Commit graph

1434 commits

Author SHA1 Message Date
0d690ca383 Bug 16707: Fix software error in OPAC password recovery when leaving form fields empty
The $search_results is considered as an arrayref but is not defined if
no patron matches the recovery infos.

Test plan:
- Set syspref OpacResetPassword to "Allow"
- Go to OPAC
- Click link "Forgot your password?
- On the following screen "Forgotten password recovery", do not fill in
  form fields, click "Submit"
=> Without this patch you got the software error
=> With this patch apply, you will get "No account was found with the
provided information."

Sign-off on counter patch.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:49:32 +00:00
f01720808a Bug 16593: Do not allow patrons to delete search history of others patrons
A malicious user can delete the search history of all other users by
correctly guessing the ID value assigned to the victim's search. As
searches are assigned values sequentially, an attacker could quickly
remove the searches belonging to all of the application's users.

To reproduce:
Login with patron A
launch a search
Note the id generated for this search history:
select id from search_history order by id desc limit 1;
Login with patron B
Hit /cgi-bin/koha/opac-search-history.pl?action=delete&id=<ID>
Note that the row is deleted in the DB

Test plan
Confirm that this patch fixes the issue.
The same test can be made at the staff interface

Reported by Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:47:29 +00:00
7d4844e171 Bug 16578: Fix wide character errors in opac-export.pl
This simple patch fixes wide character warning raised by opac-export.pl when
'MARC (Unicode/UTF-8)' and 'MARC (Unicode/UTF-8, Standard)' formats are chosen for downloading records.

To test:
- Have records indexed
- Open your OPAC logs:
  $ tail -f /var/log/koha/kohadev/opac-error.log
- Open the detail page in the opac for a record
- Choose Save record > MARC (Unicode/UTF-8)
=> FAIL: opac-export.pl: Wide character in print at /home/vagrant/kohaclone/opac/opac-export.pl line 116., referer: http://localh...
- Choose Save record > MARC (Unicode/UTF-8, Standard)
=> FAILE opac-export.pl: Wide character in print...
- Apply the patch
- Choose Save record > MARC (Unicode/UTF-8)
=> SUCCESS: No warnings raised.
- Choose Save record > MARC (Unicode/UTF-8, Standard)
=> SUCCESS: No warnings raised.
- Sign off :-D

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-10 16:49:43 +00:00
ab1beed06f Bug 16518: Fix Plack variable scoping problem in opac-addbybiblionumber.pl
The script opac/opac-addbybiblionumber.pl is not plack safe because the
variable @biblios is declared with our and is not assigned to an empty
array (so not reset).

The issue:
When trying to add items to a list (virtualshelf), the biblionumbers are
added to the @biblios variable and the list is not reset between each
run.

Test plan:
Check from records from the result list and add them
to a list.
Cancel or save and re-add them (or others) to a list (same or
different).
=> Without this patch, the list of records will never stop growing, the
previous items added are still listed when adding new ones.
=> With this patch, the behavior is the one expected.

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-06-06 17:30:33 +00:00
70498b1566 Bug 16476: Do not call CGI->param in list context, some more
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-16 17:11:46 +00:00
Marc Véron
a07db3537d Bug 15823: Redirect opac-discharge.pl to 404 page
See comment #17: Redirect to 404 in opac-discharge.pl and remove
message in template because with the redirect it will never be
reached.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-06 04:20:48 +00:00
c4eabeda0b Bug 16447: Remove occurrence of the borrow permission which does no longer exist
Bug 7976 has removed this permission, but other patches re-added it...
Note that the occurrences in sendbasket.pl, edithelp.pl, opac/svc/login should
have been removed by bug 7976.

Test plan:
  git grep 'borrow.*=> 1'
should not return any results.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-05-05 21:28:14 +00:00
49acdc73d3 Bug 15263: (QA followup) Use the new XSLTParse4Display everywhere
Edit: fixed catalogue/detail.pl and opac/opac-detail.pl so they use the right
XSLT syspref.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-04 13:40:35 +00:00
a484334fed Bug 15263: (QA followup) Make *shelves.pl use the new API
This patch makes the lists work as the search results for rendering on
XSLT-driven context. No behaviour change is expected.

