Commit graph

9029 commits

Author SHA1 Message Date
Magnus Enger
66727e6c68 Bug 7317: QA followup
This fixes some of the issues reported by the QA script, but not all.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:42:14 -03:00
Magnus Enger
7e3c106b83 Bug 7317: (followup) Fix id and class on body tag
The HTML body tag looked like this:
<body id="acq_suggestion" class="acq">
Probably an overlooked copypasta. This patch changes it to:
<body id="illrequests" class="ill">
This should not have any visual side effects.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:42:13 -03:00
Alex Sassmannshausen
8e86b5e093 Bug 7317: Interlibrary loans framework for Koha.
This Commit is at the heart of adding an interlibrary loans framework
for Koha.  The framework does not prescribe a particular workflow.
Instead it provides a general framework that can be extended &
implemented by individual backends whose responsibility it is to
implement a specific workflow.

The module is largely self-sufficient: it adds new tables to the Koha
database and touches only a few files in the Koha source tree.

Primarily, we add our files to the Makefile and the koha-conf.xml,
define ill paths for the REST API, and introduce links from the main
intranet, opac pages & user permissions.

Outside of this we simply add new files & functionality.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:42:12 -03:00
Alex Sassmannshausen
4a1ff8534a Bug 7317: Add SQL templates & sysprefs.
* installer/data/mysql/atomicupdate/ill_tables.sql: New file.
* installer/data/mysql/kohastructure.sql: Add tables.
* installer/data/mysql/sysprefs.sql: Add sysprefs.
* installer/data/mysql/userflags.sql: Add userflags.
* koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref:
  Add sysprefs to UI.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-09 11:26:56 -03:00
0c9f01f175 Bug 19420: (Follow-up) Add errors on other pages
Fix error array (add '0' value)
Update errors on other places using upload.js

Eventually these should all be using the same code in a js file

upload.tt already dealt with these errors, but has diff code, made it
work with new error syntax

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: Removed the added js comment in upload.tt

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-08 13:31:37 -03:00
dcfe9844ec Bug 19420: Improve display of errors from failure of uploading file during stage import
To test:
1 - sudo chown www-data:www-data /tmp/koha_kohadev_upload/ (or your
                relevant dir and user)
2 - Attempt to stage a file
3 - Error message is: Upload status: Failed
4 - Apply patch
5 - Repeat upload
6 - Error is now: Failed - Directory is not writeable:
/tmp/koha_kohadev_upload
7 - Trigger the other errors if you can and note better responses

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-08 13:31:37 -03:00
529793d4ae Bug 10748: Add the ability to block return of lost items
Mimicking what does BlockReturnOfWithdrawnItems we can easily add a new
syspref to block return of lost items.
This patch adds BlockReturnOfLostItems, if set to 'Block' a item marked
as lost cannot be checked in.

Test plan:
1/ Set BlockReturnOfLostItems to 'Do not block'
2/ Check an item out to a patron
3/ Edit the item and mark it as lost (*)
4/ Check the item in
=> The item is checked in
5/ Edit the item and remove the lost status
6/ Check the item out again
7/ Edit the item and mark it as lost (*)
8/ Check the item in
=> The item is not checked in

(*) There are 2 ways to mark an item lost:
- From the item list view (/catalogue/moredetail.pl?biblionumber=42)
If you set the lost status from this form, the issue will be returned
Maybe this should be optional (?)

- From the edit items form (/cataloguing/additem.pl?biblionumber=42)
It is the form you must use to not mark the issue returned.

Sponsored-by: BULAC - http://www.bulac.fr/

Signed-off-by: Dominic Pichette <dominic@inlibro.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-08 11:07:09 -03:00
264f696510 Bug 7143: Update 'Koha development team' list
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-01 13:10:17 -03:00
84020230eb Bug 19539: (follow-up) Fix column index shift in cirulation rules
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-01 13:10:14 -03:00
63b7017bd3 Bug 19539: Fix column index shift in cirulation rules
This patch fixes an index shift introduced by bug 18857 when it introduced
a new column.

To test:
- On the Circulation and fine rules page
- Empty the value of 'Current on-site checkouts allowed' and save
- Notice 'Unlimited' shows on the saved rule.
- Click edit
=> FAIL: the 'Unlimited' string displays instead of the empty string on the editing row.
- Apply this patch
- Re-open the circ rules page
- Click edit
=> SUCCESS: An empty string fills the 'Unlimited' fields
- Sign off :-D

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-11-01 13:09:52 -03:00
790150b312 Bug 19021: Fix Inventory columns sorting
In inventory result page, items are shown in a JS DataTable.
For an inventory with barcode file second column is not sortable for no reason.
For an inventory without barcode file first column is not sortable but since it is the default sort order the sorting icon is still displayed.

This patch corrects by setting default sort order on callnumber column.

Test plan :
- perform inventory with barcode file
- look at result table
- table is sorted by callnumber
=> Without patch second column is not sortable
=> With patch all columns are sortable
- perform inventory without barcode file
- look at result table
=> Without patch first column show sort icon and table is not sorted by callnumber
=> With patch first column is not sortable and table is sorted by callnumber

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:07:26 -03:00
Marc Véron
0f6bab669e Bug 19274: Translatability: Fix new splitting problems related to database warnings
The warnings about database problems introduce new translatability problems,
mostly related to sentence splitting by html tags.

To test:
- Verify that text changes make sense
- Apply patch, verify that messages properly.
  Note: To force display you might want to add '1 ||' to the related
  if statements, including line 134,  e.g. [% IF 1 || has_ai_issues %]
- Bonus test: Go through an translation cicle and verify that fragemts as
  mentioned in initial comment are gone.

(Amended to fix tiny typo)

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:56 -03:00
7f501ba31c Bug 19231: No need to pass the size to the template
We have the array already, we just need to call .size on it

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:55 -03:00
Aleisha Amohia
eba92195b6 Bug 19231: Add number of attached items to confirm message when deleting course
To test:
1) Ensure UseCourseReserves is enabled
2) Go to Course Reserves and create 3 new courses
3) Add one item to a course, add two items to another course, and add no
items to the third course
4) Delete the course with no items. Confirm the error message shows up.
No need to say how many attached items there are here (because there are
none).
5) Delete the course with one item. Confirm the error message shows and
warns of the one attached item and makes grammatical sense
6) Delete the course with two items. Confirm the error message shows and
shows the correct number of attached items and makes grammatical sense
7) Confirm clicking 'Cancel' and 'OK' does what is expected

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Looks good!

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:55 -03:00
Aleisha Amohia
cf493b9b12 Bug 17039: Adding 'cancel' link and 'add new item' button to item edit form
To test:
1) Go the the detail page for a record on staff side
2) Edit an existing item and scroll down to Save button
3) Notice no easy way to add a new item or cancel out of the form
4) Apply patch and refresh page
5) You should now see a new button next to the Save button, 'Add a new
item', and a link 'Cancel'
6) Confirm clicking Cancel takes you back to the detail page for the
record
7) Go to edit an item again
8) Change some fields/add some info to the item
9) Click the 'Add a new item' button and a confirm box should pop up.
10) Confirm that clicking 'cancel' does NOT take you to a new page, and
your changes are still there
11) Click the button again, and this time click 'OK'
12) Confirm you are redirected to the 'add item' form

Sponsored-by: Catalyst IT

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:55 -03:00
dc8c70b745 Bug 19022: inventory location and author display
In inventory result page :
Location is displayed after branch without any difference.
Author is displayed into a paragraph making row hight.

This patch adds for location a span with class like in catalogue detail page, and changes author to be on same line in order to have a more compact display for this table that may be huge.

Test plan :
- Perform inventory with a barcode file
- Look at result
=> you see localtion in a new line after library and in italic
=> you see author after title on same line with "by" separator

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:52 -03:00
Lari Taskula
8c094e2dc3 Bug 19400: Reminder to unset gone no address flag after patron makes a modification request
Our librarians requested a reminder to unset "gone no address" flag from patron's
record once the patron has made a modification request to update their address.

I propose adding a message box under patron modification request to notify
librarians about patrons that have gone no address flag on, and an option to
unset the flag without the need of having to navigate into patron's details.

To test:
1. Apply patch
2. Set "Gone no address" flag for your test patron. You can do this by going
   to patron modification screen in staff client.
3. Go to OPAC with your test patron
4. Make a modification request for your personal details
5. Go to staff client and see pending modification requests
6. Open the request you just created
7. Observe a message dialog that says this patron has gone no address flag set
8. Check the checkbox to unset the flag and approve the modification request
9. Click Submit
10. Observe your test patron no longer has gone no address flag set
11. Repeat steps 2-7
12. Do not check the checkbox, but approve the modification request
13. Observe your test patron still has gone no address flag set
14. Remove the gone no address flag from your test patron
15. Repeat steps 3-6
16. Observe there is no message dialog for gone no address

Followed test plan, patch worked as described. Also ran QA test tools
and all modified files passed

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:51 -03:00
9daf668ca3 Bug 14919: Remove notificationdate and reminderdate
These columns are not used, we do not need to display them

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:51 -03:00
Katrin Fischer
f20a694f13 Bug 14919: (follow-up) Changed status from 'in queue' to 'pending'
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:40 -03:00
1ac5044300 Bug 14919: (followup) Show accurate status in holds history
This patch fixes the status showed in holds history table.

