Commit graph

54095 commits

Author SHA1 Message Date
df23f6c345
Bug 36149: Unset userenv from middleware
The userenv (logged in user's info) are stored in
$C4::Context->context->{activeuser}, which persists in plack worker's
memory.
It's really bad in theory as we are not cleaning it before or after the
HTTP request, but only when set_userenv is called (what we are doing
commonly in C4::Auth::get_template_and_user).
If C4::Context->userenv is called before set_userenv we should get undef,
not the userenv from the previous request!
In practice this should not be a problem, but well... who really knows?

This patch suggests to have a middleware to deal with removing the
userenv at the beginning of each request (maybe it should be after, right? - FIXME).

To test:
1 - Edit /etc/koha/sites/kohadev/koha-conf.xml to set <plack_workers>1</plack_workers>
2 - Edit about.pl  and add a line after: CGI->new:
    warn Data::Dumper::Dumper( C4::Cointext->userenv() );
3 - tail -f /var/log/koha/kohadev/*.log
4 - View about.pl in staff interface, should get a "somethign's wrong" warning
5 - Reload, you get current user info
6 - Open an incognito tab, sign in as a different user and click some stuff
7 - Reload about.pl in other window
8 - You get the opac user info
9 - Apply patch
10 - Edit /etc/koha/sites/kohadev/plack.psgi and add the middleware after "RealIP":
     enable "+Koha::Middleware::UserEnv";
11 - Restart all
12 - Reload about.pl - you get a "Something's wrong" warning
13 - Click things in opac on incognito window
14 - Reload about.pl  - only "Something's wrong" - you no longer see any user info

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2024-05-14 15:04:36 -03:00
1efe9ffc77
Bug 19613: Use the 'note' profile
WNC amended patch: tidied

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2024-05-14 15:04:35 -03:00
b31c732105
Bug 19613: Scrub borrowers fields: borrowernotes opacnote
To prevent XSS

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2024-05-14 15:04:34 -03:00
0776369776
Bug 36532: Protect opac-dismiss-message.pl from malicious usages
Really bad design, NEVER retrieve the logged in user from the CGI
param!

See comment 1 for more info

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2024-05-14 15:04:34 -03:00
489f6f86fd
Bug 36382: (QA follow-up) Don't escape quotes in escapeHtml
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2024-05-14 15:04:33 -03:00
a104502437
Bug 36382: XSS in showLastPatron dropdown
1) Set borrower surname to:
    <script>alert("here comes trouble");</script>
2) Save, nothing happens
3) Enable showLastPatron
4) Reload patron
5) Note the alert popup
6) Apply this patch
7) Reload patron
8) No alert!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2024-05-14 15:04:33 -03:00
Jan Kissig
2884226fe2
Bug 36772: OPAC Self checkout accepts wrong or partial barcodes
When using the opac trusted checkout feature it is possible to enter non existant or partial barcodes to check out items.

    Testplan:
    a) set  System preference OpacTrustedCheckout  to Allow
    b) go to http://localhost:8080/ and login with koha / koha
    c) click Self Checkout in navigation bar
    d) enter barcode 1234
    e) result: Item '39999000011234' was checked out

    apply patch and reload the page

    a) now enter barcode 1234
    b) result: Item '1234' not found
    c) enter 39999000011234
    d) result: Item '39999000011234' was checked out

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:31 +02:00
Emmi Takkinen
a0b1ee7df3
Bug 36825: Hide "Protected" field via BorrowerUnwantedField syspref
Setting field "Protected" as hidden in patron entry/modification
form via BorrowerUnwantedField syspref doesn't work. Form is
missing condition "UNLESS noprotected".

To test:
1. From BorrowerUnwantedField, check field "Protected" as hidden.
2. Either attempt to create a new patron or modify existing one.
=> Note that "Protected" is still displayed in the form.
3. Apply this patch.
4. Navigate back to create/modify patron form.
=> Note that "Protected" is no longer displayed.
5. Uncheck field "Protected" from BorrowerUnwantedField.
=> Field should now be displayed in create/modify form.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:31 +02:00
537d5aac5a
Bug 36837: (follow-up) UNIMARC case
I checked the UNIMARC authResults counterpart file. And it only
contained a single case of generated elements like the previous patch.

