perl -p -i -n -e 's#<input type="hidden" name="csrf_token" value="\[% csrf_token \| html %]" />#[% INCLUDE '\''csrf-token.inc'\'' %]#g' **/*.tt **/*.inc
This should have actually been done at the same time as
"Bug 30524: (QA follow-up) Only generate CSRF token if it will be used"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This adds the page-section class to the tables in the cart pop-up
in the staff interface.
To test:
* Search for records in the staff interface and add some to the cart
* Open the cart, review the normal and brief view
* Apply patch
* Review normal and brief view again - tables/sections should now
have the white background.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch modifies the templates for the popup windows which are shown
when you send a cart or a list via email in the staff interface.
To test, apply the patch and log into the staff interface.
- Perform a catalog search which will return results.
- Select one or more results and add them to the cart.
- Click the cart icon in the header menu to open the Cart popup.
- Click "Send". Compare this pop-up window to the version shown when
sending a list:
- Open the Lists page and view the contents of a list.
- Click the "Send list" button in the toolbar.
- This popup should look correct and be consistent with the Cart
version.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates the templates behind the "send cart" and "send list"
pop-ups in order to make the style of the footer consistent with some
recently-updated similar examples, like the catalog's Z39.50 search
popup.
The patch also makes a minor change to our global JavaScript include so
we can get away from using the "close" class as a trigger for closing a
pop-up window. Bootstrap has a built-in "close" class that we always
have to override. "close_window" is added as another class to use, and
the other instances can be cleaned up overy time.
To test, apply the patch and perform a catalog search in the staff
interface.
- Add one or more items to the cart.
- Open the cart popup and click the "Send" button.
- In the pop-up window, confirm that the footer looks correct.
- Test the process of using the tab key between input fields and
submit/cancel buttons. All controls should be accessible.
- Test the "Cancel" button to confirm that it closes the window.
- Reopen the window and test sending the email.
- On the confirmation page, confirm that the footer looks correct and
that the "Close window" button works.
- Test the same processes in the Lists module: View a list in the staff
interface and test the process of sending a list.
Signed-off-by: Andrew Auld <andrew.auld@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates catalog, basket, and lists templates so that title
tags can be more easily translated.
To test, apply the patch and confirm that the following pages have the
correct title tags:
- Advanced search
- Search results
- Bibliographic details
- MARC preview
- Image viewer (with local cover images)
- MARC details
- Labeled MARC details
- ISBD details
- Items
- Checkout history
- Rota
- Add titles to the cart and view the cart
- Send cart
- Item search
- Lists
- View list
- New list
- Edit list
- Send list
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds an aria-label and an aria-haspopup to Download buttons
identified as non-descriptive in accessibility testing
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates icons which are listed as having changed names in
this document:
https://fontawesome.com/docs/web/setup/upgrade/upgrade-from-v4
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
If it is undefined, there is no biblionumber.
If it is, we can safely assume that it has a biblionumber. Which
is the case for most biblio records, lol.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When a 773 entry is not linked to another record using 773$w or
by using Easyanalytics, the title information would not display.
To test:
1. Activate the UseControlNumber system preference
2. Search for a record and make sure it has 001 set to some value.
3. Use Edit > Add child record to create an analytical record from this record.
4. Make sure 773$w was filled in and finish by adding any mandatory fields, save.
5. Add this record to your cart. Also add a 773$g with the pages or similar.
6. Create another record with 773$t and $g, but without $w.
7. Also add this record to your cart.
8. Look at the cart brief and full view in staff and OPAC.
9. Verify the In: source information only displays for the first record.
10. Apply patch
11. Veriy the In: source information now displays for both records on all 4 pages.
Signed-off-by: Heather Hernandez <heather_hernandez@nps.gov>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch creates notices using Template Toolkit syntax for sending
emails containing cart and list contents.
To test:
1. Apply Bug 27266
2. Run update database and restart services
3. In the staff client, add multiple items to your cart and to a list
4. Go to your cart and click Send to email the contents
5. Add an email and a comment and click Send
6. Confirm the information shown in the success message is correct
7. In your terminal, log into the database. View the message queue ( i.e. select * from message_queue; ). Confirm that your email has been queued and the content is all correct. Confirm the cart contents has been included as an attachment.
