Bug 15812 included a change which allows a click on the patron
search results table cell to toggle the checkbox it contains. This patch
modifies that click event so that it fires the change() event which is
required for toggling the "Add to patron list" and "Merge patrons"
buttons.
To reproduce this problem, perform a patron search in the staff client
which will return multiple results.
- In the first column containing checkboxes, click in the empty part of
the table cell. The checkbox should be checked.
- However, the "Add to patron list" button remains disabled.
- Clicking a table cell to check another checkbox should result in the
"Merge selected patrons" button being enabled, but it doesn't.
To test, apply the patch and repeat the process above. The behavior of
the buttons should be the same whether you're clicking the checkbox
itself or the table cell it's in.
Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
TO test:
1 - Have a patron with a unique surname i.e. Acosta
2 - Enter the surename into 'Search patrons' box on staff homepage
3 - You are redirected to 'members/moremember.pl'
4 - Enter the surname into 'Check out' box at top of page
5 - You are redirected to 'members/moremember.pl'
6 - Apply patch
7 - Enter the surename into 'Search patrons' box on staff homepage
8 - You are redirected to 'members/moremember.pl'
9 - Enter the surname into 'Check out' box at top of page
10 - You are redirected to 'circ/circulation.pl'
Signed-off-by: Owen <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch reworks the controls for adding patrons to a list from the
patron search results page. The <select> is converted to a Bootstrap
dropdown menu, and the list creation form is moved into a Bootstrap
modal.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- In the staff interface, perform a patron search that will return
multiple results.
- In the toolbar at the top of the search results you should see two
disabled Bootstrap-styled buttons: "Add to patron list" and "Merge
selected patrons."
- The "Select all" and "Clear all" links should work to enable and
disable the toolbar buttons.
- "Clear all" and then check the checkbox next to one of the results.
The "Add to patron list" button should be enabled.
- Check a second checkbox. The "Merge selected patrons" button should be
enabled.
- Test the "Add to patron list" button. It should trigger a dropdown
menu listing existing patrons lists and a "New list" link.
- Test adding to an exising patron list. It should trigger a message
at the top of the page which shows a link to that list.
- Test adding to a new list. It should trigger a Bootstrap modal where
you can enter the name of the new list.
- Submitting the list title form should close the modal and trigger
the display of the message showing how many patrons were added to
your new list. The link to the new list should be correct.
- Test the "Merge selected patrons" button. It should send the selected
patrons to the patron merge screen.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds handling to allow clicking anywhere in the table cell to
select/deselect the patron
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the patron search page so that clicks on the "Browse
by last name" letters add an entry to the browser history, allowing the
user to click back and forth from results while preserving their search.
To test, apply the patch and go to Patrons in the staff interface.
- Click one of the "Browse by last name" letters.
- The table of search results should load the correct data.
- In the browser's location bar you should see a query string added to
the URL, e.g. /cgi-bin/koha/members/members-home.pl?firstletter=Q
- Click another letter.
- Click the back button. You should be returned to the search results
for your first letter choice.
- Clicking the forward button should work correctly as well.
- Other patron searches (header search, sidebar search) should continue
to work as expected.
EDIT: Clear single-letter querystring history item if only one result
was returned.
EDIT 2: Fixed handling of history state changes so that forward and back
buttons work correctly.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Bug 27725: (follow-up) Remove code for clearing search results
This patch removes code which cleared search results if there was no
first-letter search. It was unnecessary for the letter search
functionality and made all other searches fail.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch checks singleBranchMode before highlighting the current
branch in search results.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch alters a few different patron search interfaces so that
patrons from the currently-logged-in library are highlighted in a way
that differentiates them from other patrons.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- In Administration -> System preferences, make sure the
PatronAutoComplete preference is enabled.
- In the "Check out" tab in the header, type a partial patron name which
will return multiple results and wait for the autocomplete menu to
appear..
- Patrons in the autocomplete results should show the branchcode, and
patrons from the currently-logged-in library should be highlighted
in green.
- Submit your partial name in the "check out" tab.
- In the search results the branch name of patrons from the
currently-logged-in library should be similarly highlighted.
- Go to patrons browse for patrons. These results should be highlighted
as in the previous steps.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the members folder are swapped around
to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to
these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I think the "breadcrumbs" ID is worth saving for past and future CSS
customization reasons.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Modified breadcrumbs to be accessible, in particular for a
screen-reader.
Made the block of breadcrumbs be a <nav aria label="Breadcrumb"
class="breadcrumb"> with an ordered list inside. The last breadcrumbs
also has aria-current="page" to specify that it is the current page.