To test:
1. On latest main
   $ ktd --shell
  k$ cd misc/translator/po
  k$ git fetch
  k$ git reset --hard origin/main
  k$ cd /kohadevbox/koha
  k$ gulp po:update --lang es-ES
  k$ cd misc/translator/po
  k$ git add -u ; git commit -mWIP --no-verify
2. Apply this patches
3. Run:
  k$ cd /kohadevbox/koha
  k$ gulp po:update --lang es-ES
  k$ cd misc/translator/po
  k$ git diff
=> SUCCESS: Notice CSS class names are not translated anymore

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:30 +02:00
48e39c1e5c
Bug 36837: Simplify XSLT and aid translatability
This patch makes the XSLT contain HTML tags instead of building them
from scratch with static attribute values. This made it awkward for
translators as CSS classes ended up being extracted for translation
purposes. Plus, there's no need to spend CPU cycles on static content
generation.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:30 +02:00
Janusz Kaczmarek
d4c70f7d07
Bug 33099: Add missing MARC21 Match authority mappings so "Search all headings" search works
The main entry form of corporate names (110), uniform titles (130), topical
terms (150), geographical names (151), and genre/form (155) are not indexed
with 'Match' search field in Elasticsearch standard mapping.  As a result,
the respective records are not present on the result list when performing
an 'All headings' search for the authority records with the main heading form
(MARC 21).

Test plan
=========
0. Have a test installation with Elasticsearch.
1. In Authorities, make an 'All headings' search for a main entry
   form from the corporate names, uniform titles, topical terms,
   geographical names, or genre/form
   --> e.g., in ktd: UK Archiving.  You will get no results.
2. Apply the patch, reindex with:
   sudo koha-elasticsearch --rebuild -r -a kohadev
3. Repeat the test. You should see 'UK Archiving' on the result list.

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:29 +02:00
7291a31233
Bug 36378: Cannot stay logged in if AutoLocation is enabled but branch ip is not set correctly
We can get into a scenario what a user cannot stay logged in for more than a single page load.
If AutoLocation is enabled with branch IP addresses being set to a space, you will be logged out with every page load.

Test Plan:
1) Set your branch ip to a space
2) Enable AutoLocation
3) Restart all the things!
4) Log out
5) Log in
6) Browse to another page
7) You are logged out
8) Apply patch
9) Repeat 1-6
10) You are not logged out!

Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:28 +02:00
02eae879eb
Bug 36708: Fix column index for processing No automatic renewal after
To test:
1- Find or create a circulation rule with a 'Holds allowed (total)' limit of 3 (or another number) and no value in 'No automatic renewal after (hard limit)'
2- Select to edit the rule, and note that 'No automatic renewal after (hard limit)' box in the editing line is now populated with a date
3- Note also that 'Holds allowed (total)' is empty in your editing line
4- If you save your edits without clearing the new 'No automatic renewal after (hard limit)' date, it will save as part of the rule. Also, 'Holds allowed (total)' will save as Unlimited unless you re-add your numerical value.
5- APPLY PATCH
6- Try again, the values should save corrected and not erroneously fill the No automatic renewal after (hard limit) column.

Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:28 +02:00
3af27824b7
Bug 35862: Fix patron_search_form selection
We were no longer getting a match here and so ended up with 2 forms on
the budget page (where we have two modals for patron: owner and users).

Caught be selenium tests patrons_search.t :
Error while executing command: element not interactable: Element <a class="patron_name patron_preview" href="/cgi-bin/koha/circ/circulation.pl?borrowernumber=511"> could not be scrolled into view

It fixes the following UI issues:
When you open a modal, start a search, close the modal
open the other modal search: the results from the other modal were shown

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:27 +02:00
6d8f72efa0
Bug 35862: Remove dup aside node
The aside element is now a parent of the form block, in
patron-search.inc (BLOCK patron_search_filters).

On members/members-home.pl there were 2 nested aside

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:27 +02:00
69c64bcb72
Bug 35362: Adjust other "Close window" clicks
Previous patch "Bug 35362: (follow-up) Fix guaruntor preview modal close in test"
didn't adjust the other occurrences.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:26 +02:00
33e9127082
Bug 36018: Prevent random failure from api/v1/acquisitions_orders.t
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-14 15:34:26 +02:00
150914e234
Bug 34788: (follow-up) Fix unit tests
prove t/db_dependent/Koha/BackgroundJob/ImportKBARTFile.t

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 16:24:19 +02:00
b7e5dab1e7
Bug 30047: (follow-up) Fix failing tests
This patch updates the test files to correctly create authorities and/or correctly
mock the needed data for authorities.

the tests in t/db_dependent/Authority/Merge.t cover the case of 'Default' authorities
which don't have valid headings - so I had to add handling for blanking the heading field
when Default type is used.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 16:24:18 +02:00
aae125044d
Bug 36838: Add CSRF token to tags review AJAX requests
The JavaScript for approving or rejecting tags in the staff interface's
tag review interface lacked a CSRF token for the POSTed requests. This
patch adds the token for "approve" and "reject" operations.

