In detail view (catalogue/detail.pl), when clicking on Edit > Edit
record button, the record editor should be opened with the biblio record
framework. It isn't the case. The Default framework is used. Same issue
with Edit > Edit as new (duplicate).
TO TEST:
1. Find a biblio record using a framework which is not the Default one.
2. See the biblio record in detail view (catalogue/detail.pl).
3. Click on Edit > Edit record.
4. Click on Settings => you can see 'Default' as selected framework.
5. Apply the patch.
6. Repeat step 3-4. => the biblio record framework is selected.
7. Repeat 3-4 using Edit > Edit as new (duplicate).
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Added a test plan
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Fix the issue, no errors.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The problem only when clone a textareas in 5XX
Steps to reproduce error:
- On the cataloging screen (basic screen), create a new record
- Go to the 5xx fields
- Put something on the 521$a subfield or other textareas (e.g. 520$u or
583$x)
- Clone the subfield
=> FAIL: The subfield correctly doesn't include the original data,
BUT it doesn't have the subtield tag either.
- Apply patch
- Clean cache browser and reload page
- Repeat steps above
- Verify that works as expected
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Built on top of bug 17441
Test plan:
Just have a look at the changes. Trivial.
Git grep seleted. No results.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
There are certainly hundred of places where they are not escaped...
Test plan:
Create a patron with "Arun <script>alert('code injection');</script>" in
some of the fields.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Syndetics code accepts UPC and OCLC numbers, however, we were only passing this if there
was an ISBN. This patch alters the code to search if either an ISBN or
UPC is present
To test:
Enable syndetics (will need an account)
Search for items with UPCs or OCLC numbers and no ISBN (DVDs)
Note there are no images in search results but there are in details
Apply patch
Note that items with images in details now also have images in results
Signed-off-by: Barbara.Johnson@bedfordtx.gov
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This new page (admin/searchengine/elasticsearch/mappings.pl) will permit
to manage the ES mappings.
For the biblios and authorities indexes, the different mappings can be
managed from this single page.
The interface let you add, remove and update mappings and search fields.
It's also possible to reorder the mappings, as the order can be important
in the indexation process. Note that the table can be displayed in a
different order that the one it was before saving, but the mappings are grouped
by search field and the order inside the search field is preserved.
Limitations:
- If something went wrong during the insertion/deletion/modification,
the users will loose all these changes.
TODO:
- Add a specific permission (?)
- Add some data checks client side (JS)
- Use checkboxes for facet and suggestible (lazy today...)
- Understand the difference between the 3 values that sortable can have
and improve the value for the options in the select box.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Display patron messages from OPAC summary page on SCO screen as well.
To test:
- Make sure you have patrons with and without OPAC note and OPAC messages
- Log in to OPAC and go to patrons 'your summary' page to display note
and messages
- Apply patch
- Refresh patrons detail page. Verify that it looks the same as before
- Go to SCO
- Log in as such patron
- Verify that note and messages appear the same as on OPAC summary page
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
In the Staff client, under Circulation > Renew, the message shown after
successful renewal of an item contains broken URLs. This is also true for
the message shown when you try to renew an item that is not checked out.
This patch fixes that.
Test plan:
1) Go to Circulation > Renew, and search for the barcode of a checked-out
item. In the 'Item renewed:' confirmation message, notice how the URLs
for the title and the barcode are broken.
2) Now search for the barcode of an item that is not checked out. In the
'Cannot renew:' message, notice how the URLs are broken here too.
3) Apply the patch.
4) Repeat steps 1) and 2). This time the URLs work fine.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Also adding Marc Veron as bug wrangler (see his mail on the general ml
dated Oct 5).
Test plan:
Verify changes by comparing with Roles for 16.11 page on the wiki.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When a new patron registers, the confirmation page is displayed with
login details (login, password, cardnumber) and the login form is
prefilled.
In the case of public computer, for security reasons that should not
appear, patrons might forget to close the window.
Test plan:
1/ Set PatronSelfRegistrationPrefillForm on
2/ Register a new patron
=> The login details should not be displayed and the login form should
not be prefilled.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes event attributes from several tool-related templates.
Events are defined instead in the JavaScript.
To test, apply the patch and:
- Go to Tools -> Label creator -> Manage -> Layouts and edit any layout.
- In the "Font" setting, choose any font which includes the word
"italic" or "oblique" in the name. Doing so should disable the
"Oblique title" checkbox.
- Go to Tools -> Batch patron deletion/anonymization.
- Submit the form without making any changes. You should be prompted
to select an action.
- Go to Tools -> Inventory.