To test:
- Apply the patch
- Navigate lists (OPAC and intranet)
=> SUCCESS: the only difference is speed (faster)
- Sign off :-D

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-04 13:40:35 +00:00
a9274186b9 Bug 12528: redirect to 404 if at least 1 pref is off
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 17:54:10 +00:00
85e7d186ec Bug 16167: Remove Authorised value images prefs
There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by
sysprefs.sql and does not appear in updatedatabase.pl, we could easily
imagine that nobody uses it.

With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set. Otherwise you need to turn
the XSLT off. In this case you will see the images on the result list
(OPAC+Staff interfaces) and OPAC detail page, but not the Staff detail
page.

This patch suggests to remove completely this feature as it does not
work correctly.

The ability to assign an image to an authorised value is now always
displayed, but the image will only be displayed on the advanced search
if defined.

Test plan:
Confirm that the authorised value images are no longer visible at the
opac and the staff interfaces.
The prefs should have been removed too.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 13:59:58 +00:00
78605bceb3 Bug 16041: Turn off StaffAuthorisedValueImages by default
This feature is enabled by default, but the users are not aware of it
and it costs a lot of time processing to get the images.

There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by sysprefs.sql and
does not appear in updatedatabase.pl, we could easily imagine that
nobody uses it.
With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set.
Otherwise you need to turn the XSLT off. In this case you will see the
images on the result list (OPAC+Staff interfaces) and OPAC detail page,
but not the Staff detail page.

The idea of this patch is to introduce a quick switch if the feature is
not used by the library.

Test plan:
1/ Turn the pref on and set authorised_values.imageurl to NULL
Execute the DB entry
=> The pref have been turned off
2/ Turn the pref on and set an image for an authorised value
Execute the DB entry
You will get a warning
3/ Turn the pref off and set an image for an authorised value
Execute the DB entry
You will get a warning
4/ Turn the pref off and set authorised_values.imageurl to NULL
Execute the DB entry
You won't get a warning

Note that the opac detail page now checks the pref before retrieving the
images.

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed update message 'that means'.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 13:47:26 +00:00
Martin Persson
eca286349b Bug 14305: View arbitrary branch's news
This patch adds an input named 'branch' to opac-main.pl that
allows overriding the home library to view news from any branch.

This is part of the 'Use Koha as a CMS' development.

To reviewers: Does this create any security implications?
              The column is text; it is possbile to push SQL
              statemens into the DB via the opac-membership.pl
              page, but all the code there seems to use DBIx::Class
              and prepared statements. When attemped, accepting the
              changes were rejected because of the foreign key
              constraint placed on the main borrowers table.

It is recommended to use this patch in conjunction with 11584
which adds a WYSIWYG editor to System Preferences.

Test plan:
* Make sure your Koha installation has multiple branches:
  * Log in to the Staff interface and select 'Koha administration'
  * Select 'Libraries and groups', the first item in the list
  * Add an extra branch named 'BRANCH1':
    * Press the 'New library' button
    * Set 'Library code' to 'BRANCH1'
    * Enter an arbitrary name
    * Press 'Submit'

* Add at least two news items with different branches:
  * Log in to the Staff interface and select 'Tools'
  * Under 'Additional tools' select 'News'
  * On the 'Koha news' page, create a news item for all libraries:
    * Press the 'New entry' button
    * Set 'Library' to 'All libraries' and enter a title.
    * Press 'Submit'
  * On the 'Koha news' page, create a news item for one library:
    * Press the 'New entry' button
    * Set 'Library' to 'BRANCH1' and enter a title
    * Press 'Submit'

* Add links to OPAC to select branch:
  * Select 'System preferences' and then the 'OPAC' tab
  * Scroll down to the 'OpacNav' preference and click 'Click to Edit'
  * Create two hyperlinks with a parameter named 'branch':
    * '<a href="?branch=BRANCH1">BRANCH1</a>'
    * '<a href="?branch=">none</a>'
  * Click 'Save all OPAC preferences'

* Test OPAC:
  * By default, global news and news for home branch should show.
  * When clicking the 'BRANCH1' link, you should see global news
    plus news for the BRANCH1 branch.
  * When the parameter 'branch' is set but has no value,
    news from the home branch should be shown.

