It has been reported that
/cgi-bin/koha/opac-shelves.pl?op=edit&referer=view&shelfnumber=146&owner=4&shelfname=testX&sortfield=titleaaaaaa\`&category=1
Could lead to SQL injection
Actually it explodes because the generated SQL query is not correctly formated.
However it would be good to limit the possible values for sortfield.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Class method getCategories has no strict binding to Upload.pm. While
Upload.pm is now restricted to the actual uploading process with CGI
hook, this routine fits better in the UploadedFile package.
Class method httpheaders can be moved as well for the same reason. Note
that it actually is an instance method. The parameter $name is dropped.
Test plan:
[1] Run t/db_dependent/Upload.t.
[2] Check the categories in the combo box of tools/upload.
[3] Check a download via tools/upload and opac-retrieve-file.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The get routine actually returns records from uploaded_files. It should be
possible to replace its calls by direct calls of Koha::UploadedFiles.
This patch is the crux of this patch set. It deals with all scripts that
use Koha::Upload.
In the process we do:
[1] Add a file_handle method to Koha::UploadedFile. This was previously
arranged via the fh parameter of get.
[2] Add a full_path method to UploadedFile. Previously returned in the
path hash key of get. (Name is replaced by filename.)
[3] Add a search_term method too (implementing get({ term => .. }).
This logic came from _lookup.
[4] Add a keep_file parameter to delete method. Only used in test now.
Test plan:
[1] Run t/db_dependent/Upload.t
[2] Go to Tools/Upload. Add an upload, download and delete.
[3] Add another public upload , search for it.
Use the hashvalue to download via opac with URL:
cgi-bin/koha/opac-retrieve-file.pl?id=[hashvalue]
[4] Go to Tools/Stage MARC for import. Import a marc file.
[5] Go to Tools/Upload local cover image. Import an image file.
Enable OPACLocalCoverImages to see result.
[6] Test uploading a offline circulation file:
Enable AllowOfflineCirculation, and create a koc file (plain text):
Line1: Version=1.0\tA=1\tB=2
Line2: 2016-11-23 16:00:00 345\treturn\t[barcode]
Note: Replace tabs and barcode. The number of tabs is essential!
Checkout the item with your barcode.
Go to Circulation/Offline circulation file upload.
Upload and click Apply directly.
Checkout again. Repeat Offline circulation file upload.
Now click Add to offline circulation queue.
[7] Connect the upload plugin to field 856$u.
Enable HTML5MediaEnabled.
Upload a webm file via the plugin. Click Choose to save the URL,
and put 'video/webm' into 856$q. Save the biblio record.
Check if you see the media tab with player on staff detail.
(See also: Bug 17673 about empty OPACBaseURL.)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Two discussions on koha-devel lead to the same conclusion:
biblioitems.marcxml should be moved out this table
- biblio and biblioitems
http://lists.koha-community.org/pipermail/koha-devel/2013-April/039239.html
- biblioitems.marcxml & biblioitems.marc / HUGE performance issue !
http://lists.koha-community.org/pipermail/koha-devel/2016-July/042821.html
There are several goals to do it:
- Performance
As Paul Poulain wrote, a simple query like
SELECT publicationyear, count(publicationyear) FROM biblioitems GROUP BY publicationyear;
takes more than 10min on a DB with more than 1M bibliographic records
but only 3sec (!) on the same DB without the biblioitems.marcxml field
Note that priori to this patch set, the biblioitems.marcxml was not
retrieved systematically, but was, at least, in
C4::Acquisition::GetOrdersByBiblionumber and C4::Acquisition::GetOrders
- Flexibility
Storing the marcxml in a specific table would allow use to store several
kind of metadata (USMARC, MARCXML, MIJ, etc.) and different formats (marcflavour)
- Clean code
It would be a first step toward Koha::MetadataRecord for bibliographic
records (not done in this patch set).
Test plan:
- Update the DBIC Schema
- Add / Edit / Delete / Import / Export bibliographic records
- Add items
- Reindex records using ES
- Confirm that the following scripts still work:
* misc/cronjobs/delete_records_via_leader.pl
* misc/migration_tools/build_oai_sets.pl
- Look at the reading history at the OPAC (opac-readingrecord.pl)
- At the OPAC, click on a tag, you must see the result
Note: Changes in Koha/OAI/Server/ListRecords.pm is planned on bug 15108.
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Zeno Tajoli <z.tajoli@cineca.it>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Persona never really took off, and although many browsers currently
support it, very few services actually implement it.
This has lead to it's founders, Mozilla, to end the project. In their
own words:
=============================================================================
Persona is no longer actively developed by Mozilla. Mozilla has
committed to operational and security support of the persona.org
services until November 30th, 2016.
On November 30th, 2016, Mozilla will shut down the persona.org services.
Persona.org and related domains will be taken offline.
If you run a website that relies on Persona, you need to implement an
alternative login solution for your users before this date.
For more information, see this guide to migrating your site away from
Persona:
https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers
=============================================================================
Given the above, and that the Persona authentication methods as a whole
are no longer being actively maintained by anyone anywhere to ensure
ongoing security, we should deprecate the option from koha.
Test plan:
Apply this patch and make sure you do not find any references of Persona
Have a look at patches from bug 9587 and confirm that everything has
been reverted
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Code looks good to me.
Also ran several tests including: Auth.t, Auth_with_shibboleth.t.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test Plan:
1) Apply this patch
2) Make a payment via PayPal in sandbox mode
3) Note the payment succeeds
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Bug 15907 [QA Followup] - Simplify code and call pay() only once
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If the userid of the logged in user contains unicode characters, the token
will not be generated correctly and Koha will crash with:
Wide character in subroutine entry at /usr/share/perl5/Digest/HMAC.pm line 63.
Test plan:
- Edit a superlibrarian user and set his/her userid to '❤' or any other strings
with unicode characters.
- Login using this patron
- Search for patrons and click on a result.
=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine
You can also test the other files modified by this patch.
Signed-off-by: Karam Qubsi <karamqubsi@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
All the values different from the ones GetMember returned has been
managed outside of GetMemberDetails.
It looks safe to replace all the occurrences of GetMemberDetails with
GetMember.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Same as other patches, reservefee is only used in opac-reserve.pl
Test plan;
Set reserve fee for a patron category
Place a hold at the OPAC with one of these patrons.
You must get a message about the reserve fee.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The is_expired value is used in 2 places, let's use
Koha::Patron->is_expired instead.
Test plan:
Depending on the different value of BlockExpiredPatronOpacActions for
the patron category, a patron must be blocked if he has expired.
Confirm that behavior from opac-renew and opac-reserve scripts
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The amountoutstanding value set by GetMemberDetails was only used in a
few places. In that case it makes sense to only retrieve it when needed.
Test plan:
1/ Add fines to a patron, on the OPAC patron info page, you should see a
"Fines" tab
2/ Add credit to a patron, you should see the credit displayed
3/ Set the pref maxoutstanding to 3
4/ Add a fine of 4 to a patron
5/ Try to place an hold for this patron
=> You should get a "too much oweing" message
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The correct way to get the value of BlockExpiredPatronOpacActions from a
patron object is to get the patron category then call the
effective_BlockExpiredPatronOpacActions:
$patron->category->effective_BlockExpiredPatronOpacActions
So this patch applies this change and remove this value from the
GetMemberDetails subroutine.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
From the pod of Digest::MD5:
"""
Since the MD5 algorithm is only defined for strings of bytes, it can not
be used on strings that contains chars with ordinal number above 255
(Unicode strings). The MD5 functions and methods will croak if you try
to feed them such input data.
