This patch updates templates which have already been updated to use the
new tab WRAPPER system for generating tab markup. Templates are changed
so that tab label strings are wrapped in <span> to make them
translatable.
The html_helpers include file is also updated so that the example code
in comments shows the right pattern (the breadcrumb example is similarly
corrected).
To test apply the patch and run the translation script to update the .po
files, e.g.
perl misc/translator/translate update fr-FR
Check the updated .po files for some of the lines modified in the patch:
- koha-tmpl/intranet-tmpl/prog/en/modules/about.tt:31
- koha-tmpl/intranet-tmpl/prog/en/modules/acqui/addorderiso2709.tt:69
- koha-tmpl/intranet-tmpl/prog/en/modules/acqui/basketgroup.tt:330
- koha-tmpl/intranet-tmpl/prog/en/modules/acqui/invoices.tt:141
- koha-tmpl/intranet-tmpl/prog/en/modules/admin/item_circulation_alerts.tt:118
- koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt:259
- koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt:455
- koha-tmpl/intranet-tmpl/prog/en/modules/serials/subscription-detail.tt:98
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch finds places in the updated breadcrumbs markup where a
translatable string is isolated in a way that makes it hard for the
translation script to find it, and wraps these strings with <span>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=33005
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates several acquisitions-related templates so that they
use the new WRAPPER for displaying breadcrumbs.
To test, apply the patch and test each page and its variations.
Breadcrumbs should look correct, and each link should be correct.
- Acquisitions ->
- Late orders,
- moddeliverydate.tt
- modordernotes.tt
-- These two templates aren't linked to from anywhere, but
you can navigate directly to:
http://127.0.0.1:8081/cgi-bin/koha/acqui/modordernotes.pl?ordernumber=X and
http://127.0.0.1:8081/cgi-bin/koha/acqui/moddeliverydate.pl?ordernumber=1
- Order search, order search results
- Invoice search,
- Invoice details,
- Invoice files
- Vendor -> Basket -> Add to basket ->
- From a new (empty) record
- From existing orders (copy)
- From a subscription
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=33005
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch updates acquisitions templates so that fieldsets with the
"action" class are placed outside the form's main fieldset. A couple of
minor changes have been made to related CSS.
To test, apply the patch and rebuild the staff interface CSS. Go to
acquisitions and check the following pages to confirm that changes to
form structure look correct:
- Open the "Late orders" page from the left-hand sidebar menu and check
the form in the sidebar.
- Open the "Orders search" form in the search header and submit the form
without specifying any search criteria. This should bring up a blank
orders search form.
- Open the "Invoices" page from the left-hand sidebar menu. Check the
form in the sidebar.
- Perform an invoice search which will return results.
- View one of the invoices returned by your search.
- On the invoice detail age, the "Save" button associated with the
invoice details at the top should look correct.
- There should be a box below that with the heading "Adjustments" and
a link to add an adjustment.
- When you click "Add an adjustment," a form should be displayed with
the correct controls at the bottom. Clicking "Cancel" should hide
the form.
- Click the "Manage invoice files" link, and check the form on that
page.
- Locate a vendor and view its details.
- Check the "Uncertain prices" page, linked from the menu in the
left-hand sidebar.
- Open the "Baskets" page from the left-hand sidebar. Click the "Add
to basket" button for one of the existing baskets.
- Click "From existing orders (copy)". Check that this form looks
correct.
- Open the "Basket groups" page from the left-hand sidebar menu.
- Click "New basket group" and check that form.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch implements the template WRAPPER system (see Bug 32571) for
building tabs on the invoices page.
To test you must have at least one open invoice and one closed invoice.
- Go to Acquisitions -> Invoices.
- You should see two tabs, "Open invoices" and "Closed invoices."
- The tabs should look correct and work correctly.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes changes the button markup in Acquisitions templates
so that all submit buttons and any buttons that should should be styled
as primary buttons have the Bootstrap class "btn btn-primary."
To test, apply the patch and view pages in Acquisitions to confirm
that everything looks correct. In most cases there are no visible
changes.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds support for filtering invoice searches on additional
fields. To test:
1. Generate additional fields for invoices
2. Have invoices with additional fields
3. Use invoice searching and play with filtering by additional fields.
=> SUCCESS: It works!