To test, apply the patch and clear your browser cache if necessary.

- If necessary, enable tags in system preferences.
- Log in to the OPAC and submit multiple tags on various records.
- In the staff interface, go to Tools -> Tags.
- Test the process of approving and rejecting tags by clicking the
  buttons in each row of the table of tags.
- The browser console should show no errors, and the lists of approved
  and rejected tags should correctly show the tags you moderated.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 16:24:18 +02:00
43eb61f0d8
Bug 29948: Adjust sysprefs.sql
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 16:24:17 +02:00
fffb3665ea
Bug 36723: Add musical presentation to Elasticsearch index mappings
Testing plan:

1. Start up KTD with Elasticsearch: ktd --es8 up
2. Apply the patch and restart everything (restart_all).
3. Reset the mappings: Administration > Catalog > Search engine configuration (Elasticsearch) > Reset mappings (at the bottom of the page)
4. Reindex: koha-elasticsearch --rebuild -d -b -a kohadev
5. Alternative to steps 3 and 4: reset_all
6. Update the visibility for 254$a in the default framework so that it is visible in the Editor (OPAC, Staff interface should already be selected).
7. Add a new record using the default framework and put a term in 254$a, such as 'Full score'.

Sponsored-by: Education Services Australia SCIS
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:17 +02:00
4b8dad9a8e
Bug 36472: Add search box at the top of the authorities editor page
This patch adds the authority search header include to the authorities
editor page.

To test, apply the patch and go to Authorities -> New authority.

There should now be a set of authority search forms at the top of the
page.

Signed-off-by: Michelle Spinney <mspinney@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:16 +02:00
be98d633be
Bug 34823: Do not show Item group dropdown if there are no item groups
To test:
1. Enable EnableItemGroups and EnableItemGroupHolds
2. Go to the OPAC and log in as a patron
3. Go to any record that doesn't have grouped items and try to place a hold
4. Click on "Show more options"
5. See "Request specific item group:" and dropdown
6. APPLY PATCH
7. Try again, this time if the record has no item groups you should not see the dropdown at all.

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:16 +02:00
Emily Lamancusa
2d34006653
Bug 36440: (QA follow-up) Update op parameter
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:15 +02:00
Stefan Berndtsson
6e6167f3e1
Bug 36440: Add edit buttons for patron flags in attention box
Add edit buttons for patron flags in attention box and show
flag status in detail view

To test:
1) Go to patron details for a patron with address in
   doubt and card lost flags set and verify these are
   highlighted under "Library use" and the patron messages
   has edit buttons that links to the modfiy patron page.

Sponsored-by: Gothenburg University
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:15 +02:00
Laura Escamilla
36eab911dd
Bug 26654: Added item number column to item search
Test plan:
1. Apply patch
2. Do an item search and notice the column containing the item number

Signed-off-by: Michelle Spinney <mspinney@clamsnet.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:14 +02:00
0fcd0a92de
Bug 29948: (follow-up) Add CSS class to list items
This will allow to hide some of the entries by their source from $2.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:14 +02:00
5f7dd9c62d
Bug 29948: DBRev 23.12.00.057
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:13 +02:00
88acb4ea49
Bug 29948: Remove margin bottom for paragraph
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:13 +02:00
bc77ca128a
Bug 29948: Hide entry if empty
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:12 +02:00
David Nind
bdc06dd36f
Bug 29948: (follow-up) Update system preference description and heading
This follow-up:
1. Updates the OPACAuthorIdentifiersAndInformation system preference
   description.
2. Changes the OPAC heading used on the bibliographic record and
   authority record detail pages from "Author identifiers/information"
   to "Author information". Identfiers are a subset of author information
   and having just "Author information" is sufficient. In addition,
   the authority record doesn't have to include identifiers.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:12 +02:00
3c503a1595
Bug 29948: Fix display of selected values
The values were correctly inserted but the display was not sorting
correctly

Signed-off-by: Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:11 +02:00
6f1b00e24d
Bug 29948: Allow to sort info
With this patch the different info can be ordered when editing the
syspref

Sponsored-by: Orex Digital

Signed-off-by: Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:11 +02:00
40ca270825
Bug 29948: OPACAuthorIdentifiersAndInformation
This patch merge the previous patch attempt with the existing OPACAuthorIdentifiers syspref.