What you can do is calculate the MD5 checksum of the UTF-8
representation of such strings.
"""
Test plan:
- Set a MySQL/MariaDB password with unicode characters:
UPDATE user SET password=PASSWORD('❤') WHERE USER='koha_kohadev';
FLUSH PRIVILEGES
- Update your $KOHA_CONF file
- Restart Memcached
- Hit the files modified by this patch
=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: removed debugging leftover
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When a patron is not allowed to renew from the self check module, the
only message displayed is "No renewals allowed".
It would be nicer to let him/her know that the renewal is not allowed
because it's a on-site checkout or automatic renewal.
To do so we can call CanBookBeRenewed instead of CanBookBeIssued and get
the renewal error.
Test plan:
0/ Switch off AllowSelfCheckReturns
1/ check out an item and tick "auto renewal"
2/ Go on the self check module
=> auto renewal message is displayed
3/ check out an item and tick "on-site checkout"
4/ Go on the self check module
=> on-site checkout message is displayed
5/ check out an item without ticking any checkboxes (regular checkout)
Renew it to reach the max renew allowed
6/ Go on the self check module
=> regular checkout message is displayed
7/ Switch on AllowSelfCheckReturns and repeat previous steps
=> "Return this item" button is displayed in addition of the renewal
error message
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Ok I am silly, we needed to replace to use the cache mechanism for
search_by_koha_field, not find_by_koha_field...
Let's create another subroutine
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If the period is entered without spaces wrapping the hyphen
You can't get any result
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
I can't reproduce the error, search still works after applying the patch
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Well, this patch does not enforce the unique constraint but mimic what
is already done in C4::ImportExportFramework and Koha::Upload where
md5_hex is used.
Test plan:
Have a look at the code and confirm that it adds more randomness to the
hashed string
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Instead of showing "Automatic renewal" to the user, this
changes it to show "No longer renewable" when the
automatic renewal won't happen any longer because of the
days the item has already been checked out.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jennifer Schmidt <jschmidt@switchinc.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch basically just revert bug 16960 - Fix error on validating the
registration
This job is now done by the Koha::Object constructor, no need to clean
the hash before sending it to AddMember.
Test plan:
Make sure there is no regression on bug 16960 (validate a self registration).
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch just makes SCO use the new syspref (AllowItemsOnHoldCheckoutSCO)
instead of the old one, thus making it configurable, separate from the
non-SCO syspref.
Sponsored-by: NEKLS
Signed-off-by: George <george@nekls.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch replaces the call to C4::Koha::GetKohaAuthorisedValues with
Koha::AuthorisedValues->search_by_koha_field
Test plan:
AV descriptions should be displayed on the following pages:
- XSLT view - location and ccode
- Bibliographic detail, moredetail and OPAC pages - location, ccode, copynumber
- returns - location
- opac-basket - ccode, location
- The 3 reports: catalogue_stats.pl, issues_stats.pl and
reserves_stats.pl - location, ccode
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If you fill the patron self reg with non-latin characters, they will be
encoded with HTML entities (é)
This bug leads to generate a userid with weird behaviors:
é => eacute
ł => x
Test plan:
0/ Do not apply the patch
1/ Set up the Self reg feature
2/ fill surname, fistname with something like "Michał pouéàç"
3/ Save
4/ See the bad encoding/replacement on the screen and look at the data
The accentued chars are replaced with their html representation and the
non-Latin chars with a 'x'
in the DB
5/ Apply this patch
6/ Repeat steps 2, 3
7/ Everything should be ok
8/ Try to make sure this HTML::Entities escape was not useful:
fill surname with "surname <script>alert("xss?")</script>"
Save and look at the data
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In OPAC details page, when record as too many items (depending on syspref OpacMaxItemsToDisplay), they are not displayed in holdings tab.
You can click on link "Click here to view them all" to show them : page reloads with a new arg viewallitems=1.
Also you can choose which tab is shown by default using syspref opacSerialDefaultTab.
The bug is that when default tab is not holdings, clicking on link to show all items will show another tab. So one must reclick on holings tab to see all items.
This patch corrects by forcing holdings tab when arg viewallitems is defined.
Test plan :
- Create a serial record with more items than syspref OpacMaxItemsToDisplay (or decrease this syspref)
- Select "Subscriptions tab" for syspref opacSerialDefaultTab
- Go to opac details on this record : /cgi-bin/koha/opac-detail.pl?biblionumber=xxx
=> You see Subscriptions tab selected
- Click on Holdings tab
=> You see no items but a link "Click here to view them all"
- Click on this link
=> Without patch you see Subscriptions tab selected
=> Wih patch you see Holdings tab selected and the items
Signed-off-by: Juliette <juliette.levast@iepg.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch simply replaces the ';' in the param passed to OverDrive
with '&'
To test:
1 - Enable overdrive (requires an account)
2 - Perform an opac search
3 - Note the number of overdrive results reported
4 - Click the link to view the actual overdrive results
5 - Note the result numbers don't match
6 - Apply patch
7 - Repeat 1-4 and note results numbers match and results are relevant
8 - Test a search with a ';' to ensure this patch isn't breaking
searches
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Verified by reading code - couldn't verify using Overdrive.
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Instead of DBIx::Class objects.
Test plan:
1/ Add content to a list and share it with another patron
2/ Try to view the list with the other patron
3/ download and send a shelf and check if the biblio list is correct
4/ prove t/db_dependent/Virtualshelves.t should return green
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
The subroutine C4::Koha::GetKohaAuthorisedValueLib just retrieves a description
(lib) for a given authorised value.
We can easily replace it using:
Koha::AuthorisedValues->search({ category => $cat, authorised_value => $av })->lib
or
Koha::AuthorisedValues->search({ category => $cat, authorised_value => $av })->opac_description
Test plan:
- On the detail page of a bibliographic record, the description for notforloan,
restricted and stack (?) should be correctly displayed
- View a shelf, the location (LOC) description should be displayed
- On the search result page, the location description should be displayed in the
facets
- Set AcqCreateItem=ordering and receiving items.
The description for notforloan, restricted, location, ccode, etc. field
should be displayed.
- When creating item in the acquisition module, the dropdown list for
field linked to AV should display the AV' descriptions
- On the transfers page, the description of the location should be
displayed.
- On the checkout list from the circulation.pl and returns.pl pages, the
description for "materials" should be displayed
- Fill some OPAC_SUG AV and create a suggestion, the reason dropdown
list should display the description of OPAC_SUG
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Display patron messages from OPAC summary page on SCO screen as well.
To test:
- Make sure you have patrons with and without OPAC note and OPAC messages
- Log in to OPAC and go to patrons 'your summary' page to display note
and messages
- Apply patch
- Refresh patrons detail page. Verify that it looks the same as before
- Go to SCO
- Log in as such patron
- Verify that note and messages appear the same as on OPAC summary page
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This new enhancement will allow to add the name of lists containing a
biblio to the search results at the OPAC.
Test plan:
0/ Regenerate the css file to get the style change:
% lessc --clean-css="--s0 --advanced --compatibility=ie7"
koha-tmpl/opac-tmpl/bootstrap/less/opac.less >
koha-tmpl/opac-tmpl/bootstrap/css/opac.css
1/ Create some lists and add items to them
2/ On the search results you should see the name of the lists which
contains the record.
