When a new patron registers, the confirmation page is displayed with
login details (login, password, cardnumber) and the login form is
prefilled.
In the case of public computer, for security reasons that should not
appear, patrons might forget to close the window.
Test plan:
1/ Set PatronSelfRegistrationPrefillForm on
2/ Register a new patron
=> The login details should not be displayed and the login form should
not be prefilled.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This new enhancement will add the ability to change the default holdings
sort on OPAC displays to be by library, instead of item type.
This patch adds a new pref OPACHoldingsDefaultSortField with 3 different
possible values:
- Item type
- Home library
- Holding library
Note that if OpacLocationBranchToDisplay is set not to display home libraries,
unexpected behaviors might happen if OPACHoldingsDefaultSortField is set to
"Home library", same for "Holding library".
Test plan:
- Confirm that the default value for OPACHoldingsDefaultSortField is
'first column' after executing the DB entry and that there is no
change in the behavior (first column is used to sort the holdings
table on the detail page).
- Set OpacLocationBranchToDisplay to both and play with the different
values of OPACHoldingsDefaultSortField
=> Confrm that the default column used to sort the table is correctly
changed
- Set the pref SeparateHoldings on
=> Confirm that both tables (Holdings and other holdings) are sorted using
the OPACHoldingsDefaultSortField value.
Sponsored-by: University of the Arts London
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This new enhancement will allow to add the name of lists containing a
biblio to the search results at the OPAC.
Test plan:
0/ Regenerate the css file to get the style change:
% lessc --clean-css="--s0 --advanced --compatibility=ie7"
koha-tmpl/opac-tmpl/bootstrap/less/opac.less >
koha-tmpl/opac-tmpl/bootstrap/css/opac.css
1/ Create some lists and add items to them
2/ On the search results you should see the name of the lists which
contains the record.
Note that we could add a syspref to make this new behavior optional.
Sponsored-by: University of the Arts London
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
TEST PLAN
1. THE CHECKOUT TAB, INTRANET
1.1. Add a value to the 'h' subfield of an item. ie: 'volume #42'
1.2. Check out the item to a patron
1.3. Display this patron's issues in his checkout page
1.3.1. The enumchron should be concatenated with the title
2. A PATRON'S RELATIVE, INTRANET + OPAC
1.1. Add somebody to a patron's guarantee list
1.2. Checkout a serial to this guarantee
1.3. Visit the guarantor's OPAC and INTRANET checkout page
1.3.1. You should see the enumchron in his guarantee's issues
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds newlines to opac-ics.tt that are preserved by the translating process.
To test:
- Apply patch
- Create a translation (perl translate xy-XY)
- With a text editor or poedit, translate misc/translator/po/xy-XY-opac-bootstrap.po
(it is enough to translate "%s %s %s %s is overdue %sYour copy of........")
- Install language xx-XY and select it for OPAC (perl translate install xy-XY)
- Make sure you have at least a couple of loans, including one overdue
- Go to /cgi-bin/koha/opac-user.pl and click on the link labeled "Download as
iCal/.ics file"
- Inspect the file in a text editor and/or view the result in a calendar
appplication. Make sure the data makes sense. Compare it to the english version.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
Verify that different values in 'CardnumberLength' system preference
display correctly in the self reigstration form
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
Enable self registration
Make sure cardnumber is not in
'PatronSelfRegistrationBorrowerUnwantedField'
Enter an invalid or used cardnumber
Submit form
Note errors appears correctly but cardnumber is not editable
Apply Patch
Enter an invalid or used cardnumber
Submit form
Note errors appears correctly and cardnumber is editable
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
At the OPAC, if a user manipulate the URL to show a list (s)he is not
allowed to view, the list's name will be displayed anyway.
Test plan:
- Create a private list with user A
- Copy the op=view URL and access it with user B logged in
=> Without this patch, you will see the rss icon, the list's name and
the "add list" button
=> Without this patch, only the "unauthorized" box will be displayed
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
On bug 17210, the selector .addtoshelf should not have caught the
.addtoshelf nodes from the result list.
To fix this, we just need to make the selector more specific (and cannot
reuse it without more changes, the biblionumber variable is not the same
- vs SEARCH_RESULT.biblionumber).
Test plan:
Make sure the 2 links (from detail and search result) "Save to lists"
and "Save to your lists" work as expected.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds the infrastructure needed to allow audio alerts, as
configured in administration, to affect the sco module
This patch allows only for the use of sounds with a full URL to be used
and does not allow for the Koha standard sounds to be accessed via the
SCO
To test:
Ensure you have the preference AudioAlerts enabled
Ensure you can hear normal sounds from the staff module
Define an audio alert such as:
Selector: .sco_entry
Sound: https://archive.org/download/Doorbell_1/doorbell.ogg
Load the SCO module
You should hear the doorbell noise (everytime you reload even!)
Test that the default sounds are not activated for the SCO, you must
sepcifically define them
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Currently a patron can select a home library in the list of all
libraries defined in the system.
However some of these libraries might not accept self registration.
This patch adds a new pref to display only the allowed libraries.
Test plan:
0/ Apply the patch, do not fill the new pref
1/ Self register a new patron
=> All the libraries defined should be displayed in the "Home library"
dropwdown list
2/ Fill the pref PatronSelfRegistrationLibraryList with some of the
branchcode defined in the system
=> Self register a new patron and confirm that the dropdown list has
been filtered.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Set the EnablePayPalOpacPayments syspref to Allow and the
PayPalSandboxMode to the appropriate mode
2) Go to OPAC fines
3) Confirm clicking the PayPal image link works the same before and
after the patch (opens pop up window)
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Edit: removing use of onclick
To test:
1) Log into OPAC, go to your tags
2) Click Delete
3) Confirm message should pop up
4) Ensure clicking Cancel works as expected, ensure clicking OK works as
expected
Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Removes template var csrf_error and associated handling.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Restested with opac and intranet: Still sends or dies elegantly..
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
No need to send OPACBaseURL to the template, if you load the Koha TT
plugin inside the template.
Test plan:
Send a few items in your cart from OPAC and intranet.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If you have no (valid) token, you will not be able to send the message.
Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
using the following URL:
/cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
This should now result in a csrf error.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Do an authority search. Notice that authorities not used by any records have a clickable link (under Biblio records) which redirects to a catalog search with no results
2) Go back to the authority search and click View full heading for an authority with no records. Notice that under the auth name, it says Number of records used in: 0, with a link to a catalog search
3) Apply patch
4) Repeat steps 1 and 2. Authorities not used in any records should no longer have clickable links nd authorities which have records should work as expected.
Sponsored-by: Catalyst IT
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Admin -> Global sysprefs
2) Turn on HTML5MediaEnabled and HTML5MediaYouTube
3) Go to Cataloging and create a new record
4) Catalogue a YouTube link in 856$u and save record. Do not add any items (click Normal tab)
5) Confirm that Play media tab is the selected tab by default
6) View record on OPAC and confirm Play media tab is selected by default
7) Go back to staff client, add an item then go back to Normal tab
8) Confirm that Holdings tab is now selected by default
9) Confirm Holdings tab is selected by default on OPAC
Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To avoid multiple registrations, it would be good to check the unicity
of the primary email address.
This patchset adds a new pref PatronSelfRegistrationEmailMustBeUnique.
If on, a patron will get "This email address already exists in our
database" if he try to register with an existing email address.
Test plan:
1/ Register a new patron with an email address
2/ Make an other registration using the same email address
=> With the pref PatronSelfRegistrationEmailMustBeUnique on, you won't be allowed
=> With the pref off, no change should be noticed.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described, no errors.