4. Sign off :-D
Sponsored-by: The Research University in the Helmholtz Association (KIT)
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
What this patch does:
- change the navigation bar style
- change the breadcrumbs style
- change the "last borrower" link style
- move the search bar inside the navigation bar
- move the help link to the same row as the breadcrumbs
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The idea rely on the KohaDates TT plugin for the date formatting. We
should not have any output_pref calls in pl or pm (there are some
exceptions, for ILSDI for instance).
Also flatpickr will deal with the places where dates are inputed. We
will pass the raw SQL value (what we call 'iso' in Koha::DateUtils), and
the controller will receive the same value, no need to additional
conversion.
Note that DBIC has the capability to auto-deflate DateTime objects,
which makes things way easier. We can either pass the value we receive
from the controller, or pass a DT object to our methods.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In the 1st patch, sometimes they where left out
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
And a few minor fixes when they where causing issues for
translatability.
And rephrased a string about password reset to have it identical to
other strings with the same meaning.
Simplified via wrapping strings with <span> to split to huge
concatenated strings with a lot of %s everywhere.
== Test plan ==
This patch needs mainly proof reading. Still it's possible to do some
basic testing to demonstrate that adding a <span> in an IF doesn't
break anything.
Pick in one of the 110 modified templates a string that you know how to
display. Otherwise:
1. acquisitions => vendor => basket => add to basket =>
search "from existing record" => add order
2. Cancel the order
3. You see without issue "Bibliographic record will not be deleted"
4. administration => Patron categories
5. Try to delete a used and unused category
6. You see as expected
Category XXXX is in use. Deletion not possible!
and
Confirm deletion of category XXXX
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1. Apply patch
2. Have a bunch of invoices, some open and some closed.
3. Go to Home > Acquisitions > Invoices and do a search that will
return you many of those invoices, some open and some closed.
4. Notice the 'Select all' and 'Clear all' buttons.
5. Try clicking 'Select all' on the Open invoices tab. All Open invoices
should become checked.
6. Try clicking 'Clear all' on the Open invoices tab. All open invoices
should become unchecked.
7. Try 5 - 6 again but on the Closed invoices tab.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates the invoices page to use Bootstrap tabs instead of
jQueryUI.
To test, apply the patch and go to Acquisitions.
- Locate a vendor which has multiple invoices associated with it.
- View the vendor details, and click the "Invoices" link in the sidebar.
- Check that the "Open invoices" and "Closed invoices" tabs work
correctly.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds comments to the template to highlight the markup
structure.
This patch should have no effect on the page's appearance or
functionality.
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates the invoices template so that the indentation is
consistent.
To test, apply the patch and go to Acquisitions.
- Locate a vendor which has multiple invoices associated with it.
- View the vendor details, and click the "Invoices" link in the sidebar.
- The display of invoices should look correct. The DataTable should work
correctly.
- Test the search filters in the sidebar to confirm that they work too.
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch moves to using a data-start_for attribute to point the 'from'
flatpickr to the 'to' flatpickr.
We also fix the date validation issue in the onClose handler inline.
Test plan.
1. Check that the from/to datpicker combinations work on each of the
changed pages.
2. Look at the console for errors, there should be none
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies several acquisitions pages replacing jQuery
datepickers with Flatpickr widgets.
To test, apply the patch and test datepickers on the following
Acquisitions pages:
- Acquisitions -> Late orders (linked date fields in the sidebar)
- Acquisitions -> Invoices (linked date fields in the sidebar)
- Acquisitions -> Invoices -> Invoice details (shipment date and
billing date)
- Acquisitions -> Vendor -> Receive shipment (shipment date)
- Acquisitions -> Vendor -> Receive shipment -> Receive (on order line)
-> Date received field under "Accounting details
- Acquisitions -> Orders search tab in the header -> Advanced search:
Linked date fields in the search form."
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch corrects instances of the abbreviated phrase "Invoice no."
from the templates, making it "Invoice number." Also corrected: An
instance of "Bookseller" is replaced with "Vendor."
To test, apply the patch and confirm that the phrase is correct in these
cases:
- Acquisitions -> Invoices: Check the "Search filters" form in the
left-hand sidebar.
-> View an invoice: Check the label in the form.
- Acquisitions -> Vendor -> Receive shipments: Check the table of
invoices.
