Commit graph

2634 commits

Author SHA1 Message Date
Morgane Alonso
a1285ba9c0 Bug 12509 - Fix Untranslatable Restriction added by overdues process
Changes the value of the "comment" column in "borrower_debarments" table
from "Restriction added by overdues process yyyy-mm-dd hh:mm:ss" to
"OVERDUE_PROCESS yyyy-mm-dd hh:mm:ss" in the overdue_notices.pl. Then in
the templates "moremember.tt", "circulation.tt", "memberentrygen.tt",
"opac-reserve.tt" and "opac-user.tt" the value of "comment" is
check, if it's an automatical comment due to overdue process it'll
write "Restriction added by overdues process yyyy-mm-dd hh:mm:ss",
then if there is a customizable comment it will be written without
modification. Like this, the comment "Restriction added by overdues
process" is written in the po files and can be translated later.

To test:
1) create a patron with automatical restriction due to overdue process;
2) apply patch;
3) run misc/cronjobs/overdue_notices.pl;
4) verify if the comment "Restriction added by overdues process" is well
   written and translatable on the following page :
    - opac patron home page (opac-user.tt);
    - opac item reservation page (opac-reserve.tt);
    - pro patron page (moremember.tt);
    - reservation item for a patron (circulation.tt, memberentrygen.tt);
5) try to translate the comment in po files;
6) sign off.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-08 12:41:47 +00:00
62508428cd Bug 16651: Notes field blank for 952$z in opac-course-details.pl
This patch changes course reserves to check for item notes form the
course reserve and fallback to itemlevel notes if they are empty

To test:
1 - Enabvle course reserves
2 - Add some items
3 - Make sure the items have notes at the item level and not at course
reserves
4 - Notes don't display in staff or opac
5 - Apply patch
6 - Notes display in staff and opac
7 - Add notes at course reserves level
8 - These override the item level notes

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 13:57:33 +00:00
NguyenDuyTinh
e1d6974bff Bug 16705 - Add missing status to serials history in OPAC
The bug is related to 10851. Due to add of status in 10851, status added were
missing in opac-detail.tt and opac-full-serial-issues.tt. The patch just added
these missing status.

To test:
1) Create New subscription in Serials, in Intranet
2) Do a search of the new subscription by Title
3) Take Serial receive as Actions to edit the status to Missing (<something>)
4) Go to Opac and Search the subscription created, by its title and See missing status
5) Apply patch, status must be showed.
6) Sign off

Followed test plan, works as expected.
Amended to format commit title and message.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:58:32 +00:00
779fa7c6da Bug 16591: Fix CSRF in opac-memberentry
If an attacker can get an authenticated Koha user to visit their page
with the code below, they can update the victim's details to arbitrary
values.

Test plan:

Trigger
/cgi-bin/koha/opac-memberentry.pl?action=update&borrower_B_city=HACKED&borrower_firstname=KOHA&borrower_surname=test

=> Without this patch, the update will be done (or modification
request)
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Do some regression tests with this patch applied (Update patron infos)

QA note: I am not sure it's useful to create a digest of the DB pass,
but just in case...

Reported by Alex Middleton at Dionach.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:55:15 +00:00
574bff5c6f Bug 16680: (bug 13918 follow-up) Display library names for holds in transit
Regression introduced by bug 13918: the library names are not displayed
anymore for holds in transit.
They are 2 warns in the logs:
No method wbrname! at
/home/koha/src/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt
line 603.
No method wbrcd! at
/home/koha/src/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt
line 603.

Test plan:
Make sure you have holds in transit and go the opac-user.pl
In the "Holds" tab, you should see "Item in transit to LIBRARY NAME"

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:48:15 +00:00
Marc Véron
b6979db410 Bug 16563: Translatability: Issues in opac-account.tt (sentence splitting)
This patch removes splitting by <i>-tags from 2 sentences.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-10 17:46:49 +00:00
Marc Véron
6b432d2b21 Bug 16540 - Clean up opac-auth.tt for translatability
This patch fixes translatability issues in opac-auth.tt (ugly
translations caused by sentence splitting).

It was necessary to change indentation to make the the file more
readable and to make sure that changes have no side effects.

The changes do not touch the overall functionallity.

To test:
- Review code to verify that no functionality change is introduced
  and to verify that the text changes make sense.
- Apply patch, verify that OPAC login page behaves as before.

