Commit graph

156 commits

Author SHA1 Message Date
798d38e4c7 Bug 16011: $VERSION - Remove comments
perl -p -i -e 's/^.*set the version for version checking.*\n//' **/*.pm

+ manual adjustements

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:29 +00:00
017699c345 Bug 16011: $VERSION - Remove the $VERSION init
Mainly a
  perl -p -i -e 's/^.*3.07.00.049.*\n//' **/*.pm
Then some adjustements

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:28 +00:00
3830d78d46 Bug 16011: $VERSION - remove use vars $VERSION
perl -p -i -e 's/^(use vars .*)\$VERSION\s?(.*)/$1$2/' **/*.pm

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:26 +00:00
fb167c0e4b Bug 15111: Change X-Frame-Options with SAMEORIGIN
There are some places where frames are used, the greybox JS plugin for
instance.

We need either to allow them from Koha or replace this plugin.
The easier for now is to switch the value from DENY with SAMEORIGIN.

Test plan:
- modify a record in a batch (tools/batch_record_modification.pl)
- click on preview marc
=> With only the previous patch you will get a blank page.
=> With this patch apply, it will work as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-03-14 16:30:08 +00:00
dc03bca76c Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks
Web pages that can be embedded in frames are vulnerable to cross-frame
scripting attacks. Cross-frame scripting is a type of phishing attack
that involves instructions to an unsuspecting user to follow a specific
link to update confidential information in an online application.
Because the link leads to a legitimate page from the online application
that is embedded in a frame hosted by the attackers' server, the
attackers can capture all the information that the user enters.

https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-03-14 16:30:08 +00:00
6f75aa11ff Bug 14544: Make the intranet side independent of Page.pm
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-05 09:58:01 -03:00
6c30d31af7 Bug 15005: Fix pagination_bar calls
Test plan:
Create an order for an existing biblio, confirm that the pagination links work correctly.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-10-19 09:36:43 -03:00
Marc Véron
5dceb851dd Bug 13813: Remove deprecated module C4::Dates from system
Test plan: See Bugzilla.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-09-18 12:40:55 -03:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
Jonathan Druart
b678301e46 Bug 13684: C4::Budgets should not be used in C4::Output
Bug 12844 removed the call to C4::Budgets::GetCurrency.
The use of this module can be completely removed from C4::Output.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
It makes sense and no runtime errors found.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
2015-02-16 23:36:40 -03:00
Jonathan Druart
ed7221102f Bug 12845: C4::Output::FormatData can be removed
Test plan:
  git grep FormatData
should not return any result in pl and pm files.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-17 10:26:21 -03:00
Jonathan Druart
55107741a2 Bug 11944: replace use of utf8 with Encode
See the wiki page for the explanation.

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:06:45 -03:00
Jonathan Druart
8a2d765769 Bug 12844: Remove the C4::Output::FormatNumber subroutine
This subroutine is now useless.

Test plan:
  git grep FormatNumber
should not return any result in pl and pm files.

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-27 12:56:19 -03:00
Galen Charlton
7b165794cd Bug 10016: force zero browser-side caching of SCO pages
This patch makes the web-based self-check module pages
specify that no browser (or proxy caching) occur at all.
This prevents a security issue where letting the SCO session time out,
then hitting the back button allowed one to view the previous
patron's session.

This patch adds an optional fifth parameter to output_with_http_headers(),
and output_html_with_http_headers(), a hashref for miscellaneous
options.  One key is defined at the moment: force_no_caching, which if
if present and set to a true value, sets HTTP headers to specify no
browser caching of the page at all.

To test:

[1] Start a web-based self-check session and optionally perform
    some transactions.
[2] Allow the session to time out (it may be helpful to set
    SelfCheckTimeout to a low value such as 10 seconds).
[3] Hit the back button.  You should not see the previous patron's
    self-check session.
[4] Verify that prove -v t/Output.t passes.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Ed Veal <ed.veal@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-21 18:05:12 +00:00
Galen Charlton
92f289e9a1 Complete revert of 6554
One line wasn't caught by the initial revert.  Thanks to
Jonathan Druart for catching this.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-05-03 07:58:50 -07:00
Galen Charlton
94508a5c3d Revert "Bug 6554 QA Followup"
This reverts commit 686fdae32c.

