Commit graph

14 commits

Author SHA1 Message Date
2f292b25ce Bug 26703: serials folder
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.

To test:
1) Apply patch
2) Ensure each of the files in the serials folder are swapped around
to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to
these files also display the changes

Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-21 11:16:35 +02:00
5c68609110 Bug 27561: Remove type attribute from script tags: Various templates
This patch replaces remaining instances of <script type="javascript"> in
templates with "<script>."

To test, apply the patch and check the changes to the template. Verify
that the changes look correct.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-01 16:36:38 +01:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
b86a9ee984 Bug 20037: Switch single-column templates to Bootstrap grid: Serials
This patch updates several single-column Serials module templates to
use the Bootstrap grid. In addition to grid changes, some templates have
been modified to include the footer with the correct popup parameter.

- serials\acqui-search.tt - Go to Serials -> New subscription. Click
  "Search for a vendor."

- serials\acqui-search-result.tt - Vendor search results

- serials\result.tt - Click "Search for record."

- serials\subscription-bib-search.tt - Catalog search results.

Each of these pages should look correct.

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-18 16:48:48 -03:00
b59988f78d Bug 19738: Fix XSS on vendor name in serials module
Test plan:

1) do not apply this patch
2) Have at least one vendor which name does contain javascript, for
example: <i>Vendor 1</i><script>alert('Hi');</script>
3) go to serial module and create new subscription
4) use "Search for vendor"
5) Search for your vendor, when search results table is presented, the
javascript is executed
6) go through subscription creation and save the new subscription
7) On subscription detail page, the javascript is executed as well
8) apply this patch
9) Repeat 3-7, the script is not executed, the input is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-15 16:04:40 -03:00
cc4cf2bde4 Bug 19758: Move template JavaScript to the footer: Serials, part 1
This patch modifies some staff client serials templates so
that JavaScript is included in the footer instead of the header.

To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.

- Serials -> New subscription
  - Search for a vendor
    - "Choose" link and "Cancel" button should work correctly
  - Search for record
    - "Choose" link and "Cancel" button should word correctly
- Serials -> Add subscription fields
  - Datatable, delete confirmation
  - Edit
    - Form validation (submit both authorised value and MARC field)
- Serials -> Check expiration
  - Date picker in search form
  - Search
    - Renew button triggers popup
- Serials -> Claims -> Search results
  - Date picker, datatable, form validation
  - Select all/none; Download claims

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-14 16:58:13 -03:00
804677265e Bug 16239: Update templates
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 14:41:22 +00:00
Aleisha Amohia
cc4bcd85db Bug 17165: Improve heading on vendor search when searching for all vendors in Serials
To test:
1) Go to Serials
2) Click New subscription or edit an existing one
3) Click Search for a vendor
4) Make a search that will return no results (i.e. has a typo etc.)
5) Confirm there is an appropriate message
6) Go back and make a search that will return results (i.e. putting in one letter
    'a' etc.)
7) Confirm that heading is worded better and search term is displayed
8) Go back and make search without entering any search terms
9) Confirm that heading is worded better, no search term is displayed

Sponsored-by: Catalyst IT

Patch behaves as dexcribed.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 14:01:16 +00:00
c585c9cf9d Bug 16968 - Remove the use of "onclick" from serial patron and vendor search templates
This patch removes instances of "onclick" from the serials templates for
patron and vendor search.

To test, go to Serials and click "New subscription."

- In the new subscription form, click the "Search for a vendor" link.
- In the popup, search for a vendor. Confirm that clicking "Choose"
  selects the correct vendor.

- From the detail page of an existing subscription, click "Create
  routing list."
- Search for a patron and test that the "Add" button in search results
  works correctly to add patrons to the routing list.

Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-09 13:23:11 +00:00
255c0af989 Bug 15927 - Remove use of <tr class="highlight"> for alternating row colors
The "highlight" class on table rows is unnecessary since we have a CSS
rule which defines colors for alternating row colors. This patch removes
use of the "highlight" class from templates and removes the definition
from staff-global.css

To test, view the affected pages and confirm that the change has not
broken anything.

Acquisitions -> Vendor -> View basket
Acquisitions -> Late orders
Acquisitions -> Ordered
Acquisitions -> Vendor -> Receive shipment
Acquisitions -> Spent
Acquisitions -> Vendor details -> Contracts table
Administration -> MARC frameworks (comment removed only)
Administration -> Class sources
Authorities -> Authority search results
Catalog -> Bibliographic detail page -> Items -> View item's checkout
   history
Catalog -> subject.tt (is this template used?)
Cataloging -> Cataloging search results
Patrons -> Patron account
Reports -> Patrons who haven't checked out
Reports -> Statistics wizards -> Patrons
Reports -> Top lists -> Most-circulated items
Reports -> Inactive -> Items with no checkouts
Reports -> Reports dictionary
Reports -> Statistics wizards -> Circulation
Reports -> Statistics wizards -> Holds
Holds -> Place a hold -> Existing holds table
Serials -> New subscription -> Search for a vendor -> Search results
Serials -> Check expiration
Serials -> Subscription -> Serial collection
Serials -> Subscription -> Serial collection -> Edit serials
Suggestions
Tags -> View tags -> View titles with a tag
Tools -> Manage staged MARC records -> Batch (I think the affected
section of this template is obsolete)
Tools -> Log viewer -> Log result
Lists -> View lists (May be broken by Bug 15916)

Note that if you search the templates for instances of a <tr> with a
"highlight" class you'll find two instances in slip templates which
refer to a class defined in printreceiptinvoice.css.

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
  Looks good. Haven't seen any regression.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-02 22:07:13 +00:00
Katrin Fischer
07eeb4b187 Bug 2780 - Capitalize strings consistently (serials)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
2012-04-10 10:04:15 +02:00
Katrin Fischer
0f39b52048 Add ids and classes to every staff page to help with customization (serials)
http://bugs.koha-community.org/show_bug.cgi?id=7760
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
2012-03-22 18:12:31 +01:00
Frédérick Capovilla
ddcf63d29b Bug 6444 Corrects encoding problems in subscription-add.pl
When searching for a vendor, if the vendor has accented character in its
name, the vendor's name that's added in the form of subscription-add.pl
is encoded incorrectly.

[2011.06.01] F. Demians. Port it to 3.4

Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-06-05 18:41:43 +12:00
Chris Cormack
5884fb1000 Bug 5917 : Swapping templates over 2011-04-10 20:38:30 +12:00
Renamed from koha-tt/intranet-tmpl/prog/en/modules/serials/acqui-search-result.tt (Browse further)