Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
As we don't have a fix yet to link to the right translated manual,
this adds /en to the links from the help files to the manual to
make them work again.
Check with both patches applied, that the links work.
You will have to change 17.11 to 18.05.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The numbering in front of the chapter file names has been removed,
so the links need to be adapted accordingly.
Note:
Testing this in master currently won't work for 2 reasons:
- We are still using 17.11 as version variable, will be 18.05 later.
- We are missing the lanugage code before /html and this leads
to an outdated version of the 18.05 manual.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Without the anchor it is not possible to retrieve the html page, so
these occurrences have been updated manually (and yes it was painful)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I generate a mapping files (old anchor > new anchor) from the doc files.
Here are the links that have been updated automatically
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The way the export options are displayed at the bottom of the checkouts table
was not consistent.
Prior to this patch set, they are display if ExportRemoveFields or
ExportWithCsvProfile is set.
It does not make any sense, the user could want to export the checkouts in
iso2709 format without having to define a csv profile and fill the pref.
Moreover the behavior of this pref did not match its description: it's used as
a default CSV profile when exporting records from the export tools or the
command line.
This patch set adds a new pref ExportCircHistory and remove
ExportWithCsvProfile. The new pref is set if ExportWithCsvProfile or
ExportRemoveFields were set.
A new dropdown list with the CSV profile list will be displayed in the
export area, at the bottom of the checkouts table.
Note that now --csv_profile_id is mandatory for the export command line
(misc/export_records.pl) if the export format is csv.
Test plan:
0/ Do not execute the DB entry
1/ Clear both ExportWithCsvProfile and ExportRemoveFields prefs
2/ Execute the DB entry
3/ ExportCircHistory should not be set and the export options should not
be displayed at the bottom of the checkouts table.
4/ Remove the pref
DELETE FROM systempreferences WHERE variable='ExportCircHistory';
and reinsert the previous one, with a value:
INSERT INTO systempreferences (variable, value) VALUES
('ExportWithCsvProfile', 'something');
Execute the DB entry again
=> The now pref should be now set
5/ Export some checkouts using the CSV entry
6/ Note that the export tool and commandline script still work using the
csv format. You have to provide a --csv_profile_id option to make it
work.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Updates help documentation about Alt+W to open renew tab.
To test: Go to circulation help page, open help file and see that new
line mentioning Alt+W.
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
There is no help for the pending on site checkouts report. This patch
adds it.
To test:
* visit pending on site checkouts
* click help
* confirm help is there and correct
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This updates the main circulation help file with new features in 3.18.
To test:
* visit circulation page
* click help
* review text
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch updates the check in help (the only change for 3.16).
To test:
* Visit Circulation > Check in
* Click Help
* Confirm that help text is right
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Help is right
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch adds a missing letter to the Renew help file
To test:
Go to Circulation > Renew
Click Help
Confirm that the text now reads 'scan' instead of 'can'
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch adds a help file to the Renew page found under
Circulation.
To test:
* Go to Circulation > Renew
* Click the help link
* Confirm text and manual link are correct.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch adds a third option to the CircAutoPrintQuickSlip system
preference. The three options are now:
* print quick slip
* print regular slip
* clear the screen
Test plan:
1. Set the System Preference for CircAutoPrintQuickSlip to "clear the
screen".
Enter a borrower barcode for checkout
Press Enter
The screen should be cleared.
2. Set the System Preference for CircCircAutoPrintQuickSlip to "open a
quick slip window"
Enter a borrower barcode for checkout
Press Enter
A Quick slip is printed.
3. Apply the patch
Update the database using UpdateDatabase.pl
4. Set the System Preference for CircAutoPrintQuickSlip to "clear the
screen".
Enter a borrower barcode for checkout
Press Enter
The screen should be cleared.
5. Set the System Preference for CircCircAutoPrintQuickSlip to "open a
quick slip window"
Enter a borrower barcode for checkout
Press Enter
A Quick slip is printed.
6. Set the System Preference for CircCircAutoPrintQuickSlip to "open a
slip window"
Enter a borrower barcode for checkout
Press Enter
A Slip is printed.
7. Reload the database using sysprefs.sql
Set the System Preference for CircAutoPrintQuickSlip to "clear the
screen".
Enter a borrower barcode for checkout
Press Enter
The screen should be cleared.
8. Set the System Preference for CircCircAutoPrintQuickSlip to "open a
quick slip window"
Enter a borrower barcode for checkout
Press Enter
A Quick slip is printed.
9. Set the System Preference for CircCircAutoPrintQuickSlip to "open a
slip window"
Enter a borrower barcode for checkout
Press Enter
A Slip is printed.
10. Verify that the Checkout Help includes information about printing Slips.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch uses the version number of the Koha database to
dynamically generate links from help to the appropriate version
of the manual.
Test plan (for 3.15 branch):
- Open a help page
- Verify the manual link is correct (point to 3.14 manual)
- change the version in mysql:
update systempreferences set value="3.1600000" where variable="version";
- Verify the manual link now points to the future 3.16 manual.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. No koha-qa errors
Tested on top of Bug 10671
On master (BD version 3.13.xxx) help links point to 3.12 manual
Changing version to 3.14/15 points to 3.14 manual
Changing version to 3.16 points to the future :)
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch updates the existing help files and
adds the missing offline circ help file.
To test:
* Visit all circ pages and check the manual links
* Visit the new offline circulation page and confirm text
and link are there (link will work after 10/25)
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: KohaCon13 demo <brendan@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Checked the book drop still works, also grepped for
other appearances of the term.
Fixed capitalization.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This updates the text and links for the Circulation Help Files. It also removes
an unused help file 'billing.tt'.
To test:
Visit the help files on all circ pages and confirm links and text are right.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch corrects new and old instances of the use of the
term "branch" and replaces them with "library."
Signed-off-by: Melia Meggs <melia@test.bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests pass, changes look good.
Also inlcudes some bookseller > vendor changes.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Updates circulation help files.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
standardized the use of the term "library" instead of "Branch" accross the interface and opac
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
edithelp.pl hadn't been updated to allow help screen editing.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Only a note: Apparently you need to be 'superlibrarian' permission
to edit help pages.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
branchoverdues.pl
~ Removed unused variables.
~ Use elsif where applicable.
~ Added many FIXMEs.
~ Added help description.
~ Changed link to more accurate description.
~ REFACTORED branchoverdues-specific function in C4 for obvious consolidation.
This report is still of questionable value, since it's dataset has such strange
hardcoded limitations. It is not clear that "FU" type fines and notifys=0 are
reliable or useful indicators to query on, in hardcoded form.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
This hold request and transfer report no longer
works now that hold requests are processed via
checking items in.
This patch removes the report; please consult
the koha-devel message re "RFC - remove circ/transferstodo.pl prior to general release"
for more details.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
