Commit graph

30088 commits

Author SHA1 Message Date
Katrin Fischer
377c9f1589 Bug 19178: Remove outdated sms/* scripts and related files
Those files appear unmaintained and unusable with current
Koha and should be removed.

It appears at some point there was work done on a feature
to send SMS messages to a phone number using a form in
the tools area.
This has never been documented, files and git history
make it look like work remained unfinished.

sms/sms_listen_windows_start.pl
- targetted for Windows, which is not supported by Koha

00-strict.t
- reference to sms removed

sms/sms_listen.pl
- refers to a table sms_messages that doesn't exist
- uses getmember() that doesn't exist

sms/sms.pl
- script calls routines that no longer exist in SMS.pm
  error_codes(), parse_phone(), write_sms()
- template sms-home.tt is not accessible form anywhere
  in the templates

sms-home.tt
- see sms/sms.pl

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Makes sense. 00-strict.t runs OK after applying the patch.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:29 -03:00
6835760dcf Bug 18389: (QA follow-up) Fix tabs, note used template, info on verbose
Fixed whitespace for QA tools
Added a verbose note when template found
Only print 'Modifying MARC' if verbose

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:29 -03:00
Jon Knight
ab586abaee Bug 18690: Add error if there are multiple MARC templates with the same name
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:29 -03:00
Jon Knight
ff23e78f7b Bug 18690: Use MARC modification templates with bulkmarcimport.pl
When importing large numbers of MARC records from a legacy LMS to Koha
using bulkmarcimport.pl, it did not make use of the MARC modification
templates in the system (which can be useful for coversion of 852
fields to 952 fields for item holdings for example). This patch allows
MARC modification templates to be used with bulkmarcimport.pl.

To test:
1) Apply patch.
2) Set up a MARC modification template (in Home > Tools > MARC
modification templates) to make some changes to imported MARC
records (for example copy a subfield).
3) Take a test set of MARC records that have fields matching the
template and import them using the bulkmarcimport.pl tool. For example
if these MARC records are in testrecords.mrc and the MARC modification
template is called testtemplate use something like:

   perl misc/migration_tools/bulkmarcimport.pl -commit 1000 \\
     -file testrecords.mrc -marcmodtemplate testtemplate

4) Check the imported records in Koha to see that the required
modifications have been applied when the MARC records are imported.
5) Sign off.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:29 -03:00
774b9d5fd8 Bug 10267: Display the message only if the user enters too many characters
It seems better to display the warning if the user tries to enter too
many characters in the input.

Test plan:
With max=16
1. Copy/paste a string with 15, 16 and 17 characters
2. Enter a cardnumber of 15, 16, 17 characters
The warning should be displayed only the input overflows

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:28 -03:00
Aleisha Amohia
edaebf2565 Bug 10267: Show error message if user tries to enter too many characters for cardnumber
This patch displays a message if the user tries to enter more than the
max number of characters for a cardnumber.

To test:
1) Apply patch and go to Patrons -> New patron
2) Scroll down to Card number
3) Put in any characters. Notice that when you have entered the max
number of characters, you are unable to type any more.
4) Click out of the text field (so it loses focus), the error message will show up.
5) if you backspace some characters and click out of the text field
again, the message should disappear

Sponsored-by: Catalyst IT

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:28 -03:00
63a9c26fe5 Bug 13178: DBRev 17.06.000.025
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:28 -03:00
ae4d894292 Bug 13178: DBIC Schema changes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:28 -03:00
ad1e2a5178 Bug 13178: (QA follow-up) fix kohastructure and update info in fields
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:27 -03:00
Baptiste Wojtkowski
966b92a803 Bug 13178: Correct Max cardnumberlength
($max is the value of the max size of a card number)
- $max not hardcoded anymore in C4::Memeber
- $max now correctly adapts to the field of cardnumber in database

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:27 -03:00
Baptiste Wojtkowski
99caf5329b Bug 13178: increase max value of CardnumberLength
testplan
1 - Apply patch
2 - Run updatedatabase.pl
3 - Update dbix scheme
4 - set the value of CardnumberLength to a value between 16 and 32
5 - Check you can enter a propper cardnumber
(modify to 32 instead 20)

