This patch adds the use of C4::Scrubber to the processing of input
from the patron self-registration form, thereby closing off one
avenue for Javascript injection.
To test:
[1] Use the OPAC self-registration form to enter a new patron,
and set its address to something like:
<span style="color: red;">BAD</span>
[2] In the staff interface, bring up the new patron record. The
address will show up in red, indicating a successful HTML
injection.
[3] Apply the patch and use self-registration to enter a new
patron with a similar case of unwanted HTML coding.
[4] Bring up the second patron in the staff interface. This time,
the undesirable HTML tag should not be present.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Tags are not present on testing.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed bug and that the patch fixes it.
Passes all tests and QA script.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
If BorrowersTitles is empty, it causes the library pulldown on the self
registration page to be empty, and to have the "Saluation" field have
the option "branches".
This patch also fixes a minor string capitalization issue.
Test Plan:
1) Enable OPAC self registration
2) Set the system preference BorrowersTitles to be empty
3) View the self registration page
4) Note the lack of branches in the home library pulldown
5) Apply this patch
6) Note the branches now display in the pulldown
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested in bootstrap and prog OPAC, with BorrowersTitle configured
and emptied.
Passes all tests and QA script.
Note: The titles pull down has 2 empty entries in master with
and without the patch.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Enable patronimages
4) Verify patron images are still displaying correctly
5) Test deleting a patron image
6) Test adding a patron image from moremember.pl
7) Test adding a patron image from tools/picture-upload.pl
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
With the addition of opac-memberentry.pl to the OPAC we lost a way to
display the image associated with a patron's account. This patch adds
display of the patron image to opac-memberentry.pl now that
opac-userdetails.pl and opac-userupdate.pl are deprecated.
To test:
1. Log into the OPAC as a patron who has an image associated with their
account. View the "my personal details" tab and confirm that the
patron image appears with and without OPACPatronDetails enabled.
2. Log into the OPAC as a patron who has no image associated with their
account. View the "my personal details" tab and confirm that the
layout looks correct.
3. Turn off OPACpatronimages and confirm that the "my personal details"
page looks correct.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with OpacPatronDetails and OpacPatronImags turned on/off
and it's working well.
Template only changes.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Adjusts calling conventions to use hashrefs and eliminate redundant
procedural/OO mixed code.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
- Adding simple style to register link on home page
- Adding unique ids to new pages and to blocks containing
registration links
- Adding better page titles and breadcrumb links to some pages
- Correcting bug which meant incorrect message showed on registration
page when OPACPatronDetails preferences is turned off
- Passing patron details to opac-memberentry.tt so that patron's
name can be displayed in breadcrumbs
- Improving display in staff client of patron record updates
waiting to be approved.
- Adding a sort by name to output of pending patron record updates
- Adding updated JqueryUI library files to include expanded widget
options.
The changes in this patch require the addition of the jQueryUI
Accordion widget. Other pending patches are seeking to add
enough of the other remaining missing widgets that it seems time
to go ahead and add the rest.
Future submissions which add usage of these widgets will have
to be careful to make changes to Koha's CSS where necessary.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This development will add the ability for a new patron to register
himself or herself. The self-registration will attempt to match this
newly inputted data to any existing patrons and if any possible matches
are found, ask if the patron is sure he or she doesn't already have an
account at the library. A system preference may be set to prevent patron
self-registration if the system detects the possibility that the person
may already have an account.
Once the patron has registered, passing a captcha (or similar
bot-stopper), the patron will then be optionally verified a second time
via email. At this point, the patron will be able to print a temporary
library card (optional by system preference), and will be provided any
details necessary to access electronic resources (this body of text
would be a template in the slips and notices system). At the library's
choice, this new patron would either be set to a temporary patron status
(patron type set via system preference), or a fully-fledged patron
(allow patron type to be determined by age and/or other attributes).
Assuming the library uses temporary patron types for OPAC registrations,
this patron will next enter a queue and would need to physically enter
the library to verify himself and become a fully-fledged patron (most
likely by bringing in physical proof of address, etc.). The librarian
would look up the patron record and modify the patron type. If a
temporary patron has not been verified within a certain time frame
(defined by a system preference), the patron record will be deleted
from the system via a cron job.
For registered patrons, the system will allow each person to also
update his or her personal data via the OPAC. When a patron updates his
or her information, the changes will be entered into a queue to be
verified by a librarian (preventing a patron from inputting obviously
bogus data). The staff client home page will display the number of
patron records with changes awaiting approval. A librarian would then be
able to click through a list of modification requests, and approve or
deny each (with approval and denial alerts being sent to the patron via
the standard messaging system).
NEW SYSTEM PREFERENCES
* PatronSelfRegistration
* PatronSelfRegistrationDetectDuplicates
* PatronSelfRegistrationVerifyByEmail
* PatronSelfRegistrationPrintTemporaryCard
* PatronSelfRegistrationUseTemporaryStatus
* PatronSelfRegistrationExpireTemporaryAccountsDelay
NEW NOTICE
* Verify by email notice
NEW SLIP
* Temporary card slip
NEW CRON JOB
* delete_expired_opac_registrations.pl
- Deletes patrons that have not been upgraded from the temporary
status within the specified delay
* delete_unverified_opac_registrations.pl
- Deletes the unverified patrons based on the length of time specified
in the PatronSelfRegistrationExpireTemporaryAccountsDelay
The patron will register from self_registration.pl, linked off opac-main.pl if enabled. The registration page will be translatable to other languages in the same way that existing templates are.
Test Plan:
1) Enable PatronSelfRegistration
2) Set PatronSelfRegistrationExpireTemporaryAccountsDelay to a number
of days
3) Create a self-registered borrower category
4) Set PatronSelfRegistrationUseTemporaryStatus
5) Set PatronSelfRegistrationVerifyByEmail to "Don't require"
6) Go to OPAC, log out if logged in.
7) You should see the "Register here" link below the login box
8) Attempt to register yourself
9) Verify you can log in with your temporary password.
10) Set PatronSelfRegistrationVerifyByEmail to "Require"
11) Attempt another self-registration
12) Check the messages table, you should see a new message with a
verification link.
13) Copy and paste the link into a web browser to verify the registration
14) Log in with the given credentials to verify the account was created.
Test Plan - Part 2 - Borrower Modifications
1) Log in to OPAC, go to "my personal details" tab.
2) Make some modifications to your details.
3) Repeat steps 1 and 2 for two more borrowers.
4) Log in to Koha intranet with a user that can modify borrowers.
5) At the bottom of mainpage.pl, you should see:
Patrons requesting modifications: 3
6) Click the link
7) Approve one change, deny a different one, and ignore the third, then
submit.
8) Check the records, you should see the changes take affect on the
approved one, and no changes to the other two. You should also see
"Patrons requesting modifications: 1" at the bottom of mainpage.pl
now.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 7067 - OPAC Borrower Self Registration - Followup
* Rename PatronSelfRegistrationUseTemporaryStatus to PatronSelfRegistrationDefaultCategory
* Hide register link unless PatronSelfRegistrationDefaultCategory is set.
* Add invalid token page
* Add documentation and switches to cron scripts
* Add required fields check for editing exiting patrons
* Don't force require email address for existing patrons when
PatronSelfRegistrationVerifyByEmail is enabled.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