The determination of status is following:

1. "hold.found is 'F'" - Fullfilled - the hold was fullfilled by checking the
item to patron. If hold reaches this state, it can't changed status
anymore, or be cancelled, that's why this goes first

2. "hold.cancellationdate is filled" - When the hold is cancelled, its
eventually waiting or in transit status remains the same, only
cancellation dat is filled, so this has to go second

3. "hold.found is 'W'" - Hold is waiting

4. "hold.found is 'T'" - Hold is in transit to target library

Test plan:
0) Apply the patch
2) Read the status determination note in this commit message and confirm
it makes sense
1) Have patron/patrons with at least one hold in every status
2) Go to holds history page and confirm it show the right status
3) Try to break the status determination ;)

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:02 -03:00
Katrin Fischer
7dcd30d1d8 Bug 14919: (follow-up) Fixing some typos and adding to pref description
- Adds 'holds' to pref description of intranetreadinghistory
- Fixes typo in link to holds history from patron account
- Changes reserve date to hold date in table heading

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:02 -03:00
4fa34acc41 Bug 14919: Add holds history for patron
Test plan:
0) Have a patron with some current and old reserves
1) Go to patron circulation page
2) Notice, there is new item called "Holds history" in the left
circulation menu
3) Go to this page and confirm the data on this page are OK, and that
ui does behave as expected
4) Go to adminitration, columns setting, try to change the setting for
holdshistory table and confirm it is taken into account on holds history
page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 16:05:02 -03:00
Katrin Fischer
377c9f1589 Bug 19178: Remove outdated sms/* scripts and related files
Those files appear unmaintained and unusable with current
Koha and should be removed.

It appears at some point there was work done on a feature
to send SMS messages to a phone number using a form in
the tools area.
This has never been documented, files and git history
make it look like work remained unfinished.

sms/sms_listen_windows_start.pl
- targetted for Windows, which is not supported by Koha

00-strict.t
- reference to sms removed

sms/sms_listen.pl
- refers to a table sms_messages that doesn't exist
- uses getmember() that doesn't exist

sms/sms.pl
- script calls routines that no longer exist in SMS.pm
  error_codes(), parse_phone(), write_sms()
- template sms-home.tt is not accessible form anywhere
  in the templates

sms-home.tt
- see sms/sms.pl

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Makes sense. 00-strict.t runs OK after applying the patch.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:29 -03:00
774b9d5fd8 Bug 10267: Display the message only if the user enters too many characters
It seems better to display the warning if the user tries to enter too
many characters in the input.

Test plan:
With max=16
1. Copy/paste a string with 15, 16 and 17 characters
2. Enter a cardnumber of 15, 16, 17 characters
The warning should be displayed only the input overflows

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:28 -03:00
Aleisha Amohia
edaebf2565 Bug 10267: Show error message if user tries to enter too many characters for cardnumber
This patch displays a message if the user tries to enter more than the
max number of characters for a cardnumber.

To test:
1) Apply patch and go to Patrons -> New patron
2) Scroll down to Card number
3) Put in any characters. Notice that when you have entered the max
number of characters, you are unable to type any more.
4) Click out of the text field (so it loses focus), the error message will show up.
5) if you backspace some characters and click out of the text field
again, the message should disappear

Sponsored-by: Catalyst IT

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:28 -03:00
ad1e2a5178 Bug 13178: (QA follow-up) fix kohastructure and update info in fields
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:27 -03:00
2f2d84316a Bug 17214: (QA follow-up) Print error message too in fallback case
If the error code is not known or empty, provide the message too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested this by adding a die on shelves.pl line 180 (my $added = eval ..)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:26 -03:00
Aleisha Amohia
70d72e3d9c Bug 17214: Add records to lists by biblionumber
To test:
1) Apply patch and go to Lists
2) Click on an existing list or create a new list
3) Add items by barcode, confirm this functionality still works
4) Trigger error messages (adding duplicate barcodes, barcodes that
don't exist) to confirm they still show as appropriate
5) Test adding by biblionumber, confirm this works as expected
6) Trigger error messages (adding duplicate biblionumbers, biblionumbers
that don't exist). Confirm wording is appropriate in messages.
7) Add both barcodes and biblionumbers at the same time, confirm this
works as expected

Sponsored-by: Catalyst IT

Signed-off-by: Israelex A Veleña for KohaCon17 <israelex19@gmail.com>
Signed-off-by: Israelex A Veleña for KohaCon17 <israelex19@gmail.com>

Signed-off-by: Harold <harold.sabanal@gmail.com>

Signed-off-by: macon lauren KohaCon2017 <caballeromaricon@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17214: [FOLLOW-UP] Using Koha::Biblios instead of GetBiblio

Ready to test

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:10:26 -03:00
Aleisha Amohia
657c417a87 Bug 2093: Add OPAC Summary for logged-in users
This patch adds a summary to the OPAC once the user has logged in that
shows the users number of checkouts, overdues, holds pending, holds
waiting and total fines. We also have a syspref OPACUserSummary to turn
this feature on and off. Default is ON.

To test:
1) Apply patch and update database
2) Set up some checkouts, overdues, holds pending AND waiting and fines
for a user
3) Log into OPAC as that user, see summary. Confirm links all work as
expected
4) Confirm that if there are no checkouts / overdues etc that the link
disappears from the summary
5) Turn OPACUserSummary OFF and confirm the summary does not show on the
mainpage.

Sponsored-by: Catalyst IT

Signed-off-by: Hugo Agud <hagud@orex.es>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:04 -03:00
99e487bc71 Bug 19389: Hide library groups pull down if empty
Regression introduced by bug
  commit 141200794d
    Bug 15295: Koha::Libraries - Remove GetBranchCategories

The intranet advanced search page offers to search for groups of
libraries, even if the pull down is empty as no library groups have
been defined.

Test plan:
- Go to the adv search page at the intranet
- Without library group you must not see the "Groups of libraries"
dropdown list
- With at least a library group you must see it

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
a70c38f380 Bug 19029: (follow-up) Make security question appear on clone operations from one library to another
Message pops up for all instances of cloning now.
Works as expected.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:01 -03:00
83f97e662d Bug 19029: (follow-up) Implemented .format() to ease translation
Sponosred by: Catalyst IT

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
971591d4ee Bug 19029: Add JavaScript security question for cloning circ rules
This patch introduces a Javascript security question which is displayed
to the user when they try to clone a circulation rule to a specific
branch when the rule is a 'Standard rule for all libraries"

The rationale for this patch is when the cloning takes place it
overwrites the existing rules of the destination branch and there is no
notification of this to the user. Therefore by implementing this patch
the user is asked if they want to clone the rule (if the rule is
standard accross all libraries) and are told that it
will overwrite the rules in the destination branch.

Test plan:
1. Create a circulation rule for all libraries

2. Make sure the 'select a library' option is set to 'Standard rules for all
libraries"

3. Click the 'Clone' button and notice that the cloning takes place
without any warning that it will overwrite the rules of the destination
branch

4. Apply patch

5. Return to the circulation and fine rules page

6. Repeat step 2

7. Click the clone button and notice a alert box appears asking if you
are sure you want to clone the standard rule to the destination branch.

Note: The name of the destination branch is included in the alert.
Also note that the user is informed of the consequences of performing
the action, i.e. that it will overwrite the existing rules in the
destination branch

8. Click 'Cancel' and notice that no cloning occurs

9. Click the clone button again and this time click 'OK' and notice
that the cloning takes place

10. Return to the Circulation and fine rules page and set the 'Select a
library' option to the name of an individual branch

11. Click the clone button and notice that the clone action takes place

Sponsored-By: Catalyst IT

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
Alex Arnaud
a522df7dd9 Bug 19443: Remove duplicate message when editing existing patron
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
Alex Arnaud
27fca7aceb Bug 19443: Wrong HTML in patron creation page (members/memberentry.pl)
The form provided on top of the page if Koha find a duplicate
patron is not closed. This cause some trouble.

Test plan:

 - Edit the syspref IntranetUserJS and type the following code:
   "$(document).ready(function() {
    $("#memberentry_library_management").insertBefore("#memberentry_identity");
    });"
 - create a patron so that Koha will warn you about a duplicate one,
 - click on "Not a duplicate. Save as new record",
 - you should get error(s) about empty field(s).
   Note that now, the library management part's fields are empty or
   reset to default

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:00 -03:00
264432f701 Bug 12363: Add new pref MarkLostItemsAsReturned
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:14 -03:00
48be40d1bf Bug 18884: Advanced search on staff client, Availability limit not properly limiting
Patch applies and functions as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
3f2c1c879c Bug 19117: Add CSRF protection to paycollect.pl
Security bug, trivial changes, no need to provide procedure for script
kiddies.

Test plan:
Pay fines using the different options from the "Pay fines" tab.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 13:57:10 -03:00
7d2cb42dce Bug 19461: Add floating toolbar to staff client catalog search results
This patch adds a floating toolbar to the staff client search results
page, making all the various controls visible as the user scrolls down.

To test, apply the patch and perform a catalog search in the staff
client.

- The toolbar should "stick" to the top of the page as you scroll down.
- Controls in the toolbar should all work correctly:

  - Select all / Clear all
  - Highlight / Unhighlight
  - Add to Cart
    - Cart notifications should be positioned correctly
  - Add to list (and all list menu controls)
  - Place hold (including controls which are visible when
    a "Search to hold" has been initiated
  - Z39.50/SRU search
  - Sort

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 16:12:53 -03:00
e711c8e418 Bug 19038: Remove the OPACShowBarcode syspref
This patch removes the OPACShowBarcode syspref in favour of the new
columns settings option introduced by bug 16759.

On the upgrade step, it picks the value for OPACShowBarcode and uses it
to populate the columns_settings table.

To test:
- Verify the upgrade process maintains the current behaviour

Regards

Sponsored-by: Dover

Followed test plan and works as expected. Functionality of patch from bug 16759
appears intact too.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 16:12:46 -03:00
Marc Véron
8bb8decf01 Bug 17381: Add system preference SCOMainUserBlock
This patch adds a system preference SCOMainUserBlock to display custom HTML
on the self checkout page.

To test:
- Set up self checkout (see section Self Checkout in Circulaton sysprefs )
- Apply patch
- Update db
- Add some HTML system preference SCOMainUserBlock
- Go to sco page
- Verify that HTML displays on page (logged in and not logged in)

New version based on Koha.Preference TT plugin as of comment #7
Depends on Bug 12691

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:42 -03:00
afcaccdad2 Bug 19028: Add a note to the pref description
The idea was to keep the current behaviour, plus adding the option to
display on a separate column.
We need an explanation on the syspref description, stating that it is not enough to
choose 'on a separate column', enabling the colum in the columns
settings is required for it to take effect.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:41 -03:00
662a98345a Bug 19028: Add 'shelving location' to holdings table in detail page
This patch adds the option to show shelving locations on a separate
column. This is controlled by a new syspref, 'OpacLocationOnDetail',
which replaces 'OpacLocationBranchToDisplayShelving', adding a
conveniente 'column' option.

