Not all href's should have parameters URI encoded. Because sometimes
they are just where for use by JavaScript libraries which fail in that
situations. For fixed-lenght fields we use @ as the subfield code and it
breaks the bootstrap tabs if we URI encode the '@'.
This fixes the tabs issues on fixed-lenght fields in the authority type
editing pages.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several acquisitions templates to use the Bootstrap
grid instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags in the modified templates.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Administration -> Authority types
- View list of and edit authority types
-> MARC tag structure for an authority type
- View list of and edit tags
-> Subfields
- View list of and edit subfields
- Administration -> MARC bibliographic framework
- View list of and edit frameworks
- Administration -> Libraries
- View and edit libraries
- Administration -> Library transfer limits
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
[ Moved from 20075 to 20074 ]
Since hidden is used as a boolean, it makes more sense to save the values
0 and 1 instead of 0 and -5.
Test plan:
Test toggling between Show all and Hide all in the auth frameworks.
Run the db rev.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The template included an else branch where a value not equal to 0 or -5
was interpreted as 0 (Show all).
This effectively converted hidden values 1 and 8 to 0.
This patch removes that else branch.
Test plan:
Toggle a authority field between Hide all and Show all. Check what happens.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client MARC-related administration
templates so that JavaScript is included in the footer instead of the
header.
To test, apply the patch and test the JavaScript-driven features of the
cart: All button controls, DataTables functionality, tabs, etc.
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I ran:
$ git grep -l cat-search.inc | grep admin
This means I believe the outstanding ones are
(koha-tmpl/intranet-tmpl/prog/en/modules/):
- admin/auth_subfields_structure.tt
- admin/clone-rules.tt
- admin/marc_subfields_structure.tt
- admin/searchengine/elasticsearch/mappings.tt
One other was recommended by Katrin in comment #9:
- plugins/plugins-home.tt
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the obsolete "border" attribute from <img> tags.
Browsers haven't applied an border to images by default for years.
There should be no visible changes as a result of this patch. It only
affects HTML validation. If you want to test the affected pages, apply
the patch and confirm that images look correct on these pages:
- In the patron sidebar menu, if patron images are enabled.
- On the authority MARC subfield structure administration page, only
some obsolete markup is affected (See Bug 16367).
- I don't know how to trigger display of the "filefind.png" image on
authority and bibliographic detail pages. Possibly unused markup?
- On the advanced search page, itemtype/collection/shelving location
images should look correct.
- When viewing existing holds for a title, the arrow images used for
changing the position of a hold in the list should look correct.
- When viewing a list of MARC modification actions, the arrow images
used for changing the order of actions should look correct.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
EDIT: Subfields icon, 'i' to eye
To test:
1) Go to Admin -> Authority types
2) Click the dropdown for one of the frameworks and click MARC structure
3) Confirm the actions subfields, edit and delete all show in the dropdown and work as expected
4) Click subfields
5) Confirm the action delete on this page shows as a font awesome button and works as expected
Sponsored-by: Catalyst IT
Signed-off-by: Arslan Farooq <arslanone@gmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Another sign, pretty eye.
No errors.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When creating a new subfield for an authority framework, the checkboxes
don't behave as they should.
If you click on the 'repeatable', 'mandatory' or 'is url' checkbox's
label, the checkbox from the second tab will be checked/unchecked.
This is caused by a non-unique id of the input element.
I have found this bug when working on the removal of CGI::checkbox in
both admin/auth_subfields_structure.pl and
admin/marc_subfields_structure.pl scripts.
This patch remove the use of CGI::checkbox as well as the generation of
html code from these 2 pl scripts (which should be avoided).
The code these scripts are now pretty similar.
Test plan:
Add/modify/remove subfield for a MARC framework and an Authority
framework.
Use as many field as possible and confirm that the values are correctly
inserted/displayed.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
The authorities MARC subfield structure template contains some unused
JavaScript, "function displayMoreConstraint()" This patch removes it.
To test, apply the patch and go to Administration -> Authority types ->
MARC structure -> Subfields -> Edit subfields and confirm that there are
no JavaScript errors and tab switching works correctly.
A search of the source code should show no instances of
"displayMoreConstraint."
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
No regression, no JS warning.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
We can simplify the staff client's CSS and reduce some image file usage
if we modify confirmation dialogs to use Font Awesome icons. This patch
makes this change for Administration templates.
