Even if a library allows returns of lost items, the SIP server returns the error message "Item lost, return not allowed" if the checkin was not ok for any reason other than it being withdrawn ( and withdrawn items not being returnable ).
The most clear example of this is that when a lost item is not checked out to a patron and is returned. SIP returns that message even though lost items *can* be returned. The actual problem being that the item was not checked out.
Test Plan:
1) Ensure you can return lost items
2) Mark an item as lost
3) Check it in via SIP
4) Note the message you get back is "Item lost, return not allowed"
5) Apply this patch
6) Restart your SIP server
7) Repeat steps 2 and 3
8) Note you no longer get the incorrect message!
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This follow-up removes the tests for the presence and validity of the
spanish translated notices.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
A rebase lost the fall through for TransferTrigger as a message. This
patch simply adds back in the dropped elsif statement.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Pre-patch
1 - Go to the main Authorities page, search for any authority, click
the Actions menubutton and choose Edit
2 - Note the button saying Z39.50 search
3 - Note the modal alert forcing you to click it
4 - Cancel and cancel again, and in the New authority menubutton choose
Default
5 - Click the button saying Z39.50 search again, note that it warns you
about replacing your totally blank record
Apply this patch
6 - Edit an existing authority, note the button says "Replace record via
Z39.50/SRU search"
2 - Click the button, verify it still opens the search window with the
main entry of the record filled in without an alert
3 - Create a new authority, note the button says "Z39.50/SRU search"
4 - Click the button, verify it still opens the search window but
without an alert
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Some digging revealed that when you create a new framework
and use an old framework as the base, some information would
not be copied to the new framework as they were missing from
the SQL command used here.
- Tag: Important
- Subfield:
- Important
- Default value
- Max length
- Is a URL
- Link
To test:
- Pick one of the existing frameworks and change the
fields listed above. Take note of what you changed.
- Create a new framework
- Go to "Marc structure" of the new framework
- You are offered the option to copy an existing framework
- Use your prepared framework
- Verify the fields weren't copied - your config was lost
- Apply patch
- Create another new framework
- Repeat the duplication and tests
- Verify that now all fields have been copied correctly
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When viewing a patron if you click the 'Modification log' tab you are presetned with both their circulation and members logs:
https://staff.arcadiapl.bywatersolutions.com/cgi-bin/koha/tools/viewlog.pl?do_it=1&modules=MEMBERS&modules=CIRCULATION&object=152309&src=circ
However, in bug 19791 the modules were locked to 'MEMBERS' if the src=circ
We need to add CIRCULATION in as well
Test plan:
For master follow the test plan on bug 25250.
Bug 24982 is not in stable branch, so test plan for stable branches:
1. Modify a patron, add them a fine, and do a checkout
2. Click the "Modification logs"
=> You see the Patrons and Circulation logs
3. Click submit
=> You see all patron logs only
4. Apply this patch
5. Click the "Modification logs"
=> You see the Patrons and Circulation logs
6. Click submit
=> You see the Patrons and Circulation logs
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
If we are coming from the "Modification logs" of the patron module we
should not disable the checkboxes (that are not visible).
Otherwise the logs are not longer filtered and all are visible.
Test plan:
0. Don't apply this patch
1. Modify a patron, add them a fine, and do a checkout
2. Click the "Modification logs"
=> You see the Patrons and Circulation logs
3. Click submit
=> You see all the logs (KO)
4. Apply this patch
5. Click the "Modification logs"
=> You see the Patrons and Circulation logs
6. Click submit
=> You see the Patrons only (KO)
7. Apply the patch from bug 25249
8. Click the "Modification logs"
=> You see the Patrons and Circulation logs
9. Click submit
=> You see the Patrons and Circulation logs (OK!)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This reverts commit 80f1374f26.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
- save and run this sql query in reports: select sum(if(issues is null,1,0)),sum(if(issues=0,1,0)) from items
- you should see a lot of nulls and no zeros
- apply patch
- updatedatabase
- re-run your query and see that your nulls have changed to zeros
- create a new item
- rerun your query and see your new item is counted in the zeros, not the nulls
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Adds regex to the split() of the passed parameters to improve searching.
Test plan
1. Go to Course Reserves module.
2. Press New course button.
3. Make active the instructor search box.
4. Start typing the last name of a patron that exists in your database.
5. At the end of the last name type ", " and try to add a first name.
6. The search should fail.
7. Apply the patch.
8. Follow steps 1-5 again.
9. You should now be able to search using the following methods
9a. surname, firstname
9b. firstname surname
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When a patron is added or modified and a warning appears (duplicate,
inconsistent data, etc.) the form lost the patron's attributes.
