Commit graph

368 commits

Author SHA1 Message Date
Galen Charlton
08fe85950a Bug 10951: (follow-up) use Koha.Preference() template function
This patch uses the TT helper function Koha.Preference() to
retrieve the value of NoLoginInstructions rather than passing
it to all templates as a template variable.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-04-19 16:53:26 +00:00
blou
c67b397236 Bug 10951 - Adding NoLoginInstructions to system preferences
On a failed login, the default message is harcorded into opac-auth.tt.

     It would be preferable to allow for a preference to override that message (for example: ...Please bring an ID to t
     The changes modify
         -opac-auth.tt to allow for custom value
         -admin/preferences/opac.pref to add it to the preferences with a description
         -C4/Auth.pm for the loading of the preference
         -sysprefs.sql
         -updatedatabase.pl

     TESTING
         1) in OPAC, logged out, try login in by entering no or wrong credentials.  Acknowledge the "Don't have a p
         2) Apply the patch
         3) Regression Test: Redo step 1.  Same (default) message should appear.
         4) Log in to intranet,
             - select NoLoginInstructions in system preferences.
             - Enter new (xml) message.  Possible:
             <h5>Welcome to Koha, please bring your passport to the front office</h5>
            - and save
         5) refresh the OPAC, try login again with invalid credentials.  The new message should appear.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
2014-04-19 16:26:50 +00:00
Galen Charlton
914515202d Bug 10952: (follow-up) clear seach history from session after saving it to DB
This patch makes sure that the search history from an
anonymous session is cleared from the session after a user
logs in (and the session history is saved to that user's
record in the database).  This fixes a problem where the
search history from the session got repeatedly added to the
database each time the user did something while logged
into the OPAC.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:49:01 +00:00
Julian Maurice
939d68ea7b Bug 10952: (follow-up) Always flush session after deletion
This is recommended in CGI::Session documentation.

Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:21:45 +00:00
Julian Maurice
bbf7cd6876 Bug 10952: (follow-up) comments fixes and unit tests
- Remove unit tests for ParseSearchHistoryCookie, which doesn't exist
  anymore
- Add unit tests for ParseSearchHistorySession and
  SetSearchHistorySession
- Remove/Modify comments about search history cookie

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Tests fixed and moved, and comments tidied up

Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:21:18 +00:00
Julian Maurice
d07df7d512 Bug 10952: Store anonymous search history in session
Storing search history into cookie can cause problems, due to the size
limitation of 4KB.

The solution here is to store search history into the CGI::Session
object, so there is no size limitation (but anonymous search history
still remember up to 15 requests max.)

Test plan:
- Go to OPAC in anonymous mode.
- Check that the "Search history" link is *not* shown in the top right
  corner of the page
- Make some searches on /cgi-bin/koha/opac-search.pl
- The "Search history" link should appear. Click.
- Your search history should be displayed.
- Try to log in with invalid username/password
- Go back to search history, it's still there
- Now log in with valid username/password
- Your anonymous search history should be saved into your own search
  history.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Restoring original sign offs and comments below

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. No koha-qa errors

Well, search history saving is similar before and after patch.
i.e. anonmymous search is saved when user logs in, but cookie
KohaOpacRecentSearches is empty.
Shows current an previous session searches

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
All tests and QA script pass, works as described.

Signed-off-by: Charlene Criton <charlene.criton@univ-lyon2.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-10 16:20:16 +00:00
Srdjan
a0b00e4c8b Bug 11077: Correct more warnings in C4/Auth.pm
This gets rid of some more warnings.

It also corrects a noisy ne condition.
    $userid = $retuserid if ( $retuserid ne '');
became
    $userid = $retuserid if ( $retuserid );

It also integrates Srdjan Jankovic's patch with Petter Goksoyrsen's
patch, while correcting the problems found.

This includes:
    my $q_userid = $query->param('userid') // '';
along with:
    my $s_userid = '';
and:
    my $s_userid = $session->param('id') // '';
Indentation does not reflect actual scoping.

A missing system preference would have triggered a ubiquitous
undef compare check failure message. This makes the flooding
message more useful, so as to help correct it.
The change to accomplish this was:
        my $pki_field = C4::Context->preference('AllowPKIAuth');
        if (!defined($pki_field)) {
            print STDERR "Error: Missing AllowPKIAuth System Preference!\n";
            $pki_field = 'None';
        }

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-05 15:17:33 +00:00
ce5ab3b314 Bug 11077: remove uninitialized value $pki_field warning
During login at the Staff interface you get warnings in the logs
regarding an uninitialized value for the $pki_field variable.

