Commit graph

30 commits

Author SHA1 Message Date
Andreas Roussos
f8ce3d88b1 Bug 20083: Information disclosure when (mis)using the MARC Preview feature
The MARC Preview feature in the Staff client (catalogue/showmarc.pl) does not
check whether a user is logged in or not. As a consequence, it can be used to
obtain information that would normally be available to logged-in users only.
For example, you can view any bibliographic record by passing a value to the
'id' argument, but you can also view records as they were imported (normally
done via the 'Staged MARC management' tool).

All three 17.11 installations currently listed at
https://wiki.koha-community.org/wiki/Koha_Demo_Installations
are affected by this issue, as demonstrated by the URLs below:

http://koha.adminkuhn.ch:8080/cgi-bin/koha/catalogue/showmarc.pl?importid=1&viewas=html
http://pro.demo1711-koha.test.biblibre.eu/cgi-bin/koha/catalogue/showmarc.pl?id=1000&viewas=html
https://staff-kohademo.equinoxinitiative.org/cgi-bin/koha/catalogue/showmarc.pl?id=1&viewas=html

It should be noted that this only applies to XSLT-enabled installations.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-04 15:40:07 -03:00
Zoe Bennett
cea818a56a Bug 19995: use Modern::Perl in Catalogue perl scripts
Test Plan:
- Check that it now says 'use Modern::Perl;' and not 'use strict; use
warnings;' in the following catalogue perl scripts.

MARCdetail.pl
export.pl
image.pl
imageviewer.pl
issuehistory.pl
labeledMARCdetail.pl
moredetail.pl
search.pl
showmarc.pl
updateitem.pl

Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-05 09:45:47 -03:00
Mark Tompsett
d5986c9b97 Bug 19040: Refactor GetMarcBiblio parameters
Change parameters to a hashref.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Looks good to me.
Two calls in migration_tools/22_to_30 still in old style.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:23:42 -03:00
Jonathan Druart
4d8dd344ae Bug 6520: Display items for staged record
When records are imported into Koha, the items is stored into the
import_items table.
This marcxml in this table is never retrieved to display items.

Test plan:
1/ Import a records with items
2/ Before importing the batch into the catalog, you can see the marc
of the records, in the table below.
3/ Verify that the items is correctly displayed.

QA note: This patch does not provide test for new subroutines but the
module (C4::ImportBatch) is not tested at all and it will be time
consuming to provide them.

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-16 13:40:46 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
142e6098a9 Bug 13151 - staff marc preview not wrapping
The MARC preview available on the staff client detail page doesn't wrap
long lines of text because it uses a huge block of whitespace-formatted
text in a <pre> tag. The OPAC doesn't have this problem because the MARC
preview is formated in a table.

This patch copies the OPAC's "plainMARC.xsl" file for use in the staff
client. The preview modal has been converted to use Bootstrap following
the method used in Bug 12755

To test, apply the patch and clear your browser cache. View the
detail page for a bibliographic record in the staff client. Click the
link to show the MARC preview. Confirm that the modal looks correct,
works correctly, and adapts gracefully to different browser widths.

Confirm that the MARC preview and Card links still work from Z39.50
searches.

Note: This patch assumes that UNIMARC records display correctly using
xslt/plainMARC.xsl. Please let me know if that is wrong.

Signed-off-by: Frederic Demians <f.demians@tamil.fr>

I confirm it works: nice modal dialog box; display aligned on opac display;
works also with Unimarc biblios.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-21 15:04:00 -03:00
5bcaa91001 Bug 13225: Z39.50 result Card View doesn't work for UNIMARC
This patch fix UNIMARC Card View on Z39.50 result page. The valid XSL was
there: UNIMARC_compact.xml, but were not selected (a regression). This patch
use themelanguage to access XSL file, anticipating a intranet new theme in
future.

TO TEST: Before applying this patch, do a Z39.50 search, and try to display a
biblio record card view: meaningless. Retry after applying this patch.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested in a UNIMARC installation, works as described.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-10 11:59:48 -03:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
Julian Maurice
a0c17a8c3a Bug 12237: Remove the "horrible hack" in C4::Templates
Use C4::Languages::getlanguage() instead of
C4::Templates::_current_language()

Test plan:
1/ Set one of the 4 XSLT sysprefs to 'default'
2/ Go to the corresponding page
3/ Switch language and check that the right XSLT is used
4/ Set the same syspref to something with '{langcode}' in it. For
example:
"../koha-tmpl/opac-tmpl/bootstrap/{langcode}/xslt/UNIMARCslim2OPACDetail.xsl"
5/ Go back to the corresponding page
6/ Switch language and check that the right XSLT is used
7/ Change a compact.xsl for a language (for example
koha-tmpl/intranet-tmpl/prog/fr-FR/xslt/compact.xsl) to be able to see
differences
8/ Go to a biblio detail page in staff interface and click on "MARC
Preview: Show"
9/ Close the popup, switch language and click again on the same link
10/ Check that the correct XSLT is used.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works as described following test plan.
No koha-qa errors

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
No problems found, passes tests and QA script.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-03 10:34:11 -03:00
3bcc032181 Bug 11826: Use XSLT handler object in showmarc, Record.pm
Modifies showmarc and opac-showmarc to use new XSLT handler.
Removes cardview.pl as obsolete script.
Modifies C4/Record.pm and a typo in the test Record.t.

