Changes to OPAC templates.
Depends on new CSS clases defined in separate patch.
Test plan:
To test this particular patch (intranet templates) you need:
* The syspref patch applied
* The intranet CSS patch applied
To test:
* Apply this patch
* Enable covers (if not done already)
* Go to staff interface, log in as a priviliged user.
* Select "More" -> "Administration" ->
"Global system preferences" -> "Enhanced content".
* Set ""AdlibrisCoversEnabled" to "Show" under "Adlibris".
* Save changes
* Add a book with a known cover/ISBN (if none exists)
* Set MARC field 020 a,
"INTERNATIONAL STANDARD BOOK NUMBER" to: 9780451524935
* Set MARC field 245 a, "Title" to: 1984
* Save changes
* Test opac-results.tt
* Search library catalog from OPAC for "1984".
* You should be sent to:
http://127.0.1.1/cgi-bin/koha/opac-search.pl?idx=&q=1984
* Cover image should be shown to the right of each title
with CSS class: "adlibris-cover"
* Test opac-detail.tt
(continued from previous test's location)
* Click on the title with cover (1984, ISBN: 9780451524935)
* Cover should be displayed to the left in full size.
* If clicked, should link to the full-size image.
Test opac-results-grouped.tt
* This template is only used if an external "grouping" server is
setup and the syspref "OPACGroupResults" is set to "Use".
* Personally I did not test this, b/c: terminally lazy
* Test opac-showreviews.tt
* Could not find any links to this location, manually enter it:
http://127.0.1.1/cgi-bin/koha/opac-showreviews.pl
* Image should be shown to the right in full size.
* If clicked it should take you to the detail view with the
comments tab opened.
* Test opac-showreviews-rss.tt
* Click on the RSS icon from previous test's start location.
URL should be:
http://127.0.1.1/cgi-bin/koha/opac-showreviews.pl?format=rss
* An image tag linking to the full-size image without any
styling class should be present.
* Test opac-user.tt
* Click on your username to open:
http://127.0.1.1/cgi-bin/koha/opac-user.pl
* Covers should be shown for checked out items with
CSS class: adlibris-cover
* When clicked the destination should be the same as
clicking the title column entry: opac-details.pl
* Test opac-opensearch.tt
* Click on "Advanced search" and enter "1984" then press "Search"
* This search screen uses a different template.
* Cover image should be shown to the right of each title
with CSS class: "adlibris-cover"
* If clicked, should link to the OPAC detail view.
* Test opac-readingrecord.tt
* Click on your logged-in name to go to your personal page.
* Click on "Your reading history" tab on the left.
http://127.0.1.1/cgi-bin/koha/opac-readingrecord.pl
* Covers should be shown in leftmost column with
CSS class: adlibris-cover
* If clicked, should link to the same as the 'Title' link.
Sponsored-By: Halland County Library
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Why? Because we must filter the variables when we display them.
If we escape them on assignement, they will be double escaped:
[% XXX = "<span>pouet</span>" | html %]
[% XXX | html %]
=> <span>pouet</span>
Also it will bring trouble if we are assigning a structure (see bug
21663 for instance).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This addresses comment #13.
This also applies cleanly.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
In the staff client, when viewing the content of a list, it can be sorted by 'title', 'author' or 'call number' but not by 'date added'.
This patch adds 'date added' as an option for default sorting of lists. It also makes it available as a sorting option while viewing lists.
Test plan:
In the staff client and the opac:
1) View a list containing several items
=> Notice that you can't sort by 'date added'
2) Try to edit the list or create a new one
=> Notice you can't choose date added as the default sort order
3) Apply the patch
4) When viewing the list you should now be able to sort by date added
=> Make sure it orders correctly
5) Edit or create a list and choose date added as default sorting order
=> Make sure it uses date added as default
=> On the staff client: test that the filter for 'sort by' works for date added
=> On the opac: test that, while viewing the contents, choosing 'default sorting' in the dropdown menu sorts correctly
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch set does several things:
- it removes USER_INFO and BORROWER_INFO
These 2 variables contained logged-in patron's info. They must be
accessed from logged_in_user
- Use patron-title.inc for the breadcrumb at the OPAC, for consistencies
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes the 'using_https' check in OPAC templates in calls to
Syndetics resources. Instead, https is always used.
