This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several reports templates to use the
Bootstrap grid instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags and "text/css" attributes from <style> tags in the
modified templates.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Reports -> Items with no checkouts
- Reports -> Catalog statistics wizard
- Reports -> Guided reports dictionary
- Reports -> Guided reports, saved SQL reports
- Reports -> Average loan time
- Reports -> Circulation statistics wizard
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Lari Taskula <lari.taskula@jns.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The "highlight" class on table rows is unnecessary since we have a CSS
rule which defines colors for alternating row colors. This patch removes
use of the "highlight" class from templates and removes the definition
from staff-global.css
To test, view the affected pages and confirm that the change has not
broken anything.
Acquisitions -> Vendor -> View basket
Acquisitions -> Late orders
Acquisitions -> Ordered
Acquisitions -> Vendor -> Receive shipment
Acquisitions -> Spent
Acquisitions -> Vendor details -> Contracts table
Administration -> MARC frameworks (comment removed only)
Administration -> Class sources
Authorities -> Authority search results
Catalog -> Bibliographic detail page -> Items -> View item's checkout
history
Catalog -> subject.tt (is this template used?)
Cataloging -> Cataloging search results
Patrons -> Patron account
Reports -> Patrons who haven't checked out
Reports -> Statistics wizards -> Patrons
Reports -> Top lists -> Most-circulated items
Reports -> Inactive -> Items with no checkouts
Reports -> Reports dictionary
Reports -> Statistics wizards -> Circulation
Reports -> Statistics wizards -> Holds
Holds -> Place a hold -> Existing holds table
Serials -> New subscription -> Search for a vendor -> Search results
Serials -> Check expiration
Serials -> Subscription -> Serial collection
Serials -> Subscription -> Serial collection -> Edit serials
Suggestions
Tags -> View tags -> View titles with a tag
Tools -> Manage staged MARC records -> Batch (I think the affected
section of this template is obsolete)
Tools -> Log viewer -> Log result
Lists -> View lists (May be broken by Bug 15916)
Note that if you search the templates for instances of a <tr> with a
"highlight" class you'll find two instances in slip templates which
refer to a class defined in printreceiptinvoice.css.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Looks good. Haven't seen any regression.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Bug 8124 has commented the option to download results items with no
checkouts report into a file. But the perl code of this page uses
the export into a file has default behavior since the input "output"
is no more present. The consequence is that there are never results
in page.
This patch removes the code concerning file output from template and perl.
Such a feature exists in guided reports.
Test plan :
Play with cgi-bin/koha/reports/catalogue_out.pl form and see if you get results
Bug 10718 - select user branch as default
In cgi-bin/koha/reports/catalogue_out.pl report, select in library filter the user logged-in.
Test plan :
- Log into intranet with a normal user
- Got to "Items with no checkouts" reports
=> Your branch is selected
- Run report
=> You see "Filtered on : Branch = <your branch>"
- Come back to report
- Select "Any library"
- Run report
=> You do not see "Filtered on : Branch"
Bug 10718 - items with no checkouts report permission is execute_reports
This report only executes SQL to change reports/catalogue_out.pl permissions from all reports subpermissions to reports/execute_reports.
Test plan :
Test you can access and run this report with only execute_reports subpermission into reports permission.
Bug 10718 - redefine limit input
In reports/catalogue_out.pl form, the limit input is by defaut none.
So by default the report queries all the catalogue.
This may take a very long time (fall into timeout) and since now the results are displayed in page, the page may be huge.
This patch modifies limit input to removes the "none" option.
Also reduces the number of options (same options as guided reports results per page).
Test plan:
- Go to reports/catalogue_out.pl
=> first value "10" is selected
- Launch report
=> You see "Filtered on: limit = 10"
Bug 10718 - perltidy on reports/catalogue_out.pl
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Tested all of these things, all ok - squashed patch for neatness.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
Fixed a tab in one of the comments.
Improves script, but more work needed.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The items with no checkouts template has a sections that uses DEFAULT to
set some strings: [% DEFAULT loopro.itemcallnumber="No Call Number" %]
This appears to be untranslatable with our current translation tool.
This patch changes the template so that it uses a simple [% IF %] block
to display the default text if no value is set. Added is use of the
Branches template plugin to show library name instead of code.
This patch also fixes an error introduced in my fix for Bug 8124 causing
the page to default to CSV download instead of output to screen.
To test, apply the patch and confirm that the default text appears
onscreen in reports which include results that have a missing barcode,
title, or call number. Results should be displayed on screen correctly.
Run "perl translate update" for any language and confirm that the newly
generated po file includes "No call number," "No barcode," and "NO
TITLE" for catalogue_out.tt
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely, thx Owen!
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Labels which precede a text input or select typically have a colon
before them:
Name: [____]
This patch cleans up templates where labels in this context lack a
colon. Exceptions to this rule include radio buttons, checkboxes, and
labels inside tables.
To test, view the affected pages and confirm that labels look
consistent.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Patch adds more consistency.
Work for translators could be made easier using CSS instead
of whitespace after colon.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
We should not show disabled controls for features which don't work.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This is the last one - adding the classes and ids to the report module and
some template files for smaller moduls/functions.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
When running the Items with no checkouts report and outputting to
screen, the results do not include any identifying information for
the items. The only information listed is the item count and the
branch location.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Patch removes template directives from within HTML tags from
- Reports > Guided Reports
- Reports > Items with no checkouts
- Reports > Patron statistics
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Warnings enabled, comparison adjusted to accomodate undef.
Hardcoded CGI::scrolling_list removed.
Sort order on item types corrected. Unused dependencies commented out.
GetBranchesLoop used instead of copy/paste code.
NOTE: CSV output is not fixed by this patch.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Previous implementation was a crude copy/paste from a larger report.
CSV output was and is not functional (disabled in interface accordingly).
Output now includes and is sorted by itemcallnumber, because the purpose
of this report is to isolate uncirculating items to cull from the shelves.
Output also includes a summary at the top, with links to individual tables
below when broken out by a grouping. Also included in the feedback but
default styled to display="none" are the actual SQL queries. This is
incredibly useful for debugging and should probably be done in all reports.
Yet TODO: allow date range for checkouts and instead of
"no checkouts" (=0) allow the query to filter based on =x, >x, <x, etc.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Output.pm: sanatizing variable names
ran perl -pi~ -e 's/\/includes\/calendar\//\/lib\/calendar\//' * in every staff template dir
Signed-off-by: Chris Cormack <crc@liblime.com>
previously, it wasn't possible to insert anything into the <head> on
an individual template unless it was the title of the page. Now, the
structure is a bit more flexible to allow additional head elements to
be included.