Commit graph

7 commits

Author SHA1 Message Date
Hayley Mapley
66877b780a
Bug 22099: Fixed ILL toolbar to say Refresh when displaying requests
On the ILL requests page that lists all requests, the List Request
button is displayed as part of the ILL toolbar. This patch fixes this by
instead changing the wording of the button to Refresh when on the main
page.

Test plan:
1) More -> ILL Requests, note that the List Requests button displays
while all the requests are already displayed
2) Apply the patch and restart things
3) More -> ILL Requests, note that the button now says Refresh, and
clicking it refreshes the page
4) Check that on all the other functions of the ILLs the button says
List Requests
5) Sign off!

Sponsored-by: Catalyst IT
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Small conflict resolved. Works as advertised.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-06-03 18:56:29 +01:00
2d7eba5be3 Bug 22698: Fix incorrect button classes
This patch builds on Bug 22023 in making further corrections to toolbar
button classes.

To test, apply the patch and view the following pages to confirm that
toolbar buttons are consistent:

- Acquisitions -> Vendor -> View basket.
- Administration -> Additional fields -> Select a table.
- Administration -> Audio alerts.
- Catalog -> Advanced search -> More/fewer options link
- Cataloging -> Edit record -> Advanced editor -> Advanced search.
- Cataloging -> Edit record -> Advanced editor -> Macros.
- Cataloging -> Edit record -> MARC21 008 value builder.
- Cataloging -> Search results.
- Circulation -> Checkout notes.
- Circulation: Sticky due date clear button, view restrictions, override
   restrictions temporarily, add message, delete message
- Course reserves: Toolbar buttons on that page and the course reserve
   detail page.
- ILL requests -> View ILL requests. The "New ILL request" and "List
   requests" button.
- Lists and Lists -> View list.
- Patrons -> Search -> Merge patrons.
- Patrons -> View patron -> "Edit" button on patron image (patronimages
   must be enabled).
- Patrons -> View patron -> "More" menu -> Manage API keys.
- Patrons -> View patron -> "More" menu -> Set permissions.
- Patrons -> View patron -> Delete circulation message link.
- Patrons -> View patron -> Edit patron.
- Patrons -> View patron -> Housebound.
- Reports -> Dictionary.
- Serials -> Numbering patterns.
- Serials -> Subscription -> Receive.
- Tools -> Labels -> Manage -> Label batches: Export selected.
- Tools -> Patron card creator -> Manage -> Card batches -> Edit batch.
- Tools -> Patron card creator. The "New" and "Manage" buttons.
- Tools -> Patron clubs.
- Tools -> Quote editor -> Import quotes.
- Tools -> Rotating collections. Toolbar buttons on that page and the
   collection view page.
- Tools -> Tags.
- Tools -> Upload local cover image.

Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-04-16 13:17:33 +00:00
5825026448 Bug 21526: uri escape TT variables when used in 'a href'
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-26 17:09:57 +00:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
Andrew Isherwood
f95c7845fe Bug 20515: (follow-up) Add missing CAN_user_ill
This follow up patch adds two missing CAN_user_ill tests in templates

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-16 13:59:34 -03:00
06f9e5fe3a Bug 7317: Handle backend absense more gracefuly
5/ This patch makes Koha::Illrequest->load_backend raise an exception
if the passed backend is invalid. This way we will catch more errors introduced.

The patch also disables the 'New Ill request' when no backends are available. Gets
rid of a related warnings.

Both OPAC and Intranet now display a warning message when no backends
are available.

Tests are added for the load_backend changes.

4/ This patch fixes the path for the checkboxes jquery plugin, and removes the include
for tablesorter, as this implementation uses Datatables. This is obviously code for older
Koha, ported to master.

TODO: There's something wrong on the styling. My idea is to get rid
of the custom column visualization tool, and have it display as regular
DataTables. We can then introduce the use of colvis on a separate bug
report.

Note: POD coverage for the exceptions file is wrongly tested. It is a false positive.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:42:14 -03:00
Alex Sassmannshausen
8e86b5e093 Bug 7317: Interlibrary loans framework for Koha.
This Commit is at the heart of adding an interlibrary loans framework
for Koha.  The framework does not prescribe a particular workflow.
Instead it provides a general framework that can be extended &
implemented by individual backends whose responsibility it is to
implement a specific workflow.

The module is largely self-sufficient: it adds new tables to the Koha
database and touches only a few files in the Koha source tree.

Primarily, we add our files to the Makefile and the koha-conf.xml,
define ill paths for the REST API, and introduce links from the main
intranet, opac pages & user permissions.

Outside of this we simply add new files & functionality.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:42:12 -03:00