This patch adds HTML comments to Template::Toolkit include files which
contain <script> tags so that it is clear where the embedded scripts can
be found in the code.
To test, apply the patch and view source on the following pages to
verify the presence of the comments:
Acquisitions home page:
- acquisitions-toolbar.inc
- validtor-strings.inc
- js_includes.inc
- format-price.inc
Acquisitions -> Add order from new record,
Acquisitions -> Receive order:
- additem.js.inc
Cataloging -> Add/Edit item:
- columns_settings.inc
- strings.inc
- select2.inc
- calendar.inc
- str/cataloging_additem.inc
Authorities home page:
- authorities_js.inc
Bibliographic detail page:
- catalog-strings.inc
Cataloging -> Advanced editor:
- cateditor-ui.inc
- cateditor-widgets-marc21.inc
Administration -> Item types:
- greybox.inc
ILL requests:
- ill-list-table-strings.inc
Web installer
- installer-intranet-bottom.inc
Web installer -> Onboarding
- installer-strings.inc
Lists -> List contents -> Merge records
- merge-record-strings.inc
Patrons -> Patron -> Change password
- password_check.inc
- str/members-menu.inc
Patrons -> Patron -> Print summary
- slip-print.inc
Circulation -> Check out
- timepicker.inc
Administration -> System preferences:
- str/tinymce_i18n.inc
- wysiwyg-systempreferences.inc
Cataloging -> Z39.50 Search:
- z3950_search.inc
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Since bug 16251 we use TextMarc to get some record fields, however, it throws an error when
processing blank lines.
We should just pass on these rather then erroring
To test:
1 - Define a new macro that delete more fields than it adds
delete 245
2 - Run it
3 - Note an error in JS console, and helpers will not load
4 - Apply patch
5 - Reload, try again
6 - No error
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
There is a 1-1 relationship between the material type values and the
position 00 of 007 field. Selecting a material type should set this
position's value.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The material type is selected in accordance with position 0 of 007
Test plan:
1. Create a new record using the advanced editor
2. Select a material type for field 007 and set at least the position 0
of this field
3. Save the record and reload the page
4. The material type should remain selected
5. Try with all available material types
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The material type is selected in accordance with the leader (06-07)
Test plan:
1. Create a new record using the advanced editor
2. Set the leader 6th position to 'c'
3. Save the record and reload the page
4. 'Music' should be automatically selected for 008
5. Try other values for the leader 6th and 7th positions
See comment 0 of this bug for the complete mapping
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Changes were made to address QA issues from Comment 17
Tests:
1) Verify that a new entry for CONTROL_NUM_SEQUENCE is added to table authorised_value_categories
2) Edit a bib record using advanced editor and note that the 001 widget isn't there when adding/editing 001 field
3) Add a new row into authorised_values table with:
a) CONTROL_NUM_SEQUENCE in category column
b) authorised_value column has a string ending with a number i.e. sprLib0001
c) lib column has a short string indicating the type of control number i.e. "Springfield Library"
4) Edit a bib record using the advanced editor and note that the 001 widget is there when adding / editing 001 field
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Tests:
1) Verify that a new entry for CONTROL_NUM_SEQUENCE is added to table
authorised_value_categories
2) Edit a bib record using advanced editor and note that 001 widget
isn't there when adding/editing 001 field
3) Add a new row into authorised_values table with:
a) CONTROL_NUM_SEQUENCE in category column
b) authorised_value column has a string ending with a number i.e.
"faw0001"
c) lib column has a short string indicating type of control number
i.e. "FAW"
4) Edit a bib record using the advanced editor and note that the 001
widget is there when adding / editing 001 field
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Define a new authorised valued category "CONTROL_NUM_SEQUENCE"
2 - Add a value/sequence
The authorised_value is the starting value - shoudl end in a number
that can be incremented e.g. "control_sequence_001"
The description field is the name for the seqeuence
Opac description is unused
3 - Edit a record in rancor
4 - Note the new widget and option to increment or assign manually
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This add/updates some codes from updates 22 (Apr/16)
and 23 (Nov/16)
Update 22 https://www.loc.gov/marc/up22bibliographic/bdapndxg.html
Sound Recording 007/03 n (new)
Sound Recording 007/10 n (new)
Sound Recording 007/01 r (new)
Sound Recording 007/01 s (new)
Update 23 https://www.loc.gov/marc/up23bibliographic/bdapndxg.html
Leader/18 n (new)
Music 008/20 p (new), b (renamed)
To test:
1) Apply the patch
2) Clean your browser cache
3) Go to cataloguing -> new record
4) Leader plugin: check leader/18, new option 'n'
5) 007 Plugin:
a) Sound recording
check 007/01 new 'r'
check 007/03 new 'n'
check 007/10 new 'n'
b) Electronic resource
check 007/01 new 's'
6) 008 Plugin: Music, check 008/20 renamed 'b', new 'p'
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Remove line:
var now = new Date(); from both subfields
Also fix 18 positions (00-17) for default data in 006 field
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Don't default char 5 (is undefined in some forms)
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
Open advanced cataloging editor
Experiment with 006 and 007 fields and ensure helpers function for all
material types
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This fixes the following issues:
* ISO2709 import fails for Unicode
* Import only works with .mrc/.xml extensions
* MARC21 widgets not translatable
* Macro UI broken
* Uppercase subfield codes forbidden
* Tag with no valid subfields shows as error but tries to save
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Full test plan is posted on bug. Test plan for system preference:
1. Apply patch, clear cookies.
2. Go to "Cataloging."
3. Add new record, verify that basic editor is used.
4. Navigate to existing record, click on "Edit record", verify that
basic editor is used.
5. Inside basic editor, verify that no button appears to switch to the
advanced editor.
6. Enable the "EnableAdvancedCatalogingEditor" syspref.
7. Repeat above steps, should still go to basic editor, but button
should appear to switch to the advanced editor; click it.
8. Now, adding new records and editing existing records should go to
the advanced editor.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
