Test plan:
1) Launch k-t-d with ES:
-- ktd --es7 pull
-- ktd --es7 up
2) Visit /cgi-bin/koha/authorities/authorities-home.pl and search for 'tim'
3) Edit that, add a dash '-' to 100$a, like 'Bunce, Tim - name'"
4) Do a authority search for 'tim - name', notice it errors out
5) Apply patch
6) Perform the same search, notice it doesn't error and returns the correct record
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 27c6171222)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 14487cd5e0)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
We are dealing ok with ES exceptions for biblio records search,
catching them and raising them to the end user. But we don't for
authorities, where we explode with an ugly 500.
Test plan:
Search for "(term_1*) AND (-) AND (term_2*)" in the authority search and
notice that you don't get a 500 but an error instead saying that you
should try again
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 09b29d06da)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b4187cf2ab)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Test plan:
1) Apply this tests patch only
2) Run: prove t/Koha/SearchEngine/ElasticSearch/Search.t
3) Notice it fails with nasty ES "Failed to parse query" error
4) Apply the other patches
5) Repeat 2) - notice theres no nasty error
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fbd62562e0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f36647c32a)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
No test plan (fixing comment).
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5797079fc5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b8b21c6d11)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Currently --expiration-from-today has the same definition as --update-expiration. The description has now been updated to reflect the fact that it will set the date from today, and not the patron's enrollment date
Test plan:
Look at the patch file and confirm that the POD now mentions today's date rather than the patron's enrollment date
Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 91dd8dd16f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 636c601995)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4988bcdb93)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 66726cca42)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
To test:
1 - Enable RealTimeHoldsQueue system preference
2 - Set UpdateItemLocationOnCheckin to _ALL_: CART
3 - Check in an item
4 - Check the background jobs - the RTHQ is updated
5 - perl -e 'use C4::Items; C4::Items::CartToShelf(##);' -- substitute the itemnumber from above
6 - Check the background jobs - no new update to RTHQ
7 - Confirm item was set back to correct permanent_location
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 84521918d9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1779dddfe8)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch copies the $fee_ack field into the generated
::Transaction::Renew|All objects such that the fee acknowldegement flag
is respected for renewals.
Test plan
To test:
1) Add a rental charge to an itemtype
2) Checkout an item of that itemtype to a user
3) Attempt a renewal of that item via SIP2 and note that it fails
sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 --item 39999000007756 -m renew
4) Pass the fee_acknowledgement bit in renewal and note the renewal
still fails.
sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged Y --patron 23529000035676 --item 39999000007756 -m renew
5) Apply patch and note the above now succeeds
sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged Y --patron 23529000035676 --item 39999000007756 -m renew
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 3a2dcf0733)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 11c73ed5b8)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
When a patron has a guarantee and can see their fines on the opac and
an opac payment plugin is enabled there is an error on the 'Charges'
tab.
The table uses a 'COLSPAN' variable which is set to 5 or 6 depending on
if OPAC payments are enabled. The guarantees table has one less column
than the patron's however, so it is going out of range and causing a JS
error. Additionally, we are adding a column to the child's table which
is not used as their fines cannot be selected for payment at this time.
This patch removes the checkbox column and sets the colspan directly to
4
I also fix an issue where the table is not being set as we need to
reference the patron object in the guarantor info to obtain the id.
To test:
1 - Set system preference: AllowStaffToSetFinesVisibilityForGuarantor to
allow
2 - Find a patron
3 - Add some fines to their account
4 - Install and enable an opac payment plugin
(https://github.com/bywatersolutions/koha-plugin-pay-via-govolution
for example)
5 - Sign in to OPAC as borrower
6 - Go to 'Charges' tab
7 - Select a fee
8 - Confirm 'Make payment' button enabled and 'amount to pay' is
updated
9 - Add a guarantee to patron in staff interface
10 - Set 'Show charges to guarantors' to 'Yes'
11 - Add and pay a fine for the child
12 - View guarantor account on the OPAC
13 - Confirm you now see child's charges
14 - Confirm selecting your own fees does not enable the button or
update amount to pay
15 - Note JS error in console
16 - Apply patch
17 - Reload patrons page
18 - Confirm the table loads correctly (no JS error)
19 - Confirm selecting a fine updates the total and enables button
20 - Disable the payment plugin
21 - Confirm the display is still correct, no errors
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a3e40408ea)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c61c182fda)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
For consistency with other options I opted to have the fee acknowledged
parameter to expect a string and as it's an optional parameter I've
dropped the default value of 'N' too.
