This patch updates notices and slips templates to use Bootstrap grids
instead of YUI.
This patch also removes obsolete "text/css" attributes from <style> tags
in the modified templates.
To test, apply the patch and go to Tools -> Notices and slips. Test that
these pages look correct and adujst well to various browser widths.
- The main page listing notices and slips
- The add/edit form
- The notice preview modal available when editing CHECKIN, CHECKOUT and
HOLD_SLIP.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch makes changes to the form for adding and editing notices, and
to the template for viewing a rendered preview of notices.
- Preview now shows side-by-side comparisons
- JavaScript has been movied out of template into separate file
- Validation of the add/edit form improved through use of validation
plugin
To test, apply the patch on top of those for Bug 17981
- Add a new notice.
- Confirm that the form can't be submitted without data in the "code"
and "name" fields.
- Confirm that the form can't be submitted without filling in at least
one message template (subject and body).
- Confirm that you cannot submit the form while using an
existing notice code.
- Follow Bug 17981's test plan for testing the preview function.
Confirm that the preview loads correctly and looks correct.
- Test both with old syntax messages which require conversion and
messages in template-toolkit syntax.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed conflicts caused by bug 20538.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch is a first step to provide a preview mode for notice
templates.
CHECKIN, CHECKOUT and HOLD_SLIP are supported so far.
Maybe more, but I have not tested yet and the interface will not allow
you to generate the preview.
The idea is to provide an idea of how will render the messages generated
from a notice template.
A new "Preview" button is added close to each textarea on the editing
notice templates view.
For each notice template code (letter_code), we will need some input
data to produce the preview.
For instance, for CHECKIN we need an barcode. From the barcode we
can guess all the other data.
For CHECKOUT we will need the borrowernumber and the barcode.
Note that the way to enter the data for the preview is not really
user-friendly, for CHECKOUT you will have to fill
'borrowernumber|barcode', but the placeholder will help you to know how
and what to fill.
In the modal window, you will see 4 blocks:
1/ the content of the letter (with the placeholds << >>)
2/ the generated message (with the data filled)
3/ if the letter contained historical syntax markers, the screen will
try to generate a notice template using the TT syntax
4/ the generated message from this TT syntax
=> You will be able to compare the 2 generated messages.
What is the goal of this first patchset:
- Show this first POC and get feedback from other developpers
- Add a way to easily visualise the differences between the 2 syntaxes
- Confort users with the TT syntax and the migration step from the
historical syntax.
I'd like to get opinions before going further.
The possibilities:
- Mock data to get fully working generated messages for any notice
templates. For instance, for CHECKIN and CHECKOUT, the item is not
checked in/out yet. So we cannot access the issue's information.
(I have no idea how to do that)
- Browse the data to get the ones we want to use for the preview (big).
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
