This patch replaces Bootstrap's glyphicons with Font Awesome icons.
To test, apply the patch and clear your browser cache and regenerate the
OPAC CSS from the LESS file if necessary. Check these icons and confirm
they look correct:
- Cart and Lists icons in the OPAC header
- User icon in the header when the browser window is narrow
- Languages menu when multiple languages are installed and
the OpacLangSelectorMode system preference is "top" or "both top and
footer."
- Set the SuspendHoldsOpac system preference to "allow" and log in to
the OPAC as a user who has one or more holds.
- Check the appearance of the "suspend" and "resume" buttons both in
the table of holds and at the bottom.
- With one or more clubs defined, log in to the OPAC and check the
"Clubs" tab on the user summary page. The "Enroll" and "Cancel
enrollment" buttons should look correct.
- On the "your messaging" tab in the OPAC, the "Digests only"
information icon should look correct.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes some minor HTML and CSS changes in order to make the
header's language-chooser menu more readable and consistent with the
Lists menu.
To test, apply this patch and the patch with the compiled CSS.
- Install and enable more than one translation.
- Set the OpacLangSelectorMode to either "top" or "both top and footer."
- View the OPAC's header menu and confirm that the links and menus look
correct whether or not a user is logged in.
Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The file opac-tmpl/bootstrap/en/includes/masthead-langmenu.inc exposes following tt directive to translators:
"[%% IF ( ( opaclanguagesdisplay ) && ( ! one_language_enabled ) && "
"( languages_loop ) && ( OpacLangSelectorMode == 'both' || "
"OpacLangSelectorMode == 'top') ) %%] "
This patch fixes it.
To test:
- Apply patch
- Verify that language selector in OPAC (top of the page) works as expected
- Bonus test: create a new language 'aa-AA', verify that line above does not
show up in aa-AA-opac-bootstrap.po
NOTE: Followed a test plan similar to bug 18776 comment 3
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The language menu in koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc is used at other places as well (see Bug 14776).
This patch moves it to a file masthead-langmenu.inc to make it re-usable.
Additionally it streamlines the logic (not all combinations of Opac sysprefs that should display the menu did so).
To test:
- Apply patch
- Verify, that the language menu displays / does not display with combinations of:
- opaclanguagedisplay (Allow)
- opaclanguages ( > 1 language selected)
- OpacLangSelectorMode (top or both)
- Verify that sysprefs opacuserlogin and EnableOpacSearchHistory do not interfere
with the lenguage menu (before, at least one of them had to be on to display the menu)
- Verify that language switching works as before.
Signed-off-by: Chris Kirby <christopherlawrencekirby@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