- Select a batch of barcodes to upload.
- Submit the form without selecting any filters. This should trigger a
warning.
- Also changed: Added Font Awesome icons to the "Select all" and
"Clear all" links on the inventory results view.
- Go to Tools -> Notices and Slips.
- Click "New notice"
- Change the selection under "Koha module." The page should reload
with the correct available message body fields. For instance,
selecting "Holds" should make available reserves.* columns.
- Go to Tools -> Upload.
- In the search form, enter a search term and click the 'Search'
button. The form should submit.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised. Event attributes removed
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes event attributes from several templates, moving event
definitions into the JavaScript instead.
To test, apply the patch and:
- View the MARC detail page for any bibliographic record. Changing the
framework selection should reload the display using the selected
framework.
- Perform the same test on the labeled MARC view. (Set the
viewLabeledMARC system preference to "Allow" if necessary).
- To test the changes to Reports you should have at least one report
group and at least one report subgroup.
- Create a new saved SQL report.
- Select a report group. Doing so should trigger the display of report
subgroups. Deselecting the report group should hide the subgroups.
- In Acquisitions -> Suggestions, create a new suggestion.
- In the 'Acquisition information' section, changing values for
copies, currency, and price should change the value in the total
field.
- In Circulation -> Upload offline circulation file:
- My patch for Bug 16602 added the required code but forgot to remove
the corresponding onclick attributes.
- Browse for an offline circulation file.
- Clicking the 'Upload file' button should work correctly.
- After uploading a file, both the 'Add to offline circulation
queue' and 'Apply directly' buttons should work to trigger their
corresponding processes (keeping Bug 16603 in mind).
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This new enhancement will add the ability to change the default holdings
sort on OPAC displays to be by library, instead of item type.
This patch adds a new pref OPACHoldingsDefaultSortField with 3 different
possible values:
- Item type
- Home library
- Holding library
Note that if OpacLocationBranchToDisplay is set not to display home libraries,
unexpected behaviors might happen if OPACHoldingsDefaultSortField is set to
"Home library", same for "Holding library".
Test plan:
- Confirm that the default value for OPACHoldingsDefaultSortField is
'first column' after executing the DB entry and that there is no
change in the behavior (first column is used to sort the holdings
table on the detail page).
- Set OpacLocationBranchToDisplay to both and play with the different
values of OPACHoldingsDefaultSortField
=> Confrm that the default column used to sort the table is correctly
changed
- Set the pref SeparateHoldings on
=> Confirm that both tables (Holdings and other holdings) are sorted using
the OPACHoldingsDefaultSortField value.
Sponsored-by: University of the Arts London
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This new enhancement will allow to add the name of lists containing a
biblio to the search results at the OPAC.
Test plan:
0/ Regenerate the css file to get the style change:
% lessc --clean-css="--s0 --advanced --compatibility=ie7"
koha-tmpl/opac-tmpl/bootstrap/less/opac.less >
koha-tmpl/opac-tmpl/bootstrap/css/opac.css
1/ Create some lists and add items to them
2/ On the search results you should see the name of the lists which
contains the record.
Note that we could add a syspref to make this new behavior optional.
Sponsored-by: University of the Arts London
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Checkout some items to a patron
2 - Note there is no 'Home library' column
3 - Apply patch
4 - Note there IS an 'Home library' column
5 - Use the columns configuration and ensure you can hide/display column at
will
Sponsored by: Coeur d'Alene Public Library (http://www.cdalibrary.org/)
Works as expected (after clearing browser cache).
Commit message amended (as of comment #7)
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Change single quotes to double quotes also add brackets to serial
enumeration.
To test follow previous test plan for intranet.
Fix double semicolon
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
TEST PLAN
1. THE CHECKOUT TAB, INTRANET
1.1. Add a value to the 'h' subfield of an item. ie: 'volume #42'
1.2. Check out the item to a patron
1.3. Display this patron's issues in his checkout page
1.3.1. The enumchron should be concatenated with the title
2. A PATRON'S RELATIVE, INTRANET + OPAC
1.1. Add somebody to a patron's guarantee list
1.2. Checkout a serial to this guarantee
1.3. Visit the guarantor's OPAC and INTRANET checkout page
1.3.1. You should see the enumchron in his guarantee's issues
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
At one time it was possible to store the results of a report into the
saved_reports table.
This allowed the librarians to compare different results, from the Koha
interface.
This patch is a proof of concept and is not very polished (understood:
it cannot be pushed like that).
Test plan:
Execute the runreport.pl cronjob script with the new --store-results
option.