+ max value now depends on the database field value to

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:27 -03:00
Aleisha Amohia
d25719d223 Bug 19216: Fix broken table in OPAC for when club doesn't allow public enrolment
To test:
1) Apply bug 19214 and bug 19215 to fix other issues with patron clubs
2) Create a club template that DOES NOT allow public enrollment
3) Create a club, enrol a user
4) Log in as that user to the OPAC
5) Go to 'your summary' and click the Clubs tab
6) Notice the broken table with empty column
7) Edit the club template to allow public enrollment
8) Notice the table is fixed - so this bug is just when the club does
not allow public enrollment
9) Apply the patch
10) Edit the club template to NOT ALLOW public enrollment
11) Confirm the table in the OPAC is now fixed and does not leave an
empty column

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:27 -03:00
2f2d84316a Bug 17214: (QA follow-up) Print error message too in fallback case
If the error code is not known or empty, provide the message too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested this by adding a die on shelves.pl line 180 (my $added = eval ..)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:26 -03:00
Aleisha Amohia
70d72e3d9c Bug 17214: Add records to lists by biblionumber
To test:
1) Apply patch and go to Lists
2) Click on an existing list or create a new list
3) Add items by barcode, confirm this functionality still works
4) Trigger error messages (adding duplicate barcodes, barcodes that
don't exist) to confirm they still show as appropriate
5) Test adding by biblionumber, confirm this works as expected
6) Trigger error messages (adding duplicate biblionumbers, biblionumbers
that don't exist). Confirm wording is appropriate in messages.
7) Add both barcodes and biblionumbers at the same time, confirm this
works as expected

Sponsored-by: Catalyst IT

Signed-off-by: Israelex A Veleña for KohaCon17 <israelex19@gmail.com>
Signed-off-by: Israelex A Veleña for KohaCon17 <israelex19@gmail.com>

Signed-off-by: Harold <harold.sabanal@gmail.com>

Signed-off-by: macon lauren KohaCon2017 <caballeromaricon@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17214: [FOLLOW-UP] Using Koha::Biblios instead of GetBiblio

Ready to test

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:26 -03:00
7c27958e6b Bug 2093: DBRev 17.06.000.024
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:26 -03:00
ad790bed2d Bug 2093: [Compiled CSS] Add OPAC dashboard for logged-in users
This patch contains the CSS file compiled from LESS.

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

RM note: opac.css regenerated before push:
lessc --clean-css="--s0 --advanced --compatibility=ie7" bootstrap/less/opac.less > bootstrap/css/opac.css

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:23 -03:00
Aleisha Amohia
506d669424 Bug 2093: (follow-up) Add OPAC dashboard for logged-in users
This patch:
- hides the dashboard if there is no dashboard information to display
- changes '5.00 due' to '5.00 due in fines and charges' for translation
- uses Koha::Holds in place of deprecated C4::Reserves methods

To test, confirm all the right information for holds still shows, and
confirm the dashboard is hidden if there are no checkouts, holds, fines
or overdues.

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:05 -03:00
ffee02e41d Bug 2093: (follow-up) Add OPAC dashboard for logged-in users
This patch adds some additional markup for applying styles to and the
corresponding CSS.

Also modified: Links to opac-user.pl should now open the correct tab.

To test, apply the patch and compile the modified LESS file. Clear your
browser cache if necessary. Follow the original test plan and confirm
that the revised links work correctly.

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
Aleisha Amohia
657c417a87 Bug 2093: Add OPAC Summary for logged-in users
This patch adds a summary to the OPAC once the user has logged in that
shows the users number of checkouts, overdues, holds pending, holds
waiting and total fines. We also have a syspref OPACUserSummary to turn
this feature on and off. Default is ON.

To test:
1) Apply patch and update database
2) Set up some checkouts, overdues, holds pending AND waiting and fines
for a user
3) Log into OPAC as that user, see summary. Confirm links all work as
expected
4) Confirm that if there are no checkouts / overdues etc that the link
disappears from the summary
5) Turn OPACUserSummary OFF and confirm the summary does not show on the
mainpage.

Sponsored-by: Catalyst IT

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
3d6e33134e Bug 19528: (QA follow-up) Adjust language for readability
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
7f7a6879b2 Bug 19528: Fix a few typos like corrosponding
[1] Replace corrosponding => corresponding
[2] Replace containts => contains
[3] Replace item_level-itypes => item-level_itypes
[4] Replace Managment => Management
[5] Replace should returns => should return

Test plan:
Note that this patch only deals with POD lines or test descriptions.
So there is nothing to test, just read the patch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Patch amended by RM: The release notes should not be modified

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
64899db254 Bug 9031: (QA follow-up) Final changes to Calendar::days_between
The crash is caused by comparing two datetimes where one datetime is
floating and the other one was not. In that case the floating is
converted. Note too that DateTime overloads comparison operators.

