I think we can do without the comment - suggesting removal with
this patch.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds context (word class, either verb or noun) to the word
'Order' when it is displayed alone in the acquisitions module.
The following files have been modified:
basket.tt
neworderbiblio.tt
newordersubscription.tt
newordersuggestion.tt
ordered.tt
parcel.tt
spent.tt
transferorder.tt
uncertainprice.tt
z3950_search.tt
To test, check all those pages in English to make sure there is
no change.
1- Go to Acquisitions
2- Create a basket
3- Add to basket from an existing record (neworderbiblio)
4- Add to basket from a subscription (newordersubscription)
5- Add to basket from a suggestion (newordersuggestion)
6- Add to basket from an external source (z3950_search)
7- In one of the orders, check the uncertain price box
8- Check the basket display table (basket)
9- Click transfer on one of the orders (transferorder)
10- Go to the vendor page and click on 'Uncertain prices' (uncertainprice)
11- Click on 'Receive parcel' (parcel)
12- Go to the Acquisitions home page and click on the
amount for 'ordered' (ordered)
13- Go to the Acquisitions home page and click on the
amount for 'spent' (spent)
Next, install a new language (fr-CA used as example)
1- translate create fr-CA
2- open fr-CA-messages.po and add a translation for Order
(verb) and Order (noun) (it doesn't have to be real, just
write something different for each)
3- translate install fr-CA
4- in the system preferences, enable the french language in
'language'
5- change interface language to french
Redo the tests above to make sure the word you put in the translation
for the verb is in the places where 'Order' should be a verb and that
the translation you put in for the noun is in the places where 'Order'
should be a noun
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch removes the "type" attribute from <script> tags in several
acquisitions templates. Also removed: Obsolete "//<![CDATA[ //]]>"
markers.
This patch also makes minor indentation changes, so diff using the "-w"
flag.
To test, apply the patch and confirm that examples of affected pages
work properly without any JavaScript errors in the browser console:
- Acquisitions -> Vendors -> Vendor -> Basket groups
- Acquisitions -> Vendors -> Vendor -> Receive shipments
- Acquisitions -> Vendors -> Vendor -> Basket:
In the table of orders, click "Transfer." Transfer an order
Validating the HTML source of any of these pages should return no errors
related to the "type" attribute.
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch updates the acquisitions transfer order template to use the
Bootstrap grid instead of the YUI grid.
Also fixed: Corrected footer include for popup window.
To test, apply the patch and go to Acquisitions -> Vendor -> Open order
-> Transfer.
In the popup window search for a vendor, select, and choose a basket.
Signed-off-by: Charlotte Cordwell <charlotte.cordwell123@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies even more staff client acquisitions templates so
that JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Acquisitions -> Vendor -> Vendor details
- Contracts datatable
- Edit vendor
- Add contacts, form validation
- Acquisitions -> Vendor -> Invoices -> Invoice -> "Go to receipt"
- Datatables, MARC and Card previews
- Transfer
- Confirmation of transfer, window closes
- Acquisitions -> Vendor -> Receive shipments
- Datatables, date pickers
- Acquisitions -> Available funds table -> Spent report
- Datatables
- Acquisitions -> Vendor -> Uncertain prices
- Datatables, form validation
- Acquisitions -> Vendor -> Basket -> Add to basket from external source
- Select and clear all on search form
- Search results
- Datatables, MARC and Card previews, in-table pop-up controls
(click any table cell)
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch fixes the display of copyrightdate for MARC21 installations.
As MARC21 already requires you to add punctuation in cataloguing, there
is usually no need for punctutation in the templates.
Also fixes a template variable name typo and the basket summary page.
To test (all 3 patches):
- Add several order lines to an order, one should be uncertain
- Verify that the publisher and publication year are displayed
- Check the uncertain price page
- Verify that the publisher code and publication year are displayed
- Fix uncertain price and close your order
- Basket summary: Verify... (you know what)
- Cancel one of your orders
- Verify... for cancelled orders
- Receive shipment
- Verify... for unreceived orders
- Receive order
- Verify ... for received orders
- Finish receiving
- Verify ... on the invoice summary page
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In comment #6 and comment #17, Katrin pointed out the discrepancy
between UNIMARC (using publisheryear) vs. Other MARC installations
(using copyrightdate). This was dealt with in invoice.tt already.
