Commit graph

27028 commits

Author SHA1 Message Date
b4a08cad60 Bug 14642: Make sure the log will be written only if the hold has been deleted
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:43:13 +00:00
a61e0a3324 Bug 14642: (QA followup) Add tests for Koha::Hold->delete
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:43:13 +00:00
fde83bd73d Bug 14642: (QA followup) Make HoldsLog default to 0
After a couple comments regarding the default value I picked for the
new syspref, I've decided to set it 0, as libraries interested on the
fetarue will just enable it.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:43:13 +00:00
d1eb706153 Bug 14642: Add logging for Holds
This patch adds logging for several holds actions. Specifically for:

- CREATE
- CANCEL
- DELETE
- RESUME
- SUSPEND
- MODIFY

To test:
- Enable the HoldsLog syspref
- Add a hold on a record/item
=> SUCCESS: The log view shows the CREATE action
- Click on the <Suspend> button
=> SUCCESS: The log view shows the SUSPEND action
- Click on the <Unsuspend> button
=> SUCCESS: The log view shows the RESUME action
- Click on the red cross, to delete the hold
=> SUCCESS: The log view shows the CANCEL action

Note: The DELETE action is logged when DelMember is called, with bug 16819 patches applied.

Sponsored-by: NEKLS
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I also wonder about this going in defaulted on, but since the other logs are as well it seems ok to me.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:43:13 +00:00
a6bc706ad1 Bug 14642: Add HoldsLog syspref
This patch introduces a new syspref 'HoldsLog' which is to be used for controlling
holds actions logs.

Sponsored-by: NEKLS

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:43:12 +00:00
0caed05779 Bug 16829 - DBRev 16.06.00.014
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:09:38 +00:00
3a7aaf1339 Bug 16829: Unit tests for logaction's 'interface parameter'
This patch introduces tests for the new 'interface' parameter for the
C4::Log::logaction and C4::Log::GetLogs functions.

In logaction, it falls back to C4::Context->interface if ommited.

To test:
- Run
  $ prove t/db_dependent/Log.t
=> SUCCESS: Tests pass
- Sign off

Sponsored-by: NEKLS

Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:01:50 +00:00
25cdf47895 Bug 16829: DBIx update
Sponsored-by: NEKLS

Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:01:50 +00:00
95fff37db8 Bug 16829: Add 'interface' to the log viewer
This patch introduces the 'interface' filter to the log viewer.

To test:
- Apply the patch
- Open the log viewer
=> SUCCESS: As default, 'All' interfaces are chosen. OPAC, Intranet and SIP are presented
- Do a lot of log searches, verify that the interface column shows what is expected.
=> SUCCESS: The chosen 'interfaces' are kept when rendering results.

Sponsored-by: NEKLS

Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:01:49 +00:00
baeba970f7 Bug 16829: make logaction and GetLogs aware of the interface column
This patch changes the logaction API so it accepts a new 'interface' param.
Current code calling logaction is not changed, and this parameter can be ommited
in most contexts, and it will correctly fall-back to C4::Context->interface.

Unit tests are provided on a different patch.

GetLogs gets patched as well, so it can be required to filter by 'interface' param.

Sponsored-by: NEKLS

Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:01:49 +00:00
8a135fd21a Bug 16829: Add 'interface' column to action_logs
This patch introduces a new column for the action_logs table. It is
called 'interface' and it is intended to store the interface in which
the action was performed.

Sponsored-by: NEKLS

Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:01:48 +00:00
Olli-Antti Kivilahti
9237fe6763 Bug 14844: Corrupted storable string. When adding/editing an Item, cookie LastCreatedItem might be corrupted.
No idea how to replicate this issue but we have been getting several reports
about the following error:

Software error:

Corrupted storable string (binary v2.9) at /usr/lib/perl/5.18/Storable.pm line
417, at /home/koha/kohaclone/cataloguing/additem.pl line 375.

TEST PLAN:
1. Add or modify an Item.
2. No observed changes.
?. We don't know what causes this but we know that add/modify Item occasionally
   crashes due to failure of a cookie thawing.

This patch prevents the whole program from dying, because this error is not
critical enough to warrant dying.
Also there is no centralized mechanism in Koha for showing messages to the
user, so there is no easy and convenient way to warn the user that the:
'LastCreatedItem'-cookie or the systempreference 'PrefillItem' is
malfunctioning.

