If you click on a link that opens a new tab/window to another site, that tab
has access to the original window through JavaScript. The browsing context is
related, even if the domains are totally different.
The tab retains access to the original window's object via window.opener, even
if you navigate to another page or domain, in the new or original window.
Access to the Window object means the new window can use Window.location to
open a different URL in the original window, perfect for phishing attacks.
Depending on the site's Same-Origin Policy settings, the new window may have
access to other parts of the original window's DOM as well.
Any 'A HREF' that contains a target of of '_blank' or '_new' or a fixed name
is vulnerable. Previous security best practice often suggested creating a random
fixed name for an unpredictable namespace - that won't help with this problem!
Targets of '_self' and '_parent' are safe.
We do not use _new (at first glance) but several _blank. Some are used
to refer internal url, we do not need to update or remove them. Others
are used to satisfy OPACURLOpenInNewWindow, in these case, we should add
the rel="noreferrer" attribute to the a tags.
In other cases, we can simply remove them and let the users discover
that a mouse has more than one button (we are in 2016, they can do it!)
Signed-off-by: Chris <chrisc@catalyst.net.nz>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Recurring update for the about page, Koha team.
Test plan:
Check accuracy of changes with former about page (3.22 release team) and
Roles for 3.24 page on the wiki.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch adds a link to www.openhub.net/p/koha/contributors/6618545408147
for Marc Veron (with é).
(Amended for é in commit message)
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
(Amended for comment #281: changed second occurence)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
During this release cycle he worked really hard looking for things to fix.
He's a brave bug wrangler and his name should be on the credits for 3.22.
Period.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Well deserved.
This patch introduces a test for psgi/plack in %ENV and uses that data
to report in the about page.
To test:
- On current master (without Plack), go to about.pl
- Notice no mention of Plack
- Apply the patch
- Reload the about page
=> SUCCESS: No change
- Enable plack, and access the about page through Plack
=> SUCCESS: There is a PSGI label, showing that you are running Plack
- Sign off :-D
Regards
PS: I haven't tested the mod_perl scenario, I just grabbed the MOD_PERL env var
from the docs.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds the new devs missing from the history.txt file
that contributed patches during the 3.22 release cycle. It fixes
the missing ones on the about page too.
Bonus: Adds Olli, who was missing, so numbering shift was needed too.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This fixes the following:
* License of editor.pl
* Remove tabs
* Use [% interface %]
* Re-order search fields like the old interface
* Add license information for new libraries
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Note: Made a little change, changed He should have, to They should have
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
New warning on the about page if at least a patron has requested a
privacy on checkin but the AnonymousPatron is not set to a valid patron.
Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This patch adds the TinyMCE license info to about.pl
Signed-off-by: Martin Persson <xarragon@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch introduces checks on the about.pl page so the user is warned
for a deficient configuration.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In comment #20, Katrin requested the about page be updated
to reflect the addition of a jquery plugin.
TEST PLAN
---------
1) Apply all patches
2) Log in to Staff Client
3) Home -> About Koha -> Licenses
-- jQuery Validation Plugin is now listed nicely.
4) Run koha qa test tools
License appears as expected, qa OK
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch fix trivial duplicate
in about page.
To test:
1) Go to about page > translations
2) Check duplicate entry for Armenian
first in 4th line, second before indonesian
3) Apply patch
4) Reload page and check again
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Trivial string patch. The restults are the expected.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Double checked :-P
See: http://wiki.koha-community.org/wiki/Roles_for_3.22
The 3.20 roles are moved to the Development section. Note that we did
not add the Bug wranglers role under Development until now. If that
should change, please provide a follow-up.
Test plan:
Verify that all roles are covered correctly.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Seems correct for me, no errors.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Magnus is alone, no errors
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Changes are confirmed with author (Mirko Tietgen). See Bugzilla.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
System information indicates missing <zebra_bib_index_mode> and <zebra_auth_index_mode> entries in koha-conf.xml.
This patch
- adds warnings about a possible mismatch between these settings and the actual setup
- adds info about the actual setup/what values to use for <zebra_bib_index_mode> and <zebra_auth_index_mode> if they are not set.
The assumption is that a path including 'zebra-*-dom.cfg' in the respective section indicates a DOM setup.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Adding back version numbers to the former release team members
in the list of developers.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Added prefix "3.16" to Galen's Release Maintainer. (See Roles for 3.18)
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Updated the release team with the roles for 3.20 pages on the wiki and
checked with the votes on the IRC meeting log.
Simplified the section on Former release team members by moving that
information (in a compressed format) to the Developers section.
If someone had a role for multiple releases, I used constructs as 3.X.
Sorted the Additional thanks-section.
Signed-off-by: Justin <justinvos@live.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2015-01-14: Amended. Replaced abbreviations like RM by Release Manager.
