Commit graph

7607 commits

Author SHA1 Message Date
3f9da34683 Bug 18298: Add server-side checks and refactor stuffs
Now that we have a check client-side, nothing prevents us from a smart guy to
bypass it and force an invalid password.
This patch adds two new subroutines to Koha::AuthUtils to check the
validity of passwords and generate a password server-side. It is used
only once (self-registration) but could be useful later.

Moreover the 3 different cases of password rejection (too leak, too
short, contains leading or trailing whitespaces) were not tested
everywhere. Now they are!

This patch makes things consistent everywhere and clean up some code.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
f2a1b215dd Bug 18298: minPasswordLength should not be used as the default password length
The length of the passwords generated for a patron should not be as long
as the value of minPasswordLength.
It is the minimum required size of a password, not the maximum!
So let's fix it to 8 if the minPasswordLength if < 8, that sounds
reasonable and less risky for patrons.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
ec4e666bc5 Bug 18298: minPaswordLength should not be < 3
Indeed if RequireStrongPassword is set we need at least 3 characters to
match 1 upper, 1 lower and 1 digit.
We could make things more complicated to allow minPasswordLength < 3
but, really, 3 is already too low...

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
ac50959dcf Bug 18298: Move password generation to template side
This patch removes a really ugly way to generate a password: the whole
template was sent and parsed to retrieve the "#defaultnewpassfield" node.
To avoid the password to be sent plain text it is certainly better to
generate it client-side.
The same kind of passwords will be generated: 0-9a-zA-Z
The while loop prevents to get an invalid generated password.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
7cc65af6ff Bug 18298: Use the validate jQuery plugin
To validate password fields we need to use the validate jQuery plugin.
To make things reusable this patch adds a new include file
'password_check.inc' at the intranet and opac sides, it creates 3 new
validation methods:
- password_strong => make sure the passwords are strong enough according
to the values of the RequireStrongPassword and minPasswordLength prefs
- password_no_spaces => prevent passwords to be entered with leading or
trailing spaces
- password_match => make sure both password fields match

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
558a809144 Bug 18298: Enforce password complexity
This patchset prevents users to enter too leak password, controlled by
a new syspref RequireStrongPassword. If set the staff and patrons will have
to enter a strong password.
The strongness cannot be modified, it has been arbitrarily set (by the
author of this enhancement) to at least 1 lowercase, 1 uppercase and 1
digit. This can be inforce by increasing the value of the existing
minPasswordLength pref.

I decided to turn this feature on, it cannot hurt! For existing installs
it will have to be turned on manually.

Writing these patches I found a lot of inconsistencies all around the
password checks and decided to refactor everything to make things
consistent and more robust.
Now the password validity is check at only one place (subroutine
covered by tests).

Test plan:
We have several places where a password can be change/created:
a. Editing a patron (members/memberentry.pl)
b. Changing the password of a patron (members/member-password.pl)
c. Changing your own password at the opac (opac/opac-passwd.pl).
OpacPasswordChange needs to be set
d. Reseting your own password at the opac
(opac/opac-password-recovery.pl). OpacResetPassword needs to be set,
see "Forgot your password?" link when you are not logged in
e. Self registration feature, PatronSelfRegistration needs to be set.

You will also need to add 'password' to PatronSelfRegistrationBorrowerMandatoryField.

Note that '****' is considered by Koha internally that the password is
not changed (existing behavior).

To fully test this patch you will need to test the different
combinations of RequireStrongPassword and minPasswordLength.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
3df9663426 Bug 19186: Change pref choice for SelfCheckoutByLogin - barcode vs cardnumber
The SelfCheckoutByLogin lists 'Barcode' as an option, but this should be
Cardnumber. Especially since more and more libraries are using chip
cards instead of barcodes.

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:58:20 -03:00
47c77c0193 Bug 19413: (follow-up) Changed fieldset id value
Followed test plan again and patch still applies and works as expected.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:58:08 -03:00
ebffcdf4b9 Bug 19413: Moving the OK and Cancel inputs to the top of the 008 builder
Followed test plan and patch applies and functions as described
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:58:05 -03:00
5fc8c03b59 Bug 19438: Fix sorting by date due in overdues.pl
Test plan:
0) Do not apply the patch
1) Have some overdued checkouts in your database
2) Go to circulation -> overdues (overdues.pl)
3) Try to sort the overdues table by due date and notice it is sorted
alphabetically, not by date
4) Apply the patch
5) Try again and confirm, it is sorted by date

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:58:04 -03:00
2aba85d811 Bug 19083: Fix 'show all details' link on closed basket detail
'Show all details' add columns on the basket summary page.
This link is broken if the basket is closed.

Indeed there is a JS error raised by $('#toolbar').fixFloat();
The toolbar is not displayed if the basket is closed.

This is caused by bug 12333, which added the floating toolbar.

Test plan:
Create 2 baskets with orders
Close 1 basket
Click on the 'show all details' links and confirm it works as expected
Also confirm that the toolbar works correctly

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:57:56 -03:00
David Gustafsson
b830349f45 Bug 19453: Incorrect jQuery selector for fund drop down validation
Steps to reproduce:
1. Create a new basket
2. Choose "Add to masket"
3. Choose "From a staged file"
4. Select a file
5. Save without selecting a fund

Expected results: A validation error should be shown, and form submit
halted.

Actual results: No validation error is shown and form submits.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:57:56 -03:00
04aea91de0 Bug 15685: (QA follow-up) Address QA issues
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:08:47 -03:00
Jesse Weaver
b29493265b Bug 15685: Allow creation of items (AcqCreateItem) to be customizable per-basket
This adds a new basket attribute (create_items) that can optionally be
set to override AcqCreateItem.

The following have been modified to reflect this (with the value of
create_items that causes them to behave differently in parentheses):
  * Cancelling receipt of an order (receiving)
  * Creating an order by hand or from MARC (ordering)
  * Receiving an order (receiving)
  * Showing orders with uncertain price (ordering)
  * Showing orders (receiving)
  * Showing acquisition details in the OPAC (ordering)

Test plan:
  1) Create baskets with "Create items when:" set to ordering,
     receiving, cataloging and unset.
  2) Test each of the above for each of these baskets, verifying that
     the basket-specific attribute overrides AcqCreateItem if set and
     falls back to the syspref otherwise.

NOTE: A check of AcqCreateItem in opac-detail.tt was removed because it
was redundant; the code path in question cannot be triggered unless
create_items/AcqCreateItems is set to the correct value anyway.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Barbara Fondren <bfondren@roundrocktexas.gov>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:06:06 -03:00
Alex Arnaud
4869f1b6ec Bug 18399: (follow-up) Escape reason input
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:05:42 -03:00
Alex Arnaud
7b9140e8ef Bug 18399: Add reasons in edit suggestion page
Test plan:

 - Fill the authorised values's category 'SUGGEST' with reason
 - Edit a pending suggestion. Set the status to rejected
   and select a reason
 - Check the reason has been saved (i.e in the suggestions
   table of rejected tab)
 - Check in the corresponding message_queue that the reason
   is here
 - Re-edit the same suggestion
 - Check that the correct reason is selected by defaut
 - Edit an other pending suggetion. Set the status to rejected,
   select other reason and fill the input text
 - Re-edit the previews suggestion and make sure the input
   "other" is displayed by default with the correct value

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:05:39 -03:00
Your Full Name
0c32d41107 Bug 19414: Move the location of the 'Import this batch into the catalog' button
Moves the location of the button in question to be below the framework selector

Test plan:
1. Go to Tools -> Stage MARC records for import
2. Upload a .mrc file and stage it for import
3. Click Manage staged records
4. Note that the import button appears above the framework selector
5. Apply patch
6. Refresh the window
7. Notice that the button has now moved to below the framework selector

Sponsored-By: CALYX information essentials

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:05:36 -03:00
36c3d45426 Bug 16401: System preference staffClientBaseURL hardcoded to 'http://'
Test plan:
1) Insert some value to staffBaseURL preference, without starting http://
2) Apply the patch
3) Update database
4) Go to system preferences adminsitration, find the staffBaseURL
preference, the inserted value should be prepended with 'http://' and
the comment should be "This should be a complete URL, starting with
http:// or https://. Do not include a trailing slash in the URL. (This
must be filled in correctly for CAS, svc, and load_testing to work.)"
5) prove t/db_dependent/Auth_with_cas.t
6) prove t/db_dependent/selenium/basic_workflow.t
7) prove t/db_dependent/check_sysprefs.t

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:05:35 -03:00
8c83fa0bc6 Bug 19259: Enforce type of the delay value when editing overdue rules - template side only
Overdue rules do not save when a delay that is not an integer > 0,
without any warnings.
This patch forces the user to select a number > 0.

Test plan:
Without this patch applied, enter non-integer value or negative or 0
=> The rule will not be inserted without any warnings.
With this patch applied you will get an message from the browser and the
form will not save

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 12:40:31 -03:00
Marc Véron
5ac69e3a19 Bug 18528: Patron card creator template: switch form fields for card height and card width
This patch changes the sequnce of form fields for card height and card width.

To test:
- Apply patch
- Edit or create a patron card template
- Verify that the fields display in sequence Page height - Page width -Card height - Card width

Followed test plan, worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:52 -03:00
0b0cc8584f Bug 19397: Release team for 17.11
This patch adds the release team for 17.11 to about template.

Test plan:
Check the changes with the wiki pages for 17.05 and 17.11.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:51 -03:00
00b871e880 Bug 19255: QA Followup - Fix tabs for spaces
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:50 -03:00
77a28050a6 Bug 19255: [Follow-up] Typo "will accessible"
This patch speaks for itself.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:50 -03:00
09a16fc493 Bug 19255: Correct explanation about list types on shelves.pl in staff
The explanation on list categories on the shelves form is removed.
The online help text is actualized.

Test plan:
Go to Lists in staff. Edit a list. The remarks about private and public
lists on the right side are gone.
Click Help. Read the adjusted text. Does it make sense?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:50 -03:00
38526ca13a Bug 14039: Add the title to all places
There are other scripts where the borrower variable is not defined and
the fields are passed one by one.
To have a consistent behaviour we should add the title at the different
places.

Note that this script also add the use of the include file for
statistics.tt and remove the pass of parameters to the template, already
done later:
 99 $template->param(%$borrower);

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:50 -03:00
Aleisha Amohia
4553aa7040 Bug 18916: Add pagination to top of search results in staff client
To look the same as OPAC.

To test:
1) Do a catalogue search in staff client that results in more than one
page
2) Notice pagination is only at the bottom
3) Apply patch and refresh page
4) Notice pagination is at top also

Sponsored-by: Catalyst IT

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:49 -03:00
2c07f63ae8 Bug 18449: Rename misleading button when renewing
If you hit the renewal limit on the renewal tab, the message gives you a
message like:

"Windows 8 / ( 50610018249545 ) has been renewed the maximum number of
times by Johnny Test ( 12345678 )"

And has a button that reads:

"Ignore and continue"

This button is misleading, as it may be interpreted as "ignore the limit
and continue to renew the item".

Signed-off-by: Dominic Pichette <dominic@inlibro.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:11:23 -03:00
b583e806c7 Bug 19371: Changed table column text to 'Cancel?' on the patron circulation page
Test plan:
1. Place a hold on an item

2. Search for the patron who the hold is associated with

3. View the Hold(s) tab of the Checkouts page and notice there is a
column with the text 'Delete?' and a button below the table with the
text 'Cancel marked holds'

4. Apply patch

5. Notice that the column text described in step 3 now has the text
'Cancel?' and the button text is the same as it was in step 3

Sponsored-By: Catalyst IT

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:11:23 -03:00
36821be142 Bug 13208: Display complete breadcrumbs on successful deletion
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 14:14:54 -03:00
faf1bd1e6e Bug 13208: (QA follow-up) Remove blank breadcrumbs on successful deletion
After order is deleted we don't have a vendor or basket so we get blank
breadcrumbs, this removes them

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 14:00:58 -03:00
Aleisha Amohia
3bdee4a05f Bug 13208: [FOLLOW-UP] Creating and implementing new Koha::Acquisition::Basket[s] modules
Test plan remains the same.

Sponsored-by: Catalyst IT

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 14:00:58 -03:00
Aleisha Amohia
639d7f308f Bug 13208: Improving breadcrumbs for when cancelling an order
To test:
1) Go to Acquisitions -> Find a vendor -> View a basket with orders in
it (or make a new basket and add an order)
2) Click Cancel order
3) Notice incomplete breadcrumbs, and 'Acquisition' typo
4) Apply patch and refresh page
5) Breadcrumbs should be fixed. Confirm links to vendor and basket work
as expected

Sponsored-by: Catalyst IT

Signed-off-by: severine.queune <severine.queune@bulac.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 14:00:50 -03:00
0d124e1bc3 Bug 19193: When displaying the fines of the guarantee on the guarantor account, price is not in correct format
1 - Have a patron with guarantees
2 - Charge some fines to the guarantees
3 - View the patron
4 - Fines are displayed unformatted
5 - Apply patch
6 - Refresh
7 - Fines should now be formatted correctly

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-06 12:10:00 -03:00
Lari Taskula
07764f2b31 Bug 19374: CircSidebar overlapping transferred items table
When CircSidebar is activated, "Transferred items" table at
Circulation -> Transfers goes under the sidebar. This patch fixes the issue.

To test:
1. Enable CircSidebar system preference
2. Go to cgi-bin/koha/circ/branchtransfers.pl
3. Enter a barcode and click submit
4. Observe transferred items table under the circulation side bar
5. Apply patch
6. Enter a barcode and click submit
7. Observe transferred items is now correctly displayed
8. Also test with CircSidebar system preference deactivated

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19374: (follow-up) Remove stray closing div tag

To test:
1. Apply first patch and validate the document e.g. here
   https://validator.w3.org/#validate_by_input
2. Observe "Stray end tag div." error
3. Apply this patch and validate again
4. Observe no errors
5. Go through test plan from first patch to make sure things still look nice

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-06 11:36:49 -03:00
9dca694b04 Bug 16726: Do not display "You searched for:" if not needed
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-03 11:06:07 -03:00
b6f8cf4369 Bug 19391: (bug 19128 follow-up) Fix failing tests from auth_values_input_www.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 17:12:18 -03:00
5144cee9a9 Bug 13912: (QA followup) Make it explicit that syspref applies to MARC21
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 16:49:49 -03:00
21ee44ff12 Bug 13912: Fix LOC link
Signed-off-by: m23 <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 16:49:48 -03:00
5705c13d38 Bug 13912: Add DefaultCountryField008 syspref
This syspref is going to be used for populating field 008, range 15-17
with a desired default. It is currently hardcoded to 'xxu'. If not set,
it will still fallback to 'xxu'.

