Commit graph

1245 commits

Author SHA1 Message Date
Nick Clemens
219f7b5c8f Bug 14371: Facets should be sorted by label (displayed) not title (link value)
This patch changes one small line in catalogue/search.pl and opac/opac-search to sort facets by:
facet_label_value
instead of
facet_title_value

To test:
1 - Perform a search with results in two branches e.g. Centerville (code CPL) and Fairfield (code FPL)
2 - Notice that branch facets appear correctly sorted
3 - Rename the branches Centervile->Zebra and Fairfeild->Aardvark (but don't change codes)
4 - Repeat original search
5 - Note that branch facets are no longer correctly sorted
6 - Apply patch
7 - Repeat search
8 - Facets should be correctly sorted
9 - Test in both staff and opac search
10 - Ensure there are no unintended consequences/regressions

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described,  staff AND opac
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-22 11:49:01 -03:00
Chris Cormack
57b01fb655 Bug 14412: SQL injection possible
There is a SQL Injection vulnerability in the
/cgi-bin/koha/opac-tags_subject.pl script.

By manipulating the variable 'number', the database can be accessed
via time-based blind injections.

The following string serves as an example:

/cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)

To exploit the vulnerability, no authentication is needed

To test
1/ Turn on mysql query logging
2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
3/ Check the logs notice something like
  SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
  PROCEDURE ANALYSE
  (EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
4/ Apply patch
5/ Hit the url again
6/ Notice the log now only has
   SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed the problem and the fix for it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-22 11:00:10 -03:00
Jonathan Druart
be35039b55 Bug 4137: Fix the OPACViewOthersSuggestions behavior
This pref does not work at all, the interface let the user choose to
list all suggestions, but whatever he chooses the suggestion list is the
same.

This patch cleans a bit the suggestedby management.

There are a lot of cases to test, because linked to 2 prefs:
 AnonSuggestions and OPACViewOthersSuggestions.
1/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 0
  - A non logged in user is not able to make a suggestion.
  - A logged in user is not able to see suggestions made by someone else.
2/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 1
  - A non logged in user is not able to make a suggestion.
  - A logged in user is able to see suggestions made by someone else.
3/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 0
  - A non logged in user is able to make a suggestion.
  The suggestedby field will be filled with the AnonymousPatron pref value.
  He is not able to see suggestions, even the ones made by AnonymousPatron.
  - A logged in user is not able to see suggestions made by someone else.
4/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 1
  - A non logged in user is able to make a suggestion.
  He is able to see all suggestions.
  - A logged in user is able to see suggestions made by someone else.

In all cases a logged in user should be able to search for suggestions
(except if he is not able to see them).

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
All use cases tested, work as expected
No errors

Only comment is perhaps (in the future) a gracefull failure
when AnonymousPatron is not set, or has '0' value

Message is DBIx::Class::ResultSet::create(): Column 'suggestedby' cannot be null at ...

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-19 11:34:27 -03:00
Katrin Fischer
38048bc420 Bug 14351: Remove given-when from opac-search.pl
Reformats given-when to if-elsif-else in opac-search.pl
to remove the experimental feature and with it a lot
of warnings from the logs.

To test:
- Do several different advanced searches with and
  without expanded search options
- Verify the link back to the search appears above
  the results list and works correctly

See also: test plan on bug 13307

NOTE: Even installed firefox plug in to edit cookies to
      trigger else case. :)

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-17 09:53:47 -03:00
Matthias Meusburger
cc7b795f84 Bug 14280: Add branches fields to discharges letters
Currently, when generating a discharge letter, branches fields are not translated in the letter (<<branches.branchname>>, <<branches.branchaddress1>>, etc.)
This patch fixes that.

How I tested:
- Set syspref 'useDischarge' to 'allow'
- Go to Home > Tools > Notices & Slips
- Edit DISCHARGE, add to 'Email message':
<p><<branches.branchname>><br />
<<branches.branchaddress1>><br />
<<branches.branchaddress2>><br />
<<branches.branchaddress3>><br />
<<branches.zip>> <<branches.city>><br />
</p>
- Go to detail page of a patron > discharge
- Click 'Generate discharge'
- Verify that the PDF contains the information above.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-11 13:12:32 -03:00
0114465ced Bug 14330: Remove unused email_sender from sendbasket/sendshelf
The sendbasket/sendshelf scripts and templates do not use email_sender
as a cgi parameter or as a template var. Probably a leftover from previous
changes.
Let's make Koha cleaner :)

Test plan:
[1] Send your cart from opac or staff.
[2] Send a shelf from opac or staff.
[3] Git grep email_sender. No results.

Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-08 10:38:08 -03:00
Jonathan Druart
5a02cf9b48 Bug 10938: Item columns displayed in random order - OPAC
Same as before for the OPAC.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Good result, no errors

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-05 14:13:39 -03:00
Jonathan Druart
baea0a79d5 Bug 7976: Remove the borrow permission
The borrow permission was used but uselessly.
For instance, at the opac, the flagsrequired parameter was set to
'borrow' but the 'authnotrequired' was set also (which means no auth
required).
At the end, this permission was used at only 1 place: for the basket,
intranet side.
This can be replaced with the catalogue permission (which is used to
search).

Test plan:
1/ Confirm that you are able to show/download/sent the cart (intranet side)
with the catalogue permission.
2/ At the OPAC, you should be able to access the same pages as before
with any other permissions.

Concretely it is quite difficult to test this patch, you should have a
look at the code.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-05 13:43:34 -03:00
2e23236c9f Bug 10824: OAI-PMH repository/server not handling time in 'until' and 'from'
This patch removes the DATE() function from a query on timestamp, and adds a
sub that strips the UTC designators "T" and "Z" from incoming "from" and
"until" arguments in OAI-PMH requests so that they're more compliant with
MySQL (and probably other databases as well). This means that the date
and time for the 'from' and 'until' arguments will be matched correctly
in the database.

This patch also adds 'T00:00:00Z' to 'from' arguments and 'T23:59:59Z' to
until arguments, when only dates are provided via the OAI parameters.

The zero time isn't necessary, since MySQL treats '2013-09-30' as
'2013-09-30 00:00:00' by default. However, the near midnight time
is needed for 'until'. Otherwise, you'll never be able to retrieve
a record with a date/time matching the 'until' argument.

In summary, this patch adds handling for times as well as dates, which
is necessary so that Koha is closer to meeting the actual OAI-PMH spec.

TEST PLAN:

0) Note down a selection of timestamps from your biblio table

1) Enable your OAI-PMH server through the global system preferences
Web services tab.

2) Craft and submit a similar request to the following in your browser:
KOHAINSTANCE/cgi-bin/koha/oai.pl?verb=ListRecords&metadataPrefix=oai_dc&
from=2013-09-02T13:44:33Z&until=2013-09-05T13:44:33Z

Change the exact dates to accord with your timestamps, but keep the
YYYY-MM-DDTHH:MM:SSZ format.

3) Note the unexpected behaviour. A "from" argument with the timestamp
2013-09-02T13:44:33Z will show records from 2013-09-03 but not records
from 2013-09-02 even though the timestamp in the database will say
"2013-09-02 13:44:33".

Also note that records with a timestamp later than 13:44:33 will show
up for the day 2013-09-05, even though they shouldn't.

4) APPLY THE PATCH

5) Resubmit the links you tried above

6) Note that the applicable records now appear (or do not appear) in
accordance with the precise date/time ranges!

--

Developer Note: We could've not stripped the UTC designators and used
DATE() around the parameters in the SQL queries, but that would have
lost the whole purpose of using times in the "from" arguments, since
they would've been generalized to just the dates.

I think this is probably the best solution. Admittedly, creating
"form_arg" and "until_arg" hashrefs in the ResumptionToken object
might not be ideal, but I preferred that to copying the
_strip_UTC_designator subroutine into two other objects. Perhaps this
sub could go somewhere else and be imported into those other two objects
but this seemed to be the most sensible decision. I'm open to other
opinions though.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works, find results with correct timestamp
No koha-qa errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-05 12:53:10 -03:00
Mark Tompsett
1651cf70d1 Bug 5010: Fix OPACBaseURL to include protocol
First, it is strongly recommended to set the OPACBaseURL. But
this patch allows the inclusion of the protocol and not just
a site.

Next, C4/Auth now puts OPACBaseURL into the template parameters
regardless of OPAC or Staff clients.  t/db_dependent/Auth.t was
tweaked to add a check for confirming that get_template_and_user
adds OPACBaseURL to both OPAC and Staff templates.

