This patch updates the staff client version of jQuery to 2.2.3. In order
to maintain compatibility with existing scripts, the jQuery migrate
plugin has also been added.
Included is the development version of the jQuery migrate plugin.
Developers could modify doc-head-close.inc to use this version if they
wanted to take advantage of its upgrade warning log.
To test, apply the patch and test JavaScript interactions everywhere in
the staff client.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
Most of the scripts called via greybox (which uses iframe) don't include
doc-head-close. But some do.
This patch adds a popup parameter for these templates, not to include
the legacy browser trick and avoid the replacement of the location.
Test plan:
1/ Export patroncard and label
2/ translate itemtypes
3/ click on a idref link at the OPAC
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Web pages that can be embedded in frames are vulnerable to cross-frame
scripting attacks. Cross-frame scripting is a type of phishing attack
that involves instructions to an unsuspecting user to follow a specific
link to update confidential information in an online application.
Because the link leads to a legitimate page from the online application
that is embedded in a frame hosted by the attackers' server, the
attackers can capture all the information that the user enters.
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Single quotes audio selector break ability to edit an alert
Test Plan:
1) Enable audio alerts
2) Add new a alert with a select containing single quotes such as: input[name*='test']
3) Note you cannot edit the alert
4) Apply this patch
5) Reload the page
6) You should now be able to edit the alert
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Bug 15734 applied on top. Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Bug 14189 added some global JavaScript to a new include file which is
included in doc-head-close.inc. Since it's included globally, there is
no reason not to move it to staff-global.js. This patch does so.
To test, apply the patch and clear your browser cache if necessary.
- Navigate to any page in the staff client which has multiple header
search tabs.
- Type something in one of the tabs.
- Switch tabs. Verify that your text was copied to the newly-displayed
form field.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
To test:
-Check that the space near to exclamation mark (!) is fixed
Signed-off-by: Briana <brianagreally@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch enable use of IntranetUserCss on staff client
login page.
To test:
1) Add something to IntranetUserCSS to modify login page,
for example
#login h1 a {
height:30px;
}
2) Logout from staff client, no changes on login page.
3) Apply the patch
4) Reload, now logo is cut in half :)
Bonus) Login again an try changing image, add
#login h1 {
background: url(http://example.com/img/other-logo.png) no-repeat top center;
}
and fix height. Logout and check
This also affects 3.20 and perhaps earlier versions.
Re-upload to fix examples
Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fixes the variable name to avoid a double-up that made it
impossible to turn off the sounds in general. If AudioAlerts
are turned off, they will only work on the audio administration
page now so you can set up and test the different sounds there.
Also fixes a little typo in the help file.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch set replaces and extends Koha's current sound options.
This is implemented be removing the existing sound system, and
re-engineering using a table of selector/sound combinations such that
the highest precedence selector that is found in the DOM will trigger
and audio alert. The existing audio behaviors are implemented as a set
of default audio alerts.
Test Plan:
1) Apply this patch set
2) Run updatedatabase.pl
3) Enable the AudioAlerts system preference
4) Test existing sounds
5) Enter the new alerts editor in the admin section
6) Add a new audo alert with the following selector:
"body:contains('Check in message')",
choose any sound alert you wish, make sure it's not one of the 3
sounds already used! Make this selector precedence 1
4) Browse to the checkins page, you should hear the default sound
5) Attempt to return an invalid barcode, you should hear your custom sound!
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Font Awesome is similar to Glyphicons included in Twitter Bootstrap,
except better in every way and more Free.
Test Plan:
1) Apply this patch
2) Edit the template for a page, and add a Font Awesome tag to it,
examples can be found here:
http://fortawesome.github.io/Font-Awesome/examples/
3) Reload the page and verify the icon displays.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
Apply the patch and see that the text now is there in the search
box when clicking the tabs: check in, check out etc..
(More files changed for persistent text in searchbox)
Sponsored-by: Halland County Library
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
This is something I have wanted quite a few times over the years...
Tested by going to every main area of Koha, entering some random
text into the search box and then clicking on all the available tabs
to check that the entered text is carried over to all the boxes.
There are a couple of places where text is not carried over, but I
guess that might be because one of the boxes is structurally
different to the others. These are:
- "Vendor search" and "Orders search" in Acquisitions
- "Search subscriptions" in Serials
I have not looked at how this is implemented, just that it works as
it should.
Bug 14189 refactor after failed QA.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Amended patch: replace tabs with spaces
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To match IntranetUserCSS, intranetuserjs should be renamed
IntranetUserJS.
Test plan:
1/ Be sure there is no occurrence of intranetuserjs
2/ Confirm the pref still works as before
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Worked before and after updatedatabase.pl, though after
is less confusing to the person unaware of case insensitivity.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
http://bugs.koha-community.org/show_bug.cgi?id=12150
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No bug number on description
No commit message
No test plan
No koha-qa errors
I only signed this because it's useful for translations
but we can live without it, so is up to QA now
Tested some easy messages (e.g. syspref saving), and
updated PO files to check new strings.
Inspected the code, I think that there are no errors.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The qTip plugin is out of date and incompatible with recent versions of
jQuery. This patch replaces use of qTip on the patron search form with a
Bootstrap tooltip implementation.
