Commit graph

2311 commits

Author SHA1 Message Date
Jonathan Druart
2e4b574074 Bug 5844: Avoid strings cut on unhighlighing
If a user is searching for several words and that one is contained in
another ( "mag ma" ), some characters are cut (removed from the DOM!).

To reproduce:
1/ search for "mag ma m"
2/ The result page contains "Magazine"
3/ "Mag" is highlighted
4/ Click on the "Unhighlight" link
5/ The "Magazine" words become "azine", "Mag" has been cut.
There is no way to show these characters again.

Test plan:
1/ Confirm the bad behavior without this patch
2/ Apply this patch
3/ search for "mag ma m"
4/ The result page contains "Magazine"
5/ "Mag" is highlighted
6/ Click on the "Unhighlight" link
7/ strings are unhighlighted and still in the DOM :)

Note that the Highlight link won't work very well (only "a" will be
highlighted, but considered as minor since this did not work before the
patch neither).

Followed test plan. Strings are no longer cut when unhiglighted.
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 10:13:18 -03:00
Jonathan Druart
7fa67b2f83 Bug 9120: Prevent form submission on adding tags - OPAC
At the OPAC, if the user adds tags pressing 'Enter', the page is
reloaded and the tags are not added.
To prevent that, this patch suggests to block the "press enter" event on
the inputs.

Test plan:
0/ Confirm the bad behavior, without this patch.
1/ Apply this patch and confirm nothing happen on pressing enter when
the focus is on the add tag input (At the opac, on the result view).

Patch works as expected.
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-30 13:46:44 -03:00
Frédérick
bbb6cf94de Bug 11982 - Show local cover image in the intranet biblio details page
Also, fix useless "No cover image" block when using Amazon and local
cover images at the same time.

http://bugs.koha-community.org/show_bug.cgi?id=11982
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-30 13:45:20 -03:00
Srdjan
ac5130c57c Bug 5786: Correction: Removed erroneous holdability check from opac-search.pl
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-30 13:14:14 -03:00
Marc Véron
53ac1adeaf Bug 11900 - OPAC cart can confuse patrons
This patch adds a title tag to the "Cart" link on Opac main page (and to the "Lists" link as well).

Wording should be verified by a native speaker  :-)

To test:
Apply patch
Go to OPAC main page, verify that a tooltip appears on the "Cart" and "Lists" links at the top of the page.

Signed-off-by: Nick <nick@quecheelibrary.org>
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, no problems found.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-30 12:58:37 -03:00
“ByWater
0e8927a5fa Bug 13832 - Missing table header IDs on record holdings table in OPAC
All but two of the table headers in the item holdings table in the opac have identifiers. The remaining two should be added so they can be modified easily with CSS.

Test Plan:
1) Apply this patch
2) View the holdings table for a record
3) Note the new id field for the item holds column
4) Note the new id field for the hold prioirty column ( if enabled )

Followed test plan. Patch behaves as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-25 11:24:08 -03:00
Srdjan
1802aa9153 Bug 5786 - Move AllowOnShelfHolds and OPACItemHolds system prefs to the Circulation Matrix
C4::Reserves:
* Added OnShelfHoldsAllowed() to check issuingrules
* Added OPACItemHoldsAllowed() to check issuingrules
* IsAvailableForItemLevelRequest() changed interface, now takes
  $item_record,$borrower_record; calls OnShelfHoldsAllowed()

opac/opac-reserve.pl and opac/opac-search.pl:
* rewrote hold allowed rule to use OPACItemHoldsAllowed()
* also use OnShelfHoldsAllowed() through
* IsAvailableForItemLevelRequest()

templates:
* Removed AllowOnShelfHolds and OPACItemHolds global flags, they now
  only have meaning per item type

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

I have tested this patch left, right and upside down for the last
several months. All tests have passed.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-25 10:33:14 -03:00
Marc Véron
e043b5563f Bug 13826 - OPAC: Display RSS icon on list of recent comments
This patch adds RSS icon to OPAC page 'Recent comments'

To test:
1)
Enable display of 'Recent comments' in OPAC (Syspref OpacShowRecentComments)
2)
In OPAC, go to Home > Recent comments
3)
Verify that there is a link in the head part of the HTML source code (<link rel="alternate" type="application/rss+xml"....), but no RSS icon on the pate itself (like in search results).
4)
Apply patch
Result: Icon with link to RSS feed is displayed  next to title.

