Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
This new page (admin/searchengine/elasticsearch/mappings.pl) will permit
to manage the ES mappings.
For the biblios and authorities indexes, the different mappings can be
managed from this single page.
The interface let you add, remove and update mappings and search fields.
It's also possible to reorder the mappings, as the order can be important
in the indexation process. Note that the table can be displayed in a
different order that the one it was before saving, but the mappings are grouped
by search field and the order inside the search field is preserved.
Limitations:
- If something went wrong during the insertion/deletion/modification,
the users will loose all these changes.
TODO:
- Add a specific permission (?)
- Add some data checks client side (JS)
- Use checkboxes for facet and suggestible (lazy today...)
- Understand the difference between the 3 values that sortable can have
and improve the value for the options in the select box.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Display patron messages from OPAC summary page on SCO screen as well.
To test:
- Make sure you have patrons with and without OPAC note and OPAC messages
- Log in to OPAC and go to patrons 'your summary' page to display note
and messages
- Apply patch
- Refresh patrons detail page. Verify that it looks the same as before
- Go to SCO
- Log in as such patron
- Verify that note and messages appear the same as on OPAC summary page
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
In the Staff client, under Circulation > Renew, the message shown after
successful renewal of an item contains broken URLs. This is also true for
the message shown when you try to renew an item that is not checked out.
This patch fixes that.
Test plan:
1) Go to Circulation > Renew, and search for the barcode of a checked-out
item. In the 'Item renewed:' confirmation message, notice how the URLs
for the title and the barcode are broken.
2) Now search for the barcode of an item that is not checked out. In the
'Cannot renew:' message, notice how the URLs are broken here too.
3) Apply the patch.
4) Repeat steps 1) and 2). This time the URLs work fine.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Also adding Marc Veron as bug wrangler (see his mail on the general ml
dated Oct 5).
Test plan:
Verify changes by comparing with Roles for 16.11 page on the wiki.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When a new patron registers, the confirmation page is displayed with
login details (login, password, cardnumber) and the login form is
prefilled.
In the case of public computer, for security reasons that should not
appear, patrons might forget to close the window.
Test plan:
1/ Set PatronSelfRegistrationPrefillForm on
2/ Register a new patron
=> The login details should not be displayed and the login form should
not be prefilled.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes event attributes from several tool-related templates.
Events are defined instead in the JavaScript.
To test, apply the patch and:
- Go to Tools -> Label creator -> Manage -> Layouts and edit any layout.
- In the "Font" setting, choose any font which includes the word
"italic" or "oblique" in the name. Doing so should disable the
"Oblique title" checkbox.
- Go to Tools -> Batch patron deletion/anonymization.
- Submit the form without making any changes. You should be prompted
to select an action.
- Go to Tools -> Inventory.
- Select a batch of barcodes to upload.
- Submit the form without selecting any filters. This should trigger a
warning.
- Also changed: Added Font Awesome icons to the "Select all" and
"Clear all" links on the inventory results view.
- Go to Tools -> Notices and Slips.
- Click "New notice"
- Change the selection under "Koha module." The page should reload
with the correct available message body fields. For instance,
selecting "Holds" should make available reserves.* columns.
- Go to Tools -> Upload.
- In the search form, enter a search term and click the 'Search'
button. The form should submit.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised. Event attributes removed
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes event attributes from several templates, moving event
definitions into the JavaScript instead.
To test, apply the patch and:
- View the MARC detail page for any bibliographic record. Changing the
framework selection should reload the display using the selected
framework.
- Perform the same test on the labeled MARC view. (Set the
viewLabeledMARC system preference to "Allow" if necessary).
- To test the changes to Reports you should have at least one report
group and at least one report subgroup.
- Create a new saved SQL report.
- Select a report group. Doing so should trigger the display of report
subgroups. Deselecting the report group should hide the subgroups.
- In Acquisitions -> Suggestions, create a new suggestion.
- In the 'Acquisition information' section, changing values for
copies, currency, and price should change the value in the total
field.
- In Circulation -> Upload offline circulation file:
- My patch for Bug 16602 added the required code but forgot to remove
the corresponding onclick attributes.
