It appears that an empty string is sneaking into the list of words
to highlight and that is causing the browser to freak out.
Test Plan:
1) Enable NoveList
2) Enable OpacHighlightedItems
3) Search a title with a series (i.e. The Hunger Games)
4) Click into the record
5) Click on the series to search it
6) Click on a title in the search results
7) If Firefox doesn't crash, it gives the unresponsive script message
8) Apply this patch
9) Repeat steps 3-6
10) Browser doesn't freak our
Signed-off-by: Jason Robb <jrobb@sekls.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
could not confirm the problem, but small change and
highlighting terms on result list and couldn't find any
regressions in highlighting.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Since translator rebuild HTML tags with double quotes for attributes
values, use double quotes in english template too and escape them with
backslash.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
It works well!!
Test:
1) Intall translation (de-DE, es-ES)
2) to Go to item search, in english, do a search that gives results
3) Switch language, repeat search, result's table does not render
4) Apply patch
5) Install translation again
6) Repeat 3, now results are displayed
No koha-qa errors
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
It's preferable to limit the permission to delete shelves.
Apply both patches before testing, then follow this test plan
Currently a public list can only be deleted by its owner.
This means lists can exist infinitely.
This will introduce a new permission for list. With this permission, a
staff member will be allow to delete any public lists.
Test plan:
1/ Add the manage_shelves permission to a patron.
2/ Login with this patron
3/ Go on the public list view
4/ You should be able to delete all public lists
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Labeling a phone number field "mobile phone" eliminates the usefulness
of having the labels "primary" and "secondary." Generic labels let the
user populate the fields according to their importance rather than their
type.
To test I recommend editing a patron record so that the values in the
patron record contain a label matching the table column:
borrowers.phone : 555-555-1234 (primary - phone)
borrowers.phonepro : 555-555-5678 (secondary - phonepro)
borrowers.mobile : 555-555-9012 (other - mobile)
View this patron's information in the various affected templates and
verify that the labels correctly match the data:
- OPAC "your personal details" (opac-memberentry.pl)
- Submit changes to primary, secondary, and other phone via the OPAC.
In the staff client, view the confirmation for those changes.
- Patron details in the staff client (moremember.pl)
- Patron entry/edit in the staff client (memberentrygen.pl)
- Patron duplicate confirmation in the staff client
(you can navigate directly to
/members/moremember.pl?borrowernumber=XXXX&print=brief)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The browse by last name letters on the patron search for the patron card
creator doesn't work quite right. If extended patron attributes are
disabled, it works fine, but if they are enabled, they are searched even
when using the browse last name. Thus, if a searchable attribute has a
"D" in it, and one clicks the "D" link for the last name browser, that
patron will show even if he or she has no "D" in his or her hame!
Test Plan:
1) Enable extended patron attributes
2) Add a new searchable patron attribute
3) Create a new patron with the last name "Ace"
4) Add the value "D" to the attribute for this patron
5) Browse to the patron card maker, start a new patron batch
6) Click "Add item(s)" to bring up the patron search
7) Click the letter "D" in the patron search box
8) Note that "Ace" shows in the results list
9) Apply this patch
10) Repeat step 7
11) Note that "Ace" no longer shows in the results list
12) Perform a regular search by putting the letter "D" in the "Name:"
field, and hit the "Search" button
13) Note this time the results *do* have Ace in them
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Well described for a tricky bug. Reproducible. Fixed with this patch.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
This works as described, no problems or regressions found.
No matter what the selection of OPACShowHoldQueueDetails is, if it is
enabled it displays a line "Holds and priority:" even if you've opted to
hide one of those!
Test Plan:
1) Apply this patch
2) Test each setting of OPACShowHoldQueueDetails
3) Ensure each setting displays the correct fields ( or lack thereof )
Signed-off-by: Christopher Brannon <cbrannon@debian.localdomain>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
If a link to a patron record ends with #reserves, the holds tab is selected
on page load, but the holds table does not load.
Test Plan:
1) Build your holds queue
2) From the holds queue report, open any patron link
3) Note the patron's reserves do not load
4) Apply this patch
5) Clear your browser cache
6) Repeat step 2
7) Note the holds table now loads
Signed-off-by: Sean McGarvey <seanm@pascolibraries.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Test plan:
1: Go to your patron
2: Go to change username and/or password.
3: Change password to something with spaces in the middle. Notice it is invalid.
4: Apply this patch.
5: Change password again using spaces in the middle. Notice it is accepted.
6: Change password with leading and/or trailing spaces, notice they are not accepted.
Applied bothe patches. Followed test plan. Patch behaves as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Test plan:
Go to your patron, go to change username and/or password. change
password to whitespace, notice it is accepted, apply this patch,
change password again, to whitespace, notice password is not valid.