Bug 13826 - Follow-Up: Close </h3>

There was a slash missing.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by for the Follow Up: Marc Veron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-19 14:18:17 -03:00
Katrin Fischer
66db4a64ef Bug 12399: Small change to remove the whole paging
Previous patch only removed the next and previous buttons.
This patch changes it a bit to remove the whole paging from
the print view of the page.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-15 09:09:51 -03:00
Marc Véron
21d05006c0 Bug 12399 - opaccredits printing at top on printable version
This patch introduces a new class "noprint" in koha-tmpl/opac-tmpl/bootstrap/css/print.css
With this class, unwanted elements can be hidden when printing.

To test:
In OPAC, do a search with many results (> 1 Page)
Print page or do a print preview
See that footer elements are not displayed correctly (as of screenshot in comment #1) and that on top of page 2 the language selector overlays the list
Apply patch
Repeat steps above.
Verify that printed page looks much nicer now by hiding unwanted elements (including e.g. RSS icon, toolbar etc.)

This mechanism can be used on other pages as well.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-15 09:09:45 -03:00
Jonathan Druart
733d37ff3f Bug 11430 [Follow-up] Search history: Delete selected lines
This follow-up for Bug 11430 makes some changes to the template to make
it more useful when JavaScript is turned off:

- Hide the toolbar containing select all/clear all links if JS is off
- Add buttons to submit the forms if the delete link in the toolbar is
  unavailable (or if the user has scrolled all the way to the bottom of
  a long list)

Also changed: Corrected indentation from 2-space to 4-space, added
comments to the markup to help document page structure; changed the
class of the delete link to match other similar interfaces.

Note: This patch contains whitespace changes. Please diff
accordingly.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-11 15:02:45 -03:00
Jonathan Druart
d40a2cb176 Bug 11430: OPAC changes
Signed-off-by: sonia BOUIS <sonia.bouis@univ-lyon3.fr>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-11 15:02:41 -03:00
Mark Tompsett
f71f1ba6e2 Bug 13787 - Clean up noisy opac-advsearch warnings
While testing bug 10937, there were noisy warnings, which
distracted from testing the functionality of it.

Here is a snippet of the after the patch warnings:
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 384.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 161.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 161.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 177.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 177.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 202.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 202.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 240.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 240.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 256.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 256.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 356.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 356.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 369.
Argument "" isn't numeric in numeric gt (>) at /home/mtompset/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-advsearch.tt line 369.

Tweaking the [% IF %] statements eliminated the warnings.

TEST PLAN
---------
1) Apply patch
2) Run koha qa test tools.
   -- there will be noisy warnings in the before processing, but
      there will be no such messages in the after processing.
3) git diff origin/master
   -- there should be no visible typos.

Signed-off-by: Magnus Enger <magnus@enger.priv.no>
- Applied the patch from bug 10937
- Ran "koha-qa.pl -c 1" and observed the warnings described in the
  commit message
- Applied the patch from this bug
- Ran "koha-qa.pl -c 1" again and saw no warnings
- Ran "koha-qa.pl -c 2" and saw no warnings

I have not tested the functionality of 10937 with this patch, just verified
that the changes look sensible.

This patch feels more like a followup for 10937, than a separate patch,
especially since 10937 is just "signed off" at this time. But as long as it
works...

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-07 21:22:18 +01:00
Dobrica Pavlinusic
1ca9adaa56 Bug 13789 - facets with accented utf-8 characters generate double encoded links
Bug 13425 tried to fix XSS in OPAC, by using url filter in template toolkit
on whole generated url. This doesn't work and create double encoded strings
in facets because we are creating url variable by concatenating query_cgi
(which did pass through uri_escape_utf8 on perl side) and other
parameters which have to be escaped in template.

Also, code like

[% SET limit_cgi_f = limit_cgi | url %]

doesn't do anything (at least doesn't apply url filter) so it's not needed.

This patch also fixes encoding of hidden fields used in sort by form.

And lastly, it tries to make facet changes for opac and intranet as same as
possible to simplify future maintencence of this code.

