This is clearly dead code as it's never set in the controller file.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Added decimal input_mode and pattern for "Rental discount (%)" so it functions same way as "Fine amount" or "Overdue fines cap (amount)" rules, allowing user to save decimals only.
1. Go to Circulation and fine rules page and save some gibberish into "Rental discount (%)", see that it allows you to do that.
2. Apply the patch, and try same thing again, this time it should only allow you to save decimal numbers.
Signed-off-by: Olivier V <olivier.vezina@inLibro.com>
Signed-off-by: Lisette Scheer <lisette@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Update the 'Patrons with the most checkouts' report (bor_issues_top.pl)
to:
1. Add the total to the CSV output.
2. Change the screen output to only show the patrons name once, instead
of for each group by column.
3. Add total check out when output to screen.
4. Change item type group by from biblioitems.itemtype to items.itype.
Note: This does not fix the SQL query so that it can run if the
database is in strict mode.
Test plan:
1. If using koha-testing-docker (KTD), set strict SQL mode for your
database to 0 (that is, turn it off).
(Edit <strict_sql_modes>0</strict_sql_modes> in
/etc/koha/sites/kohadev/koha-conf.xml
(and then flush_memcached and restart_all))
2. Add some data so that a useful report can be generated:
. Check out and return some items to different patrons in different
libraries:
==> Minimum end result:
. two items issued to a patron for one library, 1 item issued
and returned for the same patron at another library
. one item issued to another patron from another patron
category for one of the libraries used previously
3. Generate the report with output to screen with a group by, for
example: 'By' option set to Category code
4. Observe that the patron name is repeated for each column group.
5. Observe that there is no total column.
6. Generate the report with output to CSV.
7. Observe that the total checkouts is not in the CSV.
8. Apply the patch and restart Koha (restart_all).
9. Generate the CSV report again.
10. Observe that the total checkouts is in the CSV.
11. Generate the report to screen again.
12. Observe that there is a total column and the patron name is only
shown in one column.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Lisette Scheer <lisette@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Currently the tool reports:
Incorrect not-for-loan values
Wrong place
Checked out
We should have:
Optional display of items w/o problems
Display of missing/lost items now marked found
TEST PLAN
1 - Mark an item as lost
2 - Go to tools->inventory
3 - Fill in the barcode list with the barcode of the item, notice there
is one checkbox in "Additional options"
4 - Submit -> there should be no result
5 - Apply patches and redo 1,2&3
6 - Notice there are now 3 checkboxes in "Additional options"
7 - Click on "Add lost items to the report"
8 - Submit -> there is now one line in the report with problem "Item was lost and is now marked as found"
9 - Go to tools->inventory
10 - Click on "Add lost items to the report"
11 - Submit -> there is no line in the report
12 - Go to tools->inventory
13 - Click on "Add items without problem to the report"
11 - Submit -> there is now line in the report with an empty problem
Signed-off-by: Mathieu Saby <mathsabypro@gmail.com>
Signed-off-by: Lisette Scheer <lisette@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Currently the tool reports:
Incorrect not-for-loan values
Wrong place
Checked out
We should have:
Optional display of items w/o problems
Display of missing/lost items now marked found
TEST PLAN
1 - Mark an item as lost
2 - Go to tools->inventory
3 - Fill in the barcode list with the barcode of the item, notice there
is one checkbox in "Additional options"
4 - Submit -> there should be no result
5 - Apply patches and redo 1,2&3
6 - Notice there are now 3 checkboxes in "Additional options"
7 - Click on "Add lost items to the report"
8 - Submit -> there is now one line in the report with problem "Item was lost and is now marked as found"
9 - Go to tools->inventory
10 - Click on "Add lost items to the report"
11 - Submit -> there is no line in the report
12 - Go to tools->inventory
13 - Click on "Add items without problem to the report"
11 - Submit -> there is now line in the report with an empty problem
Signed-off-by: Mathieu Saby <mathsabypro@gmail.com>
Signed-off-by: Lisette Scheer <lisette@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch moves the StaffLoginInstructions system preference into HTML
customizations, making it possible to have language-specific content.
To test you should have some content in the StaffLoginInstructions
system preference before applying the patch. Apply the patch and run
the database update process.
- In the staff client, go to Tools -> HTML customizations and verify
that the content from StaffLoginInstructions is now stored there.
- The HTML customization entry form should offer StaffLoginInstructions
as a choice under "Display location."
- Update and reinstall active translations (for instance fr-FR):
- perl misc/translator/translate update fr-FR
- perl misc/translator/translate install fr-FR
- Enable the translation if necessary under Administration -> System
preferences -> language.
- Edit the StaffLoginInstructions HTML customization and add unique
content to the "fr-FR" tab.