Rolling back bug 6554 work until we have more comprehensive tests.
2013-04-29 15:17:06 -07:00
686fdae32c Bug 6554 QA Followup
Removing binmode, now encoding data in output_with_http_headers.
Replaced output_string by output_as_chars in XSLTParse4Display.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No errors.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-01 18:51:49 -04:00
Dobrica Pavlinusic
d542740ab8 Bug 6554 - make Koha internally utf-8 clean
In current implementation (mostly commented out in this patch)
uses heuristic to guess which strings need decoding from utf-8
to binary representation and doesn't support utf-8 characters
in templates and has problems with utf-8 data from database.

With this changes, Koha perl code always uses utf-8 encoding
correctly. All incomming data from database is allready
correctly marked as utf-8, and decoding of utf8 is required
only from Zebra and XSLT transfers which don't set utf-8 flag
correctly.

For output, standard perl :encoding(utf8) handler is used
so it also removes various "wide character" warnings as side-effect.

Test scenario:
1. make sure that you have utf-8 characters in your biblio
   records, patrons, categories etc.
2. try to search records on intranet and opac which contain
   utf-8 characters
3. install language which has utf-8 characters, e.g. uk-UA
   dpavlin@koha-dev:/srv/koha/misc/translator(bug_6554) $
   PERL5LIB=/srv/koha/ perl translate install uk-UA
4. switch language to uk-UA and verify that templates
   display correctly
5. test search and Z39.50 search and verify that caracters
   are correct

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I followed the test plan, adding utf-8 characters to library names,
patron categories, titles, and authorized values. I tried the uk-UA
translation and everything looked good.

When performing Z39.50 searches for titles containing utf-8 characters I
got results which were still occasionally contaminated with dummy
characters [?] but I assume this is Z39.50's fault not the patch's.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Already signed, add mine.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-01 18:51:49 -04:00
Fridolyn SOMERS
e343165cf6 Bug 9504: URL escape in OPAC more searches
OPACSearchForTitleIn is a syspref used to add links as "more searches" in OPAC record detail page.
The links can contain vars depending on record values like title, ISBN, ...
Thoses values must be URL-escaped because they can contain special characters that will brake URL and/or HTML.

This patch add a method C4::Output::parametrized_url() that replaces vars in URL usign escape and UTF-8 encoding.

Test plan :
- Define in OPACSearchForTitleIn a link with all possible vars : TITLE, AUTHOR, ISBN, ISSN, CONTROLNUMBER, BIBLIONUMBER
- Edit a record to add special characters in title : ", &, ? ...
- Go to OPAC detail pages of this record
=> Check that URL is well encoded
=> Click on link to check the term is well encoded (diacritical characters, ...)

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Nice test plan, thanks!

Verified bug and fix - both look good.
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-20 08:36:44 -04:00
7b09ce3a22 Bug 6679 - [SIGNED-OFF] fix 3 perlcritic violations in C4/Output.pm
"return" statement with explicit "undef" at line 128, column 74.  See page 199 of PBP.  (Severity: 5)
Subroutine prototypes used at line 270, column 1.  See page 194 of PBP.  (Severity: 5)
Subroutine prototypes used at line 308, column 1.  See page 194 of PBP.  (Severity: 5)

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
2012-09-20 12:01:38 +02:00
Jared Camins-Esakov
33113e69c0 Bug 8622: Fix theme fallback
This patch does the following:
1) Enables fallback for includes between different themes and different
   languages (with the exact same precedence as for .tt files)
2) Enable fallback for XSLT files between different themes and different
   languages (again, same precedence)
3) Change the semantics of the TT [% themelang %] variable so that it always
   refers to the preferred theme and language, rather than the fallback
   theme/language. As a result, all themes must include all javascript,
   css and image resources they use.

