Commit graph

1465 commits

Author SHA1 Message Date
68407f4cf0 Bug 16960: Delete previous patron modifications
If a patron edit his/her details a second time, we need to delete the
first ones to avoid a "duplicate entry for key PRIMARY" error.

Test plan:
Log in at the OPAC
Edit your details
Edit them again
=> Without this patch, Koha will crash
=> With the patch applied, everything should work as expected

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-22 11:46:05 +00:00
7a33e3ba75 Bug 16960: Fix error on validating the registration
Followed steps in comment #14, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-22 11:46:05 +00:00
1016139132 Bug 16960 - Patron::Modifications should be fixed
The changes from opac-memberentry do not reach the table, since the
Patron::Modifications object does not work well.

Test Plan:
1) Apply this patch
2) Create some patron modification requests
3) Ensure you can approve and deny modifications
4) Ensure patron self registration works

Signed-off-by: Bob Birchall <bob@calyx.net.au>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-22 11:46:05 +00:00
8c5cb134ee Bug 16996: Do not explode if mandatory fields are missing
At the OPAC, if a patron modify his/her information and at least 1
mandatory field is missing, Koha will crash with
  Template process failed: undef error - Can't call method "description"

It is raised by Koha::Template::Plugin::Categories::GetName called with
an undefined categorycode.
The problem is that the values sent originaly are not sent back to the
template if the user missed something.
This patch makes that all info are resent to the template in order to
show the same form to the user.

Test plan:
0. Apply patch

1. Make sure that the categorycode is not hidden in the OPAC in:
     PatronSelfRegistrationBorrowerUnwantedField or PatronSelfModificationBorrowerUnwantedField

2. Add a required field in PatronSelfRegistrationBorrowerMandatoryField, for example email.

3. Go to Your Personal Details in the OPAC (opac-memberentry.pl) and leave blank the required field of point 2

4. Press "Submit update request"

There should be no software error.

NOTE: The warns will be floody on the logs.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-18 15:43:01 +00:00
d1eb706153 Bug 14642: Add logging for Holds
This patch adds logging for several holds actions. Specifically for:

- CREATE
- CANCEL
- DELETE
- RESUME
- SUSPEND
- MODIFY

To test:
- Enable the HoldsLog syspref
- Add a hold on a record/item
=> SUCCESS: The log view shows the CREATE action
- Click on the <Suspend> button
=> SUCCESS: The log view shows the SUSPEND action
- Click on the <Unsuspend> button
=> SUCCESS: The log view shows the RESUME action
- Click on the red cross, to delete the hold
=> SUCCESS: The log view shows the CANCEL action

Note: The DELETE action is logged when DelMember is called, with bug 16819 patches applied.

Sponsored-by: NEKLS
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I also wonder about this going in defaulted on, but since the other logs are as well it seems ok to me.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:43:13 +00:00
Chris Cormack
0ef3b19dbd Bug 16969 cgi->param used in list context in opac-memberentry.pl
To test
1/ Hit the page, notice the warning in the log
2/ Apply patch
3/ Hit page, notice no warning in the log
4/ Test functionality all still works

Works as expected. (Note: See Bug 16960 for updating patron details).
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:02:05 +00:00
62d16aa6b7 Bug 16776: Do not forget external language choice in language switcher
If language is set by external link language switcher does not work

To reproduce:

- Have a multilingual koha installation, let's say en, de-CH, fr-FR and it-IT
- Create external links e.g. from your multilingual library website to each language variant of OPAC:

...cgi-bin/koha/opac-main.pl?language=en
...cgi-bin/koha/opac-main.pl?language=de-CH
...cgi-bin/koha/opac-main.pl?language=fr-FR
...cgi-bin/koha/opac-main.pl?language=it-IT

Each link opens fine displaying the language as appropriate.

Now try to switch language on the page you just opened via the external link.

It won't work, it will always stay on the language defined by the external link.

To test:
- Apply patch
- Repeat steps above
- Verify that the language switcher works
- Verify in browser address field that after switching language, the param 'language= 'has vanished from url string
- Try links with multiple params and with params containing 'language', e.g.
  ...cgi-bin/koha/opac-search.pl?language=fr-FR&q=language&mylanguage=test
- Verify that only the parameter 'language=' vanishes

Tested counter patch, works as well.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:51:33 +00:00
0fe7a4aa8e Bug 16929: [QA Follow-up] Shortcut methods and use statements
Resolves the following comments:

I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:26:00 +00:00
523d0be9dc Bug 16929: Prevent opac-memberentry waiting for random chars
Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
    take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

Tested all 3 patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:25:59 +00:00
9bdea2e369 Bug 16878: Fix XSS in opac-memberentry
The vars are gotten from the url and sent to the template as it. They
must be escaped.

