Commit graph

299 commits

Author SHA1 Message Date
Chris Cormack
45dd775401 Bug 14418: XSS Vulnerabilities in OPAC search
Fix for /cgi-bin/koha/opac-search.pl

To test

1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script
src='http://cst.sba-research.org/x.js'/>&q=a
2/ Notice the js is executed
3/ Apply patch
4/ Reload page, notice it is no longer executed
5/ Test the rss links work still

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed bug and that the patch fixes it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-22 11:00:10 -03:00
Jonathan Druart
abd2bc99e8 Bug 14416: (follow-up) opac addbybilionumber
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-22 11:00:09 -03:00
Chris Cormack
fb51a4bb0f Bug 14416: Stored XSS vulnerability
opac-addbybiblionumber.pl is also vulnerable because it doesn't escape
list names.

To test
1/ Create a malicious list name
2/ Try to add a biblio to the lists
3/ Notice js is excuted
4/ Apply patch
5/ Test again

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-22 11:00:09 -03:00
Jonathan Druart
be35039b55 Bug 4137: Fix the OPACViewOthersSuggestions behavior
This pref does not work at all, the interface let the user choose to
list all suggestions, but whatever he chooses the suggestion list is the
same.

This patch cleans a bit the suggestedby management.

There are a lot of cases to test, because linked to 2 prefs:
 AnonSuggestions and OPACViewOthersSuggestions.
1/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 0
  - A non logged in user is not able to make a suggestion.
  - A logged in user is not able to see suggestions made by someone else.
2/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 1
  - A non logged in user is not able to make a suggestion.
  - A logged in user is able to see suggestions made by someone else.
3/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 0
  - A non logged in user is able to make a suggestion.
  The suggestedby field will be filled with the AnonymousPatron pref value.
  He is not able to see suggestions, even the ones made by AnonymousPatron.
  - A logged in user is not able to see suggestions made by someone else.
4/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 1
  - A non logged in user is able to make a suggestion.
  He is able to see all suggestions.
  - A logged in user is able to see suggestions made by someone else.

In all cases a logged in user should be able to search for suggestions
(except if he is not able to see them).

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
All use cases tested, work as expected
No errors

Only comment is perhaps (in the future) a gracefull failure
when AnonymousPatron is not set, or has '0' value

Message is DBIx::Class::ResultSet::create(): Column 'suggestedby' cannot be null at ...

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-19 11:34:27 -03:00
Katrin Fischer
7ab873aaea Bug 11467: Bug Untranslatable srings in opac-detail.tt (IDreamBooks*, OpacBrowseResults)
Patch marks several strings in the Javascript on the OPAC detail
and result page for translation.

1) IDreamBooks*
- Activate the 3 IDreamBooks* system preferences
- Check the 'cloud' and additional content shows up correctly on
  the detail and result pages
- Verify everything works as expected and the same as without the patch

2) OpacBrowseResults
- Activate OpacBrowseResults
- Do various searches
- Verify the nex, previous, browse result list features still
  work the same as without the patch

Bonus: Check new strings appear in the .po files by updating one
       language with the patch applied (perl translate update de-DE)

NOTE: Really should have read the test plan more closely.
      I couldn't find the 'Go to detail:' section, until I clicked
      'Browse results'.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-19 11:09:43 -03:00
Aleisha
892d374b64 Bug 11011: Rephrasing 'in keyword' in OPAC authority search
Using 'in the complete record' rather than 'in keyword'. I think this fits well as it seems that this means the search looks anywhere in the record.

To test:

1) In the OPAC, click on Authority Search
2) Notice that in the drop-down menu for the 'Where:' field, there is an 'in keyword' option.
3) Apply patch
4) Now says 'in the complete record'

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-19 11:08:50 -03:00
Aleisha
9bef8f8738 Bug 14360: Unescaped variable causes alert pop-up
To test:

1) Create a list in the OPAC, name it: <script>alert('Hello');</script>
2) Delete the list
3) Confirm deletion
4) See the alert say 'Hello'
5) Apply patch
6) Recreate list with same name
7) Delete list
8) Confirm deletion and alert no longer pops up

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-11 10:04:41 -03:00
Aleisha
9e920f7479 Bug 14360: Unescaped variable causes alert
Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert.

