Commit graph

26560 commits

Author SHA1 Message Date
Marc Véron
46607f1098 Bug 9543 - Show patrons messaging subscription on holds notification
Display an information about a patron's messaging preferences if an item
is checked in where the patron has put a hold.

To test:

- Apply patch
- Make sure that SMS driver and TalkingTech sysprefs are defined to
  enable SMS and Phone preferences for users (SMS driver can be a dummy
  value)
- Place a hold for a patron
- Set patron's messaging preferences to different choices (including none)
- Check in the item that is on hold (it has not to be checked out for the
  test
- Verify that below the message "Hold found (item is already waiting") an
  information appears about the patron's messaging preferences.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Chris Kirby <christopherlawrencekirby@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 08:47:41 +00:00
Aleisha
6c733b2fda Bug 12402: Show patron category on pending patron modifications
To test:
1) Go to OPAC and make a modification to user
2) Go to Staff Client and go to pending patron modifications
3) Notice that we have the user's surname, first name, branch and
   cardnumber
4) Apply patch and refresh page
5) Notice that patron category now shows after user's name

Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 08:46:03 +00:00
ed449a5b5b Bug 16005 - Standardize use of icons for delete and cancel operations
This patch makes changes to Font Awesome icons in order to make icon
choice consistent for common actions.

<i class="fa fa-trash"></i> where something is deleted, removed, or
emptied.

<i class="fa fa-remove"></i> where an operation is cancelled (also where
selections are cancelled, as in checkboxes).

<i class="fa fa-times-circle"></i> for "close," as in baskets and
windows.

To test, apply the patch and view the following pages to confirm that
the correct icon is used:

- Acquisitions -> Vendor -> Vendor delete button.
- Acquisitions -> Vendor -> Edit -> Delete contact button.
- Acquisitions -> Invoices ->  Delete menu item.
- Cataloging -> Edit record -> Authority search pop-up (triggered from
  the tag editor for a tag linked to an authority) -> Clear field button
- Authorities -> Authority detail -> Delete button.
- Tools -> Quotes editor -> Quotes delete button.
- Reports -> View saved report -> Delete button.
- Reports -> Saved reports -> Delete menu item.
- Serials -> Subscription details -> Subscription close button.
- Administration -> Budgets -> Delete menu item.
- Administration -> Item search fields -> Delete button.
- Administration -> Z39.50/SRU servers -> Delete menu item.
- Catalog -> Advanced search -> Clear fields link.
- Cataloging -> Advanced editor -> Macros -> Delete macro button.
- Circulation -> Checkout -> Check out an item which is on hold for
  another patron. "Cancel checkout and place hold" button now uses the
  icon used elsewhere for holds.
- Course reserves -> Course -> Delete course button.
- Patrons -> Patron lists -> Add patrons -> Remove selected button.
- Acquisitions -> Suggestions -> Suggestion details -> Delete button.
- Lists -> List contents -> Remove selected button.

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 08:21:25 +00:00
4c04f6f8e0 Bug 16336 [Revised] UX of holds patron search with long lists of results
Bug 15793 made a change to an interface which is also found in the place
hold template. This patch creates a new include file to be used by both
circulation.tt and request.tt so that these pages do not diverge.

In the process, this patch removes some markup and JavaScript which was
made obsolete by Bug 15793 and should have been removed.

This patch also revises the sorting of the results table so that the
patron name is sortable (Bug 16334) and the default sort is on card
number (matching 3.20.x and 3.22.x).

To test:

In Circulation:
- Perform a search by name for a patron which will
  return multiple search results.
- The table of results which displays should look correct and work
  correctly, including DataTables sorting.
- Clicking any table row should forward you to the checkout page for
  that patron.

In the catalog:
- Locate and place a hold on a title.
- When prompted to select a patron to place the hold for, perform a
  search by name which will return multiple results.
- Confirm that the table of patron results looks correct and works
  correctly.
- Clicking any table row should forward you to the place hold page for
  that patron and the title you selected.

Revision: Although the table row was clickable, you couldn't
middle-click it to open the link in a new tab. The patron name is now a
real link you can middle-click or right-click. The row is still
clickable as well.