To test:
1) Apply patch
2) Build scss file
3) Ensure each of the files in the members folder have breadcrumbs that
are in a <nav aria label="Breadcrumb" class="breadcrumb"> block
4) Ensure that there is an ordered list in the block of breadcrumbs
5) Ensure that the last breadcrumb has aria-current="page"
6) Ensure that the breadcrumbs on each page of the staff client
belonging to these files look the same as before, but the '>' symbol is
replaced with '/' and the last breadcrumb has bold text
7) Ensure that when the last breadcrumb is clicked it takes you to the
page you are currently on
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
On bug 27715 we restrict the order by dt params for security reasons.
However in some cases the param passed is "columnname" instead of
"table.columnname".
We should make sure the table is part of the sort fieldname.
Test plan:
Do a "normal" patron search (from the patrons home page) and another
patron search (guarantor for instance).
Sort by cardnumber, date of birth, expiration date, asc, desc and
confirm it works as expected.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the "fh-fixedHeader" class to the floating toolbar so
that the floating DataTable header knows what element to append itself
to.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the patron search results page so that the toolbar
with results-related controls "floats" when the user scrolls down. This
gives access to the controls for adding patrons to a list and for
merging patrons.
Other templates are modified to incorporate a change to the CSS which
changes "#searchheader" to ".searchheader," enabling multiple instances
of a <div> styled with the .searchheader class.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Go to Patrons in the staff interface.
- Perform a patron search which will return many results.
- Scroll down the page far enough to trigger the floating toolbar.
- Confirm that the toolbar is positioned correctly when paging through
results.
- Confirm that the patron list and merge controls still work correctly.
- Confirm that other pages which used the "#searchheader" id are still
styled correctly:
- Catalog search results
- List contents
- Patron list contents
- Add orders from MARC file
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes minor changes to staff client CSS in order to improve
the style of forms in sidebars. It adjusts the style of nested fieldsets
and gives more room to list items (and the form fields they contain).
To test, apply the patch and regenerate the staff client CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client)
- View pages with forms in the left-hand sidebar, especially:
- Circulation -> Overdues
- Patrons -> Patrons search results
- Acquisitions -> Invoices
- Acquisitions -> Order search results
- Tools -> Tags
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We are preparing the ground with this patch. As the "Columns settings"
page will now add the ability to modify settings for the whole table, it
makes sense to rename the file and the variables.
Note that the controller script (admin/columns_settings.pl) and the yml
(admin/columns_settings.yml) files have not been moved to not break
shortcuts and abits people could have. But if QA decides, it could be
easy to do.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch preserves the current dropdown choices for patron search and adds fields from
the DefaultPatronSearchFields system preference
To test:
1 - View the regular patron search and note fields in dropdown
2 - Apply patch, ensure dropdown has not changed
3 - Add fields to DefaultPatronSearchFields, note they are available in
dropdown
4 - Ensure existing and new fields search properly
Signed-off-by: Kelly <kelly@bywatersolutions.com>
Signed-off-by: Maxime Dufresne <maxime.dufresne@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch removes code from the patron search results DataTable
configuration which was designed to add "text-align:center" to the table
cells containing patron home library. I don't think there's a good
reason to centering to that data.
To test, apply the patch and perform a patron search in the staff
client. The "Library" column should contain left-aligned data, matching
almost every other column in the table.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
DataTables are used on enough pages in the staff client that it
doesn't make sense to put inclusion of the CSS into each template
where it is needed. This patch moves includes of datatables.css from
individual templates into the global header file.
To test, apply the patch and view various pages which have DataTables.
View various styles of DataTables, e.g.
- Full pagination, like item search results
- Four-button, like Saved SQL reports
Everything should look the same as it was.
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several patron templates to use the Bootstrap grid
instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags in the modified templates.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Patrons home page
- New patron
- Patron -> Fines -> Create manual invoice
- Patron -> Set permissions
- Patron -> Change password
- Patron -> Edit
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Create four users:
1 superlibrarian (or with both edit patrons and manage patron
lists)
1 with only edit patrons and catalogue
1 with only add to list and catalogue
1 with catalogue but neither edit patrons or manage patron lists
2 - Search patrons signed in as each user
3 - Note different sorting
4 - Apply patch
5 - Try searching with each patron
6 - Results should always be sorted by surname, firstname
7 - Only in the case of neither extra permission should the checkboxes
be absent
Signed-off-by: Devinim <kohadevinim@devinim.com.tr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
When permission 'manage_patron_lists' is off, there is no checkbox on
/cgi-bin/koha/members/member.pl to merge patrons.
