This patch deals (hopefully) correctly with encoding and escaping chars.
It also remove OPACBaseURL from the url stored in DB, and readd is on
display, to avoid possible attacks.
Test plan:
Go to the authority search
fill term with something hacky
<script>alert('booh!')</script>And Ŝ♥m€ E★tr₳
Search
Click the "Report a problem" link
Fill the form and make sure the url is displayed correctly
submit
Check problem_reports.problempage in DB => Should be correctly displayed
Go to staff interface, "OPAC problem reports"
=> Confirm the link is correctly display
Click it
=> Confirm that you are at the OPAC, and the URL is correct
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
QA: We have a security issue here, we should not make this link
clickable from the staff side.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
status varchar(6) with readable statuses
borrowernumber not null default 0
hide form if message successfully sent
fixing hide viewed and hide closed filters
adding recipient column
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
- Update database and upgrade schema files (if you haven't already).
Restart memcached
- Check your user's permissions and ensure the 'problem_reports'
permission is ticked. Confirm the OPACReportProblem syspref is enabled
- Log into the OPAC and submit a problem report
- Log into the staff client
- You should see a box at the bottom of the main page showing your
pending problem report
- Click the link and confirm it takes you to the new page for managing
problem reports
- Go to Administration
- Confirm you can see a link to 'OPAC problem reports' under the
'Additional parameters' heading
- Click 'OPAC problem reports'
- Confirm your problem report is showing in the table
- Open the OPAC in another tab and submit at least two more problem
reports (so you should have at least three in the table after
refreshing)
- Try the different buttons
- selecting multiple problem reports and using the big 'mark
viewed', 'mark closed', 'mark new' buttons. Confirm there are no
failures and that the number of selected problem reports is correct
- select all, clear all, hide viewed, hide closed, hide new, show
all
- individual 'mark viewed', 'mark closed', 'mark new' buttons for
each problem report. Confirm the status shows and the correct button
is disabled while others are enabled
- Confirm the problem page link works as expected
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
