Commit graph

353 commits

Author SHA1 Message Date
de7ba790fd Bug 9951: Followup for tools/viewlog.pl
Adds utf8 cgi parameter decoding.

Test plan: Enter diacritics in librarian field. Submit. Check.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

This is ok in this case, as we are not doing any post/get of binary
data, but I note from the man page

This makes CGI.pm treat all parameters as UTF-8 strings. Use this with
care, as it will interfere
with the processing of binary uploads. It is better to
manually select which fields are expected
to return utf-8 strings and convert them using code like
this:

  use Encode;
  my $arg = decode utf8=>param('foo');
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-19 23:25:48 -04:00
2c2dfd91e7 Bug 9905 - Use DataTables on calendar page
The calendar management page uses the old tablesorter plugin. This patch
replaces tablesorter code with DataTables.

In order to easily sort date columns under various dateformat system
preference settings, date columns now sort based on an unformatted date
in a <span>'s title attribute (requiring the patch for Bug 9887).

To test, view the calendar page--preferably with plenty of existing
holiday data to populate the holiday summary tables. Confirm that
sorting works correctly on all sorted tables with the dateformat
preference set in all settings.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Note: This has to be tested together with the patch for bug 9887.
All tests and QA script pass.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-15 09:13:33 -04:00
a4e804fceb Bug 9917 - Routing list tab on patron account should depend on syspref/permission
The routing list tab displays on patron pages even if the RoutingSerials
preference is OFF. Display of the tab should be conditional on that pref
being turned on.

This patch adds a check for the RoutingSerials preference to the menu
include files and amends the affected scripts to make the variable
available on the pages where those includes are used.

To test, view the following pages with RoutingSerials both on and off.
The routing list tab should be shown and hidden accordingly:

- Circulation
- Patron details
- Patron fines
- Pay fines
- Pay amount/selected (click from the Pay fines page)
- Create manual invoice
- Create manual credit
- Patron circulation history
- Patron modification log
- Patron notices
- Patron routing lists
- Patron statistics
- Patron files
- Patron permissions
- Set patron password
- "Can't delete patron" page (try to delete a patron with checkouts).

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Touches a lot of files, but only a tiny change in each, works well.
Could perhaps be set in C4/Auth instead, but that's no reason not to
sign off

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests and QA script pass.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-31 08:52:35 -04:00
Dobrica Pavlinusic
6004d37f56 Bug 8378 - show all items columns and new items.fine
This allows users to select any columns from items and adds new
items.fine field introduced by previous patch to user interface.

Note: This works as expected. items.fine appears as an option and gets inserted in the notice template as expected.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-21 21:53:06 -04:00
Fridolyn SOMERS
24eac82456 Bug 9415: XML catalog export is missing root node
When exporting some biblio or authorities records with tools/export.pl (via web client or command-line) :
If choosing XML format, you get a concatenation of full XML records.

This patch uses MARC::File::XML to create a well formated file.
See http://search.cpan.org/~gmcharlt/MARC-XML-0.93/lib/MARC/File/XML.pm#close%28%29

Test plan:
- Go to Tools/Export data
- Enter numbers in from and to biblio number
  (make sure that at least two records will
   be exported).
- Select xml in file format
- Click "Export bibliographic records"
- Save file somewhere
- Look at downloaded file
=> File should look like :
   <?xml version="1.0" encoding="UTF-8"?>
   <collection
   ...

   <record>
   ...
   </record>

   <record>
   ...
   </record>

   </collection>
=> "collection" is the root node and XML declaration exists only once
- Do the same for authorities export and command-line use of tools/export.pl

Second test plan:

- From the command line, run tools/export.pl, e.g.,

  tools/export.pl  --format=xml --filename=bibs.xml

- Verify that the output is valid XML, e.g.,

  xmllint --noout bibs.xml # if the file is valid, no error messages will be displayed

Signed-off-by: Galen Charlton <gmc@esilibrary.com>

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-19 22:07:02 -04:00
a03c6ce587 Bug 9650 - Show message if there are no notices
When there are no notices for the selected library, the
interface displays a table header with an empty table.

This patch adds a message which appears when there are no
notices for the selected library, or if no library selected
and there are no notices at all.

To test, visit the notices and slips page and
select a library for which there are no notices. A message
should be displayed, "There are no notices for this library."

