This patch makes minor changes to markup and JavaScript to alter the
interaction for deleting the record. Now a successful deletion will
convert the dialog to a "message" type dialog and show only the success
message.
To test, apply the patch and test the process of attaching the last item
from a record and deleting that record.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Make the QA tool happy for html5
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Librarians have requested the ability to delete records with no items
quickly and easily from the "Attach item" results page as items are
moved from one record to another.
Test Plan:
1) Apply this patch
2) Create 2 records with 2 items each
3) Move one item from record A to record B
4) You should see no change from pre-patch behavior
5) Move the second item from record A to record B
6) You should now see a "Delete record" button
7) Click the button
8) Note the record in question has been deleted
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Since
commit 1253975389
Bug 21091: Move add item template JavaScript to a separate file
items cannot longer be edited when receiving an order.
When moving the code to the JS file, the JS variable "opisadd" was
always set to "true":
var opisadd = '[% opisadd | html %]';
Even if the TT variable is 0, opisadd will be "0", which is evaluated to
true in Javascript
To clean the situation it is easier to remove this variable and use "op"
instead.
Test plan:
- Make sure acqcreateitem is set to "when placing an order"
- Create a basket with some orders
- Close the basket
- Go to your vendor and receive an order
- On the receive page, try to edit your item
=> Without the patch, the pop up page will open and then close, not allowing the item to be edited.
=> With this patch applied you will see the item edit form. Save and
confirm that the parent window is updated with the new value (actually
it's refreshed)
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch corrects a couple of issues discovered by QA: Removed markup
copy-and-paste error; Add some CSS to help the responsive behavior of
the advanced editor controls at smaller browser widths.
To test, apply the patch and open the advanced MARC editor. Test the
appearance of the page at various browser widths. At narrower widths the
status bar and search fields should behave well.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies two cataloging templates to use the Bootstrap grid
instead of YUI.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Cataloging -> Edit record using the advanced editor
- Cataloging -> Edit items
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes a few minor markup corrections to the cataloging merge
template:
- Remove invalid "type" attributes from <style> and <script>
- Add missing closing </span>
- Remove obsolete YUI grid markup
To test, apply the patch and test the process of merging records in
Cataloging. Everything should look correct and work correctly.
Validating the HTML source should return no errors stemming from the
template.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Have a borrower with edit_catalogue permission and one with
editcatalogue top level
2 - Confirm they can both access the advanced editor from the
'Cataloguing' home page or from the basic editor
3 - Apply patch
4 - Update database
5 - Confirm borrower with 'edit_catalogue' has 'advanced_editor'
permission
6 - Confirm borrowers can access advanced editor as above
7 - Remove 'advanced_editor' permission from borrower
8 - Ensure they cannot access the advanced editor
9 - Ensure links to 'Edit record' from search results go to basic editor
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a second set of pagination links to the cataloging
search result page, at the bottom of the first set of search results.
Also added is a horizontal rule after the second set of links in order
to make it clearer that the links are for the search results above.
To test, apply the patch and go to Cataloging. Perform a search which
will return multiple pages of results. Confirm that the links work
correctly.
Signed-off-by: Marjorie <marjorie.barry-vila@collecto.ca>
Signed-off-by: Bin Wen <bin.wen@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This reverts commit b5a742c62f.
Style changes broke other features of rancor. Reverting to restore functionality
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes a number of changes in order to improve the way the
staff client's header menu adjusts at narrower browser widths:
- Updated version of Bootstrap 3.3.7 which includes the "collapse"
JavaScript plugin.
- Modified default Bootstrap CSS using Bootstrap's customization tool.
These changes facilitate the removal of some custom CSS (overriding
Bootstrap) from staff-global.scss.
- Added Bootstrap config file for loading customizations at
https://getbootstrap.com/docs/3.3/customize/
- Revised button classes for buttons in Bootstrap-styled toolbars.
The modified default CSS resets the base font size in Bootstrap to
better match our global CSS. A side-effect of this is that toolbar
buttons ended up looking smaller than they should. Changing the
button class solves this.
- Restructure the header menu in order to allow different rules to
govern the appearance of the navigational part of the menu
(Circulation, Search, etc) and the user menu (Set library, My
account, Log out).
- Modify the cart JS to so that the popup works well at narrow widths.
To test, apply the patch, regenerate the staff client CSS, and clear
your browser cache.
- Log in to the staff client and observe the layout of the header menu
as you adjust the browser to various widths.
- Confirm that sections of the menu "collapse" as the window gets
narrower.
- Confirm that dropdown menus behave correctly and that links work.