Signed-off-by: m23 <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 16:49:48 -03:00
Oleg Vasylenko
2f5a319b0a Bug 18422 - Add Select2 to authority editor
Overview:
Repeat tag fails if authority field has select subfield (for example, UNIMARC 700$8, 800$a)
This patch adds Select2 to authority editor

Steps to Reproduce:
In authority editor repeat field that has select subfield

Actual Results:
Field does not repeat (copy is not created).
Console shows a js TypeError in cataloging.js: «$(...).select2 is not a function»

Expected Results:
Field will repeat (copy is created)

Additional Information:
Error happens in version 16.11+ after adding Select2 js functions. The easiest way to fix is to add Select2 to authority editor

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 16:49:48 -03:00
c7b2d9bcf3 Bug 19329: Update IntranetSlipPrinterJS system preference description.
Test plan:
0) Apply the patch
1) Go to administration -> system preferences -> staff client
2) Read the description by IntranetSlipPrinterJS and confirm it's right

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:37:00 -03:00
99f6e1adf3 Bug 19357: (bug 18260 follow-up) Remove non-relevant attributes
When created, batch_record_modification.tt has been based on
batch_delete_records.tt
These attributes are not used in the template and not set in the pl
script.
Since bug 18260, biblio is a Koha::Biblio and calling a non-existent
method will raise an error.

This patch get rid of the following error:
batch_record_modification.pl: Template process failed: undef error - The
method itemnumbers is not covered by tests!

Test plan:
Modify bibliographic records with the "Batch record modification" tool.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:36:59 -03:00
c84d03c582 Bug 15173: Restore SubfieldsToAllowForRestrictedEditing
Bug 7673 introduced SubfieldsToAllowForRestrictedEditing but bug 12176
broke it assuming that only selects were impacted by this feature.

Test plan:
Go back on bug 7673 and confirm that
SubfieldsToAllowForRestrictedEditing is working as expected with this
patch applied.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
For clarification, the item fields that are entered in
SubfieldsToAllowForRestrictedEditing should EXCLUDE the desired
fields you want to disable.

Test plan (updated to test the scenario in the bug Description):
1. Create a patron with only the following permissions:
    - catalogue (Required for staff login)
    - editcatalogue -> edit_catalogue
    - editcatalogue -> edit_items
    - editcatalogue -> edit_items_restricted
2. Navigate to Administration -> Global system preferences -> Cataloging
    -> Record Structure -> SubfieldsToAllowForRestrictedEditing
3. In the input field for SubfieldsToAllowForRestrictedEditing enter in
    all the 952 fields EXCEPT the ones desired to be disabled. In this
    case, we want to disallow editing of 952$2, 952$a, 952$b, 952$e, 952$h,
    and 952$o so we enter the following into the
    SubfieldsToAllowForRestrictedEditing (without quotes) "952$0 952$1
    952$3 952$4 952$5 952$7 952$8 952$c 952$d 952$f 952$g 952$i 952$j
    952$p 952$t 952$u 952$v 952$w 952$x 952$y 952$z"
4. Click Save all Cataloging preferences
5. Login to the staff client as the created restricted editing patron
6. Edit an item
7. Note that all fields except for the ones excluded from the syspref
    are editable

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:35:59 -03:00
357d51c8c4 Bug 19127: (follow-up) Fix Stored XSS in csv-profiles.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
Amit Gupta
b90662073f Bug 19127: Fix Stored XSS in csv-profiles.pl
To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
   and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
914577fdb7 Bug 19108: (follow-up) Fix Stored XSS in biblio_framework.pl
Prevent software error
Template process failed: undef error - text: filter not found at
/home/vagrant/kohaclone/C4/Templates.pm line 121.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
Katrin Fischer
624eb9e1f5 Bug 19108: (follow-up) Fix Stored XSS in fieldmapping.pl and items_search_fields.pl
To test:
- Add a framework with script in the description
- Access the Keywords to MARC mapping page
- Add an item search field where both name and label are script
- Try to edit/delete the added mapping

With the patch no script should be executed and everything
should still work ok.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
Amit Gupta
a482880352 Bug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl
To Test
1. Hit the page /cgi-bin/koha/admin/biblio_framework.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Click on Actions -> MARC structure
6. Apply patch and reload, the js is escaped

Fixed for both the pages biblio_framework.pl and marctagstructure.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
Amit Gupta
ec85c6b0a2 Bug 19108: Fix Stored XSS in fieldmapping.pl
To Test
1. Hit the page /cgi-bin/koha/admin/fieldmapping.pl
2. Add a text in the field Field name that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
Amit Gupta
6a68fd0330 Bug 19108: Fix Stored XSS in authtypes.pl
To Test
1. Hit the page /cgi-bin/koha/admin/authtypes.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
Amit Gupta
b09750ca2b Bug 19108: Fix Stored XSS in classsources.pl
Fixed for both Classification sources & Classification filing rules

To Test
1. first case classification source: Hit the page
   /cgi-bin/koha/admin/classsources.pl?op=add_source
   second case classification filing rules:
   Hit the page /cgi-bin/koha/admin/classsources.pl?op=add_sort_rule
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
Amit Gupta
bfbba2339f Bug 19108: Fix Stored XSS in items_search_fields.pl
To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
Amit Gupta
d1aa11c51c Bug 19108: Fix Stored XSS in oai_sets.pl
To Test
1. Hit the page /cgi-bin/koha/admin/oai_sets.pl
2. Click on New set
3. Add a text in the field setSpec, setName that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:47 -03:00
ab7b35fe24 Bug 19103: (follow-up) Fix Stored XSS in itemtypes.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:46 -03:00
Amit Gupta
233741e937 Bug 19103: Fix Stored XSS in matching-rules.pl
To Test
1. Hit the page /cgi-bin/koha/admin/matching-rules.pl
2. Click on new record matching rule
3. Add a text in the field Description that contain js.
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:46 -03:00
Amit Gupta
617e2f8221 Bug 19103: Fix Stored XSS in patron-attr-types.pl
To Test
1. Hit the page /cgi-bin/koha/admin/patron-attr-types.pl
2. Click on new patron attribute type
2. Add a text in the field Description that contain js.
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:46 -03:00
Amit Gupta
9374c646e1 Bug 19103: Fix Stored XSS in itemtypes.pl
To Test
1. Hit the page /cgi-bin/koha/admin/itemtypes.pl
2. Add a text in the field Description, Checkin message that contains js
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:46 -03:00
b3734f02e1 Bug 19128: Fix Stored XSS in admin/authorised_values.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:46 -03:00
Katrin Fischer
b4608887f6 Bug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl
Preparation:
- Add a branch with script in the branch name
- Add a patron category with script in the category name
- Add a new authorised value cateogory with script
- Add a new authroised value for this category with script
  in all possible fields

- Test editing patron categories
- Test editing patron attribute types
- Test viewing and editing authorised values

Verify that with this script there is no more script executed
and everything works fine.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
Katrin Fischer
2d30845601 Bug 19125: Fix Stored XSS in members.pl
In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>

To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
Katrin Fischer
0bbe968fe5 Bug 19086: Fix Stored XSS in subscription-detail.pl
Add script to the callnumber field on adding a subscription.

Verify script is executed without this patch, but not with it.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
Katrin Fischer
13e65432ce Bug 19086: (follow-up) Fix Stored XSS in supplier.pl
In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
Amit Gupta
ec86950780 Bug 19086: Fix Stored XSS in subscription-add.pl
To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
   that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
Amit Gupta
6d22674da5 Bug 19086: Fix Stored XSS in supplier.pl
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
   accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
50dcae4b50 Bug 19086: Fix Stored XSS in circulation.pl
1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
  where number is the borrowernumber of the borrower you set the message
  for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:44 -03:00
c176b8ceef Bug 19086: Fix Stored XSS in members/member.pl
To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:44 -03:00
402c7f7567 Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list
Edit: fixed tab-for-space errors (tcohen).

Signed-off-by: Magnus Enger <magnus@libriotech.no>
New categories are added to the pulldown and work as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 14:15:52 -03:00
Aleisha Amohia
06b602b097 Bug 19180: [FOLLOW-UP] Renaming all instances of 'name' variable to 'booksellername'
... when referring to the name of the vendor.

To test:
1) Confirm vendor shows on webpage title (tab name)
2) Confirm vendor shows in breadcrumbs
3) Confirm vendor shows in heading when viewing basket ('Basket x (1) for
vendor')

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 11:47:33 -03:00
Aleisha Amohia
17c5b76597 Bug 16204: Show friendly error message if trying to edit record which no longer exists
To test:
1) Create a record
2) Click Edit -> Edit record. open this in another tab
3) Delete the record in the original tab
4) Refresh the edit form in the other tab. Notice the software error
5) Apply patch and refresh page
6) There should be a nice error message with the form fields and buttons
hidden. Confirm links work as expected.

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 11:47:33 -03:00
Marc Véron
45aea7ae1d Bug 18541 - Patron card creator: Add a grid to support layout design
Add a layout grid to patron card creator to figure out the positions of text
fields, barcode and images.

To test:
- Apply on top of patch 18465
- Go to Home > Tools > Patron card creator
- Edit or create a layout
- Turn on new choice 'Guide grid' in section 'General settings'
- Leave 'Units' unchanged
- Crate a PDF using 'Card batches'
- Notice that card is printed with a layout grid that reflects selected unit
  with each 5th and 10th line in different color, unit description displayed
  bottom left, card dimensions displayed top right in small print inside the
  layout grid
- Print PDF. Set printer settings in Adobe Reader or other PDF printing
  software to 'Actual size' to prevent scaling to printer's printable
  region
- Mesure out printed PDF and verify that grid corresponds to selecte unit.
- Go back to layout definition and choose an other unit, repeat steps
  to verify that grid respects selected unit.
- Go back to layout definition, turn grid off, create PDF, verify that grid
  does not display in PDF

Note for testers / QAers: Position of card elements (text, image...) do not
respect the unit, this will be fixed in Bug 18550

Followed test plan and it worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 11:47:32 -03:00
9355e52040 Bug 18739 - Add SVG version of staff-home-icons-sprite image
Images display correctly. Followed test plan and patch works as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 11:47:32 -03:00
3031101998 Bug 10132: (QA followup) Open LOC URL on a separate window
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 09:47:28 -03:00
e2d56c0b2b Bug 10132: Admin pages changes
Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 09:47:27 -03:00
3d07449358 Bug 17380: [QA Follow-up] Report error to user instead of throwing exception
Internal server errors are good, user feedback is better.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tiny change: removed the obsolete 'use Koha::Exceptions'.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-12 12:07:48 -03:00
87773a6d66 Bug 17380: Do not allow Default template in merge form
This patch makes the following changes:
[1] Removes Default from the template list. We should not merge with the
    Default framework, since it does not have a reporting tag.
[2] Rearranges the error section in the template. It is confusing to have
    two error sections in this template. The error CANNOT_MOVE is not used.
    The error FRAMEWORK_NOT_SELECTED is replaced by WRONG_FRAMEWORK.
[3] Do not allow to merge a record with itself.
[4] Check if the merge reference record still contains any MARC tags.
[5] Additional polishing: Simplify passing frameworks to template. Remove
    an unused Koha::Authority::Types->search. Remove obsolete POD header
    for functions from the script.

Test plan:
[1] Select two authorities to merge. Verify that you cannot select Default
    anymore as framework for the reference record.
[2] Reproduce error WRONG_COUNT by adding another authid=999 in the URL
    after you selected two authority records for merging.
[3] Remove the third authid from the URL and change the first or second
    authid into an unexisting record id. You should generate an Internal
    Server Error. The log should show the exception message.
[4] Merge two authorities. Deselect all MARC tags. Should trigger the
    error EMPTY_MARC in the template.
[5] Select the same authority record twice for merging. Should trigger the
    error DESTRUCTIVE_MERGE in the template.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-12 12:07:47 -03:00
Aleisha Amohia
0ed469525f Bug 18351: Able to delete budget with funds
To test:
1) Create a budget, add a fund
2) Delete budget. Notice this is successful and triggers no warning
message etc.
3) Go to Funds. Notice the funds appear as if they are not there
4) Go into mysql and view the aqbudgetperiods table - notice the funds
are still there and are now inaccessible.
5) Apply patch
6) Create a budget, add a fund
7) Attempt to delete budget. Notice you can't click Delete button.
Confirm number of funds in hover message is correct.
8) Delete fund
9) Confirm you can now delete budget.

Sponsored-by: Catalyst IT

Signed-off-by: Felix Hemme <felix.hemme@thulb.uni-jena.de>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 18351: [FOLLOW-UP] Some code fixes

See Comment 5. Ready to test.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 18351: [FOLLOW-UP] Code fix

See comment 10.
Ready for testing.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 18351: [FOLLOW-UP] Prevent deletion from forcing URL

This patch adds a check in the script for existing funds so that the
budget cannot be deleted when forcing the URL and has other small fixes.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 18351: [FOLLOW-UP] Prevent deletion if funds are added after clicking 'Delete' and before confirming delete

Followed test plan and patch works as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-12 11:28:53 -03:00
889fabe9f2 Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt
Followup correcting a typo of previous patch :
  name="holdingbranch" options = branche
it is branche[s]

Test plan :
- Look at 'Current location' in item search
=> Without patch you see only 'All libraries'
=> With patch you see 'All libraries' and each existing library, like in 'Home library'

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-12 10:16:20 -03:00
24003b84ce Bug 17893 - Move JavaScript to the footer on staff client catalog pages
This patch modifies multiple catalog-related pages in order to move
embedded JavaScript to the footer.

The JavaScript previously embedded in cat-toolbar.inc is moved to a
separate file (catalog.js).

To test, apply the patch and test JavaScript-driven interactions on all
modified pages, including JS which isn't page-specific (menus, help,
etc). The functionality of the catalog toolbar should be tested on each
page.

- Bibliographic detail pages (standard, MARC, labeled MARC, ISBD).
- Advanced search page
- Local cover image viewer
- Item search page
- Item detail page
- Search history page
- Checkout history page

https://bugs.koha-community.org/show_bug.cgi?id=17839

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 14:05:49 -03:00
Aleisha Amohia
7aef2f3298 Bug 19228: Trigger confirm delete when removing item from course
To test:
1) Enable UseCourseReserves syspref
2) Go to Course Reserves
3) Add a new course if you don't already have one
4) Add an item to the course
5) Click 'remove' to delete the item from the course
6) Notice the item deletes straight away with no confirmation prompt
7) Apply the patch
8) Repeat steps 4 and 5
9) Confirm the confirmation box pops up and works as expected

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 13:56:38 -03:00
Aleisha Amohia
f55af2fc07 Bug 19229: Return to course when cancelling out of edit form
To test:
1) Ensure UseCourseReserves is enabled
2) Go to Course Reserves, create a course
3) Edit course
4) Click Cancel
5) Notice you are returned to the courses home page rather than returned
to the course
6) Apply patch
7) Go to edit course and click cancel again
8) Confirm you are returned to the course and that this feels like the
natural expectation.

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 13:56:08 -03:00
Aleisha Amohia
f7e8391fd3 Bug 19215: Fixing typo in URL for patron clubs
To test:
1) Go to Tools -> Clubs
2) Create a new club template if you do not already have one
3) Edit the template
4) Notice the URL is incorrect and the page is not found
5) Apply patch and go back to Clubs
6) Click edit button
7) Link should work as expected

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-06 12:55:23 -03:00
ecf6ca5d6e Bug 18708 [Revised] Show itemBarcodeFallbackSearch results in a modal window
This patch modifies the circulation template so that
itemBarcodeFallbackSearch results show in a modal window.