UPDATE: Amended for comment #10 / mv
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-10 17:44:27 +00:00
Marc Véron
593dee4ea0 Bug 16560: Translatability: Issues with "The entered " in opac-memberentry.tt
This patch fixes two splitted sentences to avoid translation issues:

The entered <a href="#borrower_cardnumber">card number</a> is the wrong length.
The entered <a href="#borrower_cardnumber">card number</a> is already in use.

To test:
Apply patch and verify that html in the 2 that are changed is correct and that
they are not splitted by a-tags.

Note: I could not figure out under which conditions this code displays in
      the OPAC self registration form.

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-10 17:37:56 +00:00
af59b66941 Bug 16465: Fix typo issues vs checkouts
Test plan:
Confirm the wording is correct

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-10 16:45:31 +00:00
27254de06d Bug 16465: discharge - Add a title tag at the OPAC
Test plan:
Confirm that the opac-discharge.pl has now a title

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-10 16:45:31 +00:00
Lari Taskula
7163fcfeea Bug 16200: Make 'Hold waiting too long' translatable and give it an unique accounttype
Holds that have expired have been untranslatable in Patron's Fines-tab. Also, they are
mixed with other type of fines with accounttype "F". This patch gives expired holds an
own accounttype "HE" (Hold Expired) and modifies the boraccount to recognize this new
accounttype in order to make it translatable.

To test:
1. Make a hold and let it expire
2. Go to Patron's Fines tab
3. Change Koha's language to some other than English
4. Observe that there is a "Hold waiting too long" fine described in English
5. Apply patch
6. Make another hold and let it expire
7. Update translations
8. Find "Hold waiting too long" from your .po file
9. Translate it and install translations
10. Go back to Fines tab and observe that the new expired hold is translated

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-31 08:50:36 +00:00
Chris Cormack
c47c835672 Bug 16597: Fix XSS in opac-shareshelf
To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone

Reported by
Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:14:03 +00:00
Chris Cormack
344033c324 Bug 16597: Fix XSS in opac-shelves.pl
To test
1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="><script>alert('XSS')</SCRIPT>
2/ Notice JS is executed
3/ Apply patch
4/ Notice it's fixed

This bug reported by

Alex Middleton at Dionach

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:14:03 +00:00
bb4543f7db Bug 16599: Fix other potentials XSS for shelfname
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:12:15 +00:00
a44a930c07 Bug 16599: Fix XSS in opac-shareshelf.pl
Test plan:
- Create a list with the name "<script>alert(1)</script>"
- On the shelf list, click on share
=> Without this patch you will see the JS alert
=> With this patch applied you won't see it

Reported by Kaybee at Dionach

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-30 11:12:15 +00:00
4e817ee04c Bug 16587 opac-sendshelf.pl is vulnerable to XSS
To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendshelf.pl?email=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&shelfid=4
2/ Notice you get a js alert
3/ Apply patch
4/ Notice the js is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-25 22:14:33 +00:00
05a014b766 Bug 16587 - opac-sendbasket.pl is open to XSS
To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendbasket.pl?email_add=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&bib_list=3

Where bib_list is a valid basket number
2/ Notice you get a javascript alert showing
3/ Apply patch
4/ Notice the text is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-25 22:14:33 +00:00
c7ca98c8d9 Bug 16516: Define the showListsUpdate JS function at the OPAC
Bug 12233 removes the declaration of the showListsUpdate JS function for
the OPAC.
It results in a JS error (ReferenceError: showListsUpdate is not
defined) when a user tries to add selected titles to a list if no title
is selected.

Test plan:
Launch a catalogue search
Select a list in the "Select titles to" dropdown list
=> Without this patch you will get the JS error
=> With this patch you will get a JS alert "No item was selected"

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:40:51 +00:00
Hector Castro
0073a0c3f8 Bug 16343: 7XX XSLT subfields displaying out of order
This patch respect previous css classes
.authordates and .relatorcode but also include .titleportion

.authordates {display: none;}
.titleportion {display: none;}
.relatorcode {display: none;}

To test:
- Stage the two record attached with titles:
  - Surface & coatings technology.
  - Women crime writers.
- Reindex zebra (necessary to Opac and Itranet results)
- Leave empty the OPACUserCSS and IntranetUserCSS sysprefs
- Go to the new records in OPAC and Intranet detail page
- See the wrong display of dates
- Apply patch and refresh the page
- Test in OPACUserCSS and IntranetUserCSS the css stated before
- Play deleting or adding the classes
- Test with multiple records with 700 (with and without dates, etc;
  710 and 711)

