Commit graph

8079 commits

Author SHA1 Message Date
Julian Maurice
d15dac15c8 Bug 13501: Add JS library select2 3.5.4
use it on cataloguing and batch items edit pages

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 16:25:04 +00:00
b26abb0d52 Bug 11360 [QA Followup] - Fix styles and button order
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 16:16:29 +00:00
872892b03c Bug 11360 - Disable barcode field and submit button when a hold is found
At the moment when scanning in returns, it can be easy to miss a hold
trap due to the fact that the barcode and submit are still active and
the barcode field is focused on. A librarian who is focused on scanning
can easily scan another item and pass over the form, which is equivalent
to clicking the "ignore" button.

Test Plan:
1) Apply this patch
2) Trap a hold, note the new modal
3) Check the hold in a second time
4) Note the new modal
5) For each modal, test each button

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2016-09-02 16:16:25 +00:00
Jacek Ablewicz
8d02469abf Bug 10848 - [QA Followup] Add missing branch option and fix pattern for copyrightdate
- HTML5 input pattern for copyrightdate was not taking into an account
the database field type, which is smallint(5)
- added title="..." for the year field so the acceptable date format
should be displayed as a hint/tooltip in the browser
- added an missing option for configuring branch/library as mandatory

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 16:00:50 +00:00
Jacek Ablewicz
219c0eac8c Bug 10848 - Allow configuration of mandatory/required fields on the suggestion form in OPAC - part 2
Add 'OPACSuggestionMandatoryFields' syspref definition plus
an atomic DB update for the new preference.

Signed-off-by: barbara johnson <barbara.johnson@bedfordtx.gov>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 16:00:50 +00:00
3badc57c93 Bug 10407: Add marcxml import (follow-up)
This patch makes the following changes:

[1] Based on the groundwork of the former patch, add call to
    RecordsFromMARCXMLFile in stage-marc-import. Use format param.
[2] Add format to the template. Use file extension to determine.
    If you use .xml or .marcxml as extension, MARCXML is selected.
[3] In stage-marc-import.tt mark UTF-8 encoding as UTF-8 not as utf8.
[4] BatchStageMarcRecords: do not call plugin if you have no records.
[5] RecordsFromISO2709File: also return errors in an array.
[6] In misc/stage_file.pl also use UTF-8. Handling of errors from [5].

Test plan:
[1] Import an empty file as MARC or MARCXML (with Tools/Stage..import).
[2] Import an non-empty file with invalid contents as MARC or MARCXML.
[3] Export a few records with Tools/Export as MARC and MARCXML.
[4] Import these two files. Check selected format versus file extension.
[5] Import a MARCXML file with misc/stage_file.pl.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 16:00:13 +00:00
Marc Véron
bf053f3bfb Bug 17149 - EDI accounts: Add missing '>' to breadcrumb
To verify:
Breadcrumb on "EDI accounts" pages reads
Home > Administration EDI accounts > Modify account
instead of:
Home > Administration > EDI accounts > Modify account

To test:
- Apply patch
- Add, edit and delete an EDI account
- Verify that breadcrumb displays properly

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 15:54:41 +00:00
Aleisha Amohia
ea13ea0083 Bug 17175: Typo in patron card images error message
To test:
1) Go to Tools -> Patron Card Creator -> New Image
2) Click Upload without attaching anything
3) Notice typo
4) Apply patch and refresh page (resend information if prompted)
5) Notice typo fixed

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 15:54:20 +00:00
Andreas Roussos
add90157eb Bug 17185: Staff client shows "Lists that include this title:" even if item is not in a list
In the staff client, the text "Lists that include this title:"
is always shown, regardless of whether the item is in a list
or not. This patch fixes that.

Test plan:
1) Log in to staff client.
2) Go to biblio details view:
   /cgi-bin/koha/catalogue/detail.pl?biblionumber=X
   Confirm that "Lists that include this title:" is
   shown even if the item is not in a list.
3) Apply the patch.
4) Repeat step 2. Confirm that the patch works, i.e.
   "Lists that include this title:" is only shown
   for biblios that are actually in a list.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Only applies to non-XSLT view.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 15:50:58 +00:00
ead7b938d8 Bug 14612 - Overdue notice triggers should show branchname instead of branchcode
This patch adds the Branches template plugin to the overdue notice
triggers template so that the library name can be shown instead of the
branchcode.

Also changed: Updated page title to match the name used in tools menus.

To test, apply the patch and go to Tools -> Overdue notice/status
triggers.

