This change validates the paths in datalink.txt/idlink.txt,
so that only images in the unpacked archive directory are allowed
Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Create a datalink.txt file with the following:
42,selfie.jpg
3. Create a jpeg at selfie.jpg
4. ZIP the datalink.txt and selfie.jpg files
5. Upload to the "Upload patron images" tool
(after enabling the "patronimages" system preference)
6. Note that the image uploads correctly
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8fcb767fe2836c90ceacb5b5d8211524571eb8aa)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 579c28c764257a250c12aa11207772c074c1335e)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
0. Apply patch and restart/reload Koha
1. Test that uploading a patron image still works, in single file format and as a zip
Work as suggested
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9bc0521493fbe2f9fe0dde051d0b2f52c8a14a9a)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To Test
1. Create a file name for example: test.zip`curl xxxxtesting.informaticsglobal.com`.zip
where the domain is one you can watch the logs from.
2. Go to Tools and click on Upload patron images choose option zip file and upload the file.
3. Check /var/log/apache2/access.log and see the curl with the IP
"xx.xxx.xx.xxx - - [11/Jul/2024:23:10:33 +0530] "GET / HTTP/1.1" 200 267 "-" "curl/7.68.0"
4. Apply the patch
5. Repeat 2 and 3 step and check no error is coming for the Remote execution error.
6. Test uploading actual zip file and images still works.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5c931e00f73e91467581fd29721e5af8d7fa98ab)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
JD Amended patch: replace '==' with 'eq' for consistency with other
occurrences.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Typo in system preference name 'AutoCreateAuthorites' -> 'AutoCreateAuthorit[i]es'
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
a) do a grep for 'this this'
1) notice that there are five matching files
2) notice that all of these instances are in comments, or podfiles
b) apply this patch
c) do a grep for 'this this'
1) notice now that these instances are gone
d) apply these changes to schema.koha-community.org
e) result!
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We do two things here..
* We're making the improvement to C4::Letters that sets librarian to a
patron object more resilient by testing for the userenv first.
* We correct the logic in Koha::Ticket such that we always store changes
when there's a ticket update
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Trivial patch.
Change the --branch and --skip-branch options of the longoverdue cron script
to --library and --skip-library to meet the Terminology Guidelines.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This script doesn't seem to be included in cron files by default.
This change is to allow script parameters to effect only certain branches.
This allows the script to be added multiple times to a cron file with
different settings for different branches.
Test plan:
1. apply patch
2. identify two books at different branches the same number of days overdue.
3. run the longoverdue.pl script specifying one of the branches in the
--branch command line parameter.
i.e. koha-shell -c 'misc/cronjobs/longoverdue.pl --branch branch_code --lost 60=2 --maxdays=61 --confirm' instance_name
4. observe that the book at the specified branch has been or would be affected
by the script while the other book is not.
Signed-off-by: Tadeusz „tadzik” Sośnierz <tadeusz@sosnierz.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch removes the "Charges" tab from the include file which is used
by the circulation and patron details templates. Information about
charges and credits is already shown at the top of these pages under the
"Attention" heading.
This tab is already hidden on the checkout page
because the script doesn't provide the data to display.
To test, apply the patch locate a patron with charges.
- Check out to the patron. As before, you should see under the
"Attention" heading at the top, "Charges: Patron has outstanding
charges of..."
- There should be no "Charges" tab below in the section showing tabs for
checkouts, holds, etc.
- Check the same details on the patron detai page.
- A patron with credits should be displayed similarly.
Sponsored-by: Athens County Public Libraries
Signed-off-by: Nicolas Hunstein <nicolas.hunstein@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch fixes an issue where the form to add a provder would automatically default to the manual form. This patch prevents this behaviour and restores the intended functionality.
Test plan:
1) Don't apply the patch
2) In ERM, click to add a new provider
3) Type something in the provider name search box
4) The input will change from a select to a text input and the button next to it will now say "Create from registry"
5) Apply patch
6) Yarn build and hard refresh the browser
7) Repeat steps 1-3, the form should work as intended and return results in the select box
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Library staff - whose patron category has a type='Staff' should be able to have guarantees added.