This patch clones the two dates first. Puts them in floating both. And
just after that starts comparing etc.

Similar small change in hours_between.

Adding a test where the parameters are swapped for days_between.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
c398cfa377 Bug 9031: Overdue items crossing DST boundary throw invalid local time exception
To test:
1 - Set TZ to America/New York
2 - Checkout item and set due date to '2016-03-09 02:29:00"
3 - Make sure fines are set for the item type, fine mode production,
  calculate fines on return
4 - Check in item - invalid date time warning in logs
5 - Apply patch
6 - Check in item - no error
7 - prove t/Calendar.t

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 9031: Use floating instead of UTC

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Squashed the changes for Calendar.pm; will add a follow-up to finally
overcoming the crash on Invalid local time.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
9ac7f85375 Bug 9031: (QA follow-up) Pass the same timezone in Calendar.t
We do not need to change $ENV{TZ} or call tzset.
Pass $tz too for the second date.
Replace checking the datetime hash by delta calls.
Replacing the number of minutes.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
We will still crash with:
Invalid local time for date in time zone: America/New_York
But the changes in Calendar.pm will now resolve that.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
a3c4ce01b3 Bug 9031: Unit tests for DST crossing in (days|hours)_between
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Without the patch for Calendar.pm, this crashes on:
Invalid local time for date in time zone: America/New_York

But even with the original change to Calendar.pm, I would see:
Invalid local time for date in time zone: Europe/Amsterdam
Adding a follow-up for that.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
3b4e0e6978 Bug 19493: Force scalar context to prevent future error
If someone decide the reuse the template->param statement to pass values
to the template, we will get the same issue.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
4a4b3aa948 Bug 19493: Remove few warnings from circulation.pl
If you click Submit on the staff home page without entering a cardnumber, you will find these warnings in the log:
Problem = a value of override_high_holds has been passed to param without key at /usr/share/koha/masterclone/C4/Templates.pm line 137.
Problem = a value of nopermission has been passed to param without key at /usr/share/koha/masterclone/C4/Templates.pm line 137.
Use of uninitialized value $val in concatenation (.) or string at /usr/share/koha/masterclone/C4/Templates.pm line 137.
Problem = a value of  has been passed to param without key at /usr/share/koha/masterclone/C4/Templates.pm line 137.

Cause is this call to $template->param:
$template->param(
     CircAutocompl             => C4::Context->preference("CircAutocompl"),
     debarments                => GetDebarments({ borrowernumber => $borrowernumber }),
     todaysdate                => output_pref( { dt => dt_from_string()->set(hour => 23)->set(minute => 59), dateformat => 'sql' } ),
    has_modifications         => $has_modifications,
     override_high_holds       => $override_high_holds,
     nopermission              => scalar $query->param('nopermission'),

In this specific case GetDebarments returns undef in list context (empty list),
so all items in the list shift one place.
Either we should force GetDebarments to return []; or we force scalar context in a construction like this. This patch does the last thing.

Note: The calls in memberentry.pl and moremember.pl are not affected.

Test plan:
[1] Do not apply. Click Submit without cardnumber. Check the log.
[2] Apply. Click Submit again without cardnumber. Check log.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
377bd10e0c Bug 16660: (followup) Unit tests
This patch adds unit tests for the introduced changes in
build_query_compat.

It removes a warning too.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
088cdcda5f Bug 16660: Add support for OpacSuppression to Elasticsearch
To test:
1 - Enable suppression
2 - Suppress some records
3 - Apply all the patches
4 - Reindex ES
5 - Search and don't get suppressed records
6 - Disable suppression
7 - Search and get all the records

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
Srdjan
bf6caa81e5 Bug 16660: Moved Opac Supression filtering from opac-search.pl to Zebra::QueryBuilder
To test:
OPAC: Both SearchEngine "Elasticsearch" and "Zebra" should work with
OpacSuppression set to "yes"

NB: OPAC suppression is not implemented for Elasticsearch

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
27b99bb80b Bug 18118: Unexpected behaviour with 'GoogleOpenIDConnect' and 'OpacPublic' syspref combination.
TEST PLAN
----------
1/ configure a working 'GoogleOpenIDConnect' account

See comment #5 which also links back to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16892#c3

2/ set 'OpacPublic' (under OPAC) to 'Disabled' and
   'GoogleOpenIDConnect' (under Administration) to 'Yes'.

