This patch makes javascript moneyFormat function in paycollect.tt consistent
with the one in pay.tt
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Test plan:
1. Apply patch and run updatedatabase
2. Enable 'UseCashRegisters' syspref and create at least one cash
register for your library
3. Verify that you have several authorized values in the 'PAYMENT_TYPE'
category. One of them should be 'CASH'
4. Go to a patron accounting tab, create a manual invoice and go to the
payment form. Select payment type 'CASH' and verify that you cannot
submit the form if no cash register is selected.
Select another payment type and verify that you can submit the form
even if no cash register is selected
5. Set syspref 'RequireCashRegister' to 'always require a cash register'
6. Repeat step 4 but this time you should not be able to submit the form
if no cash register is selected, no matter which payment type is
selected.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Changed each of the pages in the labels and members folders to have one
<h1> tag showing that describes the page, rather than the <h1>
describing the logo.
The hierarchy of heading tags may be broken in many pages, but this
will be dealt with in an additional bug.
To test:
1) Go to the Staff Client
2) Apply patch
3) Go to each of the pages in the labels and members folders and check
that they have an obvious and descriptive heading
4) Ensure that the heading in the page is <h1>
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
We will use 'patron-search.inc' in the next patch
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To reproduce (paycollect.pl):
1) Prepare or use some existing patron with outstanding fines, go to
the accounting section and open page where you make payment towards all
fines.
2) The error message should have appeared in your log file about
"File not found : default/js/locale_data.js".
3) Apply the patch.
4) Open the edit page again, ensure that the new error massage like
that didn't appear.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Fixes another occurence of the fines to charges.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch fixes the tests for when a negative amount is passed to the
pay method. Prior to now, a negative amount would have been passed
through and recorded. This was inconsistent with all other accounts
methods and has been deprecated to ensure consistent amounts handling.
This patch also introduces basic validation to prevent negatives being
entered into the UI.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the members folder are swapped around
to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to
these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch centralises the payment/transaction type select options
handling so the SIP types are properly in all cases.
Test plan
1) Check that SIP payment types are properly hidden on the following
modals.
1a) Refund modal on the borrower account page (The 'Account credit'
option should appear here)
1b) Payout modal on borrower account page
1c) Payment via paycollect
1d) Payment via point of sale
1e) Refund via point of sale, register details page (The 'Account
credit' option should only appear for debts associated to a patron and
not for payments accepted via point of sale)
2) Signoff
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I think the "breadcrumbs" ID is worth saving for past and future CSS
customization reasons.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Modified breadcrumbs to be accessible, in particular for a
screen-reader.
Made the block of breadcrumbs be a <nav aria label="Breadcrumb"
class="breadcrumb"> with an ordered list inside. The last breadcrumbs
also has aria-current="page" to specify that it is the current page.
To test:
1) Apply patch
2) Build scss file
3) Ensure each of the files in the members folder have breadcrumbs that
are in a <nav aria label="Breadcrumb" class="breadcrumb"> block
4) Ensure that there is an ordered list in the block of breadcrumbs
5) Ensure that the last breadcrumb has aria-current="page"
6) Ensure that the breadcrumbs on each page of the staff client
belonging to these files look the same as before, but the '>' symbol is
replaced with '/' and the last breadcrumb has bold text
7) Ensure that when the last breadcrumb is clicked it takes you to the
page you are currently on
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test Plan
1. Go to My account and go into accounting
2.Create manual invoice (If you already have invoices skip this step)
3.On the Make a payment tab click on Write off under actions of an
invoice
4. Click on Writeoff amount label and make sure that the amount written
is highlighted in green.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the html_helper for the cash register selection block
to remove the 'empty option' such that it can be correclty set for each
select case and updates all existing cases where we used the process
block previously to include the relevant blank option '-- Select an
option --', '-- None --', 'Library default' and finally the new '-- All
--' options introduced with this bug.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When the form submision fails due to validation errors we need to also
reset the preventFormDoubleSubmit state to allow for a second submission
with corrected form fields.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds conditional validation to the cash register field on
paycollect such that if 'CASH' is selected as the payment type and cash
registers are enabled, then a cash register will be required.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds handling to allow for the use of the session cash
register by default if it has been set, otherwise it defaults to '--
None --' and requires the end user to select the register to proceed
with the payment.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There is inconsistency in variable case between the controller script
and the template. This patch corrects those inconsistencies.