Followed test plan. Patch behaves as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
- Move database update entry to correct spot
- Fix version number in database update
- Fix capitalization in sys pref description
- Fix sequence in sysprefs.sql
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Agree with Chris that the defualt should maintain the higher security
and not reduce it.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To Test:
1) Enable the system preference SessionRestrictionByIP
2) Change your system IP. It will not checkout your system IP or signout.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch fixes the translation for the "Remove" button.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Tested:
- acq history search with different searches
- patron lists patron search
Passes all tests and QA script.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
If it's the result view, the autocomplete should not be apply to the
input element (it does not exist).
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This bug modifies not just the order search form but also the patron
lists feature, making use of the new script for building a patron
autocomplete form. However, the test plan does not specify that the
patron lists form be tested as well, and it doesn't work.
This patch corrects a minor flaw which broke the patron search
autocomplete when adding patrons to a patron list.
To test, create a new patron list if necessary. Click the "add patrons"
button to add patrons to the list. In the patron search form type a
partial patron name. You should get an autocomplete dropdown of existing
patrons. Selecting one should work correctly.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds the ability to search orders using the basket creator.
Test plan:
- go on the order advanced search form (acqui/histsearch.pl)
- use the autocomplete input to search patrons
- launch the search and verify the results are consistent with the
values you have filled.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The patron list feature uses an autocomplete field to search patron.
This will be reused in the next patch.
This patch should not introduce any behavior change.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 12944 [QA Followup] - Rename patrons.pl to patrons.js
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
It seems odd that only the holding libraries are listed on the holds
ratios report, we should add the home libraries as well.
Test Plan:
1) Apply this patch
2) Run the hold ratios report
3) Note the new home libraries column
Signed-off-by: Heather Braum <hbraum@nekls.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
The holds ratio report ignores ordered items. This could cause a library
to inadvertently order more copies of a title than they actually need.
An option should be added to count ordered items ( i.e. any negative
notforloan value ).
Test Plan:
1) Apply this patch
2) Create a record with two items, one regular, one ordered.
3) Place 3 holds on the item
4) Run the reserve ratios report, by default you should see this record
5) Check the new 'include ordered' checkbox, rerun the report
6) Note that record is no longer displayed
Signed-off-by: Heather Braum <hbraum@nekls.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Patch will add DDC classifications, divided with | below the subjects
in the OPAC and staff detail pages.
To test:
- catalogue a record with one or mulitple 082$a subfields
- verify the classifications are displayed in OPAC and staff detail page
- Add following CSS to OpacUserCSS or IntranetUserCSS:
.results_summary.ddc {
display:none;
}
- Verify the DDC classifications are now no longer displayed
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Test plan ok. Repetions of $a subfield are separated by a space, which seems
correct. I'm not sure whether other subfield than $a should be displayed on
intranet. Whatever, this could be added later.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The a patron's userid should be a matchpoint in the same manner as
cardnumber. Though not enforced as a unique key by the database yet
( pending bug 1861 ), this field is effectively unique as uniqueness
is enforced by Koha itself.
Test Plan:
1) Apply this patch
2) Browse to tools/import_borrowers.pl
3) Download the starter CSV file
4) Edit the csv file to include 1 or more patrons
* Make sure to leave the borrowernumber field empty
* Make sure the userid field matches the patrons you wish to overwrite
5) From import_borrowers.pl, upload your file
* Set "Field to use for record matching" to "Username"
* Set "If matching record is already in the borrowers table" to "Overwrite the existing one with this"
6) Click "Import"
7) Verify the patrons in your file have been updated in Koha
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Do exactly what's announced. This may help.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Changes are confirmed with author (Mirko Tietgen). See Bugzilla.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
System information indicates missing <zebra_bib_index_mode> and <zebra_auth_index_mode> entries in koha-conf.xml.
This patch
- adds warnings about a possible mismatch between these settings and the actual setup
- adds info about the actual setup/what values to use for <zebra_bib_index_mode> and <zebra_auth_index_mode> if they are not set.
The assumption is that a path including 'zebra-*-dom.cfg' in the respective section indicates a DOM setup.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug 12979 refactored the way to display prices.
The price format configuration was duplicated everywhere it was used.
All calls looks good except the one in admin/aqbudgetperiods.pl
In this one, the prices are formatted for an edition field (input).
This means the input is incorrectly filled even if the user does not
update the field.
At the end, maybe should we manage formatted prices everywhere, even in
inputs, but it's not in the scope of this bug.
Technically, a new subroutine format_for_editing is added to the
Koha::Number::Price module.