To test:
- tail -f /path/to/your-intranet-logs
- Point your browser to your staff login page
- Login
- Three warnings are showed
- Apply the patch
- Log out
- Log in
- No new warnings, and you can still log in.

Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Petter Goksoyr Asen <boutrosboutrosboutros@gmail.com>

Followed test plan; it works as advertised.
Also works when I deleted AllowPKIAuth system pref.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-12-05 15:15:07 +00:00
Jonathan Druart
de5d977c49 Bug 11132: don't clear the results list upon adding a biblio to a list
A "busc" param is cleared if the template name is not opac-.*detail.tt.
So if a user adds a biblio to a list, he cannot continue to browse
results.

Test plan:
- launch a search at the OPAC (opac-search.pl).
- click on a result and browse results (using previous/next links).
- a title attract your attention and you add it to a list
  ("Save to yours lists" link on the right).
- save the list.
- browse again results.

Signed-off-by: Joy Nelson <joy@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested according to test plan, also checked some other pages and actions
accessible from the detail page.
Passes all tests and QA script.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-11-01 00:39:30 +00:00
Jonathan Druart
d2052311cb Bug 8435: add permission to enable editing other library's serials if IndependantBranches is on
In the serial module, we want to hide serials from others libraries.
However, to permit central serials manage, this patch introduces a
new permission, 'superserials'. If a staff member has this permission,
that person can override the restriction.

Test plan:
- Switch on the IndependantBranches syspref
- Add the permission 'superserials' for a patron and test you can
  navigate and see all serials
- Remove this permission and test you cannot manage/view subscriptions
  from others libraries

Signed-off-by: Frederic Durand <frederic.durand@unilim.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-31 15:27:19 +00:00
Galen Charlton
0f5dc609e0 Bug 10309: (follow-up) restore setting some OPAC template variables in C4::Auth
These variables still need to be exported to the template by default for
the 'prog' OPAC template to work correctly.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-15 15:27:59 +00:00
eb92d94be1 Bug 10309 - New OPAC theme based on Bootstrap
The goal of this theme is to provide a fully-responsive OPAC which
offers a high level of functionality across multiple devices with varied
viewport sizes. Its style is based on the CCSR theme, with elements of
the Bootstrap framework providing default styling of buttons, menus,
modals, etc.

The Bootstrap grid is used everywhere, but Bootstrap's default
responsive breakpoints have been expanded to allow for better
flexibility for our needs.

All non-translation-depended files are in the root directory of this new
theme:

css, images, itemtypeimg, js, less, and lib. Languages.pm has been
modified to ignore the new directories when parsing the theme language
directories.

This theme introduces the use of LESS (http://lesscss.org/) to build
CSS. Three LESS files can be found in the "less" directory: mixins.less,
opac.less, and responsive.less. These three files are compiled into one
CSS file for production: opac.css. "Base" theme styles are found in
opac.less. A few "mixins" (http://lesscss.org/#-mixins) are found in
mixins.less. Any CSS which is conditional on specific media queries is
found in responsive.less.

At the template level some general sturctural changes have been made.
For the most part JavaScript is now at the end of each template as is
recommended for performance reasons. JavaScript formerly in
doc-head-close.inc is now in opac-bottom.inc.

In order to be able to maintain this structure and accommodate
page-specific scripts at the same time the use of BLOCK and PROCESS are
added. By default opac-bottom.inc will PROCESS a "jsinclude" block:

[% PROCESS jsinclude %]

Each page template in the theme must contain this block, even if it is
empty:

[% BLOCK jsinclude %][% END %]

Pages which require that page-specific JavaScript be inserted can add it
to the jsinclude block and it will appear correctly at the bottom of the
rendered page.

The same is true for page-specific CSS. Each page contains a cssinclude
block:

[% BLOCK cssinclude %][% END %]

...which is processed in doc-head-close.inc:

[% PROCESS cssinclude %]

Using these methods helps us maintain a strict separation of CSS links
and blocks (at the top of each page) and JavaScript (at the bottom). A
few exceptions are made for some JavaScript which must be processed
sooner: respond.js (https://github.com/scottjehl/Respond, conditionally
applied to Internet Explorer versions < 9 to allow for layout
responsiveness), the _() function required for JS translatability, and
Modernizr (http://modernizr.com/, a script which detects browser
features and allows us to conditionally load JavaScript based on
available features--or lack thereof).

