Tests added to cover different use cases and combinations of circulation rules values for authenticated and unauthenticated users
At the moment, 2 tests are failing, documented on the [DO NOT PUSH] commit.
These 2 failing tests fail for the search results page but pass on the detail page counterpart. Ideally they should match, for consistency sake.
But this may be the use case "details page should be more correct, results page is always an approximation" mentioned by Nick.
More test combinations may be added in the future.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3758a8c05e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1af004161d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Same chanegs as before, but for MARC and ISBD details pages
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d134dbf4f1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 800b012deb)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This patch tries to simplify some of the logic here to match that on the search results. When we don't have a patron, we fallback to determining if an item can be held buy determining whether there are any items that don't have holds disallowed at the all libraries level. We also remove items with non-holdable statuses like withdrawn etc (and check some system preferences)
If we don't have a patron, then we are done, however, if we do, then we need to check each item against the policies related to that patron.
This patch also removes two checks at the end:
CountItemsIssued($biblionumber)
$biblio->has_items_waiting_or_intransit
These seem to be from bug 4319 - however, those rules are checked by IsAvailableForItemLevelRequest and are only relevant when we have a patron. These checks essentially assumed 'onshelfholds' policy of 'If any unavailable' For consistency sake I think we should follow the same logic as the results page.
To test:
1 - Find a record with two items, of different types, set a 'Default checkout, hold and return policy' of 'No holds allowed'
2 - Search opac, not logged in, and verify neither the results page or details page shows the place hold button
3 - Delete that rule, make both items withdrawn
4 - Search opac, not logged in, and verify neither the results page or details page shows the place hold button
5 - Mark one item as not withdrawn
6 - Search opac, not logged in, and verify both the results page or details page shows the place hold button
7 - Log in to opac
8 - Search opac, logged in, and verify both the results page or details page shows the place hold button
9 - Place an 'On shelf holds policy' rule for that patron category of 'If any unavailable'
10 - Search opac, logged in, and verify the results and details page shows the place hold button
11 - Set the other item to not withdrawn
12 - Search opac, logged in, and verify the results page shows the place hold button, but details does not
13 - Try various other scenarios - details page should be more correct, results page is always an approximation
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0d4f520761)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6c1d615394)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This patch fixes a hash reference in the template to allow the location field to display properly
Test plan:
1) In system preferences, click Search and then select the Acquisitions option from the left hand menu
2) Paste the following into MarcFieldsToOrder
price: 975$p
quantity: 975$q
budget_code: 975$h
3) Paste the following into MarcItemFieldsToOrder
homebranch: 949$a
holdingbranch: 949$b
itype: 949$y
nonpublic_note: 949$x
public_note: 949$z
loc: 949$c
ccode: 949$8
notforloan: 949$7
uri: 949$u
copyno: 949$t
price: 949$g
replacementprice: 949$v
itemcallnumber: 949$o
quantity: 949$k
budget_code: 949$l
Now save the sysprefs
4) Navigate to acquisitions and go into a basket
5) Click Add to basket and select “From a new file”
6) Download the file attached to this bug
7) Import the file and when the job is complete click “Add staged files to basket”
8) Click the checkbox next to the record to display the items
9) Inspect the value for the "loc" field - the value of "AV" from the file has not been selected
10) Apply patch and refresh the page
11) On inspection the value should now be properly selected
Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit c1cd6a980a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ea15bde9b2)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This patch updates the "Order staged MARC records" page so that the
class which is added upon selection is more unique to avoid a collision
with some default DataTables styles. These classes are used in
JavaScript selectors, not for visual style.
The patch also adds some custom CSS variables to global.scss to override
the defaults for the DataTables "selected" style, in case this issue
crops up again.
To test, apply the patch and rebuild the staff interface CSS. Follow the
test plan from the bug report:
1) In system preferences, click Search and then select the Acquisitions
option from the left hand menu
2) Paste the following into MarcFieldsToOrder
price: 975$p
quantity: 975$q
budget_code: 975$h
3) Paste the following into MarcItemFieldsToOrder
homebranch: 949$a
holdingbranch: 949$b
itype: 949$y
nonpublic_note: 949$x
public_note: 949$z
loc: 949$c
ccode: 949$8
notforloan: 949$7
uri: 949$u
copyno: 949$t
price: 949$g
replacementprice: 949$v
itemcallnumber: 949$o
quantity: 949$k
budget_code: 949$l
4) Save the sysprefs
5) Navigate to acquisitions and go into a basket
6) Click "Add to basket" and select "From a new file"
7) Download the file attached to this bug
8) Import the file and when the job is complete click "Add staged files
to basket"
9) Click the checkbox next to the record to display the items.
