Commit graph

37236 commits

Author SHA1 Message Date
2682efccdb
Bug 24757: Leap day failing tests - refactoring
Refactore the tests to add more of them after we fixed the failing ones.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 10:04:41 +00:00
3f8412cc91
Bug 24757: Leap day failing tests - It's like we are on 2020-02-28
Those tests were failing on 2020-02-28, next day was a leap day.
Let's fake time and recreate the failure

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 10:04:35 +00:00
104b87c9a0
Bug 22273: DBRev 19.12.00.031
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:58 +00:00
b4d56d3fd8
Bug 22273: Modify Koha::ArticleRequest->store to fill created_on
For a new record, store should fill created_on.
The database will always update the timestamp updated_on.
Since open also calls SUPER::store, we do not need to call it twice.

Test plan:
[1] Run t/db_dependent/ArticleRequests.t
[2] In the interface, add two article requests. Change the status of one
    to PROCESSING. Check created_on and updated_on in the article_requests
    table. The changed request should have updated_on > created_on.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
[1] Tests pass
ok 12 - New article request has created_on date set
ok 13 - New article request has updated_on date set

[2] Work as described.
No errors

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:57 +00:00
266bcd554b
Bug 22273: Database revision for table article_requests
Column created_on should not be updated. It is filled once by the
store method of Koha::ArticleRequest.
Column updated_on should be a timestamp, updated by the database.

Note: Although higher versions of MySQL and MariaDB support two timestamps
(NOT NULL) in one table, I kept on the safe side by allowing NULL on the
created_on column.

@RM: Don't forget to run DBIx update.

Test plan:
Run new install or upgrade.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:57 +00:00
8dc15ceffd
Bug 22273: Replace typo opan by opac in POD
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:57 +00:00
00d70a9bd8
Bug 17464: Order deny,allow / Deny from all was deprecated in Apache 2.4 and is now a hard error
Patch change Apache access control from 2.2 to 2.4 directives.

Test plan:
0. Apply patch
1. Build Koha from source
2. Copy or symlink koha-dev/etc/koha-httpd.conf into your relevant
Apache directory.
3. Reload Apache
4. Note a lack of syntax errors regarding the "Order" directive

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:57 +00:00
Maryse Simard
b5b8a7daeb
Bug 23488: Line wrapping doesn't always respect word order in Patron card creator
When wrapping long lines of text, the line is divided by removing each
word from the end of the line and putting it in a new one until the line
is the right width. When the word to be removed appears multiple time
in the line, it is not the last occurrence that is removed.

This patch changes the regular expression used to remove the part of
the text that is wrapped to a new line, making sure it removes it at
the end of the text.

Test plan:

1. Go to Tools > Patron card creator

2. Have a card template and a card batch
    -> If needs be, you can create them by using
       New > Card template or New > Card batch

3. Create a layout and use one text field containing a long text with
    at least one word which is repeated a minimum of 2 times
    (preferably towrdds the end of the text, since it has to be picked
    as one of the words to appear in the new line). You can use this:

        one two three one two three one two three one two three
        one two three one two three one two three one two three ...

4. Go to Manage > Card batches and export a batch

5. Choose the layout set up in 3.

6. Click the Export button and open the resulting pdf file

7. Notice all the repeated word have been grouped
    -> For this example : all of the ones appear first, followed by
       all the twos and only then the threes.

8. Apply patch

9. Repeat step 4 through 7
    => this time the order of the words has not changed!

Signed-off-by: Gabriel DeCarufel <gabriel@inlibro.com>
Signed-off-by: William Frazilien <william.frazilien@inlibro.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:57 +00:00
9060ca36c0
Bug 23753: Add missing humanMsg library to pages using background job JavaScript
The JavaScript used to process background uploads calls the humanMsg
library under some circumstances. There are several templates which use
background-job-progressbar.js which don't include the humanMsg assets.
This patch corrects those templates.

Note: upload-images.tt has been modified to remove the inclusion of
background-job-progressbar.js because it was unused.

To test, apply the patch and test the following processes which include
background job processing:

 - Batch item modification -- the background job is triggered when you
   submit your changes
 - Batch record modification -- the background job is triggered when you
   submit your changes
 - Stage MARC for import -- the background job is triggered when you
   click the "Sage for import" button after uploading a file
 - Staged MARC management -- the background job is triggered when you
   click "Import this batch into the catalog"

In each case the process should complete correctly. If you would like to
test the error message handling provided by the humanMsg library you can
deliberately introduce an error into the JavaScript. After applying the
patch you can modify js/background-job-progressbar.js to alter line 63
from:

   url: f.action,

...to:

   url: f.action + "foo",

Perform the same tests and confirm that you see an error message. Don't
forget to undo your changes to background-job-progressbar.js before
signing off.

Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:56 +00:00
ee12fb2247
Bug 23536: Remove obsolete category markup from patron entry
This patch removes some obsolete markup from the patron entry template
(memberentrygen.tt). The old markup was necessary in a long-gone version
of Koha where it was possible to add patrons using built-in categories
instead of defining your own.

To test, apply the patch and test the process of adding or editing
patrons. You should see the patron category displayed correctly in the
page title, breadcrumbs, and main heading.

Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:56 +00:00
afd5ee31ba
Bug 23534: Use patron-title.inc on patron entry page
There are a few instances where we can simplify the patron entry
template by using the patron-title include file instead of outputting
patron name variables one by one. This patch does so in the page title,
page breadcrumbs, and page heading.

To test, apply the patch and edit a patron record. The page title,
breadcrumbs, and main heading should all look correct.

Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:56 +00:00
Katrin Fischer
d5a1a82a9b
Bug 24725: (QA follow-up) Add missing spaces between elements on claims tab
There was a missing space between the title and the barcode.
Also added a space between title and author.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:56 +00:00
2fe29c6574
Bug 24725: Remove ES template literals in checkouts.js
From Julian on bug 24661 comment 6:
"""
It looks like xgettext does not like ES6 template literals.

https://savannah.gnu.org/bugs/?50920

From what I understand, support for template literals was added in gettext 0.20 (still not packaged in debian) but is still buggy in latest released version 0.20.1 and a fix is present in master.
"""

We should not use backticks ` in .js file, it breaks xgettext.

To replicate:
kohadev-koha@e1f3025cca60:/kohadevbox/koha/misc/translator$ perl translate update es-ES
koha-tmpl/intranet-tmpl/prog/js/checkouts.js:569: warning: unterminated string
koha-tmpl/intranet-tmpl/prog/js/checkouts.js:858: warning: unterminated string
koha-tmpl/intranet-tmpl/prog/js/checkouts.js:904: warning: unterminated string
koha-tmpl/intranet-tmpl/prog/js/checkouts.js:911: warning: unterminated string
koha-tmpl/intranet-tmpl/prog/js/checkouts.js:1095: warning: RegExp literal terminated too early
/usr/bin/msgmerge: error while opening "/kohadevbox/koha/misc/translator/po/es-ES-messages-js.po" for reading: No such file or directory

(last error 'No such file or directory' is not related to this).

Test plan:
Make sure nothing is broken on the claims table
Confirm that the errors do not longer appear on `perl translate update LANG`

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:56 +00:00
813da7f243
Bug 24727: (bug 14697 follow-up) Replace link on title to bib detail page
903                               let title = `<a
class="return-claim-title strong"
href="/cgi-bin/koha/circ/request-rcticle.pl?biblionumber=[%
rc.checkout.item.biblionumber | html %]">

At first it seems like a typo:
request-rcticle.pl vs request-acticle.pl

But actually it does not make sense to link to request-article, we want
(I think) to link to the bibliographic record detail page.

Test plan:
- Have something in the claim table (cf bug 14697)
- Click on the title of the bibliographic record

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:56 +00:00
Julian Maurice
cab8dd8cf1
Bug 24734: Fix paths in LangInstaller.pm for JS files
Use intrahtdocs and opachtdocs in order to get the correct paths for all
kind of installations

Test plan:
1. With a dev install, run ./translator create/update/install xx-XX and
   verify that there is no error message
2. With a standard install, run ./translator create/update/install xx-XX
   and verify that there is no error message

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested for dev/single/standard installs, no errors,
just a (normal) warn from po2json.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:56 +00:00
Katrin Fischer
d352145c65
Bug 24736: (QA follow-up) Change tooltip wording
Suggesting a change of the tooltip wording to read:

There are no enrollments for this club yet

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:49:43 +00:00
886dd6b3be
Bug 24736: Disable "Enrollments" link if nobody enrolled to the club yet
The link is disabled but it's possible to click and access the page
anyway.

