To Test:
0 - Enable overdrive search results on your koha
1 - From a source develop a link to your koha instance that opens a new
window:
<a target="_blank"
href="http://localhost:8080/cgi-bin/koha/opac-search.pl?q=love">Test</a>
2 - Click that link
3 - Note Overdrive results do not load
4 - Note error in JS console
5 - Apply patch
6 - Click the link again
7 - Note OD results load
8 - Note no error in console
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
See comment60 on Bugzilla.
Although I intentionally did not want to show date and time of refusal,
we can obviously add one line saying that we already have a no.
Test plan:
Login without consent and see no additional line.
Agree and verify that you see the registered on xxx line.
Disagree and verify that you now see "You indicated recently...".
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We add a section for the GDPR consent in opac-memberentry (only for the
self-registration). Not when editing personal details.
Test plan:
[1] Enable selfregistration (with confirm) and GDPR policy.
[2] Register a new account in OPAC. Verify that the GDPR checkbox is
required.
[3] After you submit, you should see a date in borrower_modifications
field gdpr_proc_consent.
[4] When you confirm, verify that the consent is visible on your consents.
[5] Enable selfregistration without confirmation mail. Register again.
[6] Check your consents tab again.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a consents tab to the OPAC user account menu. We now
add a GDPR section here, but it is open for future extensions. Think of
a newsletter checkbox for instance.
Script opac-patron-consent handles the tab. And now only includes some
GDPR code but is also written for more general use too.
Test plan:
[1] Set GDPR_Policy pref to Disabled. Verify that OPAC operates as usual.
[2] Set pref to Permissive. Try to save a consent or a refusal. Note that
you are not logged out when saving a refusal.
[3] Set pref to Enforced. Save a refusal. You should be logged out.
Log in again and verify that the consents tab shows a No.
Note: a follow-up patch will add further enforcements.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the OPAC and staff client's XSL template for the
detail page so that series links based on a traced 490 tag use both
author and series title from the 800 tag.
To test you should have multiple titles in the same series with matching
490 and 800 tags in each record. Apply the patch and restart Plack if
necessary.
View the detail page for one of the series' titles. The "Series:" link
should link to a search which uses both series title and author.
Clicking the link should return the correct results.
Test both the OPAC and staff client.
Signed-off-by: John Sterbenz <jsterben@umich.edu>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Before this patch, the 'Request article' link is displayed whenever the
pref is enabled. In many cases this might be useless. Instead of a guess
as in opac-search, we now call can_article_request to know for sure.
Note: at least this is the case when a user has logged in.
Update sidebar template with template variable artreqpossible.
Add code in opac-detail, MARCdetail and ISBDdetail to fill it.
Test plan:
[1] Look for two biblios with items: one that should allow article requests
and one that should not (respecting branch, patron, item type).
[2] Verify on detail, ISBD and MARC that the link is displayed for
the first biblio and hidden for the second biblio.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
If you enable pref ArticleRequests, until now all search results got the
'Request article' link. This patch tries to improve the situation by
using the new sub with the itemtype of the search result.
In most cases the number of links will drastically decrease. It may still
be possible sometimes that a link is shown while it effectively is not
possible, but we do not get the performance burden of determining that and
going through all items.
Test plan:
[1] Look for two borrowers P1 and P2 within categories C1 resp. C2.
[2] Look for two biblios B1 and B2 with default item types I1 resp. I2.
(See 942c in case of MARC21.)
[3] Make sure that no circ rules allow article requests. Enable the pref.
[4] Add/modify circ rule category=C1, itemtype=I1, art_req=yes.
Log out. Search for B1 and B2, verify that only B1 has AR link.
Log in as P1. Verify that only B1 has AR link.
Log in as P2. Verify that no biblio has AR link.
[5] Add/modify circ rule category=C2, itemtype=I2, art_req=item_only.
Log out. Search for B1 and B2, verify that both have AR links.
Log in as P1. Verify that only B1 has AR link.
Log in as P2. Verify that only B2 has AR link.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch sets opac-reserve.tt to use the list of pickup libraries instead
of every library in the system.
To test:
1. Go to cgi-bin/koha/admin/branches.pl
2. Configure one of your libraries to "Pickup location" => "No"
3. Go to OPAC and place a hold
4. See the provided Pickup location list
5. Observe the library that you configured is not present in the list
Signed-off-by: Koha Team AMU <axelle.clarisse@univ-amu.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch corrects the CSS for the user icon which appears when the
browser width is very narrow.
To test, apply the patch, rebuild CSS, and clear your browser cache if
necessary. View the OPAC with and without a user logged in and confirm
that the user icon at the top of the page looks correct at narrow
browser widths.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch replaces Bootstrap's glyphicons with Font Awesome icons.