- Select a library.
- When the page reloads, the 'Defining overdue actions for...' and
  'Rules for overdue actions: ' headings should show the library name
  instead of the branchcode.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 15:50:01 +00:00
3f585d44e8 Bug 16990: Display branch names instead of code in patron mod requests
To test:
- change your homebranch in the OPAC, submit
- change patron modification request in the staff client
- Verify that it shows the old and new branch name instead of the
  code

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 14:44:03 +00:00
f17b491f35 Bug 17200 - Badly formatted "hold for" patron name on catalog detail page
This patch adds a space between first name and surname on the
bibliographic detail page when there is "hold for" information in the
status column of the holdings table.

To test, apply the patch locate a title in the staff client catalog
which has one or more confirmed holds on it. Verify that the patron's
name in the "status" column of the holdings table looks correct, with a
space between first and last name.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 14:20:08 +00:00
a5b0aa20e5 Bug 11019 - Require some fields when adding authorized value category
This patch modifies the form for adding an authorized value so that
the category is a required fields.
Previously a new authorized value category could be saved with no data.

To test, apply the patch and go to Administration -> Authorized values.

- Click the "New category" button.
- Click the save button without filling in the category.
  You should be prevented from submitting the form.
- Verify that filling in the required field allows the form to be
  submitted.
- Perform the same test when editing an existing authorized value.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Follow-up for QA: Allow a blank authorised value to be created.

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>
Amended test plan.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 14:19:46 +00:00
8850540dea Bug 13921 - XSLT Literary Formats Not Showing
This patch adds some missing literary formats to the staff client and
OPAC's search results XSLT display.

To test you must have DisplayOPACiconsXSLT and DisplayIconsXSLT system
preferences enabled.  XSLTResultsDisplay and OPACXSLTResultsDisplay
should be set to 'default.'

Perform searches in the staff client and the OPAC and confirm that the
following literary forms (defined in 008 position 33) display correctly:
Not fiction; Fiction; Dramas; Essays; Novels; Humor, satires, etc.;
Letters; Short stories; Mixed forms; Poetry; Speeches.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 14:10:48 +00:00
bfc72c9184 Bug 17157: Same for "More"
Here I decided to redirect to the mainpage.

Works as dexcribed.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 14:05:28 +00:00
1fe9c40da4 Bug 17157: Fix middle click on "Search" drowndown menu
If you save an item and right click on "Search" or "More" you will get
a software error:
Can't call method "fields" on an undefined value at
/usr/share/koha/intranet/cgi-bin/cataloguing/additem.pl line 742

You will now be redirected to the adv search form.

Wors as described.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 14:05:28 +00:00
a2a56ca441 Bug 16903 - Multiple class attributes on catalog search tab
cat-search.inc contains an element with two class attributes, which is
invalid. This patch corrects it.

To test, apply the patch and view any page which uses the cat-search
include file to display the header search boxes. For instance, the
bibliographic detail page.

In the header, the "Search the catalog" box should be selected, and any
text you type in the box should be carried over when you switch to
different search tabs.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 14:03:42 +00:00
a3082158e4 Bug 16449: Remove "no method selected" warning from unimarc_field_4XX
Because of bug 14828, the unimarc_field_4XX now raises a warning:
"No method selected!"

There are no need to select an item type on this page, the default (all)
is always selected.

Test plan:
Link the unimarc_field_4XX value builder with on of the subfield
Edit a record, click on the value builder icon
Note the warning without the patch and that it's gone with the patch
applied

NOTE: Code fix that I derived was identical. Ran
 prove t/db_dependent/FrameworkPlugin.t
to confirm it works.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 13:56:56 +00:00
6f5e2f8a86 Bug 17116: Fix CSRF in import_borrowers.pl
If an attacker can get an authenticated Koha user to visit their page
with the url below, they can change patrons' information

The exploit can be simulated triggering
  /tools/import_borrowers.pl?uploadborrowers=42

In that case it won't do anything wrong, but it you POST a valid file,
it could.

Test plan:
Trigger the url above
=> Without this patch, you will the result page
=> With this patch, you will get the "Wrong CSRF token" error.

Regression test:
Import a valid file from the import patron form, everything should go
fine.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 13:47:02 +00:00
38c461f258 Bug 15023: Allow patron anonymize/bulk delete tool to be limited by branch
This patch makes the bulk patron delete/anonymize functionality be limited
by branch. It does so by adding a branch selection dropdown and using the
already defined APIs for filtering by branch.