The new 'Shelving location' column is conveniently added to the columns
configuration entry added by bug 16759 for this purpose.

The current behaviour is preserved.

To test:
- Apply this patches
- Run the upgrade:
  $ sudo koha-shell kohadev
 k$ cd kohaclone
 k$ perl installer/data/mysql/updatedatabase.pl
=> SUCCESS: Upgrade doesn't fail
- Have an item with shelving location set to something not void
- Have the item set home and holding libraries for testing purposes.
- Set 'OpacLocationBranchToDisplay' to 'home and holding libraries' [*]
- Visit the OPAC detail page for the record containing the item
=> SUCCESS: Both home and holding libraries are displayed.
- Loop through all OpacLocationOnDetail options (except from 'column', we leave it for later).
=> SUCCESS: Works as expected.
- Go to Administration > Columns settings
- Make item_shelving_location available in the OPAC section
- Reload the OPAC detail page
=> SUCCESS: No change
- Set OpacLocationOnDetail to 'on a separate column'
- Reload the OPAC detail page
=> SUCCESS: Shelving location is displayed on a separate column
- Sign off :-D

Sponsored-by: Dover

[*] For testing purposes

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:41 -03:00
92f6f5b049 Bug 16759: Make OPAC holdings table configurable
This patch makes the holdings table in the OPAC biblio detail page
configurable using the Columns configuration tools.

This patch:
- Moves the holdingst table from plain DataTable to KohaTable
- Creates a sample yml colvis configuration for this table
  containing all the currently available columns

To test:
- Visit some record's detail page in the OPAC
- Apply this patch
- Reload
=> SUCCESS: The page shows the same information
- On the staff interface, go to:
  Home > Administration > Columns settings
=> SUCCESS: There's a new OPAC section containing the configuration for
   holdingst.
- Choose to hide some fields (both currently displayed and currently hidden).
- Reload the OPAC detail page
=> SUCCESS:
   - Required fields are hidden
   - It doesn't explode because of trying to hide stuff that is not there to start with
- Sign off :-D

Sponsored-by: DOVER

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Followed test plan, patch worked as described. Also passed QA test tool

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:40 -03:00
d4bf488a2a Bug 18735: QA Followup - add class to new option
New option creates a single item batch, this may cause issues for some
libraries or they may want to disbale this feature. Adding a class to
the list item allows it to be hidden easily

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:39 -03:00
Nazlı
1d33539343 Bug 18735: Print Barcode as soon as adding an item
For testing
1) Look for any records.
2) Go to the material edit page.
3) Under Actions you will see Print label under Duplicate.
4) When you click Print Label, the relevant material will be redirected
to the Label Creator module in the Tools menu.

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-25 12:14:39 -03:00
97ff6ae44d Bug 12768: (follow-up) Add 'Processing fee' to templates
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-20 17:14:35 -03:00
ea5aef7841 Bug 12768: (QA follow-up) Add 'Processing fee' to templates
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-20 17:14:35 -03:00
4492a3acf4 Bug 12768: Fix YAML syntax in circulation.pref
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-20 17:14:34 -03:00
charles
4b6c9178c4 Bug 12768: Replacement cost and processing fee management
Signed-off-by: Eivin Giske Skaaren <eivin@sysmystic.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-20 17:14:33 -03:00
399dcaa222 Bug 19356: Move staff client cart JavaScript to the footer
This patch modifies the staff client cart template so that
JavaScript is included in the footer instead of the header.

To test, apply the patch and test the JavaScript-driven features of the
cart: All button controls, DataTables functionality.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Correction for QA: Removed contditional around footer JS (from
copy-paste) because it will always be true.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-20 16:54:29 -03:00
ef92ad31bf Bug 19348: Title column in item search is too narrow
This patch adds IDs to the item search results table header so that
columns can be targeted by CSS or JS. The CSS for the item search page
has been modified to give the title column a minimum width.

To test, apply the patch and clear your browser cache if necessary.
Perform an item search and confirm that the title column stays at a
reasonable width.

Signed-off-by: Dominic Pichette <dominic@inlibro.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-20 16:51:26 -03:00
9136c3dbf8 Bug 18298: (QA followup) Use Koha.Preference on the template
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:33 -03:00
3f9da34683 Bug 18298: Add server-side checks and refactor stuffs
Now that we have a check client-side, nothing prevents us from a smart guy to
bypass it and force an invalid password.
This patch adds two new subroutines to Koha::AuthUtils to check the
validity of passwords and generate a password server-side. It is used
only once (self-registration) but could be useful later.

Moreover the 3 different cases of password rejection (too leak, too
short, contains leading or trailing whitespaces) were not tested
everywhere. Now they are!

This patch makes things consistent everywhere and clean up some code.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
f2a1b215dd Bug 18298: minPasswordLength should not be used as the default password length
The length of the passwords generated for a patron should not be as long
as the value of minPasswordLength.
It is the minimum required size of a password, not the maximum!
So let's fix it to 8 if the minPasswordLength if < 8, that sounds
reasonable and less risky for patrons.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
ec4e666bc5 Bug 18298: minPaswordLength should not be < 3
Indeed if RequireStrongPassword is set we need at least 3 characters to
match 1 upper, 1 lower and 1 digit.
We could make things more complicated to allow minPasswordLength < 3
but, really, 3 is already too low...

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
ac50959dcf Bug 18298: Move password generation to template side
This patch removes a really ugly way to generate a password: the whole
template was sent and parsed to retrieve the "#defaultnewpassfield" node.
To avoid the password to be sent plain text it is certainly better to
generate it client-side.
The same kind of passwords will be generated: 0-9a-zA-Z
The while loop prevents to get an invalid generated password.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
7cc65af6ff Bug 18298: Use the validate jQuery plugin
To validate password fields we need to use the validate jQuery plugin.
To make things reusable this patch adds a new include file
'password_check.inc' at the intranet and opac sides, it creates 3 new
validation methods:
- password_strong => make sure the passwords are strong enough according
to the values of the RequireStrongPassword and minPasswordLength prefs
- password_no_spaces => prevent passwords to be entered with leading or
trailing spaces
- password_match => make sure both password fields match

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
558a809144 Bug 18298: Enforce password complexity
This patchset prevents users to enter too leak password, controlled by
a new syspref RequireStrongPassword. If set the staff and patrons will have
to enter a strong password.
The strongness cannot be modified, it has been arbitrarily set (by the
author of this enhancement) to at least 1 lowercase, 1 uppercase and 1
digit. This can be inforce by increasing the value of the existing
minPasswordLength pref.

I decided to turn this feature on, it cannot hurt! For existing installs
it will have to be turned on manually.

Writing these patches I found a lot of inconsistencies all around the
password checks and decided to refactor everything to make things
consistent and more robust.
Now the password validity is check at only one place (subroutine
covered by tests).

Test plan:
We have several places where a password can be change/created:
a. Editing a patron (members/memberentry.pl)
b. Changing the password of a patron (members/member-password.pl)
c. Changing your own password at the opac (opac/opac-passwd.pl).
OpacPasswordChange needs to be set
d. Reseting your own password at the opac
(opac/opac-password-recovery.pl). OpacResetPassword needs to be set,
see "Forgot your password?" link when you are not logged in
e. Self registration feature, PatronSelfRegistration needs to be set.

You will also need to add 'password' to PatronSelfRegistrationBorrowerMandatoryField.

Note that '****' is considered by Koha internally that the password is
not changed (existing behavior).

To fully test this patch you will need to test the different
combinations of RequireStrongPassword and minPasswordLength.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
3df9663426 Bug 19186: Change pref choice for SelfCheckoutByLogin - barcode vs cardnumber
The SelfCheckoutByLogin lists 'Barcode' as an option, but this should be
Cardnumber. Especially since more and more libraries are using chip
cards instead of barcodes.

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:58:20 -03:00
47c77c0193 Bug 19413: (follow-up) Changed fieldset id value
Followed test plan again and patch still applies and works as expected.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:58:08 -03:00
ebffcdf4b9 Bug 19413: Moving the OK and Cancel inputs to the top of the 008 builder
Followed test plan and patch applies and functions as described
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:58:05 -03:00
5fc8c03b59 Bug 19438: Fix sorting by date due in overdues.pl
Test plan:
0) Do not apply the patch
1) Have some overdued checkouts in your database
2) Go to circulation -> overdues (overdues.pl)
3) Try to sort the overdues table by due date and notice it is sorted
alphabetically, not by date
4) Apply the patch
5) Try again and confirm, it is sorted by date

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:58:04 -03:00
2aba85d811 Bug 19083: Fix 'show all details' link on closed basket detail
'Show all details' add columns on the basket summary page.
This link is broken if the basket is closed.

Indeed there is a JS error raised by $('#toolbar').fixFloat();
The toolbar is not displayed if the basket is closed.

This is caused by bug 12333, which added the floating toolbar.

Test plan:
Create 2 baskets with orders
Close 1 basket
Click on the 'show all details' links and confirm it works as expected
Also confirm that the toolbar works correctly

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:57:56 -03:00
David Gustafsson
b830349f45 Bug 19453: Incorrect jQuery selector for fund drop down validation
Steps to reproduce:
1. Create a new basket
2. Choose "Add to masket"
3. Choose "From a staged file"
4. Select a file
5. Save without selecting a fund

Expected results: A validation error should be shown, and form submit
halted.

Actual results: No validation error is shown and form submits.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-13 13:57:56 -03:00
04aea91de0 Bug 15685: (QA follow-up) Address QA issues
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:08:47 -03:00
Jesse Weaver
b29493265b Bug 15685: Allow creation of items (AcqCreateItem) to be customizable per-basket
This adds a new basket attribute (create_items) that can optionally be
set to override AcqCreateItem.