- Browse for an offline circulation file.
- Clicking the 'Upload file' button should work correctly.
- After uploading a file, both the 'Add to offline circulation
queue' and 'Apply directly' buttons should work to trigger their
corresponding processes (keeping Bug 16603 in mind).
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This new enhancement will add the ability to change the default holdings
sort on OPAC displays to be by library, instead of item type.
This patch adds a new pref OPACHoldingsDefaultSortField with 3 different
possible values:
- Item type
- Home library
- Holding library
Note that if OpacLocationBranchToDisplay is set not to display home libraries,
unexpected behaviors might happen if OPACHoldingsDefaultSortField is set to
"Home library", same for "Holding library".
Test plan:
- Confirm that the default value for OPACHoldingsDefaultSortField is
'first column' after executing the DB entry and that there is no
change in the behavior (first column is used to sort the holdings
table on the detail page).
- Set OpacLocationBranchToDisplay to both and play with the different
values of OPACHoldingsDefaultSortField
=> Confrm that the default column used to sort the table is correctly
changed
- Set the pref SeparateHoldings on
=> Confirm that both tables (Holdings and other holdings) are sorted using
the OPACHoldingsDefaultSortField value.
Sponsored-by: University of the Arts London
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This new enhancement will allow to add the name of lists containing a
biblio to the search results at the OPAC.
Test plan:
0/ Regenerate the css file to get the style change:
% lessc --clean-css="--s0 --advanced --compatibility=ie7"
koha-tmpl/opac-tmpl/bootstrap/less/opac.less >
koha-tmpl/opac-tmpl/bootstrap/css/opac.css
1/ Create some lists and add items to them
2/ On the search results you should see the name of the lists which
contains the record.
Note that we could add a syspref to make this new behavior optional.
Sponsored-by: University of the Arts London
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Checkout some items to a patron
2 - Note there is no 'Home library' column
3 - Apply patch
4 - Note there IS an 'Home library' column
5 - Use the columns configuration and ensure you can hide/display column at
will
Sponsored by: Coeur d'Alene Public Library (http://www.cdalibrary.org/)
Works as expected (after clearing browser cache).
Commit message amended (as of comment #7)
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Change single quotes to double quotes also add brackets to serial
enumeration.
To test follow previous test plan for intranet.
Fix double semicolon
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
TEST PLAN
1. THE CHECKOUT TAB, INTRANET
1.1. Add a value to the 'h' subfield of an item. ie: 'volume #42'
1.2. Check out the item to a patron
1.3. Display this patron's issues in his checkout page
1.3.1. The enumchron should be concatenated with the title
2. A PATRON'S RELATIVE, INTRANET + OPAC
1.1. Add somebody to a patron's guarantee list
1.2. Checkout a serial to this guarantee
1.3. Visit the guarantor's OPAC and INTRANET checkout page
1.3.1. You should see the enumchron in his guarantee's issues
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
At one time it was possible to store the results of a report into the
saved_reports table.
This allowed the librarians to compare different results, from the Koha
interface.
This patch is a proof of concept and is not very polished (understood:
it cannot be pushed like that).
Test plan:
Execute the runreport.pl cronjob script with the new --store-results
option.
This will serialize into json the results and put it into the
saved_reports table.
On the "Saved report" list, the "Saved results" column is now populated
with a date (note that you can have several date for a given report).
If you click on this link, the data will be displayed in a simple table.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In the staff client, when creating an order from a subscription
the vendor name should be shown in a separate column.
This patch adds that feature. The 'Vendor' column is added before
the 'Library' column since they appear in that order in Advanced
search.
Test plan:
0) [PREREQUISITES] In the Staff client, under Acquisitions, create
a Vendor and associated Basket if you don't already have them.
Then, under Serials, add a new Subscription using the Vendor
you've just created.
1) Go to Acquisitions, and under 'Manage orders' search for a vendor,
then click on 'Add to basket' and select 'From a subscription'.
2) Click 'Search' on the left hand side to search for all subscriptions.
Notice how there is no 'Vendor' column in the results table.
3) Apply the patch.