Test scenario:
1. find results in your opac which contain accented characters
2. click on them and verify that results are missing
3. apply this patch
4. re-run search and click on facets link verifying that there are
   now results
5. test sort by form and verify that results are ok
6. verify that facets are still safe from injection by constructing url like
   /cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123
   and verifying that you DON'T see prompt window in your browser

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-07 21:05:04 +01:00
Viktor Sarge
13a16343fa Bug 13729 - Give news in Opac a unique anchor
This patch introduces the use of the idnew-value from the opac_news table as a base for a unique anchor on each newsitem in Opac.

The anchor can be used for linking to specific newsitems and also for improving bug 7843 (RSS stream for news) with a unique link to each item in the RSS stream.

Test plan:
* Make shure you have a few news in the opac. Best is if it's enough to hide a few beneath the bottom of the window.
* Install the patch.
* Verify that you can access newitems with links like mykoha/cgi-bin/koha/opac-main.pl#newsitem4
* Experiment with removing newsitems and verify that that the newsitem-id stay unique to each newsitem.

Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Works as advertised. Nice enhancement!

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-24 11:24:22 -03:00
459b082f35 Bug 13612 - Remove old YUI javacript libraries from opac-tmpl
YUI files were left behind in opac-tmpl/lib/yui after the removal of the
prog theme. These files are unused and can be safely removed.

To test, apply the patch and search for references to any of the YUI
files. You should find none in the OPAC templates.

No references found.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-24 11:16:39 -03:00
Marc Véron
103811a13d Bug 13689 - Remove opac-old.css and sco-old.css
The following files are obsolete and should be removed:
koha-tmpl/opac-tmpl/bootstrap/css/opac-old.css
koha-tmpl/opac-tmpl/bootstrap/css/sco-old.css

To test: Apply patch. Search for the files; they should no longer exist.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-24 11:13:22 -03:00
957e65c748 Bug 13672 - OPAC locks up browser when browsing items from series link with NoveList and OpacHighlightedWords
It appears that an empty string is sneaking into the list of words
to highlight and that is causing the browser to freak out.

Test Plan:
1) Enable NoveList
2) Enable OpacHighlightedItems
3) Search a title with a series (i.e. The Hunger Games)
4) Click into the record
5) Click on the series to search it
6) Click on a title in the search results
7) If Firefox doesn't crash, it gives the unresponsive script message
8) Apply this patch
9) Repeat steps 3-6
10) Browser doesn't freak our

Signed-off-by: Jason Robb <jrobb@sekls.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
could not confirm the problem, but small change and
highlighting terms on result list and couldn't find any
regressions in highlighting.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-16 23:38:42 -03:00
a7da45099f Bug 13142 - Change "mobile phone" label back to "other phone"
Labeling a phone number field "mobile phone" eliminates the usefulness
of having the labels "primary" and "secondary." Generic labels let the
user populate the fields according to their importance rather than their
type.

To test I recommend editing a patron record so that the values in the
patron record contain a label matching the table column:

borrowers.phone : 555-555-1234 (primary - phone)
borrowers.phonepro : 555-555-5678 (secondary - phonepro)
borrowers.mobile : 555-555-9012 (other - mobile)

View this patron's information in the various affected templates and
verify that the labels correctly match the data:

 - OPAC "your personal details" (opac-memberentry.pl)
 - Submit changes to primary, secondary, and other phone via the OPAC.
   In the staff client, view the confirmation for those changes.
 - Patron details in the staff client (moremember.pl)
 - Patron entry/edit in the staff client (memberentrygen.pl)
 - Patron duplicate confirmation in the staff client
   (you can navigate directly to
   /members/moremember.pl?borrowernumber=XXXX&print=brief)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-13 13:52:10 -03:00
295fb70f62 Bug 13335 - Holds and priority display via OPACShowHoldQueueDetails confusing
No matter what the selection of OPACShowHoldQueueDetails is, if it is
enabled it displays a line "Holds and priority:" even if you've opted to
hide one of those!

Test Plan:
1) Apply this patch
2) Test each setting of OPACShowHoldQueueDetails
3) Ensure each setting displays the correct fields ( or lack thereof )

Signed-off-by: Christopher Brannon <cbrannon@debian.localdomain>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-12 15:20:59 -03:00
f383fe0ffe Bug 12842: Add DDC classification numbers to MARC21 XSLT detail page
Patch will add DDC classifications, divided with | below the subjects
in the OPAC and staff detail pages.

