Since bug 16157, the location value is always "All" and the serial
search won't return anything.
Test plan:
Search for some serials.
Without this patch, it won't return any results
With this patch applied, the result search should be consistent
Reproduced with serial's "Advanced search" and search filter in
left hand column. Fixed by this patch.
Signed-off-by: Marc <veron@veron.ch>
Advanced search works fine again.
Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 14655 added a warning to the about page ("System information" tab)
if the AnonymousPatron feature is not correctly configured.
But actually there is one case when it's not displayed.
Test plan:
Set AnonymousPatron to a non existing patron
Set at least 1 borrowers.privacy == 2
go on the about page.
Without this patch you do not get the warning
With this patch you will see "Some patrons have requested a privacy on
returning item but the AnonymousPatron pref is not set correctly. Set it
to a valid borrower number if you want that this feature works
correctly."
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Same as previous patch but for the staff interface
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
catalogue a bibliographic record with a isbn=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
catalogue a bibliographic record with a author=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
catalogue a bibliographic record with a title=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
This of course means that any html in the title will no longer be
evaluated. :
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch modifies the acquisitions uncertain prices template to remove
event attributes onclick and onchange.
Also changed on the uncertain prices page: Added a label to the orders
filter, removed redundant form submit function.
- Locate a vendor which has orders with uncertain prices
- Click the 'Uncertain prices' tab in the left-hand sidebar
- Enter invalid data in the "price" field for any order. Confirm that an
error is triggered when the field loses focus.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
QA Revision: Corrected input type of submit button.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the use of 'onclick' from the acquisitions transfer
order process. The patch also modifies the style of some links and
buttons to conform with current guidelines.
- Locate an open basket with items in it
- Click the 'Transfer' link for a title in the basket
- In the pop-up window:
- Confirm that the 'Cancel' button at the bottom of the window is a
Bootstrap-style button.
- Search for a vendor; Confirm that the 'Choose' link is a
Bootstrap-style button.
- Choose a vendor; Confirm that the 'Choose' link on the following
page is a Bootstrap-style button.
- Confirm that clicking the 'Choose' button transfers the item to the
correct basket.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch modifies the funds administration page and other files
related to the process of searching for and selecting fund owners and
users in order to remove the use of event attributes like 'onclick.'
Also changed in this patch: I have revised the way the "select owner"
and "select user" controls look. They are now links with Font Awesome
icons.
- Go to Administration -> Funds and open a fund for editing.
- Test the process of adding and updating an owner:
- Click the 'Select owner' link.
- Search for and select an owner in the pop-up window.
- Save the fund and verify that the owner was saved correctly.
- Perform the same test with the 'Remove owner' link.
- Use the same process to test the addition and removal of users.
- Confirm that the 'Remove' link works correctly before and after
submitting the form to save changes to the fund.
This patch changes a file which is used by both the funds template and
the template used when setting a guarantor on a patron. To test the
changes in that context:
- Open a 'child' type patron record.
- Under 'Guarantor information,' test the process of setting and
removing a guarantor to confirm that data is saved correctly.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This is a followup to rescue the bug.
To test: Follow test plan from comment #1
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Some librarians find it useful to know what category a patron is before
confirming a reserve or transfer from the checkin screen.
This patch adds the patron category to the hold and transfer popups
to the patron information already displayed. The li tags that contain
the patron category have the class "patron-category" to allow this data
to be easily hidden.
Test Plan:
1) Apply this patch
2) Trap a hold for a patron, note the patron category is now displayed
3) Trap a hold for pickup at another loation, note the patron category
is now displayed
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes a minor change to the markup to make the button in the
confirmation dialog conform to the appearance of similar buttons.
To test, follow the original test plan for this bug and verify that the
"OK" button in the dialog looks correct.
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In previous versions of Koha, if a hold canceled from the "Holds over" tab had other holds on it,
the librarian would be alerted with the message "This item is on hold for pick-up at your library"
and directed to check it in to fill the next hold. This no longer happens.
Test Plan:
1) Apply this patch
2) Find a hold that has been waiting too long
3) Cancel that hold via waitingreserves.pl
4) Note you get the message "This item is on hold for pick-up at your library"
5) Confirm the ok button redirects you to the correct tab
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If an attacker can get an authenticated Koha user to visit their page
with the
url below, they can change or delete patrons' images
/tools/picture-upload.pl?op=Delete&borrowernumber=42
Test plan:
1/ Hit /tools/picture-upload.pl?op=Delete&borrowernumber=42
And confirm that you get a "Wrong CSRF token" error
2/ Go on the patron detail page with a patron's image
3/ Click on the Delete link (note the csrf_token param)
4/ The image will be deleted and you are redirected to the patron detail
page.
