Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the staff client patron module templates so that
JavaScript is included in the footer instead of the header.
This patch touches a lot of files because the changes are all
interdependent, affecting a couple of module-wide include files.
To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.
Patrons -> Patrons home, patron search results
-> Manage pending modification requests
-> Patron detail page
-> Edit patron
-> Set guarantor
-> Fines
-> Account, Pay fines, Create manual invoice, Create manual
credit
-> Print receipts for different kinds of charges
-> Routing lists
-> Circulation history
-> Holds history
-> Notices
-> Statistics
-> Files
-> Purchase suggestions
-> Discharges
-> Housebound
-> Set permissions
-> Change password
-> Print summary, slips, and overdues
-> Update child to adult patron type
Patron toolbar and patron search bar operations should work correctly on
all pages.
This patch also updates the template for searching the Norwegian
national patron database, but it has NOT been tested.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Zoe Bennett <zoebennett1308@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Fixes misplaced columns introduced by previous patch and adds the "-" for phone
transport type.
To test:
1. Set SMSSendDriver system preference on
2. Go to intranet messaging preferences
3. By default you should see checkboxes for all messages for SMS
4. Ensure columns are not misplaced (pushing one column too much to the right)
5. Delete sms method from one of the messages in message_transports table
6. Observe that "-" is displayed instead of checkbox for that message for SMS
7. Repeat same for TalkingTechItivaPhoneNotification system preference.
By default it may not have transports in message_transports, so make sure
to assign some in order to have the checkboxes visible.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies several include files, removing "onclick" attributes
in favor of defining events in JavaScript.
A reusable "toggle" function has been added to the global JS file so
that clicking elements with the class "toggle_element" will toggle the
display of elements as defined in the click target's "data-element"
attribute.
Also changed: In subtypes_unimarc.inc some capitalization errors have
been fixed and label/id pairs corrected.
To test, apply the patch and clear your browser cache if necessary.
- On the Acquisitions home page, click the "Orders search" header search
tab. Clicking the [+] link should expand and collapse the additional
search fields.
- On the checkout or patron detail page, view the "Restrictions" tab.
Click to add a restriction and use the datepicker to select a date.
Clicking the "Clear date" link should clear the date.
- Trigger the help window on any page. Clicking the "close window"
button should work correctly.
- Go to Administration -> Patron categories -> Edit. Checking and
unchecking messaging preference options should work correctly. The "do
not notify" checkbox should clear other checkboxes in that row and
vice versa.
- In Serials, from a subscription detail page, clicking the "Renew"
button should trigger the renew popup.
- Go to Acquisitions -> Vendor -> Add to basket -> From a subscription.
Clicking the "Advanced search" link in the left hand sidebar should
toggle the sidebar search form.
- In a UNIMARC system, view the advanced search page. Clicking the "Show
coded information filters" link should show additional search fields.
(I tested in my MARC21 system by temporarily moving line 174 of
advsearch.tt to line 172).
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
According to https://jquery.com/upgrade-guide/1.9/#attr-versus-prop-
.attr() is no longer correct to access the checked state of a checkbox.
This patch do the following replacements:
.attr('checked') => .prop('checked')
.attr('checked, '') => .prop('checked', false)
.attr('checked, 'checked') => .prop('checked', true)
.attr('checked', boolValue) => .prop('checked', boolValue)
.removeAttr('checked') => .prop('checked', false)
.attr('checked') == 'checked' => .is(':checked')
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
Add/edit/remove patron categories from the administration module
(admin/categories.pl).
You should get message feedback after each action.
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Operations in admin/category is unchanged, and functionnal
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We should be using Font Awesome for our icons instead of Glyphicons, for
the reasons discussed on bug 13696.
Test Plan:
1) Apply this patch
2) Note all Glyphicons have been replaced with FA icons in the staff intranet
3) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/modules/
should give no results
4) git grep "icon-" ./koha-tmpl/intranet-tmpl/prog/en/includes/
should give no results
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
We need a follow-up to cover the files changes since this
patch was written. Especially to cover the changes in the
label creator modules.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This path fixes the typo.
To reproduce and test:
Go to a patron's detail page
The message appears as hint in column-header 'Digests only (i)'
Sponsored-by: Universidad de El Salvador
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The digest term seems to be ambiguous for some people.
This patch adds a tooltip to explain what it is (feel free to provide
a better wording).
Test plan:
Go at the OPAC and click on the "Your messaging tab", you should see an
icon close to "Digest only" to explain what is a digest.
Same at the intranet on editing/showing patron info
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
An error in the onclick for phone notices causes the "Do not notify"
checkbox to be checked when the phone checkbox is checked. Also,
checking "Do not notify" does not uncheck the phone checkbox.
Test plan:
1) Enable TalkingTechItivaPhoneNotification
2) Browse to the new patron screen ( memberentry.pl )
3) In the patron messaging preferences check the Phone checkbox
4) Not the "do not notify" checkbox is then checked
5) Uncheck the "do not notify" checkbox, and check the Email checkbox as well
6) Now check the "do not notify" checkbox, note the Phone checkbox remains checked
7) Apply this patch
8) Repeat steps 3-6, noting the odd behavior is no longer present
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
If you do not have SMSSendDriver set and you do not have a message_transport_type of "sms", you will get an extra table column filled with a hyphen "-" and no corresponding table heading in the Patron Messaging Preferences table.
This pushes the table out of alignment so the email checkbox goes under "Digests Only?", the digests checkbox goes under "Do not notify", and the Do not notify checkbox is pushed to the side with no heading.
Signed-off-by: Sophie Meynieux <sophie.meynieux@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested for regressions.
