Commit graph

30078 commits

Author SHA1 Message Date
Baptiste Wojtkowski
99caf5329b Bug 13178: increase max value of CardnumberLength
testplan
1 - Apply patch
2 - Run updatedatabase.pl
3 - Update dbix scheme
4 - set the value of CardnumberLength to a value between 16 and 32
5 - Check you can enter a propper cardnumber
(modify to 32 instead 20)

+ max value now depends on the database field value to

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:27 -03:00
Aleisha Amohia
d25719d223 Bug 19216: Fix broken table in OPAC for when club doesn't allow public enrolment
To test:
1) Apply bug 19214 and bug 19215 to fix other issues with patron clubs
2) Create a club template that DOES NOT allow public enrollment
3) Create a club, enrol a user
4) Log in as that user to the OPAC
5) Go to 'your summary' and click the Clubs tab
6) Notice the broken table with empty column
7) Edit the club template to allow public enrollment
8) Notice the table is fixed - so this bug is just when the club does
not allow public enrollment
9) Apply the patch
10) Edit the club template to NOT ALLOW public enrollment
11) Confirm the table in the OPAC is now fixed and does not leave an
empty column

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:27 -03:00
2f2d84316a Bug 17214: (QA follow-up) Print error message too in fallback case
If the error code is not known or empty, provide the message too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested this by adding a die on shelves.pl line 180 (my $added = eval ..)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:26 -03:00
Aleisha Amohia
70d72e3d9c Bug 17214: Add records to lists by biblionumber
To test:
1) Apply patch and go to Lists
2) Click on an existing list or create a new list
3) Add items by barcode, confirm this functionality still works
4) Trigger error messages (adding duplicate barcodes, barcodes that
don't exist) to confirm they still show as appropriate
5) Test adding by biblionumber, confirm this works as expected
6) Trigger error messages (adding duplicate biblionumbers, biblionumbers
that don't exist). Confirm wording is appropriate in messages.
7) Add both barcodes and biblionumbers at the same time, confirm this
works as expected

Sponsored-by: Catalyst IT

Signed-off-by: Israelex A Veleña for KohaCon17 <israelex19@gmail.com>
Signed-off-by: Israelex A Veleña for KohaCon17 <israelex19@gmail.com>

Signed-off-by: Harold <harold.sabanal@gmail.com>

Signed-off-by: macon lauren KohaCon2017 <caballeromaricon@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17214: [FOLLOW-UP] Using Koha::Biblios instead of GetBiblio

Ready to test

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:26 -03:00
7c27958e6b Bug 2093: DBRev 17.06.000.024
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:26 -03:00
ad790bed2d Bug 2093: [Compiled CSS] Add OPAC dashboard for logged-in users
This patch contains the CSS file compiled from LESS.

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

RM note: opac.css regenerated before push:
lessc --clean-css="--s0 --advanced --compatibility=ie7" bootstrap/less/opac.less > bootstrap/css/opac.css

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:23 -03:00
Aleisha Amohia
506d669424 Bug 2093: (follow-up) Add OPAC dashboard for logged-in users
This patch:
- hides the dashboard if there is no dashboard information to display
- changes '5.00 due' to '5.00 due in fines and charges' for translation
- uses Koha::Holds in place of deprecated C4::Reserves methods

To test, confirm all the right information for holds still shows, and
confirm the dashboard is hidden if there are no checkouts, holds, fines
or overdues.

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:05 -03:00
ffee02e41d Bug 2093: (follow-up) Add OPAC dashboard for logged-in users
This patch adds some additional markup for applying styles to and the
corresponding CSS.

Also modified: Links to opac-user.pl should now open the correct tab.

To test, apply the patch and compile the modified LESS file. Clear your
browser cache if necessary. Follow the original test plan and confirm
that the revised links work correctly.

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
Aleisha Amohia
657c417a87 Bug 2093: Add OPAC Summary for logged-in users
This patch adds a summary to the OPAC once the user has logged in that
shows the users number of checkouts, overdues, holds pending, holds
waiting and total fines. We also have a syspref OPACUserSummary to turn
this feature on and off. Default is ON.

