See description of the bug for screenshots
I do not really know why we have these issues, but maybe we should
regenerate the .scss in order to catch the other problems?
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
Ideally tested on a working ldap server with bind by auth and no
anonymous bind
1 - Define an LDAP config with bind by auth
2 - Don't define user/pass
3 - Define anonymous_bind = 0
4 - Attempt bind by auth
5 - Error is something like:
LDAP search failed to return object : XXXXXXXXX: LdapErr: XXXX-XXXXXX,
comment: In order to perform this operation a successful bind must
be completed on the connection., data 0, v2580 at
/usr/share/koha/lib/C4/Auth_with_ldap.pm line 102.
6 - Define user/pass
7 - Now bind by auth should work
8 - remove user/pass
9 - Apply patch
10 - Attempt again
11 - Bind by auth shoudl succeed
prove -v t/db_dependent/Auth_with_ldap.t
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Caused by
commit cb336e633b
Bug 18255: Koha::Biblio - Replace GetBiblioItemByBiblioNumber with Koha::Biblio->biblioitem
Can't call method "biblioitem" on an undefined value at /home/vagrant/kohaclone/C4/ILSDI/Services.pm line 212
Test plan:
- Enable ilsdi
- hit /cgi-bin/koha/ilsdi.pl?service=GetRecords&id=X
With X an existing biblionumber and a non existing one
Both requests must succeed
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We are going to say it quietly but this test does not catch the problem
when there are no spaces....shhhh
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
For biblio level holds we got:
TypeError: oObj.itemcallnumber is undefined
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
IntranetUserJS was missing (?!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We want to encode HTML characters for the "key => value"'s
like branchcode => branchname
But not the whole JSON string
We could have done it controller-side but it sounds better to do it as
we do for other places
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This is definitely wrong, html is generated in C4/Creators/Lib.pm (see
FIXME).
We will need to fix it, but let's do that later!
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
On the way the itemtype is not displaying correctly the description
instead of the code (in the relative's checkouts table)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Syntax was wrong:
Template process failed: file error - parse error - bodytag.inc line 4:
unexpected token (_)
It's escaped later so sounds ok here
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We will have to make sure this filter (HtmlTags) is not used with
unsafe variables.
Generated by:
perl -p -i -e 's/HtmlTags tag([^\|]*)\| html -%]/HtmlTags tag\1-%]/g' **/*.tt **/*.inc
perl -p -i -e 's/HtmlTags tag([^\|]*)\| html %]/HtmlTags tag\1%]/g' **/*.tt **/*.inc
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The step to install optional/mandatory things is broken with
many <br />'s instead of line breaks.
TEST PLAN
---------
1) Back up database
2) Drop database
3) Create empty database
4) Run web installer
-- Notice that step 3 has ugly <br />'s at the last
part of step 3.
5) Apply patch
6) Repeat steps 2-4
-- Notice the <br />'s are now nice line breaks.
NOTE: No promises of perfect positioning!
7) Run koha qa test tools.
Joubu: I have no idea if this is still needed. TO TEST
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
https://bugs.koha-community.org/show_bug.cgi?id=13618
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
OCLC has decided to retire all xISBN services:
https://www.oclc.org/developer/news/2018/xid-decommission.en.html
The code for related features has to be removed from Koha.
Test plan:
You need to be familiar with the different sysprefs (I am not):
- FRBRizeEditions
- SyndeticsEnabled
- SyndeticsEditions
- ThingISBN
Make sure there are no regressions introduced by this patchset.
QA Note: C4/XISBN.pm should be renammed
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Remove prefs OCLCAffiliateID, XISBN and XISBNDailyLimit
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The following test can fail if the hold has been generated with found => 'W':
# Failed test 'No tests run for subtest "_koha_notify_reserve() tests"'
# at t/db_dependent/Reserves.t line 675.
Can't call method "to_address" on an undefined value at
t/db_dependent/Reserves.t line 661.
# Looks like your test exited with 255 just after 56.
We should call AddReserve instead.
