To test:
- Make sure that syspref OnsiteCheckouts is enabled
- Log in to OPAC as a patron who has checkouts, online checkouts and checkout history enabled
- Go to 'your reading history' (in English)
- Display all three tabs
- Apply patch
- Reload page, display oll three tabs again, there should be no difference
- Examine source code changes to verify that the words 'checkout' and 'onsite' no longer
will be exposed to translation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch fixes issues with the translatability of opac-password-recovery.tt
To test:
- Apply patch
- Verify that text changes make sense.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This uses a hacky but simple method to get the correct script name under
proxied packaged Plack.
Test plan:
1) Log out of both the OPAC and staff side.
2) Try to access a page that requires login (opac-reserve.pl is a
good one for the OPAC), then log in.
3) You will be redirected back to mainpage.pl or opac-user.pl.
4) Repeat above for both staff side and OPAC.
5) Apply patch.
6) Repeat steps 1-4; you should be redirected back to the original
page you were on.
7) Repeat the above for both a traditional CGI and kohadevbox/package
Plack installation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
Confirm the wording is correct
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
See comment #17: Redirect to 404 in opac-discharge.pl and remove
message in template because with the redirect it will never be
reached.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
EDIT: Fix for OPAC side
EDIT: Comment 10
EDIT: Merge conflicts
To test:
1) Ensure syspref useDischarge is disabled
2) Go to /cgi-bin/koha/members/discharge.pl?borrowernumber=X&discharge=1
3) Validate that you are still able to generate a discharge slip for this patron
4) Apply patch and refresh page
5) Confirm that you are redirected to the circulation.pl page for the user and that an error message is there.
OPAC SIDE
6) Go to the OPAC
7) Go to /cgi-bin/koha/opac-discharge.pl
8) Confirm you get a message saying discharges are disabled
9) Go to /cgi-bin/koha/opac-discharge.pl?op=request
10) Confirm you see same message
Sponsored-by: Catalyst IT
Followed test plan, works as expected (both staff client and OPAC).
Re-tested, works OK.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch adds subtitle information to the display of titles in the
OPAC's shelf browser.
To test, apply the patch and make sure OPACShelfBrowser is enabled.
- View the detail page for any title in the OPAC which has items.
- Click the "Browse shelf" link next to any item in the holdings table.
- The titles in the shelf browser should display with all subtitle
information as defined in Keywords to MARC mapping.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Adding 245a and c as 'subtitle' in Keywords to Marc make them
show on shelf browser.
No errors.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
If the new pref is named EnhancedMessagingPreferencesOPAC, it will show
up adjacent to EnhancedMessagingPreferences
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
- Change the preference Enhancedmessagingpreference description.
- Enable default EnhancedMessagingPreferences and OPACEnhancedMessagingPreferences.
- not sent e-mail it's necessary, when user call opac-messaging.pl directly..
Testing:
I Apply the patch
II Run updatedatabase.pl
0) Search OPACEnhancedMessagingPreferences preference;
1) Validate "OPACEnhancedMessagingPreferences show patron messaging
setting on the OPAC (NOTE: EnhancedMessagingPreferences must be
enabled).";
2) Disable OPACEnhancedMessagingPreferences preference;
3) Enable EnhancedMessagingPreferences preference;
4) On the OPAC -> user's settings, validate "your messaging" is not
showed.
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Works as expected. With the new syspref, patrons can be forbidden to
modify themselves their own messaging preferences.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Also, I like sysprefs
http://www.quickmeme.com/img/d9/d99723bc544e8d33572dc92f242a6f6e2dbe0126a2e35fe3de073d30d62002e6.jpg
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
MSG_NO_RECORD_SELECTED declared two times
To test: Go to cart and list (virtual shelves) in OPAC and
verify if those pages work as expected
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Additionally fix typo in following files:
koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/opac.pref
koha-tmpl/opac-tmpl/bootstrap/en/modules/errors/errorpage.tt
To test: Apply patch, verify in files that authentification is
replaced by authentication
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by
sysprefs.sql and does not appear in updatedatabase.pl, we could easily
imagine that nobody uses it.
With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set. Otherwise you need to turn
the XSLT off. In this case you will see the images on the result list
(OPAC+Staff interfaces) and OPAC detail page, but not the Staff detail
page.
This patch suggests to remove completely this feature as it does not
work correctly.
The ability to assign an image to an authorised value is now always
displayed, but the image will only be displayed on the advanced search
if defined.
Test plan:
Confirm that the authorised value images are no longer visible at the
opac and the staff interfaces.
The prefs should have been removed too.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This followup changes comment in koha-tmpl/opac-tmpl/bootstrap/js/datatables.js line 3 to
MSG_DT_* variables comes from datatables.inc
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If a user is not logged in but requests a specific branch,
the RSS feed message fails to mention the branch.
