This patch removes the "type" attribute from <script> tags in several
authorities templates. Also removed: Obsolete "//<![CDATA[ //]]>"
markers.
To test, apply the patch and confirm that examples of affected pages
work properly without any JavaScript errors in the browser console:
- Authorities -> Search -> View authority record
- Authorities -> Search -> Edit authority record
- Cataloging -> New record
- Trigger the authority search form by clicking the plugin link next
to a tag which has been linked to an authority type (e.g. 100a ->
Personal name).
- Search for an authority record.
- Select an authority record.
Validating the HTML source of any of these pages should return no errors
related to the "type" attribute.
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=22797
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>
Amended patch: replace tab characters with spaces
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
When viewing authority MARC records in the staff client (detail view), the
MARC tags were not displaying with the tag_num, tag_desc, tag_ind1,
tag_ind2, and desc classes, which made it impossible to add styles
to these specific parts of a MARC tag. This commit adds these
styles (which are the same as the classes in the bibliographic
MARC detail display).
To test:
1) Open the staff client, then click Authorities.
2) Search for an authority record.
3) Click on Details.
4) Examine some MARC fields. Note that the entire tag title line
is in a single <div>.
5) Apply this commit.
6) Repeat steps 1-3.
7) Notice that the tag title line is now separated into several
spans, each with their own classes.
Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates several single-column Authorities module templates to
use the Bootstrap grid.
- authorities-home - The home page of the Authorities module.
- authorities.tt - The authority add/edit page.
- blinddetail-biblio-search.tt - Not really testable -- It's the small
popup window which appears during the process of linking an authority
to a MARC record.
- detail.tt - The authority detail page. Search for an authority record
and click on the "details" link in the search results.
- merge.tt - From a list of authority search results, select "Merge"
from the Actions menu of two authority records. Test both the initial
selection screen and the source/destination merging view.
- searchresultlist.tt - The authority search results page.
Each of these pages should look correct, with a single centered column
with wide margins on either side. At lower browser widths the margins
should disappear.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies even more staff client authorities templates so
that JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
- Authorities
- New from Z39.50
-> Search
-> Results
- New from Z39.50
- Deletion confirmation
- Merge records -> Merge
- Tabs
- Tag selection
-> Authority detail
- Tabs
- Deletion confirmation
- New from Z39.50
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
Read the changes and make sure they make sense
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Good catch from Jonathan. See comment11.
Authorities detail should pass a CSRF token to authorities-home when
deleting a record without linked biblios.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Passing the token with GET is not a good way to do, but nothing quick to
replace that.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the obsolete "border" attribute from <img> tags.
Browsers haven't applied an border to images by default for years.
There should be no visible changes as a result of this patch. It only
affects HTML validation. If you want to test the affected pages, apply
the patch and confirm that images look correct on these pages:
- In the patron sidebar menu, if patron images are enabled.
- On the authority MARC subfield structure administration page, only
some obsolete markup is affected (See Bug 16367).
- I don't know how to trigger display of the "filefind.png" image on
authority and bibliographic detail pages. Possibly unused markup?
- On the advanced search page, itemtype/collection/shelving location
images should look correct.
- When viewing existing holds for a title, the arrow images used for
changing the position of a hold in the list should look correct.
- When viewing a list of MARC modification actions, the arrow images
used for changing the order of actions should look correct.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
EDIT:
Fixing typo: records(s) -> record(s)
On details page, if authority is not used in any records, the page will display a more used friendly message: "This authority is not used in any records."
To test:
1) Do an authority search on authorities-home.pl. Notice that authorities not used in any records have a clickable link (under 'Used in:' column) which redirects to a catalog search with no results
2) Go back to your authority search results on authorities-home.pl and click 'Details'. Notice that under the auth name, there is a 'Used in X records' link that again returns a catalog search with no results.
3) Apply patch
4) Repeat steps 1, 2. Authorities not used in any records should no longer have clickable links and links to authorities which are used in records should work as expected.
5) Confirm it now says record(s) instead of records(s)
6) Confirm that on detail page for an authority which is not used by any records, it now says more friendly message.
Sponsored-by: Catalyst IT
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch makes the string "Are you sure you want to delete this
authority?" translatable using the function _(...)