To test, enable the itemBarcodeFallbackSearch system preference and open
a patron's account in circulation.

- Submit a string which will return search results. When the page
  reloads a modal should display showing a table of title search
  results.
  - Test the "Check out" button and confirm that the correct item is
    submitted.
  - Test closing the modal and re-displaying it using the new "Show
    matching titles" button.
  - Confirm that the "Add record using fast cataloging" button still
    works correctly.
- Submit a string which will return no results. No modal window should
  display, and only the "Add record" button should appear.
- Confirm that normal checkout works correctly.
- Test with itemBarcodeFallbackSearch disabled, and with a user who
  lacks Fast Cataloging permission.

Revision removes a heading which was made redundant by the modal markup.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 17:07:22 -03:00
Katrin Fischer
327495b5e0 Bug 14316: Clarify meaning of record number in Batch record modification tool
Same change as the first patch, but for the batch record
modification tool.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:26 -03:00
Katrin Fischer
4934ee4a16 Bug 14316: Clarify meaning of record number in Batch record deletion tool
Changes the label from 'list of record numbers...' to
'List of biblionumbers or authority ids...' to make it
more clear to the user which kind of input is expected.

To test:
- Go to Tools > Batch record deletion
- Check the new description
- Decide if it's more clear or not

Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:26 -03:00
Marc Véron
65bce82b1f Bug 18636: Sysprefs: Add explanation for conflict autonumbernum / BorrowerMandatoryFields
This patch adds a note to the system preferences autonembernum and
BorrowerMandatoryFields regarding a conflict if automembernum is on
and BorrowerMandatoryFields contains cardnumber.

To reproduce issue: See initial comment.

To test:
- Apply patch
- Verify that in system preferences note appears with both prefs
  automembernum and BorrowerMandatoryFields

Followed test plan, works as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:25 -03:00
Marc Véron
6c1504cfdb Bug 16485: collection column in Item search is always empty
This patch fills the column 'Collection' in item search from the item values.

To test:
- Go to item search
- Reproduce issue from initial comment
- Apply patch
- Verify that the column 'Collection' is filled

Still to do, but outside of my datatable skills:
Filter by drop down in the column header does a substring search.
Example: Filter for 'Fiction" returns both 'Fiction' and 'Non-fiction' items.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Laurence Rault <laurence.rault@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:25 -03:00
515e629928 Bug 18621: Added in value attribute to dateexpiry field
Test plan:
1. Create a patron category with the dateexpiry value of 29/9/2017

2. Create a patron user from that patron category (which I'll refer to as patron A) with the date
expiry value of 1/10/2017 and submit the form

3. Notice that the manual dateexpiry you have submitted is correctly
displayed

4. Create a duplicate patron with the same firstname and surname and
patron A, and set the date expiry value of 1/10/2017 and submit the form

5. The form displays a duplicate patron message. Notice that the dateexpiry input box is empty now

6. Select the new member (not a duplicate member) option in the
messagebox

7. The form successfully submits and notice that the date expiry value
displayed is that of the patron category (i.e. it is 29/9/2017) not the
dateexpiry value of 1/10/2017 that you manually set for this patron

8. Apply patch

9. Repeat step 4

10. The form displays a duplicate patron message. Notice the dateexpiry input box still
contains the value you entered which is 1/10/2017. Select the new member
(not a duplicate member) option in the messagebox

11. The form successfully submits and notice that the date expiry value
displayed is 1/10/2017 that you manually set for this patron

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:24 -03:00
Katrin Fischer
a887aeb2df Bug 19129 - Follow-up - Add changes to patron duplicate warning
Adds logic from the previous fix to the brief patron summary
shown when checking a possible patron duplicate.

Bonus: Also fixes missing patron category description there.

To Test:
- Add 2 patrons
- Add a patron with the same surname and firstname as an
  existing patron in order to trigger the duplicate message
- Click "View existing patron"
- Verify display is correct when existing patron is
  - an organisation
  - not an organisation
- Verify that the patron category description shows

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:23 -03:00
Katrin Fischer
82f183c5ea Bug 19129 - Clean up Details tab for Organisation patrons
Problem: A patron category "I" would cause display problems
on the details in the intranet. This is because the templates
confused patron category "I" with patron type "I" (organisation).

Patch:
- Cleans up variable confusion between categorycode and
  categorytype.
- The template contained code to change the labels below
  the address to 'Organisational phone:" etc., I have removed
  this part as it does not match the edit form anymore.
- Initials, date of birth and gender are still hidden for
  organisation - matching the edit form.

Bonus:
- The patron category description was missing on the
  right and left side of the details tab. Now it displays.
- Fixes some html issues:
  - doubled up class attribute in a tag
  - doubled up </li></li>

To test:
- Create 3 patrons
  - patron category code doesn't matter, but category type organisation
  - patron category code 'I', category type NOT organisation
  - patron category code NOT I, category type NOT organisaton
- Check details tab in patron account in staff for all 3
  - Verify patron category description shows correctly
  - Verify information added to the account displays correctly
    (phone numbers, emails, ...)

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:23 -03:00
Aleisha Amohia
f24e339dd6 Bug 16726: [FOLLOW-UP] Putting text in h1
Works as outlined in test plan, search terms now appear at top as h1 as well

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:07 -03:00
Aleisha Amohia
f10f6a19c5 Bug 16726: Clear text in syspref searchbox after submitting
To test:
1) Go to Admin -> search for a system preference
2) Notice your search stays in the search box (this is inconsistent with
    search behaviour across Koha)
3) Apply patch and refresh page
4) Make another search
5) Confirm search still works as expected and search terms have been
cleared from search box
6) Confirm search terms show at the top of the results

Sponsored-by: Catalyst IT

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:06 -03:00
Marc Véron
8d08254b22 Bug 14353 - Show 'damaged' and other status on the 'place holds' page in staff
This patch adds status 'Damaged' to 'Information' 'Status' in the items
table on 'Place hold' page.

To test:
- Apply patch
- In staff client, try to place an item level hold for items with 'Damaged'
  status.
- Verify that the status 'Damaged' appears in the column 'Information'.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:05 -03:00
831d75d09c Bug 19208 - Pay select option doesn't pay the selected fine
The "Pay selected" option on the Fines tab in the borrower account page doesn't work as intended.
The fine on top of the list gets the amount deducted, even if another fine is choosen from the list.

Test Plan:
1) Create two or three fines, using the Create manual invoice function.
2) Choose one of the fines (not the one on the top) and click Pay selected
3) Pay a partial amount
4) Go back to the Pay fines tab an notice that the fine you selected has not changed. Instead, either the top fine or the total (see attachment) has ben affected.
5) Apply this patch
6) Repeat steps 1-3
7) Note the correct fine is paid

Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:04 -03:00
Marc Véron
239589b119 Bug 18718: Language selector in staff header menu similar to OPAC
This patch adds a language selector menu to the top menu of staff client
similar to the OPAC.
Display of language selectors at top, bottom or both can be configured
with system preference StaffLangSelectorModer. It defaults to bottom.

To test:
- Apply patch
- Udate database
- Restart plack and memchached
- Go to staff client, verify that language selector displays at
  the bottom of the page (as before)
- Go to system preferences, verify that there is a new preference
  StaffLanguageSelectorMode (name similar to the sypref ror OPAC), and
  that it is set to 'footer'
- Change mode for top, both and footer and verify, go to staff client
  and verify for each that the language selector displays as appropriate

(Amended for comment #2  2017-06-02 mv)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 11:30:26 -03:00
Aleisha Amohia
d510598076 Bug 18871: Make patron list name a link to view contents of list
The link is the same as the 'Add patrons' button in Actions dropdown,
but requires one less click, and makes finding the contents of the list
more obvious.

To test:
1) Go to Tools -> Patron lists
2) Create a patron list if you haven't already
3) Confirm that clicking the name of the list takes you to the correct
list and shows the expected content.

Sponsored-by: Catalyst IT

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:51:21 -03:00
Aleisha Amohia
9a8a6da3f4 Bug 18869: [FOLLOW-UP] Show enrollments as disabled link
if club has no enrolled patrons

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:44:00 -03:00
Aleisha Amohia
af293fd886 Bug 18869: [FOLLOW-UP] Make page reload after club or template delete
If deleting the last club or template in a table, the row is deleted
from the webpage by ajax so the nice blue bubble message does not show.
This patch forces the page to reload so the blue bubble message shows
instead of the empty table.

To test:
Confirm that the blue message shows when tables are empty. Add a
template and a club, then delete a club. Confirm the page reloads and
the message shows. Test with template

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:44:00 -03:00
Aleisha Amohia
79439a0262 Bug 18869: Fixing display of patron clubs tables
This patch
1) Hides the club templates table if there are no club templates, shows
an appropriate message
2) Hides the clubs table if there are no clubs. Shows an appropriate
message for whether templates exist
3) Puts the actions in one column, or a dropdown menu

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:44:00 -03:00
Marc Véron
03c7f9366c Bug 18687: Translatability: abbr tag should not contain lang attribute
In manage-marc-import.tt, we have an abbreviation:

<abbr title="Differences between the original biblio and the imported" lang="en">Diff</abbr>

In translations (e.g. German), the line appears as follows:
<abbr title="Unterschiede zwischen Originaltitelsatz und importiertem Titelsatz" lang="en">Diff</abbr>

The lang attribute is wrong here, it is still "en".
The text language is the same as defined at the top of the page - or with other
words, the lang tag is superfluous.

This patch removes it.

To test:
Verify that code change makes sense.

Passes QA test and the change is logical
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:35 -03:00
Marc Véron
25fa02272d Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt
This patch removes entries like the following in translations of itemsearch.tt:
"[%% INCLUDE form_field_select name=\"homebranch\" options = branches "
"empty_option = \"All libraries\" %%] [%% INCLUDE form_field_select name="
"\"holdingbranch\" options = branches empty_option = \"All libraries\" %%] %s "
"[%% INCLUDE form_field_select name=\"location\" options = locations "
"empty_option = \"All locations\" %%] %s "

New patch on top of Bug 18633 that resolves parts of initial comment.

To test:
- Verify that in itemsearch.tt no tt directives are splitted by new lines
  (search for [% INCLUDE )
- Verify that itemsearch.tt works as before

Followed test plan and verified that tt directives are not split by new
lines, the changes to the fieldset tags in comment 3 have been removed
and itemtype.tt still works correctly as before

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:35 -03:00
Marc Véron
2ee82801c7 Bug 18652: Get rid of tt directive in translation for uncertainprice.tt
Translation tool shows toe following for ncertainprice.tt
0; url=[% scriptname %]?booksellerid=[% booksellerid %]

This patch fixes it.

To test:
- Apply patch
- Verify that code change makes sense
- Verify that Home > Acquisitions > [vendor] > Uncertain prices for [vendor]
  works as before

- Additional test (for a langunage 'aa-AA')
  perl translate create aa-AA
  verify that line 41 no longer appears in aa-AA-staff-prog.po

Amended to switch from BLOCK to a template variable, see comment #5

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:35 -03:00
Marc Véron
79338bde3e Bug 18649: Translatability: Get rid of tt directive in translation for admin/categories.tt and onboardingstep2.tt
New patch without trailing IF construction in tt directives as
requested in comment #28

To test: Verify that translation tool no longer shows tt directives as
described in comment #1

New patch, needs SO.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:35 -03:00
Marc Véron
59e95182cf Bug 18629: (followup) Plain text "Continue..." instead of BLOCK
Remove
[% BLOCK txt_continue %]Continue to the next step[% END %]
...and restore original text

See comment #19 and comment #20

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:34 -03:00
Marc Véron
bd81047f42 Bug 18629 - Translatability: Fix problems with web installer 17.05
The new web installer for 17.05 has a great new design - but it has a lot of
translatability issues. Some strings are not picked for translations,
some expose the content of tt directives, and others are splitted by
html tags, resulting in small text fragments that are not easy to translate.

This patch weeds out such translation problems for step1.tt, step2.tt and
step3.tt

To test:
- Apply patch (on top of Bug 18665 because of html tags inside of
  tt directives in step2.tt)
- Prepare a fresh install (drop database, create database)
- Walk through the installation process and verify that it works as before
- Verify that string changes (in English) make sense
- Create a translation( cd misc/translator, then perl translate create aa-AA)
  then: vim po/aa-AA-staff-prog.po and search for: /installer\/step
  Verify that strings for step1.tt, step2.tt, step3.tt are not fragmented,
  do not contain [%%, and are easily translatable (make sense without having
  to search in source files for context).

(Amended to remove some superfluous chomps 2017-06-27 mv)

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:34 -03:00
Amit Gupta
36ba8be88a Bug 19035 - Stored XSS in lists.pl
To Test
1. Hit the page /cgi-bin/koha/patron_lists/lists.pl
2. Click on new patron list
3. Add a text in the field Name that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed in both the pages list.pl and list.pl?patron_list_id=xx
xx is patronlist id

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
8534ca2780 Bug 19114 - Stored XSS in parcels.pl
Test
1. Hit the page /cgi-bin/koha/acqui/parcels.pl?booksellerid=xx
   xx is booksellerid
2. Add a text in the field Vendor invoice that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Fixed XSS for parcels.pl/parcel.pl/orderreceive.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
d31c635fe2 Bug 19112 - Stored XSS in basketheader.pl page
To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
d4b588aca8 Bug 19110 - XSS Stored in branches.pl
To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
   xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
73a66ccaf4 Bug 19100 - XSS Flaws in memberentry.pl
1. Hit /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid.
5. Notice it is no longer executed.