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 08:19:44 +00:00
c2f53bd039 Bug 16388: Use existing 'execute' parameter instead of creating a new one
An existing 'execute' parameter is already passed to the template when
we need to display the 'Download' button, so let's use it instead of
creating a new one.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 08:01:43 +00:00
Aleisha
e7ac7abf16 Bug 16388: Move option to download report into reports toolbar
To test:

1) Create a new SQL report or edit a report
2) Ensure that the download option does NOT show in the toolbar
3) Save and run the report
4) Confirm that download option DOES show in toolbar as a dropdown with
   the 3 options (csv, tab and ods)
5) Confirm that downloading all 3 file types works as expected

Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 08:01:43 +00:00
Mark Tompsett
5ba5f9e0c5 Bug 16582 t/Price.t test should pass if Test::DBIx::Class is not available
TEST PLAN
---------
1) prove t/Prices.t
   -- failure
2) apply patch
3) prove t/Prices.t
   -- nicely skipped when Test::DBIx::Class is not available.

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 07:29:54 +00:00
71f0370ddd Bug 16610 - Regression in SIP2 user password handling
Previous to bug 14507, SIP2 only did internal authentication. A change
to the way we check empty passwords has caused any empty password to
send back a CQ of Y. Previous to that patch set, a CQ of Y would only be
sent back of the patron password column was NULL. Now, an empty AD field
*always* returns a CQ of Y.

Test Plan:
1) Send a patron information request with an empty AD field
   Note: You must send the AD field or you won't get back a CQ field
2) Note you get back a CQ of Y
3) Apply this patch
4) Repeat step 1
5) Note you now get back a CQ of N

Signed-off-by: Trent Roby <troby@bclib.info>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 06:38:30 +00:00
cbdd9194eb Bug 16610: [QA Follow-up] Add a test
To verify the original patch, this test shows that before applying
it the Patron Info request did not return CQ==N for an empty
password. Note that the Patron Status did btw.

After applying the original patch, the test passes for patron
info as well as status.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 06:38:30 +00:00
567a1a9021 Bug 16504: [QA Follow-up] Make koha-qa happy with two newlines
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 06:34:18 +00:00
da94410ab5 Bug 16504: (follow-up for bug 15163) Do not remove attributes of other patrons
Simple patch for a silly error, this single line is going to fix a
critical bug.
If a patron attribute is limited to a library, all the values for that attributes
for every patrons will be deleted.

Test plan:
Create a patron attribute limited to a library
Set the the attribute for a patron
Set the the attribute for another patron
=> Without this patch applied, the attribute's value for the first
patron is deleted
=> With this patch applied, the 2 values exist in the DB after the
second edition

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 06:34:18 +00:00
72bd06e3a8 Bug 16504: Add regression tests
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-03 06:34:18 +00:00
e0143f3205 Bug 16437 - (follow-up) Automatic item modifications by age needs prettying
Do not move the scrollbar to the top when removing a 'block' to a new
rule.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 11:57:12 +00:00
22b18ba988 Bug 16437 - Automatic item modifications by age needs prettying
This patch makes layout and behavior changes to the automatic item
modifications by age interface, bringing some aspects of it closer into
conformance with established interface patterns.

- The intial view is now a standard table of information about existing
  rules, or a message dialog saying there are no rules.
- If there are no rules, a toolbar button reads "Add rules."
- If there are existing rules, the toolbar button reads "Edit rules."
  - Clicking the button leads to the rules edit interface, which now has
    a floating toolbar with "Add rule," "Save," and "Cancel" buttons.
  - Clicking the "Add rule" button displays a blank rule block.
    - If you are adding a rule to existing rules, the new block is
      appended at the bottom, and the page scrolls to the new rule.
    - As you add or remove rule blocks, the legend containing the rule
      count updates so that the numbers are sequential.
    - In each rule block, "age" and "substitutions" are now required.
      The age field is now validated to require a number.
    - The add/remove condition/substitution links now have more
      descriptive text labels.
    - The control to remove a rule is now a link in the <legend> element
      associated with each rule.
- Most JavaScript for this page is now in a separate file.
- Breadcrumbs are updated to be a little more specific.

To test, apply the patch and clear your browser cache if necessary.