To test, apply the patch and enable Syndetics-related preferences. View
the following pages in the OPAC:
- Bibliographic detail page
- Browse shelf section of the bibliographic detail page
- Search results
- List contents
- Recent comments
- Recent comments RSS
- User summary page
- Circulation history
NOTE: I tested with made-up Syndetics credentials. This means my changes
didn't make the template explode, but it doesn't confirm conclusively
that the resources work.
Signed-off-by: John Doe <you@example.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a new "share" icon to the sprite image used to style
controls in the OPAC. The "share list" links now have a "sharelist"
class which is used to style the links with the new icon.
Also changed: Fixed the page structure markup of opac-shareshelf.tt.
To test you must have the OpacAllowSharingPrivateLists system preference
enabled.
- Log in to the OPAC and go to Lists -> Your lists.
- Create one or more private lists if necessary.
- In the table of your lists there should be a "Share" link with the
new icon.
- View one of these lists and confirm that the "Share" link at the top
of the table of list items.
- Click through to the share list page and confirm that the page looks
correct.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch is a reimplementation of the original from Indranil Das Gupta
and the QA follow-up from Julian Maurice. Original test plan:
Conformance rules for HTML5 is generating warnings for <script> element
with type="text/javascript" attribute when the OPAC page is checked
with W3C Validator. This patch removes the cause of these warnings.
Test plan
=========
1/ Paste the URL to your OPAC page (if it is hosted) to W3C Validator
and watch about 10+ warnings being generated by the validator.
2/ Apply patch and re-submit the page to the Validator. The warnings
would be gone.
Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1. set syspref OpacKohaUrl to "Show"
2. Log into the OPAC
3. /cgi-bin/koha/opac-shelves.pl
4. Notice that "Powered by Koha" is not in the footer in this page.
When on the other tabs it's in the footer (out of .main)
5. Apply this patch
6. Notice that "Powered by Koha" now in the footer in the "your lists" page
Signed-off-by: Dominic Pichette <dominic@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
category is send back to the template, it must be escaped
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
Enable Coce and disable other image services
Load a list and not there are no covers
Apply patch
Load a list and note there are covers
https://bugs.koha-community.org/show_bug.cgi?id=15924
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This function only serves to check if the shelf name is not empty. It
does not even work since it incorrectly refers to f.addshelf (while it
should test #shelfname).
We can solve this and improve consistency by doing the same as in the
staff template with html5 required.
Test plan:
[1] Without this patch it was possible to add a list without a name in
OPAC (with js error: TypeError: f.addshelf is undefined).
[2] With this patch, verify that you cannot do this anymore.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If we we move from Private to Public or vice versa, this should reflect
on the Anyone remark from the first patch.
If we go back to a private list without shares, we should show it.
Handled in a js sub AdjustRemark, triggered by onchange of the category
combo or the permission combo.
Test plan:
[1] Edit a private list without shares in OPAC. Toggle category and/or
permissions. Is the remark shown or hidden accordingly?
Note: Include a test with OpacAllowPublicListCreation enabled.
[2] Edit a shared list or public list in staff. Toggle category/permissions.
You should never see the remark.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This is a follow-up of report 18228 that simplifies the permissions for
lists. It reapplies the idea behind bug 10865 by adding a remark next to
the Anyone permission if it is not actually effective. A next patch will
make it behave dynamically.
Note: The Anyone permission is not relevant if it is a private list that
has no shares. Note that looking at the prefs OpacAllowPublicListCreation
and/or OpacAllowSharingPrivateLists is not decisive. You should look at
list permissions and shares in the database; turning off the Sharing pref
does not automatically remove all shares in the system. It only blocks
creating new shares.
We only need changes in opac-shelves.tt and virtualshelves/shelves.tt.
Test plan:
[1] Verify that you see the remark now in OPAC and staff.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The two new columns as mentioned in the commit message of the table
revision must be used in the codebase now.
Highlighting some changes in Koha::VirtualShel[f|ves]:
[1] Additional methods is_public and is_private.
[2] Method add_biblio did not check permissions. Does now. No impact on the
interface, but one call in the unit test was affected.
[3] Method remove_biblios is signficantly simplified. Removed a FIXME.
[4] Method can_biblios_be_removed now redirects to can_biblios_be_added.
A followup report may deal with unifying those routines.
[5] Condition in get_some_shelves changed.