Note that we could add a syspref to make this new behavior optional.
Sponsored-by: University of the Arts London
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To avoid bug like bug 16518 and to ease the readability/maintainability
of these scripts, this patch replaces the use of 'our' with 'my' to
avoid the use of global variables.
Basically the code has been moved from subroutines to the appropriate places.
Test plan:
At the intranet and OPAC sides
1/ Add items to a list
2/ Add items to a list using an existing name
3/ Add items to a list you don't have right on it (by modifying the
biblionumber in the url)
4/ At the OPAC, use the opac-addbybiblionumber.pl without being logged
in to add items to a list
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
Verify that different values in 'CardnumberLength' system preference
display correctly in the self reigstration form
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
At the OPAC, if a user manipulate the URL to show a list (s)he is not
allowed to view, the list's name will be displayed anyway.
Test plan:
- Create a private list with user A
- Copy the op=view URL and access it with user B logged in
=> Without this patch, you will see the rss icon, the list's name and
the "add list" button
=> Without this patch, only the "unauthorized" box will be displayed
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Unless it's an hourly loan, date due should not display the time part
(23:59).
Because of bad code in GetPendingIssues, date_due is replaced with a
DateTime object and is copied into date_due_sql.
We need to use this date_due_sql to correctly display the date due in
the sco module.
Test plan:
1/ Enable WebBasedSelfCheck syspref
2/ Check out an item to User A -- Do not use an hourly loan.
3/ Log in to Koha self check ( {OPAC URL}/cgi-bin/koha/sco/sco-main.pl).
4/ Enter User A's cardnumber.
Without this patch, checkouts are
MM/DD/YYYY 12:00 AM (Timeformat: 12 hour)
or MM/DD/YYYY 00:00 (Timeformat: 24H)
With this patch applied, only the date is displayed
Followed test plan, works as expected.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Currently a patron can select a home library in the list of all
libraries defined in the system.
However some of these libraries might not accept self registration.
This patch adds a new pref to display only the allowed libraries.
Test plan:
0/ Apply the patch, do not fill the new pref
1/ Self register a new patron
=> All the libraries defined should be displayed in the "Home library"
dropwdown list
2/ Fill the pref PatronSelfRegistrationLibraryList with some of the
branchcode defined in the system
=> Self register a new patron and confirm that the dropdown list has
been filtered.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Removes template var csrf_error and associated handling.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Restested with opac and intranet: Still sends or dies elegantly..
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
No need to send OPACBaseURL to the template, if you load the Koha TT
plugin inside the template.
Test plan:
Send a few items in your cart from OPAC and intranet.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If you have no (valid) token, you will not be able to send the message.
Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
using the following URL:
/cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
This should now result in a csrf error.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Patch deals with opac and intranet variant.
If we authenticated the first time, it is not necessary to do it
a second time rightaway.
Replaces a call to get_template_and_user (including checkauth) by
gettemplate.
Also removes duplicate use C4::Biblio statements.
Test plan:
[1] Put a few books in the cart.
[2] Send the cart from OPAC.
[3] Send the cart from intranet.
Tested 3 patches together. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Admin -> Global sysprefs
2) Turn on HTML5MediaEnabled and HTML5MediaYouTube
3) Go to Cataloging and create a new record
4) Catalogue a YouTube link in 856$u and save record. Do not add any items (click Normal tab)
5) Confirm that Play media tab is the selected tab by default
6) View record on OPAC and confirm Play media tab is selected by default
7) Go back to staff client, add an item then go back to Normal tab
8) Confirm that Holdings tab is now selected by default
9) Confirm Holdings tab is selected by default on OPAC
Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To avoid multiple registrations, it would be good to check the unicity
of the primary email address.
This patchset adds a new pref PatronSelfRegistrationEmailMustBeUnique.
If on, a patron will get "This email address already exists in our
database" if he try to register with an existing email address.
Test plan:
1/ Register a new patron with an email address
2/ Make an other registration using the same email address
=> With the pref PatronSelfRegistrationEmailMustBeUnique on, you won't be allowed
=> With the pref off, no change should be noticed.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described, no errors.
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
[1] Adds a check on biblionumber. (Prevents a DBIx error.)
[2] If you have a reviewid, search on that and check results.
Add an unauthorized error in template.
[3] If you add a new review, check that there is no review yet.
If so, edit the existing one.
This supports the added FIXME on a unique constraint.
Note: This script could receive further attention.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested all crud ops with opac-review.pl (incl URL manipulation).
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Paging is kind of messy here. This patch at least improves somewhat.
The page number should be rounded.
The results per page should be passed to the template too.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested a number of reviews and played with count parameter in URL.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Note that this (biblionumber, borrowernumber) pair should be defined as
a unique key at the DB level (FIXME added)
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The C4::Reviews::getreviews subroutine retrieved the reviews for a given
record, depending on their status.
This can be achieve with a call to Koha::Reviews->search.
There were 2 calls to this subroutine. The one from opac-ISBDdetail.pl
does not look in used: the reviews are not display on this page. It
certainly comes from an old copy/paste from opac-detail.pl.
The one from opac-detail only asked for the approved reviews. So the
logged in user does not see its own review if it is pending approval.
Actually this pending approval review is only displayed when the user
submits it (because of a unecessary complex text replacement done in
JS).
With this patch, the approved reviews AND the unaproved review from the
logged in user will be displayed.
It will allow a future enhancement to add a way to delete our own
reviews.
Moreover, the reviews were retrieved even if they were not displayed (if
reviewson is off), it's now fixed.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This is the fourth and last patch set to remove C4::Branch.
The real purpose of this patch is to standardise and refactor some code
which is related to the libraries selection/display.
Its unconfessed purpose is to remove the C4::Branch package.
Before this patch set, only 6 subroutines still existed in the C4::Branch
package:
- GetBranchName
- GetBranchesLoop
- mybranch
- onlymine
- GetBranches
- GetBranch
GetBranchName basically returns the branchname for a given branchcode.
The branchname is only used for a display purpose and we don't need to
retrieve it in package or pl scripts (unless for a few exceptions).
We have a `Branches` template plugin with a `GetName` method which does
exactly this job.
To achieve this removal, we will use this template plugin and delete the
GetBranchName from pl and pm files.
The `Branches.all()` will now select the library of the logged in user
if no `selected` parameter has been passed.
This new behavior could cause regressions, for instance there are some
places where we do not want an option preselected (batch item
modification for instance), keep that in mind when testing.
GetBranchesLoop took 3 parameters: $branch and $onlymine.
The first one was used to set a "selected" flag, for a display purpose:
select an option in the libraries dropdown lists.
The second one was useless: If not passed or set to 0, the
`C4::Branch::onlymine` subroutine was called.
This onlymine flag was use to know if the logged in user was able to see
other libraries infos.
A patron can see the infos from other libraries if IndependentBranches
is not set OR if he has the superlibrarian permission.
Prior to this patch set, the "onlymine test" was done on different
places (neworderempty.pl, additem.pl, holidays.pl, etc.), including the
Branches TT plugin. In this patch set, this test is only done on one
place (C4::Context::only_my_library, code moved from
C4::Branch::onlymine).
To accomplish the same job as this subroutine, we just need to call the
`Branches.all()` method from the `Branches` TT plugin. It already
accepts a `selected` parameter to set a flag on the option to select.