Test plan:
I have not managed to create the original issue, so there is no test
plan for the XSS fix, but you can confirm there is no regression.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-04 19:22:00 +00:00
131002e623 Bug 16847: Remove C4::Members::GetTitles
This subroutine just reads the content of a pref, split it, add an
empty string and returns.
It is not really useful and the code in the script (memberentry.pl) uses
the only occurrence of CGI::popup_menu
Let's remove it and build the dropdown list in the template.

Test plan:
1/ Empty BorrowersTitles, edit a patron and confirm that the "Salutation"
does not appear
2/ Fill BorrowersTitles with "Mr|Mrs|Miss|Ms", edit a patron and confirm
that the "Salutation" dropdown list is correctly filled.
The default option should be selected if you are editing a patron with a
title defined.
This should also be tested at the OPAC.

Followed test pan, works as expected in Staff and OPAC
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-22 17:23:42 +00:00
f3d7f27107 Bug 15451: Koha::CsvProfiles - Remove the residue
This patch erase all traces of C4::Csv since it's not used anymore.
All occurrences have been replaced by previous patches to use
Koha::CsvProfiles.

Note that GetMarcFieldsForCsv was not used prior this patch set.

Test plan:
  git grep 'C4::Csv'
should not return any result.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No more traces of the file.
This produces a koha-qa fail, due to the missing file.
No other errors

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-22 17:18:36 +00:00
814a1d4231 Bug 15451: Koha::CsvProfiles - Remove GetCsvProfilesLoop
This subroutine returned the csv profiles for a given type.
This could be done easily with the new Koha::CsvProfiles->search method.

Test plan:
To do at the OPAC and staff interface!
1/ Export a list using a CSV profile
2/ Export your CART using a CSV profile
Note that only MARC profiles should be available.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested on staff/opac & cart/list
Small problem on filename extension fixed in followup.
No errors

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-22 17:18:34 +00:00
afc008b2fa Bug 16853: Move changepassword to Koha::Patron->update_password
This patch moves the code from C4::Members::changepassword to
Koha::Patron->update_password

Test plan:
Change your password at the OPAC and the staff interface
This should work as before

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I rebased this on top of 16849 because they were conflicting.
Tests pass, code looks good (as usual) and I checked both OPAC
and staff password change work as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-15 18:09:17 +00:00
e1e38896bb Bug 16849: Move IsDebarred to Koha::Patron->is_debarred
In order to move IsMemberBlocked to Koha::Patron it makes sense to move
the code from Koha::Patron::Debarments::IsDebarred to
Koha::Patron->is_debarred.

Test plan:
1/ Add a restriction to a patron
2/ make sure he is not able to checkout items any more
3/ Make sure he cannot get a discharge
4/ Put a hold and make sure you get "Patron has restrictions"

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-15 18:08:14 +00:00
Marc Véron
dc1ff4efff Bug 16621: Translatability: Issues in opac-user.tt (sentence splitting)
This patch fixes issues due to sentence splitting in
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt

Note: This is a string patch. It does not add or change functionallity.

To test:
- Examine code and verify that the text changes remove sentence splitting
  and that the changes make sense.
- Log in to OPAC and verify that messages look correct
  - with blocked /debarred user (with and without comment and date)
  - with user who has to much fines (needs syspref OpacRenewalAllowed
    and syspref OPACFineNoRenewals)
  - with user who has his card marked as lost
  - with user with an account that is about to expire
  - with user with expired account
  - with user with uncertain address information (with and without
    syspref OPACPatronDetails set to Allow)

Note: Amended to make patch apply 2016-07-10 mv
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-15 15:09:00 +00:00
de2df0dfe8 Bug 2735: Fix authority search pagination at the OPAC
The authority search pagination displays only 15 pages, even when there
are more.
To fix that, this patch mimic the authorities-home.pl intranet script to
manage the pagination.

Test plan:
Without this patch, do some authority search and click on different
pages.
Apply this patch, redo the same search and make sure the same records
are displayed (i.e. confirm that the pagination still works as before).

Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-15 14:05:59 +00:00
Mark Tompsett
dee29d9f0b Bug 16805: Log in with database admin user breaks OPAC
TEST PLAN
---------
1) Apply Jonathan's test patch
2) prove t/db_dependent/Letters.t
   -- dies before finishing tests
3) Apply second test patch
4) prove t/db_dependent/Letters.t
   -- dies before finishing tests
   -- 'addalert' is changed to 'getalert'
5) Log into OPAC with database admin user.
   -- see error given in comment #0
6) Apply this patch
7) prove t/db_dependent/Letters.t
   -- says 'getalert'
   -- all tests pass.
8) Log into OPAC with database admin user.
   -- logs in, but gives warning with a nice logout button.
9) run koha qa test tools.

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
No kaha qa errors
In debian display diferent error:
Can't use an undefined value as an ARRAY reference at /usr/lib/perl5/DBI.pm line 2054.
Works as advertised

NOTE: Revised test plan, as Jonathan added useful test case.
      Works as I've tested above.
      Hector tested older test plan which was steps
      5,6,8 and 9.

      Revised test plan again while tweaking to address comment #9.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:45:04 +00:00
1b89150d42 Bug 15128: Do not display "New suggestion" if limit has just been reached
If limit is X and patrons has X-1 pending suggestions, when a new one is
added, the "New suggestion" should not been added.
to avoid another call to SearchSuggestions, we assume than the
suggestion has been correctly added.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:50 +00:00
2c2efbf4a6 Bug 15128: Revert Display all purchase suggestions whether or not suggestion was added
This does not work correctly and should be handle on another bug report.
The behavior existed prior to this patchset.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:49 +00:00
7cde3e216b Bug 15128 - (QA Followup) Don't get patrons suggestions if limit not set
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:49 +00:00
074a3ee338 Bug 15128 - (QA Followup) Fix use of 'my' variable causing loss of data
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:49 +00:00
b6a774028a Bug 15128 (QA Followup) Display all purchase suggestions whether or not suggestion was added Correct enforcement of 0 limit
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:48 +00:00
9ebeb9acb3 Bug 15128 - Followup
Only check limit for signed in borrower
Show all suggestions after a new one is added

Signed-off-by: Barbara Walters <bwalters@ncrl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:48 +00:00
1bfe7c7512 Bug 15128 [QA Followup 2] - Only count pending suggestions for the limit
Signed-off-by: Barbara Walters <bwalters@ncrl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:48 +00:00
5aa3313239 Bug 15128 [QA Followup] - Make suggestion display after being added
Also fixes the issue that the add suggestion link would sometimes
show even if the patron could not make an additional suggestion.

Signed-off-by: Barbara Walters <bwalters@ncrl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:48 +00:00
7445b8f897 Bug 15128 - Add ability to limit patrons open purchase suggestions
To test:
1 - Define a number of MaxOpenSuggestions
2 - Add some suggestions for a patron
3 - Note they cannot add any more suggestions if limit is reached
4 - Delete a suggestion and note you can add another
5 - Add them to limit again
6 - Accept a suggestion in the staff client and note user can add more
7 - Repeat above with rejecting or deleting
8 - Sign off.

Sponsored by:
    North Central Regional Library (http://ncrl.org/)

Signed-off-by: Barbara Walters <bwalters@ncrl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 14:09:48 +00:00
609f537128 Bug 15485: (QA followup) Simplify logic and use *ResultsDisplay value during upgrade
This patch makes the new sysprefs work as the previously defined. Instead of falling back
to what *ResultsDisplay is set, it now has its own 'default' (that still defaults to the
*Results*.xslt).

The default values are set to 'default' as the rest of XSLT-related sysprefs, and the upgrade
picks whatever is set in OPACXSLTResultsDisplay and XSLTResultsDisplay so current behaviour
is preserved.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
New XSLTs for Lists work as advertised

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 13:30:31 +00:00
add61ef614 Bug 15485: (QA followup) Fix behaviour and default values
Jonathan noticed the current behaviour is that the lists rendering
falls back to the XSLTResults, and if not defined (i.e. != 'default' and
!= some_path) it falls back to a legacy display (non-XSLT).

The patchset changed this behaviour because 'default' is not a valid value
for the lists. So it should fallback to the current behaivour (i.e. Results
XSLT configuration) if not defined. This patch fixes this by adding
 || C4::Context->preference('XSLTResultsDisplay')
(and the OPAC counterpart).

It also fixes minor glitches on the update message (oops) and bad default value
in sysprefs.sql  for 'XSLTListsDisplay'.

