Commit graph

12 commits

Author SHA1 Message Date
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
Julian Maurice
ed7543287b Bug 20538: Remove the need of writing [% KOHA_VERSION %] everywhere
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
  mechanism, it will be tedious

This patch:
- adds a Template::Toolkit plugin that generates <script> and
  <link> tags for JS and CSS files, and inserts automatically the Koha
  version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable

Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
   checking your browser's dev tools (there should be no 404 for JS and
   CSS files, and the Koha version should appear in filenames) and the
   server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-13 11:49:44 -03:00
74ac5baba5 Bug 20438: Allow uninstalling plugins not implementing the 'uninstall' method
The plugins handling code expects plugins implementing an 'uninstall' method for
cleanup purposes. It executes this method, and then moves on with removing the
configuration entries in the storage, and the plugin itself.

But the 'plugins-home.tt' template makes the tool display the 'Uninstall'
link in the dropdown ONLY when the plugin has the 'uninstall' method.

This patch fixes the issue.

To reproduce:
- Install the KitchenSink plugin [1]
=> SUCCESS: The 'actions' dropdown for KitchenSink shows an 'Uninstall' option
- Edit the code for the plugin:
  $ sudo vim /var/lib/koha/kohadev/plugins/Koha/Plugin/Com/ByWaterSolutions/KitchenSink.pm
- Remove the uninstall sub
- Restart everything:
  $ restart_all
- Reload the browser
=> FAIL: There's no 'Uninstall' option in the actions dropdown.
- Apply this patch
- Restart everything
  $ restart_all
- Reload the browser
=> SUCCESS: The 'actions' dropdown for KitchenSink shows an 'Uninstall' option
- Sign off :-D

[1] https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-26 17:01:11 -03:00
0ad922011c Bug 12904: Force browser to load new javascript files after upgrade
This patch has been automatically generated using:
  perl kv.pl **/*.tt **/*.inc

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
2018-02-08 14:53:24 -03:00
76d9c74ffa Bug 19710: Move plugins templates javascript to the footer
This patch modifies the staff client plugins template so that
JavaScript is included in the footer instead of the header.

To test, apply the patch and test the JavaScript-driven features of
the modified template:

- The plugins link should be bold in the sidebar menu.
- Choosing "Uninstall" for an installed plugin should trigger a
  confirmation alert.

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-11 11:34:23 -03:00
402c7f7567 Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list
Edit: fixed tab-for-space errors (tcohen).

Signed-off-by: Magnus Enger <magnus@libriotech.no>
New categories are added to the pulldown and work as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-19 14:15:52 -03:00
fbade9e587 Bug 18430 - Plugins page should have a link to viewing other types
To test:
Go to the plugins page from
Reports->Report plugins
Tools->Tool plugins
Admin->Manage plugins

Ensure that you have a 'View plugins by class button'

Ensure the button does what you would expect

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-06-05 11:59:26 -03:00
Mark Tompsett
2877575ae0 Bug 17793: Follow up for identified missing changes
I ran:
$ git grep -l cat-search.inc | grep admin

This means I believe the outstanding ones are
(koha-tmpl/intranet-tmpl/prog/en/modules/):
- admin/auth_subfields_structure.tt
- admin/clone-rules.tt
- admin/marc_subfields_structure.tt
- admin/searchengine/elasticsearch/mappings.tt

One other was recommended by Katrin in comment #9:
- plugins/plugins-home.tt

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-17 15:34:11 +00:00
804677265e Bug 16239: Update templates
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 14:41:22 +00:00
822509eee5 Bug 16369 - Clean up and improve plugins template
This patch makes multiple changes to the plugins home page template to
bring it up to date with current interface patterns.

Test the following changes:

- Breacrumb links have been corrected to include "Tools" in the path.
  Verify that this link is correct.
- A toolbar has been added for an "Upload plugin" button. Uploading is
  an action, not a view, so it should be displayed in a toolbar. Verify
  that the button works correctly.
- Messages are now formatted as messages rather than as headings. To
  test, trigger a message by, for instance, uninstalling all plugins or
  passing an invalid "method" parameter with the URL.
- Incorrect capitalization corrected.
- Plugin actions are moved to a single "Actions" dropdown menu. This
  includes 'Run report,' 'Run tool,' 'Configure,' and 'Uninstall.' Test
  that all these menu options work correctly.
- The standard "Tools" sidebar menu has been added.
- An "onclick" attribute has been removed in favor of defining the event
  in JavaScript. Test by choosing the 'Uninstall' menu item for a
  plugin. Test both confirm and cancel actions.

Also changed:

- Corrected capitalization on the tools home page.
- Adding missing plugins link to the tools sidebar menu.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-05-03 15:06:57 +00:00
b38370ff83 Bug 13941: [2/2] Fix <body> tags missing id/class
Followed test plan from patch 1/2, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-24 09:47:38 -03:00
Kyle M Hall
5eabc672fd Bug 7804 - Add Koha Plugin System
Adds support for custom plugins. At the moment the Plugins
feature supports two types of plugins, reports and tools.

Plugins are installed by uploading KPZ ( Koha Plugin Zip )
packages. A KPZ file is just a zip file containing the
perl files, template files, and any other files neccessary
to make the plugin work.

Test plan:
1) Apply patch
2) Run updatedatabase.pl
3) Create the directory /var/lib/koha/plugins
4) Add the lines
      <pluginsdir>/var/lib/koha/plugins</pluginsdir>
      <enable_plugins>1</enable_plugins>"
   to your koha-conf.xml file
5) Add the line
       Alias /plugin/ "/var/lib/koha/plugins/"
   to your koha-httpd.conf file
6) Restart your webserver
7) Access the plugins system from the "More" pulldown
8) Upload the example plugin file provided here
9) Try it out!

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-03-20 14:49:47 -04:00