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Work as described. No errors.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-20 08:25:33 -05:00
Jared Camins-Esakov
75703cf604 Bug 9421: tools/picture-upload.pl not Plack-compatible
This patch avoids using file-level private variables in subroutines
by passing the needed variables as parameters to the subroutines.

To test (under Plack):
1) Try uploading a patron image without applying the patch. Notice
   it fails.
2) Apply patch.
3) Try uploading a patron image again, noticing this time it succeeds.

To test (under Apache):
1) Apply patch.
2) Try uploading a patron image, confirm that it works.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Fixes Plack, does not break Apache. Works as expected.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-06 12:35:46 -05:00
11feabf09b Bug 9509 - batchMod.pl does not ensure each barcode is unique
Test plan:
1) Browse to Tools › Batch item deletion
2) Enter a list of barcodes, make sure you have at
   least one barcode listed more than once
3) Click continue
4) Verify the duplicated barcode shows up multiple times in the table
5) Apply patch
6) Refresh the page
7) Verify each barcode now displays only once

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
verified bug and fix - both good.

Nice test plan, thanks!

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-05 07:36:13 -05:00
Jonathan Druart
a469663d7b Bug 9108: Followup: send the dateformat value from C4::Auth
- the dateformat value is send to all templates (from
  C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files
- the DHTMLcalendar_dateformat variable is unused

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Fixed conflicts:
 - opac/sco/sco-main.pl
 - reports/acquisitions_stats.pl
 - tools/cleanborrowers.pl

All tests pass, perlcritic problems appeared in some files
before and after these patches were applied.

Checked sorting in following pages:
- acqui/addorderiso2709.tt - list of staged imports in acq
- acqui/histsearch.tt - sorting of dates in acq search result list
- acqui/invoices.tt - billing date in list of invoices in acq
- acqui/lateorders.tt - list of late orders in acq
- acqui/ordered.tt - ordered titles and estimated costs for a fund
- acqui/parcels.tt - receive shipment page
- acqui/spent.tt - received titles and actual costs for a fund
...
- serials-search.tt - subscription search result list
...
- opac/sco/sco-main.tt - due dates in list of checked out items
- reports/acquisitions-stats.tt - date searches, display of dates
- tools/cleanborrowers.tt
- tools.holidays.tt - different views of dates library is closed,
  adding dates

Checked dates display according to system preference everywhere and
searching, entering dates etc. still worked as expected.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-17 21:59:30 -05:00
Fridolyn SOMERS
e81cc3d1d3 Bug 9065 - set correct permission for upload local cover image
This patch fixes a problem where if a staff user has the
upload_local_cover_images permission (and is not a superlibrarian
and does not have all of the tools permissions), trying to use the
"Tools -> Upload local cover image" will fail with "You do not have
permissions [...]".

To test after applying the patch:

- Create a staff uesr that has just the catalogue and
  upload_local_cover_images permission.
- Log in as that staff user.
- Go to "Tools -> Upload local cover image".
- Verify that one is given the form to upload a cover image.
- Without the patch, one will be presented with the login
  form instead.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

mysql> select * from permissions where code="upload_cover_images";
Empty set (0.00 sec)

mysql> select * from permissions where code="upload_local_cover_images";
+------------+---------------------------+---------------------------+
| module_bit | code                      | description               |
+------------+---------------------------+---------------------------+
|         13 | upload_local_cover_images | Upload local cover images |
+------------+---------------------------+---------------------------+
1 row in set (0.00 sec)

"git grep upload_cover_images" returns 0 result.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-13 08:32:18 -05:00
280037da0c Bug 9076 - QA Followup - Rename GetBorrowersWhoHaveNotBorrowedSince to GetBorrowersToExpunge
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-07 22:01:36 -05:00
d9b0c46d2e Bug 9076 - Followup - Perltidy cleanborrowers.pl
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-07 22:01:36 -05:00
568a4c1230 Bug 9076 - Add ability to delete borrowers by expiration date and category code to cleanborrowers.pl
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Tested per plan, works. Staff category is not shown, and patch passes automated testing.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-07 22:01:35 -05:00
Jared Camins-Esakov
5d7b5533f1 Merge branch 'bug_7368' into 3.12-master 2012-12-27 10:14:45 -05:00
86fa020ef8 Bug 7368: Update GetXmlBiblio documentation
Only changing some documentation about GetXmlBiblio

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Added the word 'contain'

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
2012-12-27 10:14:19 -05:00
Jonathan Druart
acbfe26c9e Bug 7919 : Display of values depending on the connexion library
In a librairies network, we would like to declare specific values just
for one (or more) library.
Here we implement the ability to associate categories, patron attributes
types and/or authorised_values with librairies (branches).

