Commit graph

93 commits

Author SHA1 Message Date
Matthias Meusburger
2498992447 Bug 5907 : MT 2538 : Using default authtypecode for authority display
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-23 19:52:26 +13:00
Chris Nighswonger
b0f60221f4 Security Bugfix: Bug 1953 Adding Placeholders to SQL To Avoid Potential Injection Attacks
This patch addresses both security issues mentioned in the summary of the report
submitted by Frère Sébastien Marie included below.

---------------------------
The problem is here: 'C4/AuthoritiesMarc.pm' in the function 'DelAuthority':
The argument $authid is included directly (not via statement) in the SQL.

For the exploit of this problem, you can use 'authorities/authorities-home.pl'
with authid on the URL and op=delete (something like
"authorities/authorities-home.pl?op=delete&authid=xxx").

This should successfully call DelAuthority, without authentification...
(DelAuthority is call BEFORE get_template_and_user, so before authentification
[This should be an issue also...]).

Please note that the problem isn't only that anyone can delete an authority of
this choose, it is more general: with "authid=1%20or%1=1" (after inclusion sql
will be like: "delete from auth_header where authid=1 or 1=1") you delete all
authorities ; with "authid=1;delete%20from%xxx" it is "delete from auth_header
where authid=1;delete from xxx" and so delete what you want...

SQL-INJECTION is very permissive: you can redirect the output in a file (with
some MySQL function), so write thea file of you choose in the server, in order
to create a backdoor, and compromise the server.

Signed-off-by: Frère Sébastien Marie <semarie-koha@latrappe.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-02-25 07:08:39 +13:00
6b3e4f19f4 Bug 4838 Allow to choose which authority heading to copy into biblio record
With this patch, in biblio record data entry form, when ... is clicked for an
authority controlled field, it's possible to select which heading repetion to
copy if the authority has repeated headings.

When there is just one authority repetition, the first one is displayed to
choose, as previously.

This patch is REQUIRED by French libraries following SUDOC UNIMARC format, and
cataloguing multilingual materials ie all Higher Educational and Research
libraries.

Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-12-21 16:50:45 +13:00
434c1d6483 bug5455 (Fix uninitialized-warnings on authorities.pl)
Fix warnings for uninitialized authtypecode on lines 646, 653.

Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-12-12 22:50:01 +13:00
c55f8ffca7 Bug 2122 follow-up for authorities editor
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-17 21:21:32 +13:00
Andrew Elwell
efa66f1f55 Bug 5385: POD Cleanups (part 2)
More podchecker cleanups to eliminate warnings / errors

Signed-off-by: Andrew Elwell <Andrew.Elwell@gmail.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-12 10:06:56 +13:00
Andrew Elwell
9fa574f609 Bug 5385: POD Cleanups (part 1)
working through the master branch to eliminate all
podchecker warnings/errors

Actual improvement to the quality of the POD will
come later (hopefully with assistance of others)

Signed-off-by: Andrew Elwell <Andrew.Elwell@gmail.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-12 10:06:55 +13:00
2c794d1af7 bug 5380: remove copy-and-paste from authorities/detail.pl
MARC editor code not needed here.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-10 22:09:58 +13:00
daabd936d6 bug 5372: identify empty field in authority record correctly
This is the sibling to the fix for this bug for the bib
editor.  However, note that this change won't have a
direct effect yet, as currently you can't specify a
default value for a field or subfield in the authority
MARC frameworks.  See bug 4887.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-10 19:48:52 +13:00
Colin Campbell
9e5366734b Bug 5315: Remove references to obsolete variable nbstatements
Trying to see the wood from the trees

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-10-26 08:39:18 -04:00
Paul Poulain
8f56c04998 MT3448 : searchauthorities problems
Problems with searching authorities :
The same index was always used

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-05-01 09:11:45 -04:00
Lars Wirzenius
4523a2df0d Fix file permissions: if it is not a script, it should not be executable.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-04-16 00:40:34 -04:00
Lars Wirzenius
f49cdbf199 Fix FSF address in directory authorities/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:49 -04:00
Colin Campbell
bcde53b5ba Bug 2505 Enabled warnings in authorities/*
Fixed obvious warnings generators in scripts
with mismatched comparisons or undefined variables
removed temporary variable selected while ensuring the
comparison it represented was between two defined variables

