Commit graph

22879 commits

Author SHA1 Message Date
a7c41e6073 Bug 13441 - Branchcodes should not be allowed to have spaces in them
In multiple cases I've seen issues arise in Koha where a librarian
accidentally puts a space at the end of a new branchcode. This of course
causes endless confusion because the branchcode looks perfectly fine in
every case unless you wrap the code with some characters to reveal the
hidden space!

Test Plan:
1) Try creating a new branch with one or more spaces in the branchcode
2) Note you are able to
3) Apply this patch
4) Repeat step 1
5) Note you are no longer able to

Followed test plan with cache cleared. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, passes tests and QA script.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 15:08:44 -03:00
Jonathan Druart
522e9c5861 Bug 12905: funds with children could not be deleted
The interface should prevent to delete funds with children.
Otherwise the relationship is broken and problems occur:
1/ You don't see the orphan fund in the fund list
2/ You cannot edit the orphan fund amount ('Fund amount exceeds parent
allocation').

This patch:
- adds a JS check, template side
- adds a check in the perl script (should never be true)
- adds an updatedatabase check, in order to alert users with inconsistent data.

Test plan:
Verify you are not allow to delete a fund with children.

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:53:19 -03:00
Jonathan Druart
74640683f0 Bug 13333: Fix Display basket group for already received orders
Bug 11111 adds a basket group column on the parcel page.
But it seems that the already received orders never contain the value
(always 'no basket group').

Test plan:
Receive an order which is in a basket group and verify the basket group
column is correctly filled.

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:51:34 -03:00
Mark Tompsett
01c7c2a129 Bug 13457 - Followup for CPL and S codes
Based on comment #3, this corrects CPL and S issues if they do
not exist in the DB.

TEST PLAN
---------
0) Backup your DB.
1) Clear CPL and S from your DB.
   - delete from borrowers where categorycode='S';
   - delete from categories where categorycode='S';
   - delete from borrowers where branchcode='CPL';
   - delete from branch where branchcode='CPL';
2) prove t/db_dependent/Suggestions.t
   -- This should fail.
3) Apply patch
4) prove t/db_dependent/Suggestions.t
   -- This should work.
5) Intentionally add categorycode 'S' and branchcode 'CPL' back
   into the database.
6) prove t/db_dependent/Suggestions.t
   -- This should work.
7) run koha qa test tools.
8) Restore your DB :)

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:49:02 -03:00
Mark Tompsett
bfb035511e Bug 13457: Suggestions.t expects sample itemtypes
TEST PLAN
---------
1) Make sure you have more than 8 item types, and preferably
   something with a non-sample default code for itemtypes.
2) prove t/db_dependent/Suggestions.t
   -- this will fail
3) Apply patch
4) prove t/db_dependent/Suggestions.t
   -- this will succeed
5) run koha qa test tools

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:48:56 -03:00
Thomas
6f57a2e09b Bug 10241 - Easy analyticals creates two 773 fields. Search/link from host to children is broken
Hidden 'New child record' if 'EasyAnalytics' is set to display.

Testing plan:

-Turn on 'EasyAnalytics'. Check the drop down menu from the records page
*The drop down menu should include 'Analyze items' and not include 'New child record'

-Turn off 'EasyAnalytics'. Again check the drop down menu from the records page
*The drop down menu should include 'New child record' and not inlucde 'Analyze items'

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:48:10 -03:00
Jonathan Druart
42e9044f11 Bug 13268: the size should not be emptied in pl script
It duplicates what the first patch does.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:46:41 -03:00
f27d454048 Bug 13268 - biblioitems.size value not correctly displayed (more)
Bug partially corrected by Bug 11357.

The size column in biblioitems is a bit problematic when used in TT, because instead of the size value from the biblio column it will give you the size of the variable or current loop.

It's currently used in the templates like opac-topissues.tt :
[% IF results_loo.size %][% results_loo.size %][% END %]

This patch corrects by using item() TT method.
See http://stackoverflow.com/questions/2311303/how-can-i-handle-hash-keys-containing-illegal-identifier-characters-in-template.

Test plan :
- Be sure there is a mapping between a MARC field and biblioitems.size
- Create a record A with biblioitems.size defined : like "10x12"
- Create a record B with no value in biblioitems.size
- Check each modified page :
=> Without this patch : you see a number (loop size) for both records
=> With this patch : you only see the correct value for A and nothing for B

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:46:35 -03:00
724f77ec43 Bug 13339 - Cart button doesn't open the cart
The link to open the cart no longer triggers the cart popup. Instead, in
order to make it more usable with mobile devices, it triggers a menu
which displays the count of items in the cart -- something which
previously was done with a hover action (something touch-screen devices
don't have). Clicking/tapping this menu item is what opens the cart
window.