3/ log in user successfully via google-auth, observe redirect to
   opac-user.pl (bad)

4/ apply patch
   -- on kohadevbox remember to restart all! Plack is unforgiving. :)

5/ log in user successfully via google-auth, observe expected
   redirect to opac-main.pl (good)

While I would normally suggest running koha qa test tools, because
this file doesn't end in .pl, it doesn't get picked up by them.

6/ perlcritic -4 opac/svc/auth/googleopenidconnect
   -- notice this is a level better than required. :)

This also eyeballs easily well.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
bb1c184b84 Bug 19484: Add test before using object itemtype
Patch applies and functions as described. I agree with you that importing NULL itemtypes is possible Marcel. A higher importance level makes sense.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
30a0d4f6c9 Bug 19531: When saving patron record do not redirect to circ if not authorised
If the logged in patron does not have the necessary permission we should
not redirect to circulation.pl but moremember.pl instead

Test plan:
With the borrowers permission, you should be able to edit a patron and
be redirect to the moremember page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
99e487bc71 Bug 19389: Hide library groups pull down if empty
Regression introduced by bug
  commit 141200794d
    Bug 15295: Koha::Libraries - Remove GetBranchCategories

The intranet advanced search page offers to search for groups of
libraries, even if the pull down is empty as no library groups have
been defined.

Test plan:
- Go to the adv search page at the intranet
- Without library group you must not see the "Groups of libraries"
dropdown list
- With at least a library group you must see it

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
bdf85f5e39 Bug 19069: Fix 'does not match' behaviour in MARC modification template
The "does not match" condition does not behave as expected.
We want it to process the action if the subfield exists and that the
value does not match a given pattern.

Test plan:
Be creative and write different template actions using the "does not
match" condition.
Using the "Batch record modification" and the "Show MARC" popup, confirm
that the processed record is the one you are expecting.

Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
a70c38f380 Bug 19029: (follow-up) Make security question appear on clone operations from one library to another
Message pops up for all instances of cloning now.
Works as expected.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
83f97e662d Bug 19029: (follow-up) Implemented .format() to ease translation
Sponosred by: Catalyst IT

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
971591d4ee Bug 19029: Add JavaScript security question for cloning circ rules
This patch introduces a Javascript security question which is displayed
to the user when they try to clone a circulation rule to a specific
branch when the rule is a 'Standard rule for all libraries"

The rationale for this patch is when the cloning takes place it
overwrites the existing rules of the destination branch and there is no
notification of this to the user. Therefore by implementing this patch
the user is asked if they want to clone the rule (if the rule is
standard accross all libraries) and are told that it
will overwrite the rules in the destination branch.

Test plan:
1. Create a circulation rule for all libraries

2. Make sure the 'select a library' option is set to 'Standard rules for all
libraries"

3. Click the 'Clone' button and notice that the cloning takes place
without any warning that it will overwrite the rules of the destination
branch

4. Apply patch

5. Return to the circulation and fine rules page

6. Repeat step 2

7. Click the clone button and notice a alert box appears asking if you
are sure you want to clone the standard rule to the destination branch.

Note: The name of the destination branch is included in the alert.
Also note that the user is informed of the consequences of performing
the action, i.e. that it will overwrite the existing rules in the
destination branch

8. Click 'Cancel' and notice that no cloning occurs

9. Click the clone button again and this time click 'OK' and notice
that the cloning takes place

10. Return to the Circulation and fine rules page and set the 'Select a
library' option to the name of an individual branch

11. Click the clone button and notice that the clone action takes place

Sponsored-By: Catalyst IT

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
Alex Arnaud
a522df7dd9 Bug 19443: Remove duplicate message when editing existing patron
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
Alex Arnaud
27fca7aceb Bug 19443: Wrong HTML in patron creation page (members/memberentry.pl)
The form provided on top of the page if Koha find a duplicate
patron is not closed. This cause some trouble.

Test plan:

 - Edit the syspref IntranetUserJS and type the following code:
   "$(document).ready(function() {
    $("#memberentry_library_management").insertBefore("#memberentry_identity");
    });"
 - create a patron so that Koha will warn you about a duplicate one,
 - click on "Not a duplicate. Save as new record",
 - you should get error(s) about empty field(s).
   Note that now, the library management part's fields are empty or
   reset to default

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
18809b1371 Bug 12363: DBRev 17.06.000.023
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:08:59 -03:00
58b6e95763 Bug 12363: Add a switch to mark|do not mark items as returned when lost
There are several ways to mark an item an lost:
- item list view (catalogue/moredetail.pl, "Items" tab)
- cataloguing (cataloguing/additem.pl)
- Batch item modification tools (tools/batchMod.pl)
- The long overdue cronjob (misc/cronjobs/longoverdue.pl)

So far only the cronjob is configurable, the others mark the item as
returned (does the checkin).