Regression tests:
Upload an image from the patron detail page and from the "upload patron
images" tool.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To reproduce:
1/ cp your_image.jpg 'test<svg onload=alert(1)>.jpg'
2/ Use the upload picture tool to upload this file
=> Without this patch, the alert is show
=> With this patch, the filename is correctly displayed and no alert
Note that the cardnumber var was not escaped neither, it's now.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds the same change as the previous one to the batch patron
deletion tool.
If the pref TrackLastPatronActivity is enabled, the librarians will be
able to delete patrons who do not have been connected since a given
time.
Test plan:
Define a date for the "who have not been connected since" options and
confirm that it works as expected.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
https://bugs.koha-community.org/show_bug.cgi?id=12276
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch changes the display of informational messages during and
after the batch record modification process. Instead of showing a
separate dialog for each record modified, messages are now grouped into
one dialog.
To test, apply the patch and clear your browser cache if necessary. You
must have at least one MARC modification template defined.
- Go to Tools -> Batch record modification.
- Submit a list of biblionumbers which contains at least one number
which doesn't exist in your database.
- Confirm that warning and success messages are grouped instead of
showing in separate dialogs.
- Submit a list of biblionumbers using a MARC modification template
which contains no actions. Confirm that the resulting error message is
correctly formatted.
Revision formats the error messages without the unordered list, which
was giving them padding which didn't look correct inside a dialog.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Edit for QA: Removed obsolete changes to CSS.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
It's easier to use jQuery selector to know if checkboxes are checked.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The reason this happens is because the page will say success when the
total number of records given equals the total number of successful
deletions. If you pass in no records, there are no successful deletions
--> 0 = 0 --> it thinks it has been successful. This patch adds a check
that validates if any checkboxes were selected before submitting the
final form.
I have removed the check for if any records were selected AFTER the form
has been submitted because it seemed unnecessary if the form can't be
submitted without selection of records anyway.
To test:
1) Go to Tools -> Batch record deletion
2) Put in a record number and click Continue
3) Deselect the record so that it doesn't actually delete and click
Delete selected records
4) Page says 'All records have been deleted successfully!'
5) Apply patch. Go back and repeat step 3
6) Form should not submit and you should receive an alert saying that no
records have been selected.
7) If you try selecting and deleting a record after this alert, it
should still work
Note: Have also changed the wording of error in Step 1 when you are
entering record numbers to delete.
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
- Uses a dialog box to warn of unique fields not copying, dialog was in
place for barcode generation so removed the extar modal completey
- Fixes a problem when barcode was undefined and autobarcode on
- deleted an extra space in Barcodes/hbymmincr.pm
Signed-off-by: sonia BOUIS <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch add an 'Add multiple copies' button on the new order page in
acquisitions. While processing the multiple copies a modal is
displayed.
To test:
1 - Add an order to an acquisitions basket
2 - Choose to add multiple items
3 - A modal shouold warn about ignoring UniqueItemFields from syspref
4 - When submitting the modal should popup until all items are processed.
5 - The modal should disappear after items are added.
6 - Items should be cloned, minus unique fields
7 - Enable autoBarcode for various formats, ensure you are warned that
barcodes will be generated, and ensure they are generated correctly
Sponsored by: Middletown Township Public Library (http://www.mtpl.org)
Signed-off-by: sonia BOUIS <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes instance of "onclick" from the templates for serial
frequency and numbering management. Events are now defined in the
JavaScript.
To test, apply the patch and go to Serials -> Manage frequencies.
- In the list of frequencies, click the "Delete" button for a frequency
which is in use by at least one subscription. In the confirmation
dialog, clicking the "Show subscriptions" link should display a list
of titles.
- Edit or create a frequency.
- To test that the form submission validation is still working
correctly, enter non-numeric data in the "issues per unit" field and
submit the form. This should trigger an error.
In Serials -> Manage numbering patterns:
- In the list of numbering patterns, click the "Delete" button for a
pattern which is in use by at least one subscription. In the
confirmation dialog, clicking the "Show subscriptions" link should
display a list of titles.
- Edit or create a numbering pattern.
- Confirm that the "Test pattern" button works correctly.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
- Various fixes.
Test plan:
Once the makePreviousSerialAvailable syspref is enabled, receive a serial, and then another, then check that:
- the first received itemtype has been set to the "previous item type" value (set in the subscription).
- the first received has been made available.
- the last received serial itemtype has been set to the "item type" value (set in the subscription).