NOTE: I had to test in Microsoft Edge, because Chrome was blocking XSS for me.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
6b3449627f Bug 19105 - XSS Stored in holidays.pl
To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
fd44f2fed7 Bug 16069 - XSS issue in basket.pl page
1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
   xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
   xx - is a basketno.
5. Notice it is no longer executed.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
8c3da35130 Bug 19033: XSS Flaws in Currencies and exchange page
1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the issue, follows common practice on the codebase.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
4b11d0c862 Bug 19034: (followup 2) Fix letters.tt XSS flaw
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
7e9a71a438 Bug 19034: (followup) Fix letters.tt XSS flaw
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
46b0b0a75b Bug 19034: XSS Flaws in Z39.50/SRU servers administration
1. Hit /cgi-bin/koha/admin/z3950servers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search Z39.50/SRU servers box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search Z39.50/SRU servers box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
3f7fc907ba Bug 19034: XSS Flaws in Cities
1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
e0dd566634 Bug 19034: XSS Flaws in Patron categories pages
1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
c57d0b71c7 Bug 19050 - XSS Flaws in Quick spine label creator
1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
861cec5773 Bug 19051 - XSS Flaws in - Batch item modification page
1. Hit /cgi-bin/koha/tools/batchMod.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
9f19d3d44c Bug 19051 - XSS Flaws in Batch item deletion page
1. Hit /cgi-bin/koha/tools/batchMod.pl?del=1
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
92d58c60b0 Bug 19051 - XSS Flaws in - Batch record deletion page
1. Hit /cgi-bin/koha/tools/batch_delete_records.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Record number list (one per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Record number list (one per line) text area.
6. Notice it is no longer executed.
7. Fixes for both biblio and authority records.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
0cf9eb0cfb Bug 19052 - XSS Flaws in - Invoice search page
1. Hit /cgi-bin/koha/acqui/invoices.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
3199cff639 Bug 19052 - XSS Flaws in vendor search page
1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
1a7040b7b0 Bug 19054 - XSS Flaws in Report - Top Most-circulated items
1. Hit /cgi-bin/koha/reports/cat_issues_top.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
ee3bfd5d69 Bug 19078 - XSS Flaws in System preferences
1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
ea886885d0 Bug 19118 - Due to wrong variable name passed vendor name is not coming in browser title bar
Test

1. Hit the page /cgi-bin/koha/acqui/supplier.pl?booksellerid=xx
   xx is a booksellerid
2. Apply the patch and reload the page.
3. You can see vendor name in browser title bar.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 12:12:25 -03:00
9af6c4e34b Bug 19080: Handle non-existing patrons gratefully
This is a recurrent bug we have over the last years. When a script is
called with non-existent borrowernumber it will crashes.
We need to handle this gracefully instead of letting the script crashes.

On bug 18403 a new subroutine is added to the codebase
(output_and_exit_if_error) to handle this kind of errors correctly.
Since it is not pushed yet, I propose to just redirect to a script that
handle it correctly (circulation.pl) instead of adding this message to
all these scripts.

Test plan:
Hit different scripts from the members module and pass a non-existent
borrowernumber.
You must be redirected to circulation.pl with a friendly message.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 11:03:37 -03:00
9917d9cad1 Bug 18581 - Add standard edit and delete buttons to suggestions list
This patch modifies the table of suggestions in the staff client, moving
the edit link to the standard last column and styling it correctly. A
delete button is added as well.

Unrelated change: I removed the column containing suggestionid because I
don't think it's human-relevant information.

To test, apply the patch and go to Acquisitions -> Suggestions.

- In each tab, the table of suggestions should have an unsorted last
  column containing "edit" and "delete" links which should be styled
  correctly and working correctly.
- On the detailed view of a suggestion, the "delete" button in the
  toolbar should still work correctly.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:59:04 -03:00
Mark Tompsett
ae45243fae Bug 16892: Add automatic patron registration via OAuth2 login
10988 added the ability to log into the OPAC authenticating with
Google Open ID Connect. This extends it, by allowing an
unregistered patron to have an account automatically created
with default category code and branch.

This is accomplished by adding 3 system preferences.
- GoogleOpenIDConnectAutoRegister
      whether it will attempt to auto-register the patron.
- GoogleOpenIDConnectDefaultCategory
      This category code will be used to create Google OpenID Connect patrons.
- GoogleOpenIDConnectDefaultBranch'
      This branch code will be used to create Google OpenID Connect patrons.

Sponsored-by: Tulong Aklatan

Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
b08913370f Bug 18817: Update links manually
Without the anchor it is not possible to retrieve the html page, so
these occurrences have been updated manually (and yes it was painful)

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:22:14 -03:00
674c32a094 Bug 18817: Update links with anchor automatically
I generate a mapping files (old anchor > new anchor) from the doc files.
Here are the links that have been updated automatically

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:22:14 -03:00
Joy Nelson
0250fb7b76 Bug 18817 Correct Manual URL
Corrected the manual url in the help screen for 17.05 onward.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:22:13 -03:00
Baptiste Wojtkowski
7b5457cd0f Bug 18919: Repair "Transaction branch" in cash_register_stats.pl
- values of the option fields are now correctly loaded

TEST PLAN:
go to domain/cgi-bin/koha/reports/cash_register_stats.pl
1 - Make a report for all branches => it works
2 - Make a report for any branch => you will get the same or no result
3 - apply patch
4 - Repeat 2 => it should work

Followed test plan worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:45 -03:00
d934e72f5d Bug 12644 - Add subtitles to staff client cart
This patch adds display of subtitles to the staff client cart.

To test you should have some values mapped to subtitle in Administration
-> Keyword to MARC Mapping.

1. Apply the patch.
2. Add some records to the staff client cart which have subtitles.
3. Open the cart and onfirm that subtitles display correctly in both the
   brief and "More details" view.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:45 -03:00
a66c0b1dd7 Bug 18469: QA Follow-up
Restore datepicker class
Use Koha.Preference
Copy changes to moremember

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:43 -03:00
a58745d9db Bug 18469: Suspend all holds when specifying a date to resume hold does not keep date
Name of field had 'datepicker' embedded, this caused variable issue

To test:
 1 - Place several holds for a patron
 2 - Go to holds tab in circulation
 3 - Select a date for suspend all holds until
 4 - Suspend all holds
 5 - Note date is not used, suspended indefinitely
 6 - Apply patch
 7 - Resume all suspended holds
 8 - Select a date for suspend all holds until
 9 - Suspend all holds
10 - Note date is used

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:43 -03:00
d8f6315b6d Bug 19049 [QA Followup] - Make plugin name first item in description
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:42 -03:00
d24568b672 Bug 19049: Fix regression on stage-marc-import with to_marc plugin
Bug 12412 added the use of to_marc plugins allowing arbitrary file formats
in stage-marc-import (as long as the plugins can handle them). The feature
was not very visible in the code, and when bug 10407 added the marcxml
format, it made some changes that broke the use of to_marc.

This patch restores the functionality by:
[1] Adding a sub RecordsFromMarcPlugin to ImportBatch.pm, specifically
    addressing the conversion from arbitrary formats to MARC::Record.
    The original to_marc interface is used: pass it the file contents,
    and it returns a string consisting of a number of MARC blobs separated
    by \x1D.
    Consequently, the call of to_marc is removed from routine
    BatchStageMarcRecords where it did not belong. The to_marc_plugin
    parameter is removed and two calls are adjusted accordingly.
[2] Instead of a separate combo with plugins, the format combo contains
    MARC, MARCXML and optionally some plugin formats.
[3] The code in stage-marc-import.pl now clearly shows the three main
    format types: MARC, MARCXML or plugin based.

Note: This patch restores more or less the situation after bug 12412, but
I would actually recommend to have the to_marc plugins return MARC::Record
objects instead of large text strings. In the second example I added a
to_marc plugin that actually converts MARC record objects to string format,
while RecordsFromMarcPlugin reconverts them to MARC::Records.

Test plan:
See second patch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:41 -03:00
3c6168d374 Bug 18331: POST_CHOMP everywhere!
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:41 -03:00
14484ba423 Bug 18331: Followup - fix path to orders_by_budget csv header
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:41 -03:00
Lee Jamison
2ee4e0ac38 Bug 18331: Followup - Fix CSV export (once and for all!)
Follow-up on Comment 21 to correct the empty_line.inc
include in basket.tt

https://bugs.koha-community.org/show_bug.cgi?id=18331

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:40 -03:00
8403799c72 Bug 18331: Fix CSV export (once and for all!)
I am going to try and explain the problem here in order to make it a
have-to-read for next changes.

There are several things to test when and most of the time we break
something when we try to fix something else.

You have to test different CSV export, not only one. There are not all
processed the same way. For instance acqui/csv/basket.tt does not
contain any strings to translate and the translate script will copy the
original file as it.
But reports/csv/orders_by_budget.tt will not! Indeed it contains "TOTAL"
which will be translated. The generated tt file for the translated
language will remove all the carriage returns! That's why we cannot rely
on TT for newlines (contrary to bug 16914 assumption).

There are two possible methods:
1/ Fix the translate script
=> Hum... nope
2/ Remove all carriage returns and make them explicit by including an
file that only contains 1 carriage return

This second method is implemented in this patch.

How it works: Use the PRE_CHOMP "[%-" and POST_CHOMP "-%]"
(http://www.template-toolkit.org/docs/manual/Config.html#section_PRE_CHOMP_POST_CHOMP)
to remove all the newlines that could be added by TT in the original
(en) files. Then include the new_line.inc to add a new line.
That way original and translated files will behave the same way.
The BLOCK in the csv_headers avoid to have the newlines added, in any
cases. For instance: by default we will have an empty line at the end of
the headers, but the translated headers will not have it.

Test plan:
At least 2 signoffs will be needed, please test carefully!
You will need to generate CSV with at least 2 entries!
Test with the non-translated interface (en) and with the language you
want. To test with a translated language you will *have to*:
- cd misc/translator
- perl translate update LANG
- manually edit the po file, remove the fuzzy tags, correctly translate
the string (do not forget the additional %s in the headers)
- perl translate install LANG
1/ Export basket and basketgroup as CSV
2/ Export late orders as CSV
3/ Export items (from the item search) as CSV
4/ Export the 2 reports "Orders by fund" and "Cash register" as CSV

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:40 -03:00
3808dbc1d2 Bug 19053: Keep auto_renew flag if a confirmation is needed
If an item is checked out with the auto renewal flag and a confirmation
is needed (holds exist, past due date, etc.) the auto renewal flag will
get lost.

Test plan:
- Check an item out and specify a past due date
- Confirm the checkout on the confirmation screen
=> Without this patch the checkout is not marked as auto renewal
=> With this patch applied the auto renewal flag will be set to the
checkout

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-15 12:17:39 -03:00
Marc Véron
c140b91291 Bug 19027 - Circulation rules: Better wording for standard rules for all libraries
In Home > Administration > Circulation and fine rules, the standard value for
"Select a library: All libraries" is confusing and leads to support cases.

Change wording to "Standard rules for all libraries".

To test:
- Apply patch
- Go to Home > Administration > Circulation and fine rules
- Verfiy that text in drop down 'Select a library' makes sense.

Followed test plan which works as intended. I agree with the wording it
is significantly clearer than previously
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-10 16:25:35 -03:00
3304c7c4ca Bug 18985 - SQL reports 'Last edit' and 'Last run' columns sort alphabetically, not chronologically
This patch alters the DataTables configuration of the SQL reports list
so that date columns are identified via class rather than position.

To test, apply the patch and go to Reports -> Use saved.

Test the re-ordering of the creation date, last edit, and last run
columns. Each should sort correctly based on the date.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-10 16:25:35 -03:00
Alex Sassmannshausen
ad11824112 Bug 19074: Fix category display in Batch patron modification.
* tools/modborrowers.pl (GetBorrowerInfos): Fix setting of patron
  category description.
* koha-tmpl/intranet-tmpl/prog/en/modules/tools/modborrowers.tt: Use
  it.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-10 16:25:33 -03:00
Marc Véron
3b87ec988d Bug 18555: Create patron list from patron import
Create a patron list from imported patrons to be used for printing patron
cards and other patron list related actions.

To test:
- Apply patch
- Go to Home > Tools > Import patrons
- Select a file to import and check new checkbox 'Create patron list'
- Import file
- Verify that in import results you see the time stamped name of the
  patronlist containig the imported patrons (if any patrons were imported)
- Go to Home > Tools > Patron lists
- Verify that the list shows up and contains the imported patrons

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-10 16:25:32 -03:00
ee6f8e186b Bug 5471 - Quotes in tags fail
This patch makes changes to the tag moderation template and JavaScript
to fix handling of tags with double or single quotes. This patch also
moves the tags moderation JavaScript out of the template and into a
separate JS file.

To test you should have multiple tags awaiting moderation, including
tags which contain double and single quotes.

- Go to Tools -> Tags.
- In the list of tags pending approval, test approving and rejecting
  tags, including those containing single or double quotes.
  - The state of the "Approve" or "Reject" buttons should correctly
    change according to the action you chose.
  - The label in the status column should update correctly.
- In the "Check lists" form, submitting approved, rejected, and
  unclassified terms should result in the correct message.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Works correctly based on test plan. Tested using single- and
double-quoted tags. Passes QA Tools.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-10 13:20:31 -03:00
4a302b17af Bug 18980: Show distinction between shared and private lists in staff
Just as we show this distinction in OPAC, this patch adds a type column
in the Your lists tab that displays Private or Shared. It always contains
Public in the other tab.

Test plan:
[1] Check if you see Shared for a private lists with shares in staff.
[2] Run t/db_dependent/Utils/Datatables_Virtualshelves.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-10 13:20:31 -03:00
93366e10fb Bug 18980: Add js to dynamically show/hide the Anyone remark
If we we move from Private to Public or vice versa, this should reflect
on the Anyone remark from the first patch.
If we go back to a private list without shares, we should show it.

Handled in a js sub AdjustRemark, triggered by onchange of the category
combo or the permission combo.

Test plan:
[1] Edit a private list without shares in OPAC. Toggle category and/or
    permissions. Is the remark shown or hidden accordingly?
    Note: Include a test with OpacAllowPublicListCreation enabled.
[2] Edit a shared list or public list in staff. Toggle category/permissions.
    You should never see the remark.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-10 13:20:31 -03:00
3e5cad0f03 Bug 18980: Add remark next to "Anyone seeing this list" permission
This is a follow-up of report 18228 that simplifies the permissions for
lists. It reapplies the idea behind bug 10865 by adding a remark next to
the Anyone permission if it is not actually effective. A next patch will
make it behave dynamically.

Note: The Anyone permission is not relevant if it is a private list that
has no shares. Note that looking at the prefs OpacAllowPublicListCreation
and/or OpacAllowSharingPrivateLists is not decisive. You should look at
list permissions and shares in the database; turning off the Sharing pref
does not automatically remove all shares in the system. It only blocks
creating new shares.

We only need changes in opac-shelves.tt and virtualshelves/shelves.tt.

