This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several reports templates to use the
Bootstrap grid instead of YUI.
A couple of markup errors have been fixed in reports/itemslost.tt.
This patch also removes obsolete "text/javascript" attributes from
<script> tags and "text/css" attributes from <style> tags in the
modified templates.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Reports -> Lost items
- Reports -> Catalog by item type
- Reports -> Orders by fund
- Reports -> Holds statistics wizard
- Reports -> Serials statistics wizard
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To Test:
Check the following files that all the "biblio" or "biblio record" are
now written in full as "bibliographic record".
modules/reports/acquisitions_stats.tt
modules/reports/cash_register_status.tt
modules/reports/catalogue_stats.tt
modules/reports/issues_stats.tt
modules/reports/reserves_stats.tt
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies the staff client's reports templates so
that JavaScript is included in the footer instead of the header.
To test, apply the patch and test the JavaScript-driven features of
reports pages: All button controls, DataTables functionality, form
validation, etc.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Fix for QA: Remove unused Dopop function.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The previous query was wrong. If an item type did not contain the
translation in the interface's language, the ->search_with_localization
did not return it at all.
What we need is definitely to add a second condition on the join.
For reference:
http://search.cpan.org/dist/DBIx-Class/lib/DBIx/Class/Relationship/Base.pm#conditionhttps://blog.afoolishmanifesto.com/posts/dbix-class-parameterized-relationships/
That sounds hacky but seems to be the DBIx::Class path to follow.
Bug 17835: follow-up
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Lari Taskula <lari.taskula@jns.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
Apply patch and go to pretty much every page on the Intranet - look out
for labels on forms etc where there should be colons but aren't. If you
see any that I've missed but I'm 99% sure I got all of them! Make sure
to click through some forms where creating a new thing involves
continuing the submission on multiple pages.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Rebased on current master and checked all changed pages.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
The "highlight" class on table rows is unnecessary since we have a CSS
rule which defines colors for alternating row colors. This patch removes
use of the "highlight" class from templates and removes the definition
from staff-global.css
To test, view the affected pages and confirm that the change has not
broken anything.
Acquisitions -> Vendor -> View basket
Acquisitions -> Late orders
Acquisitions -> Ordered
Acquisitions -> Vendor -> Receive shipment
Acquisitions -> Spent
Acquisitions -> Vendor details -> Contracts table
Administration -> MARC frameworks (comment removed only)
Administration -> Class sources
Authorities -> Authority search results
Catalog -> Bibliographic detail page -> Items -> View item's checkout
history
Catalog -> subject.tt (is this template used?)
Cataloging -> Cataloging search results
Patrons -> Patron account
Reports -> Patrons who haven't checked out
Reports -> Statistics wizards -> Patrons
Reports -> Top lists -> Most-circulated items
Reports -> Inactive -> Items with no checkouts
Reports -> Reports dictionary
Reports -> Statistics wizards -> Circulation
Reports -> Statistics wizards -> Holds
Holds -> Place a hold -> Existing holds table
Serials -> New subscription -> Search for a vendor -> Search results
Serials -> Check expiration
Serials -> Subscription -> Serial collection
Serials -> Subscription -> Serial collection -> Edit serials
Suggestions
Tags -> View tags -> View titles with a tag
Tools -> Manage staged MARC records -> Batch (I think the affected
section of this template is obsolete)
Tools -> Log viewer -> Log result
Lists -> View lists (May be broken by Bug 15916)
Note that if you search the templates for instances of a <tr> with a
"highlight" class you'll find two instances in slip templates which
refer to a class defined in printreceiptinvoice.css.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Looks good. Haven't seen any regression.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This patch removes similar instances on 5 files, same code.
Also removes a commented one, changed in case some plan to
resurrect the code.
This bug depends on Bug 12696.
In all cases but the commented one, what was replaced
is a pulldown with one value, 'CSV'
To test:
1. Apply patch for Bug 12696
2. Apply this patch
Check for the pulldown 'Into an application'
3. Go to Reports > Statistics wizard > Borrowers
4. Go to Reports > Statistics wizard > Circulation
5. Go to Reports > Statistics wizard > Holds
6. Go to Reports > Top lists > Most-circulated items
7. Go to Reports > Inactive > Patrons who haven't checked out
8. There is also a commented code on catalogue_stats, no fuctional
changes.
Followed test plan. Patch behaves as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, passes tests and QA script.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch removes only instance in this file.
