This patch moves the patron category name or category type at the end of title and breadcrumb for better translatability.
Note: It does not change anything in functionallity, it only changes display of strings.
To test:
Apply patch
Search a patron and edit it in all possible ways: 'Edit' button on top of details page, 'Edit' links in details page, 'Edit' links in search result table if multiple patrons are found)
Duplicate a patron
Create a new patron
Make sure that title and breadcrumb appear in a meaningful way with pattern similar to the following:
Modify patron Hansli Meier (Juvenile)
(Missing </div> added)
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The package name for SIP wasn't fixed in the tests by the original patches.
This patch fixes it.
To test:
- Run
$ prove t/db_dependent/SIP_ILS.t
- Tests should pass with the patch.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Running
$ prove t/db_dependent/XSLT_Handler.t
raises a couple warnings because of variable redefinitions. This small patch fixes that.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds an optional hashref argument to the XSLT_Handler
transform() method. It allows you to send key => value pairs
parameters to the XML::LibXSLT object, which you can reference
in a XSLT via <xsl:param name="XXX" />.
The parameter value is evaluated as an XPath query, so you can only
pass quoted strings (i.e. "'test'") or numbers. Otherwise, the
XSLT engine will interpret it as a Xpath query and will run it
on the XML that you're transforming.
The most common use case is sending strings to a XSLT. In my case,
this is an OAI-PMH identifier that comes in a OAI response but not
the actual metadata. See the following link from the official POD:
http://search.cpan.org/~shlomif/XML-LibXSLT-1.92/LibXSLT.pm#Parameters
_TEST PLAN_
1) Run "perl t/db_dependent/XSLT_Handler.t". If all tests pass,
you should be free to sign off. Feel free to inspect the last
test in XSLT_Handler.t and the XSL in test04.xsl to see how it
works.
If you really want to be thorough, you could write your own test
cases using mine as an example.
Alternatively, you could go into C4::XSLT, and try to pass a
value to a parameter in the search results or the detail page,
but that might be a bit over the top.
It's a pretty simple patch.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
When creating an order, the fund value is mandatory but the DB structure
does not show this constraint.
The aqorders.budget_id field should be linked to aqbudgets.budget_id.
The updatedatabase.pl (entry 3.01.00.077) commented this constraint,
certainly for a retro compatibility reason.
Actually I found some cases (in production) where aqorders.budget_id is
set to "0". To add this constraint, we should add a temporary fund to
linked orphan orders.
Test plan:
0/ Verify it is not possible to create an order not linked to a fund via
the Koha interface.
1/ Using your SQL CLI (or equivalent), create or update 1+ orders and set
"0" in the budget_id field.
2/ Execute the updatedabase script.
3/ Verify that your order is linked to a new fund (which is linked to a
new budget).
4/ Verify the constraint has correctly been added (show create table
aqorders).
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To reproduce:
1/ Go on tools/export.pl
2/ Export some records and specify you don't want the fields 245 (the
whole field, do not specify a subfield).
3/ Export, BOOM
Software error:
Arguments must be MARC::Field object at /home/koha/src/tools/export.pl line 400.
Test plan:
Apply the patch and confirm the fields 245 are not exported and the
export works as expected.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Export fails to asplode with this patch
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug 12111 removes the vendor note edition on receiving.
The label should not be displayed when it's empty.
Test plan:
1/ Receive an order without a vendor note and verify that the label is not
displayed.
2/ Receive an order with a vendor note and verify that the note is
displayed.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Works as described, small template change.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
In multiple cases I've seen issues arise in Koha where a librarian
accidentally puts a space at the end of a new branchcode. This of course
causes endless confusion because the branchcode looks perfectly fine in
every case unless you wrap the code with some characters to reveal the
hidden space!
Test Plan:
1) Try creating a new branch with one or more spaces in the branchcode
2) Note you are able to
3) Apply this patch
4) Repeat step 1
5) Note you are no longer able to
Followed test plan with cache cleared. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, passes tests and QA script.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The interface should prevent to delete funds with children.
Otherwise the relationship is broken and problems occur:
1/ You don't see the orphan fund in the fund list
2/ You cannot edit the orphan fund amount ('Fund amount exceeds parent
allocation').
This patch:
- adds a JS check, template side
- adds a check in the perl script (should never be true)
- adds an updatedatabase check, in order to alert users with inconsistent data.
Test plan:
Verify you are not allow to delete a fund with children.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug 11111 adds a basket group column on the parcel page.
But it seems that the already received orders never contain the value
(always 'no basket group').
