Moving the status to the invalid 'processing' might well have unwanted
side-effects. (The status column will be set to empty string and we have
a problem if it is not processed.)
This patch allows pass-through of DBIX's make_column_dirty in
Koha::Object (simple tests included) and uses it to force an update.
If the update does not return true, it still exits.
Test plan:
[1] Read the changes.
[2] Run t/db_dependent/Koha/Object.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Last week, we had a database server whose disk filled, causing database writes to fail.
This meant that messages in message_queue marked 'pending' were not marked as 'sent' when they were added to the postfix mail queue; messages were sent every 15 minutes (as specified in the cron job) until the disk space issues were cleared.
I would suggest adding a token write to the start of process_message_queue.pl as a 'canary in the coal mine'. If the database write fails, process_message_queue should stop, because it's not safe to proceed sending emails that may not be marked 'sent'.
Test Plan:
1) Apply this patch
2) Make the message_queue table unwriteable somehow
3) Run process_message_queue.pl
4) Script should die with error
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch is a first step to provide a preview mode for notice
templates.
CHECKIN, CHECKOUT and HOLD_SLIP are supported so far.
Maybe more, but I have not tested yet and the interface will not allow
you to generate the preview.
The idea is to provide an idea of how will render the messages generated
from a notice template.
A new "Preview" button is added close to each textarea on the editing
notice templates view.
For each notice template code (letter_code), we will need some input
data to produce the preview.
For instance, for CHECKIN we need an barcode. From the barcode we
can guess all the other data.
For CHECKOUT we will need the borrowernumber and the barcode.
Note that the way to enter the data for the preview is not really
user-friendly, for CHECKOUT you will have to fill
'borrowernumber|barcode', but the placeholder will help you to know how
and what to fill.
In the modal window, you will see 4 blocks:
1/ the content of the letter (with the placeholds << >>)
2/ the generated message (with the data filled)
3/ if the letter contained historical syntax markers, the screen will
try to generate a notice template using the TT syntax
4/ the generated message from this TT syntax
=> You will be able to compare the 2 generated messages.
What is the goal of this first patchset:
- Show this first POC and get feedback from other developpers
- Add a way to easily visualise the differences between the 2 syntaxes
- Confort users with the TT syntax and the migration step from the
historical syntax.
I'd like to get opinions before going further.
The possibilities:
- Mock data to get fully working generated messages for any notice
templates. For instance, for CHECKIN and CHECKOUT, the item is not
checked in/out yet. So we cannot access the issue's information.
(I have no idea how to do that)
- Browse the data to get the ones we want to use for the preview (big).
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This will allow us to call GetPreparedLetter with a letter content that
does not exist in the DB
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jenkins fails (run 287) on a test in t/db_dependent/Letters/TemplateToolkit.t:
With the historical syntax:
# Your request for an article from tQYRS (c3Av58O0P5xkkIGu) has been canceled for the following reason:
With the TT syntax:
# Your request for an article from tQYRS_ (c3Av58O0P5xkkIGu) has been canceled for the following reason:
The last character of the biblio's title has been removed because it's a punctuation character.
It comes from: C4::Letters::_parseletter
893 $val =~ s/\p{P}$// if $val && $table=~/biblio/;
The same replacement is done for patron's attributes too.
Test plan:
- Confirm that the new tests pass. That should be enough to confirm this change make sense.
Test plan (manual):
- Create a biblio with a title ending with a punctuation (like "with_punctuation_"), or any other fields of biblio/biblioitem
- Generate a notice which will display this field (CHECKIN for instance)
Use the historical syntax and the TT syntax, both should display the title without the punctuation character at the end
CHECKIN historical:
The following items have been checked in:
----
<<biblio.title>>
----
CHECKIN TT syntax:
The following items have been checked in:
----
[% biblio.title %]
----
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It would be nice to allow emails to be sent overnight, but limit the sending of SMS messages to hours when people are awake. Adding a type limit to process_message_queue.pl would allow this to be accomplished easily.