NOTE: dates in 710 and 711 can be hidden with .titleportion class;
dates in this kind of heading go with another data for example:
Catholic Church. Plenary Council of Baltimore (2nd : 1866)
Patch rebased some typos fixed in comments

Signed-off-by: Dani Elder <danielle@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:24:12 +00:00
3c80b7c19e Bug 16478: Fix checkout history tabs - intranet
Test plan:
Same as before for the intranet.
And please retest the OPAC => I have changed the filter's values to
match OPAC/intranet

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:22:04 +00:00
Marc Véron
64c28e5c72 Bug 16478: Translation breaks display of Checkout history in tab Checks / On-site-checkouts
To test:
- Make sure that syspref OnsiteCheckouts is enabled
- Log in to OPAC as a patron who has checkouts, online checkouts and checkout history enabled
- Go to 'your reading history' (in English)
- Display all three tabs
- Apply patch
- Reload page, display oll three tabs again, there should be no difference
- Examine source code changes to verify that the words 'checkout' and 'onsite' no longer
  will be exposed to translation.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-23 17:22:04 +00:00
Marc Véron
b3dfe0c194 Bug 16471: Translatability: Fix issues in opac-password-recovery.tt
This patch fixes issues with the translatability of opac-password-recovery.tt

To test:
- Apply patch
- Verify that text changes make sense.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-16 17:45:13 +00:00
Jesse Weaver
bc707baf02 Bug 15816: Redirect back to correct page after login
This uses a hacky but simple method to get the correct script name under
proxied packaged Plack.

Test plan:
  1) Log out of both the OPAC and staff side.
  2) Try to access a page that requires login (opac-reserve.pl is a
good one for the OPAC), then log in.
  3) You will be redirected back to mainpage.pl or opac-user.pl.
  4) Repeat above for both staff side and OPAC.
  5) Apply patch.
  6) Repeat steps 1-4; you should be redirected back to the original
     page you were on.
  7) Repeat the above for both a traditional CGI and kohadevbox/package
     Plack installation.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-13 12:38:14 +00:00
3f0a1f0c7f Bug 16473: Fix typo "an problem" vs "a problem"
Test plan:
Confirm the wording is correct

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
2016-05-12 16:21:52 -06:00
Marc Véron
a07db3537d Bug 15823: Redirect opac-discharge.pl to 404 page
See comment #17: Redirect to 404 in opac-discharge.pl and remove
message in template because with the redirect it will never be
reached.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-06 04:20:48 +00:00
Aleisha
853d3cfe4d Bug 15823: Can still access patron discharge slip without having the syspref on
EDIT: Fix for OPAC side
EDIT: Comment 10
EDIT: Merge conflicts

To test:
1) Ensure syspref useDischarge is disabled
2) Go to /cgi-bin/koha/members/discharge.pl?borrowernumber=X&discharge=1
3) Validate that you are still able to generate a discharge slip for this patron
4) Apply patch and refresh page
5) Confirm that you are redirected to the circulation.pl page for the user and that an error message is there.
OPAC SIDE
6) Go to the OPAC
7) Go to /cgi-bin/koha/opac-discharge.pl
8) Confirm you get a message saying discharges are disabled
9) Go to /cgi-bin/koha/opac-discharge.pl?op=request
10) Confirm you see same message

Sponsored-by: Catalyst IT

Followed test plan, works as expected (both staff client and OPAC).
Re-tested, works OK.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-05-06 04:20:48 +00:00
67f91f24e5 Bug 16315 - OPAC Shelfbrowser doesn't display the full title
This patch adds subtitle information to the display of titles in the
OPAC's shelf browser.

To test, apply the patch and make sure OPACShelfBrowser is enabled.

- View the detail page for any title in the OPAC which has items.
- Click the "Browse shelf" link next to any item in the holdings table.
- The titles in the shelf browser should display with all subtitle
  information as defined in Keywords to MARC mapping.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Adding 245a and c as 'subtitle' in Keywords to Marc make them
show on shelf browser.
No errors.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-05-05 18:28:16 +00:00
e71dd6fdc2 Bug 12528: Bug 9254: Followup - Rename pref to EnhancedMessagingPreferencesOPAC
If the new pref is named EnhancedMessagingPreferencesOPAC, it will show
up adjacent to EnhancedMessagingPreferences

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 17:54:10 +00:00
Bouzid Fergani
aa14476ebc Bug 12528 - Enable staff to deny message setting access to patrons on the OPAC
- Change the preference Enhancedmessagingpreference description.
  - Enable default EnhancedMessagingPreferences and OPACEnhancedMessagingPreferences.
  - not sent e-mail it's necessary, when user call opac-messaging.pl directly..