TEST PLAN
---------
1) Apply first patch
2) go to OPAC's opac-main.pl?branch={some branch with specific news}
-- notice bad RSS message
3) Apply this patch
4) Repeat step 2
-- notice branch is properly shown.
5) koha qa test tools
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This fix changes the RSS link to reflect the URL paramter override.
This is less elegant than the existing solution which uses the
Branches TT module, perhaps there is a better way?
Sponsored-By: Halland County Library
Test plan:
* Follow instructions in the original patch but also check the
URLs and contents of the RSS link at the bottom the OPAC page.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The message on opac-memberentry does no longer apply.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Some libraries would like the ability to select the itemtype to request
when placing holds. For example, if a record has 3 copies of BookA and 3
copies of BookA in large print, this feature would allow a person to
place a hold on the record, but still be able to target only the Large
Print edition so that the first Large Print copy that becomes available
is targeted, rather than forcing the patron to select a particular copy
to hold.
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Create a record with items of two or more itemtypes
4) Place a record level hold on the record while choosing one particular
itemtype
5) Check in an item from the record that is not of that itemtype
6) Notee it is not trapped for the hold
7) Check in an item from the record that does match the selected itemtype
8) Note the item is trapped for the hold
Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 15044 added a new column to the suggestion table at the OPAC but
forgot to modify the DT params.
Test plan:
The suggestion table at the OPAC should not be broken with this patch.
NOTE: Sorting was broken prior to patch.
Sorting was fixed after patch.
The added null causes the field count to match up properly.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch updates the compiled CSS file with changes made in the
previous patch to the LESS files.
To test, apply both patches and clear your browser cache if necessary.
- View the bibliographic detail page for any record in the OPAC
- Confirm that the style of the "Normal," "MARC," and "ISBD" links looks
correct.
- Resize your browser to various widths, including very narrow widths.
Confirm that the links work well at all sizes.
- Repeat the test for each view, normal, MARC, and ISBD.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
When looking at the detail page for a bibliographic record, there are
tabs linking to the "Normal," "MARC," and "ISBD" views. These tabs need
to be styled responsively so that they work well at all browser widths.
This patch makes some slight markup changes to the templates and updates
the LESS files to add responsive styling.
This patch does not include the compiled CSS file, so the follow-up is
required to test the visual changes.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
To test:
1/ Do a search in the OPAC
2/ Restrict to only available items
3/ Notice the authors now appear bold
4/ Apply patch
5/ Refresh the page
6/ Authors should now look normal again
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Insert SCOUserCSS/JS 'after' OPACUserCSS/JS rather than 'instead of'
i.e. Remove IF/ELSE and use 2 IF
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
Currently if not logged in when browsing to
http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl
You are redirected to opac-auth.tt and SCOUserCSS and SCOUserJS are not
loaded. This page passes through a parameter to the template to indicate
this is an SCO login and appropriate CSS and JS should be loaded.
Additionally this patch ensure that when loggin in using the form you
are redirected to the sco-main.pl instead of the patron account page for
the user.
To test:
1 - Verify that normal login works on both staff and opac
2 - Verify that SCO link goes to login page if AutoSelfCheckAllowed is
set to "Don't allow"
3 - Enter changes into SCOUserJS and SCOUserCSS and observe these are
present on SCO log in page with AutoSelfCheck disabled
4 - Verify that a logged in opac user without permissions cannot access
the self-checkout module
5 - Verify that AutoSelfCheckAllowed and associated system preferences
function as expected
6 - Verify the AutoSelfCheck user is logged out if they attempt to visit
another page
Followed test plan.
If I go to http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl, CSS and JS trigger already on
the login form, I suppose that is intended.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
This patch reverts the changes made at the OPAC from the following
patches:
Do not include the antiClickjack legacy browser trick for greybox"
Revert "Bug 15111: Do not include the antiClickjack legacy browser trick for greybox"
This reverts commit fc640d2a86.
Revert "Bug 15111: Change X-Frame-Options with SAMEORIGIN"
This reverts commit fb167c0e4b.
Revert "Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks"
This reverts commit dc03bca76c.
Setting X-Frame-Options to SAMEORIGIN is enough for mordern browsers:
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
The antiClickjack trick should be removed at the OPAC as we want to keep
the OPAC usable even if the user has disabled JS.
That means the OPAC will be vulnerable to XFS if a user is navigating
with a prehistoric browser:
Firefox 3.6.9 September 2010
IE 8 March 2008
Opera 10.5 March 2010
Safari 4 February 2009
Chrome 4.1.… somewhen 2010
Test plan:
Confirm that there are no regression of bug 15111 with modern browsers
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
From C4::Koha::GetAuthorisedValues
# TODO: the "selected" feature should be replaced by a utility function
# somewhere else, it doesn't belong in here. For starters it makes
# caching much more complicated. Or just let the UI logic handle it, it's
# what it's for.
Indeed, it's not a job for a subroutine, the template should take care of that.
