Also adding missing filters
ALSO ensuring you can switch back to library default on staff side
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Same fix for the intranet side
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Look at Show more/less links in facets, in opac and staff client
--> without this patch they are pure text, no styling, no hand cursor
--> with this patch it is link, but continues to work as before
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch removes the constraint of only passing 5 facets to the template unless the list is expanded, in fact, it removes the 'expanded' attribute from Search.pm
Now that all facets are passed to page it adds a 'show more' link at the bottom of lists and allows user to expand or collapse any facet set without reloading page.
Updated tests included.
To test:
1 - Perform an OPAC search that returns more than 5 of any given facet type
2 - Click the "Show more" link on the facets and see that the search is reloaded
3 - Apply patch
4 - Repeat search
5 - Note that you can click "Show more" without reloading page
6 - Test that page load is not greatly affected
7 - Ensure that all facet links function normally
8 - Ensure that facets are the same a prior to patch
9 - Repeat for staff client
10 - Prove t/Search.t
NOTE: This patch makes it much easier to see that there is an existing issue with marking the "active" facet. Ending punctuation seems to confuse the matcher.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When one uses characters like Ã, ç ... the first searcshow up correctly but when you refine your search with "Show more", the encoding becomes bad and so, results of the search too.
Test plan :
Without the patch:
- check if you have your SysPref SearchEngine with Elasticsearch as value,
- put your SysPref FacetMaxCount at 10,
- search in the catalog "a" and then in Refine your search click on show more (just to see how it works),
- then search with special characters like "é", ç" ... and make the same test, the research should be wrong when you click on show more and the page is realoaded.
Then apply the patch:
- and make the same with a classic reasearch, then with special characters,
- verify that when you click on show more the page isn't realoded and the reasearch is correct.
- same with show less
- and finnaly, add some facets and test show more/less
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch add language as a facet to ES results - it adds
a new template plugin for languages to get the appropriate
description given an iso 639-2 code
To test:
1 - Make sure you have records with differing languages (in the MARC21 008
field characters 35-37 or UNIMARC 101a)
2 - Apply patch
3 - Reload Elasticsearch settings:
http://localhost:8081/cgi-bin/koha/admin/searchengine/elasticsearch/mappings.pl?op=reset&i_know_what_i_am_doing=1
4 - Reindex your records
5 - Search for a phrase that will return results in several languages
6 - Verify you see factes correctly labelled for 'Language'
7 - Verify the facets work
8 - Verify both opac and staff results
9 - prove t/db_dependent/Languages.t
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We must not escape query_cgi and limit_cgi template-side, they are already
escape properly from build_query_compat using uri_escape_utf8.
To fix further problems we should replace all occurrences to make things
clear (I decided to keep the html filter so far, which did not hurt, but uri or url do)
Same patch as the following commit will be provided
commit 2fc599c089
Bug 21526: Fix search result pages (url vs uri vs raw)
query_cgi is uri_escaped from the pl, so we should displayed as raw
Test plan:
Use wide characters ❤
Search, filter, facets, search history, rss (both interfaces)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We need to adjust a few query_cgi | uri filters here too.
Note that sort_by should be filtered by uri, not url.
Similar change on staff side.
Test plan:
Toggle Show all items/Limit available items.
Check: git grep -l "query_cgi | uri"
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
query_cgi is uri_escaped from the pl, so we should displayed as raw
Test plan:
Use wide characters ❤
Search, filter, facets, search history, rss (both interfaces)
Please test deeply!
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds the index definitions for zebra faceting of ccode in
koha for marc21, normarc and unimarc.
We also add lines to the templates to expose the new facet and enable
non-zebra faceting for ccode too.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Apply patch
2 - Backup your db
3 - Drop and create a new db to ensure your mappings are refreshed from
the patch
4 - add some titles with items with collection codes
5 - search and see collection code facets
6 - sign off
Work to be done:
1 - Replace codes with descriptions
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch fixes an issue with a splitted sentence in facets (Avalability)
that leads to weird translations e.g.:
German: 'Zeige nur Verfügbar Exemplare'
French: 'Montrer seulement disponible exemplaires'
Additionally, the link "Show all items" gets it's own li tags to display
nicely like the other links in the facets column and it removes superfluous
dots.
