The biblionumber parameter is sent by the user, we must escape all of
them to avoid XSS.
Fixes: Cross-site scripting OPAC pages
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This adds item type so we can do things with javascript.
To Test:
1.) Do a search on OPAC
2.) Inspect element to confirm item type is not present
3.) Apply patch
4.) Do a search on OPAC to confirm item type is present as a class
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This function only serves to check if the shelf name is not empty. It
does not even work since it incorrectly refers to f.addshelf (while it
should test #shelfname).
We can solve this and improve consistency by doing the same as in the
staff template with html5 required.
Test plan:
[1] Without this patch it was possible to add a list without a name in
OPAC (with js error: TypeError: f.addshelf is undefined).
[2] With this patch, verify that you cannot do this anymore.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If we we move from Private to Public or vice versa, this should reflect
on the Anyone remark from the first patch.
If we go back to a private list without shares, we should show it.
Handled in a js sub AdjustRemark, triggered by onchange of the category
combo or the permission combo.
Test plan:
[1] Edit a private list without shares in OPAC. Toggle category and/or
permissions. Is the remark shown or hidden accordingly?
Note: Include a test with OpacAllowPublicListCreation enabled.
[2] Edit a shared list or public list in staff. Toggle category/permissions.
You should never see the remark.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This is a follow-up of report 18228 that simplifies the permissions for
lists. It reapplies the idea behind bug 10865 by adding a remark next to
the Anyone permission if it is not actually effective. A next patch will
make it behave dynamically.
Note: The Anyone permission is not relevant if it is a private list that
has no shares. Note that looking at the prefs OpacAllowPublicListCreation
and/or OpacAllowSharingPrivateLists is not decisive. You should look at
list permissions and shares in the database; turning off the Sharing pref
does not automatically remove all shares in the system. It only blocks
creating new shares.
We only need changes in opac-shelves.tt and virtualshelves/shelves.tt.
Test plan:
[1] Verify that you see the remark now in OPAC and staff.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Zebra doesn't care about cases, but ES does and default mapping is
'control-number'
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
See MARC specification.
Note that we have a preceding text before all 776s too.
Test plan:
[1] Set field 776 ind2 to 8. And add text in $i.
[2] Look for this text on OPAC detail and staff detail.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Felix Hemme <felix.hemme@thulb.uni-jena.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Adds code to opac and staff detail XSLT in order to show 776$t (or $a) and
a link based on 776$w (record control number). $w should be in the form:
(MARCOrgCode)Record-number
For instance: (NL-AmRIJ)12345
Note: You should have enabled default opac/intranet XSLT view.
Test plan:
[1] Add two 776s (one with $t and $w and one with $t only)
[2] Verify that you see "Additional physical formats" on opac-detail. Does
the link for $w work?
[3] Check intranet detail too.
[4] Empty 776$t and put text in $a. Check detail page again.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Felix Hemme <felix.hemme@thulb.uni-jena.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes a few corrections:
- Use 'e.preventDefault()' instead of 'return false' in changed
sections.
- Modify the event handler on checkboxes to successfully handle the
un-check action as well as the check action. (QA comment 5).
To test, follow the original test plan.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Apply patch and add one or more items to your cart
2) Confirm that clicking the following things still works as expected:
- more details
- brief display
- send
- download
- print
- select all
- clear all
- selecting by clicking checkbox
- remove title
- add title to list
- place hold
- add tag
- empty and close
Sponsored-by: Catalyst IT
Followed test plan, works as expected. Resolves issue with two
print dialogues from Bug 18544.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In OPAC password recovery form autocomplete is not disabled.
So when login or email is entered, it is saved in browser input history for autocomplete.
This is a major issue for OPAC on computers with public access.
This patch adds autocomplete off on forms.
Test :
- Enable system preferences OpacPasswordChange and OpacResetPassword
- Go to OPAC
- Be sure to not be logged in
- Click on "Forgot your password?"