8. Go to your list and click Send list to email the contents
9. Repeat steps 5-7
10. Log into the OPAC
11. Add multiple items to your cart and to a list
12. Repeat steps 4-9
13. By the end, you should have four emails in your message queue. All
of the data about the items should be correct, they should all have
attachments, and be addressed to the correct email address.
Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The emails sent for cart and list are plain text and any
<a> tag will be scrubbed by HtmlToText. So we can remove
those links.
This also solves an issue with the original patch set,
where the error below would appear on sending a cart or
list email from the staff interface:
Template process failed: file error - biblio_a_href: not found at /kohadevbox/koha/C4/Templates.pm line 127
Signed-off-by: Heather Hernandez <heather_hernandez@nps.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We already use In: as label for 773 on the result lists and
detail pages and it's also recommended in the MARC documentation.
With this patch the label is the same everywhere.
Signed-off-by: Heather Hernandez <heather_hernandez@nps.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Heather Hernandez <heather_hernandez@nps.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Also:
- Show related parts 773$g
- Normalise using 'Host item entry' as title
- Remove 'foreach' because non-xslt views only return first
- If no $w, use $atg, and related tests in
t/db_dependent/Koha/Biblio/host_record.t
Signed-off-by: Heather Hernandez <heather_hernandez@nps.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This enhancement adds information from a host item entry and a link if
applicable to the host record in the following places:
- staff client list
- staff client cart
- staff client send list email
- staff client send cart email
- staff client search results
- staff client detail page
- opac list
- opac cart
- opac send list email email
- opac send cart email
- opac search results
- opac detail page
To test:
1. apply patch, restart services
2. log into the staff client and enable the syspref EasyAnalyticalRecords
3. find a record with an item. take note of the barcode.
4. go to another record (biblio 2). click Edit -> Link to host record
5. enter the barcode in the input and submit.
6. click the MARC tab and confirm the host record has been linked under
MARC field 773.
7. add biblio 2 to your cart, and to a list.
8. go to your cart. confirm you see the 'host item entry' link.
9. click on 'more details' and confirm you see the 'host item entries'
link.
10. click 'send' to email the cart. confirm the email contains the host
item entry and the link sends you to the catalogue page for the record
in the OPAC.
11. go to the list you added the record to. confirm you see the 'source'
link for the host item entry.
12. click 'send list' to email the list. confirm the email contains the
host item entry and the link sends you to the catalogue page for the
record in the OPAC.
13. log into the OPAC. repeat steps 7 to 12 on the OPAC and confirm they
all pass as expected.
14. Confirm host item info also shows correctly on the
OPAC and staff client search results, and the OPAC and staff client
detail pages (where XSLT is used)
15. Delete the 773$w and confirm host item info still shows correctly
but no longer links to biblio
16. confirm tests pass t/db_dependent/Koha/Biblio/host_record.t
Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: Heather Hernandez <heather_hernandez@nps.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes changes the button markup in Catalog
templates -- including the Cart -- so that all submit buttons and any
buttons that should should be styled as primary buttons have the
Bootstrap class "btn btn-primary."
Edit: This revised patch changes the button styles on the search history
page to make them more consistent with buttons in similar interfaces
(see catalog search results).
The patch also adds Bootstrap size classes to the item detail page and
removes some global CSS which targeted buttons on that page.
To test, apply the patch and view pages the catalog to confirm
that everything looks correct. In most cases there are no visible
changes.
- Advanced search: The main search button at the top
- Search results: The "Search within results" submit button
- Bibliographic detail page: This change is to a hidden button. This
section can be removed in a separate bug.
- Bibliographic detail page -> Items: Various "Update" and "Set status"
buttons. Note that the alignment of buttons has not changed in the
redesign.
- Item search: The main search button at the top
- Search history (from the logged-in user's menu in the top right):
"Delete" buttons in each section
- Catalog -- Current and previous sessions
- Authority -- Current and previous sessions
- In the Cart popup window, click "Send." In the resulting popup, the
"Send button.
- The template basket/downloadcart.tt has been modified but I think the
template might be unused.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Why are we display with $raw?
Why are we display the location code instead of the AV's lib?
Bug 27272 is going to remove C4::Items::GetItemsInfo in favour of Koha::Items->search_ordered.