To test:

1) Go to URL such as ...  /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
2) Notice pop-up box with alert
3) Apply patch, refresh page
4) Notice alert is gone

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-11 10:04:40 -03:00
4fd923e12e Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText
The synopsis of this TT plugin contains two example lines:
[% myhtml FILTER html2text(leftmargin => 0, rightmargin => 0) %]
[% myhtmltext | html2text %]

These lines have been copied (without too much thought :) to a few templates. Since we do no use the variables myhtml or myhtmltext in these templates, these lines are useless.

Test plan:
[1] Put some items in your cart. And send it.
[2] Send a shelf.
[3] Git grep on myhtml. Should not have results.

NOTE: Sent carts and lists in Intranet and OPAC successfully.
      Though, this does bring into question why the letters
      have HTML formatting if it is getting removed. That,
      however, is beyond the scope of this bug.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-08 09:47:06 -03:00
7e440d7009 Bug 14318: iDreamBooks doesn't work when Koha is using https
If a Koha server is configured to run over SSL, all iDreamBooks content
is blocked due to the fact that a secure page is requesting an insecure
endpoint. This is due to the fact that the urls for iDreamBooks use http
and not https. A simple fix would be to switch them to https since
browsers have to qualms about loading a secure data endpoint from an
insecure one.

Test Plan:
1) Enable iDreamBooks
2) Set up your OPAC to use https
3) Verify iDreamBooks content continues to work

Note: tested Chrome and IE, so that the IE change would be validated.
      Discovered isbn semi-colon issue that is beyond scope of this bug.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-07 18:39:48 -03:00
Jonathan Druart
5a02cf9b48 Bug 10938: Item columns displayed in random order - OPAC
Same as before for the OPAC.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Good result, no errors

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-05 14:13:39 -03:00
Bernardo Gonzalez Kriegel
7928cdfbd4 Bug 14173: Paging on 'recent comments' page in OPAC is not displaying correctly
This patch corrects the display of current page on
a multipage recent comments.

To test:
1) Enable OpacShowRecentComments

2) Add multiple comments to multiple records
I used a script to add multiple lines like
"insert into reviews values ($i, 51, $i, 'Comment $i', 1, '2015-06-01 00:00:00')"
to table reviews

3) On OPAC, go to 'Recent comments', verify the bug

4) Apply the patch

5) Reload and check correct display

Can't found missing space near 'by' from description.
Display is correct for me.

Followed test plan, displays as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-05 12:53:49 -03:00
Katrin Fischer
5bbea3ea2c Bug 14269: OPAC: Some template improvements for the full serial history page
- Fix filter labels:
  Library : -> Library:
  Subscription : -> Subscription:
- Make '(All)' entry in filter pull downs translatable
- Show branch name instead of branchcode in table and filter

To test:
- Verify changes as described above
- Verify filters still work as expected

Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-04 11:06:18 -03:00
Winona Salesky
cfacda2bb4 Bug 13382 - RDA: 700/710/711 display in XSLT
Test Plan:
1) Apply this patch
2) Ensure you are using the default XSLT setting for the staff and opac record details
3) Find or create a record with MARC tags 700,710,711
4) Perform an opac search that would show the record in the search results.
5) Click title to review record.
6) Note the fields updates 700,710,711 to show subfields a, b, c, d, e, f, g, h, i, k, l, m, n, o, p, r, s, t, u, x. Multiple fields are separated by span class=separator |. Adds Related and Contained Works as new headings.
7) Repeat steps 4 - 6 for the staff interface

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-04 10:10:14 -03:00
Mark Tompsett
1651cf70d1 Bug 5010: Fix OPACBaseURL to include protocol
First, it is strongly recommended to set the OPACBaseURL. But
this patch allows the inclusion of the protocol and not just
a site.

Next, C4/Auth now puts OPACBaseURL into the template parameters
regardless of OPAC or Staff clients.  t/db_dependent/Auth.t was
tweaked to add a check for confirming that get_template_and_user
adds OPACBaseURL to both OPAC and Staff templates.

In the staff client, once the OPACBaseURL is set, you get a nice
OPAC View link when viewing a biblio's detail. It should reflect
the protocol used now.

Hard coded 'http://' strings were removed from the
sample_notices.sql files. This is what required also updating
the letters table in the updatedatabase.pl script.