So we instead just warn to the server logs with the malfunctioning cookie in
hopes of nailing down what causes the issues.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:00:31 +00:00
Indranil Das Gupta (L2C2 Technologies)
6fcd32a75c Bug 17103 - Google API Loader jsapi called over http
This patch replaces the hardcoded protocol ("http") from the URI with
https since that is what Google defacto uses to serve JS resources
Prevents MIXED CONTENT failure, allowing GoogleIndicTransliteration
to function correctly when used in SSLized OPACs.

Test plan
---------

1/ Make sure your OPAC is being served both over HTTP and HTTPS
2/ Set GoogleIndicTransliteration syspref to "Show"
3/ Access the OPAC over http, Google transliteration element will
   show up in masthead searchbox.
4/ Access the OPAC over https. The element will not show. Console
   will show MIXED CONTENT error and failure of google loader.
5/ Apply patch. Repeat steps #3 and #4 again. Now in both cases
   GoogleIndicTransliteration will work.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 17:59:43 +00:00
Mirko Tietgen
21593d8e1d Bug 17084 - Automatic debian/control updates (master)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 17:59:00 +00:00
Tomas Cohen Arazi
007d2feee6 Bug 16974: Make koha-plack should check and fix log files permissions
This patch adds a function to the koha-plack script so it checks for log file
existence and its permissions. This function is called from the start_plack function.

If some of this conditions are not fulfilled, it solves the situation by either
touching and/or changing the permissions accordingly for the instances' plack log files.

To test:
- Run (on kohadevbox):
  $ cd kohaclone
  $ debian/scripts/koha-plack --start kohadev
  $ debian/scripts/koha-plack --stop  kohadev
  $ ls /var/log/koha/kohadev/plack*
- Verify ownership of the created files (they might belong to the root user)
- Apply the patch
- Run:
  $ chown root:root /var/log/koha/kohadev/plack*
  $ debian/scripts/koha-plack --start kohadev
  $ ls /var/log/koha/kohadev/plack*
=> SUCCESS: Files belong to kohadev-koha:kohadev-koha
- Run:
  $ debian/scripts/koha-plack --stop  kohadev
  $ rm /var/log/koha/kohadev/plack*
  $ debian/scripts/koha-plack --start kohadev
  $ ls /var/log/koha/kohadev/plack*
=> SUCCESS: Files are created and belong to kohadev-koha:kohadev-koha
- Sign off :-D

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 17:58:19 +00:00
Mark Tompsett
ac4a058b05 Bug 16885: koha-stop-zebra should be more sure of stopping zebrasrv
This patch follows Galen's suggestion in comment #7.

TEST PLAN
---------
1) Back up your koha logs as desired.
2) add something to /var/log/koha/{instance name}/intranet-error.log
3) ps aux | grep zebra
4) logrotate -f /etc/logrotate.d/koha-common
5) ps aux | grep zebra
   -- the zebrasrv and daemon process for zebra indexing
      didn't restart.
6) apply this patch against /usr/sbin/koha-stop-zebra
7) sudo koha-start-zebra {instance name}
8) ps aux | grep zebra
   -- the processes should have started up again.
9) add different junk to /var/log/koha/{instance name}/intranet-error.log
10) ps aux | grep zebra
11) logrotate -f /etc/logrotate.d/koha-common
12) ps aux | grep zebra
    -- the process ids for the zebrasrv and daemon processes should
       be different, but the number of processes is the same as before.
13) sign off, because its less ugly than comment #3

Sponsored-by: Tulong Aklatan

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Works as expected, no regressions found.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 17:57:15 +00:00
Mirko Tietgen
6df8614142 Bug 15200 - t/Creators.t fails when using build-git-snapshot
ttf-dejavu was missing from the build dependencies.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-16 16:44:44 +00:00
e16019f27b Bug 7741 - DBRev 16.06.00.013 - Add IGNORE to insert in case of backporting
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:20:06 +00:00
Hector Castro
71d20a8c3b Bug 16944: Add "email" and "url" classes when edit or create a vendor
When edit or create a new vendor the two fields "email" and "website" don't test
if the data provided is right. When you add a direction like
"koha-community.org" without the protocol "https" the program redirect to an
404 error.

