This follow-up patch resets the dropdown values of the form alongside
the text inputs. It styles the button to look like a link so it doesn't
distract the user and get 'accidentally' clicked when attempting to
submit.
Test that the button looks and behaves as expected after submitting a
search.
Signed-off-by: nicolas <nicolas@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the authorities, basket and batch folders are swapped around to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the "type" attribute from <script> tags in several
authorities templates. Also removed: Obsolete "//<![CDATA[ //]]>"
markers.
To test, apply the patch and confirm that examples of affected pages
work properly without any JavaScript errors in the browser console:
- Authorities -> Search -> View authority record
- Authorities -> Search -> Edit authority record
- Cataloging -> New record
- Trigger the authority search form by clicking the plugin link next
to a tag which has been linked to an authority type (e.g. 100a ->
Personal name).
- Search for an authority record.
- Select an authority record.
Validating the HTML source of any of these pages should return no errors
related to the "type" attribute.
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=22797
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the cataloging authority search templates to use the
Bootstrap grid instead of the YUI grid.
To test you must have a MARC subfield configured with "Thesaurus"
linked to an authority type.
Apply the patch and go to Cataloging -> New record. Click the plugin
link for the field which is linked to authorities. In the popup window,
the search form and search results should look correct.
Signed-off-by: Zoe Bennett <zoebennett1308@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This follow-up adds the required KOHA_VERSION variable to two templates
where it was missing.
This patch also adds a 'window_size' parameter to a popup window
function so that self-closing windows like blinddetail-biblio-search.pl
can appear small and others at a reasonable size.
To test, apply the patch and clear your browser cache if
necessary.
- Confirm that the QA tools do not complain about missing KOHA_VERSION
in auth_finder.tt and searchresultlist_auth.tt.
- Open a bibliographic record for editing in the basic editor using a
framework in which a field is linked to authorities.
- Trigger the authority selection window for that field.
- Click the "Clear field" button at the top of the authority search
pop-up window. Another smaller popup window should briefly appear, and
then both windows should close.
- Trigger the authority selection window again.
- Click the "Create new authority" button. A new window should appear
with the MARC authority editor. The window should be a usable size.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client patron lists templates so that
JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of
each modified template.
I've made one change to the JavaScript in addition to moving it: I've
made it so that the blank window which pops up briefly in this process
is 100px x 100px instead of full screen.
- Cataloging -> Add or edit bibliographic record in a framework which
has authorities linked to a tag
-> Click authorities plugin link
-> Create new authority button
-> Autocomplete on text inputs (except "Search all headings")
-> Search
-> Select authority record ("choose")
-> Click authorities plugin link again
-> Clear field
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
- Removing unused references to YUI assets in authorities/auth_finder.tt
- Removing unneeded call to autocomplete JS in help-top.inc and
adding new jQuery dependencies.
- Minor HTML markup corrections to auth-finder-search.inc discovered
in debugging the patch.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested:
- help files on various pages
- auth finder plugin in cataloguing
- authority search in authorities module
This is the first patch for bug 7760 and touches all pages in authorities.
This adds a unique id "auth_<filename>" and a class "auth" to the body tag of
each page in the authorities module.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
While typing an authority, will automatically propose authorities (similar to
autocompletion for patron search if activated)
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Tested searching for authorities with and without autocomplete. Note that
this is most useful when used in the "Main entry" box instead of the
"Main entry ($a only)" box.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Corrected tabs to spaces in auth-finder-search.inc while resolving merge
conflict.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>