From Julian on bug 24661 comment 6:
"""
It looks like xgettext does not like ES6 template literals.
https://savannah.gnu.org/bugs/?50920
From what I understand, support for template literals was added in gettext 0.20 (still not packaged in debian) but is still buggy in latest released version 0.20.1 and a fix is present in master.
"""
We should not use backticks ` in .js file, it breaks xgettext.
To replicate:
kohadev-koha@e1f3025cca60:/kohadevbox/koha/misc/translator$ perl translate update es-ES
koha-tmpl/intranet-tmpl/prog/js/checkouts.js:569: warning: unterminated string
koha-tmpl/intranet-tmpl/prog/js/checkouts.js:858: warning: unterminated string
koha-tmpl/intranet-tmpl/prog/js/checkouts.js:904: warning: unterminated string
koha-tmpl/intranet-tmpl/prog/js/checkouts.js:911: warning: unterminated string
koha-tmpl/intranet-tmpl/prog/js/checkouts.js:1095: warning: RegExp literal terminated too early
/usr/bin/msgmerge: error while opening "/kohadevbox/koha/misc/translator/po/es-ES-messages-js.po" for reading: No such file or directory
(last error 'No such file or directory' is not related to this).
Test plan:
Make sure nothing is broken on the claims table
Confirm that the errors do not longer appear on `perl translate update LANG`
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
903 let title = `<a
class="return-claim-title strong"
href="/cgi-bin/koha/circ/request-rcticle.pl?biblionumber=[%
rc.checkout.item.biblionumber | html %]">
At first it seems like a typo:
request-rcticle.pl vs request-acticle.pl
But actually it does not make sense to link to request-article, we want
(I think) to link to the bibliographic record detail page.
Test plan:
- Have something in the claim table (cf bug 14697)
- Click on the title of the bibliographic record
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Use intrahtdocs and opachtdocs in order to get the correct paths for all
kind of installations
Test plan:
1. With a dev install, run ./translator create/update/install xx-XX and
verify that there is no error message
2. With a standard install, run ./translator create/update/install xx-XX
and verify that there is no error message
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested for dev/single/standard installs, no errors,
just a (normal) warn from po2json.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Suggesting a change of the tooltip wording to read:
There are no enrollments for this club yet
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The link is disabled but it's possible to click and access the page
anyway.
Test plan:
- Create a new club template
- Create a new club
- Click the Actions > Enrollments link
=> Without this patch you can access the page
=> With this patch applied you cannot, and a tooltip explains why (feel
free to suggest another wording)
- Add a new patron to this club (from /cgi-bin/koha/opac-user.pl#opac-user-clubs)
- Notice that the action link is not enabled and click takes you to the
list of enrollments
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1- go to cgi-bin/koha/admin/branch_transfer_limits.pl
2- see wording "Check the boxes for the libraries you accept to checkin items from"
3- apply patch
4- see wording "Check the boxes for the libraries you allow your items to be transferred to"
To verify new wording accuractely describes behavior:
1- Set UseBranchTransferLimits set to Enforce using itemtype
2- Confirm circ rules allow holds
3- Confirm hold policy by item type allows holds
4- Confirm all branches are valid pickup locations in branch setup
5- In Branch Transfer Limits, set dropdown to Branch A, select itemtype Book, disable all transfers so Branch A does not accept books from any other branch
6- Find a patron from Branch A
7- Find a book from Branch B
8- On the intranet, successfully place hold on item for patron for pickup at branch A
9- Cancel hold
10- Log into opac as patron
11- Successfully place hold on item for pickup at Branch A
12- Cancel hold
13- In Branch Transfer Limits, set dropdown to Branch A, select itemtype Book, ENABLE all transfers so Branch A DOES accept books from any other branch
14- In Branch Transfer Limits, set dropdown to Branch B, select itemtype Book, disable all transfers so Branch B does not accept books from any other branch
15- On the intranet, try to place a hold on item for patron, confirm Branch B is your only pickup option
16- On the OPAC, log in as patron, try to place a hold on item, confirm Branch B is your only pickup option
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch removes '<div id="opacheader">' from masthead.inc
because the same markup is generated by koha_news_block.
