And a few minor fixes when they where causing issues for
translatability.
And rephrased a string about password reset to have it identical to
other strings with the same meaning.
Simplified via wrapping strings with <span> to split to huge
concatenated strings with a lot of %s everywhere.
== Test plan ==
This patch needs mainly proof reading. Still it's possible to do some
basic testing to demonstrate that adding a <span> in an IF doesn't
break anything.
Pick in one of the 110 modified templates a string that you know how to
display. Otherwise:
1. acquisitions => vendor => basket => add to basket =>
search "from existing record" => add order
2. Cancel the order
3. You see without issue "Bibliographic record will not be deleted"
4. administration => Patron categories
5. Try to delete a used and unused category
6. You see as expected
Category XXXX is in use. Deletion not possible!
and
Confirm deletion of category XXXX
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a new page opac-reset-password where a user cna enter their login
(userid or carndumber), current password, and new password.
If the user has a password expiration date and the current password is correct and
the new passwords match and meet requirements their password will be updated and the
expiration date reset
A patron whose password does not expire will be reidrected to login to change their password
To test:
1 - Apply patch, updatedatabase, enable new syspref EnableExpiredPasswordReset
2 - Set 'Password expiration' for a patron category
Home->Administration->Patron categories->Edit
3 - Create a new patron in this category with a userid/password set, and an email
4 - Update the patron with an expiration to be expired
UPDATE borrowers SET password_expiration='2022-01-01' WHERE borrowernumber=51;
5 - Give the borrower catalogue permission
6 - Attempt to log in to Straff interface
7 - Confirm you are signed out and notified that password must be reset
8 - Click 'Reset your password' link
9 - You should see the reset password page with fields for: login, current password, new password, conmfirm password
10 - enter invalid/incomplete credentials
11 - Confirm you are notified of invlaid credentials
12 - Fill in all fields, but enter current password as new password
13 - Confirm you are notified of no change
14 - Set minimum password length / strong password requirement for category
15 - Confirm you receive error if new password too short or not secure
16 - Enter a valid new password and submit and confirm update is successful
17 - Confirm you have buttons to go to OPAC or Staff and that both work
18 - Confirm you cna log in (i.e. expiration has been reset)
19 - Expire the users password
20 - Remove catalogue permission
21 - Reset password again and confirm only OPAC link
Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds the ability to define password_expiry_days for a patron
category.
When defined a patron's password will expire after X days and they will
be required to reset their password. If OPAC resets are enabled for the
catgeory they may do so on their own, otherwise they will need to
contact the library
To test:
1 - Apply patch, updatedatabase
2 - Set 'Password expiration' for a patron category
Home-> Administration-> Patron categories-> Edit
3 - Create a new patron in this category with a userid/password set,
and an email
4 - Confirm their password_expiration_date field is set
SELECT password_expiration_date FROM borrowers WHERE borrowernumber=51;
5 - Create a new patron, do not set a password
6 - Confirm their password_expiration_date field is NULL
7 - Update the patron with an expiration to be expired
UPDATE borrowers SET password_expiration_date='2022-01-01' WHERE borrowernumber=51;
8 - Give the borrower catalogue permission
9 - Attempt to log in to Straff interface
10 - Confirm you are signed out and notified that password must be
reset
11 - Attempt to sign in to OPAC
12 - Confirm you are signed out and notified password must be reset
13 - Enable password reset for the patron's category and perform a
password reset
Note: you will have to find the link in the message_queue unless
you have emails setup on your test environment
SELECT * FROM message_queue WHERE borrowernumber=51;
14 - Confirm that you can now sign in and password_expiration_date field
is set 10 days in the future
15 - Expire the patron's password again
16 - Change the patron's password via the staff interface
17 - Confirm they can sign in and the expiration is updated
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
TEST PLAN:
1) Enable shibboleth by adding shibboleth to koha-conf.xml, you can do
this by following
https://wiki.koha-community.org/wiki/Shibboleth_Configuration#Using_AD_FS_Metadata
2) If you are logged in Koha, log out, on the login screen the text
at the top should say the following, "Log in using a Shibboleth
account"
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch cleans up login.css a little bit so that the same style rules
which apply to the login screen apply to the 2FA input form as well.
The patch also changes the "Log out" link on the 2FA form to a "Cancel"
link alongside the "Verify" button.
To test, apply the patch and start the process of logging in to the
staff client using an account with 2FA enabled.