Since the cart link is really now a menu trigger rather than just a
link, it seems logical to add the small arrow which the lists link
has indicating that the link triggers a menu.

To test, apply the patch and view any page in a Cart-enabled OPAC.
Confirm that the "caret" icon displays correctly when the cart is both
empty and when it has contents.

Followed test plan. Icon displays as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, good idea.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:45:36 -03:00
Colin Campbell
d85f757ce7 Bug 7904 Change SIP modules to use standard LIB path
For historical reasons the SIPServer and SIP modules
have used an extra module path in addition to the
standard Koha one. This has caused numerous irritants
in attempting to set up scripts and basic tests. It
does not help in attempting to modify or debug
this code

This patch changes the package value in the modules
under the C4/SIP directory and makes calls to
them use the full package name.

Where the export mechanism was being short circuited
routines have been explicitly exported and imported
declarations of 'use ILS' when that module was
not being used and which only generated warnings
have been removed.

As a lot of the changes affect lines where
an object is instantiated with new. The opportunity
has been taken to replace the ambiguous indirect
syntax with the preferred direct call

In intializing ILS the full path is added as this
will not require any changes to existing configs.
I suspect this feature is unused, and adds
obfuscation rather than flexibility but have kept
the feature as we need this change in order to
rationalize and extend the testing of the server.

The visible difference is that with the normal Koha
PERL5LIB setting. Compilation of Modules under C4/SIP
should be successful and not fail with unlocated modules,
allowing developers to see any perl warnings

All the SIP modules can now be run through the tests
in t/00-load.t now except for SIPServer itself

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:44:54 -03:00
Robin Sheat
fee7bd7fdc Bug 7904 - remove unnecessary path from SIP script
With the fixing of the namespace in the SIP code, we don't need to
modify the PERL5LIB to have the old one.

To test:
* do a package install using this and the other patches on bug 7904
* enable SIP
* make sure koha-start-sip and koha-stop-sip work

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:44:48 -03:00
03335ab401 Bug 13432 - SIP Server does not respect timeout setting
Koha's SIP server accepts timeout parameters, but those parameters
are only used for the login portion of a telnet transport session.
Other than that, they are ignored, and as long as whatever opened
the connection keeps it open, it will stay open indefinitely.

Test Plan:
1) Set the timeout setting on your SIP server to 10 seconds
2) Modify misc/sip_cli_emulator.pl, add "sleep 100;" directly after line 91
3) Start your SIP server
4) Run the modified sip script with valid parameters
5) Watch the SIP server stderr
6) Note that even though the script waits far too long before continuing,
   the SIP server never kills the connection, and the requests the cli
   script makes come back with valid data.
7) Apply this patch
8) Restart your SIP server
9) Repeat step 4
10) Note that this time you see "SIP Timed Out!" in the SIP server
    stderr and when the script finally makes it's request, it doesn't
    come back with valid data.

Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:44:20 -03:00
Jonathan Druart
f4f1f5a3b3 Bug 12975: Use the centralize VAT and prices calculation - basketgroup.pl
Bug 12969 introduces a subroutine to centralize VAT and prices
calculation.
It should be use in the acqui/basketgroup.pl script.

Test plan:
0/ Don't apply the patch
1/ Create 4 suppliers with the different configurations
2/ Create a basket and create several orders
3/ Close the basket and create the corresponding basket groups.
4/ Print the basket group
5/ Verify you don't see any difference before and after applying the
patch on the pdf file.

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Works as described, passes tests and QA script.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-05 14:41:32 -03:00
Jonathan Druart
02b70129c9 Bug 13320: Fix "Tax inc." vs "Tax exc."
The parcel page always displayes "Tax exc." even when values don't
include taxes.

Test plan:
On the parcel page, verify that the string "Tax *" is correct.
This appears in the already received order table.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-04 15:16:15 -03:00
Jonathan Druart
6a7dbb3051 Bug 13320: Move price calculation from tt to pl
In parcel.tt, total are calculated for subtotal.

This could be done in the pl script for more consistency.

Test plan:
Go on a parcel page with several already received orders.
Orders must be linked to different funds.
If possible ecost and unitprice (price on ordering and on receiving)
should changed (different values will be displayed in the table).