Another new JavaScript dependency in this theme is enquire.js
(http://wicky.nillia.ms/enquire.js/), which lets us trigger JavaScript
events based on viewport size.

I have made an effort to re-indent the templates in a sane way,
eliminating trailing spaces and tabs. However, I have not wrapped lines
at a specific line length. In order to improve template legibility I
have also tried to insert comments indicating the origin of closing tags
like <div> or template directives like [% END %]:

</div> <!-- / .container-fluid -->

[% END # / IF ( OpacBrowseResults && busc ) %]

TESTING

Proper testing of this theme is no easy task: Every template has been
touched. Each page should work reasonable well at a variety of screen
dimensions. Pages should be tested under many conditions which are
controlled by toggling OPAC system preferences on and off. A variety of
devices, platforms, and browsers should be tested.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-14 23:13:05 +00:00
Galen Charlton
547c6d2949 Bug 9611: (follow-up) move new password hashing routines to separate module
The move avoids a problem where many modules would gain
a dependency on C4::Auth just because C4::Members needs access
to hash_password().

This patch also adds a couple unit tests for the new password
hashing code.

To test:

[1] Verify that there are no regressions on the test plan for bug
    9611.
[2] Verify that t/AuthUtils.t and t/db_dependent/Auth.t pass.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-09 03:29:22 +00:00
4cb139b9ce Bug 9735 - Build the cookie array correctly
The current implementation didn't build the cookie array correctly,
yielding login problems in some scenarios.

Sponsored-by: Universidad Nacional de Córdoba

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-04 03:26:56 +00:00
3b7c6932e5 Bug 9735 - Let the language be selected through URL parameters
Passing language=<valid_language_code> as a parameter in any Koha's URL
can be used to set the desired language.
This patch touches
 - C4::Templates
 - C4::Auth

Adds a new method getlanguagecookie that does exactly that, for use in
get_template_and_user.
Also modifies getlanguage so it checks (a) if there's a 'language'
parameter in the CGI object and (b) checks if its valid and enabled for
the desired interface.

To test:
* Without the patch
  - access any koha page
  - add ?language=code to the end of the URL (change code for a valid language code
    it needs to be installed using perl translate install code, and enabled either for
    the staff or opac interface, depending where are you testing)
  - Nothing happens with the language parameter
* With the patch
  - access any koha page
  - add ?language=code (the same as before) and hit enter
  - the language should be changed to the one you chose
  - if you browse through some links, you will see
    koha 'remembers' the language you passed as a parameter
    (i.e. the language cookie has been updated).

Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Brendan <brendan@bywatersolutions.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works very well. No errors.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
More comments on last patch.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-04 03:26:09 +00:00
Galen Charlton
419af5db00 bug 9611: (follow-up) add reference to Crypt::Eksblowfish::Bcrypt in POD
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 23:01:47 +00:00
Bernardo Gonzalez Kriegel
e23e8166f1 Bug 9611: (follow-up) fix POD
Small patch to make koha-qa happy.
Fixes small POD error

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 23:01:46 +00:00
Srdjan
4be177c1ae bug 9611: Extract checkpw_internal() and checkpw_hash() from checkpw()
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 22:22:32 +00:00
Srikanth Dhondi
f2162a86b0 Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt
What this patch aims to accomplish?

 * All new passwords are stored as Bcrypt-hashes
 * For password verification:
     - If the user was created before this patch was applied then use
        MD5 to hash the entered password <-- backwards compatibility
     - If the user was created after this patch was applied then use
       Bcrypt to hash the entered password
 * Any password change made via the staff interface or the OPAC will
   be automatically Bcrypt-hashed; this applies to old users whose
   passwords were stored as MD5 hashes previously

Test plan:
  1) Add new users and check whether their passwords are stored as
     Bcrypt hashes or not.
  2) To test that authentication works for both old as well as new
     users:
       a) Login as an existing user whose password is stored as a
          MD5 hash
       b) Login as an existing user whose password is stored as a
          Bcrypt hash
  3) In the staff interface, change the password of an existing user
     whose password is stored as an MD5 hash
	a) Check the new password is stored as a Bcrypt-hash in the database
	b) Try to login with the new password
  4) In the OPAC, verify that
    a) Old user with old pass can change password, new format
    b) New user with new pass can change password
    c) Old and new user with self-updated pass can login

Whitespace cleanup was contributed by  Bernardo Gonzalez Kriegel.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 22:22:32 +00:00
Galen Charlton
961617765e do some validation of the KohaOpacRecentSearches cookie
Add validation of the value of the KohaOpacRecentSearches.  In
particular, this patch avoids the generation of an internal server
error when the OPAC is presented with an old cookie that uses the
old Storable-based serialization.

