This patch makes changes the button markup in Catalog
templates -- including the Cart -- so that all submit buttons and any
buttons that should should be styled as primary buttons have the
Bootstrap class "btn btn-primary."
Edit: This revised patch changes the button styles on the search history
page to make them more consistent with buttons in similar interfaces
(see catalog search results).
The patch also adds Bootstrap size classes to the item detail page and
removes some global CSS which targeted buttons on that page.
To test, apply the patch and view pages the catalog to confirm
that everything looks correct. In most cases there are no visible
changes.
- Advanced search: The main search button at the top
- Search results: The "Search within results" submit button
- Bibliographic detail page: This change is to a hidden button. This
section can be removed in a separate bug.
- Bibliographic detail page -> Items: Various "Update" and "Set status"
buttons. Note that the alignment of buttons has not changed in the
redesign.
- Item search: The main search button at the top
- Search history (from the logged-in user's menu in the top right):
"Delete" buttons in each section
- Catalog -- Current and previous sessions
- Authority -- Current and previous sessions
- In the Cart popup window, click "Send." In the resulting popup, the
"Send button.
- The template basket/downloadcart.tt has been modified but I think the
template might be unused.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the authorities, basket and batch folders are swapped around to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch changes the term ISO2709 in the templates to use
MARC instead.
Test plan:
- The term was changed on the following pages in staff:
- Advanced catalouging editor > Save to catalog
- Patron account > Check out (Activate ExportCircHistory) > Format
- Patron account > Check out > Help page
- Lists > Download list
- Acquisitions > Add order to basket > From a staged file (breadcrumbs)
- Administration > System preferences > ExportRemoveFields
- Cart > Download
- Tools > Export data > Output format
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