In the staff client, once the OPACBaseURL is set, you get a nice
OPAC View link when viewing a biblio's detail. It should reflect
the protocol used now.

Hard coded 'http://' strings were removed from the
sample_notices.sql files. This is what required also updating
the letters table in the updatedatabase.pl script.

The explanation text in the sysprefs.sql needed updating too to
reflect the inclusion of the protocol. And this was the other
update done in the updatedatabase.pl script. The opac.pref file
was similarly changed as well.

catalogue/detail.pl had no need to pass a custom OpacUrl value,
since C4/Auth passes the required OPACBaseURL, so it and the
corresponding template were modified.

Both the MARC21 and NORMARC intranet details files had 'http://'
hard coded in them. This was removed.

Both the bootstrap and prog theme opac-detail template had a
protocol parameter that was used. The logic for the parameter
was not removed, because it is used extensively in one template.
Perhaps it should be used to simplify the other. However, the
calculated current_url parameter had references to the protocol
removed, because of the changes to OPACBaseURL.

opac/opac-shareshelf.pl had a hard coded 'http://' which was
removed.

t/db_dependent/Auth_with_cas.t had 'http://' added to the value
set for OPACBaseURL.

In virtualshelves/sendshelf.pl explicit code which sent the
OPACBaseURL preference was removed, since C4/Auth sends it all
the time now.

C4::Context::set_preference was tweaked to ensure that
OPACBaseURL would always start with http.
t/db_dependent/Context.t was tweaked to specifically test this.

The Shibboleth authentication needs OPACBaseURL set, and that
it be https protocol. The _get_uri routine was tweaked to always
pass back https:// as the protocol on the OPACBaseURL.
t/Auth_with_shibboleth.t was tweaked to specifically test the
changes.

TEST PLAN
---------
This is not an easy patch to test. Difficulties include:
- configuring Koha to run under https
    (tweaking apache2 isn't so hard, just tricky)
- configuring Koha to run OPAC and Staff with Plak
    (since code with comments about plak were sliced out)
- configuring Koha to use CAS
    (may be requires for the CAS test)

 1) Apply patch
 2) Make sure OPACBaseURL is set without the protocol included.

UPDATEDATABASE
 3) back up your DB
 4) ./installer/data/mysql/updatedatabase.pl
    -- It should run without errors.
 5) Look up the OPACBaseURL system preference in the staff
    client
    -- It should have http:// prepended.
 6) Run the mysqlclient from your koha git directory
      USE koha_library;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- There should be no prepended http:// on the
       <<OPACBaseURL>>.
 7) restore your DB
 8) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

AUTH
 9) Call up staff client.
10) Call up OPAC.
    -- C4/Auth.pm doesn't barf.
11) Call up Plack staff client
12) Call up Plack OPAC.
    -- C4/Auth.pm doesn't barf.
13) prove -v t/db_dependent/Auth.t

CONTEXT
14) Home -> Koha administration -> Global System Preferences
         -> OPAC
15) Modify and save OPACBaseURL to not have http:// or https://
    on it.
    -- It should be modified to include http://
16) Modify and save another system preference.
    -- It should save normally
17) prove -v t/db_dependent/Context.t

CATALOGUE/DETAIL (tt & pl)
18) Confirm the OPACBaseURL is set
19) Navigate to any biblio details in the staff client
    -- There should be a "OPAC view" link which has the
       correct http:// or https:// in it.

SQL (sample notices and sysprefs)
20) Run the mysqlclient from your koha git directory
      USE koha_library;
      DELETE FROM letter;
      source installer/data/mysql/de-DE/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/en/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/nb-NO/1-Obligatorisk/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/es-ES/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/fr-FR/1-Obligatoire/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/it-IT/necessari/notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/pl-PL/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/ru-RU/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/uk-UA/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- Each of the selects should should lines that have
       <<OPACBaseURL>> starting them, but no hard-coded http://
      DELETE FROM systempreferences;
      source installer/data/mysql/sysprefs.sql;
      SELECT * FROM systempreferences WHERE variable='OPACBaseURL';
    -- The explanation should reflect the new explanation.
      QUIT
21) restore your DB
22) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

SLIM2INTRANETDETAIL
23) Set 'XSLTDetailsDisplay' system preference to default.
24) Set 'marcflavour' system preference to MARC21.
25) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://
26) Set 'marcflavour' system preference to NORMARC.
27) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://

OPAC-DETAIL
28) Set 'opacthemes' to bootstrap.
29) Set 'SocialNetworks' to enabled.
30) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.
31) Set 'opacthemes' to prog.
32) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.

