Add shebang to Guided.t too.
Test plan:
See also previous commits.
Try sql like:
select access_token from oauth_access_tokens
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch replaces these variables with a non-translatable message.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirm tests pass t/db_dependent/Reports/Guided.t
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This enhancement prevents SQL queries from being run if they would return a password field from the database table.
To test:
1. Run tests and notice they fail t/db_dependent/Reports/Guided.t
2. Apply patch and restart services
3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t
Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
JD Amended patch: replace '==' with 'eq' for consistency with other
occurrences.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We do two things here..
* We're making the improvement to C4::Letters that sets librarian to a
patron object more resilient by testing for the userenv first.
* We correct the logic in Koha::Ticket such that we always store changes
when there's a ticket update
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds a 'librarian' object fetch to
C4::Letters::GetPreparedLetter when a called passes the 'want_librarian'
flag.
This allows for the notice to take full advantage of the patron object
for that librarian rather than requireing old non-TT syntax for this
feature.
Test plan
1) We use the 'librarian' object in the new TICKET_ASSIGNED default
notice, use the next patch to test that the librarian title is
correctly substituted into the notice.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch fixes the fact `RANK` become a reserved word in MySQL 8.0.2
[1]
To test:
1. Launch KTD with MySQL 8:
$ ktd down
$ DB_IMAGE=mysql:8 ktd up -d
2. Open the logs
$ ktd --shell
k$ tail -f /var/log/koha/kohadev/*.log
3. Create a serial, receive an issue and try to create a routing list
4. Click on `+ Add recipients` and look for Henry
5. Click `Add` and then `Close`
=> FAIL: Henry not added
=> FAIL: The logs show an error about wrong SQL syntax
6. Run:
k$ prove t/db_dependent/Serials.t
=> FAIL: Tests explode with the same kind of error!
6. Apply this patch
7. Restart plack
8. Repeat 3 through 6
=> SUCCESS: Henry added!
=> SUCCESS: No explosion about the SQL syntax in the logs
=> SUCCESS: Tests pass!
9. Sign off :-D
[1] https://dev.mysql.com/doc/refman/8.0/en/keywords.html
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch replaces the use of is_notforloan with not_for_loan and
removes the older is_notforloan method and tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch updates all instances where the current noissuescharge sysprefs are used. They will now use the is_patron_inside_charge_limits method to handle the patron category level limits
Sponsored-by: Cuyahoga County Public Library <https://cuyahogalibrary.org/>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch allows checkouts to be processed via SIP even when
the item is already checked out to a user.
Test plan:
0) Apply the patch
1) koha-sip --stop kohadev
2) koha-sip --start kohadev
3) misc/sip_cli_emulator.pl -a localhost -p 6001 -l CPL -su term1 -sp term1 -m checkout --patron koha --item 39999000001310
4) misc/sip_cli_emulator.pl -a localhost -p 6001 -l CPL -su term1 -sp term1 -m checkout --patron 23529000035676 --item 39999000001310
5) Note the output includes "AFItem checked out to another patron"
6) Enable system preference "AllowItemsOnLoanCheckoutSIP"
7) misc/sip_cli_emulator.pl -a localhost -p 6001 -l CPL -su term1 -sp term1 -m checkout --patron 23529000035676 --item 39999000001310
8) Note the output no longer includes "AFItem checked out to another patron" and the item has been checked out to patron 23529000035676
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
When parsing the branch limits the regular expression matches
parameters that contains the substring "branch:" rather than the prefix
"^branch:". Consequently, both prefixes homebranch: and holdingbranch:
triggers the branch limit.
Test plan:
- Activate the system preference IntranetAddMastheadLibraryPulldown.
- In staff interface:
- Perform a catalogue search (e.g. "book").
- Click on a facet for holding library or home library
(e.g. "Fairview").
- Click on the "more options" icon in the search box and make sure
that "All libraries" is selected.
- Activate the system preference OpacAddMastheadLibraryPulldown
- In opac:
- Perform a catalogue search (e.g. "book").
- Click on a facet for holding library or home library
(e.g. "Fairview").
- Make sure "All libraries" is still selected in the dropdown next
to the search input.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
1. Do an item search that returns results
2. Use the column filtering available at the top of the table for each column
3. Try itemnumber, get a 500 error each time
4. As long as there is data in the itemnumber column and you attempt to use another column you'll see a 500 error.
5. APPLY PATCH, restart_all
6. The itemnumber column filtering should now work as expected
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
Run `perl -c Koha/Old/Hold.pm`
It should print 'syntax OK'
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch blocks the patron set as the anonymous patron from logging into the staff interface and OPAC.
