Commit graph

32290 commits

Author SHA1 Message Date
d24d77d495 Bug 21238: Prevent TemplateToolkit.t to fail on slow servers
It failed 3x in the last 6 runs (on node 1), we should mock
DateTime->now to prevent it to fail again.

The error is:
koha_1       |         #   Failed test at
t/db_dependent/Letters/TemplateToolkit.t line 724.

When comparing <<today>> replacement:
koha_1       |         # 08/16/2018 14:25<br />
[...]
koha_1       |         # 08/16/2018 14:24<br />

Let's mock DateTime->now to prevent it to fail again.

Test plan:
0. Do not apply this patch
1. Add "sleep(60);" at line ~715, before "# Add a second checkout"
2. Run the tests
=> Fail!
3. Apply this patch
4. Run the tests again
=> Pass!

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-20 15:03:55 +00:00
cb5bf46dc7 Bug 21223: (RM follow-up) Generate css
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-20 14:49:53 +00:00
cbf75d3714 Bug 21223: Fix some floating values
See description of the bug for screenshots

I do not really know why we have these issues, but maybe we should
regenerate the .scss in order to catch the other problems?

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-20 14:44:08 +00:00
8eed046638 Bug 18947: LDAP - do not assume anonymous bind if no user or password
To test:
Ideally tested on a working ldap server with bind by auth and no
anonymous bind
1  - Define an LDAP config with bind by auth
2  - Don't define user/pass
3  - Define anonymous_bind = 0
4  - Attempt bind by auth
5  - Error is something like:
LDAP search failed to return object : XXXXXXXXX: LdapErr: XXXX-XXXXXX,
     comment: In order to perform this operation a successful bind must
     be completed on the connection., data 0, v2580 at
     /usr/share/koha/lib/C4/Auth_with_ldap.pm line 102.
6  - Define user/pass
7  - Now bind by auth should work
8  - remove user/pass
9  - Apply patch
10 - Attempt again
11 - Bind by auth shoudl succeed

prove -v t/db_dependent/Auth_with_ldap.t

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-20 14:40:13 +00:00
88d3865168 Bug 21203: ILS-DI - Make GetRecords handle non-existent records
Caused by
  commit cb336e633b
  Bug 18255: Koha::Biblio - Replace GetBiblioItemByBiblioNumber with Koha::Biblio->biblioitem

Can't call method "biblioitem" on an undefined value at /home/vagrant/kohaclone/C4/ILSDI/Services.pm line 212

Test plan:
- Enable ilsdi
- hit /cgi-bin/koha/ilsdi.pl?service=GetRecords&id=X
With X an existing biblionumber and a non existing one

Both requests must succeed

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-20 14:37:31 +00:00
f130ada624 Bug 13618: Fix xt/tt_valid.t
We are going to say it quietly but this test does not catch the problem
when there are no spaces....shhhh

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 18:07:15 +00:00
facb5cb25a Bug 13618: Fix wrong condition in xt tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 16:54:37 +00:00
22ab4ba524 Bug 13618: Remove filter when assigning array
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 16:53:56 +00:00
9e895e5812 Bug 13618: Add POD to raw.pm
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 16:14:14 +00:00
f59b846134 Bug 13618: (follow-up) Add html filters to all the variables
JS block has been re-added to the top whereas it was moved to the
bottom!

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:15 +00:00
1981db25ce Bug 13618: (follow-up) Manually replace missing .raw
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:15 +00:00
96e2d28fd5 Bug 13618: Remove html filter for NEXT
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:14 +00:00
cc5c66d27b Bug 13618: Remove html filter for STOP and deal with existing USE raw
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:14 +00:00
4321dbe221 Bug 13618: Add tests
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:14 +00:00
13d0c46bdc Bug 13618: Add missing raw filters
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:14 +00:00
726a61ac65 Bug 13618: (follow-up) Escape HTML chars in holds.js
For biblio level holds we got:
TypeError: oObj.itemcallnumber is undefined

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:13 +00:00
8d61035e85 Bug 13618: (follow-up) Add html filters to all the variables
IntranetUserJS was missing (?!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:13 +00:00
f580af25e1 Bug 13618: Fix item search
We want to encode HTML characters for the "key => value"'s
like branchcode => branchname
But not the whole JSON string
We could have done it controller-side but it sounds better to do it as
we do for other places