Here we are going to deal with basket/sendbasket
Test plan:
List items on the modified view and confirm that all the info is
displayed correctly
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 27272 is going to remove C4::Items::GetItemsInfo in favour of
Koha::Items->search_ordered.
Here we are going to deal with basket/basket.pl
Test plan:
List items on the modified view and confirm that all the info is
displayed correctly
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
And a few minor fixes when they where causing issues for
translatability.
And rephrased a string about password reset to have it identical to
other strings with the same meaning.
Simplified via wrapping strings with <span> to split to huge
concatenated strings with a lot of %s everywhere.
== Test plan ==
This patch needs mainly proof reading. Still it's possible to do some
basic testing to demonstrate that adding a <span> in an IF doesn't
break anything.
Pick in one of the 110 modified templates a string that you know how to
display. Otherwise:
1. acquisitions => vendor => basket => add to basket =>
search "from existing record" => add order
2. Cancel the order
3. You see without issue "Bibliographic record will not be deleted"
4. administration => Patron categories
5. Try to delete a used and unused category
6. You see as expected
Category XXXX is in use. Deletion not possible!
and
Confirm deletion of category XXXX
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the authorities, basket and batch folders are swapped around to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch moves the functionality contained in biblio-default-view.inc
into biblio-title.inc. biblio-title.inc can now be called with a "link =
1" parameter in order for the title to be displayed as a link which is
controlled by the IntranetBiblioDefaultView preference.
To test, apply the patch and test the affected pages, especially titles
linked to in breadcrumbs menus
Acquisitions:
- Add to basket -> From existing record -> Search
- Title in search results
Catalog:
- Search for a record
- Add record to cart
- Open cart
- Title in brief display
- Check that link opens the correct page in the main window
- View bibliographic record
- ISBD view
- MARC view
- Normal view
- Local cover image detail page
- Checkout history
- Request article
- Item details
- From the "Edit" menu -> Attach item
- Stock rotation rota
- Place hold
Cataloging:
- Cataloging search -> Search results
Circulation:
- Article requests
- Overdues with fines
- Overdues
- Holds queue
- Holds to pull
- Hold ratios
- Holds awaiting pickup
- Transfers to recevie
- Renew
- Batch checkout
Lists:
- View list contents
Patrons:
- View patron details
- Holds history
- Checkout history
Tools:
- Rotating collections
- View collection
- Add item
- Tags
- Click term to see titles tagged with that term
- Batch record deletion
- Submit batch
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch set attempts to replace all the <i> tags with <em> and all
the <b> tags with <strong> in the staff interface.
I attempted to get all the templates, includes, and xslt files.
To test:
1. Review the changes as best as possible, looking for mistakes.
2. grep for <i> and <b> in the modules, includes, and xslt folders. You should get nothing/
3. If you grep '<\/i>' you should only see instances of Font Awesome.
4. If you grep '<\/b>' you should only see instances where caret is used.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the use of the jquery.checkboxes plugin from the
staff interface cart and replaces its functionality with "plain" jQuery.
To test, apply the patch and add some items to the Cart in the staff
interface.
- Open the Cart window in the staff interface by clicking the "Cart"
link in the header.
- Test that the "Select all" and "Clear all" links work correctly to
check and uncheck all checkboxes.
- Test that the "Remove" or "Place hold" controls work correctly,
applying to only the checked checkboxes whether they were checked
using "Select all" or by manually checking them.
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Unify and clean up subtitle usage so that it's always used as a simple array and not the old hash structure.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes a number of changes in order to improve the way the
staff client's header menu adjusts at narrower browser widths:
- Updated version of Bootstrap 3.3.7 which includes the "collapse"
JavaScript plugin.
- Modified default Bootstrap CSS using Bootstrap's customization tool.
These changes facilitate the removal of some custom CSS (overriding
Bootstrap) from staff-global.scss.
- Added Bootstrap config file for loading customizations at
https://getbootstrap.com/docs/3.3/customize/
- Revised button classes for buttons in Bootstrap-styled toolbars.
The modified default CSS resets the base font size in Bootstrap to
better match our global CSS. A side-effect of this is that toolbar
buttons ended up looking smaller than they should. Changing the
button class solves this.
- Restructure the header menu in order to allow different rules to
govern the appearance of the navigational part of the menu
(Circulation, Search, etc) and the user menu (Set library, My
account, Log out).