Test plan
1) Prior to this patch
1a) Attempt a checkout without passing -fa/--fee_acknowledged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 --item 39999000007756 -m checkout`
The final field of the SIP request will be '|BON', the default
1b) Attempt a checkout passing -fa/--fee_acknowledged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged --patron 23529000035676 --item 39999000007756 -m checkout`
The final field of the SIP request will still be '|BON', failure
1c) Attempt a checkout passing a string for fee_acknoewledeged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged Y --patron 23529000035676 --item 39999000007756 -m checkout`
The final field of the SIP request will still be '|BON', failure
2) Apply the patch
2a) Attempt a checkout without passing -fa/--fee_acknowledged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 --item 39999000007756 -m checkout`
The optional `|BO` element should not be present
2b) Attempt a checkout passing -fa/--fee_acknowledged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged N --patron 23529000035676 --item 39999000007756 -m checkout`
The final field of the SIP request will now be '|BON', success
2c) Attempt a checkout passing a string for fee_acknoewledeged flag
`./misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL --fee-acknowledged Y --patron 23529000035676 --item 39999000007756 -m checkout`
The final field of the SIP request will now be '|BOY', success
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0e9603bb49)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7c07d7b6a6)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
To test:
1. Go to patron card creator and make a patron card batch, card layout, and card template.
2. In the card layout leave some values blank for Lower left X coordinate and Lower left Y coordinate.
3. Now go create a card batch while tailing the plack-intranet-error log/
4. Notice in the logs:
[2023/08/14 20:50:54] [WARN] Argument "" isn't numeric in multiplication (*) at /kohadevbox/koha/C4/Patroncards/Patroncard.pm line 109.
[2023/08/14 20:50:54] [WARN] Argument "" isn't numeric in multiplication (*) at /kohadevbox/koha/C4/Patroncards/Patroncard.pm line 248.
[2023/08/14 20:50:54] [WARN] Argument "" isn't numeric in multiplication (*) at /kohadevbox/koha/C4/Patroncards/Patroncard.pm line 249.
5. Apply patch, restart_all
6. Try again and notice the WARNS should be gone from the logs now.
7. Make sure you can still create patron cards and the PDF's the generate look right.
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1164402b49)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit fb988b42c4)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch adds the requirements that updating a system preference
requires a CSRF token. (Also, adding and deleting local system preferences.)
0. Apply patch
1. koha-plack --reload kohadev
2. Add local system preference
3. Update local system preference
4. Delete local system preference
5. Update normal system preference
6. Note no errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
</script> tags are interpreted in JSON strings as HTML, which can
lead to XSS attacks.
This patch puts HTML escaped JSON in the value of a hidden HTML element.
The Javascript then takes the value as a string, parses it as JSON,
and is able to use it to save search filters without triggering a
XSS attack.
This patch also adds DataTable's built-in HTML escaping for the query
and limits on the admin UI for the search filters.
Test plan:
0. Apply patch
1. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?op=search&searchfield=SavedSearchFilters
2. Enable the system preference
3. Go to http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=e
4. Click "Save search as filter"
5. Checkbox "Show in staff interface?"
6. Type "E-TEST" into box and click 'Save'
7. Go to
http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=e
8. Click "E-TEST" under "Custom search filters"
9. Note that you see search results
10. Go to
http://localhost:8081/cgi-bin/koha/admin/search_filters.pl
11. Note that for "E-TEST" you see a "Query" like
{"operators":[],"operands":["e"],"indexes":[]}
12. Note that for "E-TEST" you see a "Limits" like
{"limits":[]}
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4e32b76198)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This change validates and escapes inputs for task scheduler.
Test plan:
0. Apply patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/tools/scheduler.pl
3. Input a time a minute in the future and leave the date blank
4. Choose an existing report and output format
5. Type a malicious string which is also a valid email address
into the Email field
6. Click "Save"
7. Note that the job is added but the Email is wrapped in single
quotes
8. Try using a non-malicious email address with a single quote.
9. Note that the single quote is escaped, so that it will still
be used by runreport.pl
JD amended patch: tidy
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Removed pars for $email =~ regex, removed old commented lines.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit dcd698a4b4)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 332b95b250)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit abbbc5924d)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit bb581fe78b)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch sets the $auth_state to failed when changing auth sessions,
so that the new login attempt gets processed correctly (instead
of skipping the authorization step).
Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?tab=&op=search&searchfield=baseurl
3. Log in as an OPAC user with 0 permissions
4. Note the auth screen "Error: You do not have permission to access this page"
5. Click "Log in"
6. Note that you're still shown a login screen (and that you've been logged out of
your previous authenticated session)
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 16da12cbbc)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Bug 29664 removed payments with a void status, however, the query also
removed any payments with no status set
Test Plan:
1 - Set up your cash registers and enable POS and add a debit type that is able to be sold
2 - Take 2 payments via POS
3 - Void one payment
4 - Go to Reports->Statistics wizards->Cash register
4) Verify neither shows for the "All payments to the library" and
"Payment" transaction type filters
5) Apply this patch
6) Restart all the things!
