It was correctly pointed out that opac-showmarc would leak
the same way as catalogue/showmarc.pl, and so this patch
moves the authentication step up to the top where it
should be so as to prevent inappropriate data leaks.
TEST PLAN
---------
1) Set your OpacPublic system preference to Disabled
2) Open your OPAC and login
3) Find a biblio with items
4) Go to the opac details, particularly MARC view.
5) Copy the "view plain" shortcut link.
6) log out.
7) Paste the link into the address bar.
-- the information will leak!
8) apply the patch
9) restart_all
10) Refresh the OPAC link
-- log in screen will appear.
11) run koha qa test tools
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch introduces two methods to be used by plugin authors:
->output
->output_html
They are basically wrappers for the helper methods from C4::Output
(output_html_with_http_headers and output_with_http_headers).
Plugin authors can use them, or keep the current flexibility of handling
the headers themselves in their code.
The KitchenSink plugin should be updated to highlight this.
To test:
- Run:
$ kshell
k$ prove t/db_dependent/Plugins.t
=> FAIL: The methods are not implemented
- Apply this patch
- Run:
k$ prove t/db_dependent/Plugins.t
=> SUCCESS: Tests pass, and they are meaningful
- Sign off :-D
Sponsored-by: ByWater Solutions
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Syntax issue, can be squashed on pushing.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Here we are, no more occurrences of GetPendingIssues, we can remove the
tests and subroutine \o/
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Sounds like we do not need related fields or 'overdue' flag here.
No idea how to confirm there is no regression here.
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Same as previously, we do not need all the prefetched values here, just
a few.
Test plan:
Use the self checkout module to check some items out
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
At first glance we just need the biblio title and the subtitle (in
addition of the fines info), we should not need the prefetch.
Test plan:
Loggin at the OPAC, on the summary page you should see your checkouts
and overdues with the correct values
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We only need the biblio title and the barcode, we should not need the
whole prefetch.
Test plan:
On your OPAC summary page export your checkout list using the
"Download as iCal/.ics file" link.
Before and after the patchset, the generated files must be the same
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We are in the notices part, so we need to fetch all the data to avoid
regressions.
Test plan:
Print a summary slip before and after this patch.
They must be the same
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Same as previously, we just want Koha::Patron->checkouts->count to know
if a patron has checkouts.
Test plan:
Confirm that you cannot delete a patron's card if they have pending checkouts
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We should actually use Koha::Patron->checkouts here to avoid the
prefetch.
Test plan:
A patron with checkouts cannot get a discharge
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Here we should only access to what we want in the template, but let do
it as it for now.
Test plan:
Hit
/cgi-bin/koha/ilsdi.pl?service=GetPatronInfo&patron_id=542&show_contact=0&show_loans=1
With 42 a borrowernumber with checkouts
Before and after these patches the XML must be the same
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Luckily we have a good test coverage here!
Test plan:
Print issue slips before and after these patches (with overdues, etc.)
They should be the same.
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To move this subroutine out of the C4 namespace we face the same
problematic as bug 17553 (with GetOverduesForPatron).
We need to provide an equivalent method and so return all the related
value for a given checkout.
We can acchieve the easily using Koha::Object->unblessed_all_relateds,
but we need to keep in mind that it is a temporary move.
Indeed we will want to use our API to only access/retrive values we really need.
The whole trick could be removed when the current syntax for notices
will be deprecated and removed.
Note: this method returns the same number of elements than ->checkouts
They indeed returns the same things, but it sounds better to me to have a
different method to highlight (from the callers) where does it come
from (C4::Members::GetPendingIssues).
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
With the help of Koha::Object->unblessed_all_relateds we are going to
replace GetOverduesForPatron without introducing regressions (hopefully)
on both template notice syntaxes.
Test plan:
0/ Do not apply any patches
1/ Check some items in to a given patron, with and without overdues.
2/ Print the overdues slip (Circulation module > Print > Print overdues)
3/ Apply these patches
4/ Print again and compare the result
=> The 2 generated slips must be exactly the same
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In order to refactor our legacy code step-by-step, we will need to
provide code with the exact same behaviors and then improve it.
The same idea appears for the TT syntax for notices: we will want to
deprecate the existing syntax in order to support only one syntax.
Currently we fetch all the values from the related tables, without
knowing which are actually used.
I am suggestion to introduce a Koha::Object->unblessed_all_relateds
method which will return a hash containing all the fields from the
related tables (with the problems we know: collision in column names).
It is the existing behavior of GetOverduesForPatron and GetPendingIssues
for instance, they are used to send notices and so we have to provide
all the data needed.
See dependent bugs to understand the context and test this patch.
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plans :
- "beforepatch.png" shows the result you get when OpacNavRight and opacnav are set to false.