This patch also moves parsing of the cookie value into a
new routine in C4::Auth, ParseSearchHistoryCookie, and adds
a test case.

To test (in conjunction with the previous patch):

Exercise the OPAC search history functionality, after
turning on the EnableOpacSearchHistory syspref:

- As an anonymous user, conduct a variety of searches,
  including ones that include non-ASCII characters
- Check the search history and verify that all searches
  are listed
- Apply this patch and the previous one.
- Do *not* clear the KohaOpacRecentSearches cookie
- Check the search history and verify that no searches
  are listed any more
- As an anonymous user, conduct a variety of searches,
  including ones that include non-ASCII characters
- Check the search history and verify that all searches
  are listed
- Log into the OPAC
- Verify that current and past searches are listed in
  search history.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-28 02:52:13 +00:00
Galen Charlton
488a3d6fed use JSON rather than Storable for the OPAC search history cookie
To test:

Exercise the OPAC search history functionality, after
turning on the EnableOpacSearchHistory syspref:

- Clear the KohaOpacRecentSearches cookie
- As an anonymous user, conduct a variety of searches,
  including ones that include non-ASCII characters
- Check the search history and verified that all searches
  are listed
- Log into the OPAC
- Verify that current and past searches are listed in
  search history.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-28 01:52:06 +00:00
04dd98fa84 Bug 10552: make several sysprefs available to the OPAC login page
Several system preference variables are unavailable to the OPAC login
template because they are not explicitly enabled for that page. Instead
of adding them to Auth.pm using the old method this patch uses the new
system preference check syntax using the Koha TT plugin.

The following preferences are now checked using this syntax in
masthead.inc:

OpacAddMastheadLibraryPulldown
UseCourseReserves
reviewson
OpacShowRecentComments

In order for the call in masthead.inc to the new plugin to work on all
OPAC pages "[% USE Koha %]" must be added to any template which
includes it (most of them).

Also in this patch: A change to Auth.pm to enable correct display of the
LibraryName in the title of the OPAC login page.

To test, turn on the above system preferences and confirm that the
relevant links appear under the OPAC's main search bar on all pages
including the login page.

Confirm that the text specified in the LibraryName system preference is
shown as the title of the login page.

Confirm that course reserves and comments are displayed correctly on the
biblio detail page.

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I checked both prog and ccsr - all seems well and the links are appearing and disappearing in accordance with the appropriate sysprefs.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-22 14:54:15 +00:00
651f810f68 Bug 10553: make public lists available on OPAC login page
If you are not logged in to the OPAC, looking at the login page, and you
click the Lists button to see public lists it says there are none. This
patch corrects Auth.pm so that it loads the list of public lists in this
situation.

To test you must have at least one public list. Make sure you are logged
out of the OPAC and visit the login page (/cgi-bin/koha/opac-user.pl).
Clicking the "Lists" button should show you a list of public shelves.

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
works as described, and list button is not shown when opacpublic is disabled.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-18 16:29:41 +00:00
Galen Charlton
968f337728 Bug 10515: (follow-up) fix use of GetBranchCategories
Adjusting to reflect the removal of the branchcode parameter
to GetBranchCategories; also filter on the 'searchdomain'
library group type, as appears to have been intended.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-17 18:02:13 +00:00
71b79d5990 Bug 9541: make OPAC login page respect OPAC_CSS_OVERRIDE
When clicking the login link for opac-user.pl in a multiple branch
scenario the environment variable for OPAC_CSS_OVERRIDE was ignored from
the koha-conf.xml file.  It seems like is is working on every page in
the opac except for the login page.

Test Plan:
1) Set up a Koha server with 2 separate catalog configurations
   ( e.g. opac1.kohatest, opac2.kohatest )
2) Set the OPAC_CSS_OVERRIDE directive for separate css files
   in each opac
3) Browse to the opac login page, note the css is not applied
4) Apply this patch
5) Reload the page, note the css is now applied

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-06-18 07:03:51 -07:00
b00ec06968 Bug 10080 - Change system pref IndependantBranches to IndependentBranches
Test Plan:
1) Enable IndependantBranches
2) Apply this patch
3) Run updatedatabase.pl
4) Verify that the system preference still functions correctly

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-05-22 07:58:23 -07:00
be869ab279 Bug 8215 - Course Reserves
Adds a course reserves system for academic libraries.

The course reserves system allows libraries to create courses
and put items on reserves for those courses.