- Go to Tools -> Automatic item modifications by age.
- Test adding and removing rules.
- Test removing all rules.
- Test adding and removing conditions and substitutions within rules.
- Test submitting the form without filling in required fields.

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 11:57:12 +00:00
fdf4101fb1 Bug 16450 - Remove the use of "onclick" from guarantor search template
This patch updates the guarantor search template so that event
definition is done in the script rather than in an onclick attribute.

This patch also increases the size of the popup window to help prevent
the need for horizontal scrolling and adds Bootstrap style to the
"select" button.

To test, apply the patch and clear your browser cache if necessary.

- Go to Patrons and add a patron with a "child" category type.
- In the "Guarantor information" section, click the "Set to patron"
  button.
- In the pop-up window, search for a patron.
- Click the "Select" button next to a patron.
- The window should close, and the patron you selected should now appear
  as the guarantor. The guarantor's address information should be added
  to the "Main address" section.

Tested on top of Bug 13041 and Bug 16386, works as expected, however see
Bug 16458
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 11:53:32 +00:00
Aleisha
23c8dc0e63 Bug 16511: Making contracts actions buttons
To test:
1) Go to Acqui -> find a vendor
2) On Vendor details page (supplier.pl) confirm that Contracts table now
   has one column called Actions
3) Confirm that Edit and Delete show as buttons
4) Confirm that buttons don't wrap on a narrower browser
5) Click Contracts tab
6) Confirm Actions column, Edit and Delete buttons, and button's don't
   wrap

Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 11:51:02 +00:00
Aleisha
2afff4e850 Bug 16524: Use floating toolbar on item search
To test:
1) Go to item search
2) Confirm toolbar at top of page with Search button, goes down page as
   you scroll
3) Confirm search button has been removed from final output fieldset
4) Confirm everything works as expected

Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 11:49:09 +00:00
Aleisha
c4f17a6eb3 Bug 16525: Have cancel button when adding new aq budget
At the moment you only see the cancel button on the form if editing an
existing budget. This patch adds a cancel button to the form which adds
a budget. Also changes the wording of the save button from 'Save
changes' to just 'Save' so it makes more sense when adding a new budget

To test:
1) Go to Admin -> Budgets -> New budget
2) Notice 'Save changes' button and no cancel
3) Apply patch and refresh page
4) Notice 'Save' button and 'cancel' link
5) Click 'cancel' - should be taken to Budgets administration page
6) Edit an existing budget
7) Click 'cancel' - should be taken to the funds page for that budget

Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Sabine Liebmann <Liebmann@dipf.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Still an issue: If edit a budget fron aqbudgets.pl, then cancel, you get
aqbudgets.pl?budget_period_id=XX. But existed before this patch.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 11:46:53 +00:00
89b41ede65 Bug 16001 - Use standard message dialog when there are no cities to list
If there are no existing cities in Administration -> Cities and Towns,
the message saying so should be in the standard message dialog.

Another minor change: Edit the message to say "There are no cities
defined," which I think reads better in English.

To test you must have no cities and towns defined.

Apply this patch and go to Administration -> Cities and Towns. You
should see a message displayed in a standard "message" style dialog.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Better view, no errors

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 11:44:37 +00:00
Aleisha
ca36a74c86 Bug 16532: Groups showing empty tables if no groups defined
EDIT: Same change for libraries

To test:
1) Go to Admin -> Libraries and Groups
2) Notice empty tables if nothing defined
3) Apply patch and refresh page
4) Empty tables should not show
5) Add a new group
6) Confirm table shows correctly

Sponsored-by: Catalyst IT

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 09:04:09 +00:00
Brendan Gallagher
bae0eb9ab7 DBRev up for Bug 16200 - 'Hold waiting too long' fee has a translation
problem

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 08:56:42 +00:00
Lari Taskula
09de19c427 Bug 16200: Convert all existing expired holds accounttype to HE
Before Bug 16200 expired holds have used accounttype F which is also used by
other type of fines. This patch updates all existing expired holds to new
accounttype HE (Hold Expired).