To test, apply patch and check that deleting authorities still works.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Tested successfully with the following procedure:
1. Applied the patch.
2. Ran perl translate update de-DE
3. Edited de-DE-i-staff-t-prog-v-3006000.po to add a "translation"
4. Removed "#, fuzzy" marker from po entry.
5. perl translate -v install de-DE
6. Testing deleting an authority from the authority search results page
and from the detail page. My translated string appeared correctly.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch replaces the XHTML DOCTYPE with an HTML5 one. The HTML5
validator seems to be significantly different than the XHTML one,
so I'm seeing lots of new errors. This patch includes corrections
for one: Deprecation of the "language" attribute of <script>
tags.
To test, view pages in the OPAC and staff client. They should
appear as normal. Numerous validation follow-ups will be required,
but I suggest these be handled incrementally.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
test on some intranet pages and I found no regression. (chromium and
firefox).
The w3c page about the doctype: http://www.w3.org/TR/html5-diff/#doctype
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This commit adds support for displaying authority hierarchies for all
flavours of MARC, not just UNIMARC. Display now uses the jQuery
jstree plugin, selected with the help of Owen Leonard, resulting in a
much faster experience for users.
Be aware that the jstree file uses tabs rather than 4-space indentation,
which I left as-is so as to make it easier to integrate upstream
releases in the future.
To test:
1) Enable the AuthDisplayHierarchy syspref
2) Create authority records with a hierarchy of see also fields
(in MARC21/NORMARC, you'll be using 5xx fields for this, with a
subfield $w=g for broader terms and subfield $w=h for narrower
terms)
3) View the authorities in the OPAC, noting the hierarchical view at
the top of the page.
This initial patch does not create bidirection linkages from
unidirectional links in MARC21 authorities. This means that when moving
up the authority hierarchy, lower levels will disappear. This is
intentional, as the first patch is intended merely to ensure that
AuthDisplayHierarchy functions the same for all marcflavours. A future
patch will add a cron job to generate the bidirectional linkages, once
we are sure that the hierarchy functionality for UNIMARC and
MARC21/NORMARC coexists peaceably.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Resolved conflicts in updatedatabase.pl, sysprefs.sql and in one of
the CSS files.
Test plan:
1) Run t/AuthoritiesMarc.t
New tests complete without any errors.
2) Make sure updatedatabase works correctly.
Update works nicely, new system preference is also added to syspref.sql
3) Make sure new terms are translatable.
Created new po files for de-DE and checked for new terms.
All translations appear correctly.
4) Make sure everything works with AuthDisplayHieararchy OFF
- Add authority
- Edit authority
- Delete authority
5) Test feature with AuthDisplayHieararchy ON
- Add authority
- Edit authority
- Delete authority
6) Add a couple of hierarchically linked authorities
Note: links have to be created in both directions
Example:
151 $aGermany
551 $a Baden-Württemberg $w h
151 $aBaden-Württemberg
551 $a Konstanz $w h
551 $a Germany $w g
151 $aKonstanz
551 $a Baden-Württemberg $w g
551 $a Fürstenberg $w h
551 $a Paradies $w h
151 $a Fürstenberg
551 $a Konstanz $w g
151 $a Paradies
551 $a Konstanz $w g
Tree shows up nicely above the authority record
- in staff
- in OPAC
- on the normal view tab
- on the MARC view tab
7) Checking the logs for warnings
- no Javascript errors or warnings
- no warnings or errors in log files
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
The correct tab is now visible on load. The problem with authtypecode
showing up in the search box is specific to UNIMARC, so I could not
check that it was gone, but I am comfortable signing off on this.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Current jQuery-driven tabs are done using a very old
version of the tabs plugin. This patch upgrades jQueryUI
to the latest version and adds the tabs widget dependency
to the jqueryui js file and updates the syntax for existing
tabs:
- $("#foo > ul").tabs(); changes to $("#foo").tabs();
- Remove full URL from tab links (use #anchor only).
Pages with "static" tabs (tabs which are built in the
markup rather than generated by the plugin) have been
modified to use their own style. Examples: pay.tt in
the staff client and opac-readingrecord.tt in the OPAC.
Edit: Minor revision to some uncorrected markup
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This is the first patch for bug 7760 and touches all pages in authorities.
This adds a unique id "auth_<filename>" and a class "auth" to the body tag of
each page in the authorities module.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Patch reworked for master using Template::Toolkit.
To+
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