To avoid the repetitive
[% IF selected %]<option selected="selected">[% ELSE %]<option>[% END %]
pattern, a new `html_helpers` TT include file has been created, it
defines an `options_for_libraries` block, which takes a `selected`
parameter. We could imagine to use this include file for other
selects.
The 'mybranch` and `onlymine` subroutines of the C4::Branch package have
been moved to C4::Context. onlymine has been renamed with
only_my_library. There are only 4 occurrences of it, against 11 before
this patch set.
There 2 subroutines are Context-centric and it makes sense to put them
in `C4::Context` (at least it's the least worst place!)
GetBranches is the tricky part of this patch set: It retrieves all the
libraries, independently of the value of IndependentBranches.
To keep the same way as the existing calls of `Branches.all()`, I have
added a `unfiltered` parameter. If set, the `Branches.all()` will call
a usual Koha::Libraries->search method, otherwise
Koha::Libraries->search_filtered will be called. This new method will
check if the logged in user is allowed to see other libraries or only
its library.
Note that this `GetBranches` subroutine also created a `category` key:
it allowed to get the list of groups (of libraries) where this library
existed. Thanks to a previous patch set (bug 15295), this value was
not used anymore (I may have missed something!).
Note that the only use of `GetBranch` was buggy (see bug 15746).
Test plan (for the whole patch set):
The best way to test this whole patch set is to test with 2 instances: 1
with the patch set applied, 1 using master, to be sure there is no
regression.
It would be good to test the same with `IndependentBranches` and the
without `IndependentBranches`.
No difference should be found.
The tester must focus on the library dropdowns on as many forms as
possible.
You will notice changes in the order of the options: the libraries will
now be ordered by branchname (instead of branchcode in some places).
A special attention will be given to the following page:
- acqui/neworderempty.pl
- catalogue/search.pl
- members/members-home.pl (header?)
- opac/opac-topissues.pl
- tools/holidays.pl
- admin/branch_transfer_limits.pl
- admin/item_circulation_alerts.pl
- rotating_collections/transferCollection.pl
- suggestion/suggestion.pl
- tools/export.pl
Notes for QA:
- There are 2 FIXMEs in the patch set, I have kept the existing behavior,
but I am not sure it's the good one. Feel free to open a bug report and
I will fill a patch if you think it's not correct. Otherwise, remove the
FIXME lines in a follow-up patch.
- The whole patch set is huge and makes a lot of changes.
But it finally will tremendously reduce the number of lines:
716 insertions for 1910 deletions
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds the frameworkcode option param, using each record's frameworkcode
as expected by the filter. Otherwise the ViewPolicy filter falls back to the
default framework.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Koha::RecordProcessor and the defined filters are supposed to bring us
joy and happiness. Let's keep the code compact, simple and clean.
This patch removes record cloning all over the place.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
There are still some leaks, but it is not as a result
of the filter, but rather a result of poorly written
template files.
Bug fixing template files is beyond the scope of this
set of patches.
TEST PLAN
---------
1) Backup your DB
2) run the following SQL on your DB.
> UPDATE marc_subfield_structure set hidden=-8;
-- this should set EVERYTHING to hidden across the board.
3) In staff client, set OPACXSLTDetailsDisplay to blank
4) In OPAC, view any detail.
-- Normal view may mostly leak values still.
-- MARC view may leak values.
-- ISBD view may leak values.
5) In staff client, set OPACXSLTDetailsDisplay to default
6) In OPAC, view any detail.
-- same issues as step 4
-- 'View Plain' may leak too.
7) 'Save record' -> 'Dublin Core'
8) Apply this patch
9) run koha qa test tools
-- should be fine
10) prove -v t/db_dependent/Filter_MARC_ViewPolicy.t
-- should pass
-- this proves Koha/Filter/MARC/ViewPolicy.pm tweaks too
11) In OPAC, view any detail.
-- Normal view:
-- Material type comes from the LEADER field.
-- Lists this is on will still display
-- 'Tags from this library' will still display
-- Item information in table will still display
(THIS IS BEYOND SCOPE)
-- MARC view:
-- Record number is leaked
(THIS IS BEYOND SCOPE)
-- 'View plain' leaks LEADER field.
-- ISBD view may leak field headings, but not values.
(THIS IS BEYOND SCOPE)
12) In staff client, set OPACXSLTDetailsDisplay to blank
13) In OPAC, view any detail.
-- same kind of output as step 10
14) 'Save record' -> BIBTEXT
-- Should be next to nothing leaked.
15) 'Save record' -> Dublin Core
-- Should be the same or less leaked between the two versions.
-- (XML FILTERING IS BEYOND SCOPE)
16) In the staff client, go view the same record.
-- it should be mostly hidden in ISBD View.
17) run the following SQL on your DB.
> UPDATE marc_subfield_structure set hidden=1;
-- this should set EVERYTHING to hidden in OPAC, but not
the STAFF across the board.
18) Refresh the staff ISBD page
-- values should reappear.
19) View the ISBD details in the OPAC
-- values should still be hidden.
20) Check out the OPAC Cart and List
-- while the intermediate pages may still leak
the download links should leak very minimally.
-- (CARTS AND LISTS ARE BEYOND SCOPE, THOUGH
THE INTRANET ISBD AND SOME CART/LIST STUFF
WERE FIXED BECAUSE OF THE GetISBDView REFACTOR)
Expectations:
Before Patch - all the OPAC Detail pages will display things
After Patch - all the OPAC Detail pages will display much less,
and hopefully nothing (though there are known limits).
the ISBD detail page in the Staff client will be
filtered as well based on STAFF settings.
The saving/exporting should generate nearly empty
files.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Applying the filtering and then...
Debugging opac/opac-detail.pl filtering
Debugging opac/opac-ISBDdetail.pl more
Debugging opac/opac-export.pl
Tweak opac/opac-export.pl fix variable declarations, conditional assignments
Debugging opac/opac-showmarc.pl
https://bugs.koha-community.org/show_bug.cgi?id=11592
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Why not clean up the License Agreement stuff while the files
are being changed? Used the current one found at:
http://wiki.koha-community.org/wiki/Coding_Guidelines#Licence
Changed the strict and warning lines into just a Modern::Perl.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
s/Koha::Cache->get_instance/Koha::Caches->get_instance
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
https://bugs.koha-community.org/show_bug.cgi?id=11921
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jason M. Burds <JBurds@dubuque.lib.ia.us>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
This patch adds a configuration option which allows to define which
fields should be mandatory for a patron purchase suggestion form in OPAC.
Test plan:
1/ Apply patch.
2/ Play with the new OPACSuggestionMandatoryFields system preference
(select some fields as manadatory, select all, deselect all, try to
submit some suggestions with mandatory fields filled and/or not
filled etc.) to ensure that required fields (and only required fields)
are enforced in the browser to be filled.
3/ With all options deselected, 'Title' field should still be
mandatory (by default).
Signed-off-by: barbara johnson <barbara.johnson@bedfordtx.gov>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
opac-ics.pl was added to Koha back in 2007, but there has not been a link to it
from anywhere. This patch adds the link from the main view on
/cgi-bin/koha/opac-user.pl, and makes some changes to opac-ics.pl itself.
