Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Links exist in search results for MARC21 but not for UNIMARC.
This patch fixes that.
Test plan:
1. Create an authority with a field 550 that links to another authority
e.g. 550 $a Foo $9 42
2. Reindex this authority
3. Search for this authority
4. See that you now have a link "Foo" to authorities/detail.pl?authid=42
in the summary
Signed-off-by: delaye <stephane.delaye@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
There are some more files that expose parts of tt diretives to translations, mostly due to
line breaks inside directives.
Files covered with this Bug:
koha-tmpl/intranet-tmpl/prog/en/includes/authorities-search-results.inc
koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.inc
koha-tmpl/intranet-tmpl/prog/en/includes/search_indexes.inc
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/issuehistory.tt
koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
koha-tmpl/intranet-tmpl/prog/en/modules/members/members-update.tt
To test:
- Review code, verify that line breaks are removed
- Run QA tools
- Bonus test: Create a "language" aa-AA and verify that no fragments
containign %%] are picked for the 6 files
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
In authorities search results, UNIMARC flavour, linked headings are displayed
with a link type : BT, NT, UF, RT.
This patch adds a abbr tag around those acronyms to know there meaning :
BT = Broader Term
NT = Narrower Term
UF = Used For
RT = Related Term
Acronyms are used because there can be a lot of linked headings, using abbr
will display the complete text on mouse over.
Test plan :
- Use UNIMARC database
- Create an authority with :
250 $a Heading250a
450 $a Heading450a
550 $5 a $a Heading550a
550 $5 g $a Heading550g
550 $5 h $a Heading550h
- Save an index zebraqueue
- Go to intranet authorities search
- Search for "Heading250a"
- You see :
Heading250a
Heading250a
UF: Heading450a
RT: Heading550a ; BT: Heading550g ; NT: Heading550h
- Move your mouse over the acronyms, you see a tip with the complete text
- Same with opac authorities search
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Works as described. Translatable.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
The problem is the template in authority type summary is not respected
at all. It is only read to see which fields and subfields should appear
in the summary.
This patch fixes that.
It also fixes a bug in auth_finder.pl plugin when summary contains
fields other than 2XX.
Test plan:
0/ You must use a UNIMARC setup for those tests
1/ edit an authority type summary with:
NP : [200a][, 200b][ 200d][-- 152b --][ ; 200c][ (200f)] [001*] [ppn: 009*]
2/ create a new authority with previous fields (it is possible some
fields don't exist).
3/ search this authority and verify the summary is someting like:
NP : Name, D.-- NP -- 23849 ppn: my_ppn
4/ Verify some summary for existing authorities and check they are
correct.
5/ Edit a biblio record and use the plugin auth_finder.pl (for example
in a 7XX field)
6/ Do a search and verify the summary is correct
7/ Click on 'choose' or one of the numbered links ('1', '2', ... ; you
should have multiple 2XX fields for the numbered links to show up)
8/ Verify that the biblio field is correctly filled.
/!\ For the ppn, it should be defined in the zebra indexes.
In MARC21 and NORMARC setups, this patch should change nothing, please
verify that too (you can check that the auth_finder.pl plugin is still
working and the auth type summary is correctly displayed in authorities
search and auth_finder.pl plugin).
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
It works as described, both in authority search result page, and in authority
data entry plugin.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch restores the display of the authority type summary for
MARC21, where at present the heading type (i.e., "Topical Term",
"Personal Names") come over for display in the template.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
From a biblio record, if one wants to add a 600$a information, a pop-up
appears. On this new window, on search terms typed and validated, a table
result is displayed, with a column "Get It!" allowing the selection of an
authority. From here, different cases:
1) If we have a simple authority with 200$a and 200$b subfields, a link
"choose" is displayed, working correctly.
2) If the authority has different occurences of 200$a/200$b, numeric links (1 2
and so on) are displayed, one for each occurence. In the example of my
screenshot, the line with a "Paul, Korky -- Pauline, Korkette" summary
possesses two links : "1" will add "Paul, Korky" whereas "2" will add
"Pauline, Korkette" (couldn't come up with a better name ;)).