Test plan:
Receive an order which is in a basket group and verify the basket group
column is correctly filled.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Based on comment #3, this corrects CPL and S issues if they do
not exist in the DB.
TEST PLAN
---------
0) Backup your DB.
1) Clear CPL and S from your DB.
- delete from borrowers where categorycode='S';
- delete from categories where categorycode='S';
- delete from borrowers where branchcode='CPL';
- delete from branch where branchcode='CPL';
2) prove t/db_dependent/Suggestions.t
-- This should fail.
3) Apply patch
4) prove t/db_dependent/Suggestions.t
-- This should work.
5) Intentionally add categorycode 'S' and branchcode 'CPL' back
into the database.
6) prove t/db_dependent/Suggestions.t
-- This should work.
7) run koha qa test tools.
8) Restore your DB :)
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
TEST PLAN
---------
1) Make sure you have more than 8 item types, and preferably
something with a non-sample default code for itemtypes.
2) prove t/db_dependent/Suggestions.t
-- this will fail
3) Apply patch
4) prove t/db_dependent/Suggestions.t
-- this will succeed
5) run koha qa test tools
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Hidden 'New child record' if 'EasyAnalytics' is set to display.
Testing plan:
-Turn on 'EasyAnalytics'. Check the drop down menu from the records page
*The drop down menu should include 'Analyze items' and not include 'New child record'
-Turn off 'EasyAnalytics'. Again check the drop down menu from the records page
*The drop down menu should include 'New child record' and not inlucde 'Analyze items'
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
It duplicates what the first patch does.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug partially corrected by Bug 11357.
The size column in biblioitems is a bit problematic when used in TT, because instead of the size value from the biblio column it will give you the size of the variable or current loop.
It's currently used in the templates like opac-topissues.tt :
[% IF results_loo.size %][% results_loo.size %][% END %]
This patch corrects by using item() TT method.
See http://stackoverflow.com/questions/2311303/how-can-i-handle-hash-keys-containing-illegal-identifier-characters-in-template.
Test plan :
- Be sure there is a mapping between a MARC field and biblioitems.size
- Create a record A with biblioitems.size defined : like "10x12"
- Create a record B with no value in biblioitems.size
- Check each modified page :
=> Without this patch : you see a number (loop size) for both records
=> With this patch : you only see the correct value for A and nothing for B
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The link to open the cart no longer triggers the cart popup. Instead, in
order to make it more usable with mobile devices, it triggers a menu
which displays the count of items in the cart -- something which
previously was done with a hover action (something touch-screen devices
don't have). Clicking/tapping this menu item is what opens the cart
window.
Since the cart link is really now a menu trigger rather than just a
link, it seems logical to add the small arrow which the lists link
has indicating that the link triggers a menu.
To test, apply the patch and view any page in a Cart-enabled OPAC.
Confirm that the "caret" icon displays correctly when the cart is both
empty and when it has contents.
Followed test plan. Icon displays as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, good idea.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
For historical reasons the SIPServer and SIP modules
have used an extra module path in addition to the
standard Koha one. This has caused numerous irritants
in attempting to set up scripts and basic tests. It
does not help in attempting to modify or debug
this code
This patch changes the package value in the modules
under the C4/SIP directory and makes calls to
them use the full package name.
Where the export mechanism was being short circuited
routines have been explicitly exported and imported
declarations of 'use ILS' when that module was
not being used and which only generated warnings
have been removed.
As a lot of the changes affect lines where
an object is instantiated with new. The opportunity
has been taken to replace the ambiguous indirect
syntax with the preferred direct call
In intializing ILS the full path is added as this
will not require any changes to existing configs.
I suspect this feature is unused, and adds
obfuscation rather than flexibility but have kept
the feature as we need this change in order to
rationalize and extend the testing of the server.
The visible difference is that with the normal Koha
PERL5LIB setting. Compilation of Modules under C4/SIP
should be successful and not fail with unlocated modules,
allowing developers to see any perl warnings
All the SIP modules can now be run through the tests
in t/00-load.t now except for SIPServer itself
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
With the fixing of the namespace in the SIP code, we don't need to
modify the PERL5LIB to have the old one.
To test:
* do a package install using this and the other patches on bug 7904
* enable SIP
* make sure koha-start-sip and koha-stop-sip work
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Koha's SIP server accepts timeout parameters, but those parameters
are only used for the login portion of a telnet transport session.
Other than that, they are ignored, and as long as whatever opened
the connection keeps it open, it will stay open indefinitely.
