Commit graph

52 commits

Author SHA1 Message Date
c16e579d48
Bug 34478: Add 'op' to sendbasketform
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:58:53 +01:00
7f25a1a131
Bug 34478: op =~ ^cud- in pl/pm - Manual cud-email => email
Wrong replace of 'email' in a lot of places.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:57:14 +01:00
18e808240f
Bug 34478: op =~ ^cud- in pl/pm
This is the result of
  bash op_must_start_with_cud-perl.sh

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:11 +01:00
314fe71ff8
Bug 34478: Remove check_csrf from pl files
We should no longer need to check CSRF token from pl files

TODO - there is a change for some files where we returned 403

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:01 +01:00
7e7159bf58
Bug 34478: Remove generate_csrf from pl
We do not longer need to generate_csrf from pl files

TODO - members/boraccount.tt and sco/sco-main.tt needs to be adjusted

Bug 34478: [TO SQUASH] Remove generate_csrf from pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:56 +01:00
e0b3a6c2aa
Bug 34731: Don't call SendQueuedMessages if message_id is bad
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-12 09:44:59 -03:00
f733910f26
Bug 33223: Replace 'first_valid' with 'notice' for email addresses
This patch replaces the uses of first_valid_email_address with
notice_email_address in waiting_holds, transferstoreceive, clubs and
sendbasket so that we take EmailFieldPrimary into account for these
notices too.

Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-05-16 15:17:35 -03:00
326c4e23ce
Bug 3150: (QA follow-up) Tidy scripts
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-03-27 12:49:47 +02:00
a184a88cb8
Bug 3150: (follow-up) Send list and cart emails immediately again
With this patch set the cart and list emails are sent via
the message_queue instead of bypassing it and being sent
immediately. This patch keeps them in message_queue, but
also sends them immediately, restoring the previous behavior.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-03-27 12:49:40 +02:00
fc5f56f7b6
Bug 3150: (QA follow-up) Remove borrowernumber from EnqueueLetter
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-03-27 12:49:39 +02:00
Aleisha Amohia
a611c6d4db
Bug 3150: Move emails for sending cart and list contents to notices
This patch creates notices using Template Toolkit syntax for sending
emails containing cart and list contents.

To test:
1. Apply Bug 27266
2. Run update database and restart services
3. In the staff client, add multiple items to your cart and to a list
4. Go to your cart and click Send to email the contents
5. Add an email and a comment and click Send
6. Confirm the information shown in the success message is correct
7. In your terminal, log into the database. View the message queue ( i.e. select * from message_queue; ). Confirm that your email has been queued and the content is all correct. Confirm the cart contents has been included as an attachment.
8. Go to your list and click Send list to email the contents
9. Repeat steps 5-7
10. Log into the OPAC
11. Add multiple items to your cart and to a list
12. Repeat steps 4-9
13. By the end, you should have four emails in your message queue. All
of the data about the items should be correct, they should all have
attachments, and be addressed to the correct email address.

Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-03-27 12:49:38 +02:00
Aleisha Amohia
adad3a9e22
Bug 16522: (follow-up) MARC display templates and get_marc_host fixes
Also:
- Show related parts 773$g
- Normalise using 'Host item entry' as title
- Remove 'foreach' because non-xslt views only return first
- If no $w, use $atg, and related tests in
t/db_dependent/Koha/Biblio/host_record.t

Signed-off-by: Heather Hernandez <heather_hernandez@nps.gov>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-01-30 12:10:11 -03:00
Aleisha Amohia
62eba64cfe
Bug 16522: Adding 773 to cart and list displays and emails
This enhancement adds information from a host item entry and a link if
applicable to the host record in the following places:
- staff client list
- staff client cart
- staff client send list email
- staff client send cart email
- staff client search results
- staff client detail page
- opac list
- opac cart
- opac send list email email
- opac send cart email
- opac search results
- opac detail page

To test:

1. apply patch, restart services
2. log into the staff client and enable the syspref EasyAnalyticalRecords
3. find a record with an item. take note of the barcode.
4. go to another record (biblio 2). click Edit -> Link to host record
5. enter the barcode in the input and submit.
6. click the MARC tab and confirm the host record has been linked under
MARC field 773.
7. add biblio 2 to your cart, and to a list.
8. go to your cart. confirm you see the 'host item entry' link.
9. click on 'more details' and confirm you see the 'host item entries'
link.
10. click 'send' to email the cart. confirm the email contains the host
item entry and the link sends you to the catalogue page for the record
in the OPAC.
11. go to the list you added the record to. confirm you see the 'source'
link for the host item entry.
12. click 'send list' to email the list. confirm the email contains the
host item entry and the link sends you to the catalogue page for the
record in the OPAC.
13. log into the OPAC. repeat steps 7 to 12 on the OPAC and confirm they
all pass as expected.
14. Confirm host item info also shows correctly on the
OPAC and staff client search results, and the OPAC and staff client
detail pages (where XSLT is used)
15. Delete the 773$w and confirm host item info still shows correctly
but no longer links to biblio
16. confirm tests pass t/db_dependent/Koha/Biblio/host_record.t

Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)

Signed-off-by: Heather Hernandez <heather_hernandez@nps.gov>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-01-30 12:10:10 -03:00
42b6aea89c
Bug 31309: Remove GetItemsInfo from basket/sendbasket
Why are we display with $raw?
Why are we display the location code instead of the AV's lib?

Bug 27272 is going to remove C4::Items::GetItemsInfo in favour of Koha::Items->search_ordered.

Here we are going to deal with basket/sendbasket

Test plan:
List items on the modified view and confirm that all the info is
displayed correctly

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-16 09:22:14 -03:00
7b74bedd2d
Bug 29897: Rename get_marc_authors with get_marc_contributors
get_marc_authors actually return authors from 700..712, not the first
author from 200

Sponsored-by: Orex Digital

Signed-off-by: Orex Digital <info@orex.es>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-09 10:58:39 -03:00
45de338715
Bug 29697: Use flag embed_items
Includes:
    Bug 29697: (follow-up) Use flag embed_items

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:24:11 -03:00
441f57184d Bug 27266: (QA follow-up) Remove GetBiblioData from basket scripts
We are adding (or already doing) a Koha::Biblios->find, so we should
get rid of GetBiblioData, fetching the same data.
It returned a few extra columns, but unused here:
    $dat->{bnotes}, $dat->{bi_notforloan}

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2021-12-15 12:15:14 -10:00
Aleisha Amohia
241cbea691 Bug 27266: (follow-up) Remove instances of GetMarcAuthors
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2021-12-15 12:15:08 -10:00
Aleisha Amohia
903b024452 Bug 27266: (QA follow-up) Rename to get_marc_authors
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2021-12-15 12:15:06 -10:00
Aleisha Amohia
d5621ce951 Bug 27266: Move GetMarcAuthors to Koha namespace
This patch moves C4::Biblio::GetMarcAuthors to
Koha::Biblio->get_authors_from_MARC. This is so the method can be
used in templates and notices.

To test:
1. Find a record that has an author in the added entry field (700-720).
2. Add the record to the cart and a list.
3. View your cart and click 'more details'. Confirm authors show as
normal.
4. Click 'send' and confirm the email sent shows the authors as normal.
5. Go to the list you added the record to and click 'send list'. Confirm
the email sent shows the authors as normal.
xslt)
6. Log in to the OPAC. Find the record and add it to the cart and a list
7. View the cart and click 'more details'. Confirm authors show as
normal.
8. Click 'send' and confirm the email sent shows the authors as normal.
9. Go to the list you added the record to and click 'send list'.
Confirm the email sent shows the authors as normal.
10. Confirm tests pass:
- t/Biblio.t
- t/db_dependent/Koha/Biblio.t

Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2021-12-15 12:15:03 -10:00
9d6d641d1f Bug 17600: Standardize our EXPORT_OK
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.

That way we will need to explicitely define the subroutine we want to
use from a module.

This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests

And a lot of other manual changes.

export.pl is a dirty script that can be found on bug 17600.

"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;

The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules

Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).

EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.

@EXPORT and @EXPORT_OK are the two main variables used during export operation.

@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.

@EXPORT_OK does export of symbols on demand basis.
"""

If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
  - use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-16 08:58:47 +02:00
f3f41caa6d Bug 22343: (QA follow-up) Wrap email creation inside the try/catch block
At a later development stage, exceptions where added for bad addresses.
This wasn't addressed in the controllers.

This patch makes the basket and list sending controller scripts move
email creation inside the try/catch block to handle those situations. It
also UTF-8 encodes the attached marc.