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
There is only one instance on onclick here, and that is the clear date
function.
To test, make sure clicking 'Clear date' next to Date of Birth works the
same before and after the patch.
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Four instances of onclick here:
1) Print
2) Save to your lists
3) Add to your cart
4) Remove from cart
To test:
Find a biblio detail page in OPAC and confirm all four events above work
as expected before and after the patch.
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
[1] Adds a check on biblionumber. (Prevents a DBIx error.)
[2] If you have a reviewid, search on that and check results.
Add an unauthorized error in template.
[3] If you add a new review, check that there is no review yet.
If so, edit the existing one.
This supports the added FIXME on a unique constraint.
Note: This script could receive further attention.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested all crud ops with opac-review.pl (incl URL manipulation).
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Paging is kind of messy here. This patch at least improves somewhat.
The page number should be rounded.
The results per page should be passed to the template too.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested a number of reviews and played with count parameter in URL.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The C4::Reviews::getreviews subroutine retrieved the reviews for a given
record, depending on their status.
This can be achieve with a call to Koha::Reviews->search.
There were 2 calls to this subroutine. The one from opac-ISBDdetail.pl
does not look in used: the reviews are not display on this page. It
certainly comes from an old copy/paste from opac-detail.pl.
The one from opac-detail only asked for the approved reviews. So the
logged in user does not see its own review if it is pending approval.
Actually this pending approval review is only displayed when the user
submits it (because of a unecessary complex text replacement done in
JS).
With this patch, the approved reviews AND the unaproved review from the
logged in user will be displayed.
It will allow a future enhancement to add a way to delete our own
reviews.
Moreover, the reviews were retrieved even if they were not displayed (if
reviewson is off), it's now fixed.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This is the fourth and last patch set to remove C4::Branch.
The real purpose of this patch is to standardise and refactor some code
which is related to the libraries selection/display.
Its unconfessed purpose is to remove the C4::Branch package.
Before this patch set, only 6 subroutines still existed in the C4::Branch
package:
- GetBranchName
- GetBranchesLoop
- mybranch
- onlymine
- GetBranches
- GetBranch
GetBranchName basically returns the branchname for a given branchcode.
The branchname is only used for a display purpose and we don't need to
retrieve it in package or pl scripts (unless for a few exceptions).
We have a `Branches` template plugin with a `GetName` method which does
exactly this job.
To achieve this removal, we will use this template plugin and delete the
GetBranchName from pl and pm files.
The `Branches.all()` will now select the library of the logged in user
if no `selected` parameter has been passed.
This new behavior could cause regressions, for instance there are some
places where we do not want an option preselected (batch item
modification for instance), keep that in mind when testing.
GetBranchesLoop took 3 parameters: $branch and $onlymine.
The first one was used to set a "selected" flag, for a display purpose:
select an option in the libraries dropdown lists.
The second one was useless: If not passed or set to 0, the
`C4::Branch::onlymine` subroutine was called.
This onlymine flag was use to know if the logged in user was able to see
other libraries infos.
A patron can see the infos from other libraries if IndependentBranches
is not set OR if he has the superlibrarian permission.
Prior to this patch set, the "onlymine test" was done on different
places (neworderempty.pl, additem.pl, holidays.pl, etc.), including the
Branches TT plugin. In this patch set, this test is only done on one
place (C4::Context::only_my_library, code moved from
C4::Branch::onlymine).
To accomplish the same job as this subroutine, we just need to call the
`Branches.all()` method from the `Branches` TT plugin. It already
accepts a `selected` parameter to set a flag on the option to select.
To avoid the repetitive
[% IF selected %]<option selected="selected">[% ELSE %]<option>[% END %]
pattern, a new `html_helpers` TT include file has been created, it
defines an `options_for_libraries` block, which takes a `selected`
parameter. We could imagine to use this include file for other
selects.
The 'mybranch` and `onlymine` subroutines of the C4::Branch package have
been moved to C4::Context. onlymine has been renamed with
only_my_library. There are only 4 occurrences of it, against 11 before
this patch set.
There 2 subroutines are Context-centric and it makes sense to put them
in `C4::Context` (at least it's the least worst place!)
GetBranches is the tricky part of this patch set: It retrieves all the
libraries, independently of the value of IndependentBranches.
To keep the same way as the existing calls of `Branches.all()`, I have
added a `unfiltered` parameter. If set, the `Branches.all()` will call
a usual Koha::Libraries->search method, otherwise
Koha::Libraries->search_filtered will be called. This new method will
check if the logged in user is allowed to see other libraries or only
its library.
Note that this `GetBranches` subroutine also created a `category` key:
it allowed to get the list of groups (of libraries) where this library
existed. Thanks to a previous patch set (bug 15295), this value was
not used anymore (I may have missed something!).
Note that the only use of `GetBranch` was buggy (see bug 15746).
Test plan (for the whole patch set):
The best way to test this whole patch set is to test with 2 instances: 1
with the patch set applied, 1 using master, to be sure there is no
regression.
It would be good to test the same with `IndependentBranches` and the
without `IndependentBranches`.
No difference should be found.
The tester must focus on the library dropdowns on as many forms as
possible.
You will notice changes in the order of the options: the libraries will
now be ordered by branchname (instead of branchcode in some places).
A special attention will be given to the following page:
- acqui/neworderempty.pl
- catalogue/search.pl
- members/members-home.pl (header?)
- opac/opac-topissues.pl
- tools/holidays.pl
- admin/branch_transfer_limits.pl
- admin/item_circulation_alerts.pl
- rotating_collections/transferCollection.pl
- suggestion/suggestion.pl
- tools/export.pl
Notes for QA:
- There are 2 FIXMEs in the patch set, I have kept the existing behavior,
but I am not sure it's the good one. Feel free to open a bug report and
I will fill a patch if you think it's not correct. Otherwise, remove the
FIXME lines in a follow-up patch.
- The whole patch set is huge and makes a lot of changes.
But it finally will tremendously reduce the number of lines:
716 insertions for 1910 deletions
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
- HTML5 input pattern for copyrightdate was not taking into an account
the database field type, which is smallint(5)
- added title="..." for the year field so the acceptable date format
should be displayed as a hint/tooltip in the browser
- added an missing option for configuring branch/library as mandatory
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds a configuration option which allows to define which
fields should be mandatory for a patron purchase suggestion form in OPAC.
Test plan:
1/ Apply patch.
2/ Play with the new OPACSuggestionMandatoryFields system preference
(select some fields as manadatory, select all, deselect all, try to
submit some suggestions with mandatory fields filled and/or not
filled etc.) to ensure that required fields (and only required fields)
are enforced in the browser to be filled.
3/ With all options deselected, 'Title' field should still be
mandatory (by default).
Signed-off-by: barbara johnson <barbara.johnson@bedfordtx.gov>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
opac-ics.pl was added to Koha back in 2007, but there has not been a link to it
from anywhere. This patch adds the link from the main view on
/cgi-bin/koha/opac-user.pl, and makes some changes to opac-ics.pl itself.
Changes to opac-ics.pl:
- Update the code to use date and time for when a loan is due
- Use dt_from_string to turn a MySQL time and date into a DateTime
- Add a timestamp and a UID (these were reported as necessary by a couple of
iCal validators)
- Remove DTEND from events, since we now have time as well as date for when a
loan is due
- For loans that are overdue, set the DTSTART to now(), to avoid creating
calendar events in the past
- Use a template to generate text strings, to make them translatable
To test:
- Apply the patch
- Make sure you have at least a couple of loans, including one overdue
- Go to /cgi-bin/koha/opac-user.pl and click on the link labeled "Download as
iCal/.ics file"
- Inspect the file in a text editor and/or view the result in a calendar
appplication. Make sure the data makes sense.