It makes use of C4::Branches::onlymine for the IndependentBranches use case
and it adds a way to call it from the Branches template plugin.

To test:
- Apply the patch
1) Have a superlibrarian user
- Go to Tools > Batch patron deletion/anonymization
=> SUCCESS: Verify you can pick a branch (or all of them)
- Try doing some operations
=> SUCCESS: Verify the selection is respected, and carried around all steps
2) Have a user with tools/delete_anonymize_patrons permissions
- Set IndependentBranches on
- Go to Tools > Batch patron deletion/anonymization
=> SUCCESS: It picks the librarian's branch and doesn't let us choose another one
- Try doing some operations
=> SUCCESS: Verify the user's branch is respected, and carried around all steps
- Sign off :-D

Sponsored-by: VOKAL
Signed-off-by: Liz Rea <liz@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-24 11:37:02 +00:00
3315a883ed Bug 17023: Repair "cancel" link
The basketno param has been removed in previous patch.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-22 12:51:55 +00:00
5c2f4cc7e0 Bug 16960: Update 1 missing occurrence of GetModifications
Signed-off-by: Bob Birchall <bob@calyx.net.au>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-22 11:46:05 +00:00
f8230d5d0a Bug 17100: Restore previous logic
There is no need to change the previous logic here, so let's restore it.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-18 16:14:28 +00:00
Marc Véron
492a64cef9 Bug 17100: Do not display payments if patron has nothing to pay
This alternative patch moves logic and formatting to the template file.

To test:
* without patch
  1/ find a patron with no lines in accountlines table : print summary shows no "account fines and payments" => OK
  2/ find a patron with some lines in accountlines table and the total amount > 0 : print summary shows a table "account fines and payments" with fines to recover => OK
  3/ find a patron with some lines in accountlines table but the total amount = 0 : print summary shows a table "account fines and payments" with nothing in it => NOK

* with the patch, same cases as before :
  1/ same as without patch
  2/ same as without patch
  3/ print summary does not show "account fines and payments"

- Additionally, verify that formatting follows syspref 'CurrencyFormat'
- Verify that amount column is right-aligned

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-18 16:14:28 +00:00
0316fc7309 Bug 17097: here the var is 'member', not 'borrowernumber'
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-18 15:55:24 +00:00
fcf38896bd Bug 17097: Fix CSRF in deletemem.pl
If an attacker can get an authenticated Koha user to visit their page
with the url below, they can delete patrons details.

  /members/deletemem.pl?member=42

Test plan:

0/ Do not apply any patches
1/ Adapt and hit the url above
=> The patron will be deleted without confirmation
2/ Apply first patch
3/ Hit the url
=> you will get a confirmation page
4/ Hit /members/deletemem.pl?member=42&delete_confirmed=1
=> The patron will be deleted without confirmation
5/ Apply the second patch (this one)
6/ Hit /members/deletemem.pl?member=42&delete_confirmed=1
=> you will get a crash "Wrong CSRF token" (no need to stylish)
7/ Delete a patron from the detail page and confirm the deletion
=> you will be redirected to the patron module home page and the patron
has been deleted

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-18 15:55:24 +00:00
13a6127952 Bug 17097: Add a confirmation page when deleting a patron
It won't hurt to have a confirmation page when deleting a patron.
Moreover it's the more easy way to protect against CSRF attacks :)

Test plan:
Make sure you get a confirmation page when deleting a patron
Confirm that approving or denying the confirmation work as expected

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-18 15:55:23 +00:00
d1eb706153 Bug 14642: Add logging for Holds
This patch adds logging for several holds actions. Specifically for:

- CREATE
- CANCEL
- DELETE
- RESUME
- SUSPEND
- MODIFY

To test:
- Enable the HoldsLog syspref
- Add a hold on a record/item
=> SUCCESS: The log view shows the CREATE action
- Click on the <Suspend> button
=> SUCCESS: The log view shows the SUSPEND action
- Click on the <Unsuspend> button
=> SUCCESS: The log view shows the RESUME action
- Click on the red cross, to delete the hold
=> SUCCESS: The log view shows the CANCEL action

Note: The DELETE action is logged when DelMember is called, with bug 16819 patches applied.

Sponsored-by: NEKLS
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I also wonder about this going in defaulted on, but since the other logs are as well it seems ok to me.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:43:13 +00:00
a6bc706ad1 Bug 14642: Add HoldsLog syspref
This patch introduces a new syspref 'HoldsLog' which is to be used for controlling
holds actions logs.