- Acquisitions -> Orders search (in the search header) -> Advanced
search: Check the labels in the form.
Signed-off-by: Salman Ali <salman.ali@inLibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Note: I fixed Salman's SO line
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Swapped the order of the page titles to have the unique information first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the modules folder and the modules/acqui folder are swapped around to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to
these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Fixes the checkbox label by adding an id, so that when you click on
"Show only subscriptons" the checkbox will be checked.
Adds standard classes to the existing "Merge selected invoices" button
to make things more consistent. Also added the fa-compress icon that
we use in cataloguing on the merge records button.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Christopher Kellermeyer <ckellermeyer@altadenalibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Rebase add comma
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Bug 22773: The deprecated plugin is removed
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Christopher Kellermeyer <ckellermeyer@altadenalibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Remove asset for removed js
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
- Acquisitions -> Invoices
- With AcqEnableFiles enabled, attach some files to an invoice:
- Invoice details
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies several acquisitions templates to replace the use of
the "title-string" DataTables sorting method with the newer "data-order"
attribute.
To test, apply the patch and view the following pages to confirm that
columns containing dates sort correctly when using any setting of the
"dateformat" system preference:
- Acquisitions -> Vendor search
- Acquisitions -> Vendor -> Basket -> Add to basket
-> From a staged file
-> From existing orders (copy)
- Acquisitions -> EDIFACT messages
- Acquisitions -> Order search
- With AcqEnableFiles enabled, attach some files to an invoice:
- Acquisitions -> Invoices
Acquisitions -> Invoices -> Manage invoice files
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I think the "breadcrumbs" ID is worth saving for past and future CSS
customization reasons.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Modified breadcrumbs to be accessible, in particular for a
screen-reader.
Made the block of breadcrumbs be a <nav aria label="Breadcrumb"
class="breadcrumb"> with an ordered list inside. The last breadcrumbs
also has aria-current="page" to specify that it is the current page.
To test:
1) Apply patch
2) Build scss file
3) Ensure each of the files in the modules folder and the modules/acqui
folder has breadcrumbs that are in a <nav aria label="Breadcrumb"
class="breadcrumb"> block
4) Ensure that there is an ordered list in the block of breadcrumbs
5) Ensure that the last breadcrumb has aria-current="page"
6) Ensure that the breadcrumbs on each page of the staff client
belonging to these files look the same as before, but the '>' symbol
is replaced with '/' and the last breadcrumb has bold text
7) Ensure that when the last breadcrumb is clicked it takes you to the
page you are currently on
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch make possible the reopening and merging of invoices even if
the logged in user does not have the edit_invoices permission
I don't think it really makes sense but at least it's now possible.
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Add a new permission to merge invoices
Test plan:
- Remove the new permission "merge_invoices" for a given patron,
use it to log in into Koha
- Create 2 invoices, try to merge them
=> There is no way to merge it
- Add the permission
=> Now you can merge the invoices
Sponsored-by: Galway-Mayo Institute of Technology
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Add a new permission to delete invoices
Test plan:
- Remove the new permission "delete_invoices" for a given patron,
use it to log in into Koha
- Create an invoice, try to delete it
=> There is no way to delete it
- Add the permission
=> Now you can delete the invoice
Sponsored-by: Galway-Mayo Institute of Technology
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Add a new permission to edit invoices
Test plan:
- Remove the new permission "edit_invoices" for a given patron,
use it to log in into Koha
- Create an invoice, edit it (click "detail")
=> You can see the detail of the invoice, but cannot edit it. It's a read-only view.
- Add the permission
=> The form is back and you can modify the invoices and save the changes.
Also, you are able to create adjustments.
Sponsored-by: Galway-Mayo Institute of Technology
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
New permission to reopen a closed invoice.
Test plan:
- Remove the new permission "reopen_closed_invoices" for a given patron,
use it to log in into Koha
- Create an invoice, close it
=> You are not able to reopen the invoice
- Add the permission
=> You are able to reopen the invoice
Sponsored-by: Galway-Mayo Institute of Technology
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Incorrect markup surrounding Bootstrap dropdown buttons causes display
problems with the buttons are in a DataTable. Dropdown wrapper <div>s
must have a "btn-group" class.
To reproduce the problem, look at the MARC bibliographic frameworks
page. The "Actions" menu when triggered will not line up with the
button.