The explanation text in the sysprefs.sql needed updating too to
reflect the inclusion of the protocol. And this was the other
update done in the updatedatabase.pl script. The opac.pref file
was similarly changed as well.

catalogue/detail.pl had no need to pass a custom OpacUrl value,
since C4/Auth passes the required OPACBaseURL, so it and the
corresponding template were modified.

Both the MARC21 and NORMARC intranet details files had 'http://'
hard coded in them. This was removed.

Both the bootstrap and prog theme opac-detail template had a
protocol parameter that was used. The logic for the parameter
was not removed, because it is used extensively in one template.
Perhaps it should be used to simplify the other. However, the
calculated current_url parameter had references to the protocol
removed, because of the changes to OPACBaseURL.

opac/opac-shareshelf.pl had a hard coded 'http://' which was
removed.

t/db_dependent/Auth_with_cas.t had 'http://' added to the value
set for OPACBaseURL.

In virtualshelves/sendshelf.pl explicit code which sent the
OPACBaseURL preference was removed, since C4/Auth sends it all
the time now.

C4::Context::set_preference was tweaked to ensure that
OPACBaseURL would always start with http.
t/db_dependent/Context.t was tweaked to specifically test this.

The Shibboleth authentication needs OPACBaseURL set, and that
it be https protocol. The _get_uri routine was tweaked to always
pass back https:// as the protocol on the OPACBaseURL.
t/Auth_with_shibboleth.t was tweaked to specifically test the
changes.

TEST PLAN
---------
This is not an easy patch to test. Difficulties include:
- configuring Koha to run under https
    (tweaking apache2 isn't so hard, just tricky)
- configuring Koha to run OPAC and Staff with Plak
    (since code with comments about plak were sliced out)
- configuring Koha to use CAS
    (may be requires for the CAS test)

 1) Apply patch
 2) Make sure OPACBaseURL is set without the protocol included.

UPDATEDATABASE
 3) back up your DB
 4) ./installer/data/mysql/updatedatabase.pl
    -- It should run without errors.
 5) Look up the OPACBaseURL system preference in the staff
    client
    -- It should have http:// prepended.
 6) Run the mysqlclient from your koha git directory
      USE koha_library;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- There should be no prepended http:// on the
       <<OPACBaseURL>>.
 7) restore your DB
 8) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

AUTH
 9) Call up staff client.
10) Call up OPAC.
    -- C4/Auth.pm doesn't barf.
11) Call up Plack staff client
12) Call up Plack OPAC.
    -- C4/Auth.pm doesn't barf.
13) prove -v t/db_dependent/Auth.t

CONTEXT
14) Home -> Koha administration -> Global System Preferences
         -> OPAC
15) Modify and save OPACBaseURL to not have http:// or https://
    on it.
    -- It should be modified to include http://
16) Modify and save another system preference.
    -- It should save normally
17) prove -v t/db_dependent/Context.t

CATALOGUE/DETAIL (tt & pl)
18) Confirm the OPACBaseURL is set
19) Navigate to any biblio details in the staff client
    -- There should be a "OPAC view" link which has the
       correct http:// or https:// in it.

SQL (sample notices and sysprefs)
20) Run the mysqlclient from your koha git directory
      USE koha_library;
      DELETE FROM letter;
      source installer/data/mysql/de-DE/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/en/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/nb-NO/1-Obligatorisk/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/es-ES/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/fr-FR/1-Obligatoire/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/it-IT/necessari/notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/pl-PL/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/ru-RU/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/uk-UA/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- Each of the selects should should lines that have
       <<OPACBaseURL>> starting them, but no hard-coded http://
      DELETE FROM systempreferences;
      source installer/data/mysql/sysprefs.sql;
      SELECT * FROM systempreferences WHERE variable='OPACBaseURL';
    -- The explanation should reflect the new explanation.
      QUIT
21) restore your DB
22) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

SLIM2INTRANETDETAIL
23) Set 'XSLTDetailsDisplay' system preference to default.
24) Set 'marcflavour' system preference to MARC21.
25) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://
26) Set 'marcflavour' system preference to NORMARC.
27) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://

OPAC-DETAIL
28) Set 'opacthemes' to bootstrap.
29) Set 'SocialNetworks' to enabled.
30) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.
31) Set 'opacthemes' to prog.
32) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.

