This patch reindents three item search field templates so that they have
consistent indentation.
To test, apply the patch and go to Administration -> Item search fields.
Test all aspects of viewing, adding, and deleting item search fields.
Everything should look correct and work correctly.
Signed-off-by: David <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: changed intendation on a tiny bit
The removal of the <select>s should have been accompanied by a
correction to the scope of tagfield and tagsubfield. It is also
unnecessary to conditionally include the "value" attribute.
To test, apply the patch and test the process for editing an item search
field. All the correct values should appear in form fields during edit,
and all values should save correctly.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds some custom validation to the MARC tag and subfield
fields so that they are limited to alphanumeric characters.
Both templates (the main view and the edit view) have been modified so
that item_search_fields.js can be included in both.
To test, apply the patch and test the form by entering a variety of
different character combinations. The "MARC field" and "MARC subfield"
inputs should only accept alphanumeric entries.
Test both "new" and "edit" operations.
Test other operations like delete and cancel.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jose-Mario <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
The pull down for marc subfields on the item search fields config page is
long and hard to use. It also doesn't include the commonly used
upper case letters for custom item subfields.
Also hard to use with its 999 entries is the marc field list. It doesn't
allow for tags like 01e, which exist in our MARC21 default framework.
To test:
- Go to Administration > Item search fields
- Add different mappings with and without subfields
- Verify the entered values are stored correctly
- Edit mappings
- Verify editing works and changes save correctly
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
The dropdown list contain the arrayref: ARRAY(0x...)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Fixed for new and edit page
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 include files do not pass the template validation tests:
- koha-tmpl/intranet-tmpl/prog/en/includes/admin-items-search-field-form.inc
- koha-tmpl/intranet-tmpl/prog/en/includes/subscriptions-search.inc
- koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-topissues.inc
This is because they process a block which has not been declared before.
As they are include files, they cannot stand on their own.
We could have added them to the exclude file list of xt/author/valid-templates.t
but I think it's better to keep them into the validation loop.
Test plan:
prove xt/author/valid-templates.t
should return green
And the library dropdown list should be correctly populated on the pages these files are included
(opac-topissues for instance)
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The subroutine C4::Koha::GetAuthorisedValueCategories just retrieves all
the authorised value categories.
We already have a method in the Koha::AuthorisedValues module to do this
job, let's use it!
Technical explanations:
The new subroutine of the AuthorisedValues TT plugin will allow to get
the authorised value categories from the templates.
The new html_helpers include file will get rid of the if selected else
end statements. Bug 15758 already uses this file, see the commit
description for more informations.
Test plan:
1/ Create or edit a new fund (aqbudgets.pl), the fields "statistic 1"
and "statistic 2" should be correctly filled with the list of authorised
value categories
2/ Edit subfields for a biblio and authority framework.
The "Authorized value" dropdown list should be correctly filled on both
pages
3/ Create new items search fields (from the administration area), same
as previously, the authorised value category dropdown list should be
correctly filled
4/ Add and edit patron attribute types, check the authorised value
category list.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds some JavaScript to the item search fields management
page so that the add form is not displayed by default. This simplifies
the interface and makes it more consistent with other similar
interfaces.
Also changed in this patch:
- Changing instances of "Items search fields" to "Item search fields."
- Correct form structure to use ordered list
- Add "required" classes and enable built-in JS form validation.
- Add explicitly labeled "Choose" options to <select>s.
- Add missing ids to form fields (labels don't work without them).
- Correct classes of message and alert dialogs.
- Add JS confirmation of deletions.
- Convert MARC tag and subfield dropdowns to regular inputs (Bug 15384).
To test, apply the patch and go to Administration.
- Confirm that the "Item search fields" link is correct.
- Follow the link and confirm that the list of existing fields is shown
by default, or a message saying there are no existing fields.
- Click the "New search field" button and confirm that it displays the
entry form.
- Confirm that submitting an empty form does not work.
- Confirm that clicking the "Cancel" link correctly hides the form.
- Confirm that submitting valid data works correctly.
- In the table of existing item search fields, confirm that the "Edit"
button works correctly.
- Confirm that submitting edits works correctly.
- In the table of existing item search fields, confirm that clicking
"Delete" highlights the row in question and a confirmation dialog
appears.
- Test both canceling and confirming deletion.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as described. JSHint OK, koha-qa OK.
Revision per QA: Undid the change making tag and subfield inputs text
fields.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Item search is available at catalogue/itemsearch.pl (link is in
catalogue/search.pl)
It only uses SQL (not Zebra)
* Use DataTables and server-side processing to be able to filter on
individual columns after the first search is done.
* Allow to export results in CSV
* With Javascript disabled, search form still works (and CSV export too)
There is the possibility to define "Custom search fields" in a new admin
page admin/items_search_fields.pl (link is in admin/admin-home.pl)
A custom item search field is defined by:
* a name: its unique identifier
* a label: the text displayed to the user
* a MARC field/subfield: the field/subfield to query (it uses
ExtractValue)
* an authorised values list (optional): if defined the list is displayed
in the search form
New Perl dependency: Template::Plugin::JSON::Escape
Test plan:
1/ Apply the patch and run updatedatabase.pl
2/ Go to advanced search (staff interface), then click on "Go to item
search"
3/ Play with the search form! :)
In the 3rd fieldset you can add as many fields as you want and combine them with
boolean operators (AND, OR). You can use SQL jokers characters (%, _)
You can output to screen (in a DataTables table) or to a CSV file.
4/ In the DataTables table, play with filters and try sorting columns.
5/ Disable Javascript (with Firefox: extensions NoScript or YesScript,
or in about:config 'javascript.enabled' = false
6/ Reload the search page and do some searches on screen output. (there
is no sorting or filtering features, but there is still pagination)
7/ Try again CSV output.
8/ You can re-enable Javascript.
9/ Go to Administration > Items search fields
10/ Add a new field. Example for title (in UNIMARC):
Name: title
Label: Title
MARC field: 200
MARC subfield: a
Authorised values category: None
(add another field with an authorised values category to see the
difference).
11/ As you are there try to update and delete some fields.
12/ Go back to items search form. You can see in the 3rd fieldset that
your fields have appeared in the selects.
13/ Try searching on them.
14/ I think you're done :)
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described. Good new option.
No koha-qa errors
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