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-08 21:47:53 -05:00
Matthias Meusburger
9f41fe64be MT 2050, Follow-up, Fast Cataloging
Adds granular permissions for cataloging
Also adds a link from the circulation home to fast cataloging when fast cataloging is active
2009-11-24 10:05:10 +01:00
Henri-Damien LAURENT
a4662fd614 Bug Fix MT2104 : Edit authorities problem on multiple field
When editing a field 500 linked to an authority, when duplicate
field, all the 500 fields were replaced.
2009-10-27 23:50:05 +01:00
Henri-Damien LAURENT
2d15dcabc8 Performance improvement authorities-list.pl
CountUsage in Authorities has a performance problem.
We now rely on SimpleSarch for that purpose and it should be better
2009-10-26 15:33:21 +01:00
Henri-Damien LAURENT
e5c0c4a8a2 Adding Authorities list
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-30 11:30:07 +02:00
Nahuel ANGELINETTI
bc9618c669 (bug #3458) fix die and unimarc 700-4 plugin
This patch, fix the unimarc 700-4 plugin, adding the plugin_parameters() function.
And add an eval, that permit to have error in plugin, but don't die the editor.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-08-01 08:01:41 -04:00
Colin Campbell
959d31b6a8 Correct comparison which was using an octal number
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-05-01 07:16:57 -05:00
Nahuel ANGELINETTI
5cf66ad6dd (bug #3051) bad support of pagination in auth_finder
This patch change the page to use GET instead of post, and use independants "input"
names for searched values. Else the args are not passed to the next page due to
rewrite rules.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2009-04-08 14:51:36 -05:00
Galen Charlton
4bf76c2d77 bug 2615: remove unneeded 'require Exporter'
Most Perl scripts (as opposed to modules) do
not need to require Exporter.

No user-visible or documentation changes.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-09-26 09:05:08 -05:00
Henri-Damien LAURENT
ca8d24546e Bug Fixing merge_authority.pl
merge works on the fly now.
But for an obscure reason, merge_authority.pl fails to update database when lanched on command line.
Adding one table to LOCK for noZebra UPDATE in Biblio.pm
You should remove C4::Search from merg_authority.pl

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-08-09 11:05:53 -05:00
Galen Charlton
c48da8131d bug 1909: add delete field/subfield button to MARC editor
A button to delete (non-mandatory) subfields and fields
is added to the bib and authority MARC editors.  This button,
which displays as a hypen or minus sign after the plus sign
to clone a field, acts as follows:

[1] When deleting a whole MARC field, if at least
    one other repeat of that field exists, deletes
    the field from the editor page.  If the field
    to be deleted is the last instance of that tag,
    the contents of the field are cleared, not removed.
    This allows one to delete all 650 tags, then
    add a new one without having to reload the
    record in the editor.

[2] When deleting a subfield, if at least one other
    repeat of that subfield and its tag occurs
    *anywhere else in the record, not necessarily in the same tag*,
    deletes the subfield.
    Otherwise, if the subfield is the last occurrence
    of that tag/subfield combination, clears the input
    form instead.

Documentation note: new screenshots for MARC editor, plus
description of the '-' button.

Credit to MJ Ray for introducing the '-' button
and the UnCloneField JavaScript function.

Signed-off-by: Andrew Moore <andrew.moore@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-07-08 12:31:30 -05:00
Galen Charlton
fef27be9ad bug 2203 [2/2]: use textareas for MARC21 authority 6XX
Use textareas for the 6XX fields when editing MARC21
authority records - these fields, not the 5XX, contain
the lengthy notes.

Note that because of the previous patch, both text inputs
and textareas permit entry of up to 9999 characters.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-07-08 09:36:14 -05:00
Galen Charlton
9035991112 bug 2203 [1/2]: increase input maxlength in MARC editor
The maximum length allowed for input into a subfield in
the MARC editor has been increased to 9999 charaacters
(from 255), permitting data entry of a field that meets
the maximum MARC field limit of 9999 octets.

Also set the maximum length for the leader form input
to 24 characters and the length for the MARC21 008
to 40 characters.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-07-08 09:36:13 -05:00
Galen Charlton
d57ce0380d bug 2278 - fix results pagination in auth_finder
Fix same as for 2205 - the orderby parameter is
currently required for authority searches.

Also set default results per page to 20 instead of
19.

No documentation changes.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-26 16:20:06 -05:00
paul
fd06c22192 sorting authority list
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-20 08:53:08 -05:00
Galen Charlton
0fa1de926f kohabug 2112 - add indicators to MARC display
In any MARC record display in the OPAC or staff client
that displays the MARC tag numbers, the indicators are
now displayed as well, following the tag number.  If an
indicator is a blank, it is displayed as '#'.