This patch adds 3 new association tables:
- categories_branches ( association table between categories and branches )
- authorised_values_branches ( association table between
  authorised_values and branches )
- borrower_attribute_types_branches (association table between
  borrower_attribute_types and branches )

Plan test:
  - Create (or modify) categories, patron attributes and
    authorised_values and link it with one (or more) library.
  - Set one of these librairies
  - Go to one of the multiple pages where this specific value must be displayed
    and check that it does appear.
  - Set a library not concerned.
  - Check on the same pages this value is doest not appear.

A page list:
cataloguing/addbiblio.pl
cataloguing/additems.pl
members/members-home.pl
members/memberentry.pl
acqui/neworderempty.pl
tools/modborrowers.pl
and others :)

Please say me if filters don't work on some pages.

Signed-off-by: Delaye Stephane <stephane.delaye@biblibre.com>
Signed-off-by: Koha Team Lyon 3 <koha@univ-lyon3.fr>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Melia Meggs <melia@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-05 10:10:57 -05:00
Marc Veron
6812cc14b5 Bug 9010 - Follou up Quote of the day: Umlauts do not display correctly
After applying Serhij's patch I had still troubles with umlauts, e.g. while editing or adding a new quote.

Added explicit utf-8 encoding at 3 places.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Passed-QA-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-09 20:02:11 -05:00
Serhij Dubyk {Сергій Дубик}
0680433872 Bug 9010 - Quote of the day: Umlauts do not display correctly Added utf8-encoding in json-header for correct view quotes in quotes editor.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Passed-QA-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-09 20:01:44 -05:00
Paul Poulain
4e5922b387 Bug 8842 fix Plack scoping for holidays
the internal sub add_holiday uses some variables that are defined in the main script, usual fix

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-05 08:41:17 -05:00
Paul Poulain
b6b6329435 Bug 8904: fix Plack scoping for overduerules.pl
There are 2 Plack scoping errors in tools/overduerules.pl:
the local sub blank_row require that @rule_params and input are global

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Passed-QA-by: Mason James <mtj@kohaaloha.com>y
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-04 19:58:33 -05:00
Fridolyn SOMERS
2f860e36f6 Bug 7455: Authority subfields are cloned in the wrong field
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Passed-QA-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-01 09:50:32 -04:00
715c52977a Bug 8980 - Untranslatable strings in modborrowers.pl
This patch removes the declaration of interface labels
from the script and puts it in the template where the
labels can be translated. The labels have been modified
to match those used on the patron entry form.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-30 18:28:35 +01:00
Mark Tompsett
2317b233e1 Bug 8861 - Undefined variables in batchMod.pl trigger error logs
Initialized $op, and changed lines like "$op => 1" and
"$error => 1" into separate, conditional template param calls.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-19 17:48:32 +02:00
caec1ddfa4 Bug 8843 - Cannot export bibliographic records by call number
When building the query for exports by call number the script
has the logic reversed. It tries to select records with call
numbers less than the starting call number and greater than
the ending call number. This should be reversed.

To test, test an export in an unpatched system. An export by
call number will return an empty file. After applying the patch
an export by call number should give valid results.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Works as expected.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-12 16:38:50 +02:00
Ivan Brown
065acad78f Bug 7643 - Can't upload and import zipped file of patron images
Fixed problem with re-declaration of $filesuffix

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
patch pushed onto master directly, doesn't merge properly from
new/bug_7643 branch
2012-10-12 16:31:46 +02:00
Julian Maurice
39ad9abb74 Bug 8801: Add menu entry to delete items in batch
In catalogue/detail.pl you can now select "Delete items in batch" in
"Edit" menu. You are redirected to batchMod.pl for chosing which items
have to be deleted.
You need to have 'tools.items_batchdel' permission to see this menu
entry.