To test:
1) Apply patch and update database
2) Set up some checkouts, overdues, holds pending AND waiting and fines
for a user
3) Log into OPAC as that user, see summary. Confirm links all work as
expected
4) Confirm that if there are no checkouts / overdues etc that the link
disappears from the summary
5) Turn OPACUserSummary OFF and confirm the summary does not show on the
mainpage.

Sponsored-by: Catalyst IT

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
3d6e33134e Bug 19528: (QA follow-up) Adjust language for readability
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
7f7a6879b2 Bug 19528: Fix a few typos like corrosponding
[1] Replace corrosponding => corresponding
[2] Replace containts => contains
[3] Replace item_level-itypes => item-level_itypes
[4] Replace Managment => Management
[5] Replace should returns => should return

Test plan:
Note that this patch only deals with POD lines or test descriptions.
So there is nothing to test, just read the patch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Patch amended by RM: The release notes should not be modified

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
64899db254 Bug 9031: (QA follow-up) Final changes to Calendar::days_between
The crash is caused by comparing two datetimes where one datetime is
floating and the other one was not. In that case the floating is
converted. Note too that DateTime overloads comparison operators.

This patch clones the two dates first. Puts them in floating both. And
just after that starts comparing etc.

Similar small change in hours_between.

Adding a test where the parameters are swapped for days_between.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
c398cfa377 Bug 9031: Overdue items crossing DST boundary throw invalid local time exception
To test:
1 - Set TZ to America/New York
2 - Checkout item and set due date to '2016-03-09 02:29:00"
3 - Make sure fines are set for the item type, fine mode production,
  calculate fines on return
4 - Check in item - invalid date time warning in logs
5 - Apply patch
6 - Check in item - no error
7 - prove t/Calendar.t

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 9031: Use floating instead of UTC

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Squashed the changes for Calendar.pm; will add a follow-up to finally
overcoming the crash on Invalid local time.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
9ac7f85375 Bug 9031: (QA follow-up) Pass the same timezone in Calendar.t
We do not need to change $ENV{TZ} or call tzset.
Pass $tz too for the second date.
Replace checking the datetime hash by delta calls.
Replacing the number of minutes.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
We will still crash with:
Invalid local time for date in time zone: America/New_York
But the changes in Calendar.pm will now resolve that.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
a3c4ce01b3 Bug 9031: Unit tests for DST crossing in (days|hours)_between
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Without the patch for Calendar.pm, this crashes on:
Invalid local time for date in time zone: America/New_York

But even with the original change to Calendar.pm, I would see:
Invalid local time for date in time zone: Europe/Amsterdam
Adding a follow-up for that.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
3b4e0e6978 Bug 19493: Force scalar context to prevent future error
If someone decide the reuse the template->param statement to pass values
to the template, we will get the same issue.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
4a4b3aa948 Bug 19493: Remove few warnings from circulation.pl
If you click Submit on the staff home page without entering a cardnumber, you will find these warnings in the log:
Problem = a value of override_high_holds has been passed to param without key at /usr/share/koha/masterclone/C4/Templates.pm line 137.
Problem = a value of nopermission has been passed to param without key at /usr/share/koha/masterclone/C4/Templates.pm line 137.
Use of uninitialized value $val in concatenation (.) or string at /usr/share/koha/masterclone/C4/Templates.pm line 137.
Problem = a value of  has been passed to param without key at /usr/share/koha/masterclone/C4/Templates.pm line 137.

Cause is this call to $template->param:
$template->param(
     CircAutocompl             => C4::Context->preference("CircAutocompl"),
     debarments                => GetDebarments({ borrowernumber => $borrowernumber }),
     todaysdate                => output_pref( { dt => dt_from_string()->set(hour => 23)->set(minute => 59), dateformat => 'sql' } ),
    has_modifications         => $has_modifications,
     override_high_holds       => $override_high_holds,
     nopermission              => scalar $query->param('nopermission'),

In this specific case GetDebarments returns undef in list context (empty list),
so all items in the list shift one place.
Either we should force GetDebarments to return []; or we force scalar context in a construction like this. This patch does the last thing.

Note: The calls in memberentry.pl and moremember.pl are not affected.

Test plan:
[1] Do not apply. Click Submit without cardnumber. Check the log.
[2] Apply. Click Submit again without cardnumber. Check log.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:03 -03:00
377bd10e0c Bug 16660: (followup) Unit tests
This patch adds unit tests for the introduced changes in
build_query_compat.

