TO test:
1 - Check out an item to a patron
2 - Note the columns are misaligned
3 - Apply patch
4 - Updatedatabase
5 - Reload the patron
6 - Note the table is fixed
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
In order to remove accessibility issues due to the readonly attributes
on date inputs, this patch will remove them and introduce a javascript
validation on them.
This patch is not perfect for some reason:
I didn't manage to force the user to select a valid date. One solution
would be to reopen the datepicker plugin until a valid date is inserted.
But it could be annoying for users (and for me: I did not manage to
implement this solution).
You will note that input is emptied if the date is not valid. This is a
quick and efficient solution to prevent submitting invalid date and make
Koha explodes. A proper solution would be to implement the check server
side send a friendly message to the user.
Test plan:
For all inputs, try an invalid and a valid date.
1/ Debar a patron
2/ On the checkout tables (circulation and moremember), add a renewal
due date (at the bottom of the tables)
3/ On the checkout page, specify a due date
4/ On the return page, specify a return date
5/ On the invoice page (acquisition module), enter a shipment and
billing date
6/ On the invoice search page (invoices.pl) use filters shipment and
billing dates
7/ On the offline circ page, specify a due date
8/ On the edit patron page (memberentry), add a debarment
9/ On the reserve page (reserve/request.pl), use the date inputs to
suspend until a defined date
10/ Edit patrons in a batch (tools/modborrowers.pl) and use the
registration and expiry date inputs
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch set display amounts for charge, fine, price etc. right aligned in tables
on patron pages.
To test, apply patch and verify that amounts appear right aligned on following pages:
- Go to Home > Patrons, perform a search (Column 'Fines')
- Go to a patron with fines and credits
- Checkout tab (circulation.pl): Columns 'Charge', 'Fine', 'Price'
(maybe you have to show column with 'Show / hide colums')
- Fines Tab > Pay fines (pay.pl): Columns 'Amount', 'Amount Outstanding'
- Fines Tab > Account (boraccount.pl): Columns 'Amount', 'Outstanding'
Note: Test here 'Filter paid transactions' as well
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Test plan:
1/ Verify that the location column is correctly displayed on the
checkouts tables (circ/circulation.pl and members/moremember.pl).
2/ Verify that you can hide/show this column (using the admin page
and/or the ColVis DT plugin).
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Test plan:
1/ Verify that you can show/hide columns on the checkouts table (circulation.pl).
2/ Play with the column configuration admin page (admin/columns_settings.pl),
and confirm the behavior is correct (depends on what you have selected).
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
When looking at the patron record or the checkout screen the checkout
summary is now showing 0 for all the Charges even if the item was
overdue and has accrued fines.
Removed unused(?) footer values in checkouts-table-footer.inc
To test:
1/ Check out items with past due date
2/ Run fines.pl script (ensure finesMode is set to Calculate and Charge)
3/ Verify on Fines->Pay Fines screen that fines where calculated
correct.
4/ Go to Patron record, charge column on Details and Check out
screen
should be 0 or rental charge amount only. But total amount row
display right
number, same as in pay fines screen.
4/ Apply patch.
5/ Now charges on display and check out screen shows all outstanding
fees for each item.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The sort order of the "today's checkouts" and "previous checkouts" row
groupings depends on the label, so in English "today's checkouts" comes
first. However, in other languages the reverse alphabetical order is
incorrect resulting in "previous checkouts" coming first.
This patch adds a dummy column with numeric data on which the sorting
can be done. This should make it translation-agnostic.
To test, apply the patch and install or update a translation which will
demostrate the problem (sv-SE for instance).
- Clear your browser cache and switch to the English templates.
- Check out some items to a patron who has checkouts from a previous
day.
- Confirm that the sorting of the "today's checkouts" and "previous
checkouts" row groups is correct.
- Switch to the new/updated translation and reload the circulation page
for that patron. Confirm that the sort remains correct.
- Confirm that the checkouts table looks correct and that other features
(sorting, checkboxes) still work correctly.
Revision: Corrected the table footer include to correct the colspan
error causing column misalignment.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
When a patron has many checked out items, circulation.pl can take a very
long time to load ( on the order of minutes in some cases ). This is
primarily due to the processing of the previous checkouts list. If we
convert to this table to a datatable that fetches its data via ajax, we
can make circulation.pl far more responsive. The same should be done
with relative's checkouts as well.
Test Plan:
1) Apply this patch
2) Observe that the checkouts and relatives' checkouts tables
are now loaded asynchronously
3) Observe and verify the renew and return actions are now
ajax based and function in a manner equivilent to how they
used to.