Signed-off-by: Charles Farmer <charles.farmer@inLibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This tweaks the perldoc for SendQueuedMessages and adds
some for _get_unsent_messages.
TEST PLAN
---------
perldoc C4::Letters
-- look at _add_attachments (ugly), _get_unsent_messages (non-existent),
SendQueuedMessages (no reference to borrowernumber or letter_code).
apply patch
perldoc C4::Letters
-- confirm that SendQueuedMessages and _get_unsent_messages
have reasonable POD information.
-- notice how _add_attachments' POD is now readable
run koha qa test tools
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Run through the password reset process, and your server
should send the message immediate, not waiting for the
cronjob.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This subroutine is wrong and must be rewritten using
Koha::Notice::Templates.
Mainly because the DB structure is bad.
Meanwhile we remove the branchcode from the SELECT to get correct
results, it was not used by callers anyway.
Fix for:
'koha_kohadev.letter.module' isn't in GROUP BY
t/db_dependent/Letters.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This subroutine is quite trivial and can be replaced easily with a new
method of Koha::Patron
Test plan:
Overdue notices and shelf sharing must be send the to an email address,
according to the value of the pref AutoEmailPrimaryAddress
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 18478 fixed sms via email problems under the assumption that
to_address was either smsalertnumber or blank.
It seems overdues set the to_address to email. This patch changes the
code to enforce that an sms sent with emial driver will use the
smsalertnumebr and provider defined for the borrower, regardless of what
is set in the queue
To test:
1 - Define a messaging prefs for a patron to recieve hold notices via
SMS
2 - Ensure you have defined an SMS message for an overdue letter
3 - Set an SMS alert number for patron
4 - Set the SMS::Send driver to 'Email'
5 - Checkout an item as overdue to trigger notice above
6 - Run overdue_notices.pl
6 - Check the db and note the address is email
7 - run process_message_queue.pl
8 - Check db - address is email followed by service provider
9 - Apply patch
10 - repeat
11 - Message to_address should be populated with smsalertnumber
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Add limit parameter to POD section.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Having the ability to limit the number of messages sent by process_message_queue.pl on a single run would be very useful for controlling home many messages are sent at a given time. This can help prevent too many messages being sent out at once and getting flagged as a spammer.
Test Plan:
1) Apply this patch
2) Generate some number of messages in the message queue
3) Run process_message_queue.pl with the new --limit option,
set limit to a number smaller than the number of pending messages
4) After the script has run, check the database and note that only
a number of pending messages were sent, and that the remaining amount
of pending messages is the original amount less the number specified
as the limit
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This issue has been highlighted by a failing test: ISSUESLIP displays checkouts in random order
I thought it was because of dates comparison, but it comes from the following line in C4::Letters::_get_tt_params
my $objects = $module->search( { $key => { -in => $values } } );
The DBMS will return data like there is ordered in the DB.
For instance:
select borrowernumber from borrowers where borrowernumber in (5, 3, 1);
or
select borrowernumber from borrowers where borrowernumber=5 or borrowernumber=3 or borrowernumber=1;
will return 1, 3, 5
I did not find a generic way to do that, so used "ORDER BY FIELD" which will not be portable.
Test plan:
If you do not apply this patch, the tests will sometime fail
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
At the moment we have 2 different modules for acquisition orders:
Koha::Tmp::Order[s] and Koha::Acquisition::Order
The later has been added before the creation of Koha::Object.
Koha::Tmp::Order[s] has been created to make the TT syntax for notices
works with acquisition order data.
This patch removes the temporary packages Koha::Tmp::Order[s] and adapt
the code of Koha::Acquisition::Order[s] to be based on Koha::Object[s].
It also overloads Koha::Object->new to add the trick that was done in
Koha::Acquisition::Order->insert. This is needed because acqui/addorder.pl
is called from several places and CGI->Vars is used to retrieved order's
attributes (and so much more). To avoid regression, the easiest (but not
cleanest) way to do is to filter on aqorders column's names.