- "opacuserlogin=f_opacnav=f.png" shows the result with the patch and OpacNavRight and opacnav set to false
- "opacuserlogin=t_opacnav=f.png" shows the result with the patch and OpacNavRight set to true and opacnav set to false
Applied patch, can confirm it functions as expected.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Dominic Pichette <dominic@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch replaces one more instance of [% IF ( numbersphr ) %].
To test, apply the patch and view the source of the OPAC home page.
With the OPACNumbersPreferPhrase system preference set to 'use,' you
should find this in the HTML source:
<option value="callnum,phr">Call number</option>
With the preference set to 'don't use,' you should find this:
<option value="callnum">Call number</option>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test Case
1) Check that the following files have been changed properly.
opac/opac-search.pl
opac/opac-main.pl
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt
2)Apply bug
3) Check that there are no differences in behaviour as a result of the patch.
Signed-off-by: Roch D'Amour <roch.damour@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1 - Apply patches
2 - Upgrade database
3 - Check the staff client login page, should be no change
4 - Add something to the preferene
5 - It should appear on the login page
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
prove -v t/db_dependent/Koha/Reports.t
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Maksim Sen <maksim.sen@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The first patch makes Hold.t fail on:
not ok 8 - Hold is suspended with a date, truncation takes place automatically
Failed test 'Hold is suspended with a date, truncation takes place automatically'
at Hold.t line 94.
got: '2018-03-22'
expected: '2018-03-22T00:00:00'
We could remove the midnight time there, but we also could replace ymd by
datetime. The cpan doc tells us:
Same as $dt->ymd('-') . 'T' . $dt->hms(':')
Test plan:
With this patch, run Hold.t again. It should pass now.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When a hold is suspended, 'suspend_until' is represented as a DateTime object, complete with locale. All told, this is about 800 lines of text.
Test Plan:
1) Enable the HoldsLog syspref
2) Add a hold on a record/item
3) Suspend the hold with a date to resume
4) Note the massive amount of date in the suspend_until field
5) Apply this patch
6) Suspend another hold with a date to resume
7) Note the log has an acutal date in the suspend_until field
Check the logs using module 'Holds' and Action 'Suspend'
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Should be sufficient to read code and see all lines were commented and
that this patch removes useless lines
To be thorough, ensure that your can add an order to a basket and add a
biblio.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1 - Add a course (Course Reserves)
2 - Add an item to the course
3 - Ensure to change the holding branch for the course reserve
4 - Modify the course item
5 - Note the dropdwn for holding branch is unset
6 - Apply patch
7 - Modify the course item
8 - Dropdown should be correctly populated
Signed-off-by: Maksim Sen <maksim.sen@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test Plan:
1) Enable EasyAnalytics
2) Disable QueryAutoTruncate
3) Create an analytic record, add some host items to it
4) Browser to the analytics tab for the record
5) Click the link in the 'used in' column of the table
6) No search results
7) Apply this patch
8) Reload the page, now you get the analytic record!
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
0) Confirm that email validation is not working in add/edit patron form
1) Apply the patch
2) Edit/add patron, the e-mail validation should be working now
3) Ensure the password validation is still working (use test plan from
bug 19908)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This has been done on bug 9509 when barcodes are scaned, but not when using a text file.
Test plan (stolen from Barton on the bug report):
1) Create a text file containing duplicate barcodes
Here's a quick way to do that, substitute INSTANCE for the instance name of your test server:
sudo koha-mysql INSTANCE <<< "select barcode from items where barcode is not null limit 3" | sed '1d;p' > /tmp/dup_barcodes.txt
2) Go to Home › Tools › Batch item deletion
3) Click 'Choose File', select the file you created in step 1.
4) Click 'Continue'
5) Note that duplicate items appear in the list of items to batch delete
6) Check 'Delete records if no items remain'
7) This will trigger a software error
Note that entering the barcodes via the 'scan items one by one' text box removes duplicates in the list, so this only causes problems when uploading a file.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When you want to merge invoices you have a page with a non editable
field 'Invoice number:' it shows the content of the first invoice to be
merged.
But if you validate by clicking the 'merge' button you arrive on the
next page which says that 'Invoice has been modified' and if you quit
this page without saving you have now a merged invoice without Invoice
number.
This tiny patch just prevents this issue to occur.
Test plan :
1° go to the acqui/invoices.pl page and search invoices to merge.
You must have at least 2 invoices on the same vendor
2° check boxes to select invoices to merge and click on 'merge selected
invoices' button
3° next page you see the non editable field 'Invoice number:'
4° click on the 'merge' button
5° next page you see 'Invoice has been modified'
6° leave this page i.e click on the left link 'Invoices'
7° search invoices you'll see the merged invoice without invoice number.
Apply the patch, replay the steps 1 to 3
4° on this page you can enter your invoice number and click on the
'merge' button.
If you leave this field empty and click merge, a message informs you
that it is required and you can not merge.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