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch set attempts to replace all the <i> tags with <em> and all
the <b> tags with <strong> in the staff interface.
I attempted to get all the templates, includes, and xslt files.
To test:
1. Review the changes as best as possible, looking for mistakes.
2. grep for <i> and <b> in the modules, includes, and xslt folders. You should get nothing/
3. If you grep '<\/i>' you should only see instances of Font Awesome.
4. If you grep '<\/b>' you should only see instances where caret is used.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It appears that through various rebases the variable names in the form
and the controller script have become mismatched. This patch corrects
the situation and clarifies their intended use.
Test plan:
1/ Turn on cash registers in sysprefs
2/ Define at least 2 cash registers in Admin
3/ Create a manual invoice on a patron
4/ Pay off half of your fee, selecting the first register
5/ Pay off the remaining fee, selecting the second register
6/ Query accountlines.register_id for your two payments
8/ Confirm the two accountlines.register_id's do not match (thus the
passed variable was used)
https://bugs.koha-community.org/show_bug.cgi?id=26469
Signed-off-by: Jessie Zairo <jzairo@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In places where the interface warns the user about missing cash
registers we should provide users with permission a direct link to the
cash register management page.
To test, apply the patch and enable the UseCashRegisters and
EnablePointOfSale preferences.
If necessary, go to Administration -> Cash registers and remove any cash
registers for your library.
- Log in to the staff interface as a user with "manage_cash_registers"
permission.
- Locate a patron who has outstanding fines.
- Under Accounting -> Make a payment, click the "Pay" button next to a
fine.
- The page should show the message about missing cash registers with a
button which take you directly to the "Add new cash register" form.
- Perform the same check by selecting the checkbox next to a fine and
clicking the "Pay amount" button and the "Pay selected" button.
- Test the message shown at:
- Tools -> Cashup registers.
- Point of sale -> Register details
- Point of sale -> Library details
- Perform the same tests when logged in as a user without permission to
manage cash registers. The messages shown in the previous steps
should omit the button linking to cash register management.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In patron's accounting section, under 'Make a payment' tab, you have the
choice between 'Pay' and 'Write off'. It takes you to another form, but
once there you cannot change mode. You have to click on Cancel,
re-select the lines you had selected (if you made a selection) and click
on the right button.
This patch adds link above the form to easily switch between the two
modes.
Also fixes a CSS bug to be able to use Bootstrap's nav pills inside
.statictabs
Test plan:
1. Create some manual invoices
2. Go to 'Make a payment' tab
3. Click on the 'Pay' button in a table row
4. Above the form you should see two links ('Pay' and 'Write off').
Click on 'Write off', confirm the write off and verify that it did
make a 'write off'.
5. Go to 'Make a payment' tab
6. Click on the 'Write off' button in a table row
7. Click 'Pay', confirm the pay and verify that it did make a 'pay'
8. Go to 'Make a payment' tab
9. Select some lines and click on 'Pay selected'
10. Click on 'Write off', confirm the 'write off' and verify that it did
make a 'write off'
11. Go to 'Make a payment' tab
12. Select some lines and click on 'Write off selected'
13. Click on 'Pay', confirm the pay and verify that it did make a 'pay'
Signed-off-by: Christofer <christofer.zorn@ajaxlibrary.ca>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When paying or writing off a single line from the list of pending charges,
the account type displayed the code instead of the description.
And when bug 23483 fixed the display of the description, 2 variables where
missed. This change is only visible when looking at the page source:
<input type="hidden" name="description" id="description" value="" />
With the patch applied, the value will be filled with the description.
