We are using json files to retrieve the list of the DB columns. We can
reuse what we have done in the previous patch and display translated
strings.
Test plan:
Search for "unwanted" in the sysprefs
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test that preference search term highlighting works correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds a flag to the OPAC preferences file marking suggestion
title as mandatory OPACSuggestionMandatoryFields and excluded from
OPACSuggestionUnwantedFields.
The patch also modifies the markup around required fields in the OPAC
suggestion form to comply with changes made in Bug 27668 to mandatory
field styling.
To test, apply the patch and restart services.
- Test the OPACSuggestionMandatoryFields preference. In the modal,
"title" should be checked and the label in red. It should not be
possible to uncheck the checkbox.
- Test that the "Select all" and "Clear all" links don't affect the
"title" checkbox.
- Confirm that your selections are still saved correctly.
- Test the OPACSuggestionUnwantedFields preference. In the modal,
"title" should be unchecked and disabled.
- Test that the "Select all" and "Clear all" links don't affect the
"title" checkbox.
- Confirm that your selections are saved correctly.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
If Pseudonymization is set but the bcrypt_settings config used by the
feature is not set, then there is an ugly 500 on checking out.
bad bcrypt settings at /kohadevbox/koha/Koha/PseudonymizedTransaction.pm line 116.
However it's pretty hard to handle correctly this exception (and that's
why it hasn't be done initially). However we could prevent the pref to
be turned on if the config entry is not present.
Test plan:
Remove the bcrypt_settings from the config
Try to turn the syspref on
Add the config
Try to turn the syspref on/off
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
JD amended patch: fix qa failures
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the admin folder are swapped around to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I think the "breadcrumbs" ID is worth saving for past and future CSS
customization reasons.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Modified breadcrumbs to be accessible, in particular for a
screen-reader.
Made the block of breadcrumbs be a <nav aria label="Breadcrumb"
class="breadcrumb"> with an ordered list inside. The last breadcrumbs
also has aria-current="page" to specify that it is the current page.
To test:
1) Apply patch
2) Build scss file
3) Ensure each of the files in the admin folder has breadcrumbs that are
in a <nav aria label="Breadcrumb" class="breadcrumb"> block
4) Ensure that there is an ordered list in the block of breadcrumbs
5) Ensure that the last breadcrumb has aria-current="page"
6) Ensure that the breadcrumbs on each page of the staff client
belonging to these files look the same as before, but the '>' symbol
is replaced with '/' and the last breadcrumb has bold text
7) Ensure that when the last breadcrumb is clicked it takes you to the
page you are currently on
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 22844 Added the option to provide a modal for selecting database columns for system preferences
Some system preferences are limited to a subset of the columns allowed. For instance, setting branchcode
in BorrowerUnwantedFields prevents adding new patrons
This patch allows for defining exclusions in the .pref file
To test:
1 - Alter BorroweUnwantedFields and select branchcode
2 - Attempt to add a new patron
3 - Get a message like "Something went wrong. Check the logs"
4 - Apply patches
5 - Alter the preference again
6 - Note that branchcode is unchecked and disabled
7 - Save the pref
8 - Add a patron
9 - It succeeds
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Bug 17364: (follow-up) Add missing filter
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Valid characters are alphanumeric characters (a-zA-Z0-9), hyphen (-)
and underscore (_)
https://www.w3.org/TR/CSS21/syndata.html#value-def-identifier
All invalid characters will be replaced by '_'
Test plan:
1. Go to Administration » System preferences and click on 'Searching'
tab
2. You should see a console error (Uncaught Error: Syntax error,
unrecognized expression: #collapse_Did_you_mean/spell_checking)
3. Apply patch
4. Make sure the error is gone
5. prove t/Koha_Template_Plugin_HtmlId.t
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Do not allow a line break between the bookmark icon and syspref name.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In the paragraph touched by this patch, there were some
whitespace issues. This patch does some tab to space
replacement and reindentation to make the code more readable.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Ivan Masár <helix84@centrum.sk>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1) Log in to Staff UI with superlibrarian permissions
2) Go to System Preferences /cgi-bin/koha/admin/preferences.pl
3) Next to each preference, there should now be a bookmark icon
4) The bookmark icon links to a search for the exact preference name
5) The link can be bookmarked for quick reference to the specific
preference
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the definition of translatable strings out of
templates and into the corresponding JavaScript file, using the new JS
i81n function.