Test plan:
[1] Verify that you see the remark now in OPAC and staff.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-10 13:20:31 -03:00
Liz Rea
ffe659e92a Bug 18857 - Add buttons to left hand side of circ rules table
To test:
* Apply this patch
* Define some rules in the interface using the left hand buttons
* Define some rules in the interface using the right hand buttons (scroll to see)
* Delete some rules in the interface using the left hand buttons
* Delete some rules in the interface using the right hand buttons (scroll to see)
* Choose a rule to edit using the left hand buttons
* Edit the rule, saving using the left hand button
* Edit a rule, but clear the values using the left hand buttons
* Choose a rule to edit using the right hand buttons (scroll to see)
* Edit the rule, saving using the right hand buttons (scroll to see)
* Edit a rule, but clear the values using the right hand buttons (scroll to see)

Signed-off-by: Guillaume <guillaume_lair@ville-limoges.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-10 12:46:18 -03:00
fbfb6dca26 Bug 19041: (bug 17855 follow-up) Fix regression on bug 16058
From
  commit 0492fcf87f
    Bug 17855: Onboarding tool

+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
@@ -1,5 +1,3 @@
-[% USE Koha %]
-[% SET footerjs = 1 %]

+[% USE Koha %] has been re-added by
  commit 151cdcd133
    Bug 18673: News author does not display on staff client home page

But not the footerjs = 1

Test plan:
From the main page of the staff interface, delete a news item
Without this patch applied you will not get a JS confirmation message

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Trivial fix.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-08 09:20:35 -03:00
3c87b6f387 Bug 19000: Fix typo in closing p tag for items
Close the p tag and add a br tag to visually divide the two sections
Data problems and Warnings regarding system configuration.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Discovered the problem when testing a duplicate key in deleteditems.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-28 11:14:26 -03:00
a9a500e81d Bug 18966: Do not deal with duplicate issue_id on checkin
Koha suffers of big bugs due to its history: When data are deleted, they
are moved to another tables.
For instance issues and old_issues: when a checkin is done, it is moved
to the old_issues table.
That leads to a main problem that is described on
https://wiki.koha-community.org/wiki/DBMS_auto_increment_fix

However we tried first to fix the problem (for issues/old_issues) at
code level on bug 18242.
The goal was to prevent data lost.
Data lost may happens in this case:
Check an item out (issue_id = 1)
Check an item in (issue_id = 1)
Restart MySQL (reset auto increment for issue_id to 1)
Check an item out (issue_id = 1)
Check an item in => BOOM, the issue_id is a PK in old_issues and the
move fails.
Before bug 18242 the data were lost, we inserted the value into
old_issues, which fails silently (because of RaiseError set to 0 in
Koha::Database), then delete the row from issues.
That has been fixed using a transaction.

This patch introduced a regression we tried to fix on bug 18651 comment
0, the patron was charged even if the checkin was rejected.
A good way to fix that would have been to LOCK the tables:
1- Start a transaction
2- LOCK the table to make sure nobody will read id and avoid race
   conditions
3- Move the content from one table to the other, dealing with ids
4- UNLOCK the table
5- Commit the transaction
But there were problems using LOCK and DBIx::Class (See commit
905572910b - Do no LOCK/UNLOCK the table).

Finally the solution implemented is not acceptable for several reasons:
- batch checkins may fail
- issue_id will always stay out of sync (between issues and old_issues)
See 18651 comment 66.

Since the next stable releases are very soon, and we absolutely need to
fix this problem, I am suggesting to:
1- Execute the move in a transaction to avoid data lost and reject the
   checkin if we face IDs dup
=> It will only reject 1 checkin (max is 1 * MySQL restart), no need to
   deal with race conditions,
2- Display a warning on the checkin page and link to a
   solution/explanation
3- Communicate as much as we can on the proper fix: Update auto
   increment values when the DBMS is restarted -
    https://wiki.koha-community.org/wiki/DBMS_auto_increment_fix
4- Display a warning on the about page for corrupted data (see bug
   18931)
5- Write and make available a maintenance script to fix corrupted data
   (TODO LATER)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-26 13:50:57 -03:00
45ff2ef129 Bug 18931 - Follow up - Typo fix in template for holds
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-26 13:50:57 -03:00
f5988bb3d2 Bug 18931: (followup) Tidy text
Some minor style and idiomatic issues.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-26 13:50:57 -03:00
193ecb0a2b Bug 18931: Add items/deleteditems tables
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-26 13:50:56 -03:00
1d1d6ddc9d Bug 18931: Add a "data corrupted" section on the about page - MySQL AI
See the following wiki page for more information
https://wiki.koha-community.org/wiki/DBMS_auto_increment_fix

Test plan:
Create (at least) a patron, a checkout, a biblio and a hold
Then fill the old_* or deleted* tables with:
 INSERT INTO deletedborrowers SELECT * from borrowers WHERE  borrowernumber=XXX;
 INSERT INTO deletedbiblio SELECT * from biblio WHERE biblionumber=XXX;
 INSERT INTO old_issues SELECT * from issues WHERE issue_id=XXX;
 INSERT INTO old_reserves SELECT * from reserves WHERE reserve_id=XXX;

Go to the about page, 'System information' tab. You should see a new
"Data problems" section with the list of the ids that are wrong

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-26 13:50:55 -03:00
7a306d72ab Bug 18965 - branch transfer limits pagination save bug
In branch transfer limits, tables are paginated with 20 rows by default.

The bug is that datatable not only hides rows, they are not in form.
So when submitting form, rows not visible are erased.

Test plan :
Wihout patch :
- Create 22 branches, you can hack the creation form by manualling calling URL : /cgi-bin/koha/admin/branches.pl?op=add_validate&branchcode=Bxx&branchname=Bxx
- Go to Administration > Library transfer limits
- You see table first page : only 20 first rows are shown
- You see all checkboxes are checked
- Go to second page of this table
- Save
=> You see table first page with all checkboxes unchecked
With patch the is no pagination, all checkboxes are shown when you save

Signed-off-by: Axelle Clarisse <axelle.clarisse@univ-amu.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-24 13:38:14 -03:00
f87435c933 Bug 18542 - Move and style "new field" link in item search form
This patch modifies the item search page JavaScript so that the "New
field" link has a "+" icon and is always placed at the end of the last
row in that section of the form.

To test, apply the patch and open the item search form in the staff
client. In the third section there should be a "+ New field" link at the
end of the first row of fields.

Clicking the "New field" link should clone that row and move the link to
the end of the cloned row.

Behaves as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended patch: Fix indentation
2017-07-13 17:46:08 -03:00
Aleisha Amohia
58f9eded86 Bug 18917: Use font-awesome buttons for CSV profiles
To test:
1) Go to Tools -> CSV profiles
2) Notice old style of links for Edit and Delete
3) Apply patch and refresh page
4) Notice buttons for Edit and Delete
5) Confirm they work as expected

Sponsored-by: Catalyst IT

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-13 16:42:04 -03:00
Aleisha Amohia
7723ffdd13 Bug 18918: Disable CSV option if no CSV profiles exist
To test:
1) Confirm you have no MARC CSV profiles (tools -> csv profiles)
2) Go to Tools -> Export data
3) Select the CSV file format for biblios
4) Notice the CSV profile dropdown shows up but the dropdown is empty
5) Click the Export button, notice Koha breaks
6) Go back and apply the patch, refresh
7) Notice the CSV option is now disabled in the file format menu
8) If you hover over CSV, an appropriate message should show explaining
why it is disabled
9) Create a CSV profile for MARC
10) Go back to Export and you should be able to use CSV now without
problem

Sponsored-by: Catalyst IT

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-13 16:42:03 -03:00
1fc3751804 Bug 18367 - Fix untranslatable string from Bug 18264
Restore display of message when no barcode found

To test:
1 - Go to course reserves
2 - Add an item to a course
3 - Try adding an invalid barcode - should get an alert
4 - Try force adding an item with itemnumber:
    http://localhost:8081/cgi-bin/koha/course_reserves/add_items.pl?op=lookpup&course_id=11&itemnumber=1234523546
5 - Should recieve an error

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-13 16:42:03 -03:00
e21d2ac864 Bug 18667: Show a diff view of SQL reports when converting
This patch reformats the SQL conversion before-and-after view so that it
shows a diff between the two, just as the Manage MARC Import interface
does.

This patch also makes a correction to the JavaScript which is triggered
by the closing of the modal. In Bootstrap 3 "hidden.bs.modal" is the
event name instead of "hidden."

To test, apply the patch and find an SQL report in your reports library
which requires updating.

- Click the "Update SQL" button.
- In the modal window, the "existing" and "updated" SQL should be shown
  side-by-side with colored highlighting of the differece.
- Confirm that the "Update" button still works correctly.
- Also confirm that if you open the preview of another report, the
  "Close" button hides the modal and updates the contents of the modal
  markup. Use your browser's DOM inspector to confirm that <div
  class="modal-body"> contains only <div id="loading"> and its contents.

Revision moves inline style attributes to CSS block.

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-13 16:39:04 -03:00
9f9d4aa4b0 Bug 18847 - Add "Save and continue" option to notice editing
This patch adds an option to "Save and continue editing" when editing
notices. The submit button is now a split button in a floating toolbar.
The secondary action of the split button is "Save and continue editing."

To test, apply the patch and go to Tools -> Notices.

- Open any notice for editing. Verify that the toolbar looks correct and
  floats as it should when sections of the form are expanded and the
  page scrolls.
- Edit a notice and click the "Save" button. Confirm that you are
  redirected to the main Notices page and that your changes were saved.
- Edit a notice and click the "Save and continue editing" menu item.
  The page should reload with your updates in place.

Signed-off-by: NickUCKohaCon17 <nicansjr@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-13 14:39:26 -03:00
fd28b02202 Bug 12349: Show card number in detailled suggestion pages
This patch modifies the main suggestion management page to link patron
names to their details rather than with a "mailto:" link.

This patch also includes the following changes:

- A fix for Bug 18154, Show card number in suggestion details view.
- Changes for brevity to labels in the suggestion details & edit view.
- Addition of the datepicker class to date fields in the suggestion edit
  view.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 18:10:03 -03:00
Julian Maurice
2f7bad7039 Bug 18633: Remove remaining use of CGI.param in template
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 17:55:18 -03:00
Julian Maurice
a000d95a4d Bug 18633: Remove useless use of CGI TT plugin
The form is sent using AJAX so there is never a query string in
the URL (no POST parameters either)

Tested both patches together, item search behaves as before, log
entries are gone
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 17:55:18 -03:00
c73e269a13 Bug 18260: Koha::Biblio - Remove GetBiblio
C4::Biblio::GetBiblio can be replaced with Koha Biblio->find

Test plan:
Import batch, view issue history, search for items, see the image of a
bibliographic record, modify and delete records in a batch

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 13:03:38 -03:00
2c9aeb9b0f Bug 18277: Remove GetBiblionumberFromItemnumber - linkitem
Test plan:
Enable EasyAnalyticalRecords and link an item to another one (Edit >
link to host item)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 13:03:37 -03:00
6eade474ed Bug 18276: Remove GetBiblioFromItemNumber - Easy ones
The subroutine C4::Biblio::GetBiblioFromItemNumber was wrong for several
reasons:
- badly named, we can get biblio info from a barcode
- SELECT * from items, biblio and biblioitems
makes things hard to follow and debug, we never know where do come from
the value we display
- sometimes called only for trivial information such as biblionumber,
author or title

This patchset suggests to replace it with calls to:
- Koha::Items->find for item's info
- $item->biblio for biblio's info
- $item->biblio->biblioitem for biblioitem's info

Test plan:
Item's info should correctly be displayed on the following pages:
- circulation history
- transfer book
- checkin
- waiting holds

QA will check the other changes reading the code, it's trivial

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 12:22:29 -03:00
1544f9a5d4 Bug 18276: Remove GetBiblioFromItemNumber - circulation pages
Test plan:
1. Checkout items in a batch
The information displayed should be ok (title, subtitles, author,
itemnotes, barcode)
2. Checkout an item using the standard checkout page
You should correctly see the information of the item that has been
checked out (title and author)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 12:09:24 -03:00
dadfeabc37 Bug 18276: Remove GetBiblioFromItemNumber - Course reserves
Values from the items, biblio and biblioitems tables are used in the template,
so we need to pass all of them to the template, but separately.
That way we easily see which field from which table we are displaying.

Test plan:
Create a course reserve and add items.
Correct information must be displayed on the detail page of the course
reserve, on staff and OPAC interface.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 12:09:24 -03:00
Marc Véron
29a1f0fd9c Bug 18465: (followup) Fix issue with patron lists an do not use clone
This followup fixes duplex printing with patron lists.

Additionaly, it uses simple copy instead of clone and removes a
superfluous line, see comments #15 - #17

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-06 14:52:54 -03:00
Marc Véron
65c32eee8e Bug 18465 - Patron card creator: Print on duplex card printer
Card printers with duplex functionality need as input a PDF file where odd pages contain
the front side and even pages the back side of the cards.

This patch adds such functionality.

To prepare test:
- In Patron card creator > Templates, prepare a 1 up template (1 column / 1 row) that
  fits to a single card. Give it a name like 'Duplex card template'
  (Attention, Card with and Card height seem to have wrong labels, that will go
  to a separate bug).
- In Patron card creator > Layouts create a layout for the front side and one for
  the back side. Give them names to easily remember (Card front layout, Card back layout)
- Go to Patron card creator > Batches and test both layouts together with the
  1 up template. Save and keepp both test files as reference.

To test:
- Apply patch. Restart memcached and plack.
- Go to Patron card creator > Batches
- Click "Export" for a batch
- In the following screen, note the new field "Select a layout for the back side"
  with a hint what it is used for
- Leave it on 'Back side layout not used', export and compare output with test ooutput
  from preparation. It should be the same
- Select the layout you prepared for the back side.
- Export - this file should contain 2 PDF pages per patron, one first with the
  front side, second with the back side.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-06 14:52:54 -03:00
Colin Campbell
8a0ecda6c4 Bug 18830: Fix phrasing of screen message
Verb should be plural in this message

Signed-off-by: Israelex A Veleña for KohaCon17 <israelex19@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-06 14:29:05 -03:00
Marc Véron
ce176fd170 Bug 18824: Remove stray i from matching-rules.tt
The file
koha-tmpl/intranet-tmpl/prog/en/modules/admin/matching-rules.tt
contains a stray i that should not be there.
This patch removes it.

Signed-off-by: Chris Kirby <chris.kirby@ilsleypubliclibrary.org>
Applied patch.
Checked line 516. Stray i had been removed.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-06 14:29:04 -03:00
e48a5fb560 Bug 18881: [QA Follow-up] Remove even more
Removing the commented section from the template: If it does not work, it should not be here.
When it works again, put it back in.

Since @itemtypesloop is not used, remove it from the script too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-06 14:29:04 -03:00
c1112236f9 Bug 18801 - Merging authorities has an invalid 'Default' type in the merge framework selector
To test:
1 - Find two authorities and start a merge
2 - Leave the dropdown at 'Default'
3 - Merge records and note you get an error and can no longer view the
new record
4 - Check DB value of record authtypecode = 'Default'
5 - Apply patch
6 - Find two other authorities
7 - Merge leaving selector at default
8 - Success
9 - Check DB value of record authtypecode = ''

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-06 14:29:03 -03:00
a58aca056b Bug 18228: Implement the new columns in code
The two new columns as mentioned in the commit message of the table
revision must be used in the codebase now.

Highlighting some changes in Koha::VirtualShel[f|ves]:
[1] Additional methods is_public and is_private.
[2] Method add_biblio did not check permissions. Does now. No impact on the
    interface, but one call in the unit test was affected.
[3] Method remove_biblios is signficantly simplified. Removed a FIXME.
[4] Method can_biblios_be_removed now redirects to can_biblios_be_added.
    A followup report may deal with unifying those routines.
[5] Condition in get_some_shelves changed.
[6] The reference to allow_add in get_shelves_containing_record can simply
    be removed.

opac-shelves.pl and shelves.pl now pass the default setting of Owner only
to the template.
Templates shelves.tt and opac-shelves.tt now include the new permission
field with three choices as mentioned in the table revision patch.

opac-addbybiblionumber.pl and addbybiblionumber now need a check on
allow_change_from_owner; search conditions slightly adjusted to the new
permission scheme.