To reproduce the issue:
1-Go to Acquisition and create a new Vendor
2-Fill the field Website with koha-community.org
3-Use an email without at sing (@)
4-Notice that there is no error
5-Save
6-Go to the vendor created (/cgi-bin/koha/acqui/supplier.pl?booksellerid=1)
7-Click in Website: koha-community.org -> redirect to an 404 error
8-Notice the bad mailto:

To test:
-Apply patch
-Reproduce step 1 to 8 with the same vendor or create a new one
-Enter multiple wrong and valid urls
-Enter urls with and without protocols http, https, ftp
-Enter wrong and valid emails

NOTE: The classes used are taken from 'branches.tt'
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
no longer allows entering of improper website urls or incomplete email addresses.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:18:34 +00:00
Marc
865557e05c Bug 16953: Acquisitions home: Remove trailing &rsaquo; from breadcrumbs
The breadcrumb on the Acquisition's home page reads: Home > Acquisitions >
This tiny patch removes the trailing > (&rsaquo;)

Amended: Remove the link on 'Acquisitions' as well...
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:17:14 +00:00
Hector Castro
67a65ba16f Bug 16964: Fix capitalization for "Report Plugins" in reports-home.tt
Fix capitalization for "Report Plugins" in reports-home.tt according with
Coding Guidelines <https://wiki.koha-community.org/wiki/Coding_Guidelines#HTML4:_Upper_and_lower_cases_in_strings>

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:16:09 +00:00
Marc
4a691fda16 Bug 16989 - Advanced search form does not display translated itemtype
In Staff client, the advanced serach form does not display the
translations of item types.

(Note: It is not necessary to have translations installed to verify
this bug.)

Prerequisites:
- Go to Home > Administration > Item types administration
- Edit e.g. item type "BK" (Book)
- Near "Description", click link "Translate into other languages
- If you have other languaes installed, add translatons for those
- If you have an Englis only installation, add a "translation" for
  English, make sure that you can identify it while testing (I
  used "BOOOOOOOOOOOOKS")

Verify:
- Go to Home › Advanced search
- Verify near "Limit to any of the following" that the description for
  itemtype BK reads "Book" instead of "BOOOOOOOOOOOOKS"

Test:
- Apply patch
- Verify that the item type description now reads ""BOOOOOOOOOOOOKS"
- If you have a multi language installaton, verify that item types
  you translated display as appropriate

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:14:19 +00:00
c3badb0c57 Bug 17052: Display patron category description in the sidebar of paycollect
The patron category description is not passed to the template in
paycollect.pl

Note: The Categories TT plugin should be used here...

Test plan:
Go on paycollect.pl and confirm that the patron category description is
now displayed in the sidebar.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Brendon Ford <brendon.ford@manhattan.edu>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:12:22 +00:00
dbfda36767 Bug 17055 - Add classes to different note types to allow for styling on checkins page
Returned items may have 3 kinds of notes, patron, item public, and item
non-public. However, the html markup for them does not allow us to
distinguish which type we are seeing. It would be good to add classes
for each of these note types.

Test Plan:
1) Check out an item to a patron
2) Add a patron note, a public item note, and a non-public item note
   to the patron and item you used
3) Check in the item and instead the html, note the each note span
   now has a class to distinguish which type of note is being displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:11:11 +00:00
Marc
d76737ba7d Bug 17078 - Format fines on opac-account.pl
To verify:
- Log in to OPAC as a user who has fines or credits
- Go to page "your fines"
- Verify that values for "Fine amount", "Amount outstanding"
  and "Total due" are not formatted as defined in syspref CurrencyFormat
  (e.g. for FR)

To test:
- Apply patch
- Repeat steps above
- Verify that values are formatted as appropriate with different
  settings for syspref CurrencyFormat

Note: This patch does not force text alignment to the right.
      Text alignement can be done using syspref OPACUserCSS
      (td.sum, td.credit, td.debit)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:10:21 +00:00
Marc
6359922847 Bug 17076 - Format fines in patron search results table
Format the values in patron search results following syspref CurrencyFormat.

To verify:
- Search for patrons who have fines or credits
- In result table, column 'Fines' does not respect syspref CurrencyFormat
  (e.g. for FR)

To test:
- Apply patch
- Repeat steps above, verify that fines display as appropriate
- Change syspref Currencyformat, verify display

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:05:48 +00:00
Colin Campbell
cc6fc0800c Bug 17081 Incorrect comparison operator used in edifactmsgs.pl
Numeric comparison operator is used where string comparison required,
resulting in the following warning in the log: 'Argument "delete" isn't
numeric in numeric eq (==).'

This patch corrects it to use 'eq' not '==' to compare strings.

To test, apply the patch and go to Acquisitions -> EDIFACT messages.

