Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the staff client patron card creator templates so
that JavaScript is included in the footer instead of the header.
Also changed: Removed "type" attribute from script tags.
To test, apply the patch and test the JavaScript-driven features of
each modified template: All button controls, DataTables functionality,
form validation, etc.
- Creating and managing layouts
- Creating and managing card batches
- Creating and managing card templates
- Creating and managing printer profiles
- Creating and managing images
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The headers of the tables displayed in patroncards/manage.tt are hardcoded in the .pl and thus cannot be translated.
This simple fix reuse the translate_card_element tool already in the code to make the strings translatable.
Applied patch and verified that table headers on manage.pl display the same as before.
Signed-off-by: Marc Véron <veron@veron.ch>
Re-tested, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Change patroncards/create-pdf.pl to redirect with an error message
instead of writing an invalid pdf that does not open in pdf viewer.
To test:
- Apply patch
- Test that pdf creator behaves as before (with valid batches and
patron lists)
- While testing, copy pdf link address from window with title 'Click
the following link(s) to download...'
- Open another staff client browser tab
- Paste link to browser address field, change batch id rsp. patron
list id to an invalid value and submit
- The window should redirect to cgi-bin/koha/patroncards/create-pdf.pl
and display an error message
- Bonus test 1: Create an empty patron list and test patron card
creation. You should get an error message as appropriate.
- Bonus test 2: Use a link with params like the following:
...create-pdf.pl?borrower_number=61&template_id=2&layout_id=1&start_card=1
Verify that you can create a pdf with a valid borrower_number and that
you get the error message with an invalid borrower number
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the use of "onclick" from several patron card creator
templates. Events are defined instead in JavaScript.
Also changed:
- Patron search pop-up window is now slightly larger because I found it
never quite large enough to prevent horizontal scrolling.
- Replaced "Borrower" with "Patron" in a couple of places.
- "Add" link in patron search pop-up is now styled as a Bootstrap
button.
- Removed Bootstrap styles from some submit buttons.
- Some Font Awesome icons were made using the invalid element
<icon></icon> instead of <i></i>. These are corrected.
- Fixed some other HTML validation errors.
To test, apply the patch and go to Tools -> Patron card creator.
- Choose New -> Card batch.
- Click "Add patrons" and perform a search for patrons in the pop-up
window.
- Click the "Add" button. The corresponding borrowernumber should be
added to the textarea in the parent window, and a message should
appear at the top of the pop-up window confirming that the patron
has been added. (Note: This patch fixes a version of Bug 13041 which
prevented the "add" button from working on patrons whose name
include an apostrophe).
- In the parent page, in the list of patrons you added to the batch,
confirm that clicking the "Delete" link triggers a confirmation
dialog. Test both confirming and canceling.
- Confirm that clicking the "Export" button next to an individual
patron triggers a modal window.
- In the export window, confirm that the "Cancel" link works to
close the modal.
- Click the "Export" button again and then the "Export" button in
the modal.
- Test that the "Done" button works to close the modal.
- Choose Manage -> Card batches.
- Test the "Delete" and "Export" buttons as described above.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
All works, no errors.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This patch adds the possibility to print patron cards from patron lists.
To test:
- Go to Home > Tools > Patron card creator
- Prepare a patron card and create some cards using the batch functionality
- Apply patch
- Prepare a patron list e.g. from patron search
- Go to Home > Tools > Patron card creator > Manage batches
- Below the list of batches you have a dropdown to select a patron list
- Select your list and hit "Export from patron list"
- Select template and layout as you would do with batches
- Hit "Export"
- Download PDF
Modified patch to work with Bug 14676 changes. Functionality unchanged.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Liz <wizzyrea@gmail.com>
(Amended to make it apply on current master)
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
The patron card creator should have the Tools area sidebar on its pages. This patch adds it.
To test:
Go to More -> Tools -> Patron card creator
The home page should have the tools sidebar
Click through all of the "New" pages - they should all have the tools sidebar
Click through all of the "Manage" pages - they should all have the tools sidebar
Also verify that on each page, the Patron card creator link in the sidebar is bolded
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Sidebar displayed Ok. No errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Also fixes minor issue with buttons stacking on patroncards/edit-batch
and labels/label-manage
To test:
Export a batch every way you can:
multiple together from label/label-manage
individual items from labels/label-edit-batch
selected items from labels/label-edit-batch
export full batch from labels/label-edit-batch
multiple together from patroncards/manage
individual cards from patroncards/manage
individual cards from patroncards/edit-batch
selected cards from patroncards/edit-batch
export full batch from patroncards/edit-batch
Also notice that before this patch, the delete and export buttons
were stacking on the table rows, and that now they are not doing
that anymore. It may take a force refresh to see the behaviour and
the change.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Previously the code didn't work if there was only one batch available for selection.