AUTH_WITH_CAS
33) prove -v t/db_dependent/Auth_with_cas.t

OPAC-SHARESHELF
34) Set 'OpacAllowSharingPrivateLists' to allow.
35) In OPAC, 'Save to Lists' a search result.
36) Save it to a new private list.
37) Click the Lists button, and select the new list.
38) Click the Share button.

AUTH_WITH_SHIBBOLETH
39) prove -v t/Auth_with_shibboleth.t
    -- needs to be tests on Debian, because I can't get
       the Test::DBIx::Class installed in Ubuntu. :(

Rebased again on kohadevbox...

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-04 10:00:04 -03:00
Jonathan Druart
c7a8e4dd25 Bug 14266: Trim the email address in the pl script
The original concern of bug 14266 was to provide a compatibility for
<IE9.
But actually we don't need to trim the email address template side.
It will even better to trim it in the perl script, so that the email
will be trimed even if JS is disabled.

Test plan:
1/ Share a list and does not provide any email address
2/ Submit
=> The form is not submited, no alert/message is displayed (same as
before this patch).
3/ Share a list and provide an email address with spaces before and
after
4/ Submit
=> You should receive the email

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Test output compliant with expected test plan outcome.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-01 14:15:58 -03:00
e1ac8b4310 Bug 14266: Replace trim() with $.trim() in opac-shareshelf.tt
This patch replaces trim() with $.trim() which is supported
in versions of IE older than IE9.

Revised test plan
=================

Before applying patch:

0) Use IE 8 or Document Mode 8 in a newer IE using F12 Developer Tools
1) Set OpacAllowSharingPrivateLists to "Allow" in Global System Preferences
2) Create a private list in the OPAC
3) Add a record to the private list
4) Click "Share" or "Share list" on one of the list screens
5) Type in an email address and click "Send"
6) Note the error in the console log
7) The page should submit

Apply the patch:

7) Hold shift + refresh the browser to update any Javascript cache
8) Try to "Share" the list again
9) Note that the form submit after clicking "Send" and
that there are no errors in the console log

http://bugs.koha-community.org/show_bug.cgi?id=14266

Signed-off-by: Indranil Das Gupta <indradg@gmail.com>
Remarks: Works as per revised test plan
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-01 14:15:47 -03:00
Jonathan Druart
7b0792584e Bug 12160: Rename opacuserjs with OPACUserJS
Test plan:
Same as previous patch for opacuserjs

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

NOTE: Worked before and after updatedatabase.pl, though after
      is less confusing to the programmer unaware of case-insensitivity.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 10:42:07 -03:00
Magnus Enger
9b1241ecfc Bug 14025: Fix 865u-links in the OPAC for NORMARC
The display of links found in 856$u for NORMARC has not been keeping up with
the one for MARC21, and several sysprefs have not been implemented. This
patch tries to fix that.

Affected sysprefs:
- OPACURLOpenInNewWindow
- URLLinkText
- OPACDisplay856uAsImage
- OPACTrackClicks

To test:
- Make sure you have a record with a URL in 856$u and marcflavor = NORMARC.
  (It does not have to be a full NORMARC setup or a NORMARC record, just make
  sure you are viewing the record through the NORMARC XSLT files.)
- View the record both in a result list and in detail view
- Check that the 4 involved sysprefs affect the display in the expected ways

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested on NORMARC setup and XSLTs
Works as described, each syspref works
No koha-qa errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Since it only affects NORMAC, I trust in Magnus :)
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 10:42:07 -03:00
Winona Salesky
f52084df0e Bug 13650: Remove parens from links to fix searches
This patch will resolve the issue of not being able to
search with parens in a subject heading by editing the xslt

To test:

* Apply patch
* Search Koha for a title with ( ) in the subject
* Click the subject
* Results should be returned
* Repeat in OPAC and Staff client

Signed-off-by: Nick <Nick@quechelibrary.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-20 12:10:38 -03:00
159cb0ed05 Bug 13986: Implement fix for OPAC
Tested wit OPAC, full list is printed.
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-15 16:01:47 -03:00
a6824d34f0 Bug 14065: Typo in opac self registration form
The phrase

Please type this following characters into the preceding box

should be

Please type the following characters into the preceding box

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-07 10:57:30 -03:00
Jonathan Druart
6a923f9cc6 Bug 12253: Fix MARCUrls in basket
At the OPAC and the intranet, the urls don't be displayed anymore.
The variables used in the templates are not the good ones (MARCurlS vs
MARCURLS).