Issues: Tricky to create a link to the same page
        which removes existing paramters.

The user normally has a home branch set.
We can override it with the parameter.
If undefined, the home branch should be shown.

Sponsored-by: Halland County Library

http://bugs.koha-community.org/show_bug.cgi?id=14305

Changed 2015-12-14: Whitespace fix

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 12:44:08 +00:00
Martin Persson
497cd04df0 Bug 14305: View arbitrary branch's news, RSS fix
This fix changes the RSS link to reflect the URL paramter override.

This is less elegant than the existing solution which uses the
Branches TT module, perhaps there is a better way?

Sponsored-By: Halland County Library

Test plan:
* Follow instructions in the original patch but also check the
  URLs and contents of the RSS link at the bottom the OPAC page.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 12:44:07 +00:00
f0b60f712c Bug 16283 - Make OPAC registration captcha case insensitive
The OPAC registration captcha should not be case sensitive. This patch
was moved here from bug 9393.

Test Plan:
1) Enable patron self registration
2) Test the captcha by typing in the captcha in lower case. Registration
should still succeed.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 11:55:07 +00:00
b87af43c47 Bug 15533 [QA Followup] - All itemtypes for all items showing in OPAC multi-hold
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 10:26:05 +00:00
fc81ee5004 Bug 15533 - Allow patrons and librarians to select itemtype when placing hold
Some libraries would like the ability to select the itemtype to request
when placing holds. For example, if a record has 3 copies of BookA and 3
copies of BookA in large print, this feature would allow a person to
place a hold on the record, but still be able to target only the Large
Print edition so that the first Large Print copy that becomes available
is targeted, rather than forcing the patron to select a particular copy
to hold.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Create a record with items of two or more itemtypes
4) Place a record level hold on the record while choosing one particular
   itemtype
5) Check in an item from the record that is not of that itemtype
6) Notee it is not trapped for the hold
7) Check in an item from the record that does match the selected itemtype
8) Note the item is trapped for the hold

Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 10:26:03 +00:00
a159d2b067 Bug 16154: CGI->multi_param - Assign a list
This patch replaces the occurrences of
  @foo = $cgi->param('foo');
with
  @foo = $cgi->multi_param('foo');

perl -p -i -e
's/^(\s*@\w+\s*=\s*)\$(cgi|input|query)\->param\(/$1\$$2\->multi_param\(/xms'
**/*.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:43 +00:00
f3e4b5bbb6 Bug 16154: CGI->multi_param - Force scalar context
This patch replaces the occurrences of
  $template->param( foo => $cgi->param('foo') );
with
  $template->param( foo => scalar $cgi->param('foo') );

perl -p -i -e 's/(\s*=>\s*)\$(cgi|input|query)\->param\(/$1scalar
\$$2\->param\(/xms' **/*.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:43 +00:00
ac5a1bfece Bug 16154: CGI->multi_param - Manual changes
This patch does the same as the previous one, but affects lines which
have not been caught by the regex.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:43 +00:00
66aacace08 Bug 16154: CGI->multi_param - Declare a list
This patch replaces the occurrences of
  my @foo = $cgi->param('foo');
with
  my @foo = $cgi->multi_param('foo');