This will serialize into json the results and put it into the
saved_reports table.
On the "Saved report" list, the "Saved results" column is now populated
with a date (note that you can have several date for a given report).
If you click on this link, the data will be displayed in a simple table.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In the staff client, when creating an order from a subscription
the vendor name should be shown in a separate column.
This patch adds that feature. The 'Vendor' column is added before
the 'Library' column since they appear in that order in Advanced
search.
Test plan:
0) [PREREQUISITES] In the Staff client, under Acquisitions, create
a Vendor and associated Basket if you don't already have them.
Then, under Serials, add a new Subscription using the Vendor
you've just created.
1) Go to Acquisitions, and under 'Manage orders' search for a vendor,
then click on 'Add to basket' and select 'From a subscription'.
2) Click 'Search' on the left hand side to search for all subscriptions.
Notice how there is no 'Vendor' column in the results table.
3) Apply the patch.
4) Repeat step 2. Confirm that the patch works, i.e. there is now
a 'Vendor' column which displays the vendor name.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds a holdingbranch column to waitingreseves.tt and
separates 'Location' into Home branch and callnumber columns
To test:
1 - Have some holds waiting and holds over
2 - View the report before the patch
3 - Note that location contains homebranch and call number
4 - View the report after the patch
5 - Note the new columns
6 - Ensure data is correct and no info has been lost
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed 2 capitalization issues.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
See http://hea.koha-community.org/, the countries are filled is wrong
values.
If we decide to update the free text with a dropdown list, we need to
handle these wrong data.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This will avoid syntax problems with Hea when a user will fill this 2 sysprefs
The default choice for UsageStatsLibraryType and UsageStatsCountry is 'empty'
Test Plan
---------
1. Create a new Koha install
2. Go to the 'Administration' page
3. Go to 'Global system preferences'
4. Go to 'Administration'
5. At the end of this page you should see a dropdown menu for
- UsageStatsCountry with all countries
- UsageStatsLibraryType with all type of library
They both should be empty by default.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Not a complete list but is a start
Lots of new strings to translate :)
No errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
With this patch when <zebra_bib_index_mode> or <zebra_auth_index_mode> are set to 'grs1'
it appears a link to https://wiki.koha-community.org/wiki/Switching_to_dom_indexing
instead of a misleading information.
To test:
a)Insert 'grs1' in <zebra_bib_index_mode> or <zebra_auth_index_mode> (file koha-conf.xml)
b)It appers a misleading warning
c)Apply the patch
d)It appears a link to https://wiki.koha-community.org/wiki/Switching_to_dom_indexing.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The following three templates are using [% guarantorborrowernumber %]
while they should be using [% guarantor.borrowernumber %]:
members/members-toolbar.inc
members/moremember-brief.tt
members/moremember.tt
This doesn't result in any breakage; just a couple of 'Edit' links that
do not pass the guarantorid in the URL, and one case where guarantor
information is not shown in the staff client.
This patch fixes that.
Test plan:
0) [PREREQUISITE] Create a patron with a guarantor if you don't have one.
1) Go to Home > Patrons and search for a patron that has a guarantor. In
the Details page for that patron, the 'Edit' link in the toolbar does
not pass the guarantor's id in the URL (...&guarantorid=&...).
2) In the same page, the 'Edit' link under the patrons name (immediately
under 'Guarantor') again does not include the guarantor id in the URL.
3) Go to Home > Patrons and click on 'New patron'. Pick any category from
the drop down menu. Enter the Surname, First name, and Date of birth
of the patron you used in step 1). This triggers the 'Duplicate patron
record?' warning -- click on 'View existing record' and notice how the
guarantor information is missing.
4) Apply the patch.
5) Repeat steps 1), 2), and 3) above. The URLs are fixed and patron info
is showing.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In the Staff client, under Circulation -> Circulation reports,
the date shown in the heading of the 'Holds awaiting pickup'
report is not formatted according to the 'dateformat' system
preference.
This (trivial) patch fixes that.
Test plan:
1) In the Staff client, go to Circulation and under 'Circulation
reports' click on 'Holds awaiting pickup'
(cgi-bin/koha/circ/waitingreserves.pl).
2) Observe that the date shown in the heading is always formatted as
yyyy-mm-dd regardless of the value of the 'dateformat' syspref.
3) Apply the patch.
4) Re-visit the 'Holds awaiting pickup' report. Confirm that the patch
worked, i.e. the date shown in the heading is formatted according
to the 'dateformat' system preference.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Because seasons strings are not available through DateTime module,
names of them where added in code, and templates. Bug 16289 adds new
abbreviated form to the code, but not to the templates. This patch
should fix the problem.