It removes a warning too.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
088cdcda5f Bug 16660: Add support for OpacSuppression to Elasticsearch
To test:
1 - Enable suppression
2 - Suppress some records
3 - Apply all the patches
4 - Reindex ES
5 - Search and don't get suppressed records
6 - Disable suppression
7 - Search and get all the records

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
Srdjan
bf6caa81e5 Bug 16660: Moved Opac Supression filtering from opac-search.pl to Zebra::QueryBuilder
To test:
OPAC: Both SearchEngine "Elasticsearch" and "Zebra" should work with
OpacSuppression set to "yes"

NB: OPAC suppression is not implemented for Elasticsearch

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
27b99bb80b Bug 18118: Unexpected behaviour with 'GoogleOpenIDConnect' and 'OpacPublic' syspref combination.
TEST PLAN
----------
1/ configure a working 'GoogleOpenIDConnect' account

See comment #5 which also links back to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16892#c3

2/ set 'OpacPublic' (under OPAC) to 'Disabled' and
   'GoogleOpenIDConnect' (under Administration) to 'Yes'.

3/ log in user successfully via google-auth, observe redirect to
   opac-user.pl (bad)

4/ apply patch
   -- on kohadevbox remember to restart all! Plack is unforgiving. :)

5/ log in user successfully via google-auth, observe expected
   redirect to opac-main.pl (good)

While I would normally suggest running koha qa test tools, because
this file doesn't end in .pl, it doesn't get picked up by them.

6/ perlcritic -4 opac/svc/auth/googleopenidconnect
   -- notice this is a level better than required. :)

This also eyeballs easily well.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
bb1c184b84 Bug 19484: Add test before using object itemtype
Patch applies and functions as described. I agree with you that importing NULL itemtypes is possible Marcel. A higher importance level makes sense.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
30a0d4f6c9 Bug 19531: When saving patron record do not redirect to circ if not authorised
If the logged in patron does not have the necessary permission we should
not redirect to circulation.pl but moremember.pl instead

Test plan:
With the borrowers permission, you should be able to edit a patron and
be redirect to the moremember page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
99e487bc71 Bug 19389: Hide library groups pull down if empty
Regression introduced by bug
  commit 141200794d
    Bug 15295: Koha::Libraries - Remove GetBranchCategories

The intranet advanced search page offers to search for groups of
libraries, even if the pull down is empty as no library groups have
been defined.

Test plan:
- Go to the adv search page at the intranet
- Without library group you must not see the "Groups of libraries"
dropdown list
- With at least a library group you must see it

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
bdf85f5e39 Bug 19069: Fix 'does not match' behaviour in MARC modification template
The "does not match" condition does not behave as expected.
We want it to process the action if the subfield exists and that the
value does not match a given pattern.

Test plan:
Be creative and write different template actions using the "does not
match" condition.
Using the "Batch record modification" and the "Show MARC" popup, confirm
that the processed record is the one you are expecting.

Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
a70c38f380 Bug 19029: (follow-up) Make security question appear on clone operations from one library to another
Message pops up for all instances of cloning now.
Works as expected.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
83f97e662d Bug 19029: (follow-up) Implemented .format() to ease translation
Sponosred by: Catalyst IT

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
971591d4ee Bug 19029: Add JavaScript security question for cloning circ rules
This patch introduces a Javascript security question which is displayed
to the user when they try to clone a circulation rule to a specific
branch when the rule is a 'Standard rule for all libraries"

The rationale for this patch is when the cloning takes place it
overwrites the existing rules of the destination branch and there is no
notification of this to the user. Therefore by implementing this patch
the user is asked if they want to clone the rule (if the rule is
standard accross all libraries) and are told that it
will overwrite the rules in the destination branch.

Test plan:
1. Create a circulation rule for all libraries

2. Make sure the 'select a library' option is set to 'Standard rules for all
libraries"

3. Click the 'Clone' button and notice that the cloning takes place
without any warning that it will overwrite the rules of the destination
branch

4. Apply patch

5. Return to the circulation and fine rules page

6. Repeat step 2

7. Click the clone button and notice a alert box appears asking if you
are sure you want to clone the standard rule to the destination branch.