perl -p -i -e
's/^(\s*my\s*@\w+\s*=\s*)\$(cgi|input|query)\->param\(/$1\$$2\->multi_param\(/xms'
**/*.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 23:16:42 +00:00
Jesse Weaver
37ea74669c Bug 12748: (QA followup) fix several tiny QA tools warnings
* admin/searchengine/elasticsearch/mappings.yaml:
    * Fix indentation so QA tools believe it's valid YAML
  * C4::AuthoritiesMarc: Remove tab character
  * C4::Search: Fix POD
  * Koha::BiblioUtils: remove "return undef"
  * Koha::Schema::Result::Search*: rename type to _type
  * Koha::SE::ES::Search:
    * Fix spelling/@_[0]
    * Add my to loop variable
    * Remove unused var $error
    * Add use Modern::Perl
    * Fix undefined variables
  * Koha::ES::Indexer: fix POD
  * Koha::SE::ES::QueryBuilder:
    * Don't define variables in conditionals
    * Fix POD
  * Koha::SE::Zebra::Search:
    * Fix debug warns/POD/barewords
    * Koha::SE::Zebra::Search: add use Modern::Perl
  * kohastructure.sql: remove old, unused elasticsearch_mappings table,
    add new tables
  * labels/label-item-search.pl: remove C4::Dates
  * opac/elasticsearch.pl: remove old file

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:13 +00:00
8d04291153 Bug 12478: Display facet terms ordered by number of occurrences
By default ES returns the facet terms ordered by most used, which makes
sense.

This patch removes resort done in the scripts (catalogue/search.pl and
opac/opac-search.pl) and moves it to the module.

For Zebra it's now done in C4::Search::getRecords, and there is no
change to expect (still alphabetically).

On the Elastic search side, we could imagine to let the library define
the order of the facets. The facet terms are now sorted by most used.

To test easily this change, turn on the displayFacetCount pref.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:12 +00:00
Robin Sheat
a792e84719 Revert "Bug 12478: Display facet terms ordered by number of occurrences"
This reverts commit cd4905c2969b067476881016d0b03271f0bcc7c8.

This commit caused an error in C4::Search::GetFacets when running in
zebra mode.

Conflicts:
	Koha/SearchEngine/Elasticsearch/Search.pm

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:12 +00:00
2de8fd9e33 Bug 12478: Take the FacetMaxCount pref into account
The system preference FacetMaxCount should work as expected with ES.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:11 +00:00
246f2dddaf Bug 12478: Display facet terms ordered by number of occurrences
By default ES returns the facet terms ordered by most used, which makes
sense.

This patch removes resort done in the scripts (catalogue/search.pl and
opac/opac-search.pl) and moves it to the module.

For Zebra it's now done in C4::Search::getRecords, and there is no
change to expect (still alphabetically).

On the Elastic search side, we could imagine to let the library define
the order of the facets. The facet terms are now sorted by most used.

To test easily this change, turn on the displayFacetCount pref.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:11 +00:00
Robin Sheat
2e79ea0f74 Bug 12478: allow more granular sorting configuration
This allows sorting to be configured within a field. For example, while
many values are included for search on author, sorting should only be
done on the main entry values. This permits that by have a sort value,
which can be true, false, or null. true and null are pretty much the
same, but false means that a field isn't available for sorting on. By
default (null), fields can be sorted on.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:08 +00:00
Robin Sheat
841cb93701 Bug 12478: paging is fixed now too
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:05 +00:00
Robin Sheat
b76d61a24b Bug 12478: authority paging works
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:05 +00:00
Robin Sheat
dfbe20e4dc Bug 12478 - more authorites
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:04 +00:00
Robin Sheat
0002bbc72a Bug 12478 - more authority searching
Queries are being built, but they seem to be wrong as no results are
returned.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:04 +00:00
Robin Sheat
05fa9bccb0 Bug 12478 - fix syntax errors so that stuff runs
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:04 +00:00
Robin Sheat
faa4e1f6ec Bug 12478 - authority work in progress
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:04 +00:00
Robin Sheat
0536ef37cc Bug 12478 - authorities can now be stored in ES
(Not fetched yet though.)