Thanks Jonathan!

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 13:30:31 +00:00
04143f6a9c Bug 15485: Use lists-specific XSLT sysprefs
This patch makes the shelves.pl (staff) and opac-shelves.pl scripts
use the new sysprefs for specifying custom XSLTs for lists display.

XSLT.pm is patched so it defaults to the corresponding *Results.xsl
files if none is specified.

To test:
- Create a list
- Open the list in the staff interface
- On a new tab, open the list in the OPAC.
- Apply this patches
=== default behaviour
- Open the list (both opac and staff) on new tabs
=> SUCCESS: They look exactly the same (hint: the syspref is set to ''
   so it should fallback to using the one we were using.
=== using the new functionality
- Create custom XSLTs for lists, for example:
  $ cd /home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/xslt
  $ cp MARC21slim2OPACResults.xsl MARC21slim2OPACLists.xsl
- Edit your sysprefs, setting OPACXSLTListsDisplay to:
  /home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/{langcode}/xslt/MARC21slim2OPACLists.xsl
- Reload the OPAC list view
=> SUCCESS: Looks exactly as before
- Make some minor tweak (for example in line 423 replace
  <xsl:text> </xsl:text>
for
  <xsl:text> BLAH </xsl:text>
- Reload the list
=> SUCCESS: BLAH shows in several places on the title.
- Repeat for the staff interface
- Sign off :-D

So we can now set custom XSLTs for lists.

Sponsored-by: Carnegie Stout Library

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Deb Stephenson <DStephen@dubuque.lib.ia.us>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 13:30:30 +00:00
779fa7c6da Bug 16591: Fix CSRF in opac-memberentry
If an attacker can get an authenticated Koha user to visit their page
with the code below, they can update the victim's details to arbitrary
values.

Test plan:

Trigger
/cgi-bin/koha/opac-memberentry.pl?action=update&borrower_B_city=HACKED&borrower_firstname=KOHA&borrower_surname=test

=> Without this patch, the update will be done (or modification
request)
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Do some regression tests with this patch applied (Update patron infos)

QA note: I am not sure it's useful to create a digest of the DB pass,
but just in case...

Reported by Alex Middleton at Dionach.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:55:15 +00:00
0d690ca383 Bug 16707: Fix software error in OPAC password recovery when leaving form fields empty
The $search_results is considered as an arrayref but is not defined if
no patron matches the recovery infos.

Test plan:
- Set syspref OpacResetPassword to "Allow"
- Go to OPAC
- Click link "Forgot your password?
- On the following screen "Forgotten password recovery", do not fill in
  form fields, click "Submit"
=> Without this patch you got the software error
=> With this patch apply, you will get "No account was found with the
provided information."

Sign-off on counter patch.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:49:32 +00:00
f01720808a Bug 16593: Do not allow patrons to delete search history of others patrons
A malicious user can delete the search history of all other users by
correctly guessing the ID value assigned to the victim's search. As
searches are assigned values sequentially, an attacker could quickly
remove the searches belonging to all of the application's users.

To reproduce:
Login with patron A
launch a search
Note the id generated for this search history:
select id from search_history order by id desc limit 1;
Login with patron B
Hit /cgi-bin/koha/opac-search-history.pl?action=delete&id=<ID>
Note that the row is deleted in the DB

Test plan
Confirm that this patch fixes the issue.
The same test can be made at the staff interface

Reported by Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:47:29 +00:00
7d4844e171 Bug 16578: Fix wide character errors in opac-export.pl
This simple patch fixes wide character warning raised by opac-export.pl when
'MARC (Unicode/UTF-8)' and 'MARC (Unicode/UTF-8, Standard)' formats are chosen for downloading records.

To test:
- Have records indexed
- Open your OPAC logs:
  $ tail -f /var/log/koha/kohadev/opac-error.log
- Open the detail page in the opac for a record
- Choose Save record > MARC (Unicode/UTF-8)
=> FAIL: opac-export.pl: Wide character in print at /home/vagrant/kohaclone/opac/opac-export.pl line 116., referer: http://localh...
- Choose Save record > MARC (Unicode/UTF-8, Standard)
=> FAILE opac-export.pl: Wide character in print...
- Apply the patch
- Choose Save record > MARC (Unicode/UTF-8)
=> SUCCESS: No warnings raised.
- Choose Save record > MARC (Unicode/UTF-8, Standard)
=> SUCCESS: No warnings raised.
- Sign off :-D

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-10 16:49:43 +00:00
ab1beed06f Bug 16518: Fix Plack variable scoping problem in opac-addbybiblionumber.pl
The script opac/opac-addbybiblionumber.pl is not plack safe because the
variable @biblios is declared with our and is not assigned to an empty
array (so not reset).