- Sign off and go thee merrily on thine way.
Update 2016-07-25
- Force date_due to UTC to avoid problematic timezone info like this:
DTSTART:TZID=Europe/Zurich:20160724T235900
- Remove quotes from summary and description
Followed test plan, koha.ics file successfully imported to Thunderbird calendar
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds a message to the patron home page in the OPAC to be
shown if the user is restricted because of a discharge.
To test, apply the patch and log into the OPAC as a patron who has been
discharged.
- You should see a message which says so, including a link to
the discharge notice.
- Log in to the OPAC as a patron with a manual restriction and confirm
that the correct notice is displayed.
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the OPAC display "Not renewable (on hold)" when
a hold is placed.
Test plan:
1) Do not apply patch.
2) Issue an item with automatic renewal.
3) Issue an item with manual renewal.
4) Place a hold on both items.
5) Log in as patron and note that the column "Renew" says "Automatic
renewal (x of y renewals remaining)" for the auto renewed item
and "(On hold) for the other item.
6) Apply patch.
7) Refresh OPAC and note that now "Not renewable (on hold)" is displayed
for both items.
8) Cancel the holds, then log in as patron again and confirm that the
correct renewal conditions are displayed.
Sponsored-by: Hochschule für Gesundheit (hsg), Germany
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Even if library groups/search domains are not defined in the system,
(empty) select for "Groups of libraries" under "Location and
availability" section in OPAC advanced search is still visible; it
shouldn't. Side effect of Bug 15295 - 'searchdomainloop' variable
in the template is now an object, it needs a different kind of statement
(.count) for checking if it's empty or not.
To test:
1) apply patch
2) when there are no groups of libraries defined in Administration ->
Libraries and Groups, "Groups of libraries" selection should be
no longer visible in OPAC adavanced search page
3) add library group or two: "Groups of libraries" selection should
reappear.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds some missing literary formats to the staff client and
OPAC's search results XSLT display.
To test you must have DisplayOPACiconsXSLT and DisplayIconsXSLT system
preferences enabled. XSLTResultsDisplay and OPACXSLTResultsDisplay
should be set to 'default.'
Perform searches in the staff client and the OPAC and confirm that the
following literary forms (defined in 008 position 33) display correctly:
Not fiction; Fiction; Dramas; Essays; Novels; Humor, satires, etc.;
Letters; Short stories; Mixed forms; Poetry; Speeches.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
POC, tests needed.
Alternative patch works for me.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In patron acount ("your personal details" tab, which serves as a form
for submitting update requests as well) it's not possible to display
some account details like expiration date etc., without enabling
the field for branch / library update requests too.
To reproduce:
1) set OPACPatronDetails to "Allow"
2) clear PatronSelfModificationBorrowerUnwantedField preference
- all possible fields in the update requests form are visible
in patron account, including some extra details (card number,
expiration date, category) in the "Library" section on top
3) put 'branchcode' in PatronSelfModificationBorrowerUnwantedField preference
4) the whole 'Library' section disappears
To test:
1) apply patch
2) put 'branchcode' in PatronSelfModificationBorrowerUnwantedField,
'Library' section should remain visible (sans branch selection option)
3) put 'branchcode|cardnumber|datexpiry|categorycode' in the same
preference, 'Library' section should now disappear
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When registering a new patron, if something went wrong, the form is
resent to the template but without the categorycode (not a dropdown list
anymore, but just displayed as a readonly value # TODO LATER).
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch replaces the hardcoded protocol ("http") from the URI with
https since that is what Google defacto uses to serve JS resources
Prevents MIXED CONTENT failure, allowing GoogleIndicTransliteration
to function correctly when used in SSLized OPACs.
Test plan
---------
1/ Make sure your OPAC is being served both over HTTP and HTTPS
2/ Set GoogleIndicTransliteration syspref to "Show"
3/ Access the OPAC over http, Google transliteration element will
show up in masthead searchbox.
4/ Access the OPAC over https. The element will not show. Console
will show MIXED CONTENT error and failure of google loader.
5/ Apply patch. Repeat steps #3 and #4 again. Now in both cases
GoogleIndicTransliteration will work.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To verify:
- Log in to OPAC as a user who has fines or credits
- Go to page "your fines"
- Verify that values for "Fine amount", "Amount outstanding"
and "Total due" are not formatted as defined in syspref CurrencyFormat
(e.g. for FR)
To test:
- Apply patch
- Repeat steps above
- Verify that values are formatted as appropriate with different
settings for syspref CurrencyFormat
Note: This patch does not force text alignment to the right.
Text alignement can be done using syspref OPACUserCSS
(td.sum, td.credit, td.debit)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
- for a particular item type & patron category, configure a non-zero
"no renewal before" date so items can't be immediately renewed
- sign in as a patron in aforementioned patron category
- check out an item of aforementioned item type
- go to your renewals page in OPAC /cgi-bin/koha/opac-user.pl
- an error messages appears in the div.alert.dialog up top
Sponsored-by: California College of the Arts
Signed-off-by: Brendon Ford <brendon.ford@manhattan.edu>
Signed-off-by: Irma Birchall <irma@calyx.net.au>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Playing with OPACResultsLibrary syspref, biblio with items having different
home/holding library are displayed properly.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When you search in the OPAC it shows you the HOME branch on the location
in XSLT, but if you click through to the detail page it shows you the
CURRENT BRANCH in the holdings table which is very confusing to patrons.
I don't know what's the right solution - home or holding branch, but they
should be the same in both places for the patron's sake. If you do the same
search in the staff client you see the right branch info on the search results
and on the detail page.
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Search the catalog, you search should include results with items
that have different home and holding libraries.
4) The results should look the same as before the patch
5) Change the system preference OPACResultsLibrary to "current location"
6) Refresh your page of search results
7) The results show now show the holding library instead of the home library
Signed-off-by: Barbara Walters <bwalters@ncrl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
empty HTML list item on 'holds' page, to test:
- sign in as user
- attempt to place hold
- view source in between 'holds note' textarea & <!-- ITEM HOLDS --> comment
- note empty <li>
- apply patch
- repeat process above up until patch
- no more empty <li>
Signed-off-by: Jason Robb <jrobb@sekls.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
At the OPAC there is no way to empty this value.
I think it should be allowed to empty it.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This subroutine just reads the content of a pref, split it, add an
empty string and returns.
It is not really useful and the code in the script (memberentry.pl) uses
the only occurrence of CGI::popup_menu
Let's remove it and build the dropdown list in the template.
Test plan:
1/ Empty BorrowersTitles, edit a patron and confirm that the "Salutation"
does not appear
2/ Fill BorrowersTitles with "Mr|Mrs|Miss|Ms", edit a patron and confirm
that the "Salutation" dropdown list is correctly filled.
The default option should be selected if you are editing a patron with a
title defined.
This should also be tested at the OPAC.
Followed test pan, works as expected in Staff and OPAC
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
Trigger
/opac-imageviewer.pl?biblionumber=14&imagenumber=7"><sCrIpT>alert(42)<%2fsCrIpT>
=> Without this patch you will see the JS alert
=> With this patch applied you won't see it
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Authority Search and do a search
2) Notice that there is a Full Heading column that has 'View full
heading' links. These take up a lot of space and don't mean a lot to
the user
3) Apply patch and refresh
4) Notice that the the Full Heading column is gone and there is now a
Details column next to the authorities. Confirm the link takes you to
the expected authority detail page.
