To recreate:
/cgi-bin/koha/patroncards/edit-template.pl?op=edit&element_id=23%20and%201%3d2+union+all+select+1,user(),@@version+--%20
Look at the Profile dropdown list.
To fix this problem and to make sure it does not appears anywhere else
in the label and patroncards modules, I have refactored the way the
queries are built in C4::Creators::Lib
Now all of the subroutine takes a hashref in parameters with a 'fields'
and 'filters' parameters.
From these 2 parameters the new internal subroutine _build_query will
build the query and use placeholders.
Test plan:
1/ Make sure you do not recreate the vulnerability with this patch
applied.
2/ With decent data in the labels and patroncards modules, compare all
the different view (undef the New and Manage button groups) with and
without this patch applied.
=> You should not see any differences.
This vulnerability has been reported by MDSec.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the page title and breadcrumbs more consistent.
It does so by removing some text (Manage...) and using Edit (id) and Create
on building both the breadcrumbs and titles.
To test:
- Traverse all the Label creator options
=> FAIL: the texts are not consistent and don't match what we use in the patron card creator.
- Apply the patch
=> SUCCESS: Terminology is consistent, titles and breadcrumbs show the same information
- Sign off :-D
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Note: It would be good to adopt these same changes in the Patron Card creator for consistency and push
them in conjunction with these changes. -Chris_n
Reasoning
Librarians will be doing label things in the following frequencies, from most frequent to least frequent:
1. Creating new label batches - every day/every few days
2. Managing existing label batches - every day/every few days
3. Managing existing label layouts - as needed, infrequent
5. Managing existing label templates - as needed, infrequent
6. Creating new label layouts - as needed, infrequent
7. Creating new label templates - as needed, infrequent
8. Managing existing printer profiles - possibly once only!
9. Creating new printer profiles - possibly once only!
This change to the label creator aims to make the most frequently used items easily accessible at the top of the main area,
reduces clutter on the page, and makes the label creator fall in line with UI paradigms found elsewhere in Koha.
To test:
Open the label creator: More -> Tools -> Label creator
Note that the toolbar has changed. It should be consistent across all of the label creator (it is an include).
+ New menu:
Label batch
1. make sure it looks ok - toolbar buttons are consistent at the top of the main block.
2. add items both by barcode, and by search (note this patch does not touch the pop up window. Another day.)
3. note that the usual buttons have moved below the textarea, and now have icons.
4. delete and export single items using the buttons corresponding to each item
5. select multiple and use the buttons above the table to remove and export selected items
6. export a full batch
7. deduplicate a batch
There should be no regressions in functionality.
Layout
1. This menu item should take you directly to the "Edit layout" screen.
2. no functional changes here.
3. note toolbar at top is consistent
Label template
1. this menu item should take you directly to the "Edit label template" page.
2. no functional changes here.
3. note toolbar at top is consistent.
Printer profile
1. this menu item should take you directly to the "Edit printer profile" page.
2. no functional changes here.
3. note toolbar at top is consistent.
+ Manage menu:
Label batches
1. This menu item should take you directly to the "currently available batches" page.
2. select a batch to edit using the buttons
3. select a batch to delete using the buttons - it should ask for confirm.
4. select several batches using the tickboxes, and select Export selected. Batches should be exported as normal.
5. note toolbar at top is consistent.
Layouts
1. This menu item should take you directly to the "currently available layouts" page.
2. select a layout to edit using the buttons
3. select a layout to delete using the buttons
4. note toolbar at top is consistent.
Label templates
1. This menu item should take you directly to the "currently available templates" page.
2. select a template to edit using the buttons
3. select a template to delete using the buttons
4. note toolbar at top is consistent.
Printer profiles
1. This menu item should take you directly to the "currently available profiles" page.
2. select a profile to edit using the buttons
3. select a profile to delete using the buttons
4. note toolbar at top is consistent
+ General
* note that sidebar now only has "labels home" instead of the full "manage" list. It seemed redundant with the toolbar tidied up.
Please note that I am happy to take suggestions/amendments to these changes.
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://bugs.koha-community.org/show_bug.cgi?id=9987
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch makes those strings translatable.
Title now depends on element, all on TT file,
removed from pl file
To test:
1. Apply the patch
2. Go to Tools > Label creator
3. Clic on Manage layouts, templates, profilesor batches,
title of currently available must show with fixed
capitalization
4. Update translation languages and check new entries
msgid "Currently available batches"
msgid "Currently available layouts"
msgid "Currently available profiles"
msgid "Currently available templates
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.
This patch changes the occurences of '.tmpl' in favour of '.tt'.
To test:
- Apply the patch
- Install koha, and verify that every page can be accesed
Regards
To+
P.S. a followup will remove the glue code.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This routine is not in used and does not make sense. It should not be
used later.
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Passes koha-qa.pl, not references to get_branch_code_from_name found.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch touches a lot of code, but basically it removes version
information from use C4::* in our code.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
All script still compiles after the patch (confirmed by pre-applypatch hook)
In the 5 places in the label editor, the user's current branch is determined by taking
the LoginBranchname and doing a reverse look up for the branchcode. This is an unnecessary
query, since C4::Context->userenv has the immediate access to the branchcode; this is how
it's summoned in all other points in the Koha code.
This addresses bug 6673 because, since the move to T:T, the call in tools/manage-marc-import.pl
has used in correct syntax: $template->param('LoginBranchname') instead of $template->{VARS}->param('LoginBranchname')
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
- Manage Batch had no branch set
- New Batch had no branch set
- Add link on item result list was broken, missing the batchid
To test:
Create a new batch and add items one by one. Look at 'Manage batches'.
Check that the branch in the top right corner is always correctly shown and set.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
As discussed with Chris Nighswonger on #koha, this patch
removes the calls to syslog and replaces them with warns
so that error messages generated by the labels code
are sent to the Apache error log. This avoids splitting
this sort of logging across multiple files and is consistent
with current practice in most of the rest of Koha.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>