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:03 +00:00
Robin Sheat
7dbd13e66f Bug 12478 - pile of elasticsearch code
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:03 +00:00
Alex Arnaud
8c807b9466 Bug 16296 - Fix records displaying in virtualshelves
Test plan:
- Empty OPACXSLTResultsDisplay system preference,
- select a virtual shelf in the dropdown list "Lists" on navigation bar
  (Or create one and add records),
- check that records are correctly displayed (title, author, publisher
  etc...).

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Display is now correct
No errors

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-22 22:50:41 +00:00
ce47345c21 Bug 16317 - Attempt to share private list results in error
When sharing a private list, the the receiver of the share link will get
the following error when they are logged in and try to click the link:

DBIx::Class::Storage::DBI::_dbh_execute(): Unknown column 'sharedate
desc' in 'order clause' at /home/koha/kohaclone/Koha/Objects.pm line 150

Test Plan:
1) Create a private list
2) Share that list to another account
3) Log in as the other account
4) Click the link in the email you recieved
5) Note the error
6) Apply this patch
7) Click the link again
8) You should see no error and be able to view the list!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-22 22:47:34 +00:00
Henri-Damien LAURENT
05486da41f Bug 5979 : OPAC : using OPACISBD systempreference to display link
The OPACISBD system preference is used in order to be able to have one ISBD for OPAC another one for intranet.
But the link ISBD at OPAC was depending on the presence or absence of value in ISBD which is for intranet.
This patch fixes the behaviour to depend on the correct system preference at OPAC

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Verified that new system preference is added cleanly and
ISBD view can be configured independently for staff and OPAC
using OPACISBD and viewISBD system preferences.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-22 03:14:21 +00:00
e476be5568 Bug 12663 - SCOUserCSS and SCOUserJS ignored on selfcheck login page
Currently if not logged in when browsing to
http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl
You are redirected to opac-auth.tt and SCOUserCSS and SCOUserJS are not
loaded. This page passes through a parameter to the template to indicate
this is an SCO login and appropriate CSS and JS should be loaded.

Additionally this patch ensure that when loggin in using the form you
are redirected to the sco-main.pl instead of the patron account page for
the user.

To test:
1 - Verify that normal login works on both staff and opac
2 - Verify that SCO link goes to login page if AutoSelfCheckAllowed is
set to "Don't allow"
3 - Enter changes into SCOUserJS and SCOUserCSS and observe these are
present on SCO log in page with AutoSelfCheck disabled
4 - Verify that a logged in opac user without permissions cannot access
the self-checkout module
5 - Verify that AutoSelfCheckAllowed and associated system preferences
function as expected
6 - Verify the AutoSelfCheck user is logged out if they attempt to visit
another page

Followed test plan.
If I go to http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl, CSS and JS trigger already on
the login form, I suppose that is intended.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-22 00:57:44 +00:00
b679cac964 Bug 16179: Do not crash if "rate me" is clicked and not rate selected
If JS is disabled and a user clicks on the "Rate me" button, Koha will
crashes with:
DBIx::Class::ResultSet::create(): Column 'rating_value' cannot be null
at /usr/share/koha/lib/C4/Ratings.pm line 208

To avoid that, opac-ratings.pl will check if a rate has been selected.

Test plan:
Disable JS
On a record detail page, click on the "Rate me" button

TESTED PLAN:
1) go to /cgi-bin/koha/opac-ratings.pl?biblionumber=1
   -- kaboom as above.
2) apply patch
3) refresh
   -- either login screen (don't know why)
   -- or if already logged in, detail page.
4) koha qa test tool

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I tested successfully by temporarily removing the modification made by
Bug 16210.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-20 19:50:00 +00:00
b64e6be1c4 Bug 16157: Move the selected flag from GetAuthorisedValues to the templates
From C4::Koha::GetAuthorisedValues

    # TODO: the "selected" feature should be replaced by a utility function
    # somewhere else, it doesn't belong in here. For starters it makes
    # caching much more complicated. Or just let the UI logic handle it, it's
    # what it's for.

