The various subpages of the label creator tool we're under the
'catalogue' permission. There is however a 'label_creator' subpermission
of tools which is more appropriate.
Test plan
1/ Setup a user with just the 'catelogue' permission (to enable logging
into the staff interface)
2/ With the patch applied you should not be able to access the following
pages (either via navigation in the UI or by typing them into the
browser address bar directly)
- /patroncards/add_user_search.pl
- /patroncards/edit-batch.pl
- /patroncards/edit-layout.pl
- /patroncards/edit-profile.pl
- /patroncards/edit-template.pl
- /patroncards/home.pl
- /patroncards/image-manage.pl
- /patroncards/manage.pl
- /patroncards/print.pl
3/ Signoff
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It defaults to 0 in get_template_and_user
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a .perlcriticrc (copied from qa-test-tools) and fixes
almost all perlcrictic violations according to this .perlcriticrc
The remaining violations are silenced out by appending a '## no critic'
to the offending lines. They can still be seen by using the --force
option of perlcritic
This patch also modify t/00-testcritic.t to check all Perl files using
the new .perlcriticrc.
I'm not sure if this test script is still useful as it is now equivalent
to `perlcritic --quiet .` and it looks like it is much slower
(approximatively 5 times slower on my machine)
Test plan:
1. Run `perlcritic --quiet .` from the root directory. It should output
nothing
2. Run `perlcritic --quiet --force .`. It should output 7 errors (6
StringyEval, 1 BarewordFileHandles)
3. Run `TEST_QA=1 prove t/00-testcritic.t`
4. Read the patch. Check that all changes make sense and do not
introduce undesired behaviour
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test Plan:
Check the following files have been updated from
use strict;
use warnings;
to
use Modern::Perl;
create-pdf.pl
edit-batch.pl
edit-layout.pl
edit-profile.pl
edit-template.pl
home.pl
image-manage.pl
manage.pl
print.pl
Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Card printers with duplex functionality need as input a PDF file where odd pages contain
the front side and even pages the back side of the cards.
This patch adds such functionality.
To prepare test:
- In Patron card creator > Templates, prepare a 1 up template (1 column / 1 row) that
fits to a single card. Give it a name like 'Duplex card template'
(Attention, Card with and Card height seem to have wrong labels, that will go
to a separate bug).
- In Patron card creator > Layouts create a layout for the front side and one for
the back side. Give them names to easily remember (Card front layout, Card back layout)
- Go to Patron card creator > Batches and test both layouts together with the
1 up template. Save and keepp both test files as reference.
To test:
- Apply patch. Restart memcached and plack.
- Go to Patron card creator > Batches
- Click "Export" for a batch
- In the following screen, note the new field "Select a layout for the back side"
with a hint what it is used for
- Leave it on 'Back side layout not used', export and compare output with test ooutput
from preparation. It should be the same
- Select the layout you prepared for the back side.
- Export - this file should contain 2 PDF pages per patron, one first with the
front side, second with the back side.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To recreate:
/cgi-bin/koha/patroncards/edit-template.pl?op=edit&element_id=23%20and%201%3d2+union+all+select+1,user(),@@version+--%20
Look at the Profile dropdown list.
To fix this problem and to make sure it does not appears anywhere else
in the label and patroncards modules, I have refactored the way the
queries are built in C4::Creators::Lib
Now all of the subroutine takes a hashref in parameters with a 'fields'
and 'filters' parameters.
From these 2 parameters the new internal subroutine _build_query will
build the query and use placeholders.
Test plan:
1/ Make sure you do not recreate the vulnerability with this patch
applied.
2/ With decent data in the labels and patroncards modules, compare all
the different view (undef the New and Manage button groups) with and
without this patch applied.
=> You should not see any differences.
This vulnerability has been reported by MDSec.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch replaces the occurrences of
my @foo = $cgi->param('foo');
with
my @foo = $cgi->multi_param('foo');
perl -p -i -e
's/^(\s*my\s*@\w+\s*=\s*)\$(cgi|input|query)\->param\(/$1\$$2\->multi_param\(/xms'
**/*.pl
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch adds the possibility to print patron cards from patron lists.
To test:
- Go to Home > Tools > Patron card creator
- Prepare a patron card and create some cards using the batch functionality
- Apply patch
- Prepare a patron list e.g. from patron search
- Go to Home > Tools > Patron card creator > Manage batches
- Below the list of batches you have a dropdown to select a patron list
- Select your list and hit "Export from patron list"
- Select template and layout as you would do with batches
- Hit "Export"
- Download PDF
Modified patch to work with Bug 14676 changes. Functionality unchanged.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Liz <wizzyrea@gmail.com>
(Amended to make it apply on current master)
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://bugs.koha-community.org/show_bug.cgi?id=9987
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.
This patch changes the occurences of '.tmpl' in favour of '.tt'.
To test:
- Apply the patch
- Install koha, and verify that every page can be accesed
Regards
To+
P.S. a followup will remove the glue code.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch touches a lot of code, but basically it removes version
information from use C4::* in our code.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
All script still compiles after the patch (confirmed by pre-applypatch hook)