To test (a non-comprehensive list):
- Apply the patch, go to Administration -> System preference
- Modify any system preference. "modified" should appear next to the
preference name.
- Click the "Save" button. You should get a message, "Saved preference
<pref name>"
- Hover your mouse over a section heading (e.g. "Features" under
Accounting). You should see a tooltip, "Click to collapse this
section."
- Click to collapse the section. The tooltip should change to "Click to
expand the section."
- Open a new tab for the staff interface and log out.
- In the original tab, modify and try to save a system preference. You
should get a message, "Error; your data might not have been saved."
TESTING TRANSLATABILITY
- Update a translation, e.g. fr-FR:
> cd misc/translator
> perl translate update fr-FR
- Open the corresponding .po file for JavaScript strings, e.g.
misc/translator/po/fr-FR-messages-js.po
- Locate strings pulled from
koha-tmpl/intranet-tmpl/prog/js/pages/preferences.js for
translation, e.g.:
msgid "Saved preference %s"
msgstr ""
- Edit the "msgstr" string however you want (it's just for
testing).
- Install the updated translation:
> perl translate install fr-FR
- Switch to your newly translated language in the staff
client and repeat the test plan above. The translated strings
should appear.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch introduces a new way for users to select database columns for
system preferences like BorrowerMandatoryField, which currently
require hand-typing of database names.
This new system uses a JSON file containing label:column pairs for
database columns which are relevant to preferences which reference
borrower table columns. My intention was to have user-friendly values as
the labels, but embedding English strings in JSON would make them
untranslatable.
The following preferences are affected:
- BorrowerMandatoryField
- BorrowerUnwantedField
- PatronSelfModificationBorrowerUnwantedField
- PatronSelfRegistrationBorrowerMandatoryField
- PatronSelfRegistrationBorrowerUnwantedField
== Test plan ==
- apply the patches
- regenerate the staff client CSS (yarn build)
- updatedatabase
- dbic
- flush_memcached
- restart_all to make sure the updated .pref file is used
- Go to Administration -> System preferences, and search for
"PatronSelf"
- The input fields for PatronSelfModificationBorrowerUnwantedField,
PatronSelfRegistrationBorrowerMandatoryField, and
PatronSelfRegistrationBorrowerUnwantedField should appear as "locked"
(read-only) inputs.
- Clicking the input field should trigger a modal window with
checkboxes for each available column from the borrowers table.
- Test that the "select all" and "clear all" links work correctly.
- Test that the "cancel" link closes the modal without saving your
selections.
- Test that the "Save" button closes the modal, copies your selections
to the form field, and triggers the preference-saving function (this
eliminates the need to click a save button again after closing the
modal).
- Test this process by making modifications to all three different
preferences, confirming that the right data is preselected each
time the modal is shown and the right data is saved to the right
field each time.
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a submenu to the sidebar menu in the system preferences
interface. Submenu links let you jump to the sub-sections in each
preference category.
In the search results view, a link is added to allow the user to jump
directly to the section from which those results came. For instance, if
your search returns the "SuspendHoldsOpac" preference, the link will
take you to to the Circulation preferences page and jump the page to the
"Holds policy" section.
This patch also converts the expand/collapse arrows to Font Awesome
icons. The obsolete image files are removed.
If you click a submenu link for a section on the current page which has
been collapsed, the section will expand.
To test, apply the patch and rebuild the staff client CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Go to Administration -> System preferences.
- Test the various preference categories and confirm that the submenus
appear correctly and jump you to the right section.
- Test that if you click a section heading to collapse it that
clicking the corresponding submenu link in the sidebar causes it to
expand again.
- Do a search for system preferences and confirm that the sidebar menu
displays correctly.
- Confirm that the "View all..." links take you to the correct page and
section.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
system preferences
This patch adds CodeMirror plugins for linting JS, CSS, HTML, and YAML.