On broadly testing this I found that if the TT templates that are used
to build the email contains non-latin characters, those get
double-encoded. So this patch also removes an explicit encoding that is
done, which colides with Email::MIME implicit encoding.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-02 10:54:41 +02:00
59ef597f6e Bug 22343: Adapt controller scripts
This patch adapts controller scripts that used sendmail. Also the syntax
for Koha::Email has changed and this patch adapts it.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-02 10:54:40 +02:00
638786e719 Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 10:40:35 +02:00
b990b953b3 Bug 21993: Display a user-friendly message when the CSRF token is wrong
Instead of dying!

Test plan:
Assuming you have a patron with borrowernumber=51 and another one that
can be deleted with borrowernumber=42

- authorities-home.pl
 * Delete an authority record
 * hit /cgi-bin/koha/authorities/authorities-home.pl?op=delete

- basket/sendbasket.pl
 * Send a basket to someone
 * hit /cgi-bin/koha/basket/sendbasket.pl?email_add=1

- members/apikeys.pl
  * Generate and delete an API key for a patron
  * hit /cgi-bin/koha/members/apikeys.pl?patron_id=51&op=delete

- members/deletemem.pl
  * Delete a patron
  * hit /cgi-bin/koha/members/deletemem.pl?member=42&op=delete_confirmed

- members/mancredit.pl
  * Add a manual credit
  * hit /cgi-bin/koha/members/mancredit.pl?borrowernumber=51&add=1

- members/maninvoice.pl
  * Add a manual invoice
  * hit /cgi-bin/koha/members/maninvoice.pl?borrowernumber=51&add=1

- members/member-flags.pl
  * Change permissions for a patron
  * hit /cgi-bin/koha/members/member-flags.pl?member=51&newflags=1

- members/member-password.pl
  * Change the password for a patron (from the staff interface)
  * hit /cgi-bin/koha/members/member-password.pl?member=51&newpassword=aA1

- members/memberentry.pl
  * Edit some patron's info
  * hit /cgi-bin/koha/members/memberentry.pl?borrowernumber=51&op=save

- members/paycollect.pl
  * Pay an individual fine
  * hit something like /cgi-bin/koha/members/paycollect.pl?borrowernumber=51&pay_individual=1&accounttype=L&amount=1.00&amountoutstanding=1.00&accountlines_id=157&paid=1
  You may need to edit some values

- tools/import_borrowers.pl
  * Import some patrons
  * hit /cgi-bin/koha/tools/import_borrowers.pl?uploadborrowers=1

- tools/picture-upload.pl
  * Upload an image for a patron
  * You will need to edit the html content
  hit Home › Tools › Upload patron images
  then locate the csrf_token input and modify its value

Note for QA:
- Opac is not done as blocking_errors.inc does not exist for this
interface
- ill/ill-requests.pl
I did not manage to replace this occurrence

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-25 20:38:32 +00:00
e40bb00ab8 Bug 21874: Fix encoding of cart and list email subjects
The subject of the cart and list emails is not correctly
encoded and displays incorrectly in some email clients.

To test:

Lists:
- Create a list, name it using umlauts or other diacritics
  Example:  Jugendbücher (books for youths in German)
- Add some items to your list
- Email yourself the list
- Verify that the email subject is broken

Cart:
- Install another language with non-latin characters like Greek
- Fill the cart with some titles
- Send yourself the cart
- Verify that the email subject is broken

Note: Some email clients display correctly, others not.
      It's known to be incorrect in Outlook and web.de,
      displaying nicely in Thunderbird.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested all four scripts by manipulating the cart text too in templates.
Follow-up handles intranet sendshelf.

Note: I asked Katrin to remove the encode UTF-8 statements, since we
convert to MIME and the subject line should never be UTF-8.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-26 12:38:56 +00:00
543630b3c4 Bug 21719: Fix typos
This patch was generated using codespell

Test plan:
Read through changes and confirm they make sense

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

https://bugs.koha-community.org/show_bug.cgi?id=21706

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-08 02:18:46 +00:00
Mark Tompsett
d5986c9b97 Bug 19040: Refactor GetMarcBiblio parameters
Change parameters to a hashref.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Looks good to me.
Two calls in migration_tools/22_to_30 still in old style.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:23:42 -03:00
574d48362d Bug 18124: Change the calls to generate and check CSRF tokens
The parameter change in Koha::Token should be applied to the calling
scripts.

Test plan:
Confirm that the different forms of the scripts modified by this patch
still work correctly.