The issue:
When trying to add items to a list (virtualshelf), the biblionumbers are
added to the @biblios variable and the list is not reset between each
run.

Test plan:
Check from records from the result list and add them
to a list.
Cancel or save and re-add them (or others) to a list (same or
different).
=> Without this patch, the list of records will never stop growing, the
previous items added are still listed when adding new ones.
=> With this patch, the behavior is the one expected.

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-06 17:30:33 +00:00
70498b1566 Bug 16476: Do not call CGI->param in list context, some more
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-16 17:11:46 +00:00
Marc Véron
a07db3537d Bug 15823: Redirect opac-discharge.pl to 404 page
See comment #17: Redirect to 404 in opac-discharge.pl and remove
message in template because with the redirect it will never be
reached.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-06 04:20:48 +00:00
c4eabeda0b Bug 16447: Remove occurrence of the borrow permission which does no longer exist
Bug 7976 has removed this permission, but other patches re-added it...
Note that the occurrences in sendbasket.pl, edithelp.pl, opac/svc/login should
have been removed by bug 7976.

Test plan:
  git grep 'borrow.*=> 1'
should not return any results.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-05-05 21:28:14 +00:00
49acdc73d3 Bug 15263: (QA followup) Use the new XSLTParse4Display everywhere
Edit: fixed catalogue/detail.pl and opac/opac-detail.pl so they use the right
XSLT syspref.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-04 13:40:35 +00:00
a484334fed Bug 15263: (QA followup) Make *shelves.pl use the new API
This patch makes the lists work as the search results for rendering on
XSLT-driven context. No behaviour change is expected.

To test:
- Apply the patch
- Navigate lists (OPAC and intranet)
=> SUCCESS: the only difference is speed (faster)
- Sign off :-D

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-04 13:40:35 +00:00
a9274186b9 Bug 12528: redirect to 404 if at least 1 pref is off
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 17:54:10 +00:00
85e7d186ec Bug 16167: Remove Authorised value images prefs
There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by
sysprefs.sql and does not appear in updatedatabase.pl, we could easily
imagine that nobody uses it.

With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set. Otherwise you need to turn
the XSLT off. In this case you will see the images on the result list
(OPAC+Staff interfaces) and OPAC detail page, but not the Staff detail
page.

This patch suggests to remove completely this feature as it does not
work correctly.

The ability to assign an image to an authorised value is now always
displayed, but the image will only be displayed on the advanced search
if defined.

Test plan:
Confirm that the authorised value images are no longer visible at the
opac and the staff interfaces.
The prefs should have been removed too.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 13:59:58 +00:00
78605bceb3 Bug 16041: Turn off StaffAuthorisedValueImages by default
This feature is enabled by default, but the users are not aware of it
and it costs a lot of time processing to get the images.

There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by sysprefs.sql and
does not appear in updatedatabase.pl, we could easily imagine that
nobody uses it.
With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set.
Otherwise you need to turn the XSLT off. In this case you will see the
images on the result list (OPAC+Staff interfaces) and OPAC detail page,
but not the Staff detail page.

The idea of this patch is to introduce a quick switch if the feature is
not used by the library.

Test plan:
1/ Turn the pref on and set authorised_values.imageurl to NULL
Execute the DB entry
=> The pref have been turned off
2/ Turn the pref on and set an image for an authorised value
Execute the DB entry
You will get a warning
3/ Turn the pref off and set an image for an authorised value
Execute the DB entry
You will get a warning
4/ Turn the pref off and set authorised_values.imageurl to NULL
Execute the DB entry
You won't get a warning

Note that the opac detail page now checks the pref before retrieving the
images.

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed update message 'that means'.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 13:47:26 +00:00
Martin Persson
eca286349b Bug 14305: View arbitrary branch's news
This patch adds an input named 'branch' to opac-main.pl that
allows overriding the home library to view news from any branch.

This is part of the 'Use Koha as a CMS' development.

To reviewers: Does this create any security implications?
              The column is text; it is possbile to push SQL
              statemens into the DB via the opac-membership.pl
              page, but all the code there seems to use DBIx::Class
              and prepared statements. When attemped, accepting the
              changes were rejected because of the foreign key
              constraint placed on the main borrowers table.