Note that a perf gain could be won with this patch \o/
Test plan:
- Edit an itemtype and check the value of the "Search category" dropdown list
- Edit a patron attribute type and check the value of the "Class" dropdown list
- Detail for a catalogue record, the Status column should be correctly
populated if items are damaged and/or lost
- Item details for a catalogue record, the lost, damaged and withdrawn
value should be correctly displayed
- Edit a patron, the "street type" should be correctly selected
- Create a patron attribute type linked to an authorised value list.
- Edit a patron, set a value for this attribute, edit it again. The
correct value should be selected.
- Search for subscriptions. The 'Location' dropdown list should behave
correctly (select the entry you have choosen before, etc.)
- Edit a subscription, the location dropdown list should select the
correct value.
- Edit and view a suggestion with a 'reason for suggestion' set (you
should have at least 1 OPAC_SUG AV defined)
Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Run Koha QA Test tools and discovered this failed because of tabs.
Rather than fail this and wait forever for it to get fixed, this
patches it, and I'll mark it as signed off anyways.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Test Plan (remains the same):
0) Back up your database
1) Apply all these patches
2) In your mysql client use your Koha database and execute:
> DELETE FROM systempreferences;
> SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
-- Should be no errors.
> SELECT * FROM systempreferences LIKE 'GoogleO%';
-- Should see 4 entries.
> QUIT;
3) Restore your database
4) Run ./installer/data/mysql/updatedatabase.pl;
5) In your mysql client use your Koha database and execute:
> SELECT * FROM systempreferences LIKE 'GoogleO%';
-- Should see the same 4 entries.
6) Log into the staff client
7) Home -> Koha administration -> Global system preferences
8) -> OPAC
-- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
9) -> Administration
-- There should be a 'Google OAuth2' section with the ability
to set those 4 system preferences.
10) In a new tab, go to https://console.developers.google.com/project
11) Click 'Create Project'
12) Type in a project name that won't freak users out, like your
library name (e.g. South Pole Library).
13) Click the 'Create' button.
14) Click the 'APIs & auth' in the left frame.
15) Click 'Credentials'
16) Click 'Create new Client ID'
17) Select 'Web application' and click 'Configure consent screen'.
18) Select the Email Address.
19) Put it a meaningful string into the Product Name
(e.g. South Pole Library Authentication)
20) Fill in the other fields as desired (or not)
21) Click 'Save'
22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
(http://library.yourDNS.org)
23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
googleoauth2 script
(http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleopenidconnect)
24) Click 'Create Client ID'
25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
system preference.
26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
system preference.
27) Change the GoogleOpenIDConnect preference to 'Use'.
28) Click 'Save all Administration preferences'
29) In the OPAC, click 'Log in to your account'.
-- You should get a confirmation request, if you are
already logged in, OR a login screen if you are not.
-- You need to have the primary email address set to one
authenticated by Google in order to log in.
30) Run koha qa test tools
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
- t/db_dependent/ILSDI_Services.t was failing for me as I had
issues in my database, fixed with another delete line
- QA tools found a typo - comparision
- Added documentation of the new parameter to the ilsdi.pl page
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch prevents bypassing the self check timeout with the print dialog.
To test:
- Set syspref 'WebVasedSelfCheck' to 'Enable'
- Set syspref 'SelfCheckoutReceivePrompt' to 'Show'
- Set syspref 'SelfCheckTimeout' to 20 seconds
- Apply patch
- Go to SCO page (/cgi-bin/koha/sco/sco-main.pl)
- Enter card number
- Click 'Finish'. Dialog "Would you like to pritn a receipt?' appears.
- Confirm printing without waiting 20 seconds
=> Result: Print slip, SCO page shows 'Please enter your card number'
- Enter card number again
- Click 'Finish'. Dialog "Would you like to pritn a receipt?' appears.
- Wait > 20 seconds (value of SelfCheckTimeout) and then confirm.
=> Result: Message appears "Timeout while waiting for print confirmation"
- Click on OK.
=> Result: Self checkout page refreshes (shows 'Please enter your card number')
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=11497
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch fixes a bug introduced by bug 14544.
Holds can not be placed from lists at the OPAC, the action results in a
crash:
Can't call method "field" on an undefined value at
/home/koha/src/C4/Items.pm line 1504.
at /home/koha/src/opac/opac-reserve.pl line 601
Before 14544, the checkboxes were named 'ACT-$BIBNUM', something like
REM-4242. Now we can retrieve the biblionumber from the value.
