The SQL call in displayServers was not using placeholders, leaving itself open
to potential SQL injection attacks. I've rewritten it to use placeholders.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This test suite tests the several different ways that we can call C4::Koha::displayServers.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Preference was removed in patch for bug 2234; completing
removal in existing 3.0 installations via DB rev 104.
No documentation changes (deprecation of noOPACHolds
done in an earlier patch)
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch removes Image::Magick as a dependency and replaces it with
the (much) lighter GD. Functionality of patronimage code has not changed with
this conversion.
Adding errorhandling for corrupted image file and link to return to moremember.pl when called from there
Added notes about supported image mime types.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
C4::Koha::get_itemtypeinfos_of was not using plceholders, opening itself up to
potential SQL injection attacks. This patch refactors it to use placeholders to
bind parameters.
I also had to extend C4::koha::get_infos_of to allow us to pass bind parameters into it.
I'm including a test module for C4::Koha::get_itemtypeinfos_of.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch changes all $foo eq undef's to !defined($foo). It also makes misc/spellcheck_suggest/build_spellcheck_suggest.pl have proper syntax.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch corrects what appears to me to be a few defficiencies in the documentation
for C4::items::GetItemsForInventory. I noticed them while writing test methods for this sub.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The SQL in C4::Items::GetItemsForInventory wasn't using placeholders and
bind parameters, possibly leaving itself open ot SQL injection attacks. This
patch changes that.
I've also incliuded a test module for C4::items::GetItemsForInventory.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Here are a few improvments to the test suite to make it easier to write some tests
for C4::Items
I extracted "tomorrow" and "yesterday" methods from a test module into the base class
so that they could be used by multiple test modules
Adding callnumber to items added in the test suite.
I recatored KohaTest::add_biblios a bit to remove the manual count of the number of
MARC::Fields that were added.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This checks that the enrolmentfee for a category both exists, and is greater than 0, avoiding a spurious charge.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch adds code to clean out any NULL fields in rows returned
since NULL fields do not truly meet the filter criteria
It also corrects a bad db field reference.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
If a new order was created and no fund selected, a db error was thrown due to the
'bookfundid' field being set to NULL. This patch sets the first fund retrieved from
available funds as the default selection in the scrolling list.
A further enhancement might be to allow the library to choose which fund is the
default fund.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
From the bug report:
The serialsadditems syspref was ostensibly removed in DB rev 071
(http://git.koha.org/cgi-bin/gitweb.cgi?p=Koha;a=commit;h=5c41ae54e68866f9661e853376537059f4d83f70)
in favor of a new serialsadditems column in the subscription table.
However, this removal was incomplete. It is still created for new installations by:
installer/data/mysql/en/mandatory/sysprefs.sql
installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
and is used in
serials/serials-recieve.pl
serials/serials-edit.pl
admin/systempreferences.pl
Since the system preference was not removed from the sample data scripts, it
is necessary to add another DB rev to remove it - a user may have made a
fresh install of Koha after DB rev 071.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The current serialitems table structure does not provide for a *:1 relationship with
the serial table. This causes a problem when attempting to add multiple items to a given
serial. The db throws an error when attempting to INSERT in serialitems due to serialid.serialitems
being a unique key. A further side effect is that the marc record is updated with the
item inspite of the error. The mods to the serialitems table structure in this patch
drop serialid.serialitems as a key and make itemnumber.serialitems the primary key
creating a *:1 relationship with the serial table. This patch also makes serialid.serialitems
a foreign key referencing serialid.serial to maintain referential integrity.
Fix for duplicate barcode check
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
Support multiple timezones via Apache SetEnv. See the perldoc for
admin/env_tz_test.pl on how to configure and test. Minimal changes
to Context itself.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
1. restores a check to itemtype.notforloan to set the norequests flag
2. changes improper boolean OR with AND for checking conditions of setting norequests
3. displays 'Not for loan' for item-level itypes when the itemtype is set to notforloan
4. restores items.notforloan values < 0 allowing holds (ordered items for instance)
We still need a notforhold flag set at the itemtype, and items level
Due to the logic of the underlying picture-upload.pl depending upon the "value" of the
form input controls and this value being translated, the script then failed to function.
This patch changes the input controls so that this should not be an issue.
This issue should be kept in mind, though, so that it can be avoided in the future.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
staff client is defaulting to the ASNCR code instead of the blank above
For some reason the loop used to build the list of values was
setting the first value to the $value variable if $value wasn't
set already, and the default_value was inside rather than outside
the loop. I've removed the setting inside the loop and placed
the default value outide the loop. It's possible I just don't
understand what the original intention was.
Query references to the unused aqorderdelivery table caused a NULL field to be
displayed in the report results. This patch removes those references.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
&NewOrder did not save the branchcode posted with a new order. This patch adds that param.
Added code to select the branch the order is for in the branch dropdown list on
acqui/orderreceive.pl
Updating POD and tests
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This patch corrects display descrepancies when filters are applied to the
acquisitions report. It also corrects a number of other issues with this
report.
Some documentation changes may be in order based on report filters that
were only partially implimented, but are now available.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
It appears that Perl 5.10 does not like ${@$foo}[0] but rather wants $foo->[0]
The latter is also much more readable. This patch makes the change.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
C4::Context->preference was not using placeholders and was potentially vulnerable to
a SQL injectin attack. This patch refactors the method to use placeholders.
Added some tests for C4::Context.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
The lines for each item in the overdue notices were not separated by newlines. This cause them to
all be smashed together. I'm putting a newline between them.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
You've been warned :-). This patch contains a more
complete mapping of UTF-8 to ASCII. The mappings are
based on those compiled by Richard Mahoney on the
Zebra list: http://lists.indexdata.dk/pipermail/zebralist/2007-August/001707.html
Note to documentation team: we need an area in the
documentation that discusses how Koha handles searches
and indexing for words that contain diacritics, such
as E-ACUTE (vs E without an acute). If you can paste
this list of mappings from this patch directly into
the docs and it preserves the encoding that would be
great.
NOTE: I don't think this patch addresses issues of
combining vs non-combining forms, and may require
a refactor to address that.
Josh