This patch includes some whitespace changes, so please consider that
when looking at diffs.
To test, apply the patch and test deletion in the following cases. Test
both confirmation and cancel actions.
Administration -> Budgets -> Delete budget
Administration -> Funds -> Delete fund
Administration -> Authority types -> Delete authority type
Administration -> Authority types -> MARC Structure -> Delete tag
Administration -> Authority types -> MARC Structure -> Subfields -> Delete
Administration -> MARC bibliographic framework -> Delete framework
Administration -> MARC bibliographic framework -> MARC structure -> Delete
Administration -> Cities and Towns -> Delete city
Administration -> Classification sources -> Delete classification source
Administration -> Classification sources -> Delete classification filing rule
Administration -> Item types -> Delete
Administration -> Record matching rules -> Delete
Administration -> Patron attribute types -> Delete
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised. Icons changed
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch removes bold markup from explanatory text in auth_subfields_structure.tt
and makes it the same as in marc_subfields_structure.tt for better translatibility.
To test:
- Apply patch
- Verify that string changes make sense and that the explanatory text is the same in both files.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Rewording Ok for translation purposes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
There is a condition in the template to not display the "New" tab if the
user is editing a control field.
But it results in a broken template.
Looking at the biblio frameworks, the New tab exists even for control
fields.
This patch only fixes the html structure, but a complete fix should be
provide, for auth and biblio, if we want not to let the ability to
create subfields for control fields.
Test plan:
Edit subfields for a control field
(admin/marc_subfields_structure.pl?op=add_form&tagfield=001&frameworkcode= for instance)
and confirm that the view is now fixed.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Checked LDR, 001, and 008.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Some scripts pass a template variable to facilitate an alternate table
row class for styling. Other use the 'IF (loop.odd)' construction. I
think we're at the point where the CSS3 :nth-child() selector is
widely-supported enough that we can do without template-based solutions:
http://caniuse.com/#feat=css-sel3
This patch adds such a selector to the staff client CSS and removes the
corresponding template markup from Administration pages. The last in
this series of patches will remove the redundant CSS.
Also in this patch: a few minor markup corrections.
To test, apply the patch and clear your browser cache if necessary. View
the following pages and confirm that alternate table row highlighting
works as before:
- Administration -> Budgets
- Acquisitions -> Vendor -> Contracts
- Administration -> Budgets -> Budget -> Planning
- Administration -> Authority types
- Administration -> Authority types -> MARC structure
- Administration -> Authority types -> MARC structure -> subfields
- Administration -> MARC bibliographic framework
- Administration -> MARC bibliographic framework -> MARC structure
- Administration -> MARC bibliographic framework -> MARC structure -> Subfields
- Administration -> Libraries and groups
- Administration -> Cities and towns
- Administration -> Classification sources
- Administration -> Circulation and fines rules
- Administration -> Currencies and exchange rates
- Administration -> Item types
- Administration -> Koha to MARC mapping
- Administration -> System preferences -> Local use
- Administration -> Z39.50 client targets
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This cleans up the HTML in auth_subfields_structure.pl and
auth_subfields_structure.tt by:
- fixing some attributes
- removing some attributes
- and using a handy-dandy validation plug-in that Owen pointed
me at the other day.
TEST PLAN
---------
1) Install HTML Validator Plugin (Html Validator 0.9.5.8 Firefox addon)
2) Log in to staff client
3) Koha administration
4) Authority types (on the right, 5 down from Catalog header)
5) Click 'MARC structure' of any auth type
6) Click 'subfields' (I believe for any Tag >= 010)
7) Click 'Edit subfields'
8) Right click and select 'View Page Source'
-- Lots of HTML validation errors
9) View the 'Authorized value:' and 'Thesaurus:' drop down lists.
-- Patch cleans up code, so lists should remain unchanged
after applying patch
10) Apply the patch
11) Refresh the page (make sure it isn't cached!)
12) Right click and select 'View Page Source'
-- It should be down to 10 errors / 11 warnings.
NOTE: I think this means there is a code problem with
actually editing authorities properly!
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described, much less validation errors, no koha-qa errors
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
CÃleans up code, also removes SQL in favor of using a method.
No regressions found.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch fixes several occurrences of selected
options that do not follow XHTML style rule for
markup.