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Add some course reserves
2 - View the table in staff and opac, there is no column for author or
link
3 - Apply patch
4 - You shoudl see these columns
5 - Link should contain item uri if present, fallback to title 856$u,
then be blank if niether
Sponsored by:
Southeastern Wisconsin Information Technology Exchange, Inc (SWITCH)
(http://caspian.switchinc.org/)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Might be good to add this table to the column visibility tool if you
plan to add more columns.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch fixes issues due to sentence splitting in
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt
Note: This is a string patch. It does not add or change functionallity.
To test:
- Examine code and verify that the text changes remove sentence splitting
and that the changes make sense.
- Log in to OPAC and verify that messages look correct
- with blocked /debarred user (with and without comment and date)
- with user who has to much fines (needs syspref OpacRenewalAllowed
and syspref OPACFineNoRenewals)
- with user who has his card marked as lost
- with user with an account that is about to expire
- with user with expired account
- with user with uncertain address information (with and without
syspref OPACPatronDetails set to Allow)
Note: Amended to make patch apply 2016-07-10 mv
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The authority search pagination displays only 15 pages, even when there
are more.
To fix that, this patch mimic the authorities-home.pl intranet script to
manage the pagination.
Test plan:
Without this patch, do some authority search and click on different
pages.
Apply this patch, redo the same search and make sure the same records
are displayed (i.e. confirm that the pagination still works as before).
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
TEST PLAN
---------
1) Apply Jonathan's test patch
2) prove t/db_dependent/Letters.t
-- dies before finishing tests
3) Apply second test patch
4) prove t/db_dependent/Letters.t
-- dies before finishing tests
-- 'addalert' is changed to 'getalert'
5) Log into OPAC with database admin user.
-- see error given in comment #0
6) Apply this patch
7) prove t/db_dependent/Letters.t
-- says 'getalert'
-- all tests pass.
8) Log into OPAC with database admin user.
-- logs in, but gives warning with a nice logout button.
9) run koha qa test tools.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
No kaha qa errors
In debian display diferent error:
Can't use an undefined value as an ARRAY reference at /usr/lib/perl5/DBI.pm line 2054.
Works as advertised
NOTE: Revised test plan, as Jonathan added useful test case.
Works as I've tested above.
Hector tested older test plan which was steps
5,6,8 and 9.
Revised test plan again while tweaking to address comment #9.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In authorities search results, UNIMARC flavour, linked headings are displayed
with a link type : BT, NT, UF, RT.
This patch adds a abbr tag around those acronyms to know there meaning :
BT = Broader Term
NT = Narrower Term
UF = Used For
RT = Related Term
Acronyms are used because there can be a lot of linked headings, using abbr
will display the complete text on mouse over.
Test plan :
- Use UNIMARC database
- Create an authority with :
250 $a Heading250a
450 $a Heading450a
550 $5 a $a Heading550a
550 $5 g $a Heading550g
550 $5 h $a Heading550h
- Save an index zebraqueue
- Go to intranet authorities search
- Search for "Heading250a"
- You see :
Heading250a
Heading250a
UF: Heading450a
RT: Heading550a ; BT: Heading550g ; NT: Heading550h
- Move your mouse over the acronyms, you see a tip with the complete text
- Same with opac authorities search
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Works as described. Translatable.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Barbara Walters <bwalters@ncrl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Define a number of MaxOpenSuggestions
2 - Add some suggestions for a patron
3 - Note they cannot add any more suggestions if limit is reached
4 - Delete a suggestion and note you can add another
5 - Add them to limit again
6 - Accept a suggestion in the staff client and note user can add more
7 - Repeat above with rejecting or deleting
8 - Sign off.
Sponsored by:
North Central Regional Library (http://ncrl.org/)
Signed-off-by: Barbara Walters <bwalters@ncrl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Alternate patch with wording as proposed in comment #12
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the same tests in the aoColumns DT definition than the
ones in the creation of the table. That's sound good.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Changes the value of the "comment" column in "borrower_debarments" table
from "Restriction added by overdues process yyyy-mm-dd hh:mm:ss" to
"OVERDUE_PROCESS yyyy-mm-dd hh:mm:ss" in the overdue_notices.pl. Then in
the templates "moremember.tt", "circulation.tt", "memberentrygen.tt",
"opac-reserve.tt" and "opac-user.tt" the value of "comment" is
check, if it's an automatical comment due to overdue process it'll
write "Restriction added by overdues process yyyy-mm-dd hh:mm:ss",
then if there is a customizable comment it will be written without
modification. Like this, the comment "Restriction added by overdues
process" is written in the po files and can be translated later.
To test:
1) create a patron with automatical restriction due to overdue process;
2) apply patch;
3) run misc/cronjobs/overdue_notices.pl;
4) verify if the comment "Restriction added by overdues process" is well
written and translatable on the following page :
- opac patron home page (opac-user.tt);
- opac item reservation page (opac-reserve.tt);
- pro patron page (moremember.tt);
- reservation item for a patron (circulation.tt, memberentrygen.tt);
5) try to translate the comment in po files;
6) sign off.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch changes course reserves to check for item notes form the
course reserve and fallback to itemlevel notes if they are empty
To test:
1 - Enabvle course reserves
2 - Add some items
3 - Make sure the items have notes at the item level and not at course
reserves
4 - Notes don't display in staff or opac
5 - Apply patch
6 - Notes display in staff and opac
7 - Add notes at course reserves level
8 - These override the item level notes
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The bug is related to 10851. Due to add of status in 10851, status added were
missing in opac-detail.tt and opac-full-serial-issues.tt. The patch just added
these missing status.
To test:
1) Create New subscription in Serials, in Intranet
2) Do a search of the new subscription by Title
3) Take Serial receive as Actions to edit the status to Missing (<something>)
4) Go to Opac and Search the subscription created, by its title and See missing status
5) Apply patch, status must be showed.
6) Sign off
Followed test plan, works as expected.
Amended to format commit title and message.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If an attacker can get an authenticated Koha user to visit their page
with the code below, they can update the victim's details to arbitrary
values.
Test plan:
Trigger
/cgi-bin/koha/opac-memberentry.pl?action=update&borrower_B_city=HACKED&borrower_firstname=KOHA&borrower_surname=test
=> Without this patch, the update will be done (or modification
request)
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)
Do some regression tests with this patch applied (Update patron infos)
QA note: I am not sure it's useful to create a digest of the DB pass,
but just in case...
Reported by Alex Middleton at Dionach.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Regression introduced by bug 13918: the library names are not displayed
anymore for holds in transit.
They are 2 warns in the logs:
No method wbrname! at
/home/koha/src/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt
line 603.
No method wbrcd! at
/home/koha/src/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt
line 603.
Test plan:
Make sure you have holds in transit and go the opac-user.pl
In the "Holds" tab, you should see "Item in transit to LIBRARY NAME"
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes splitting by <i>-tags from 2 sentences.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch fixes translatability issues in opac-auth.tt (ugly
translations caused by sentence splitting).
It was necessary to change indentation to make the the file more
readable and to make sure that changes have no side effects.
The changes do not touch the overall functionallity.
To test:
- Review code to verify that no functionality change is introduced
and to verify that the text changes make sense.
- Apply patch, verify that OPAC login page behaves as before.
UPDATE: Amended for comment #10 / mv
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch fixes two splitted sentences to avoid translation issues:
The entered <a href="#borrower_cardnumber">card number</a> is the wrong length.