- View the staff interface login page. You should see the
content you added to the StaffLoginInstructions HTML customization.
- Switch to your updated translation and confirm that the content you
added for your translation shows up correctly.
- Go to Administration -> System preferences and search for
"StaffLoginInstructions." It should return no results.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
As suggested by David, I've re-arranged the message output so we pass
'message' first, followed by the error reference inside brackets,
followed by "for SERVER" and finally "result No."
This follows the Z39.50 suggestions more closely whilst still including
our level of detail for Server + Result number.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This tries to fix multiple translation issues in the ERM module.
This includes:
* Making strings translatable
* Using double quotes instead of single around strings according to
coding guidelines
* Fixing some translations where the variable was marked for translation,
but not the strings themselves: ...>{{ $__(item.tab_name) }}</a
To test:
* Apply patch
* Run yarn build
* Make sure you have a clean work space in git
* Run gulp po:update lang de-DE (or another language)
* Verify the strings from the patch set now appear in the po files
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Amended-by: Jonathan Druart
- {{ $__("Uploaded on:") }}
+ {{ $__("Uploaded on") }}:
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch updates the table settings template to add style to
informational messages.
To test, apply the patch and go to Administration -> Table settings.
- Go to Catalog -> detail -> holdings_table. Above the table's settings
you should see a message, "Please not that if a field..." It should
have the standard Bootstrap "info" style.
- Go to Cataloging -> additem. You should see a similarly styled
message, "Changes made below..."
Sponsored-by: Athens County Public Libraries
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
1. Apply only bug 38167 and it's dependency (assuming they are not in main)
2. Restart KTD or run
sudo yarn install --modules-folder /kohadevbox/node_modules
3. Run the following and see that it doesn't lint
eslint t/cypress/integration/AdditionalFields_spec.ts
eslint koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/UsageStatisticsReportBuilder.vue
4. Apply the patches of this ticket
5. restart KTD
(it tests that the provisionning works well to get all
the JS libs)
6. Run the following and see that it lints
eslint t/cypress/integration/AdditionalFields_spec.ts
eslint ./t/cypress/integration/ERM/DataProviders_spec.ts
eslint ./koha-tmpl/intranet-tmpl/prog/js/vue/modules/preservation.ts
eslint koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/UsageStatisticsReportBuilder.vue
eslint ./koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/AgreementsFormAdd.vue
Various files tested here give an idea of the output, feel free to try others.
And report stuff that should obviously be silenced due to making too much
noise and having low value or being contrary to our current practices.
Non obvious stuff to fix might be put in a follow-up ticket.
---------
This was removed from config:
indent: ["error", 4],
Because this check was finding it redundant:
npx eslint-config-prettier koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/Main.vue
check which is documented here:
https://github.com/prettier/eslint-config-prettier?tab=readme-ov-file#cli-helper-tool
To doubled check, I sabotaged some indentation in a .js/.ts section on these files
koha-tmpl/intranet-tmpl/prog/js/vue/components/ERM/Main.vue
koha-tmpl/intranet-tmpl/prog/js/ajax.js
And without `indent: ["error", 4]` the prettier rule was still reporting the issue.
And with `indent: ["error", 4]` the issue was reported twice.
This looks enough to confirm it's redundant to keep it.
----
For the same reason as above, the following was removed:
semi: ["error", "always"],
tested by removing a semicolon in
koha-tmpl/intranet-tmpl/prog/js/ajax.js
t/cypress/integration/Auth/csrf.ts
----
This was removed:
"linebreak-style": ["error", "unix"],
Because it's the default of prettier
https://prettier.io/docs/en/options.html#end-of-line
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test:
1. Do not apply
2. eslint koha-tmpl/intranet-tmpl/prog/js/ajax.js
3. It should fail
4. ESLINT_USE_FLAT_CONFIG='false' eslint koha-tmpl/intranet-tmpl/prog/js/ajax.js
5. It should work
6. Apply patches
BZ38700 will conflict with BZ38149 on yarn.lock
solve conflict with
sudo yarn install --modules-folder /kohadevbox/node_modules
git bz apply --continue
git will only continue for 38700 and don't actually apply this (38167)
So retry
git bz apply 38167
Don't apply the dependecies are they are already there.
This time you're good :)
(the conflict can't be durably solved because 38770 need to be
applied independently or with BZ38149 depending on what other bug
needs to be tested :/ )
7. Restart KTD to have a clean state of dependencies and check that
provisionning still works.