To test:
1. Apply patch.
2. Run "misc/translator/translate update" for you language.
3. Check if names are in po/ file for language.
4. Check if generating next issue for serial and prediction patterns
works correct.
NOTE: or "create {language code}" instead of update.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds newlines to opac-ics.tt that are preserved by the translating process.
To test:
- Apply patch
- Create a translation (perl translate xy-XY)
- With a text editor or poedit, translate misc/translator/po/xy-XY-opac-bootstrap.po
(it is enough to translate "%s %s %s %s is overdue %sYour copy of........")
- Install language xx-XY and select it for OPAC (perl translate install xy-XY)
- Make sure you have at least a couple of loans, including one overdue
- Go to /cgi-bin/koha/opac-user.pl and click on the link labeled "Download as
iCal/.ics file"
- Inspect the file in a text editor and/or view the result in a calendar
appplication. Make sure the data makes sense. Compare it to the english version.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When the itemBarcodeFallbackSearch syspref is on, the wording in the
interface should reflect that you can enter a barcode OR a keyword.
Additionally, in the results of a keyword search the "Fast cataloging"
link should be more descriptive. This patch fixes these issues.
Test plan:
0) [PREREQUISITES] Ensure you have a Fast Add ('FA') framework defined,
and that your itemBarcodeFallbackSearch syspref is set to 'Enable'.
1) Go to Circulation -> Check out, search for a patron, then select a
patron to Check out. Notice how the text above the textbox reads
"Enter item barcode:".
2) Type something generic (not a barcode) in the textbox so that you'll
get at least one item as a result. Notice how the text in the yellow
warning box reads "The barcode was not found: <terms> Fast cataloging".
3) Apply the patch.
4) Repeat step 1), now the text above the textbox should read
"Enter item barcode or keyword:".
5) Repeat step 2), now the text in the yellow warning box should read
"The barcode was not found: <terms> Add record using fast cataloging".
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If a report is duplicated from the report list, the new report will
contain the tag (<<YEAR>> for instance), but from the reports results
page it copies the values used for the results.
Test plan:
Create a new sql report with tags
Duplicate it from the report list: no expected changes
Run it and duplicate it: the tags must not have been replaced
Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Ran and duplicated a report, the tags remained intact.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Since bug 16157, the location value is always "All" and the serial
search won't return anything.
Test plan:
Search for some serials.
Without this patch, it won't return any results
With this patch applied, the result search should be consistent
Reproduced with serial's "Advanced search" and search filter in
left hand column. Fixed by this patch.
Signed-off-by: Marc <veron@veron.ch>
Advanced search works fine again.
Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 14655 added a warning to the about page ("System information" tab)
if the AnonymousPatron feature is not correctly configured.
But actually there is one case when it's not displayed.
Test plan:
Set AnonymousPatron to a non existing patron
Set at least 1 borrowers.privacy == 2
go on the about page.
Without this patch you do not get the warning
With this patch you will see "Some patrons have requested a privacy on
returning item but the AnonymousPatron pref is not set correctly. Set it
to a valid borrower number if you want that this feature works
correctly."
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
Verify that different values in 'CardnumberLength' system preference
display correctly in the self reigstration form
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
Enable self registration
Make sure cardnumber is not in
'PatronSelfRegistrationBorrowerUnwantedField'
Enter an invalid or used cardnumber
Submit form
Note errors appears correctly but cardnumber is not editable
Apply Patch
Enter an invalid or used cardnumber
Submit form
Note errors appears correctly and cardnumber is editable
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Same as previous patch but for the staff interface
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
At the OPAC, if a user manipulate the URL to show a list (s)he is not
allowed to view, the list's name will be displayed anyway.
Test plan:
- Create a private list with user A
- Copy the op=view URL and access it with user B logged in
=> Without this patch, you will see the rss icon, the list's name and
the "add list" button
=> Without this patch, only the "unauthorized" box will be displayed
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
On bug 17210, the selector .addtoshelf should not have caught the
.addtoshelf nodes from the result list.
To fix this, we just need to make the selector more specific (and cannot
reuse it without more changes, the biblionumber variable is not the same
- vs SEARCH_RESULT.biblionumber).
Test plan:
Make sure the 2 links (from detail and search result) "Save to lists"
and "Save to your lists" work as expected.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
catalogue a bibliographic record with a isbn=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
catalogue a bibliographic record with a author=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
catalogue a bibliographic record with a title=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
This of course means that any html in the title will no longer be
evaluated. :
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
