C4::Koha::get_itemtypeinfos_of was not using plceholders, opening itself up to
potential SQL injection attacks. This patch refactors it to use placeholders to
bind parameters.
I also had to extend C4::koha::get_infos_of to allow us to pass bind parameters into it.
I'm including a test module for C4::Koha::get_itemtypeinfos_of.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch changes all $foo eq undef's to !defined($foo). It also makes misc/spellcheck_suggest/build_spellcheck_suggest.pl have proper syntax.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch corrects what appears to me to be a few defficiencies in the documentation
for C4::items::GetItemsForInventory. I noticed them while writing test methods for this sub.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The SQL in C4::Items::GetItemsForInventory wasn't using placeholders and
bind parameters, possibly leaving itself open ot SQL injection attacks. This
patch changes that.
I've also incliuded a test module for C4::items::GetItemsForInventory.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Here are a few improvments to the test suite to make it easier to write some tests
for C4::Items
I extracted "tomorrow" and "yesterday" methods from a test module into the base class
so that they could be used by multiple test modules
Adding callnumber to items added in the test suite.
I recatored KohaTest::add_biblios a bit to remove the manual count of the number of
MARC::Fields that were added.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This checks that the enrolmentfee for a category both exists, and is greater than 0, avoiding a spurious charge.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch adds code to clean out any NULL fields in rows returned
since NULL fields do not truly meet the filter criteria
It also corrects a bad db field reference.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
If a new order was created and no fund selected, a db error was thrown due to the
'bookfundid' field being set to NULL. This patch sets the first fund retrieved from
available funds as the default selection in the scrolling list.
A further enhancement might be to allow the library to choose which fund is the
default fund.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
From the bug report:
The serialsadditems syspref was ostensibly removed in DB rev 071
(http://git.koha.org/cgi-bin/gitweb.cgi?p=Koha;a=commit;h=5c41ae54e68866f9661e853376537059f4d83f70)
in favor of a new serialsadditems column in the subscription table.
However, this removal was incomplete. It is still created for new installations by:
installer/data/mysql/en/mandatory/sysprefs.sql
installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
and is used in
serials/serials-recieve.pl
serials/serials-edit.pl
admin/systempreferences.pl
Since the system preference was not removed from the sample data scripts, it
is necessary to add another DB rev to remove it - a user may have made a
fresh install of Koha after DB rev 071.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The current serialitems table structure does not provide for a *:1 relationship with
the serial table. This causes a problem when attempting to add multiple items to a given
serial. The db throws an error when attempting to INSERT in serialitems due to serialid.serialitems
being a unique key. A further side effect is that the marc record is updated with the
item inspite of the error. The mods to the serialitems table structure in this patch
drop serialid.serialitems as a key and make itemnumber.serialitems the primary key
creating a *:1 relationship with the serial table. This patch also makes serialid.serialitems
a foreign key referencing serialid.serial to maintain referential integrity.
Fix for duplicate barcode check
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Support multiple timezones via Apache SetEnv. See the perldoc for
admin/env_tz_test.pl on how to configure and test. Minimal changes
to Context itself.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
1. restores a check to itemtype.notforloan to set the norequests flag
2. changes improper boolean OR with AND for checking conditions of setting norequests
3. displays 'Not for loan' for item-level itypes when the itemtype is set to notforloan
4. restores items.notforloan values < 0 allowing holds (ordered items for instance)
We still need a notforhold flag set at the itemtype, and items level
Due to the logic of the underlying picture-upload.pl depending upon the "value" of the
form input controls and this value being translated, the script then failed to function.
This patch changes the input controls so that this should not be an issue.
This issue should be kept in mind, though, so that it can be avoided in the future.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
staff client is defaulting to the ASNCR code instead of the blank above
For some reason the loop used to build the list of values was
setting the first value to the $value variable if $value wasn't
set already, and the default_value was inside rather than outside
the loop. I've removed the setting inside the loop and placed
the default value outide the loop. It's possible I just don't
understand what the original intention was.
Query references to the unused aqorderdelivery table caused a NULL field to be
displayed in the report results. This patch removes those references.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
&NewOrder did not save the branchcode posted with a new order. This patch adds that param.
Added code to select the branch the order is for in the branch dropdown list on
acqui/orderreceive.pl
Updating POD and tests
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch corrects display descrepancies when filters are applied to the
acquisitions report. It also corrects a number of other issues with this
report.
Some documentation changes may be in order based on report filters that
were only partially implimented, but are now available.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
It appears that Perl 5.10 does not like ${@$foo}[0] but rather wants $foo->[0]
The latter is also much more readable. This patch makes the change.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
C4::Context->preference was not using placeholders and was potentially vulnerable to
a SQL injectin attack. This patch refactors the method to use placeholders.
Added some tests for C4::Context.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The lines for each item in the overdue notices were not separated by newlines. This cause them to
all be smashed together. I'm putting a newline between them.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
You've been warned :-). This patch contains a more
complete mapping of UTF-8 to ASCII. The mappings are
based on those compiled by Richard Mahoney on the
Zebra list: http://lists.indexdata.dk/pipermail/zebralist/2007-August/001707.html
Note to documentation team: we need an area in the
documentation that discusses how Koha handles searches
and indexing for words that contain diacritics, such
as E-ACUTE (vs E without an acute). If you can paste
this list of mappings from this patch directly into
the docs and it preserves the encoding that would be
great.
NOTE: I don't think this patch addresses issues of
combining vs non-combining forms, and may require
a refactor to address that.
Josh
There should be a documenation change at least for 3.0 to the effect that on systems
not running JavaScript, 'incremental' is the only option available for autoBarcode
although other options appear. A fix for this will hopefully appear in 3.2.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch corrects somewhat the inconsistent use of the autoBarcode syspref in serials-edit.pl
It does not impliment all the possibilities currently available in the autoBarcode syspref as
there is currently no support for the js plug-in/drop-in feature in serials-edit.pl. So in this
sense, the autoBarcode syspref is still used inconsistantly here. The fix for this is recommended
for rel_3_2
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Adding code to refresh "Lists" button lists display in OPAC masthead.inc
Adding javascript to force refresh of parent window to update "Lists" button menu
Adding query limits and ability to specify row count and offset in queries related to Virtualshelves.
Also added the ability to return total record counts for specified virtualshelves.
Adding C4::VirtualShelves::GetRecentShelves which returns a list of the most recently modified shelves for
a given set of parameters. This allows the user to be offered active private and open lists to add books
to in drop down menus while also allowing drop down menus to be limited to a reasonable length.
This also limits the shelves stored in the user's session to a fixed number. A further enhancement might
be to add a syspref to enable a staff member to define the limit. Currently it is hardcoded at 10 per
list type (private/public-open).
Adding pagination to list/shelf related screens
Moving refresh shelves code into C4::VirtualShelves::RefreshShelvesSummary and tidying up a bit
Correcting several inconsistancies in the shelves templates as well as handling shelf management on
the intranet side correctly.
Correcting "Add To:" drop-down list to show only lists the patron has permission to add to
Correcting a few C4::VirtualShelves::GetShelvesSummary API calls
Modifications for template consistancy
Breaking up a 1367 char line of javascript in opac-results.tmpl
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Edit functions here are limited to renaming and changing the type. No one can view
a list except the list owner unless it is public.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