To test, apply the patch and clear your browser cache and regenerate the
OPAC CSS from the LESS file if necessary. Check these icons and confirm
they look correct:
- Cart and Lists icons in the OPAC header
- User icon in the header when the browser window is narrow
- Languages menu when multiple languages are installed and
the OpacLangSelectorMode system preference is "top" or "both top and
footer."
- Set the SuspendHoldsOpac system preference to "allow" and log in to
the OPAC as a user who has one or more holds.
- Check the appearance of the "suspend" and "resume" buttons both in
the table of holds and at the bottom.
- With one or more clubs defined, log in to the OPAC and check the
"Clubs" tab on the user summary page. The "Enroll" and "Cancel
enrollment" buttons should look correct.
- On the "your messaging" tab in the OPAC, the "Digests only"
information icon should look correct.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch moves generation of the OPAC detail page's results browser
from JavaScript to the template. This makes the template easier to
understand and easier to debug. It also makes it possible for the widget
to be completely non-dependent on JavaScript.
To test, apply the patch and regenerate the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client)
- Enable the OpacBrowseResults system preference and perform a search
in the OPAC which will return multiple results.
- Click on any title in the first page of search results.
- On the bibliographic detail page there should be a "Browse results"
link in the right-hand sidebar just as before.
- Test that the "Previous," "Back to results," and "Next" links work
correctly.
- Click the "Browse results" link. A list of the first 20 search
results should appear. An arrow should indicate the title you're
viewing.
- Click any title in the results browser. The page should correctly
load that record.
- Clicking the numbered links at the top of the results browser
should do the same.
Signed-off-by: Cab Vinton <bibliwho@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch revises the style of the OPAC's login form modal view. The
goal is simply to make it look nicer.
To test, apply the patch and regenerate the OPAC's CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
In the OPAC, click the "Log in to your account" link at the top of the
page. It should trigger the login modal. While the modal is displayed,
resize the browser width to confirm that the form handles different
widths well.
Sign off if you think this is an improvement.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
In the staff client, when viewing the content of a list, it can be sorted by 'title', 'author' or 'call number' but not by 'date added'.
This patch adds 'date added' as an option for default sorting of lists. It also makes it available as a sorting option while viewing lists.
Test plan:
In the staff client and the opac:
1) View a list containing several items
=> Notice that you can't sort by 'date added'
2) Try to edit the list or create a new one
=> Notice you can't choose date added as the default sort order
3) Apply the patch
4) When viewing the list you should now be able to sort by date added
=> Make sure it orders correctly
5) Edit or create a list and choose date added as default sorting order
=> Make sure it uses date added as default
=> On the staff client: test that the filter for 'sort by' works for date added
=> On the opac: test that, while viewing the contents, choosing 'default sorting' in the dropdown menu sorts correctly
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Adding Type of Unit (300$f) to the Opac details and staff side searches results and details display
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Adding 245$f and 245$g to the Results and Detail pages on OPAC and staff side
Signed-off-by: Joy Nelson <joy@bywatersolutions.com>
Signed-off-by: Cab Vinton <bibliwho@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
On the OPAC result list, below each result, there is a link:
"Save to Lists".
Patch changes this to "Save to lists" following our
capitalization rules.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We are going to say it quietly but this test does not catch the problem
when there are no spaces....shhhh
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Syntax was wrong:
Template process failed: file error - parse error - bodytag.inc line 4:
unexpected token (_)
It's escaped later so sounds ok here
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
it also removes 'category_type' and 'description' from a couple of
opac scripts, they are not needed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch set does several things:
- it removes USER_INFO and BORROWER_INFO
These 2 variables contained logged-in patron's info. They must be
accessed from logged_in_user
- Use patron-title.inc for the breadcrumb at the OPAC, for consistencies
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch catches the SCSS up to the latest changes in master:
Changes to opac.less:
Bug 20756
Bug 20559
Bug 7547
Changes to print.less:
Bug 16575
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch converts the OPAC LESS files to SCSS. In the process of
converting opac.less (and other .less files) to .scss, I have improved
the completeness of the nesting, reordered properties, and in general
done cleanup based on rules in .scss-lint.yml. All of these changes
should have no impact on the style of the OPAC.
This patch modifies the commands used to compile CSS so that OPAC and
staff assets can be processed separately:
'yarn build' <-- Builds the staff client assets by default
'yarn build --view opac' <-- Builds OPAC assets
To test, apply the patch and compile the CSS by running the command
above (or apply the follow-up patch with compiled CSS).
Do a thorough review of the OPAC, taking care to cover as many pages as
possible and checking responsive behavior at the same time. There should
be no visual differences in the OPAC before and after applying the
patch.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds the logged-in patron's name to the search history page's
breadcrumb navigation.
