Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes various corrections and improvements to the payment
details page:
- Grid converted to Bootstrap
- Correct title tag
- Add patron toolbar
- Adding missing patron-related JavaScript
- Improve some language
To test, apply the patch and locate a patron who has one or more
payments on their account.
- Open Fines -> Account -> Details of a transaction
- Confirm that the page looks correct and adjusts well at various
browser widths.
- Confirm that patron toolbar items work correctly
Signed-off-by: Jose-Mario <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 13618 took care of the KohaDates output but not if it is called
with a parameter (eg. [% var | $KohaDates with_hours => 1 %]).
We could avoid unnecessary processing by removing the extra html filter.
Patch generated with the following command:
% perl -p -i -e 's/KohaDates([^%\|]*)\s?\|\s?html\s?/KohaDates $1/g' **/*.inc **/*.tt
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch moves accounts-related descriptions into a single file to
ease finding them, and also encloses descriptions inside <span> tags to
make it easier to translate.
To test:
- Apply this patch
- Verify the templates work as expected
=> SUCCESS: No behaviour change
- Sign off :-D
Bonus: there were two cases in which the INCLUDE line used 'accountline'
as parameter, making it fail to pick the right account type!
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Generated with:
perl -p -i -e 's/\|\s?\$Price\s?\|\s?html\s%]/| \$Price %]/g' **/*.tt **/*.inc
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
There is no accountlines.biblionumber field, if the account line is
linked to an item, accountline-details.pl will explode with:
Template process failed: undef error - The method biblionumber is not
covered by tests!
Test plan:
Create a fine for a given item
Pay the fine
View the detail of the account line
=> Without this patch you get a software error
=> With this patch applied you will see the biblio's title
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
TEST PLAN
---------
In the staff client on a kohadevbox:
1) Enable the HouseboundModule system preference.
2) Enable the EnableBorrowerFiles system preference.
3) Go to a patron detail page.
-- note the Home library is shown.
4) Go to Fines tab (left pane)
-- Home library is still shown.
5) Click each of the four horizontal tabs
(Account, Pay fines, Create manual invoice,
Create manual credit)
-- Home library not visible for both create tabs
and the account tab
6) Click the 'Create manual invoice' tab, and create
some kind of entry.
7) On the 'Account' tab, the table has a 'Details' button.
Click that.
-- Home library not visible.
8) Click the 'Details' tab in the left pane.
9) Click 'More' button and choose 'Delete'
-- Home library not visible when asked for delete
confirmation.
10) Cancel that, and if you know how to actually
set up the Norwegian system preferences you can
figure out how to test the nl-search change.
After seeing all these not visible, apply this patch.
Repeat all the steps, but this time the Home library
should be visible.
Works OK.
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
- Fix link to patron account in breadcrumbs
- Fix includes for accounttype.inc to display type correctly
- in Details for fee
- in Payments list
- Fix use CGI qw ( -utf8 );
- Remove <br> from within a string for better translation
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test Plan:
1) Apply this patch and its' dependencies
2) Create and pay some various fees and fines
3) View the payments for fees, and fees paid by payments by
using the new 'Details' button available on boraccount.pl
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Running updatedatabase.pl after patch application makes dependencies
happy. Passes QA Tools and works as intended.
Rebased (2017-12-21): Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Bug 2696: (QA follow-up) - Remove use of GetMember
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