Test plan:
1) Create a 'Library staff' patron category with 'Category type' = 'Staff'
2) Create a patron account using the 'Library staff' patron category
3) Notice the '+ Add guarantee' button is not displayed in the members toolbar for the 'Library staff' patron you created
4) Apply patches and restart services
5) Refresh your browser window
6) Notice the '+ Add guarantee' button is now displaying for the 'Library staff' patron
7) Confirm you can successfully add a guarantee
8) Run unit test t/db_dependent/Koha/Patrons.t
Sponsored-By: Waitaki District Council, New Zealand
Signed-off-by: Tadeusz „tadzik” Sośnierz <tadeusz@sosnierz.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Enable the export_records.pl script use a report output to export biblios or authorities
Test plan:
1. Apply patches and restart services
2. Create a SQL report (id=1)
SELECT biblionumber
FROM biblio
3. Create a SQL report (id=2) and set an item as notforloan = -1
SELECT title, author, biblio.biblionumber
FROM biblio
LEFT JOIN items USING (biblionumber)
WHERE items.notforloan = <<Not for loan|NOT_LOAN>>
4. Create a SQL report (id=3)
SELECT title, author
FROM biblio
5. Create a SQL report (id=4)
SELECT authid
FROM auth_header
6. Run export_records.pl using report id=1 and confirm a koha.mrc file is created in the misc directory:
cd misc
./export_records.pl --report_id=1
7. Delete the koha.mrc file
8. Run export_records.pl using report id=2
./export_records.pl --report_id=2
9. Notice you are prompted to supply a parameter
10. Re-run report id=2 supplying a parameter. Confirm the koha.mrc file is created and contains bib data
./export_records.pl --report_id=2 --report_param=-1
11. Run export_records.pl using report id=3
./export_records.pl --report_id=3
12. Notice you get the message: The --report_id you specified does not fetch a biblionumber
13. Delete the koha.mrc file
14. Run export_records.pl using report id=4
./export_records.pl --report_id=4
15. Notice you get a message 'The --report_id you specified does not fetch a biblionumber'
16. Re-run export_records.pl setting the record-type=auths
./export_records.pl --record-type=auths --report_id=4
17. Notice the koha.mrc file is generated and contains auth data
Sponsored-by: Horowhenua Libraries, Toi Ohomai Institute of Technology, Plant and Food Research Limited, Waitaki District Council, South Taranaki District Council New Zealand
Signed-off-by: Alexandre Noel <alexandre.noel@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds a new notice trigger to allow notifying assigned staff
that they have been assigned a new catalog concern to action.
Test plan
1) Enable catalog concerns (either via staff or opac interfaces)
2) Report a new concern (either via staff or opac interfaces)
3) As a staff user, assign the concern to another staff user
4) Check that the new 'TICKET_ASSIGNED' notice has be queued for that
staff user.
5) Re-assign the catalog concern to yourself
6) Note that you do not see a 'TICKET_ASSIGNED@ notice queued as you
self-assigned.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds unit tests for the TICKET_ASSIGNED trigger being
introduced with this patchset.
Test plan
1) Run the unit tests prior to the next patch and confirm they fail
2) Apply the next patch and confirm the unit tests now pass
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds a 'librarian' object fetch to
C4::Letters::GetPreparedLetter when a called passes the 'want_librarian'
flag.
This allows for the notice to take full advantage of the patron object
for that librarian rather than requireing old non-TT syntax for this
feature.
Test plan
1) We use the 'librarian' object in the new TICKET_ASSIGNED default
notice, use the next patch to test that the librarian title is
correctly substituted into the notice.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds a new default TICKET_ASSIGNED notice to be used with
catalog concerns to notice the assigned staff user when a ticket has
been assigned to them.
Test plan
1) Run the database update and confirm that the new notice has been
added to the database (If on the sandboxes, skip to the next patch)
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1) In acquisitions, have a vendor with an item (or items) in their basket. Search for this vendor.
2) From the actions column, select the arrow and then press 'Close this basket'
3) Clicking on this option will not close the basket and brings us to the wrong page
4) Apply patch
5) Try to close the basket again, and this time, it is closed successfully
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
When one tries to clear the rule they are editing in circulation
rules page via "Clear" button, dropdown selectors aren't populated
with default value (first on the list).
To reproduce:
1. Select a rule to edit.
2. Press "Clear" button to return edit rows values back to default values.
=> Values in dropdowns aren't set back as default, instead they have
same values as rule you edited before pressing "Clear".
3. Apply this patch.
4. Select rule to edit, then press "Clear".
=> Dropdowns now have default values.
Sponsored-by: Koha-Suomi Oy
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
1) Create a background job
2) Go to the background jobs page
3) See your job listed
4) Unselect "include_last_hour" from the filter
5) Verify that the job is not listed
6) Apply the patch
7) perl build-resources.PL
8) Repeat steps 1-3
9) Verify that the job is now listed
10) prove t/db_dependent/Koha/BackgroundJobs.t
11) Verify that the tests pass
Sponsored-by: Koha-Suomi Oy
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
When trying to filter holds to pull using the dropdown filter for Pickup Location, the dropdown has "None" as the only available option because of incorrect column index in ppendingreserves.tt
To reproduce:
1. Place a hold and go to Circulation -> Holds to pull.
2. Use a dropdown filter for Pickup Location, see that only "None" is available to pick, meaning you can't use the filter.