- 995$l is automatically prefilled.
Configure the serialsFieldsToAV syspref. When creating or editing a subscription, check that:
- the domain and/or origin and/or support fields are correctly displaying the authorized values configured in the syspref.
Signed-off-by: Chris <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When enabling the makePreviousSerialAvailable syspref, the previously
received serial's itemtype is set as defined in the subscription.
(Please note that the item-level_itypes syspref must be set to specific item.)
It is also made available.
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
http://bugs.koha-community.org/show_bug.cgi?id=7767
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The patron details page always show the logged in library as the
patron's home library instead of the true home library. This bug is
particular to moremember.pl and does not affect other patron pages.
Test Plan:
1) Find a patron with a home library other than the logged in library
2) Note the patron home library as shown on moremember.pl matches
the logged in library and not the patron's true home library
3) Apply this patch
4) Reload moremember.pl, the correct home library should display!
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When editing a bibliographic record, if you switch the framework to
default, the page is reloaded but the framework is not changed.
From the pl script, you can see that the frameworkcode is set to the one
of the biblio if set to false. The empty string, which means default,
should be taken into account.
Test plan:
- Create a record using the Fast add framework
- Save the record
- Open the record for editing
- Use the "Settings" pull down to change the framework to default
- Try another framework
- Try changing to default from there
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 15859 introduced a problem in the basic cataloging editor by
removing a form field which the Z39.50 search button tries to use when
triggering the search window pop-up. This patch corrects the error by
changing where the script looks for the required framework code.
To test, apply the patch and got to cataloging.
- Edit a record which uses the default framework.
- Confirm that the Z39.50/SRU search button works correctly to trigger
the pop-up window.
- Repeat the test with a record which uses a different framework.
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Working again, great!
Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Patch works fine.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When you notice a typo in your invoice number after finishing with the
receiving process, the only way to correct it right now is in the
database - or by undoing all the steps and starting over.
It would be nice if the invoice number could be edited.
Test Plan:
1) Apply this patch
2) Browse to acqui/invoice.pl for an invoice
3) Note the new "Invoice number" field contains the existing invoice
4) Alter the invoice number
5) Save the invoice
6) Note the invoice number has been updated
7) Edit the invoice again
8) Attempt to save the invoice with an empty invoice number field
9) Note that you cannot save the invoice without having an invoice number
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds holding library ("current location") to the list of
fields available in the item search form.
To test, apply the patch and go to Search -> Item search.
- Perform a search using the "current location" option and verify that
it returns the correct results.
- Try other searches to confirm that they work as before.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Default timeout is now 12000000 seconds == almost 139 days !
Surely, your session will be shorter. But we should lower this
value.
Balancing usability and security, I propose 1d (1 day) now.
Current pref value will be affected only if it is NULL or equal
to the old default.
Test plan:
Check your current value. Optionally change to NULL or 12000000.
Run the dbrev and see what happens.
Beware of cached values while testing or flush the cache.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Tools -> Koha News
2) Click 'Delete selected' button without selecting anything
3) Notice you are asked to confirm if you would like to delete ... but
you didn't choose anything to delete
4) Apply patch and refresh page
5) Click 'Delete selected' button without selecting anything
6) Should see alert.
7) Select one or more news items to delete and click 'Delete selected'
button
8) Should be asked to confirm
9) Confirm that the delete works as expected
Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Have changed the wording of the MARC button to Show MARC to be
consistent with other places in Koha.
To test:
1) Go to Authorities -> New from Z39.50
2) Put in any search terms and click Search
3) Confirm that both options (MARC and Import) now show as buttons "Show
MARC" and "Import" under one "Actions" column with approriate icons
4) Confirm buttons work as expected
5) Confirm buttons do not wrap on narrower browser
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Serials
2) Click New subscription or edit an existing one
3) Click Search for a vendor
4) Make a search that will return no results (i.e. has a typo etc.)
5) Confirm there is an appropriate message
6) Go back and make a search that will return results (i.e. putting in one letter
'a' etc.)