Problem is that there are many template files
involved. Most of them have other instances of
scrolling_lists but is a problem for other bugs,
they will depend on this.
What is replaced is a pulldown for delimiter choices.
In all but one case the code is the same (variable name change),
and I did a little tidy of the TT code
To test:
1. Apply the patch
In all the following cases, check delimiters pulldown (Output box, bottom right)
2. Go to Reports > Statistics wizard > Acquisitions
3. Go to Reports > Statistics wizard > Patrons
4. Go to Reports > Statistics wizard > Catalog
5. Go to Reports > Statistics wizard > Circulation
6. Go to Reports > Statistics wizard > Serials
7. Go to Reports > Statistics wizard > Holds
there is a bug here, pulldown next to this must show 'CSV' option,
but shows nothing. Will be fixed
8. Go to Reports > Other > Average loan time
9. Go to Reports > Top lists > Patron checking out the most
Here there is a 'Delimiter' label before delimiters, only case
10. Go to Reports > Top lists > Most-circulated items
11. Go to Reports > Inactive > Patrons who haven't checked out
There is and inconsistency here, name of option on reports page,
and name on this report, 'Patrons with no checkouts'
Followed test plan. Pulldowns display as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described, passes tests and QA script.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Labels which precede a text input or select typically have a colon
before them:
Name: [____]
This patch cleans up templates where labels in this context lack a
colon. Exceptions to this rule include radio buttons, checkboxes, and
labels inside tables.
To test, view the affected pages and confirm that labels look
consistent.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Patch adds more consistency.
Work for translators could be made easier using CSS instead
of whitespace after colon.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
All instances of the old DynArch calendar have been replaced with
jQueryUI versions and the old library files have been removed.
calendar.inc has been modified to include jQueryUI localization
strings and global configuration options. Just add a "datepicker"
class to an input field to trigger a datepicker prompt.
If you would like two fields in one from to limit each other (one
is date from, one is date to), add these classes to each:
"datepickerfrom" and "datepickerto." This will prevent an invalid
entry, e.g. a date in the latter which falls before the former.
jQueryUI is now upgraded to the latest verision, 1.8.21.
Edit: Now with proper translatability, date formatting, first day
of the week handling, and RTL support.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA Comment: rebased on current master; minor merge conflicts with other patches pushed
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This is the last one - adding the classes and ids to the report module and
some template files for smaller moduls/functions.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch fixes several errors in reserves_stats.pl and reserves_stats.tt.
Testing -
To test this patch, data must be in either the reserves table or old_reserves or both. The following SQL will give you the raw data that is used by the report.
SELECT priority, found, reservedate, notificationdate, reminderdate,
waitingdate, cancellationdate, borrowers.categorycode, items.itype,
reserves.branchcode, holdingbranch, items.homebranch, items.ccode,
items.location, items.itemcallnumber, borrowers.sort1, borrowers.sort2
FROM reserves
LEFT JOIN borrowers on (borrowers.borrowernumber = reserves.borrowernumber)
LEFT JOIN items on (items.itemnumber = reserves.itemnumber)
UNION SELECT priority, found, reservedate, notificationdate, reminderdate,
waitingdate, cancellationdate, borrowers.categorycode, items.itype,
old_reserves.branchcode, holdingbranch, items.homebranch, items.ccode,
items.location, items.itemcallnumber, borrowers.sort1, borrowers.sort2
FROM old_reserves
LEFT JOIN borrowers on (borrowers.borrowernumber = old_reserves.borrowernumber)
LEFT JOIN items on (items.itemnumber = old_reserves.itemnumber)
To test the notificationdate and reminderdate, I added data to the old_reserves table, since I have never run notices on my test machine.
Ex:
UPDATE old_reserves
SET notificationdate = "2012-01-29",
reminderdate = "2012-01-29"
WHERE timestamp = "2012-01-29 20:09:34";
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Confirm original bug -- Reports work as expected now!
prove t xt t/db_dependent no different from master.
An invalid template syntax for defining a variable's default
value is found in the circ report template and several
others:
[% DEFAULT LibraryNameTitle="Koha Online" %]
Based on the T:T docs this appears to be the correct way of defining
a default value:
[% LibraryNameTitle or "Koha Online" %]
Reference:
http://template-toolkit.org/docs/manual/Syntax.html#section_Implicit_Directives_GET_and_SET
Signed-off-by: Nicole Engard <nengard@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>