This is *not* a pattern to follow!
Test plan:
Create basket and add orders from different ways, then continue a whole
acquisition process
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Here we go, you will notice at the dependency list that this one is a
bit different.
In our former syntax we have 2 custom tags <checkedout> and <overdue>.
These tags were allowed to permit loop on the checked out items and the
overdue items.
In this patch, we will use the "loops" parameter, introduced by bug
17971, to pass the list of checkouts and overdues to the template.
Note that Kyle suggested another approach on bug 15283: all the
checkouts were send into the same array and each element of this
array calls the is_from_today method, to know if the checkout is an
overdue.
I don't think we should rely on the Koha API, that's why I suggest to
pass 2 differents object list, 1 which contains the checkouts and
another one with the overdues.
Note that we do rely on the Koha API, we call the Koha::Checkout->item
and Koha::Item->biblio to propose an equivalent TT notice. But I think
we can accept that.
Test plan:
Define the ISSUESLIP and ISSUEQSLIP notice templates to generate the
same notices you generated with the historical syntax.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
https://bugs.koha-community.org/show_bug.cgi?id=17969
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
<<items.content>> is generated 4x in advance_notices.pl and once in
overdue_notices.pl
It would be better to have it in C4::Letters.
It will enforce the fact that it already has the same behavior, make it
testable and reusable.
Test plan:
Use the <<items.content>> tag for advance and overdue notices.
The generated notices must be the same as before this patch.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
TEST PLAN
(reproducing bug)
1 - Set 'IndependantBranches' to enable
2 - Log in as Superlibrarian.
3 - Create 3 rules
- 1 for all librairies (1)
- 1 for the library of the superlibrarian (2)
- 1 for another library (3)
4 - Try to delete them and see them and see that (3) isn't the good one
(checking patch)
5 - Apply patch
6 - Try again 3-
7 - Connect as not superlibrarian
8 - Try again 3-
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
GetMember returned a patron given a borrowernumber, cardnumber or
userid.
All of these 3 attributes are defined as a unique key at the DB level
and so we can use Koha::Patrons->find to replace this subroutine.
Additionaly GetMember set category_type and description.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Here we need to test <<today>>.
We already pass a value, but it was wrong. We must pass a string, not a
DateTime object, otherwise the KohaDates plugin will not display the
hours part if we need it.
Test plan:
Define a HOLD_SLIP notice template to match your need.
Do not forget to use
[% today | $KohaDates %]
or
[% today | $KohaDates with_hours => 1 %]
To access data from the reserves table, use the 'hold' variable
Tested both patches together with several date formats, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This notice template have the particular feature of using <<count>>.
This value is substitued during the process of the notice template.
For the TT syntax, all what we need is to send the values to substitute to the
template.
Note that items.content can also be used in these template, you can have
a look at bug 17967 to see a better alternative to this marker.
Test plan:
Generate DUEDGST and DUE notice messages.
You should be able to generate the same messages with the TT syntax.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Make sure to build necessary letters
Fix awkward construction
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
It seems that for HOLD and DUE (and maybe more) notices we rely on
C4::Letters::SendQueuedMessages
to populate the correct address.
This patch adjust that subroutine to correctly populate the field and/or
fail messages if no SMS provider available
To test:
1 - Define a messaging prefs for a patron to recieve hold notices via
SMS
2 - Ensure you have defined an SMS message for 'HOLD' letter
3 - Set an SMS alert number for patron
4 - Set the SMS::Send driver to 'Email'
5 - Fill a hold for the patron
6 - Check the db and note the address is null
7 - run process_message_queue.pl
8 - Check db - address is null and message pending
9 - Apply patch
10 - run process_message_queue
11 - Message to_address should be populated and message sent
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Sponsored-by: Orex Digital
Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If the pref is on, the notice template will be translatable in different
languages
Sponsored-by: Orex Digital
Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
- Remove expiration date calculation in C4::Letter since it's done
when setting the reserve waiting,
- remove expiration date calculation in circ/waitingreserves.pl. Use
the one in DB,
- add a new atomic update that calculate expiration date for
waiting reserves,
- add tests for days_foward function and fix the infinite loop.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If SMS via Email is enabled, and a patron has opted for SMS messages, but has not selected a service provider, the cronjob will die with the error
Can't call method "domain" on an undefined value at /usr/share/koha/lib/C4/Letters.pm line 1055.