3. Apply the patch.
4. Do the step 2 again and ensure that there's also an option for that hold's pickup location.
Signed-off-by: Eric Garcia <cubingguy714@gmail.com>
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
1. Run unit tests
ktd --shell
prove t/SimpleMARC.t
Sponsored-by: Education Services Australia SCIS
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
1. Apply patch and restart services
2. Create a MARC modification template with the action:
Copy and replace field 001 to 099$a unless 099$a exists
3. Perform a Batch record modification using your MARC modification template from #2
4. Confirm that the template has successfully moved the 001 control field value to the 099$a subfield
Sponsored-by: Education Services Australia SCIS
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We use Section to distinguish Residential from ETF Open University;
This patch adds Section to the breadcrumb and title where appropriate.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Make sure that the system preference ‘HidePatronName’ is set to
‘Show’
2. Select a patron that has a primary email address set in their
contact information.
1. Place a hold for that patron
3. Build the holds queue: perl /kohadevbox/koha/misc/cronjobs/holds/build_holds_queue.pl
4. Check the holds queue and notice that the patron column includes the
patron’s email
5. Click on the hyperlinked email. It will open a new email with the
subject of "Hold item: (your biblio title)"
6. Disable the ‘HidePatronName’ system preference
1. Check the holds queue again and notice that no contact
information can be seen for the patron
7. Sign off and have an amazing day :D
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
With ElasticSearch enabled,
* Perform a search using the default sort order
(i.e. 'relevance').
* Verify that no warnings are generated in
plack-intranet-error.log
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch correct a typo in the SMSSendAdditionalOptions system
preference description.
To test:
1. Apply patch
2. Go to Administration > System preferences
3. Search for SMSSendAdditionalOptions
4. Read the description, make sure there are no spelling or grammar
error
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
1. Apply patch
2. Rerun and make sure the error "Use of uninitialized value $sub6 in pattern match (m//) at /usr/share/koha/lib/Koha/SearchEngine/Elastricsearch.pm" is no longer present.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Initial testing done, it works well, needs an additional sign off from an external party
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch updates the cash register statistics template so that they
use the new WRAPPER for displaying breadcrumbs.
To test, apply the patch and test page and its variations.
Breadcrumbs should look correct, and each link should be correct.
- Reports ->
- Cash register statistics
- Results
Sponsored-By: Athens County Public Libraries
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test Plan
1. Go to Tools -> Notices and slips -> New notice
2. Select Acquisition
3. Click on the Koha module label
4. The corresponding drop down field should activate (greyed)
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This change consistently sends the Csrf-Token in the request header.
Previously, one POST sent it in the request body, while the other POST
sent it in the request header. Since we're using an API, it's best
for us to always send it in the request header
Test plan:
0. Apply the patch
1. perl ./misc/migration_tools/koha-svc.pl \
http://localhost:8081/cgi-bin/koha/svc koha koha 29 > bib-29.xml
2. perl ./misc/migration_tools/koha-svc.pl \
http://localhost:8081/cgi-bin/koha/svc koha koha 29 bib-29.xml
3. Note that the following appears in STDOUT and there is no 403 error:
"update 29 from bib-29.xml"
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This change fixes the Koha::SVC to store the CSRF token for
the authenticated session for further POSTing.
Test plan:
0. Apply the patch
1. perl ./misc/migration_tools/koha-svc.pl \
http://localhost:8081/cgi-bin/koha/svc koha koha 29 > bib-29.xml
2. perl ./misc/migration_tools/koha-svc.pl \
http://localhost:8081/cgi-bin/koha/svc koha koha 29 bib-29.xml
3. Note that the following appears in STDOUT and there is no 403 error:
"update 29 from bib-29.xml"
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch updates the javascript overriding the form submission when reports have multi select parameters.
When there are more than one multi selects, and the user selcts one value from each, it skips updating the value of the select, so it doens't send duplicate parameters anymore.
If there are no selections made it will pass '%' for all values. This allows the multi select to be optional in the report. If no selections are made it is assumed that you are not using that parameter to limit the report.
Test plan:
1. Go to Reports and create a report from SQL
select *
from items
where
homebranch in <<Libraries|branches:in>>
and
itype in <<Item type|itemtypes:in>>
3. Run the report but pick only 1 library and 1 item type
4. Click the "Show SQL code"
5. Notice that the two parameters were filled correctly
6. Run the report again with zero selections
7. Click the "Show SQL code"
8. Notice that the '%' is used for the parameter
9. Run the report again with combinations of single, multiple and zero selections
10. confirm the SQL code is generated as you would expect.
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Find a bib record with more than one item
2. Click on the barcode of an item to show the item details page
--> The item details page shows the details of all items, though it does
jump to the correct item
3. Apply patch
4. Reload the bib record, and click the barcode again
--> The item details page shows only the chosen item, with a link above
to show all items
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Follow same test plan as before, but attempt to delete a 'All' entry in 'Default article request fees'.
Notice it blows up before this patch. It works as expected after the patch.
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This was introduced by bug 34478.
To test:
Follow the test plan as before, but test for several different patron categories
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