The values displayed before and after the patch must be the same.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-04 15:16:09 -03:00
06f4950aa2 Bug 13599 - Add patron cardnumber to self registration confirmation
Some libraries wish to display the patron's cardnumber on the
confirmation screen for patron self registration, rather than make the
patron locate it his or her cardnumber by logging in and browsing to the
personal details page. We should also add ids to these fields for easy
css styling/hiding.

Test Plan:
1) Apply this patch
2) Ensure that autoMemberNum is enabled
3) Self-register a new patron
4) Note confirmation screen now displays the patron cardnumber

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-02 11:35:49 -03:00
Jonathan Druart
c9af47b86c Bug 13544: Make it explicit that getauthtypes returns a hash ref
Prior to perl 5.12 keys can only operate on a hash.

Test plan:
With perl 5.10, access to admin/auth_subfields_structure.pl.
Without this patch, you get:
Type of arg 1 to keys must be hash (not subroutine entry) at
/home/koha/src/admin/auth_subfields_structure.pl line 102, near
"getauthtypes)"

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed problem and tested patch on a sandbox, signed off locally.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-02 11:34:53 -03:00
Jonathan Druart
ac3f497f64 Bug 13235: Move onclick attr to javacsript code
Refactor 1 line of code and add a preventDefault.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-26 16:35:01 -03:00
0d4672035f Bug 13235 - Revise layout of patron search form
Bug 9811 (Patron search improvements) reversed the layout changes made
by Bug 10153. This patch returns to the form to its "stacked" layout.

To test, apply the patch and navigate to the Patrons home page. Expand
the hidden search fields in the search header and confirm that the
layout looks correct. Perform some searches and check that the results
are correct and that the modified search fields retain their state.

Note: This patch contains indentation changes, so please diff
accordingly.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-26 16:34:48 -03:00
Rafal Kopaczka
72ca839518 Bug 13373 - [QA Followup] - Update Polish web installer sample data files
Fixed "Duplicate entry CF-952-i" error in marc21_simple_bib_frameworks.sql

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-26 16:33:36 -03:00
Rafal Kopaczka
af148f92b4 Bug 13373 [2/2] - Update Polish web installer sample data files.
Part 2/2 - optional files.

Changes:
- Deleted unnecessary files
- Translated description files and some values in sql files

To test:
- Aplly patch
- Run webinstaller on empty database (drop database and create new if necessary)
- Verify everything works, especially verify you have permission
to all modules, eg. Tools, Catalouging etc.
- Check spelling and grammar if you can :)

Signed-off-by: Chris <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-26 16:33:31 -03:00
Rafal Kopaczka
de08845edc Bug 13373 [1/2] - Update Polish web installer sample data files.
Part 1/2 - mandatory files.

Changes:
- Translated user permission and user flags.
- Changed untranslated different files from en version
- Deleted unnecessary files

To test:
- Aplly patch
- Run webinstaller on empty database (drop database if necessary)
- Verify everything works, especially verify you have permission to all
modules, eg. Tools, Catalouging etc.
- Check spelling and grammar if you can :)

Signed-off-by: Chris <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-26 16:33:25 -03:00
066108ff41 Bug 13040 [CSS follow-up] Improve exporter to allow multiple branch selections
This patch adds a little bit of CSS to style the branch checkbox boxes.
I hope that this helps the readability, especially in systems with a
large number of branches.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-26 16:27:05 -03:00
ec52df6025 Bug 13040 [QA Followup] - Fix koha-qa.pl issues
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-26 16:22:12 -03:00
Robin Sheat
e1eb47dede Bug 13040 - multiple branch selections in exporter
This allows the exporter (Tools -> Export) to have any combination of
branches selected, rather than it being all or only one.

Test Plan:
* Apply the patch
* Go to the exporter, see that instead of a dropdown you now have an
  elegently laid out grid of branches you can select from
* Select some branches, run the export
* Note that only records with items in the selected branches are
  returned.
* Repeat this with the item related options (as that code was refactored
  slightly) and make sure everything is sane.