To test:
- catalogue a record with one or mulitple 082$a subfields
- verify the classifications are displayed in OPAC and staff detail page
- Add following CSS to OpacUserCSS or IntranetUserCSS:

.results_summary.ddc {
  display:none;
}

- Verify the DDC classifications are now no longer displayed

Signed-off-by: Frederic Demians <f.demians@tamil.fr>

Test plan ok. Repetions of $a subfield are separated by a space, which seems
correct. I'm not sure whether other subfield than $a should be displayed on
intranet. Whatever, this could be added later.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-09 14:04:42 -03:00
f27d454048 Bug 13268 - biblioitems.size value not correctly displayed (more)
Bug partially corrected by Bug 11357.

The size column in biblioitems is a bit problematic when used in TT, because instead of the size value from the biblio column it will give you the size of the variable or current loop.

It's currently used in the templates like opac-topissues.tt :
[% IF results_loo.size %][% results_loo.size %][% END %]

This patch corrects by using item() TT method.
See http://stackoverflow.com/questions/2311303/how-can-i-handle-hash-keys-containing-illegal-identifier-characters-in-template.

Test plan :
- Be sure there is a mapping between a MARC field and biblioitems.size
- Create a record A with biblioitems.size defined : like "10x12"
- Create a record B with no value in biblioitems.size
- Check each modified page :
=> Without this patch : you see a number (loop size) for both records
=> With this patch : you only see the correct value for A and nothing for B

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:46:35 -03:00
724f77ec43 Bug 13339 - Cart button doesn't open the cart
The link to open the cart no longer triggers the cart popup. Instead, in
order to make it more usable with mobile devices, it triggers a menu
which displays the count of items in the cart -- something which
previously was done with a hover action (something touch-screen devices
don't have). Clicking/tapping this menu item is what opens the cart
window.

Since the cart link is really now a menu trigger rather than just a
link, it seems logical to add the small arrow which the lists link
has indicating that the link triggers a menu.

To test, apply the patch and view any page in a Cart-enabled OPAC.
Confirm that the "caret" icon displays correctly when the cart is both
empty and when it has contents.

Followed test plan. Icon displays as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, good idea.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:45:36 -03:00
06f4950aa2 Bug 13599 - Add patron cardnumber to self registration confirmation
Some libraries wish to display the patron's cardnumber on the
confirmation screen for patron self registration, rather than make the
patron locate it his or her cardnumber by logging in and browsing to the
personal details page. We should also add ids to these fields for easy
css styling/hiding.

Test Plan:
1) Apply this patch
2) Ensure that autoMemberNum is enabled
3) Self-register a new patron
4) Note confirmation screen now displays the patron cardnumber

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-02 11:35:49 -03:00
c667b9ddbf Bug 13609: Cross Site Scripting problem in authority search result list paging
To test:
- Use an installation a reasonable amount of authorities, so that you can
  have a search result list with more than one page
- Activate OpacAuthorities
- Create an OPAC link like shown below, verify that an alert is shown
- Apply patch
- Refresh the page and no alert should appear
- Verify the paging still works correctly for 'numbers' and 'arrows'

URL:
.../cgi-bin/koha/opac-authorities-home.pl?and_or=and&marclist=match&op=do_search&operator=contains&orderby=HeadingAsc2"><script>prompt(987898)</script>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2015-01-22 16:39:14 -03:00
da6ee1c469 Bug 13510 : Fixing the third XSS issue
To test

1/ Make sure you have some items in your database, that have values in items.issue
If nessecary do something like

UPDATE items SET issues = 10 WHERE itemnumber=somenumber

2/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-topissues.pl?do_it=1&timeLimit=3%3Cscript%3Eprompt%28924513%29%3C/script%3E

3/ Notice you will get a prompt
4/ Apply patch
5/ Test again

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 16:35:58 -03:00
Liz
52fe123891 Bug 13510 - Cross site scripting bug in opac-downloadshelf and opac-shelves
A specially crafted url causes XSS in Koha

To test:

cgi-bin/koha/opac-shelves.pl?viewshelf=2%22%3E%3Cscript%3Eprompt(987898)%3C/script%3E

cgi-bin/koha/opac-downloadshelf.pl?shelfid=2%22%3Cscript%3Eprompt(1)%3C/script%3E&showprivateshelves

These should cause a popup without the patch. With the patch, no popup.

