When using "url" or "uri" template toolkit filters, I noticed that double quotes are escaped (%22), but not single quotes.
This causes sometimes a problem when URL is written in JavaScript code, in a string delimited by single quotes.
This patch corrects by using double quotes for js strings.
Also, adds a test for "didyoumean" feature : when feature is not activated, do not add corresponding javascript.
Test plan :
- activate OpacHighlightedWords syspref
- activate "didyoumean" feature for OPAC
- perform a search begining with a single quote (ie "'sport")
=> look for javascript errors (you may use firebug)
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
QP searches with && broke search highlighting on the OPAC details page.
This patch corrects encoding of the query_desc parameter that is passed
to the details page.
My last attempt at rebasing also transposed the variable for index
names with the variable for operators, meaning that the dropdown in
the basic search did not work.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Fixes some problems raised during QA successfully.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I tested most scripts affected by this patch and visually verified
all changes. Functionality is unaffected.
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
After doing a search and going to the details page, it can sometimes
be difficult to see exactly *why* a record was returned by a search.
By highlighting matches on the detail page as well as the results
page, we make it much easier to figure that out.
This patch uses a query_desc CGI parameter which is inserted into links
from the results page with javascript. This serves to avoid the
potential privacy implications of a cookie, and ensures that users
without javascript enabled see no change whatsoever.
To test:
1) Do a search (or two) in the OPAC with OpacHighlightedWords on.
2) View a record or two of the results, and ensure that the correct
words are highlighted.
3) Disable OpacHighlightedWords and do another search (or two),
this time ensuring that no words are highlighted.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
On certain search queries, for example
http://koha-intra/cgi-bin/koha/catalogue/search.pl?kw=idx&q=ti:book%20
the highlighter starts going into an infinite loop until the browser
decides to kill it.
This patch prevents the bad input going to the highlighter.
It also includes the fix on the OPAC, even though the issue doesn't come
up there. Better to be safe...
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch removes the AmazonReviews and AmazonSimilarItems
features from the OPAC and staff client. With on Amazon
feature remaining, cover images, the *AmazonEnabled preference
is also removed in favor of checking the *AmazonCoverImages
preference. Two other system preferences, AWSAccessKeyID and
AWSPrivateKey are removed as they were required only by the
removed features.
Handling of book cover images from Amazon is unchanged.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Turned on amazon covers in opac and staff client and all
worked as expected. Then tested to make sure other cover image
services still worked and they do.
Signing off.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Correcting capitalization in OPAC templates
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Passes tests, changes look consistent by reading through the patch.
What a doozy!
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Two parameters are now escaped in title (html element):
- query_desc
- limit_desc
This is a security correction against XSS.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