Test plan:
Select a public list
check some titles and click on the 'Place hold' link
you should able to process the reservation
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch add display link in XSLT for field 264/bug 14198 and reflect the
Zebra index 'Provider' in detail page for OPAC screen.
To test: follow previous test plan
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Same test plan as previous patch, but for opac defail and result using
the XSLT views.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
I am amazed!
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
to test...
1/ set TrackClicks syspref to 'track'
2/ add a problematic multipart url to an item's 'url' field
example url: http://foo.corg?key1=val1&key2=val2
3/ test url in opac-detail.pl - url is corrupt
4/ apply patch - url is corrct
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Only fixes the item URLs - a follow-up for the URLs
in the bibliographic record (856 for MARC21) is still
needed.
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch introduces an XSLT file grabbed from DSpace and a couple
css files.
To test:
- Point to your dev Koha's oai endpoint. For example:
http://localhost:8080/cgi-bin/koha/oai.pl?verb=ListMetadataFormats
=> FAIL: Look how ugly it is for humans.
- Apply this patch
- Reload
=> SUCCES: It is styled and provides really useful links to interact with
the OAI server verbs.
- Sign off :-D
Sponsored-by: Universidad Empresarial Siglo 21
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Works as described. Nice looking.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To test:
1 - Enable Syndetics Reviews without a LibraryThing ID
2 - Check page source and note you have a stanza for LTFL tabbed reveiws
3 - Apply patch
4 - Reload page and note LTFL tabbed reviews are not present
5 - Enter a LibraryThing ID and not the tab is restored.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To reproduce:
- Add multiple subfields 856 u to a bilbio
- Add this biblio to a cart and send it as mail
(from Staff client and from OPAC)
Result: Links in mail body are broken
To test
- Apply patch
- Send carts again (from Staff client and from OPAC)
- Result: In mail body, links display separated with blank-pipe-blank
like http://bla.com | http://blabla.com | http://blablabla.com
- Change one of the 856 u to not to be a link, e.g. äöü
- Send carts again
- Verify that in mail body äöü correctly display as text.
(Amended to make it work for OPAC as well, MV)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
The JavaScript which handles the display of Google book cover images
includes a hard-coded "style" attribute. It may have been relevant to
the design of the old prog template, but it doesn't seem to have any use
in the Bootstrap one. This patch removes it.
I have replaced the style attribute with a class in case someone needs
a hook for some custom CSS.
To test, apply the patch, enable the GoogleJackets system preference,
and clear your browser cache if necessary.
- Search for a title in the OPAC which has a Google book cover image
associated with it.
- View the detail page for that title. Confirm that the "Google Preview"
link underneath the cover image looks correct.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch rearranges some parts of the OPAC detail page template so
that the "add tag" link does not appear if the user is not logged in.
This patch also includes some whitespace changes, so please diff
accordingly.
To test, apply the patch and set "TagsEnabled" to "Allow."
- With "TagsInputOnDetail" set to "Allow," view the detail page for a
bibliographic record in the OPAC when /not/ logged in. You should see
a "Log in to add tags" link which triggers the login modal when
clicked.
- Log in and view the same page. Confirm that there is now an "Add
tag(s)" link which triggers the add tags form. Confirm that the
behavior of the add tags form is still correct.
- With "TagsInputOnDetail" set to "Don't allow" view the detail page
again and verify that the "Log in to add tags" link doesn't appear
when not logged in, and the "Add tags" link doesn't appear when logged
in.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To test:
1) Log in to OPAC, go to your purchase suggestions (opac-suggestions.pl)
2) Confirm there is now a 'Suggested on' column displaying the date of your past suggestions
3) Add a new purchase suggestion and confirm that the date displayed is correct
Sponsored-by: Catalyst IT
Signed-off-by: Marjorie <marjorie.barry-vila@ccsr.qc.ca>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
If you click on a link that opens a new tab/window to another site, that tab
has access to the original window through JavaScript. The browsing context is
related, even if the domains are totally different.
The tab retains access to the original window's object via window.opener, even
if you navigate to another page or domain, in the new or original window.
Access to the Window object means the new window can use Window.location to
open a different URL in the original window, perfect for phishing attacks.
Depending on the site's Same-Origin Policy settings, the new window may have
access to other parts of the original window's DOM as well.
Any 'A HREF' that contains a target of of '_blank' or '_new' or a fixed name
is vulnerable. Previous security best practice often suggested creating a random
fixed name for an unpredictable namespace - that won't help with this problem!
Targets of '_self' and '_parent' are safe.
We do not use _new (at first glance) but several _blank. Some are used
to refer internal url, we do not need to update or remove them. Others
are used to satisfy OPACURLOpenInNewWindow, in these case, we should add
the rel="noreferrer" attribute to the a tags.
In other cases, we can simply remove them and let the users discover
that a mouse has more than one button (we are in 2016, they can do it!)