To test, apply the patch and view the OPAC search history page with no
user logged in. The breadcrumbs should read:
- Home -> Search history
Log in and return to the search history page. The breadcrumbs should
read:
- Home -> Owen Leonard -> Your search history
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Followed the test plan and it works.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=21137
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
0) Do not apply the patch
1) Go to opac detail page
2) There are up to three datatables
- items
- items from other branches (only if there are any and the OpacSeparateHoldings preference is set)
- subscriptions
3) try to find record with all three tables and confirm, there is button
"Columns visibility" above the table
4) Apply the patch
5) Repeat 1-3 and confirm the button is no more here
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch addresses the lack of sanitization of the "notes" field on
the OPAC "View Interlibrary loan request" page.
To test:
- Apply the patch
- As an OPAC user, create an ILL request
- Navigate to the request's "View Interlibrary loan request" page
- Add the following note:
Hello
<h1>TESTING</h1>
<script>alert('pwned');</script>
- Click "Submit modifications"
- TEST: Observe, when the page reloads, only the following is preserved in the
"Notes" textarea:
Hello
TESTING
- As a staff user, naviate to the ILL requests table
- Select "Manage request" for the request you created
- TEST: Observe that the Notes field only contains:
Hello
TESTING
- TEST: Observe that no Javascript alert is displayed
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch removes the 'using_https' check in OPAC templates in calls to
Syndetics resources. Instead, https is always used.
To test, apply the patch and enable Syndetics-related preferences. View
the following pages in the OPAC:
- Bibliographic detail page
- Browse shelf section of the bibliographic detail page
- Search results
- List contents
- Recent comments
- Recent comments RSS
- User summary page
- Circulation history
NOTE: I tested with made-up Syndetics credentials. This means my changes
didn't make the template explode, but it doesn't confirm conclusively
that the resources work.
Signed-off-by: John Doe <you@example.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Some files were left behind when Bug 12538 removed support for Solr.
This patch removes them.
To test, apply the patch and fail to observe the existence of these
files:
koha-tmpl/opac-tmpl/bootstrap/en/includes/search/facets.inc
koha-tmpl/opac-tmpl/bootstrap/en/includes/search/page-numbers.inc
koha-tmpl/opac-tmpl/bootstrap/en/includes/search/resort_form.inc
Perform a search in the OPAC to confirm that nothing broke.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch contains the compiled CSS for the OPAC print stylesheet.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch updates the OPAC and staff client carts to use CSS to
control print output, removing a print parameter which was passed to the
script.
Currently, when you click "Print" on the OPAC basket, it navigates to
a new page and initiates window.print() followed by a
window.location.href change again. Unfortunately, due to differences in
IE, Chrome, and FF, it will either show the print options, navigate away
without showing them, or refuse to navigate away after printing. By
changing to using print CSS, we don't navigate away from the basket in
the first place, so we prevent this irregular behavior.
TEST PLAN
1) Apply the patch
2) Create an OPAC basket by clicking "Add to cart" on multiple items
3) Using Chrome, IE, and Firefox (of any version), click the "Print"
button
4) You should see the relevant print menu without the OPAC basket
re-loading in any way.
5) After printing is complete, you should still be on the OPAC basket
pop-up
6) Perform the same tests in the staff client
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds the index definitions for zebra faceting of ccode in
koha for marc21, normarc and unimarc.
We also add lines to the templates to expose the new facet and enable
non-zebra faceting for ccode too.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The grouped OPAC results page has several untranslatable
javascript-added texts, including the selection modifiers "Clear all"
and "Select all" links, and the entries in the shelves/lists dropdown.
Compare to opac-results.tt
Signed-off-by: Pasi Kallinen <pasi.kallinen@joensuu.fi>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a check for UPCs and well as ISBNs to the Novelist Select conditionals in opac-detail.tt
To test (note that you must subscribe to Novelist Select):
1. If your library does not use the raton ratings feature, activate it for the purposes of this test.
2. Display a record that does not have an ISBN in the 020 field, but has a upc (or other code) in the 024 field. The rating option will
display as 5 radio buttons and a "rate it" button.
3. Apply the patch.
4. Display the same record again. The radio buttons will be replaced with stars. This indicates that the scripts on the page completed.
Rather that using the patron ratings as in indicator, you can also use a web page inspector/debugger such as firebug or the built-in
inspectors in most newer browsers to check for script errors.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
I couldn't check with Novelist Select, but read and checked changed made carefully.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
https://bugs.koha-community.org/show_bug.cgi?id=19502
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch is to avoid hitting an error page. We should eventually make the
max number returned configurable for ES.
To test:
1 - Have Koha running ES with 10,000+ records
2 - Search for '*'
3 - Click 'Last' to view last page of results
4 - 'Cannot perform search' error
5 - Apply patch
6 - Search again
7 - View 'Last' page
8 - No error, you go to the last of 10000
9 - Note the warning above the pagination buttons
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Enable sco and setup AutoSelfCheck
2 - Try to use self checkout and print receipt
3 - You shoudl be redirected to the login page
4 - Apply patch and restart all the things
5 - Try to use self checkout and print a receipt
6 - Success!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