Indeed, it's not a job for a subroutine, the template should take care of that.
Note that a perf gain could be won with this patch \o/

Test plan:
- Edit an itemtype and check the value of the "Search category" dropdown list
- Edit a patron attribute type and check the value of the "Class" dropdown list
- Detail for a catalogue record, the Status column should be correctly
  populated if items are damaged and/or lost
- Item details for a catalogue record, the lost, damaged and withdrawn
  value should be correctly displayed
- Edit a patron, the "street type" should be correctly selected
- Create a patron attribute type linked to an authorised value list.
- Edit a patron, set a value for this attribute, edit it again. The
  correct value should be selected.
- Search for subscriptions. The 'Location' dropdown list should behave
  correctly (select the entry you have choosen before, etc.)
- Edit a subscription, the location dropdown list should select the
  correct value.
- Edit and view a suggestion with a 'reason for suggestion' set (you
  should have at least 1 OPAC_SUG AV defined)

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-07 00:16:09 +00:00
c564f30155 Bug 16169: Change prototype for C4::Biblio::TransformMarcToKoha
subroutines should not take $dbh in parameter.
C4::Biblio::TransformMarcToKoha has it and does not use it.

Test plan:
Look at the patch and confirm that all occurrences of
TransformMarcToKoha have been modified.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-07 00:04:21 +00:00
833afc1245 Bug 16198: Fix regression in OPAC suggestions
Introduced by
  commit d564d3732d
  Bug 15629: Koha::Libraries - Remove GetBranchInfo

If the branchcodesuggestedby is not defined, the find won't return
anything and ->branchname on an undefined value will raise
  Can't call method "branchname" on an undefined value at
  /home/katrin/kohaclone/opac/opac-suggestions.pl line 153.

Test plan:
-Staff
Create a patron
Use this patron to create a suggestion
Delete the patron

-OPAC
Logout and trigger opac/opac-suggestions.pl

Without this patch, you will get an error
With this patch applied, everything should be ok

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works ok following test plan
No errors

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-06 22:05:49 +00:00
Nicholas van Oudtshoorn
9472711921 Bug 10988 - Fix some wording Fix some outdated wording in googleopenidconnect
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:36 +00:00
Nicholas van Oudtshoorn
722a098eac Bug 10988 - Fixes for comments 57 and 58
Test Plan (remains the same):
     0) Back up your database
     1) Apply all these patches
     2) In your mysql client use your Koha database and execute:
        > DELETE FROM systempreferences;
        > SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
        -- Should be no errors.
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see 4 entries.
        > QUIT;
     3) Restore your database
     4) Run ./installer/data/mysql/updatedatabase.pl;
     5) In your mysql client use your Koha database and execute:
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see the same 4 entries.
     6) Log into the staff client
     7) Home -> Koha administration -> Global system preferences
     8) -> OPAC
        -- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
     9) -> Administration
        -- There should be a 'Google OAuth2' section with the ability
           to set those 4 system preferences.
    10) In a new tab, go to https://console.developers.google.com/project
    11) Click 'Create Project'
    12) Type in a project name that won't freak users out, like your
        library name (e.g. South Pole Library).
    13) Click the 'Create' button.
    14) Click the 'APIs & auth' in the left frame.
    15) Click 'Credentials'
    16) Click 'Create new Client ID'
    17) Select 'Web application' and click 'Configure consent screen'.
    18) Select the Email Address.
    19) Put it a meaningful string into the Product Name
        (e.g. South Pole Library Authentication)
    20) Fill in the other fields as desired (or not)
    21) Click 'Save'
    22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
        (http://library.yourDNS.org)
    23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
        googleoauth2 script
        (http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleopenidconnect)
    24) Click 'Create Client ID'
    25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
        system preference.
    26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
        system preference.
    27) Change the GoogleOpenIDConnect preference to 'Use'.
    28) Click 'Save all Administration preferences'
    29) In the OPAC, click 'Log in to your account'.
        -- You should get a confirmation request, if you are
            already logged in, OR a login screen if you are not.
        -- You need to have the primary email address set to one
           authenticated by Google in order to log in.
    30) Run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:35 +00:00
da052b3d10 Bug 16129: Remove URL::Encode dependency
This patch makes the PayPal integration feature independent from the
URL::Encode library, which is absent in some supported distributions.