4) Repeat step 2. Confirm that the patch works, i.e. there is now
a 'Vendor' column which displays the vendor name.
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds a holdingbranch column to waitingreseves.tt and
separates 'Location' into Home branch and callnumber columns
To test:
1 - Have some holds waiting and holds over
2 - View the report before the patch
3 - Note that location contains homebranch and call number
4 - View the report after the patch
5 - Note the new columns
6 - Ensure data is correct and no info has been lost
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed 2 capitalization issues.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
See http://hea.koha-community.org/, the countries are filled is wrong
values.
If we decide to update the free text with a dropdown list, we need to
handle these wrong data.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This will avoid syntax problems with Hea when a user will fill this 2 sysprefs
The default choice for UsageStatsLibraryType and UsageStatsCountry is 'empty'
Test Plan
---------
1. Create a new Koha install
2. Go to the 'Administration' page
3. Go to 'Global system preferences'
4. Go to 'Administration'
5. At the end of this page you should see a dropdown menu for
- UsageStatsCountry with all countries
- UsageStatsLibraryType with all type of library
They both should be empty by default.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Not a complete list but is a start
Lots of new strings to translate :)
No errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
With this patch when <zebra_bib_index_mode> or <zebra_auth_index_mode> are set to 'grs1'
it appears a link to https://wiki.koha-community.org/wiki/Switching_to_dom_indexing
instead of a misleading information.
To test:
a)Insert 'grs1' in <zebra_bib_index_mode> or <zebra_auth_index_mode> (file koha-conf.xml)
b)It appers a misleading warning
c)Apply the patch
d)It appears a link to https://wiki.koha-community.org/wiki/Switching_to_dom_indexing.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The following three templates are using [% guarantorborrowernumber %]
while they should be using [% guarantor.borrowernumber %]:
members/members-toolbar.inc
members/moremember-brief.tt
members/moremember.tt
This doesn't result in any breakage; just a couple of 'Edit' links that
do not pass the guarantorid in the URL, and one case where guarantor
information is not shown in the staff client.
This patch fixes that.
Test plan:
0) [PREREQUISITE] Create a patron with a guarantor if you don't have one.
1) Go to Home > Patrons and search for a patron that has a guarantor. In
the Details page for that patron, the 'Edit' link in the toolbar does
not pass the guarantor's id in the URL (...&guarantorid=&...).
2) In the same page, the 'Edit' link under the patrons name (immediately
under 'Guarantor') again does not include the guarantor id in the URL.
3) Go to Home > Patrons and click on 'New patron'. Pick any category from
the drop down menu. Enter the Surname, First name, and Date of birth
of the patron you used in step 1). This triggers the 'Duplicate patron
record?' warning -- click on 'View existing record' and notice how the
guarantor information is missing.
4) Apply the patch.
5) Repeat steps 1), 2), and 3) above. The URLs are fixed and patron info
is showing.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In the Staff client, under Circulation -> Circulation reports,
the date shown in the heading of the 'Holds awaiting pickup'
report is not formatted according to the 'dateformat' system
preference.
This (trivial) patch fixes that.
Test plan:
1) In the Staff client, go to Circulation and under 'Circulation
reports' click on 'Holds awaiting pickup'
(cgi-bin/koha/circ/waitingreserves.pl).
2) Observe that the date shown in the heading is always formatted as
yyyy-mm-dd regardless of the value of the 'dateformat' syspref.
3) Apply the patch.
4) Re-visit the 'Holds awaiting pickup' report. Confirm that the patch
worked, i.e. the date shown in the heading is formatted according
to the 'dateformat' system preference.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Because seasons strings are not available through DateTime module,
names of them where added in code, and templates. Bug 16289 adds new
abbreviated form to the code, but not to the templates. This patch
should fix the problem.
To test:
1. Apply patch.
2. Run "misc/translator/translate update" for you language.
3. Check if names are in po/ file for language.
4. Check if generating next issue for serial and prediction patterns
works correct.
NOTE: or "create {language code}" instead of update.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds newlines to opac-ics.tt that are preserved by the translating process.