AUTH_WITH_CAS
33) prove -v t/db_dependent/Auth_with_cas.t

OPAC-SHARESHELF
34) Set 'OpacAllowSharingPrivateLists' to allow.
35) In OPAC, 'Save to Lists' a search result.
36) Save it to a new private list.
37) Click the Lists button, and select the new list.
38) Click the Share button.

AUTH_WITH_SHIBBOLETH
39) prove -v t/Auth_with_shibboleth.t
    -- needs to be tests on Debian, because I can't get
       the Test::DBIx::Class installed in Ubuntu. :(

Rebased again on kohadevbox...

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-04 10:00:04 -03:00
Jonathan Druart
c7a8e4dd25 Bug 14266: Trim the email address in the pl script
The original concern of bug 14266 was to provide a compatibility for
<IE9.
But actually we don't need to trim the email address template side.
It will even better to trim it in the perl script, so that the email
will be trimed even if JS is disabled.

Test plan:
1/ Share a list and does not provide any email address
2/ Submit
=> The form is not submited, no alert/message is displayed (same as
before this patch).
3/ Share a list and provide an email address with spaces before and
after
4/ Submit
=> You should receive the email

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Test output compliant with expected test plan outcome.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-01 14:15:58 -03:00
109c610e99 Revert "Bug 6679: Fixing code so it passes basic Perl:::Critic tests"
This reverts commit 8b9a555cc9.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 14:16:31 -03:00
8b9a555cc9 Bug 6679: Fixing code so it passes basic Perl:::Critic tests
opac/ilsdi.pl: Stricture disabled at line 217, column 17.  See page 429 of PBP.  (Severity: 5)

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 10:42:06 -03:00
Aleisha
fd14184873 Bug 14185: Undefined $limit causes warn in opac/opac-readingrecord.pl
This patch sets $limit to be an empty string.

Test plan
=========

1/ login into the opac using your user account credentials
2/ in a terminal, run a `tail -f ` on your instance's opac-error.log
3/ go back to the opac, click on 'your reading history' tab to go to
   opac-readingrecord.pl
4/ notice the warning - "opac-readingrecord.pl: Use of uninitialized
   value $limit" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-readingrecord.pl)
7/ page works but the warning in step #4 is no longer logged
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error

Remarks: Testing result match expected test plan output. The QA tests
         pass with "OK" for the commit.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 10:42:05 -03:00
Indranil Das Gupta
642e6012cd Bug 14186 [QA Followup]: Undefined $reservedfor causes warn in opac-reserve.pl
This is a followup for Bug 14186 that removes the extraneous tab
char on line 470, so that the patch can clear QA tools.

This patch sets $reservedfor to an empty string.

Test plan
=========

1/ in a terminal, run `tail -f ` on your instance's opac-error.log
2/ go to the opac and search from an item that exists on the Koha
   instance.
3/ Select the title (if more than one title is returned) and click on
   'Place hold' link to go to opac-reserve.pl
4/ notice the warning - "opac-reserve.pl: Use of uninitialized value
   $reservedfor" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-reserve.pl)
7/ page works but the warning in step #4 is no longer thrown up
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error

Remarks: Testing result match expected test plan output. The QA tests
         pass with "OK" for the commit.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 10:42:05 -03:00
Aleisha
8fdd352bc9 Bug 14186: Undefined $reservedfor causes warn in opac-reserve.pl
This patch sets $reservedfor to an empty string.

Test plan
=========

1/ in a terminal, run `tail -f ` on your instance's opac-error.log
2/ go to the opac and search from an item that exists on the Koha
   instance.
3/ Select the title (if more than one title is returned) and click on
   'Place hold' link to go to opac-reserve.pl
4/ notice the warning - "opac-reserve.pl: Use of uninitialized value
   $reservedfor" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-reserve.pl)
7/ page works but the warning in step #4 is no longer thrown up
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error

Remarks: The QA test failed - "forbidden pattern: tab char (line 470)".