- The expanded form should look correct.
10) Add one or more items to the order and confirm that submitting the
form works correctly.
To test the new default "selected" DataTables style, view a page with a
DataTable, e.g. Administration -> Libraries.
- Right-click on one of the table rows and choose "Inspect"
- Click the table row element, e.g. '<tr class="odd">'
- Double-click the class name and replace it with "selected."
- The row you inspected should now have a pale green background and text
colors should remain the same.
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 27a651388d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d56f9f2017)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
When changing the fetch of holds, the check for non-priority was lost - added a loop to pull those out
so the totals and checks are correct
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Tidied (tcohen)
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit b7ad3364cb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4f4add4c03)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Before this patch we get all holds on a record and see if we can fill them with available items.
This means we check to fill holds that the item in questoion may not be able to fill, especially
in the case where no holds are allowed on the item type, this is wrong
To test:
1 - Find or create a biblio with two items of different item types
2 - Make sure one item type allows holds, and the other has:
"Default holds policy by item type"
Set to "No holds allowed"
3 - Set system preference "AllowRenewalIfOtherItemsAvailable" to "Don't allow"
4 - Check out the unholdable item to a patron
5 - Set a hold for a different patron on the next available item
6 - Confirm the checked out item can be renewed (don't renew, just view the checkouts page)
7 - Checkout the other item to a third patron
8 - Confirm the first item can still be renewed
9 - Set system preference "AllowRenewalIfOtherItemsAvailable" to "Allow"
10 - Confirm the item cannot be renewed now
11 - Apply patch, restart all
12 - Confirm the item can be renewed
13 - Set the item type to a type that allows holds
14 - Confirm the item can no longer be renewed
15 - Restore the item type
16 - Set system preference "AllowRenewalIfOtherItemsAvailable" to "Don't allow"
17 - Confirm the item can be renewed
18 - Check in the item from the third patron
19 - Confirm the item can still be renewed
20 - prove -v t/db_dependent/Circulation.t - test still pass
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9cc622be1f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ee235cd8d4)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Test plan:
Read the patch.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit c6fa96eeca)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1e3d845b51)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5f7a9db936)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f805c221cf)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This patch adds tests for the different cases of `BranchTransferLimitsType`.
It also adds tests for the situation of the consumer sending both limit
criterias on the request.
The controller gets adjusted for this new behavior and the spec gets
documentation added about this.
Bonus: tests are added the right guidelines code, and
BranchTransferLimitsType gets mocked to avoid failures due to existing
data.
To test:
1. Apply this patches
2. Run:
$ ktd --shell
k$ qa
=> SUCCESS: All green, and tests pass!
3. Sign off :-D
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fixed a typo in one of the return messages
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e846641edd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f39baa0b98)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9760f066dd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit bdeabccf3d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 506087bc15)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d45ed60db4)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
rollback ineffective with AutoCommit enabled at /usr/share/perl5/DBIx/Class/Storage/DBI.pm line 1651.
I have not investigated more than that. Reaching this was already the
end of a long road... (see comment 0)
Test plan:
0. Do not apply this patch
1. select count(*) from branches
Note the value
2. Run
prove t/db_dependent/FrameworkPlugin.t
=> There is a warning
3. Repeat 1.
=> There are too many libraries!
4. Apply the patch, retry 1, 2, 3
=> No warning, no library added by the tests
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1d2165f841)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 789648aa4c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
When there are a lot of budgets with the same owner, most of the time of
acqui-home.pl is spent loading the same patron over and over.
This patch makes sure each borrower is loaded only once.