To test:
- Apply patch
- Create a translation (perl translate xy-XY)
- With a text editor or poedit, translate misc/translator/po/xy-XY-opac-bootstrap.po
(it is enough to translate "%s %s %s %s is overdue %sYour copy of........")
- Install language xx-XY and select it for OPAC (perl translate install xy-XY)
- Make sure you have at least a couple of loans, including one overdue
- Go to /cgi-bin/koha/opac-user.pl and click on the link labeled "Download as
iCal/.ics file"
- Inspect the file in a text editor and/or view the result in a calendar
appplication. Make sure the data makes sense. Compare it to the english version.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When the itemBarcodeFallbackSearch syspref is on, the wording in the
interface should reflect that you can enter a barcode OR a keyword.
Additionally, in the results of a keyword search the "Fast cataloging"
link should be more descriptive. This patch fixes these issues.
Test plan:
0) [PREREQUISITES] Ensure you have a Fast Add ('FA') framework defined,
and that your itemBarcodeFallbackSearch syspref is set to 'Enable'.
1) Go to Circulation -> Check out, search for a patron, then select a
patron to Check out. Notice how the text above the textbox reads
"Enter item barcode:".
2) Type something generic (not a barcode) in the textbox so that you'll
get at least one item as a result. Notice how the text in the yellow
warning box reads "The barcode was not found: <terms> Fast cataloging".
3) Apply the patch.
4) Repeat step 1), now the text above the textbox should read
"Enter item barcode or keyword:".
5) Repeat step 2), now the text in the yellow warning box should read
"The barcode was not found: <terms> Add record using fast cataloging".
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If a report is duplicated from the report list, the new report will
contain the tag (<<YEAR>> for instance), but from the reports results
page it copies the values used for the results.
Test plan:
Create a new sql report with tags
Duplicate it from the report list: no expected changes
Run it and duplicate it: the tags must not have been replaced
Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Ran and duplicated a report, the tags remained intact.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Since bug 16157, the location value is always "All" and the serial
search won't return anything.
Test plan:
Search for some serials.
Without this patch, it won't return any results
With this patch applied, the result search should be consistent
Reproduced with serial's "Advanced search" and search filter in
left hand column. Fixed by this patch.
Signed-off-by: Marc <veron@veron.ch>
Advanced search works fine again.
Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 14655 added a warning to the about page ("System information" tab)
if the AnonymousPatron feature is not correctly configured.
But actually there is one case when it's not displayed.
Test plan:
Set AnonymousPatron to a non existing patron
Set at least 1 borrowers.privacy == 2
go on the about page.
Without this patch you do not get the warning
With this patch you will see "Some patrons have requested a privacy on
returning item but the AnonymousPatron pref is not set correctly. Set it
to a valid borrower number if you want that this feature works
correctly."
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
Verify that different values in 'CardnumberLength' system preference
display correctly in the self reigstration form
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
Enable self registration
Make sure cardnumber is not in
'PatronSelfRegistrationBorrowerUnwantedField'
Enter an invalid or used cardnumber
Submit form
Note errors appears correctly but cardnumber is not editable
Apply Patch
Enter an invalid or used cardnumber
Submit form
Note errors appears correctly and cardnumber is editable
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Same as previous patch but for the staff interface
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
At the OPAC, if a user manipulate the URL to show a list (s)he is not
allowed to view, the list's name will be displayed anyway.
Test plan:
- Create a private list with user A
- Copy the op=view URL and access it with user B logged in
=> Without this patch, you will see the rss icon, the list's name and
the "add list" button
=> Without this patch, only the "unauthorized" box will be displayed
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
On bug 17210, the selector .addtoshelf should not have caught the
.addtoshelf nodes from the result list.
To fix this, we just need to make the selector more specific (and cannot
reuse it without more changes, the biblionumber variable is not the same
- vs SEARCH_RESULT.biblionumber).
Test plan:
Make sure the 2 links (from detail and search result) "Save to lists"
and "Save to your lists" work as expected.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
catalogue a bibliographic record with a isbn=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
catalogue a bibliographic record with a author=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Test plan:
catalogue a bibliographic record with a title=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
This of course means that any html in the title will no longer be
evaluated. :
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch modifies the acquisitions uncertain prices template to remove
event attributes onclick and onchange.