You may need to create these lists, the xss will not be triggered if the list doesn't exist or you don't
have permission to view them.

Signed-off-by: Chris <chris@bigballofwax.co.nz>

Fixes the two listed problems

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed patch fixes the problem.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 16:35:47 -03:00
Justin
580ed6360d Bug - 11345 - Self registration captcha
Test Plan
 - Open the opac site
 - Navigate to the self registration page (Home -> Register here)
 - Notice that there is no note stating that the verification box is case-sensitive
 - Apply patch
 - Refresh page
 - Notice that there is now an extra note stating that the verification box is case-sensitive.

Followed test plan. Hint displays as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:07:52 -03:00
Dobrica Pavlinusic
08af6f158c Bug 11944: remove url/uri filter from query_cgi
We don't need to pass query_cgi through url (or uri) filter since this
will turn query string (correctly escaped inside code) back into
two-byte escaped string which CGI( -utf8 ) won't turn back into proper utf-8

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:41 -03:00
Jonathan Druart
053ee5c955 Bug 13346: OpacExportOptions becomes multiple
The list of options is limited, the interface could be more ergonomic.

Test plan:
- verify that you are still allowed to change (add/remove) options for the
  OpacExportOptions pref.
- At the OPAC, verify the selected options appear correctly (check the
  3 pages opac-ISBDdetail.pl, opac-MARCdetail.pl and opac-detail.pl).

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-04 12:36:45 -03:00
e0122701aa Bug 13119 - Use XSLT to display tagged titles in the OPAC
This patch updates the display of a logged-in user's tagged titles to
use the same XSLT stylesheet used by search results and Lists. This
would make for a more consistent display of information.

Unrelated change: Corrected "My tags" header to read "Your tags,"
consistent with sidebar navigation.

To test you should have multiple titles in your catalog which you have
tagged in the OPAC.

- Set the OPACXSLTResultsDisplay system preference to 'default'
- Log in to the OPAC and view the "your tags" page.
- Confirm that title information is displayed correctly. Compare to
  search results.
- Empty the OPACXSLTResultsDisplay system preference and reload the
  "your tags" page. The display should revert to the old view, showing
  title, subtitle (if any) and author (if any).
- Set the OPACXSLTResultsDisplay to a custom path pointing to a custom
  XSL file and confirm that the list of your tagged titles changes
  accordingly.

Note: A follow-up will add "action" links ("place hold," "add to cart,"
etc) consistent with other pages.

Signed-off-by: Frederic Demians <f.demians@tamil.fr>

Works as described. opac-tag.pl page displays tagged titles the same way as
result & list pages.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-04 11:28:11 -03:00
049bd2da23 Bug 13341 - Hard-coded "Preview" text in OPAC openlibrary.js
The OpenLibrary JavaScript includes an untranslated string, "Preview."
This patch move the string to the template so that it can be translated.

To test, apply the patch and test that the translator picks up the
string:

1. From misc/translator run 'perl translate update [lang]' (e.g. de-DE)
2. Edit misc/translator/po/[lang]-opac-bootstrap.po and add a
   translation for the updated "Preview" string
3. Remove the "#, fuzzy" marker from that entry
4. From misc/translator run 'perl translate install [lang]'
5. Enable the [lang] translation for the OPAC in system preferences
6. Enable the OpenLibraryCovers system preference.
7. In the OPAC switch to the [lang] translation.
7. View the detail page for a title for which there is an OpenLibrary
   cover image. Below it you should see a preview link with the
   translated string you added in step 2.

Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-12-28 20:44:26 -03:00
Marc Véron
dd6fbe04d1 Bug 13422 - SCO: "Would you like to rpint a receipt" not translatable
To test:

Set syspref SelfCheckReceiptPrompt to "Show"
Select non English language
Go to Self Checkout and check out an item
Hit "Finish"
Make sure that confirm dialog "Would you like to print a receipt" still
appears

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-12-19 15:05:02 -03:00
22d9db6672 Bug 13449 - Syndetics TOC will not display in some cases
For reasons unknown, the table of contents data from Syndetics will not
display if there is no p element, even though within that if for the p
element there's a second one for the p element! This is neither good nor
necessary.