Test plan:
When we refer to visibility in the test plan, please check the Add to-combo
on opac search results and staff results. And check opac-addbybiblionumber
by clicking Save to Lists from opac results.
The step 'Check delete' means: open the list in opac and check if you see
the Delete button below the entries (only check, do not delete).

[ 1] Create private list I01 (perm=Owner)
[ 2] Check visibility: Seen.
[ 3] Add a book. (Change by owner should be allowed.)
[ 4] Check delete: Yes.
[ 5] Edit list I01, set perm=Nobody
[ 6] Check visibility: Not seen.
[ 7] Check delete: No.
[ 8] Share list I01 with another patron.
[ 9] Check visibility for the other patron: Not seen.
[10] Check delete for the other patron: No.
[11] Change permission of list I01 to Anyone (by owner).
[12] Check visibility for the other patron: Seen.
[13] Let other patron add a book (change is allowed).
[14] Let owner delete the same book again (change allowed).

[15] Create public list U01 (perm=Owner)
[16] Check visibility: Seen.
[17] Add a book. (Change by owner should be allowed.)
[18] Login as other user. Check visibility: Not seen. Check delete: No.
[19] Change permission of U01 to Nobody (by owner)
[20] As owner: Check visibility: Not seen. Check delete: No.
[21] As other user: Check visibility: Not seen. Check delete: No.
[22] Create public list U02 (perm=Anyone)
[23] Add a book by owner.
[24] Delete the same book by other user. Add another book.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2017-07-05 13:35:23 -03:00
Marc Véron
053fbaf926 Bug 18800: Patron card images: Add some more explanation to upload page and fix small translatabiity issue
The file
koha-tmpl/intranet-tmpl/prog/en/modules/help/patroncards/image-manage.tt
has a small translatability issue (sentence splitting by html tags).

This patch fixes it and adds a little bit more explanation about
uploading, using and replacing such images.

To test:
- Verify that text changes make sense
- Apply patch
- Go to Home > Tools > Patron card creator > Images and verify
  that the page displays properly

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-21 11:26:07 -03:00
Marc Véron
58f5a73f41 Bug 18684 - Get rid of %%] in translation for currency.tt
File add koha-tmpl/intranet-tmpl/prog/en/modules/admin/currency.tt exposes
parts of template directives due to html tags inide directives. Fix it using
the HtmlTags filter.

To verify:
- Create a translation for a language 'aa-AA
- po file aa-AA-staff-prog.po / translate.koha-community.org for 17.05 contains a line
  '%%]'%sCurrencies %s
To test:
- Apply patch on top of Bug 18665
- Recreate translation
- Verify that line above is gone
- Verify that in staff client currencies administration wors as before

Followed test plan and it worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>

Bug 18684: (followup) Move 2 closing h3 tags to end of previous lines

See comment #4

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-21 11:23:47 -03:00
7bcc226fac Bug 18582 - Hide empty rows in detailed suggestion view
This patch adds a check for the existence of various template variables
before showing the row containing that data. This will prevent the
display of rows containing labels but no data in the suggestions
detailed view.

To test, apply the patch and go to Acquisitions -> Suggestions.

View the detail page of various suggestions and confirm that only fields
with data are displaying.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-19 15:36:38 -03:00
4dd9236c6e Bug 18703 - Followup, fix typo "statment"
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2017-06-16 17:04:09 -03:00
Marc Véron
9fb5f8519f Bug 18703 - Translatability: Resolve some remaining %%] problems for staff client in 6 Files
There are some more files that expose parts of tt diretives to translations, mostly due to
line breaks inside directives.

Files covered with this Bug:

koha-tmpl/intranet-tmpl/prog/en/includes/authorities-search-results.inc
 koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
koha-tmpl/intranet-tmpl/prog/en/includes/search_indexes.inc
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/issuehistory.tt
koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
koha-tmpl/intranet-tmpl/prog/en/modules/members/members-update.tt

To test:
- Review code, verify that line breaks are removed
- Run QA tools
- Bonus test: Create a "language" aa-AA and verify that no fragments
  containign %%] are picked for the 6 files

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2017-06-16 17:04:08 -03:00
Marc Véron
3b64ebe234 Bug 18699: Get rid of %%] in translation for edi_accounts.tt
Translation for edi_accounts.tt exposes:
[%% transport_types = [ 'FTP', 'SFTP', 'FILE' ] %%]

Translators should not be confronted with such code internals.

To test:
- Review code change (it removes line breaks)
- Bonus test: Create a new translatin for "language" aa-AA and
  verify that the line no longer appears in aa-AA-staff-prog.po

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2017-06-16 17:04:08 -03:00
Marc Véron
628d8391d2 Bug 18630: Translatability (Clubs): 'Cancel' is ambiguous and leads to mistakes
The button to cancel a club enrollement is labelled with 'Cancel'. That is ambiguous and translates e.g. in German to 'Abbrechen' which can lead to
mistakes.

To test:
- Apply patch
- Enroll a patron to a club
- Enable public enrollment in OPAC
- Verify that the button to cancel enrollment in both OPAC and staff client
  reads 'Cancel enrollement' (instead of 'Cancel' without patch)
  (The button appears on the patron's detail pages in OPAC and staff client)

Amended for comment #4 / mv

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-15 15:56:00 -03:00
Marc Véron
f4c965781d Bug 11235: Names for reports and dictionary are cut off when quotes are used
To reproduce for saved reports:

- Go to Home > Reports > Guided reports wizard
- Create a report with double quotes in it's name, e.g. 'My "double quoted" report'
- Go to "Saved reports", locate in the list the new report (name is correct here,
  is correct in database as well)
- From the selection button at the right choose "Edit"
- Result: Content of edit field for the report name is truncated (displays only: 'My')

To reproduce for Reports dictionary:

- Go to Home > Reports > Guided reports wizard
- Create a new definition, give it the name 'The "double quoted" definition' and enter
  a text with double quotes for "Description"
- Save
- Verify that in the list of definitions both name and descriptions are truncated
  (in database as well)

To test:
- Apply patch
- Verify that issues described above can no longer be reproduced

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-15 15:27:46 -03:00
Katrin Fischer
d0bf036c18 Bug 13452: 'Average loan time' report to obey item-level_itypes preference
Fixes the 'Average loan time' report so that the system
preference setting item-level_itypes is taken into account.

Before the patch, the report was always using the biblio
level itemtype. With the patch, it will depend on the pref
setting.

To test:
- Run various reports, compare results with both
  possible pref settings
- Try limiting your search in various ways, especially
  on a specific itemtype
- Make sure you switch checkboxes in testing,
  using itemtype as the row or as the column

Notes:
- Filtering on a specific itemtype on master was not working
  if the itemtype was chosen as column. The patch should fix that.
- Fixes headings and breadcrumbs so that the name of the report
  is the same as on the reports start page

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-15 15:27:45 -03:00
6ae6d4bcb5 Bug 18685: (bug 18551 follow-up) Fix patron toolbar
Bug 18551 moves the way the filters are displayed and so the position of
the patron toolbar must be recalculated.

Test plan:
Edit patron's detail
open the filters, scrolldown
close the filters, scrolldown
=> The toolbar must be correctly placed

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
2017-06-14 14:36:28 -03:00
ab29b5efdc Bug 18762: Remove warnings from xt/author/valid-templates.t
Test plan:
Read the changes and make sure they make sense

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
2017-06-14 14:36:28 -03:00
1bc45a470e Bug 18752 - Automatic item modifications by age should allow 'blank' values
This patch modifies the automatic item modification by age template to
correct errors in form validation:

- Age in days should not be required
- A value should not be required in substitutions.

To test, apply the patch and clear your browser cache if necessary.

- Go to Tools -> Automatic item modification by age.
- Confirm that when editing or creating a rule the only required field
  is the substitutions field name.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-13 16:21:37 -03:00
Marc Véron
ec478e18f3 Bug 18694: Translatability: Get rid of exposing [%% FOREACH in csv/cash_register_stats.tt
Code exposed is:
%s %s %s [%%- FOREACH field IN row; field IF !loop.last; ItemTypes.GetDescription(field) IF loop.last; sep IF !loop.last; END %%] %s TOTAL [%%- FOREACH field IN total; field; sep IF !loop.last; END %%]

Similar for: csv/orders_by_budget.tt

To test:
- Apply patch
- In staff client, verify that Cash register statistics work as before
  (Home > Reports > Cash register statistics)
- Verify the same for Home > Reports > Orders by fund (triggers orders_by_budget.tt)
- Bonus test: Create a "language" aa-AA (perl translate create aa-AA
  from folder misc/translator, verify that lines mentioned above do
  no longer appear in aa-AA-staff-prog.po )
- Run QA tools (newest version with test for newlines in tt directives)

Rebased on top of Bug 18734 2017-12-06 / mv

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-12 17:56:38 -03:00
855ff0fb9a Bug 18734 - Internal server error in cash_register_stats.pl when exporting to file
To test:
Output cash reigster stats report to file
Internal server error
Apply patch
Export to file
File is generated and correctly formed

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-12 17:56:37 -03:00
a38ffe2d48 Bug 18656 - Require confirmation of deletion of files from patron record
This patch adds a JavaScript confirm to the deletion of files. It also
styles the file deletion link as a Bootstrap button.

To test, apply the patch and open the "Files" page for a patron who has
files attached.

- Verify that clicking any "delete" link prompts for a confirmation.
- Verify that confirming the dialog triggers the deletion of the correct
  file.
- Verify that canceling the confirmation dialog aborts the deletion.
- Confirm that the "Delete" button looks correct.

Signed-off-by: David Roberts <david.roberts@ptfs-europe.com>

Revision for QA: Replaced '.click(function' with '.on("click",function'

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-12 11:11:13 -03:00
6999dbafbd Bug 18648: Restore hyphen 2017-06-09 13:26:23 -03:00
6bb4a0405a Bug 18706 - Remove useless Javascript
Whe checking a subfield to be deleted, the code
  $(this).val($(this).siblings("[name='subfield']").val());
is useless, the checkbox already contains the subfield code :
  <input type="checkbox" ... name="disable_input" value="[% ite.subfield %]" />

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-09 12:21:05 -03:00
7c9273be16 Bug 18706 - subfields to delete not disabled anymore in batch item modification
In Tools > Batch item modification, one can click a checkbox to delete a subfield.
This click use to disable the input to change the field value.

This comes from the patch : Bug 13501: Move "Required" and checkbox after input/select
Because input is found using JQuery next().

This patch replaces with $(this).parent().find("[name='field_value']").

Test plan :
- Go to Tools > Batch item modification
- Enter a barcode and submit
- Click on a checkbox on a non-mandatory subfield
=> Without patch the input or select is not disabled
=> With patch the input or select is disabled
- Submit
=> Check that subfield is deleted

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-09 12:21:04 -03:00
Marc Véron
6e7c125a56 Bug 18727: System preferences loose part of values because of double quotes
System preferences do not display values of text fields properly if they
contain doulbe quotes.

To recreate:
- Go to Home > Administration > System preferences , then tab Acquisitions
- Enter values to both system preferences like proposed in the example (o=5|a="bar foo" and  o=5|a="foo bar")
- Save
- Click on tab Acquisitions to reload
- Wrong result: Both preferences show a value of: o=5|a=
  (parts with double quotes are truncated)

- Edit any of the email addresses (Bug 9814):
  KohaAdminEmailAddress, NoticeBcc, ReplytoDefault, PayPalUser
- Set value to: "The Library" <thelibrary@example.com>
- Search for this email address syspref to re-display it
- Wrong result:
  Use [     ] " autocomplete="off" /> as the email address for the
  administrator of Koha.

To test:
- Apply patch
- Try to recreate issues above
- Additionally, edit other system preferences that could contain double
  quotes, e.g. LibraryName or UsageStatsLibraryName
- Set value to: Bibliothek "Zur Leseratte"

(Note: patch contains a tiny fix for a typo in acquisitions.pref)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-09 11:52:26 -03:00
Marc Véron
f1d90f205e Bug 18689: calendar error with double quotes in title or description of holiday
This patch fixes the calendar display with holidays having double qoutes in
title or description.

To test:
- Apply patch
- Go to Home > Tools > Calendar
- Create new holidays of each type (Day only, repeated wekly/yearly,
  range, yearly repeated range and enter double qoutes in their titles and
  descriptions
- Verify that calendar displays and works as expected
- Verify that you can edit the holidays

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-09 11:50:55 -03:00
6a2ef935ac Bug 18722: Fund name is not shown in received orders fund subtotals
Test plan:
1) Go to acquisition and receive some orders
2) Show the receive summary for invoice
--> without patch, the fund name in subtotal is not shown
--> with patch the name is shown as expected

Signed-off-by: Michael Cabus <michael@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-09 11:32:48 -03:00
Mark Tompsett
eb0a67ea10 Bug 18730: Batch Mod Edit <label> HTML validation fails
[tag] [reply] [−] Description M. Tompsett 2017-06-05 16:30:21 UTC
Know the barcode of an existing item.
Home -> Tools -> Batch Item Modification
Enter the barcode
Click
View Page source
select and copy it into validator.w3.org direct input.
There will be complaints about <labels>.

Apply this patch

refresh the page.
select and copy it into validator.w3.org direct input.
There will be no complaints about <labels>.

This is intended to be a highly focused HTML bug, as the
missing form tag which will fix the <div> issues at the bottom
is corrected on bug 18710.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
2017-06-09 11:26:10 -03:00
Marc Véron
78b30baf3f Bug 18641 - Translatability: Get rid of template directives in translations for *reserves.tt files
Template directives should not be exposed in translation, but lines like the following pop up in the translation tool:
Cancel [% IF TransferWhenCancelAllWaitingHolds %]and Transfer [% END %] All

This patch fixes it.

To test:
- Apply patch
- Verify that code changes make sense
- Verify that submit buttons of pendingreserves.tt and waitingreserves.tt
  still work and display the same string as before

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 18641: (RM-followup) for waitingreserves.tt

Code changed for waitingreserves.tt as asked for in comment #7

Bug 18641: Followup for pendingreserves.tt (less %s)

Change as of comment #13 to reduce %s

After creating a new translation for a "language" aa-AA, we have
the following in the file aa-AA-staff-prog.po

msgid ""
"(Inclusive, default is %s days ago to %s days ahead. Set other date ranges "
"as needed.)"
msgstr ""

msgid ""
"(Inclusive, default is %s days ago to today. Set other date ranges as "
"needed.)"
msgstr ""

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-09 10:03:55 -03:00
023b0890a2 Bug 18648: Fix syntax 'unexpected end of input' 2017-06-06 11:07:31 -03:00
Marc Véron
dd9da3e8f6 Bug 18675: Translatability: Get rid of [%% in translation for csv-profiles.tt
Translation tool for file csv-profiles.tt picks following line:
%s [%% IF csv_profile.encoding == encoding OR NOT csv_profile AND encoding == 'utf8' %%]
It is is due to a line break inside a template directive. This patch removes it.