- Enter a loggin and email and Submit
=> Without patch there is an autocompletion with values you entered
=> With patch there is no autocompletion
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This include file is terribly wrong, it's called from different places
that do not set the same flag.
The status from detail and result page might be different from the one
display on the course reserve table.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Values from the items, biblio and biblioitems tables are used in the template,
so we need to pass all of them to the template, but separately.
That way we easily see which field from which table we are displaying.
Test plan:
Create a course reserve and add items.
Correct information must be displayed on the detail page of the course
reserve, on staff and OPAC interface.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To reproduce:
- Create 3 Accounts, login names are test01, test02, test03, Email is the same
for all.
- Go to OPAC -> Password recovery and indicate E-Mail only
- You will get an email for only one of the accounts above.
To test:
- Apply patch, restart memcached and plack
- Go to db, delete from borrower_password_recovery;
- Try steps above to reproduce. You will get an error message:
Account identification with this email address only is ambiguous.
Please use the field 'Login' as well.
- Verify that other cases work as before (provide valid / invalid login only,
provide valid email for an existing account, provide unknown email, provide
both login and email with all combinations of valid / invalid)
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 16711: (QA-followup) Use count directly
See comment # 13
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The two new columns as mentioned in the commit message of the table
revision must be used in the codebase now.
Highlighting some changes in Koha::VirtualShel[f|ves]:
[1] Additional methods is_public and is_private.
[2] Method add_biblio did not check permissions. Does now. No impact on the
interface, but one call in the unit test was affected.
[3] Method remove_biblios is signficantly simplified. Removed a FIXME.
[4] Method can_biblios_be_removed now redirects to can_biblios_be_added.
A followup report may deal with unifying those routines.
[5] Condition in get_some_shelves changed.
[6] The reference to allow_add in get_shelves_containing_record can simply
be removed.
opac-shelves.pl and shelves.pl now pass the default setting of Owner only
to the template.
Templates shelves.tt and opac-shelves.tt now include the new permission
field with three choices as mentioned in the table revision patch.
opac-addbybiblionumber.pl and addbybiblionumber now need a check on
allow_change_from_owner; search conditions slightly adjusted to the new
permission scheme.
Test plan:
When we refer to visibility in the test plan, please check the Add to-combo
on opac search results and staff results. And check opac-addbybiblionumber
by clicking Save to Lists from opac results.
The step 'Check delete' means: open the list in opac and check if you see
the Delete button below the entries (only check, do not delete).
[ 1] Create private list I01 (perm=Owner)
[ 2] Check visibility: Seen.
[ 3] Add a book. (Change by owner should be allowed.)
[ 4] Check delete: Yes.
[ 5] Edit list I01, set perm=Nobody
[ 6] Check visibility: Not seen.
[ 7] Check delete: No.
[ 8] Share list I01 with another patron.
[ 9] Check visibility for the other patron: Not seen.
[10] Check delete for the other patron: No.
[11] Change permission of list I01 to Anyone (by owner).
[12] Check visibility for the other patron: Seen.
[13] Let other patron add a book (change is allowed).
[14] Let owner delete the same book again (change allowed).
[15] Create public list U01 (perm=Owner)
[16] Check visibility: Seen.
[17] Add a book. (Change by owner should be allowed.)
[18] Login as other user. Check visibility: Not seen. Check delete: No.
[19] Change permission of U01 to Nobody (by owner)
[20] As owner: Check visibility: Not seen. Check delete: No.
[21] As other user: Check visibility: Not seen. Check delete: No.
[22] Create public list U02 (perm=Anyone)
[23] Add a book by owner.
[24] Delete the same book by other user. Add another book.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Following the idea behind bug 10865, we are only showing the permissions
when the list is shared or public.
Adding a simple test in opac-shelves here.
Note 1: Since the owner can always add or delete entries, the permissions
will not be relevant anymore for a strictly private list.
