This patch updates acquisitions, suggestions, and ERM templates so that
title tags can be more easily translated.
To test, apply the patch and confirm that the following pages have the
correct title tags:
- Acquisitions -> Acquisitions home
- Ordered
- Spent
- Vendors: Search, new, edit
- Baskets: New, edit
- New order
- From an empty record
- From an existing record
- From existing orders (copy)
- From a suggestion
- From a subscription
- From an external source
- From a staged file
- Basket groups
- Receive shipments
- Uncertain prices
- Late orders
- Suggestions
- Invoices
- Invoice details
- Invoice files
- Receive orders
- Transfer order
- Cancel order
- EDIFACT messages
- Order search
- ERM
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates icons which are listed as having changed names in
this document:
https://fontawesome.com/docs/web/setup/upgrade/upgrade-from-v4
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch finds places in the updated breadcrumbs markup where a
translatable string is isolated in a way that makes it hard for the
translation script to find it, and wraps these strings with <span>
This follow-up includes a change to admin/cities.tt as well.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates several acquisitions-related templates so that they
use the new WRAPPER for displaying breadcrumbs.
To test, apply the patch and test each page and its variations.
Breadcrumbs should look correct, and each link should be correct.
- Acquisitions home
- Vendor search results
- Basket details
- Cancel order
- Create EDIFACT order
- Basket edit
- Basket deletion confirmation
- Add to basket
- From a staged MARC file
- From existing orders (copy)
- Basket groups (create, edit)
- EDIFACT messages
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a page-section class to each supplier block
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
What this patch does:
- change the navigation bar style
- change the breadcrumbs style
- change the "last borrower" link style
- move the search bar inside the navigation bar
- move the help link to the same row as the breadcrumbs
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
-Apply patch
-Add some vendors and give them an internal note
-Go to /cgi-bin/koha/acqui/booksellers.pl
-Notice that there is a column which includes the internal note
Signed-off-by: Andrew Fuerste-Henry <andrewfh@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a new vendor_type field when creating/editing vendors
and displays the field on search and details for a vendor
To test:
1 - Apply patch, update database
2 - Edit/create a vendor in acquisitions
3 - Note new 'Vendor type' field, free text in editor
4 - Save a value
5 - Confirm it displays in vendor search results and vendor main page
6 - In Authorised values add a new value to 'VENDOR_TYPE' category
7 - Confirm the description of VENDOR_TYPE shows and makes sense
8 - Add/Edit a vendor, note the vendor type is now a dropdown selection
9 - Save with a value
10 - Confirm the description shows in results and vendor page and vendor details
Signed-off-by: Caroline <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: KIT Library Germany <michaela.sieber@kit.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes a number of changes to the vendor search/view template
in order to make it work better in different contexts:
- Add a vendor-specific toolbar under each vendor search result. This
gives instant access to the options for a new basket, new contract,
vendor edit, or to receive shipments. A delete button will appear if
available.
- Add a summary of the number of baskets and subscriptions. This helps
the user know if there are closed baskets and whether an outstanding
subscription might be blocking the option to delete. Each number is
linked to the view of those entries.
- Indicate whether a vendor is inactive. The vendor name appears in a
different color when it is inactve and is labeled as such.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- To test you should have multiple vendors in your system, some active
and some inactive. Add some baskets and subscriptions to one or more
if necessary.
- Go to Acquisitions and submit an empty vendor search to show all
vendors.
- Verify that the page looks correct and that all controls work as
expected.
- Open the basket view for a single vendor and compare the two views.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes some corrections to issues found during testing:
Some duplicate headings, a markup error in labeledMARCdetail.tt, a
change of the transfers heading from "Branch transfers" to "Item
transfers."
This patch also undoes the changes to the position of the toolbar on
several pages. I think those changes don't belong in this bug.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Changed each of the pages in the acqui folder to have one <h1> tag
showing that describes the page, rather than the <h1> describing the
logo.
The hierarchy of heading tags may be broken in many pages, but this
will be dealt with in an additional bug.