This will cause all messages that come after the error to not be sent!
Test Plan:
1) Enable SMS via Email
2) Enable SMS for a patron, but don't set a provider
3) Perform an action that will trigger an sms message to go into
the holds queue ( item due, item checkout, etc )
4) Run process_message_queue.pl, note the error
5) Apply the patch
4) Run process_message_queue.pl, no error this time!
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We certainly always want to retrieve the last row of a given search.
If it not sufficient we will need to rethink this code.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Using the KohaDates plugin will allow us to format dates as we want,
using the same filters as the ones defined in the KohaDates TT plugin.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If it's a CHECKIN, C4::Circulation::SendCirculationAlert set a
"old_issues" key instead of "issues".
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Apply patch and update database
2) Run 'git grep "OverdueNoticeBcc"' and confirm there are no other
instances
Sponsored-by: Catalyst IT
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Currently, the From field uses the emailaddress of the staff client member
from the user context. This is exceptional in Koha. And might very well be,
as in our case, the cause of fraud detection warnings.
We should use branch email address or fallback to KohaAdminEmailAddress,
as we do (almost) everywhere else.
Test plan:
Go to subscription detail in Koha.
Go to Claims.
Select a missing issue and click Send notification.
Verify the sender address in the generated notification. (Make sure that
you receive this mail.)
Signed-off-by: Grace McKenzie <grace.mcky@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
For instance an issue is not fetch from its fk but using the fk
itemnumber.
We need to support them.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
On of the awesome things we will be able to do with the TT syntax is the support of plurals.
For instance we will be able to send a list of items, checkouts, etc. to the notice template.
That way we will get rid of our custom syntax like <<items.content>> or <item></item> for instance.
The existing code already has the playground for that but it is not used.
Basically the idea is to add a "loops" key which can contain a list of
object to retrieve from the DB and send to the template.
For instance:
loops => { overdues => [ $itemnumber_1, .., $itemnumber_N ] }
will send a variable "overdues" to the template. It will contain the
Koha::Checkout objects relative to the id passed.
There is one quite big inconvenient to this approach so far: since we
are still supporting the historical syntax, the objects can be fetch by
a script, then the script will send the id to GetPreparedLetter which
will refetch them.
This must be improved, but I suggest to do that later.
Test plan:
prove t/db_dependent/Letters/TemplateToolkit.t
should return green
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
From C4::Letters::GetPreparedLetter:
my $tables = $params{tables};
my $substitute = $params{substitute};
$tables || $substitute || $repeat
or carp( "ERROR: nothing to substitute - both 'tables' and 'substitute' are empty" ),
return;
So if the parameter tables or substitute is passed but does not contain anything, it will not warn as expected.
Test plan:
1/ Apply the patch with tests
2/ Confirm that they do not pass
3/ Apply this patch
4/ Confirm that the tests now pass
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nothing new here since bug 17962, the AR_* notice messages are quite
simple. They send the article_request, patron, biblio, biblioitem, item and
library linked to the article request.
All the fields from these 6 tables should still be accessible using the
TT syntax.
Test plan:
Define TT notice templates for AR_PENDING, AR_PROCESSING, AR_COMPLETED
or AR_CANCELED.
You should manage to create a template to generate the same result as
the historical syntax.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To make ACQ_NOTIF_ON_RECEIV TT compatible, we need to expose data from
the aqorders table. We already have a package for it in the Koha
namespace but it is based on Koha::Object[s].
