Commit graph

16 commits

Author SHA1 Message Date
bc5decc913 Bug 27716: Update permissions for patroncards creator
The various subpages of the label creator tool we're under the
'catalogue' permission. There is however a 'label_creator' subpermission
of tools which is more appropriate.

Test plan
1/ Setup a user with just the 'catelogue' permission (to enable logging
into the staff interface)
2/ With the patch applied you should not be able to access the following
pages (either via navigation in the UI or by typing them into the
browser address bar directly)
  - /patroncards/add_user_search.pl
  - /patroncards/edit-batch.pl
  - /patroncards/edit-layout.pl
  - /patroncards/edit-profile.pl
  - /patroncards/edit-template.pl
  - /patroncards/home.pl
  - /patroncards/image-manage.pl
  - /patroncards/manage.pl
  - /patroncards/print.pl
3/ Signoff

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-16 16:08:30 +01:00
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
638786e719 Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 10:40:35 +02:00
Julian Maurice
b168f4a2e9 Bug 21395: Make perlcritic happy
This patch adds a .perlcriticrc (copied from qa-test-tools) and fixes
almost all perlcrictic violations according to this .perlcriticrc
The remaining violations are silenced out by appending a '## no critic'
to the offending lines. They can still be seen by using the --force
option of perlcritic
This patch also modify t/00-testcritic.t to check all Perl files using
the new .perlcriticrc.
I'm not sure if this test script is still useful as it is now equivalent
to `perlcritic --quiet .` and it looks like it is much slower
(approximatively 5 times slower on my machine)

Test plan:
1. Run `perlcritic --quiet .` from the root directory. It should output
   nothing
2. Run `perlcritic --quiet --force .`. It should output 7 errors (6
   StringyEval, 1 BarewordFileHandles)
3. Run `TEST_QA=1 prove t/00-testcritic.t`
4. Read the patch. Check that all changes make sense and do not
   introduce undesired behaviour

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-06-29 12:37:02 +02:00
Grace Smyth
3ded637bc5 Bug 20010: use Modern::Perl in Patroncards perl scripts
Test Plan:
Check the following files have been updated from
use strict;
use warnings;
to
use Modern::Perl;

create-pdf.pl
edit-batch.pl
edit-layout.pl
edit-profile.pl
edit-template.pl
home.pl
image-manage.pl
manage.pl
print.pl

Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-05 09:46:44 -03:00
Marc Véron
65c32eee8e Bug 18465 - Patron card creator: Print on duplex card printer
Card printers with duplex functionality need as input a PDF file where odd pages contain
the front side and even pages the back side of the cards.

This patch adds such functionality.

To prepare test:
- In Patron card creator > Templates, prepare a 1 up template (1 column / 1 row) that
  fits to a single card. Give it a name like 'Duplex card template'
  (Attention, Card with and Card height seem to have wrong labels, that will go
  to a separate bug).
- In Patron card creator > Layouts create a layout for the front side and one for
  the back side. Give them names to easily remember (Card front layout, Card back layout)
- Go to Patron card creator > Batches and test both layouts together with the
  1 up template. Save and keepp both test files as reference.

To test:
- Apply patch. Restart memcached and plack.
- Go to Patron card creator > Batches
- Click "Export" for a batch
- In the following screen, note the new field "Select a layout for the back side"
  with a hint what it is used for
- Leave it on 'Back side layout not used', export and compare output with test ooutput
  from preparation. It should be the same
- Select the layout you prepared for the back side.
- Export - this file should contain 2 PDF pages per patron, one first with the
  front side, second with the back side.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-06 14:52:54 -03:00
a70980d825 Bug 17900: Fix possible SQL injection in patron cards template editing
To recreate:
/cgi-bin/koha/patroncards/edit-template.pl?op=edit&element_id=23%20and%201%3d2+union+all+select+1,user(),@@version+--%20

Look at the Profile dropdown list.

To fix this problem and to make sure it does not appears anywhere else
in the label and patroncards modules, I have refactored the way the
queries are built in C4::Creators::Lib
Now all of the subroutine takes a hashref in parameters with a 'fields'
and 'filters' parameters.
From these 2 parameters the new internal subroutine _build_query will
build the query and use placeholders.

Test plan:
1/ Make sure you do not recreate the vulnerability with this patch
applied.
2/ With decent data in the labels and patroncards modules, compare all
the different view (undef the New and Manage button groups) with and
without this patch applied.
=> You should not see any differences.

This vulnerability has been reported by MDSec.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-30 11:19:55 +00:00
66aacace08 Bug 16154: CGI->multi_param - Declare a list
This patch replaces the occurrences of
  my @foo = $cgi->param('foo');
with
  my @foo = $cgi->multi_param('foo');

perl -p -i -e
's/^(\s*my\s*@\w+\s*=\s*)\$(cgi|input|query)\->param\(/$1\$$2\->multi_param\(/xms'
**/*.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:42 +00:00
Marc Véron
5b35435d35 Bug 14131 - Patroncard: Add possibility to print from patron lists
This patch adds the possibility to print patron cards from patron lists.

To test:

- Go to Home > Tools > Patron card creator
- Prepare a patron card and create some cards using the batch functionality
- Apply patch
- Prepare a patron list e.g. from patron search
- Go to Home > Tools > Patron card creator > Manage batches
- Below the list of batches you have a dropdown to select a patron list
- Select your list and hit "Export from patron list"
- Select template and layout as you would do with batches
- Hit "Export"
- Download PDF

Modified patch to work with Bug 14676 changes. Functionality unchanged.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Liz <wizzyrea@gmail.com>

(Amended to make it apply on current master)

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2015-12-31 20:24:58 +00:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
Dobrica Pavlinusic
130e3d9c10 Bug 8315 - remove use C4::* version
This patch touches a lot of code, but basically it removes version
information from use C4::* in our code.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
All script still compiles after the patch (confirmed by pre-applypatch hook)
2012-07-13 14:17:20 +02:00
Lars Wirzenius
c165df96c0 Fix FSF address in directory patroncards/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:55 -04:00
Chris Nighswonger
84d5b28f12 Bringing label, patroncard, and creator modules into conformity with the rest of C4 style.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-08 20:54:34 -05:00
Chris Nighswonger
7a6a1acff2 [16/30] Patron Card Creator print interface and code 2010-01-11 18:21:13 -05:00