To reproduce:
Go to Home > Tools > Patron card creator
Click on 'Manage profiles'
Result:
Can't use string ("1") as an ARRAY ref while "strict refs" in use at /usr/share/kohaclone/C4/Creators/Lib.pm line 564.
Reason:
Select statment to get field 'template code' from table 'club_template_enrollment_fields' (!) instead of 'table creator_templates'.
To test:
Apply patch
Try to reproduce issue.
Amended because of typo (_ instead of -)
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
SQL expects lists to be comma separated. A trailing comma must also
be avoided.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To recreate:
/cgi-bin/koha/patroncards/edit-template.pl?op=edit&element_id=23%20and%201%3d2+union+all+select+1,user(),@@version+--%20
Look at the Profile dropdown list.
To fix this problem and to make sure it does not appears anywhere else
in the label and patroncards modules, I have refactored the way the
queries are built in C4::Creators::Lib
Now all of the subroutine takes a hashref in parameters with a 'fields'
and 'filters' parameters.
From these 2 parameters the new internal subroutine _build_query will
build the query and use placeholders.
Test plan:
1/ Make sure you do not recreate the vulnerability with this patch
applied.
2/ With decent data in the labels and patroncards modules, compare all
the different view (undef the New and Manage button groups) with and
without this patch applied.
=> You should not see any differences.
This vulnerability has been reported by MDSec.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Create a label batch
2 - Add some items
3 - Note you do not see callnumber
4 - Apply patch
5 - Verify callnumber displays correctly
6 - Verify batch functions (adding, exporting, removing, etc) work as
before
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Mainly a
perl -p -i -e 's/^.*3.07.00.049.*\n//' **/*.pm
Then some adjustements
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This deals with my concerns raised in comment #2.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomás Cohen Arazi <tomascohen@theke.io>
Testing C4::Creators::Lib at 100%
Deleting get_column_names subroutine (never used)
TEST PLAN
---------
1. Apply patch
2. prove -v t/db_dependent/Creators/Lib.t
-- All 644 tests should run successfully without
any error or warning
TEST PLAN OPTIONAL
------------------
Check with bug 13899 to see the coverage of this module.
Coverage BEFORE this patch :
Statement : 11,6%
Branch : 0,0%
Condition : N/A
Subroutine : 36,0%
Coverage AFTER this patch :
Statement : 100,0%
Branch : 100,0%
Condition : N/A
Subroutine : 100,0%
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomás Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://bugs.koha-community.org/show_bug.cgi?id=9987
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch fixes two problems:
a) Bad PDF when using Helvetica font.
Current label code assigns 'italic' or 'oblique' variants
to title. Helvetica-Oblique was not defined, but is present
b) Bad alignment using center/right justification
Problem was bad font parameter passed to StrWidth
routine
To test:
1. Try making a batch using Helvetica, downloaded PDF do not open.
2. Try a batch of mixed scripts with layout alignment center or
right, only latin scripts align almost correctly.
3. Apply the patch and update your koha-conf.xml to add Oblique variant
4. Try again 1, now PDF opens
5. Try 2, now alignment is correct
New problem (for another bug): DejaVuSans has a good
support for arabic, but not Oblique variant. As selection
of italic/oblique is hardcoded, now Arabic titles are
not displayed. I'll try to add a checkbox to select
or not this feature.
Added a FIXME for the hardcoded forced oblique -chris_n
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
This patch updates the example template syntax in the POD for
C4::Creators::Lib::html_table() to use Template Toolkit syntax.
To test, view the POD for C4::Creators::Lib::html_table() and confirm
that it looks correct.
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Checked the POD with "perldoc C4/Creators/Lib.pm" before and after applying
the patch. The example now uses TT syntax, and looks sensible.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Current implementation doesn't scale barcodes because low-price
CCD barcode readers are very sensitive about size
Test scenario:
1. in Tools > Labels create or edit Layout and select EAN13 as barcode
type
2. export one of existing batches using EAN13 layout and verify that
generated pdf file contains barcodes
3. print pdf file and test it with barcode reader
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
current code is using DISTINCT and another SQL query which can be replaced with GROUP BY
for massive speedup. In our case, generating Manage Batches screen DBI time decreased
from 24.762 s to 0.147 s
Aside from correct usage of relational database, this change also cleans up code nicely.
This change removed semi-columns from SQL query which broke Manage Patron batches.
Test scenario:
1. open Manage Batches screen and take note of time needed to generate it
2. apply this patch
3. reload page and check page genration time
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
working through the master branch to eliminate all
podchecker warnings/errors
Actual improvement to the quality of the POD will
come later (hopefully with assistance of others)
Signed-off-by: Andrew Elwell <Andrew.Elwell@gmail.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This reverts commit 1f56a04cad.
[RM note: I confirm Chris Nighswonger's testing that shows that
the patch causes regressions, including breaking creating new
label layouts.]
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
A lot of routines were defaulting to return -1 in error conditions
but calling code was expecting a ref or object
use return with explicit undef (or emptyness in array context)
for these cases. Extended this to cases where return was not tested
( -1 might in some cases be legit data).
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
(cherry picked from commit 5cf2b78b6f)
[RM note: ... thereby undoing the revert]
A lot of routines were defaulting to return -1 in error conditions
but calling code was expecting a ref or object
use return with explicit undef (or emptyness in array context)
for these cases. Extended this to cases where return was not tested
( -1 might in some cases be legit data).
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