Each item with at least one reserve can have some of its attributes
modified while it is on reserve for at least one active course.
These attributes include item type, collection code, shelving location,
and holding library. If there are no active courses with this item
on reserve, it's attributes will revert to the original attributes
it had before going on reserve.

Test Plan:
  1) Create new authorised value categories DEPARTMENT and TERM
  2) Create a new course, add instructors to that course.
  3) Reserve items for that course, verify item attributes have changed.
  4) Disable course, verify item attributes have reverted.
  5) Enable course again, verify item attributes again.
  6) Delete course, verify item attributes again.
  7) Create two new courses, add the same item(s) to both courses.
  8) Disable one course, verify item attributes have not reverted.
  9) Disable both courses, verify item attributes have reverted.
 10) Enable one course, verify item attributes are again set to the
     new values.
 11) Edit reserve item attributes, verify.
 12) Disable all courses, edit reserve item attributes, verify
     the item itself still has its original attributes, verify
     the reserve item attributes have been updated.
 13) Verify the ability to remove instructors from a course.
 14) Verify new permissions, top level coursereserves, with
     subpermissions add_reserves and delete_reserves.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Corinne Bulac <corinne.hayet@bulac.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

http://bugs.koha-community.org/show_bug.cgi?id=8125
2013-05-21 15:50:55 -07:00
Jonathan Druart
537c664038 Bug 9508: Standardize the dateformat value from C4::Auth
- the dateformat value is send to all templates (from
  C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files

- Remove "all" occurrences (those I found!) of dateformat_*
From now the only way to get the date format is a string comparaison
(dateformat == "metric")

Checked with the command:
  git grep "\(dateformat_us\|dateformat_metric\|dateformat_iso\)" | grep
  -v translator

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tested all the datepickers I could find, looks good.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-05-20 09:05:01 -07:00
Galen Charlton
3536b10acf Revert "Bug 10074 - Encoding problems at login time"
This reverts commit 5805b5f363.

Rolling back bug 6554 work until we have more comprehensive tests.
2013-04-29 15:10:23 -07:00
Galen Charlton
327b6c6ce3 Revert "Bug 10019: Fix for userid containing UTF8 chars"
This reverts commit 7e90e1524f.

Rolling back bug 6554 work until we have more comprehensive tests.
2013-04-29 15:05:22 -07:00
7e90e1524f Bug 10019: Fix for userid containing UTF8 chars
Decodes userid on two places in checkauth of C4/Auth.pm

Test plan:
Include some non-Latin characters in your userid (loginname). Arab, Chinese?
Login into opac and check user page.
Go to staff (no new login), check your login name at various places.
Logout, login via staff.
Do the same.
Go to opac again (no new login), check user page.
Optionally: Remove all your sessions from table. Do a login. Check sessions.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works as described. No errors.
This patch fixes this problem, but I wonder if
there is a general solution that handle all as utf8.
Tested in opac and staff.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-19 23:13:09 -04:00
5805b5f363 Bug 10074 - Encoding problems at login time
Bug 6554 patched output_html_with_http_headers to encode utf8 data, and Templates.pm to expect utf8 data to be encoded.
(At least) the staff login screen outputs directly to STDOUT (Auth.pm does, WHICH IS WRONG!) and wasn't fixed to do the encoding first.

This patch makes it use output_html_with_http_headers and solves the problem.

Changed 'use' for 'require' as jcamins and marcelr suggested.

Regards
To+

Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-19 23:07:01 -04:00
719044f771 Bug 9257 - Add "groups" to normal search pulldown
This patch adds the ability to add groups to the library select
pulldown on the opac, if it is enabled.

Test Plan:
1) Apply patch
2) Run updatedatabase.pl
3) Go to Administration › Libraries and groups
4) Create a new group, or edit an existing one
5) Ensure the 'Show in search pulldown' checkbox is checked
6) Save the group
7) Enable OpacAddMastheadLibraryPulldown if it is not already enabled
8) Load the OPAC, try the group search from the libraries pulldown menu

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Yes! Now this works, and well.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-22 08:20:08 -04:00
Kyle M Hall
5eabc672fd Bug 7804 - Add Koha Plugin System
Adds support for custom plugins. At the moment the Plugins
feature supports two types of plugins, reports and tools.

Plugins are installed by uploading KPZ ( Koha Plugin Zip )
packages. A KPZ file is just a zip file containing the
perl files, template files, and any other files neccessary
to make the plugin work.