Sponsored-By: South Taranaki District Libraries
Signed-off-by: Thomas <tomsStudy@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-26 16:22:07 -03:00
simith
e9829b6d99 Bug 11961 - This patch fix the QA critical error, fix the capitalization and the UNIMARC support.
http://bugs.koha-community.org/show_bug.cgi?id=11961
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-24 18:19:10 -03:00
Frédérick
eed620c773 Bug 11961 - Add a "Z39.50 search" button to the authority creation and modification pages.
This button lets you replace existing authorities using a Z39.50 search.

http://bugs.koha-community.org/show_bug.cgi?id=11961
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
All tests pass

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-24 18:19:06 -03:00
229a3b329c Bug 12954: Failed login should retain anonymous session
A failed login should not leave the user in a half logged authenticated
state, but rather return them to an anonymouse session as per the
pre-login attempt state.

To replicate error:
1. Try to log in with some nonexisting user id or wrong password in the
   OPAC
2. Go directly to /opac-user.pl (e.g., enter it in the browser address
   bar, or just click on the "Log in" link)
3. Observe a DBI error displayed on the screen
4. You are now in the "deadloop" of sorts (opac/opac-user.pl refuses to
   display the login screen, no matter how many times you try to reload
   it); to break the deadloop, one needs to:
   - remove session cookie from the browser (or cause the session to
     expire in some other way - closing browser window would be probably
     enough for that)
   - remove offending session on the server (from mysql sessions table,
    ..)
   - log in with proper credentials using some other page (like
     opac/opac-main.pl right-side panel), which does not involve
     opac/opac-user.pl being called without "userid" CGI parameter.

To test:
1. Test as above, the DBI error should no longer be present
2. Check that search history works across failed and sucessful login
   attempts

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 18:37:03 -03:00
f73dc51a88 Bug 13521: Add missing semicolon
Add a missing semicolon to the end of a template variable assignment
line. This patch should not affect operation.

Note: With Bug 13499 we did a non-destructive perltidy, as such we only
affected indenting and whitespace to maintain blame history. However, a
number of minor code issues were also highlighted, in this series of
patches I hope to correct other minor style issues.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 18:36:16 -03:00
a36c7435f2 Bug 13521: Removed superflous semicolon
Removed an uneeded semicolon from the end of an 'if' block. This should
not affect operation of the script.

Note: With Bug 13499 we did a non-destructive perltidy, as such we only
affected indenting and whitespace to maintain blame history. However, a
number of minor code issues were also highlighted, in this series of
patches I hope to correct other minor style issues.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 18:36:05 -03:00
1926bf9d01 Bug 13499: Tidy of Auth.pm
This tidy should only change whitespace and not line breaks, thus
retaining history.

There are no code changes, and thus there should be no regressions to
test for koha wise.

To test the non-destrcutive nature of the patch, run a 'git blame -w' on
the file before and after the patch. The resulting blame should include
a comparabile history of the file, with only some additional blank
lines being attributed to this commit.

A 'git blame -wM' may also be useful for comparison purposes.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 18:35:10 -03:00
a73c464f6e Bug 11927 - Add greek support to CHR (followup)
Small error in word-phrase-utf.chr.
It generates this logs :
17:03:25-21/01 zebraidx(10636) [warn] Map: 'ς' has no mapping
17:03:25-21/01 zebraidx(10636) [warn] duplicate entry for charmap from 'Σ'

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 18:22:04 -03:00
c667b9ddbf Bug 13609: Cross Site Scripting problem in authority search result list paging
To test:
- Use an installation a reasonable amount of authorities, so that you can
  have a search result list with more than one page
- Activate OpacAuthorities
- Create an OPAC link like shown below, verify that an alert is shown
- Apply patch
- Refresh the page and no alert should appear
- Verify the paging still works correctly for 'numbers' and 'arrows'

URL:
.../cgi-bin/koha/opac-authorities-home.pl?and_or=and&marclist=match&op=do_search&operator=contains&orderby=HeadingAsc2"><script>prompt(987898)</script>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2015-01-22 16:39:14 -03:00
da6ee1c469 Bug 13510 : Fixing the third XSS issue
To test

1/ Make sure you have some items in your database, that have values in items.issue
If nessecary do something like

UPDATE items SET issues = 10 WHERE itemnumber=somenumber

2/ Hit a url like http://localhost:8080/cgi-bin/koha/opac-topissues.pl?do_it=1&timeLimit=3%3Cscript%3Eprompt%28924513%29%3C/script%3E

3/ Notice you will get a prompt
4/ Apply patch
5/ Test again

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 16:35:58 -03:00
Liz
52fe123891 Bug 13510 - Cross site scripting bug in opac-downloadshelf and opac-shelves
A specially crafted url causes XSS in Koha

To test:

cgi-bin/koha/opac-shelves.pl?viewshelf=2%22%3E%3Cscript%3Eprompt(987898)%3C/script%3E

cgi-bin/koha/opac-downloadshelf.pl?shelfid=2%22%3Cscript%3Eprompt(1)%3C/script%3E&showprivateshelves

These should cause a popup without the patch. With the patch, no popup.