Test the problematic behavior:
Open 2 tabs with in same user's session, go on the edit patron page
(memberentry.pl).
Log out and log in from the other tab.
Submit the form
=> Wrong CSRF token should be raised

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-30 09:07:09 +00:00
4e40339db3 Bug 17830: CSRF - Handle unicode characters in userid
If the userid of the logged in user contains unicode characters, the token
will not be generated correctly and Koha will crash with:
  Wide character in subroutine entry at /usr/share/perl5/Digest/HMAC.pm line 63.

Test plan:
- Edit a superlibrarian user and set his/her userid to '❤' or any other strings
with unicode characters.
- Login using this patron
- Search for patrons and click on a result.

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

You can also test the other files modified by this patch.

Signed-off-by: Karam Qubsi <karamqubsi@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-30 17:47:18 +00:00
8edb7f6fb9 Bug 17720: CSRF - Handle unicode characters
From the pod of Digest::MD5:
"""
Since the MD5 algorithm is only defined for strings of bytes, it can not
be used on strings that contains chars with ordinal number above 255
(Unicode strings). The MD5 functions and methods will croak if you try
to feed them such input data.
What you can do is calculate the MD5 checksum of the UTF-8
representation of such strings.
"""

Test plan:
- Set a MySQL/MariaDB password with unicode characters:
  UPDATE user SET password=PASSWORD('❤') WHERE USER='koha_kohadev';
  FLUSH PRIVILEGES
- Update your $KOHA_CONF file
- Restart Memcached
- Hit the files modified by this patch

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Edit: removed debugging leftover

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-12-05 15:20:18 +00:00
130733a013 Bug 17109: [QA Follow-up] Die when wrong token
Removes template var csrf_error and associated handling.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Restested with opac and intranet: Still sends or dies elegantly..

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:37:47 +00:00
1a3b92bc76 Bug 17109: Use Koha.Preference in sendbasket template
No need to send OPACBaseURL to the template, if you load the Koha TT
plugin inside the template.

Test plan:
Send a few items in your cart from OPAC and intranet.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:37:47 +00:00
dc4617ba3b Bug 17109: Add CSRF token to [opac-]sendbasket
If you have no (valid) token, you will not be able to send the message.

Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
    using the following URL:
    /cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
    This should now result in a csrf error.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:37:47 +00:00
36b9fa32b1 Bug 17109: Remove second authentication from (opac-)sendbasket
Patch deals with opac and intranet variant.
If we authenticated the first time, it is not necessary to do it
a second time rightaway.

Replaces a call to get_template_and_user (including checkauth) by
gettemplate.

Also removes duplicate use C4::Biblio statements.

Test plan:
[1] Put a few books in the cart.
[2] Send the cart from OPAC.
[3] Send the cart from intranet.

Tested 3 patches together. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:37:46 +00:00
c4eabeda0b Bug 16447: Remove occurrence of the borrow permission which does no longer exist
Bug 7976 has removed this permission, but other patches re-added it...
Note that the occurrences in sendbasket.pl, edithelp.pl, opac/svc/login should
have been removed by bug 7976.

Test plan:
  git grep 'borrow.*=> 1'
should not return any results.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-05-05 21:28:14 +00:00
caae161a4e Bug 14306: Show URL from MARC21 field 555$u under Title Notes/Descriptions
This patch includes:
[1] Add some logic to GetMarcNotes to embed the contents of MARC21 field
    555$u in a html anchor tag.
[2] Add a unit test for GetMarcNotes in Biblio.t
[3] Remove calls to GetMarcNotes from sendbasket.pl (opac and staff).
    A closer look revealed that the data was not used; the notes in the
    mail of sendbasket are taken from GetBiblioData.

Test plan:
[1] Edit a record. Add one or two URLS in 555$u. Add something in 500$a too.
[2] Check if you can click the URLs in opac and staff detail tab Notes or
    Descriptions.
[3] Run the unit test t/db../Biblio.t
[4] Add something in the cart. Click More Details and send the cart.
    Verify that you have something in Notes (from 500$a).

Signed-off-by: Marc Veron <veron@veron.ch>
Followed test plan. Works as expected. QA tools OK.

Tested with all patches together, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:58:32 +00:00
0114465ced Bug 14330: Remove unused email_sender from sendbasket/sendshelf
The sendbasket/sendshelf scripts and templates do not use email_sender
as a cgi parameter or as a template var. Probably a leftover from previous
changes.
Let's make Koha cleaner :)

Test plan:
[1] Send your cart from opac or staff.
[2] Send a shelf from opac or staff.
[3] Git grep email_sender. No results.

Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-08 10:38:08 -03:00
Jonathan Druart
baea0a79d5 Bug 7976: Remove the borrow permission
The borrow permission was used but uselessly.
For instance, at the opac, the flagsrequired parameter was set to
'borrow' but the 'authnotrequired' was set also (which means no auth
required).
At the end, this permission was used at only 1 place: for the basket,
intranet side.
This can be replaced with the catalogue permission (which is used to
search).

Test plan:
1/ Confirm that you are able to show/download/sent the cart (intranet side)
with the catalogue permission.
2/ At the OPAC, you should be able to access the same pages as before
with any other permissions.

Concretely it is quite difficult to test this patch, you should have a
look at the code.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-05 13:43:34 -03:00
Jonathan Druart
ba0f84b46c Bug 9978: (followup) Replace license header with the correct license (GPLv3+)
There was another form of the v2.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:43 -03:00
Jonathan Druart
3adddd3410 Bug 3873: follow-up for all other pages
This should fix the issue on other pages.

Test plan:
Try to download and export the basket (intranet+opac sides).

Re-tested for errors in comment #5, they do not longer appear.
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 10:52:10 -03:00
Jonathan Druart
a0e5d77a71 Bug 13343: Embed items when send a basket/shelf
When a basket/shelf is downloaded, items are embedded, but not when
sending it by email.

We would expect to get the same file.

Test plan:
On Opac and intranet:
1/ Add records with items to your basket and send it by email.
Verify the file contains items.
2/ Add records with items to a list and send it by email.
Verify the file contains items.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-12 15:33:11 -03:00
Jonathan Druart
3291c8b130 Bug 11944: Fix encoding on sending emails
This patch fixes 2 places where mails were badly encoded:
1/ At the opac and the intranet, on sending baskets
2/ At the opac and the intranet, on sending shelf/list

Test plan:
Shelf/List:
- Create a list with non-latin characters in the name.
- Add some items containing non-latin characters in their content.
- Send the list by email

Basket/Cart:
- Add some items containing non-latin characters in their content to
  your cart..
- Send the cart by email

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:24 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
Chris Cormack
49fee3a72d Bug 9530 making changes to basket/sendbasket.pl
To Test

1/ Edit the new systempreferences (ReplytoDefault and ReturnpathDefault)
2/ Optionally edit the branch the mail will be sent from, adding email addresses
3/ Test some mails, test sending a cart email from the staff client
4/ Check that the mails have the correct From, Replyto and ReturnPath set
   The rules are
      If the values are set in the branch use that, else use the syspref

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-27 10:38:20 -03:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
76e8bb0fab Bug 12065: use encode_qp consistently when sending basket/shelf
QP-encode both mail header and mail body when sending baskets or
shelves.  There is no need to Encode qp-encoded strings.

Note that this does not solve all possible encoding problems in the mail
sent. This is related to decoding CGI parameters and use of TT. That
problem is addressed in bug 11944.

Test plan:
Verify if sending a basket from opac and staff still works.
Check if sending a shelf (list) from opac and staff still functions as
expected.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Cart/List sent form opac/staff works
No koha-qa errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-09 15:14:40 +00:00
Jonathan Druart
62fcbea10a Bug 10605: fix encoding issue on basket email (INTRANET)
Same fix for the staff interface.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Both patches tested with English and German, diacritics
now appear correctly if UTF-8 is selected as encoding.
Passes all tests and QA script.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-10 04:37:12 +00:00
Jonathan Druart
c4c5496ec6 Bug 9218: fix intranet cart email for non english templates
This patch adapts the method from OPAC to the staff interface (cf bug 8062).

Test plan:
- add somes notices to the cart
- try to send the cart by email
- the email should be the same as before
- translate templates and retry with another language. Before this patch,
  the email was empty. With this patch, it contains the list of records
  and items.

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Passes all tests and QA script.
Fixes quite a bad translation problem, tested with German templates
and umlauts in the message and records.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-31 23:53:25 +00:00
Colin Campbell
2ab00242d0 Bug 6050 Make calls to GetItemsInfo consistent
Do not misleadingly document or pass an unused second parameter
makes all calls use the single parameter call as the C4
routines already did

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-06-14 14:12:02 +12:00