Signed-off-by: Frère Sébastien Marie <semarie-koha@latrappe.fr>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
- verified help pages still work
- verified /cgi-bin/koha/help.pl?url=koha/../catalogue/advsearch.pl does not
show the template file (did work on master, not after applying patch)
- verified cgi-bin/koha/help.pl?url=koha/../../../../../../etc/passwd%00.pl does not work (didn't work on master or after applying patch)
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The potential vulnerability would allow anyone to see the content of any .tt file, and .tt only. Was much less critical than the vulnerability for 6629, but it's worth fixing !
When another language than English is selected in pro interface, the software
strings are in this language, but when clicking ?, on the top right of any
page, the contextual help page which pop-up is always in English.
This patch fixes this bug and another side bug affecting editing contextual
help when not in English. help.pl script were in sync with the recently
patched/improved theme/language/template selection.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Context help now matches the selected template language.
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
edithelp.pl hadn't been updated to allow help screen editing.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Only a note: Apparently you need to be 'superlibrarian' permission
to edit help pages.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Fix help.pl script to deal with Template Toolkit.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This updates help.pl to pass the yuipath variable correctly. It also adds some script references to help-top.inc to avoid other js errors.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
HTML::Template is no more used, some were remaining,
fixing the "use ...;" to H::T::Pro only
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.
On each template, a "HELP" link has been added.
it opens a popup, filled with an help template.
the help template is in the help/ directory.
The help.pl files builds the online help using the name of the caller page (referer).
If the user clic on "help" when on page "admin/itemtypes.pl", the "help/admin/itemtypes.tmpl" is opened.
If the "help/admin/itemtypes.tmpl" does not exists, a default "sorry, no help on this topic" page is shown.
Works fine, but now, the big work has to be done : create the online help pages...