Signed-off-by: Marc Veron <veron@veron.ch>

Works as expected.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-10-10 17:07:44 +02:00
christophe croullebois
35b7162adf Bug 7351 : feature that allows to delete a range of dates
Four new options, one for single holidays, one for the repeatable holidays.
One to create exceptions on a range of dates, one to delete exceptions in a range of dates.
Note that the exceptions are not deleted if you delete a range of repeatable dates.
But if you delete a range of single holidays the exeptions inside will be deleted.

Signed-off-by: Stephane Delaye <stephane.delaye@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-09-28 12:19:45 +02:00
Jared Camins-Esakov
65c0174e63 Bug 2060 follow-up: add support for UNIMARCAUTH
The staged MARC management script was not correctly informing
the decoder ring that we had UNIMARC authorities, and the decoder
ring was dutifully trying to turn the authority records into a
bibliographic box of cereal.
2012-09-19 17:16:23 +02:00
Jared Camins-Esakov
7ad5e203da Bug 2060: Update command line MARC import scripts
Expose authority import functionality to the command line import
scripts, and rename them from commit_biblios_file.pl and
stage_biblios_file.pl to commit_file.pl and stage_file.pl.

To test (note that these instructions assume you have a MARC21
installation and are using the provided sample file):
1. Find a file of authorities (a sample file with MARC21 authorities
   is attached to bug 7475) and download it to your server
2. Stage the file using the following command (replace <filename> with
   the name of the file you saved in step 1):
   > misc/stage_file.pl --file <filename> --authorities
3. Note the batch number the script assigns to your batch
4. Commit the records using the following command (replace <batchnumber>
   with the batch number you made note of in step 3):
   > misc/commit_file.pl --batch-number <batchnumber>
5. Index the authorities Zebraqueue (or wait)
6. Confirm that the new authorities appear.
7. Create a matching rule with the following settings:
   Code: AUTHTEST
   Description: Personal name main entry
   Match threshold: 999
   Record type: Authority record
   Search index: Heading-main
   Score: 1000
   Tag: 100
   Subfields: a
   Offset: 0
   Length: 0
   (note the ID of this matching rule)
8. Stage the authority file again, this time using the following
   command:
   > misc/stage_file.pl --file <filename> --authorities \
     --match <matchingrule>
7. Revert the import with the following command:
   > misc/commit_file.pl --batch-number <batchnumber> --revert
8. Index the authorities Zebraqueue (or wait)
9. Confirm that the records have been removed
10. Import an authority record with the Stage MARC/Manage staged MARC
    tools in exactly the way you would for a bibliographic record,
    but choose "Authority" instead of "Bibliographic" for the record
    type.

Signed-off-by: Elliott Davis <elliott@bywatersolutions.com>

Testing plan delivers as it should.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on latest master 11 September 2012
2012-09-19 17:16:18 +02:00
Jared Camins-Esakov
6e71b80ca3 Bug 7475: Teach matching rules to handle authorities
* Add the code necessary to handle authorities with matching rules and
  import batches.
* Update all the scripts that use the matcher and import batch code
  to use the new API.
* Add authority records to the matching rules interface in the staff
  client.

http://bugs.koha-community.org/show_bug.cgi?id=2060
Signed-off-by: Elliott Davis <elliott@bywatersolutions.com>

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on latest master 11 September 2012
2012-09-19 17:15:56 +02:00
Jonathan Druart
0f3f61e756 Bug 7986: Export issues for patron
In the circulation page, you can now export (as csv or iso2709) a list
of items which are currently checked out by a borrower.

3 export types:
- iso2709 with items: Export the items list in iso2709 format with item
  informations.
- iso2709 without items: Export the items list in iso2709 format without
  item informations.
- CSV: Export the items list based on a csv profil.