To reproduce the bug, make sure there is an opacheader news block
defined. Add this to the OPACUserCSS system preference:
View the main page of the OPAC. You should see two blue borders around
the opacheader content.
Apply the patch and reload the OPAC page. There should now be only one
blue border.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested whith OPACUserCSS -> #opacheader { border: 1px solid blue; padding: 1px; }
don't know the intended value but works :)
Work as described following test plan, no errors.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds back the CSS changes which seem to have been lost in a
rebase somewhere. The patch also corrects a bad copy/paste in the XSL
file which led to a 404 error.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch reimplements the OPACPopupAuthorsSearch feature so that it
will work in the XSLT view.
To test, apply the patch and rebuild the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- View the detail page for a bibliographic record in the OPAC.
Test under the following conditions:
- OPACPopupAuthorsSearch ENABLED, OPACXSLTDetailsDisplay "default"
- OPACPopupAuthorsSearch ENABLED, OPACXSLTDetailsDisplay empty
- OPACPopupAuthorsSearch DISABLED, OPACXSLTDetailsDisplay "default"
- OPACPopupAuthorsSearch DISABLED, OPACXSLTDetailsDisplay empty
In each of these cases, test the detail page's listing of additional
authors/contributors and subjects. Test records which have both multiple
contributors or subjects and which have only one author or subject.
When OPACPopupAuthorsSearch is turned on, verify that the author/subject
selection modal appears and that your selections are correctly combined
to build a search string.
Note that OPACPopupAuthorsSearch feature has a problem with terms
containing parentheses. The issue predates this patch.
Also note that the QA tools will give a false positive about Bootstrap
button styles. This rule only applies to the staff client.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Temporary measure to see which warnings Jenkins got while we cannot
reproduce them ourselves on D8, D9 and D10.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
0. Apply patch
1. Set up Koha on stretch (e.g. koha/koha-testing:master)
2. perl t/Koha/Middlware/RealIP.t
3. Observe the following:
Subtest: IPv6 support
ok 1 - Warn on IPv6 koha_trusted_proxies
ok 2 - Unable to parse IPv6 address for trusted proxy, so ignore the X-Forwarded-For header
1..2
ok 13 - IPv6 support
4. Set up Koha on buster (e.g. koha/koha-testing:master-buster)
5. perl t/Koha/Middlware/RealIP.t
6. Observe the following:
Subtest: IPv6 support
ok 1 - Trust proxy (2001:db8:1234:5678:abcd🔢abcd:1234) using IPv6 CIDR notation, so use the X-Forwarded-For header for the remote address
1..1
ok 13 - IPv6 support
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
In order to resolve the random failure, that might be caused by reusing
filenames in File::Temp and caching xslt code, this patch replaces the
temporary file by using the code parameter.
Note: Since XSLT uses a digest based on the passed code fragment, we will
exclude collisions here.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Instead of warning_like, we eventually catch multiple warnings and look
if we catch one specific warn and not catch another specific one.
Test plan:
Run t/db_dependent/Koha/XSLT/Security.t on D8, D9, D10 or U18.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Passes on D8 and D9 for me.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Coming from
commit 51aa6db46c
Bug 12001: Move GetMemberAccountRecords to the Koha namespace
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Before this patch the response would return current date as the suspension end date for a hold that is suspended with no end date.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Before this fix the endpoint would accept the request but fail to actually update the hold if the request does not contain a priority parameter.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We allow for the user to add multiple users to this field, and the
search function expects and array. We have been treating it as a scalar
TO test:
1 - Have an open basket in acquisitions
2 - Add to basket - from an existing order (copy)
3 - Enter a name in the 'Basket created by' field and select a user
4 - Hit search
5 - ISE (Can't use string ("1") as an ARRAY ref while "strict refs" in use at /usr/share/koha/lib/C4/Acquisition.pm line 2482.)
6 - Apply patch
7 - Repeat 1-4
8 - Success!
9 - Test with mutiple 'created by' entries as well
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Default for 008 was not tested yet.
Only wondering if we should insert default values only when we meet an
undefined value. Or should we also add if we meet an empty string? Is the
latter not more realistic in MARC?