The entered <a href="#borrower_cardnumber">card number</a> is already in use.
To test:
Apply patch and verify that html in the 2 that are changed is correct and that
they are not splitted by a-tags.
Note: I could not figure out under which conditions this code displays in
the OPAC self registration form.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
Confirm the wording is correct
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
Confirm that the opac-discharge.pl has now a title
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Holds that have expired have been untranslatable in Patron's Fines-tab. Also, they are
mixed with other type of fines with accounttype "F". This patch gives expired holds an
own accounttype "HE" (Hold Expired) and modifies the boraccount to recognize this new
accounttype in order to make it translatable.
To test:
1. Make a hold and let it expire
2. Go to Patron's Fines tab
3. Change Koha's language to some other than English
4. Observe that there is a "Hold waiting too long" fine described in English
5. Apply patch
6. Make another hold and let it expire
7. Update translations
8. Find "Hold waiting too long" from your .po file
9. Translate it and install translations
10. Go back to Fines tab and observe that the new expired hold is translated
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone
Reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
To test
1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="><script>alert('XSS')</SCRIPT>
2/ Notice JS is executed
3/ Apply patch
4/ Notice it's fixed
This bug reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Test plan:
- Create a list with the name "<script>alert(1)</script>"
- On the shelf list, click on share
=> Without this patch you will see the JS alert
=> With this patch applied you won't see it
Reported by Kaybee at Dionach
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch respect previous css classes
.authordates and .relatorcode but also include .titleportion
.authordates {display: none;}
.titleportion {display: none;}
.relatorcode {display: none;}
To test:
- Stage the two record attached with titles:
- Surface & coatings technology.
- Women crime writers.
- Reindex zebra (necessary to Opac and Itranet results)
- Leave empty the OPACUserCSS and IntranetUserCSS sysprefs
- Go to the new records in OPAC and Intranet detail page
- See the wrong display of dates
- Apply patch and refresh the page
- Test in OPACUserCSS and IntranetUserCSS the css stated before
- Play deleting or adding the classes
- Test with multiple records with 700 (with and without dates, etc;
710 and 711)
NOTE: dates in 710 and 711 can be hidden with .titleportion class;
dates in this kind of heading go with another data for example:
Catholic Church. Plenary Council of Baltimore (2nd : 1866)
Patch rebased some typos fixed in comments
Signed-off-by: Dani Elder <danielle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
Same as before for the intranet.
And please retest the OPAC => I have changed the filter's values to
match OPAC/intranet
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
- Make sure that syspref OnsiteCheckouts is enabled
- Log in to OPAC as a patron who has checkouts, online checkouts and checkout history enabled
- Go to 'your reading history' (in English)
- Display all three tabs
- Apply patch
- Reload page, display oll three tabs again, there should be no difference
- Examine source code changes to verify that the words 'checkout' and 'onsite' no longer
will be exposed to translation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch fixes issues with the translatability of opac-password-recovery.tt
To test:
- Apply patch
- Verify that text changes make sense.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This uses a hacky but simple method to get the correct script name under
proxied packaged Plack.
Test plan:
1) Log out of both the OPAC and staff side.
2) Try to access a page that requires login (opac-reserve.pl is a
good one for the OPAC), then log in.
3) You will be redirected back to mainpage.pl or opac-user.pl.
4) Repeat above for both staff side and OPAC.
5) Apply patch.
6) Repeat steps 1-4; you should be redirected back to the original
page you were on.
7) Repeat the above for both a traditional CGI and kohadevbox/package
Plack installation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
Confirm the wording is correct
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
See comment #17: Redirect to 404 in opac-discharge.pl and remove
message in template because with the redirect it will never be
reached.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
EDIT: Fix for OPAC side
EDIT: Comment 10
EDIT: Merge conflicts
To test:
1) Ensure syspref useDischarge is disabled
2) Go to /cgi-bin/koha/members/discharge.pl?borrowernumber=X&discharge=1
3) Validate that you are still able to generate a discharge slip for this patron
4) Apply patch and refresh page
5) Confirm that you are redirected to the circulation.pl page for the user and that an error message is there.
OPAC SIDE
6) Go to the OPAC
7) Go to /cgi-bin/koha/opac-discharge.pl
8) Confirm you get a message saying discharges are disabled
9) Go to /cgi-bin/koha/opac-discharge.pl?op=request
10) Confirm you see same message
Sponsored-by: Catalyst IT
Followed test plan, works as expected (both staff client and OPAC).
Re-tested, works OK.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch adds subtitle information to the display of titles in the
OPAC's shelf browser.
To test, apply the patch and make sure OPACShelfBrowser is enabled.
- View the detail page for any title in the OPAC which has items.
- Click the "Browse shelf" link next to any item in the holdings table.
- The titles in the shelf browser should display with all subtitle
information as defined in Keywords to MARC mapping.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Adding 245a and c as 'subtitle' in Keywords to Marc make them
show on shelf browser.
No errors.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
If the new pref is named EnhancedMessagingPreferencesOPAC, it will show
up adjacent to EnhancedMessagingPreferences
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
- Change the preference Enhancedmessagingpreference description.
- Enable default EnhancedMessagingPreferences and OPACEnhancedMessagingPreferences.
- not sent e-mail it's necessary, when user call opac-messaging.pl directly..
Testing:
I Apply the patch
II Run updatedatabase.pl
0) Search OPACEnhancedMessagingPreferences preference;
1) Validate "OPACEnhancedMessagingPreferences show patron messaging
setting on the OPAC (NOTE: EnhancedMessagingPreferences must be
enabled).";
2) Disable OPACEnhancedMessagingPreferences preference;
3) Enable EnhancedMessagingPreferences preference;
4) On the OPAC -> user's settings, validate "your messaging" is not
showed.
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Works as expected. With the new syspref, patrons can be forbidden to
modify themselves their own messaging preferences.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Also, I like sysprefs
http://www.quickmeme.com/img/d9/d99723bc544e8d33572dc92f242a6f6e2dbe0126a2e35fe3de073d30d62002e6.jpg
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
MSG_NO_RECORD_SELECTED declared two times
To test: Go to cart and list (virtual shelves) in OPAC and
verify if those pages work as expected
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Additionally fix typo in following files:
koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/opac.pref
koha-tmpl/opac-tmpl/bootstrap/en/modules/errors/errorpage.tt
To test: Apply patch, verify in files that authentification is
replaced by authentication
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by
sysprefs.sql and does not appear in updatedatabase.pl, we could easily
imagine that nobody uses it.
With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set. Otherwise you need to turn
the XSLT off. In this case you will see the images on the result list
(OPAC+Staff interfaces) and OPAC detail page, but not the Staff detail
page.
This patch suggests to remove completely this feature as it does not
work correctly.
The ability to assign an image to an authorised value is now always
displayed, but the image will only be displayed on the advanced search
if defined.
Test plan:
Confirm that the authorised value images are no longer visible at the
opac and the staff interfaces.
The prefs should have been removed too.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If a user is not logged in but requests a specific branch,
the RSS feed message fails to mention the branch.
TEST PLAN
---------
1) Apply first patch
2) go to OPAC's opac-main.pl?branch={some branch with specific news}
-- notice bad RSS message
3) Apply this patch
4) Repeat step 2
-- notice branch is properly shown.
5) koha qa test tools
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This fix changes the RSS link to reflect the URL paramter override.
This is less elegant than the existing solution which uses the
Branches TT module, perhaps there is a better way?