To test in OPAC and Staff client:
- Apply patch
- Do a search that results in more than one available items
- In column "Refine your search", click on "Limit to currently available
items"
- Verify that the message "Showing only available items" and the link
"Show all items" display nicely.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
use_zebra_facets set to 0 in koha-conf.xml to test. Works as described
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Bug 13789 has fixed this issue for the facet links (select/unselect) but
not for the "Show more" facets link.
This patch reuses the "url" variable, generated for the facets, for
these links. A new "local_url" variable is used to build links for each
entry.
Test plan (for OPAC and intranet):
- Search for a very common term
- Filter the results using facets
- You should get more than 5 entries for a facet and 1 selected:
Author
author 1
author 2 [x] # Selected
author 3
author 4
author 5
Show more # you see this link if there is 5+ values for this facet
- Click on the Show more link
Without this patch, the url contains double-encoded characters and you
will certainly don't get any results
With this patch, you should get results.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 13425 tried to fix XSS in OPAC, by using url filter in template toolkit
on whole generated url. This doesn't work and create double encoded strings
in facets because we are creating url variable by concatenating query_cgi
(which did pass through uri_escape_utf8 on perl side) and other
parameters which have to be escaped in template.
Also, code like
[% SET limit_cgi_f = limit_cgi | url %]
doesn't do anything (at least doesn't apply url filter) so it's not needed.
This patch also fixes encoding of hidden fields used in sort by form.
And lastly, it tries to make facet changes for opac and intranet as same as
possible to simplify future maintencence of this code.
Test scenario:
1. find results in your opac which contain accented characters
2. click on them and verify that results are missing
3. apply this patch
4. re-run search and click on facets link verifying that there are
now results
5. test sort by form and verify that results are ok
6. verify that facets are still safe from injection by constructing url like
/cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123
and verifying that you DON'T see prompt window in your browser
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To Test
1/ Craft a url like /cgi-bin/koha/catalogue/search.pl?q=smith&sort_by='"><script>prompt('Happy_Holidays')</script>
It is important it must return results and facets
2/ Notice the js is executed
3/ Apply the patch test again
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
No prompts, no functional regressions found.
Checked selecting and undoing facets, show more links and paging.
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
When searching (at the OPAC or pro), facets can be enabled but never
disabled. So a user is obliged to relaunch the search.
This patch adds a new link "[x]" at the right of each selected facet.
This link relaunch the search without this facet.
Test plan:
- Launch a search (OPAC and pro)
- Enable some facets
- Disable some facets
Signed-off-by: sonia bouis <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Patches pass all tests and QA script. Nice feature!
Tested in Boostrap and Prog, adding end removing multiple
facets in different sequences, adding and removing the
availability limit.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch adds classes for both the facet label and count, and adds
'inline-block' to the 'facet-count' class so text shows properly.
To reproduce:
- Have facets to show some right to left text (example on the bug
report) in English language templates.
- Enable the displayFacetCount.
- Check it displays like the attached screenshot.
To test:
- Apply the patch
- Do a search that previously reproduced the problem on the staff
interface
=> Shows correctly
- Repeat for OPAC (the three themes)
=> Shows correctly
Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Still work as described. Checked in Arabic with Arabic records.
No koha-qa errors
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
Confirmed bug and that the patch fixes it, tested in staff,
prog, ccsr and bootstrap.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The current "Library" facet is somewhat ambiguous for Koha installations
with multiple libraries. It refers to the holdingbranch, but does not
explicitly state this. It would be beneficial to allow the administrator
to choose to show facets for the holding library, home library, or both.
In addition, the facets should be more explicitly labeled. This patch
adds this flexibility.
Test plan:
1) Apply this patch
2) Check that the facets label "Libraries" now reads "Holding libraries"
3) Update the system preference DisplayLibraryFacets to "home library"
4) Check that the facet now reads "Home libraries"
5) Update the preference again to "both home and holding library"
6) Check that both the facets for home and holding library are now
displayed.
Signed-off-by: Jen DeMuth <jdemuth@roseville.ca.us>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
Changes apply to both prog and bootstrap OPAC and staff client.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Test plan:
launch a search and verify all facet headers have an id.