In almost all cases, dropdown buttons inside tables should also have the
"dropup" class on their wrapper so that the menu appears above the
button. This prevents the menu from disappearing off the bottom of the
window when the button is positioned low in the viewport.
To test, apply the patch and test the button menus in tables on the
following pages:
- Acquisitions -> Invoices
- Acquisitions -> Add to order -> From external source -> Results
- Acquisitions -> Suggestions
- Administration -> Budgets
- Administration -> Funds
- Administration -> Authority types
- Administration -> Authority types -> MARC structure
- Administration -> MARC bibliographic frameworks
- Administration -> MARC bibliographic frameworks -> MARC structure
- Administration -> OAI sets configuration
- Administration -> Z39.50/SRU servers
- Authorities -> Authority search results
- Authorities -> New from Z39.50/SRU -> Search results
- Cataloging -> Edit items
- Cataloging -> New from Z39.50/SRU -> Search results
- Circulation -> Article requests
- Reports -> Saved reports
- Tools -> Patron lists
- Tools -> Rotating collections
- Serials -> Serials search results
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
DataTables are used on enough pages in the staff client that it
doesn't make sense to put inclusion of the CSS into each template
where it is needed. This patch moves includes of datatables.css from
individual templates into the global header file.
To test, apply the patch and view various pages which have DataTables.
View various styles of DataTables, e.g.
- Full pagination, like item search results
- Four-button, like Saved SQL reports
Everything should look the same as it was.
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
1) Check files modules/about.tt, modules/acqui/booksellers.tt and
modules/acqui/invoices.tt for typos nad check that there are no "biblio"
and only "biblographic record".
Fixed one capitalization error during signoff.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several acquisitions templates to use the Bootstrap
grid instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags in the modified templates.
Staff client CSS is modified in this patch so that elements which were
styled based on the sidebar's "yui-b" class will work with <aside>.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- I don't have EDI set up, so to test acqui/edi_ean.tt I navigate
directly to /cgi-bin/koha/acqui/edi_ean.pl. It's only the page
structure we're worried about.
- Acquisitions -> Orders search
- Acquisitions -> Vendor -> Invoices -> Invoice search
- View an invoice
- Manage invoice files (Preference AcqEnableFiles must be enabled).
- Acquisitions -> Late orders
Patch applies and operates as described.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When you want to merge invoices you have a page with a non editable
field 'Invoice number:' it shows the content of the first invoice to be
merged.
But if you validate by clicking the 'merge' button you arrive on the
next page which says that 'Invoice has been modified' and if you quit
this page without saving you have now a merged invoice without Invoice
number.
This tiny patch just prevents this issue to occur.
Test plan :
1° go to the acqui/invoices.pl page and search invoices to merge.
You must have at least 2 invoices on the same vendor
2° check boxes to select invoices to merge and click on 'merge selected
invoices' button
3° next page you see the non editable field 'Invoice number:'
4° click on the 'merge' button
5° next page you see 'Invoice has been modified'
6° leave this page i.e click on the left link 'Invoices'
7° search invoices you'll see the merged invoice without invoice number.
Apply the patch, replay the steps 1 to 3
4° on this page you can enter your invoice number and click on the
'merge' button.
If you leave this field empty and click merge, a message informs you
that it is required and you can not merge.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies some staff client acquisitions templates so that
JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Acquisitions -> Invoices
- Datepickers
- Search for invoices
- Datatable
- Acquisitions -> Late orders
- Datepickers, datatables, selection controls (when searching by
vendor)
- Acquisitions -> Vendor -> Basket -> Add to basket -> From an existing
record -> Search
- Datatables, View MARC modal
- Acquisitions -> Vendor -> Basket -> Add to basket -> From a new
(empty) record
- Form validation, inactive fund control, add users to notify on
receiving.
- Acquisitions -> Vendor -> Basket -> Add to basket -> From a
subscription -> Search
- Datatables, show only renewed, show/hide search form
- Acquisitions -> Vendor -> Basket -> Add to basket -> From a suggestion
- Datatables, "Show" controls
- Acquisitions
- "Ordered" link in table of funds
- Datatables
- Acquisitions -> Vendor -> Receive shipment -> Invoice -> Receive
- Datepickers, item add form plugins (test with AcqCreateItem set to
'receiving an order.'
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>