Sponsored-By: Halland County Library
Test plan:
* Follow instructions in the original patch but also check the
URLs and contents of the RSS link at the bottom the OPAC page.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The message on opac-memberentry does no longer apply.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Some libraries would like the ability to select the itemtype to request
when placing holds. For example, if a record has 3 copies of BookA and 3
copies of BookA in large print, this feature would allow a person to
place a hold on the record, but still be able to target only the Large
Print edition so that the first Large Print copy that becomes available
is targeted, rather than forcing the patron to select a particular copy
to hold.
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Create a record with items of two or more itemtypes
4) Place a record level hold on the record while choosing one particular
itemtype
5) Check in an item from the record that is not of that itemtype
6) Notee it is not trapped for the hold
7) Check in an item from the record that does match the selected itemtype
8) Note the item is trapped for the hold
Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 15044 added a new column to the suggestion table at the OPAC but
forgot to modify the DT params.
Test plan:
The suggestion table at the OPAC should not be broken with this patch.
NOTE: Sorting was broken prior to patch.
Sorting was fixed after patch.
The added null causes the field count to match up properly.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
When looking at the detail page for a bibliographic record, there are
tabs linking to the "Normal," "MARC," and "ISBD" views. These tabs need
to be styled responsively so that they work well at all browser widths.
This patch makes some slight markup changes to the templates and updates
the LESS files to add responsive styling.
This patch does not include the compiled CSS file, so the follow-up is
required to test the visual changes.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
To test:
1/ Do a search in the OPAC
2/ Restrict to only available items
3/ Notice the authors now appear bold
4/ Apply patch
5/ Refresh the page
6/ Authors should now look normal again
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Insert SCOUserCSS/JS 'after' OPACUserCSS/JS rather than 'instead of'
i.e. Remove IF/ELSE and use 2 IF
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
Currently if not logged in when browsing to
http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl
You are redirected to opac-auth.tt and SCOUserCSS and SCOUserJS are not
loaded. This page passes through a parameter to the template to indicate
this is an SCO login and appropriate CSS and JS should be loaded.
Additionally this patch ensure that when loggin in using the form you
are redirected to the sco-main.pl instead of the patron account page for
the user.
To test:
1 - Verify that normal login works on both staff and opac
2 - Verify that SCO link goes to login page if AutoSelfCheckAllowed is
set to "Don't allow"
3 - Enter changes into SCOUserJS and SCOUserCSS and observe these are
present on SCO log in page with AutoSelfCheck disabled
4 - Verify that a logged in opac user without permissions cannot access
the self-checkout module
5 - Verify that AutoSelfCheckAllowed and associated system preferences
function as expected
6 - Verify the AutoSelfCheck user is logged out if they attempt to visit
another page
Followed test plan.
If I go to http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl, CSS and JS trigger already on
the login form, I suppose that is intended.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
This patch reverts the changes made at the OPAC from the following
patches:
Do not include the antiClickjack legacy browser trick for greybox"
Revert "Bug 15111: Do not include the antiClickjack legacy browser trick for greybox"
This reverts commit fc640d2a86.
Revert "Bug 15111: Change X-Frame-Options with SAMEORIGIN"
This reverts commit fb167c0e4b.
Revert "Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks"
This reverts commit dc03bca76c.
Setting X-Frame-Options to SAMEORIGIN is enough for mordern browsers:
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
The antiClickjack trick should be removed at the OPAC as we want to keep
the OPAC usable even if the user has disabled JS.
That means the OPAC will be vulnerable to XFS if a user is navigating
with a prehistoric browser:
Firefox 3.6.9 September 2010
IE 8 March 2008
Opera 10.5 March 2010
Safari 4 February 2009
Chrome 4.1.… somewhen 2010
Test plan:
Confirm that there are no regression of bug 15111 with modern browsers
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
From C4::Koha::GetAuthorisedValues
# TODO: the "selected" feature should be replaced by a utility function
# somewhere else, it doesn't belong in here. For starters it makes
# caching much more complicated. Or just let the UI logic handle it, it's
# what it's for.
Indeed, it's not a job for a subroutine, the template should take care of that.
Note that a perf gain could be won with this patch \o/
Test plan:
- Edit an itemtype and check the value of the "Search category" dropdown list
- Edit a patron attribute type and check the value of the "Class" dropdown list
- Detail for a catalogue record, the Status column should be correctly
populated if items are damaged and/or lost
- Item details for a catalogue record, the lost, damaged and withdrawn
value should be correctly displayed
- Edit a patron, the "street type" should be correctly selected
- Create a patron attribute type linked to an authorised value list.
- Edit a patron, set a value for this attribute, edit it again. The
correct value should be selected.
- Search for subscriptions. The 'Location' dropdown list should behave
correctly (select the entry you have choosen before, etc.)
- Edit a subscription, the location dropdown list should select the
correct value.
- Edit and view a suggestion with a 'reason for suggestion' set (you
should have at least 1 OPAC_SUG AV defined)
Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Run Koha QA Test tools and discovered this failed because of tabs.
Rather than fail this and wait forever for it to get fixed, this
patches it, and I'll mark it as signed off anyways.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Test Plan (remains the same):
0) Back up your database
1) Apply all these patches
2) In your mysql client use your Koha database and execute:
> DELETE FROM systempreferences;
> SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
-- Should be no errors.
> SELECT * FROM systempreferences LIKE 'GoogleO%';
-- Should see 4 entries.
> QUIT;
3) Restore your database
4) Run ./installer/data/mysql/updatedatabase.pl;
5) In your mysql client use your Koha database and execute:
> SELECT * FROM systempreferences LIKE 'GoogleO%';
-- Should see the same 4 entries.
6) Log into the staff client
7) Home -> Koha administration -> Global system preferences
8) -> OPAC
-- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
9) -> Administration
-- There should be a 'Google OAuth2' section with the ability
to set those 4 system preferences.
10) In a new tab, go to https://console.developers.google.com/project
11) Click 'Create Project'
12) Type in a project name that won't freak users out, like your
library name (e.g. South Pole Library).
13) Click the 'Create' button.
14) Click the 'APIs & auth' in the left frame.
15) Click 'Credentials'
16) Click 'Create new Client ID'
17) Select 'Web application' and click 'Configure consent screen'.
18) Select the Email Address.
19) Put it a meaningful string into the Product Name
(e.g. South Pole Library Authentication)
20) Fill in the other fields as desired (or not)
21) Click 'Save'
22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
(http://library.yourDNS.org)
23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
googleoauth2 script
(http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleopenidconnect)
24) Click 'Create Client ID'
25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
system preference.
26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
system preference.
27) Change the GoogleOpenIDConnect preference to 'Use'.
28) Click 'Save all Administration preferences'
29) In the OPAC, click 'Log in to your account'.
-- You should get a confirmation request, if you are
already logged in, OR a login screen if you are not.
-- You need to have the primary email address set to one
authenticated by Google in order to log in.
30) Run koha qa test tools
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
- t/db_dependent/ILSDI_Services.t was failing for me as I had
issues in my database, fixed with another delete line
- QA tools found a typo - comparision
- Added documentation of the new parameter to the ilsdi.pl page
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch prevents bypassing the self check timeout with the print dialog.
To test:
- Set syspref 'WebVasedSelfCheck' to 'Enable'
- Set syspref 'SelfCheckoutReceivePrompt' to 'Show'
- Set syspref 'SelfCheckTimeout' to 20 seconds
- Apply patch
- Go to SCO page (/cgi-bin/koha/sco/sco-main.pl)
- Enter card number
- Click 'Finish'. Dialog "Would you like to pritn a receipt?' appears.
