Commit graph

25677 commits

Author SHA1 Message Date
Brendan Gallagher
e140603a59 DBRev to make notes of the XSS patches and the new important dependency.
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-01-29 18:06:28 +00:00
06e4a50f00 Bug 13618: Specific for branches.opac_info
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:17 +00:00
d6475a111f Bug 13618: (follow-up) Specific for other prefs
follow-up for SlipCSS and printslip

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:17 +00:00
dd98c9df92 Bug 13618: Fix for debarredcomment and patron messages
At the OPAC and intranet.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:17 +00:00
a065b243fe Bug 13618: Do not display html tags in patron's notices
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:16 +00:00
baeeaffbf8 Bug 13618: Do not display &nbsp; and html tags in item fields content
Note that there might be other occurrences to fix!

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:16 +00:00
a967a09261 Bug 13618: Fix for system preference description
If a syspref description contains html tag, do not display them

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:16 +00:00
0e98662b10 Bug 13618: Remove html filters for newly pushed code
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:16 +00:00
Bernardo Gonzalez Kriegel
fc2fb605e5 Bug 13618: (follow-up) add missing lines for opac-shelves
Proposed patch to fix opac-shelves

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:16 +00:00
bc308fdd9c Bug 13618: (follow-up) Specific for ColumnsSettings
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:16 +00:00
811c4e8402 Bug 13618: Fix for edit biblios and items
On editing biblios or items, the marc_lib, marc_value and javascript
values are often populated with html code which needs to be displayed
raw.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:15 +00:00
Bernardo Gonzalez Kriegel
ca8e8c397c Bug 13618: followup to remove tabs
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
This followup on top of remote branch
Only remove tabs and trailing spaces to make koha-qa pass

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:15 +00:00
bb417b256b Bug 13618: Fix last occurrences recently introduced to master
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:15 +00:00
ae5b98020a Bug 13618: Fix for news
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:15 +00:00
a7731ffe25 Bug 13618: Fix escape on sending baskets or shelves by email
Test plan:
Send baskets and shelves by email.
With or without this patch, you should not see any changes.

Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:15 +00:00
11fa38dc29 Bug 13618: Specific for XSLTBloc
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:14 +00:00
36c07ad6d3 Bug 13618: Specific for Salutation on editing a patron
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:14 +00:00
e6ea281a3b Bug 13618: Specific for other prefs
opacmainuserblock
opacnav
opacnavright
opaccredits
opacheader
opaccustomsearch
opacmysummaryhtml
opacmysummarynote
opacnavbottom
opacnoresultsfound
opacresultssidebar
opacsearchfortitlein
restrictedpagecontent
PatronSelfRegistrationAdditionalInstructions
intranetmainuserblock
intranetnav
intranetslipprinterjs
OpacSuppressionMessage
SCOUserCSS
SCOUserJS
SelfCheckHelpMessage
NoLoginInstructions

Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:14 +00:00
Liz Rea
7824874557 Bug 13618 - memberentrygen.tt errors Not a GLOB reference
Like Jonathan said:
The interpolation of a variable on including a file caused an unexpected
error:
Template process failed: undef error - Not a GLOB reference at
/usr/lib/i386-linux-gnu/perl5/5.20/Template/Provider.pm line 619.

Replaced it with a SWITCH, like the other patch for this similar error.

Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:14 +00:00
1834da3da3 Bug 13618: Specific for ColumnsSettings
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:14 +00:00
21ae62b253 Bug 13618: Specific for IntranetUser* and OPACUser* prefs
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:13 +00:00
602bdbab4c Bug 13618: Fix error 'Not a GLOB reference'
The interpolation of a variable on including a file caused an unexpected
error:
Template process failed: undef error - Not a GLOB reference at
/usr/lib/i386-linux-gnu/perl5/5.20/Template/Provider.pm line 619.

The easier fix is to replace it with a SWITCH.

Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:13 +00:00
Jonathan Druart
d254362435 Bug 13618: Specific for the ISBD view
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:13 +00:00
Jonathan Druart
8837a8ae68 Bug 13618: Specific for pagination_bar
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:13 +00:00
Jonathan Druart
00eff140b3 Bug 13618: Specific places where we don't need to escape variables - intra
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:13 +00:00
Jonathan Druart
7db851ff03 Bug 13618: Remove html filters at the intranet
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:12 +00:00
Jonathan Druart
49a3738b8d Bug 13618: Specific places where we don't need to escape variables
There is no need to escape the html generated by the XSLT.

Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:12 +00:00
Jonathan Druart
cedaa0e23e Bug 13618: Remove html filters at the OPAC
This patch removes the html filters at the OPAC, if necessary.

Generated with:
  perl -p -i -e 's/\ ?\|\ ?html(\ ?)%/\1%/g' **/*.tt **/*.inc

Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:11 +00:00
Jonathan Druart
01b38d3b13 Bug 13618: Use Template::Stash::AutoEscaping to use the html filter
Test plan:
0/ sudo cpanm Template::Stash::AutoEscaping
1/ Verify don't reproduce the XSS issue described on bug 13609 and other
xss related bugs.
2/ Try to find some encoding issues (detail page, search results,
facets, etc.)

Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 17:54:11 +00:00
Brendan Gallagher
8dfebb140b Removing atomicupdate file.
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-01-29 17:51:03 +00:00
Brendan Gallagher
9865d34e69 DBRev for Bug 14893 - Separate temporary storage per instance in Upload.pm
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-01-29 17:49:33 +00:00
0c138700b2 Bug 14893: Separate temporary storage per instance in Upload.pm
To make life easier when multiple instances are uploading temporary
files to Koha, this patch adds the database name to the upload subfolder
in your /tmp folder.

Note: Although multiple instances could share the same subfolder for
temporary storage (hashvalue is based on a timestamp too), it will be
better to separate them for efficient housekeeping (removing older or
partial files with a cronjob etc.)
Since multiple instances come with separate permissions, keeping them in
separate folders will be much simpler.

Permanent storage is not affected by this patch. The location of permanent
storage is ruled by the upload_path in each config file. Sharing that
space is not recommended too.

Although it may not be strictly necessary yet to remove files from the old
temp storage folder (before the 3.22 release), the accompanying db rev
performs that housekeeping task.

Test plan:
[1] Do not yet apply this patch. Upload a temporary file (use the
    tools/upload.pl script without selecting a category).
[2] Check /tmp/koha_upload.
[3] Apply this patch. Run the db rev with web installer.
[4] Upload another temporary file.
[5] Check /tmp for folder [your_database]_upload.
[6] Check that /tmp/koha_upload is gone and the associated records too.
[7] Run the adjusted t/db../Upload.t

Followed test plan. Could not do steps before applying patch [1]-[2]
(I suppose a local permission problem).
After applying patch and updating db file appears in /tmp/[database]
as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-29 01:17:55 +00:00
8d072272fa Bug 15240: [QA Follow-up] Minor adjustments
This patch does:
[1] It removes some unused modules.
[2] It adds some options not listed in the synopsis.
[3] It removes an unused sql expression from one query.
    Note: In fines related code the third parameter of CalcFine sometimes
    is named as days_overdue too.
[4] Corrects a few typos in comments or pod.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-01-28 19:15:35 +00:00
0d36c27678 Bug 15240: Do not process issues with a date due later than today
There is no need to do this job in Perl, MySQL could do it instead.
The idea is to only retrieve the issues info which could be overdued.

To test:
1/ Run the script
2/ Apply the patch
3/ Run the script again, notice the exact same results but execution time is faster

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-01-28 19:15:34 +00:00
1a343093e9 Bug 8753 [QA Followup] - Add notice to translations
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-27 23:44:29 +00:00
b7b94b7012 Bug 12636: Do not display unique patron attributes in the batch patron modification
Batch patron modification should not offer to update patron attributes
with values which are designated as unique since such attributes are
required to be unique to a single patron.

Test plan:
Create some patron attributes, some should be unique.
Use the batch patron modification tool to modify patrons.
With this patch, the patron attributes marked as unique won't be
display anymore.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-27 20:52:36 +00:00
35b7fa9112 Bug 14828 [QA Followup] - Hide in OPAC checkbox not checked in editor even if enabled
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-27 20:46:58 +00:00
95f0caed38 Bug 14828: use Koha::ItemType[s] in admin/itemtypes
Test plan:
Add/edit/remove item types from the administration module
(admin/itemtypes.pl).
You should get message feedback after each action.
Don't forget to play with the image and try to remove an item type
linked to records (you should not be able to remove it).