When invalid data is entered in a linted CodeMirror editor an icon is
displayed in the editor's "gutter." Hovering over the icon displays the
error message.
This patch renames the minified CodeMirror JS file to match convention
but the version is unchanged.
To test, apply the patch and go to Administration -> System preferences.
Test preferences of each type and confirm that each type of CodeMirror
editor shows an error indicator if you entry invalid data. Valid data
should trigger no error indicator.
- HTML: e.g. OpacMainUserBlock, opacheader. Enter invalid HTML, for
example "<h1>Hello <h2>World</h2>."
Example valid HTML: "<h1>Hello world</h1>"
- JavaScript: e.g. OpacUserJS, IntranetUserJS. Example bad JS,
"alert("Success!');"
Example valid JS: "alert("Success!");"
- CSS: e.g. IntranetUserCSS, SCOUserCSS. Example bad CSS,
"p { color blue }"
Example valid CSS, "p { color: blue; }"
- YAML: e.g. OpacHiddenItems. Example bad YAML:
"one: two, three: four"
Example valid YAML:
"one: two
three: four"
Also test that other CodeMirror instances still work correctly without
linting: The advanced MARC editor, SQL reports editing.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To prevent invalid values in this pref (and so on the server), we should
make this input readonly on the syspref page.
The sysprefs related to Hea should be edited from the dedicated page, so
also adding a note about that.
Test plan:
Search syspref with "UsageStats"
Notice the note about the admin page
Notice the UsageStatsGeolocation input is now readonly (and resized, to
display the whole value when filled)
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Search for "foo bar" (with double quotes) in the sysprefs
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch uses the JQuery validator plugin to add validation to preferences of class email in the system preferences page. A field containing an invalid value (even if not modified) should prevent saving.
To test, confirm that when entering an invalid email address in the SendAllEmailsTo field, an error message appears and saving is prevented.
Correcting the value should hide the message and let you save as normal.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a new syspref "UpdateItemLocationOnCheckin" which
accepts pairs of shelving locations. On check-in the items location is
compared ot the location on the left and, if it matches, is updated to
the location on the left.
This preference replaces ReturnToShelvingCart and
InProcessingToShelvingCart preferences. The update statement should
insert values that replciate these functions. Note existing
functionality of all items in PROC location being returned to
permanent_location is preserved by default. Also, any items issued from
CART location will be returned to their permanent location on issue (if
it differs)
Special values for this pref are:
_ALL_ - used on left side only to affect all items
_BLANK_ - used on either side to match on/set to blank (actual blanks
will work, but this is an easier to read option)
_PERM_ - used on right side only to return items to permanent location
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Set the new system preference UpdateitemLocationOnCheckin
to the following (assuming sample data):
NEW: FIC
FIC: GEN
4) Create an item, set its location to NEW
5) Check in the item, note its location is now FIC
6) Check in the item again, note its location is now GEN
7) Check in the item again, note its location remains GEN
8) Test using _ALL_, _BLANK_ and _PERM_ for updates
9) Try entering various incorrect syntax in the pref and note you are warned
Sponsored by:
Arcadia Public Library (http://library.ci.arcadia.ca.us/)
Middletown Township Public Library (http://www.mtpl.org/)
Round Rock Public Library (https://www.roundrocktexas.gov/departments/library/)
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds the dependencies required to provide YAML syntax
highlighting in CodeMirror text areas. The OpacHiddenItems system
preference configuration is updated to use a "text/x-yaml" CodeMirror
syntax.
To test, apply the patch and go to Administration -> System preferences
-> OPAC.
Expand the OpacHiddenItems preference and test that YAML-formatted text
entry has the correct syntax highlighting.
Signed-off-by: Michal Denar <black23@gmail.com>
https://bugs.koha-community.org/show_bug.cgi?id=2700
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds CodeMirror syntax highlighting by default to JS and CSS
system preferences. HTML preferences will use CodeMirror editors if
UseWYSIWYGinSystemPreferences is disabled.
Three new CodeMirror files are added to support three new syntax
highlighting modes: XML (for HTML), CSS, and JS.