Test plan:
- Create a new club template
- Create a new club
- Click the Actions > Enrollments link
=> Without this patch you can access the page
=> With this patch applied you cannot, and a tooltip explains why (feel
free to suggest another wording)
- Add a new patron to this club (from /cgi-bin/koha/opac-user.pl#opac-user-clubs)
- Notice that the action link is not enabled and click takes you to the
list of enrollments

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:31:23 +00:00
Andrew Fuerste-Henry
729200ae57
Bug 24747: Corrects on-screen instructions in branch transfer limits
To test:
1- go to cgi-bin/koha/admin/branch_transfer_limits.pl
2- see wording "Check the boxes for the libraries you accept to checkin items from"
3- apply patch
4- see wording "Check the boxes for the libraries you allow your items to be transferred to"

To verify new wording accuractely describes behavior:
1- Set UseBranchTransferLimits set to Enforce using itemtype
2- Confirm circ rules allow holds
3- Confirm hold policy by item type allows holds
4- Confirm all branches are valid pickup locations in branch setup
5- In Branch Transfer Limits, set dropdown to Branch A, select itemtype Book, disable all transfers so Branch A does not accept books from any other branch
6- Find a patron from Branch A
7- Find a book from Branch B
8- On the intranet, successfully place hold on item for patron for pickup at branch A
9- Cancel hold
10- Log into opac as patron
11- Successfully place hold on item for pickup at Branch A
12- Cancel hold
13- In Branch Transfer Limits, set dropdown to Branch A, select itemtype Book, ENABLE all transfers so Branch A DOES accept books from any other branch
14- In Branch Transfer Limits, set dropdown to Branch B, select itemtype Book, disable all transfers so Branch B does not accept books from any other branch
15- On the intranet, try to place a hold on item for patron, confirm Branch B is your only pickup option
16- On the OPAC, log in as patron, try to place a hold on item, confirm Branch B is your only pickup option

Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:29:50 +00:00
c44bfe1208
Bug 24746: Duplicate id in opacheader markup
This patch removes '<div id="opacheader">' from masthead.inc
because the same markup is generated by koha_news_block.

To reproduce the bug, make sure there is an opacheader news block
defined. Add this to the OPACUserCSS system preference:

View the main page of the OPAC. You should see two blue borders around
the opacheader content.

Apply the patch and reload the OPAC page. There should now be only one
blue border.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Tested whith OPACUserCSS -> #opacheader { border: 1px solid blue; padding: 1px; }
don't know the intended value but works :)

Work as described following test plan, no errors.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:29:05 +00:00
bd88b10c6f
Bug 13327: Compiled CSS
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:27:54 +00:00
7b63d55ddc
Bug 13327: (follow-up) Correct CSS and XSL errors
This patch adds back the CSS changes which seem to have been lost in a
rebase somewhere. The patch also corrects a bad copy/paste in the XSL
file which led to a 404 error.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:27:05 +00:00
5bbf80989a
Bug 13327: OPACPopupAuthorsSearch doesn't work with XSLT views
This patch reimplements the OPACPopupAuthorsSearch feature so that it
will work in the XSLT view.

To test, apply the patch and rebuild the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).

 - View the detail page for a bibliographic record in the OPAC.
   Test under the following conditions:

 - OPACPopupAuthorsSearch ENABLED, OPACXSLTDetailsDisplay "default"
 - OPACPopupAuthorsSearch ENABLED, OPACXSLTDetailsDisplay empty
 - OPACPopupAuthorsSearch DISABLED, OPACXSLTDetailsDisplay "default"
 - OPACPopupAuthorsSearch DISABLED, OPACXSLTDetailsDisplay empty

In each of these cases, test the detail page's listing of additional
authors/contributors and subjects. Test records which have both multiple
contributors or subjects and which have only one author or subject.

When OPACPopupAuthorsSearch is turned on, verify that the author/subject
selection modal appears and that your selections are correctly combined
to build a search string.

Note that OPACPopupAuthorsSearch feature has a problem with terms
containing parentheses. The issue predates this patch.

Also note that the QA tools will give a false positive about Bootstrap
button styles. This rule only applies to the staff client.