On both the login form and 2FA code views, confirm that everything is
styled consistently.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patchset introduces the Two-factor authentication (2FA) idea in
Koha.
It is far for complete, and only implement one way of doing it, but at
least it's a first step.
The idea here is to offer the librarian user the ability to
enable/disable 2FA when logging in to Koha.
It will use time-based, one-time passwords (TOTP) as the second factor,
an application to handle that will be required.
https://en.wikipedia.org/wiki/Time-based_One-Time_Password
More developements are possible on top of this:
* Send a notice (sms or email) with the code
* Force 2FA for librarians
* Implementation for OPAC
* WebAuthn, FIDO2, etc. - https://fidoalliance.org/category/intro-fido/
Test plan:
0.
a. % apt install -y libauth-googleauth-perl && updatedatabase && restart_all
b. To test this you will need an app to generate the TOTP token, you can
use FreeOTP that is open source and easy to use.
1. Turn on TwoFactorAuthentication
2. Go to your account, click 'More' > 'Manage Two-Factor authentication'
3. Click Enable, scan the QR code with the app, insert the pin code and
register
4. Your account now requires 2FA to login!
5. Notice that you can browse until you logout
6. Logout
7. Enter the credential and the pincode provided by the app
8. Logout
9. Enter the credential, no pincode
10. Confirm that you are stuck on the second auth form (ie. you cannot
access other Koha pages)
11. Click logout => First login form
12. Enter the credential and the pincode provided by the app
Sponsored-by: Orex Digital
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adjust:
Intranet login
Opac-main
Opac-main - 'log in to your account modal'
To test:
Login at the three places above
Confirm html shows autocomplete off on the fields
Confirm logins work
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
In most authentication forms we see :
Fields "Login:" and "Password:" with a submit button "Log in".
In some places submit button contains "Login", which is confusing for translation.
It is not correct according to terminology https://wiki.koha-community.org/wiki/Terminology#L
Also in opac-user.pl ":" is missing, it generates new translation entries.
Test plan:
1) Log out if you are logged in
2) Go to staff interface
3) Check you see button "Log in"
4) Go to OPAC page /cgi-bin/koha/opac-user.pl
5) Check you see fields "Login:" and "Password:"
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name
of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Esnure each othe files auth.tt, admin/transfer_limits.tt and
circ/transfers_to_send.tt have page titles that are swapped around to
display the most unique information first, and the wensite name is at
the end
3) Esnure the pages displayed on the Staff Client that correspond to
these files also display the changes
Sponsored-by: Catalyst IT
JD amended patch: remove dup "IP address change"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Indentation fixes for readability
Cleaned up a few places where the ability to login otherwise was leakign through
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
JD amended patch: Remove trailing spaces
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch replaces remaining instances of <script type="javascript"> in
templates with "<script>."
To test, apply the patch and check the changes to the template. Verify
that the changes look correct.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Fix "submit is not a function error"
A submit button should not be named "submit", in this case, it's id.
https://stackoverflow.com/questions/833032/submit-is-not-a-function-error-in-javascript
Fix some uses of get_attribute()
Fix a fail by setting a global implicit_wait_timeout, default value is 0
in our lib. Other libs set it higher which helps to not have to manually
deal with part of the timing issues.
Fix: remove usage of click_when_visible() because it doesn't work with
elements not in the top of the page. Because they are off screen.
Fix: use $driver->quit() in error_handler to not forget an open Firefox.
With the current version, it fills /dev/shm and fails with around 5
Firefox opened.
Also use quit() it at the end of every script.
Fix: filling item fields, to fill only the displayed one (not those
with display:none)
== Test plan ==
1. Update selenium/standalone-firefox to the latest version [1]
2. prove t/db_dependent/selenium/authentication.t
3. It fails with: arguments[0].form.submit is not a function
4. Apply patch
5. Retest
6. Success
[1] In koha-testing-docker you can do it with
docker-compose.yml:
selenium:
- image: selenium/standalone-firefox:2.53.1-americium
+ image: selenium/standalone-firefox
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates the html_helper for the cash register selection block
to remove the 'empty option' such that it can be correclty set for each
select case and updates all existing cases where we used the process
block previously to include the relevant blank option '-- Select an
option --', '-- None --', 'Library default' and finally the new '-- All
--' options introduced with this bug.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The hidden attribute for loading an element hidden is known to have
issues and inconsistencies accross browsers.
