This patch changes the label of the "New fields" button on the
subscription add fields page to read "New field," making it consistent
with similar buttons in the staff client.
Also changed:
- Add missing id to <select> to make label clickable.
- Remove custom DataTables configuration in favor of defaults.
To test, apply the patch and go to Serials -> Add subscription fields.
- The button in the toolbar should read "New field."
- The DataTables' functionality of the table of existing custom fields
should be correct.
- Click the "New field" button.
- Cliking the "Authorised value category" label should put the focus
on the dropdown.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several serials templates to use the
Bootstrap grid instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags and "text/css" attributes from <style> tags in the
modified templates.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Serials -> Add subscription fields
- Add or edit subscription fields
- Serials -> Check expiration
- Serials -> Claims
- Serials -> Subscription
-> Serial collection
-> Edit serials
-> Routing list
- Save and preview routing list
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies some staff client serials templates so
that JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Serials -> New subscription
- Search for a vendor
- "Choose" link and "Cancel" button should work correctly
- Search for record
- "Choose" link and "Cancel" button should word correctly
- Serials -> Add subscription fields
- Datatable, delete confirmation
- Edit
- Form validation (submit both authorised value and MARC field)
- Serials -> Check expiration
- Date picker in search form
- Search
- Renew button triggers popup
- Serials -> Claims -> Search results
- Date picker, datatable, form validation
- Select all/none; Download claims
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The subroutine C4::Koha::GetAuthorisedValueCategories just retrieves all
the authorised value categories.
We already have a method in the Koha::AuthorisedValues module to do this
job, let's use it!
Technical explanations:
The new subroutine of the AuthorisedValues TT plugin will allow to get
the authorised value categories from the templates.
The new html_helpers include file will get rid of the if selected else
end statements. Bug 15758 already uses this file, see the commit
description for more informations.
Test plan:
1/ Create or edit a new fund (aqbudgets.pl), the fields "statistic 1"
and "statistic 2" should be correctly filled with the list of authorised
value categories
2/ Edit subfields for a biblio and authority framework.
The "Authorized value" dropdown list should be correctly filled on both
pages
3/ Create new items search fields (from the administration area), same
as previously, the authorised value category dropdown list should be
correctly filled
4/ Add and edit patron attribute types, check the authorised value
category list.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The staff client CSS is not language-specific, so it can be moved out of
the en/ directory and thus not be duplicated for every translation.
In order to be able to have a generic path to the YUI CSS files, the YUI
directory is moved by this patch to the staff client's lib/ directory.
To test, apply the patch and visit various pages in the staff client.
Look in particular at pages which include more than the standard CSS.
For example:
- The staff client login page.
- The staff client home page.
- Patron -> Set permissions.
- The advanced cataloging editor.
- Acquisitions -> Vendor -> Basket groups.
- Tools -> News -> Edit news.
- Administration -> System preferences.
Revised: I intended for this to be built on top of Bug 15883. Now it is.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of 15883
Works as described, all pages on test plan
No Errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1) Go to Serials -> Add Subscription fields
2) Create a field, confirm message.
3) Attempt to create a new field that has the same name as an existing
field, confirm message.
4) Create another field with a different name. Attempt to edit this
field to have the same name as another field. Confirm message
5) Edit field (change name to something different)
6) Delete field, confirm message.
6) Turn off permissions to delete subcriptions ONLY. Attempt to delete a
field, confirm message.
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
To test:
1) Go to Serials -> Add subscription fields
2) Confirm actions "Edit" and "Delete" now show as buttons and work as
expected
3) When you make your browser narrow, confirm that the Actions column
does not wrap
4) Confirm that you cannot sort on the Actions column
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
To test:
1) Notice behaviour when adding subcription field (Serials) without a
name
2) Apply patch
3) Attempt to create subscription field without a name and click Save
4) Notice that you not cannot submit the form without adding the name
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch fixes the following QA issues:
FAIL koha-tmpl/intranet-tmpl/prog/en/modules/serials/claims.tt
FAIL forbidden patterns
forbidden pattern: KohaAuthorisedValues plugin is deprecated (see bug 10626) (line 2)
FAIL koha-tmpl/intranet-tmpl/prog/en/modules/serials/subscription-detail.tt
FAIL forbidden patterns
forbidden pattern: KohaAuthorisedValues plugin is deprecated (see bug 10626) (line 2)
FAIL koha-tmpl/intranet-tmpl/prog/en/modules/serials/add_fields.tt
FAIL forbidden patterns
forbidden pattern: To include datatables files, please use the include file (see bug 10868) (line 12)
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds an interface configuration for adding fields to
subscriptions.
Test plan:
- go to serials/serials-home.pl
- click on the "Add subscription fields" link on the left of the screen
- try to add/update/delete new fields
You are not abble to add a field with an authorised value category and a
marcfield. Columns are sortable
- for the rest, you should have, at least:
* a new field named af1, sortable, linked to a category
* a new field named af2, sortable, linked to a marcfield
* a new field named af3, not sortable
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