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When trying to add an order using the ACQ framework with a 008@ tag,
Koha explodes:
Control fields (generally, just tags below 010) do not have subfields,
use data() at /home/vagrant/kohaclone/C4/Acquisition.pm line 3272.
Test plan:
Set a default value for a control field in the ACQ framework
Turn on UseACQFrameworkForBiblioRecords
Create a new order from a new record
The default value should be displayed
Save
=> No crash
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Same change as the first patch, but for the staff detail page.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1 - Add an 830 to a record with a volume subfield separated by a semicolon
830$aThe series ;$vvol 8.
2 - View the record in the opac
3 - Click the series link, no results
4 - View the link url - the semicolon is not encoded
5 - Apply patch
6 - link works
7 - URL is corrrectly encoded
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This adds a check that the lang variable is defined before testing
against it. In normal operation this is likely a no-op, but it is
required for compiling templates during QA.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Fixes among others the invalid use of json_has() which caused broken tests to pass with older Mojolicious versions.
Signed-off-by: Mason James <mason@kohaaloha.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch allows tests to succeed with the following versions:
JSON::Validator 3.18
Mojolicious 8.32
Mojolicious::Plugin::OpenAPI 2.21
Also Mojolicious::Plugin::OpenAPI version 1.17 and later 1.x versions now work.
Calling valid_input in under() would cause ' Use of uninitialized value $_[2] ' in more recent OpenAPI plugins, so that was changed too. As far as I can see this does not affect authorization.
Signed-off-by: Mason James <mason@kohaaloha.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When you enable options marked as unsafe, we hope that you know what
you are doing. You should, while having access to koha-conf.xml.
Test plan:
Verify that Security.t still passes.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Security.t does not pass anymore ;)
Due to bug 23290 the tests now trigger an additional runtime error that
we should also catch to let the tests pass again.
Test plan:
Run t/db_dependent/Koha/XSLT/Security.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Run t/db_dependent/Koha/XSLT/Security.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Run it!
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This follow-up refines the change made in the former patch.
See also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838097https://rt.cpan.org/Public/Bug/Display.html?id=118032
We do not want to depend now on the exact LibXML version, so we will
disable expand_entities unless it is explicitly enabled via the config
variable koha_xslt_security. (Allowing us to test if bad things will be
caught.)
The options key is now always added to the Security object.
The return from set_parser_options has been removed to allow disabling when
there is no koha-conf entry (which probably is the normal situation).
Test plan:
[1] Test the first example patch with and without the other patches (excl.
the second example). Toggle expand_entities in koha-conf. Restart
Plack and flush the cache each time. Evaluate results with the
commit message of first example.
[2] Test both example patches with/without other patches.
Toggle expand_entities. Restart etc. Evaluate results with commit
message of second example (check tmp/breached.txt).
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Since libxml2 disables it now by default, we need to enable it for testing.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Until now Base did not yet use Security. The security lines are removed
from Base here by calls to Security.
A new test must be added still.
Test plan:
Ensure that t/db_dependent/XSLT_Handler.t still passes.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Also adds a temporary stub for Koha::XSLT_Handler referring to Base.
This will be removed later.
Test plan:
Run t/db_dependent/XSLT_Handler.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This is just a git move. Cannot be tested. (Easier for QA.)
The next patch adjusts paths etc. in the module.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The problem is that administrators can provide XSLTs that
can read from the server and network and write to the server. The
This patch prevents the Koha::XSLT_Handler from running
XSLT stylesheets that call actions such as read_file, write_file,
read_net, and write_net as documented at
https://metacpan.org/pod/XML::LibXSLT#XML::LibXSLT::Security
(Previous tests suggested issues with XML external entities
causing read file like vulnerabilities but these were not
reproducible)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
File adjust to run tests and be executed on all our codebase.
Test plan:
- Apply this patch without the other one
- run the tests
=> Several failures
- apply the other patch
- run the tests
=> Should pass now
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 9978 should have fixed them all, but some were missing.
We want all the license statements part of Koha to be identical, and
using the GPLv3 statement.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Might be a rebase problem. Not sure if I look at the third patch.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To make qa tools happy again.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