Test plan:
1) Apply patch
2) Run updatedatabase.pl
3) Create the directory /var/lib/koha/plugins
4) Add the lines
      <pluginsdir>/var/lib/koha/plugins</pluginsdir>
      <enable_plugins>1</enable_plugins>"
   to your koha-conf.xml file
5) Add the line
       Alias /plugin/ "/var/lib/koha/plugins/"
   to your koha-httpd.conf file
6) Restart your webserver
7) Access the plugins system from the "More" pulldown
8) Upload the example plugin file provided here
9) Try it out!

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-20 14:49:47 -04:00
Bernardo Gonzalez Kriegel
9205e732fb Bug 9827: remove 'insecure' system preference
This patch removes 'insecure' system preference.

Also removes remaining code that make use of
the preference. It's broken anyway.

Only remains a reference in POD of C4/Boolean.pm

To test:
1) If you like, enable 'insecure' syspref. Broken system.
WARN: be prepared to revert value in database.

2) Apply the patch

3) Run updatedatabase.pl

4) Check that Staff login proceeds as usual.

5) Check that 'insecure' syspref is no more.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Amended patch: Remove 2 occurrences of insecure (in comment only)
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-19 21:46:34 -04:00
4dcee58a4d Bug 7440 - Remove NoZebra vestiges
Removed NoZebra vestiges. This comprises several code blocks that depend on the NoZebra syspref and NZ related functions/methods.

C4::Biblio->
 GetNoZebraIndexes
 _DelBiblioNoZebra
 _AddBiblioNoZebra

C4::Search->
 NZgetRecords
 NZanalyse
 NZoperatorAND
 NZoperatorOR
 NZoperatorNOT
 NZorder

C4::Installer->
 set_indexing_engine

Sponsored-by: Universidad Nacional de Córdoba
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-19 21:17:04 -04:00
d03c8443a4 Bug 9587 Follow up to fix the problem Katrin identified
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Solve that problem, but now koha-qa complains about tabs
in C4/Context.pm.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tests done:
1) System preference 'Persona' added correctly.
2) Persona off, normal login still possible
3) Persona on, Persona login works
4) Persona logout works
5) normal login still possible
6) normal logout still possible

Persona is off by default and uses the primary email address
from the patron account.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
8cb1ac85a2 Bug 9587 : Followup removing a commented out warn that was annoying the qa tools
Not introduced by this work but no reason not to clean it

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: no more complains from koha-qa

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
3e8f39015b Bug 9587 : Follow up, fixing tabs in C4/Auth.pm
And translation problem in masthead.inc

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:55 -05:00
493dcede48 Bug 9587 : Mozilla Persona login
Working on Mozilla Persona support (browser id)

    This will let a user log into Koha using browser id, if their email
    address used matches the email address inside Koha.

    Once an assertion is received, we simply need to find the user that
    matches that email address, and create a session for them.

    opac/svc/login handles this part.

    The nice thing about it is, the user doesn't have to do anything, like
    linking their account. As long as the email address they are using to
    identify themselves in browserid is the same as the one in Koha it
    will just work.

    This is covered by a systempreference, to allow people to do it, and
    is of course totally opt in, it works alongside normal Koha (or any
    other method) of login. So only those choosing to use it, need use it

Test Plan

1/ Make sure OPACBaseURL is set correctly
2/ Switch on the Persona syspref
3/ Make a borrower (or edit one) to have the email you plan to use as
the primary email
4/ Click sign in with email, make or use a persona account
5/ Logout
6/ Check you can still login and logout the normal way

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Comment: Works great.
It's not browser dependent, but tested with chrome, firefox, opera and safari.
Old an new login system works.
Minor errors, addresed in follow-up.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-24 10:15:35 -05:00
Jared Camins-Esakov
0db3cccf87 Merge branch 'bug_9102' into 3.12-master 2013-02-01 10:50:27 -05:00
Jonathan Druart
bc5f5f4f01 Bug 9102 : Followup Set HttpOnly on the CGISESSID cookie
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-02-01 10:50:12 -05:00
Jonathan Druart
a469663d7b Bug 9108: Followup: send the dateformat value from C4::Auth
- the dateformat value is send to all templates (from
  C4::Auth::get_template_and_user)
- remove all assignment of dateformat in all .pl files
- the DHTMLcalendar_dateformat variable is unused

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Fixed conflicts:
 - opac/sco/sco-main.pl
 - reports/acquisitions_stats.pl
 - tools/cleanborrowers.pl

All tests pass, perlcritic problems appeared in some files
before and after these patches were applied.