This bug had quite a few followups, so I squashed all of them into one
change so that code is easier to follow. Original commit messages are below:
Bug 11703 - Use the ajax datatables on patron details page
Bug 11703 - Convert holds tables to ajax datatables
Bug 11703 [QA Followup 1] - Center bProcessing message over table
Bug 11703 [QA Followup 2] - Remove icons from checkout and clear buttons
Bug 11703 [QA Followup 3] - Remove references to UseTablesortForCirc
Bug 11703 [QA Followup 4] - Add back in Today's checkouts/Previous checkouts rows
Bug 11703 [QA Followup 5]
Bug 11703 [QA Followup 6] - Move strings to an include file for translation purposes
Bug 11703 [QA Followup 7] - Fix issues spotted by koha-qa.pl
Bug 11703 [QA Followup 8] - Speed up api/checkouts.pl as much as possible
Bug 11703 [QA Followup 9] - Move scripts from api directory to svc directory
Bug 11703 [QA Followup 10] - Fix errors caused by rebase
Bug 11703 [QA Followup 11] - Prevent multiple fetchs from ajax source
Bug 11703 [QA Followup 12] - Fix problem detected by koha-qa.pl
Bug 11703 [QA Followup 13] - Removed uneccessary data from renewal box during renewal
Bug 11703 [QA Followup 14] - Fix table column span
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
Test plan on bug report:
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11703#c98
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
In order to prevent submission of dates with ambiguous two-digit
years this patch makes date-due input fields read-only so that
users must use date/time picker.
Other minor fixes:
- Adding missing labels
- Adding common class wrapper to datepicker for checkout and renewal
- Correcting focus handling on "specify due date" field (should
focus on barcode field after a date has been selected).
- Removing trailing comma from JavaScript (breaks IE)
To test, try typing an invalid number in any of the date due entry
fields: Under 'specify due date,' 'renewal due date,' or the
confirm "invalid" date dialog (after specifying a date in the past).
Manual entry should not work. Choosing a date/time using the
widget should work.
Signed-off-by: Melia Meggs <melia@test.bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
In the circulation page, you can now export (as csv or iso2709) a list
of items which are currently checked out by a borrower.
3 export types:
- iso2709 with items: Export the items list in iso2709 format with item
informations.
- iso2709 without items: Export the items list in iso2709 format without
item informations.
- CSV: Export the items list based on a csv profil.
2 new system preferences:
- DontExportFields: a list of fields not to be export
- CsvProfileForExport: The Csv profile name used for the csv export
Test plan:
- Fill the CsvProfileForExport syspref
- go on the borrower circulation page containing checkouts
- Select one or more items and export them to the 3 different formats.
- check if the result file is what you expected
- Test there is no regression with the export authority
- Test there is no regression using tools/export.pl with the command
line interface
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
All instances of the old DynArch calendar have been replaced with
jQueryUI versions and the old library files have been removed.
calendar.inc has been modified to include jQueryUI localization
strings and global configuration options. Just add a "datepicker"
class to an input field to trigger a datepicker prompt.
If you would like two fields in one from to limit each other (one
is date from, one is date to), add these classes to each:
"datepickerfrom" and "datepickerto." This will prevent an invalid
entry, e.g. a date in the latter which falls before the former.
jQueryUI is now upgraded to the latest verision, 1.8.21.
Edit: Now with proper translatability, date formatting, first day
of the week handling, and RTL support.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA Comment: rebased on current master; minor merge conflicts with other patches pushed
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Adds "checked out from" column to the right of "checked out on" on both
circ/circulation.pl and members/moremembers.pl. Columns are sortable with tablesort
(though only on circ/circulation.pl if syspref enabled).
The branch name is sourced from issues.branchcode.
EDIT BY Owen Leonard: Adjusting table columns which are sorted by default
to accommodate the new column.
Things look good! Thanks!
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Liz Rea <lrea@nekls.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Duplicate of '[PATCH] MT3747: Shows member relatives in issueslists' : Subject was wrong
MT3747, Follow-up: Adds siblings issues
MT3747, Follow-up: Shows member relatives in issues lists
- Now displays patron's and relatives' issues apart
MT3747, Follow-up: Shows member relatives in issues lists
- Removes renewal in circulation.pl
- Adds links to moremember.pl
MT3747, Follow-up: Shows member relatives in issues lists
- Remove unuseful warn
MT3747, Follow-up: Shows member relatives in issues lists
- Removes renewal in moremember.pl
MT3747, Follow-up: Shows member relatives in issues lists
- Adds sorting for circulation.pl
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Display of the renewal date footer in the template was conditional upon
the existence of checkouts from today.
In order to fix this bug it was necessary to repeat the markup for the
table footer twice in the template, so I created an include file for it.
The same include file can now be used in moremember.tmpl.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
