- Refactor EmbedItemsInMarcBiblio parameters to hashref
- Trigger GetMarcBiblio's EmbedItemsInMarcBiblio call.
prove t/db_dependent/Items.t
- Add missing test to trigger Koha/BiblioUtils/Iterator change
- Add borrower category overrides
These files generally add borcat parameter to GetMarcBiblio.
Others might include correction of filtering of items
(opac-basket), or a comment as to why no changes were done
(opac-search).
In the case of opac-search, correcting the first FIXME will
likely correct the OpacHiddenItems issues on tags. As such,
that is beyond this bugs scope.
Some code had loop optimizations and fixes made, like a
'next unless $record' when the biblio shouldn't even be in
the list.
- Modify opac-ISBDdetail and opac-MARCdetail
Both files had similar logic. They were rearranged and
optimized, so that both files would have practically identical
initial blocks of code.
Optimizations were possible, because GetMarcBiblio
returns a filtered record, so that there is no double call
(once in the opac-### file and once in GetMarcBiblio) to
GetHiddenItemnumbers.
- Fix hiding in opac-tags
opac/opac-tags.pl was not properly hiding.
There is currently one known bug associated with tags left.
If you have two biblios tagged by different people with the
same tag, the opac-search will show the one you tagged that
is supposed to be hidden, because tag searches work differently
than regular searches. This is beyond the scope of this bug.
See the FIXME's in opac/opac-search.pl
- Trigger the C4::ILSDI::Services changes
prove t/db_dependent/ILSDI_Services.t
- Added missing 'my'
- Test C4/Labels/Label.pm changes
- Improve C4::Record::marcrecord2csv test cases
- Corrected opac-details searchResult call
- Fix breaking issues constraint in ITerator test
- Fix ILSDI_Services test when clubs with branch exist
- Rebased again!
- Rebased t/db_dependent/Items.t conflict.
The test plan is in comment #112 last I checked.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
If a user is asked to login before sending a card, the wrong (old)
CGISESSID cookie is used.
We need to retrieve the one that has just been created.
This will certainly need more work, I guess other scripts are affected
too.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This new Koha::Patron->first_valid_email_address already exists, it
should be called directly
Test plan:
- With a logged in user who have an email address defined, send a basket.
The email should be marked sent by this email address
- On the "Holds awaiting pickup", the email address must be displayed as well
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Change parameters to a hashref.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Looks good to me.
Two calls in migration_tools/22_to_30 still in old style.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
GetMember returned a patron given a borrowernumber, cardnumber or
userid.
All of these 3 attributes are defined as a unique key at the DB level
and so we can use Koha::Patrons->find to replace this subroutine.
Additionaly GetMember set category_type and description.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The parameter change in Koha::Token should be applied to the calling
scripts.
Test plan:
Confirm that the different forms of the scripts modified by this patch
still work correctly.
Test the problematic behavior:
Open 2 tabs with in same user's session, go on the edit patron page
(memberentry.pl).
Log out and log in from the other tab.
Submit the form
=> Wrong CSRF token should be raised
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If the userid of the logged in user contains unicode characters, the token
will not be generated correctly and Koha will crash with:
Wide character in subroutine entry at /usr/share/perl5/Digest/HMAC.pm line 63.
Test plan:
- Edit a superlibrarian user and set his/her userid to '❤' or any other strings
with unicode characters.
- Login using this patron
- Search for patrons and click on a result.
=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine
You can also test the other files modified by this patch.
Signed-off-by: Karam Qubsi <karamqubsi@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
From the pod of Digest::MD5:
"""
Since the MD5 algorithm is only defined for strings of bytes, it can not
be used on strings that contains chars with ordinal number above 255
(Unicode strings). The MD5 functions and methods will croak if you try
to feed them such input data.
What you can do is calculate the MD5 checksum of the UTF-8
representation of such strings.
"""
Test plan:
- Set a MySQL/MariaDB password with unicode characters:
UPDATE user SET password=PASSWORD('❤') WHERE USER='koha_kohadev';
FLUSH PRIVILEGES
- Update your $KOHA_CONF file
- Restart Memcached
- Hit the files modified by this patch
=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: removed debugging leftover
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Removes template var csrf_error and associated handling.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Restested with opac and intranet: Still sends or dies elegantly..
