This patch modifies several serials templates to use the
Bootstrap grid instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags and "text/css" attributes from <style> tags in the
modified templates.
To test, apply the patch and go to Serials.
- Add or edit a new subscription. The "create an item..." and "do not
create an item..." labels should look correct.
- Search for subscriptions
- Select two or more subscriptions to batch edit.
- The subscription batch edit page should look correct and adjust
well to various browser widths.
- View a subscription and click the "Renew" button. The subscription
renewal pop-up window should look correct.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The idea of output_and_exit_if_error (added by bug 18403) is to make sure
parameters are valid before executing the script.
If not (old or broken URLs), we shortcut everything coming next to display a
generic error ("object does not exist", "you do not have permission to do that", etc.)
This bug report fixes the scripts under serials/*.
Test plan:
Hit the script under the serials directory with an invalid subscriptionid parameter
and confirm you get an error instead of the normal view with empty values.
The goal is not to be exhaustive during the first iteration, but at least to fix
the most common views.
For instance:
/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=XXX
/cgi-bin/koha/serials/serials-collection.pl?subscriptionid=XXX
/cgi-bin/koha/serials/routing.pl?subscriptionid=XXX&op=new
/cgi-bin/koha/serials/subscription-add.pl?op=modify&subscriptionid=XXx
/cgi-bin/koha/serials/subscription-add.pl?op=dup&subscriptionid=XXX
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a message to the user to let them know the subscription
have been renewed successfully.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a "Renew all selected subscriptions" action link on top
of the table of the "Check expiration" page.
It will allow to auto-renew several subscriptions.
Test plan:
Make sure this new link renew the selected subscriptions as expected.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the two serials templates to use the Bootstrap grid
instead of the YUI grid.
Apply the patch and go to Serials and locate an existing
subscription.
- Click the "Edit routing list" in the sidebar.
- Save the routing list, and click "Save and preview routing slip."
- The routing slip preview should look correct and buttons should work
correctly.
- When viewing the details of a subscription, click the "Renew" button
in the toolbar. The popup window should look correct.
Signed-off-by: Zoe Bennett <zoebennett1308@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies more and more staff client serials templates so
that JavaScript is included in the footer instead of the header.
This patch adds a new JavaScript include, showpredictionpattern.js,
which is used by subscription-add.tt and subscription-numberpatterns.tt.
it also adds subscription-add.js, moving most of the JS embedded in
subscription-add.tt into an external file.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Serials -> New subscription
- Date pickers
- Popup search windows for vendors and bibliographic
records
- Next / Previous buttons
- Form validation
- Prediction pattern operations
Test with new subscriptions, editing existing subscriptions, and
duplicating subscriptions.
- Serials -> Manage Numbering Patterns
- Datatable
- Delete confirmation
-> Edit
- Datepicker, test pattern
- Serials -> Manage frequencies
- Delete confirmation
-> Edit
- Form validation
- Serials -> Subscription details -> Planning tab
-> Edit history
-> Datepicker
- Serials -> Subscription details -> Renew
- Datepicker
Signed-off-by: Dominic Pichette <dominic@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Warning: This area is a mess, especially with date management.
For the same reasons as other "Remove C4::Dates from*" patches, this one
will deal with the serials module.
Note that this patch add the datepicker on 3 input fields (on
serials/subscription-detail.tt and serials/subscription-renew.tt).
There was also weird behavior when the dates were invalid. Now default
to undefined. But with the datepicker it will reduce the number of
cases even if the user is still allowed to fill invalid dates.
Test plan:
1/ Create a subscription, fill the first issue pub date and the
subscription start date.
You can fill or not the end date.
Play with the numbering pattern and confirm that there are generated as
before this patch.
2/ On the check expiration page, confirm that the dates are correctly
displayed.
3/ Renew the subscription and confirm that the behavior is correct.
4/ Go on the subscription history page and confirm you have now the
datepicker plugin set on the 2 date fields.
QA notes: The startdate, histstartdate and enddate are not used in
the serials-collection template, this patch removes them from the pl
script.
Tested on top of 15166 15168 15171, full browser reload for date pickers.
Note for 4/: It is the link in tab planning on subscription
detail page, near "Manual history" (if manual history is enabled).
Works as advertised.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>