Commit graph

33 commits

Author SHA1 Message Date
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
dd55209f25
Bug 24537: Tidy code
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:01:03 +01:00
cede9bbe43
Bug 24537: Allow IP ranges in ILS-DI:AuthorizedIPs using Net::Netmask
This patch uses Net::Netmask to match IPs from ILS-DI:AuthorizedIPs
against $ENV{REMOTE_USER}. By using Net::Netmask, we can use addresses
in a variety of formats. This includes 127.0.0.1, 192.168.1.0/24,
10.0.0, and so on.

To Test:
1. Apply the patch
2. Empty the 'ILS-DI:AuthorizedIPs' system preference
3. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
3b. Note that the request is successful
4. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet including
your IP address (e.g. 192.168.1.0/24)
5. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
5b. Note that the request is successful
6. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet that doesn't include
your IP address (e.g. 1.1.1)
7. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
7b. Note that your request is refused
8. Try a variety of permutations including bad values (e.g. 192.168.1.) or multiple values
(e.g. 10.0.0.0/8,192.168.1.0/24) or multiple values including a mix of good and bad values

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-06 11:00:44 +01:00
2754423879
Bug 24754: (QA follow-up) Add timestamp, remove 11th parameter
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-25 09:32:48 +00:00
b3ecb4644e
Bug 24754: Set userenv for ilsdi requests
Currently ILSDI scripts do not have a userenv set. This affects both
action_logs and statistics.

For action_logs we either get no user or, if there is an active session, we use that one. This can have unintended consequences and we should explicitly set the env so that system user (0) is recorded

For statistics we need to specify a branch to record for actions like renewals. With bug 24759 we add an items method for this. We should take advantage of this method and use the 'opac' interface as the ilsdi scripts live there.

To test:
1 - Enable ILSDI in systempreferences
2 - Checkout an item to a patron
3 - Enable Renewal logs
4 - Ensure you will be able to renew the item several times
5 - Open an incognito/private browser
6 - Renew item via ilsdi:
    http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=RenewLoan&patron_id=5&item_id=1128
7 - Check action logs, interface may be random, user should be 0, if not make sure the user in step 9 is a different one
8 - In private browser open a new tab
9 - Sign in to staff client
10 - Return to other tab
11 - Refresh page to repeat renewal
12 - Check action_logs
13 - The second renewal indicates it was renewed via intranet by logged in staff member
14 - Apply patch
15 - restart_all
16 - Ensure staff client still signed in
17 - Repeate renewal again
18 - Check logs, renewal now indicates opac again (as it should), user is 0 even if logged in on other tab

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-25 09:32:37 +00:00
c8bf308e1b
Bug 23531: fix ILSDI non-implemented but documented parameters
test plan :
1/ Submit a hold through ILSDI with start_date and expiry_date parameters
2/ Verify in Koha those parameters are not applied to the newly created
reserve. Delete reserve.
3/ Apply patch and repeat 1.
4/ Verify the reserve created by same request as 1 now has both dates
applied and visible in Koha.

Signed-off-by: Christophe Croullebois <christophe.croullebois@biblibre.com>
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-18 08:42:31 +00:00
Julian Maurice
2351693b61
Bug 23156: Add pagination to checkouts in ILS-DI GetPatronInfo service
When patrons have a lot of checkouts, GetPatronInfo can take a lot of
time. This patch introduces two new parameters to allow pagination of
this list of checkouts

Also, fix a warning in C4::ILSDI::Services::GetPatronInfo

Test plan:
1. Go to /cgi-bin/koha/ilsdi.pl?service=GetPatronInfo&patron_id=X&show_loans=1
   where X is a borrowernumber of a patron who has several checkouts
   Verify that all checkouts are listed
2. Add '&loans_per_page=1&loans_page=1' to the URL. Verify that you have
   now only one checkout listed, and that there is a new element
   <total_loans> which contain the total number of checkouts
3. Increase the page number in the URL until you have seen all checkouts
4. prove t/db_dependent/ILSDI_Services.t

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-06-25 17:16:26 +01:00
543630b3c4 Bug 21719: Fix typos
This patch was generated using codespell

Test plan:
Read through changes and confirm they make sense

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

https://bugs.koha-community.org/show_bug.cgi?id=21706

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-11-08 02:18:46 +00:00
Jon Knight
65e541085c Bug 13990: ILS-DI LookupPatron requires ID Type
Patch provides a constrained set of borrower attributes to try in turn if the
ID type is not specified.  Also added "email" to the POD documented list of
id types seeing as its quite a useful one for integration developers.

Test plan:

1) without the patch applied, turn on ils-di interface in your admin sysprefs
   and then try accessing the URL:

   https://your-server/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=Mabel

   replacing "your-server" your Koha dev test domain name (localhost:8080 if
   you're using a kohadevbox VM) and "Mabel" with the first name of a patron
   (Mabel is in the test database already if you're using that).

   You should get back an error message in the XML.

2) Apply the patch and repeat. This time you should get an <id> element in
   the XML with Mabel's patron ID in it.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-30 14:18:21 -03:00
70498b1566 Bug 16476: Do not call CGI->param in list context, some more
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-16 17:11:46 +00:00
ac5a1bfece Bug 16154: CGI->multi_param - Manual changes
This patch does the same as the previous one, but affects lines which
have not been caught by the regex.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:43 +00:00
66aacace08 Bug 16154: CGI->multi_param - Declare a list
This patch replaces the occurrences of
  my @foo = $cgi->param('foo');
with
  my @foo = $cgi->multi_param('foo');

perl -p -i -e
's/^(\s*my\s*@\w+\s*=\s*)\$(cgi|input|query)\->param\(/$1\$$2\->multi_param\(/xms'
**/*.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:42 +00:00
Martin Persson
ead5b9c0e2 Bug 14257 - Add show_attributes to GetPatronInfo
This patch adds the ability to query the extended patron
attributes via the ILSDI web service's GetPatronInfo service.