The following have been modified to reflect this (with the value of
create_items that causes them to behave differently in parentheses):
  * Cancelling receipt of an order (receiving)
  * Creating an order by hand or from MARC (ordering)
  * Receiving an order (receiving)
  * Showing orders with uncertain price (ordering)
  * Showing orders (receiving)
  * Showing acquisition details in the OPAC (ordering)

Test plan:
  1) Create baskets with "Create items when:" set to ordering,
     receiving, cataloging and unset.
  2) Test each of the above for each of these baskets, verifying that
     the basket-specific attribute overrides AcqCreateItem if set and
     falls back to the syspref otherwise.

NOTE: A check of AcqCreateItem in opac-detail.tt was removed because it
was redundant; the code path in question cannot be triggered unless
create_items/AcqCreateItems is set to the correct value anyway.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Barbara Fondren <bfondren@roundrocktexas.gov>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:06:06 -03:00
Alex Arnaud
4869f1b6ec Bug 18399: (follow-up) Escape reason input
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:05:42 -03:00
Alex Arnaud
7b9140e8ef Bug 18399: Add reasons in edit suggestion page
Test plan:

 - Fill the authorised values's category 'SUGGEST' with reason
 - Edit a pending suggestion. Set the status to rejected
   and select a reason
 - Check the reason has been saved (i.e in the suggestions
   table of rejected tab)
 - Check in the corresponding message_queue that the reason
   is here
 - Re-edit the same suggestion
 - Check that the correct reason is selected by defaut
 - Edit an other pending suggetion. Set the status to rejected,
   select other reason and fill the input text
 - Re-edit the previews suggestion and make sure the input
   "other" is displayed by default with the correct value

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:05:39 -03:00
Your Full Name
0c32d41107 Bug 19414: Move the location of the 'Import this batch into the catalog' button
Moves the location of the button in question to be below the framework selector

Test plan:
1. Go to Tools -> Stage MARC records for import
2. Upload a .mrc file and stage it for import
3. Click Manage staged records
4. Note that the import button appears above the framework selector
5. Apply patch
6. Refresh the window
7. Notice that the button has now moved to below the framework selector

Sponsored-By: CALYX information essentials

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:05:36 -03:00
36c3d45426 Bug 16401: System preference staffClientBaseURL hardcoded to 'http://'
Test plan:
1) Insert some value to staffBaseURL preference, without starting http://
2) Apply the patch
3) Update database
4) Go to system preferences adminsitration, find the staffBaseURL
preference, the inserted value should be prepended with 'http://' and
the comment should be "This should be a complete URL, starting with
http:// or https://. Do not include a trailing slash in the URL. (This
must be filled in correctly for CAS, svc, and load_testing to work.)"
5) prove t/db_dependent/Auth_with_cas.t
6) prove t/db_dependent/selenium/basic_workflow.t
7) prove t/db_dependent/check_sysprefs.t

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 13:05:35 -03:00
8c83fa0bc6 Bug 19259: Enforce type of the delay value when editing overdue rules - template side only
Overdue rules do not save when a delay that is not an integer > 0,
without any warnings.
This patch forces the user to select a number > 0.

Test plan:
Without this patch applied, enter non-integer value or negative or 0
=> The rule will not be inserted without any warnings.
With this patch applied you will get an message from the browser and the
form will not save

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-11 12:40:31 -03:00
83e82028fa Bug 14039: Fix patron search
The JSON was malformed

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-10 10:16:39 -03:00
Marc Véron
5ac69e3a19 Bug 18528: Patron card creator template: switch form fields for card height and card width
This patch changes the sequnce of form fields for card height and card width.

To test:
- Apply patch
- Edit or create a patron card template
- Verify that the fields display in sequence Page height - Page width -Card height - Card width

Followed test plan, worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:52 -03:00
0b0cc8584f Bug 19397: Release team for 17.11
This patch adds the release team for 17.11 to about template.

Test plan:
Check the changes with the wiki pages for 17.05 and 17.11.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:51 -03:00
00b871e880 Bug 19255: QA Followup - Fix tabs for spaces
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:50 -03:00
77a28050a6 Bug 19255: [Follow-up] Typo "will accessible"
This patch speaks for itself.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:50 -03:00
09a16fc493 Bug 19255: Correct explanation about list types on shelves.pl in staff
The explanation on list categories on the shelves form is removed.
The online help text is actualized.

Test plan:
Go to Lists in staff. Edit a list. The remarks about private and public
lists on the right side are gone.
Click Help. Read the adjusted text. Does it make sense?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:50 -03:00
38526ca13a Bug 14039: Add the title to all places
There are other scripts where the borrower variable is not defined and
the fields are passed one by one.
To have a consistent behaviour we should add the title at the different
places.

Note that this script also add the use of the include file for
statistics.tt and remove the pass of parameters to the template, already
done later:
 99 $template->param(%$borrower);

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:50 -03:00
David Roberts
359907e9a2 Bug 14039: Add patron salutation to checkout screen
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:49 -03:00
Aleisha Amohia
4553aa7040 Bug 18916: Add pagination to top of search results in staff client
To look the same as OPAC.

To test:
1) Do a catalogue search in staff client that results in more than one
page
2) Notice pagination is only at the bottom
3) Apply patch and refresh page
4) Notice pagination is at top also

Sponsored-by: Catalyst IT

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:49 -03:00
Aleisha Amohia
69ee06a490 Bug 13205: [FOLLOW-UP] Fixing math and variable names
Have changed
  my $last_page = $pages * ( $results_per_page - 1 );
to
  my $last_page = ( $pages - 1) * $results_per_page;
which seems to fix the 'last' button offset! (Comment 10)

Will add the box to jump to a page in a separate patch.
Adding the pagination to the top on the staff client will be dealt with
in Bug 18916 as it is slightly out of the scope of this bug.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:49 -03:00
Aleisha Amohia
5fc0a1f5b1 Bug 13205: [FOLLOW-UP] Some extra logic
See Comment 8.

Test:
When on first page of results, confirm that the 'First' and 'Previous'
buttons do not show. Confirm they come back on the second page and every
page after.
When on last page of results, confirm that the 'Last' and 'Next' buttons
do not show. Confirm they come back on all previous pages.
Check on both staff side and OPAC.

Sponsored-by: Catalyst IT

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:49 -03:00
Aleisha Amohia
b97de5af12 Bug 13205: Last/first page options for result list paging
This patch adds first and last page buttons to the pagination at the
bottom of a page of catalog search results.

To test:
1) Apply patch
2) Do a number of searches
3) For each search, ensure that the first and last page buttons work as
expected

Sponsored-by: Catalyst IT

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:15:48 -03:00
2c07f63ae8 Bug 18449: Rename misleading button when renewing
If you hit the renewal limit on the renewal tab, the message gives you a
message like:

"Windows 8 / ( 50610018249545 ) has been renewed the maximum number of
times by Johnny Test ( 12345678 )"

And has a button that reads:

"Ignore and continue"

This button is misleading, as it may be interpreted as "ignore the limit
and continue to renew the item".

Signed-off-by: Dominic Pichette <dominic@inlibro.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:11:23 -03:00
b583e806c7 Bug 19371: Changed table column text to 'Cancel?' on the patron circulation page
Test plan:
1. Place a hold on an item

2. Search for the patron who the hold is associated with

3. View the Hold(s) tab of the Checkouts page and notice there is a
column with the text 'Delete?' and a button below the table with the
text 'Cancel marked holds'

4. Apply patch

5. Notice that the column text described in step 3 now has the text
'Cancel?' and the button text is the same as it was in step 3

Sponsored-By: Catalyst IT

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 16:11:23 -03:00
36821be142 Bug 13208: Display complete breadcrumbs on successful deletion
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 14:14:54 -03:00
faf1bd1e6e Bug 13208: (QA follow-up) Remove blank breadcrumbs on successful deletion
After order is deleted we don't have a vendor or basket so we get blank
breadcrumbs, this removes them

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 14:00:58 -03:00
Aleisha Amohia
3bdee4a05f Bug 13208: [FOLLOW-UP] Creating and implementing new Koha::Acquisition::Basket[s] modules
Test plan remains the same.

Sponsored-by: Catalyst IT

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 14:00:58 -03:00
Aleisha Amohia
639d7f308f Bug 13208: Improving breadcrumbs for when cancelling an order
To test:
1) Go to Acquisitions -> Find a vendor -> View a basket with orders in
it (or make a new basket and add an order)
2) Click Cancel order
3) Notice incomplete breadcrumbs, and 'Acquisition' typo
4) Apply patch and refresh page
5) Breadcrumbs should be fixed. Confirm links to vendor and basket work
as expected

Sponsored-by: Catalyst IT

Signed-off-by: severine.queune <severine.queune@bulac.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-09 14:00:50 -03:00
0d124e1bc3 Bug 19193: When displaying the fines of the guarantee on the guarantor account, price is not in correct format
1 - Have a patron with guarantees
2 - Charge some fines to the guarantees
3 - View the patron
4 - Fines are displayed unformatted
5 - Apply patch
6 - Refresh
7 - Fines should now be formatted correctly

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-06 12:10:00 -03:00
4edfc7900f Bug 19398: Format date of birth in circ patron search
When searching for a patron from the circulation tab, the results table
shows the date of birth unformatted.

Test plan:
Apply this patch, search for patrons in the circ tab and confirm that
the date of birth are correctly formatted according to the dateformat
syspref

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-06 12:00:20 -03:00
Lari Taskula
07764f2b31 Bug 19374: CircSidebar overlapping transferred items table
When CircSidebar is activated, "Transferred items" table at
Circulation -> Transfers goes under the sidebar. This patch fixes the issue.