To test:
- Create one or more manual invoices of different types
- Try to pay/write off using the buttons within the table
- Verify the account type shows as code, not description
- Apply patch
- Repeat
- Bonus points: Check the source code for the hidden input with description.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch changes the text of the "Collect from patron" field to read "Amount tendered"
To Test:
1) In the Point of Sale screen, check that the text inside the "Collect payment" box reads "Collect from patron"
2) Go into a patron record, and create a manual invoice.
3) Go to Make a payment, and select to "Pay an amount". Check the text reads "Collect from patron".
4) Repeat the process with the "Pay Selected", and "Pay" button (listed next to the individual invoice)
5) Install the patch
6) Repeat steps 1-4, but the text should now read "Amount tendered", instead of "Collect from patron" in all payment options in the patron record, and in the Point of Sale screen.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds some additional handling to prevent undercollection of
fees at the server side.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch attempts to clarify the uses of the various input fields on
the paycollect screens.
It does this by adding validation to the form such that entering a
'collected' value that is lower than the 'paid' value is now forbidden.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Update DB entry 19.06.00.017:
We created SIP* AV from accountlines if '^Pay[[:digit:]]{2}$', so I
think we should assume that more than SIP00, SIP01, SIP02 can exist.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This makes a change requested by the first tester:
Also change the page title when a writeoff is done vs
a payment.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 11373 added change calculation to the payment page.
This doesn't work very well in the case of writeoffs:
- The "Amount paid" and "Change to give" fields don't make much
sense in the case of writeoffs.
- The amount for a partial writeoff has to be entered in the
"Amount paid" field instead of the one labeled "Writeoff amount"
just underneath.
This patch removes these unwanted fields and use the "Writeoff amount"
label on the right input.
Test plan:
1) Choose a patron who has fees.
You can add a manual invoice if necessary.
2) Go to Accounting > Make a payment.
3) Select some fines and click "Write off selected".
4) Note the form has a lot of inputs, not all are necessary for a
writeoff.
5) Make a partial writeoff by entering a different amount in the
"Writeoff amount" field.
=> The amount written off is the amount entered in the "Amount
paid" field.
6) Apply patch.
7) Repeat steps 1-3.
8) Notice the form only has "Amount outstanding", "Writeoff amount"
and "Note" fields, which are enough for a writeoff.
9) Entering any amount lower than or equal to the amount outstanding
in the "Writeoff amount" field should create a writeoff of the selected
amount.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
When writing off an individual fine, the description shown
was the patron's title, instead of the fine description.
Fixing it by changing it to the same template variable used for
paying individuals so they match up.
To test:
- Pick a patron and make sure salutation is set (Mr, Mrs, ...)
- Create a manual fine
- For the fine, compare the description shown when using the Writeoff
and Pay buttons next to the fine
- Verify the display is different and writeoff displays the salutation
- Apply patch
- Repeat, descriptions now should match up
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
* Update C4::Accounts::chargelostitem
* Update C4::Accounts::manualinvoice
* Update C4::Circulation::_FixOverduesOnReturn
* Update C4::Circulation::_FixAccountForLostAndReturned
* Update C4::Overdues::UpdateFine
* Update C4::Overdues::GetFine
* Update C4::Overdues::GetOverduesForBranch
* Update Koha::Account->pay
* Update Koha::Account->add_debit
* Update Koha::Account->non_issues_charges
* Update Koha::Account::Line->apply
* Update Koha::Account::Line->adjust
* Update controller scripts
* Update reports scripts
* Update tests
Test Plan
1) Run the test suit and ensure everything still passes
2) Test reports/cash_register_stats still works
3) Test that adding manual invoices still works
4) Test that making payments still works
5) Test that lost item fee handling still works
6) Test that invoice printing still works
7) Test that the sco still works
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Some libraries would like to show the amount of change given on print reciepts triggered by FinePaymentAutoPopup
so the patron can verify he or she has recieved the correct amount of change.
1) Apply this patch
2) Edit ACCOUNT_CREDIT slip and add "[% IF change_given %]<h1>CHANGE: [% change_given %]</h1>[% END %]" at the top
3) Enable FinePaymentAutoPopup
4) Make a payment
5) Note the change given is shown on the popup receipt
6) Note the change given is *not* shown on subsequent prints of the same receipt using the "print" button for the payment
Signed-off-by: Kyle Hall <kyle@bywatersolutions.com>
Signed-off-by: Hasina Akhte <hasinaa@pascolibraries.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This follow-up catches the case where no cash registers have been
defined for the current branch and as such payments cannot be processed.