- Confirm printing without waiting 20 seconds
=> Result: Print slip, SCO page shows 'Please enter your card number'
- Enter card number again
- Click 'Finish'. Dialog "Would you like to pritn a receipt?' appears.
- Wait > 20 seconds (value of SelfCheckTimeout) and then confirm.
=> Result: Message appears "Timeout while waiting for print confirmation"
- Click on OK.
=> Result: Self checkout page refreshes (shows 'Please enter your card number')
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=11497
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch fixes a bug introduced by bug 14544.
Holds can not be placed from lists at the OPAC, the action results in a
crash:
Can't call method "field" on an undefined value at
/home/koha/src/C4/Items.pm line 1504.
at /home/koha/src/opac/opac-reserve.pl line 601
Before 14544, the checkboxes were named 'ACT-$BIBNUM', something like
REM-4242. Now we can retrieve the biblionumber from the value.
Test plan:
Select a public list
check some titles and click on the 'Place hold' link
you should able to process the reservation
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch add display link in XSLT for field 264/bug 14198 and reflect the
Zebra index 'Provider' in detail page for OPAC screen.
To test: follow previous test plan
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Same test plan as previous patch, but for opac defail and result using
the XSLT views.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
I am amazed!
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
to test...
1/ set TrackClicks syspref to 'track'
2/ add a problematic multipart url to an item's 'url' field
example url: http://foo.corg?key1=val1&key2=val2
3/ test url in opac-detail.pl - url is corrupt
4/ apply patch - url is corrct
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Only fixes the item URLs - a follow-up for the URLs
in the bibliographic record (856 for MARC21) is still
needed.
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To test:
1 - Enable Syndetics Reviews without a LibraryThing ID
2 - Check page source and note you have a stanza for LTFL tabbed reveiws
3 - Apply patch
4 - Reload page and note LTFL tabbed reviews are not present
5 - Enter a LibraryThing ID and not the tab is restored.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To reproduce:
- Add multiple subfields 856 u to a bilbio
- Add this biblio to a cart and send it as mail
(from Staff client and from OPAC)
Result: Links in mail body are broken
To test
- Apply patch
- Send carts again (from Staff client and from OPAC)
- Result: In mail body, links display separated with blank-pipe-blank
like http://bla.com | http://blabla.com | http://blablabla.com
- Change one of the 856 u to not to be a link, e.g. äöü
- Send carts again
- Verify that in mail body äöü correctly display as text.
(Amended to make it work for OPAC as well, MV)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch rearranges some parts of the OPAC detail page template so
that the "add tag" link does not appear if the user is not logged in.
This patch also includes some whitespace changes, so please diff
accordingly.
To test, apply the patch and set "TagsEnabled" to "Allow."
- With "TagsInputOnDetail" set to "Allow," view the detail page for a
bibliographic record in the OPAC when /not/ logged in. You should see
a "Log in to add tags" link which triggers the login modal when
clicked.
- Log in and view the same page. Confirm that there is now an "Add
tag(s)" link which triggers the add tags form. Confirm that the
behavior of the add tags form is still correct.
- With "TagsInputOnDetail" set to "Don't allow" view the detail page
again and verify that the "Log in to add tags" link doesn't appear
when not logged in, and the "Add tags" link doesn't appear when logged
in.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To test:
1) Log in to OPAC, go to your purchase suggestions (opac-suggestions.pl)
2) Confirm there is now a 'Suggested on' column displaying the date of your past suggestions
3) Add a new purchase suggestion and confirm that the date displayed is correct
Sponsored-by: Catalyst IT
Signed-off-by: Marjorie <marjorie.barry-vila@ccsr.qc.ca>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
If you click on a link that opens a new tab/window to another site, that tab
has access to the original window through JavaScript. The browsing context is
related, even if the domains are totally different.
The tab retains access to the original window's object via window.opener, even
if you navigate to another page or domain, in the new or original window.
Access to the Window object means the new window can use Window.location to
open a different URL in the original window, perfect for phishing attacks.
Depending on the site's Same-Origin Policy settings, the new window may have
access to other parts of the original window's DOM as well.
Any 'A HREF' that contains a target of of '_blank' or '_new' or a fixed name
is vulnerable. Previous security best practice often suggested creating a random
fixed name for an unpredictable namespace - that won't help with this problem!
Targets of '_self' and '_parent' are safe.
We do not use _new (at first glance) but several _blank. Some are used
to refer internal url, we do not need to update or remove them. Others
are used to satisfy OPACURLOpenInNewWindow, in these case, we should add
the rel="noreferrer" attribute to the a tags.
In other cases, we can simply remove them and let the users discover
that a mouse has more than one button (we are in 2016, they can do it!)
Signed-off-by: Chris <chrisc@catalyst.net.nz>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Most of the scripts called via greybox (which uses iframe) don't include
doc-head-close. But some do.
This patch adds a popup parameter for these templates, not to include
the legacy browser trick and avoid the replacement of the location.
Test plan:
1/ Export patroncard and label
2/ translate itemtypes
3/ click on a idref link at the OPAC
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Web pages that can be embedded in frames are vulnerable to cross-frame
scripting attacks. Cross-frame scripting is a type of phishing attack
that involves instructions to an unsuspecting user to follow a specific
link to update confidential information in an online application.
Because the link leads to a legitimate page from the online application
that is embedded in a frame hosted by the attackers' server, the
attackers can capture all the information that the user enters.
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
A simple regex is added to the basket and detail templates to select the
URLs passed separately from MARC21 555$u by GetMarcNotes. Note that the
regex tests if a note starts with http:// or https:// and does not contain
any whitespace in order to be considered as a url.
These URLs are put in an anchor tag.
This touches four places:
[1] opac detail, tab title notes
[2] catalogue detail, tab Descriptions
[3] opac basket, more details, notes
[4] staff basket, more details, notes
Test plan:
[1] Edit a record. Add a 500$a, 555$a and a URL in 555$u.
Put "http://this is not a url" in the 500$a (whitespace!).
[2] Check opac-detail, tab Title Notes. Check the URL.
[3] Do the same for catalogue/detail.
[4] Add record to cart in OPAC. Open basket. Check More details.
[5] Repeat previous step in staff.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This subroutine just retrieved the messages given some parameters.
Some job should not have been done in this subroutine.
It was called only 3 times, in circ/circulation.pl and opac-user.pl.
Basically it was used to retrieved the message to displaye for a given
patron ($borrowernumber) at the OPAC (B) or Staff (L).
For the 3 calls, the 2 parameters $borrowernumber and $type
(message_type) were passed, the "%" trick at the beginning of the
subroutine was useless.
Moreover, the date formatting should be done on the TT side, not in
subroutine.
The can_delete flag was set if the branchcode given in parameter was the
same as the one of the message. This has been delegated to the template.
Indeed the can_delete was not valid, since it must depend on the
AllowAllMessageDeletion pref.
The test is now:
IF message.branchcode == branch OR
Koha.Preference('AllowAllMessageDeletion'')
There is not specific test plan for this patch, the changes have already
been tested in previous patches.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This would be incorrectly hidden when autoMemberNum is on.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Test plan:
1. Open OPAC self-registration page while logged out.
2. Note that cardnumber and categorycode are not shown.
3. Remove cardnumber and categorycode from
PatronSelfRegistrationBorrowerUnwantedField.
4. Enable autoMemberNum.
5. Reload self-registration page, note that categorycode now shows.
6. Disable autoMemberNum.
7. Reload self-registration page, note that cardnumber now shows.
8. Try saving a patron with an existing cardnumber; this should fail
and explain why.
