The easiest here is to not empty 'op' but instead redirect to an error
page.
Minor changes: to keep the patch simple it removed the 'dev only' error and
display the error for non-dev installs. It should not be a problem
anyway and will prevent errors to be hidden in the log.
We could make KOHA_ERROR an arrayref, but later (we don't need it now
anyway).
Note that the OPAC still not benefit from a friendly specific error for
invalid token.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Material - The code that is supposed to replace the checkbox with a text
was not at the correct place. It should be with checkin, not renewal.
With the table refresh it does not make sense to keep it as we will
never see it.
Best is to replace the checkbox with the text directly.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
No desire to have a nice api client for this.
This patch also:
Improve failure handling
Remove unecessary code in svc script
Remove duplicated on click binding
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Removing the ability to remove several cover images, it was not used.
FIXME - Note that I am getting randomly a failure when uploading an image and
seeing the following error in the log:
[Wed Feb 21 10:43:59.168934 2024] [cgi:error] [pid 24037] [client 172.18.0.1:45074] AH01215: Use of uninitialized value $fileID in bitwise and (&) at /kohadevbox/koha/tools/upload-cover-image.pl line 101.: /kohadevbox/koha/tools/upload-cover-image.pl, referer: http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=1
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Some svc scripts (and controllers) are using using is_ajax to guess if
it's an AJAX request.
$.ajax is setting the (non standard) X-Requested-With header, but the
low level JS 'fetch' does not.
This patch set it in http-client.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
APIClient is not a global variable, which will make the next changes
much easier!
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We are retrieving the awesome fetch modules from Vue, so that it can be
used in other areas. Here we will use it to inject the CSRF token to the
header of every POST request.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Hum this didn't make sense. We are not checking credentials after
checkauth.
This patch is suggesting to rename "userid" and "password" parameters
from login forms to "login_userid" and "login_password" to not interfere
with other parameters with the same name.
This looks quite correct, however I am seeing
"The form submission failed (Wrong CSRF token)."
in the log after a successful login. Which feels wrong, what's
happening?
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Something very weird is happening here.
There is a FIXME already, but the trick does not seem to work anymore
(?)
This patch contains some debug statements and take some screenshots.
We are reaching the cud-selectframeworks step then we are expecting the
form to submit the form with op=cud-addframeworks
BUT it seems that "op" is empty, and there is an unexpected warning from
Starman:
==> /var/log/koha/kohadev/plack-error.log <==
""
Use of uninitialized value in string ne at /usr/share/perl5/Starman/Server.pm line 304.
==> /var/log/koha/kohadev/plack-intranet-error.log <==
[2024/02/15 13:09:34] [WARN] Warning: something's wrong at /kohadevbox/koha/installer/install.pl line 89.
What's going on here??
UPDATE: This is fixed by "Bug 34478: Manual fix - Make Koha::Token use
session id not userenv id"
Bug 36102: [TO SQUASH] Fix 01-installation.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This improves display. This only comes up when you try to reset your
password after you did already.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
multi_renew now has a validation step
This patch also removes 2 variables that were not used ($mode and $done)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We can certainly do better here (too many duplicated code in on click
functions), but it's good enouh for now...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nothing to POST, we could move to GET, but we do not have parameters. A
link is good here.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the serials toolbar and related JS so that delete,
close, and reopen are all POST operations.
The patch also fixes an incorrect op check in the subscription search
popup.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The 'delete_confirm' op leads to a confirmation page, so it's GET.
The patch also consolidates JS for handling deletions, using the same
class for both the delete button in the toolbar and in the table of
lists.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The template uses checks on the op value to show messages, so those
checks have to be updated with the new values.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts several delete links to POSTed forms and corrects
the op variable names in the script. The patch also simplifies the
deletion click handlers.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
- Get the CSRF token from the pop-up instead of from the parent window,
since that seems to work
- Remove some click handlers which were made obsolete
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes a number of changes to finish incomplete work in
668cd06e1960a3878ec1c976ce7f2e1f93688468
Initial submissions to batch biblio operations have to accommodate
POSTed file data, so this patch makes changes to instances where we were
submitting biblionumbers in a URL.
