This patch moves several English strings out of members-menu.js and into
str/members-menu.inc where they can be picked up by the translation
process. The following strings are affected:
"Are you sure you want to renew this patron's registration?"
"Are you sure you want to update this child to an Adult category? This
cannot be undone."
"Dates of birth should be entered in the format 'MM/DD/YYYY'"
"Dates of birth should be entered in the format 'YYYY-MM-DD'"
"Dates of birth should be entered in the format 'DD/MM/YYYY'"
"Dates of birth should be entered in the format 'DD.MM.YYYY'"
This patch also makes a correction to members-toolbar.inc in order to
enable the presence of the "Update child to Adult" menu item.
To test:
- Install and update a language.
- Check the po-file for that language. You should find no msgid for
the strings listed above.
- Apply the patch.
- Update the language you installed.
- You should find entries for all the strings above.
- Translate those messages and update the translated templates.
- Reinstall the translation.
In the staff client:
- Select your updated translation.
- Open an expired patron's account and choose "Renew patron" from the
"More" button in the toolbar. You should be prompted for confirmation
using the translation you provided.
- To test the "Update child" confirmation you should have only one
patron category in the "Adult" category.
- Open a patron record with a child category and choose "Update
child" from the "More" menu in the toolbar. You should be prompted
for confirmation using the translation you provided.
- To test the date format messages: From the patrons home page, expand
the advanced search options in the header search form. Select "Date
of birth" under "Search fields." A correctly-translated tooltip
should appear above the search field.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This follow-up modifies JavaScript so that the confirmation dialog is
triggered when deleting a patron image from the modal window.
The CSS is modified to improve the alignment of patron image and edit
button.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 11401 introduced code to support Norwegian national library card.
This code is too specific to be part of Koha as it, it should be a
plugin instead.
Moreover nobody uses it, but a modified version (see comment 3).
Test plan:
Add/edit/delete patron and make sure there are no regressions introduced
by these patches
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Code and variables to deal with the update child feature are not
centralized but copied/pasted in several scripts. Which leads to issues
obsviously (bug 20805 for instance).
Moreover the strings used by the templates are also in several template
files (or .inc)
To deal with that this patch introduces the idea to create 1 .inc file
per .js file
Here we have members-menu.inc for members-menu.js
Test plan:
- Remove all your adult categories (categories.category_type='A')
- Create a patron with a child category
- Try to update to adult category
=> The entry does no longer appears! (This is a change in the behaviour)
- Create one adult category
- Update to adult category
=> There is a JS confirmation message, if you accept the patron will
be updated to the adult category
- Create (at least) another adult category
- Create another child
- Update to adult category
=> No more confirmation message but a popup to select the adult category
- Pick one
=> The patron has been updated to the adult category
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