To test:
-1. Make sure you translated the string in previous patch of this buug
1. Find a Patron with "Hold waiting too long" fines and go to his Fines tab
2. Change Koha's language to some other than English
3. Observe that "Hold waiting too long" is still in English
4. Apply patch and run database update
5. Go back to Patron's Fines tab
6. Observe that "Hold waiting too long" is now translated

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 08:50:36 +00:00
Lari Taskula
7163fcfeea Bug 16200: Make 'Hold waiting too long' translatable and give it an unique accounttype
Holds that have expired have been untranslatable in Patron's Fines-tab. Also, they are
mixed with other type of fines with accounttype "F". This patch gives expired holds an
own accounttype "HE" (Hold Expired) and modifies the boraccount to recognize this new
accounttype in order to make it translatable.

To test:
1. Make a hold and let it expire
2. Go to Patron's Fines tab
3. Change Koha's language to some other than English
4. Observe that there is a "Hold waiting too long" fine described in English
5. Apply patch
6. Make another hold and let it expire
7. Update translations
8. Find "Hold waiting too long" from your .po file
9. Translate it and install translations
10. Go back to Fines tab and observe that the new expired hold is translated

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 08:50:36 +00:00
Liz
3311ab44cf Bug 16619 - installer stuck in infinite loop
To test: run the web installer on master, it should not get stuck in an infinite loop.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 08:47:30 +00:00
Robin Sheat
e604538283 Bug 16617 - fix issues with debian/control
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 13:36:48 +00:00
06b9194cdd Bug 16548 - All libraries selected on Tools -> Export Data screen
This patch adds "select all" and "select none" links to the display of
libraries in the export bibliographic records form.

Also modified: call number range and accession date fields have been
grouped in their own fieldsets in the hopes that this is more readable.
Page title and breadcrumbs have been corrected to read "Export data"
instead of "MARC export," matching menu items.

To test, apply the patch and go to Tools -> Export data.

- Test the select all/select none links and confirm that they work as
  expected.
- Confirm that the structural changes to the form look okay.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Post sign-off revision: Use the standard "Clear all" instead of "Select
none."

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:17:28 +00:00
af43f91335 Bug 16569 - Message box for "too many checked out" is empty if AllowTooManyOverride is not enabled
If the limit for number of items checked out is reached, the message box
shows up but is empty.

Test Plan:
1) Disable AllowTooManyOverride
2) Check out items to a patron until the patron has reached the limit
   of checkouts he or she can have
3) Try to check out one more item
4) Note the empty message box
5) Apply this patch
6) Try to check out one more item again
7) Note the message is now visible

Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:15:26 +00:00
fa1dd408ca Bug 16597: Fix XSS in shelves.pl
Reported by
Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:14:03 +00:00
Chris Cormack
c47c835672 Bug 16597: Fix XSS in opac-shareshelf
To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone

Reported by
Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:14:03 +00:00
Chris Cormack
344033c324 Bug 16597: Fix XSS in opac-shelves.pl
To test
1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="><script>alert('XSS')</SCRIPT>
2/ Notice JS is executed
3/ Apply patch
4/ Notice it's fixed

This bug reported by

Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:14:03 +00:00
bb4543f7db Bug 16599: Fix other potentials XSS for shelfname
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:12:15 +00:00
a44a930c07 Bug 16599: Fix XSS in opac-shareshelf.pl
Test plan:
- Create a list with the name "<script>alert(1)</script>"
- On the shelf list, click on share
=> Without this patch you will see the JS alert
=> With this patch applied you won't see it

Reported by Kaybee at Dionach

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:12:15 +00:00
Brendan Gallagher
b99731e2e0 Updating the DBrev for a new dev track (unstable).
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 10:02:31 +00:00
Brendan Gallagher
625e1b77ae Release Notes for 16.05.00
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-26 19:09:36 +00:00
Brendan Gallagher
6d3396ab25 Final DBRev for the 3.23 dev to 16.05
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-26 03:14:05 +00:00
Bernardo Gonzalez Kriegel
9111db96fa Translation updates for Koha 16.05.00 release
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-25 22:56:09 -03:00
73aa490029 Bug 15333: [QA Follow-up] Add few tests
This report had no test plan and no unit tests.
Adding some lines to Holidays.t.
Added a trivial line move in Calendar.pm.