To test:
1) In Administration->sys. pref, make sure AnonymousPatron is pointed to an account.
2) Visit that patron's page and set their permissions to superlibrarian ("Access to all librarian functions")
3) Ensure that you know the username and password for this patron and can log in.
4) Visit the OPAC, attempt to log-in with your anon patron.
5) Note that you can log in and nothing happens.
6) Visit the staff interface, attempt to log-in with anon patron.
7) Once again, note that you are able to log-in with no issue.
8) Apply patch and restart_all
9) Attempt to log into the OPAC and staff interface with the patron again.
10) This time, you should get an error message on both pages saying, "Error: You can't log in as the anonymous patron!"
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This removes the unblessing of the patron object and uses fields form the patron
To test:
Confirm tests still pass:
prove -v t/db_dependent/Holds.t t/db_dependent/Circulation.t t/db_dependent/Holds/DisallowHoldIfItemsAvailable.t t/db_dependent/Reserves.t t/db_dependent/api/v1/holds.t
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This routine currently takes the agerestriction value from biblioitems and an unblessed borrower object
and uses the date of birth to calculate whether the ptrons DOB is before or after the minimum value required
against the age restriction
We have a routine in the patron object to get the patron's age - we cna use this against the parsed agerestriction
value in a simple comparison and remove the need to unbless and pass the patron.
FIXME: We should move this to a biblioitems or biblio object method
To test:
0 - In Admin -> Koha to MARC mapping, set biblioitems.agerestriction to 521,a
1 - Set syspref AgeRestrictionMarker to 'Age'
2 - Edit a record and set 521$a to 'Age 14'
3 - Add an item or copy the barcode of the item on that record
4 - Attempt to checkout item to Lisa Charles in sample data, or a 15 year old patron
5 - It should checkout fine
6 - Check in item
7 - Edit patron Joyce Gaines to set age to 13 DOB:06/20/2011, or create a 13 year old patron
8 - Attempt to checkout item
9 - Item is blocked
10 - Apply patch
11 - Repeat tests, confirm no change
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds a new key 'notconsidered' to the authority cache when
linking to avoid doubling when creating new authorities and wishing
to ignore thesaurus
To test:
0 - Set LinkerConsiderThesaurus to "don't"
1 - Set AutCreateAuthorities to generate
2 - Set AutLinkBiblios to Do
3 - Set CataloguingModuleRelink to Do
4 - Save a new record in Koha with the same randomized heading repeated
but from 3 different authority sources
ensure source is defined by indicators only and by field $2 once
ensure the heading is random so that no matches will be found
5 - Confirm each authority is linked to a new unique authority
6 - Apply patch, restart all
7 - Repeat 4 with a new subject heading
8 - Confirm all headings are linked to the same authority
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Fixes the following error message when running the overdues check cronjob on a
Koha system without defined overdue rules:
/etc/cron.daily/koha-common:
Use of uninitialized value in string eq at /usr/share/koha/lib/C4/Overdues.pm
line 686.
by checking if the variable is defined before comparing it.
Test plan:
1. Go to Tools - Overdue notice/status triggers and verify that for every single
patron type for both Default and every individual library, you have no value
set for Delay, so that you will never send anyone an overdue notice
2. Run the cron job which creates and sends overdue notices
3. Confirm the above mentioned error no longer appears
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan using koha-testing-docker:
1) Make sure SIP is running. You may need to edit
/etc/koha/sites/SIPconfig.xml and remove the 8023 connector and
restart the SIP-server (koha-sip --restart kohadev)
2) Find a patron, say 23529000197047
3) Set a password by selecting "change password", set it to
"Password1234"
4) Find a book, say 39999000000856
5) Issue book to patron with sip-client:
sudo koha-shell -c "/usr/share/koha/bin/sip_cli_emulator.pl \
--address localhost --port 6001 -t cr \
--su term1 --sp term1 --message checkout \
--location CPL --item 39999000000856 \
--patron 23529000197047 --password Password1234"\
kohadev
6) Note the AH-header in the response which for example:
'AH20240619 235900'
7) Make a renewal with:
sudo koha-shell -c "/usr/share/koha/bin/sip_cli_emulator.pl \
--address localhost --port 6001 -t cr \
--su term1 --sp term1 --message renew \
--location CPL --item 39999000000856 \
--patron 23529000197047 --password Password1234"\
kohadev
8) Make sure the AH-header in the response is different from the
response to the checkout, for example: 'AH20240624 235900'
Signed-off-by: Tadeusz „tadzik” Sośnierz <tadeusz@sosnierz.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Actually in _get_tt_params
The following query will delay the response
SELECT `me`.`biblionumber`, `me`.`frameworkcode`, `me`.`author`, `me`.`title`, `me`.`medium`, `me`.`subtitle`, `me`.`part_number`, `me`.`part_name`, `me`.`unititle`, `me`.`notes`, `me`.`serial`, `me`.`seriestitle`
