Found another one on a visible input. Replaced with html filter.
koha-tmpl/intranet-tmpl/prog/en/modules/onboarding/onboardingstep2.tt: <input type="text" class="enrolmentperioddate" name="enrolmentperioddate" id="enrolmentperioddate" value="[% category.enrolmentperioddate | $KohaDates %]" />
But we also have a few hidden ones. First verified that cleanborrowers did not work anymore with expirydate.
Fixed it with passing iso dateformat to resolve.
intranet-tmpl/prog/en/modules/acqui/parcels.tt: <input type="hidden" name="shipmentdate" value="[% shipmentdate | $KohaDates %]" />
intranet-tmpl/prog/en/modules/serials/subscription-add.tt: <input type="hidden" id="acqui_date" name="firstacquidate" value="[% firstacquidate | $KohaDates %]"/>
intranet-tmpl/prog/en/modules/tools/batch_extend_due_dates.tt: <input type="hidden" name="new_hard_due_date" value="[% new_hard_due_date | $KohaDates %]" />
intranet-tmpl/prog/en/modules/tools/cleanborrowers.tt: <input type="hidden" name="not_borrowed_since" value="[% not_borrowed_since | $KohaDates %]" />
intranet-tmpl/prog/en/modules/tools/cleanborrowers.tt: <input type="hidden" name="last_issue_date" value="[% last_issue_date | $KohaDates %]" />
intranet-tmpl/prog/en/modules/tools/cleanborrowers.tt: <input type="hidden" name="borrower_dateexpiry" value="[% borrower_dateexpiry | $KohaDates %]" />
intranet-tmpl/prog/en/modules/tools/cleanborrowers.tt: <input type="hidden" name="borrower_lastseen" value="[% borrower_lastseen | $KohaDates %]" />
Test plan:
Try cleanborrowers with expiry date.
cd koha-tmpl; git grep "<input.*\$KohaDates" | grep -v iso
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Changed each of the pages in the installer and onboarding folders to
have one <h1> tag showing that describes the page, rather than the <h1>
describing the logo.
The hierarchy of heading tags may be broken in many pages, but this
will be dealt with in an additional bug.
To test:
1) Go to the Staff Client
2) Apply patch
3) Ensure that the page source shows logo inside <div> and not inside
<h1>
4) Go to each of the pages in the installer and onboarding folders and
check that they have an obvious and descriptive heading
5) Ensure that the heading in the page is <h1>
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch replaces the use of jQueryUI's datepicker in the onboarding
templates. The addition of calendar.inc to the template requires that
some additions be made to the installer's header files, adding the i18n
JavaScript assets.
jQueryUI-specific CSS is removed from installer.scss, and inclusion of
Flatpickr's SCSS is added.
To test, apply the patch and rebuild the staff client SCSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Start the installation process.
- Continue through the installation process until you reach the stage in
onboarding where you are creating a patron category.
- The "Enrollment period -> Until" field should be a Flatpickr calendar
widget. The widget should look and work correctly.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds text to each step of the installation process showing
which steps have been completed, which step is current, and which steps
come next. This helps the user know where they are in the process.
To test, apply the patch and begin the process of installing Koha. In my
testing environment I drop the Koha database and create it again.
On each step of the installation process, confirm that the list of steps
is correct, showing the right stage in the process.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch changes the instances of input of type="number" to input
type="text" with attributes inputmode="numeric" and pattern="[0-9]*"
To test, apply the patch and run through the process of installing Koha.
When you reach onboarding step 2, "Create a patron category," check the
enrollment period -> "In months" field. The field should not accept any
input except numbers.
Continue onboarding until step 5, "Create a new circulation rule." On
this page, check that these fields accept only numbers:
- Current checkouts allowed
- Loan period
- Renewals allowed
- Renewals period
- Holds allowed (total)
- Holds allowed (daily)
- Holds per record (count)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the offline_circ and onboarding folders are swapped around to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to
these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the "size" attribute from <select> tags where the
value of the attribute is 1. The attribute is unnecessary because the
default value when the attribute is undefined is 1.
This will allow for more careful sizing of <select> tags without a size
attribute while preserving the desired behavior of <select> tags which
have a size greater than 1.