Delete an EDIFACT message. There should be no error in the error log.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:03:37 +00:00
Chris Cormack
0ef3b19dbd Bug 16969 cgi->param used in list context in opac-memberentry.pl
To test
1/ Hit the page, notice the warning in the log
2/ Apply patch
3/ Hit page, notice no warning in the log
4/ Test functionality all still works

Works as expected. (Note: See Bug 16960 for updating patron details).
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:02:05 +00:00
72150ee759 Bug 17040: Fix translation on context menu when editing items
Test plan:
update and install translated language files
On the item list (cataloguing/additem.pl) the context menu should be
translated (Edit item/Delete item)

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:56:08 +00:00
5995bd77a6 Bug 17020: Do no pass findborrower to the template
Indeed, it's not used!

Test plan:
  git grep '\[% findborrower'
should not return any result.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:55:00 +00:00
034f939a44 Bug 16894: Regression - Display email on patron search results
Bug 10318 added the email to the patron search results but it has been
removed later.
This patch reintroduced it where it was (no new column).

Test plan:
Search for patrons and confirm that the emails are displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:54:00 +00:00
phette23
aa2f56fa1a Bug 16806: no error message for 'too_soon' renewal
To test:
-  for a particular item type & patron category, configure a non-zero
"no renewal before" date so items can't be immediately renewed
- sign in as a patron in aforementioned patron category
- check out an item of aforementioned item type
- go to your renewals page in OPAC /cgi-bin/koha/opac-user.pl
- an error messages appears in the div.alert.dialog up top

Sponsored-by: California College of the Arts
Signed-off-by: Brendon Ford <brendon.ford@manhattan.edu>

Signed-off-by: Irma Birchall <irma@calyx.net.au>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:52:27 +00:00
62d16aa6b7 Bug 16776: Do not forget external language choice in language switcher
If language is set by external link language switcher does not work

To reproduce:

- Have a multilingual koha installation, let's say en, de-CH, fr-FR and it-IT
- Create external links e.g. from your multilingual library website to each language variant of OPAC:

...cgi-bin/koha/opac-main.pl?language=en
...cgi-bin/koha/opac-main.pl?language=de-CH
...cgi-bin/koha/opac-main.pl?language=fr-FR
...cgi-bin/koha/opac-main.pl?language=it-IT

Each link opens fine displaying the language as appropriate.

Now try to switch language on the page you just opened via the external link.

It won't work, it will always stay on the language defined by the external link.

To test:
- Apply patch
- Repeat steps above
- Verify that the language switcher works
- Verify in browser address field that after switching language, the param 'language= 'has vanished from url string
- Try links with multiple params and with params containing 'language', e.g.
  ...cgi-bin/koha/opac-search.pl?language=fr-FR&q=language&mylanguage=test
- Verify that only the parameter 'language=' vanishes

Tested counter patch, works as well.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:51:33 +00:00
Marc
5dd9a2546a Bug 17082: Translatability: Fix sentence splitting in member.tt
This patch fixes sentences splitting in file
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt

Fix is done with a new .inc file because the code is the same as in
koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt

To test:
- Carefully review code changes
- Test on a fresh install without example data (or save database
  and test with empty tables 'branches' and 'categories')
- Go to Home > Patrons (members-home.pl)
- Verify that a warnings appears aubout missing libraries and patron
  categories
- Try to add a new patron (memberentry.pl)
- Verify that the same messages are triggered
- Verify that messages disappear as appropriate as soon as a library and
  a patron category are defined.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Note: Filed Bug 17093 for JS error on patron entry form.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:49:48 +00:00
c31213ba4f Bug 16848: Prevent invalid warning to be carped from output_pref
From Koha::DateUtils::output_pref:

   $dt = eval { dt_from_string( $str ) } if $str;
   carp "Invalid date '$str' passed to output_pref\n" if $@;

This second line is wrong: if $str does not exist, the first line is not evaluated and $@ could be filled with previous error.

To reproduce:

Then:
  prove t/DateUtils.t
will display:
t/DateUtils.t .. 20/60 Use of uninitialized value $str in concatenation (.) or string at Koha/DateUtils.pm line 217.
Invalid date '' passed to output_pref
 at t/DateUtils.t line 233.
t/DateUtils.t .. ok
All tests successful.
Files=1, Tests=60,  2 wallclock secs ( 0.02 usr  0.00 sys +  1.40 cusr  0.00 csys =  1.42 CPU)
Result: PASS

Test plan:
Without this patch, you should not see the carp

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:43:34 +00:00
Katrin Fischer
09d7a47f1f Bug 17074: Follow-up: fixing encoding issues with multiple search terms
If there was more than one search term you could see that that it
was url encoded. Also problems with search terms with umlauts and
other diacritics.