- Confirm that the Cart link works as expected when the cart empty
and when it has items.
- Install and enable multiple translations, including at least one
set of sub-languages (e.g. fr-FR and fr-CA).
- Test the appearance of the language menus in the footer at
various browser widths.
- View pages with button toolbars and confirm that they appear unchanged
(e.g. biblio detail page, patron detail page).
NOTE: While this patch is intended to make improvements to staff client
responsiveness, it does so within a limited scope. There are still many
pages which do not work well at narrower browser widths.
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes markup and style changes to the basic MARC editor in
order to improve the page's handling of smaller browser widths. It adds
Bootstrap grid markup to the form to help accomplish this.
To test, apply the patch and load a record for editing in the basic MARC
editor. Adjust your browser width and confirm that the form adjusts well
to various widths.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch changes the way tab-switching is done so that it switching
tabs based on tab id rather than tab index. Using tab index doesn't work
when the tab number doesn't match the tab index.
To test, apply the patch and load a record or blank editor using a MARC
framework which doesn't include one or more tabs (for instance, by
deleting the entries in the framework for one tab:
DELETE FROM marc_subfield_structure WHERE frameworkcode = 'KT' AND tab = 4;
...backup first). In the MARC editor the numbered tabs should exclude
that number. Tab-switching should work correctly.
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
I wanted the tabs to be numbered like humans count, starting from 1.
But if the MARC framework setup isn't changed as well it doesn't make
sense. This patch removes the change.
Also fixed: Some missing template filters, an errant console.log()
removed.
To test, apply the patch and open a new or existing record for
editing. The tabs (now "Sections") should be labeled from 0-9.
Signed-off-by: John Doe <you@example.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes style changes to the standard MARC editor with the goal
of both making it more responsive and making it easier to navigate among
tabs and tags.
Tabs are now part of the page's toolbar, which floats as the page
scrolls. In addition to the numbered tabs, there is also a section
showing in-page links to the MARC tags which are available on that page.
To test, apply the patch, regenerate the staff client CSS, and clear
your browser cache if necessary.
Open a blank or existing record in the standard cataloging editor. Test
the redesigned tabs, the floating toolbar, and the in-page tag links.
Confirm that everything works well at various browser widths.
Signed-off-by: Mikaël Olangcay Brisebois <mikael.olangcay-brisebois@inLibro.com>
Signed-off-by: John Doe <you@example.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch moves the JavaScript in the add item template to separate
files: 1 JS file and 1 include file containing translatable strings.
While moving the JS to cataloging_additem.js I have made some changes to
quiet ESLint warnings (spacing, variable definition).
To test, apply the patch and open the add item page for an existing
record. Test the various JS-driven functionalities:
- Table sorting
- Table column configuration
- Table searching
- Table inline edit/delete links (click anywhere in the table row)
- Add multiple item form show/hide
- Add multiple item warning when adding 100+ items
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
In record detail page, item location is displayed with CSS using class "shelvingloc".
Many many places at intranet and OPAC can use this class.
It allows to change display in all places using CSS customisation.
This patch removes the CSS "display:block" for class "shelvingloc".
Some places where using "inline" to correct the display.
I think the display should not be managed in template.
So it will be inline by default and it can be changed by custom CSS, on all places or depending on a selctor.
Test plan :
1) Compile SCSS to CSS
2) Add to preferences IntranetUserCSS and OPACUserCSS : .shelvingloc { color:red }
3) Go to pages impacted by patch, be sure to look at cart with "more details"
4) You see item location italic and red
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Fixes redundant includes of the right-to-left.css file.
There is no need to include it in the .tt files as it's part
of the doc-head-close.inc.
Note:
Make sure your *BaseURL preferences are correctly set as
this will make the switching between languages work
correctly and throw you back to the start page otherwise
every time you switch
Test:
- Install an RTL language like Arabic (ar-Arab)
- Test various pages with English and RTL language:
- Authorities home page
- Adding a new bibliographic record
- Adding a new item or editing items
- Advanced cataloguing (Rancor) editor
- Labels start page
- OPAC detail page
- Verify display is correct and right-to-left.css is available
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
DataTables are used on enough pages in the staff client that it
doesn't make sense to put inclusion of the CSS into each template
where it is needed. This patch moves includes of datatables.css from
individual templates into the global header file.
To test, apply the patch and view various pages which have DataTables.
View various styles of DataTables, e.g.
- Full pagination, like item search results
- Four-button, like Saved SQL reports
Everything should look the same as it was.
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies staff client templates to remove the "type"
attribute from <style> tags. The attribute is no longer valid.