Note 2: Staff view always shows the permissions. This could have been
changed here too, but that change is far less urgent (bug 10865 did not
touch staff view and bug 18228 will rearrange permissions anyway).
Test plan:
[1] Verify on OPAC that you see the permissions for a private list with
shares or a public list. And you do not see them for a private list
without shares.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
If you have disabled the pref OpacAllowPublicListCreation, your users are
not able to edit the list permissions for private/shared lists.
For a private list they may only be theoretically relevant, but for a shared
list they are relevant.
Since we do not always know the history of a list (has it been public or
shared, does it contains entries from other users) and therefore permissions
are even relevant for a currently private list, we should just allow editing
these permissions.
Test plan:
[1] Do not yet apply this patch.
[2] Disable OpacAllowPublicListCreation.
[3] Create a private list in OPAC. Edit the list. Verify that you do not
see the permission combo boxes.
[4] Apply this patch. Edit the list again. Do they appear now?
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised.
The button to cancel a club enrollement is labelled with 'Cancel'. That is ambiguous and translates e.g. in German to 'Abbrechen' which can lead to
mistakes.
To test:
- Apply patch
- Enroll a patron to a club
- Enable public enrollment in OPAC
- Verify that the button to cancel enrollment in both OPAC and staff client
reads 'Cancel enrollement' (instead of 'Cancel' without patch)
(The button appears on the patron's detail pages in OPAC and staff client)
Amended for comment #4 / mv
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
Read the changes and make sure they make sense
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Two files av-build-dropbox.inc has linebreaks inside template directives,
exposing internals (comments and tt code) to translations as mentioned
in initial comment.
Translators should not be confronted with such interal code.
This patch fixes it.
To test
- Verify, that code changes make sense and have no more line breaks insied
tt directives.
- Run QA tools in newest version (checking for line breaks inside tt
directives)
- Bonus test: Create a "language" aa-AA (perl translate create aa-AA
from folder misc/translator, verify that lines mentioned above do
no longer appear in aa-AA-staff-prog.po and in aa-AA-opac-bootstrap.po
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
OPAC password recovery allows to find out which email address belongs to an account. An attacker could systematically guess login names. If they hit an existing one, OPAC displays a message like:
An email has been sent to "xxx@yyy.zz".
Having a combination of login name and email, attackers could use the information e.g. for phishing or other personalized actions.
To reproduce:
- Enable OPAC password recovery (syspref OpacResetPassword)
- 'Guess' a login name e.g. by using a common pattern like ptester for Peter Tester
- If such account exists, you get to know the related email address
This patch removes the email address from the success message. Additionaly, it changes
wording to address Bug 18570 ('will be sent' instead of 'has been sent')
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Simplified the wording. "Will be sent shortly" is used elsewhere too.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds some formatting to the error message a patron receives
when there are renewal failures in the OPAC.
This is pretty much the least which could be done to address this
problem. However, I don't think the issue can be fixed without
re-thinking how renewals are processed. Sending error messages back to
opac-user.pl via URL parameter isn't flexible enough.
To test, apply the patch and attempt to renew multiple items in the OPAC
which cannot be renewed for some reason, for instance because they have
been renewed too many times. The error messages should appear in a list
rather than strung together in one long block of text.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patches moves the call number up to be under the library name, so
it is equivalent to the staff client
To test:
1) Go to the detail page of a biblio with subscriptions in the staff
client
2) Notice callnumber sits under the library name
3) Go to the detail page of the same biblio in OPAC
4) Notice callnumber is not in the same order
5) Apply patch, refresh page
6) Notice callnumber is now in same order
Sponsored-by: Catalyst IT
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To prevent brute force attacks on Koha accounts, staff and opac, we need to
implement an account lockout process to Koha.
After a number of failed login attempts a users account would become locked.
The user would then need to use the reset password functionality to send a reset
token to their email account. After a successful password reset the lockout flag
would be removed.
The number of failed login attempts before lockout is configurable using a new
system preference 'FailedLoginAttempts'.