7) Verify the non-voided fee shows for the "All payments to the library" and
"Payment" transaction type filters and the voided fee does not
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6ee6bea6bf)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7d977be3e9)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
An embed that is not supported in 22.11 was added as part of a refactoring patch. This commit removes that embed to allow the ERM module to function properly
When trying to manually transfer an item that is on hold, we have the
choice to cancel the hold and try the transfer again. When choosing
this option, the hold is correctly cancelled but the transfer is not
tried again.
This patch fixes that
Test plan:
1. Place a hold on a specific item
2. Try to transfer it manually (Circulation » Transfer)
3. Choose the option to "Cancel hold and then attempt transfer"
4. See that the hold was cancelled, but no transfer was made
5. Apply the patch
6. Repeat step 1-3
7. See that the hold was cancelled, and the transfer was made
Signed-off-by: Nicolas Giraud <nicolas.giraud@inlibro.com>
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 68b97cc7e4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4352e97a28)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch adds an order_by clause to ensure consistent ordering of the
returned status and status_alias statuses from the database between
MySQL 8 and other DB engines.
This fixes the failing tests introducd in bug 34223.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 7f9ff906d9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 9b1ff4d540)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch makes a minor simplifying change to the check-in template
around how to style the barcode input field in dropbox or fine-exempt
mode.
To test, apply the patch and go to Circulation.
- If necessary, check some items out to patrons so that you have items
to check in.
- Go to the check-in page and click the icon inside the barcode field to
expand the panel of options.
- Check the "book drop mode" checkbox. The barcode field should now be
highlighted yellow.
- Check in an item. When the page redisplays, the barcode field should
have the same highlighted style.
- If necessary, enable the finesMode system preference.
- On the check-in page, in the panel of options, check the "Forgive
overdue fines" checkbox. Test checking in again, confirming the same
style consistency in the barcode field.
Signed-off-by: Inkeri <inkeri.hakulinen@helsinki.fi>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit edb9787fc8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit edf7c67661)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch reunites the words for the sentence "Displaying
[all|approved|pending|rejected] terms" in order to facilitate
translating in languages that have a different syntax.
To test:
1. Install a new language
./misc/translator/translate install xx-XX
2. Check the xx-XX-staff-prog.po file for the sentence
--> All the words are individual strings
3. Apply patch
4. Update the po files
./misc/translator/translate update xx-XX
5. Check the xx-XX-staff-prog.po file again
--> The sentence is reunited for each status (Displaying all terms,
Displaying approved terms, etc.)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 272a080cb3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 48282124fa)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
To test:
1. Apply patch
2. Install language
./misc/translator/translate install xx-XX
3. Update po files
./misc/translator/translate update xx-XX
4. View the xx-XX-messages.po file
--> Strings for tag statuses for one tag should be separated from
strings for statuses for multiple tags, with context Tags
(single) or Tags (multiple)
5. Change the strings so you know which is which
For example, in French, the approved status for a single tag would
be "Approuvé" and for multiple tags would be "Approuvés" (with the
plural s at the end)
6. Apply translations
./misc/translator/translate install xx-XX
7. Add tags through the OPAC
7.1. In another tab, go to the OPAC
7.2. Log in
7.3. Search for a record
7.4. From the detailed record, click Add tags
7.5. Enter a tag and click Add
8. In the staff interface, go to Tools > Tags
9. Approve/Reject the tag
--> The status in the table and on the button should be the singular
status, the status in the summary on the right should be plural
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5d23be933f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ff89574592)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9254af7b41)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 70ffc2c6fa)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
To test:
1. Go to Item types administration.
2. Set some items types to be limited to a branch you are not logged in as.
3. Find some items from the branch you are logged in at and go to Batch item modification.
4. Add the barcodes and attempt to edit the item type to the one you limited in step 2.
5. You can change these item types to ones that your branch should not be able to.
6. Apply patch
7. Try steps 4 -5 again but this time you should not see item types in the dropdown that are limited to other branches.
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 13d5ff9424)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b7e9360061)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
An anonymous session might have a userenv which is undef or which is
a hashref of undef/empty values.
This patch generates the "anonymous" prefix for undef/empty 'id'
values, which prevents CSRF errors when logging in via OAuth2/OIDC
following a Koha logout.