Test Plan:
1) Enable Syndetics
2) Find a record that should have a Syndetics TOC but doesn't
3) Apply this patch
4) Reload the page
5) Note the Syndetics TOC data now displays

Signed-off-by: Julius Fleschner <julius.fleschner@briarcliff.edu>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
I couldn't test but from reading the code this should not
have any negative consequences.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-12-17 20:21:50 -03:00
Chris Cormack
5bdf4601df Bug 13425 - XSS in opac facets - Patch for master and 3.18
To Test
1/ Craft a url like /cgi-bin/koha/opac-search.pl?q=123&sort_by='"><script>prompt('Happy_Holidays')</script>&limit=123

It is important it must return results and facets

2/ Notice the js is executed
3/ Apply the patch test again

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Popup is gone after applying the patch. Facet link still shows it but does not execute. It's gone after clicking the link.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-12-11 12:10:32 -03:00
Marc Véron
c087027487 Bug 10956 - Series of OPAC searches can cause a browser crash
This patch fixes the issue for bootstrap. It was earlier fixed for the prog theme.

Solution: Prevent  jQuery.fn.highlight = function(pat) to be called with empty pat
by skipping empty values in highlight loop.

To test:
Without patch, do a search as in comment #1 odr #3
Result: Endless loop (Script not responding)

Appply patch:
No endless loop, page displays OK

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
To reproduce you need to search a string with 2 spaces.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
I didn't manage to reproduce the problem, but I couldn't find
any regression either trying multiple searches.
Trusting Marc's and Jonathan's testing.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-25 16:12:34 -03:00
Jonathan Druart
33f53e4dfd Bug 13329: Fix create a suggestion at the OPAC
The suggestion table does not contain a 'branch' column name.
The script should pass 'branchcode' to C4::Suggestion::NewSuggestion.

Test plan:
0/ Enable the AllowPurchaseSuggestionBranchChoice pref
1/ Create a suggestion at the OPAC should not raise a DBIx::Class error.

I could reproduce the bug.
With patch bug is gone.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, thx for the quick fix.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-25 15:24:21 -03:00
aeb86b69eb Bug 13271 - Subject search links broken if XSLT and OPACPopupAuthorsSearch are both off
This patch corrects some faults in the OPAC's bootstrap template which
prevent additional author and subject searches from working correctly
with OPACPopupAuthorsSearch both on and off.

Some JavaScript has been removed because it was used only by the prog
theme and is obsolete.

Locate a title with multiple subjects and additional authors. Test the
following conditions:

OPACXSLTDetailsDisplay is blank and OPACPopupAuthorsSearch is off:

 - Clicking an additional author or subject link should directly trigger
   the correct search without an JavaScript error.

OPACXSLTDetailsDisplay is blank and OPACPopupAuthorsSearch is on:

 - Clicking an additional author or subject link should trigger a modal
   window where you can select options for searching. Checking boxes and
   submitting the form should perform the correct search.

OPACXSLTDetailsDisplay is set to "default" and OPACPopupAuthorsSearch is
on OR off:

 - Clicking an additional author or subject link should directly trigger
   the correct search without an JavaScript error.
   (OPACPopupAuthorsSearch only works with the non-XSL view).

For extra credit: Test with JavaScript disabled and confirm that link
still work correctly.

Signed-off-by: Frederic Demians <f.demians@tamil.fr>

I confirm the bug and the solution. Before various JS errors: "ReferenceError:
e is not defined" and "ReferenceError: showSubjects is not defined". After:
Comforting silence, and functionnality.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-22 11:14:58 -03:00
Stéphane Delaune
45cfe50a17 Bug 13247 - Move opacuserjs at the end of opac-bottom.inc
This patch makes opacuserjs compatible with tracking tools like Piwik

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Small change to enable use of opacuserjs for statistical
tools like Piwik by moving it right above </body>.
Works as described.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-21 20:10:40 -03:00
260c423be8 Bug 11515 - Encoding problem with OpacBrowseResults
When OpacBrowseResults syspref is on, the detail page contains a results browser.
When search terms contains non-ASCII character, the search query is not well encoded in this browser.