It uses the URI package which is already a Koha dependency.

To test:
- Apply the patch
- Notice there are no deps for URL::Encode
- Follow the steps from the original patch
=> SUCCESS: It works as expected
- Sign-off :-D

Note: I deleted the line in which $amount_to_pay was url-encoded, because that's
one of the things query_form does (and the variable is only used as a parameter to it).

Sponsored-by: ByWater Solutions

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 18:48:18 +00:00
Martin Persson
ead5b9c0e2 Bug 14257 - Add show_attributes to GetPatronInfo
This patch adds the ability to query the extended patron
attributes via the ILSDI web service's GetPatronInfo service.

Example: ilsdi.pl?service=GetPatronInfo&patron_id=3&show_attributes=1

A new element <attributes> will be added if there
are any attributes available from the database.

We need to discuss the security implications of showing the
attributes. At present it will allow querying of non-public
(OPAC-visible) information. We might want to change this.

Sponsored-By: Halland County Library

Test plan:

* Configure Koha to make use of extended attributes:
  Under 'Administration' -> 'Global system preferences' ->
  'Patrons' tab -> Set 'ExtendedPatronAttributes' to 'Enable',
  press save and switch to 'Web services' tab.

* Enable the ILS-DI service:
  Under 'Administration' -> 'Global system preferences' ->
  'Web services' tab -> 'ILS-DI' section:
  Set 'ILS-DI' to 'Enable' and save.

* Create an attribute to query:
  Under 'Administration' -> 'Patrons and circulation' ->
  'Patron attribute types' press 'New patron attribute type':
  Enter a type code, like 'DOORCODE', description and assign
  a category that your test patron is a member of, then save.

* Set value for test user:
  Locate the test patron, the new attribute should be listed
  under 'Additional attributes and identifiers'.
  Click 'Edit' and assign a value, like '1337' and save.

* Query the ILS-DI service:
  http://127.0.1.1/cgi-bin/koha/ilsdi.pl?service=GetPatronInfo&patron_id=1&show_attributes=1
  The output XML should have an element named 'attributes'
  containing the data you entered.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-31 20:31:06 +00:00
3fa2b10150 Bug 14076: Do not use CGI->param in list context - opac-authorities-home.pl
See bug 15809 for more info on why we should not use CGI->param in list
context.

Note: I have not found any places where several values for the same
params are passed to this script but, just in case, this patch won't
change this ability.

Test plan:
Do an authority search at the OPAC
Test with several values of the form.
Confirm that the results are always the same before and after this
patch.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-25 21:28:06 +00:00
6303016736 Bug 16143: Make opac-shelves.pl generate OPAC itype images path
This patch makes icons point to the OPAC path instead of intranet's.

To test:
- On current master/3.22.x
- Have some itemtypes with icons set
- Have some biblios matching the itemtypes
- Add them to a public list
- Do a search in the OPAC for any of those biblios
=> SUCCESS: icons show correctly
- Choose the list
=> FAIL: icons fail to show, URL points to /intranet-tmpl/....
- Apply the patch, reload
=> SUCCESS: icons show correctly
- Sign off :-D

Sponsored-by: American Numismatic Society

NOTE: I had to set item-level_itypes to 'biblio record'
      in order to trigger this. My icon's showed, but the
      path was wrong. This patch corrects it.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 15:34:38 +00:00
charles
db0ecc3cc5 Bug 15585 - Move C4::Passwordrecovery to the new namespace Koha::Patron::Password::Reset
As promised, here is the long-awaited sequel to #8753.

What has changed :

    - The Koha::Patron::Password::Reset is now used in place of C4::Passwordrecovery
    - That ugly shift-grep contraption is no more (goodbye old friend)
    - The generated unique key won't end in a dot anymore

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-22 23:08:21 +00:00