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:26:53 +00:00
1e7819f742
Bug 24756: Show the warnings on Jenkins
Temporary measure to see which warnings Jenkins got while we cannot
reproduce them ourselves on D8, D9 and D10.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-02 09:15:43 +00:00
c497d4f5a6
Bug 24739: Perform IPv6 tests only if Net::Netmask is correct version
Test plan:
0. Apply patch
1. Set up Koha on stretch (e.g. koha/koha-testing:master)
2. perl t/Koha/Middlware/RealIP.t
3. Observe the following:
Subtest: IPv6 support
    ok 1 - Warn on IPv6 koha_trusted_proxies
    ok 2 - Unable to parse IPv6 address for trusted proxy, so ignore the X-Forwarded-For header
    1..2
ok 13 - IPv6 support

4. Set up Koha on buster (e.g. koha/koha-testing:master-buster)
5. perl t/Koha/Middlware/RealIP.t
6. Observe the following:
Subtest: IPv6 support
    ok 1 - Trust proxy (2001:db8:1234:5678:abcd🔢abcd:1234) using IPv6 CIDR notation, so use the X-Forwarded-For header for the remote address
    1..1
ok 13 - IPv6 support

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-28 15:06:44 +00:00
d33c2506d5
Bug 24739: Skip tests when IPv6 support is found
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-28 15:06:39 +00:00
cad8540cbf
Bug 24753: Change Koha/Middlware to Koha/Middleware in test name
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-28 15:06:32 +00:00
e1ea21415e
Bug 24756: Fix failing tests by removing temporary filenames
In order to resolve the random failure, that might be caused by reusing
filenames in File::Temp and caching xslt code, this patch replaces the
temporary file by using the code parameter.

Note: Since XSLT uses a digest based on the passed code fragment, we will
exclude collisions here.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-28 11:29:01 +00:00
2c8a117604
Bug 24756: Fix D8 and U18 failures for Koha/XSLT/Security.t
Instead of warning_like, we eventually catch multiple warnings and look
if we catch one specific warn and not catch another specific one.

Test plan:
Run t/db_dependent/Koha/XSLT/Security.t on D8, D9, D10 or U18.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Passes on D8 and D9 for me.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-28 08:44:07 +00:00
Nazlı Çetin
d296876626
Bug 21879: Code cleaning in printinvoice.pl
Coming from
  commit 51aa6db46c
  Bug 12001: Move GetMemberAccountRecords to the Koha namespace

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-26 20:42:56 +00:00
Ere Maijala
d4509897e1
Bug 24680: Fix end_date returned from api/v1/holds/{hold_id}/suspension endpoint
Before this patch the response would return current date as the suspension end date for a hold that is suspended with no end date.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-26 20:40:27 +00:00
Ere Maijala
1f16881f28
Bug 24680: Fix PUT api/v1/holds/{hold_id} to work also when priority is not provided
Before this fix the endpoint would accept the request but fail to actually update the hold if the request does not contain a priority parameter.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-26 20:40:10 +00:00
4f3b4dae27
Bug 24733: created_by param should be an arrayref
We allow for the user to add multiple users to this field, and the
search function expects and array. We have been treating it as a scalar

TO test:
1 - Have an open basket in acquisitions
2 - Add to basket - from an existing order (copy)
3 - Enter a name in the 'Basket created by' field and select a user
4 - Hit search
5 - ISE (Can't use string ("1") as an ARRAY ref while "strict refs" in use at /usr/share/koha/lib/C4/Acquisition.pm line 2482.)
6 - Apply patch
7 - Repeat 1-4
8 - Success!
9 - Test with mutiple 'created by' entries as well

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-26 20:38:46 +00:00
0dc6f32999
Bug 24294: (QA follow-up) Add rollback and 008 default test
Default for 008 was not tested yet.
Only wondering if we should insert default values only when we meet an
undefined value. Or should we also add if we meet an empty string? Is the
latter not more realistic in MARC?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-26 20:37:48 +00:00
64855886b8
Bug 24294: Add default value support for control fields in ACQ framework
When trying to add an order using the ACQ framework with a 008@ tag,
Koha explodes:

Control fields (generally, just tags below 010) do not have subfields,
use data() at /home/vagrant/kohaclone/C4/Acquisition.pm line 3272.