Also changed on the uncertain prices page: Added a label to the orders
filter, removed redundant form submit function.
- Locate a vendor which has orders with uncertain prices
- Click the 'Uncertain prices' tab in the left-hand sidebar
- Enter invalid data in the "price" field for any order. Confirm that an
error is triggered when the field loses focus.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
QA Revision: Corrected input type of submit button.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes the use of 'onclick' from the acquisitions transfer
order process. The patch also modifies the style of some links and
buttons to conform with current guidelines.
- Locate an open basket with items in it
- Click the 'Transfer' link for a title in the basket
- In the pop-up window:
- Confirm that the 'Cancel' button at the bottom of the window is a
Bootstrap-style button.
- Search for a vendor; Confirm that the 'Choose' link is a
Bootstrap-style button.
- Choose a vendor; Confirm that the 'Choose' link on the following
page is a Bootstrap-style button.
- Confirm that clicking the 'Choose' button transfers the item to the
correct basket.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch modifies the funds administration page and other files
related to the process of searching for and selecting fund owners and
users in order to remove the use of event attributes like 'onclick.'
Also changed in this patch: I have revised the way the "select owner"
and "select user" controls look. They are now links with Font Awesome
icons.
- Go to Administration -> Funds and open a fund for editing.
- Test the process of adding and updating an owner:
- Click the 'Select owner' link.
- Search for and select an owner in the pop-up window.
- Save the fund and verify that the owner was saved correctly.
- Perform the same test with the 'Remove owner' link.
- Use the same process to test the addition and removal of users.
- Confirm that the 'Remove' link works correctly before and after
submitting the form to save changes to the fund.
This patch changes a file which is used by both the funds template and
the template used when setting a guarantor on a patron. To test the
changes in that context:
- Open a 'child' type patron record.
- Under 'Guarantor information,' test the process of setting and
removing a guarantor to confirm that data is saved correctly.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This is a followup to rescue the bug.
To test: Follow test plan from comment #1
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Some librarians find it useful to know what category a patron is before
confirming a reserve or transfer from the checkin screen.
This patch adds the patron category to the hold and transfer popups
to the patron information already displayed. The li tags that contain
the patron category have the class "patron-category" to allow this data
to be easily hidden.
Test Plan:
1) Apply this patch
2) Trap a hold for a patron, note the patron category is now displayed
3) Trap a hold for pickup at another loation, note the patron category
is now displayed
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes a minor change to the markup to make the button in the
confirmation dialog conform to the appearance of similar buttons.
To test, follow the original test plan for this bug and verify that the
"OK" button in the dialog looks correct.
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In previous versions of Koha, if a hold canceled from the "Holds over" tab had other holds on it,
the librarian would be alerted with the message "This item is on hold for pick-up at your library"
and directed to check it in to fill the next hold. This no longer happens.
Test Plan:
1) Apply this patch
2) Find a hold that has been waiting too long
3) Cancel that hold via waitingreserves.pl
4) Note you get the message "This item is on hold for pick-up at your library"
5) Confirm the ok button redirects you to the correct tab
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
If an attacker can get an authenticated Koha user to visit their page
with the
url below, they can change or delete patrons' images
/tools/picture-upload.pl?op=Delete&borrowernumber=42
Test plan:
1/ Hit /tools/picture-upload.pl?op=Delete&borrowernumber=42
And confirm that you get a "Wrong CSRF token" error
2/ Go on the patron detail page with a patron's image
3/ Click on the Delete link (note the csrf_token param)
4/ The image will be deleted and you are redirected to the patron detail
page.
Regression tests:
Upload an image from the patron detail page and from the "upload patron
images" tool.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To reproduce:
1/ cp your_image.jpg 'test<svg onload=alert(1)>.jpg'
2/ Use the upload picture tool to upload this file
=> Without this patch, the alert is show
=> With this patch, the filename is correctly displayed and no alert
Note that the cardnumber var was not escaped neither, it's now.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