Test plan:
[1] catalogue/showmarc: Go to Cataloging. Search. Click Card.
[2] opac-showmarc: Go to opac detail, MARC view.
    Open URL for plain view in new tab.
    Change URL: Change viewas=html to viewas=card
[3] Verify that there are no references in the codebase to cardview.pl
[4] C4/Record.pm: Run the Record.t test in db_dependent.
    This test uses marc2modsxml, triggering the change.
    Additional: export to MODS from opac-detail.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Views Ok. Test pass. No more cardview. No koha-qa errors

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-26 03:52:45 +00:00
d92dc91f77 Bug 11329: Check for MARC record existence in catalogue/showmarc
Intranet counterpart patch. Same check as in opac/opac-showmarc.

Test plan:
[1] Run showmarc.pl with valid biblionumber in id parameter.
[2] Remove id parameter from URL. You should get a 404 now.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Passes koha-qa.pl, works as advertised.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-17 15:27:39 +00:00
Colin Campbell
5b6f89714d Bug 9684 : Correct path to compact.xsl
When try to display card view of retrieved record
error occurred as compact.xsl could not be found
script was constructing path as though it was opac

Also added fallback to en version if no xsl file
found under current lang as done in opac-showmarc.pl

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Test plan:

* Set sys pref to use CCSR
* Do a Z39.50 Search
* Click 'card' on one of the results
* confirm that there is no error.

All test pass

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
I am astonished that opacthemes affects Z39.50 search in
staff so this might be fixing a bigger problem.

Checked that clicking on Card works for both themes now
correctly after I confirmed the bug.
Also all views in OPAC were checked for both themes.

All tests and QA script pass.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-27 07:08:13 -04:00
ff38060039 Bug 8872: Changes for intranet showmarc
Simplifies template (eliminating intranet-bottom include).
Makes encoding for card view more consistent with approach in Templates module.
Rearranges a few lines in script for consistency and performance.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Passed-QA-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-06 07:29:07 -05:00
Paul Poulain
b9d743a928 Merge remote-tracking branch 'origin/master' into new/bug_6679
Conflicts:
	catalogue/showmarc.pl
2011-12-08 10:08:44 +01:00
Chris Cormack
4a14e7dbe6 Bug 6679: catalogue/ now passing perl critic tests
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2011-12-08 10:05:48 +01:00
Chris Cormack
d50de1f040 Bug 6972 : Followup fixing bad indentation 2011-10-20 01:52:52 +13:00
Maxime Pelletier
030fe0570f Bug 6972: Hardcoded template paths to en in showmarc
Couldn't help but reformat the indentation a bit.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Card view works correctly in cataloguing search.
Plain view/labelled show correctly in OPAC.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Fixing merge conflict.
2011-10-20 01:48:52 +13:00
Chris Cormack
16f1fffdd1 Merge remote-tracking branch 'kc/new/bug_5616' into kcmaster 2011-10-19 16:45:41 +13:00
980d8fbed4 Bug 5616: UTF-8 problem in Card View / Follow up
Decode data only if needed.
Add instruction to use UTF8 in html header.
Force utf8 on output handle.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Umlauts and other diacritics in card view of z39.50 search are now
correctly displayed.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
  removed 2 commented lines

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-19 16:45:17 +13:00
Paul Poulain
ddbedbfc2f Bug 4330 : Adding some copyright BibLibre statements 2011-03-21 10:57:20 +13:00
Frédérick Capovilla
07731037ee Bug 5616: Corrects an utf-8 encoding problem in cardviews
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-02-08 21:18:50 +13:00
ce5e2429db fixing various links to point to *.koha-community.org
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-10-21 22:08:24 -04:00
Donovan Jones
b31b5f3620 Bug 2505 - Add commented use warnings where missing in the catalogue/ directory 2010-04-21 20:25:13 +12:00
Lars Wirzenius
034e2c1cbb Fix FSF address in directory catalogue/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:49 -04:00
Galen Charlton
083e8d9a06 remove superfluous retrieval of $ENV{'REMOTE_USER'}
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-12-05 16:03:43 -06:00
Ryan Higgins
5b1f566497 Remove acquisitions permission requirement on catalogue/showmarc.pl
This script is linked to from z39.50 search as well as acquisitions.
cataloguing/z3950_search.pl requires only the 'catalogue' flag, so
requiring only that permission here.  A user without acquisitions permissions
would get a login instead of the record display without this change.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-09-16 22:19:37 -05:00
Galen Charlton
a6c85e6002 bug 1986: fix card view in Z39.50 search results
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-04-01 06:46:07 -05:00
Ryan Higgins
d878a92b3d Add MARC preview to Z39.50 search.
Also, add title string to MARC editor.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-03-17 19:25:51 -05:00
Ryan Higgins
4b089e1eee updates to acqui - first of several commits
bug fixes to display and save publishercode and purchase order numbers.
use invoice number in place of parcel code
fix template apparently allowing user to modify biblio details on add/mod order
removing CGI scrolling_list

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-01-01 15:07:02 -06:00
Ryan Higgins
271aa9043d Adding MARC preview to acqui screens
Also cleaning up some missing params and language.
Add another js library: greyox (jquery derivative iiuc).

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-11-25 22:15:08 -06:00