This patch instead updates the relevent input options to use an inline
style of 'display: none' to hide the elements on page load and then
.show, .hide for subsquent changes linked to the library branch picker
change.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch hides the register selection option from the login page if no
registers have yet been defined on the system.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The trailing space after branch in the class attribute for the register
select options cause issues in the 'hasClass' javascript selector
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates 'Branch default' to 'Library default' on the login
page to match the coding terminology guidelines.
We also update the table heading on the cash registers management page
to match the terminology above for clarity.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If no branch is selected (i.e. 'My library') then we should default to
'branch default' if one is defined for the users library at login.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the saved reports page so that it remembers, for the
duration of the browser session, the last active tab.
To test you should have multiple reports in multiple report groups.
Apply the patch and go to Reports -> Saved reports.
- Select a tab to filter the table of saved reports to a particular
report group.
- Navigate away from the page
- Return to the save reports page. The tab you previously selected
should be selected again.
- Restart your browser and return to the saved reports page. The tab
should no longer be preselected.
Update: The tabs filtering JavaScript has been moved to a separate
function so that the function can be triggered by both the "create"
event (when the tabs are initialized) and the "activate" event (when a
tab is selected).
Update II: Persistence is now enable through localStorage instead of
Cookies. The localStorage item is now cleared during the logOut
function.
Update III: The logOut() function in staff-global.js is now called by
auth.tt to ensure that tabs are not remembered across sessions.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I missed a case on the authentication page with the prior patch of the
same name.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
You should be able to add desk choice when you are logging in or
changing library.
Test plan:
1. apply patch
2. have at least three libraries, one without desk, one with one and
one with a few.
3. At login, when choosing a library, it should enable all desks it
has. Pick one.
4. the desk id and name should be set in your session and appear in
the top right, next to the library name.
5. change library and desks from intranet (at the set-library.pl page)
6. you should have the same behaviours
7. if you have a library without a desk, it should prompt you a '---'
option and no desks will be attached to the session.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the use of jquery.cookie to store "last patron"
information, using localStorage instead. jquery.cookie.js is obsolete.
See Bug 24624.
localStorage has been chosen as an alternative in this situation because
it does not require transmission between the client and the server. See
Bug 12410.
Because there is no "session only" option with localStorage, additional
handling of the showLastPatron data is added to the login page. That
takes care of "stale" last patron information if user didn't log out but
the session expired for some reason.
To test apply the patch and enable the showLastPatron system preference.
1. Load a patron's account for checkout
2. Navigate away from patron-related pages: Perform a catalog search
from the search header form and open the detail page from the search
results. Confirm that the correct last patron information still
shows.
3. Load another patron's account for checkout
- There should now be a "Last patron" link in the breadcrumbs bar
which links to the patron in step 1. Hovering your mouse over the
link should display a tooltip containing the patron's name and
card number.
- Click the "X" to clear the last patron information. The last
patron link should go away.
4. Log out and log back in. The last patron information should be gone.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The return URL that is part of the link to CAS login is double-escaped on the staff login page.
It appears that this is the same issue as bug 21973 but in the staff intranet template. I have attached an identical patch for the intranet auth.tt file.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes the templates relying on the OpacResetPassword syspref
use the introduced TT plugin method instead by changing:
[% IF Koha.Preference('OpacResetPassword') %]
=>
[% IF Categories.can_any_reset_password %]
To test:
- Verify that all the places in which the 'forgot password' link is
displayed in OPAC keep working, provided there's at least one category
that has the flag set
- Attempt to recover the password for a patron that belong to a valid
category (i.e. that has the flag set)
=> SUCCESS: You can go through the normal process
- Attempt to recover the password for a patron that belongs to a
category with the flag unset.
=> SUCCESS: Once Koha identifies your category, you are told you are not
allowed to do it
- Sign off :-D
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
- This patch adds shibboleth authentication to the staff client.
- Depending upon how your url structure works, you may or may not need a
second native shibboleth service provider profile configured for this
to work.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Apply patches
2 - Upgrade database
3 - Check the staff client login page, should be no change
4 - Add something to the preferene
5 - It should appear on the login page
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates various unrelated templates to use the Bootstrap
grid.
- about.tt - The about page
- auth.tt - The login page
These pages should look correct.
- reports/reports-home.tt - The reports home page
- admin/admin-home.tt - The administration home page
These pages should look correct, with a single centered column
with wide margins on either side. At lower browser widths the margins
should disappear.
