Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the staff client label creator templates so that
JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of
each modified template: All button controls, DataTables functionality,
form validation, etc.
This patch also modifies the templates to use the Bootstrap grid instead
of YUI, and removes obsolete "text/javascript" attributes from
<script> tags and "text/css" attributes from <style> tags in the
modified templates.
To test, apply the patch and test the following interactions:
- Creating and managing layouts
- Creating and managing batches
- Creating and managing templates
- Creating and managing printer profiles
- Creating quick spine labels
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The name of the element wasn't translated in the message.
Test plan:
1. install the fr_FR locale
2. go to /cgi-bin/koha/labels/label-manage.pl?label_element=batch
3. ensure that the list is empty
4. then you should see "pas de Batches actuellement"
5. then you should see "créer un nouveau batch."
6. apply this patch
7. install the language
8. refresh the page
9. then you should see "pas de Lots actuellement"
10. then you should see "créer un nouveau lot ."
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch updates several label creator templates to remove the use of
"onclick" in favor of defining click events in JavaScript.
Also changed:
- Replaced the non-existant element <icon> with <i>
- Removed the use of <center> and 'align="center"';
- In the item search results template:
- The use of the checkboxes jQuery plugin has been replaced with
straight jQuery for simplicity's sake.
- Output of table headers has been modified so that translatable
strings are in the template instead of having English strings
passed from the script.
- Moved the 'Add checked' and 'Done' buttons into a floating toolbar.
To test, apply the patch and go to Tools -> Label creator.
- Choose New -> Label batch
- Click 'Add items'
- Perform a search for items.
- Confirm that 'select all' and 'clear all' links work.
- Confirm that clicking an individual 'Add' button works.
- Select multiple items and click the 'Add checked' button. Confirm
that the selected items were added to your batch.
- Click 'Add items' again to save the selected items to your batch.
- Test that the 'Delete' and 'Export' buttons next to any item work
correctly.
- Choose Manage -> Label batches
- Test that the 'Delete' button works correctly.
- Select one or more batches and test that the 'Export selected'
button works correctly.
Revision: Removed changes to pagination in the item search results
template since it didn't work.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The staff client CSS is not language-specific, so it can be moved out of
the en/ directory and thus not be duplicated for every translation.
In order to be able to have a generic path to the YUI CSS files, the YUI
directory is moved by this patch to the staff client's lib/ directory.
To test, apply the patch and visit various pages in the staff client.
Look in particular at pages which include more than the standard CSS.
For example:
- The staff client login page.
- The staff client home page.
- Patron -> Set permissions.
- The advanced cataloging editor.
- Acquisitions -> Vendor -> Basket groups.
- Tools -> News -> Edit news.
- Administration -> System preferences.
Revised: I intended for this to be built on top of Bug 15883. Now it is.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of 15883
Works as described, all pages on test plan
No Errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Tools -> Label Creator
2) Confirm that the actions column for the table on each management page (Manage label batches, Manage layouts, Manage label templates, Manage printer profiles) does not wrap on narrow browser windows.
Sponsored-by: Catalyst IT
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
The label creator had a very sad sidebar, it needed to have the Tools area sidebar on it.
To test:
Click through all "New" pages, verify that the sidebar appears
Click through all "Manage" pages, verify that the sidebar appears.
Also verify that "Label creator" is bolded in the toolbar while the label creator is active.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Sidebar displayed Ok. No errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Also fixes minor issue with buttons stacking on patroncards/edit-batch
and labels/label-manage
To test:
Export a batch every way you can:
multiple together from label/label-manage
individual items from labels/label-edit-batch
selected items from labels/label-edit-batch
export full batch from labels/label-edit-batch
multiple together from patroncards/manage
individual cards from patroncards/manage
individual cards from patroncards/edit-batch
selected cards from patroncards/edit-batch
export full batch from patroncards/edit-batch
Also notice that before this patch, the delete and export buttons
were stacking on the table rows, and that now they are not doing
that anymore. It may take a force refresh to see the behaviour and
the change.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the page title and breadcrumbs more consistent.
It does so by removing some text (Manage...) and using Edit (id) and Create
on building both the breadcrumbs and titles.
To test:
- Traverse all the Label creator options
=> FAIL: the texts are not consistent and don't match what we use in the patron card creator.
- Apply the patch
=> SUCCESS: Terminology is consistent, titles and breadcrumbs show the same information
- Sign off :-D
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The tool is documented and accessed (via Tools >) as 'Label creator'. But the
pages titles say 'Labels' and the breadcumbs 'Labels home'. It should be called
'Label creator' for consistency. This patch changes the tt files so they are
consistent.
It also makes the title show the same page name as the breadcumbs.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch 1/ Fixes a regression introduced by the previous patch: the
"Are you sure to delete..." strings was translatable and 2/ Make the
table headers translatable.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Note: It would be good to adopt these same changes in the Patron Card creator for consistency and push
them in conjunction with these changes. -Chris_n
Reasoning
Librarians will be doing label things in the following frequencies, from most frequent to least frequent:
1. Creating new label batches - every day/every few days
2. Managing existing label batches - every day/every few days
3. Managing existing label layouts - as needed, infrequent
5. Managing existing label templates - as needed, infrequent
6. Creating new label layouts - as needed, infrequent
7. Creating new label templates - as needed, infrequent
8. Managing existing printer profiles - possibly once only!
9. Creating new printer profiles - possibly once only!
This change to the label creator aims to make the most frequently used items easily accessible at the top of the main area,
reduces clutter on the page, and makes the label creator fall in line with UI paradigms found elsewhere in Koha.