Changes to opac-ics.pl:
- Update the code to use date and time for when a loan is due
- Use dt_from_string to turn a MySQL time and date into a DateTime
- Add a timestamp and a UID (these were reported as necessary by a couple of
iCal validators)
- Remove DTEND from events, since we now have time as well as date for when a
loan is due
- For loans that are overdue, set the DTSTART to now(), to avoid creating
calendar events in the past
- Use a template to generate text strings, to make them translatable
To test:
- Apply the patch
- Make sure you have at least a couple of loans, including one overdue
- Go to /cgi-bin/koha/opac-user.pl and click on the link labeled "Download as
iCal/.ics file"
- Inspect the file in a text editor and/or view the result in a calendar
appplication. Make sure the data makes sense.
- Sign off and go thee merrily on thine way.
Update 2016-07-25
- Force date_due to UTC to avoid problematic timezone info like this:
DTSTART:TZID=Europe/Zurich:20160724T235900
- Remove quotes from summary and description
Followed test plan, koha.ics file successfully imported to Thunderbird calendar
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds a message to the patron home page in the OPAC to be
shown if the user is restricted because of a discharge.
To test, apply the patch and log into the OPAC as a patron who has been
discharged.
- You should see a message which says so, including a link to
the discharge notice.
- Log in to the OPAC as a patron with a manual restriction and confirm
that the correct notice is displayed.
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
At the intranet, the pagination has been broken by bug 12478 (Elastic
Search). There was a confusion between the offset and the page number.
At the OPAC, it is broken since bug 2735 which has mimicked the intranet
script.
Test plan:
Search for a term which will return more than 1 page of results.
Click on the second page
=> Without this patch, the first result of the second page is the second
result of the first page
=> With this patch applied, the offset will be corrected
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If a patron edit his/her details a second time, we need to delete the
first ones to avoid a "duplicate entry for key PRIMARY" error.
Test plan:
Log in at the OPAC
Edit your details
Edit them again
=> Without this patch, Koha will crash
=> With the patch applied, everything should work as expected
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Followed steps in comment #14, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The changes from opac-memberentry do not reach the table, since the
Patron::Modifications object does not work well.
Test Plan:
1) Apply this patch
2) Create some patron modification requests
3) Ensure you can approve and deny modifications
4) Ensure patron self registration works
Signed-off-by: Bob Birchall <bob@calyx.net.au>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
At the OPAC, if a patron modify his/her information and at least 1
mandatory field is missing, Koha will crash with
Template process failed: undef error - Can't call method "description"
It is raised by Koha::Template::Plugin::Categories::GetName called with
an undefined categorycode.
The problem is that the values sent originaly are not sent back to the
template if the user missed something.
This patch makes that all info are resent to the template in order to
show the same form to the user.
Test plan:
0. Apply patch
1. Make sure that the categorycode is not hidden in the OPAC in:
PatronSelfRegistrationBorrowerUnwantedField or PatronSelfModificationBorrowerUnwantedField
2. Add a required field in PatronSelfRegistrationBorrowerMandatoryField, for example email.
3. Go to Your Personal Details in the OPAC (opac-memberentry.pl) and leave blank the required field of point 2
4. Press "Submit update request"
There should be no software error.
NOTE: The warns will be floody on the logs.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds logging for several holds actions. Specifically for:
- CREATE
- CANCEL
- DELETE
- RESUME
- SUSPEND
- MODIFY
To test:
- Enable the HoldsLog syspref
- Add a hold on a record/item
=> SUCCESS: The log view shows the CREATE action
- Click on the <Suspend> button
=> SUCCESS: The log view shows the SUSPEND action
- Click on the <Unsuspend> button
=> SUCCESS: The log view shows the RESUME action
- Click on the red cross, to delete the hold
=> SUCCESS: The log view shows the CANCEL action
Note: The DELETE action is logged when DelMember is called, with bug 16819 patches applied.
Sponsored-by: NEKLS
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I also wonder about this going in defaulted on, but since the other logs are as well it seems ok to me.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test
1/ Hit the page, notice the warning in the log
2/ Apply patch
3/ Hit page, notice no warning in the log
4/ Test functionality all still works
Works as expected. (Note: See Bug 16960 for updating patron details).
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If language is set by external link language switcher does not work
To reproduce:
- Have a multilingual koha installation, let's say en, de-CH, fr-FR and it-IT
- Create external links e.g. from your multilingual library website to each language variant of OPAC:
...cgi-bin/koha/opac-main.pl?language=en
...cgi-bin/koha/opac-main.pl?language=de-CH
...cgi-bin/koha/opac-main.pl?language=fr-FR
...cgi-bin/koha/opac-main.pl?language=it-IT
Each link opens fine displaying the language as appropriate.
Now try to switch language on the page you just opened via the external link.
It won't work, it will always stay on the language defined by the external link.
To test:
- Apply patch
- Repeat steps above
- Verify that the language switcher works
- Verify in browser address field that after switching language, the param 'language= 'has vanished from url string
- Try links with multiple params and with params containing 'language', e.g.
...cgi-bin/koha/opac-search.pl?language=fr-FR&q=language&mylanguage=test
- Verify that only the parameter 'language=' vanishes
Tested counter patch, works as well.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Resolves the following comments:
I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.
Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.
Tested all 3 patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The vars are gotten from the url and sent to the template as it. They
must be escaped.
Test plan:
I have not managed to create the original issue, so there is no test
plan for the XSS fix, but you can confirm there is no regression.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This subroutine just reads the content of a pref, split it, add an
empty string and returns.
It is not really useful and the code in the script (memberentry.pl) uses
the only occurrence of CGI::popup_menu
Let's remove it and build the dropdown list in the template.
Test plan:
1/ Empty BorrowersTitles, edit a patron and confirm that the "Salutation"
does not appear
2/ Fill BorrowersTitles with "Mr|Mrs|Miss|Ms", edit a patron and confirm
that the "Salutation" dropdown list is correctly filled.
The default option should be selected if you are editing a patron with a
title defined.
This should also be tested at the OPAC.
Followed test pan, works as expected in Staff and OPAC
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch erase all traces of C4::Csv since it's not used anymore.
All occurrences have been replaced by previous patches to use
Koha::CsvProfiles.
Note that GetMarcFieldsForCsv was not used prior this patch set.
Test plan:
git grep 'C4::Csv'
should not return any result.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No more traces of the file.
This produces a koha-qa fail, due to the missing file.
No other errors
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This subroutine returned the csv profiles for a given type.
This could be done easily with the new Koha::CsvProfiles->search method.
Test plan:
To do at the OPAC and staff interface!
1/ Export a list using a CSV profile
2/ Export your CART using a CSV profile
Note that only MARC profiles should be available.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested on staff/opac & cart/list
Small problem on filename extension fixed in followup.
No errors
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch moves the code from C4::Members::changepassword to
Koha::Patron->update_password
Test plan:
Change your password at the OPAC and the staff interface
This should work as before
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I rebased this on top of 16849 because they were conflicting.
Tests pass, code looks good (as usual) and I checked both OPAC
and staff password change work as expected.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In order to move IsMemberBlocked to Koha::Patron it makes sense to move
the code from Koha::Patron::Debarments::IsDebarred to
Koha::Patron->is_debarred.
Test plan:
1/ Add a restriction to a patron
2/ make sure he is not able to checkout items any more
3/ Make sure he cannot get a discharge
4/ Put a hold and make sure you get "Patron has restrictions"
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch fixes issues due to sentence splitting in
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt
Note: This is a string patch. It does not add or change functionallity.
To test:
- Examine code and verify that the text changes remove sentence splitting
and that the changes make sense.