- serials/subscription-add.tt - Serials -> Add subscription. The entry
form should look correct during each step of the add/edit process.
- suggestion/suggestion.tt - Acquisitions -> Suggestions -> New
suggestion. The page with the new suggestion form should look correct.
Signed-off-by: Roch D'Amour <roch.damour@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The login template must have a class attribute on the body tag in order
for the template to pass tests.
To test, apply the patch and confirm that the staff client login form
still looks the same. For further confirmation you could update the
IntranetUserCSS system preference with something like this:
.main_main-auth {
background-color: #CCF;
}
The login form should now have a different background color.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes template and CSS changes so that the staff client main
page doesn't get an unwanted top margin from the Bootstrap-grid
conversion.
- The unused "main" class is removed from the login page
- The "main" class on the staff client home page is changed to
"intranet-main."
- The CSS for the staff client home page has been modified accordingly.
To test, apply the patch and clear your browser cache if necessary.
- Open the staff client login page. It should look as it always does.
- Log in and check the style of the main page. There should be no white
margin at the top of the page.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To prevent brute force attacks on Koha accounts, staff and opac, we need to
implement an account lockout process to Koha.
After a number of failed login attempts a users account would become locked.
The user would then need to use the reset password functionality to send a reset
token to their email account. After a successful password reset the lockout flag
would be removed.
The number of failed login attempts before lockout is configurable using a new
system preference 'FailedLoginAttempts'.
How does it work?
When a patron enter an invalid password, the borrowers.login_attempts value
for this patron is incremented. When this value reach the value of the
pref FailedLoginAttempts, the password comparison is not done and the
authentication is rejected.
This login_attempts field is reset when a patron correctly logs in. When
the account is locked the patron has to reset his/her password using
the OpacResetPassword feature or ask a staff member to generate a new
password.
If the pref is not set (0, or '') the feature is considered as disabled,
but the failed login attempts are stored anyway.
Test plan:
0/ Apply patch and execute the update DB entry
1/ Switch on the feature by setting FailedLoginAttempts to 3
2/ Use an invalid password to login at the staff or OPAC interface
3/ After the third consecutive failures, you will be asked to reset your
password if OpacResetPassword is set, or contact a staff member
4/ Switch on OpacResetPassword and reset your password
5/ Confirm that you are able to login
6/ Play with the different combinations
QA details: The trick happens in C4::Auth::checkpw, to make things clear
I had to create a return value (note the awesome name: @return) and
replace the 3 successives if statements with elsif. Indeed if one of
the condition is reached, it will return inside the given block.
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Those 2 prefs can be independent and it does not make sense to consider
AutoLocation only if IndependentBranches is set.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch modifies the about page and the login page templates so that
JavaScript is included in the footer instead of the header.
To test, apply the patch and test each page to confirm that
JavaScript-based interactions are unaffected:
- On the About page tabs and header menu dropdowns should work correctly
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch fixes a translatability problem (syntax in different languages) with a tag-isolated word "please"
in koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
To test:
- Verify in code that there is no sentence spliting by a-tags (lines 80/84).
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This uses a hacky but simple method to get the correct script name under
proxied packaged Plack.
Test plan:
1) Log out of both the OPAC and staff side.
2) Try to access a page that requires login (opac-reserve.pl is a
good one for the OPAC), then log in.
3) You will be redirected back to mainpage.pl or opac-user.pl.
4) Repeat above for both staff side and OPAC.
5) Apply patch.
6) Repeat steps 1-4; you should be redirected back to the original
page you were on.
7) Repeat the above for both a traditional CGI and kohadevbox/package
Plack installation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
* Extends login screen to pass along #hash
* Adds JSONP support to C4::Service
* Extends humanmsg to allow per-message classes
* Adds proper charset to results of svc/bib
Test plan:
1. C4/Auth.pm and .../intranet/.../auth.tt: verify that login/usage
works as expected, despite the change to pass on the fragment (...#blah)
from the URL.
2. C4/Service.pm and humanmsg.js: verify that editing system
preferences (the main user of these modules) works correctly despite
updates.
3. svc/bib: verify that records can be correctly downloaded with the
change of character set. This can be done in a Firebug/Chrome Devtools
console by running `$.get('/cgi-bin/koha/svc/bib/1')` and inspecting the
results (possibly replacing 1 with a different valid biblionumber).
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>