It is recommended to use this patch in conjunction with 11584
which adds a WYSIWYG editor to System Preferences.

Test plan:
* Make sure your Koha installation has multiple branches:
  * Log in to the Staff interface and select 'Koha administration'
  * Select 'Libraries and groups', the first item in the list
  * Add an extra branch named 'BRANCH1':
    * Press the 'New library' button
    * Set 'Library code' to 'BRANCH1'
    * Enter an arbitrary name
    * Press 'Submit'

* Add at least two news items with different branches:
  * Log in to the Staff interface and select 'Tools'
  * Under 'Additional tools' select 'News'
  * On the 'Koha news' page, create a news item for all libraries:
    * Press the 'New entry' button
    * Set 'Library' to 'All libraries' and enter a title.
    * Press 'Submit'
  * On the 'Koha news' page, create a news item for one library:
    * Press the 'New entry' button
    * Set 'Library' to 'BRANCH1' and enter a title
    * Press 'Submit'

* Add links to OPAC to select branch:
  * Select 'System preferences' and then the 'OPAC' tab
  * Scroll down to the 'OpacNav' preference and click 'Click to Edit'
  * Create two hyperlinks with a parameter named 'branch':
    * '<a href="?branch=BRANCH1">BRANCH1</a>'
    * '<a href="?branch=">none</a>'
  * Click 'Save all OPAC preferences'

* Test OPAC:
  * By default, global news and news for home branch should show.
  * When clicking the 'BRANCH1' link, you should see global news
    plus news for the BRANCH1 branch.
  * When the parameter 'branch' is set but has no value,
    news from the home branch should be shown.

Issues: Tricky to create a link to the same page
        which removes existing paramters.

The user normally has a home branch set.
We can override it with the parameter.
If undefined, the home branch should be shown.

Sponsored-by: Halland County Library

http://bugs.koha-community.org/show_bug.cgi?id=14305

Changed 2015-12-14: Whitespace fix

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 12:44:08 +00:00
Martin Persson
497cd04df0 Bug 14305: View arbitrary branch's news, RSS fix
This fix changes the RSS link to reflect the URL paramter override.

This is less elegant than the existing solution which uses the
Branches TT module, perhaps there is a better way?

Sponsored-By: Halland County Library

Test plan:
* Follow instructions in the original patch but also check the
  URLs and contents of the RSS link at the bottom the OPAC page.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 12:44:07 +00:00
f0b60f712c Bug 16283 - Make OPAC registration captcha case insensitive
The OPAC registration captcha should not be case sensitive. This patch
was moved here from bug 9393.

Test Plan:
1) Enable patron self registration
2) Test the captcha by typing in the captcha in lower case. Registration
should still succeed.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 11:55:07 +00:00
b87af43c47 Bug 15533 [QA Followup] - All itemtypes for all items showing in OPAC multi-hold
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 10:26:05 +00:00
fc81ee5004 Bug 15533 - Allow patrons and librarians to select itemtype when placing hold
Some libraries would like the ability to select the itemtype to request
when placing holds. For example, if a record has 3 copies of BookA and 3
copies of BookA in large print, this feature would allow a person to
place a hold on the record, but still be able to target only the Large
Print edition so that the first Large Print copy that becomes available
is targeted, rather than forcing the patron to select a particular copy
to hold.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Create a record with items of two or more itemtypes
4) Place a record level hold on the record while choosing one particular
   itemtype
5) Check in an item from the record that is not of that itemtype
6) Notee it is not trapped for the hold
7) Check in an item from the record that does match the selected itemtype
8) Note the item is trapped for the hold

Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 10:26:03 +00:00
a159d2b067 Bug 16154: CGI->multi_param - Assign a list
This patch replaces the occurrences of
  @foo = $cgi->param('foo');
with
  @foo = $cgi->multi_param('foo');

perl -p -i -e
's/^(\s*@\w+\s*=\s*)\$(cgi|input|query)\->param\(/$1\$$2\->multi_param\(/xms'
**/*.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:43 +00:00
f3e4b5bbb6 Bug 16154: CGI->multi_param - Force scalar context
This patch replaces the occurrences of
  $template->param( foo => $cgi->param('foo') );
with
  $template->param( foo => scalar $cgi->param('foo') );

perl -p -i -e 's/(\s*=>\s*)\$(cgi|input|query)\->param\(/$1scalar
\$$2\->param\(/xms' **/*.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:43 +00:00