Signed-off-by: Chris <chrisc@catalyst.net.nz>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Most of the scripts called via greybox (which uses iframe) don't include
doc-head-close. But some do.
This patch adds a popup parameter for these templates, not to include
the legacy browser trick and avoid the replacement of the location.
Test plan:
1/ Export patroncard and label
2/ translate itemtypes
3/ click on a idref link at the OPAC
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Web pages that can be embedded in frames are vulnerable to cross-frame
scripting attacks. Cross-frame scripting is a type of phishing attack
that involves instructions to an unsuspecting user to follow a specific
link to update confidential information in an online application.
Because the link leads to a legitimate page from the online application
that is embedded in a frame hosted by the attackers' server, the
attackers can capture all the information that the user enters.
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
A simple regex is added to the basket and detail templates to select the
URLs passed separately from MARC21 555$u by GetMarcNotes. Note that the
regex tests if a note starts with http:// or https:// and does not contain
any whitespace in order to be considered as a url.
These URLs are put in an anchor tag.
This touches four places:
[1] opac detail, tab title notes
[2] catalogue detail, tab Descriptions
[3] opac basket, more details, notes
[4] staff basket, more details, notes
Test plan:
[1] Edit a record. Add a 500$a, 555$a and a URL in 555$u.
Put "http://this is not a url" in the 500$a (whitespace!).
[2] Check opac-detail, tab Title Notes. Check the URL.
[3] Do the same for catalogue/detail.
[4] Add record to cart in OPAC. Open basket. Check More details.
[5] Repeat previous step in staff.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This subroutine just retrieved the messages given some parameters.
Some job should not have been done in this subroutine.
It was called only 3 times, in circ/circulation.pl and opac-user.pl.
Basically it was used to retrieved the message to displaye for a given
patron ($borrowernumber) at the OPAC (B) or Staff (L).
For the 3 calls, the 2 parameters $borrowernumber and $type
(message_type) were passed, the "%" trick at the beginning of the
subroutine was useless.
Moreover, the date formatting should be done on the TT side, not in
subroutine.
The can_delete flag was set if the branchcode given in parameter was the
same as the one of the message. This has been delegated to the template.
Indeed the can_delete was not valid, since it must depend on the
AllowAllMessageDeletion pref.
The test is now:
IF message.branchcode == branch OR
Koha.Preference('AllowAllMessageDeletion'')
There is not specific test plan for this patch, the changes have already
been tested in previous patches.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This would be incorrectly hidden when autoMemberNum is on.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Test plan:
1. Open OPAC self-registration page while logged out.
2. Note that cardnumber and categorycode are not shown.
3. Remove cardnumber and categorycode from
PatronSelfRegistrationBorrowerUnwantedField.
4. Enable autoMemberNum.
5. Reload self-registration page, note that categorycode now shows.
6. Disable autoMemberNum.
7. Reload self-registration page, note that cardnumber now shows.
8. Try saving a patron with an existing cardnumber; this should fail
and explain why.
9. Set CardnumberLength, and verify that those length restrictions are
enforced.
10. Verify that patron can be created with custom categorycode and
cardnumber.
Signed-off-by: Michael Sauers <msauers@dospace.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Added new systempreference OpacMaintenanceNotice.
When OpacMaintenance is ON the HTML contents of OpacMaintenanceNotice will
be displayed.
Enabling OpacMaintenance is all that is required to enable this preference.
If OpacMaintenanceNotice is undefined, the default (original) notice will
appear when OpacMaintenance is enabled.
To test:
- Enable OpacMaintenance systempreference
- Observe the default maintenance message when OPAC is viewed
- Edit OpacMaintenanceNotice systempreference, adding custom HTML
- Observe the custom HTML appear on the opac
- Remove OpacMaintenanceNotice (mindful of orphaned spaces etc.)
- Observe the default opac notice appears in the opac
- Disable OpacMaintenance
- Observce opac is back online
Moving code to atomic update and fixing merge conflict
NOTE: Accounted for an SQL typo and autoescaping of the template.
If someone else could test this, then I would be fine with
marking it signed off.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch changes the Google jackets URL to use HTTPS instead of HTTP.
Test Plan:
1) Enable Google Jackets
2) Ensure the Koha OPAC instance is configued to use HTTPS
3) Confirm Google jackets display correctly.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch switches from UNLESS MARC21 to IF UNIMARC - this way changes
apply to MARC21 and NORMARC and UNIMARC remains unaffected
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Go to Administration->Keyword to MARC mapping
2 - Add a mapping (or ensure it exists)
Field name: subtitle
MARC field: 245
MARC subfield: b
3 - View a record with a subtitle in the opac
4 - Note in MARC 21 you have "Title of record:, subtitle of record"
5 - Apply patch
6 - View the record again and note the comma is no longer present.