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:12 +00:00
599a4a16ef Bug 13618: Explicitly use raw for itemtype.checkinmsg
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:12 +00:00
51b7499d10 Bug 13618: Specific for labels/spinelabel-print.tt
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:12 +00:00
1c0aad5a1d Bug 13618: Specific for labels
This is definitely wrong, html is generated in C4/Creators/Lib.pm (see
FIXME).
We will need to fix it, but let's do that later!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:12 +00:00
cef24888bd Bug 13618: Escape HTML chars in checkouts.js
On the way the itemtype is not displaying correctly the description
instead of the code (in the relative's checkouts table)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:11 +00:00
8ee92112e4 Bug 13618: Add the escapeHtml JS prototype to String
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:11 +00:00
a6f9738fd2 Bug 13618: Escape HTML chars in holds.js
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:11 +00:00
5a7ee2db08 Bug 13618: Deal with span in patron-title
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:11 +00:00
865c385f71 Bug 13618: Specific for IntranetCirculationHomeHTML
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:10 +00:00
62e3b630bf Bug 13618: (follow-up) Manually replace missing .raw
Syntax was wrong:
Template process failed: file error - parse error - bodytag.inc line 4:
unexpected token (_)

It's escaped later so sounds ok here

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:10 +00:00
917ec3700e Bug 13618: Manually replace missing .raw
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:10 +00:00
dd9e978c2c Bug 13618: Fix BLOCKs
perl -p -i -e  's/BLOCK \| html/BLOCK/g' **/*.inc **/*.tt

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:09 +00:00
82cede1cc2 Bug 13618: Add the raw TT filter
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:08 +00:00
10c154353f Bug 13618: Remove html filters for HtmlTags
We will have to make sure this filter (HtmlTags) is not used with
unsafe variables.

Generated by:
perl -p -i -e 's/HtmlTags tag([^\|]*)\| html -%]/HtmlTags tag\1-%]/g' **/*.tt **/*.inc
perl -p -i -e 's/HtmlTags tag([^\|]*)\| html %]/HtmlTags tag\1%]/g' **/*.tt **/*.inc

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:08 +00:00
Mark Tompsett
f8e0d905ff Bug 15717: Installer: Step 3 has <br /> showing
The step to install optional/mandatory things is broken with
many <br />'s instead of line breaks.

TEST PLAN
---------
1) Back up database
2) Drop database
3) Create empty database
4) Run web installer
   -- Notice that step 3 has ugly <br />'s at the last
      part of step 3.
5) Apply patch
6) Repeat steps 2-4
   -- Notice the <br />'s are now nice line breaks.
   NOTE: No promises of perfect positioning!
7) Run koha qa test tools.

Joubu: I have no idea if this is still needed. TO TEST

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

https://bugs.koha-community.org/show_bug.cgi?id=13618

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:08 +00:00
fd9ea323fe Bug 13618: Escape patron's attributes - do we want that?
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:08 +00:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
610c628def Bug 21226: DBRev 18.06.00.015
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-16 14:03:28 +00:00
bce549bc4c Bug 21226: Remove xISBN services
OCLC has decided to retire all xISBN services:
https://www.oclc.org/developer/news/2018/xid-decommission.en.html

The code for related features has to be removed from Koha.

Test plan:
You need to be familiar with the different sysprefs (I am not):
- FRBRizeEditions
- SyndeticsEnabled
- SyndeticsEditions
- ThingISBN

Make sure there are no regressions introduced by this patchset.

QA Note: C4/XISBN.pm should be renammed

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-16 13:20:22 +00:00
b19090c450 Bug 21226: DB Changes
Remove prefs OCLCAffiliateID, XISBN and XISBNDailyLimit

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-16 13:20:21 +00:00
c957b52ef8 Bug 21230: Prevent Reserves.t to fail randomly
The following test can fail if the hold has been generated with found => 'W':
 #   Failed test 'No tests run for subtest "_koha_notify_reserve() tests"'
 #   at t/db_dependent/Reserves.t line 675.
Can't call method "to_address" on an undefined value at
t/db_dependent/Reserves.t line 661.
 # Looks like your test exited with 255 just after 56.

We should call AddReserve instead.