Sponsored-by: NEKLS

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:43:12 +00:00
95fff37db8 Bug 16829: Add 'interface' to the log viewer
This patch introduces the 'interface' filter to the log viewer.

To test:
- Apply the patch
- Open the log viewer
=> SUCCESS: As default, 'All' interfaces are chosen. OPAC, Intranet and SIP are presented
- Do a lot of log searches, verify that the interface column shows what is expected.
=> SUCCESS: The chosen 'interfaces' are kept when rendering results.

Sponsored-by: NEKLS

Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-17 18:01:49 +00:00
Hector Castro
71d20a8c3b Bug 16944: Add "email" and "url" classes when edit or create a vendor
When edit or create a new vendor the two fields "email" and "website" don't test
if the data provided is right. When you add a direction like
"koha-community.org" without the protocol "https" the program redirect to an
404 error.

To reproduce the issue:
1-Go to Acquisition and create a new Vendor
2-Fill the field Website with koha-community.org
3-Use an email without at sing (@)
4-Notice that there is no error
5-Save
6-Go to the vendor created (/cgi-bin/koha/acqui/supplier.pl?booksellerid=1)
7-Click in Website: koha-community.org -> redirect to an 404 error
8-Notice the bad mailto:

To test:
-Apply patch
-Reproduce step 1 to 8 with the same vendor or create a new one
-Enter multiple wrong and valid urls
-Enter urls with and without protocols http, https, ftp
-Enter wrong and valid emails

NOTE: The classes used are taken from 'branches.tt'
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
no longer allows entering of improper website urls or incomplete email addresses.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:18:34 +00:00
Marc
865557e05c Bug 16953: Acquisitions home: Remove trailing &rsaquo; from breadcrumbs
The breadcrumb on the Acquisition's home page reads: Home > Acquisitions >
This tiny patch removes the trailing > (&rsaquo;)

Amended: Remove the link on 'Acquisitions' as well...
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:17:14 +00:00
Hector Castro
67a65ba16f Bug 16964: Fix capitalization for "Report Plugins" in reports-home.tt
Fix capitalization for "Report Plugins" in reports-home.tt according with
Coding Guidelines <https://wiki.koha-community.org/wiki/Coding_Guidelines#HTML4:_Upper_and_lower_cases_in_strings>

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:16:09 +00:00
dbfda36767 Bug 17055 - Add classes to different note types to allow for styling on checkins page
Returned items may have 3 kinds of notes, patron, item public, and item
non-public. However, the html markup for them does not allow us to
distinguish which type we are seeing. It would be good to add classes
for each of these note types.

Test Plan:
1) Check out an item to a patron
2) Add a patron note, a public item note, and a non-public item note
   to the patron and item you used
3) Check in the item and instead the html, note the each note span
   now has a class to distinguish which type of note is being displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:11:11 +00:00
Marc
6359922847 Bug 17076 - Format fines in patron search results table
Format the values in patron search results following syspref CurrencyFormat.

To verify:
- Search for patrons who have fines or credits
- In result table, column 'Fines' does not respect syspref CurrencyFormat
  (e.g. for FR)

To test:
- Apply patch
- Repeat steps above, verify that fines display as appropriate
- Change syspref Currencyformat, verify display

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:05:48 +00:00
72150ee759 Bug 17040: Fix translation on context menu when editing items
Test plan:
update and install translated language files
On the item list (cataloguing/additem.pl) the context menu should be
translated (Edit item/Delete item)

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:56:08 +00:00
034f939a44 Bug 16894: Regression - Display email on patron search results
Bug 10318 added the email to the patron search results but it has been
removed later.
This patch reintroduced it where it was (no new column).

Test plan:
Search for patrons and confirm that the emails are displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:54:00 +00:00
Marc
5dd9a2546a Bug 17082: Translatability: Fix sentence splitting in member.tt
This patch fixes sentences splitting in file
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt

Fix is done with a new .inc file because the code is the same as in
koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt

To test:
- Carefully review code changes
- Test on a fresh install without example data (or save database
  and test with empty tables 'branches' and 'categories')
- Go to Home > Patrons (members-home.pl)
- Verify that a warnings appears aubout missing libraries and patron
  categories
- Try to add a new patron (memberentry.pl)
- Verify that the same messages are triggered
- Verify that messages disappear as appropriate as soon as a library and
  a patron category are defined.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Note: Filed Bug 17093 for JS error on patron entry form.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:49:48 +00:00
Katrin Fischer
09d7a47f1f Bug 17074: Follow-up: fixing encoding issues with multiple search terms
If there was more than one search term you could see that that it
was url encoded. Also problems with search terms with umlauts and
other diacritics.