         Marking this as 'FAILED QA'

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 10:42:05 -03:00
Julian Maurice
1970b245f5 Bug 13687: Move hold policy check into CanItemBeReserved
This way ILS-DI HoldItem and HoldTitle services also benefit from this
check

Test plan:

1/ Define some default holds policies by item type in
/admin/smart-rules.pl
2/ Use ILS-DI HoldItem service and check that those rules are respected
3/ Check that staff and opac hold behaviour is unchanged regarding
these rules.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes tests and QA script. No regressions found,
improves the ILS-DI HoldItem response.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-19 12:05:50 -03:00
159cb0ed05 Bug 13986: Implement fix for OPAC
Tested wit OPAC, full list is printed.
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-15 16:01:47 -03:00
Jonathan Druart
11049f9d02 Bug 13758: Move the Koha version from kohaversion.pl
It will permit not to run another perl interpreter.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2015-05-07 11:39:04 -03:00
432deab9ed Bug 7843: (QA followup) Make news selection persistant
This patch makes the following changes:
1) If there is no logged in patron, the RSS link states it is for
   system-wide news.
2) If a patron is logged in, the RSS link states it is for system-wide
   news *and* news for the patron's home library.
3) The patron's home branch code is embedded in the RSS feed url so
   he or she no longer needs to be logged in for us to know what branch's
   news to pull.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 16:33:21 -03:00
Jonathan Druart
5bbc5834d8 Bug 7843: (qa-followup) Create an RSS feed for news in Opac
1/ use strict and warnings are useless, Modern::Perl is used
2/ Prefer to use the interface and theme TT var instead of the hard
coded path

Signed-off-by: Pierre <tredok.pierre@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 16:12:33 -03:00
Jonathan Druart
cb10626c05 Bug 7843: Remove the useless use of casAuthentication
Certainly a c/p error from opac-main.pl

Signed-off-by: Pierre <tredok.pierre@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 16:12:28 -03:00
Viktor Sarge
22ed7c7d8f Bug 7843: Create an RSS feed for news in Opac
Test plan:
* Install the patch
* Make shure there is news in the Opac
* Go to the Opac (opac-main.pl)
* Make shure you see an RSS icon below the news and a short text.
* Click the RSS icon and verify that you get an RSS feed that validates.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

I took the liberty of fixing the copyright statement when signing it off

Signed-off-by: Pierre <tredok.pierre@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 16:12:25 -03:00
Jonathan Druart
a333a13da5 Bug 8007: (QA followup) Add error handling when generating the pdf
If error occurs when generating the pdf, it would be better to get an
encapsulated error instead of the "software error" message in the pdf
file.
To test this patch I added this change:

b/Koha/Borrower/Discharge.pm
-115,6 +115,7 @@ sub generate_as_pdf {
     say $html_fh $html_content;
     close $html_fh;
     my $pdf = PDF::FromHTML->new( encoding => 'utf-8' );
+    $html_path .= "poeut";
     $pdf->load_file( $html_path );
     $pdf->convert;

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 12:34:21 -03:00
Jonathan Druart
753c8ef6c2 Bug 8007: Compatibility with bug 11944
This patch should be applied to work with bug 11944.
If you don't have 11944 yet, just don't apply this patch.

Note that the line
  binmode(STDOUT);
in pl files is mandatory.

It comes from bug 11944 that adds the line
  binmode( STDOUT, ":utf8" );
in C4::Templates::gettemplate.

Signed-off-by: Lucie <lucie.rousseaux@dracenie.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 12:34:09 -03:00
Yohann Dufour
9ad589189e Bug 8007: Discharge management
This patch is the main patch. It adds new package and files for the new
pages (opac-discharge, members/discharge and members/discharges).

At the intranet, it is now possible to generate a discharge for a patron.
At the opac, a patron can request a discharge and a discharge if it has
been validated by a librarian.

Requirements:
    The perl module PDF::FromHTML

New sysprefs:
 - useDischarge: Allows librarians to discharge borrowers and borrowers
   to request a discharge

New letter with a letter_code DISCHARGE.

Test plan:
- Switch on the syspref useDischarge.
- Verify a new tab appears in the patron page (intranet and opac).
- Verify the discharge cannot be generated if the patron has issues.
- Verify the patron can request a discharge from it's opac area.
- The request appears on the main page (intranet).
- Generate the discharge from the intranet.
- Try to download it (from the opac and the intranet).

