This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies rotating collections templates to use the
Bootstrap grid instead of YUI.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Tools -> Rotating collections
- View rotating collection
- Transfer rotating collection
- Edit rotating collection
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client's rotating collections templates so
that JavaScript is included in the footer instead of the header.
The patch moves JavaScript from each template and the rotating
collections toolbar into a single external JavaScript file.
To test, apply the patch and test the JavaScript-driven features of
each page: All button controls, DataTables functionality, form
validation, etc.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch prevents adding items to invalid (empty)
rotating collection id
To test:
1) Go to /cgi-bin/koha/rotating_collections/addItems.pl
2) Try to add an item, you get error show in attached pictures
3) Apply the patch
4) Go again to /cgi-bin/koha/rotating_collections/addItems.pl
5) Can't add any items
I don't know if this is a real problem
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Followed test plan from patch 1/2, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This follow-up makes drastic changes to the templates in order to bring
them into compliance with established patterns and markup guidelines.
Only minor changes are made to perl scripts.
Changes:
- Add a toolbar include for displaying new, edit, transfer, and delete
buttons.
- Improve title and breadcrumbs with collection titles and better
specificity.
- Correct page structure which was inconsistent with the markup of
similarly-structured pages.
- Correct styling of error and informational messages.
- Added detailed error messages for a couple of conditions which were
not defined in the template.
- Add link to the detail page of titles which are in a collection using
the view defined in the IntranetBiblioDefaultView preference.
- Add a link to remove an item from a collection directly without having
to scan the barcode.
- Add client-side validation to collection creation form.
- In RotatingCollections.pm, add biblionumber to the list of columns
returned by GetItemsInCollection.
- In rotating_collections/*.pl, remove obsolete declaration of system
preference variables.
To test, perform all the operations associated with Rotating
Collections:
- Add a new collection
- Edit an existing collection
- Add items to a collection
- Remove items from a collection (via barcode and link)
- Test the behavior of all new toolbar buttons
- Verify that titles and breadcrumbs look correct and links work
correctly.
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Test Plan:
In "Tools" -> "Rotating Collections" -> "Add/Remove items":
When adding item barcodes to the collection, the input field
<input type="text" id="barcode" name="barcode">
should become active
automatically so it is easy to add multiple barcodes rapidly without touching the
mouse or keyboard.
Enter-press is dealt by the barcode reader so automatic form submittal should be handled
by the barcode reader.
In "Rotating collections" -> "Transfer Collection":
When the collection is initially transferred, items are set to trasfer correctly.
When the collection is transferred while items are still being transferred, the transfer
destination library doesn't change from the original one.
The holding library changes for all items in the collection to the destination library on
retransfers as well.
This is tricky if a user accidentally places the wrong destination.
When I try to checkin these items to their new retransfer location, I get the following messages:
-"This item is part of a rotating collection and needs to be transferred to <original transfer destination>"
-"Please return Valkoinen ihmissyj / to <original transfer destination>"
-"Print slip or Cancel transfer"
When I checkin a Item to a arbitrary branch, I get the following messages:
"This item is part of a rotating collection and needs to be transferred to <retransfer destination>"
"Please return Valkoinen ihmissyj / to <original trasfer destination>"
Bug 8836 - Resurrect Rotating Collections - QA Followup
Bug 8836 - Resurrect Rotating Collections - Followup 2 - Perltidy rotating collections scripts
Bug 8836 - Resurrect Rotating Collections - Followup 3
* Fix bad TT Tag
* Fix bad sql query
* Fix capitalization ( HTML4 )
* Allow a rotating collection's location to keep AutomaticItemReturn
from sending it back to the branch of origin
* Fix bad query
Bug 8836 - Resurrect Rotating Collections - Followup 4 - Autofocus on barcode field
Bug 8836 - Resurrect Rotating Collections - Followup 5 - Don't transfer issued and waiting items
Items in a rotating collection are automatcially transferred when a
collection is transferred. This is a problem for currently checked out
items and items on hold marked as "Waiting".
This patch resolves this issue by skipping the transfer for those items.
When the items are then returned, the librarian will be alerted to
transfer the item to the library currently holding that rotating
collection.
Bug 8836 - Resurrect Rotating Collections - Followup 5 - Link collections.colBranchcode to branches.branchcode
Signed-off-by: jmbroust <jean-manuel.broust@univ-lyon2.fr>
Signed-off-by: Cindy Murdock Ames <cmurdock@ccfls.org>
http://bugs.koha-community.org/show_bug.cgi?id=8835
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Patch removes templates directives from HTML tags in the
rotating collections module.
The module is currently not interated into Koha's staff interface.
Fixing templats to make Jenkins happy.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>