IntranetUserJS was missing (?!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We want to encode HTML characters for the "key => value"'s
like branchcode => branchname
But not the whole JSON string
We could have done it controller-side but it sounds better to do it as
we do for other places
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This is definitely wrong, html is generated in C4/Creators/Lib.pm (see
FIXME).
We will need to fix it, but let's do that later!
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
On the way the itemtype is not displaying correctly the description
instead of the code (in the relative's checkouts table)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Syntax was wrong:
Template process failed: file error - parse error - bodytag.inc line 4:
unexpected token (_)
It's escaped later so sounds ok here
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We will have to make sure this filter (HtmlTags) is not used with
unsafe variables.
Generated by:
perl -p -i -e 's/HtmlTags tag([^\|]*)\| html -%]/HtmlTags tag\1-%]/g' **/*.tt **/*.inc
perl -p -i -e 's/HtmlTags tag([^\|]*)\| html %]/HtmlTags tag\1%]/g' **/*.tt **/*.inc
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The step to install optional/mandatory things is broken with
many <br />'s instead of line breaks.
TEST PLAN
---------
1) Back up database
2) Drop database
3) Create empty database
4) Run web installer
-- Notice that step 3 has ugly <br />'s at the last
part of step 3.
5) Apply patch
6) Repeat steps 2-4
-- Notice the <br />'s are now nice line breaks.
NOTE: No promises of perfect positioning!
7) Run koha qa test tools.
Joubu: I have no idea if this is still needed. TO TEST
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
https://bugs.koha-community.org/show_bug.cgi?id=13618
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
OCLC has decided to retire all xISBN services:
https://www.oclc.org/developer/news/2018/xid-decommission.en.html
The code for related features has to be removed from Koha.
Test plan:
You need to be familiar with the different sysprefs (I am not):
- FRBRizeEditions
- SyndeticsEnabled
- SyndeticsEditions
- ThingISBN
Make sure there are no regressions introduced by this patchset.
QA Note: C4/XISBN.pm should be renammed
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Remove prefs OCLCAffiliateID, XISBN and XISBNDailyLimit
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The following test can fail if the hold has been generated with found => 'W':
# Failed test 'No tests run for subtest "_koha_notify_reserve() tests"'
# at t/db_dependent/Reserves.t line 675.
Can't call method "to_address" on an undefined value at
t/db_dependent/Reserves.t line 661.
# Looks like your test exited with 255 just after 56.
We should call AddReserve instead.
Test plan:
0. Do not apply this patch
1. Do the following change:
my $hold = $builder->build({
source => 'Reserve',
value => {
borrowernumber=>$hold_borrower,
found => 'W', # This line is added, do not forget the comma above
}
});
2. Prove it makes the test fail
3. stash the changes and apply this patch
4. Make sure the tests pass
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Since bug 20226 you cannot longer creation a patron, memberentry.pl will
explode with
Template process failed: undef error - DBIC result _type isn't of the
_type Category at /home/vagrant/kohaclone/koha-tmpl/intranet-tmpl/prog/en/includes/str/members-menu.inc
line 22.
The problem is that "patron" is actually defined and the test in
str/members-menu.inc does not work as expected.
It comes from
commit 7b1d08df0f
Bug 19936: Replace Generate_Userid - Update the occurrences
where I needed $patron to be defined in order to use Koha::Patron->generate_userid
on an blessed object.
But this was actually wrong, as it could have side-effects.
Test plan:
Create a new patron
Edit it
Retest bug 19936 and make sure the userid is generated correctly in the
different situations
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
If borrowernumber is passed and that it does not refer to a valid patron
in DB, we should not continue the script and display an error instead.
Test plan:
Create a patron
Edit a patron
=> Both should work ok
You can also test the other action memberentry.pl manage.
Edit it again but modify the borrowernumber parameter
=> You should see a friendly user message saying that the patron does
not exist.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch reindents the template for the staff client cart, basket.tt
- Trailing spaces removed
- Indentation changed to a consistent 4 spaces
- Markup indentation made more consistent
To test, apply the patch and add multiple items to the cart in the staff
client.
View the cart and confirm that it looks as it should both in the "brief"
and "more details" views.
HTML validation before and after the patch should return the same
results.
Signed-off-by: DEVINIM <kohadevinim@devinim.com.tr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
it also removes 'category_type' and 'description' from a couple of
opac scripts, they are not needed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch set does several things:
- it removes USER_INFO and BORROWER_INFO
These 2 variables contained logged-in patron's info. They must be
accessed from logged_in_user
- Use patron-title.inc for the breadcrumb at the OPAC, for consistencies
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
1. Open a list of results
2. Use fn+f12 to inspect element
3. Without patch it should show that the image class is 'materialtype'
4. With patch there will be an additional class
-Books = mt_icon_BK
-Kit = mt_icon_MX
-Article = mt_icon_AR
-Continuous resource = mt_icon_CR
-Mixed material = mt_icon_MX
-Computer files = mt_icon_CF
-Map = mt_icon_MP
-Music = mt_icon_MU
-Sound = mt_icon_MU
-Score = mt_icon_PR
-Visual material = mt_icon_VM
OR
1. Try using the classes in css to change the style
-When viewing the details of a record, the material type img should also have the
same changes
-Check that the material type classes in the results page is the same as
the details page
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
I've squashed the patches to make chanes easier readable.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Run koha-rebuild-zebra with multiple '-v'
2 - Note no increased verbosity
3 - Apply patch
4 - Run the updated koha-rebuild-zebra script with multiple '-v'
5 - Note increased verbosity
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Libraries may want to hide personal patron data from the circulation
page for privacy reasons this syspref introduces that ability for
library staff to control the display of this data themselves without
having to ask support vendors to hide it for them.