- Modify the cart JS to so that the popup works well at narrow widths.
To test, apply the patch, regenerate the staff client CSS, and clear
your browser cache.
- Log in to the staff client and observe the layout of the header menu
as you adjust the browser to various widths.
- Confirm that sections of the menu "collapse" as the window gets
narrower.
- Confirm that dropdown menus behave correctly and that links work.
- Confirm that the Cart link works as expected when the cart empty
and when it has items.
- Install and enable multiple translations, including at least one
set of sub-languages (e.g. fr-FR and fr-CA).
- Test the appearance of the language menus in the footer at
various browser widths.
- View pages with button toolbars and confirm that they appear unchanged
(e.g. biblio detail page, patron detail page).
NOTE: While this patch is intended to make improvements to staff client
responsiveness, it does so within a limited scope. There are still many
pages which do not work well at narrower browser widths.
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
In record detail page, item location is displayed with CSS using class "shelvingloc".
Many many places at intranet and OPAC can use this class.
It allows to change display in all places using CSS customisation.
This patch removes the CSS "display:block" for class "shelvingloc".
Some places where using "inline" to correct the display.
I think the display should not be managed in template.
So it will be inline by default and it can be changed by custom CSS, on all places or depending on a selctor.
Test plan :
1) Compile SCSS to CSS
2) Add to preferences IntranetUserCSS and OPACUserCSS : .shelvingloc { color:red }
3) Go to pages impacted by patch, be sure to look at cart with "more details"
4) You see item location italic and red
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Instead of dying!
Test plan:
Assuming you have a patron with borrowernumber=51 and another one that
can be deleted with borrowernumber=42
- authorities-home.pl
* Delete an authority record
* hit /cgi-bin/koha/authorities/authorities-home.pl?op=delete
- basket/sendbasket.pl
* Send a basket to someone
* hit /cgi-bin/koha/basket/sendbasket.pl?email_add=1
- members/apikeys.pl
* Generate and delete an API key for a patron
* hit /cgi-bin/koha/members/apikeys.pl?patron_id=51&op=delete
- members/deletemem.pl
* Delete a patron
* hit /cgi-bin/koha/members/deletemem.pl?member=42&op=delete_confirmed
- members/mancredit.pl
* Add a manual credit
* hit /cgi-bin/koha/members/mancredit.pl?borrowernumber=51&add=1
- members/maninvoice.pl
* Add a manual invoice
* hit /cgi-bin/koha/members/maninvoice.pl?borrowernumber=51&add=1
- members/member-flags.pl
* Change permissions for a patron
* hit /cgi-bin/koha/members/member-flags.pl?member=51&newflags=1
- members/member-password.pl
* Change the password for a patron (from the staff interface)
* hit /cgi-bin/koha/members/member-password.pl?member=51&newpassword=aA1
- members/memberentry.pl
* Edit some patron's info
* hit /cgi-bin/koha/members/memberentry.pl?borrowernumber=51&op=save
- members/paycollect.pl
* Pay an individual fine
* hit something like /cgi-bin/koha/members/paycollect.pl?borrowernumber=51&pay_individual=1&accounttype=L&amount=1.00&amountoutstanding=1.00&accountlines_id=157&paid=1
You may need to edit some values
- tools/import_borrowers.pl
* Import some patrons
* hit /cgi-bin/koha/tools/import_borrowers.pl?uploadborrowers=1
- tools/picture-upload.pl
* Upload an image for a patron
* You will need to edit the html content
hit Home › Tools › Upload patron images
then locate the csrf_token input and modify its value
Note for QA:
- Opac is not done as blocking_errors.inc does not exist for this
interface
- ill/ill-requests.pl
I did not manage to replace this occurrence
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch changes the term ISO2709 in the templates to use
MARC instead.
Test plan:
- The term was changed on the following pages in staff:
- Advanced catalouging editor > Save to catalog
- Patron account > Check out (Activate ExportCircHistory) > Format
- Patron account > Check out > Help page
- Lists > Download list
- Acquisitions > Add order to basket > From a staged file (breadcrumbs)
- Administration > System preferences > ExportRemoveFields
- Cart > Download
- Tools > Export data > Output format
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch reindents the template for the staff client cart, basket.tt
- Trailing spaces removed
- Indentation changed to a consistent 4 spaces
- Markup indentation made more consistent
To test, apply the patch and add multiple items to the cart in the staff
client.