Test plan:
Set a default value for a control field in the ACQ framework
Turn on UseACQFrameworkForBiblioRecords
Create a new order from a new record
The default value should be displayed
Save
=> No crash

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-26 20:37:00 +00:00
Katrin Fischer
dd9a965ed5
Bug 24605: (QA follow-up) Fix unencoded series link in staff interface
Same change as the first patch, but for the staff detail page.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-26 20:34:27 +00:00
f407714907
Bug 24605: Fix unencoded series link
To test:
1 - Add an 830 to a record with a volume subfield separated by a semicolon
    830$aThe series ;$vvol 8.
2 - View the record in the opac
3 - Click the series link, no results
4 - View the link url - the semicolon is not encoded
5 - Apply patch
6 - link works
7 - URL is corrrectly encoded

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-26 20:34:18 +00:00
ba4fb0fdee
Bug 23290: (RM follow-up) Correction to copyright statement
We have updated our copyright statements now ;)

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 14:35:39 +00:00
b2651484ed
Bug 24661: (RM follow-up) Check lang is defined
This adds a check that the lang variable is defined before testing
against it. In normal operation this is likely a no-op, but it is
required for compiling templates during QA.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 14:28:54 +00:00
Ere Maijala
d7407055a8
Bug 22522: Fix several REST API tests
Fixes among others the invalid use of json_has() which caused broken tests to pass with older Mojolicious versions.

Signed-off-by: Mason James <mason@kohaaloha.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:44:22 +00:00
2061132e45
Bug 22522: Fix route typo
Signed-off-by: Mason James <mason@kohaaloha.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:44:07 +00:00
Ere Maijala
7a4dc6c8ed
Bug 22522: Add support for current Mojolicious and related packages
This patch allows tests to succeed with the following versions:
JSON::Validator 3.18
Mojolicious 8.32
Mojolicious::Plugin::OpenAPI 2.21

Also Mojolicious::Plugin::OpenAPI version 1.17 and later 1.x versions now work.

Calling valid_input in under() would cause ' Use of uninitialized value $_[2] ' in more recent OpenAPI plugins, so that was changed too. As far as I can see this does not affect authorization.

Signed-off-by: Mason James <mason@kohaaloha.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:43:51 +00:00
a01e5132c1
Bug 23290: (QA follow-up) Rename option to expand_entities_unsafe
When you enable options marked as unsafe, we hope that you know what
you are doing. You should, while having access to koha-conf.xml.

Test plan:
Verify that Security.t still passes.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:41:17 +00:00
306ed2fb6f
Bug 23290: (follow-up) Replace warning_like by warnings_like
Security.t does not pass anymore ;)
Due to bug 23290 the tests now trigger an additional runtime error that
we should also catch to let the tests pass again.

Test plan:
Run t/db_dependent/Koha/XSLT/Security.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:41:14 +00:00
404fbeee72
Bug 23290: Add test for write_net
Test plan:
Run t/db_dependent/Koha/XSLT/Security.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:41:12 +00:00
801693096c
Bug 23290: Add test Koha/XSLT/Security.t
Test plan:
Run it!

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:41:09 +00:00
a69df1fe61
Bug 23290: (follow-up) Disable expand_entities unless explicitly enabled
This follow-up refines the change made in the former patch.

See also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838097
https://rt.cpan.org/Public/Bug/Display.html?id=118032

We do not want to depend now on the exact LibXML version, so we will
disable expand_entities unless it is explicitly enabled via the config
variable koha_xslt_security. (Allowing us to test if bad things will be
caught.)

The options key is now always added to the Security object.
The return from set_parser_options has been removed to allow disabling when
there is no koha-conf entry (which probably is the normal situation).

Test plan:
[1] Test the first example patch with and without the other patches (excl.
    the second example). Toggle expand_entities in koha-conf. Restart
    Plack and flush the cache each time. Evaluate results with the
    commit message of first example.
[2] Test both example patches with/without other patches.
    Toggle expand_entities. Restart etc. Evaluate results with commit
    message of second example (check tmp/breached.txt).

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:41:06 +00:00
f6bb3eb478
Bug 23290: Allow enabling expand_entities
Since libxml2 disables it now by default, we need to enable it for testing.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:41:03 +00:00
7baa8d349c
Bug 23290: Apply the changes in Security to Base now
Until now Base did not yet use Security. The security lines are removed
from Base here by calls to Security.
A new test must be added still.

Test plan:
Ensure that t/db_dependent/XSLT_Handler.t still passes.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:41:00 +00:00
269c0bf217
Bug 23290: Introduce Koha::XSLT::Security
Also adds a temporary stub for Koha::XSLT_Handler referring to Base.
This will be removed later.

Test plan:
Run t/db_dependent/XSLT_Handler.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:40:57 +00:00
9ae9e5aade
Bug 23290: Rename XSLT_Handler
This is just a git move. Cannot be tested. (Easier for QA.)
The next patch adjusts paths etc. in the module.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-25 13:40:54 +00:00