To test:
1. Enable CircSidebar system preference
2. Go to cgi-bin/koha/circ/branchtransfers.pl
3. Enter a barcode and click submit
4. Observe transferred items table under the circulation side bar
5. Apply patch
6. Enter a barcode and click submit
7. Observe transferred items is now correctly displayed
8. Also test with CircSidebar system preference deactivated

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19374: (follow-up) Remove stray closing div tag

To test:
1. Apply first patch and validate the document e.g. here
   https://validator.w3.org/#validate_by_input
2. Observe "Stray end tag div." error
3. Apply this patch and validate again
4. Observe no errors
5. Go through test plan from first patch to make sure things still look nice

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-06 11:36:49 -03:00
9dca694b04 Bug 16726: Do not display "You searched for:" if not needed
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-03 11:06:07 -03:00
b6f8cf4369 Bug 19391: (bug 19128 follow-up) Fix failing tests from auth_values_input_www.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 17:12:18 -03:00
5144cee9a9 Bug 13912: (QA followup) Make it explicit that syspref applies to MARC21
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 16:49:49 -03:00
21ee44ff12 Bug 13912: Fix LOC link
Signed-off-by: m23 <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 16:49:48 -03:00
5705c13d38 Bug 13912: Add DefaultCountryField008 syspref
This syspref is going to be used for populating field 008, range 15-17
with a desired default. It is currently hardcoded to 'xxu'. If not set,
it will still fallback to 'xxu'.

Signed-off-by: m23 <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 16:49:48 -03:00
Oleg Vasylenko
2f5a319b0a Bug 18422 - Add Select2 to authority editor
Overview:
Repeat tag fails if authority field has select subfield (for example, UNIMARC 700$8, 800$a)
This patch adds Select2 to authority editor

Steps to Reproduce:
In authority editor repeat field that has select subfield

Actual Results:
Field does not repeat (copy is not created).
Console shows a js TypeError in cataloging.js: «$(...).select2 is not a function»

Expected Results:
Field will repeat (copy is created)

Additional Information:
Error happens in version 16.11+ after adding Select2 js functions. The easiest way to fix is to add Select2 to authority editor

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 16:49:48 -03:00
c7b2d9bcf3 Bug 19329: Update IntranetSlipPrinterJS system preference description.
Test plan:
0) Apply the patch
1) Go to administration -> system preferences -> staff client
2) Read the description by IntranetSlipPrinterJS and confirm it's right

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:37:00 -03:00
99f6e1adf3 Bug 19357: (bug 18260 follow-up) Remove non-relevant attributes
When created, batch_record_modification.tt has been based on
batch_delete_records.tt
These attributes are not used in the template and not set in the pl
script.
Since bug 18260, biblio is a Koha::Biblio and calling a non-existent
method will raise an error.

This patch get rid of the following error:
batch_record_modification.pl: Template process failed: undef error - The
method itemnumbers is not covered by tests!

Test plan:
Modify bibliographic records with the "Batch record modification" tool.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:36:59 -03:00
c84d03c582 Bug 15173: Restore SubfieldsToAllowForRestrictedEditing
Bug 7673 introduced SubfieldsToAllowForRestrictedEditing but bug 12176
broke it assuming that only selects were impacted by this feature.

Test plan:
Go back on bug 7673 and confirm that
SubfieldsToAllowForRestrictedEditing is working as expected with this
patch applied.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
For clarification, the item fields that are entered in
SubfieldsToAllowForRestrictedEditing should EXCLUDE the desired
fields you want to disable.

Test plan (updated to test the scenario in the bug Description):
1. Create a patron with only the following permissions:
    - catalogue (Required for staff login)
    - editcatalogue -> edit_catalogue
    - editcatalogue -> edit_items
    - editcatalogue -> edit_items_restricted
2. Navigate to Administration -> Global system preferences -> Cataloging
    -> Record Structure -> SubfieldsToAllowForRestrictedEditing
3. In the input field for SubfieldsToAllowForRestrictedEditing enter in
    all the 952 fields EXCEPT the ones desired to be disabled. In this
    case, we want to disallow editing of 952$2, 952$a, 952$b, 952$e, 952$h,
    and 952$o so we enter the following into the
    SubfieldsToAllowForRestrictedEditing (without quotes) "952$0 952$1
    952$3 952$4 952$5 952$7 952$8 952$c 952$d 952$f 952$g 952$i 952$j
    952$p 952$t 952$u 952$v 952$w 952$x 952$y 952$z"
4. Click Save all Cataloging preferences
5. Login to the staff client as the created restricted editing patron
6. Edit an item
7. Note that all fields except for the ones excluded from the syspref
    are editable

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:35:59 -03:00
357d51c8c4 Bug 19127: (follow-up) Fix Stored XSS in csv-profiles.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
Amit Gupta
b90662073f Bug 19127: Fix Stored XSS in csv-profiles.pl
To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
   and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
914577fdb7 Bug 19108: (follow-up) Fix Stored XSS in biblio_framework.pl
Prevent software error
Template process failed: undef error - text: filter not found at
/home/vagrant/kohaclone/C4/Templates.pm line 121.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
Katrin Fischer
624eb9e1f5 Bug 19108: (follow-up) Fix Stored XSS in fieldmapping.pl and items_search_fields.pl
To test:
- Add a framework with script in the description
- Access the Keywords to MARC mapping page
- Add an item search field where both name and label are script
- Try to edit/delete the added mapping

With the patch no script should be executed and everything
should still work ok.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
Amit Gupta
a482880352 Bug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl
To Test
1. Hit the page /cgi-bin/koha/admin/biblio_framework.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Click on Actions -> MARC structure
6. Apply patch and reload, the js is escaped

Fixed for both the pages biblio_framework.pl and marctagstructure.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:51 -03:00
Amit Gupta
ec85c6b0a2 Bug 19108: Fix Stored XSS in fieldmapping.pl
To Test
1. Hit the page /cgi-bin/koha/admin/fieldmapping.pl
2. Add a text in the field Field name that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
Amit Gupta
6a68fd0330 Bug 19108: Fix Stored XSS in authtypes.pl
To Test
1. Hit the page /cgi-bin/koha/admin/authtypes.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
Amit Gupta
b09750ca2b Bug 19108: Fix Stored XSS in classsources.pl
Fixed for both Classification sources & Classification filing rules

To Test
1. first case classification source: Hit the page
   /cgi-bin/koha/admin/classsources.pl?op=add_source
   second case classification filing rules:
   Hit the page /cgi-bin/koha/admin/classsources.pl?op=add_sort_rule
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
Amit Gupta
bfbba2339f Bug 19108: Fix Stored XSS in items_search_fields.pl
To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:50 -03:00
Amit Gupta
d1aa11c51c Bug 19108: Fix Stored XSS in oai_sets.pl
To Test
1. Hit the page /cgi-bin/koha/admin/oai_sets.pl
2. Click on New set
3. Add a text in the field setSpec, setName that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:47 -03:00
ab7b35fe24 Bug 19103: (follow-up) Fix Stored XSS in itemtypes.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:46 -03:00
Amit Gupta
233741e937 Bug 19103: Fix Stored XSS in matching-rules.pl
To Test
1. Hit the page /cgi-bin/koha/admin/matching-rules.pl
2. Click on new record matching rule
3. Add a text in the field Description that contain js.
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:46 -03:00
Amit Gupta
617e2f8221 Bug 19103: Fix Stored XSS in patron-attr-types.pl
To Test
1. Hit the page /cgi-bin/koha/admin/patron-attr-types.pl
2. Click on new patron attribute type
2. Add a text in the field Description that contain js.
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:46 -03:00
Amit Gupta
9374c646e1 Bug 19103: Fix Stored XSS in itemtypes.pl
To Test
1. Hit the page /cgi-bin/koha/admin/itemtypes.pl
2. Add a text in the field Description, Checkin message that contains js
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:46 -03:00
b3734f02e1 Bug 19128: Fix Stored XSS in admin/authorised_values.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:46 -03:00
Katrin Fischer
b4608887f6 Bug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl
Preparation:
- Add a branch with script in the branch name
- Add a patron category with script in the category name
- Add a new authorised value cateogory with script
- Add a new authroised value for this category with script
  in all possible fields

- Test editing patron categories
- Test editing patron attribute types
- Test viewing and editing authorised values

Verify that with this script there is no more script executed
and everything works fine.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
Katrin Fischer
2d30845601 Bug 19125: Fix Stored XSS in members.pl
In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>

To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
Katrin Fischer
0bbe968fe5 Bug 19086: Fix Stored XSS in subscription-detail.pl
Add script to the callnumber field on adding a subscription.

Verify script is executed without this patch, but not with it.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
Katrin Fischer
13e65432ce Bug 19086: (follow-up) Fix Stored XSS in supplier.pl
In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
Amit Gupta
ec86950780 Bug 19086: Fix Stored XSS in subscription-add.pl
To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
   that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
Amit Gupta
6d22674da5 Bug 19086: Fix Stored XSS in supplier.pl
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
   accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:45 -03:00
50dcae4b50 Bug 19086: Fix Stored XSS in circulation.pl
1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
  where number is the borrowernumber of the borrower you set the message
  for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:44 -03:00
c176b8ceef Bug 19086: Fix Stored XSS in members/member.pl
To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-29 12:20:44 -03:00
402c7f7567 Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list
Edit: fixed tab-for-space errors (tcohen).

Signed-off-by: Magnus Enger <magnus@libriotech.no>
New categories are added to the pulldown and work as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 14:15:52 -03:00
Aleisha Amohia
06b602b097 Bug 19180: [FOLLOW-UP] Renaming all instances of 'name' variable to 'booksellername'
... when referring to the name of the vendor.

To test:
1) Confirm vendor shows on webpage title (tab name)
2) Confirm vendor shows in breadcrumbs
3) Confirm vendor shows in heading when viewing basket ('Basket x (1) for
vendor')

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 11:47:33 -03:00
Aleisha Amohia
17c5b76597 Bug 16204: Show friendly error message if trying to edit record which no longer exists
To test:
1) Create a record
2) Click Edit -> Edit record. open this in another tab
3) Delete the record in the original tab
4) Refresh the edit form in the other tab. Notice the software error
5) Apply patch and refresh page
6) There should be a nice error message with the form fields and buttons
hidden. Confirm links work as expected.

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 11:47:33 -03:00
Marc Véron
45aea7ae1d Bug 18541 - Patron card creator: Add a grid to support layout design
Add a layout grid to patron card creator to figure out the positions of text
fields, barcode and images.