This fixes that now. Also there was a bug with wrong string showing now it's
changed to a general one, "items". I choosed the string "items" because there was
difficulties adding the plural part of the word. One cannot add just s to the end
of the word batch like you can in the case of profile.
Sponsored-by: Vaara-kirjastot
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patches remove a trailing whitespace and simplify 2 parts of code.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Allows the user to delete multiple patron card batches.
Test plan:
1. Add first some 20 batches
2. Go to the edit page of some X batch by first selecting from the
batch list the batch you want to edit and then after that by clicking
edit.
3. Delete one batch by selecting one batch and then clicking delete.
4. Select 0 batches and click delete, notice you cannot delete.
5. Select 0 batches and click edit, notice you cannot edit.
6. Select 2 batches and click edit, notice you cannot edit.
7. Apply patch
8. Check that steps from 2-6 work like they worked before.
(and add more batches so that you have ~20 of them)
9. Select 2 batches and click delete. Make sure they are deleted.
10. Try to figure out some anomalies this patch might have caused.
Sponsored-by: Vaara-kirjastot
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the page title and breadcrumbs more consistent.
It does so by removing some text (Manage...) and using Edit (id) and Create
on building both the breadcrumbs and titles.
To test:
- Traverse all the Label creator options
=> FAIL: the texts are not consistent and don't match what we use in the patron card creator.
- Apply the patch
=> SUCCESS: Terminology is consistent, titles and breadcrumbs show the same information
- Sign off :-D
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It does so by slightly changing the naming schema, in line with bug 14667
changes.
It also corrects a minor bug in the breadcrumbs for printer profiles.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Reasoning
Librarians will be doing patron card things in the following frequencies, from most frequent to least frequent:
1. Creating new patron card batches - every day/every few days
2. Managing existing card batches - every day/every few days
3. Managing existing card layouts - as needed, infrequent
5. Managing existing card templates - as needed, infrequent
6. Creating new card layouts - as needed, infrequent
7. Creating new card templates - as needed, infrequent
8. Managing existing printer profiles - possibly once only!
9. Creating new printer profiles - possibly once only!
This change to the patron card creator aims to make the most frequently used items easily accessible at the top of the main area,
reduces clutter on the page, and makes the label creator fall in line with UI paradigms found elsewhere in Koha.
I think I've also improved the translatability here somewhat, please check that.
To test:
Open the patron card creator: More -> Tools -> Patron card creator
Note that the toolbar has changed. It should be consistent across all of the patron card creator (it is an include).
+ New menu:
patron card batch
1. make sure it looks ok - toolbar buttons are consistent at the top of the main block.
2. add patrons both by borrowernumber, and by search
3. note that the usual buttons have moved below the textarea, and now have icons.
4. delete and export single patrons using the buttons corresponding to each patron
5. select multiple and use the buttons above the table to remove and export selected patrons
6. export a full batch
7. deduplicate a batch
There should be no regressions in functionality.
Image
1. This menu item should take you directly to the upload/delete images interface
2. Upload an image, note success message is now below the form, eliminating the jumping box.
3. Delete single images using the buttons
4. Delete multiple images using the tickboxes and "Delete selected"
5. Not deletion success message is below the table, eliminating the jumping box.
Layout
1. This menu item should take you directly to the "Edit layout" screen.
2. no functional changes here.
3. note toolbar at top is consistent
Card template
1. this menu item should take you directly to the "Edit patron card template" page.
2. no functional changes here.
3. note toolbar at top is consistent.
Printer profile
1. this menu item should take you directly to the "Edit printer profile" page.
2. no functional changes here.
3. note toolbar at top is consistent.
+ Manage menu:
Card batches
1. This menu item should take you directly to the "currently available batches" page.
2. select a batch to edit using the buttons - it should take you to the editing interface
3. select a batch to delete using the buttons - it should ask for confirm.
4. select several batches using the tickboxes, and select Export selected. Batches should be exported as normal.
5. note toolbar at top is consistent.
Images (this is actually the same page as on the new menu, I included it in both because it does both functions - can change if requested)
1. This menu item should take you directly to the upload/delete images interface
2. Upload an image, note success message is now below the form, eliminating the jumping box.
3. Delete single images using the buttons
4. Delete multiple images using the tickboxes and "Delete selected"
5. Not deletion success message is below the table, eliminating the jumping box.
Layouts
1. This menu item should take you directly to the "currently available layouts" page.
2. select a layout to edit using the buttons
3. select a layout to delete using the buttons
4. note toolbar at top is consistent.