Patch should fix that.

https://bugs.koha-community.org/show_bug.cgi?id=17074
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:38:17 +00:00
Katrin Fischer
8d7e62b808 Bug 17074: Fix links in result list of 'scan indexes' and keep search term visible
The 'scan indexes' search that can be reached from the
advanced search has 2 problems to begin with:

- The search term you searched for is not displayed
  in the input field.
- The links in the result list are missing the index
  and because of that, are not giving the correct results.

To test:
- Go to the advanced search, select an index to search in
- Enter a search term and check 'scan indexes'
- Submit search
- Check if the search term is visible in the input box
- Check if the result links contain your selected index
  and give you correct results (count and the number of
  results should match)

Tested both patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:38:16 +00:00
aa0e27ea08 Bug 17053 Clearing search term in Reports
If you click the clear button to clear the search term it does take the search
term away. However, the next time you click on "Saved reports" the search term
is still there.

TO TEST:

1. Reports > Use saved
2. Filter on anything (date/author/keyword). Let say "foo" in keyword.
3. Click the Clear link on the Filter form. You can see that "foo" is removed
   from keyword, and all the saved reports are displayed.
4. Click "Saved Reports" on the left. You can see that "foo" reappears in
   keyword filter.
5. Apply the patch, and repeat steps 2-4.

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:37:05 +00:00
06d1259e56 Bug 16992: FIX CSRF in member-password.pl
If an attacker can get an authenticated Koha user to visit their page with the
url below, they can change patrons' passwords
/members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked

Test plan:

Trigger
/members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked

=> Without this patch, the password will be updated
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:34:02 +00:00
2785183a6b Bug 16992: [QA Follow-up] Member-password should pass an userid
If we do not fill a new userid, we should keep the old one.
Script member-password should pass that to Koha::Patron.
Otherwise things go wrong.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Without this patch, you could effectively disable a login.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
2016-08-10 13:34:01 +00:00
01e041ca40 Bug 7441 - DBRev 16.06.00.013
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:28:20 +00:00
86144a65e0 Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:26:00 +00:00
0fe7a4aa8e Bug 16929: [QA Follow-up] Shortcut methods and use statements
Resolves the following comments:

I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:26:00 +00:00
523d0be9dc Bug 16929: Prevent opac-memberentry waiting for random chars
Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
    take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

Tested all 3 patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:25:59 +00:00
09d0b1310b Bug 16993: Fix CSRF in memberentry.pl
If an attacker can get an authenticated Koha user to visit their page
with the url below, they can change patrons' passwords or other
patrons'details

members/memberentry.pl?op=save&destination=circ&borrowernumber=3435&password=ZZZ&password2=ZZZ&nodouble=1

Test plan:

Trigger
members/memberentry.pl?op=save&destination=circ&borrowernumber=42&password=ZZZ&password2=ZZZ&nodouble=1

=> Without this patch, the password will be updated
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: removed the commented use Digest::MD5-line.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:25:25 +00:00
Mirko Tietgen
893f6cc263 Bug 17087 - Set Test::WWW::Mechanize version to 1.42
This was set to a version that is not available in Wheezy or Jessie.
The version is not required, the only change to 1.42 (packaged for
Wheezy and Jessie) is a fix for Windows, see
http://cpansearch.perl.org/src/PETDANCE/Test-WWW-Mechanize-1.44/Changes

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:23:43 +00:00
Mark Tompsett
22c851cc2f Bug 10148: Marc21 field 007 builder improper reload values
The more correct solution is fix that template file.
However, in the mean time, this works.

TEST PLAN
---------
 1) find a record
 2) edit record
 3) click value builder for 007
 4) change everything to pipes as much as possible.
    (use Motion Picture to get all 00-22 values)
 5) save
    -- should save just fine.
 6) click the value builder again
    -- OOPS! Bad reload.
 7) prove t/db_dependent/FrameworkPlugin.t
    -- NOISY 007 messages.
 8) apply patch
 9) click the value builder again
    -- good reload
10) prove t/db_dependent/FrameworkPlugin.t
    -- No noise related to 007.
11) run koha qa test tools.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:22:27 +00:00
b543fa74fe Bug 17038: Fix XSS in catalogue/search.pl
Test plan:
Search for something like:
  \";alert(1)//135

=> Without this patch you will see the alert
=> With this patch, no more alert

Note that this fix the parameters idx, q and op

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:20:51 +00:00
96a9c2715e Bug 17036: Fix XSS in circulation.pl
Test plan:
Enter the following in the "Check out" tab:
"><script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:20:07 +00:00
12b4c83f5a Bug 17021: Fix XSS in circ/returns.pl
Test plan:
Enter the following in the barcode input:
<script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:18:54 +00:00