Add a function to C4::Koha, display_marc_indicators(), to
generate this display form of the indicators.

Refactoring note: the four scripts changed in this commit
have a lot of duplicate code that could be merged into
a MARC displayer class.

Documentation notes: screenshots of tagged MARC record
displays should be updated.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-12 11:17:44 -05:00
Galen Charlton
ee49d6d372 kohabug 2207 - improve indicator input in MARC editor
Instead of having one input field for both indicators
of a variable field, the bib and authority MARC editor
now has an input field for each indicator.  This has
two main advantages:

* it is easier to tell what the indicator values are,
  even when the first indicator is a space
* it is easier to set the first indicator to blank
  and the second indicator to non-blank.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-12 11:17:35 -05:00
Galen Charlton
b74f8cfab7 code cleanup - remove unused find_values() copy and paste
The find_values() function in authorities/authorities.pl
and authorities/detail.pl is not used; appears to be copied
from additem.pl.

No documentation changes.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-12 11:17:29 -05:00
Galen Charlton
b50d23fa99 removed 'AddStatement' op from authorities search
The AddStatement op is an archaism from 2.2 that
has not been used in the templates for at least a
year.

No documentation changes.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-05 22:47:39 -05:00
Henri-Damien LAURENT
ee1674c9bd Adding orderby parameter : Fixes changing page in auth_finder.pl
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-05-30 13:57:55 -05:00
Galen Charlton
3fb9fd3d78 authorities: make tag editor links consistent with bib
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-29 06:53:52 -06:00
Joshua Ferraro
da8a4ca991 BIG COMMIT: minimal fix to authorities search
This is a minimal fix -- pname authorities work propertly, but nothing
else has been tested yet

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-26 20:23:16 -06:00
Henri-Damien LAURENT
65295e5e22 authorities result lists where badly paged.
finalresult contained the whole list and not only the useful results.
resultlist contained only 19 elements. adding one
parameters passed through pages contained also empty parameters deleting them.
Conflicts:

	C4/AuthoritiesMarc.pm

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-13 18:25:52 -06:00
Joe Atzberger
81516e16c0 authorities subdir - Dates.pm integration and warnings fixes.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-04 18:21:08 -06:00
Galen Charlton
e515e49bce bugfix: prevent crash when displaying authority record leader
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-13 12:46:42 -06:00
Paul POULAIN
dbafe27e62 removing warn
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-07 08:18:23 -06:00
Paul POULAIN
50e759fdee authority ordering in cataloguing / search authority
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-31 05:42:00 -05:00
Paul POULAIN
8b7085a8ab removing useless code
the 3 parameters :
intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"),
intranetstylesheet => C4::Context->preference("intranetstylesheet"),
IntranetNav => C4::Context->preference("IntranetNav"),

are filled by Auth.pm automatically, removing them in templates

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-24 17:03:38 -05:00
Chris Cormack
606ecb532a Patch from Joe Atzberger to remove $Id$ and $Log$ from scripts
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-18 16:27:04 -05:00
Paul POULAIN
34c8fd7a6a adding YUI tabs support to authority detail
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-17 07:11:44 -05:00
Paul POULAIN
154e383a1d BUGfixing authorities editor
With the YUI tabs, the SINGLETAB feature (that hides tabs when there is only 1) was bugguy
This commit fixes the problem, and solve some other ones :
- order the fields
- resize the input size (see previous commit in addbiblio.pl)
- remove some unused code
- reindent

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-17 07:11:00 -05:00
f50b60cbae Fixing tab display on authorities.tmpl, correcting invalid markup generated by authorities.pl; Change to circulation.tmpl for more generalized tab formatting.
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-10 17:08:16 -05:00
Paul POULAIN
c0c11a87c1 #1444: Porting marcEditor to authorities (tab management)
+ reindenting some code

Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-10-09 19:01:59 -05:00
Henri-Damien LAURENT
82e9f2e9f0 Bug Fixing : privilege for blinddetailbibliosearch mistakenly was editauthorities
Signed-off-by: Chris Cormack <crc@liblime.com>
2007-10-03 14:58:37 -05:00
Paul POULAIN
30fbc40061 BUGFIX (minor)
authority list ordering was bugguy

Signed-off-by: Chris Cormack <crc@liblime.com>
2007-09-30 16:03:35 -05:00
toins
1a48872caa fixed to work with addbiblio. 2007-07-31 16:11:48 +00:00
toins
d81440c91e reindenting + removing unused syspref. 2007-07-26 15:20:22 +00:00