It creates a new syspref OPACAuthorIdentifiersAndInformation and remove
OPACAuthorIdentifiers.
"identifiers" become an entry of the new syspref.

Test plan:
Select some entries in OPACAuthorIdentifiersAndInformation
Edit an authority record and enter data in the corresponding subfield
(the list is on the syspref entry)
Go to the biblio detail page or the authority detail page at the OPAC
and notice that the info you selected are correctly displayed.

Sponsored-by: Orex Digital

Signed-off-by: Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:10 +02:00
070f720aae
Bug 29948: Display authors information along with the identifiers
Sponsored-by: Orex Digital

Signed-off-by: Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:10 +02:00
11cdeb0889
Bug 36827: Fix tab formatting
This patch removes unwanted whitespace between the tabs and the tab content

Test plan:
1) Enable the ERM module and navigate to the eUsage > Reports sections
2) Observe the whitespace between the tabs and the content
3) Apply patch and run yarn build
4) Hard refresh the page, the whitespace should be gone

Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:09 +02:00
f3af09c78c
Bug 36828: Remove commented out code
Test plan:
1) Look at the patch diff and observe that the commented out code has been removed

Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:09 +02:00
274c0bee86
Bug 36370: Add ContentWarningField to UNIMARC XSLT
Bug 31123 added new feature with preference ContentWarningField.
Add this behavior to UNMARC XSLT files.

This patch adds new template 'tag_content_warning' in UNIMARCslimUtils.xsl
called in results and details pages.

New field is placed after 3xx.

Test plan (in both interfaces OPAC and staff):
1) Create a new field 599 in framework
2) Set system preference ContentWarningField to 599
3) Edit a record to add a 599 with text in $a$b and an URL in $u
4) Perform a search to find this record
=> Check you see content_warning: <a href="$u">$a</a> $b
5) Click on details page
=> Check you see content_warning: <a href="$u">$a</a> $b

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:08 +02:00
6635f73936
Bug 36373: Show existing bookings in the datepicker
This patch exposes existing bookings as info dots in the flatpickr

Signed-off-by: Esther <esther@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:07 +02:00
93a5ec9ca4
Bug 36325: Add --exclude-logs option to koha-run-backups
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:07 +02:00
c8bc861ec7
Bug 36325: Add option to koha-run-backups/koha-dump, to exclude logs
Written patch to add flag to both koha-dump and koha-run-backups.

Test plan:
1. do a sudo koha-dump and sudo koha-run-backups and check the contents of the .tar.gz backup in /var/spool/koha/instance/ and verify logs are in there
2. apply this patch
3. this time do sudo koha-dump --exclude-logs and sudo koha-run-backups --exclude-logs and check the contents of the .tar.gz backup in /var/spool/koha/instance and verify nothing from /var/log/koha is in there.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:06 +02:00
e48df518e8
Bug 35813: Migrate 'transient_result' to 'messages.inc'
This patch DRY's out the code by migrating the transient_result div into
the now widely included messages.inc include.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:06 +02:00
21cda2fa63
Bug 35813: (follow-up) Correct dialog class and clean up whitespace
This patch changes the class of the success message from "success"
(which is a Bootstrap class) to "message" which is the class we use
elsewhere in Koha for this kind of informational message.

The patch adds the same dialog markup to labeledMARCdetail.tt.

The patch also trims trailing whitespace from place_booking_modal.js

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:05 +02:00
cef4c56d6e
Bug 35813: Add success feedback after placing/editing bookings
This patch restores the lost behaviour that a successful add/edit of a
booking via the 'Place booking' modal should notify the end user that
the submission was sucessful.

Test plan
1) Set an item as bookable to expose the 'Place booking' button
2) Place a new booking from the following pages and confirm that you
   now recieve feedback.
   * Catalog > Title > Details
   * Catalog > Title > MARC details
   * Catalog > Title > ISBD details
   * Catalog > Title > Item details
   * Catalog > Title > Bookings
3) Edit a booking on the 'Catalog > Title > Bookings' page and confirm
   you now recieve feedback.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 14:00:05 +02:00
Janusz Kaczmarek
c74169ba27
Bug 36794: Illegitimate modification of biblionumber subfield content (999 $c)
It happens that librarians, by mistake, open a biblio editor putting in the
URL, by hand, the biblionumber prefixed with a blank (e.g.
.../addbiblio.pl?biblionumber= 123 -- mind the space before 123).
In such a case the editor opens with the right biblio record (i.e. 123)
but, after saving the record, the content of the biblionumber MARC
field (999 $c for a standard MARC 21 installation) results modified and
contains additional initial blanks.

