The CSS for <div class="error"> is obsolete and should not be used. This
patch removes the definition from the main CSS file and corrects
instances of its use in the templates to the standard <div class="dialog
alert">.
To test:
- In Acquisitions -> Late orders, locate an order from a vendor which
doesn't have an email address. Selecting that order and clicking
"Claim" should trigger an error dialog, "This vendor has no email." It
should be styled correctly.
- With AcqCreateItem set to "when placing an order," add to an existing
order using the "From a new (empty) record" option. Add two items with
identical barcodes and submit the form. A error should show at
the top of the page.
- With AcqCreateItem set to "when receiving an order," receive an order
and add two items with identical barcodes. Submitting the form should
trigger an error message at the top of the page.
With the remaining cases I don't know how to trigger the errors in
question, so a visual check of the changes may be required:
- Administration -> Funds -> "You are not authorized to modify this
fund"
- Administration -> Search engine configuration
(/admin/searchengine/elasticsearch/mappgings.pl) -> Various
modification errors.
- With the AutoEmailOpacUser preference set to "send," adding a patron
without an email address can trigger an error, "This member has no
email."
- With plugins enabled, and installed, there are error messages
displayed under various circumstances.
Signed-off-by: Andrew Isherwood <andrew.isherwood@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch updates various unrelated templates to use the Bootstrap
grid. In each case, confirm that the indicated page looks correct.
This patch also corrects a couple of capitalization errors and removes
an unused template: virtualshelves/merge.tt.
- Tools -> Patron card creator -> Manage -> Card batches
- Export a batch
- The pages inside the modal window should look correct: Both the "X
batch(es) to export" screen and the "download exported batch(es)"
one.
- Tools -> Patron lists -> Edit list
- The patron list add/edit form should look correct.
- Disable plugins in koha-conf.xml.
- Tools -> Plugins
- The "Plugins disabled" page should look correct.
- Enable plugins in koha-conf.xml
- Tools -> Plugins -> Upload plugins.
- This page should look correct.
- Tools
- The tools home page should show three columns: Patrons and
Circulation, Catalog, Additional tools.
- At viewport width below 768 pixels content should reflow into one
column.
- virtualshelves/merge.tt has been removed as it is unused. Search the
codebase for references to it. There should be none.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The plugins handling code expects plugins implementing an 'uninstall' method for
cleanup purposes. It executes this method, and then moves on with removing the
configuration entries in the storage, and the plugin itself.
But the 'plugins-home.tt' template makes the tool display the 'Uninstall'
link in the dropdown ONLY when the plugin has the 'uninstall' method.
This patch fixes the issue.
To reproduce:
- Install the KitchenSink plugin [1]
=> SUCCESS: The 'actions' dropdown for KitchenSink shows an 'Uninstall' option
- Edit the code for the plugin:
$ sudo vim /var/lib/koha/kohadev/plugins/Koha/Plugin/Com/ByWaterSolutions/KitchenSink.pm
- Remove the uninstall sub
- Restart everything:
$ restart_all
- Reload the browser
=> FAIL: There's no 'Uninstall' option in the actions dropdown.
- Apply this patch
- Restart everything
$ restart_all
- Reload the browser
=> SUCCESS: The 'actions' dropdown for KitchenSink shows an 'Uninstall' option
- Sign off :-D
[1] https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client plugins template so that
JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of
the modified template:
- The plugins link should be bold in the sidebar menu.
- Choosing "Uninstall" for an installed plugin should trigger a
confirmation alert.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Edit: fixed tab-for-space errors (tcohen).
Signed-off-by: Magnus Enger <magnus@libriotech.no>
New categories are added to the pulldown and work as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
Go to the plugins page from
Reports->Report plugins
Tools->Tool plugins
Admin->Manage plugins
Ensure that you have a 'View plugins by class button'
Ensure the button does what you would expect
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I ran:
$ git grep -l cat-search.inc | grep admin
This means I believe the outstanding ones are
(koha-tmpl/intranet-tmpl/prog/en/modules/):
- admin/auth_subfields_structure.tt
- admin/clone-rules.tt
- admin/marc_subfields_structure.tt
- admin/searchengine/elasticsearch/mappings.tt
One other was recommended by Katrin in comment #9:
- plugins/plugins-home.tt
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes multiple changes to the plugins home page template to
bring it up to date with current interface patterns.
Test the following changes:
- Breacrumb links have been corrected to include "Tools" in the path.
Verify that this link is correct.
- A toolbar has been added for an "Upload plugin" button. Uploading is
an action, not a view, so it should be displayed in a toolbar. Verify
that the button works correctly.
- Messages are now formatted as messages rather than as headings. To
test, trigger a message by, for instance, uninstalling all plugins or
passing an invalid "method" parameter with the URL.
- Incorrect capitalization corrected.
- Plugin actions are moved to a single "Actions" dropdown menu. This
includes 'Run report,' 'Run tool,' 'Configure,' and 'Uninstall.' Test
that all these menu options work correctly.
- The standard "Tools" sidebar menu has been added.
- An "onclick" attribute has been removed in favor of defining the event
in JavaScript. Test by choosing the 'Uninstall' menu item for a
plugin. Test both confirm and cancel actions.
Also changed:
- Corrected capitalization on the tools home page.
- Adding missing plugins link to the tools sidebar menu.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To Test:
checkthat "extention" has been changed to "extension" on line 27
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Followed test plan from patch 1/2, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
* Add "Plugins disabled" screen instead of error
* Allow plugins to return a value, add a test run that checks the return value
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Adds support for custom plugins. At the moment the Plugins
feature supports two types of plugins, reports and tools.
Plugins are installed by uploading KPZ ( Koha Plugin Zip )
packages. A KPZ file is just a zip file containing the
perl files, template files, and any other files neccessary
to make the plugin work.
Test plan:
1) Apply patch
2) Run updatedatabase.pl
3) Create the directory /var/lib/koha/plugins
4) Add the lines
<pluginsdir>/var/lib/koha/plugins</pluginsdir>
<enable_plugins>1</enable_plugins>"
to your koha-conf.xml file
5) Add the line
Alias /plugin/ "/var/lib/koha/plugins/"
to your koha-httpd.conf file
6) Restart your webserver
7) Access the plugins system from the "More" pulldown
8) Upload the example plugin file provided here
9) Try it out!
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
