This patch suggests to adopt the terminology used in the OPAC
to only use charges and leave off the Fines or Fees.
To test:
- Add a charge to your account
- Check the note on the details and checkouts tabs
- Check the tab name on the details tab
- Activate batch checkouts via systempreferences for your
patron category:
- BatchCheckouts
- BatchCheckoutsValidCategories
- Add a guarantee to your patron and allow to see fines
(requires: AllowStaffToSetFinesVisibilityForGuarantor)
- Add a manual fine for the guaranee above NoIssuesChargeGuarantee
- Go to the batch checkout tab of your patron and verify note there
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch:
- removes unused templates
- use objects as much as possible
- remove many template params
Test plan:
1) Apply the patch
2) Play with patron detail page and try to broke it anyhow ;)
- messaging preferences
- enhanced attributes
- guarantors and guarantees
- fines
- messages
- checkouts
- overdues
- use different date formats, price formats and address formats
- ... there is many thinks you could try with this one page ;)
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Generated with:
perl -p -i -e 's/\|\s?\$Price\s?\|\s?html\s%]/| \$Price %]/g' **/*.tt **/*.inc
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Test plan:
Read the changes and make sure they make sense
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fines did not show on patron checkout and detail pages unless amout
was greater than syspref NoIssueCharges.
This patch fixes the logic in
koha-tmpl/intranet-tmpl/prog/en/includes/blocked-fines.inc
Additionally, it changes links to buttons and makes some small
text changes to ease translation.
To test:
- Apply patch
- Display checkout or detail page and verify proper display for
a patron who has
- no fines (no message)
- fines not exceeding syspref NoissueCharges (message)
- fines exceeding syspref NoIssueCharges (message)
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
