This patch updates the jQuery validation plugin in both the staff
interface and the OPAC to the latest version, 1.20.0.
To test, apply the patch and clear your browser cache if necessary.
Test various pages in the staff client to confirm that form validation
works as expected:
- Patron password change form:
- Password must conform to minPasswordLength
- Password must not contain leading/trailing spaces
- Passwords must match
- Administration -> Add or edit budget:
- Description, start date, and end date are required
- Start date must be before end date
- Administration -> Add or edit Z39.50/SRU server:
- Server name, hostname, port, and database are required
- Port, rank, and timeout must be a number
Perform the same check of the "Change password" form in the OPAC.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 8deffec3155f54b7209f1465942fd8fbea23da5e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 8c18a73493)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Note: This is handled now just like opac-reserve.
Test plan:
Disable ArticleRequests and hit the page.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8afcbe0bbb556cb19ff2e33e56cf3bcb8dd13d11)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c4d3486511)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
This code is a bit weird, its purpose it to auto select the library depending on the IP.
A problem appears if the same IP is used, then the user's choice will
might be overwritten randomly by another library.
To recreate the problem:
Turn on AutoLocation
Use koha/koha @CPL for test
And the following config:
*************************** 1. row ***************************
branchcode: CPL
branchname: Centerville
branchip: 172.18.0.1
*************************** 2. row ***************************
branchcode: FFL
branchname: Fairfield
branchip: 172.18.0.1
*************************** 3. row ***************************
branchcode: FPL
branchname: Fairview
branchip: 172.18.0.4
Connect and select CPL. Randomly FFL will be picked instead.
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Tested this on top of 35890 and 35904 because git bz said they were required dependencies.
Figured out the IP Koha was seeing me as coming from in /var/log/koha/kohadev/plack.log.
Added that IP to the branchip for Centerville, Fairfield and Fairview. Set AutoLocation = Yes.
After this I could recreate the problem: If i left the "Library" field in the login screen
at "My Library" I got logged into a random library selected from the three i had set
branchip for. Applying the patches fixed this, as expected.
Tests pass, with AutoLocation off.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4efe74fe12075298680965db3605f717f1da10d0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e00cfb3c7b3954e545ad4b363bff48a8f4345d0a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7073d11457)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
It is never used and add confusion
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0ce8cc4c05bc96503172018775ba574e41b40ecb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 16a7ac0fe7)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Without this patch, we get an error trace whe calling AuthenticatePatron
The method Koha::Patron->update_lastseen is not covered by tests!
(cherry picked from commit 3417a7052a)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch introduces some tests on the current (and new) behavior for
the `checkpw` function.
I needed it to better understand if an edge case was actually possible
(it wasn't).
Found a really minor annoyance for the internal check with expired
password not returning the $patron object for consistency with the other
use cases.
I think this method deserves (at least) changing the return value to a
sane data structure. But that's not target for backporting to stable
releases. So a separate bug.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5476b18e7ea34e08d9dd163e2c446d5b223cf032)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 76bda46ad5a4916aa907f2eb11f81eaaedf19f37)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Imagine we have a set of users. Some of those users have a NULL userid. We then call AuthenticatePatron from ILS-DI for a patron with a NULL userid, but a valid cardnumber. We call checkpw, which returns the cardnumber and userid. We then call Koha::Patrons->find on the userid *which is null*, meaning the borrowernumber returned is not the correct one, but instead the earliest patron inserted into the database that has a NULL userid.
Test Plan:
1) Give three patrons a userid and a password
2) From the database cli, set all patrons's userid to null
Run this query: update borrowers set userid = null;
3) Call AuthenticatePatron with username being the 1st patron cardnumber,
and password being the password you set for that patron
http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=kohacard&password=koha
4) Note you get back a borrowernumber for a different patron. Refresh the page and the number is correct.
5) Do the same with the 2nd patron. Same issue at 1st and correct number after.
6) Apply this patch
7) Restart all the things!
8) Do the same with the 3rd patron.
9) Note you get the correct borrowernumber! :D
10) prove t/Auth.t t/db_dependent/Auth_with_ldap.t t/Auth_with_shibboleth.t t/db_dependent/Auth_with_cas.t
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9ba199c2acc33873154c167e73e86a5e786084cb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f6c2bdf2163239eddef379ff34e769dfdaeac9ca)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 29782174570a331c1b9f1ac8196ce06364f8f691)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Currently when a patron with an expired password is authenticated via the API a 500 error is returned rather than a 400 "Validation failed" error. This patch catches the return value for an expired password and returns the validation failure before the patron search is attempted.