[6] The reference to allow_add in get_shelves_containing_record can simply
be removed.
opac-shelves.pl and shelves.pl now pass the default setting of Owner only
to the template.
Templates shelves.tt and opac-shelves.tt now include the new permission
field with three choices as mentioned in the table revision patch.
opac-addbybiblionumber.pl and addbybiblionumber now need a check on
allow_change_from_owner; search conditions slightly adjusted to the new
permission scheme.
Test plan:
When we refer to visibility in the test plan, please check the Add to-combo
on opac search results and staff results. And check opac-addbybiblionumber
by clicking Save to Lists from opac results.
The step 'Check delete' means: open the list in opac and check if you see
the Delete button below the entries (only check, do not delete).
[ 1] Create private list I01 (perm=Owner)
[ 2] Check visibility: Seen.
[ 3] Add a book. (Change by owner should be allowed.)
[ 4] Check delete: Yes.
[ 5] Edit list I01, set perm=Nobody
[ 6] Check visibility: Not seen.
[ 7] Check delete: No.
[ 8] Share list I01 with another patron.
[ 9] Check visibility for the other patron: Not seen.
[10] Check delete for the other patron: No.
[11] Change permission of list I01 to Anyone (by owner).
[12] Check visibility for the other patron: Seen.
[13] Let other patron add a book (change is allowed).
[14] Let owner delete the same book again (change allowed).
[15] Create public list U01 (perm=Owner)
[16] Check visibility: Seen.
[17] Add a book. (Change by owner should be allowed.)
[18] Login as other user. Check visibility: Not seen. Check delete: No.
[19] Change permission of U01 to Nobody (by owner)
[20] As owner: Check visibility: Not seen. Check delete: No.
[21] As other user: Check visibility: Not seen. Check delete: No.
[22] Create public list U02 (perm=Anyone)
[23] Add a book by owner.
[24] Delete the same book by other user. Add another book.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Following the idea behind bug 10865, we are only showing the permissions
when the list is shared or public.
Adding a simple test in opac-shelves here.
Note 1: Since the owner can always add or delete entries, the permissions
will not be relevant anymore for a strictly private list.
Note 2: Staff view always shows the permissions. This could have been
changed here too, but that change is far less urgent (bug 10865 did not
touch staff view and bug 18228 will rearrange permissions anyway).
Test plan:
[1] Verify on OPAC that you see the permissions for a private list with
shares or a public list. And you do not see them for a private list
without shares.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
If you have disabled the pref OpacAllowPublicListCreation, your users are
not able to edit the list permissions for private/shared lists.
For a private list they may only be theoretically relevant, but for a shared
list they are relevant.
Since we do not always know the history of a list (has it been public or
shared, does it contains entries from other users) and therefore permissions
are even relevant for a currently private list, we should just allow editing
these permissions.
Test plan:
[1] Do not yet apply this patch.
[2] Disable OpacAllowPublicListCreation.
[3] Create a private list in OPAC. Edit the list. Verify that you do not
see the permission combo boxes.
[4] Apply this patch. Edit the list again. Do they appear now?
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised.
At the OPAC, if a user manipulate the URL to show a list (s)he is not
allowed to view, the list's name will be displayed anyway.
Test plan:
- Create a private list with user A
- Copy the op=view URL and access it with user B logged in
=> Without this patch, you will see the rss icon, the list's name and
the "add list" button
=> Without this patch, only the "unauthorized" box will be displayed
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test
1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="><script>alert('XSS')</SCRIPT>
2/ Notice JS is executed
3/ Apply patch
4/ Notice it's fixed
This bug reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch fixes a bug introduced by bug 14544.
Holds can not be placed from lists at the OPAC, the action results in a
crash:
Can't call method "field" on an undefined value at
/home/koha/src/C4/Items.pm line 1504.
at /home/koha/src/opac/opac-reserve.pl line 601
Before 14544, the checkboxes were named 'ACT-$BIBNUM', something like
REM-4242. Now we can retrieve the biblionumber from the value.