Note: this patch removes the comma only for MARC21 where subtitle is not
repeatable. UNIMARC seems to be repeatable and does not include
punctuation so I believe this may be needed there.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as described. Comma removed from title of the window and breadcrumb
section
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Compiled CSS file.
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The prog template in the OPAC designated a color for the "unavailable"
class associated with items in search results which are checked out.
This class never made it into the Bootstrap theme. This patch adds it to
the Bootstrap theme's LESS file.
To test, apply the patch and search the OPAC for terms that will return
checked out items. In the list of search results, on the "availability"
line, the "Checked out" text should now be red. The change is visible
with XSLT on or off.
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Make captcha visible even if password field is hidden
Remove password confirmation field before submitting modification
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
1) "Contact information" should be "Password"
2) Don't pass sysprefs from the script to the template, use Koha.Preference()
3) minPasswordLength is optional, we cannot always assume it is set
4) Password field when does not follow convention completely when mandatory
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch allows patrons to create thier own password during OPAC self
registration. It sets the password field to be hidden by default, and
allows for a system generated password if no password is supplied and
field is not mandatory
1 - Apply patch
2 - run updatedatabase.pl
3 - Check syspref "PatronSelfRegistrationBorrowerUnwantedField" - it
should contain 'password'
4 - Check self registration on opac - there should be no change
5 - Remove 'password' from PatronSelfRegistrationBorrowerUnwantedField
6 - Password field should now be visible in OPAC self registration
7 - Register a patron: If no passwor is supplied you should get a system
generated password
8 - Register a patron with a password, your password should be used
9 - Add 'password' to PatronSelfRegistrationBorrowerMnadatoryField
10 - Attempt to register a patron with no password - it should fail
11 - Try all combinations if mismatched/short/missing passwords and view
correct error messages
12 - prove t/db_dependent/Members.t
Sponsored by : Do Space (www.dospace.org)
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
If you enable AllowHoldDateInFuture (and its OPAC variant), you get
an additional "Hold starts on date". In that field and in "Hold not
needed after" it was not possible to enter the current date.
Although it does not really make any difference if you leave the startdate
empty or put the current date in it, we concluded that it still makes
a psychological difference. Some patrons were confused when placing a
hold because the first date to select was tomorrow. Instead of telling
them "Yes, but you can leave it empty", we should just allow the current
date as well.
The expiration date ("not needed after") also started on tomorrow. (This
field can really be empty.) But there is actually no reason not to allow
today here too. If the patron only wants it today, why force tomorrow?
How is this arranged? Well, this is one of the simplest Koha patches ever
written. It only changes the minDate option of both date pickers in one
line from 1 to 0.
Test plan:
[1] Allow future hold dates via systempreferences.
[2] Verify that you can enter today in both fields.
[3] Put today in start and expiration date. Place the hold and verify that
you can confirm the hold, check out and check in again.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch changes the order of the name fields and adds a span class around
each in case of library wanting to customize further
To test:
1 - Enable course reserves
2 - Add some courses with instrcutors
3 - Note they are of form "Firstname Surname"
4 - Apply patch
5 - Note the change
6 - Note span tags
7 - Note you can hide firstname by adding to intranet user js: $(".instr_firstname, instr_separator").hide();
Sing-off note: This patch displays the names as advertised on cgi-bin/koha/opac-course-reserves.pl Sorting
the names would need some more actions but seems not to be intended by this patch.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Test plan:
1/ At the opac, go on the the list home page (opac-shelves.pl)
2/ Click on 'new list', create a list and save
=> You should be redirect to the list
3/ Click on edit, save
=> You should be redirect to the list
4/ Delete the list
=> You should be redirect to the list
5/ Edit a list from the list view, save
=> You should be redirect to the list
6/ Click on a list link (op=view)
7/ Edit the list, save
=> You should be redirect to the 'show' view
8/ Delete list
=> You should be redirect to the list
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Nearly all cellular providers allow a person to send an text message to a cellular
phone by sending an email to phonenumber@provider. We can leverage this capability
to add the ability for Koha to send sms messages to patrons without the need to
subscribe to an sms gateway server.
Basic plan:
1. Add a table sms_providers to the db to tell Koha what service providers are available, and what domain emails should be sent to.
2. Add borrowers.sms_provider_id to tell Koha which mobile service the patron subscribes to for the number given in smsalertnumber
3. Modify Koha to send an email rather than using SMS::Send if the driver is set to 'Email'
Test plan:
0) Get a mobile phone
1) Apply the patch
2) Run updatedatabase.pl
3) Set the value of SMSSendDriver to 'Email'
4) Go to the admin page, the "Additional parameters" area should now have the link "SMS cellular providers"
5) On this page, add some providers. Make sure to add the provider for your own cellular phone service.