This patch adds the URI-coding to search terms into session to avoid any encoding problem with diacritics and URI specific characters like ?,& ...
So that TT parameter 'busc' is already URI encoded and can be used to recreate seach URL.

Test plan :
- Set OpacBrowseResults on
- At OPAC, perform a search with a diacritique. For example 'déjà'
- Go to detail page of a result
=> You see browser under "Browser results"
- Click on "Back to results"
=> You get same results and same search term with correct encoding

Signed-off-by: Broust <jean-manuel.broust@univ-lyon2.fr>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Bug still present on master. I note that latin characters are taken by ISO-8859-1 encoding
(Perl's default) and that's why real UTF8 ones don't break (Perl notices they are UTF-8).
2014-11-21 15:54:05 -03:00
535a224b87 Bug 13234 [Follow-up] Make on-site checkouts visible in OPAC
This follow-up makes a few changes to the template:

1. The "show all" / "show 50" links have been modified to show the
   current state.
2. The tabs are only shown if the OnSiteCheckouts preference is turned
   on.
3. The DataTables configuration has been modified so that title sorting
   ignores articles, sorting on the the first column is disabled, and
   sorting by date works regardless of your dateformat preference.
4. Some indentation has been corrected and markup comments added.

To test the opacreadinghistory preference must be enabled. Log in to
the OPAC as a patron who has some on-site checkouts as well as regular
checkouts. With OnSiteCheckouts enabled, view the reading history page
and confirm that the tabs work correctly. Test the table sorting
controls.

With OnSiteCheckouts disabled, confirm that the tabs do not appear.

Test the "Show all items"/"Show last 50 items" links and confirm that
the behavior is correct.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Works as described, passes tests and QA script.
Good addition to the new on-site feature.

Note: It would be nice to show the 'on-site' note also in the
liste of checkouts on the summary page!

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-19 11:33:36 -03:00
Jonathan Druart
f7d31f3916 Bug 13234: On-site checkouts - OPAC
This patch introduces the code lost in bug 10860 for the OPAC side.

Test plan:
Go on opac-readingrecord.pl and verify the tabs work as expected and the
"show all items" and "show 50 items" links.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-19 11:33:31 -03:00
Katrin Fischer
81e4aebd0a Bug 13227: Display856uAsImage displays images in OPAC in original size
To test:
- catalog a record with 856$u = URL to an image, $q = img
- turn on the system preference Display856uAsImage
- make sure your record has been reindexed by Zebra
- verifiy the image indeed displays on the result and detail page
  in the bootstrap catalog.

The image shows in the original size, from the code it's meant
to display with a height of 100 px, but this won't work in bootstrap
as the height is set to auto with CSS.

Patch changes the XSLT to restore the former behaviour.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-16 12:12:48 -03:00
Olli-Antti Kivilahti
51f0a0b722 Bug 13116 - Make it possible to propagate errors from C4::Reserves::CanItemBeReserved() to the web-templates.
This patch changes the way CanBookBeReserved() and CanItemBeReserved() return error
messages and how they are dealt with in the templates. This change makes it possible
to distinguish between different types of reservation failure.

Currently only two types of errors are handled, all the way to the user, from the CanItemBeReserved():
-ageRestricted
-tooManyReserves which translates to maxreserves

 #############
 - TEST PLAN -
 #############
((-- AGE RESTRICTION --))
STAFF CLIENT
1. Find a Record with Items, update the MARC Subfield 521a to "PEGI 16".
2. Get a Borrower who is younger than 16 years.
3. Place a hold for the underage Borrower for the ageRestricted Record.
4. You get a notification, that placing a hold on ageRestricted material is
   forbidden. (previously you just got a notification about maximum amount of reserves reached)

((-- MAXIMUM RESERVES REACHED --))
0. Set the  maxreserves -syspref to 3 (or any low value)
STAFF CLIENT AND OPAC
1. Make a ton of reserves for one borrower.
2. Observe the notification about maximum reserves reached blocking your reservations.