Test plan:
Create some attribute types for patrons
Create a new patron, use an userid that already exists and fill the attributes
=> You get a warning and the attributes are kept
Modify the userid and save again
Edit the same patron
Modify the attributes, as well as the userid (to get the duplicate warning)
=> You get a warning and the attributes are kept with the modified
values
Modify the userid and save again
=> The new values are saved
Edit the attributes from the detail page (so not with the full edit form)
Modify them and save
=> The new values are saved
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes the staff client XSLT stylesheets consistent with the
ones for the OPAC, it also makes consitent the use of 'Text' when the leader6 = 't'
TO TEST:
1. Have a record with leader06 = 'a' and leader07 = 'c' 'd' or 'm'.
2. Check the staff client results and details page. See that the
material type label says "Book"
3. Check the OPAC client results and details page. See that the
materila type label says "Text"
4. Apply patch.
5. See that both staff client and OPAC results/details all now say
"Text"
6. Set the leader6 = 't' and make sure that is says 'Text' on both the
staff client and OPAC
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds missing "btn" classes to the OPAC share button so that
its style is consistent with similar controls.
The patch also makes some general changes to the OPAC CSS to make sure
link color and hover color are applied with enough specificity. This
corrects the hover color of the share button but should not change any
other existing style.
To test you should have the OpacAllowSharingPrivateLists preference
enabled.
- Rebuild the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Log in to the OPAC as a user with one or more private lists.
- Go to Lists -> Your lists.
- In the list of lists there should be a "Share" link for each list.
Hovering your mouse pointer over the link should change the style in
the same way the "Edit" link does.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds a Font Awesome icon to the "Share" links on the list of
lists in the OPAC.
To test, apply the patch and log in to the OPAC as a user who has one
or more private lists.
- Go to Lists -> Your lists
- In the table of your lists, each list should have a "Share" link
with an icon.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
TO TEST:
1. Turn on OpenLibrarySearch
2. Do an OPAC search that returns results that have results with Open Library results and some that do not.
3. Notice results that return nothing simpliy say "Open Library:" with nothing afterwards.
4. Some results return a png from OpenLibrary or "Not found"
5. Apply patch and look at records again.
6. The results that return nothing for OpenLibrary API should now to hidden.
Signed-off-by: Heather Hernandez <heather_hernandez@nps.gov>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch tweaks the OpacPublic system preference description so users
don't expect, incorrectly, this syspref to disable the public API
anonymous access.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch introduces a check on the authenticate_api_request method for
the RESTPublicAnonymousRequests system preference. If disabled,
anonymous requests get rejected.
The idea is to replicate the homologous OpacPublic system preference
behaviour.
To test:
1. Apply the Unit tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t
=> FAIL: Tests fail, 200 is answered instead of 401 on the route.
3. Apply this patch
4. Repeat 2.
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds a route to get bibliographic records without privileged
access. This needs to match the OPAC expected behaviour.
Some things were considered on the implementation:
- The ViewPolicy filter that hides/shows things based on the frameworks
needded to be used, as in the OPAC.
- OpacHiddenItems and OpacHiddenItemsExceptions need to be considered
for hiding records the same way the OPAC is expected to.
- Avoid using OpacHiddenItemsExceptions, but rely on the patron category
instead (use Koha::Patron::Category->override_hidden_items abstraction
is used instead so it should keep working once 22547 is moved
forward).
- Tests should cover all the use cases:
* logged in user
* anonymous user
* logged in with category that overrides
* logged in with category that doesn't override
This is all implemented on the tests.
To test:
1. Apply the tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/biblios.t
=> FAIL: Route not implemented
3. Apply the rest of the patches
4. Repeat 2
=> SUCCESS: Tests pass!
5. Try it with your favourite API tool (Postman?)
6. Sign off :-D
Note: please notice there isn't a default fallback behaviour for when
you don't specify the Accept header, so testing this on a regular
browser will just print the accepted mime types instead of the record
itself.
To test this with a tool (like Postman) you should enable
RESTBasicAuthe and make the tool use Basic authentication with valid
credentials. And you need to specify any of the following strings on the
Accept header:
- application/marcxml+xml
- application/marc-in-json
- application/marc
- text/plain
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This is the same fix as on bug 14662, which fixed the behaviour in
cataloguing, but for the item form in acquisitions.
The code assumes that if a subfield is marked as mandatory, there
should be no empty entry in the pull downs.
This assumption is not correct, as it leads to the first entry of the
pull down being preselected if there is no default set. As the field
can never be 'unset', there will never be a 'required' warning.