To test:
- Apply on top of patch 18465
- Go to Home > Tools > Patron card creator
- Edit or create a layout
- Turn on new choice 'Guide grid' in section 'General settings'
- Leave 'Units' unchanged
- Crate a PDF using 'Card batches'
- Notice that card is printed with a layout grid that reflects selected unit
  with each 5th and 10th line in different color, unit description displayed
  bottom left, card dimensions displayed top right in small print inside the
  layout grid
- Print PDF. Set printer settings in Adobe Reader or other PDF printing
  software to 'Actual size' to prevent scaling to printer's printable
  region
- Mesure out printed PDF and verify that grid corresponds to selecte unit.
- Go back to layout definition and choose an other unit, repeat steps
  to verify that grid respects selected unit.
- Go back to layout definition, turn grid off, create PDF, verify that grid
  does not display in PDF

Note for testers / QAers: Position of card elements (text, image...) do not
respect the unit, this will be fixed in Bug 18550

Followed test plan and it worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 11:47:32 -03:00
9355e52040 Bug 18739 - Add SVG version of staff-home-icons-sprite image
Images display correctly. Followed test plan and patch works as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 11:47:32 -03:00
83704cb1fa Bug 15644 - City dropdown default selection when modifying a patron matches only on city
This patch modifies the include files which contain the form fields for
city, state, zipcode, etc. shown on the patron entry screen. The files
are modified so that the city/state/zip <select> preselects a value
based on city, state, and zipcode matching the values in the
corresponding text fields.

To test, confirm that the bug's steps to reproduce are fixed:

- Enter two cities via Administration -> Patrons and circulation
  -> Cities and towns:
    Springfield, MA 01101
    Springfield, VT 05156
- Edit a patron choosing, Springfield VT, and save.
- Edit the patron again and confirm that the correct city is
  pre-selected.
- Confirm this result with all three different settings of the
  "AddressFormat" system preference.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 11:47:32 -03:00
3031101998 Bug 10132: (QA followup) Open LOC URL on a separate window
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 09:47:28 -03:00
e2d56c0b2b Bug 10132: Admin pages changes
Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 09:47:27 -03:00
3d07449358 Bug 17380: [QA Follow-up] Report error to user instead of throwing exception
Internal server errors are good, user feedback is better.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tiny change: removed the obsolete 'use Koha::Exceptions'.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-12 12:07:48 -03:00
87773a6d66 Bug 17380: Do not allow Default template in merge form
This patch makes the following changes:
[1] Removes Default from the template list. We should not merge with the
    Default framework, since it does not have a reporting tag.
[2] Rearranges the error section in the template. It is confusing to have
    two error sections in this template. The error CANNOT_MOVE is not used.
    The error FRAMEWORK_NOT_SELECTED is replaced by WRONG_FRAMEWORK.
[3] Do not allow to merge a record with itself.
[4] Check if the merge reference record still contains any MARC tags.
[5] Additional polishing: Simplify passing frameworks to template. Remove
    an unused Koha::Authority::Types->search. Remove obsolete POD header
    for functions from the script.

Test plan:
[1] Select two authorities to merge. Verify that you cannot select Default
    anymore as framework for the reference record.
[2] Reproduce error WRONG_COUNT by adding another authid=999 in the URL
    after you selected two authority records for merging.
[3] Remove the third authid from the URL and change the first or second
    authid into an unexisting record id. You should generate an Internal
    Server Error. The log should show the exception message.
[4] Merge two authorities. Deselect all MARC tags. Should trigger the
    error EMPTY_MARC in the template.
[5] Select the same authority record twice for merging. Should trigger the
    error DESTRUCTIVE_MERGE in the template.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-12 12:07:47 -03:00
Aleisha Amohia
0ed469525f Bug 18351: Able to delete budget with funds
To test:
1) Create a budget, add a fund
2) Delete budget. Notice this is successful and triggers no warning
message etc.
3) Go to Funds. Notice the funds appear as if they are not there
4) Go into mysql and view the aqbudgetperiods table - notice the funds
are still there and are now inaccessible.
5) Apply patch
6) Create a budget, add a fund
7) Attempt to delete budget. Notice you can't click Delete button.
Confirm number of funds in hover message is correct.
8) Delete fund
9) Confirm you can now delete budget.

Sponsored-by: Catalyst IT

Signed-off-by: Felix Hemme <felix.hemme@thulb.uni-jena.de>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 18351: [FOLLOW-UP] Some code fixes

See Comment 5. Ready to test.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 18351: [FOLLOW-UP] Code fix

See comment 10.
Ready for testing.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 18351: [FOLLOW-UP] Prevent deletion from forcing URL

This patch adds a check in the script for existing funds so that the
budget cannot be deleted when forcing the URL and has other small fixes.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 18351: [FOLLOW-UP] Prevent deletion if funds are added after clicking 'Delete' and before confirming delete

Followed test plan and patch works as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-12 11:28:53 -03:00
889fabe9f2 Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt
Followup correcting a typo of previous patch :
  name="holdingbranch" options = branche
it is branche[s]

Test plan :
- Look at 'Current location' in item search
=> Without patch you see only 'All libraries'
=> With patch you see 'All libraries' and each existing library, like in 'Home library'

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-12 10:16:20 -03:00
24003b84ce Bug 17893 - Move JavaScript to the footer on staff client catalog pages
This patch modifies multiple catalog-related pages in order to move
embedded JavaScript to the footer.

The JavaScript previously embedded in cat-toolbar.inc is moved to a
separate file (catalog.js).

To test, apply the patch and test JavaScript-driven interactions on all
modified pages, including JS which isn't page-specific (menus, help,
etc). The functionality of the catalog toolbar should be tested on each
page.

- Bibliographic detail pages (standard, MARC, labeled MARC, ISBD).
- Advanced search page
- Local cover image viewer
- Item search page
- Item detail page
- Search history page
- Checkout history page

https://bugs.koha-community.org/show_bug.cgi?id=17839

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 14:05:49 -03:00
Aleisha Amohia
7aef2f3298 Bug 19228: Trigger confirm delete when removing item from course
To test:
1) Enable UseCourseReserves syspref
2) Go to Course Reserves
3) Add a new course if you don't already have one
4) Add an item to the course
5) Click 'remove' to delete the item from the course
6) Notice the item deletes straight away with no confirmation prompt
7) Apply the patch
8) Repeat steps 4 and 5
9) Confirm the confirmation box pops up and works as expected

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 13:56:38 -03:00
Aleisha Amohia
f55af2fc07 Bug 19229: Return to course when cancelling out of edit form
To test:
1) Ensure UseCourseReserves is enabled
2) Go to Course Reserves, create a course
3) Edit course
4) Click Cancel
5) Notice you are returned to the courses home page rather than returned
to the course
6) Apply patch
7) Go to edit course and click cancel again
8) Confirm you are returned to the course and that this feels like the
natural expectation.

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-07 13:56:08 -03:00
Aleisha Amohia
f7e8391fd3 Bug 19215: Fixing typo in URL for patron clubs
To test:
1) Go to Tools -> Clubs
2) Create a new club template if you do not already have one
3) Edit the template
4) Notice the URL is incorrect and the page is not found
5) Apply patch and go back to Clubs
6) Click edit button
7) Link should work as expected

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-06 12:55:23 -03:00
ecf6ca5d6e Bug 18708 [Revised] Show itemBarcodeFallbackSearch results in a modal window
This patch modifies the circulation template so that
itemBarcodeFallbackSearch results show in a modal window.

To test, enable the itemBarcodeFallbackSearch system preference and open
a patron's account in circulation.

- Submit a string which will return search results. When the page
  reloads a modal should display showing a table of title search
  results.
  - Test the "Check out" button and confirm that the correct item is
    submitted.
  - Test closing the modal and re-displaying it using the new "Show
    matching titles" button.
  - Confirm that the "Add record using fast cataloging" button still
    works correctly.
- Submit a string which will return no results. No modal window should
  display, and only the "Add record" button should appear.
- Confirm that normal checkout works correctly.
- Test with itemBarcodeFallbackSearch disabled, and with a user who
  lacks Fast Cataloging permission.

Revision removes a heading which was made redundant by the modal markup.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 17:07:22 -03:00
Katrin Fischer
327495b5e0 Bug 14316: Clarify meaning of record number in Batch record modification tool
Same change as the first patch, but for the batch record
modification tool.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:26 -03:00
Katrin Fischer
4934ee4a16 Bug 14316: Clarify meaning of record number in Batch record deletion tool
Changes the label from 'list of record numbers...' to
'List of biblionumbers or authority ids...' to make it
more clear to the user which kind of input is expected.

To test:
- Go to Tools > Batch record deletion
- Check the new description
- Decide if it's more clear or not

Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:26 -03:00
Lari Taskula
bb31d99065 Bug 18692 - intranet part
Fixes misplaced columns introduced by previous patch and adds the "-" for phone
transport type.

To test:
1. Set SMSSendDriver system preference on
2. Go to intranet messaging preferences
3. By default you should see checkboxes for all messages for SMS
4. Ensure columns are not misplaced (pushing one column too much to the right)
5. Delete sms method from one of the messages in message_transports table
6. Observe that "-" is displayed instead of checkbox for that message for SMS
7. Repeat same for TalkingTechItivaPhoneNotification system preference.
   By default it may not have transports in message_transports, so make sure
   to assign some in order to have the checkboxes visible.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:25 -03:00
Marc Véron
65bce82b1f Bug 18636: Sysprefs: Add explanation for conflict autonumbernum / BorrowerMandatoryFields
This patch adds a note to the system preferences autonembernum and
BorrowerMandatoryFields regarding a conflict if automembernum is on
and BorrowerMandatoryFields contains cardnumber.

To reproduce issue: See initial comment.

To test:
- Apply patch
- Verify that in system preferences note appears with both prefs
  automembernum and BorrowerMandatoryFields

Followed test plan, works as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:25 -03:00
Marc Véron
6c1504cfdb Bug 16485: collection column in Item search is always empty
This patch fills the column 'Collection' in item search from the item values.