((-- MULTIPLE HOLDS STAFF CLIENT --))
3. Observe the error notification "Cannot place hold on some items"

((-- MULTIPLE HOLDS OPAC --))
1. Make a search with many results, of which atleast one is age restricted to the current borrower.
2. Select few results and "Place hold" from to result summary header element.
       (Not individual results "Place hold")
3. Observe individual Biblios getting the "age restricted"-notification, where others can be
   reserved just fine.

Updated the unit tests to match the new method return values.
t/db_dependent/Holds.t & Reserves.t

Followed test plan. Works as expected and displays meaningful messages for the reason why placing a hold is not possible.

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-12 11:23:41 -03:00
9042ce4ea5 Bug 10632 [Follow-up] Enable datatables for courses and course details in the OPAC
This follow-up adds some style improvements and corrects some errors in
the previous patch:

- The path to datatables.css has been corrected
- Unused CSS has been removed from datatables.css (particularly related
  to pagination controls, which are currently unused in the OPAC).
- Style has been added to datatables.css to make the table search form
  look better.
- The configuration of the course details table has been enhanced to
  include a title sort which ignores articles and date sorting according
  to the "title-string" method for date format agnostic sorting.
- Unrelated: A message <div> has been modified to have the correct style
  for the Bootstrap theme.

To test you should have multiple courses and at least one course with
multiple reserves. Clear your browser cache if necessary and view the
list of courses in the OPAC. All table sorting should work correctly, as
should the table search form.

View the details of a course which has multiple reserves. All sorting
should work correctly, including title sort excluding articles. Sorting
by date due should work correctly for any dateformat system preference
setting.

View the details of a course which has no reserves. You should see a "No
reserves" message box with a style consistent with similar messages in
the Bootstrap OPAC.

View other sorted tables in the OPAC to confirm that the CSS changes
have not negatively affected their appearance: opac-user.pl for
instance, or opac-detail.pl.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-11 16:07:33 -03:00
4413a1ac4a Bug 10632 - Enable datatables for courses and course details in the OPAC
We should use datatables for the courses and course items tables. This
will make the tables sortable and searchable from the client side.

Test Plan:
1) Apply this patch
2) View the courses in the OPAC, try sorting and searching
3) View the course details for a course, try sorting and searching the items.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signing off, but have a follow-up to address some missing stuff.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-11 16:07:25 -03:00
9b28d8fa5b Bug 9214 [Compiled CSS] Show damaged status in the OPAC for items which are not for loan
This patch contains the compiled opac.css file generated from the
revised LESS file in this bug's other patch.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-11 15:13:11 -03:00
b197d8bf90 Bug 9214 - Show damaged status in the OPAC for items which are not for loan
Item statuses in the OPAC displayed according to a cascading hierarchy:
If something is lost it will appear as lost, "else if" it is checked out
it will appear as checked out, etc. I don't think there is a logical
reason why statuses should appear this way.

This patch modifies the logic in the template so that multiple statuses
can be displayed at the same time. The patch also wraps each status in
its own class so that libraries can apply custom CSS if they wish.

Some tweaks have been made to the LESS file adding some style to the
common "item-status" class for display of item statuses.

To test, apply the patch and view one or more titles in the OPAC which
have items with the following statuses: lost, checked out, damaged, not
for loan, waiting, on order, in transit, withdrawn, and available.

Modify items to have more that one status simultaneously, in particular
not for loan and damaged.

Also test the display of item statuses in the OPAC cart and the OPAC's
course details page (Course reserves -> [Course name]) since these pages
use the same include file.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-11 15:13:03 -03:00
Jonathan Druart
954c2874d0 Bug 12986: Upgrade the DataTables jQuery plugin to the latest version (1.10.2)
DataTables 1.10.2 is now available.

The footerCallback function does not seem to work correctly with our
current version.

Test plan:
Go on the maximum of pages where DataTables is used and try to catch a
bug/regression :)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I tested many many pages with DataTables, taking special care to find
pages with different DataTables configurations. I found no errors in the
OPAC or staff client.

Tested thoroughly in Firefox (latest) on Windows 7.
Tested less thoroughly in Chrome (latest) on Windows 7.
Tested briefly in Internet Explorer 7 in Vista and Internet Explorer 8
and found no bugs which were related to the DataTables upgrade.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-10 12:45:59 -03:00
b143d68534 Bug 9043 [QA Followup] - Don't show "More options" are there aren't any
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-10 12:25:55 -03:00