How does it work?
When a patron enter an invalid password, the borrowers.login_attempts value
for this patron is incremented. When this value reach the value of the
pref FailedLoginAttempts, the password comparison is not done and the
authentication is rejected.
This login_attempts field is reset when a patron correctly logs in. When
the account is locked the patron has to reset his/her password using
the OpacResetPassword feature or ask a staff member to generate a new
password.
If the pref is not set (0, or '') the feature is considered as disabled,
but the failed login attempts are stored anyway.
Test plan:
0/ Apply patch and execute the update DB entry
1/ Switch on the feature by setting FailedLoginAttempts to 3
2/ Use an invalid password to login at the staff or OPAC interface
3/ After the third consecutive failures, you will be asked to reset your
password if OpacResetPassword is set, or contact a staff member
4/ Switch on OpacResetPassword and reset your password
5/ Confirm that you are able to login
6/ Play with the different combinations
QA details: The trick happens in C4::Auth::checkpw, to make things clear
I had to create a return value (note the awesome name: @return) and
replace the 3 successives if statements with elsif. Indeed if one of
the condition is reached, it will return inside the given block.
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Janet McGowan <janet.mcgowan@ptfs-europe.com>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch tweaks the OPAC's CSS so that the main search form's fields
have consistent width at small screen sizes.
To test, apply the patch and process the LESS files. View the OPAC main
page at a very narrow browser width and confirm that the text field
width matches that of the dropdown and button.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Give a patron a fine of 1
2 - View opac fines tab, it shows as '1'
3 - Give patron a credit of '1'
4 - View opac fines tab, it shows as '1'
5 - Apply patch
6 - Both now show as '1.00'
Signed-off-by: Lisa Gugliotti <lisa@hchlibrary.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Processed and minified CSS.
Works as expected and looks much tidier now.
Signed-off-by: Dilan Johnpulle <dilan@calyx.net.au>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch tweaks some CSS in the OPAC to give the "Did you mean" block
better layout on smaller screens.
To test, apply the patch and process LESS files. Enable "Did you mean"
plugins for the OPAC in Administration.
Perform a search in the OPAC and confirm that the "Did you mean" block
looks correct. Resize your browser to various widths and confirm that
the block handles all sizes well.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch addresses template issues with the newly-added patron clubs
pages.
- Move Clubs tab out of second position in Circulation page tabs.
- Link patron name in enrollments list to the patron record
- Make page titles on some pages more specific
- Correct label "for" attributes so that it matches input id
- Correst style of buttons: Buttons in tables must be "btn-xs," all
Bootstrap buttons must have "btn-default."
- Correct "Edit" icons: Should be "fa-pencil"
This patch also revises the club template editing form to make it more
consistent with similar interfaces in Koha and (hopefully) make it more
clear.
To test, apply the patch and test adding clubs and club templates and
enrolling patrons in clubs via the staff client and OPAC. Confirm that
everything looks and work okay.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Reworking based on output of:
git grep "gp\/reader"
Additionally, some changes might be in order though gp/reader works.
https://affiliate-program.amazon.com/help/topic/t64/a1
suggests using dp
A dp was discovered, so that part of the URL was left unchanged.
The "/ref..." part was changed to just an Amazon tag ("?tag={AAT}")
if defined.
TEST PLAN
---------
1) Added:
"100 years of Canadian foreign policy /
edited by Robert Bothwell and Jean Daudelin."
2) Added a second book with the word foreign in the title.
3) Waited for reindex
4) Checked out the Canadian foreign policy book.
5) Applied patch
6) Made sure that:
- AmazonAssocTag was set to TEST (easy to notice)
- AmazonCoverImages was set to 'Show'
- OPACAmazonCoverImages was set to 'Show'
7) Searched intranet for 'foreign' to find the detail page
-- hovering over picture shows URL with ?tag=TEST in it.