To test, apply the patch and confirm the changes to the templates. The
appearance of the staff client should be unchanged.
Validating pages from the staff client should not return any errors
related to the <style> "type" attribute.
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch replaces the fixFloat jQuery plugin with a new one: HC-sticky
(https://github.com/somewebmedia/hc-sticky). This plugin provides the
same functionality without the page-reflow problems fixFloat suffers
from.
To test, apply the patch and regenerate the staff client CSS. Test the
behavior of the floating toolbar on these pages:
- Acquisitions -> Vendor -> Vendor details
- Acquisitions -> Vendor -> View basket
- On both these pages, test toolbar behavior before and after
expanding the "Orders search" options at the top of the page.
- Administration -> System preferences
- Authorities -> Create or edit an authority
- Catalog -> Advanced search
- Search results
- Catalog -> Item search
- Cataloging -> Add or edit a record
- Open the plugin window for the 008 field
- Tools -> Label creator -> New label batch -> Add items -> Search ->
Results
- Patrons -> New patron
- Test before and after expanding the patron search options at the
top of the page
- Test editing a patron too
- Tools -> Automatic item modifications by age -> Edit
- Tools -> Notices & slips -> Edit
- Lists -> View list
Check that the About page has been updated with information about the
plugin.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Same as Bug 17780 but in value builders.
Select2 (Bug 13501) introduced divs and inputs that broke some
assumptions about the expected HTML structure. This patch checks if
input has name attribute, because some inputs in Select2 have not.
It brakes value builders marc21_linking_section.tt and
unimarc_field_4XX.tt.
Test plan :
1) On a MARC21 database
2) Define 774$0 as a regular subfield
3) Define 774$4 with an authorised value category
4) Define 774$t with value builder marc21_linking_section
5) Create a new record
6) Use value builder in 774$t
7) Search for a record and click choose
8) Without patch : a popup window does not close and show a blank
screen
9) With patch : popup windows get close and you see in field 774 $0 and
$t field with values
10) Same tests with a UNIMARC database on field 461 with value builder
unimarc_field_4XX.tt
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Tested successfully with MARC21
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Fixed the spelling to follow Koha's capitalization rules to
"Print label".
To test:
- Edit an item in the GUI
- Look at the Actions pull down in the table above
the item form
Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Modals in the staff client which load data via AJAX require an "on
close" action in order to clear the modal of the loaded data. The
problem presents itself the second time the modal is opened: The
"loading" message doesn't appear, and the data from the previous link
is shown until the new data loads.
To test, apply the patch and test the following pages. In each case,
click multiple instances of the modal trigger link/button to confirm
that the "loading" message always appears between re-displays of the
modal.
- Acquisitions -> Vendor -> Add to basket -> From a staged file -> Add orders
- Test the "MARC" and "Card" links
- Acquisitions -> EDIFACT messages
- Test the "View message" button
- Acquisitions -> Vendor -> Add to basket -> From an existing record
- Test "View MARC" link
- Acquisitions -> Vendor -> Invoices -> Invoice -> Receipt page
- Test the "Order," "MARC," and "Card" links.
- Catalog -> Bibliographic record details
- Test the MARC Preview link.
- Cataloging -> Cataloging search results
- Test the Actions -> MARC preview and Actions -> Card preview menu
items
- Cataloging -> Cataloging search results -> Merge
- Test the "View MARC" linkscataloguing/merge.tt
- Tools -> Patron lists -> Actions -> Print patron cards
- Tools -> Batch record modification -> Results -> Show MARC
- Tools -> Staged MARC record management -> View batch
- Test MARC preview shown when you click a staged title
Signed-off-by: Cori Lynn Arnold <carnold@dgiinc.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Why? Because we must filter the variables when we display them.
If we escape them on assignement, they will be double escaped:
[% XXX = "<span>pouet</span>" | html %]
[% XXX | html %]
=> <span>pouet</span>
Also it will bring trouble if we are assigning a structure (see bug
21663 for instance).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch updates several cataloging module templates to use the
Bootstrap grid.
- cataloguing/addbooks.tt - Cataloging - The main page and the
cataloging search results page should look correct.
- cataloguing/addbiblio.tt - Cataloging -> New record - The record edit
page should look correct.
- cataloguing/merge.tt - Cataloging -> Search -> Select two records to
merge. The merge reference selection page should look correct, as well
as the source/destination selection page.
- cataloguing/moveitem.tt - Catalog -> Search -> View record -> Edit ->
Attach item. The barcode submit form and confirmation screens should
look correct.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch changes the term ISO2709 in the templates to use
MARC instead.