Test plan:
Before applying patch:
1. Go to https://wiki.koha-community.org/wiki/Testing_SSO
2. Set up OpenID Connect realm, user, client, and Koha
integration to Keycloak for koha-testing-docker as noted in the wiki
3. Go to http://localhost:8080/cgi-bin/koha/opac-main.pl?logout.x=1
4. Click on OIDC "Log in with XXXX" button and log into IDP
5. Note that you're not logged in and you instead see an error message like:
"There was an error authenticating to external identity provider wrong_csrf_token"
6. Apply patch
7. Go to "Sessions" section of the test realm in Keycloak
e.g. http://sso:8082/auth/admin/master/console/#/test/sessions
8. Click "Action" on the far right side of the screen
9. Choose "Sign out all active sessions"
After applying patch:
10. koha-plack --restart kohadev
11. Go to http://localhost:8080/cgi-bin/koha/opac-main.pl?logout.x=1
12. Click on OIDC "Log in with XXXX" button and log into IDP
13. Note that you're logged in
14. prove t/Token.t
15. Note all tests pass
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit f965db69f1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit bde32f4927)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Test plan:
Before patch:
- Visit a non-existent ID i.e. /cgi-bin/koha/erm/agreements/999
- Visit a char ID i.e. /cgi-bin/koha/erm/agreements/abc
Apply patch:
Repeat above steps.
Run cypress tests
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2a0fcd9dda)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 767a004f03)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch corrects the internationalization function wrapped around the
"% search" string in datatables.js. It should be the double-underscore
function instead of the single-underscore.
To test, apply the patch and test that the placeholder string is
translatable. In this example I'm testing fr-FR:
- Update a translation:
> cd misc/translator
> perl translate update fr-FR
- Open the corresponding .po file for the strings pulled from
JavaScript e.g. misc/translator/po/fr-FR-messages-js.po
- Locate strings pulled from prog/js/datatables.js for
translation, e.g.:
\#: koha-tmpl/intranet-tmpl/prog/js/datatables.js:894
\#, javascript-format
msgid "%s search"
msgstr "%s recherche"
- Install the updated translation:
> perl translate install fr-FR
In the staff interface, test a page that has column header filters, e.g.
patron search. Confirm that the table of search results shows the
translated string in the column header placeholders.
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit c23f36b812)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d1d9a33535)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fcf0ba17b5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 63434d59e8)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
The queries here are the same except for 2 differences:
1 - They check if the hold was on a particular item
2 - The latter confirms that the reserve item group matches the item's item group
For 1, it doesn't matter - only 1 item can be mapped ot a reserve, itemnumber is the primary key
for hold_fill_targets - so we are either matching it in the first query or the second, either way we get the same
reserve - the returns are the same so we don't care which query it came from
For 2, this has already been checked when the queue was built. We don't need to verify the match because
it wouldn't be in the targets if they didn't match
To test:
1 - Apply second unit test patch
2 - prove t/db_dependent/Reserves.t
3 - It should pass
4 - Apply this patch
5 - prove t/db_dependent/Reserves.t
6 - It continues to pass
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 72bfb416d3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7aa6464c23)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6f7ccdf6c3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 91d9a15485)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
The current logic requires that the grop ids match, but this eliminates null matches
from the group.
The fallout essentially is that the queue won't be checked to fill holds in cases of title level matches
where holds don't have an item group id. The queue checks the transport cost matrix while the check reserves
check does not, so this may have an impact on holds costs and delivery times
To test:
0 - Apply unit test patch
1 - prove -v t/db_dependent/Reserves.t
2 - It fails
3 - Apply this patch
4 - prove -v t/db_dependent/Reserves.t
5 - It passes!
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fe3872f628)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f4641ea972)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 99d7e55be6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0cad18658a)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch corrects instances of the double-underscore function being
used in .tt and .inc files where the single-underscore function should
be used instead.
To test, apply the patch and update a translation, e.g. fr-FR:
> cd misc/translator
> perl translate update fr-FR
- Open the corresponding .po file for JavaScript strings, in this case
misc/translator/po/fr-FR-staff-prog.po
- Confirm that the strings are now in the .po file for translation. You
should find these lines:
- koha-tmpl/intranet-tmpl/prog/en/includes/js-biblio-format.inc: "No
title."
- koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt:
"Check in and add to bundle"
"Ignore holds and add to bundle"
- koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/add_items-step1.tt:
"Please enter only a barcode, or only a biblionumber."
- koha-tmpl/intranet-tmpl/prog/en/modules/course_reserves/batch_add_items.tt:
"Please enter only barcodes, or only biblionumbers."
- koha-tmpl/intranet-tmpl/prog/en/modules/tools/additional-contents.tt:
"Please specify a content for 'Default'"
- Check fr-FR-opac-bootstrap.po for these lines:
- koha-tmpl/opac-tmpl/bootstrap/en/includes/calendar.inc:
"Please enter a valid date (should match %s)."
- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-basket.tt:
"No item was selected"
- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-reserve.tt,
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt,
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt:
"No item was selected"
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit d1d9f4698e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f558474af3)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 93dd749eca)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f4a9dbd106)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Add a new request with a backend specific status
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit b00806774d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6151e6ee8c)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
This patch adds a unit test for the 'existing_statuses' method.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit cda13a7328)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4bec5acad4)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>