- Log in to OPAC and verify that messages look correct
- with blocked /debarred user (with and without comment and date)
- with user who has to much fines (needs syspref OpacRenewalAllowed
and syspref OPACFineNoRenewals)
- with user who has his card marked as lost
- with user with an account that is about to expire
- with user with expired account
- with user with uncertain address information (with and without
syspref OPACPatronDetails set to Allow)
Note: Amended to make patch apply 2016-07-10 mv
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The authority search pagination displays only 15 pages, even when there
are more.
To fix that, this patch mimic the authorities-home.pl intranet script to
manage the pagination.
Test plan:
Without this patch, do some authority search and click on different
pages.
Apply this patch, redo the same search and make sure the same records
are displayed (i.e. confirm that the pagination still works as before).
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
TEST PLAN
---------
1) Apply Jonathan's test patch
2) prove t/db_dependent/Letters.t
-- dies before finishing tests
3) Apply second test patch
4) prove t/db_dependent/Letters.t
-- dies before finishing tests
-- 'addalert' is changed to 'getalert'
5) Log into OPAC with database admin user.
-- see error given in comment #0
6) Apply this patch
7) prove t/db_dependent/Letters.t
-- says 'getalert'
-- all tests pass.
8) Log into OPAC with database admin user.
-- logs in, but gives warning with a nice logout button.
9) run koha qa test tools.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
No kaha qa errors
In debian display diferent error:
Can't use an undefined value as an ARRAY reference at /usr/lib/perl5/DBI.pm line 2054.
Works as advertised
NOTE: Revised test plan, as Jonathan added useful test case.
Works as I've tested above.
Hector tested older test plan which was steps
5,6,8 and 9.
Revised test plan again while tweaking to address comment #9.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If limit is X and patrons has X-1 pending suggestions, when a new one is
added, the "New suggestion" should not been added.
to avoid another call to SearchSuggestions, we assume than the
suggestion has been correctly added.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This does not work correctly and should be handle on another bug report.
The behavior existed prior to this patchset.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Only check limit for signed in borrower
Show all suggestions after a new one is added
Signed-off-by: Barbara Walters <bwalters@ncrl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Barbara Walters <bwalters@ncrl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Also fixes the issue that the add suggestion link would sometimes
show even if the patron could not make an additional suggestion.
Signed-off-by: Barbara Walters <bwalters@ncrl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Define a number of MaxOpenSuggestions
2 - Add some suggestions for a patron
3 - Note they cannot add any more suggestions if limit is reached
4 - Delete a suggestion and note you can add another
5 - Add them to limit again
6 - Accept a suggestion in the staff client and note user can add more
7 - Repeat above with rejecting or deleting
8 - Sign off.
Sponsored by:
North Central Regional Library (http://ncrl.org/)
Signed-off-by: Barbara Walters <bwalters@ncrl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the new sysprefs work as the previously defined. Instead of falling back
to what *ResultsDisplay is set, it now has its own 'default' (that still defaults to the
*Results*.xslt).
The default values are set to 'default' as the rest of XSLT-related sysprefs, and the upgrade
picks whatever is set in OPACXSLTResultsDisplay and XSLTResultsDisplay so current behaviour
is preserved.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
New XSLTs for Lists work as advertised
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan noticed the current behaviour is that the lists rendering
falls back to the XSLTResults, and if not defined (i.e. != 'default' and
!= some_path) it falls back to a legacy display (non-XSLT).
The patchset changed this behaviour because 'default' is not a valid value
for the lists. So it should fallback to the current behaivour (i.e. Results
XSLT configuration) if not defined. This patch fixes this by adding
|| C4::Context->preference('XSLTResultsDisplay')
(and the OPAC counterpart).
It also fixes minor glitches on the update message (oops) and bad default value
in sysprefs.sql for 'XSLTListsDisplay'.
Thanks Jonathan!
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the shelves.pl (staff) and opac-shelves.pl scripts
use the new sysprefs for specifying custom XSLTs for lists display.
XSLT.pm is patched so it defaults to the corresponding *Results.xsl
files if none is specified.
To test:
- Create a list
- Open the list in the staff interface
- On a new tab, open the list in the OPAC.
- Apply this patches
=== default behaviour
- Open the list (both opac and staff) on new tabs
=> SUCCESS: They look exactly the same (hint: the syspref is set to ''
so it should fallback to using the one we were using.
=== using the new functionality
- Create custom XSLTs for lists, for example:
$ cd /home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/xslt
$ cp MARC21slim2OPACResults.xsl MARC21slim2OPACLists.xsl
- Edit your sysprefs, setting OPACXSLTListsDisplay to:
/home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/{langcode}/xslt/MARC21slim2OPACLists.xsl
- Reload the OPAC list view
=> SUCCESS: Looks exactly as before
- Make some minor tweak (for example in line 423 replace
<xsl:text> </xsl:text>
for
<xsl:text> BLAH </xsl:text>
- Reload the list
=> SUCCESS: BLAH shows in several places on the title.
- Repeat for the staff interface
- Sign off :-D
So we can now set custom XSLTs for lists.
Sponsored-by: Carnegie Stout Library
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Deb Stephenson <DStephen@dubuque.lib.ia.us>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If an attacker can get an authenticated Koha user to visit their page
with the code below, they can update the victim's details to arbitrary
values.
Test plan:
Trigger
/cgi-bin/koha/opac-memberentry.pl?action=update&borrower_B_city=HACKED&borrower_firstname=KOHA&borrower_surname=test
=> Without this patch, the update will be done (or modification
request)
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)
Do some regression tests with this patch applied (Update patron infos)
QA note: I am not sure it's useful to create a digest of the DB pass,
but just in case...
Reported by Alex Middleton at Dionach.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The $search_results is considered as an arrayref but is not defined if
no patron matches the recovery infos.
Test plan:
- Set syspref OpacResetPassword to "Allow"
- Go to OPAC
- Click link "Forgot your password?
- On the following screen "Forgotten password recovery", do not fill in
form fields, click "Submit"
=> Without this patch you got the software error
=> With this patch apply, you will get "No account was found with the
provided information."
Sign-off on counter patch.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
A malicious user can delete the search history of all other users by
correctly guessing the ID value assigned to the victim's search. As
searches are assigned values sequentially, an attacker could quickly
remove the searches belonging to all of the application's users.
To reproduce:
Login with patron A
launch a search
Note the id generated for this search history:
select id from search_history order by id desc limit 1;
Login with patron B
Hit /cgi-bin/koha/opac-search-history.pl?action=delete&id=<ID>
Note that the row is deleted in the DB
Test plan
Confirm that this patch fixes the issue.
The same test can be made at the staff interface
Reported by Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This simple patch fixes wide character warning raised by opac-export.pl when
'MARC (Unicode/UTF-8)' and 'MARC (Unicode/UTF-8, Standard)' formats are chosen for downloading records.
To test:
- Have records indexed
- Open your OPAC logs:
$ tail -f /var/log/koha/kohadev/opac-error.log
- Open the detail page in the opac for a record
- Choose Save record > MARC (Unicode/UTF-8)
=> FAIL: opac-export.pl: Wide character in print at /home/vagrant/kohaclone/opac/opac-export.pl line 116., referer: http://localh...
- Choose Save record > MARC (Unicode/UTF-8, Standard)
=> FAILE opac-export.pl: Wide character in print...
- Apply the patch
- Choose Save record > MARC (Unicode/UTF-8)
=> SUCCESS: No warnings raised.