Test plan:
- The term was changed on the following pages in staff:
- Advanced catalouging editor > Save to catalog
- Patron account > Check out (Activate ExportCircHistory) > Format
- Patron account > Check out > Help page
- Lists > Download list
- Acquisitions > Add order to basket > From a staged file (breadcrumbs)
- Administration > System preferences > ExportRemoveFields
- Cart > Download
- Tools > Export data > Output format
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
- Link 'choose' is now a button.
- It doesn't call directly javascript anymore (use of listener).
- field to load stored in html on the page (less escaping needed).
Test plan :
1) Use UNIMARC catalog
2) Define unimarc_field_210c value builder on 210$c
3) Define an autority type EDITORS with heading on 200$b
4) Create an autority of this type with a single quote in heading, ie : l'avenir
5) Index this new autority
6) Edit a biblio record and launch 210$c value builder
7) Search for new autority
8) Click on 'Choose'
=> Heading should be pasted in 210$c
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes it possible to add an extra column to Z3950 search results.
The system preference AdditionalFieldsInZ3950ResultSearch decides which MARC field/subfields are displayed in the column.
Testing:
I Apply the patch
II Run updatedatabase.pl
ACQUISITIONS
0) Enter a field/subfield in the AdditionalFieldsInZ3950ResultSearch
1) Create a new basket or use an existing one
2) In -Add order to basket-, click "From an external source"
3) Select some search targets and enter a subject heading ex. house
4) Click Search bouton
5) Validate "Additional fields" column with the field/subfield value.
CATALOGUING
0) Shares same syspref as above
1) Go to cataloguing, click New from z3950
2) Fill to result in a successful search
3) Validate column Addition Fields
prove t/db_dependent/Breeding.t
Sponsored-by: CCSR (https://ccsr.qc.ca)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
1) Apply the patch
2) Go to administration and set up a z39.50 authority server, which does
support searching by control number (use attribute 12), you can use czech
national library server:
host: aleph.nkp.cz
port: 9991
base: aut-utf
format: MARC21
encoding: UTF-8
3) Try to find an authority by control number using z39.50 - if you use the server
recomended in point 2) there is web access to the base at
http://aleph.nkp.cz/eng/aut
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed a typo in a code comment and a whitespace issue in the template.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Keeps the selected framework, allows selecting another and validates the record using the correct framework. Contains additional minor tweaks to display proper error messages.
To test:
1. Add a record with a non-default framework in the basic editor.
2. Switch to advanced editor and make sure the settings menu displays the correct framework.
3. Save the record and confirm that the framework code did not change.
4. Change the framework and save the record again.
5. Verify that the framework code changed.
6. Change one framework to make an extra field mandatory.
7. Make sure that the field is required in the editor when the framework above is selected but not when another framework is selected.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch set does several things:
- it removes USER_INFO and BORROWER_INFO
These 2 variables contained logged-in patron's info. They must be
accessed from logged_in_user
- Use patron-title.inc for the breadcrumb at the OPAC, for consistencies
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch updates various unrelated templates to use the Bootstrap
grid. In each case, confirm that the indicated page looks correct.
- Acquisitions -> Vendor -> Add to basket -> From a staged file.
- Logged-in user menu (in the upper right) -> Search history.
- With plugins disabled in koha-conf.xml, go to Tools -> Tools plugins.
- With the EasyAnalyticalRecords system preference set to 'Display,'
view a bibliographic record.
- Choose Edit -> Link to host item.
- Submit a barcode to be linked.
- Configure a MARC subfield (e.g. 100$a) to use the
unimarc_field_225a_bis plugin.
From the MARC edit page, trigger the plugin and confirm that the
page in the popup window looks correct. Confirm that changes made in
the popup window are saved to the corresponding field in the editor.
- Administration -> Funds -> Edit a fund.
- Click 'Select owner.'
- Search for a patron.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the call number browser plugin so that JavaScript is
in the footer instead of the header.
This patch also makes some unrelated changes: The page title has been
corrected; DataTables code has been removed as it was unused.
To test, apply the patch and configure a MARC framework to use
cn_browser.pl as the plugin for tag 952 subfield o.
Open an item for editing. The "Full call number" field should have an
active "..." link next to it. Clicking this should trigger a popup
window with the Call number browser. Confirm that submitting a new
search from this window works correctly.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This bug add update 26 changes.