We could also choose to make a change in tools/batch_delete_records.pl
and tools/batch_record_modification.pl to handle different "list"
operations differently based on the method of submission. This patch
presents only the client-side option.
The cart presented a unique problem in that it requires that data be
passed from the pop-up window to the parent window, something which
can't as easily be done with a form as with a URL. The workaround I came
up with is to dynamically generate the form in the parent page and
trigger the submission from there.
Also changed:
- More updated CSS to handle buttons inside dropdowns inside toolbars.
- Correct op names for the "list" operation in batch modify and delete
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds some CSS for handling the style of form buttons inside
Bootstrap dropdowns and corrects related markup in two places: Authority
search results and Suggestion management.
Buttons should look correct if we avoid using <fieldset> inside
dropdowns and make sure the button has "btn btn-default" classes.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The numbering patterns script has been update to look for "cud-modify"
to load the edit form, but that's a GET operation and can stay "modify."
The delete buttons have been updated to be a POSTed form.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the "Delete" button on the comments moderation page
to convert the GET link to a posted form.
Unrelated: The JavaScript has also been modified so that it asks for
confirmation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the "Remove" button from items which are in a
rotating collection (in the "Manage items" stage). A GET link is
converted to a posted form.
Unrelated: The JavaScript has also been modified so that it asks for
confirmation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the patron file template to convert the "Delete"
link to a form which includes the CSRF token. The script has already
been modified to check for the "op" value updated in the template.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts the delivery delete buttons to a form and changes
the corresponding op check in the script.
The patch also fixes an error in the form markup and corrects the op
parameter name in several links.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The op value is set in the JavaScript, where it hasn't been updated to
match the "cud-delete" value checked in the script.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes two changes: The first changes the name of the op value
matched in the script when editing a set. The "mod" step is a GET
operation to load the edit form.
The second change is a workaround for the fact that a submit
button looks bad in a Bootstrap dropdown. The patch creates a hidden
form for deletion operations. Clicking a "delete" link in a dropdown
fills the hidden form with the OAI set id to be deleted and submits it.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
"delete_confirm" is a GET operation leading to a confirmation page,
where "cud-delete_confirmed" should submit a POST to delete.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts the delete link on the item search field page to a
form with a POST operation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The AJAX call in the template still used "action" instead of
"op".
The patch also fixes references to "action" in the POD and corrects
"toggle" to "cud-toggle".
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I also move the writeoff handling out of it's own block in into the rest
of the x_individual handling.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Too much changes needed. Main functionality works again.
Some improvements can still be made.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts the delete links on the classification
configuration page for sources, filing rules, and splitting rules to
POST forms.
A couple of op checks in the script are corrected to match.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The pay to paycollect post/redirect flow here doesn't actually
consistute a state change, however it's much simpler to add the csrf
token check flow here than to refactor the code to a get (url's quickly
grow too large for a GET) or rework it in other ways. I opted to do
this for now and work on a refactor at a future date.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 34478: [TO SQUASH] Manual fix - change links to JS form submission - cleanup comments and unused routine - request.pl/.tt
Bug 34478: [TO SQUASH] Manual fix - link to js post and add op to form - request.tt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This form calls a payment plugin to prep a new form that submits to a
the payment site external to Koha.
This form does not change state but a change to GET would cause failures
if trying to pay more than 133 fees on Chrome ( but not Firefox ).
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This form allows the user to select which language they wish to work
through the installer in, it doesn't update anything serverside.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 34478: [TO SQUASH] Add 'op' to reports/guided_reports
Found bug 36071 when working on this. This is not a regression from this
patch.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Added 'cud-renew' op check to circ/renew.pl and added corresponding op
params to:
* includes/renew-search-box.tt
* circ/renew.tt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Required some more changes for mode to op, and delete form.
Most forms did not need a POST.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Removed an unused form from process_koc.tt and an unused
op from process_koc.pl.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