2 new system preferences:
- DontExportFields: a list of fields not to be export
- CsvProfileForExport: The Csv profile name used for the csv export

Test plan:
- Fill the CsvProfileForExport syspref
- go on the borrower circulation page containing checkouts
- Select one or more items and export them to the 3 different formats.
- check if the result file is what you expected

- Test there is no regression with the export authority
- Test there is no regression using tools/export.pl with the command
  line interface

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-09-13 17:58:30 +02:00
Paul Poulain
913aba1a66 Merge remote-tracking branch 'origin/new/bug_8268' 2012-08-28 18:03:34 +02:00
Jared Camins-Esakov
20ad69646f Bug 8268: improve error checking
Valid download attempts were being denied thanks to an incorrect
regular expression. This patch fixes that, and makes it easier to
understand what's going on in the code.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-28 18:02:46 +02:00
Julian Maurice
322a9c7fbb Bug 5600: very tiny follow-up to pass perlcritic
open was called with 2 arguments instead of 3

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-03 17:02:35 +02:00
Julian Maurice
c5e6fb7227 Bug 5600 follow-up: Fix commandline check in order to work under Plack
With plackup, @ARGV can contains elements so we can't check the size of
@ARGV to tell whether we are in command line mode or not.
Instead we check environment variable GATEWAY_INTERFACE.

Also fix the use of a global variable in a subroutine

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-03 16:57:14 +02:00
Julian Maurice
4dea59847a Bug 5600: Command line interface for tools/export.pl
export.pl [--format=format] [--date=date] [--dont_export_items]
  [--deleted_barcodes] [--clean] --filename=outputfile

    * format is either 'xml' or 'marc' (default)
    * date should be entered as the 'dateformat' syspref is set
      (dd/mm/yyyy for metric, yyyy-mm-dd for iso, mm/dd/yyyy for us)
    * records exported are the ones that have been modified since 'date'
    * if --deleted_barcodes is used, a list of barcodes of items deleted
      since 'date' is produced (or from all deleted items if no date is
      specified)
    * --clean removes NSE/NSB

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-03 16:57:08 +02:00
Paul Poulain
949fcd04ba Merge remote-tracking branch 'origin/new/bug_8315' 2012-07-13 14:17:59 +02:00
Dobrica Pavlinusic
130e3d9c10 Bug 8315 - remove use C4::* version
This patch touches a lot of code, but basically it removes version
information from use C4::* in our code.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
All script still compiles after the patch (confirmed by pre-applypatch hook)
2012-07-13 14:17:20 +02:00
Jared Camins-Esakov
8affddc52d Bug 8268 follow-up: incorporate QA comments
Fixes the following things:
1. Sanitizes log output to prevent an attacker from using a specially
   crafted POST to add extra lines to the log
2. Simplify a regular expression since "..file" cannot be used to
   escape the current directory
3. Makes sure directories are consistent
4. Correct logic issues in misc/cronjobs/backup.sh

Thanks to Frere Sebastien Marie for catching these issues.

Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-07-12 17:40:22 +02:00
Jared Camins-Esakov
bbcb1d784b Bug 8268: Add database dump to export tool
This patch builds on work by Lars Wirzenius for the Koha packages.

To date, the only way for a Koha librarian to obtain a complete backup
of their system has been to log into the system via SSH (or FTP) to
download the mysqldump file. This patch makes it possible for
superlibrarians in properly configured systems to download night backups
via the staff client's Export tool.

Recognizing that this is functionality with potentially very grave
security implications, system administrators must manually enable these
features in the koha-conf.xml configuration file.

The following configuration settings have been added to the koha-conf.xml
file:
* backupdir => directory where backups should be stored.
* backup_db_via_tools => whether to allow superlibrarians to download
  database backups via the Export tool. The default is disabled, and
  there is no way -- by design -- to enable this option without manually
  editing koha-conf.xml.
* backup_conf_via_tools => whether to allow superlibrarians to download
  configuration backups via the Export tool (this may be applicable to
  packages only). The default is disabled, and there is no way -- by
  design -- to enable this option without manually editing koha-conf.xml.

This commit modifies the following scripts to make use of the new
backupdir configuration option:
* koha-dump and koha-run-backups in the Debian packages
* The sample backup script misc/cronjobs/backup.sh

Note that for security reasons, superlibrarians will not be allowed
to download files that are not owned by the web server's effective user.
This imposes a de facto dependency on ITK (for Apache) or running the
web server as the Koha user (as is done with Plack).