- Choose Save record > MARC (Unicode/UTF-8, Standard)
=> SUCCESS: No warnings raised.
- Sign off :-D
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The script opac/opac-addbybiblionumber.pl is not plack safe because the
variable @biblios is declared with our and is not assigned to an empty
array (so not reset).
The issue:
When trying to add items to a list (virtualshelf), the biblionumbers are
added to the @biblios variable and the list is not reset between each
run.
Test plan:
Check from records from the result list and add them
to a list.
Cancel or save and re-add them (or others) to a list (same or
different).
=> Without this patch, the list of records will never stop growing, the
previous items added are still listed when adding new ones.
=> With this patch, the behavior is the one expected.
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
See comment #17: Redirect to 404 in opac-discharge.pl and remove
message in template because with the redirect it will never be
reached.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Bug 7976 has removed this permission, but other patches re-added it...
Note that the occurrences in sendbasket.pl, edithelp.pl, opac/svc/login should
have been removed by bug 7976.
Test plan:
git grep 'borrow.*=> 1'
should not return any results.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
Edit: fixed catalogue/detail.pl and opac/opac-detail.pl so they use the right
XSLT syspref.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the lists work as the search results for rendering on
XSLT-driven context. No behaviour change is expected.
To test:
- Apply the patch
- Navigate lists (OPAC and intranet)
=> SUCCESS: the only difference is speed (faster)
- Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by
sysprefs.sql and does not appear in updatedatabase.pl, we could easily
imagine that nobody uses it.
With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set. Otherwise you need to turn
the XSLT off. In this case you will see the images on the result list
(OPAC+Staff interfaces) and OPAC detail page, but not the Staff detail
page.
This patch suggests to remove completely this feature as it does not
work correctly.
The ability to assign an image to an authorised value is now always
displayed, but the image will only be displayed on the advanced search
if defined.
Test plan:
Confirm that the authorised value images are no longer visible at the
opac and the staff interfaces.
The prefs should have been removed too.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This feature is enabled by default, but the users are not aware of it
and it costs a lot of time processing to get the images.
There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by sysprefs.sql and
does not appear in updatedatabase.pl, we could easily imagine that
nobody uses it.
With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set.
Otherwise you need to turn the XSLT off. In this case you will see the
images on the result list (OPAC+Staff interfaces) and OPAC detail page,
but not the Staff detail page.
The idea of this patch is to introduce a quick switch if the feature is
not used by the library.
Test plan:
1/ Turn the pref on and set authorised_values.imageurl to NULL
Execute the DB entry
=> The pref have been turned off
2/ Turn the pref on and set an image for an authorised value
Execute the DB entry
You will get a warning
3/ Turn the pref off and set an image for an authorised value
Execute the DB entry
You will get a warning
4/ Turn the pref off and set authorised_values.imageurl to NULL
Execute the DB entry
You won't get a warning
Note that the opac detail page now checks the pref before retrieving the
images.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed update message 'that means'.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds an input named 'branch' to opac-main.pl that
allows overriding the home library to view news from any branch.
This is part of the 'Use Koha as a CMS' development.
To reviewers: Does this create any security implications?
The column is text; it is possbile to push SQL
statemens into the DB via the opac-membership.pl
page, but all the code there seems to use DBIx::Class
and prepared statements. When attemped, accepting the
changes were rejected because of the foreign key
constraint placed on the main borrowers table.
It is recommended to use this patch in conjunction with 11584
which adds a WYSIWYG editor to System Preferences.
Test plan:
* Make sure your Koha installation has multiple branches:
* Log in to the Staff interface and select 'Koha administration'
* Select 'Libraries and groups', the first item in the list
* Add an extra branch named 'BRANCH1':
* Press the 'New library' button
* Set 'Library code' to 'BRANCH1'
* Enter an arbitrary name
* Press 'Submit'
* Add at least two news items with different branches:
* Log in to the Staff interface and select 'Tools'
* Under 'Additional tools' select 'News'
* On the 'Koha news' page, create a news item for all libraries:
* Press the 'New entry' button
* Set 'Library' to 'All libraries' and enter a title.
* Press 'Submit'
* On the 'Koha news' page, create a news item for one library:
* Press the 'New entry' button
* Set 'Library' to 'BRANCH1' and enter a title
* Press 'Submit'
* Add links to OPAC to select branch:
* Select 'System preferences' and then the 'OPAC' tab
* Scroll down to the 'OpacNav' preference and click 'Click to Edit'
* Create two hyperlinks with a parameter named 'branch':
* '<a href="?branch=BRANCH1">BRANCH1</a>'
* '<a href="?branch=">none</a>'
* Click 'Save all OPAC preferences'
* Test OPAC:
* By default, global news and news for home branch should show.
* When clicking the 'BRANCH1' link, you should see global news
plus news for the BRANCH1 branch.
* When the parameter 'branch' is set but has no value,
news from the home branch should be shown.
Issues: Tricky to create a link to the same page
which removes existing paramters.
The user normally has a home branch set.
We can override it with the parameter.
If undefined, the home branch should be shown.
Sponsored-by: Halland County Library
http://bugs.koha-community.org/show_bug.cgi?id=14305
Changed 2015-12-14: Whitespace fix
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This fix changes the RSS link to reflect the URL paramter override.
This is less elegant than the existing solution which uses the
Branches TT module, perhaps there is a better way?
Sponsored-By: Halland County Library
Test plan:
* Follow instructions in the original patch but also check the
URLs and contents of the RSS link at the bottom the OPAC page.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The OPAC registration captcha should not be case sensitive. This patch
was moved here from bug 9393.
Test Plan:
1) Enable patron self registration
2) Test the captcha by typing in the captcha in lower case. Registration
should still succeed.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Some libraries would like the ability to select the itemtype to request
when placing holds. For example, if a record has 3 copies of BookA and 3
copies of BookA in large print, this feature would allow a person to
place a hold on the record, but still be able to target only the Large
Print edition so that the first Large Print copy that becomes available
is targeted, rather than forcing the patron to select a particular copy
to hold.
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Create a record with items of two or more itemtypes
4) Place a record level hold on the record while choosing one particular
itemtype
5) Check in an item from the record that is not of that itemtype
6) Notee it is not trapped for the hold
7) Check in an item from the record that does match the selected itemtype
8) Note the item is trapped for the hold
Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch does the same as the previous one, but affects lines which
have not been caught by the regex.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch replaces the occurrences of
my @foo = $cgi->param('foo');
with
my @foo = $cgi->multi_param('foo');
perl -p -i -e
's/^(\s*my\s*@\w+\s*=\s*)\$(cgi|input|query)\->param\(/$1\$$2\->multi_param\(/xms'
**/*.pl
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
By default ES returns the facet terms ordered by most used, which makes
sense.
This patch removes resort done in the scripts (catalogue/search.pl and
opac/opac-search.pl) and moves it to the module.
For Zebra it's now done in C4::Search::getRecords, and there is no
change to expect (still alphabetically).
On the Elastic search side, we could imagine to let the library define
the order of the facets. The facet terms are now sorted by most used.
To test easily this change, turn on the displayFacetCount pref.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This reverts commit cd4905c2969b067476881016d0b03271f0bcc7c8.
This commit caused an error in C4::Search::GetFacets when running in
zebra mode.
Conflicts:
Koha/SearchEngine/Elasticsearch/Search.pm
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
The system preference FacetMaxCount should work as expected with ES.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
By default ES returns the facet terms ordered by most used, which makes
sense.