7) Confirm that heading is worded better and search term is displayed
8) Go back and make search without entering any search terms
9) Confirm that heading is worded better, no search term is displayed
Sponsored-by: Catalyst IT
Patch behaves as dexcribed.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Admin -> MARC bibliographic framework
2) Go to Actions -> MARC structure for any framework
3) Click Subfields
4) Confirm Edit and Delete links show as buttons with appropriate icons
in one column called 'Actions'
5) Confirm buttons do not wrap on narrower browser
6) Confirm buttons behave as expected
Sponsored-by: Catalyst IT
Patch behaves as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Admin -> MARC bibliographic framework
2) Go to Actions -> MARC structure for any framework
3) Confirm that three links, Subfields, Edit and Delete, now show in
drop-down menu with appropriate font awesome icons
4) Confirm that Subfields takes you to the right page and Edit and
Delete work as expected
Sponsored-by: Catalyst IT
Patch behaves as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the column heading and makes all links show as font
awesome buttons. I have also changed the wording from Preview MARC to
Show MARC to shorten the button and be consistent with other places in
Koha
To test:
1) Go to Tools -> Batch record modification
2) Put in some record numbers and click Continue
3) Ensure column heading 'Preview' no longer shows, and buttons are
showing with an appropriate icon. Confirm button still works as
expected.
4) Confirm button does not wrap on narrower browser
Sponsored-by: Catalyst IT
Works as described
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch revises the batch patrons modification template, removing
"onclick" attributes from the markup and defining those events in the
script.
To test you should have at least one extended patron attribute
configured.
- Apply the patch and go to Tools -> Batch patron modification.
- Submit a batch of patrons for modification.
- Confirm that the checkbox next to any required field is disabled.
- Select a date in the registration date and expiry date fields. Confirm
that the "Clear" link next to each empties the correct field.
- Click "New" next to a patron attibute. A copy of the patron attribute
line should be created.
- Click "Delete" next to a cloned patron attribute. The correct line
should be removed.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Removes template var csrf_error and associated handling.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Restested with opac and intranet: Still sends or dies elegantly..
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
No need to send OPACBaseURL to the template, if you load the Koha TT
plugin inside the template.
Test plan:
Send a few items in your cart from OPAC and intranet.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If you have no (valid) token, you will not be able to send the message.
Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
using the following URL:
/cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
This should now result in a csrf error.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
There are several administration templates which still contain event
attributes. This patch move event definition to the JavaScript.
To test you must have the SMSSendDriver system preference set to
"Email." Apply the patch and go to Administration.
- In Global system preferences, change the value of any input or select
and then click the "Cancel" link for that section. After confirming
your choice, the page should reload with your changes reset.
- In Circulation and fine rules, edit any existing rule. In the editing
row, click the "Clear" button. The data for that rule should be
cleared.
- In Transport cost matrix, make any change to the matrix. Submitting
the form should work correctly.
- In MARC bibliographic framework, choose 'MARC structure' for any
framework.
- Checking or unchecking the 'Display only used tags/subfields'
checkbox should reload the page and change the display according to
your choice.
- In Did you mean?, make changes to the existing configuration.
- Clicking "Cancel" should reload the page and discard your changes.
- Clicking "Save configuration" should correcly save your changes.
- In SMS cellular providers, click to edit any existing provider.
Clicking the "Cancel" link should cancel the editing process and
return you to the list of providers.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes event attributes from two include files:
cat-toolbar.inc and members-toolbar.inc.
In cat-toolbar.inc an unused <form> tag with an "onsubmit" attribute has
been removed.
To test, apply the patch and:
- View the detail page for any bibliographic record. All toolbar buttons
("New," "Edit," "Save," etc.) should work as expected.
- View the detail page for any patron. Click the "Add message" button in
the toolbar. Selecting a predefined note should correctly populate the
textarea with your selected message.
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds the links to EDI Accounts and Library EANs
to the menu on the left of the Acq module.
To test:
* Log in to Koha
* Visit Acquisitions
* Confirm that EDI links show on the menu on the right
if you have permissions to access EDI.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This splits off the delete capability from the create reports permission.
From a UI perspective there were CSS issues, that this patch set hackily
bypasses. Perhaps someone else can amend this enhancement with the required
changes so that the extra column at the beginning of the table can be
removed when the user does not have delete capability.
TEST PLAN
---------
1) back up db
2) apply patch
3) ./installer/data/mysql/updatedatabase.pl
-- should run without issue.
4) in mysql:
> drop database ...
> create database ...
-- totally blanks it for fresh web install
5) run web install
-- installing should have no issues
6) go to a patron
7) set permissions
8) expand the reports permission
-- should have delete reports now
9) click help and scroll down to
'Granular Reports Permissions' right at the bottom.
-- there should be a new delete_reports section
10) Head over to guided reports and build a few reports.
-- as system account user, delete stuff should all be visible.
11) Find a patron, set all permissions, except delete reports.
12) log out and then log in as the modified patron
13) Head over the save reports
-- none of the delete options should be available to the user.
14) run koha qa test tools
15) restore db
Followed test plan. Additionally tried to delete using params in URL
(not possible, OK)
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>