Resolve things like:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_prodclone_opac_svc_report line 42, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.
The cache key in both script looks like:
opac:report:id:602018
but should for consistency be:
opac:report:id:60:2018
Note: The 2018 here is part of the sql_params and should not be
concatenated to the report id.
Test plan:
Do not yet apply this patch.
Make a report public, set cache to 300 secs.
Check its output with opac/svc/report.
Check for the warn in your log.
Apply the patch, restart Plack and flush cache.
Check opac/svc/report.
Modify your report; e.g. add a simple string to the SELECT.
Check opac/svc/report. You should still see cached output.
Flush the cache.
Check opac/svc/report. You should now see the added text.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested also by clearing individual keys with $cache->clear_from_cache.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The subscriptionsnumber is required in biblio-view-menu.inc to display
the Subscription(s) tab. In detail.pl, if you click any of
Labeled MARC (you need to set the syspref viewLabeledMARC)
Hold(s)
Article requests
Checkout history
Modification log
Rota (you need to set the syspref StockRotation)
you lose the Subscription(s) tab.
This patch fixes the display by having each feature script generate that
value to be passed to the UI. I keep this separated from the first patch
since it's not exactly the same issue, and the solution might not
please.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
When on a detailed record in the intranet, any click on the sidebar
will lead you to another page with the same sidebar EXCEPT for "Article
requests".
When clicking on article requests, you get a new sidebar without
MARC
Labeled MARC
ISBD
This fix adds the required C4::Biblio::enabled_staff_search_views that
loads the required hash with the permissions.
TEST
0) login with a user having all rights
1) go to any detailed notices, notice the sidebar on the left
2) click on MARC
3) notice the sidebar is the same in the new page
4) click on Request articles
5) notice the missing labels on the sidebar
6) apply patch, redo steps
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
In inventory, optional filters are build from authorize values categories used for items.notforloan, items.itemlost, items.withdrawn and items.damaged.
The bug is that description of value 0 is always "For loan".
This seems to be only for "notforloan".
Second bug is that if a description exists for "notforloan" value 0, it is not used.
This patch corrects by adding "For loan" only for "notforloan" authorized values and if there is no 0 value.
It changes the description added by code from "ignore" to a more unlikly user defined "__IGNORE__".
Test plan:
1) Make sure you have authorized values defined on items.notforloan, say "NFL" category, with at least a value and description but no 0 value
2) Make sure you have authorized values defined on items.itemlost, say "LOST" category, with 0 = "Not lost" and 1 = "Lost"
3) Go to inventory /cgi-bin/koha/tools/inventory.pl
4) Without patch you see "For loan" on both items.notforloan and items.itemlost
5) With patch you see "For loan" only in items.notforloan, you see for items.itemlost : "Not lost" and "Lost"
6) Create in authorized values category "NFL" a value 0 with description "Available"
7) Go to inventory /cgi-bin/koha/tools/inventory.pl
8) Without patch you see "For loan" in items.notforloan for value 0
9) With patch you see "Available" in items.notforloan for value 0
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
- Link 'choose' is now a button.
- It doesn't call directly javascript anymore (use of listener).
- field to load stored in html on the page (less escaping needed).
Test plan :
1) Use UNIMARC catalog
2) Define unimarc_field_210c value builder on 210$c
3) Define an autority type EDITORS with heading on 200$b
4) Create an autority of this type with a single quote in heading, ie : l'avenir
5) Index this new autority
6) Edit a biblio record and launch 210$c value builder
7) Search for new autority
8) Click on 'Choose'
=> Heading should be pasted in 210$c
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The words "Han (Simplified variant)" is appearing in the language name because the file is titled "zh-Hans-TW" when it should be titled "zh-Hant-TW". The database is set up to use "Hant" but it just incorrectly named.
Test plan
1. Apply patch.
2. Install zh-Hant-TW on your Koha server.
3. Navagate to I18N/L10N preferences and confirm that the english text description states (Traditional variant).
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Files on translate.kc.org have already been fixed by Bernardo.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
0 - Set UseACQFrameworkForBiblioRecords to 'Use'
1 - Define a subfield in the ACQ framework linked to authorised value
'itemtypes'
2 - Make sure that field is visible
3 - Create a purchase suggestion
4 - Accept it
5 - Go to Acquisitions
6 - Find a vendor with an open basket, or create one
7 - Add to the basket using a suggestion
8 - Choose the suggestion
9 - Internal server error
10 - Apply patch
11 - Place order form a suggestion again
12 - Confirm that the field linked to itemtypes shows correctly
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This makes e.g. the advanced MARC editor, and anything that uses AddBiblio or
ModBiblio honor BiblioAddsAuthorities.
To test:
1. Make sure BiblioAddsAuthorities and AutoCreateAuthorities preferences are enabled.
2. Add a new record using advanced editor (enable EnableAdvancedCatalogingEditor to
use it), include a previously non-existing author.
3. Save the record and observe the author get an authority number.
4. Add another author, save the record and make sure it also gets an authority number.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
On Home › Administration › Transport cost matrix you should no longer
see " ".