Testing:

I Apply the patch
II Run updatedatabase.pl

0) Search OPACEnhancedMessagingPreferences preference;
1) Validate "OPACEnhancedMessagingPreferences show patron messaging
   setting on the OPAC (NOTE: EnhancedMessagingPreferences must be
   enabled).";

2) Disable OPACEnhancedMessagingPreferences preference;
3) Enable EnhancedMessagingPreferences preference;
4) On the OPAC -> user's settings, validate "your messaging" is not
   showed.

Signed-off-by: Frederic Demians <f.demians@tamil.fr>
  Works as expected. With the new syspref, patrons can be forbidden to
  modify themselves their own messaging preferences.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Also, I like sysprefs
http://www.quickmeme.com/img/d9/d99723bc544e8d33572dc92f242a6f6e2dbe0126a2e35fe3de073d30d62002e6.jpg

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 17:54:09 +00:00
Hector Castro
c01bb7dfca Bug 16340: JS variable in opac-bottom.inc is declared two times
MSG_NO_RECORD_SELECTED declared two times

To test: Go to cart and list (virtual shelves) in OPAC and
verify if those pages work as expected

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 16:20:11 +00:00
Marc Véron
e297342f52 Bug 16270 (followup) Typo authentification vs authentication
Additionally fix typo in following files:
koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/opac.pref
koha-tmpl/opac-tmpl/bootstrap/en/modules/errors/errorpage.tt

To test: Apply patch, verify in files that authentification is
         replaced by authentication

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 14:44:26 +00:00
85e7d186ec Bug 16167: Remove Authorised value images prefs
There are 2 prefs to drive this feature: StaffAuthorisedValueImages and
AuthorisedValueImages. AuthorisedValueImages is not added by
sysprefs.sql and does not appear in updatedatabase.pl, we could easily
imagine that nobody uses it.

With XSLT enabled, the feature is only visible on a record detail page
at the OPAC, if AuthorisedValueImages is set. Otherwise you need to turn
the XSLT off. In this case you will see the images on the result list
(OPAC+Staff interfaces) and OPAC detail page, but not the Staff detail
page.

This patch suggests to remove completely this feature as it does not
work correctly.

The ability to assign an image to an authorised value is now always
displayed, but the image will only be displayed on the advanced search
if defined.

Test plan:
Confirm that the authorised value images are no longer visible at the
opac and the staff interfaces.
The prefs should have been removed too.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 13:59:58 +00:00
Marc Véron
5c0d28db88 Bug 15918: (followup) Correct comment in koha-tmpl/opac-tmpl/bootstrap/js/datatables.js
This followup changes comment in koha-tmpl/opac-tmpl/bootstrap/js/datatables.js line 3 to
MSG_DT_* variables comes from datatables.inc

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 13:33:06 +00:00
Mark Tompsett
567c99442f Bug 14305: RSS message correction follow-up
If a user is not logged in but requests a specific branch,
the RSS feed message fails to mention the branch.

TEST PLAN
---------
1) Apply first patch
2) go to OPAC's opac-main.pl?branch={some branch with specific news}
   -- notice bad RSS message
3) Apply this patch
4) Repeat step 2
   -- notice branch is properly shown.
5) koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 12:44:08 +00:00
Martin Persson
497cd04df0 Bug 14305: View arbitrary branch's news, RSS fix
This fix changes the RSS link to reflect the URL paramter override.

This is less elegant than the existing solution which uses the
Branches TT module, perhaps there is a better way?