3) If the authority has 200$x or 200$y subfields defined, several links are
also created, when it should not be the case. In our example, "Niclausse,
Paul -- Expositions" will create a link "1" for "Niclausse, Paul" and a link
"2" for "Expositions". Clicking on the 2nd link leads to the following
error: Software error: Can't call method "subfields" on an undefined value
at
/home/asaurat/workspace/versions/community/authorities/blinddetail-biblio-search.pl
line 86. Only the cases 1 and 2 should be handled. The creation of links
for subfields like 200$x or 200$y should be removed.
This problem is caused by the use of " -- " has separator of authorities with
several headings, but also in some heading between main part and subdivisions.
This patch corrects this by using an array in authorities summary so that
presentation is computed in template. I've choosen to use the pipe separator
between authorities with several headings. This may be changed to be
configurable.
Test plan :
- Edit an authority type summary : for example subject (heading on 250) :
summary "[250a][ -- 250x]"
- Create an authority A1 with one heading and a subdivision : for example a
subject : 250$a "History" 250$x "20th century"
- Create an authority A2 with several headings. for example a subject : 250$a
"History" 250$a "Legends"
- Rebuild Zebra queue
- Go to OPAC and click on "Authority search" and search on "History"
=> You will find A1 and A2 :
History -- 20th century
History | Legends
- Go to intranet autorities search and search on "History"
=> You will find A1 and A2 :
History -- 20th century
History | Legends
- Edit a record using this autorities type as thesaurus : for example on 606$a
- Click on thesaurus link and search on "History"
=> You will find A1 and A2 :
History -- 20th century ; 0 times ; choose ; Edit authority
History | Legends ; 0 times ; 1 2 ; Edit authority
- Click on link "2" to chosse "Legends"
=> You get "Legends" in heading field : for example 606$a
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
I can confirm the problem and the solution. I have tested the patch on a large
DB with authorities having multiples headings. There is no regression on bug
4838.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
Without the patch I couldn't choose between multiple headings
in the authority plugin, but with the patch it works as described.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch fixes an incorrect test on the number of see from and
see also links in the authority record, as otherwise if a record
had only one 4XX or 5XX, the linked headings weren't displayed at
all. This patch also makes the test consistent across the staff
theme and the two OPAC themes.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
If an authority record has more than one 4xx$a (or 5xx$a) entries the
corresponding labels 'see also' and 'used for/see from' werwe repeated.
This patch removes duplicate instances of the labels, improving
readability.
To test:
- Have authority records with more than one entry on the 4xx (or 5xx)
fields.
- Do a search, check "see also:" (or 'used for/see from') appear more
than once.
- Apply the patch
- Reload and check it looks nicer :-D
- Repeat for: staff auth search, OPAC using ccsr, OPAC using prog
- Signoff
Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as decribed. No koha-qa errors
Nice view on staff and both opac
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Comments on the usage of Template Toolkit blocks don't need
to appear in the rendered HTML, so this patch converts HTML
comments to TT comments and thereby saves a tiny amount of
bandwidth.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
As noted by Jared, in the presence of 4XX$w or 5XX$w the display
got broken by this refactoring. This patch restores the previous
behaviour in that front.
The OPAC themes get fixed too, and the Bootstrap one gets this
fix too.
Applied the fix that Galen proposed on comment #30 regarding
Zeno's fix in bug 11174.
Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch changes the URL and data used to show the 'see also' links
on the Staff's authority search results page.
Bonus points: makes some strings translatable.
To test:
- On your dev setup (master) create some authority records (I created
personal name authorities).
- Pick one of them and link 400$a to another one, do the same with 500$a
- Add some other 400$a and 500$a entries with plain text (i.e. no
linking)
- Make sure zebra is running and changes got indexed.
- In the staff interface search for the authority that is linked to the
others.
- Check the 'see also:' link points to an authority search
- Apply the patch
- Reload/re-do the search
- Check the 'see also:' link points to the authority id for linked
authorities,
and to an authority search result in the case of plain text entries.
- Check that the authority search from the cataloguing interface still
works as usual.