Note: The name of the destination branch is included in the alert.
Also note that the user is informed of the consequences of performing
the action, i.e. that it will overwrite the existing rules in the
destination branch

8. Click 'Cancel' and notice that no cloning occurs

9. Click the clone button again and this time click 'OK' and notice
that the cloning takes place

10. Return to the Circulation and fine rules page and set the 'Select a
library' option to the name of an individual branch

11. Click the clone button and notice that the clone action takes place

Sponsored-By: Catalyst IT

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
Alex Arnaud
a522df7dd9 Bug 19443: Remove duplicate message when editing existing patron
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
Alex Arnaud
27fca7aceb Bug 19443: Wrong HTML in patron creation page (members/memberentry.pl)
The form provided on top of the page if Koha find a duplicate
patron is not closed. This cause some trouble.

Test plan:

 - Edit the syspref IntranetUserJS and type the following code:
   "$(document).ready(function() {
    $("#memberentry_library_management").insertBefore("#memberentry_identity");
    });"
 - create a patron so that Koha will warn you about a duplicate one,
 - click on "Not a duplicate. Save as new record",
 - you should get error(s) about empty field(s).
   Note that now, the library management part's fields are empty or
   reset to default

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
18809b1371 Bug 12363: DBRev 17.06.000.023
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:08:59 -03:00
58b6e95763 Bug 12363: Add a switch to mark|do not mark items as returned when lost
There are several ways to mark an item an lost:
- item list view (catalogue/moredetail.pl, "Items" tab)
- cataloguing (cataloguing/additem.pl)
- Batch item modification tools (tools/batchMod.pl)
- The long overdue cronjob (misc/cronjobs/longoverdue.pl)

So far only the cronjob is configurable, the others mark the item as
returned (does the checkin).

This behaviour should be controlable using a syspref, to let libraries
choose what fit best for them.

Test plan:
Use the 2 options of the pref, mark checked out items as lost using the
different possibilities, and confirm that the behaviours make sense to
you

Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:14 -03:00
264432f701 Bug 12363: Add new pref MarkLostItemsAsReturned
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:14 -03:00
48be40d1bf Bug 18884: Advanced search on staff client, Availability limit not properly limiting
Patch applies and functions as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
Andreas Roussos
4f2d59e67b Bug 19503: Duplicating a dropdown menu subfield yields an empty subfield tag
While editing a record in the staff client, if you clone a repeatable
dropdown subfield the cloned subfield's tag is empty. This can result
in data loss if the record is saved, re-opened, and saved yet again.
This patch (originally written by Sophie MEYNIEUX for bug 17818) fixes that.

Test plan:
0) [PREREQUISITE] In your MARC framework (Home > Administration > MARC
   bibliographic framework) ensure that you have at least one subfield
   of a particular tag linked to an authorised value (e.g. in UNIMARC,
   tag 700 subfield 4 is 'Relator Code' and can be linked to CCODE for
   testing purposes). This is so that the relevant subfield will be a
   dropdown menu and not a textbox.
1) In the Staff Client, edit an existing record or create a new one.
   Then, try to clone any subfield that is a dropdown menu. Observe
   that the cloned subfield's tag is empty.
2) Apply the patch.
3) Hit CTRL-F5 in your browser (to ensure cataloging.js is re-loaded)
   and try to clone a dropdown menu subfield again. This time the tag
   is cloned as well.

Working as intended.

Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

https://bugs.koha-community.org/show_bug.cgi?id=16503

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
3f2c1c879c Bug 19117: Add CSRF protection to paycollect.pl
Security bug, trivial changes, no need to provide procedure for script
kiddies.

Test plan:
Pay fines using the different options from the "Pay fines" tab.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
Mark Tompsett
c4113dce70 Bug 18956: Fix empty to in message queue
Follow the test plan in comment #20.
Also tweaked string, because it was really 'or' before too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended text in added comment.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
6336e53aed Bug 18956: (QA follow-up) Resolve a CGI::Param in list context warn
From the plack-error.log:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_masterclone_opac_opac_2dpassword_2drecovery_2epl line 129, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:56:59 -03:00
Mark Tompsett
e08a0afa26 Bug 18956: Prevent leaking during password recovery
TEST PLAN
---------

It is assumed you have set the OpacResetPassword to 'allowed',
and likely in combination with OpacPasswordChange to 'Allowed'.