The patch modifies 83 files but makes the same minor corrections to
each. I think examining the diff is sufficent, or testing a
representative set of pages:
- Administration -> MARC frameworks -> MARC structure -> Edit tag:
The "Authorized value" select.
- Patrons -> New patron: The "Library" select.
- Reports -> Patrons with no checkouts: The "Into an
application" selects.
If anyone would like help testing any particular template I can
follow-up.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The onboarding segment of the web installer contains a small typo
in Step 4: "Importantl:" (should be "Important:").
This patch fixes that.
Test plan: apply the patch and access the web installer, Step 4 of
the onboarding tool should no longer display the typo.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch set attempts to replace all the <i> tags with <em> and all
the <b> tags with <strong> in the staff interface.
I attempted to get all the templates, includes, and xslt files.
To test:
1. Review the changes as best as possible, looking for mistakes.
2. grep for <i> and <b> in the modules, includes, and xslt folders. You should get nothing/
3. If you grep '<\/i>' you should only see instances of Font Awesome.
4. If you grep '<\/b>' you should only see instances where caret is used.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category
To test:
1. koha-shell kohadev
2. koha-mysql kohadev
3. drop database koha_kohadev;
4. create database koha_kohadev;
5. go to admin page and start webinstaller. There continue the steps until onboarding.
6. reach step 3 of onboarding and create a new administrator patron
CHECH => Password control woks as normal (Minimum length 3 and strong required)
7. finish Koha installation and enter admin with your new administrator
8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require”
9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password
10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2)
CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password.
CHECK => Try changing patron category before saving. Password requirements will change with category change.
11. Edit CAT1 and set minimum password length to 5
12. Go to patron1 details page, and change password.
CHECH => Now password minimum length is 5, but still it doesn’t require strong password
13. Edit CAT1, leave blank minimum password length and set require strong password to yes.
14. Go to patron1 details page, and change password.
CHECH => Password minimum length is back to 3, but now strong password is required
15. Set minimum password length in CAT2 to 12.
16. Go to patron2 details page, and click to fill a random generated password
CHECK => generated password should be 12 characters length
17. Set PatronSelfRegistration to Allow in admin settings
18. Go to OPAC and fill self registration from.
CHECK => Play with patron category. For each change in category, password requirements are modified.
CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input.
19. Create a patron for CAT1 and another for CAT2, leaving password blank
CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12
20. In admin set PatronSelfRegistrationVerifyByEmail to require
21. Fill self registration form again with CAT2 as category
CHECK => Password requirements works as previous case.
22. Leave password blank and click submit
23. select * from message_queue;
24. Copy the link in the message and paste it in OPAC
CHECH => Generated password is 12 characters long. (Copy user id for next steps)
25. In admin set OpacResetPassword to Allow
26. Go back to OPAC, reload and click on “Forgot password?” link
27. Paste user id and click submit
28. Repeat steps 23 and 24
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in warning.
29. Login OPAC with the last user and your newly created password
30. Go to “Change your password” option
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in below “New password” input.
31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t
32. Sign off
Sponsored-by: Northeast Kansas Library - NEKLS
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Highlight text with red by adding “required” class to the label and added red
“Required” text next to select field in "onboardingstep5.tt" template.
To test:
1) Start new installation. During onboarding tool phase you will be
requested to create a new circulation rule.
2) Observe that "Units" label has no "required" class and that
there’s no “Required” text next to a select field.
3) Apply patch.
4) Repeat step 2 (you can reload circulation rule creation page).
5) Observe the error is gone.
Mentored-by: Peter Vashchuk <stalkernoid@gmail.com>
Mentored-by: Andrew Nugged <nugged@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Added "required" class to "itemtype" label in "onboardingstep5.tt"
template.
To test:
1) Start new instalation. During onboarding tool phase you will be
requested to create a new circulation rule.
2) Observe that "itemtype" label has no "required" class.
3) Apply patch.
4) Repeat step 2 (you can reload circulation rule creation page).
5) Observe the error is gone.