Sponsored-by: Universidad Nacional de Cordoba
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. No errors
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
To reproduce and test:
To reproduce:
1) Create an authority record with main heading (100) in Latin script
(e.g. Oppenheimer, Aharon -- subfields $a and $b) and parallel form
(700) in Hebrew (אופנהיימר, אהרן -- subfields $a and $b).
Mark it correctly in $8 with freheb (or engheb if you like);
2) Reindex and search;
3) You will see:
Oppenheimer Aharon
freheb: אופנהיימר
Whereas you would rather like to see (mind language and lack of $b above):
Oppenheimer, Aharon
Hebrew: אופנהיימר, אהרן
The patch corrects the issue and should not harm those who (improperly)
put only one triple in $8
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. No koha-qa errors.
Same result on OPAC and STAFF
Turns out that test plan is wrong,
you neet to fill tag 200ab, not 100ab, for main heading.
I filled 100a with some example data from UNIMARC auth manual.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Took me a bit to figure it out, works according to test plan.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
- Note field (3xx) are not displayed on search result page. We get
'HASH()' text.
- Parallel/Other forms (7xx) are not displayed, with language name in front of
heading, both on result and detail page.
- Note are not displayed.
- On result page, seealso form are displayed, but end with a superfluous '--'
- Style the result page, with condensed block, and space between them.
- Done both on OPAC/staff
To be applied on 3.8.x after bug 8523.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Prior to this patch, see also references in certain authority records
(most notably GND records) were being followed by empty parentheses in
the search results display. This patch resolves that problem.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Make see also links in both the OPAC and authority module search results
into hyperlinks and not just textual strings.
To test:
1. Do a search for an authority that will bring up a heading with a
see also reference in the staff client and the OPAC.
2. Confirm that the see also references listed in the search results
are now hyperlinks, which work.
Also quiets an unnecessary warning about an uninitialized value.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased 26 July 2012
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on master 1 August 2012
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on master 6 August 2012
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on master 11 September 2012
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Patch works nicely and is a great improvement.
Tests:
- Checked links for existing and non existing "see alsos" give correct
search results
- Verified links show up for all "see alsos" in a result list
- Verified links are properly linked with the correct names
- Checked logs don't show errors
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The HTML for authority search results was previously generated in
C4::AuthoritiesMarc::BuildSummary, which meant that it couldn't be
translated. This patch moves the HTML generation into the templates
by introducing a new authorities-search-results.inc include file for
both the OPAC and the Intranet which contains a Template::Toolkit BLOCK
for rendering the authority results. Fixes the authority autocomplete
by removing the untranslatable strings, and returning only data from
the database.
To test:
1. Apply patch.
2. Test authority searching in the authority module in the staff client
3. Test authority searching in the authority control plugin in the
cataloguing module (and the plugin for UNIMARC field 210$c, if you
can figure out how)
4. Test authority searching in the OPAC
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with MARC21 data.
1) Applies cleanly on current HEAD.
2) Authority search in staff
Patch works wonderfully, only some small notes found while testing that have
not been changed by this patch:
ENH note: Search terms show up nowhere. So if I want to change the sorting, I have to
repeat typing in my search term. Even if the form does not keep the term, it
should be visible somewhere on the screen what I searched for.
ENH note: The pagination on top and at the bottom of the result list are formatted
differently. Maybe some missing CSS?
ENH note: Also the authority type is not shown at all in the result list.
3) Cataloguing and authority plugins
The autocomplete function works nicely.
ENH note: There is only one small enhancement
I could imagine. If I start my search from 100 it will limit the search to
'persons' but the autocomplete will also suggest other authorities. It would
be a bit cleaner, if the autocomplete could limit by the appropriate authority
type too. Very nice feature.
Plugins overall work nicely. Created links include the authority numbers and work
correctly.
4) Authority search in OPAC
Works nicely. Display is consistent, but translatability greatly improved.
ENH note: In staff we use 'Details' in OPAC we use 'View full heading' - I wonder
if maybe 'details' would be better understandable for users?
Note: Code reveals a system preference 'AuthDisplayHierarchy' that is
not available in the system preference editor. I talked to Jared and he
will work on this feature later on. For now it's no regression, as the
preference has never been visible.