Sponsored-By: Halland County Library

Test plan:
* Follow instructions in the original patch but also check the
  URLs and contents of the RSS link at the bottom the OPAC page.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 12:44:07 +00:00
60b3572894 Bug 16283: [QA Follow-up] Remove case sensitive message
The message on opac-memberentry does no longer apply.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 11:55:07 +00:00
b87af43c47 Bug 15533 [QA Followup] - All itemtypes for all items showing in OPAC multi-hold
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 10:26:05 +00:00
cc77269694 Bug 15533 [QA Followup] - Add a system preference
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 10:26:04 +00:00
fc81ee5004 Bug 15533 - Allow patrons and librarians to select itemtype when placing hold
Some libraries would like the ability to select the itemtype to request
when placing holds. For example, if a record has 3 copies of BookA and 3
copies of BookA in large print, this feature would allow a person to
place a hold on the record, but still be able to target only the Large
Print edition so that the first Large Print copy that becomes available
is targeted, rather than forcing the patron to select a particular copy
to hold.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Create a record with items of two or more itemtypes
4) Place a record level hold on the record while choosing one particular
   itemtype
5) Check in an item from the record that is not of that itemtype
6) Notee it is not trapped for the hold
7) Check in an item from the record that does match the selected itemtype
8) Note the item is trapped for the hold

Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 10:26:03 +00:00
7354547ce3 Bug 16328: follow-up for bug 15044 - Fix datatable error
Bug 15044 added a new column to the suggestion table at the OPAC but
forgot to modify the DT params.

Test plan:
The suggestion table at the OPAC should not be broken with this patch.

NOTE: Sorting was broken prior to patch.
      Sorting was fixed after patch.
      The added null causes the field count to match up properly.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 16:46:18 +00:00
29842429ee Bug 16220 [Compiled CSS] The view tabs on opac-detail.pl are not responsive
This patch updates the compiled CSS file with changes made in the
previous patch to the LESS files.

To test, apply both patches and clear your browser cache if necessary.

- View the bibliographic detail page for any record in the OPAC
- Confirm that the style of the "Normal," "MARC," and "ISBD" links looks
  correct.
- Resize your browser to various widths, including very narrow widths.
  Confirm that the links work well at all sizes.
- Repeat the test for each view, normal, MARC, and ISBD.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-22 23:02:49 +00:00
0fcbf1efe1 Bug 16220 - The view tabs on opac-detail.pl are not responsive
When looking at the detail page for a bibliographic record, there are
tabs linking to the "Normal," "MARC," and "ISBD" views. These tabs need
to be styled responsively so that they work well at all browser widths.

This patch makes some slight markup changes to the templates and updates
the LESS files to add responsive styling.

This patch does not include the compiled CSS file, so the follow-up is
required to test the visual changes.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-22 23:02:49 +00:00
Chris Cormack
e60182c2f0 Bug 16233 Unclosed <strong> in opac-facets.inc
To test:
1/ Do a search in the OPAC
2/ Restrict to only available items
3/ Notice the authors now appear bold
4/ Apply patch
5/ Refresh the page
6/ Authors should now look normal again

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-22 22:54:56 +00:00
6dce6f171d Bug 12663: (QA followup)
Insert SCOUserCSS/JS 'after' OPACUserCSS/JS rather than 'instead of'
    i.e. Remove IF/ELSE and use 2 IF

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-22 00:57:44 +00:00
e476be5568 Bug 12663 - SCOUserCSS and SCOUserJS ignored on selfcheck login page
Currently if not logged in when browsing to
http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl
You are redirected to opac-auth.tt and SCOUserCSS and SCOUserJS are not
loaded. This page passes through a parameter to the template to indicate
this is an SCO login and appropriate CSS and JS should be loaded.

Additionally this patch ensure that when loggin in using the form you
are redirected to the sco-main.pl instead of the patron account page for
the user.

To test:
1 - Verify that normal login works on both staff and opac
2 - Verify that SCO link goes to login page if AutoSelfCheckAllowed is
set to "Don't allow"
3 - Enter changes into SCOUserJS and SCOUserCSS and observe these are
present on SCO log in page with AutoSelfCheck disabled
4 - Verify that a logged in opac user without permissions cannot access
the self-checkout module
5 - Verify that AutoSelfCheckAllowed and associated system preferences
function as expected
6 - Verify the AutoSelfCheck user is logged out if they attempt to visit
another page

Followed test plan.
If I go to http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl, CSS and JS trigger already on
the login form, I suppose that is intended.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-22 00:57:44 +00:00
d496d03e8a [SIGNED-OFF] Bug 16210: Revert OPAC changes from Bug 15111
This patch reverts the changes made at the OPAC from the following
patches:

Do not include the antiClickjack legacy browser trick for greybox"

Revert "Bug 15111: Do not include the antiClickjack legacy browser trick for greybox"
This reverts commit fc640d2a86.

Revert "Bug 15111: Change X-Frame-Options with SAMEORIGIN"
This reverts commit fb167c0e4b.

