Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the staff client label creator templates so that
JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of
each modified template: All button controls, DataTables functionality,
form validation, etc.
This patch also modifies the templates to use the Bootstrap grid instead
of YUI, and removes obsolete "text/javascript" attributes from
<script> tags and "text/css" attributes from <style> tags in the
modified templates.
To test, apply the patch and test the following interactions:
- Creating and managing layouts
- Creating and managing batches
- Creating and managing templates
- Creating and managing printer profiles
- Creating quick spine labels
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes event attributes from several tool-related templates.
Events are defined instead in the JavaScript.
To test, apply the patch and:
- Go to Tools -> Label creator -> Manage -> Layouts and edit any layout.
- In the "Font" setting, choose any font which includes the word
"italic" or "oblique" in the name. Doing so should disable the
"Oblique title" checkbox.
- Go to Tools -> Batch patron deletion/anonymization.
- Submit the form without making any changes. You should be prompted
to select an action.
- Go to Tools -> Inventory.
- Select a batch of barcodes to upload.
- Submit the form without selecting any filters. This should trigger a
warning.
- Also changed: Added Font Awesome icons to the "Select all" and
"Clear all" links on the inventory results view.
- Go to Tools -> Notices and Slips.
- Click "New notice"
- Change the selection under "Koha module." The page should reload
with the correct available message body fields. For instance,
selecting "Holds" should make available reserves.* columns.
- Go to Tools -> Upload.
- In the search form, enter a search term and click the 'Search'
button. The form should submit.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised. Event attributes removed
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
The label creator had a very sad sidebar, it needed to have the Tools area sidebar on it.
To test:
Click through all "New" pages, verify that the sidebar appears
Click through all "Manage" pages, verify that the sidebar appears.
Also verify that "Label creator" is bolded in the toolbar while the label creator is active.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Sidebar displayed Ok. No errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the UI show 'New' instead of 'Create' so it matches
the buttons, and the common practice on the UI.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the page title and breadcrumbs more consistent.
It does so by removing some text (Manage...) and using Edit (id) and Create
on building both the breadcrumbs and titles.
To test:
- Traverse all the Label creator options
=> FAIL: the texts are not consistent and don't match what we use in the patron card creator.
- Apply the patch
=> SUCCESS: Terminology is consistent, titles and breadcrumbs show the same information
- Sign off :-D
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a checkbox on Label creator
to use or not an oblique variant of main font
for title
Also fix font selection for title in case an
oblique variant is used.
To test:
Before patch
1) Go to Tools > Label creator
2) Create a new layout, default values but select
any 'Oblique' variant for main font and
'Biblio/Barcode' for layout type
3) Go to Manage batches, create a batch, add items,
export PDF, download
4) Check logs, you must find a line with
'ERROR in koha-conf.xml -- missing <font type="COO">'
for example if main font Courier-Oblique
5) Open PDF, title could be right but not using selected font
After patch
6) Apply the patch
7) Run updatedatabase.pl
8) Repeat 1-2, note new checkbox 'Oblique title',
default checked
9) Repeat export, no new warnings on log
10) Create a new layout or edit an existent one,
uncheck 'Oblique title', save, export again
Check PDF has non slanted title
Followed test plan, works as expected. (See comment #11).
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The tool is documented and accessed (via Tools >) as 'Label creator'. But the
pages titles say 'Labels' and the breadcumbs 'Labels home'. It should be called
'Label creator' for consistency. This patch changes the tt files so they are
consistent.
It also makes the title show the same page name as the breadcumbs.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Note: It would be good to adopt these same changes in the Patron Card creator for consistency and push
them in conjunction with these changes. -Chris_n
Reasoning
Librarians will be doing label things in the following frequencies, from most frequent to least frequent:
1. Creating new label batches - every day/every few days
2. Managing existing label batches - every day/every few days
3. Managing existing label layouts - as needed, infrequent
5. Managing existing label templates - as needed, infrequent
6. Creating new label layouts - as needed, infrequent
7. Creating new label templates - as needed, infrequent
8. Managing existing printer profiles - possibly once only!
9. Creating new printer profiles - possibly once only!
This change to the label creator aims to make the most frequently used items easily accessible at the top of the main area,
reduces clutter on the page, and makes the label creator fall in line with UI paradigms found elsewhere in Koha.
To test:
Open the label creator: More -> Tools -> Label creator
Note that the toolbar has changed. It should be consistent across all of the label creator (it is an include).
+ New menu:
Label batch
1. make sure it looks ok - toolbar buttons are consistent at the top of the main block.
2. add items both by barcode, and by search (note this patch does not touch the pop up window. Another day.)
3. note that the usual buttons have moved below the textarea, and now have icons.
4. delete and export single items using the buttons corresponding to each item
5. select multiple and use the buttons above the table to remove and export selected items
6. export a full batch
7. deduplicate a batch
There should be no regressions in functionality.
Layout
1. This menu item should take you directly to the "Edit layout" screen.
2. no functional changes here.
3. note toolbar at top is consistent
Label template
1. this menu item should take you directly to the "Edit label template" page.
2. no functional changes here.
3. note toolbar at top is consistent.
Printer profile
1. this menu item should take you directly to the "Edit printer profile" page.
2. no functional changes here.
3. note toolbar at top is consistent.
+ Manage menu:
Label batches
1. This menu item should take you directly to the "currently available batches" page.
2. select a batch to edit using the buttons
3. select a batch to delete using the buttons - it should ask for confirm.
4. select several batches using the tickboxes, and select Export selected. Batches should be exported as normal.
5. note toolbar at top is consistent.
Layouts
1. This menu item should take you directly to the "currently available layouts" page.
2. select a layout to edit using the buttons
3. select a layout to delete using the buttons
4. note toolbar at top is consistent.
Label templates
1. This menu item should take you directly to the "currently available templates" page.
2. select a template to edit using the buttons
3. select a template to delete using the buttons
4. note toolbar at top is consistent.
Printer profiles
1. This menu item should take you directly to the "currently available profiles" page.
2. select a profile to edit using the buttons
3. select a profile to delete using the buttons
4. note toolbar at top is consistent
+ General
* note that sidebar now only has "labels home" instead of the full "manage" list. It seemed redundant with the toolbar tidied up.
Please note that I am happy to take suggestions/amendments to these changes.
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick <Nick@quechelibrary.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To test:
1) cd misc/translator
2) perl translate update xx-YY
3) check that there's no msgids that contain the layout types or
text justification types in po/xx-YY-i-staff-t-prog-v-3006000.po
4) apply patch
5) perl translate update xx-YY
6) check po/xx-YY-i-staff-t-prog-v-3006000.po that it contains the
msgid for the frequencies. (search for "BLOCK translate_label_types"
and "BLOCK translate_justification_types")
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Labels which precede a text input or select typically have a colon
before them:
Name: [____]
This patch cleans up templates where labels in this context lack a
colon. Exceptions to this rule include radio buttons, checkboxes, and
labels inside tables.
To test, view the affected pages and confirm that labels look
consistent.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Patch adds more consistency.
Work for translators could be made easier using CSS instead
of whitespace after colon.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
After talking to Owen we decided to use 2 classes for those modules. I decided on:
patroncard: tools, pcard
labels: tools, labels
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Found 3 instances of the typo while looking for the typo reference in Bug 7203.
Fixed labels/label-edit-batch.tt, labels/label-edit-layout.tt, and patroncards/edit-layout.tt.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
