Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client patron card creator templates so
that JavaScript is included in the footer instead of the header.
Also changed: Removed "type" attribute from script tags.
To test, apply the patch and test the JavaScript-driven features of
each modified template: All button controls, DataTables functionality,
form validation, etc.
- Creating and managing layouts
- Creating and managing card batches
- Creating and managing card templates
- Creating and managing printer profiles
- Creating and managing images
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1. install and switch to the fr_FR locale
or another one and adapt the test plan accordingly
2. go to /cgi-bin/koha/patroncards/edit-template.pl?op=new
3. then you should see the "Unités" dropdown with english units
4. apply this patch
5. install the language
6. refresh the page
7. then you should see the "Unités" dropdown with french units
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch changes the sequnce of form fields for card height and card width.
To test:
- Apply patch
- Edit or create a patron card template
- Verify that the fields display in sequence Page height - Page width -Card height - Card width
Followed test plan, worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The patron card creator should have the Tools area sidebar on its pages. This patch adds it.
To test:
Go to More -> Tools -> Patron card creator
The home page should have the tools sidebar
Click through all of the "New" pages - they should all have the tools sidebar
Click through all of the "Manage" pages - they should all have the tools sidebar
Also verify that on each page, the Patron card creator link in the sidebar is bolded
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Sidebar displayed Ok. No errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the change on the patron cards creator tool too.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
All patches without errors.
More consistent view.
A few spaces and a little fix in followup
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It does so by slightly changing the naming schema, in line with bug 14667
changes.
It also corrects a minor bug in the breadcrumbs for printer profiles.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Reasoning
Librarians will be doing patron card things in the following frequencies, from most frequent to least frequent:
1. Creating new patron card batches - every day/every few days
2. Managing existing card batches - every day/every few days
3. Managing existing card layouts - as needed, infrequent
5. Managing existing card templates - as needed, infrequent
6. Creating new card layouts - as needed, infrequent
7. Creating new card templates - as needed, infrequent
8. Managing existing printer profiles - possibly once only!
9. Creating new printer profiles - possibly once only!
This change to the patron card creator aims to make the most frequently used items easily accessible at the top of the main area,
reduces clutter on the page, and makes the label creator fall in line with UI paradigms found elsewhere in Koha.
I think I've also improved the translatability here somewhat, please check that.
To test:
Open the patron card creator: More -> Tools -> Patron card creator
Note that the toolbar has changed. It should be consistent across all of the patron card creator (it is an include).
+ New menu:
patron card batch
1. make sure it looks ok - toolbar buttons are consistent at the top of the main block.
2. add patrons both by borrowernumber, and by search
3. note that the usual buttons have moved below the textarea, and now have icons.
4. delete and export single patrons using the buttons corresponding to each patron
5. select multiple and use the buttons above the table to remove and export selected patrons
6. export a full batch
7. deduplicate a batch
There should be no regressions in functionality.
Image
1. This menu item should take you directly to the upload/delete images interface
2. Upload an image, note success message is now below the form, eliminating the jumping box.
3. Delete single images using the buttons
4. Delete multiple images using the tickboxes and "Delete selected"
5. Not deletion success message is below the table, eliminating the jumping box.
Layout
1. This menu item should take you directly to the "Edit layout" screen.
2. no functional changes here.
3. note toolbar at top is consistent
Card template
1. this menu item should take you directly to the "Edit patron card template" page.
2. no functional changes here.
3. note toolbar at top is consistent.
Printer profile
1. this menu item should take you directly to the "Edit printer profile" page.
2. no functional changes here.
3. note toolbar at top is consistent.
+ Manage menu:
Card batches
1. This menu item should take you directly to the "currently available batches" page.
2. select a batch to edit using the buttons - it should take you to the editing interface
3. select a batch to delete using the buttons - it should ask for confirm.
4. select several batches using the tickboxes, and select Export selected. Batches should be exported as normal.
5. note toolbar at top is consistent.
Images (this is actually the same page as on the new menu, I included it in both because it does both functions - can change if requested)
1. This menu item should take you directly to the upload/delete images interface
2. Upload an image, note success message is now below the form, eliminating the jumping box.
3. Delete single images using the buttons
4. Delete multiple images using the tickboxes and "Delete selected"
5. Not deletion success message is below the table, eliminating the jumping box.
Layouts
1. This menu item should take you directly to the "currently available layouts" page.
2. select a layout to edit using the buttons
3. select a layout to delete using the buttons
4. note toolbar at top is consistent.
Card templates
1. This menu item should take you directly to the "currently available templates" page.
2. select a template to edit using the buttons
3. select a template to delete using the buttons
4. note toolbar at top is consistent.
Printer profiles
1. This menu item should take you directly to the "currently available profiles" page.
2. select a profile to edit using the buttons
3. select a profile to delete using the buttons
4. note toolbar at top is consistent
+ General
* note that sidebar now only has "labels home" instead of the full "manage" list. It seemed redundant with the toolbar tidied up.
Please note that I am happy to take suggestions/amendments to these changes.
Followed test plan, behaves as advertised.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Submit and cancel buttons on patron card creator edit pages should not
be styled differently than other submit and cancel controls.
This patch removes YUI styling of these controls and makes them
consistent with controls on other Koha pages. The "Cancel" button has
been removed altogether from the batch edit page since there is not a
corresponding submit button.
To test, got to the patron card creator and edit a batch, a layout, a
profile, and a template. Submit and cancel controls should look correct
and work correctly.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Work as described. Works and looks well. No errors.
Note: It's true that edit batch has not a submit button, but
on the other managed pages (layout, profile, template) cancel
aborts editing and takes you to a list of objects (layout, etc.)
Now if we selected the wrong batch, we need to click on left menu o
back button (yay). Are we loosing a consistent interface?
Just thinking.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, more consistent with Koha's general interface
patterns.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
After talking to Owen we decided to use 2 classes for those modules. I decided on:
patroncard: tools, pcard
labels: tools, labels
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