It should be called everywhere a price is displayed in an input field.
At the moment, it only does a sprintf("%.2f"), but it is a first step to
let the number of decimals to display configurable.
To test:
1/ Verify the issue described is fixed (editing a budget with a total
amount > 1000 (With CurrencyFormat is US or FR).
2/ Verify you can edit a fund with a total amount > 1000
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The batch patron modification tool's template was created without the
footer include at the bottom. Without the footer include the language
toolbar will not be displayed.
All page templates should include the global footer include:
[% INCLUDE 'intranet-bottom.inc' %]
To test:
- Install at least a second language
- Enable at least 2 languages (language system preference)
- Go to tools > Batch patron modification
- Verify that at the bottom of the page the language chooser is shown
Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch moves the patron category name or category type at the end of title and breadcrumb for better translatability.
Note: It does not change anything in functionallity, it only changes display of strings.
To test:
Apply patch
Search a patron and edit it in all possible ways: 'Edit' button on top of details page, 'Edit' links in details page, 'Edit' links in search result table if multiple patrons are found)
Duplicate a patron
Create a new patron
Make sure that title and breadcrumb appear in a meaningful way with pattern similar to the following:
Modify patron Hansli Meier (Juvenile)
(Missing </div> added)
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
When creating an order, the fund value is mandatory but the DB structure
does not show this constraint.
The aqorders.budget_id field should be linked to aqbudgets.budget_id.
The updatedatabase.pl (entry 3.01.00.077) commented this constraint,
certainly for a retro compatibility reason.
Actually I found some cases (in production) where aqorders.budget_id is
set to "0". To add this constraint, we should add a temporary fund to
linked orphan orders.
Test plan:
0/ Verify it is not possible to create an order not linked to a fund via
the Koha interface.
1/ Using your SQL CLI (or equivalent), create or update 1+ orders and set
"0" in the budget_id field.
2/ Execute the updatedabase script.
3/ Verify that your order is linked to a new fund (which is linked to a
new budget).
4/ Verify the constraint has correctly been added (show create table
aqorders).
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug 12111 removes the vendor note edition on receiving.
The label should not be displayed when it's empty.
Test plan:
1/ Receive an order without a vendor note and verify that the label is not
displayed.
2/ Receive an order with a vendor note and verify that the note is
displayed.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Works as described, small template change.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
In multiple cases I've seen issues arise in Koha where a librarian
accidentally puts a space at the end of a new branchcode. This of course
causes endless confusion because the branchcode looks perfectly fine in
every case unless you wrap the code with some characters to reveal the
hidden space!
Test Plan:
1) Try creating a new branch with one or more spaces in the branchcode
2) Note you are able to
3) Apply this patch
4) Repeat step 1
5) Note you are no longer able to
Followed test plan with cache cleared. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, passes tests and QA script.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The interface should prevent to delete funds with children.
Otherwise the relationship is broken and problems occur:
1/ You don't see the orphan fund in the fund list
2/ You cannot edit the orphan fund amount ('Fund amount exceeds parent
allocation').
This patch:
- adds a JS check, template side
- adds a check in the perl script (should never be true)
- adds an updatedatabase check, in order to alert users with inconsistent data.
Test plan:
Verify you are not allow to delete a fund with children.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Hidden 'New child record' if 'EasyAnalytics' is set to display.
Testing plan:
-Turn on 'EasyAnalytics'. Check the drop down menu from the records page
*The drop down menu should include 'Analyze items' and not include 'New child record'
-Turn off 'EasyAnalytics'. Again check the drop down menu from the records page
*The drop down menu should include 'New child record' and not inlucde 'Analyze items'
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug partially corrected by Bug 11357.
The size column in biblioitems is a bit problematic when used in TT, because instead of the size value from the biblio column it will give you the size of the variable or current loop.
It's currently used in the templates like opac-topissues.tt :
[% IF results_loo.size %][% results_loo.size %][% END %]
This patch corrects by using item() TT method.
See http://stackoverflow.com/questions/2311303/how-can-i-handle-hash-keys-containing-illegal-identifier-characters-in-template.
Test plan :
- Be sure there is a mapping between a MARC field and biblioitems.size
- Create a record A with biblioitems.size defined : like "10x12"
- Create a record B with no value in biblioitems.size
- Check each modified page :
=> Without this patch : you see a number (loop size) for both records
=> With this patch : you only see the correct value for A and nothing for B
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The link to open the cart no longer triggers the cart popup. Instead, in
order to make it more usable with mobile devices, it triggers a menu
which displays the count of items in the cart -- something which
previously was done with a hover action (something touch-screen devices
don't have). Clicking/tapping this menu item is what opens the cart
window.