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
No need to send OPACBaseURL to the template, if you load the Koha TT
plugin inside the template.
Test plan:
Send a few items in your cart from OPAC and intranet.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If you have no (valid) token, you will not be able to send the message.
Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
using the following URL:
/cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
This should now result in a csrf error.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Patch deals with opac and intranet variant.
If we authenticated the first time, it is not necessary to do it
a second time rightaway.
Replaces a call to get_template_and_user (including checkauth) by
gettemplate.
Also removes duplicate use C4::Biblio statements.
Test plan:
[1] Put a few books in the cart.
[2] Send the cart from OPAC.
[3] Send the cart from intranet.
Tested 3 patches together. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch includes:
[1] Add some logic to GetMarcNotes to embed the contents of MARC21 field
555$u in a html anchor tag.
[2] Add a unit test for GetMarcNotes in Biblio.t
[3] Remove calls to GetMarcNotes from sendbasket.pl (opac and staff).
A closer look revealed that the data was not used; the notes in the
mail of sendbasket are taken from GetBiblioData.
Test plan:
[1] Edit a record. Add one or two URLS in 555$u. Add something in 500$a too.
[2] Check if you can click the URLs in opac and staff detail tab Notes or
Descriptions.
[3] Run the unit test t/db../Biblio.t
[4] Add something in the cart. Click More Details and send the cart.
Verify that you have something in Notes (from 500$a).
Signed-off-by: Marc Veron <veron@veron.ch>
Followed test plan. Works as expected. QA tools OK.
Tested with all patches together, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
The sendbasket/sendshelf scripts and templates do not use email_sender
as a cgi parameter or as a template var. Probably a leftover from previous
changes.
Let's make Koha cleaner :)
Test plan:
[1] Send your cart from opac or staff.
[2] Send a shelf from opac or staff.
[3] Git grep email_sender. No results.
Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The borrow permission was used but uselessly.
For instance, at the opac, the flagsrequired parameter was set to
'borrow' but the 'authnotrequired' was set also (which means no auth
required).
At the end, this permission was used at only 1 place: for the basket,
intranet side.
This can be replaced with the catalogue permission (which is used to
search).
Test plan:
1/ Confirm that you are able to show/download/sent the cart (intranet side)
with the catalogue permission.
2/ At the OPAC, you should be able to access the same pages as before
with any other permissions.
Concretely it is quite difficult to test this patch, you should have a
look at the code.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://bugs.koha-community.org/show_bug.cgi?id=9987
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This should fix the issue on other pages.
Test plan:
Try to download and export the basket (intranet+opac sides).
Re-tested for errors in comment #5, they do not longer appear.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
When a basket/shelf is downloaded, items are embedded, but not when
sending it by email.
We would expect to get the same file.
Test plan:
On Opac and intranet:
1/ Add records with items to your basket and send it by email.
Verify the file contains items.
2/ Add records with items to a list and send it by email.
Verify the file contains items.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch fixes 2 places where mails were badly encoded:
1/ At the opac and the intranet, on sending baskets
2/ At the opac and the intranet, on sending shelf/list
Test plan:
Shelf/List:
- Create a list with non-latin characters in the name.
- Add some items containing non-latin characters in their content.
- Send the list by email
Basket/Cart:
- Add some items containing non-latin characters in their content to
your cart..
- Send the cart by email
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To Test
1/ Edit the new systempreferences (ReplytoDefault and ReturnpathDefault)
2/ Optionally edit the branch the mail will be sent from, adding email addresses
3/ Send a cart from the public site (OPAC)
4/ Check that the mails have the correct From, Replyto and ReturnPath set
The rules are
If the values are set in the branch use that, else use the syspref
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.
This patch changes the occurences of '.tmpl' in favour of '.tt'.
To test:
- Apply the patch
- Install koha, and verify that every page can be accesed
Regards
To+
P.S. a followup will remove the glue code.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
QP-encode both mail header and mail body when sending baskets or
shelves. There is no need to Encode qp-encoded strings.