Signed-off-by: Lucie <lucie.rousseaux@dracenie.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 12:33:56 -03:00
d90b6d2ba2 Bug 1917 - Add RSS Feeds for Lists
Test Plan:
1) Apply this patch
2) Create one or more public lists
3) View the list in the opac
4) Note the new RSS icon next to the list name
5) Open the link in FireFox or an RSS reader
6) You should see an RSS feed of your list with the title
   and author of each item as a hyperlink to the record details

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>

Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-29 12:08:36 -03:00
Jonathan Druart
6af69c2648 Bug 8992: Interfacing with the Idref webservice
On the detail page (in the opac), if the biblio comes from the Sudoc,
you must have a link (on the right of the author link) which open a popup with
informations about this author (publications by role).

To test:

1/ Switch on the Idref system preference

2/ Simulate a SUDOC record:
  Fill a 7..$3 field with a ppn (032581270 for example).
  Fill the 009 field with an integer

3/ Go to the opac detail page of this notice.
You should see the IDREF link.
If you click on it, a popup displays a loading icon and after a few
seconds (depending of the productivity of the authority :)), a list of
roles. For each role, a table displays all his corresponding publications.

4/ On the right, you have 2 links: 1 for a koha search for this result
and 1 for a SUDOC link

Signed-off-by: valerie bertrand <valerie.bertrand@univ-lyon3.fr>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-28 15:46:26 -03:00
Jonathan Druart
2504ade8eb Bug 10752: Alert if the suggestion has not been added - OPAC
Same as previous patches for the OPAC.

Test plan is the same.

Tested with all patches applied. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-28 15:11:49 -03:00
Marc Véron
20dc9ce5a1 Bug 13917: OPAC: Putting holds still possible by URL even if turned off by system preference
To test:

1)
Prepare an URL that put's a hold in OPAC (see comment #1), e.g.
[YOUR SERVER]/cgi-bin/koha/opac-reserve.pl?biblionumbers=1

2)
Set system preference 'RequestOnOpac' to 'Don't allow patrons to place holds on items from the OPAC.'

3)
Go diectly to this URL.
Result: The page displays to confirm hold (wrong)

4)
Apply patch

5)
Repeat step 3
Result: Redirect to 404 page (OK)

6)
Set system preference to "Allow"

7)
Repeat step 3
Result: The page displays to confirm hold (OK), like it would be from link in OPAC.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 10:18:26 -03:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
simith
f94d4526e5 Bug 13307: Create a link to the last advanced search in search result page (OPAC)
http://bugs.koha-community.org/show_bug.cgi?id=13307

Followed test plan, works as expected (together with other patches)
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

http://bugs.koha-community.org/show_bug.cgi?id=13364
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-13 13:47:34 -03:00
Jonathan Druart
27b534dc56 Bug 11337: Remove the C4::Serials::GetSubscriptions routine
Since SearchSubscriptions is the way to search subscriptions, each call
to GetSubscriptions could be replaced by a call to SearchSubscriptions.

Test plan:
Verify following pages display the same thing as before this patch:
- catalogue/detail.pl
- opac/opac-ISBDdetail.pl
- opac/opac-detail.pl

Verify the following page returns correct results:
- serials/checkexpiration.pl

Verify the Serials UT file still passes:
- prove t/db_dependent/Serials.t

Note: The title filter on checkexpiration now only searches on the title
DB field. I don't think it is a regression, it should be the way to use
this field. Maybe should we add new search fields on this form.
Bug 5337 reintroduces a bug fixed by bug 5864, this patch restore the
right way to search subscription (based on biblionumber).

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-13 10:36:19 -03:00
Olli-Antti Kivilahti
3da4fe2747 Bug 13611 - Serial enumeration not visible in the opac-user.pl when browsing own holds.
Having placed holds on Serial Items with an enumchron, and browsing the
opac-user.pl's "Holds"-tab, the user cannot see which numbers of
magazines/serials he has on hold.

This patch appends the koha.items.enumchron after the title component in the
opac-user.pl's Holds-view.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-09 12:05:36 -03:00
Jonathan Druart
fc100688a4 Bug 6950: Hide the resort option when searching for a tag
If you click a link from the Tag Cloud, the results page offers the
usual select menu to resort your results. However, doing so resubmits
the search as a standard keyword search.

Test plan:
1/ Click on a tag
2/ Confirm that the resort dropdown list does not appear.