Patch should fix that.

https://bugs.koha-community.org/show_bug.cgi?id=17074
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:38:17 +00:00
Katrin Fischer
8d7e62b808 Bug 17074: Fix links in result list of 'scan indexes' and keep search term visible
The 'scan indexes' search that can be reached from the
advanced search has 2 problems to begin with:

- The search term you searched for is not displayed
  in the input field.
- The links in the result list are missing the index
  and because of that, are not giving the correct results.

To test:
- Go to the advanced search, select an index to search in
- Enter a search term and check 'scan indexes'
- Submit search
- Check if the search term is visible in the input box
- Check if the result links contain your selected index
  and give you correct results (count and the number of
  results should match)

Tested both patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:38:16 +00:00
06d1259e56 Bug 16992: FIX CSRF in member-password.pl
If an attacker can get an authenticated Koha user to visit their page with the
url below, they can change patrons' passwords
/members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked

Test plan:

Trigger
/members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked

=> Without this patch, the password will be updated
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:34:02 +00:00
09d0b1310b Bug 16993: Fix CSRF in memberentry.pl
If an attacker can get an authenticated Koha user to visit their page
with the url below, they can change patrons' passwords or other
patrons'details

members/memberentry.pl?op=save&destination=circ&borrowernumber=3435&password=ZZZ&password2=ZZZ&nodouble=1

Test plan:

Trigger
members/memberentry.pl?op=save&destination=circ&borrowernumber=42&password=ZZZ&password2=ZZZ&nodouble=1

=> Without this patch, the password will be updated
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: removed the commented use Digest::MD5-line.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:25:25 +00:00
b543fa74fe Bug 17038: Fix XSS in catalogue/search.pl
Test plan:
Search for something like:
  \";alert(1)//135

=> Without this patch you will see the alert
=> With this patch, no more alert

Note that this fix the parameters idx, q and op

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:20:51 +00:00
96a9c2715e Bug 17036: Fix XSS in circulation.pl
Test plan:
Enter the following in the "Check out" tab:
"><script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:20:07 +00:00
12b4c83f5a Bug 17021: Fix XSS in circ/returns.pl
Test plan:
Enter the following in the barcode input:
<script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:18:54 +00:00
1ea1504c30 Bug 17025: Fix XSS in serials-search.pl
Test plan:
Hit
  /serials/serials-search.pl?ISSN_filter="%2F><script>alert('XSS')<%2Fscript>&searched=1
  /serials/serials-search.pl?title_filter="%2F><script>alert('XSS')<%2Fscript>&searched=1

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:17:19 +00:00
Katrin Fischer
821cb91a80 Bug 7441: QA follow-up - Add note about missing NORMARC support
Adds a note about missing support for NORMARC (only supports
MARC21 and UNIMARC) to the system preference text.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:14:22 +00:00
4db2e745e2 Bug 7441 - search results showing wrong branch?
When you search in the OPAC it shows you the HOME branch on the location
in XSLT, but if you click through to the detail page it shows you the
CURRENT BRANCH in the holdings table which is very confusing to patrons.
I don't know what's the right solution - home or holding branch, but they
should be the same in both places for the patron's sake. If you do the same
search in the staff client you see the right branch info on the search results
and on the detail page.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Search the catalog, you search should include results with items
   that have different home and holding libraries.
4) The results should look the same as before the patch
5) Change the system preference OPACResultsLibrary to "current location"
6) Refresh your page of search results
7) The results show now show the holding library instead of the home library

Signed-off-by: Barbara Walters <bwalters@ncrl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:14:19 +00:00
Nicole C Engard
ebaa3543d6 Bug 16727: Clarify upload category note
This patch clarifies the note on the upload tool
that states that no categories are defined.

To test:

* Log in to Koha
* Confirm that you have no values set for the UPLOAD
  authorized value category
* Visit Tools > Upload
* Check the warning note for typos
* Add a authorized value category for UPLOAD
* Visit Tools > Upload
* Confirm that note is replaced

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-04 21:29:51 +00:00
Hector Castro
e8d4c634b4 Bug 16861: (followup)Translatability: remove fa-hand-o-down icon
Remove fa-hand-o-down icon accoring with QA comment 5

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-04 21:24:57 +00:00