Note that these changes actually have no impact whatsoever on an
installation where the default (prog) themes are in use.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-09-05 11:39:14 +02:00
Jonathan Druart
a6c93961b1 Bug 7302: Export basketgroup as CSV
Adds new action export for basketgroup.
This action is available only if your basketgroup is closed.
This export generates a csv file with order informations.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested together with bug 5356.
2012-07-24 18:22:06 +02:00
Chris Cormack
509d673f10 Bug 7941 : Fix version numbers in modules
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-11 17:29:38 +02:00
7eef4c8c70 Bug 5668 - Star ratings in the opac
patch applied to commit eb3dc448d2

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

Turned on star ratings in the opac on details and results
Searched for titles - saw the stars
Clicked on a title
Clicked on the stars
Clicked on the stars to change my rating
Logged out
Tried to click on stars
Logged in as different user
Rated items that were rated already and saw average change
Changed preference to show only on detail and repeated tests
Changed preference to now show stars

All above tests passed. Signing off.

Rebased 3-19-12 by Ian Walls

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-04-10 14:40:49 +02:00
D Ruth Bavousett
bbfaf8264c Bug 7535: ampersands not showing properly in non-XSLT OPAC
Jared's fix for Bug 3326 fixed this in the staff client, but not the OPAC; moving this one line fixes it
both places.

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
This can be replicated by indexing with -x
OPACXSLTResults must be set to "normally"
Reproduced original bug with rebuild-zebra.pl -x -b -w -r -v -v
Patch corrects the issue, does not change intranet behavior.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-02-21 15:45:11 +01:00
d785d9d57d Bug 6098 Followup -- doesn't replace NSB/NSE by space
On any page, NSB/NSE characters are replaced by space in Output.pm. It isn't a
good thing:

  - It isn't necessary since Zebra indexer handle properly those characters as
    delimiter.
  - It isn't necessary for display since XSL file already do that.
  - It isn't efficient since a regex is done on every whole page sent by Koha,
    not only on biblio record part.
  - It removes an information that librarian want to keep in their biblio
    records: any record edited in Koha loose its NSB/NSE characters.

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-01-13 11:21:48 +01:00
Ian Walls
c70ff88205 Bug 2616: Remove unnecessary 'use HTML::Template' calls
Removes deprecated calls to HTML::Template or HTML::Template::Pro from:
C4/Output.pm
catalogue/export.pl
reports/issues_by_borrower_category.plugin
reports/itemtypes.plugin

Only remaining calls are in misc/cronjobs/rss/rss.pl, misc/cronjobs/smsoverdues.pl,
and t/test_template.pl.  These scripts still legitimately depend on H:T:P

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2011-12-06 11:34:05 +01:00
Chris Cormack
8e7b163608 Bug 6755 follow up, fixing broken POD 2011-09-23 11:33:00 +12:00
6b8be20497 Bug 6755 Problems with switching languages
This patch solves the situation that news is in another language than
the Koha interface AND makes that themelanguage routine is always called
the same way in order to prevent mixed display.

It fixes also a bug related to language preselection based on web
browser prefered language.

September 9: Adjusted with input of Frederic Demians.

Septembre 10: Avoid circular dependency, as pointed by Chris Cormack.
Templates related functions are moved from C4::Output to C4::Templates

Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-09-23 09:47:09 +12:00
Chris Cormack
7efaafe132 Bug 6085 : Fixing the utf8 weirdness
I am not very happy with this fix, but it does mean the template are
translatable and we don't get double encoding issues with them anymore

Please test

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-11 16:01:59 +12:00
Chris Cormack
5a23a45e32 Bug 6085 : utf8 fixed for xslt, and parameters, broken for utf8 included in templates
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-11 12:58:05 +12:00
Chris Cormack
82f0fee5c8 Bug 5917 : Fixing a bug with switching languages
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-10 22:58:08 +12:00
Chris Cormack
d4cd05126d Bug 5917 / Bug 6085 : Fixing not being able to change language 2011-04-10 20:22:55 +12:00
Chris Cormack
76184e1db0 Merge remote branch 'kc/master' into new/enh/bug_5917
Conflicts:
	installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql
2011-03-30 08:39:10 +13:00
Jared Camins-Esakov
fa7ca5c8b8 Bug 3326: Staff results still displayed &amp;
In certain circumstances, ampersands would not be displayed properly in the
Staff client search results. This patch fixes that by ensuring that all the
doubled ampersands that Zebra inserts in XML indexing mode are replaced by the
correct single ampersand entity.