To test:
1) Go to the Staff Client
2) Apply patch
3) Go to each of the pages in the acqui folder and check that they have
an obvious and descriptive heading
4) Ensure that the heading in the page is <h1>
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To be nicer with translators.
Update the PO files for whichever languages will show how this is
useful.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Rebased-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch modifies the "Add to basket" modal in acquisitions so that
focus is automatically moved to the first form field when the modal
appears.
The patch also corrects the modal markup so that it's more consistent
with default Bootstrap markup.
To test, apply the patch and go to Acquisitions.
- Search for a vendor and, if necessary, create a basket.
- Click the "Add to basket" button. The modal which appears should
have a header reading "Add order to basket <basketname>"
- The form field should have cursor focus.
- View the basket and click the "Add to basket" button in the toolbar.
- The modal shown should also be correct.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Swapped the order of the page titles to have the unique information first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the modules folder and the modules/acqui folder are swapped around to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to
these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies several acquisitions templates to replace the use of
the "title-string" DataTables sorting method with the newer "data-order"
attribute.
To test, apply the patch and view the following pages to confirm that
columns containing dates sort correctly when using any setting of the
"dateformat" system preference:
- Acquisitions -> Vendor search
- Acquisitions -> Vendor -> Basket -> Add to basket
-> From a staged file
-> From existing orders (copy)
- Acquisitions -> EDIFACT messages
- Acquisitions -> Order search
- With AcqEnableFiles enabled, attach some files to an invoice:
- Acquisitions -> Invoices
Acquisitions -> Invoices -> Manage invoice files
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I think the "breadcrumbs" ID is worth saving for past and future CSS
customization reasons.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Modified breadcrumbs to be accessible, in particular for a
screen-reader.
Made the block of breadcrumbs be a <nav aria label="Breadcrumb"
class="breadcrumb"> with an ordered list inside. The last breadcrumbs
also has aria-current="page" to specify that it is the current page.
To test:
1) Apply patch
2) Build scss file
3) Ensure each of the files in the modules folder and the modules/acqui
folder has breadcrumbs that are in a <nav aria label="Breadcrumb"
class="breadcrumb"> block
4) Ensure that there is an ordered list in the block of breadcrumbs
5) Ensure that the last breadcrumb has aria-current="page"
6) Ensure that the breadcrumbs on each page of the staff client
belonging to these files look the same as before, but the '>' symbol
is replaced with '/' and the last breadcrumb has bold text
7) Ensure that when the last breadcrumb is clicked it takes you to the
page you are currently on
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch add the noExport class to all "Actions" columns in the
codebase.
It's a stupid search and replace, maybe the class is added to table
where there is no export button.
Test plan:
Search tables where the export button is available. Confirm that the
"Actions" columns is not exported.
Example: /admin/branches.pl, /admin/cities.pl
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In French, everything has one of the binary genders (male or female),
and it affects the past tense verb agreements.
This patch adds contextualization for the "Created" verb
The following files have been modified:
booksellers.tt - refers to a basket
basket.tt - refers to a basket
transferorder.tt - refers to a basket
memberentrygen.tt - refers to a patron restriction
suggestion.tt - refers to a suggestion
To test, apply the patch and visit all those pages in English to make
sure there is no change.