Fill some values and save, you should see the correct values.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bulkmarcimport produces undefined subroutine error for
C4::Items::TransformMarcToKoha and C4::Items::GetMarcStructure
probably caused by mutually recursive modules. Put exports in
BEGIN clause before all the other imports.
To test:
1) Run bulkmarcimport.pl before applying patch and verify
that undefined subroutine error occurs
2) Apply patch
3) Run bulkmarcimport.pl again and verify that no errors are
produced
Sponsored-by: Gothenburg University Library
Signed-off-by: George Veranis <gveranis@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
1. Set syspref AllowHoldsOnDamagedItems to Allow
2. Create a hold on record with item which is damaged
3. Verify that it doesn't appear in report
4. Apply patch and verify that it's now visible
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test Plan:
1) Create an item, do not set a collection code
2) Add the item to a course, and choose to set a collection code
3) Ensure the course is enabled, and the collection code is now visible
4) Disable the course, ensure the collection code is no longer visible
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test Plan:
1) Create an item, do not set a collection code
2) Add the item to a course, and choose to set a collection code
3) Ensure the course is enabled, and the collection code is now visible
4) Disable the course, ensure the collection code is no longer visible
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
We don't want to display the link to the biblio if the biblio_id is null
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I added libwebservice-ils-perl 0.17 to the repository, so it
goes into debian/control too.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Carry out changes requested in commenbt #27
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We should be 'PROCESS'ing any backend JS, not 'INCLUDE'ing it
Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Supplier metadata elements have a dynamically formed class name, part of
the name is formed from the metadata key, this breaks if the key has a
space, so we replace spaces
Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
On the Manage Request page, borrowernumber should be read only, we do
not want users modifying the destination user once a request is placed
Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a 'price_paid' column to 'illrequests'
Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a 'readonly' column to illrequestattributes. On a DB
upgrade it also populates all existing rows with 1, indicating 'read
only'
Signed-off-by: Barry Cannon <bc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch introduces the 'set_password' method for Koha::Patron
objects. The main point is to make password changing atomic
(update_password touches the userid on the DB, which should be done
carefully with better error handling, and it is done there only for
legacy backwards compatibility).
A follow-up bug will make the codebase use this instead of
update_password, and use a proper method for changing the userid if
required.
To test:
- Apply this patchset
- Run:
$ kshell
k$ prove t/db_dependent/Koha/Patrons.t
=> SUCCESS: Tests pass!
- Sign off! :-D
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
1 - Create new report
SELECT CONCAT('<a href="/cgi-bin/koha/members/moremember.pl?borrowernumber=',borrowernumber,'">',"",firstname,"",surname,'</a>')
AS people
FROM borrowers
2 - Run this report
3 - Note the results contain raw text, they are not hyperlinks
4 - Apply patch
5 - Reload the results
6 - They should now be links
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
commit e09ed656af
Bug 18403: Only display libraries from group in dropdown lists
and
commit 0ab22e1c7c
Bug 18789: Send Koha::Patron object to the templates
broke the overdue list export.
Test plan:
Create some overdues
Export them: "Home › Circulation › Overdues" then click the link on top
of the table.
All the different columns of the generated CSV file must be filled
correctly
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds CodeMirror syntax highlighting to the SQL reports
editor. Newly added is a file containing the sql-specific syntax
highlighting code, in both compressed and uncompressed versions.
Unrelated changes:
- Some JavaScript has been moved from inside the body of the page to
the footer.
- Paths to some assets have been corrected to no use relative paths.
To test, apply the patch and go to Reports -> Saved SQL reports
- Edit an existing report and confirm that the SQL is correctly
highlighted and that there are no display problems when editing.
- Confirm that changes are saved successfully.
- Perform the same test when creating a new SQL report.
- View an existing report and confirm that the SQL is syntax-highlighted
but is read-only.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch changes the way biblionumbers are passed to the cart script
for adding and removing single items. The title's biblionumber is now
stored in a data-attribute on the links for adding and removing. This
should be a more robust, unified way to handle these single-item
operations.
To test, apply the patch and enable the opacbookbag system preference.
Test adding and removing items from the cart from various pages using
various methods:
- By clicking an "Add to your cart" / "Remove" link in search results
- By clicking an "Add to your cart" / "Remove" link on a detail page
- By checking boxes in search results and adding via the dropdown
Each operation should work correctly.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
JS error was:
ReferenceError: _ is not defined
The strings after staff-global.js (for the function _)
Test plan:
Turn on StockRotation system preference
1) Go to a staff detail page
2) Switch to rota page
3) Check web developer tools
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
t/Koha_ExternalContent_RecordedBooks.t skips more tests than scheduled
if WebService::ILS is not available.
Test plan:
- have a system without Webservice::ILS available
- in koha-shell, do
prove t/Koha_ExternalContent_RecordedBooks.t
- tests should be skipped and tests count as "passed"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Remove the duplicate entry for RoutingListAddReserves
I guess it has been caused by a bad merge resolution conflict
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
* Koha/Schema/Result/Stockrotationstage.pm: Load `Ordered`, add
grouping_column.
Signed-off-by: Kathleen Milne <kathleen.milne@cne-siar.gov.uk>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