A new option is added to *.pref file configurations for textareas which
are intended for HTML, JS, or CSS: syntax. This option is passed to the
CodeMirror configuration to control syntax highlighting mode.
Textareas without a syntax option specified will not have CodeMirror
enabled.
To test, apply the patch and go to Administration -> System preferences.
Test the behavior of several preferences which use <textarea> as their
input. For example:
- OPACUserJS (JS)
- IntranetUserCSS (CSS)
- OpacHeader (HTML)
- BibtexExportAdditionalFields (no highlighting)
Text entry in each of these should have the correct syntax highlighting
applied to them. All data should be saved correctly.
Test with UseWYSIWYGinSystemPreferences both on and off.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes markup and CSS changes to the system preference
interface so that it is visually clearer that language preferences
(language and opaclanguages) can be re-ordered by the user to control
the sequence of their appearance in language-selection menus.
This patch makes some minor markup changes (including some whitespace
fixes -- diff accordingly) in order to make it easier to apply these CSS
changes.
To test you should have more than one translation installed. Apply the
patch and clear your browser cache if necessary.
- Go to Administration -> System preferences -> I18N/L10N
- The 'language' and 'opaclanguages' system preferences should show the
new style.
- Each language should show a "move" cursor when the mouse hovers
over the "box."
- Dragging and dropping the languages should work correctly, and
changes should be reflected in language menus.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
DataTables are used on enough pages in the staff client that it
doesn't make sense to put inclusion of the CSS into each template
where it is needed. This patch moves includes of datatables.css from
individual templates into the global header file.
To test, apply the patch and view various pages which have DataTables.
View various styles of DataTables, e.g.
- Full pagination, like item search results
- Four-button, like Saved SQL reports
Everything should look the same as it was.
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch replaces the fixFloat jQuery plugin with a new one: HC-sticky
(https://github.com/somewebmedia/hc-sticky). This plugin provides the
same functionality without the page-reflow problems fixFloat suffers
from.
To test, apply the patch and regenerate the staff client CSS. Test the
behavior of the floating toolbar on these pages:
- Acquisitions -> Vendor -> Vendor details
- Acquisitions -> Vendor -> View basket
- On both these pages, test toolbar behavior before and after
expanding the "Orders search" options at the top of the page.
- Administration -> System preferences
- Authorities -> Create or edit an authority
- Catalog -> Advanced search
- Search results
- Catalog -> Item search
- Cataloging -> Add or edit a record
- Open the plugin window for the 008 field
- Tools -> Label creator -> New label batch -> Add items -> Search ->
Results
- Patrons -> New patron
- Test before and after expanding the patron search options at the
top of the page
- Test editing a patron too
- Tools -> Automatic item modifications by age -> Edit
- Tools -> Notices & slips -> Edit
- Lists -> View list
Check that the About page has been updated with information about the
plugin.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Includes:
* code factorization
Some code from subscription & Mana-KB has been factorized in order to speed-up next developments
* SytemPreferences:
Mana Activation:
- add a value "no, let me think about it", that is the default value.
- as long as this value is selected, messages ask if user want to activate it ( in Administration and Add-subscription(page 2) )
AutoShareWithMana
- Add the syspref AutoShareWithMana: user can automatically share infos with Mana-KB (not set by default)
* Interface :
- On mana-search, rows are now sorted by date of last import, then by number of users
- Windows redesigned to improve the user experience
* New Feature : report a mistake.
- people can now report an invalid data (wrong, obsolete,...)