Furthermore, it might be counterproductive to use mandatory fields,
as it might be easily forgotten to change the preselected value and
those mistakes will be hard to find.
Correct behaviour would be to preselect the empty value when there is
no default. This means on saving the item an error message is triggered
and the cataloger is forced to set the value.
To test:
- This is best tested with an ACQ framework, but default can be used
when no ACQ framework was created.
- In your MARC bibliographic framework:
- In 952 make itemtype, classification source and some other pull downs
like location or collection mandatory and set them to visibel if needed
- Create a new basket with 'items created while ordering'
- Add a new order, an existing record with 942$c set will work best
- Add items for your order line
- Verify that the first value of each pull down is preselected,
there is no way to trigger the 'required' error
- Apply patch
- Add a new order line
- Verify that classification source is preselected according to the
DefaultClassificationSource system preference (try unsetting it later)
- Verify all mandatory fields can be set to empty
- Verify that you can't save before correctly setting them
- Change your frameworks and set a default for itemtype (Ex: BK) and
another mandatory and non-mandatory field of your choice
- Add a new order line and item and verify the defaults are selected
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch modifies the OPAC basket JavaScript so that a check is added
for the existence of the "itemst" table. This avoids an error if the
"More details" view is selected and hte "itemst" table isn't present.
To reproduce the error, add some items to the OPAC cart and open the
cart window. Open the JavaScript console in your browser and click the
"More details" link. You'll see an error.
To test, apply the patch and perform the same test as above. The error
should not be present. Test that table sorting in the "brief" view words
correctly.
Signed-off-by: David Roberts <david@koha-ptfs.co.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
With installer data in YAML format and it's translations,
there are no need for localized installer files.
This patch removes es-ES installer files.
To test on top of Bug 24871
1) Apply the patch
2) Translate to spanish
cd misc/translator
./translate update es-ES
-/translate install es-ES
3) Do a clean install using es-ES,
check no problems during install
4) Verify MARC21 frameworks, they must
be translated
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch simply adds new po files for each supported
language.
The are not created on update, so the need to add this files.
To test:
1) Update your preferred language
2) Check missing *installer*po files
3) Create new translation files:
cd /misc/translation
./translate create xx-YY
check *installer*po files
4) Apply patch
5) Repeat 1, verify installer files are updated
see last modification time
Pre-filled translations for some languages
(https://translate.koha-community.org/projects/marc21/)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch fix the missing xml prolog in translated
files, XML or TT.
Is fixed teaching C4::TTParse not to ignore <?..?> constructs,
then teaching xgettext.pl to ignore those strings. Net result is
that they are copied in the translated file.
To test:
1) Update & install your preferred language,
(cd misc/translator/; perl translate update xx-YY; perl translate install xx-YY )
2) Compare the first lines (head -2) of:
koha-tmpl/opac-tmpl/bootstrap/en/xslt/compact.xsl
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-opensearch.tt
koha-tmpl/intranet-tmpl/prog/en/xslt/plainMARC.xsl
and
koha-tmpl/opac-tmpl/bootstrap/xx-YY/xslt/compact.xsl
koha-tmpl/opac-tmpl/bootstrap/xx-YY/modules/opac-opensearch.tt
koha-tmpl/intranet-tmpl/prog/xx-YY/xslt/plainMARC.xsl
Check the missing prolog
3) Install this patch, repeat 1 and 2, now the prolog is present
on translated files.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the right function calls to checkouts.js so that English
strings can be picked up by the translator. The resolution message has
been reformatted so that it can be clear without including "on" and
"by" in the middle of the string.
To test you should have a patron with at least one return claim. Open
the checkout page for that patron and open the "Claims" tab. Test the
process of editing, deleting, and resolving claims.
TESTING TRANSLATABILITY
- Update a translation:
> cd misc/translator
> perl translate update fr-FR
- Open the corresponding .po file for the staff
client: misc/translator/po/fr-FR-messages-js.po
- Locate strings pulled from checkouts.js for translation, e.g.:
#: koha-tmpl/intranet-tmpl/prog/js/checkouts.js:920
msgid "Double click to edit"
msgstr ""
- Edit the "msgstr" string however you want (it's just for testing).
- Install the updated translation:
> perl translate install fr-FR
Switch to the udpated translation and test the functionality under the
"Claims" tab again to confirm that your translated strings appear.