Test plan:
Run t/db_dependent/Holidays.t with and without cache.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested with memcached, Cache::Memory and no cache (edit Cache.pm).

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-25 22:18:28 +00:00
cbd375fab7 Bug 15333: Use Koha::Cache to cache exception_holidays instead of a package variable
On the same way as bug 14522, we should use Koha::Cache to cache
exception_holidays.
It's not safe to use a package variable if running under Plack.

There is not test plan, just make sure the changes make sense.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-25 22:18:27 +00:00
120967a6a9 Bug 16587: Same fixes for the staff interface
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-25 22:14:34 +00:00
4e817ee04c Bug 16587 opac-sendshelf.pl is vulnerable to XSS
To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendshelf.pl?email=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&shelfid=4
2/ Notice you get a js alert
3/ Apply patch
4/ Notice the js is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-25 22:14:33 +00:00
05a014b766 Bug 16587 - opac-sendbasket.pl is open to XSS
To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendbasket.pl?email_add=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&bib_list=3

Where bib_list is a valid basket number
2/ Notice you get a javascript alert showing
3/ Apply patch
4/ Notice the text is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-25 22:14:33 +00:00
Brendan Gallagher
97028f4b89 Updating the Debian/control
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-05-25 20:25:23 +00:00
Bernardo Gonzalez Kriegel
dadd11af22 Bug 13669: followup to add DBIx::RunSQL dependency
Just that

To test:
1) run koha_perl_deps and check it show up

The module appears now on the About page.
Signed-off-by: Marc Véron <veron@veron.ch>

Ammended patch, only change is DBIx::RunSQL version,
now 0.14 :)

Module's author kindly accept to upgrade it, in particular
this makes Bug 16572 innecesary and is not needed to install
without problems.

Tested install on Ubuntu 14.04/Mysql 5.5.49, marc21 + all sample

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-25 09:57:31 +00:00
12faa24f77 Bug 15878 [QA Followup]
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:49:02 +00:00
03f303ce53 Bug 15878 - C4::Barcodes::hbyymmincr inccorectly calculates max and should warn when no branchcode present
Test plan:

1 - prove t/db_dependent/Barcodes.t
2 - All should pass
3 - Apply first patch (unit tests update)
    4 - Tests should fail on values and warnings
    5 - Apply second patch
    6 - All tests should now pass

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described
Removed tab on line 47 of C4/Barcodes/hbyymmincr.pm
No more qa errors

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:42:11 +00:00
48597577d6 Bug 15878 - Updated unit tests for hbyymmincr barcodes
Test plan in second patch

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 15878 - QA Followup

* Remove debug statment
* Move transcation start
* Remove unused testbuilder object

Rebased on top of 16561

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:42:10 +00:00
c7ca98c8d9 Bug 16516: Define the showListsUpdate JS function at the OPAC
Bug 12233 removes the declaration of the showListsUpdate JS function for
the OPAC.
It results in a JS error (ReferenceError: showListsUpdate is not
defined) when a user tries to add selected titles to a list if no title
is selected.

Test plan:
Launch a catalogue search
Select a list in the "Select titles to" dropdown list
=> Without this patch you will get the JS error
=> With this patch you will get a JS alert "No item was selected"

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:40:51 +00:00
908fdb572a Bug 16550: Clean the tests
- replace ok with is
- remove diag
- replace $dbh->prepare->execute->fetchrow with $dbh->selectrow_array

And remove unecessary force to scalar context in pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:37:48 +00:00
Marc Véron
521bfb0827 Bug 16550: Add test to NewsChannels.t
To test: Run t/db_dependent/NewsChannels.t

Tests adding and retreiving a news item without expiration date.
This test should fail without patch for Bug 16550 and pass OK with patch.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:37:48 +00:00
Marc Véron
b5acde6513 Bug 16550: Can't set opac news expiration date to NULL, it reverts to today
This patch fixes an issue with the expiration dates for news always reverting to today if empty.

To test:
- Apply patch
- Go to Home > Tools > News
- Create a news item, do not set expiration date
- Verify that expiration date stays empty
- Edit this news item
- Do not set expiration date
- Verify that expiration date stays empty
- Do the same with expiration dates
- Verify that they are saved properly

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:37:48 +00:00