Card templates
1. This menu item should take you directly to the "currently available templates" page.
2. select a template to edit using the buttons
3. select a template to delete using the buttons
4. note toolbar at top is consistent.
Printer profiles
1. This menu item should take you directly to the "currently available profiles" page.
2. select a profile to edit using the buttons
3. select a profile to delete using the buttons
4. note toolbar at top is consistent
+ General
* note that sidebar now only has "labels home" instead of the full "manage" list. It seemed redundant with the toolbar tidied up.
Please note that I am happy to take suggestions/amendments to these changes.
Followed test plan, behaves as advertised.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Trim leading and trailing whitespace in the text generated
by the translate_card_element block to avoid generating
unescaped multi-line strings, which breaks the JavaScript
To test:
[1] Test actions in the patron card creator that generate
JavaScript alerts, such as hitting the delete button
without first selecting a batch or profile.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
To test:
1) cd misc/translator
2) perl translate update xx-YY
3) check that there's no msgid that contains the patron card label
element title texts in po/xx-YY-i-staff-t-prog-v-3006000.po
4) apply patch
5) perl translate update xx-YY
6) check po/xx-YY-i-staff-t-prog-v-3006000.po that it contains the
msgid. (search for "BLOCK translate_card_element")
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. Tested updating po file, translating and installing
language, checked on tools page.
No errors
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Currently translating Javascript strings with variables in them is hard,
because the strings are created from separate parts. For example:
_("Are you sure you want to delete the") + " " + count + " " +
_("attached items?")
This is translated in two different parts, and the translator cannot
affect the place where the count-variable is.
Now, if the javascript strings allowed placeholders, similar to how the
template strings do, the above could be written as:
_("Are you sure you want to delete the %s attached
items?").format(count)
This would make translation much easier.
Attached patch adds a Javascript string formatter, and changes all the
concatenated translatable JS strings used in intranet to use that.
To test:
1) cd misc/translator
2) perl translate update xx-YY
3) grep ^msgid po/xx-YY-i-staff-t-prog-v-3006000.po | sort | uniq >
xx-YY-pre
4) apply patch
5) perl translate update xx-YY
6) grep ^msgid po/xx-YY-i-staff-t-prog-v-3006000.po | sort | uniq >
xx-YY-post
7) compare the files: diff -Nurd xx-YY-pre xx-yy-post | less
should show the javascript strings that changed.
8) Test the UIs where the formatted js strings are used.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I tested *most* of the changed files. There were some instances where it
wasn't clear to me how to trigger the warnings which were modified,
especially tags/review.tt, admin/manage-marc-import.tt, and holidays.tt.
Everything I was able to test worked correctly.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely, no regressions found. Thx!
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The patron card creator error message include uses a non-standard method
for displaying error messages, and is poorly-named.
This patch converts the method of displaying error messages for various
patron card creator options to the standard one ('<div class="dialog
alert">') and renames the include file to make it clear that it relates
only to patron card creator operations.
To test, perform various operations:
- Go to 'manage images' and try to upload a file which exceeds the
500KBfile size limit
- Go to the edit batch page and manually append an error code to the
URL: /cgi-bin/koha/patroncards/edit-batch.pl?op=new&error=403
- Go to one of the manage pages and manually append an error code to the
URL:
/cgi-bin/koha/patroncards/manage.pl?card_element=profile&error=201
Correct display of an error message indicates that the include file is
being found.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes test plan, test suite and QA script.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Buttons on the patron card creator's manage pages (manage templates,
manage profiles, etc) are styled using YUI. They can be classified as
submit buttons rather than toolbar buttons, so they should have default
submit button styles.
This patch removes YUI styling and related JavaScript. Other minor
changes: Escaping strings in JavaScript for translation.
To test, view the patron card creator's manage page for layouts,
templates, profiles, and batches. "Edit," "Delete," and "Export" buttons
should look correct and work correctly.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Comment: Work as described. On errors.
Tested all manage pages, edit, delete, and export buttons.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely, improves consistency.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I tested most scripts affected by this patch and visually verified
all changes. Functionality is unaffected.
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
After talking to Owen we decided to use 2 classes for those modules. I decided on:
patroncard: tools, pcard
labels: tools, labels
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
standardized the use of the term "library" instead of "Branch" accross the interface and opac
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>