Checked sorting in following pages:
- acqui/addorderiso2709.tt - list of staged imports in acq
- acqui/histsearch.tt - sorting of dates in acq search result list
- acqui/invoices.tt - billing date in list of invoices in acq
- acqui/lateorders.tt - list of late orders in acq
- acqui/ordered.tt - ordered titles and estimated costs for a fund
- acqui/parcels.tt - receive shipment page
- acqui/spent.tt - received titles and actual costs for a fund
...
- serials-search.tt - subscription search result list
...
- opac/sco/sco-main.tt - due dates in list of checked out items
- reports/acquisitions-stats.tt - date searches, display of dates
- tools/cleanborrowers.tt
- tools.holidays.tt - different views of dates library is closed,
  adding dates

Checked dates display according to system preference everywhere and
searching, entering dates etc. still worked as expected.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-17 21:59:30 -05:00
Chris Cormack
a51a78b71c Bug 9102 : Set HttpOnly on the CGISESSID cookie
https://www.owasp.org/index.php/HttpOnly

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>

To test, use curl

Before the patch

% curl -I http://192.168.2.135
HTTP/1.1 200 OK
Date: Sun, 18 Nov 2012 06:56:49 GMT
Server: Apache/2.2.22 (Ubuntu)
Pragma: no-cache
Cache-control: no-cache
Content-script-type: text/javascript
Content-style-type: text/css
Set-Cookie: CGISESSID=19689f6e7d8ec94c25269fecebf2f009; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

After patch

 % curl -I http://192.168.2.135
HTTP/1.1 200 OK
Date: Sun, 18 Nov 2012 07:01:04 GMT
Server: Apache/2.2.22 (Ubuntu)
Pragma: no-cache
Cache-control: no-cache
Content-script-type: text/javascript
Content-style-type: text/css
Set-Cookie: CGISESSID=da25baf03c0bc1e2c512a627028e43e6; path=/; HttpOnly
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-01-04 08:14:01 -05:00
Jared Camins-Esakov
7535f2bfa3 Revert "Bug 7167: New version for updatedatabase"
This reverts commit c9cb55ef47.
2012-12-27 14:02:56 -05:00
Jared Camins-Esakov
72f9f2239f Revert "Bug 7167 follow-up setting DBrevision, before pushing"
This reverts commit 49d6b750cd.
2012-12-27 14:02:55 -05:00
Jared Camins-Esakov
38f8bf4776 Revert "Bug 7167: Set final updatedatabase.pl version"
This reverts commit c34017336c.
2012-12-27 14:02:50 -05:00
Jared Camins-Esakov
c34017336c Bug 7167: Set final updatedatabase.pl version 2012-12-27 11:55:22 -05:00
Paul Poulain
49d6b750cd Bug 7167 follow-up setting DBrevision, before pushing
The 2 files C4/Auth.pm and install.pl *must* have the $version variable
set to what is the last old-mechanism for updatedatabase

This patch set to 3.11.00001 that is the last number when I QA this patch

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
2012-12-27 11:13:58 -05:00
Jonathan Druart
c9cb55ef47 Bug 7167: New version for updatedatabase
This patch use DataTable, see BUG|BZ 6836
      - css/datatables.css
      - lib/jquery/plugins/jquery.dataTables.min.js
      - js/datatables.js

http://bugs.koha-community.org/show_bug.cgi?id=7167

Bug 7167 follow-up

Major changes:
* creating database tables for update on the fly, the  1st time the update script is called
* version is checked on mainpage.pl (and here only). If syspref Version differ from kohaversion.pl, the old updatedatabase is launched. If there are updates missing from new mechanism, the updatedatabase page is reached
* kohaversion check on each page is now useless in Auth.pm, removed dead code
* Updated installer: at the end of the process, retrieve all updates and automatically mark them "OK", as they're included in installer

Minor changes:
* adding copyright
* adding poddoc
* updating a warning, for better clarity
* switching from $$var to $var->
* small TT glitch fixed in updatedatabase.tt
* about.pl now returns the Version systempreference PLUS all the patches that have been applied

Bug 7167 follow-up perlcritic & numbers display & partial apply depending on DEBUG