Revert "Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks"
This reverts commit dc03bca76c.

Setting X-Frame-Options to SAMEORIGIN is enough for mordern browsers:
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

The antiClickjack trick should be removed at the OPAC as we want to keep
the OPAC usable even if the user has disabled JS.
That means the OPAC will be vulnerable to XFS if a user is navigating
with a prehistoric browser:
Firefox 3.6.9 September 2010
IE 8    March 2008
Opera 10.5  March 2010
Safari 4  February 2009
Chrome 4.1.…  somewhen 2010

Test plan:
Confirm that there are no regression of bug 15111 with modern browsers

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-04-20 16:06:31 +00:00
b64e6be1c4 Bug 16157: Move the selected flag from GetAuthorisedValues to the templates
From C4::Koha::GetAuthorisedValues

    # TODO: the "selected" feature should be replaced by a utility function
    # somewhere else, it doesn't belong in here. For starters it makes
    # caching much more complicated. Or just let the UI logic handle it, it's
    # what it's for.

Indeed, it's not a job for a subroutine, the template should take care of that.
Note that a perf gain could be won with this patch \o/

Test plan:
- Edit an itemtype and check the value of the "Search category" dropdown list
- Edit a patron attribute type and check the value of the "Class" dropdown list
- Detail for a catalogue record, the Status column should be correctly
  populated if items are damaged and/or lost
- Item details for a catalogue record, the lost, damaged and withdrawn
  value should be correctly displayed
- Edit a patron, the "street type" should be correctly selected
- Create a patron attribute type linked to an authorised value list.
- Edit a patron, set a value for this attribute, edit it again. The
  correct value should be selected.
- Search for subscriptions. The 'Location' dropdown list should behave
  correctly (select the entry you have choosen before, etc.)
- Edit a subscription, the location dropdown list should select the
  correct value.
- Edit and view a suggestion with a 'reason for suggestion' set (you
  should have at least 1 OPAC_SUG AV defined)

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-04-07 00:16:09 +00:00
Alex Arnaud
c2f92f68d8 Bug 16171 - Show many media in html5media tabs
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-06 22:11:32 +00:00
Mark Tompsett
e22e5c74af Bug 10988: Tabs vs Spaces qa failure patch
Run Koha QA Test tools and discovered this failed because of tabs.
Rather than fail this and wait forever for it to get fixed, this
patches it, and I'll mark it as signed off anyways.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:36 +00:00
Nicholas van Oudtshoorn
722a098eac Bug 10988 - Fixes for comments 57 and 58
Test Plan (remains the same):
     0) Back up your database
     1) Apply all these patches
     2) In your mysql client use your Koha database and execute:
        > DELETE FROM systempreferences;
        > SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
        -- Should be no errors.
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see 4 entries.
        > QUIT;
     3) Restore your database
     4) Run ./installer/data/mysql/updatedatabase.pl;
     5) In your mysql client use your Koha database and execute:
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see the same 4 entries.
     6) Log into the staff client
     7) Home -> Koha administration -> Global system preferences
     8) -> OPAC
        -- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
     9) -> Administration
        -- There should be a 'Google OAuth2' section with the ability
           to set those 4 system preferences.
    10) In a new tab, go to https://console.developers.google.com/project
    11) Click 'Create Project'
    12) Type in a project name that won't freak users out, like your
        library name (e.g. South Pole Library).
    13) Click the 'Create' button.
    14) Click the 'APIs & auth' in the left frame.
    15) Click 'Credentials'
    16) Click 'Create new Client ID'
    17) Select 'Web application' and click 'Configure consent screen'.
    18) Select the Email Address.
    19) Put it a meaningful string into the Product Name
        (e.g. South Pole Library Authentication)
    20) Fill in the other fields as desired (or not)
    21) Click 'Save'
    22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
        (http://library.yourDNS.org)
    23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
        googleoauth2 script
        (http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleopenidconnect)
    24) Click 'Create Client ID'
    25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
        system preference.
    26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
        system preference.
    27) Change the GoogleOpenIDConnect preference to 'Use'.
    28) Click 'Save all Administration preferences'
    29) In the OPAC, click 'Log in to your account'.
        -- You should get a confirmation request, if you are
            already logged in, OR a login screen if you are not.
        -- You need to have the primary email address set to one
           authenticated by Google in order to log in.
    30) Run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:35 +00:00