To test:
Open the label creator: More -> Tools -> Label creator
Note that the toolbar has changed. It should be consistent across all of the label creator (it is an include).
+ New menu:
Label batch
1. make sure it looks ok - toolbar buttons are consistent at the top of the main block.
2. add items both by barcode, and by search (note this patch does not touch the pop up window. Another day.)
3. note that the usual buttons have moved below the textarea, and now have icons.
4. delete and export single items using the buttons corresponding to each item
5. select multiple and use the buttons above the table to remove and export selected items
6. export a full batch
7. deduplicate a batch
There should be no regressions in functionality.
Layout
1. This menu item should take you directly to the "Edit layout" screen.
2. no functional changes here.
3. note toolbar at top is consistent
Label template
1. this menu item should take you directly to the "Edit label template" page.
2. no functional changes here.
3. note toolbar at top is consistent.
Printer profile
1. this menu item should take you directly to the "Edit printer profile" page.
2. no functional changes here.
3. note toolbar at top is consistent.
+ Manage menu:
Label batches
1. This menu item should take you directly to the "currently available batches" page.
2. select a batch to edit using the buttons
3. select a batch to delete using the buttons - it should ask for confirm.
4. select several batches using the tickboxes, and select Export selected. Batches should be exported as normal.
5. note toolbar at top is consistent.
Layouts
1. This menu item should take you directly to the "currently available layouts" page.
2. select a layout to edit using the buttons
3. select a layout to delete using the buttons
4. note toolbar at top is consistent.
Label templates
1. This menu item should take you directly to the "currently available templates" page.
2. select a template to edit using the buttons
3. select a template to delete using the buttons
4. note toolbar at top is consistent.
Printer profiles
1. This menu item should take you directly to the "currently available profiles" page.
2. select a profile to edit using the buttons
3. select a profile to delete using the buttons
4. note toolbar at top is consistent
+ General
* note that sidebar now only has "labels home" instead of the full "manage" list. It seemed redundant with the toolbar tidied up.
Please note that I am happy to take suggestions/amendments to these changes.
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes those strings translatable.
Title now depends on element, all on TT file,
removed from pl file
To test:
1. Apply the patch
2. Go to Tools > Label creator
3. Clic on Manage layouts, templates, profilesor batches,
title of currently available must show with fixed
capitalization
4. Update translation languages and check new entries
msgid "Currently available batches"
msgid "Currently available layouts"
msgid "Currently available profiles"
msgid "Currently available templates
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Currently translating Javascript strings with variables in them is hard,
because the strings are created from separate parts. For example:
_("Are you sure you want to delete the") + " " + count + " " +
_("attached items?")
This is translated in two different parts, and the translator cannot
affect the place where the count-variable is.
Now, if the javascript strings allowed placeholders, similar to how the
template strings do, the above could be written as:
_("Are you sure you want to delete the %s attached
items?").format(count)
This would make translation much easier.
Attached patch adds a Javascript string formatter, and changes all the
concatenated translatable JS strings used in intranet to use that.
To test:
1) cd misc/translator
2) perl translate update xx-YY
3) grep ^msgid po/xx-YY-i-staff-t-prog-v-3006000.po | sort | uniq >
xx-YY-pre
4) apply patch
5) perl translate update xx-YY
6) grep ^msgid po/xx-YY-i-staff-t-prog-v-3006000.po | sort | uniq >
xx-YY-post
7) compare the files: diff -Nurd xx-YY-pre xx-yy-post | less
should show the javascript strings that changed.
8) Test the UIs where the formatted js strings are used.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I tested *most* of the changed files. There were some instances where it
wasn't clear to me how to trigger the warnings which were modified,
especially tags/review.tt, admin/manage-marc-import.tt, and holidays.tt.
Everything I was able to test worked correctly.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely, no regressions found. Thx!
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch modifies the template for the label manage pages to use
the new DataTables include. This simplifies the inclusion of assets and
updates to the latest DataTables version.
To test, view the following pages and confirm that table sorting is
working correctly:
Manage layouts (/cgi-bin/koha/labels/label-manage.pl?label_element=layout)
Manage templates (/cgi-bin/koha/labels/label-manage.pl?label_element=template)
Manage profiles (/cgi-bin/koha/labels/label-manage.pl?label_element=profile)
Manage batches (/cgi-bin/koha/labels/label-manage.pl?label_element=batch)
Signed-off-by: wajasu <matted-34813@mypacks.net>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch corrects serveral more places in the templates where the path
to the prog theme is hard-coded. To test, apply the patch and view the
following cases:
- When a database update is triggered the login page loads login.css.
This path should be correct. (Reference to wizard.css is removed as
per Bug 10422).
- The course reserves home page should load datatables-related assets
correctly.
- Help pages for the Quick spine label creator and the staff client home
page should show the correct paths where they reference the Koha file
system.
- The web installer pages should correctly load the Koha logo.
- The label creator "manage" pages (layouts, templates, etc.) should
correctly load datatables-related assets.
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Checked all 5 - look good.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I tested most scripts affected by this patch and visually verified
all changes. Functionality is unaffected.
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
After talking to Owen we decided to use 2 classes for those modules. I decided on:
patroncard: tools, pcard
labels: tools, labels
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
standardized the use of the term "library" instead of "Branch" accross the interface and opac
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>