Commit graph

17 commits

Author SHA1 Message Date
Hayley Mapley
968c888e15 Bug 19497: Removed title (tooltip) from Edit button in items_search_fields.tt
This patch removes the tooltip that appears when hovering over the Edit button
of Item Search Fields in the staff client. This was done for consistency reasons,
including that this tooltip is not translated and tooltips do not appear to be
on the majority of buttons in the staff client.

Test plan:
1) In Home->Administration->Item search fields create a new search field
if you haven't got any already
2) Observe the tooltip that appears when hovering over the Edit button in
the Item serach fields table.
3) Apply the patch and observe that the tool tip no longer appears.

Sponsored-by: Catalyst IT

Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-11 13:52:08 +00:00
a344b8cf8c Bug 22023: Further improve responsive layout handling of staff client menu bar
This patch makes a number of changes in order to improve the way the
staff client's header menu adjusts at narrower browser widths:

 - Updated version of Bootstrap 3.3.7 which includes the "collapse"
   JavaScript plugin.
 - Modified default Bootstrap CSS using Bootstrap's customization tool.
   These changes facilitate the removal of some custom CSS (overriding
   Bootstrap) from staff-global.scss.
 - Added Bootstrap config file for loading customizations at
   https://getbootstrap.com/docs/3.3/customize/
 - Revised button classes for buttons in Bootstrap-styled toolbars.

   The modified default CSS resets the base font size in Bootstrap to
   better match our global CSS. A side-effect of this is that toolbar
   buttons ended up looking smaller than they should. Changing the
   button class solves this.

 - Restructure the header menu in order to allow different rules to
   govern the appearance of the navigational part of the menu
   (Circulation, Search, etc) and the user menu (Set library, My
   account, Log out).

 - Modify the cart JS to so that the popup works well at narrow widths.

To test, apply the patch, regenerate the staff client CSS, and clear
your browser cache.

 - Log in to the staff client and observe the layout of the header menu
   as you adjust the browser to various widths.
   - Confirm that sections of the menu "collapse" as the window gets
     narrower.
   - Confirm that dropdown menus behave correctly and that links work.
   - Confirm that the Cart link works as expected when the cart empty
     and when it has items.
- Install and enable multiple translations, including at least one
  set of sub-languages (e.g. fr-FR and fr-CA).
  - Test the appearance of the language menus in the footer at
    various browser widths.
- View pages with button toolbars and confirm that they appear unchanged
  (e.g. biblio detail page, patron detail page).

NOTE: While this patch is intended to make improvements to staff client
responsiveness, it does so within a limited scope. There are still many
pages which do not work well at narrower browser widths.

Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-03-13 05:31:28 +00:00
ac93446a89 Bug 20740: Update two-column templates with Bootstrap grid, Administration part 4
This patch modifies several administration templates to use the
Bootstrap grid instead of YUI.

This patch also removes obsolete "text/javascript" attributes from
<script> tags in the modified templates.

To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:

 - Administration -> Currencies and exchange rates
   - View and edit currencies
 - Administration -> Did you mean?
 - Administration -> EDI accounts
   - View and edit accounts
 - Administration -> Library EANs
   - View and edit EANs
 - Administration -> Item search fields
   - View and edit item search fields

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-30 13:40:34 +00:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
Julian Maurice
ed7543287b Bug 20538: Remove the need of writing [% KOHA_VERSION %] everywhere
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
  mechanism, it will be tedious

This patch:
- adds a Template::Toolkit plugin that generates <script> and
  <link> tags for JS and CSS files, and inserts automatically the Koha
  version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable

Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
   checking your browser's dev tools (there should be no 404 for JS and
   CSS files, and the Koha version should appear in filenames) and the
   server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-13 11:49:44 -03:00
0ad922011c Bug 12904: Force browser to load new javascript files after upgrade
This patch has been automatically generated using:
  perl kv.pl **/*.tt **/*.inc

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
2018-02-08 14:53:24 -03:00
eaa3287705 Bug 19600: Move admin templates JavaScript to the footer: Other catalog pages
This patch modifies the staff client catalog-related administration
templates so that JavaScript is included in the footer instead of the
header.

To test, apply the patch and test the JavaScript-driven features of
each modified template: All button controls, DataTables functionality,
tabs, etc.

Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-11 11:34:21 -03:00
Katrin Fischer
624eb9e1f5 Bug 19108: (follow-up) Fix Stored XSS in fieldmapping.pl and items_search_fields.pl
To test:
- Add a framework with script in the description
- Access the Keywords to MARC mapping page
- Add an item search field where both name and label are script
- Try to edit/delete the added mapping

With the patch no script should be executed and everything
should still work ok.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
Amit Gupta
bfbba2339f Bug 19108: Fix Stored XSS in items_search_fields.pl
To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
Aleisha Amohia
16414374aa Bug 17793: Make sysprefs search show on all Admin pages
This patch is amended to use the sysprefs search on all Administration
pages that do not have their own custom search.

To test:
1) Go to Administration
2) Notice Catalogue search at the top - seems out of place.
3) Apply patch and refresh page.
4) Notice admin / sysprefs search now shows and is more appropriate.
5) Confirm searching for sysprefs still works

This patch affects the following pages:
- admin-home.pl
- audio_alerts.pl
- authtypes.pl
- auth_tag_structure.pl
- authorised_values.pl
- biblio_framework.pl
- marctagstructure.pl
- branch_transfer_limits.pl
- branches.pl
- checkmarc.pl
- classsources.pl
- columns_settings.pl
- didyoumean.pl
- edi_accounts.pl
- edi_ean_accounts.pl
- fieldmapping.pl
- item_circulation_alerts.pl
- items_search_fields.pl
- items_search_field.pl
- item_types.pl
- koha2marklinks.pl
- matching-rules.pl
- oai_sets.pl
- oai_set_mappings.pl
- patron-attr-types.pl
- smart-rules.pl
- transport-cost-matrix.pl
- sms_providers.pl

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 15:34:11 +00:00
804677265e Bug 16239: Update templates
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 14:41:22 +00:00
e6e09c540f Bug 15803: Koha::AuthorisedValues - Remove C4::Koha::GetAuthorisedValueCategories
The subroutine C4::Koha::GetAuthorisedValueCategories just retrieves all
the authorised value categories.
We already have a method in the Koha::AuthorisedValues module to do this
job, let's use it!

Technical explanations:
The new subroutine of the AuthorisedValues TT plugin will allow to get
the authorised value categories from the templates.
The new html_helpers include file will get rid of the if selected else
end statements. Bug 15758 already uses this file, see the commit
description for more informations.

Test plan:
1/ Create or edit a new fund (aqbudgets.pl), the fields "statistic 1"
and "statistic 2" should be correctly filled with the list of authorised
value categories
2/ Edit subfields for a biblio and authority framework.
The "Authorized value" dropdown list should be correctly filled on both
pages
3/ Create new items search fields (from the administration area), same
as previously, the authorised value category dropdown list should be
correctly filled
4/ Add and edit patron attribute types, check the authorised value
category list.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-10-28 16:35:52 +00:00
ed449a5b5b Bug 16005 - Standardize use of icons for delete and cancel operations
This patch makes changes to Font Awesome icons in order to make icon
choice consistent for common actions.

<i class="fa fa-trash"></i> where something is deleted, removed, or
emptied.

<i class="fa fa-remove"></i> where an operation is cancelled (also where
selections are cancelled, as in checkboxes).

<i class="fa fa-times-circle"></i> for "close," as in baskets and
windows.

To test, apply the patch and view the following pages to confirm that
the correct icon is used:

- Acquisitions -> Vendor -> Vendor delete button.
- Acquisitions -> Vendor -> Edit -> Delete contact button.
- Acquisitions -> Invoices ->  Delete menu item.
- Cataloging -> Edit record -> Authority search pop-up (triggered from
  the tag editor for a tag linked to an authority) -> Clear field button
- Authorities -> Authority detail -> Delete button.
- Tools -> Quotes editor -> Quotes delete button.
- Reports -> View saved report -> Delete button.
- Reports -> Saved reports -> Delete menu item.
- Serials -> Subscription details -> Subscription close button.
- Administration -> Budgets -> Delete menu item.
- Administration -> Item search fields -> Delete button.
- Administration -> Z39.50/SRU servers -> Delete menu item.
- Catalog -> Advanced search -> Clear fields link.
- Cataloging -> Advanced editor -> Macros -> Delete macro button.
- Circulation -> Checkout -> Check out an item which is on hold for
  another patron. "Cancel checkout and place hold" button now uses the
  icon used elsewhere for holds.
- Course reserves -> Course -> Delete course button.
- Patrons -> Patron lists -> Add patrons -> Remove selected button.
- Acquisitions -> Suggestions -> Suggestion details -> Delete button.
- Lists -> List contents -> Remove selected button.