Update 26
http://www.loc.gov/marc/bibliographic/bdapndxg.html
New subfields 377$3, 380$3, 381$3, 383$3, 730$4
Codes
Map 007/04 'x' new
Map 007/06 'c' renamed
No auth changes
To test:
1) Apply Bug 19835
2) Apply this patch
3) Reload marc21 bibliografic frameworks, check loads ok
4) Clean your browser cache
5) Edit a new bib record, fire 007 plugin,
for Map, 04 position, check new 'x'
for Map, 06 position, check renamed 'c'
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
In Breeding.pm we let Z3950Search return the xslt handler error codes back
to the template. They are converted to text messages by using an new include
file (added for opac and intranet now). The generic xslt_err code is now
obsoleted.
In Record.pm the errstr call is removed. The croak is done with the new
error code in err. This seems sufficient.
Test plan:
[1] Run Breeding.t
[2] Run Record.t
[3] Add a nonexisting xslt file to one of your Z3950 targets. Search on that
target and check if you see a error 'XSLT file not found'.
The bonus is these error messages are now translatable as they are in
the templates
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: George <george@nekls.org>
Signed-off-by: BWS Sandboxes <ByWaterSandboxes@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch changes how the submit and cancel buttons appear in the MARC
008 plugin window. The controls are now displayed as buttons in a
floating toolbar.
To test you must have MARC tag 008 configured to use the
marc21_field_008.pl plugin.
- Apply the patch and open an existing or blank record in cataloging.
- Click the plugin link next to tag 008 to trigger the popup window.
- Confirm that "Save" and "Cancel" appear correctly in a toolbar.
- Scroll down the page to confirm that the toolbar "sticks" to the top
of the window.
- Confirm that the "Save" and "Cancel" buttons work correctly.
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Followed the test plan and the patch works.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This add/updates some codes from updates 22 (Apr/16)
and 23 (Nov/16)
Update 22 https://www.loc.gov/marc/up22bibliographic/bdapndxg.html
Sound Recording 007/03 n (new)
Sound Recording 007/10 n (new)
Sound Recording 007/01 r (new)
Sound Recording 007/01 s (new)
Update 23 https://www.loc.gov/marc/up23bibliographic/bdapndxg.html
Leader/18 n (new)
Music 008/20 p (new), b (renamed)
To test:
1) Apply the patch
2) Clean your browser cache
3) Go to cataloguing -> new record
4) Leader plugin: check leader/18, new option 'n'
5) 007 Plugin:
a) Sound recording
check 007/01 new 'r'
check 007/03 new 'n'
check 007/10 new 'n'
b) Electronic resource
check 007/01 new 's'
6) 008 Plugin: Music, check 008/20 renamed 'b', new 'p'
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Load the advanced cataloging editor
2 - Inspect the network tab in your browser (F12)
3 - Note failure to load 'cataloging_.js'
4 - Note some other scripts don't have versioning
5 - Apply patch
6 - Reload page
7 - Note cataloging.js loads with version number
8 - Note more js files have versioning
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch updates two UNIMARC cataloging plugin templates to use the
Bootstrap grid instead of the YUI grid.
- unimarc_field_210c_bis.tt
- unimarc_field_686a.tt
To test you do not need a UNIMARC system.
Apply the patch and for each plugin, configure a MARC subfield (e.g.
100$a) to use that plugin.
From the MARC edit page, trigger the plugin and confirm that the
page in the popup window looks correct. Confirm that changes made in the
popup window are saved to the corresponding field in the editor.
Signed-off-by: Te Rauhina Jackson <terauhina.jackson@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Add a new system preference MarcFieldDocURL. Setting it to some URL
will make all the MARC documentation links point to that in
the MARC edit UI. Leaving the value empty will use the old defaults
(http://loc.gov for MARC21 and http://archive.ifla.org for UNIMARC).
There are some possible substitutions usable in the URL:
- {MARC} is replaced with either "MARC21" or "UNIMARC"
- {FIELD} is replaced by the MARC field number, eg. "000", "048", ...
- {LANG} is replaced by the UI language, eg. "en", or "fi-FI"
To test:
1) Go to Cataloguing > New record
2) Clicking on the question mark links in the MARC edit will
open a window to either loc.gov or archive.ifla.org
3) Install patch, run updatedatabase, etc
4) Redo parts 1, and 2.
5) Set the value of MarcFieldDocURL to
http://example.com/?field={FIELD}&marc={MARC}&lang={LANG}
6) Redo parts 1 and 2
7) Clicking on the question mark links in the MARC edit will
open a window to example.com, with the proper substitutions
in the URL for the field, marc flavour and language
Signed-off-by: Pasi Kallinen <pasi.kallinen@joensuu.fi>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>