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-27 20:46:58 +00:00
38567b224b Bug 14828: Remove old package and tests
C4::ItemType can be now removed safely, there is no use of this module.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-27 20:46:58 +00:00
aafe73eefb Bug 14828: Use Koha::ItemType[s] everywhere C4::ItemType was used
This patch mainly replaces C4::ItemType->all with
Koha::ItemTypes->search.

Test plan:
At the places where the C4::ItemType module was used, confirm there is
no regression:
- acqui/neworderempty.pl
- catalogue/itemsearch.pl
- admin/item_circulation_alerts.pl
and the 2 cataloguing plugins:
- marc21_linking_section.pl
- unimarc_field_4XX.pl

QA step:
prove t/db_dependent/HoldsQueue.t should return green
Note that the tests were buggy.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-27 20:46:58 +00:00
db2a1aa0dd Bug 14828: Add Koha::ItemType[s] classes
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-27 20:46:57 +00:00
Brendan Gallagher
c76bcd508a DBRev for bug 8753 (removing the atomicupdate too).
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-27 17:58:47 +00:00
bb0c2fce1b Bug 15353: Display the patron image where needed
On the 3 following pages, the patron image was not displayed:
   members/discharge.pl
   members/pay.pl
   members/paycollect.pl

Test plan:
Apply this patch and confirm the image is now displayed

Followed test plan, image displays as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-01-27 17:00:03 +00:00
c2f667b4f2 Bug 15680 - Fresh install of Koha cannot find any dependencies
Revert "Bug 6679 - [SIGNED-OFF] fix 2 perlcritic violations in C4/Installer/PerlModules.pm"

This reverts commit 0e356b214e.

Fixing the evals in PerlModules.pm to pass perl critic has caused
a regression. If appears that using a block eval will not work here,
at least not in its current form.
2016-01-27 16:15:42 +00:00
8ec7572d0c Bug 8753: [QA Follow-up] Primary key and collation
This patch includes:
[1] Adds primary key borrowernumber to new table.
[2] Fixes collation.
[3] Removes manual PK in DBIx schema file.
[4] Fixes typo CompletePasswordRevovery.
[5] Removes use strict from opac-password-recovery; Modern::Perl is used.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:56 +00:00
Charles Farmer
45d8575e3a Bug 8753 - propagating the changes to kohastructure.sql and sysprefs.sql
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Looks good with a new install.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:55 +00:00
Liz Rea
563688050c Bug 8753 - Various little things - removing new dependency, changes to errors, textual updates
Koha already has a sub that creates salts, so lets use that instead of math::Random::secure, so as not to add a new dependency.

Made the references to "Forgotten password" consistent, including adding it to the title of the page.

Also removed the individual error for "this email doesn't belong to this account" as that could expose the existence of a login, which I think we'd rather not do.

Made some of the text more grammatically correct, and more library specific.

To test:

Apply on top of all of the other patches.

All the usual checks, plus make sure there are no typos in any text references.

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:54 +00:00
Charles Farmer
76d1509838 Bug 8753 - Smartmatch substitute, Math::Random::Secure, Perltidy, Passwordrecovery.t
This is a collection of changes taken from different comments (but mostly comment 21 and comment 122).

Passes qa and prove, on my machine at least.

There's also a new test file, Passwordrecovery.t, which covers every method of C4::Passwordrecovery.

To test:

All normal checks plus :

    1/ Receive the email
    2/ Click on the link
    3/ Change the pwd
    4/ Click again on the link
    5/ You should immediately get an error message

Problems with Math/Random/Secure.pm, is solved in following patch, signing off
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:54 +00:00
Liz Rea
70898717c1 Bug 8753 - [followup] POD cleanup
Check to make sure the messages from the qa checker are gone.

Note I'm not sure about this one because my test tools are apparently broken, and I can't get the error to manifest.

Amended patch by Jonathan Druart: Add a blank line before =head2
It now passes.

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:54 +00:00
mxbeaulieu
0f2aea716a Bug 8753 - Use Koha::Borrowers instead of C4::Members
Use the new library to search for borrowers.
Changed how the $borrower variable is used since it is now a Koha::Borrower object.

Removed the $protocol parameter from the generated link. It should be included in the OPACBaseURL syspref.

	modified:   C4/Passwordrecovery.pm
	modified:   opac/opac-password-recovery.pl

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:53 +00:00