Test Plan:
1) Set the timeout setting on your SIP server to 10 seconds
2) Modify misc/sip_cli_emulator.pl, add "sleep 100;" directly after line 91
3) Start your SIP server
4) Run the modified sip script with valid parameters
5) Watch the SIP server stderr
6) Note that even though the script waits far too long before continuing,
the SIP server never kills the connection, and the requests the cli
script makes come back with valid data.
7) Apply this patch
8) Restart your SIP server
9) Repeat step 4
10) Note that this time you see "SIP Timed Out!" in the SIP server
stderr and when the script finally makes it's request, it doesn't
come back with valid data.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug 12969 introduces a subroutine to centralize VAT and prices
calculation.
It should be use in the acqui/basketgroup.pl script.
Test plan:
0/ Don't apply the patch
1/ Create 4 suppliers with the different configurations
2/ Create a basket and create several orders
3/ Close the basket and create the corresponding basket groups.
4/ Print the basket group
5/ Verify you don't see any difference before and after applying the
patch on the pdf file.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Works as described, passes tests and QA script.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The parcel page always displayes "Tax exc." even when values don't
include taxes.
Test plan:
On the parcel page, verify that the string "Tax *" is correct.
This appears in the already received order table.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
In parcel.tt, total are calculated for subtotal.
This could be done in the pl script for more consistency.
Test plan:
Go on a parcel page with several already received orders.
Orders must be linked to different funds.
If possible ecost and unitprice (price on ordering and on receiving)
should changed (different values will be displayed in the table).
The values displayed before and after the patch must be the same.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Some libraries wish to display the patron's cardnumber on the
confirmation screen for patron self registration, rather than make the
patron locate it his or her cardnumber by logging in and browsing to the
personal details page. We should also add ids to these fields for easy
css styling/hiding.
Test Plan:
1) Apply this patch
2) Ensure that autoMemberNum is enabled
3) Self-register a new patron
4) Note confirmation screen now displays the patron cardnumber
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Prior to perl 5.12 keys can only operate on a hash.
Test plan:
With perl 5.10, access to admin/auth_subfields_structure.pl.
Without this patch, you get:
Type of arg 1 to keys must be hash (not subroutine entry) at
/home/koha/src/admin/auth_subfields_structure.pl line 102, near
"getauthtypes)"
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed problem and tested patch on a sandbox, signed off locally.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Refactor 1 line of code and add a preventDefault.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug 9811 (Patron search improvements) reversed the layout changes made
by Bug 10153. This patch returns to the form to its "stacked" layout.
To test, apply the patch and navigate to the Patrons home page. Expand
the hidden search fields in the search header and confirm that the
layout looks correct. Perform some searches and check that the results
are correct and that the modified search fields retain their state.
Note: This patch contains indentation changes, so please diff
accordingly.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Fixed "Duplicate entry CF-952-i" error in marc21_simple_bib_frameworks.sql
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Part 2/2 - optional files.
Changes:
- Deleted unnecessary files
- Translated description files and some values in sql files
To test:
- Aplly patch
- Run webinstaller on empty database (drop database and create new if necessary)
- Verify everything works, especially verify you have permission
to all modules, eg. Tools, Catalouging etc.
- Check spelling and grammar if you can :)
Signed-off-by: Chris <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Part 1/2 - mandatory files.
Changes:
- Translated user permission and user flags.
- Changed untranslated different files from en version
- Deleted unnecessary files
To test:
- Aplly patch
- Run webinstaller on empty database (drop database if necessary)
- Verify everything works, especially verify you have permission to all
modules, eg. Tools, Catalouging etc.
- Check spelling and grammar if you can :)
Signed-off-by: Chris <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds a little bit of CSS to style the branch checkbox boxes.
I hope that this helps the readability, especially in systems with a
large number of branches.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This allows the exporter (Tools -> Export) to have any combination of
branches selected, rather than it being all or only one.
Test Plan:
* Apply the patch
* Go to the exporter, see that instead of a dropdown you now have an
elegently laid out grid of branches you can select from
* Select some branches, run the export
* Note that only records with items in the selected branches are
returned.
* Repeat this with the item related options (as that code was refactored
slightly) and make sure everything is sane.
Sponsored-By: South Taranaki District Libraries
Signed-off-by: Thomas <tomsStudy@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
http://bugs.koha-community.org/show_bug.cgi?id=11961
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This button lets you replace existing authorities using a Z39.50 search.
http://bugs.koha-community.org/show_bug.cgi?id=11961
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
All tests pass
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
A failed login should not leave the user in a half logged authenticated
state, but rather return them to an anonymouse session as per the
pre-login attempt state.