Test plan:
1/ On the intranet side, add some urls to some records
2/ Add these records to the basket
3/ Add records without urls defined
4/ Go on the basket view, click "more details"
5/ You should see the urls displayed
6/ Repeat steps 4-5 at the OPAC

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

NOTE: 856$u displays now in intranet and OPAC. :)

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-06 13:51:32 -03:00
432deab9ed Bug 7843: (QA followup) Make news selection persistant
This patch makes the following changes:
1) If there is no logged in patron, the RSS link states it is for
   system-wide news.
2) If a patron is logged in, the RSS link states it is for system-wide
   news *and* news for the patron's home library.
3) The patron's home branch code is embedded in the RSS feed url so
   he or she no longer needs to be logged in for us to know what branch's
   news to pull.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 16:33:21 -03:00
Bernardo Gonzalez Kriegel
fcec3cfdaf Bug 7843: Followup - fix broken url
This patch fixes an invalid URL when clicking
on RSS feed.

To test:
1) Using Nicole words :)
If you visit : http://mykoha/cgi-bin/koha/opac-main.pl
then the RSS feed works.
If you're on http://mykoha and you click the rss icon you
get : http://mykoha/opac-news-rss.pl which is a 404 page.

2) Apply the patch

3) Repeat 1, error is now fixed

Signed-off-by: Pierre <tredok.pierre@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 16:33:19 -03:00
Nicole
183ad8f61b Bug 7843: (follow up) Improve RSS feed language
The RSS button used to read ' RSS for the librarys general newsfeed.'
This included one grammatical error and I think included more words
than most average people would read.  This patch simplifies it to say
'RSS for Library News.'

To test:
* Apply all patches
* Review RSS feed button's text on main page under news

http://bugs.koha-community.org/show_bug.cgi?id=7843

Signed-off-by: Pierre <tredok.pierre@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 16:33:08 -03:00
Jonathan Druart
5bbc5834d8 Bug 7843: (qa-followup) Create an RSS feed for news in Opac
1/ use strict and warnings are useless, Modern::Perl is used
2/ Prefer to use the interface and theme TT var instead of the hard
coded path

Signed-off-by: Pierre <tredok.pierre@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 16:12:33 -03:00
Viktor Sarge
22ed7c7d8f Bug 7843: Create an RSS feed for news in Opac
Test plan:
* Install the patch
* Make shure there is news in the Opac
* Go to the Opac (opac-main.pl)
* Make shure you see an RSS icon below the news and a short text.
* Click the RSS icon and verify that you get an RSS feed that validates.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

I took the liberty of fixing the copyright statement when signing it off

Signed-off-by: Pierre <tredok.pierre@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 16:12:25 -03:00
Jonathan Druart
a333a13da5 Bug 8007: (QA followup) Add error handling when generating the pdf
If error occurs when generating the pdf, it would be better to get an
encapsulated error instead of the "software error" message in the pdf
file.
To test this patch I added this change:

b/Koha/Borrower/Discharge.pm
-115,6 +115,7 @@ sub generate_as_pdf {
     say $html_fh $html_content;
     close $html_fh;
     my $pdf = PDF::FromHTML->new( encoding => 'utf-8' );
+    $html_path .= "poeut";
     $pdf->load_file( $html_path );
     $pdf->convert;

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 12:34:21 -03:00
Yohann Dufour
9ad589189e Bug 8007: Discharge management
This patch is the main patch. It adds new package and files for the new
pages (opac-discharge, members/discharge and members/discharges).

At the intranet, it is now possible to generate a discharge for a patron.
At the opac, a patron can request a discharge and a discharge if it has
been validated by a librarian.

Requirements:
    The perl module PDF::FromHTML

New sysprefs:
 - useDischarge: Allows librarians to discharge borrowers and borrowers
   to request a discharge

New letter with a letter_code DISCHARGE.

Test plan:
- Switch on the syspref useDischarge.
- Verify a new tab appears in the patron page (intranet and opac).
- Verify the discharge cannot be generated if the patron has issues.
- Verify the patron can request a discharge from it's opac area.
- The request appears on the main page (intranet).
- Generate the discharge from the intranet.
- Try to download it (from the opac and the intranet).