Test plan:
Remove permission manage_patron_lists
Add permission edit_borrowers
Search for patrons
=> Without this patch you will not be able to select patrons to merge
(checkboxes are not displayed)
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes members-menu.inc and replaces the last functional use
of it with a call to circ-menu.inc.
An invalid use of members-menu.inc has been removed from member.tt.
To test, apply the patch and open a patron record for editing. The
sidebar menu should look correct and all sidebar links should work
correctly.
View the patrons home page and confirm that nothing has broken.
Search the Koha codebase for references to members-menu.inc. There
should be none.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 11401 introduced code to support Norwegian national library card.
This code is too specific to be part of Koha as it, it should be a
plugin instead.
Moreover nobody uses it, but a modified version (see comment 3).
Test plan:
Add/edit/delete patron and make sure there are no regressions introduced
by these patches
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Code and variables to deal with the update child feature are not
centralized but copied/pasted in several scripts. Which leads to issues
obsviously (bug 20805 for instance).
Moreover the strings used by the templates are also in several template
files (or .inc)
To deal with that this patch introduces the idea to create 1 .inc file
per .js file
Here we have members-menu.inc for members-menu.js
Test plan:
- Remove all your adult categories (categories.category_type='A')
- Create a patron with a child category
- Try to update to adult category
=> The entry does no longer appears! (This is a change in the behaviour)
- Create one adult category
- Update to adult category
=> There is a JS confirmation message, if you accept the patron will
be updated to the adult category
- Create (at least) another adult category
- Create another child
- Update to adult category
=> No more confirmation message but a popup to select the adult category
- Pick one
=> The patron has been updated to the adult category
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the JavaScript functions for the select all/clear
all links so that each action triggers the "change" event, required to
enable or disabled the "merge selected patrons" button.
To test, apply the patch and perform a patron search which will return
multiple results.
- Test the "select all" and "clear all" links, and confirm that the
"Merge selected patrons" button is enabled and disabled.
- Test that checking and unchecking multiple checkboxes still works
correctly to enable and disable the button.
Signed-off-by: Pierre-Luc Lapointe <pierreluc.lapointe@inLibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
It would be great if there were a merge patrons feature. If you
accidentally end up with one patron with two cards it would be nice to
merge their records together so that you don't lose their history or
holds or anything.
This patch adds a basic patron merge feature. It attempts to relink all
patron related tables from the patron(s) to be merged. It does not
attempt to relink librarian account related tables at this time. This
feature does not attempt to automatically resolve issues such as
duplicate holds. Such a feature could build upon this one though.
Test Plan:
1) Apply this patch
2) Find two or more patrons
3) Perform a patron search that will bring them up on the same page of
results, or add them all to a list of patrons.
4) Use the 'merge' button to begin the merging process
5) Choose a patron to keep
6) Verify the deleted patrons data ( checkouts, holds, etc )
are now linked to the kept patron
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Ed Veal <eveal@mckinneytexas.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There's an untranslatable "All" in the "Show X entries" filter
when browsing the patrons.
Test plan:
1) Home --> Patrons --> Browse by last name.
2) In the table filtering toolbar, there's a dropdown with
"Show [20] entries" and the last in the dropdown is "All".
3) Update and install a language, check that msgid "All" is
translated and isn't fuzzy.
4) Check the "All" in the dropdown, it is not translated.
5) Install patch, repeat 1-3, and check the "All" in the dropdown,
it should now be translated.
Signed-off-by: Pasi Kallinen <pasi.kallinen@joensuu.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Before this patch set, we used KohaTable to display a table with the
column visibility plugin, and an usual dataTable initialisation for the
filters.
For the lost items report table we will need both.
To do so we need to reorganize the code a bit
We cannot pass a selector but the id of the node which represents the
table. Indeed it is how works currently the filters (we may want to
improve that later)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client patron module templates so that
JavaScript is included in the footer instead of the header.
This patch touches a lot of files because the changes are all
interdependent, affecting a couple of module-wide include files.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
Patrons -> Patrons home, patron search results
-> Manage pending modification requests
-> Patron detail page
-> Edit patron
-> Set guarantor
-> Fines
-> Account, Pay fines, Create manual invoice, Create manual
credit
-> Print receipts for different kinds of charges
-> Routing lists
-> Circulation history
-> Holds history
-> Notices
-> Statistics
-> Files
-> Purchase suggestions
-> Discharges
-> Housebound
-> Set permissions
-> Change password
-> Print summary, slips, and overdues
-> Update child to adult patron type
Patron toolbar and patron search bar operations should work correctly on
all pages.