Replaced one occurrence of 3.x by 3.X (for Owen).
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Typed by Kahurangi, supervised by me
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The work from KnowledgeWare Technologies need to be
added to about page.
To test:
1) Apply the patch
2) Go to About page > Translations
3) Credits for Arabic must show updated information
(agreed between involved parties)
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
They all agreed on the attribution.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
No problems found.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Checked the names with git log and Bugzilla.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This follow up makes some corrections to the previously added files and
adds some functionality to the diff: A Javascript diff plugin highlights
the differences between the records in the two columns.
Corrections made: Converted tab indentation to spaces, corrected GPL
statement.
File organization: Moved showdiffmarc.pl and .tt to /tools/ to match the
location of the page with which it functions,
tools/manage-marc-import.pl. Corrected permissions on showdiffmarc.pl
accordingly.
Updates to the template: Added standard includes inclucing header menu
and breadcrumbs; converted custom layout to YUI Grid standard.
To test, follow the test plan previously defined:
- Stage a MARC record batch which contains at least one record match for
something already in your catalog.
- Locate the staged MARC record batch in Tools -> Manage staged records
and click to view the contents.
- Find the record which matched an existing record and click the "View"
link in the Diff column.
- The compare screen should include the header menu and breadcrumbs. The
differences between your staged file and the existing record should be
higlighted.
- You should be able to return to the MARC batch you were previously
viewing by following the link in the breadcrumbs or the link at the
bottom of the page.
- Confirm that the "About" page includes information about the new
JavaScript plugin on the Licenses tab.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch changes the text for zebra_auth_index_mode and zebra_bib_index_mode
entries missing on koha-conf.xml telling the user GRS-1 is deprecated.
It also adds another check for those preferences set to GRS-1, and shows a
warning message if set to grs1.
To test:
- Apply the patch and try all combinations:
- zebra_auth_index_mode and zebra_bib_index_mode missing
- zebra_auth_index_mode and zebra_bib_index_mode set to grs1
- Sign off :-D
Regards
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
I've played with the 3 related koha-conf.xml file parameters:
zebra_auth_index_moda, zebra_bib_index_mode missing, and use_zebra_facets.
Inconsitencies are properly reported in About page thanks to this patch. It
would be helpfull to admin upgrading their Koha installation.
And by the way, thanks Tomas for the new Zebra facets functionnality. It's a
'joy' to see it into Koha.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, no problems found.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds two checks to about.pl:
- use_zebra_facets entry presence in koha-conf.xml
- use_zebra_facets==1 and zebra_bib_index_mode==dom
The idea is to alert the user if it has conflicting or wrong settings. Even
if there's a fallback to a working configuration.
To test:
- On clean master install, go to the about page
=> SUCCESS: No warnings regarding use_zebra_facets
- Comment out the use_zebra_facets entry, reload
=> SUCCESS: The about page mentions the use_zebra_facets entry is missing
- Uncomment the use_zebra_facets entry, make sure it is set to 1
- Change zebra_bib_index_mode to 'grs1', reload
=> SUCCESS: The about page says zebra_bib_index_mode is not set to DOM even though
you have use_zebra_facets set.
- Sign off :-D
Regards
To+
Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Followed test plan with success
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, tested by changing the koha-conf.xml file.
Note: There is no warning if use_zebra_facets is 0.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The previous update to the Athens County Public Libraries link was
incorrect. It is preferable to point to our library system's home page
rather than our OPAC. If any change is necessary it is to update the
name from the old "Nelsonville Public Library" to the new "Athens County
Public Libraries."
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Automatic renewal is the second feature sponsored by the hsg.
Sponsored-by: Hochschule für Gesundheit (hsg), Germany
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch fixes several capitalization issues in the about page.
To test:
- Go to the about page
=> FAIL: you should see
* Server Information (tab)
* Koha Team (tab)
* Koha Timeline (tab)
* Additional Thanks To... (at the bottom of the Koha Team tab
- Apply the patch and reload
=> SUCCESS: you should see
* Server information
* Koha team
* Timeline
* Additional thanks to...
- Sign off :-D
Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
String changes, no problems found.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds information about required perl module versions to the
'About' page.
To test:
Apply patch.
In staff client, go to 'About', tab 'Perl modules'
The required version numbers should display in small print next to or
underneath the module names.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The currently maintained stable releases translations are/were done by
the following individuals and it should be acknowledged in the about page.
This patch also removes the venezuelian spanish translation, that was removed
long time ago.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Ohloh.net links are used in the about page. Their FQDN has changed a while ago.
Old one is still redirected, but we need to fix it just in case the redirection
is removed.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Missing the Module Maintainers?
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Current code displays "No warnings" even if there are actually warnings
printed.
It is not related to the bug itself, but as it was pointed out by the QAM,
I attach a followup to solve that.
Regards
To+
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