This patch removes resort done in the scripts (catalogue/search.pl and
opac/opac-search.pl) and moves it to the module.
For Zebra it's now done in C4::Search::getRecords, and there is no
change to expect (still alphabetically).
On the Elastic search side, we could imagine to let the library define
the order of the facets. The facet terms are now sorted by most used.
To test easily this change, turn on the displayFacetCount pref.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This allows sorting to be configured within a field. For example, while
many values are included for search on author, sorting should only be
done on the main entry values. This permits that by have a sort value,
which can be true, false, or null. true and null are pretty much the
same, but false means that a field isn't available for sorting on. By
default (null), fields can be sorted on.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Queries are being built, but they seem to be wrong as no results are
returned.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(Not fetched yet though.)
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Test plan:
- Empty OPACXSLTResultsDisplay system preference,
- select a virtual shelf in the dropdown list "Lists" on navigation bar
(Or create one and add records),
- check that records are correctly displayed (title, author, publisher
etc...).
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Display is now correct
No errors
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
When sharing a private list, the the receiver of the share link will get
the following error when they are logged in and try to click the link:
DBIx::Class::Storage::DBI::_dbh_execute(): Unknown column 'sharedate
desc' in 'order clause' at /home/koha/kohaclone/Koha/Objects.pm line 150
Test Plan:
1) Create a private list
2) Share that list to another account
3) Log in as the other account
4) Click the link in the email you recieved
5) Note the error
6) Apply this patch
7) Click the link again
8) You should see no error and be able to view the list!
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
The OPACISBD system preference is used in order to be able to have one ISBD for OPAC another one for intranet.
But the link ISBD at OPAC was depending on the presence or absence of value in ISBD which is for intranet.
This patch fixes the behaviour to depend on the correct system preference at OPAC
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Verified that new system preference is added cleanly and
ISBD view can be configured independently for staff and OPAC
using OPACISBD and viewISBD system preferences.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
Currently if not logged in when browsing to
http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl
You are redirected to opac-auth.tt and SCOUserCSS and SCOUserJS are not
loaded. This page passes through a parameter to the template to indicate
this is an SCO login and appropriate CSS and JS should be loaded.
Additionally this patch ensure that when loggin in using the form you
are redirected to the sco-main.pl instead of the patron account page for
the user.
To test:
1 - Verify that normal login works on both staff and opac
2 - Verify that SCO link goes to login page if AutoSelfCheckAllowed is
set to "Don't allow"
3 - Enter changes into SCOUserJS and SCOUserCSS and observe these are
present on SCO log in page with AutoSelfCheck disabled
4 - Verify that a logged in opac user without permissions cannot access
the self-checkout module
5 - Verify that AutoSelfCheckAllowed and associated system preferences
function as expected
6 - Verify the AutoSelfCheck user is logged out if they attempt to visit
another page
Followed test plan.
If I go to http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl, CSS and JS trigger already on
the login form, I suppose that is intended.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
If JS is disabled and a user clicks on the "Rate me" button, Koha will
crashes with:
DBIx::Class::ResultSet::create(): Column 'rating_value' cannot be null
at /usr/share/koha/lib/C4/Ratings.pm line 208
To avoid that, opac-ratings.pl will check if a rate has been selected.
Test plan:
Disable JS
On a record detail page, click on the "Rate me" button
TESTED PLAN:
1) go to /cgi-bin/koha/opac-ratings.pl?biblionumber=1
-- kaboom as above.
2) apply patch
3) refresh
-- either login screen (don't know why)
-- or if already logged in, detail page.
4) koha qa test tool
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I tested successfully by temporarily removing the modification made by
Bug 16210.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
From C4::Koha::GetAuthorisedValues
# TODO: the "selected" feature should be replaced by a utility function
# somewhere else, it doesn't belong in here. For starters it makes
# caching much more complicated. Or just let the UI logic handle it, it's
# what it's for.
Indeed, it's not a job for a subroutine, the template should take care of that.
Note that a perf gain could be won with this patch \o/
Test plan:
- Edit an itemtype and check the value of the "Search category" dropdown list
- Edit a patron attribute type and check the value of the "Class" dropdown list
- Detail for a catalogue record, the Status column should be correctly
populated if items are damaged and/or lost
- Item details for a catalogue record, the lost, damaged and withdrawn
value should be correctly displayed
- Edit a patron, the "street type" should be correctly selected
- Create a patron attribute type linked to an authorised value list.
- Edit a patron, set a value for this attribute, edit it again. The
correct value should be selected.
- Search for subscriptions. The 'Location' dropdown list should behave
correctly (select the entry you have choosen before, etc.)
- Edit a subscription, the location dropdown list should select the
correct value.
- Edit and view a suggestion with a 'reason for suggestion' set (you
should have at least 1 OPAC_SUG AV defined)
Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
subroutines should not take $dbh in parameter.
C4::Biblio::TransformMarcToKoha has it and does not use it.
Test plan:
Look at the patch and confirm that all occurrences of
TransformMarcToKoha have been modified.
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Introduced by
commit d564d3732d
Bug 15629: Koha::Libraries - Remove GetBranchInfo
If the branchcodesuggestedby is not defined, the find won't return
anything and ->branchname on an undefined value will raise
Can't call method "branchname" on an undefined value at
/home/katrin/kohaclone/opac/opac-suggestions.pl line 153.
Test plan:
-Staff
Create a patron
Use this patron to create a suggestion
Delete the patron
-OPAC
Logout and trigger opac/opac-suggestions.pl
Without this patch, you will get an error
With this patch applied, everything should be ok
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works ok following test plan
No errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Test Plan (remains the same):
0) Back up your database
1) Apply all these patches
2) In your mysql client use your Koha database and execute:
> DELETE FROM systempreferences;
> SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
-- Should be no errors.
> SELECT * FROM systempreferences LIKE 'GoogleO%';
-- Should see 4 entries.
> QUIT;
3) Restore your database
4) Run ./installer/data/mysql/updatedatabase.pl;
5) In your mysql client use your Koha database and execute:
> SELECT * FROM systempreferences LIKE 'GoogleO%';
-- Should see the same 4 entries.
6) Log into the staff client
7) Home -> Koha administration -> Global system preferences
8) -> OPAC
-- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
9) -> Administration
-- There should be a 'Google OAuth2' section with the ability
to set those 4 system preferences.
10) In a new tab, go to https://console.developers.google.com/project
11) Click 'Create Project'
12) Type in a project name that won't freak users out, like your
library name (e.g. South Pole Library).
13) Click the 'Create' button.
14) Click the 'APIs & auth' in the left frame.
15) Click 'Credentials'
16) Click 'Create new Client ID'
17) Select 'Web application' and click 'Configure consent screen'.
18) Select the Email Address.
19) Put it a meaningful string into the Product Name
(e.g. South Pole Library Authentication)
20) Fill in the other fields as desired (or not)
21) Click 'Save'
22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
(http://library.yourDNS.org)
23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
googleoauth2 script
(http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleopenidconnect)
24) Click 'Create Client ID'
25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
system preference.
26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
system preference.
27) Change the GoogleOpenIDConnect preference to 'Use'.
28) Click 'Save all Administration preferences'
29) In the OPAC, click 'Log in to your account'.
-- You should get a confirmation request, if you are
already logged in, OR a login screen if you are not.
-- You need to have the primary email address set to one
authenticated by Google in order to log in.
30) Run koha qa test tools
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