8) Went to the OPAC Detail page
9) Toggling OPACURLOpenInNewWindow, confirmed that URL for
the picture contained ?tag=TEST in it.
10) Logged into the OPAC
11) Confirmed the URL in the checked out list on your summary
page contained ?tag=TEST in it.
12) Confirmed the URL in the checked out list on your reading
history page contained ?tag=TEST in it.
13) Confirmed links worked (went to expected page)
14) run koha qa test tools
Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
On bug 17847, av-build-dropbox.inc has been updated for the intranet,
not OPAC
There is only one call to av-build-dropbox.inc at the OPAC, from
opac-suggestion.tt
Test plan:
Create a new suggestion, anonymous or with a logged in user
=> Without this patch you got
Template process failed: undef error - The method default is not
covered by tests! at /home/vagrant/kohaclone/C4/Templates.pm line 121.
=> With this patch applied you should see the item type dropdown list
correctly filled
Reproduced without patch, OK with patch
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: sonia BOUIS <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
- Fixed date handling to use UTC as specs require.
- Added support for second precision in time stamps.
- Added support for marc21 metadata prefix as recommended in the
guidelines (synonym for marcxml).
- Improved performance of database queries especially for large
collections.
- Unified functionality of ListRecords and ListIdentifiers to a common
base class.
- If items are included in the records, their timestamps are taken into
account everywhere so that whichever is the most recent (timestamp of
biblioitem or any of its items) is considered the record's timestamp.
- Fixed OAI.xslt to show correct record range.
- Incorporated extended tests from Bug 17493 and their tweaks from Bug 15108.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 12046 corrected the fact that modal dialog does not allow to use the
CAS authentication in main authentication link. This must also be
corrected in link for tags in detail tags page: "Log in to see your own
saved tags."
Test plan :
- Enable syspref casAuthentication
- Go to OPAC, not authenticated
- Click on "Tag cloud"
- Click on "Log in to see your own saved tags"
=> Without patch you get the modal login popup
=> With patch you go to the login page opac-user.pl
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 12046 corrected the fact that modal dialog does not allow to use the CAS authentication in main authentication link.
This must also be corrected in link for tags in detail page : "Log in to add tags"
Test plan :
- Enable syspref casAuthentication
- Go to OPAC
- Go to a record detail page opac-detail.pl
- Click on "Log in to add tags"
=> Without patch you get the modal login popup
=> With patch you go to the login page opac-user.pl
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 12046 corrected the fact that modal dialog does not allow to use the CAS authentication in main authentication link.
This must also be corrected in link of lists popup : "Log in to create your own lists"
Test plan :
- Enable syspref casAuthentication
- Go to OPAC
- Click on Lists > Log in to create your own lists
=> Without patch you get the modal login popup
=> With patch you go to the login page opac-user.pl
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fix broken 'silent printing' (without printer dialog) in self checkout.
To reproduce:
Set up silent printing to slip printers as described in:
https://wiki.koha-community.org/wiki/Setting_up_slip_printer_to_print_silently
Verify that it works for check-outs in staff client.
Verify that it does not work in Self checkout.
To test:
Apply patch
Verify that silent printing works on SCO
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
With this patch if SelfCheckoutByLogin is set to 'username and
password', only the logged in user will be able to see the image linked
to his/her logged in account.
If set to "barcode" we generate a token but it can be easily generated.
You should add a warning in the about page if
SelfCheckoutByLogin="barcode" and ShowPatronImageInWebBasedSelfCheck="Show".
How I tested:
- Go to SCO
- Log - Enable self checkout, go to [Your
Server]//cgi-bin/koha/sco/sco-main.pl
- Log in with a user 'A' who has a patron image
- Copy the address of the patron image into an other browser window
- Change the borrowernumber to on of an other user 'B' having a patron
image
- Verify that the patron image is NOT displayed
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The strings should be translatable.
This patch also removes the error as it appears that we only have 1
error.
To improve we could surround the store with an eval.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