You may need to create these lists, the xss will not be triggered if the list doesn't exist or you don't
have permission to view them.

Signed-off-by: Chris <chris@bigballofwax.co.nz>

Fixes the two listed problems

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed patch fixes the problem.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 16:35:47 -03:00
Jonathan Druart
312bf65956 Bug 12637: UTF-8 problems when creating a patron list
Encoding problems appear when creating a patron list from the patron search results page.

Test plan:
1. Perform a patron search in the patrons module
2. Select one or more patrons
3. Choose "Add selected patrons to: [ New list ]"
4. Enter a patron list title with UTF-8 characters.
5. The list will be created with bad encoding.
6. Apply the patch and verify there is no bad encoding anymore.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Patch works fine.
Note that I - very ironically - had to remove UTF8 characters from the commit
message to apply and attach the patches with git/git-bz.
Hopefully, an upgrade to a newer git version will resolve that too.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:59:35 -03:00
Jonathan Druart
ba02e09e6d Bug 13583: (follow-up) Able to view menu for Statistics even when user does not have permission
Same changes as the previous patch, for the .tt file.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:56:46 -03:00
Thomas
b57d9af154 Bug 13583 - Able to view menu for Statistics even when user does not have permission
Added check for borrowers that stops the Statistics link being shown. This could be done through the css but that function currently appears to be broke

Testing Plan:

-Search for a patron with an account that does not have the 'borrowers' permission
*Statistics should not be seen in the menu.

-Change the accounts permissions so they have the 'borrowers' permission
*Statistics should be present in the menu.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:56:42 -03:00
Katrin Fischer
be1bb8db4e Bug 7143: Adding back version numbers
Adding back version numbers to the former release team members
in the list of developers.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Added prefix "3.16" to Galen's Release Maintainer. (See Roles for 3.18)

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:55:59 -03:00
5c8c53b6dc Bug 7143: QA Follow-up for abbrev PM
Replacing PM by Packaging Manager

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:55:55 -03:00
ef5c160097 Bug 7143: Release team 3.20
Updated the release team with the roles for 3.20 pages on the wiki and
checked with the votes on the IRC meeting log.
Simplified the section on Former release team members by moving that
information (in a compressed format) to the Developers section.
If someone had a role for multiple releases, I used constructs as 3.X.
Sorted the Additional thanks-section.

Signed-off-by: Justin <justinvos@live.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2015-01-14: Amended. Replaced abbreviations like RM by Release Manager.
Replaced one occurrence of 3.x by 3.X (for Owen).

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:55:50 -03:00
Jonathan Druart
7a4cdb823f Bug 13001: The total for received order should be based on the unitprice
For already received orders, the total should be calculated with the
unitprice, not the estimated cost.

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:26:04 -03:00
Jonathan Druart
eed14b080d Bug 13001: Refactor VAT and price calculation - parcel page
Bug 12969 introduces a subroutine to centralize VAT and prices
calculation.
It should be use in the acqui/parcel.pl script.

Test plan:
1/ Create 4 suppliers with the different configurations
2/ Create a basket and create several orders
3/ Go on the parcel page
4/ You should see, on the "pending orders" table, the same prices as
before this patch.
Note that the prices are now correctly formated.

You could see one change for the supplier configuration 3 (1 0):
If the cost of the item is 82, discount 10% and vat 5%:
The "Order cost" = 140.58 instead of 140.57.
Indeed, before this patch, the order cost was wrong, now you should have
70.29*2 = 140.58

( before: 140.58 + 7.03 = 147.61
  now:    140.58 + 7.02 = 147.60 )

5/ Receive the items and return on the parcel page
Now the "Already received" table with the same prices as before this
patch.
Note some differences too:
- There was a td tag missing, the table was badly formated, it's now
fixed (column below the "Cancel receipt" link).
- The prices are now correctly formated.
- For the configuration 2 (1 1), if the cost of the item is 82, discount
  10% and vat 5%:

( before: 140.57 + 7.03 = 147.60
  now:    140.58 + 7.02 = 147.60 )

Note that 7.03 is the "correct" value, but on all other pages, 7.02 is
displayed.
To be consistent, we should display the same prices everywhere.