Here are some examples:
Sprint phonenumber@messaging.sprintpcs.com
Verizon phonenumber@vtext.com
T-Mobile phonenumber@tmomail.net
AT&T phonenumber@txt.att.net
Only add the domain part in the 'domain' field. So for Verizon, that would be 'vtext.com'
6) Create an account for yourself, add your SMS number, and select your provider from the dropdown box directly below it.
7) Enable SMS messaging for Item check-in and Item checkout
8) Check out an item to yourself
9) Run process_message_queue.pl
10) Wait! You should receive a text message shortly, when I tested it, I received my sms message within the minute.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Apply patch
2) Run updatedatabase.pl
3) Go to advanced search in Staff Client (ie /cgi-bin/koha/catalogue/search.pl)
4) Confirm that it says 'Non-fiction' in the 'Any content' drop-down menu under 'Subtype limits'
5) Go to item search (ie /cgi-bin/koha/catalogue/itemsearch.pl)
6) Confirm that it says 'Non-fiction' under 'Collection code'
7) Go to advanced search in OPAC (ie /cgi-bin/koha/opac-search.pl) and click 'More options'
8) Confirm that it says 'Non-fiction' in the 'Content' drop-down menu
9) Go to the details page for a non-fiction book in the OPAC (ie /cgi-bin/koha/opac-detail.pl?biblionumber=2) and click 'Holdings' tab
10) Confirm that it says 'Non-fiction' under 'Collection' heading
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
On editing biblios or items, the marc_lib, marc_value and javascript
values are often populated with html code which needs to be displayed
raw.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
This followup on top of remote branch
Only remove tabs and trailing spaces to make koha-qa pass
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Test plan:
Send baskets and shelves by email.
With or without this patch, you should not see any changes.
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
There is no need to escape the html generated by the XSLT.
Signed-off-by: Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Koha already has a sub that creates salts, so lets use that instead of math::Random::secure, so as not to add a new dependency.
Made the references to "Forgotten password" consistent, including adding it to the title of the page.
Also removed the individual error for "this email doesn't belong to this account" as that could expose the existence of a login, which I think we'd rather not do.
Made some of the text more grammatically correct, and more library specific.
To test:
Apply on top of all of the other patches.
All the usual checks, plus make sure there are no typos in any text references.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Followup changes text from "The user can reset | can not reset their password on OPAC" to "Library users are allowed | not allowed to recover their password via e-mail in the OPAC"
This change more clearly differentiates the purpose of this new preference from OpacPasswordChange.
Bug 8753 - followup - update text for link to match common UI paradigms, fixes OpacPublic disabled view
Also corrects OpacNav being included on the reset page on private catalogues.
Updated the link for forgotten passwords to more closely match common UI paradigms, i.e. Facebook and Twitter
To test:
apply all patches, link should now be the less verbose "Forgot your password?"
disable OpacPublic, anything in opacnav should not appear (you may need to add something to opacnav to test properly)
Bug 8753 - [followup] fix the title on opac-password-recovery.tt
The title stanza was missing a <title></title> around it, causing the extra text to appear.
To test, apply all patches and make sure it looks ok and there is no extra text at the top or bottom of the page.
Bug 8753 - [followup} Correcting spelling mistakes
Make sure it all still works
Bug 8753 - [followup] fix error when no information is provided
To test:
All normal checks plus make sure that a nice error is displayed when no data is provided.
fixing the deprecated thing
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
I've addressed a lot of Liz Rea's points.
1. I have moved the code from updatedatabase.pl and kohastructure.sql to a file in the atomicupdates directory.
1a. The feature is now off by default when the atomicupdate is run.
2. The password reset link is now visible on the home page, in the modal box and on opac-user.pl .
3. The password recovery pages now use bootstrap markup.
4. I am unsure here. I see "New Password:" and "Confirm new password:".
5. This should still work :).
6. I could not reproduce.
7. I have added the userid field.
You can now reset the password by submitting either your useid or email address.
Both fields can be filled, but the email address must be one of the borrower's (email, emailpro or b_email).
When entering only the email address and two borrowers use that same address, the system tells the user to try with another address or to specify his userid.
8. The text is in the atomicupdate file. Have at it, anyone.
Concerning the email. It is inconvenient for the use to have to wait X minutes for the message queue the be processed.
Maybe we could add a sub in Letters.pm that:
Takes the same argments as EnqueueLetter
Sends the letter.
Saves the letter in the message queue with a 'sent' status.
TEST PLAN:
Setup)
1) apply the patch
2) go to system preferences OPAC>>Privacy and set 'OpacResetPassword' to ON.
2b) make sure that OpacPasswordChange is also ON.
A)
1) refresh front page, click on 'Forgot your password' and enter a VALID address
1b) Also try an INVALID address (valid yet not in your koha db). An error message will show up.