To test:
1. Apply patch.
2. Go to export page as a superlibrarian. Notice that no additional
   export options appear because they have not been enabled.
3. Add <backupdir>$KOHADEV/var/spool</backup> to the <config> section
   of your koha-conf.xml (note that you will need to adjust that so that
   it is pointing at a logical directory).
4. Create the aforementioned directory.
5. Go to export page as a superlibrarian. Notice that no additional
   export options appear because they have not been enabled.
6. Add <backup_db_via_tools>1</backup_db_via_tools> to the <config>
   section of your koha-conf.xml
7. Go to the export page as a superlibrarian. Notice the new tab.
8. Go to the export page as a non-superlibrarian. Notice there is no
   new tab.
9. Run: mysqldump -u koha -p koha | gzip > $BACKUPDIR/backup.sql.gz
   (substituting appropriate user, password, and database name)
10. Go to the export page as a superlibrarian, and look at the "Export
    database" tab. If you are running the web server as your Koha user,
    and ran the above command as your Koha user, you should now see the
    file listed as an option for download.
11. If you *did* see the file listed, change the ownership to something
    else: sudo chown root:root $BACKUPDIR/backup.sql.gz
11a. Confirm that you no longer see the file listed when you look at the
     "Export database" tab.
12. Change the ownership on the file to your web server (or Koha) user:
    sudo chown www-data:www-data backup.sql.gz
13. Go to the export page as a superlibrarian, and look at the "Export
    database" tab. You should now see backup.sql.gz listed.
14. Choose to download backup.sql.gz
15. Confirm that the downloaded file is what you were expecting.

If you are interested, you can repeat the above steps but replace
<backup_db_via_tools> with <backup_conf_via_tools>, and instead of
creating an sql file, create a tar file.

To test packaging: run koha-dump, confirm that it still creates a
usable backup.

------

This signoff contains two changes:

10-1. If no backup/conf files were present, then the message telling you
so doesn't appear and the download button does. Made them behave
correctly.
10-2. The test for a file existing required it to be owned by the
webserver UID. This change makes it so it only has to be readable.

Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
2012-07-12 17:40:21 +02:00
f380a6c804 Bug 7848 - Issues data missing from circulation notices
For the CHECKIN and CHECKOUT notices, any data that is issue specific
does not show. For example, date due.

For CHECKOUT, this is caused not passing in the issues table as part
of the 'table' hash used by C4::Letters::GetPreparedLetter.

For CHECKIN notices, we need the old_issues table instead, as the item
has already been returned.

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
passes tests, correct information shows in notices.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-07-10 13:50:10 +02:00
Paul Poulain
74f6e97396 Bug 8202 follow-up UNIMARC authority support
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-07-04 16:21:07 +02:00
Jared Camins-Esakov
986b887159 Bug 8202: Add authority export to tools/export.pl
Adds a separate tab on tools/export.pl for exporting authority records.

To test:
1. Try exporting authority records from the "Export data" tool

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tried different exports and everything worked nicely:
- removing fields from export (example: 942)
- limiting to one authority type
- changing the given file name
- exporting as MARC or XML
2012-07-04 16:21:06 +02:00
Dobrica Pavlinusic
622967b323 Bug 7961 - Local cover images should support CSV link files
Corrent code doesn't have support for filenames which contain spaces
or commans which breaks CSV files saved from spreadsheet similar to:

  12345, "conver image, with spaces.jpg"

This patch tweaks file parsing a bit. We are always splitting line to
only two values (to support commas as part of filename) and removing
spaces only on beginning and end of filename (to cover space after
comma in CSV example above while preserving spaces in filename).

With this change only invalid character in picture filename left
are quotes (") which are commonly used to quote strings with spaces.

Covers added will be logged in action_log, using CATALOGUING / MODIFY
action (which is shown as "Catalog" in tools > Log viewer)

Test scenario:

1. collect pictures with spaces and commas in name
2. dump file list into CSV file and add biblio number as first column
   (name of file is idlink.txt or datalink.txt)
3. create zip with CSV file and pictures
4. verify that all pictures got uploaded and linked to biblio records
5. verify that modification log includes cover image name

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-20 09:42:25 +02:00
Chris Nighswonger
f328a32402 Bug 7977: Fixing a bug which results in quote fields being incorrectly offset when saving uploaded quotes
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
2012-05-24 14:15:05 +02:00
Chris Nighswonger
5c6129687b Bug 7977: Removing unused code from quotes_ajax.pl
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
2012-05-24 14:14:59 +02:00
Chris Nighswonger
d78641e7c0 Bug 7977: Followup patch addressing items pointed out by Jonathan Druart
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
2012-05-24 14:14:53 +02:00
Chris Nighswonger
12cb095bac Bug 7977: QOTD uploader to enable uploading csv files containing quotes
This series will add a DataTable's based upload/editor with which
to upload csv files containing quotes to be used by the QOTD
feature.