To test:
- Verify that code change makes sense
- Apply patch
- Verify that csv exports behave as before

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:47:23 -03:00
Marc Véron
880c2e19c3 Bug 18681 - (followup) Remove on more [%% in translation for about.tt
Test plan same as in previous patch
Run QA tools in newest version (test for line breaks in tt directives)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:47:23 -03:00
Marc Véron
1c8c84f4be Bug 18681: Translatability: Get rid of [%% in translation for about.tt
Translation tool picks a line
%s [%% IF warnPrefBiblioAddsAuthorities || warnPrefEasyAnalyticalRecords ||
...due to a line break inside a template directive.
This patch fixes it.

To test:
- Update QA tools
  (see https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18675#c2)
- Verify that code change makes sense
- Apply patch
- Run QA tools

Followed test plan and everything was as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:47:23 -03:00
Marc Véron
c572691377 Bug 18695: Translatability: Get rid of [%% INCLUDE in translation for circulation.tt
The file circ/circulation.tt exposes the following line to translation:
%s %s [%% INCLUDE 'blocked-fines.inc' fines = chargesamount %%] %s %s
Translators should not be confronted with code internals.

This patch fixes it by removing a line break.

To test:
- Verify that code change makes sense
- Run QA tools in newest version (check for line breaks in tt directives)
- Bonus test: Create a "language" aa-AA (perl translate create aa-AA
  from folder misc/translator, verify that line mentioned above do
  no longer appear in aa-AA-staff-prog.po )

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:47:23 -03:00
Marc Véron
0ee3249438 Bug 18693: Translatability: Get rid of exposing a [%% FOREACH loop in translation for branch-selector.inc
The file branch-selector.inc exposes the following line to translation
(due to newlines insied a tt directive):
%s %s [%% FOREACH branch IN branches; IF branch.selected; selectall = 0; END; END %%]

Additionally, export.tt exposes the following line to translation:
[%% INCLUDE 'branch-selector.inc' branches = libraries %%]

To test:
- Apply patch
- In Staff client, go to Home > Tools > Export data
- Verify that library selection behaves as before
- Bonus test: Create a "language" aa-AA (perl translate create aa-AA
  from folder misc/translator, verify that lines mentioned above do
  no longer appear in aa-AA-staff-prog.po
- Run QA tools (newest version with test for newlines in tt directives)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:47:22 -03:00
Marc Véron
5a30dea05b Bug 18644: Translatability: Get rid of pure template directives in translation for memberentrygen.tt
Translation for memberentrygen.tt exposes a lot of template directives
like the following:
[% UNLESS opduplicate %][% othernames | html %][% END %]
Translators should not be confronted with such code internals.

To test:
- Review code changes
- Verify that creating / editing patrons works as before
- Bonus test: Create a "language" aa-AA (perl translate create aa-AA
  from folder misc/translator, verify that lines like mentioned above
  do no longer appear in aa-AA-staff-prog.po

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:36:14 -03:00
Marc Véron
1a023a670c Bug 18701: Translatability: Get rid of exposed tt directives in matching-rules.tt
Translation for file matching-rules.tt exposes a lot of template directives.

Translators should not be confronted with internal code like the following:

[%% PROCESS norms_select selected_norm=\"none\" id=\"mc_1_src_c_1_n_1_norm\" "name=\"mc_1_src_c_1_n_1_norm\" %%]

To test:
- Apply patch
- Verify that code changes make sense (removes line breaks in directives)
- Run QA tools in newset version (tests for line breaks in tt)
- Bonus test: create a new translation e.g. fpr language 'aa-AA', verify
  that such lines no longer appear in po/aa-AA-staff-prog.po
  (for matching-rules.tt)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:35:38 -03:00
Marc Véron
17fd5a4ffb Bug 18702: Translatability: Get rid of exposed if statement in tt for translated onboardingstep2.tt
The file onboardingstep2.tt exposes the following to translations:

"[%% IF (categories && categories.count > 1 ) # This if statement checks if "
"the categories variable handed to this template # by onboarding.pl has data "
"in it. If the categories variable does have data # in it this means that the "
"user has previously imported sample patron category # data and so we do not "
"need to show them the create patron category screen 1, #instead we can "
"display a screen with ubtton redirecting the user to step 3 %%] "

Translators should not be confronted with such internals. This patch removes it

To test:
- Verify that code change makes sense
- Run QA tools
- Bonus test: Create a new "language" aa-AA and verify that the lines above
  are no longer exposed.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:35:23 -03:00
Marc Véron
00d3a883b5 Bug 18648: Translatability: Get rid of tt directives in translation for macles.tt
koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/value_builder/macles.tt contains
template directives inside a div tag:
<span title="[% FOREACH lib IN cell.libs %][% lib.lib |html %] - [% END %]">
This is exposed in translation tool.

To test:
- Carefully examine code changes
- Apply patch, verify that the directive is no longer exposed (picked for
  po files), e.g. by creating a new "language" aa-AA and examing aa-AA-staff-prog.po
- If you know where / how this macles is used, verify that it behaves as before

(Note: New patch, needs new sign off)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:35:09 -03:00
Marc Véron
16307c4034 Bug 13747: Fix problems with frequency descriptions containing quotes
If a serial frequency description contains quotes or is surrounded by
quotes, the description is empty ("TEST" > empty) or shown without the
quotes part (TEST "sth" > TEST) on editing the frequency.

To verify:
- Create a new frequency with description: "Test"
- Modify frequency
- Verify the description field is empty

To test:
- Apply patch
- Try to recreate, verify that the description field is
  correctly filled when editing
- Test also with a name like: 'A "souble quoted" name'

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 16:34:26 -03:00
273659cc03 Bug 8612: [QA Follow-up] Remove two newlines from template output
When using the Default profile from the basket form, the resulting csv
file has an additional newline after the headers and at the end.
This patch removes them.
Unit test adjusted accordingly.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 12:02:08 -03:00
7457f278af Bug 8612: [Follow-up] Make usage and type different columns in table
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 12:02:08 -03:00
Blou
3c83e11786 Bug 8612: Use CSV profile for exporting basket
This patch allows the user to use a CSV export profile to create the fields to export the basket as CSV in a basket page.

Test plan:
1) Apply the patch
2) Go to Tools › CSV export profiles and create a profile of type "SQL for basket export in acquisition"
  example:
  biblionumber=biblio.biblionumber|auteur=biblio.author|titre=biblio.title|date=biblioitems.copyrightdate|editeur=biblioitems.publishercode|isbn=biblioitems.isbn|quantite=aqorders.quantity|prix=aqorders.rrp|panier=aqorders.basketno
3) In acquisition module, create a new basket and add an order to the basket
4) On basket detail page, there should be the split button labelled "Export to CSV"
5) Try to use the button and export CSV with your CSV profile you defined in step 2
6) Validate the CSV file.
7) Repeat 4-6 with a closed basket.
    a) close the basket
    b) View the basket
    c) validate that there is an export button
    d) test it with an export
8) prove t/db_dependent/Acquisition/GetBasketAsCSV.t t/db_dependent/Koha/CsvProfiles.t

Initial work:

Sponsored by: CCSR

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: mehdi <mehdi.hamidi@inlibro.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 12:02:08 -03:00
fbade9e587 Bug 18430 - Plugins page should have a link to viewing other types
To test:
Go to the plugins page from
Reports->Report plugins
Tools->Tool plugins
Admin->Manage plugins

Ensure that you have a 'View plugins by class button'

Ensure the button does what you would expect

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:59:26 -03:00
db3ebe47e8 Bug 17944 - Add Koha::ItemType->can_be_deleted and use it from admin/itemtypes.pl
Removed the sql code from Itemtypes.pm and replaced  it with DBIx
database query in the itemtypes.pl administrative script

Test plan:
1. In the staff interface, stage and manage MARC records for import

2. Try to delete an itemtype. If there are items of that itemtype in the
   database then a message telling you the number of items of that
   itemtype there are will be displayed.

3. Record that number

4. View the admin/itemtpes.pl script and confirm that there is sql code
   written in this file.

5. Apply this patch

6. View the admin/itemtypes.pl script and observe that there is no sql
   in this file. There is however DBIx code, for example
   $schema->resultset('Item')->search({ 'itype' => $itemtype_code} );
   which is searching for items with the itype value matching
   $itemtype_code value.

7. In the staff interface try to delete the same itemtype

8. Record the number of items there are with that itemtype in the
   resulting message

9. The numbers recorded in steps 3 and 8 should match showing that the
   DBIx code is working as intended

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:59:10 -03:00
Katrin Fischer
cbb5096934 Bug 11122: Follow up - Fix some display issues and typos
This patch fixes the display of copyrightdate for MARC21 installations.
As MARC21 already requires you to add punctuation in cataloguing, there
is usually no need for punctutation in the templates.

Also fixes a template variable name typo and the basket summary page.

To test (all 3 patches):
- Add several order lines to an order, one should be uncertain
- Verify that the publisher and publication year are displayed
- Check the uncertain price page
- Verify that the publisher code and publication year are displayed
- Fix uncertain price and close your order
- Basket summary: Verify... (you know what)
- Cancel one of your orders
- Verify... for cancelled orders
- Receive shipment
- Verify... for unreceived orders
- Receive order
- Verify ... for received orders
- Finish receiving
- Verify ... on the invoice summary page

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:48:16 -03:00
Mark Tompsett
c470b3e384 Bug 11122: Address MARC21 vs. UNIMARC issue
In comment #6 and comment #17, Katrin pointed out the discrepancy
between UNIMARC (using publisheryear) vs. Other MARC installations
(using copyrightdate). This was dealt with in invoice.tt already.
This patch does similar logic for the other 3 template files.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:48:16 -03:00
Fridolyn SOMERS
c59e395b74 Bug 11122 - publisher code and publication year not fetched in acq orders
In acquisition, several templates try to display publisher code and publication year : invoice.tt, parcel.tt, transferorder.tt.
Thoses pages use C4::Acquisition methods GetPendingOrders or GetInvoiceDetails.
The bug is that in the SQL query of those methods, biblioitems.publishercode and biblioitems.publicationyear.
In uncertainprice.pl those datas are fetch using GetBiblioData.
It whould be better to fetch them in GetPendingOrders and GetInvoiceDetails.

This patch changes SQL queries to fetch wanted datas : aqorders.*,biblio.title,biblio.author,biblioitems.isbn,biblioitems.publishercode,biblioitems.publicationyear. GetInvoiceDetails also needs : biblio.seriestitle,biblioitems.volume.
This patch also unifies the way biblio datas are displayed :
  <a href="link to catalog using biblionumber">[title]</a> <em>by</em> [author] &ndash; [isbn]
  <em>Publisher:</em> [publishercode], [publicationyear]

Test plan :
- Choose a biblio record containing a data in :
    biblio.title,
    biblio.author,
    biblioitems.isbn,
    biblioitems.publishercode,
    biblioitems.publicationyear,
    biblio.seriestitle,
    biblioitems.volume.
- Create an order using this biblio.
- Look at this order in pages : parcel.pl, transferorder.pl, uncertainprice.pl
=> You see publisher code and publication year
- Look at this order in page : invoice.pl
=> You see publisher code, publication year, series title and volume

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:48:16 -03:00
Colin Campbell
60b31a7a22 Bug 18700 Fix grammar (data cannot be pluralized)
data is a mass noun or plural of datum - datas is ungrammatical
and jarring for a native speaker.
Split the awkward sounding sentence into two for more clarity,
thanks to Marc Véron for the suggestion.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:46:58 -03:00
Marc Véron
151cdcd133 Bug 18673: News author does not display on staff client home page
News authors do not display on staff client homepage, independently of
syspref 'NewsAuthorDisplay'. This patch fixes the issue.

To verify:
- Create news with display location 'All'
- Set syspref NewsAuthorDisplay to 'Staff client only' or 'Both OPAC and staff client'
- Go to staff client
- Verify that news author does not appear (but it should)

To test:
- Applly patch
- Verify that news author is displayed as expected

Followed test plan works as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:45:57 -03:00
Marc Véron
cc91ce5997 Bug 18643: Remove dead code in reports/statistics 'Till reconciliation'
File koha-tmpl/intranet-tmpl/prog/en/modules/reports/reports-home.tt contains a link to /cgi-bin/koha/reports/stats.screen.pl with label 'Till reconciliation' that is commented out since years.
Remove this link and the related files:
cgi-bin/koha/reports/stats.screen.pl
koha-tmpl/intranet-tmpl/prog/en/modules/reports/stats_screen.tt

To test:
- Apply patch
- Verify that Koha > Reports still display the same
- Verify that two files stats.screen.pl and stats_screen.tt are gone and thet they are not used
  anywhere in the Koha codebase

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:43:53 -03:00
8e7718ee65 Bug 18279: Remove C4::Items::GetLostItems
The JOIN done by this subroutine are not always useful (depending on
item-level_itypes). They also search with LIKE when it is not needed.

Since we have now Koha::Items, we can replace this subroutine with a
call to Koha::Items->search with the correct parameters.

A change in previous behaviours can happen: If a items.itemlost contains
a value that is not defined as a LOST authorised value, the item will
not be displayed. I think it's the expected behaviour, even if it should
not happen in correctly configured installations.

Test plan:
To test with item-level_itypes set to item and biblio:
List the lost items you have on your system, using the different
filters available.
The result table should contain the correct item's info.

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:43:26 -03:00
c762cd827e Bug 18598 - Quick add form doesn't clear values when switching
To test:
1 - Fill out some fields in quick add
2 - Switch to full form and clear fields
3 - Switch back and fields are still populated
4 - Fill a field in long form
5 - Switch to quick add and clear it
6 - Save
7 - Value set in 4 is saved
8 - Apply patch
9 - Repeat 1-6 - values should be cleared and not saved

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-20 14:02:53 +00:00
3e5dbef9ef Bug 18596 - Quick add form duplicating password confirm
To test:
1 - Add password to BorrowerMandatoryField
2 - View quick add form
3 - See confirm password twice
4 - Apply patch
5 - See confirm password once
6 - Add password to QuickAddFields
7 - Confirm one confirm field
8 - Remove password form BorrowerMandatory field
9 - Confirm there is one confirm field and password fields are not
required

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-20 14:01:54 +00:00
1882805533 Bug 17898: Followup - udpate templates for bootstrap 3
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-19 18:48:26 +00:00
f22d2e7200 Bug 17898: Automagically convert SQL reports
Bug 17196 move the marcxml out of the biblioitems table.
That will break SQL reports using it.
It would be handy to propose an automagically way to convert the SQL
reports.

We do not want to update the reports automatically without user inputs,
it will be too hasardous.
However we can lead the user to convert them.

In this patchset I suggest to warn the user if a report is subject to be
updated.

TODO: Add a way to mark this job done (using a pref?) to remove the
check and not to display false positives.