1) Go to Acquisitions
2) Search for vendors
3) On the vendors result pages, check the 'Created by' column heading
of the baskets
4) Click on one of the baskets, check the basket info at the top,
it should say 'Created by:'
5) Click Transfer on one of the orders
6) Search for and choose a vendor
7) In the list of that vendor's basket, it should say 'Created by'
8) Go to a patron's account
9) Add a manual restriction in the Restrictions tab at the bottom
10) In the restriction info, it should say 'Created'
11) Click on the Purchase suggestions tab on the left
12) Add a new suggestion
13) In the Suggestion management section, it should say 'Created by:'
14) Submit the suggestion
15) From the list of suggestions, click on the title
16) In Suggestion management, it should say 'Created by:'
Next, install a new language (fr-CA used as example)
1) translate create fr-CA
2) open fr-CA-messages.po and add a translation for 'basket created by',
'patron restriction created on' and 'suggestion created by' (it doesn't
have to be real, just write something different for each)
3) translate install fr-CA
4) in the system preferences, enable the french language in
'language'
5) change interface language to french
Redo the tests above to make sure the word you put in the translation
for the basket is in the places where 'Created by' refers to a basket, that
the translation for the patron restriction is where it should be and that
the translation you put in for the purchase suggestion is in the places where
'Created by' refers to a purchase suggestion
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The modal needs to be defined in both cases.
Test plan:
Repeat test plan from bug 23031 and click on the buttons!
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Since bug 21364 we have 'view' then 'add to basket' that is accessible
in 2 clicks. We should have it directly accessible.
Test plan:
Create a new basket
Add a new order to the basket (note that the link is directly
accessible)
When a new order is added you can close the basket from the basket list
view
Note that the dropdown button displays correctly
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch modifes the process of searching for an existing record
to add to a basket. Now the search is performed as a keyword search in
the regular catalog rather than via a custom search script. Options are
added to the search results and detail pages to add results to an order.
This process follows the same pattern as the "Search to hold" feature:
When the search is initiated, a cookie is set with the requisite
information--in this case vendor id and basket number.
If the search results or bibliographic detail pages detect that a
"searchToOrder" cookie is present, the correct "Add order" link will be
shown. Like with the "search to hold" feature, the cookie expires in 10
minutes.
To test, apply the patch and log into the staff client as a user who has
permission to add to a basket in acquisitions.
- Go to Acquisitions -> Vendor -> Basket -> Add to basket.
- Using the "From an existing record" option, perform a search.
- On the search results page, test the "Add order" link which appears
with each result. Clicking the link should take you to the "New
order" page for the correct vendor and basket. The catalog
details section of the form should include the correct information.
- From the search results page view the bibliographic details page for
any record. There should be a new toolbar button, "Add order." Verify
that it works correctly.
- Test the same thing from all bibliographic detail pages: Normal,
MARC, Labeled MARC, ISBD, as well as the items page
(moredetail.pl).
- Test this process for both the locations in acquisitions where one
can add to an existing basket: Vendor search results and the basket
detail page
- Test the cookie timeout: Wait 10 minutes and perform another catalog
search. The "Add order" link should no longer be present.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Fetch 'uncertainprices' when getting basket info. A side effect is that styling on baskets with uncertain prices is restored by this bug. They will appear in red
To test:
1 - Add an order with an uncertainprice to the basket
2 - Return to vendor baskets view
3 - Note the actions now include "Uncertain prices"
4 - Click that, resolve the uncertain prcie
5 - Return to vendor basket view
6 - Note you can now close the basket, but don't
7 - Edit the basket, mark it as standing
8 - Return to vendor basket view
9 - Note you cannot close the basket
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Have a vendor
2 - Add some empty baskets
3 - Add some non-empty baskets
4 - Search for vendor and note you now
a - Can only 'View' empty or closed baskets
b - Have a dropup menu to 'Add to ' or 'Close' open baskets
5 - Confirm things look correct and buttons work
6 - Confirm that basket name is now a link to view basket
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
DataTables are used on enough pages in the staff client that it
doesn't make sense to put inclusion of the CSS into each template
where it is needed. This patch moves includes of datatables.css from
individual templates into the global header file.
To test, apply the patch and view various pages which have DataTables.
View various styles of DataTables, e.g.
- Full pagination, like item search results
- Four-button, like Saved SQL reports
Everything should look the same as it was.
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies staff client templates to remove the "type"
attribute from <style> tags. The attribute is no longer valid.
To test, apply the patch and confirm the changes to the templates. The
appearance of the staff client should be unchanged.
Validating pages from the staff client should not return any errors
related to the <style> "type" attribute.