To test:
- Go to item search
- Reproduce issue from initial comment
- Apply patch
- Verify that the column 'Collection' is filled

Still to do, but outside of my datatable skills:
Filter by drop down in the column header does a substring search.
Example: Filter for 'Fiction" returns both 'Fiction' and 'Non-fiction' items.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Laurence Rault <laurence.rault@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:25 -03:00
515e629928 Bug 18621: Added in value attribute to dateexpiry field
Test plan:
1. Create a patron category with the dateexpiry value of 29/9/2017

2. Create a patron user from that patron category (which I'll refer to as patron A) with the date
expiry value of 1/10/2017 and submit the form

3. Notice that the manual dateexpiry you have submitted is correctly
displayed

4. Create a duplicate patron with the same firstname and surname and
patron A, and set the date expiry value of 1/10/2017 and submit the form

5. The form displays a duplicate patron message. Notice that the dateexpiry input box is empty now

6. Select the new member (not a duplicate member) option in the
messagebox

7. The form successfully submits and notice that the date expiry value
displayed is that of the patron category (i.e. it is 29/9/2017) not the
dateexpiry value of 1/10/2017 that you manually set for this patron

8. Apply patch

9. Repeat step 4

10. The form displays a duplicate patron message. Notice the dateexpiry input box still
contains the value you entered which is 1/10/2017. Select the new member
(not a duplicate member) option in the messagebox

11. The form successfully submits and notice that the date expiry value
displayed is 1/10/2017 that you manually set for this patron

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:24 -03:00
Katrin Fischer
a887aeb2df Bug 19129 - Follow-up - Add changes to patron duplicate warning
Adds logic from the previous fix to the brief patron summary
shown when checking a possible patron duplicate.

Bonus: Also fixes missing patron category description there.

To Test:
- Add 2 patrons
- Add a patron with the same surname and firstname as an
  existing patron in order to trigger the duplicate message
- Click "View existing patron"
- Verify display is correct when existing patron is
  - an organisation
  - not an organisation
- Verify that the patron category description shows

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:23 -03:00
Katrin Fischer
82f183c5ea Bug 19129 - Clean up Details tab for Organisation patrons
Problem: A patron category "I" would cause display problems
on the details in the intranet. This is because the templates
confused patron category "I" with patron type "I" (organisation).

Patch:
- Cleans up variable confusion between categorycode and
  categorytype.
- The template contained code to change the labels below
  the address to 'Organisational phone:" etc., I have removed
  this part as it does not match the edit form anymore.
- Initials, date of birth and gender are still hidden for
  organisation - matching the edit form.

Bonus:
- The patron category description was missing on the
  right and left side of the details tab. Now it displays.
- Fixes some html issues:
  - doubled up class attribute in a tag
  - doubled up </li></li>

To test:
- Create 3 patrons
  - patron category code doesn't matter, but category type organisation
  - patron category code 'I', category type NOT organisation
  - patron category code NOT I, category type NOT organisaton
- Check details tab in patron account in staff for all 3
  - Verify patron category description shows correctly
  - Verify information added to the account displays correctly
    (phone numbers, emails, ...)

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:02:23 -03:00
Aleisha Amohia
f24e339dd6 Bug 16726: [FOLLOW-UP] Putting text in h1
Works as outlined in test plan, search terms now appear at top as h1 as well

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:07 -03:00
Aleisha Amohia
f10f6a19c5 Bug 16726: Clear text in syspref searchbox after submitting
To test:
1) Go to Admin -> search for a system preference
2) Notice your search stays in the search box (this is inconsistent with
    search behaviour across Koha)
3) Apply patch and refresh page
4) Make another search
5) Confirm search still works as expected and search terms have been
cleared from search box
6) Confirm search terms show at the top of the results

Sponsored-by: Catalyst IT

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:06 -03:00
Marc Véron
8d08254b22 Bug 14353 - Show 'damaged' and other status on the 'place holds' page in staff
This patch adds status 'Damaged' to 'Information' 'Status' in the items
table on 'Place hold' page.

To test:
- Apply patch
- In staff client, try to place an item level hold for items with 'Damaged'
  status.
- Verify that the status 'Damaged' appears in the column 'Information'.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:05 -03:00
831d75d09c Bug 19208 - Pay select option doesn't pay the selected fine
The "Pay selected" option on the Fines tab in the borrower account page doesn't work as intended.
The fine on top of the list gets the amount deducted, even if another fine is choosen from the list.

Test Plan:
1) Create two or three fines, using the Create manual invoice function.
2) Choose one of the fines (not the one on the top) and click Pay selected
3) Pay a partial amount
4) Go back to the Pay fines tab an notice that the fine you selected has not changed. Instead, either the top fine or the total (see attachment) has ben affected.
5) Apply this patch
6) Repeat steps 1-3
7) Note the correct fine is paid

Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 13:00:04 -03:00
Marc Véron
239589b119 Bug 18718: Language selector in staff header menu similar to OPAC
This patch adds a language selector menu to the top menu of staff client
similar to the OPAC.
Display of language selectors at top, bottom or both can be configured
with system preference StaffLangSelectorModer. It defaults to bottom.

To test:
- Apply patch
- Udate database
- Restart plack and memchached
- Go to staff client, verify that language selector displays at
  the bottom of the page (as before)
- Go to system preferences, verify that there is a new preference
  StaffLanguageSelectorMode (name similar to the sypref ror OPAC), and
  that it is set to 'footer'
- Change mode for top, both and footer and verify, go to staff client
  and verify for each that the language selector displays as appropriate

(Amended for comment #2  2017-06-02 mv)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 11:30:26 -03:00
Serhij Dubyk {Сергій Дубик}
d5ea914f4d Bug 17827 - Untranslatable "by" in MARC21slim2intranetResults.xsl
Signed-off-by: Serhij Dubyk {Сергій Дубик} <serhijdubyk@gmail.com>

The "by" after the title was not translatable in the result
lists of the intranet. This patch fixes it by removing
a comment, that caused a problem with the translation
scripts.

To test:
Test:

Before this patch in file en-GB-marc-MARC21.po present next paragraph:

msgid "by "
msgstr " by "

According string "by " in the file MARC21slim2intranetResults.xsl can not be translated (in other languages).

After applying this patch performed next command:
cd /usr/share/koha/misc/translator
sudo env KOHA_CONF=/etc/koha/sites/mykohainstance/koha-conf.xml PERL5LIB=/usr/share/koha/lib perl -I /usr/share/koha/lib "./translate" update

Now in the file en-GB-marc-MARC21.po present the following (modified) paragraph:

msgid "by "
msgstr " by "

https://bugs.koha-community.org/show_bug.cgi?id=17827
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-01 11:14:58 -03:00
Aleisha Amohia
d510598076 Bug 18871: Make patron list name a link to view contents of list
The link is the same as the 'Add patrons' button in Actions dropdown,
but requires one less click, and makes finding the contents of the list
more obvious.

To test:
1) Go to Tools -> Patron lists
2) Create a patron list if you haven't already
3) Confirm that clicking the name of the list takes you to the correct
list and shows the expected content.

Sponsored-by: Catalyst IT

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:51:21 -03:00
Aleisha Amohia
9a8a6da3f4 Bug 18869: [FOLLOW-UP] Show enrollments as disabled link
if club has no enrolled patrons

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:44:00 -03:00
Aleisha Amohia
af293fd886 Bug 18869: [FOLLOW-UP] Make page reload after club or template delete
If deleting the last club or template in a table, the row is deleted
from the webpage by ajax so the nice blue bubble message does not show.
This patch forces the page to reload so the blue bubble message shows
instead of the empty table.

To test:
Confirm that the blue message shows when tables are empty. Add a
template and a club, then delete a club. Confirm the page reloads and
the message shows. Test with template

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:44:00 -03:00
Aleisha Amohia
79439a0262 Bug 18869: Fixing display of patron clubs tables
This patch
1) Hides the club templates table if there are no club templates, shows
an appropriate message
2) Hides the clubs table if there are no clubs. Shows an appropriate
message for whether templates exist
3) Puts the actions in one column, or a dropdown menu

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:44:00 -03:00
Marc Véron
7e39bbc61a Bug 18660: Translatability: Get rid of template directives [%% in translation for patroncards-errors.inc
Translation for koha-tmpl/intranet-tmpl/prog/en/includes/patroncards-errors.inc
contains a lot of (partial) template directives like:
%%]%s %sLayout: [%%

This patch fixes it

To test:
- Verify that code changes make sense
- Apply patch
- Create a translation (cd misc/translator , then: perl translate create aa-AA
- Verify that in po/aa-AA-staff-prog.po contains no fragments like %%] or [%%
  for patroncards-errors.inc
- Try to get an error: Try a link like
  http://[YOUR SERVER]/cgi-bin/koha/patroncards/create-pdf.pl?batch_id=1&template_id=999&layout_id=999&start_card=1
  ...where template_id and layout_id do not exist

(Amended for comment #2 2017-06-05 mv)
(Amended for comment #6 2017-08-02 mv)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:36 -03:00
Marc Véron
03c7f9366c Bug 18687: Translatability: abbr tag should not contain lang attribute
In manage-marc-import.tt, we have an abbreviation:

<abbr title="Differences between the original biblio and the imported" lang="en">Diff</abbr>

In translations (e.g. German), the line appears as follows:
<abbr title="Unterschiede zwischen Originaltitelsatz und importiertem Titelsatz" lang="en">Diff</abbr>

The lang attribute is wrong here, it is still "en".
The text language is the same as defined at the top of the page - or with other
words, the lang tag is superfluous.

This patch removes it.

To test:
Verify that code change makes sense.

Passes QA test and the change is logical
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:35 -03:00
Marc Véron
25fa02272d Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt
This patch removes entries like the following in translations of itemsearch.tt:
"[%% INCLUDE form_field_select name=\"homebranch\" options = branches "
"empty_option = \"All libraries\" %%] [%% INCLUDE form_field_select name="
"\"holdingbranch\" options = branches empty_option = \"All libraries\" %%] %s "
"[%% INCLUDE form_field_select name=\"location\" options = locations "
"empty_option = \"All locations\" %%] %s "

New patch on top of Bug 18633 that resolves parts of initial comment.