Test plan:
- Create some SQL reports (see https://wiki.koha-community.org/wiki/SQL_Reports_Library)
- Go on the report list page (/reports/guided_reports.pl?phase=Use saved)
- For the reports using biblioitems.marcxml you will see a new column
warning you that it is obsolete
- Click on update link
=> that will open a modal with the converted SQL query
- Click on the update button
=> you will be informed that the query has been updated

If all the reports are updated, the new column "Update" will no longer
be displayed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-19 18:48:26 +00:00
9719284622 Bug 18551: followup - hide advanced filters in header, move hidding to css file
Test plan:
The same as first patch, but also with advanced search form in header hidden
on page load - see comment 4

Issue with advanced search form is gone.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Philippe <philippe.audet-fortin@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-19 10:49:53 -04:00
5cc536c68b Bug 18551 - Hide with CSS dynamic elements in member search
In member search page, the result table is in Ajax so fully managed by Javascript. There is also a yellow dialog message prepared in HTML.

Thoses elements are hidden by JS code : ie $("#patron_list_dialog").hide().

The problem is that the static page is first loaded an displayed then the JS code runs an hides the elements.
On a low performance computer, this action is visible and looks like there is a blinking yellow message.

I propose to hide with CSS so that thoses elements are not displayed in static page and are there shown in dynamic JS code.

Test plan :
Check display is unchanged :
- Go to home page /cgi-bin/koha/members/members-home.pl
- Perform patron search from header search box
- Perform patron search by clicking on a letter
- Perform patron search from filters (left of results table)
- Select a patron and add it to a list => you see the yellow message

Yellow message does no longer appear with this patch.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Philippe <philippe.audet-fortin@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-19 10:49:53 -04:00
48c87a19a6 Bug 18597 - Quick add form does not transfer patron attributes values when switching forms/saving
The function that switches between quick add/fulll form assumes labels
are followed by values - patron_attr don't follow this pattern. This
patch just moves the hidden input field

To test:
1 - Have some patron attributes (with/without auth values set)
2 - Add them to QuickAddFields (patron_attr2 for example)
3 - view quick add form and set some values
4 - Switch to full form, values not transferred
5 - Switch to quick add, view values, save
6 - Values are not saved :-(
7 - Apply patch
8 - Repeat 3 - 5
9 - Values are transferred and saved :-)

Signed-off-by: Peggy Thrasher <p.thrasher@dover.nh.gov>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-19 10:37:05 -04:00
90575b64d5 Bug 18534 - When IndependentBranches is enabled the pickup location displayed incorrectly on request.pl
To recreate:
1 - Place a hold for pickup at Midway
2 - Enable independentbranches
3 - Login to staff interface as admin without superlibrarian status from
a different branch
4 - View the holds for the title you placed a hold on
5 - The hold placed in step 1 should show a dropdown with current branch
as pickup location, current branch is the only in that dropdown
6 - Verify it displays correctly for superlibrarian
7 - Apply patch
8 - The correct pickup location should show and not be editable
9 - Verify it is a dropdown

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-19 10:33:19 -04:00
bbef5c4c3a Bug 18438 - Implemented data-dismiss="modal" in returns.tt so that any warning messages hidden by a hold modal are displayed after it is dismissed
Test plan:
1. Check out an item to one patron whilst having that item also being on
hold to another patron

2. Check the item back in

3. Notice a modal box appears greying out the background with three
buttons 'Confirm hold', 'Print and confirm' and 'Ignore'. Click confirm
and notice that the page refreshes and no yellow warning messages are
able to be displayed

4. Now that you have checked the item in. Try checking it in a second
time by clicking on the Checkin tab and writing in the barcode.

5. The modal box will appear again, this time with three buttons
'Confirm', 'Print and confirm' and 'Cancel hold'

6. Click the 'Confirm' button and the page refreshes again and the
yellow warning message hidden by the modal box is not properly displayed
to the user. Notice that the focus is on the barcode input box.

7. Apply patch

8. Try checking in the item again, and this time after clicking the
'confirm' button on the modal box notice that the yellow warning message
is displayed telling the user the item was "Not checked out". Also
notice the focus is in the barcode inputbox.

9. Drop the hold on the item and make sure it is not checked out.

10. Repeat steps 1 and 2 and notice after clicking the 'Confirm hold'
button the page refreshes and the item is successfully checked back in.
With the focus on the barcode input.

11. View koha-tmpl/intranet-tmpl/prog/en/modules/circ/returns.tt and
notice that the button on line 345 does not use an onclick parameter

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended-patch: remove spaces

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-19 10:19:36 -04:00
af89df12e7 Bug 14399: Results form also needs a few interface changes
Currently, the value of compareinv2barcd is used to determine if the
Seen column, the Select/Clear all buttons and the Mark seen buttons are
displayed. But if we scanned barcodes, we already marked items as seen.
So we should only display these buttons when we did not upload barcodes.

Test plan:
[1] Upload a barcode file. Check that the result form does not show
    the buttons.
[2] Generate an inventory list, so do not upload a barcode file. Verify
    that you still see the buttons.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-10 16:23:56 +00:00
35b73aa3c6 Bug 14399: Interface changes
A part of the confusion around the inventory script may arise from the
fact that the form offers several options that are only used under
certain conditions. This patch hopefully rearranges a few options more
logically and only offers options when appropriate.

The barcode fieldset now also contains Compare barcodes and Do not check in
checkboxes. These are meaningful when a barcode file is uploaded.

The fieldset Item location filters (new name) contains fields that are
always used. Same for tne only control left under Additional options,
Export to CSV.

The fieldset Optional filters depends on the status of the barcode file
and the Compare checkbox. It is now shown or hidden depending on what
you select: if you do not upload a file, it is shown; or if you upload
a file and check Compare, it is shown. Otherwise we hide it, since the
script will not look at these values. Under this fieldset last inventory
date and Skip items on loan are added, since their behavior is the same
as the various item statuses.

Test plan:
In this test plan we test both the script changes from the previous patch
and the interface changes here. We follow the three main scenario's as
mentioned in the previous patch.

[1] First we prepare a few test items.
    Pick two biblios A, B and create five items say A1,A2,B1,B2,B3.
    Pick a not-existing callnumber range you want to test and move these
    five items there. Add barcodes too (say A1..B3).
    Edit one item A1 to a not-existing notforloan status (doing this on
    the mysql command line is fastest).
    Like: update items set notforloan = '9' where barcode='A1';
    Now simulate that we did not add/edit these items today:
    update items set datelastseen='2017-01-01' where barcode in ('A1','A2','B1','B2','B3');
    Note: We need this when comparing with last inventory date in the last
    scenario.

Scenario 1 (no barcodes uploaded)
[2] Enter the callnumber range on inventory form.
    Verify that "Set inventory date", Compare barcodes and "Do not check
    in" are disabled on the form. Check that you see the Optional filters
    box.
    Submit the form. Verify that you see all five items.
    Do the same. Check Export to CSV. Check result file contents.

Scenario 2 (upload barcodes, do not compare)
[3] Create a barcode file with the barcodes of A1, A2 and B1. Add another
    existing barcode outside the test callnumber range.
    After uploading this file, verify that "Set inventory date", Compare and
    "Do not check in" are enabled. The Optional filters should be hidden.
    Leave "Set inventory date" to today. Enter the callnumber range again.
    Submit the form.
    What do we expect? Four items should have been updated (alert). We
    should see barcode A1 with problem Unknown status. We should see
    also the barcode from the other range (Found in wrong place).
    Repeat this step with the same file. But now export to CSV. Verify that
    you see two barcodes with problems again in the csv file.

Scenario 3 (upload barcodes, compare)
[4] Create another barcode file with barcodes of B2 and one existing barcode
    outside the test callnumber range.
    After uploading this file, check the Compare checkbox. Verify now that
    the Optional filters box is displayed again.
    Leave "Set inventory date" to today. Enter the callnumber range again.
    Also set "Last inventory date" to today (important!).
    Submit the form.
    What do we expect now? Two items should be updated (see alert).
    We should see barcode B3 with problem Missing. We should also see the
    barcode from the other range (wrong place).

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-10 16:23:55 +00:00
6da97c7c87 Bug 14399: Numerous small refinements to the inventory script
This patch contains the following changes:

[01] Label "Inventory date" reworded to "Last inventory date", adding a
small explanation for its purpose.
[02] Restructured the results: it was an array with items and possible
error messages. Multiple messages duplicated individual items. Now the
results are in a hash, pulling all error messages for one item together.
At the end of the script they are copied to an array. (A helper sub
additemtoresults is added in this regard.) We no longer use array
@items_with_problems.
[03] Both datepickers are no longer connected to the same class. This
prevents changing the set date by filling the last inventory date.
[04] Input markseen in the template and $markseen in the script are
no longer needed.
[05] The paragraph before the detail link in the results table in the
Title column has been removed. Same for problems column. This makes
vertical spacing consistent.
[06] Problem status 'missingitem' is no longer used; the missing items
are marked as 'not_scanned'. Two additional statuses are: no_barcode and
checkedout.
[07] Removed unused $itemtype, $totalrecords and $count. We use variable
$moddatecount to report a count to the template.
[08] The script updated scanned items twice. The first time with ModItem
and the second time with ModDateLastSeen. The second call is removed.
[09] If a book is checked in, we do no longer return an error message when
the checkin is successful (ERR_ONLOAN_RET). The updated datelastseen is
passed to the results.
[10] $wrongplacelist is renamed to $rightplacelist. It is only built when
we need it. (Same for inventorylist now.)
[11] Datelastseen (last inventory date) is always used for building the
inventory list. It allows you to process partial barcode lists or make
a list of items not seen after some date. We do no longer use variable
$paramdatelastseen.
[12] The section where items.datelastseen was compared with the inventory
date has been removed. Scanned items were already updated; to get items
seen before some date, you can now use last inventory date without passing
barcodes.

The form can mainly be used for the following three cases:
[1] Prepare an inventory list or csv file; we do not upload barcodes.
[2] Update items for uploaded barcodes without comparing to inventory.
    Last inventory date is useless in this case.
    Errors wrongplace, checkedout and changestatus are reported.
    Use this scenario for partial scanned barcode lists (all but last).
[3] Update items for uploaded barcodes and compare to inventory, filtered
    by an optional last inventory date.
    Apart from the errors mentioned under [2], this also reports
    not_scanned ("missing") and no_barcode.
    Use this scenario too for the last partial barcode file (together with
    inventory date).

Test plan:
See next patch ("Interface changes").

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-10 16:23:55 +00:00
1f77e2aa35 Bug 18314 (QA Followup) Use OpacBaseURL for password reset link
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 10:59:10 -04:00
70dac35136 Bug 18314: Add link to 'reset your password' from staff
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 10:59:05 -04:00
cfc484b173 Bug 18314: Account lockout
To prevent brute force attacks on Koha accounts, staff and opac, we need to
implement an account lockout process to Koha.

After a number of failed login attempts a users account would become locked.
The user would then need to use the reset password functionality to send a reset
token to their email account. After a successful password reset the lockout flag
would be removed.

The number of failed login attempts before lockout is configurable using a new
system preference 'FailedLoginAttempts'.

How does it work?
When a patron enter an invalid password, the borrowers.login_attempts value
for this patron is incremented. When this value reach the value of the
pref FailedLoginAttempts, the password comparison is not done and the
authentication is rejected.
This login_attempts field is reset when a patron correctly logs in. When
the account is locked the patron has to reset his/her password using
the OpacResetPassword feature or ask a staff member to generate a new
password.
If the pref is not set (0, or '') the feature is considered as disabled,
but the failed login attempts are stored anyway.

Test plan:
0/ Apply patch and execute the update DB entry
1/ Switch on the feature by setting FailedLoginAttempts to 3
2/ Use an invalid password to login at the staff or OPAC interface
3/ After the third consecutive failures, you will be asked to reset your
password if OpacResetPassword is set, or contact a staff member
4/ Switch on OpacResetPassword and reset your password
5/ Confirm that you are able to login
6/ Play with the different combinations

QA details: The trick happens in C4::Auth::checkpw, to make things clear
I had to create a return value (note the awesome name: @return) and
replace the 3 successives if statements with elsif. Indeed if one of
the condition is reached, it will return inside the given block.

Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 10:58:44 -04:00
1e9f3e721d Bug 18314: Add pref FailedLoginAttempts and columns borrowers.login_attempts
And of course deletedborrowers.login_attempts

Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-12 10:58:35 -04:00
Aleisha Amohia
23a2cd5214 Bug 17465: NumSavedReports syspref
To test:
1) Apply patch and update database
2) Go to system preferences. Default value should be 20 reports.
3) Go to Reports -> Use saved. Confirm 20 results are showing
4) Change value in syspref to any integer (i.e. 50)
5) Go back to Reports -> Use saved. Confirm the number of results shown
is based on the value in the syspref.

Sponsored-by: Catalyst IT

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:17:53 +00:00
61f26926aa Bug 15582: Fix grammar in syspref description
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Janet McGowan <janet.mcgowan@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:05:29 +00:00
d08a0bc685 Bug 15582: Ability to block auto renewals if OPACFineNoRenewals is reached
If a patron owes more than the OPACFineNoRenewals value, the issue won't
be auto renewed anymore (driven by the new pref OPACFineNoRenewalsBlockAutoRenew).

Test plan:
Note: You will have to manually change data in your DB, make sure you
have access to the sql cli.
1/ Set the OPACFineNoRenewals to 5 (for instance)
2/ Set OPACFineNoRenewalsBlockAutoRenew to block
3/ Check an item out to a patron and mark is as an auto renewal
4/ Make sure the patron does not have any fees or charges.
5/ Execute the automatic renewals cronjob script (misc/cronjobs/automatic_renewals.pl)
Confirm that the issue has been renewed
6/ Create an invoice for this patron with a amount > OPACFineNoRenewals (6
for instance)
7/ Execute the automatic renewals cronjob script (misc/cronjobs/automatic_renewals.pl)
Confirm that the issue has not been renewed.
8/ Set OPACFineNoRenewalsBlockAutoRenew to allow
9/ Execute the automatic renewals cronjob script (misc/cronjobs/automatic_renewals.pl)
Confirm that the issue has been renewed

Sponsored-by: University of the Arts London
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Janet McGowan <janet.mcgowan@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:05:29 +00:00
8924f1e236 Bug 15582: DB changes - add new pref OPACFineNoRenewalsBlockAutoRenew
Sponsored-by: University of the Arts London
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Janet McGowan <janet.mcgowan@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:05:28 +00:00
4e31223aa0 Bug 18554: Adjust a few typos including responsability
typo responsability
typo defautl in authorities.pref
typo reveived in t/db_dependent/Acquisition.t
typo ;; in advance_notices.pl
typo Stopping in restart_indexer (koha-indexer)
typo instutitional in moremember.pl
typo Corretly (Biblio.t)
typo periodicy in help serials

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 21:03:22 +00:00
e76db7e180 Bug 17762: Fix sql fields insertion
The "Insert ->" buttons used to copy the sql field to the textarea was
based on the id of the fieldset.
This id has to be unique to work as expected. It is now composed of mtt
+ lang instead of mtt only

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 20:56:42 +00:00
c99fc9d7c2 Bug 17762: Update the letter form interface
If the pref is on, the notice template will be translatable in different
languages

Sponsored-by: Orex Digital

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-05-09 20:56:41 +00:00