Dropdown list disappears with tags as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-08 15:09:23 -03:00
Jonathan Druart
3adddd3410 Bug 3873: follow-up for all other pages
This should fix the issue on other pages.

Test plan:
Try to download and export the basket (intranet+opac sides).

Re-tested for errors in comment #5, they do not longer appear.
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 10:52:10 -03:00
93addad23a Bug 13695: Add ISBD export option for the OPAC cart and lists
This patch adds the option to download records from the cart, and
lists in the ISBD format from the OPAC.

To test (cart):
- Apply the patch
- Add several records to your OPAC cart.
- Go to your cart, and choose 'Download'
=> SUCCESS: There's an ISBD option
- Dowload and open the exported records
=> SUCCESS: The file contains the ISBD format for the records on the cart

To test (lists):
- Add several records to a list (i did it from the cart ;-))
- Open the list
- Choose 'Download list'
=> SUCCESS: There's an ISBD option
- Download and open the exported records
=> SUCCESS: The file contains the ISBD format for the records on the list.

- Sign off :-D

Sponsored-by: Orex Digital

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 10:34:35 -03:00
792b0f764e Bug 13695: Add ISBD export option to OPAC (detail)
This patch adds the option to export a record (from within the
OPAC record detail page) in the ISBD format.

To test:
- Enable ISBD on the OpacExportOptions syspref
- Look for a record on your opac
- On the detail page, notice there's a new ISBD option for 'Save record'
- Choose ISBD
=> SUCCESS: a file containing the ISBD format for the record is downloaded

Sponsored-by: Orex Digital

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 10:34:30 -03:00
Srdjan
ac5130c57c Bug 5786: Correction: Removed erroneous holdability check from opac-search.pl
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-30 13:14:14 -03:00
ebccf4099f Bug 5786 [QA Followup]
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-25 10:33:31 -03:00
Srdjan
1802aa9153 Bug 5786 - Move AllowOnShelfHolds and OPACItemHolds system prefs to the Circulation Matrix
C4::Reserves:
* Added OnShelfHoldsAllowed() to check issuingrules
* Added OPACItemHoldsAllowed() to check issuingrules
* IsAvailableForItemLevelRequest() changed interface, now takes
  $item_record,$borrower_record; calls OnShelfHoldsAllowed()

opac/opac-reserve.pl and opac/opac-search.pl:
* rewrote hold allowed rule to use OPACItemHoldsAllowed()
* also use OnShelfHoldsAllowed() through
* IsAvailableForItemLevelRequest()

templates:
* Removed AllowOnShelfHolds and OPACItemHolds global flags, they now
  only have meaning per item type

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

I have tested this patch left, right and upside down for the last
several months. All tests have passed.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-25 10:33:14 -03:00
Jonathan Druart
d40a2cb176 Bug 11430: OPAC changes
Signed-off-by: sonia BOUIS <sonia.bouis@univ-lyon3.fr>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-11 15:02:41 -03:00
Dobrica Pavlinusic
1ca9adaa56 Bug 13789 - facets with accented utf-8 characters generate double encoded links
Bug 13425 tried to fix XSS in OPAC, by using url filter in template toolkit
on whole generated url. This doesn't work and create double encoded strings
in facets because we are creating url variable by concatenating query_cgi
(which did pass through uri_escape_utf8 on perl side) and other
parameters which have to be escaped in template.

Also, code like

[% SET limit_cgi_f = limit_cgi | url %]

doesn't do anything (at least doesn't apply url filter) so it's not needed.

This patch also fixes encoding of hidden fields used in sort by form.

And lastly, it tries to make facet changes for opac and intranet as same as
possible to simplify future maintencence of this code.

Test scenario:
1. find results in your opac which contain accented characters
2. click on them and verify that results are missing
3. apply this patch
4. re-run search and click on facets link verifying that there are
   now results
5. test sort by form and verify that results are ok
6. verify that facets are still safe from injection by constructing url like
   /cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123
   and verifying that you DON'T see prompt window in your browser

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-07 21:05:04 +01:00
f1ea9624bd Bug 13568 OAI Server doesn't handle properly resumption token
When responding to ListRecords and ListIdentifiers verbs, OAI server doesn't
return proper resumption token. At the end of a result set, OAI server
generates a resumption token even if there isn't anymore records. Consequently,
OAI harverster will send a new request, based on this invalid resumption,
token. OAI Server responds with an empty resultset, which is considered as an
invalid response by most of the harvesters.