Note that "untranslatable string" failures reported by the QA script are
false positives.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1: find a bib with 008 type Book
(Leader position 6 = 'a' and leader position 7 = 'm' -- use bib number 1 in master data)
2: set 008 position 23 to 'd' for large print
3: check your book record in opac and intranet search results, note that your change is not reflected in the "format" note in line with material type
4: find a bib with 008 type Continuing Resource
(Leader position 6 = 'a' and leader position 7 = 's' -- use bib number 44 in master data)
5: set 008 position 23 to 'd' for large print
6: check your continuing resource record in opac and intranet search results, note that your change is not reflected in the "format" note in line with material type
7: apply patch, restart_all
8: reload search results from steps 3 and 6, confirm they now say "format: large print"
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1 - Have a record with some items
2 - Click 'Delete all' under 'Edit'
3 - Confirm deletion
4 - Note you are redirected to additem.pl
5 - Add an item
6 - Apply patch
7 - Delete all items again
8 - Note you are redirected to detail.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test and understand what's going on, you can try that bit of code:
my @a = qw( a b c a);
my @b = qw( b c d );
my @c;
@c = grep { 'a' eq $_ } @a ? 'ok' : ();
say @c;
@c = ( grep { 'a' eq $_ } @a ) ? 'ok' : ();
say @c;
@c = grep { 'a' eq $_ } @a ? ('ok') : (undef);
say @c;
The problem here:
Have patrons in 3 branches CPL, MPL, SPL
Have a non superlibrarian with edit_borrowers permission but
without view_borrower_infos_from_any_libraries, from CPL
Create a library group with CPL, MPL
Use that non superlibrarian to search for patrons
You can search for patrons fro CPL and MPL
BUT, edit the value for CPL, use SPL (edit the DOM)
Search and... oops
Apply this patch, try again
Also use a superlibrarian patron (and/or with view_borrower_infos_from_any_libraries)
and confirm that they can see all patrons
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch cleans opac-showmarc.pl so it doesn't allow retrieving
records from import batches without requiring any permissions in the
OPAC.
it does so by just removing the code portion that does that.
It also cleans the record fetch operation and how the record processor
is initialized to it actually works :-D
To test:
1. Perform a successful Z39.50 search in cataloguing (this fetches 20
records usually)
2. Query your DB for a valid import_record_id:
$ koha-mysql kohadev
> SELECT * FROM import_records LIMIT 1;
3. Notice some of the MARCXML details (title, author, etc), and the
import_record_id
4. Point your browser to the opac-showmarc.pl URL like this:
http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?importid=20
=> FAIL: You get the record! (Bonus: no field/subfield takes place)
5. Hide some obvious subfield on the framework for a known (to you)
biblionumber
6. Point your browser to:
http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?id=<biblionumber_here>
=> FAIL: No filtering takes place
7. Apply this patch
8. Repeat 4
=> SUCCESS: You get an error because you did a bad request (no id param)
9. Repeat 6
=> SUCCESS: Subfield filtering actually works!
10. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
As a simple alternative to the solution in bug 9949 or just as an
additional measure, this patch adds a rewrite rule for intranet
in order to intercept potential misuse of perl scripts that could be
reached on a dev package install via the cgi-bin/koha scriptalias.
It simply rewrites them to the nonexistent "notfound", resulting in a
regular 404 error.
The rewrite rule does not harm regular installs and is just a little extra
step in securing a dev install. You should have more security measures in
place to secure your staff client.
QA Note: Although a rewrite rule may not be our first choice, this one
rule is more elegant and easier to maintain than e.g. a whole bunch of
aliases.
Note: This patch should have a regular and a dev install signoff.
Test plan:
[1] Make sure that this rewrite rule is inserted in your actual apache
config via /etc/koha/apache-shared-intranet.conf. Restart Apache.
[2] For regular package installs:
Try one of the URLs in step 3.
Verify that your staff client still operates as usual. Test a few
URLs inside some modules.
[3] For dev installs:
Try some URLs like below.
Expect 404 errors only, not 500s. If you do not see a 404, go back!
/misc/stage_file.pl
/t/db_dependent/default_search_class.pl
/installer/data/mysql/updatedatabase.pl
/Makefile.PL
[4] Do you see an additional directory to add to the regex? Please report.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
# Failed test 'checkpw_ldap tests'
# at t/db_dependent/Auth_with_ldap.t line 324.
{UNKNOWN}: Configuration not defined at /usr/share/perl5/Log/Log4perl/Config.pm line 579. at /kohadevbox/koha/Koha/Patron.pm line 395
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
I don't understand how that could be useful. We do not want to test if
the logfile is writable every time we log something!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We do not want to fail silently for the logger.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Until now, there was only "General" and "Privacy". This patch
breaks the "General" prefs up into multiple sections.
To test:
- Go to Administration > Patrons
- Verify the current state of things
- Apply patch
- Reload patch
- Verify headings make sense and groups make sense as well
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