View the cart and confirm that it looks as it should both in the "brief"
and "more details" views.
HTML validation before and after the patch should return the same
results.
Signed-off-by: DEVINIM <kohadevinim@devinim.com.tr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch updates the OPAC and staff client carts to use CSS to
control print output, removing a print parameter which was passed to the
script.
Currently, when you click "Print" on the OPAC basket, it navigates to
a new page and initiates window.print() followed by a
window.location.href change again. Unfortunately, due to differences in
IE, Chrome, and FF, it will either show the print options, navigate away
without showing them, or refuse to navigate away after printing. By
changing to using print CSS, we don't navigate away from the basket in
the first place, so we prevent this irregular behavior.
TEST PLAN
1) Apply the patch
2) Create an OPAC basket by clicking "Add to cart" on multiple items
3) Using Chrome, IE, and Firefox (of any version), click the "Print"
button
4) You should see the relevant print menu without the OPAC basket
re-loading in any way.
5) After printing is complete, you should still be on the OPAC basket
pop-up
6) Perform the same tests in the staff client
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates a few catalog-related single-column templates to use
the Bootstrap grid.
- basket/basket.tt - The staff client cart. Add some items to the cart
and open the cart.
- catalogue/advsearch.tt - The advanced search page.
- catalogue/itemsearch.tt - The item search page, both the initial form
and the search results.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client cart template so that
JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of the
cart: All button controls, DataTables functionality.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Correction for QA: Removed contditional around footer JS (from
copy-paste) because it will always be true.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds display of subtitles to the staff client cart.
To test you should have some values mapped to subtitle in Administration
-> Keyword to MARC Mapping.
1. Apply the patch.
2. Add some records to the staff client cart which have subtitles.
3. Open the cart and onfirm that subtitles display correctly in both the
brief and "More details" view.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Removes template var csrf_error and associated handling.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Restested with opac and intranet: Still sends or dies elegantly..
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
No need to send OPACBaseURL to the template, if you load the Koha TT
plugin inside the template.
Test plan:
Send a few items in your cart from OPAC and intranet.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If you have no (valid) token, you will not be able to send the message.
Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
using the following URL:
/cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
This should now result in a csrf error.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes several changes to the cart JavaScript and template. In
the template:
- Remove "onclick" attributes in favor of defining events in the
JavaScript.
- Add a [% BLOCK %] section for some repeated markup.
- Add some Font Awesome icons (I didn't add icons to all controls
because I thought it looked cluttered).
- Move the batch modification control out of the toolbar and into the
group of controls which affects selected records. I think this is a
logical grouping, and makes more sense than having a drop-down menu in
the toolbar with a single menu item.
JavaScript:
- Created separate "cart.js" file so that JS could be moved out of the
template without loading up basket.js with event functions which are
not needed on every page in the staff client.
- Fix JSHint errors.
To test, apply the patch and clear your browser cache if necessary.
- Add multiple items to the cart in the staff client and open the cart.
- Confirm correct functionality of these toolbar buttons:
- "More details" (and the corresponding "Show less")
- "Send"
- "Print"
- "Empty and close"
- Confirm the correct functionality of all the selection controls:
Select all, clear all, Remove, Add to a list, Place hold, Batch
modify, and Batch delete.
- Confirm that clicking any title in the cart opens the correct detail
page in the parent window.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
https://bugs.koha-community.org/show_bug.cgi?id=1647
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
The staff client CSS is not language-specific, so it can be moved out of
the en/ directory and thus not be duplicated for every translation.
In order to be able to have a generic path to the YUI CSS files, the YUI
directory is moved by this patch to the staff client's lib/ directory.
To test, apply the patch and visit various pages in the staff client.
Look in particular at pages which include more than the standard CSS.
For example:
- The staff client login page.
- The staff client home page.
- Patron -> Set permissions.
- The advanced cataloging editor.
- Acquisitions -> Vendor -> Basket groups.
- Tools -> News -> Edit news.
- Administration -> System preferences.
Revised: I intended for this to be built on top of Bug 15883. Now it is.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of 15883
Works as described, all pages on test plan
No Errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