Test plan:
Select a public list
check some titles and click on the 'Place hold' link
you should able to process the reservation
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Test plan:
1/ At the opac, go on the the list home page (opac-shelves.pl)
2/ Click on 'new list', create a list and save
=> You should be redirect to the list
3/ Click on edit, save
=> You should be redirect to the list
4/ Delete the list
=> You should be redirect to the list
5/ Edit a list from the list view, save
=> You should be redirect to the list
6/ Click on a list link (op=view)
7/ Edit the list, save
=> You should be redirect to the 'show' view
8/ Delete list
=> You should be redirect to the list
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
This followup on top of remote branch
Only remove tabs and trailing spaces to make koha-qa pass
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
modified: modules/opac-opensearch.tt
modified: modules/opac-results-grouped.tt
modified: modules/opac-shelves.tt
modified: modules/opac-showreviews-rss.tt
modified: modules/opac-showreviews.tt
Basically, just inspect these places and make sure the Amazon images are
using https://images-na instead of http://images
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To be more gender neutral
To test:
1) Go to OPAC lists (opac-shelves.pl)
2) Confirm it now says "Allow anyone to remove their own contributed
entries."
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Spelling mistake in opac-shelves.tt paramter ==> parameter
To test - check the change is made in the file
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
There are 2 places where a list can be edited/deleted: on the list view
and the list content view. After the edition, the user expect to be
redirect to the previous page.
This patch implements that.
Test plan:
At the OPAC, delete and edit a list from the 2 differents places.
Confirm that you are redirect to the page you come from.
With patch, redirects work as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To test:
Create a list in the OPAC, observe the message
Create another list in the OPAC with the same name, observe the message
Delete a list, observe the message
Check the patch itself, look for typos.
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This subroutine does a lot a processing and should only be called when
necessary.
In the get_template_and_user subroutine (so called from any pages of
Koha), it is call to pass the branchcode, title, firstname, surname and
borrowernumber values for the logged in user.
This subroutine calls GetMemberAccountRecords which retrieve the items
infos for all accountlines entries of the logged in user.
On members/members.pl, let's say you have 74 entries in the accountlines
tables, the page will execute 115 SELECT instead of 35 if you don't have any
accountlines entries.
With this patch, the number of SELECT is always 31.
To test this patch you should have technical skills to know what to do.
Note that USER_INFO was an array of... 1 element. Now it's a hashref.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
It think it's better to put the shelf name first
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This string patch only puts <span>...</span>
around shelves messages. It split a monster
translation string into its components.
This kind of string to translate is error-prone.
Also fixed a typo on opac, 'deleteing'
To test:
1) Search for 'An error occurred when updating this list'
on your preferred language translation file for staff
or opac
(xx-YY-staff-prog.po or xx-YY-opac-bootstrap.po)
You will see a 'big' string to translate
2) Apply the patch
3) Update translation files for your language
4) Search again, big one is gone and there are
new individual strings to translate.
Sorry for not spotting this before string freeze
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
See comment 171 and 172 for more details.
This patch mainly fixes typo or silly error in templates.
It also uses the relationships added by previous patch to join the
biblioitems and items tables (changes in opac-shelves.pl and
shelves.pl).
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The user should not be allowed to create a new list and get a friendly
error message if he tries.
The "New list" links are removed.
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The owner of a list should not need any permission to remove contents.
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 14544: Fix redirect on editing a list
If you edit a list from the list view, after saving the form, you are
not redirected to the list view (but on the edit form).
Bug 14544: Cosmetic: › should be a class divider
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This does not work for now, see later.
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan (requires Baker and Taylor cover images to be set up and enabled):
1. Create a record with an ISBN that does not have a cover and a UPC
that does. 141985934X/085391174929 is one set that works well.
2. Verify that the record shows up as "No image available" in the
following OPAC locations: shelf browser, reviews, lists, search and
reading record. This will require adding reviews/checkouts/etc. for
the record in question.
3. Apply patch.
4. Check the locations again, and verify that the record now has a
valid cover image.
Signed-off-by: Alexis Rodegerdts <arodegerdts@wallawallawa.gov>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1/ Hit a url like
/cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh
noes')</script> Where the id is a valid shelf id
2/ Notice the js is executed
3/ Apply patch
4/ Reload page
5/ Notice input is now escaped on display
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Tested in Debian, couldn't reproduce the alert in Iceweasel, but in
Chromium. Patch fixes it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
To test:
1) Create a list in the OPAC, name it: <script>alert('Hello');</script>
2) Delete the list
3) Confirm deletion
4) See the alert say 'Hello'
5) Apply patch
6) Recreate list with same name
7) Delete list
8) Confirm deletion and alert no longer pops up
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>