Signed-off-by: Lucie <lucie.rousseaux@dracenie.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 12:33:56 -03:00
Yohann Dufour
45975f4087 Bug 8007: Discharge - Glue
This patch adds:
- links to the new pages.
- syspref description
- links on the main page (intranet)
- the DISCHARGE type for debarment

Signed-off-by: Lucie <lucie.rousseaux@dracenie.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 12:33:53 -03:00
ca55cfba88 Bug 1917 [QA Followup] - Remove unnecessary use of html filter
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-29 12:09:24 -03:00
503b8ffd68 Bug 1917 [QA Followup] - Use html filter, only show 'by' if author exists, change link title
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-29 12:09:23 -03:00
d90b6d2ba2 Bug 1917 - Add RSS Feeds for Lists
Test Plan:
1) Apply this patch
2) Create one or more public lists
3) View the list in the opac
4) Note the new RSS icon next to the list name
5) Open the link in FireFox or an RSS reader
6) You should see an RSS feed of your list with the title
   and author of each item as a hyperlink to the record details

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>

Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-29 12:08:36 -03:00
1a585ec7fe Bug 8992: (QA followup) <body> was missing id and class
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-28 18:11:35 -03:00
Jonathan Druart
28ef6c56da Bug 8992: Add the greybox include file for the bootstrap theme
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2015-04-28 15:47:39 -03:00
Jonathan Druart
0db45ce3b8 Bug 8992: XSLT changes
This patch add the same behavior as previous patches for the xslt view.

Signed-off-by: valerie bertrand <valerie.bertrand@univ-lyon3.fr>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2015-04-28 15:47:39 -03:00
Jonathan Druart
6af69c2648 Bug 8992: Interfacing with the Idref webservice
On the detail page (in the opac), if the biblio comes from the Sudoc,
you must have a link (on the right of the author link) which open a popup with
informations about this author (publications by role).

To test:

1/ Switch on the Idref system preference

2/ Simulate a SUDOC record:
  Fill a 7..$3 field with a ppn (032581270 for example).
  Fill the 009 field with an integer

3/ Go to the opac detail page of this notice.
You should see the IDREF link.
If you click on it, a popup displays a loading icon and after a few
seconds (depending of the productivity of the authority :)), a list of
roles. For each role, a table displays all his corresponding publications.

4/ On the right, you have 2 links: 1 for a koha search for this result
and 1 for a SUDOC link

Signed-off-by: valerie bertrand <valerie.bertrand@univ-lyon3.fr>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-28 15:46:26 -03:00
Katrin Fischer
709913992e Bug 10752: (QA followup) rephrase erorr messages a little
Rephrased error messages a little and changed the link to
look like it does on other pages, for example when looking
at an order created from a suggestion.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

http://bugs.koha-community.org/show_bug.cgi?id=10752
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-28 15:43:19 -03:00
Jonathan Druart
2504ade8eb Bug 10752: Alert if the suggestion has not been added - OPAC
Same as previous patches for the OPAC.

Test plan is the same.

Tested with all patches applied. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-28 15:11:49 -03:00
b38370ff83 Bug 13941: [2/2] Fix <body> tags missing id/class
Followed test plan from patch 1/2, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-24 09:47:38 -03:00
Jonathan Druart
d2dd4ca624 Bug 10174: Add a tooltip to explain what is a digest
The digest term seems to be ambiguous for some people.

This patch adds a tooltip to explain what it is (feel free to provide
a better wording).

Test plan:
Go at the OPAC and click on the "Your messaging tab", you should see an
icon close to "Digest only" to explain what is a digest.
Same at the intranet on editing/showing patron info

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-23 12:50:38 -03:00
Jonathan Druart
40543e9c45 Bug 14016: (follow-up) Restore correct date format on issue date (00:00 vs 23:59)
Same for the overdues.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-22 16:24:04 -03:00
Jonathan Druart
9ad8b86643 Bug 14016: Restore correct date format on issue date (00:00 vs 23:59)
Introduced by bug 13601, and same fix used in bug 10423 and bug 12847:
the date_due retrieved from the DB is modified.