- if a data is reported as invalid many time, it will appear differently
- Added few tooltip (to explain the fields last import, nb of users, to explain the new feature)
- When reporting a data as invalid, a comment can also be added. Koha will then display comments related to data in result lists
* API (svc/mana)
- add svc/mana/addvaluetofield: allows to ask mana incrementing a field of a resource
- no hardcoding for resources in the code of api (api needs to be called with a ressourcename)
* New feature : SQL report sharing
- Create Koha::Report.pm and Koha::Reports.pm, objects class for Reports
- New feature: share reports with Mana-KB
- New feature: search report in Mana-KB with keywords
- New feature: load reports from Mana-KB
Test plan:
1 - Apply Patch + update database
2 - Copy the three lines about mana config in etc/koha-conf.xml in ../etc/koha-conf.xml (after <backupdir> for example)
<!-- URL of the mana KB server -->
<!-- alternative value http://mana-test.koha-community.org to query the test server -->
<mana_config>https://mana-kb.koha-community.org</mana_config>
3 - Check Mana syspref and AutoShareWithMana syspref are not activated
4 - Search the syspref ManaToken and follow the instructions
5 - subscriptions
- Try create a new subscription for a first serial => Mana-KB shouldn't show you anything (except if the base hase been filled)
- Share this serial with Mana-KB (on the serial individual's page there must be a Share button)
- Try to create a new subscription for serial nr1 => a message should appear when you click on "next", click on "use", the fields should automaticaly appear
- Activate AutoShareWithMana => Subscriptions
- Create a new subscription for a second serial
- There shouldn't be any Share button
- Create a second subscription => the message should appear, click again on use
6 - SQL Report
- Create a new SQL report, without notes.
- On the table with all report (reports > use saved), there should be the action "Share"
- If you click on share, you have an error message
- Create a new report, with a title and notes longer than 20 characters
- You can share it with mana => you will have a success message
- On (report > use saved), there must be a message inviting you to search on Mana-KB for more results, enter a few word from title, notes, type of the report you shared, it should appear. You can use it, it will load it into your report list.
7 - Report mistakes.
- On any table containing Mana-KB search results, you can report a mistake and add a comment.
8 - For each previous test, try to send wrong data, to delete the security token, to send nothing: it should show a correct warning message.
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Rebased-by: Alex Arnaud <alex.arnaud@biblibre.com> (2018-07-04)
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several administration templates to use the
Bootstrap grid instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags and "text/css" attributes from <style> tags in the
modified templates.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Administration -> MARC frameworks -> MARC structure -> Subfields
- View and edit subfields
- Administration -> Record matching rules
- View and edit record matching rules
- Administration -> OAI sets configuration
- View and edit OAI sets
- Define mappings for an OAI set
- Administration -> Patron attribute types
- View and edit patron attribute types
- Administration -> System preferences
- Administration -> Z39.50/SRU servers
- View and edit servers
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If we depend on the order, we should make it sortable.
I let the customization to someone else (we would need an icon to tell
the user it's sortable).
Something does not work here:
If fr-FR and fr-CA is installed, but only 1 is ticked, it will be
considered as last. I do not think it's a blocker as it does not make
really make sense to have it installed but not used (the interface is
also weird, there is a dropdown list with only 1 entry)
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client's system preferences templates so
that JavaScript is included in the footer instead of the
header.
To test, apply the patch and test the JavaScript-driven features of
both the standard and local use system preferences:
- WYSIWYG editor
- Confirmation messages
- Table sorting
- Multiple selects (CoceProviders for example)
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Works as outlined in test plan, search terms now appear at top as h1 as well
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Go to Admin -> search for a system preference
2) Notice your search stays in the search box (this is inconsistent with
search behaviour across Koha)
3) Apply patch and refresh page
4) Make another search
5) Confirm search still works as expected and search terms have been
cleared from search box
6) Confirm search terms show at the top of the results
Sponsored-by: Catalyst IT
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
System preferences do not display values of text fields properly if they
contain doulbe quotes.
To recreate:
- Go to Home > Administration > System preferences , then tab Acquisitions
- Enter values to both system preferences like proposed in the example (o=5|a="bar foo" and o=5|a="foo bar")
- Save
- Click on tab Acquisitions to reload
- Wrong result: Both preferences show a value of: o=5|a=
(parts with double quotes are truncated)
- Edit any of the email addresses (Bug 9814):
KohaAdminEmailAddress, NoticeBcc, ReplytoDefault, PayPalUser
- Set value to: "The Library" <thelibrary@example.com>
- Search for this email address syspref to re-display it
- Wrong result:
Use [ ] " autocomplete="off" /> as the email address for the
administrator of Koha.