Note that this does not solve all possible encoding problems in the mail
sent. This is related to decoding CGI parameters and use of TT. That
problem is addressed in bug 11944.
Test plan:
Verify if sending a basket from opac and staff still works.
Check if sending a shelf (list) from opac and staff still functions as
expected.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Cart/List sent form opac/staff works
No koha-qa errors
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
There is an encoding issue on the received mail.
Here, we have to keep the encode_qp in order not to break links (= is a
special char for email https://en.wikipedia.org/wiki/MIME#Encoded-Word).
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
When using quoted-printable data needs to be encoded accordingly.
Content-Transfer-Encoding: quoted-printable
Without the patch = in URLs or data will be interpreted as the beginning
of a special character resulting in broken URLs.
To test:
- Check diacritics in records display correctly
- Check various URLs with = to make sure they all work correctly
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This is only a partial fix, as the subject line is not encoded,
but it is a huge improvement over what it was before.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The dependency is not used in opac-sendbasket. But there is a require of HTML::FormatText in the code of Template::Plugin::HTMLToText.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
In order to prevent spamming using sendbasket.pl, some counter-measure are done:
- permit send basket only for authenticated user
- permit send basket only if basket contains items
- use username & email for 'Reply-To' field (with fallback to KohaAdminEmailAddress)
- add field X-Orig-IP with IP of sender
- add field X-Abuse-Report with KohaAdminEmailAddress
Note: we don't use forged 'To' address with patron email in order to
prevent be marked as spam (by SPF for example).
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Fix basket email sent from OPAC. The email body is now generated HTML
(to be translatable), and converted into TEXT before beeing sent by
email.
To test that it works in other language than English, you have to update
your language .po file:
perl translate update de-DE
Then, translated strings coming from opac-sendbasket.tt, and install the
translation:
perl translate install de-DE
New dependency: Template::Plugin::HtmlToText
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
The fix for Bug 4289, "Add a syspref 'OpacPublic', to hide OPAC
search-bar and force authentication on all OPAC pages" incorrectly
made some page permissions dependent on the value of the OpacPublic
setting. Some pages should require authentication no matter what.
This patch returns opac-sendbasket.pl to the state it was in before
Bug 4289, Bug 4274 notwithstanding. I have added the authentication
requirement to opac-sendshelf.pl to match.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
1) sending cart requires login
2) sending shelf requires login
3) updating personal details requires login
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Do not misleadingly document or pass an unused second parameter
makes all calls use the single parameter call as the C4
routines already did
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
applied to git tag 'v3.02.00-rc'
Frédéric Demians:
- Rebased this patch to HEAD
- Solved a merge conflict
- The patch works as described here:
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=4289
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jared Camins-Esakov <jcamins@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
this patch restrict the send of baskets and shelves to authenticated users only, and show their surname/firstname in the e-mail, so the receiver will know who sent the list.
(cherry picked from commit f87b755228)
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Adds the author and added author fields to the email that is sent from the shopping cart. This makes the data sent via email consistent with the data that is viewed in the basket.
There is still a problem with author authority records other than 100 tags appearing correctly in the shopping cart.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Ensure that emails sent from lists and the cart in the
OPAC have the correct quoted-printable encoding. Otherwise,
if there is an equals sign followed by one or two characters
that look like hexadecimal digits in body of the email, the
results can look mangled in some email clients.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
this patch change the attachment encoding, else if the file is too large, koha throws an error.
This solution was found on koha list in a Joshua's e-mail
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Most Perl scripts (as opposed to modules) do
not need to require Exporter.
No user-visible or documentation changes.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
In OPAC, when cart is sent by email, the email contains an attachement:
an ISO2709 file with cart biblio records. Most users don't have a clue
what to do with this file.
This patch modifies opac-sendbasket.tmpl to clarify what the attachment is.
It also fix a bug in opac-sendbasket.pl which wasn't reading the template
section containing information about the basket:
Here is your cart, sent from the Koha Online Catalog... foo
It may be necessary to verify that template text is in 'valid' English...
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