There are some problems:
1/ There is confusion between the iso and sql formats in the codebase.
2/ Since bug 13601, dt_from_string does not manage the iso format (there
are occurrences of 'iso' but it assumes that both formats are
identical).

To solve the issue, 2 solutions:
1/ Same as bug 10423 and bug 12847: try to get rid of the change done on
date_due in C4::Members::GetPendingIssues, it should be kept as the sql
value.
2/ Too many errors found and another fallback should be added to
dt_from_string (if 'iso' is passed, try sql then iso).

Test plan:
Go on the checkout list at the OPAC and confirm that the due dates are
correctly formatted.

Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-22 16:24:02 -03:00
Jonathan Druart
927aedafa1 Bug 10985: [UNIMARC] Fix authority summary
The problem is the template in authority type summary is not respected
at all. It is only read to see which fields and subfields should appear
in the summary.
This patch fixes that.
It also fixes a bug in auth_finder.pl plugin when summary contains
fields other than 2XX.

Test plan:
0/ You must use a UNIMARC setup for those tests
1/ edit an authority type summary with:
     NP : [200a][, 200b][ 200d][-- 152b --][ ; 200c][ (200f)] [001*] [ppn: 009*]
2/ create a new authority with previous fields (it is possible some
   fields don't exist).
3/ search this authority and verify the summary is someting like:
     NP : Name, D.-- NP -- 23849 ppn: my_ppn
4/ Verify some summary for existing authorities and check they are
   correct.
5/ Edit a biblio record and use the plugin auth_finder.pl (for example
   in a 7XX field)
6/ Do a search and verify the summary is correct
7/ Click on 'choose' or one of the numbered links ('1', '2', ... ; you
should have multiple 2XX fields for the numbered links to show up)
8/ Verify that the biblio field is correctly filled.

/!\ For the ppn, it should be defined in the zebra indexes.

In MARC21 and NORMARC setups, this patch should change nothing, please
verify that too (you can check that the auth_finder.pl plugin is still
working and the auth type summary is correctly displayed in authorities
search and auth_finder.pl plugin).

Signed-off-by: Frederic Demians <f.demians@tamil.fr>

It works as described, both in authority search result page, and in authority
data entry plugin.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-22 11:54:36 -03:00
Winona Salesky
62ec79a4fd Bug 13381 - RDA: 245 field changes in XSLT
This patch updates the display of the title and statement of responsibility in the
XSLT display in the staff and OPAC.

Display includes subfields a,b,c,h,k,n,p,s
Subfield c is wrapped in a span class=title_resp_stmt for easy suppression via css.
Subfield h is wrapped in a span class=title_medium for easy suppression via css.

To test:

* Search the opac
* Click the title
* Make sure the fields display properly
* Repeat for a few more titles
* Repeat in the Staff Client

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 11:49:20 -03:00
68fe98dce5 Bug 13385: (QA followup) field number is enough
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 11:46:22 -03:00
Winona Salesky
93bc6851b6 Bug 13385: Add field 508 to XSLT (OPAC and staff)
This patch adds field 508 to the XSLT display in the staff and OPAC view.
Display includes subfield a.

To test:
* Search the opac
* Click the title
* Make sure the fields display properly
* Repeat for a few more titles
* Repeat in the Staff Client

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Adjusted commit message. Only subfield a is relevant here.
2015-04-20 11:44:05 -03:00
Winona Salesky
71e51f6c10 Bug 13386 - Added separator to full and brief display.
This patch adds a  separator | to the full and brief displays in the staff and OPAC views.
Separator wrapped with span clas=separator |
To test:

* Search the opac
* Click the title
* Make sure the fields display properly
* Repeat for a few more titles
* Repeat in the Staff Client

http://bugs.koha-community.org/show_bug.cgi?id=13386
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 11:27:57 -03:00
Winona Salesky
30822643d0 Bug 13433 - 655 display in XSLT
Test Plan:
1) Apply this patch
2) Ensure you are using the default XSLT setting for the staff and opac  record details
3) Find or create a record with MARC tags 655
4) Perform an opac search and select records with 655 field that would show the record in the search results
5) Note this patch adds field 655 to display. Displays subfields a,v,x,y,z. uses a vertical bar to separate multiple titles. Vertical bar is wrapped in span class="separator" for easy suppression/customization of separator.
6) Repeat steps 4 and 5 for the staff interface

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 11:26:25 -03:00