To test, apply the patch and view /cgi-bin/koha/members/members-home.pl
- Expand the patron search form by clicking the [+]
- Change 'search fields' from 'Standard' to 'Date of birth'
- A tooltip should appear giving details about the date format required
- Change the 'search fields' to something else. The tooltip should not
appear.
Revision: Removed inclusion of qTip plugin from global header include.
The other instance of qTip usage occurs on a page which loads the plugin
separately.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
To old plugin prevents the upgrade to the latest jquery. By replacing
with openjs' shortcut.js, we have now one less hurdle in upgrading
Koha to latest.
Changes:
- removed jquery.hotkeys.min.js
- added shortcut.js
- modified the related includes (doc-head-close.inc and help-top.inc)
- modified the calls in staff-global.js
Regression test:
1) apply the patch
2) in the intranet, test the shortcuts alt-q, alt-r, alt-u.
These are the only affected functionalities. There is no new functionality.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script. Tested existing
shortcuts for the search bar tabs on various circulation
related pages.
This uses a Javascript under BSD license, I wonder if it
should be listed in the About>licenses section that we
are using it. As Yui is also BSD I assume the license is
compatible.
+/**
+ * http://www.openjs.com/scripts/events/keyboard_shortcuts/
+ * Version : 2.01.B
+ * By Binny V A
+ * License : BSD
+ */
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Move the favicon files for OPAC and staff so that they are not
blocked by the Apache configuration change introduced by the
patch for bug 9812.
Note that this patch makes the favicon customizable by theme,
not both theme and language.
To test, after applying the patch.
[1] Open pages in the OPAC and staff client. Verify that the favicon
is displayed in the usual place in your web browser. Specific pages
to test include
- circulation receipts and slips
- help
- lists view
- web-based self-checkout
[2] Verify that the Apache logs do not contain entries like this:
client denied by server configuration: {...}/prog/en/includes/favicon.ico
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Verified that the favicon displays correctly. Also
tried changing favicons for staff and OPAC using the
system preferences for those. This still works, where
the system preferences are correctly supported in the
templates.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
doc-head-close.inc contains a reference to "wizard.css" which doesn't
exist. The option to include it never evaluates as true, and that
section can be removed from the template.
To test, apply the patch and view any page in the staff client.
Everything should be styled as before. A search of the Koha source
should return no references to "wizard.css" or a "wizard" variable.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
No occurrence of "wizard" in pl/pm files.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Passes koha-qa.pl
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
There are no pages in the staff client which use YUI JS assets other
than basketgroups.tt. The links to YUI assets can therefore be removed
from the global include and put directly into the basket groups
template.
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script. Really nice to see YUI go.
Checked that the drag&drop functionality in basket groups still works.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Works with all date formats
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
A grep on the stylesheet names revealed that similar code was used in those
template files.
This patch moves the code from doc-head-close.inc to a new include file.
Now, doc-head-close and the help templates refer to that one file.
Test plan:
If you tested the preceding two patches, now you only need to:
1) Check included css via page source in browser from staff main page.
2) Check it also from some other location.
3) Check again from Help: e.g. /cgi-bin/koha/help.pl
4) Check again from Edit Help: /cgi-bin/koha/edithelp.pl
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Template only, no string changes.
Tested according to test plan.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Allow a relative path (within theme/css) in intranetstylesheet too.
Allow a full path, local or remote with http(s), in intranetcolorstylesheet.
This restores consistency between opac and staff.
Test plan:
First: the patch with the db revision should have been applied. And also the
updatestructure step from the web installer should have been run.
Clear intranetstylesheet. Check included stylesheet with page source in browser.
Enter a full path with http or / in intranetstylesheet. Check again.
Enter a relative path (such as staff-global.css). Check again.
Clear intranetcolorstylesheet. Check if there is no reference with page source.
Enter a full path with http or / in intranetcolorstylesheet. Check reference.
Enter a relative path (such as blue.css). Check again.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch tweaks a few templates, and enables right-to-left
flipping via CSS in the staff client.
Signed-off-by: Karam Qubsi <karamqubsi@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Amended patch, putting back author and adding sign off.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch adds the jQuery "Validation" plugin
(http://docs.jquery.com/Plugins/Validation) and includes it by
default in the staff client along with an include file containing
translatable strings for all of the plugin's possible messages.
The staff client's main JavaScript file has been modified to perform
automatic validation of any form with the class "validated."
For a simple example I have modified the library entry form
to mark required fields as required (something which had not
been done before). Each required field has been given a class,
"required" and the HTML5 attribute "required." The former adds
the hook for the plugin, the latter adds browser-based validation
in recent browsers (and which will be superceded by the plugin
if JavaScript is enabled).
This will check for inputs classed "required" without any
additional configuration. More complex forms (with specific
data types, for instance) will require more inline JavaScript
configuration.
$("#FormID").validate({ /* configuration details */ });
Also added to the library entry form are checks on the email and URL
fields via classes ("email" and "url", respectively). This demonstrates
validation of content without forcing the field to be required.
To test, go to Administration -> Libraries and Groups and choose
"New library." Submit the form without entering a library code
or name. You should be prevented from submitting the form and be
shown an error message by each field. Perform the same check with an
existing entry.
To test browser-based validation, disable JavaScript and follow
the same procedure.
Revision rebases the patch against current master and adds missing
"//<