The other path creates dummy Koha::Tmp::Order[s] packages to make it
usable. Of course we should use a valid Koha::Acquisition::Order[s]
based on Koha::Object, but it's outside the scope of this bug report.
This notice template is quite simple, and it's a good one to start.
From C4::Acq::NotifyOrderUsers, GetPreparedLetter is called with 4
elements: the library, the patron to notify, the biblio and the order
information.
Note that prior to this patch aqorders was filled from GetOrder, which
retrieved a lot of information from the acquisition table (aqbasket,
aqbookseller). The idea with the TT syntax is to access the data from
where it really exists. So if a user wants to display the basket name,
[% order.basket.basketname %] should be used instead.
Note that this will not work at the moment, the basket method is not
defined in the order package.
However the basic template should work as before.
The test added to TemplateToolkit proves that.
Test plan:
Use the default ACQ_NOTIF_ON_RECEIV to notify a patron that an order has
been received.
That generated template should be exactly the same as prior to this
patch.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To recreate:
/cgi-bin/koha/acqui/lateorders.plop=send_alert&ordernumber=1)and%20(select*from(select(sleep(20)))a)--%20&letter_code=0
Notice the delay.
The SQL query is not constructed correctly, placeholders must be used.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To recreate:
/cgi-bin/koha/serials/claims.pl?serialid=1)and%20(select*from(select(sleep(20)))a)--%20&letter_code=0
Notice the delay.
The SQL query is not constructed correctly, placeholders must be used.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Currently you can call GetPreparedLetter like:
$prepared_letter = GetPreparedLetter(
(
module => 'test',
letter_code => 'TEST_HOLD',
tables => {
reserves => [ $fk1, $fk2 ],
},
)
);
It assumes that $fk1 is a borrowernumber and $fk2 a biblionumber.
It seems hazardous to do this guess.
I suggest to remove this feature and only allow hashref indeed.
Test plan:
Use different way to generate letters and make sure you do not reach the croak
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When no notice template ACQORDER was defined, you'r receive a false
positive "email sent" message. Now it will display a specific
error message instead.
Also includes 2 unit tests to test for the warn and new error code.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
With this patch it will be possible to send order information
to the vendor by e-mail. For now this feature can be triggered
manually with a button before closing the basket.
The order e-mail is based on the acquisition claim feature, but
uses a new notice template.
Test plan:
1) Vendors
A new checkbox "Contact when ordering?" was added to the vendor
page.
- Add a vendor and/or edit an existing vendor
- Verify the new option is saved correctly
- Verify the new option displays on the vendor summary page
after saving
2) Notices
The feature works with a new notice template: ACQORDER
It works with the same formatting/fields etc. as the acq claim
notice.
- Add a new notice template ACQORDER in module
'Claim/order aquisition'
- Make sure to use fields from the various offered tables
in your notice
- Verify it is saved correctly
3) Basket
- Turn on LetterLog system preference
- Create multiple order lines
- Click the 'Send order' button in the toolbar
- Verify error or success message
- Verify you received the e-mail
- Verify there is a new entry with about the sent
notice in your action_logs table
4) Regression testing...
- Verify order claims still work
- Verify serial claims still work
- Verify new serial issue notices still work
...
(I can provide additional test plans if needed)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jennifer Schmidt <jschmidt@switchinc.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The subroutine C4::Koha::GetAuthorisedValueByCode returned the
description (staff or opac) for a given authorised value.
Note that we may need a unique key to ->find instead of ->search.
Test plan:
- Checkin an item that cannot be checked in because it's lost, the
message should display the AV description
- Generate a letter with borrowers.streettype equals an ROADTYPE AV, the
description should be displayed.
- Edit a patron attribute type, the AV dropdown list should be
displayed
- Create the PA_CLASS AV category (see bug 7154) and make sure it
behaves as before when editing a patron
- The checkout list should display descriptions for LOC, LOST and
DAMAGED
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Built on top of bug 17441
Test plan:
Just have a look at the changes. Trivial.
Git grep seleted. No results.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>