To replicate error:
1. Try to log in with some nonexisting user id or wrong password in the
OPAC
2. Go directly to /opac-user.pl (e.g., enter it in the browser address
bar, or just click on the "Log in" link)
3. Observe a DBI error displayed on the screen
4. You are now in the "deadloop" of sorts (opac/opac-user.pl refuses to
display the login screen, no matter how many times you try to reload
it); to break the deadloop, one needs to:
- remove session cookie from the browser (or cause the session to
expire in some other way - closing browser window would be probably
enough for that)
- remove offending session on the server (from mysql sessions table,
..)
- log in with proper credentials using some other page (like
opac/opac-main.pl right-side panel), which does not involve
opac/opac-user.pl being called without "userid" CGI parameter.
To test:
1. Test as above, the DBI error should no longer be present
2. Check that search history works across failed and sucessful login
attempts
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Add a missing semicolon to the end of a template variable assignment
line. This patch should not affect operation.
Note: With Bug 13499 we did a non-destructive perltidy, as such we only
affected indenting and whitespace to maintain blame history. However, a
number of minor code issues were also highlighted, in this series of
patches I hope to correct other minor style issues.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Removed an uneeded semicolon from the end of an 'if' block. This should
not affect operation of the script.
Note: With Bug 13499 we did a non-destructive perltidy, as such we only
affected indenting and whitespace to maintain blame history. However, a
number of minor code issues were also highlighted, in this series of
patches I hope to correct other minor style issues.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This tidy should only change whitespace and not line breaks, thus
retaining history.
There are no code changes, and thus there should be no regressions to
test for koha wise.
To test the non-destrcutive nature of the patch, run a 'git blame -w' on
the file before and after the patch. The resulting blame should include
a comparabile history of the file, with only some additional blank
lines being attributed to this commit.
A 'git blame -wM' may also be useful for comparison purposes.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Small error in word-phrase-utf.chr.
It generates this logs :
17:03:25-21/01 zebraidx(10636) [warn] Map: 'ς' has no mapping
17:03:25-21/01 zebraidx(10636) [warn] duplicate entry for charmap from 'Σ'
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To test:
- Use an installation a reasonable amount of authorities, so that you can
have a search result list with more than one page
- Activate OpacAuthorities
- Create an OPAC link like shown below, verify that an alert is shown
- Apply patch
- Refresh the page and no alert should appear
- Verify the paging still works correctly for 'numbers' and 'arrows'
URL:
.../cgi-bin/koha/opac-authorities-home.pl?and_or=and&marclist=match&op=do_search&operator=contains&orderby=HeadingAsc2"><script>prompt(987898)</script>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
To test
1/ Make sure you have some items in your database, that have values in items.issue
If nessecary do something like
UPDATE items SET issues = 10 WHERE itemnumber=somenumber
2/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-topissues.pl?do_it=1&timeLimit=3%3Cscript%3Eprompt%28924513%29%3C/script%3E
3/ Notice you will get a prompt
4/ Apply patch
5/ Test again
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
A specially crafted url causes XSS in Koha
To test:
cgi-bin/koha/opac-shelves.pl?viewshelf=2%22%3E%3Cscript%3Eprompt(987898)%3C/script%3E
cgi-bin/koha/opac-downloadshelf.pl?shelfid=2%22%3Cscript%3Eprompt(1)%3C/script%3E&showprivateshelves
These should cause a popup without the patch. With the patch, no popup.
You may need to create these lists, the xss will not be triggered if the list doesn't exist or you don't
have permission to view them.
Signed-off-by: Chris <chris@bigballofwax.co.nz>
Fixes the two listed problems
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed patch fixes the problem.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Encoding problems appear when creating a patron list from the patron search results page.
Test plan:
1. Perform a patron search in the patrons module
2. Select one or more patrons
3. Choose "Add selected patrons to: [ New list ]"
4. Enter a patron list title with UTF-8 characters.
5. The list will be created with bad encoding.
6. Apply the patch and verify there is no bad encoding anymore.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Patch works fine.
Note that I - very ironically - had to remove UTF8 characters from the commit
message to apply and attach the patches with git/git-bz.
Hopefully, an upgrade to a newer git version will resolve that too.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Added check for borrowers that stops the Statistics link being shown. This could be done through the css but that function currently appears to be broke
Testing Plan:
-Search for a patron with an account that does not have the 'borrowers' permission
*Statistics should not be seen in the menu.
-Change the accounts permissions so they have the 'borrowers' permission
*Statistics should be present in the menu.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Adding back version numbers to the former release team members
in the list of developers.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Added prefix "3.16" to Galen's Release Maintainer. (See Roles for 3.18)
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