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:25:59 -03:00
229cb65629 Bug 13525 - Date sorting on accounts (fines) tab doesn't work correctly
Date sorting of charges under Patron -> Fines -> Account is done based
on formatted dates, so sorting is broken depending on your dateformat
system preference. This patch implements the standard "title-string"
date sorting method.

To test, apply the patch and view the Account tab. Test sorting of
charges under various settings of the dateformat system preference. Date
sorting should work correctly in all cases.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described and fixes sorting problem.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:23:42 -03:00
Justin
580ed6360d Bug - 11345 - Self registration captcha
Test Plan
 - Open the opac site
 - Navigate to the self registration page (Home -> Register here)
 - Notice that there is no note stating that the verification box is case-sensitive
 - Apply patch
 - Refresh page
 - Notice that there is now an extra note stating that the verification box is case-sensitive.

Followed test plan. Hint displays as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:07:52 -03:00
5ee0293ed6 Bug 10606: Remove MySQLism in GetUpcomingDueIssues
To test:

[1] Arrange to have at least one loan in your test database due
    one day from now.
[2] Run misc/cronjobs/advance_notices.pl -c -n -v -m=2
    and note the number of loans reported.
[3] Apply the patch.
[4] Run misc/cronjobs/advance_notices.pl -c -n -v -m=2 again
    and verify that the number of loans reported remains the same.

Sponsored-by: Universidad Nacional de Cordoba

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests and QA script pass.
Also tested with unit tests from bug 10719.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:06:24 -03:00
Jonathan Druart
2246feaf5b Bug 13582: (follow-up) Able to view menu for Circulation History even when user does not have permission
Same changes as the previous patch, for the .tt file.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:04:54 -03:00
Thomas
c8f3f9f574 Bug 13582 - Able to view menu for Circulation History even when user does not have permission
Added check for borrowers that stops the Circulation History link being shown.
This could be done through the css but that function currently appears to be broken.

Testing Plan:

-Search for a patron with an account that does not have the 'borrowers' permission
*Circulation history should not be seen in the menu.

-Change the accounts permissions so they have the 'borrowers' permission
*Circulation history should be present in the menu.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:04:49 -03:00
Abby
82c78355c7 Bug 7143: Adding releases to history file
To test, verify that the latest releases appear in docs/history.txt

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Verified some release dates and still added a few missing.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Thx Abby!

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:04:09 -03:00
Olli-Antti Kivilahti
84064ae4e4 Bug 13025 - Software error: Undefined subroutine &C4::Circulation::HasOverdues called at /home/koha/kohaclone/C4/Circulation.pm line 1925
This error only appears when using the SIPServer, it doesn't manifest when using the SIP unit tests
or when using the staff client.

--------------------
 ------------------
  PREPARE THE TEST
 ------------------
--------------------

0a. Find a borrower.
0b. Find an Item (cardnumber 'debar123') and check-out to the borrower
0c. Find a borrower and add a manual debarrment to it, indefinetely in effect.
    This is the default behaviour.
0d. Configure and start a SIP-server which you can access with telnet.
    See http://wiki.koha-community.org/wiki/Koha_SIP2_server_setup
    In this example, the Borrower defined as the Check-out/in machine has the following credentials:
    username: herkules password: palautathan branchcode: JOE_JOE
    but you are free to use your own, it doesn't affect this test plan.
0e. access your server with telnet

-----------------------
 ---------------------
  REPLICATE THE ISSUE
 ---------------------
-----------------------
1. Paste the following SIP-command to login:
9300CNherkules|COpalautathan|CPJOE_JOE|
2. Paste the following SIP-command to check-in the Item of the debarred Borrower:
09N20140721    07501620140721    075016AP|AO|ABdebar123|AC|BIN|
3. The connection should die and in the SIP Server's error log you can find the following error:
Software error: Undefined subroutine &C4::Circulation::HasOverdues called at /home/koha/kohaclone/C4/Circulation.pm line 1925

--------------------
 ------------------
  AFTER THIS PATCH
 ------------------
--------------------

Redo steps 1-2.
3. No error is given and the connection doesn't die.

No unit tests included and never will, because setting up the test environment would be very tedious.
It is entirely possible but the scaffolding required is beyond the scope of this patch.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Note: I did not test this patch with SIP, but I did not find any
regression on checking or renewing an item.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-21 11:02:08 -03:00