Test plan:
1) Ensure you have 'UseCashRegisters' set to 'Do'
2) Attempt to make a payment for a fee whilst logged into a branch that
has not yet had cash registers configured.
3) Note that you are shown a warning and cannot proceed.
4) Signoff
Sponsored-by: PTFS Europe
Sponsored-by: Cheshire Libraries Shared Services
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch ties in the cash registers system to the paycollect payment
pages in the staff client.
Test plan:
1) Add some manual fees to a test patron
2) Select some fees to pay off
3) Note the addition of a select box for selecting your cash register
upon payment.
4) Set a branch default cash register for the current branch
5) Repeat step 3 and note that the pre-selected cash register is the one
set in step 4.
6) Unset the branch default cash register for the current branch
7) Repeat step 3 and note that there is no cash register pre-selected
8) Set 'UseCashRegisters' to 'Do not'
9) Repeat step 3 and note that there is no longer an option to select a
cash register
10) Signoff
Sponsored-by: PTFS Europe
Sponsored-by: Cheshire Libraries Shared Services
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Some libraries would like an auto-popup after making a payment so librarians don't have
to navigate to the accounts page, locate the new payment, then click the print button.
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Make a payment, note no difference in behavior
4) Enable the new syspref FinePaymentAutoPopup
5) Make a payment, note the popup for the payment receipt
Signed-off-by: Lisette Scheer <lisettes@latahlibrary.org>
Rescued-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
on_edition flag must be set when the Price plugin is used on inputs.
Prices currently need to all be displayed with decimal dot in input
fields.
Test plan:
Trying to pay 9,55. Go into the input field and change 9 to
5.
Without this patch Koha will turn it into 555.00.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch provides some follow-ups, including corrections to the
JavaScript and updates to the text for readability.
- Remove obsolete script "type" attribute
- Update the use of the obsolete jQuery method "bind"
- Use Bootstrap's built-in "show" option instead of simulated click
- Handle preventDoubleFormSubmit function's "waiting" class if modal is
closed manually
To test, apply the patch and follow the original test plan. Everything
should work as expected.
Note that when the modal is shown, the cursor changes to the "waiting"
one when you hover over the body of the page. If you click "No" in the
modal, the cursor should return to normal.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds a feature in the fine payment section. It allows to see the change due to patrons when the amount collected is higher than the amount paid.
Test plan :
- Apply patch.
- Select a patron with a fine.
- Go to Fines > Pay fines.
- Click the button pay.
- Choose the amount paid equal to the outstanding amount (exemple : 3$).
- Choose the amount collected to be more than the outstanding amount (exemple : 5$).
- Confirm that the change is correct (example : 5$ - 3$ = 2$).
- Click the button confirm.
- Click on Yes in the dialog box.
- Confirm that the payment has been made (example : last amount = 3$).
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1) Create a manual invoice and save
2) Go to Make a payment tab
3) Click 'Pay amount', then cancel
4) Notice you are redirected to the Transactions tab, rather than back to
Make a payment
5) Also try this with Pay selected and write off selected result when
cancelling should be the same
6) Apply patch and try steps 2-6 again
7) Verify that you are now redirected to the 'make a payment tab'
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
1. Give patron outstanding fees
2. Search patron and select 'Make payment'
3. Select either 'Pay' or 'Write off'
4. Confirm that first tab title remains as 'Transactions'
5. Confirm that current tab title remains as 'Make a payment'
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several patron templates to use the Bootstrap grid
instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags and "text/css" attributes from <style> tags in the
modified templates.
Markup has been corrected in paycollect.tt and readingrec.tt where a
table row lacked <tr>.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Patron -> Notices
- Patron -> Purchase suggestions
- Patron -> Circulation history
- Patron -> Routing lists
- Patron -> Statistics
- Patron -> Fines
-> Pay
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>