Test plan:
1) Choose a patron and set their password expiry date to a date in the past
2) Send a request to auth/password/validation as an authenticated user with that patron's details
3) The response should be a 500 error
4) Apply patch
5) Repeat steps 1-3 and this time the response should be a 400 code with an error message of "Password expired"
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f3bb885052)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit df9d4b0f55)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 24f067b0cf)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
To test:
1 - Place 3 holds on a bib, each for a different patron
2 - IN the db, set the first hold to be expired:
UPDATE reserves SET expirationdate='2023-01-01' WHERE reserve_id=1;
3 - Refresh the holds page for the biblio
4 - Note the first hold now says 'Expired' in the expiration date column
5 - Set an expiration date for the last hold
6 - Click 'Update holds'
7 - Note the date is applied to the second hold
8 - Delete the holds
9 - Apply patch
10 - Repeat 1-6
11 - Confirm only the correct hold is updated
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit ca5378cd94)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
This patch follows the logic of bug 32166 and adds specific inputs for each order to avoid any misalignment when some records are not imported
To test:
1 - Find a vendor in acquisitions
2 - Create or find an open basket
3 - Add to basket form a new file
4 - Stage file and add to basket
5 - Select the second record in the list
6 - Enter price info
7 - Save (don't forget, you need to set item type in the second tab)
8 - The order has no price info!
9 - Apply patch
10 - Repeat 3-7 above, staging file fresh
11 - Confirm order has correct prices
12 - Test with a file with many records
13 - Confirm any combination of choosing/skipping records works as expected
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Validate that the files in linking files are contained within the ZIP.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
There's no reason to allow symlinks for link files in cover image
ZIP files. Preventing their use prevents someone from uploading
a symlink pointing to an existing file on the Koha server.
Test plan:
0. Apply patch and restart/reload Koha
1. Create a PNG cover image
2. Create a datalink.txt file that contains something like the
following:
29,Untitled.PNG
3. Turn on "LocalCoverImages" system preference
4. Upload via http://localhost:8081/cgi-bin/koha/tools/upload-cover-image.pl
5. Go to http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=29
6. Note the cover image has been uploaded
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
This change sanitizies the field input on cataloguing/ysearch.pl
Test plan:
0. Apply the patch and restart/reload Koha
1a. "Add marc21_field_260b.pl plugin to 260$b in the Default framework"
1b. Go to http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?
op=add_form&tagfield=260&frameworkcode=#subbfield
1c. Choose "marc21_field_260b.pl" from the dropdown next to "Plugin"
1d. Click "Save changes"
2a. "Add new record"
2b. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?frameworkcode=
3. Click on tab "2" and scroll down to 260 "b"
4. Type in "Ori" into 260 subfield b
5. Some autocomplete suggestions should appear
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
We should not just look at Click.
Test plan:
[1] Apply the example patch for a Blur action in barcode.pl.
[2] Check that barcode.pl is active in your framework and that
autoBarcode is not disabled.
[3] Open the browser dev console.
[4] Tab a few times through barcode in the neworderempty form of
Acquisition. If you leave the field, the Blur event fires.
=> Without this patch you will see two console lines (FF may
show a little '2' icon at the right side) added. With this
patch just one.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jan Kissig <jkissig@th-wildau.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e9326f0e86)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c8685d088a)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
test plan:
a) build a new basket + order line using "item create on placing an order"
b) in the item creation dialog (neworderempty.pl) please use the webbrowsers dev tools to analyze the [...] button next to subfield d (Date acquired) and inspect the events that get fired by clicking
c) notice the Clicktag_952_subfield_d_* event gets fired twice.
d) apply patch and reload page
e) there should be only 1 click handler left (besides the jquery one), which points to the Clicktag_952_subfield_* function
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
See also bug 35298. You may have seen that the Focus event of dateaccessioned
did not fire. But that is related to use of Flatpickr in this plugin.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ec3fe5d41e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f846ee85ec)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
These would be forwarded to Koha::Objects->as_list and crash on
unknown column.
Test plan:
Logout from staff.
Enter URL /suggestion/suggestion.pl
Without this patch, it crashes. Now it does not.
Note: The crash may show auth_forwarded_hash but I also saw
koha_login_context passing by. Same issue.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e2821c7962)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 898e0d7979)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Test plan:
Verify that setting focus to date acquired field in items editor
fills date of today when field is empty but does not replace existing
date.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0583deac95)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 5ca56bf8b3)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Code lifted from bug 31794 to fix already backported bug 26611.
Unit tests included.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 40115a2c8cba3e081ffd0710899ef4556a3bbb54)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>