Test plan:
1. View circulation page and input a patrons barcode or name
2. Notice if the patron has a phone number, email, street address and
city set then these are displayed in the left hand side of the screen
under the patrons name. Otherwise if all/any of these fields are not
set for the patron then the text: "No <datafield> stored." is
displayed.
3. Apply this patch
4. Run ./updatedatabase.pl from the Koha shell to run the atomicupdate
5. Restart memcached and plack
6. Notice a new systempreference named
'HidePersonalPatronDetailOnCirculation' has been added, which has the
default value 'Dont'
7. Without changing the default value notice the personal patron
information is still displayed on the circulation page
8. Change the value of the syspref to 'Do' and now notice the phone
number, email address, street address and city are now hidden in the
circulation page
Sponsored-By: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Code and variables to deal with the update child feature are not
centralized but copied/pasted in several scripts. Which leads to issues
obsviously (bug 20805 for instance).
Moreover the strings used by the templates are also in several template
files (or .inc)
To deal with that this patch introduces the idea to create 1 .inc file
per .js file
Here we have members-menu.inc for members-menu.js
Test plan:
- Remove all your adult categories (categories.category_type='A')
- Create a patron with a child category
- Try to update to adult category
=> The entry does no longer appears! (This is a change in the behaviour)
- Create one adult category
- Update to adult category
=> There is a JS confirmation message, if you accept the patron will
be updated to the adult category
- Create (at least) another adult category
- Create another child
- Update to adult category
=> No more confirmation message but a popup to select the adult category
- Pick one
=> The patron has been updated to the adult category
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Te Rauhina Jackson <terauhina.jackson@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
When generating the checkout notice for a patron we only update the
section in between the '---' tags
For template toolkit purposes it means we cannot affect the content
based on more than a single item. For instance, we want to add the total
cost of all items checked out.
Test Plan:
1) Add "Thank you for visiting <<branches.branchname>>." to the bottom of the checkout notice. Below the second '----'.
2) Check out an item to a patron to generate that notice
3) Note the branch name in the notice
4) Update the branch name in the branches editor, change it to something else
5) Check out a 2nd item to that patron
6) Notice the items list updated, but the branch name did not
7) Apply this patch
8) Check out a 3rd item to that patron
9) Notice the branch name updated this time
Signed-off-by: Te Rauhina Jackson <terauhina.jackson@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes some unnecessary " "'s from the template for
creating a new basket in acquisitions. This fixes the alignment on the
form fields.
To test, apply the patch and go to Acquisitions -> Vendor -> New basket.
All the form fields should be correctly left-aligned with each other.
Signed-off-by: Pierre-Luc Lapointe <pierreluc.lapointe@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch corrects the title tag on the tags review page.
To test, apply the patch and go to Tools -> Tags. The page title
(probably shown in the browser tab) should start with "Koha ->" instead
of "Home ->".
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We do not need this selector, we will not have a table in the toolbar
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Prior to this patch the toolbar was not resized when the window was
resized
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
- add/edit a patron
- resize the window
=> Without this patch a horizontal scrollbar appears when resized
shorter
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch remove some pixels under the toolbar, they were used by the
hidden element.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We should not have twice the same id, we always use fixFloat() on an
element with an id and then duplicate this element.
The id must be changed (just in case)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The OPAC view link in the staff result list already had a target="_blank",
but it didn't work, because of the JavaScript for the result list browser
in staff.
The JavaSript code was looking for the links to the detail page in staff
and this also selected the link to the detail page in OPAC. By changing
detail.pl to \detail.pl opac-detail.pl will no longer be selected.
To test:
- Search in the staff interface
- Click "OPAC view" links in staff result lists
- Click "OPAC view' links in detai page
- Verify both now open in a new tab
- Click other links and test that navigation (previous, next,
return to results) works as expected
- Inside the staff client, you should see something like
searchid=scs_1533922927978 added to the URLs
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Followed the test plan and it works.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
When creating a housebound visit, the names of the chooser and deliverer are the
same as the housebound patron (even though the housebound patron does not have
chooser and deliverer roles).
It has been caused by:
commit 5f80977875
Bug 18403: Use patron-title.inc when hidepatronname is used
patron-title.inc now starts looking for a variable named "patron", which exists in
members/housebound.
A better fix could be to renamed this "patron" variable tested by
patron-title.inc, but at first glance it's the only place this issue
exists.
Test plan:
1- Make sure HouseboundModule is enabled in system preferences
2- Go to a patron file (Patron A)
3- Edit this patron's housebound roles to Chooser
4- Go to another patron file (Patron B)
5- Edit this patron's housebound roles to Deliverer
6- Go to a third patron's file (Patron C)
7- Go to the Housebound tab
8- Fill out the housebound profile for Patron c
9- Click on "Add a new delivery"
10- Fill out day and time
11- Check the Chooser drop down
12- Check the Deliverer drop down
13- Save the delivery
14- Notice the Chooser and Deliverer names are correct
15- Click on the name of the Chooser, it goes to Patron A's file
16- Go back and click on the name of the Deliverer, it goes to Patron B's file
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Jenkins reported failures on a D9 run. No idea why it is failing so
adding diag and wait for the next failure.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
koha_1 | # Failed test 'All directories should be mapped:
.sass-lint.yml,.scss-lint.yml,gulpfile.js,package.json,yarn.lock'
koha_1 | # at t/Makefile.t line 47.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>