This behaviour should be controlable using a syspref, to let libraries
choose what fit best for them.

Test plan:
Use the 2 options of the pref, mark checked out items as lost using the
different possibilities, and confirm that the behaviours make sense to
you

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:14 -03:00
264432f701 Bug 12363: Add new pref MarkLostItemsAsReturned
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:14 -03:00
48be40d1bf Bug 18884: Advanced search on staff client, Availability limit not properly limiting
Patch applies and functions as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
Andreas Roussos
4f2d59e67b Bug 19503: Duplicating a dropdown menu subfield yields an empty subfield tag
While editing a record in the staff client, if you clone a repeatable
dropdown subfield the cloned subfield's tag is empty. This can result
in data loss if the record is saved, re-opened, and saved yet again.
This patch (originally written by Sophie MEYNIEUX for bug 17818) fixes that.

Test plan:
0) [PREREQUISITE] In your MARC framework (Home > Administration > MARC
   bibliographic framework) ensure that you have at least one subfield
   of a particular tag linked to an authorised value (e.g. in UNIMARC,
   tag 700 subfield 4 is 'Relator Code' and can be linked to CCODE for
   testing purposes). This is so that the relevant subfield will be a
   dropdown menu and not a textbox.
1) In the Staff Client, edit an existing record or create a new one.
   Then, try to clone any subfield that is a dropdown menu. Observe
   that the cloned subfield's tag is empty.
2) Apply the patch.
3) Hit CTRL-F5 in your browser (to ensure cataloging.js is re-loaded)
   and try to clone a dropdown menu subfield again. This time the tag
   is cloned as well.

Working as intended.

Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

https://bugs.koha-community.org/show_bug.cgi?id=16503

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
3f2c1c879c Bug 19117: Add CSRF protection to paycollect.pl
Security bug, trivial changes, no need to provide procedure for script
kiddies.

Test plan:
Pay fines using the different options from the "Pay fines" tab.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
Mark Tompsett
c4113dce70 Bug 18956: Fix empty to in message queue
Follow the test plan in comment #20.
Also tweaked string, because it was really 'or' before too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended text in added comment.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
6336e53aed Bug 18956: (QA follow-up) Resolve a CGI::Param in list context warn
From the plack-error.log:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_masterclone_opac_opac_2dpassword_2drecovery_2epl line 129, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:56:59 -03:00
Mark Tompsett
e08a0afa26 Bug 18956: Prevent leaking during password recovery
TEST PLAN
---------

It is assumed you have set the OpacResetPassword to 'allowed',
and likely in combination with OpacPasswordChange to 'Allowed'.

You will have two patrons: one with and another without
any email address entered. You will want to test this test plan
with both patrons.

$ git checkout -b bug_18956 origin/master

Prepend the following as understood between step sections:
opac -> forgot password and then enter...

correct login/cardnumber, it will email
delete from borrower_password_recovery;

correct email, it will email
delete from borrower_password_recovery;

correct login/cardnumber && correct email, it will email
delete from borrower_password_recovery;

wrong login/cardnumber && correct email, error page as expected
delete from borrower_password_recovery;

correct login/cardnumber && wrong email, error page as expected
delete from borrower_password_recovery;

wrong login/cardnumber && wrong email, error page as expected
delete from borrower_password_recovery;

submit empty -- INTERNAL SERVER ERROR?!
delete from borrower_password_recovery;

-- None of the above step sections displayed email.

correct login/cardnumber, it will email

correct login/cardnumber again, but it leaks email address!
delete from borrower_password_recovery;

correct email, it will email

correct email again, but it leaks login/cardnumber!
delete from borrower_password_recovery;

$ git bz apply 18956
-- choose interactive, and choose this counter patch.

repeat the same test set again
-- no leaks will occur, error message pages returned should
   be reasonable, code should read reasonably.

run koha qa test tools.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 10:59:05 -03:00
570eb40266 Bug 19333: Fix XSS in opac-shelves
category is send back to the template, it must be escaped

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 10:59:01 -03:00