This patch does similar logic for the other 3 template files.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In acquisition, several templates try to display publisher code and publication year : invoice.tt, parcel.tt, transferorder.tt.
Thoses pages use C4::Acquisition methods GetPendingOrders or GetInvoiceDetails.
The bug is that in the SQL query of those methods, biblioitems.publishercode and biblioitems.publicationyear.
In uncertainprice.pl those datas are fetch using GetBiblioData.
It whould be better to fetch them in GetPendingOrders and GetInvoiceDetails.
This patch changes SQL queries to fetch wanted datas : aqorders.*,biblio.title,biblio.author,biblioitems.isbn,biblioitems.publishercode,biblioitems.publicationyear. GetInvoiceDetails also needs : biblio.seriestitle,biblioitems.volume.
This patch also unifies the way biblio datas are displayed :
<a href="link to catalog using biblionumber">[title]</a> <em>by</em> [author] – [isbn]
<em>Publisher:</em> [publishercode], [publicationyear]
Test plan :
- Choose a biblio record containing a data in :
biblio.title,
biblio.author,
biblioitems.isbn,
biblioitems.publishercode,
biblioitems.publicationyear,
biblio.seriestitle,
biblioitems.volume.
- Create an order using this biblio.
- Look at this order in pages : parcel.pl, transferorder.pl, uncertainprice.pl
=> You see publisher code and publication year
- Look at this order in page : invoice.pl
=> You see publisher code, publication year, series title and volume
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the use of 'onclick' from the acquisitions transfer
order process. The patch also modifies the style of some links and
buttons to conform with current guidelines.
- Locate an open basket with items in it
- Click the 'Transfer' link for a title in the basket
- In the pop-up window:
- Confirm that the 'Cancel' button at the bottom of the window is a
Bootstrap-style button.
- Search for a vendor; Confirm that the 'Choose' link is a
Bootstrap-style button.
- Choose a vendor; Confirm that the 'Choose' link on the following
page is a Bootstrap-style button.
- Confirm that clicking the 'Choose' button transfers the item to the
correct basket.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
The date a basket was created was not displayed
according to the dateformat system preference.
Also fixes wording of the message shown when there
are no baskets for a chosen vendor.
To test:
- Create an order with an order line
- Click on the "Transfer" link on the basket
summary page
- Search for a vendor without open baskets
- Verify change of message shown:
"There are no open baskets for this vendor."
- Choose another vendor with open baskets
- Verify the creation date of the basket is
displayed correctly formatted.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
While transferring an order, a untranslatable JavaScript confirmation
dialog pops up.
This patch moves the information about the order to be transferred to the
top of the screen to better inform the user what order is to be transferred,
and simplifies the confirmation dialog.
To test:
- Apply patch
- Transfer an order from a basket to another basket
- Verify, that on top of the screen an information is displayed about which
order from which vendor and basket is to be transferred
- Verify that the transfer works OK
- Update a po lang file and confirm you see the string and you are able
to translate it.
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Dialog box with readable & translatable info.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Followed test plan from patch 1/2, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch implements some of the suggestions made
by Owen Leonard and brings the form closer in line
with other popup forms. In particular:
- sets dimensions for the popup so that clicking on the
link is more likely to open a new browser window, not
a tab.
- ensures that the vendor search form is always visible
- adds a cancel link to make it more clear to library
staff that they can abort the process.
- tweaks markup to better match the patron guarantor
popup search form
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
On basket.pl and parcel.pl there is a 'Transfer' link which allow you to
transfer order lines from a basket to another.
The link leads to a new page which allow you to search for a bookseller,
then display this bookseller's baskets. Then you can pick a basket and
the transfer will be done.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Mathieu Saby <mathieu.saby@univ-rennes2.fr>
Signed-off-by: sonia <koha@univ-lyon3.fr>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>