Since the cart link is really now a menu trigger rather than just a
link, it seems logical to add the small arrow which the lists link
has indicating that the link triggers a menu.
To test, apply the patch and view any page in a Cart-enabled OPAC.
Confirm that the "caret" icon displays correctly when the cart is both
empty and when it has contents.
Followed test plan. Icon displays as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, good idea.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The parcel page always displayes "Tax exc." even when values don't
include taxes.
Test plan:
On the parcel page, verify that the string "Tax *" is correct.
This appears in the already received order table.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
In parcel.tt, total are calculated for subtotal.
This could be done in the pl script for more consistency.
Test plan:
Go on a parcel page with several already received orders.
Orders must be linked to different funds.
If possible ecost and unitprice (price on ordering and on receiving)
should changed (different values will be displayed in the table).
The values displayed before and after the patch must be the same.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Some libraries wish to display the patron's cardnumber on the
confirmation screen for patron self registration, rather than make the
patron locate it his or her cardnumber by logging in and browsing to the
personal details page. We should also add ids to these fields for easy
css styling/hiding.
Test Plan:
1) Apply this patch
2) Ensure that autoMemberNum is enabled
3) Self-register a new patron
4) Note confirmation screen now displays the patron cardnumber
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Refactor 1 line of code and add a preventDefault.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug 9811 (Patron search improvements) reversed the layout changes made
by Bug 10153. This patch returns to the form to its "stacked" layout.
To test, apply the patch and navigate to the Patrons home page. Expand
the hidden search fields in the search header and confirm that the
layout looks correct. Perform some searches and check that the results
are correct and that the modified search fields retain their state.
Note: This patch contains indentation changes, so please diff
accordingly.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds a little bit of CSS to style the branch checkbox boxes.
I hope that this helps the readability, especially in systems with a
large number of branches.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This allows the exporter (Tools -> Export) to have any combination of
branches selected, rather than it being all or only one.
Test Plan:
* Apply the patch
* Go to the exporter, see that instead of a dropdown you now have an
elegently laid out grid of branches you can select from
* Select some branches, run the export
* Note that only records with items in the selected branches are
returned.
* Repeat this with the item related options (as that code was refactored
slightly) and make sure everything is sane.
Sponsored-By: South Taranaki District Libraries
Signed-off-by: Thomas <tomsStudy@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
http://bugs.koha-community.org/show_bug.cgi?id=11961
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This button lets you replace existing authorities using a Z39.50 search.
http://bugs.koha-community.org/show_bug.cgi?id=11961
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
All tests pass
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To test:
- Use an installation a reasonable amount of authorities, so that you can
have a search result list with more than one page
- Activate OpacAuthorities
- Create an OPAC link like shown below, verify that an alert is shown
- Apply patch
- Refresh the page and no alert should appear
- Verify the paging still works correctly for 'numbers' and 'arrows'
URL:
.../cgi-bin/koha/opac-authorities-home.pl?and_or=and&marclist=match&op=do_search&operator=contains&orderby=HeadingAsc2"><script>prompt(987898)</script>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
To test
1/ Make sure you have some items in your database, that have values in items.issue
If nessecary do something like
UPDATE items SET issues = 10 WHERE itemnumber=somenumber
2/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-topissues.pl?do_it=1&timeLimit=3%3Cscript%3Eprompt%28924513%29%3C/script%3E
3/ Notice you will get a prompt
4/ Apply patch
5/ Test again
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
A specially crafted url causes XSS in Koha
To test:
cgi-bin/koha/opac-shelves.pl?viewshelf=2%22%3E%3Cscript%3Eprompt(987898)%3C/script%3E
cgi-bin/koha/opac-downloadshelf.pl?shelfid=2%22%3Cscript%3Eprompt(1)%3C/script%3E&showprivateshelves
These should cause a popup without the patch. With the patch, no popup.
You may need to create these lists, the xss will not be triggered if the list doesn't exist or you don't
have permission to view them.
Signed-off-by: Chris <chris@bigballofwax.co.nz>
Fixes the two listed problems
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed patch fixes the problem.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Encoding problems appear when creating a patron list from the patron search results page.
Test plan:
1. Perform a patron search in the patrons module
2. Select one or more patrons
3. Choose "Add selected patrons to: [ New list ]"
4. Enter a patron list title with UTF-8 characters.
5. The list will be created with bad encoding.
6. Apply the patch and verify there is no bad encoding anymore.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Patch works fine.
Note that I - very ironically - had to remove UTF8 characters from the commit
message to apply and attach the patches with git/git-bz.
Hopefully, an upgrade to a newer git version will resolve that too.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