Test plan:
0. Do not apply this patch
1. Do the following change:
    my $hold = $builder->build({
            source => 'Reserve',
            value => {
               borrowernumber=>$hold_borrower,
               found => 'W', # This line is added, do not forget the comma above
            }
        });
2. Prove it makes the test fail
3. stash the changes and apply this patch
4. Make sure the tests pass

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-16 13:20:07 +00:00
644de1c4e7 Bug 21222: (bug 20226 follow-up) Fix patron creation
Since bug 20226 you cannot longer creation a patron, memberentry.pl will
explode with
Template process failed: undef error - DBIC result _type  isn't of the
_type Category at /home/vagrant/kohaclone/koha-tmpl/intranet-tmpl/prog/en/includes/str/members-menu.inc
line 22.

The problem is that "patron" is actually defined and the test in
str/members-menu.inc does not work as expected.

It comes from
  commit 7b1d08df0f
  Bug 19936: Replace Generate_Userid - Update the occurrences
where I needed $patron to be defined in order to use Koha::Patron->generate_userid
on an blessed object.
But this was actually wrong, as it could have side-effects.

Test plan:
Create a new patron
Edit it
Retest bug 19936 and make sure the userid is generated correctly in the
different situations

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-16 13:19:54 +00:00
51933c7753 Bug 21221: Shortcut memberentry scripts if patron does not exist
If borrowernumber is passed and that it does not refer to a valid patron
in DB, we should not continue the script and display an error instead.

Test plan:
Create a patron
Edit a patron
=> Both should work ok
You can also test the other action memberentry.pl manage.

Edit it again but modify the borrowernumber parameter
=> You should see a friendly user message saying that the patron does
not exist.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-16 13:19:51 +00:00
4ae91ba263 Bug 21112: Re-indent staff client cart template
This patch reindents the template for the staff client cart, basket.tt

- Trailing spaces removed
- Indentation changed to a consistent 4 spaces
- Markup indentation made more consistent

To test, apply the patch and add multiple items to the cart in the staff
client.

View the cart and confirm that it looks as it should both in the "brief"
and "more details" views.

HTML validation before and after the patch should return the same
results.

Signed-off-by: DEVINIM <kohadevinim@devinim.com.tr>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:49:17 +00:00
Katrin Fischer
8fc88514c3 Bug 21137: Standardize breadcrumbs for tags page
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:43:12 +00:00
9d10d07612 Bug 21137: Replace BORROWER_INFO with logged_in_user
it also removes 'category_type' and 'description' from a couple of
opac scripts, they are not needed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:43:12 +00:00
27bf38f34f Bug 21137: use logged_in_user from opac-user.pl
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:43:11 +00:00
889f148e4e Bug 21137: Replace USER_INFO with logged_in_user
This patch set does several things:
- it removes USER_INFO and BORROWER_INFO
These 2 variables contained logged-in patron's info. They must be
accessed from logged_in_user
- Use patron-title.inc for the breadcrumb at the OPAC, for consistencies

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:43:10 +00:00
Jenny Way
484067b228 Bug 18236: MARC21 - Add classes to material type on intranet detail and results pages
Test plan:
1. Open a list of results
2. Use fn+f12 to inspect element
3. Without patch it should show that the image class is 'materialtype'
4. With patch there will be an additional class
-Books = mt_icon_BK
-Kit = mt_icon_MX
-Article = mt_icon_AR
-Continuous resource = mt_icon_CR
-Mixed material = mt_icon_MX
-Computer files = mt_icon_CF
-Map = mt_icon_MP
-Music = mt_icon_MU
-Sound = mt_icon_MU
-Score = mt_icon_PR
-Visual material = mt_icon_VM

OR
1. Try using the classes in css to change the style

-When viewing the details of a record, the material type img should also have the
same changes
-Check that the material type classes in the results page is the same as
the details page

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
I've squashed the patches to make chanes easier readable.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:37:19 +00:00
e97f6ab9be Bug 20795: Inform the user about this change, add to pod
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:35:13 +00:00
1dfb177d3f Bug 20795: Pass incrreased verbosity to zebra rebuild script
To test:
1 - Run koha-rebuild-zebra with multiple '-v'
2 - Note no increased verbosity
3 - Apply patch
4 - Run the updated koha-rebuild-zebra script with multiple '-v'
5 - Note increased verbosity

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:35:13 +00:00
ed6070a5b4 Bug 21121: DBRev 18.06.00.014
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:33:52 +00:00
12dd41ed66 Bug 21121: Add the IGNORE clause
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 12:23:22 +00:00