To test:
- Verify that in itemsearch.tt no tt directives are splitted by new lines
  (search for [% INCLUDE )
- Verify that itemsearch.tt works as before

Followed test plan and verified that tt directives are not split by new
lines, the changes to the fieldset tags in comment 3 have been removed
and itemtype.tt still works correctly as before

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:35 -03:00
Marc Véron
2ee82801c7 Bug 18652: Get rid of tt directive in translation for uncertainprice.tt
Translation tool shows toe following for ncertainprice.tt
0; url=[% scriptname %]?booksellerid=[% booksellerid %]

This patch fixes it.

To test:
- Apply patch
- Verify that code change makes sense
- Verify that Home > Acquisitions > [vendor] > Uncertain prices for [vendor]
  works as before

- Additional test (for a langunage 'aa-AA')
  perl translate create aa-AA
  verify that line 41 no longer appears in aa-AA-staff-prog.po

Amended to switch from BLOCK to a template variable, see comment #5

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:35 -03:00
Marc Véron
79338bde3e Bug 18649: Translatability: Get rid of tt directive in translation for admin/categories.tt and onboardingstep2.tt
New patch without trailing IF construction in tt directives as
requested in comment #28

To test: Verify that translation tool no longer shows tt directives as
described in comment #1

New patch, needs SO.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:35 -03:00
Marc Véron
59e95182cf Bug 18629: (followup) Plain text "Continue..." instead of BLOCK
Remove
[% BLOCK txt_continue %]Continue to the next step[% END %]
...and restore original text

See comment #19 and comment #20

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:34 -03:00
Marc Véron
bd81047f42 Bug 18629 - Translatability: Fix problems with web installer 17.05
The new web installer for 17.05 has a great new design - but it has a lot of
translatability issues. Some strings are not picked for translations,
some expose the content of tt directives, and others are splitted by
html tags, resulting in small text fragments that are not easy to translate.

This patch weeds out such translation problems for step1.tt, step2.tt and
step3.tt

To test:
- Apply patch (on top of Bug 18665 because of html tags inside of
  tt directives in step2.tt)
- Prepare a fresh install (drop database, create database)
- Walk through the installation process and verify that it works as before
- Verify that string changes (in English) make sense
- Create a translation( cd misc/translator, then perl translate create aa-AA)
  then: vim po/aa-AA-staff-prog.po and search for: /installer\/step
  Verify that strings for step1.tt, step2.tt, step3.tt are not fragmented,
  do not contain [%%, and are easily translatable (make sense without having
  to search in source files for context).

(Amended to remove some superfluous chomps 2017-06-27 mv)

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-30 16:43:34 -03:00
Amit Gupta
36ba8be88a Bug 19035 - Stored XSS in lists.pl
To Test
1. Hit the page /cgi-bin/koha/patron_lists/lists.pl
2. Click on new patron list
3. Add a text in the field Name that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed in both the pages list.pl and list.pl?patron_list_id=xx
xx is patronlist id

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
8534ca2780 Bug 19114 - Stored XSS in parcels.pl
Test
1. Hit the page /cgi-bin/koha/acqui/parcels.pl?booksellerid=xx
   xx is booksellerid
2. Add a text in the field Vendor invoice that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Fixed XSS for parcels.pl/parcel.pl/orderreceive.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
d31c635fe2 Bug 19112 - Stored XSS in basketheader.pl page
To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
d4b588aca8 Bug 19110 - XSS Stored in branches.pl
To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
   xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
73a66ccaf4 Bug 19100 - XSS Flaws in memberentry.pl
1. Hit /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid.
5. Notice it is no longer executed.

NOTE: I had to test in Microsoft Edge, because Chrome was blocking XSS for me.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
6b3449627f Bug 19105 - XSS Stored in holidays.pl
To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
fd44f2fed7 Bug 16069 - XSS issue in basket.pl page
1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
   xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
   xx - is a basketno.
5. Notice it is no longer executed.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
8c3da35130 Bug 19033: XSS Flaws in Currencies and exchange page
1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the issue, follows common practice on the codebase.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
4b11d0c862 Bug 19034: (followup 2) Fix letters.tt XSS flaw
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
7e9a71a438 Bug 19034: (followup) Fix letters.tt XSS flaw
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
46b0b0a75b Bug 19034: XSS Flaws in Z39.50/SRU servers administration
1. Hit /cgi-bin/koha/admin/z3950servers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search Z39.50/SRU servers box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search Z39.50/SRU servers box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
3f7fc907ba Bug 19034: XSS Flaws in Cities
1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
e0dd566634 Bug 19034: XSS Flaws in Patron categories pages
1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
c57d0b71c7 Bug 19050 - XSS Flaws in Quick spine label creator
1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
861cec5773 Bug 19051 - XSS Flaws in - Batch item modification page
1. Hit /cgi-bin/koha/tools/batchMod.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
9f19d3d44c Bug 19051 - XSS Flaws in Batch item deletion page
1. Hit /cgi-bin/koha/tools/batchMod.pl?del=1
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
92d58c60b0 Bug 19051 - XSS Flaws in - Batch record deletion page
1. Hit /cgi-bin/koha/tools/batch_delete_records.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Record number list (one per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Record number list (one per line) text area.
6. Notice it is no longer executed.
7. Fixes for both biblio and authority records.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
0cf9eb0cfb Bug 19052 - XSS Flaws in - Invoice search page
1. Hit /cgi-bin/koha/acqui/invoices.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
3199cff639 Bug 19052 - XSS Flaws in vendor search page
1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
1a7040b7b0 Bug 19054 - XSS Flaws in Report - Top Most-circulated items
1. Hit /cgi-bin/koha/reports/cat_issues_top.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
ee3bfd5d69 Bug 19078 - XSS Flaws in System preferences
1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-29 12:00:37 -03:00
Amit Gupta
ea886885d0 Bug 19118 - Due to wrong variable name passed vendor name is not coming in browser title bar
Test

1. Hit the page /cgi-bin/koha/acqui/supplier.pl?booksellerid=xx
   xx is a booksellerid
2. Apply the patch and reload the page.
3. You can see vendor name in browser title bar.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 12:12:25 -03:00
6cbe9abcc8 Bug 18447 - Datepicker only shows -10/+10 years
This patch makes 2 changes:
1 - Global datepicker defaulted to c-100:c+10
2 - Dateofbirth datepicker defaulted to c-100:c

To test:
1 - Open some date pickers (patron entry, subscriptions, anywhere really)
  - Make sure to check some dateofbirth datepickers
2 - Note that default is 10 years in either direction, updated when you
select
3 - Apply patch
4 - Note we now get -100 years / +10 years from current selection
5 - Now find a dateofbirth datepicker and note default is -100:+0
6 - Sign off

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 11:38:46 -03:00
9af6c4e34b Bug 19080: Handle non-existing patrons gratefully
This is a recurrent bug we have over the last years. When a script is
called with non-existent borrowernumber it will crashes.
We need to handle this gracefully instead of letting the script crashes.

On bug 18403 a new subroutine is added to the codebase
(output_and_exit_if_error) to handle this kind of errors correctly.
Since it is not pushed yet, I propose to just redirect to a script that
handle it correctly (circulation.pl) instead of adding this message to
all these scripts.

Test plan:
Hit different scripts from the members module and pass a non-existent
borrowernumber.
You must be redirected to circulation.pl with a friendly message.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 11:03:37 -03:00
9917d9cad1 Bug 18581 - Add standard edit and delete buttons to suggestions list
This patch modifies the table of suggestions in the staff client, moving
the edit link to the standard last column and styling it correctly. A
delete button is added as well.

Unrelated change: I removed the column containing suggestionid because I
don't think it's human-relevant information.

To test, apply the patch and go to Acquisitions -> Suggestions.

- In each tab, the table of suggestions should have an unsorted last
  column containing "edit" and "delete" links which should be styled
  correctly and working correctly.
- On the detailed view of a suggestion, the "delete" button in the
  toolbar should still work correctly.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:59:04 -03:00
Hector Castro
729c2986b5 Bug 17288: (follow-up) Remove unneccessary Date() function
Remove line:
var now = new Date(); from both subfields
Also fix 18 positions (00-17) for default data in 006 field

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:59:04 -03:00
9fd2e87af4 Bug 17288 (QA Followup)
Don't default char 5 (is undefined in some forms)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:59:03 -03:00
Hector Castro
e3f5fb8d13 Bug 17288: (follow-up) Fix marc21_field_007.xml
Bad formatted data in 007 field. Fixed
To test follow the previous commit.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:59:03 -03:00
bd58a0debf Bug 17288 - Advanced Editor - Rancor - Helpers for 006 and 007 fields
To test:
Open advanced cataloging editor
Experiment with 006 and 007 fields and ensure helpers function for all
material types

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:59:03 -03:00
Mark Tompsett
ae45243fae Bug 16892: Add automatic patron registration via OAuth2 login
10988 added the ability to log into the OPAC authenticating with
Google Open ID Connect. This extends it, by allowing an
unregistered patron to have an account automatically created
with default category code and branch.

This is accomplished by adding 3 system preferences.
- GoogleOpenIDConnectAutoRegister
      whether it will attempt to auto-register the patron.
- GoogleOpenIDConnectDefaultCategory
      This category code will be used to create Google OpenID Connect patrons.
- GoogleOpenIDConnectDefaultBranch'
      This branch code will be used to create Google OpenID Connect patrons.

Sponsored-by: Tulong Aklatan

Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
b08913370f Bug 18817: Update links manually
Without the anchor it is not possible to retrieve the html page, so
these occurrences have been updated manually (and yes it was painful)

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:22:14 -03:00
674c32a094 Bug 18817: Update links with anchor automatically
I generate a mapping files (old anchor > new anchor) from the doc files.
Here are the links that have been updated automatically

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:22:14 -03:00
Joy Nelson
0250fb7b76 Bug 18817 Correct Manual URL
Corrected the manual url in the help screen for 17.05 onward.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:22:13 -03:00