To test:
1. Apply the patch
2. There are no functional changes at all,
only a more strict markup
Changed all cases I can found.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch removes all instances on this file. Even removes some commented out instances.
Also re-enable editor feature to show/change kohafield value, can't find when or why it was removed.
Up to QA or RM for consideration, simply to remove.
But is strange to have a non editable field on auth frameworks.
To test:
1. Apply the patch
2. Go to Administration > Authority types
3. Clic MARC structure of any auth fw
4. Clic subfield on any tag, e.g. 031
5. Clic 'Edit subfields' button
Now the tests proper
6. 'Help input' box (editor bottom):
Eight(8) scrolling_list removed, they use to
feed the four pulldowns, so check each one
'Koha field' is new (for me at last)
'Authorised value',
'Thesaurus' (is this valid/useful here?)
'Plugin'
There is a difference between existing subtags and a new subtag,
the 'id' of the pulldowns (so the 8 scrolling list removed)
Check assign/remove/save/load values, search for regressions
If you edit subtag 942, it has a value on kohafield (default fw)
I think that this box could be prettified with fixed width for
pulldowns.
7. No more functional tests, there are 4 scrolling_list removed
that are commented (removed also commented code on tt file),
and two instances that are similar to previously removed
instances, evidently with no effect.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Not sure about the new Koha field entry... All works as expected.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All works as expected.
About Koha field: I think it makes sense to have it in the form,
so you can configure the fields for new authority types.
In my database I have mappings on authtypecode and authid.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch replaces occurrences of CGI::scrolling_list with
untranslatable labels. It also fixes capitalization.
To test
1. Go to Administration > Authority types,
click 'MARC structure' of any auth type,
click 'subfields' for any Tag >= 010,
clic 'Edit subfields'
Check pulldowns 'Managed in tab' and 'Select to display or not'
2. Apply the patch
3. Reload and verify functionality of both pulldowns
4. Check that strings are not present on staff PO file
egrep "^msgid \"(Show all|Hide all|ignore)" misc/translator/po/fi-FI-i-staff-t-prog-v-3006000.po
5. Update language file
(cd misc/translator/; perl translate update fi-FI)
6. Check that strings are now present, repeat 4.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: drop-downs work identically. Show all, Hide all, and
ignore were added to the po files too.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
Works as described and improves the page to manage authority
subfields.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch allows to define default values in the authorities framework.
Some code already existed but the feature did not work.
Test plan:
1/ Choose a framework, field and subfields.
2/ Define a default value.
3/ Create a new authority and check that the subfield is
automatically filled with the default value.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. koha-qa reports some tabs, fixed in followup
Test
1) Apply patch, run updatedatabase.pl
2) Edit auth framework, put default value someware, save
3) Add new auth, default value present
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
Verified database update is done correctly.
Controlfields 0xx
- Edited an existing field (001)
- Set a default value for subfield @
- Edited subfield again, checking default was saved correctly
- Verified the default shows up correctly when creating a
new authority using this authority type
Fields
- Edited an existing field (100)
- Set a default value for subfield e
- Edited subfield again, checking default was saved correctly
- Verified the default shows up correctly when creating a
new authority using this authority type
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Confirmation message for deleting subfields from an authority framework
has wrong capitalization.
To reproduce:
1) Go to Administration > Authority types
2) Click on MARC structure for one of the authority types
3) Click on the subfields link for one of the fields
4) Delete one of the subfields
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Passed-QA-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Better breadcrumbs for the following pages:
- auth_tag_structure.pl
- auth_subfields_structure.pl
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Current jQuery-driven tabs are done using a very old
version of the tabs plugin. This patch upgrades jQueryUI
to the latest version and adds the tabs widget dependency
to the jqueryui js file and updates the syntax for existing
tabs:
- $("#foo > ul").tabs(); changes to $("#foo").tabs();
- Remove full URL from tab links (use #anchor only).
Pages with "static" tabs (tabs which are built in the
markup rather than generated by the plugin) have been
modified to use their own style. Examples: pay.tt in
the staff client and opac-readingrecord.tt in the OPAC.
Edit: Minor revision to some uncorrected markup
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This is the first patch for bug 7760 and touches all pages in administration.
This adds a unique id "admin_<filename>" and a class "admin" to the body tag of
each page in administration.
Note: aqcontract can only be accessed from the acquisition module, so I made it acq
instead of admin.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