Mentored-by: Peter Vashchuk <stalkernoid@gmail.com>
Mentored-by: Andrew Nugged <nugged@gmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the following fields to the circ rule step in the
onboarding tool:
- holds allowed (total)
- holds allowed (daily)
- holds per record (count)
To test:
1) Apply patch, drop and recreate database, restart memcached and refresh page
2) Go through the installer and get to the final step of the onboarding
tool
3) Confirm the above fields are now available to set in your circulation
rule
4) Save and log in to Koha
5) Go to Admin -> Circ and fines rules
6) Confirm the fields saved correctly
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Use installer and onboaarding tool, make sure the js and css files are
loaded
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch updates the installer and onboarding templates so that
JavaScript is included in the footer instead of the header. A new
include file is added, installer-intranet-bottom.inc, so that only
required JS is being loaded.
Some markup changes are included to improve validity.
To test, apply the patch and start with a blank Koha database. Run
through the installer and onboarding processes and confirm that there
are no problems. Check especially JS-related interactions like
datepickers and fields which are validated via JS, like the password
inputs.
NOTE: The qa tool will flag this patch for not using the Asset plugin,
but it doesn't work correctly for installer files.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
I changed the "To give new patron superlibrarian permissions go to:"
message to "To edit patron permissions, go to:". Please clarify if this
is clearer or not.
Test plan:
1) Apply patch
2) Go through the web installer
3) At the create koha administrator patron step, notice that at the
bottom, there is a message saying "To edit patron permissions, go
to:"
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
New patch without trailing IF construction in tt directives as
requested in comment #28
To test: Verify that translation tool no longer shows tt directives as
described in comment #1
New patch, needs SO.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The file onboardingstep2.tt exposes the following to translations:
"[%% IF (categories && categories.count > 1 ) # This if statement checks if "
"the categories variable handed to this template # by onboarding.pl has data "
"in it. If the categories variable does have data # in it this means that the "
"user has previously imported sample patron category # data and so we do not "
"need to show them the create patron category screen 1, #instead we can "
"display a screen with ubtton redirecting the user to step 3 %%] "
Translators should not be confronted with such internals. This patch removes it
To test:
- Verify that code change makes sense
- Run QA tools
- Bonus test: Create a new "language" aa-AA and verify that the lines above
are no longer exposed.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes changes following QA comments:
- Login error messages now have a style
- Select all/Select none links should now be translatable
- Date format hint now correctly detects date format preference
- Unused JS is removed from onboarding.js
This patch also modifies the 'category_code_check' validation method to
allow numbers as well as letters.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
It it no longer in used by the templates.
Also add the include files for step5 (if the circ rule is not inserted)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes style and markup changes to the web installer and new
onboarding tool (Bug 17855).
- Markup has been corrected, improved, and in many places reindented.
- Some page titles have been made more specific.
- Some JavaScript and CSS have been moved to separate files.
In the onboarding tool I have removed form validation from the markup
and JavaScript in many cases where the requirements were not matched
elsewhere in Koha. For instance, we shouldn't limit item type
descriptions to only letters because the database doesn't require such a
limit.
To test, apply the patch and run the web installer with an empty
database. Confirm that the installation process completes correctly and
that each page looks good and works correctly.
Works as advertised
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch should not modify a lot the behaviours of the onboarding
tool.
Its goal is mainly to remove duplicated as well as useless (because
copy/pasted from existing script files) code.
It assumes that the onboarding tool will be done on an empty database
and will skip steps that are not needed. For instance if a library
already exists, the first step will be skipped.
One of the main problem was the lack of feedback messages sent to the
user when something wrong/ok happened.
Explanation on main changes:
1. Use checkauth first, then get_template_and_user
=> As we do not know the template to use, it's better to use checkauth
first to know if the user is logged in, then retrieve the template we
need, depending on the success or the failure of the action
2. Create a @messages variables
Pushing messages to this variable and handling the messages via an
include files (onboarding_messages.inc) simplify error handling. Note
that we could remove this include file if we merge all the
onboardingstepX.tt files altogether
3. Simplify creation of the admnistrator user
This patch removes some unecessary checks done on the user's info
(passwd to short, mandatory fields
Todo (minor): Add style to feedback messages
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tested 3 patches together on current master
- Dropped database
- Recreated database
- Went through installer
- Language en, Marc21
- Installed mandatory data only
- Went through Onboarding tool
- After finishing, logged in as superlibrarian
that was created by onboarding tool
Everything worked fine.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>