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Why? Because we must filter the variables when we display them.
If we escape them on assignement, they will be double escaped:
[% XXX = "<span>pouet</span>" | html %]
[% XXX | html %]
=> <span>pouet</span>
Also it will bring trouble if we are assigning a structure (see bug
21663 for instance).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
1) Check files modules/about.tt, modules/acqui/booksellers.tt and
modules/acqui/invoices.tt for typos nad check that there are no "biblio"
and only "biblographic record".
Fixed one capitalization error during signoff.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several acquisitions templates to use the Bootstrap
grid instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Acquisitions -> Home page
- Acquisitions -> Vendor search results
- Acquisitions -> Vendor -> Basket groups
-> Edit
- Acquisitions -> EDIFACT messages
-> View EDIFACT message
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1) Go to Acquisition and search for a vendor, you are presented with vendors and their baskets
2) Look to Created by column
--> without patch only firstname is shown
--> with patch you should see full name
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In order to simplify and make uniform the code, the controller scripts send
a Koha::Patron object to the templates instead of all attributes of a patron.
That will make the code much more easier to maintain and will be less
error-prone.
The variable "patron" sent to the templates is supposed to represent the
patron the librarian is editing the detail.
In the members module and some scripts of the circulation module, the
patron's detail are sent one by one to the template. That leads to
frustration from developpers (making sure everything is passed from all
scripts) and to regression (we got tone of bugs in the last year because
of this way to do).
With this patch set it will be easy access patron's detail, passing only
1 variable from the controllers.
Test plan:
Play with the patron and circulation module and make sur the detail of
the patron you are editing/seeing info are correctly displayed.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field Name that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies some staff client acquisitions templates so that
JavaScript is included in the footer instead of the header.
This patch adds a JavaScript file, acquisitions-menu.js, which controls
the highlighting of the current page in the sidebar. Highlighting will
be temporarily broken for pages which have not been modified to include
this file
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Acquisitions home page
- Datatable, Inactive budget controls
- Vendor search results
- Acquisitions -> Vendor search
- Datatables, "Show all" links
- Basket
- Acquisitions -> Vendor -> Basket
- Datatables, button controls, add managing user
- Add to basket from a staged file
- Acquisitions -> Vendor -> Basket -> Add to basket from a staged file
- Datatables, tabs, selection controls
- Edit basket
- Acquisitions -> Vendor -> Edit basket
- Form validation
- EDIFACT messages
- Acquisitions -> EDIFACT messages
- Datatables, message preview
- Orders search
- Acquisitions -> Order search
- Full orders search form
- Patron autocomplete in "Basket created by" field
- Datepickers
- Orders search results
- Datatables, column visibility
- Invoices
- Acquisitions -> Vendor -> Invoices -> Invoice
- Form validation, datepickers, datatables
- Invoice files (enable AcqEnableFiles preference)
- Manage invoice files
- File list datatable
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.
Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch provides the functionality to hide inactive vendors from the
vendor search.
To test:
1) Make sure at least one vendor is inactive
2) Do a vendor search
3) Confirm the link to show only active vendors works, and is replaced
with a link to show all vendors when clicked
4) Confirm the link to show all vendors works, and is replaced with a
link to show only active vendors when clicked
Sponsored-by: Catalyst IT
Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The staff client CSS is not language-specific, so it can be moved out of
the en/ directory and thus not be duplicated for every translation.
In order to be able to have a generic path to the YUI CSS files, the YUI
directory is moved by this patch to the staff client's lib/ directory.
To test, apply the patch and visit various pages in the staff client.
Look in particular at pages which include more than the standard CSS.
For example:
- The staff client login page.
- The staff client home page.
- Patron -> Set permissions.
- The advanced cataloging editor.
- Acquisitions -> Vendor -> Basket groups.
- Tools -> News -> Edit news.
- Administration -> System preferences.
Revised: I intended for this to be built on top of Bug 15883. Now it is.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of 15883
Works as described, all pages on test plan
No Errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>