Moreover, while using ES and making a search for the record (with title,
author etc.) we get two records on the result list (instead of one).

This is because in the addbiblio.pl script $biblionumber is taken (and
continuously used) directly from CGI parameter, without any
validation and/or correction.

Test plan:
==========
0. Have a test installation with ES.
1. Open a biblio record in the editor with an added space before
   biblionumber value, e.g.:
   http://ktd:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber= 123
   Save the record.
2. From the Normal view choose Save -> MARCXML.  Open the saved file in
   your favourite editor.  You should see, at the end, something like:
   <datafield tag="999" ind1=" " ind2=" ">
     <subfield code="c"> 123</subfield>
   (mind the space before 123).
   This is not right.
3. Make a search with the title or author's name from the record (e.g.
   Henning Mankell for the record 123 from the default ktd data set).
   You should get two records instead of one (while using ES).
4. Apply the patch, restart_all.  Repeat p. 1 and 2 with a different
   biblionumber.  Notice the unchanged (i.e. without spaces) value
   of 999 $c subfield in the exported record and only one record
   as a result of a search.

WNC amended patch - rebased, added conditional in case no bib, moved comments to their own lines

Sponsored-by: Ignatianum University in Cracow
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 10:36:11 +02:00
Janusz Kaczmarek
4b66fbc4eb
Bug 36799: Illegitimate modification of MARC authid field content (001)
It happens that librarians to save time open an authority editor by putting
in the URL, by hand, the authid prefixed, by mistake, with a blank (e.g.
.../authorities.pl?authid= 100 -- mind the space before 100).  In
such a case the editor opens with the right auth record (i.e. 100) but,
after saving the record, the content of the authid MARC field (001 for
a standard MARC 21 installation) results modified and contains
additional initial blanks.

Moreover, if the heading (1XX field) was modified in the authority record
during such an edit, the changes will not propagate to the linked
bibliographic records.  And won't in the future.

This is because in the authorities.pl script $authid is taken (and
continuously used) directly from CGI parameter, without any
validation and/or correction (line 540 in the current main branch).

Test plan:
==========
1. Open an auth record in the editor with an added space before
   authid value, e.g.:
   http://ktd:8081/cgi-bin/koha/authorities/detail.pl?authid= 100
   Modify the heading field -- in the ktd data set:
       150 Computerized typesetting
   Save the record.
2. a) Open the record for editing again--see the space added before
   the authid in field 001.  Close the editor (with Cancel).
   b) Try to go to the linked biblio records with Used in X records.
   Note no results, if using ES.
   c) Remove the space before authid (after an:) in the URL.
   Go to the linked biblio records.  See that the content of
   the field controlled by the modified auth record did not
   update.
3. Apply the patch; restart_all.
4. Repeat p. 1 and 2 with a different authid.  Everything should
   be OK now.

Sponsored-by: Ignatianum University in Cracow
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 10:36:10 +02:00
Emmi Takkinen
d2f41df188
Bug 33849: Do not reset new patrons home library when error occurs
While adding new patron, if patron is flagged as duplicate
or another error occurs and their home library differs from
library user is logged in, patrons home library resets as
logged in users library. This happens with all patrons
expect those with category type C. This patch removes checking
if patrons category type is C from code so that all category
types use previously chosen home library even if error occurs.

To test:
1. Add new patron and set their library to a different
library than the one you're logged in.
2. Cause an error (wrong age, duplicate etc) while saving.
3. Attempt to save.
=> Note that patrons home library is set as one you're
logged in.
4. Apply this patch.
5. Repeat steps 1 to 3.
=> Note that patrons home library hasn't changed.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: Esther <esther@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 10:36:09 +02:00
2b3ad46f97
Bug 35149: DBRev 23.12.00.056
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 10:36:09 +02:00
David Gustafsson
42d95f362a
Bug 35149: Change CircAutoPrintQuickSlip syspref explanation
Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-05-13 10:36:08 +02:00