All tests and QA script pass.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Implements support for Talking Tech I-tiva phone notification for OVERDUE, PREDUE and HOLD notifications.
Overdues respect triggers as configured for the patron's branch.
Predue and Holds notifications respect patron's messaging preference choices.
A new column for phone notification is added if the TalkingTechItivaPhoneNotification system preference is turned on
Record of phone messages being sent to patrons is added to the patron's Notices
tab; notice of success or failure can be retrieved from I-tiva.
See the TalkingTech.README for installation and set-up instructions.
Aside from the control system preference, and the necessary changes to Messaging Preferences
forms to make use of phone notifications, the bulk of the code resides in external
cronjobs.
TalkingTech_itiva_outbound.pl generates the Spec C file to send to I-tiva. Actual transmission
of the file must be handled by the system administrator.
TalkingTech_itiva_inbound.pl processes the received Results file from I-tiva. Getting the
file from I-tiva to Koha is the job of the system administrator, as well.
Both scripts have a --help option with full documentation.
The only necessary change to core Koha behavior is in C4::Letters::EnqueueLetter. The return
value was changed from 0 or 1 (successful addition of letter to message_queue or not), to the actual
insert ID of the letter. This was required by the outbound script to present a unique Transaction ID
for the notice added to the patron's record (so a 'sent' or 'failed' status could be updated). Since
the dbh and sth are not shared, and the last_insert_id() command is table-specific, this should be thread-safe.
No changes are necessary to any parts of Koha, as all usage of EnqueueLetter currently ignores the return value.
To Test:
1. Turn on TalkingTechItivaPhoneNotification system preference
2. Verify that 'phone' is now a valid notification option for patrons on both staff and OPAC side
3. Attempt to set a 'phone' preference for PREDUE or HOLD messaging; attempt should succeed
4. Set up the patron for notices to triggers:
a. include checked out items due in a range of days, including the value set up in their messaging preferences.
b. place several holds, some in position, others waiting for pickup, others in transit.
c. set the patron up to have overdues, overdue by a range of days that includes the delay values for
the patrons branch and categorycode
5. Run TalkingTech_itiva_outbound.pl --type=RESERVE --type=PREOVERDUE --type=OVERDUE --outfile=/tmp/talkingtechtest.csv
The resulting talkingtechtest.csv file should include all the items due on X days (where X is the patrons' preference),
and none of the ones due in other increments. Similarly, overdues messages should be added for each item due by a delay
value as configured; overdues of other numbers of days should be ignore. Holds that are waiting pick up or in transit should
have messages, those still pending should not.
Messages should be added to the patron's notices tab for each issue sent. Verify these messages exist, and all Notices
tokens are replaced with appropriate information.
Repeat, this time with 4c making use of the default branch overdue triggers, instead of branch-specific triggers.
To test the inbound script, create a CSV with rows in the format "<<Message_id>>","<<SUCCESS or FAIL>>"
Message ID should correspond to the final column of the talkingtechtest.csv file (the transaction id) for the message.
Primary Authorship: Ian Walls
Additional modifications: Kyle M Hall
http://bugs.koha-community.org/show_bug.cgi?id=4246
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Tested and in use in production by two public libraries : Middletown
and Washoe. Both have given their sign off, but don't have git to
actually sign off.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Upgrade jQuery in the staff client. Besides the change
to the jQuery file syntax has been changed wherever this
syntax was written:
$(foo).attr("checked","");
The new correct way to un-check a checkbox:
$(foo).removeAttr("checked");
I also removed some JavaScript altogether from
branch-transfer-limits.tt which used the old syntax but
which wasn't used on the page at all anymore.
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The SMS section of the template was commented out in the patch
pushed for Bug 5889, 'Allow message names to be translatable'
with the comment 'fixing columns overflow.' That seems to have been
a cosmetic fix for what I can only imagine was a different bug?
Also fixing a T:T variable scope error.
After applying this patch the "SMS" column in the Patron messaging
preferences should appear when the SMSSendDriver preference is not empty.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
TT scoping problems fixed.
Table now greyed out on the details tab and last column 'Don't notify'
shows correctly.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Changing the database value from "Item DUE" to "Item Due" broke the matching performed in the
messaging-preferences-form.inc file, resulting it the notice being labeled as "Unknown".
This patch changes both the matching, and the display, to "Item Due"
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Modification of template to allow multilanguage support. Alsa fixing columns
overflow.
BibLibre bug #5939
Tests: It works. Messages strings can now be extracted and placed in .po file
for translation.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Done within opac and intranet templates, still needs to be done for corresponding scripts.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
The display and editing of messaging preferences
for a patron have been moved as follows:
* the prefs for a patron are now displayed on the
patron details tab, not the messaging tab.
* the prefs are now modified by editing the patron
record, not on the messaging tab.
The messaging tab now contains only the list of
messages that have been or will be sent to the patron.
When creating a new patron record, changing the patron
category via the category dropdown now also changes
the default messaging preferences for that patron. If
you start editing a new patron, change one of the messaging
preferences, then change the patron category, the form will
ask you if you want to keep the preferences or get
the defaults belonging to the new patron category.
Note that when you edit an existing patron record, changing
the patron category will *not* cause the messaging preferences
to be automatically changed.
Programmer's note: this commit introduces a new web service,
members/default_messagingprefs.pl, that uses Jesse Weaver's
C4::Service module.
Signed-off-by: Daniel Sweeney <daniel.sweeney@liblime.com>
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Moved the messaging preferences form to a new
include, messaging-preference-form.inc, so that
it can be used to set messaging prefs both for a
patron and for a patron category.
Signed-off-by: Daniel Sweeney <daniel.sweeney@liblime.com>
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