To test:
- Apply patch
- Try to recreate issues above
- Additionally, edit other system preferences that could contain double
quotes, e.g. LibraryName or UsageStatsLibraryName
- Set value to: Bibliothek "Zur Leseratte"
(Note: patch contains a tiny fix for a typo in acquisitions.pref)
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There are several administration templates which still contain event
attributes. This patch move event definition to the JavaScript.
To test you must have the SMSSendDriver system preference set to
"Email." Apply the patch and go to Administration.
- In Global system preferences, change the value of any input or select
and then click the "Cancel" link for that section. After confirming
your choice, the page should reload with your changes reset.
- In Circulation and fine rules, edit any existing rule. In the editing
row, click the "Clear" button. The data for that rule should be
cleared.
- In Transport cost matrix, make any change to the matrix. Submitting
the form should work correctly.
- In MARC bibliographic framework, choose 'MARC structure' for any
framework.
- Checking or unchecking the 'Display only used tags/subfields'
checkbox should reload the page and change the display according to
your choice.
- In Did you mean?, make changes to the existing configuration.
- Clicking "Cancel" should reload the page and discard your changes.
- Clicking "Save configuration" should correcly save your changes.
- In SMS cellular providers, click to edit any existing provider.
Clicking the "Cancel" link should cancel the editing process and
return you to the list of providers.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch moves the JavaScript files in prog/en/js to prog/js.
JavaScript files do not need to be in the directory which is processed
by the translator.
To test, apply the patch and visit various pages in the staff client to
confirm that JavaScript files are still loading correctly.
Revised: I intended for this to be built on top of Bug 15883 as well as
Bug 16242. Now it is.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of 15883 and 16241
All seems to work, js files pulled from new dir.
No errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The staff client CSS is not language-specific, so it can be moved out of
the en/ directory and thus not be duplicated for every translation.
In order to be able to have a generic path to the YUI CSS files, the YUI
directory is moved by this patch to the staff client's lib/ directory.
To test, apply the patch and visit various pages in the staff client.
Look in particular at pages which include more than the standard CSS.
For example:
- The staff client login page.
- The staff client home page.
- Patron -> Set permissions.
- The advanced cataloging editor.
- Acquisitions -> Vendor -> Basket groups.
- Tools -> News -> Edit news.
- Administration -> System preferences.
Revised: I intended for this to be built on top of Bug 15883. Now it is.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of 15883
Works as described, all pages on test plan
No Errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the link 'return to where you were before' from
syspref search result page after failing search.
To test:
- Apply patch
- Go to System preferences in staff client, do a search
with something that does not exist
- Verify that a message pops up that does not contain the link.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
If a syspref description contains html tag, do not display them
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
To test:
1. Go to admin preferences, Acquisitions, Policy.
2. Find MarcFieldsToOrder and click "Click to Edit"
3. Notice that a "Click to collapse" button appears, click it.
4. Notice that the box has collapsed
This fix should be applicable to all "Click to Edit" textboxes
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Works well, and a nice improvement.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch adds a system preference "UseWYSIWYGinSystemPreferences" to the Staff Client tab.
By default, it is off, which means that the TinyMCE WYSIWYG editor won't be shown for system
preferences with a type of "htmlarea".
However, when it's on, it will show the editor for "Local Use" preferences with a "htmlarea"
type, and for other system preferences in the "Opac", "Circulation", and "Staff Client" tabs,
which I have re-assigned. (Basically, I grepped for HTML and changed the type for all
the system preferences I found except for "IntranetNav", "OpacCustomSearch", and "OPACSearchForTitleIn",
as a WYSIWYG editor would potentially break the output for these system preferences or
add no value to them...)
_TEST PLAN_
0) Run `perl installer/data/mysql/updatedatabase.pl` after setting your environmental variables
1) Check the Opac tab to make sure that the WYSIWYG is nowhere to be seen
2) Change the "UseWYSIWYGinSystemPreferences" preference in "Staff Client" to "Show"
3) Refresh the Opac tab and notice that many system preferences now have a WYSIWYG editor
4) Try typing some text into these fields
5) Note that it gets marked as "modified"
6) Save the preference, and refresh the page
7) Note that the content has been saved
8) Take a look at how it's rendered on the actual webpage!
Signed-off-by: Martin Persson <xarragon@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