Example: ilsdi.pl?service=GetPatronInfo&patron_id=3&show_attributes=1

A new element <attributes> will be added if there
are any attributes available from the database.

We need to discuss the security implications of showing the
attributes. At present it will allow querying of non-public
(OPAC-visible) information. We might want to change this.

Sponsored-By: Halland County Library

Test plan:

* Configure Koha to make use of extended attributes:
  Under 'Administration' -> 'Global system preferences' ->
  'Patrons' tab -> Set 'ExtendedPatronAttributes' to 'Enable',
  press save and switch to 'Web services' tab.

* Enable the ILS-DI service:
  Under 'Administration' -> 'Global system preferences' ->
  'Web services' tab -> 'ILS-DI' section:
  Set 'ILS-DI' to 'Enable' and save.

* Create an attribute to query:
  Under 'Administration' -> 'Patrons and circulation' ->
  'Patron attribute types' press 'New patron attribute type':
  Enter a type code, like 'DOORCODE', description and assign
  a category that your test patron is a member of, then save.

* Set value for test user:
  Locate the test patron, the new attribute should be listed
  under 'Additional attributes and identifiers'.
  Click 'Edit' and assign a value, like '1337' and save.

* Query the ILS-DI service:
  http://127.0.1.1/cgi-bin/koha/ilsdi.pl?service=GetPatronInfo&patron_id=1&show_attributes=1
  The output XML should have an element named 'attributes'
  containing the data you entered.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-31 20:31:06 +00:00
f2eb968145 Bug 6679 - Fixing code so it passes basic Perl:::Critic tests
opac/ilsdi.pl: Stricture disabled at line 217, column 17.  See page 429 of PBP.  (Severity: 5)

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-01-27 05:06:23 +00:00
109c610e99 Revert "Bug 6679: Fixing code so it passes basic Perl:::Critic tests"
This reverts commit 8b9a555cc9.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 14:16:31 -03:00
8b9a555cc9 Bug 6679: Fixing code so it passes basic Perl:::Critic tests
opac/ilsdi.pl: Stricture disabled at line 217, column 17.  See page 429 of PBP.  (Severity: 5)

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 10:42:06 -03:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
Galen Charlton
da6f2f7a7d Bug 10549: (follow-up) make sure ILS-DI GetAvailability response is emitted as UTF-8
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-17 19:14:37 +00:00
Colin Campbell
263dded818 Bug 6752: Be stricter with utf-8 encoding of output
use encoding(UTF-8) rather than utf-8 for stricter
encoding
Marking output as ':utf8' only flags the data as utf8
using :encoding(UTF-8) also checks it as valid utf-8
see binmode in perlfunc for more details
In accordance with the robustness principle input
filehandles have not been changed as code may make
the undocumented assumption that invalid utf-8 is present
in the imput
Fixes errors reported by t/00-testcritic.t
Where feasable some filehandles have been made lexical rather than
reusing global filehandle vars

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-27 12:11:06 +01:00
Jean-André Santoni
2c88e1e0f8 Bug 5639 (MT #3605) Fix escaping in ILSDI
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2011-08-05 09:07:15 +12:00
Jean-André Santoni
2fb3f22f62 [MT3696] Fixed ILSDI GetAvailability call
(cherry picked from commit 96552d64727dc6fc2525cc9c0c6ece0c718b999d)

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-10-13 10:39:38 -04:00
Jean-André Santoni
d4260af339 Fixed an encoding bug in the documentation
Moved the binmode pragma to the end of the file, so it won't affect documentation templates. So no more double encoding.

Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:54:45 -04:00
Henri-Damien LAURENT
9428e750f0 Fixed an encoding bug in the documentation
Moved the binmode pragma to the end of the file, so it won't affect documentation templates. So no more double encoding.

Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:54:43 -04:00
Henri-Damien LAURENT
f3581a594e ILS-DI Messages uniformization
[MT2306_2271] ILS-DI Message codes consistence

The services now returns ILSDI error codes in a <code> tag, plus details in a <message> tag.

Exemple:

<LookupPatron>
<code>MissingParameter</code>
<message>The required parameter patron_id is missing.</message>
</LookupPatron>

[MT2306_2271] Minor changes in HTML

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:39:31 -04:00
Jean-André Santoni
09221f7006 ILS-DI Code cleaning
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:39:26 -04:00
Jean-André Santoni
aa17eef42f Fixes access permissions to ILS-DI
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:39:24 -04:00
Lars Wirzenius
873a3cb9bc Fix FSF address in directory opac/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:54 -04:00
Paul Poulain
b7435fbe6e ilsdi.pl : character encoding declaration update
xml declaration of charset is now set to utf8
2009-10-01 13:55:10 +02:00
f7f783226a ran ILS-DI code through perltidy
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-06 13:41:26 -04:00
ccdc20496f bug 2505: enable strict and warnings in ILS-DI code
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-06 13:41:25 -04:00
Jean-André Santoni
ed92b52b26 Added comments to ILS-DI code
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-06 13:41:25 -04:00