, `me`.`copyrightdate`, `me`.`timestamp`, `me`.`datecreated`, `me`.`abstract`
FROM `biblio` `me`
WHERE `biblionumber` = '1) AND (SELECT 1 FROM (SELECT(SLEEP(6)))x)-- -'
ORDER BY field( biblionumber, 1 ) AND (
SELECT 1
FROM
SELECT SLEEP( 6 ) x
) -- - )
To test
1/ Add some items to your cart in the opac
2/ Choose send cart
3/ Open firefox developer tools and switch to the network tab
4/ Send cart
5/ In the network tab, find the post request and choose copy as curl
6/ Edit the curl command to add )+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+- to the bib_list parameter
7/ Run the curl notice it takes a long time to respond, if you want to check run the curl without the above part added
8/ Apply the patch and restart plack
9/ Run the modified curl and notice no longer the slow down
10/ Test in browser and make sure the basket is still sent
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch refactors checkpw_internal to remove the SQL code, use patron ojbects, and return the
patron that correctly matches the userid/caerdnumber when auth is successful
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch moves some patron fetching code in C4/Auth to use to patron returned from the validation
methods and only try to fetch the patron (to check if locked, update attempts, etc) if we didn't authenticate
To test:
1 - Set a user to have userid = BANANA password = Password1
2 - Set a user to have cardnumber = BANANA password = Password2
3 - Hit the patron authentication API:
http://localhost:8080/api/v1/auth/password/validation
with data:
{ "identifier": "BANANA", "password":"Password1" }
and:
{ "identifier": "BANANA", "password":"Password2" }
4 - Note you receive the same response for both
5 - Apply patch, restart all
6 - Repeat the API and confirm you get the correct patron for the password submitted
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We usually test if C4::Context->userenv, so we need to undef when
unsetting, not {} (evaluated true)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Same pattern, remove dbh stack
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We are not using it and it's confusing, let's remove the context stack.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
TODO - better review C4::Auth's changes. Are all the removal of
_new_userenv correct/enough?
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
If you enabled AutoLocation and have a branch without ip, this
triggers warnings.
Test plan:
Check logs in this situation with/without this patch by logging out
and in again on staff.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Some actions such as archiving a suggestion were not being logged.
By moving the logging to Koha::Suggestion we can ensure more
modifcations will be logged.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1. Apply patch, restart services, updatedatabase
2. Search for the system preference 'SuggestionsLog', it should be off.
Turn it on.
3. Create a purhase suggestion
4. Go to Tools > Log viewer. In modules check 'Suggestions'
5. You should see your newly created suggestion.
6. Modify the suggestion and check the logs again, the modification
should be logged.
7. Delete the suggestion, the deletion should be logged.
8. Do a purchase suggestion via the OPAC.
9. Check the logs to see the newly created suggestion, the interface
should be OPAC.
10. Turn of SuggestionsLog
11. No changes of any kind should be logged.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Ray Delahunty <lib-systems@arts.ac.uk>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
I created a new system preference, SMSSendMaxChar, which allows you to set a limit for the number of characters in SMS messages to send. When a limit is set, messages that exceed it will be trimed.
TEST PLAN
1) Apply the patch
2) Run prove t/db_dependent/Letters.t
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Check for 'renew' when appropriate
Check for 'hold' when appropriate
The following command must return nothing before this is pushed to
master:
git grep "\beffective_BlockExpiredPatronOpacActions\b"
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We keep OPEN when people still use log_file or setsid.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
My Koha testing docker SIP started dying repeatedly after launch. After investigation, I
found it was a problem with logging and default ports.
In D12 there is no syslog anymore, everythign uses journal. Four our purposes, lets log SIP issues
to sip.log by default
Attaching a patch to clear things up.
To test:
1 - Open KTD/D12
2 - tail -f /var/log/koha/kohadev/*.log
3 - On another terminal 'restart_all'
4 - Wait a bit, notice SIP dying
5 - Apply patch
6 - Update SIPconfig:
server-params:
log_file='/var/log/koha/kohadev/sip.log'
service with port 8023:
port="127.0.0.1:8023/tcp"
7 - Restart all
8 - Confirm SIP no longer dies
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Some file tidying to pass the QA tests
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