This patch also updates the template for searching the Norwegian
national patron database, but it has NOT been tested.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Zoe Bennett <zoebennett1308@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
From where patrons it's about patrons, we do not want to display the libraries
from all the system, but only the ones from the group.
Test plan:
- See the overdues (circ/overdue.pl) and make sure you can only see overdues from
patrons part of your group (do not forget to test the CSV export).
- Search for patrons, the 'library' filters (headers and left side) should only
display libraries from your group
- Search for article request by patron's library: only the libraries from your
group should be displayed
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
Login with a patron that only have the 'edit_borrowers' permission.
You should be able to access patron's information of patrons inside of your group.
Technical note:
Before this patchset the borrowers permission module contains only 1 permission 'edit_borrowers'.
That meant
borrowers => 1
and
borrowers => '*'
had the same behavior.
Moreover, now that we have 2 permissions, 'CAN_user_borrowers' is set when all
permissions of 'borrowers' are set.
We need to update the different occurrences of these tests.
Signed-off-by: Signed-off-by: Jon McGowan <jon.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>
To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
The same as first patch, but also with advanced search form in header hidden
on page load - see comment 4
Issue with advanced search form is gone.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Philippe <philippe.audet-fortin@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In member search page, the result table is in Ajax so fully managed by Javascript. There is also a yellow dialog message prepared in HTML.
Thoses elements are hidden by JS code : ie $("#patron_list_dialog").hide().
The problem is that the static page is first loaded an displayed then the JS code runs an hides the elements.
On a low performance computer, this action is visible and looks like there is a blinking yellow message.
I propose to hide with CSS so that thoses elements are not displayed in static page and are there shown in dynamic JS code.
Test plan :
Check display is unchanged :
- Go to home page /cgi-bin/koha/members/members-home.pl
- Perform patron search from header search box
- Perform patron search by clicking on a letter
- Perform patron search from filters (left of results table)
- Select a patron and add it to a list => you see the yellow message
Yellow message does no longer appear with this patch.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Philippe <philippe.audet-fortin@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When a column is hidden by default on the patron search result table,
if the logged in user does not have the "tools > manage_patron_lists"
permission, the wrong column will be hidden.
Test plan:
Edit the column visibility detail for "Patrons > id=memberresultst"
Set "Fines" hidden by default
Search for patrons
=> Without this patch, if the logged in user does not have the
manage_patron_lists permission, the wrong column will be
hidden/displayed.
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
There are many patron-related templates which still use event attributes
to define events. This patch updates these templates so that events are
defined in JavaScript.
To test apply the patch and check out to a patron.
- From the Print menu in the toolbar, choose "Print summary." The patron
summary page should open and the print dialog should be automatically
triggered.
- From the Print menu in the toolbar, choose "Print slip." The patron
slip page should open and the print dialog should be automatically
triggered.
- From the Print menu in the toolbar, choose "Print quick slip." The
patron quick slip page should open and the print dialog should be
automatically triggered.
- Click the patron's "Fines" tab in the left-hand sidebar and then
choose the "Account" tab.
-- Click the "Print" button for an account payment (the link should
point to printfeercpt.pl). A print receipt page should open and
the print dialog should be automatically triggered.
-- Follow the same procedure for a transaction which is not an account
payment (the link should point to printinvoice.pl).
- Click the "Create manual invoice" tab.
-- Select one of the "type" choices. Doing so should automatically
populate the "Description" field with the corresponding code.
-- If necessary, define one or more values for the MANUAL_INV
authorized value and confirm that those invoice types work as well.
- From the patron's "Pay fines" tab, click the "Pay amount" button. In
the "collect from patron" field, enter any combination of letters,
numbers, and symbols. When you tab away from that field your text
should be reformatted to currency format.
- From the patrons home page, change the filter in the left-hand sidebar
and submit it. The correct results should be returned.
Signed-off-by: EricGosselin <eric.gosselin.5@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 14610 revised staff-global.css so that the "holdcount" class was
renamed "number_box." That's good. It's good to have something more
generic since the class is used in multiple places.
The problem is that there are still several instances of the "holdcount"
class in the templates which should have been updated at the same time
to say "number_box." Those instances are now unstyled.
Test Plan:
1) Apply this patch
2) Check that the holds count on catalogue/detail.pl is styled
3) Check that the patron modifications count on members/member.pl is styled
4) Check that the pending comments count on tools/tools-home.pl is styled
5) Check that the pending tags count on tools/tools-home.pl is styled
Signed-off-by: Chris Kirby <christopherlawrencekirby@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