The file should be formatted thusly:

"source","text-of-quote"
"source","text-of-quote"
...

Note: This work serves as a good example of potential improvements
in all other "editor" and file upload areas of Koha.

This patch is a squash of the following work:

--Adding code to parse CSV file contents and push it into a DataTable
--Adding in jEditable to enable table editing
--Adding ajax to post data back to the server to be saved
--Fixing edit and adding delete functionality
--Adding some missing css as well as server feedback on save
--Fixing a bug which limited the number of quotes which could be uploaded
--Also fixing a minor bug with fnCSVToArray and doing some style cleanup.
--Adding sanity checks to verify file type and size
--Implements YUI button widget/toolbar
--Improved handling of hiding uploader UI
--Adds row selectability
--Adds multi-delete capability
--Adds YUI button/toolbar widget
--Fixing capitalization in quote uploader
--Implements improvments suggested by jcamins and oleonard

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
2012-05-24 14:14:09 +02:00
Chris Nighswonger
eb7e930eea Bug 7977: Quote-of-the-day (QOTD) Feature for OPAC
This feature will add the option of displaying a select quote
for the day on the OPAC homepage. It will include the addition
of a QOTD editor in the tools section of the staff interface
which will allow the addition, editing, and deletion of quotes.
A single system preference will enable/disable the display of
the QOTD on the OPAC homepage. A new granular permission will
also be added to conrol user access to the QOTD editor tool.

Possible extentions to this would be code to allow alternate
quote selection algorithms to be added to vary how the currently
displayed quote is selected from the table of quotes.

This patch is a squash of the following work:

--Adding quotes table to kohastructure.sql and updatedatabase.pl

Note: This patch is intended for a MySQL based installation only.
That means that it includes backticks because that is what is required
at this point in history to install Koha correctly on a MySQL based
installation.

Feel free to port this over to the Pg stuff in the data/Pg directory.

--Adding system preference to control display of QOTD on OPAC main page
--Adding sample quote data

These quotes are taken from various US presidents. I'm not sure these
are applicable to the rest of the world, so I'm leaving it to translators
and others to add sample quote data for other languages.

--Adding edit_quotes user permissions
--Squash with other db related patches in this series
--Adding quotes editor pages to tools
--Adding QOTD editor link to tools homepage
--Integration of DataTables into QOTD Editor
--Impleminting jEditable into the quote editor
--Adding delete and add option to editor
--Fixing OPAC display so the QOTD div does not show if no quote is returned
--Also removing useless code from tools/quotes.pl
--Adding spans around QOTD foo in opac-main.tt
--Also fixing quote selection logic to accomodate the possibility of
    a single quote in the db a litte better.
--Changing timestamp column header to a more user-friendly 'Last Displayed'
--Fixing bug in quote selection logic. This bug caused a situation where
    when the table had only a single quote with an id greater than 1 in it,
    no quote would be selected.
--Fixing up sorting in the quote editor table. --jcamins
--Adding span element to quote separator --jcamins
--Overriding the default empty table message supplied by datatables-strings.inc
--Adds missing page heading
--Adds beginning of click-for-help elements.
--Refactors delete functionality to allow selecting of quotes to delete,
    enabling multi-delete.
--Refactors saving added quote functionality so that striking <Enter>
    saves the new quote.
--Refactors canceling aded quote functionality so that striking <Esc>
    cancels the new quote.
--Removing debug console.log statements
--Implementng the YUI button widget/toolbar used on other pages.
--Adds a 5px radius to all YUI buttons to bring them into
    conformity with the general trend toward rounded corners
--Fixes capitalization in quote editor
--Implements improvements suggested by jcamins and oleonard
--Adds DataTables Plugin dataTables.fnReloadAjax.js

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
2012-05-24 14:14:05 +02:00
Jonathan Druart
b35d34e2ae Bug 5742: Followup: sort* fields can to be filled with an input text
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-05-15 17:45:12 +02:00