Signed-off-by: Francesca Moore <francescalamoore@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
add c-span to series facet
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Works as described.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Label in staff client on places facets not easily css selectable
To test:
with data that contains places, right click places heading in facets,
ensure it is wrapped in a span.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Works as described.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Allows the Item types facet to be CSS or JQuery selectable
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Works as described.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Label in staff client - authors on facets not easily accessible
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Works as described.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Search in intranet, verify that Topics in the facets is wrapped in a span
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Adds an id, works as described.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Currently, the headings for facets (such as location) are showing even
if there are no actual values/links for that facet type.
This patch simply checks if the facet array contains any facets before
printing the heading and HTML for each facet value/link.
Test Plan:
Before applying:
0) If you want to check the location facet (which is easiest),
enable singlebranch mode in the globals system preferences.
1) Do a search for records/items that you have no shelving location
specified (or simply remove the shelving location for a small range
of records that you can find in a search query).
2) Note that "Location" appears amongst the facets even though there
are no values/links present. (If you look at the HTML source, you'll
see some empty HTML tags have been printed out.)
Apply patch.
3) Flush your cache and refresh your page.
4) You should no longer see a "Location" facet (or those empty HTML
tags) on the facet sidebar.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Template changes only.
Checked according to test plan, made sure location facet
still shows up when values exist, otherwise it's hidden.
It might make sense to add ids to the facets so libraries
can decide to hide some of them easily. Or alternatively
add a system preference to make that possible.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch adds an id to the <li> which contains
the "limit to available" facet in the OPAC and
staff client.
To test, add custom CSS for the staff client and
OPAC to hide the id "availability_facet" and
confirm that the link is no longer visible.
Signed-off-by: Gaetan Boisson <gaetan.boisson@biblibre.com>
Passed-QA-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch enables the shelving location facet as an
alternative to the branches fact in two situations:
A) SingleBranchMode is enabled
B) There is only one branch in the branches table
Test Plan:
1) Catalog multiple items with different shelving locations.
2) Test enable by enabling SingleBranchMode
3) Test enable by deleting all but one branch
Based on initial patch by Ian Walls.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Tested cases 2) and 3) successfully in OPAC and staff client
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This is for MARC 21 only.
Made following changed:
- In getFacets in C4/Koha.pm added item type facet for 952y and 942c
- In getRecords in C4:Search.pm added code to get description of itemtype codes
- facets.inc in both staff and opac to show item types related label in the facets block
To test:
Add records such that a certain itype (say BK) is present in both 942c and 952y in two DIFFERENT records.
Run a search where both test records are present. Test to see if itype types are presented in the facets block (both OPAC and staff).
Click on the itype (say BK), both the test records should appear in the refined results. This shows that the feature works for both 942c and 952y.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA Comment: fixed capitalization in template includes according to HTML4 coding
guideline ("Item types" instead of "ItemTypes")
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The change to Template::Toolkit broke a number of things on the Staff Client
results display. This patch:
* Fixes the formatting of the results table, which had an unnecessary colspan=2
* Enables the display of the "Edit record" and "Edit items" links
* Corrects the display of item counts, so that labels for "Available,"
"On loan," and "Unavailable" only appear when appropriate
* Corrects facet links, which were starting new searches rather than limiting
due to a variable scoping error
* Changes the resort dropdown so that it will show the currently-selected
sorting
Signed-off-by: Jared Camins-Esakov <jcamins@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Based on patch from Fridolyn Somers with input of Frederic Demians.
Added new Searching preference maxRecordsForFacets.
This pref contains number of result records used in facet building.
Also added pref displayFacetCount (with thanks to Frederic).
Follow up patch takes care of install issues; functionality can already be tested with this patch only.
Updated on March 17 for changes in include files.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Re-doing Nahuel's fix so that it applies to master
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Following suggestion by Vincent Danjean for Debian
packaging, 0755 -> 0644 for non-executable
files.
Also removed shebang from a few modules in C4.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Pushes modified facets display from OPAC to librarian interface.
Corrects also OPAC version which were omitting Titles facet.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>