9. Set CardnumberLength, and verify that those length restrictions are
enforced.
10. Verify that patron can be created with custom categorycode and
cardnumber.
Signed-off-by: Michael Sauers <msauers@dospace.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Added new systempreference OpacMaintenanceNotice.
When OpacMaintenance is ON the HTML contents of OpacMaintenanceNotice will
be displayed.
Enabling OpacMaintenance is all that is required to enable this preference.
If OpacMaintenanceNotice is undefined, the default (original) notice will
appear when OpacMaintenance is enabled.
To test:
- Enable OpacMaintenance systempreference
- Observe the default maintenance message when OPAC is viewed
- Edit OpacMaintenanceNotice systempreference, adding custom HTML
- Observe the custom HTML appear on the opac
- Remove OpacMaintenanceNotice (mindful of orphaned spaces etc.)
- Observe the default opac notice appears in the opac
- Disable OpacMaintenance
- Observce opac is back online
Moving code to atomic update and fixing merge conflict
NOTE: Accounted for an SQL typo and autoescaping of the template.
If someone else could test this, then I would be fine with
marking it signed off.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch switches from UNLESS MARC21 to IF UNIMARC - this way changes
apply to MARC21 and NORMARC and UNIMARC remains unaffected
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Go to Administration->Keyword to MARC mapping
2 - Add a mapping (or ensure it exists)
Field name: subtitle
MARC field: 245
MARC subfield: b
3 - View a record with a subtitle in the opac
4 - Note in MARC 21 you have "Title of record:, subtitle of record"
5 - Apply patch
6 - View the record again and note the comma is no longer present.
Note: this patch removes the comma only for MARC21 where subtitle is not
repeatable. UNIMARC seems to be repeatable and does not include
punctuation so I believe this may be needed there.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as described. Comma removed from title of the window and breadcrumb
section
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Make captcha visible even if password field is hidden
Remove password confirmation field before submitting modification
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
1) "Contact information" should be "Password"
2) Don't pass sysprefs from the script to the template, use Koha.Preference()
3) minPasswordLength is optional, we cannot always assume it is set
4) Password field when does not follow convention completely when mandatory
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch allows patrons to create thier own password during OPAC self
registration. It sets the password field to be hidden by default, and
allows for a system generated password if no password is supplied and
field is not mandatory
1 - Apply patch
2 - run updatedatabase.pl
3 - Check syspref "PatronSelfRegistrationBorrowerUnwantedField" - it
should contain 'password'
4 - Check self registration on opac - there should be no change
5 - Remove 'password' from PatronSelfRegistrationBorrowerUnwantedField
6 - Password field should now be visible in OPAC self registration
7 - Register a patron: If no passwor is supplied you should get a system
generated password
8 - Register a patron with a password, your password should be used
9 - Add 'password' to PatronSelfRegistrationBorrowerMnadatoryField
10 - Attempt to register a patron with no password - it should fail
11 - Try all combinations if mismatched/short/missing passwords and view
correct error messages
12 - prove t/db_dependent/Members.t
Sponsored by : Do Space (www.dospace.org)
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
If you enable AllowHoldDateInFuture (and its OPAC variant), you get
an additional "Hold starts on date". In that field and in "Hold not
needed after" it was not possible to enter the current date.
Although it does not really make any difference if you leave the startdate
empty or put the current date in it, we concluded that it still makes
a psychological difference. Some patrons were confused when placing a
hold because the first date to select was tomorrow. Instead of telling
them "Yes, but you can leave it empty", we should just allow the current
date as well.
The expiration date ("not needed after") also started on tomorrow. (This
field can really be empty.) But there is actually no reason not to allow
today here too. If the patron only wants it today, why force tomorrow?
How is this arranged? Well, this is one of the simplest Koha patches ever
written. It only changes the minDate option of both date pickers in one
line from 1 to 0.
Test plan:
[1] Allow future hold dates via systempreferences.
[2] Verify that you can enter today in both fields.
[3] Put today in start and expiration date. Place the hold and verify that
you can confirm the hold, check out and check in again.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch changes the order of the name fields and adds a span class around
each in case of library wanting to customize further
To test:
1 - Enable course reserves
2 - Add some courses with instrcutors
3 - Note they are of form "Firstname Surname"
4 - Apply patch
5 - Note the change
6 - Note span tags
7 - Note you can hide firstname by adding to intranet user js: $(".instr_firstname, instr_separator").hide();
Sing-off note: This patch displays the names as advertised on cgi-bin/koha/opac-course-reserves.pl Sorting
the names would need some more actions but seems not to be intended by this patch.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Test plan:
1/ At the opac, go on the the list home page (opac-shelves.pl)
2/ Click on 'new list', create a list and save
=> You should be redirect to the list
3/ Click on edit, save
=> You should be redirect to the list
4/ Delete the list
=> You should be redirect to the list
5/ Edit a list from the list view, save
=> You should be redirect to the list
6/ Click on a list link (op=view)
7/ Edit the list, save
=> You should be redirect to the 'show' view
8/ Delete list
=> You should be redirect to the list
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Nearly all cellular providers allow a person to send an text message to a cellular
phone by sending an email to phonenumber@provider. We can leverage this capability
to add the ability for Koha to send sms messages to patrons without the need to
subscribe to an sms gateway server.
Basic plan:
1. Add a table sms_providers to the db to tell Koha what service providers are available, and what domain emails should be sent to.
2. Add borrowers.sms_provider_id to tell Koha which mobile service the patron subscribes to for the number given in smsalertnumber
3. Modify Koha to send an email rather than using SMS::Send if the driver is set to 'Email'
Test plan:
0) Get a mobile phone
1) Apply the patch
2) Run updatedatabase.pl
3) Set the value of SMSSendDriver to 'Email'
4) Go to the admin page, the "Additional parameters" area should now have the link "SMS cellular providers"
5) On this page, add some providers. Make sure to add the provider for your own cellular phone service.
Here are some examples:
Sprint phonenumber@messaging.sprintpcs.com
Verizon phonenumber@vtext.com
T-Mobile phonenumber@tmomail.net
AT&T phonenumber@txt.att.net
Only add the domain part in the 'domain' field. So for Verizon, that would be 'vtext.com'
6) Create an account for yourself, add your SMS number, and select your provider from the dropdown box directly below it.
7) Enable SMS messaging for Item check-in and Item checkout
8) Check out an item to yourself
9) Run process_message_queue.pl
10) Wait! You should receive a text message shortly, when I tested it, I received my sms message within the minute.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Apply patch
2) Run updatedatabase.pl
3) Go to advanced search in Staff Client (ie /cgi-bin/koha/catalogue/search.pl)
4) Confirm that it says 'Non-fiction' in the 'Any content' drop-down menu under 'Subtype limits'
5) Go to item search (ie /cgi-bin/koha/catalogue/itemsearch.pl)
6) Confirm that it says 'Non-fiction' under 'Collection code'
7) Go to advanced search in OPAC (ie /cgi-bin/koha/opac-search.pl) and click 'More options'
8) Confirm that it says 'Non-fiction' in the 'Content' drop-down menu
9) Go to the details page for a non-fiction book in the OPAC (ie /cgi-bin/koha/opac-detail.pl?biblionumber=2) and click 'Holdings' tab
10) Confirm that it says 'Non-fiction' under 'Collection' heading
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
On editing biblios or items, the marc_lib, marc_value and javascript
values are often populated with html code which needs to be displayed
raw.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
This followup on top of remote branch
Only remove tabs and trailing spaces to make koha-qa pass
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