* add use strict to updatedatabase, that is now perlcritic compliant
* partial apply of DB revs is now managed by DEBUG env variable = if DEBUG=0, the user can just apply every DBrev. If DEBUG=1, we're in a dev env, the user know has the option to apply DBrevs one by one
Display:
* in updatedatabase, small spelling changes
* in about.pl, remove 0 just after . (3.06.01 is displayed as 3.6.1)
* improve the display of applied numbers on about.pl
 - before this patch, if you have N, N+1, N+2, N+3 and N+10 DB rev applied, about was displaying : , N+1 / N+2 / N+3 / N+10
 - after this patch you have N......N+3 / N+10
* add ORDER BY into list_versions_already_knows to have number retrieved in the same order whatever the order they are applied

http://bugs.koha-community.org/show_bug.cgi?id=6679
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Improve the update.pl script

 * Added CLI options to update.pl
 * Call update.pl from the installer.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Now, we check versions on mainpage.pl and after login

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Reimplementing Marcel's suggestions & fixes

 * Fixing the bugguy old version check (that was made against 3.0900000 instead of 3.0900027 -the last current kohaversion number
 * in the CLI script, if there is nothing to report, just say it

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>

Bug 7167: Remove check_coherency

As suggested by Katrin, we've removed the call to check_coherency. It intended to provide readable comments when some SQL was wrong. Removing this sub result in the SQL error being displayed. That's OK because the sysadmin or the developer can google the error, understand it, then fix it.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Changing in .sql parsing

We first split on delimiter and then extract comments. You can now put
\n for delimiter comments.
ex:

DELIMITER ;
-- this is a comment
SELECT * FROM  my_table;
-- another comment

Before this patch, we had to write:
DELIMITER ;
-- this is a comment;
SELECT * FROM  my_table;
-- another comment;

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add .pl and .sql examples

Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)

Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Improve display + factorize get_queries

Despite it's size, this patch is dealing with display questions only:
 * The text "comments" and "queries" was hardcoded in ajax-updatedb-getinfo.pl script. It has been replaced by a JSON call, returning 2 separate values, "comments:" and "queries:" is now in the template, making it translatable
 * Some minor tweak in the display (like putting things in bold, displaying OK in green, warnings in yellow and KO in red)
 * Reordering the column headers for more readability:
    * Status column is merged with availability, column is after status
    * Status/availability terms more clear: "Not applied" instead of "unknown", "Applied and OK", "Applied and failed", "Applied and forced" are the 3 other statuses
    * Removed one click to display comments on DBREv not yet applied: before the patch, one had to click "Show details", then "Get comments", now, "Get comments" is enough

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: FIX typos & moving a script to a proper place

* renamed availables to available
* renamed already_knows to already_applied
* fixed FSF & copyright headers
* removing a "use strict" because we already had use Modern::Perl
* fixed a tiny typo in about.tt

* moving update.pl to misc/bin because it's a CLI script

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add dependency File::Find::Rule

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: We want to execute non-numeric version with the -all option

Dealing with Marcel comment 100:
> Note that the current code around line 52/53 does not
> handle that correctly:
> Argument "\x{74}\x{65}..." isn't numeric in numeric ge (>=) at
> installer/data/mysql/update.pl line 52.

Now, a non-numeric DBRev will be applied if you provide the --all parameter, without throwing the error

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167 reindentation & removing dead code

* The if (! defined $ENV{PERL5LIB}... block was wrongly intented
* The 3 lines running update.pl are useless: the update (new mechanism) is run from admin/updatedatabase.pl script. This part of install.pl is run only when you have "old style" DB revisions.

Summary:
 * old mechanism = it's run as previously, by reaching the installer/install.pl?step=3 page, that applies all revisions
 * new mechanism = when you log-in or reach mainpage.pl, you reach admin/updatedatabase.pl, where you can see what will be run, and run it

Tiny side effect = the check for old mechanism is now done *after* authentification (thus it's not done on each page call). It means that the user will have to enter login/password twice :
 * first to log-in to Koha
 * second to run installer/updatedatabase.pl?step=3
As the old mechanism is deprecated, we can expect this will happend only a few time in the history of a setup, it's not a big deal.

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Don't raise an error in routine TableExists

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: FIX merge

Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167: Add .pl and .sql examples

Those files are in version directory, so will never be executed by the updater
If you want to provide an update, do it in a 3.09/ directory (if your update is expected for 3.10 version)

Note that the updater use a md5sum checker. So, if the same update is in 2 different places, it will be detected. That will be handy for changes made on both stable and master: a library running stable will get the update when updating. When upgrading to the next major release, Koha will detect the patch has already been applied, and no error will be thrown. With the previous mechanism, a DBRev ported to stable was re-executed when upgrading to master, resulting in a nasty (but usually harmless) error message

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>

Bug 7167 follow-up fix POD syntax to please koha-qa.pl
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-27 11:13:54 -05:00