8. ESLINT_USE_FLAT_CONFIG='false' eslint koha-tmpl/intranet-tmpl/prog/js/ajax.js
9. It should fail
10. eslint koha-tmpl/intranet-tmpl/prog/js/ajax.js
11. It should work
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Fix xt/js_tidy.t and xt/vue_tidy.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
And upgrade eslint-plugin-prettier
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan
1. Apply patch
2. Start KTD (to check that stuff is installed automatically)
3. Run this:
ESLINT_USE_FLAT_CONFIG='false' eslint koha-tmpl/intranet-tmpl/prog/js/ajax.js
4. You should see errors from prettier in addition to others
QA notes:
1. Run this:
yarn why eslint; yarn why prettier; yarn why eslint-config-prettier; yarn why eslint-plugin-prettier
2. See that the version are the latest from NPM website
3. See that they are in devDependencies
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
You need bug 38461 to run successfully this test.
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Yet another visibility bug fix for this specific table.
When the filters are displayed the table is destroyed and recreated.
We should not save the visibility changes made by DT and consider them
changes made by the user.
A temporary variable is used to store the user settings duringt this
action, then we restore them once it's done.
Test plan:
Go to the detail page of bibliographic record with items
Click on "show filters"
=> Only columns displayed should still be displayed
Retry but show/hide some columns before you display the filters
=> Only columns displayed should still be displayed
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
There are known bugs with Cypress trying to play with the clipboard, and
I don't manage to make the tests pass consistently (also tried realClick
from cypress-real-events)
Here I am suggesting to not click on the button, but simply retrieve the
url (which needs a bit of work in the existing code).
We don't test the "Copied!" tooltip and the behaviour of the button, but
at least the tests pass!
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
All this is weird.
I found this and implemented it:
https://stackoverflow.com/questions/69425289/javascript-prompt-cause-document-is-not-focused
It was still not enough to reduce the failures.
The wait and adding the focus to the window seems ok.
If I remove one of those 3 hacks, I still get failures...
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
No need to list all the objects, just retrieve the spec depending on the
"object" var we pass.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This change adds some double quotes where quotes were missing,
and replaces single quotes with double quotes, which prevents XSS.
Test plan:
0. Apply the patch
1. Create a subscription
2. Using the ID from the subscription, go to this page:
http://localhost:8081/cgi-bin/koha/serials/subscription-detail.pl?
print_routing_list_issue=1&subscriptionid=<SUBSCRIPTIONID>
3. Note that you're able to generate a print slip
(You may need to allow popups)
4. To check the security vulnerability is fixed, try the proof-of-concepts
attached to the bug report
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This change adds double quotes to some template strings where
quotes are missing all together or single quotes are used incorrectly.
Test plan:
0. Apply the patch
1. Go to http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=test
2. Click on "Gairm"
3. Use the search result navigation box to go to the next result
On the left of the page. Just bellow the breadcrumb and
left of the record title.
4. Note that everything loads correctly
5. To test that the security hole has been fixed, try some of the
proof-of-concept attacks provided for biblionumber and searchid
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Baptiste Wojtkowski <baptiste.wojtkowski@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This change prevents CSV Formula injection on DataTables exports
by escaping formula with a single quote prefix as per OWASP recommendations.
Test plan:
0. Apply patch
1. Go to http://localhost:8081/cgi-bin/koha/members/memberentry.pl
?op=edit_form&destination=circ&borrowernumber=51
2. Add the following in a "Circulation note"
=SUM(1+1)
3. Go to http://localhost:8081/cgi-bin/koha/members/member.pl
?quicksearch=1&circsearch=1&searchmember=koha
4. Click "Export" and choose "Excel" and "CSV"
5. Open those downloaded files in Excel
6. Note that the =SUM(1+1) function is prefixed with a single quote,
and is not automatically executed
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised. The problematic "cell" is exported as "'=SUM(1+1)".
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch fixes a typo in the description of the
EmailAddressForPatronRegistrations system preference.
To test:
1. Apply patch
2. Go to Administration > System preferences
3. Search for EmailAddressForPatronRegistrations
4. Read the description (2nd line) and make sure the spelling is correct
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
updates "Field suppresion" to "Field suppression"
to test:
- go to Administration/Authority types/Default framework/Tag 090
- verify description for subfield t is Field suppresion, FSP (RLIN)
- apply patch
- reset database or reset_all
- verify description has changed to Field suppression,FSP (RLIN)
Signed-off-by: William Lavoie <william.lavoie@inLibro.com>
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This fixes some database update messages to improve their
consistency with the database update guidelines
https://wiki.koha-community.org/wiki/Database_updates
Test plan:
1. Apply the patch.
2. Review the differences to make sure the messages make
sense and are consistent with the database update
guidelines:
2.1 Review the diff attached to the bug
or
2.2 Run: git show
3. Sign off D:
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Leo Stoyanov <leo.stoyanov@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