2) An email should be received at that address with a link.
3) Follow the link in the mail to fill the new password.
Until a satisfactory new password is entered, the old password is not reset.
4) Go to main page try the new password.
B)
1) Repeat the password reset, this time use the userid (username) field.
2) Try to reset the password using a userid and an email not linked to the account. An error appears.
3) Make sure the borrower has many available email addresses.
4) For each email, reset the password using both the userid and the email. The link should be sent to the specified address
C)
1) Make sure two borrowers use the same email.
2) Repeat the reset procedure in test case A). An error message appears
http://bugs.koha-community.org/show_bug.cgi?id=13068
Author: Maxime Beaulieu <maxime.beaulieu@inlibro.com>
Followed test plan. Works as described.
Signed-off-by: Marc Veron <veron@veron.ch>
New sign-off after testing all patches together
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
-Fixing default option checked for OAI-DC in OPAC modal
-Move OPAC modal to opac-detail-sidebar.inc to display in MARC view
and ISBD view
This follow-up fix the QA comment in comment 149
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Above issue fixed & usable also in MARC/ISBD view
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Changes LESS opac.less > to opac.css
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
When Koha export a bibliographic record to DC, makes it in XML format.
This XML not follows the DC-XML recommendations as should be: elements
in uppercase eg. dc:Date, dc:Creator, section 4.2, recommendation 4
explain that "The property names for the 15 DC elements should be all
lower-case." eg. dc:date, dc:creator" and section "4.3 Example - a
simple DC record", xsi:schemaLocation="http://example.org/myapp/http://example.org/myapp/schema.xsd" schema does not exist.
NOTE: This new feature implement the XSLT transformation for OAI-DC,
SRW-DC and RDF-DC
Test plan
---------------
1) Download Dublin Core file from record detail page. Open up the file,
and make sure that the document not follows the DC-XML
recommendations as should be.
2) Apply patch.
3) Go to whichever bib record in OPAC or staff and click on Save >
Dublin Core. A modal will display, prove all options.
4) Change the system preference 'Opac ExportOptions' by enabling and
disabling Dublin Core and try to download a record.
5) Try several bibliographic records in any format (book, magazine, DVD,
etc.) to confirm that properly exported.
6) Test with all marc flavours.
Sponsored-by: Universidad de El Salvador
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
modified: modules/opac-opensearch.tt
modified: modules/opac-results-grouped.tt
modified: modules/opac-shelves.tt
modified: modules/opac-showreviews-rss.tt
modified: modules/opac-showreviews.tt
Basically, just inspect these places and make sure the Amazon images are
using https://images-na instead of http://images
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
I found a couple more places where we should be using images-na, so I
updated them
* in the shelf browser
* in XISBN related works (honestly not sure how to test this one, but
changing from the http:// url won't hurt anything.)
To test:
* Turn on the shelf browser, and browse for an item that has an amazon
image,
* inspect it, it should be using https://images-na... url.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To test:
* turn on Amazon images for result and detail in the OPAC
* do a search that will result in an Amazon image being displayed on the
result page
* inspect the cover image that is returned on the result page, it should
be using a https://images-na... Amazon URL.
* click through to the detail for that item
* inspect the cover image that is returned on the detail page, it should
be using a https://images-na... Amazon URL.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch changes the wording of the OPAC error page (See Bug 14573).
Additionally, it displays the link to the login page only if the system
preference 'opacuserlogin' is set.
To test:
- Apply patch
- Review koha-tmpl/opac-tmpl/bootstrap/en/modules/errors/errorpage.tt
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No errors
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: Replaced following reasons by 'the following reasons'. Reads better.
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Follwoing files were not yet deleted:
koha-tmpl/opac-tmpl/bootstrap/en/modules/errors/400.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/errors/401.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/errors/402.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/errors/403.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/errors/500.tt
Note: the 404.tt file was renamed to errorpage.tt
To test: Verify that files are deleted.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Files removed, new errorpage.tt added
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch changes the 400, 401, 402, 403, 404, 500 error pages to be handled
by only one template for staff and only one template for OPAC.
Additionally it removes a translatability issues due to sentence splitings by html tags.
To test:
- Apply patch
- Trigger 404 error for staff and for OPAC by calling a page that does not exist
- Try to trigger other error pages and/or carefully review code changes
in the *.pl files
- Review koha-tmpl/opac-tmpl/bootstrap/en/modules/errors/errorpage.tt and
koha-tmpl/intranet-tmpl/prog/en/modules/errorpage.tt
(Amended to fix a typo)
(Amended for comment #6)
(Amended to cover OPAC error pages as well)
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
To test:
1) Apply patch
2) Go to a record (ie opac-detail.pl) and add tags that already exist with that record
3) Confirm new error message
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Rewording Ok for common patrons
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>