TO TEST:

- Find in your DB, a day where a few biblio records have been created. The
  number of created biblios must inferior to OAI-PMH:MaxCount.

- Let say this day is 2014-01-09. Send an OAI-PMH request to Koha OAI Server:

  /cgi-bin/koha/oai.pl?verb=ListRecords&metadataPrefix=marcxml&from=2014-01-09&until=2014-01-09

- At the end of the result, you will see a resumption token which looks like that:

  <resumptionToken cursor="47">marcxml/47/2014-01-09/2014-01-09/</resumptionToken>

  This is wrong. No resumptiion token should be sent since there isn't anymore
  records to harvest.

- Apply the patch.

- Resend the OAI-PMH request. There is no resumption token at the end of the
  result.

- You could test also with ListIdenfiers verb in place of ListRecord.

Signed-off-by: Christophe Brocquet <christophe.brocquet@obspm.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-19 09:49:46 -03:00
Jonathan Druart
a0e5d77a71 Bug 13343: Embed items when send a basket/shelf
When a basket/shelf is downloaded, items are embedded, but not when
sending it by email.

We would expect to get the same file.

Test plan:
On Opac and intranet:
1/ Add records with items to your basket and send it by email.
Verify the file contains items.
2/ Add records with items to a list and send it by email.
Verify the file contains items.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-12 15:33:11 -03:00
295fb70f62 Bug 13335 - Holds and priority display via OPACShowHoldQueueDetails confusing
No matter what the selection of OPACShowHoldQueueDetails is, if it is
enabled it displays a line "Holds and priority:" even if you've opted to
hide one of those!

Test Plan:
1) Apply this patch
2) Test each setting of OPACShowHoldQueueDetails
3) Ensure each setting displays the correct fields ( or lack thereof )

Signed-off-by: Christopher Brannon <cbrannon@debian.localdomain>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-12 15:20:59 -03:00
fd6176d0a5 Bug 13526 - Mandatory fields should not be able to be hidden in borrower self-registration
Currently, mandatory fields in the borrower self-registration can be hidden.
This causes problems since the validator rejects the registration,
even though all required fields on the screen have been filled out.

This is especially a problem when using the system preference
"PatronSelfRegistrationVerifyByEmail", since it automatically makes
"email" a mandatory field.

This patch makes it so that a mandatory field cannot be hidden on
the self-registration page.

_TEST PLAN_

Before applying
1) Hide the "email" and the "emailpro" fields using the
"PatronSelfRegistrationBorrowerUnwantedField" system preference.

2) Make the "email" and the "emailpro" fields mandatory using the
"PatronSelfRegistrationBorrowerMandatoryField" system preference.

3) Note that you cannot see "Primary email" or "Secondary email"
on the self registration page.
(The registration page which can be found by turning
on "PatronSelfRegistration" and filling in
"PatronSelfRegistrationDefaultCategory". The link will be on
opac-main.pl on the right side of the screen under the login box.)

4) Note that you cannot submit a self-registration request as
the system tells you that you have not filled in all the mandatory
fields.

5) Apply the patch && refresh the self registration page

6) Note that you can now see "Primary email" and "Secondary email"
on the self-registration screen".

Signed-off-by: Abby <abbyrobnz@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-18 10:45:10 -03:00
Thomas
bcbcad897a Bug 12702 - Suggestions still accessible in OPAC when deactivated
Added check for suggestions turned off. If off user is redirected to 404 error. If patron suggestions are off guest sugestions will also redirect to 404

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-18 10:40:56 -03:00
Jonathan Druart
f01e616a72 Bug 11944: Fix problems introduced by bug 11515
The game continue...
Patch for bug 11515 introduced regression on this patch set.
To reproduce: search with utf8 characters at the opac
Test plan:
Verify that the issue described on bug 11515 is still fixed and that no
regression is found at the OPAC.

Note that I am pretty sure this patch is not enough.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:55 -03:00
Jonathan Druart
a5ee0f3d70 Bug 11944: Fix suggestion at the OPAC for perl v5.10
Without this patch and using Perl v5.10, on adding a suggestion at the
OPAC, the script explodes with the following error:
"cannot decode string with wide characters".

With this patch, all is fine using Perl v5.10 and v5.18.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:47 -03:00