You will have two patrons: one with and another without
any email address entered. You will want to test this test plan
with both patrons.

$ git checkout -b bug_18956 origin/master

Prepend the following as understood between step sections:
opac -> forgot password and then enter...

correct login/cardnumber, it will email
delete from borrower_password_recovery;

correct email, it will email
delete from borrower_password_recovery;

correct login/cardnumber && correct email, it will email
delete from borrower_password_recovery;

wrong login/cardnumber && correct email, error page as expected
delete from borrower_password_recovery;

correct login/cardnumber && wrong email, error page as expected
delete from borrower_password_recovery;

wrong login/cardnumber && wrong email, error page as expected
delete from borrower_password_recovery;

submit empty -- INTERNAL SERVER ERROR?!
delete from borrower_password_recovery;

-- None of the above step sections displayed email.

correct login/cardnumber, it will email

correct login/cardnumber again, but it leaks email address!
delete from borrower_password_recovery;

correct email, it will email

correct email again, but it leaks login/cardnumber!
delete from borrower_password_recovery;

$ git bz apply 18956
-- choose interactive, and choose this counter patch.

repeat the same test set again
-- no leaks will occur, error message pages returned should
   be reasonable, code should read reasonably.

run koha qa test tools.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 10:59:05 -03:00
570eb40266 Bug 19333: Fix XSS in opac-shelves
category is send back to the template, it must be escaped

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 10:59:01 -03:00
e6b8e12391 Bug 17829: (follow-up) Move GetMember to Koha::Patron
Do not call method on $patron if there is no other reserves

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-26 15:42:48 -03:00
dafb678b0b Bug 12768: (follow-up) DBRev 17.06.00.019
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 16:51:28 -03:00
96a3ee5e06 Bug 19038: DBRev 17.06.00.022
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 16:50:34 -03:00
7d2cb42dce Bug 19461: Add floating toolbar to staff client catalog search results
This patch adds a floating toolbar to the staff client search results
page, making all the various controls visible as the user scrolls down.

To test, apply the patch and perform a catalog search in the staff
client.

- The toolbar should "stick" to the top of the page as you scroll down.
- Controls in the toolbar should all work correctly:

  - Select all / Clear all
  - Highlight / Unhighlight
  - Add to Cart
    - Cart notifications should be positioned correctly
  - Add to list (and all list menu controls)
  - Place hold (including controls which are visible when
    a "Search to hold" has been initiated
  - Z39.50/SRU search
  - Sort

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 16:12:53 -03:00
cffc99cbe5 Bug 19038: QA Followup - Hide barcode column by default (as syspref default is hide)
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 16:12:53 -03:00
e711c8e418 Bug 19038: Remove the OPACShowBarcode syspref
This patch removes the OPACShowBarcode syspref in favour of the new
columns settings option introduced by bug 16759.

On the upgrade step, it picks the value for OPACShowBarcode and uses it
to populate the columns_settings table.

To test:
- Verify the upgrade process maintains the current behaviour

Regards

Sponsored-by: Dover

Followed test plan and works as expected. Functionality of patch from bug 16759
appears intact too.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 16:12:46 -03:00
667c07e048 Bug 19529: Prevent NoIssuesChargeGuarantees.t to fail randomly
Use a categorycode != "X"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 13:16:53 -03:00
3bf15a5f04 Bug 17381: DBRev 17.06.00.021
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:42 -03:00
Marc Véron
8bb8decf01 Bug 17381: Add system preference SCOMainUserBlock
This patch adds a system preference SCOMainUserBlock to display custom HTML
on the self checkout page.

To test:
- Set up self checkout (see section Self Checkout in Circulaton sysprefs )
- Apply patch
- Update db
- Add some HTML system preference SCOMainUserBlock
- Go to sco page
- Verify that HTML displays on page (logged in and not logged in)

New version based on Koha.Preference TT plugin as of comment #7
Depends on Bug 12691

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:42 -03:00
c2b9b3f831 Bug 19028: DBRev 17.06.00.020
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:42 -03:00