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-29 12:12:20 +13:00
Chris Cormack
d6b080ddd4 Bug 5917 - Switching the installer to use Template Toolkit
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-03-22 17:16:11 +13:00
51f067fcb2 For catalyst/template_test branch. There are still issues with displaying biblios.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-02-01 09:36:19 +13:00
Christopher Hall
673b62d66b now ready for testing 2010-11-18 16:55:21 +13:00
7c0e441d50 replace references to defunct info email address
Now links to Koha project website.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-06-25 05:18:44 -04:00
64daee5495 fix a common "developement" typo
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-05-25 14:38:38 -04:00
e7f8cc8f5e bug 4403: look in appropriate theme/lang for bib display XSL
Note: approach used can be described as a hack at best; the current
language should probably become a session attribute.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-05-08 18:59:41 -04:00
c9ba8c899d Merge branch 'bug2505_patches' of git://git.catalyst.net.nz/koha into to-push
* 'bug2505_patches' of git://git.catalyst.net.nz/koha: (24 commits)
  Bug 2505 - use strict and warnings in sax_parser_test
  Bug 2505 - enable warnings for link_bibs_to_authorities
  Bug 2505 - add strict and warnings to perlmodule_ls
  Bug 2505 - add strict and warnings to check_sysprefs
  Bug 2505 - Add commented use warnings where missing in *.t
  Bug 2505 - Add commented use warnings where missing in *.pm
  Bug 2505 - Add commented use warnings where missing in the cataloguing/ directory
  Bug 2505 - Add commented use warnings where missing in the misc/ directory
  Bug 2505 - Add commented use warnings where missing in the tools/ directory
  Bug 2505 - Add commented use warnings where missing in the installer/ directory
  Bug 2505 - Add commented use warnings where missing in the rotating_collections/ directory
  Bug 2505 - Add commented use warnings where missing in the C4/ directory
  Bug 2505 - Add commented use warnings where missing in the serials/ directory
  Bug 2505 - Add commented use warnings where missing in the catalogue/ directory
  Bug 2505 - Add commented use warnings where missing in the sms/ directory
  Bug 2505 - Add commented use warnings where missing in the opac/ directory
  Bug 2505 - Add commented use warnings where missing in the virtualshelves/ directory
  Bug 2505 - Add commented use warnings where missing in the suggestion/ directory
  Bug 2505 - Add commented use warnings where missing in the admin/ directory
  Bug 2505 - Add commented use warnings where missing in the circ/ directory
  ...

Conflicts:
	C4/Auth_with_cas.pm
	acqui/supplier.pl

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-04-23 07:13:37 -04:00
Cindy Murdock Ames
f9e007762c Fix ampersand problem in non-XSLT Intranet search results
Quick fix for ampersand display issue in non-xslt intranet search results,
related to bug 3326.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-04-22 06:17:49 -04:00
Donovan Jones
593a7d8e6a Bug 2505 - Add commented use warnings where missing in *.pm 2010-04-21 20:28:51 +12:00
Lars Wirzenius
7279f55b60 Fix FSF address in directory C4/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:56 -04:00
Chris Cormack
87ff46ba67 Bug 3797, second part of the patch, extending output_html_with_http_headers to take a status parameter (optional)
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-10 14:11:53 -05:00
8ad2c7d7ac Merge commit 'pianohacker-koha/prefs-submit' into master
Merge in Jesse Weaver's system preference editor changes.

Conflicts:
	C4/Bookfund.pm
	koha-tmpl/intranet-tmpl/prog/en/css/staff-global.css
	koha-tmpl/intranet-tmpl/prog/en/includes/doc-head-close.inc
	koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tmpl

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-01-26 20:26:17 -05:00
Henri-Damien LAURENT
e3a9d21d6e Improving and bug fixing admin/aqbudgets
Adding FormatData and FormatNumber in C4::Output
Using them
Adding duplication detection for budget periods
Factorizing some code
2009-09-30 11:30:30 +02:00
Henri-Damien LAURENT
efc8f69800 C4::Output adding getlanguagecookie + other enhancements
required for language stemming management
Adding also some filters for NSB NSE characters
Now, get_template can be used even when query->cookie not set

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2009-09-30 11:29:23 +02:00
Jesse Weaver
fdd82e8054 Add new system preferences editor
This new editor uses data files instead of descriptions stored in the
database. It also has improved search.
2009-09-06 23:02:47 -06:00