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 08:21:25 +00:00
5e1bcc4aa7 Bug 16242 - Move staff client JavaScript out of language directory
This patch moves the JavaScript files in prog/en/js to prog/js.
JavaScript files do not need to be in the directory which is processed
by the translator.

To test, apply the patch and visit various pages in the staff client to
confirm that JavaScript files are still loading correctly.

Revised: I intended for this to be built on top of Bug 15883 as well as
Bug 16242. Now it is.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of 15883 and 16241
All seems to work, js files pulled from new dir.
No errors

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 14:32:42 +00:00
Aleisha
024af5ee9f Bug 15992: Renaming 'Operations' column heading to 'Actions'
to be consistent with other Administration tables
These actions were already made into buttons so will just make this small string change

To test:

1) Go to Admin -> Item search fields
2) Confirm column heading now reads 'Actions'

Sponsored-by: Catalyst IT

NOTE: Trivial string change, screen refresh confirms change.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-12 23:26:59 +00:00
fd74b271db Bug 15887: Revise layout and behavior of item search fields management
This patch adds some JavaScript to the item search fields management
page so that the add form is not displayed by default. This simplifies
the interface and makes it more consistent with other similar
interfaces.

Also changed in this patch:
- Changing instances of "Items search fields" to "Item search fields."
- Correct form structure to use ordered list
- Add "required" classes and enable built-in JS form validation.
- Add explicitly labeled "Choose" options to <select>s.
- Add missing ids to form fields (labels don't work without them).
- Correct classes of message and alert dialogs.
- Add JS confirmation of deletions.
- Convert MARC tag and subfield dropdowns to regular inputs (Bug 15384).

To test, apply the patch and go to Administration.

- Confirm that the "Item search fields" link is correct.
- Follow the link and confirm that the list of existing fields is shown
  by default, or a message saying there are no existing fields.
- Click the "New search field" button and confirm that it displays the
  entry form.
  - Confirm that submitting an empty form does not work.
  - Confirm that clicking the "Cancel" link correctly hides the form.
  - Confirm that submitting valid data works correctly.
- In the table of existing item search fields, confirm that the "Edit"
  button works correctly.
  - Confirm that submitting edits works correctly.
- In the table of existing item search fields, confirm that clicking
  "Delete" highlights the row in question and a confirmation dialog
  appears.
  - Test both canceling and confirming deletion.

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as described. JSHint OK, koha-qa OK.

Revision per QA: Undid the change making tag and subfield inputs text
fields.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-02 22:36:17 +00:00
Julian Maurice
7c2ff7940e Bug 11425: Add item search form in staff interface
Item search is available at catalogue/itemsearch.pl (link is in
catalogue/search.pl)
It only uses SQL (not Zebra)
* Use DataTables and server-side processing to be able to filter on
  individual columns after the first search is done.
* Allow to export results in CSV
* With Javascript disabled, search form still works (and CSV export too)

There is the possibility to define "Custom search fields" in a new admin
page admin/items_search_fields.pl (link is in admin/admin-home.pl)
A custom item search field is defined by:
* a name: its unique identifier
* a label: the text displayed to the user
* a MARC field/subfield: the field/subfield to query (it uses
  ExtractValue)
* an authorised values list (optional): if defined the list is displayed
  in the search form

New Perl dependency: Template::Plugin::JSON::Escape

Test plan:
1/ Apply the patch and run updatedatabase.pl
2/ Go to advanced search (staff interface), then click on "Go to item
search"
3/ Play with the search form! :)
In the 3rd fieldset you can add as many fields as you want and combine them with
boolean operators (AND, OR). You can use SQL jokers characters (%, _)
You can output to screen (in a DataTables table) or to a CSV file.
4/ In the DataTables table, play with filters and try sorting columns.
5/ Disable Javascript (with Firefox: extensions NoScript or YesScript,
or in about:config 'javascript.enabled' = false
6/ Reload the search page and do some searches on screen output. (there
is no sorting or filtering features, but there is still pagination)
7/ Try again CSV output.
8/ You can re-enable Javascript.
9/ Go to Administration > Items search fields
10/ Add a new field. Example for title (in UNIMARC):
  Name: title
  Label: Title
  MARC field: 200
  MARC subfield: a
  Authorised values category: None
(add another field with an authorised values category to see the
difference).
11/ As you are there try to update and delete some fields.
12/ Go back to items search form. You can see in the 3rd fieldset that
your fields have appeared in the selects.
13/ Try searching on them.
14/ I think you're done :)

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. Good new option.
No koha-qa errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2014-11-04 19:08:12 -03:00