Test plan:
0. Do not apply this patch
1. Do the following change:
my $hold = $builder->build({
source => 'Reserve',
value => {
borrowernumber=>$hold_borrower,
found => 'W', # This line is added, do not forget the comma above
}
});
2. Prove it makes the test fail
3. stash the changes and apply this patch
4. Make sure the tests pass
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Since bug 20226 you cannot longer creation a patron, memberentry.pl will
explode with
Template process failed: undef error - DBIC result _type isn't of the
_type Category at /home/vagrant/kohaclone/koha-tmpl/intranet-tmpl/prog/en/includes/str/members-menu.inc
line 22.
The problem is that "patron" is actually defined and the test in
str/members-menu.inc does not work as expected.
It comes from
commit 7b1d08df0f
Bug 19936: Replace Generate_Userid - Update the occurrences
where I needed $patron to be defined in order to use Koha::Patron->generate_userid
on an blessed object.
But this was actually wrong, as it could have side-effects.
Test plan:
Create a new patron
Edit it
Retest bug 19936 and make sure the userid is generated correctly in the
different situations
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
If borrowernumber is passed and that it does not refer to a valid patron
in DB, we should not continue the script and display an error instead.
Test plan:
Create a patron
Edit a patron
=> Both should work ok
You can also test the other action memberentry.pl manage.
Edit it again but modify the borrowernumber parameter
=> You should see a friendly user message saying that the patron does
not exist.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch reindents the template for the staff client cart, basket.tt
- Trailing spaces removed
- Indentation changed to a consistent 4 spaces
- Markup indentation made more consistent
To test, apply the patch and add multiple items to the cart in the staff
client.
View the cart and confirm that it looks as it should both in the "brief"
and "more details" views.
HTML validation before and after the patch should return the same
results.
Signed-off-by: DEVINIM <kohadevinim@devinim.com.tr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
it also removes 'category_type' and 'description' from a couple of
opac scripts, they are not needed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch set does several things:
- it removes USER_INFO and BORROWER_INFO
These 2 variables contained logged-in patron's info. They must be
accessed from logged_in_user
- Use patron-title.inc for the breadcrumb at the OPAC, for consistencies
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
1. Open a list of results
2. Use fn+f12 to inspect element
3. Without patch it should show that the image class is 'materialtype'
4. With patch there will be an additional class
-Books = mt_icon_BK
-Kit = mt_icon_MX
-Article = mt_icon_AR
-Continuous resource = mt_icon_CR
-Mixed material = mt_icon_MX
-Computer files = mt_icon_CF
-Map = mt_icon_MP
-Music = mt_icon_MU
-Sound = mt_icon_MU
-Score = mt_icon_PR
-Visual material = mt_icon_VM
OR
1. Try using the classes in css to change the style
-When viewing the details of a record, the material type img should also have the
same changes
-Check that the material type classes in the results page is the same as
the details page
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
I've squashed the patches to make chanes easier readable.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Run koha-rebuild-zebra with multiple '-v'
2 - Note no increased verbosity
3 - Apply patch
4 - Run the updated koha-rebuild-zebra script with multiple '-v'
5 - Note increased verbosity
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Libraries may want to hide personal patron data from the circulation
page for privacy reasons this syspref introduces that ability for
library staff to control the display of this data themselves without
having to ask support vendors to hide it for them.
Test plan:
1. View circulation page and input a patrons barcode or name
2. Notice if the patron has a phone number, email, street address and
city set then these are displayed in the left hand side of the screen
under the patrons name. Otherwise if all/any of these fields are not
set for the patron then the text: "No <datafield> stored." is
displayed.
3. Apply this patch
4. Run ./updatedatabase.pl from the Koha shell to run the atomicupdate
5. Restart memcached and plack
6. Notice a new systempreference named
'HidePersonalPatronDetailOnCirculation' has been added, which has the
default value 'Dont'
7. Without changing the default value notice the personal patron
information is still displayed on the circulation page
8. Change the value of the syspref to 'Do' and now notice the phone
number, email address, street address and city are now hidden in the
circulation page
Sponsored-By: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