Test plan:
0. Do not apply the patch yet
1. Create a thousand budgets with the following command (make sure the
budget_owner_id is an existing borrowernumber):
perl -MKoha::Database -e '
my $schema = Koha::Database->schema;
my $period = $schema->resultset("Aqbudgetperiod")->create({
budget_period_startdate => "2000-01-01",
budget_period_enddate => "2999-12-31"
});
$schema->resultset("Aqbudget")->create({
budget_owner_id => 1,
budget_period_id => $period->id
}) for (1..1000)
'
2. Measure the time it takes to load acqui/acqui-home.pl (do it several
times and keep the average time)
3. Apply the patch
4. Repeat step 2
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 24b33936a5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b37e510eb8)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5cca1bdcd67a1a8fc8b0bb2aa6c666cccdb49fbb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 57b1c90e19)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 31943a5781aaaa9803ca87247eb7a663fb999fc5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0534259c2c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
The userenv (logged in user's info) are stored in
$C4::Context->context->{activeuser}, which persists in plack worker's
memory.
It's really bad in theory as we are not cleaning it before or after the
HTTP request, but only when set_userenv is called (what we are doing
commonly in C4::Auth::get_template_and_user).
If C4::Context->userenv is called before set_userenv we should get undef,
not the userenv from the previous request!
In practice this should not be a problem, but well... who really knows?
This patch suggests to have a middleware to deal with removing the
userenv at the beginning of each request (maybe it should be after, right? - FIXME).
To test:
1 - Edit /etc/koha/sites/kohadev/koha-conf.xml to set <plack_workers>1</plack_workers>
2 - Edit about.pl and add a line after: CGI->new:
warn Data::Dumper::Dumper( C4::Cointext->userenv() );
3 - tail -f /var/log/koha/kohadev/*.log
4 - View about.pl in staff interface, should get a "somethign's wrong" warning
5 - Reload, you get current user info
6 - Open an incognito tab, sign in as a different user and click some stuff
7 - Reload about.pl in other window
8 - You get the opac user info
9 - Apply patch
10 - Edit /etc/koha/sites/kohadev/plack.psgi and add the middleware after "RealIP":
enable "+Koha::Middleware::UserEnv";
11 - Restart all
12 - Reload about.pl - you get a "Something's wrong" warning
13 - Click things in opac on incognito window
14 - Reload about.pl - only "Something's wrong" - you no longer see any user info
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 576e7e09fdca703f76c0d10ae55eebf12ee1fdf4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 3dd1cdd74f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
WNC amended patch: tidied
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 3cb586b72165bcbd029948f46407359be9d5e9a8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 55931114b6)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
To prevent XSS
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 83db8696ca7a83aba224a0ab645f03447a96887b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 383984a016)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Also tidy
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 42d388c80fcdd98c2594ad7b111b8e40c991388a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e413db6083)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 7a626d8d870039330889d6e48c3ae5ba848d85e9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit fb1c48da9a)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit b315c0f2630ccd738fc811e13d1e95b11d3c8df1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 11ea420b54)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit ca64e4f6f30b172d86184c61134f5f29713863d2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit de4053a0f3)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Really bad design, NEVER retrieve the logged in user from the CGI
param!
See comment 1 for more info
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Cook <dcook@prosentient.com.au>
(cherry picked from commit a40e1fd62c7320ad5f7b8514ba2bd129aad2d10f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1df8ee1994)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
These files needed the addition of 'use C4::Auth qw( check_cookie_auth
);'.
To test, apply the patch and restart services.
- If necessary, enable the LocalCoverImages system preference.
- Open the browser console and then the "Network" tab. You can click
"Images" to filter for the correct kind of request.
- Perform a catalog search. After the search has loaded, check that
there are no 500 errors in the Network tab.
- Go to Cataloging -> Label creator.
- If necessary, create a label batch and add some items.
- Export your batch and test both the "Download as CSV" and "Download as
XML" links. Both should trigger the correct download.
- Go to Serials -> Claims, and select a vendor with late issues.
- Select all late issues and click "Download selected claims" at the
bottom of the page.
- Your CSV file should download correctly.
The file acqui/check_uniqueness.pl has been corrected as well but I'm
not sure how to test it!
Signed-off-by: danyonsewell <danyonsewell@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 747f513231)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 01b22fb71d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Running cataloguing pluings (in cataloguing/value_builder) now requires
authentification.
This patch adds in failing unit tests a mock of C4::Auth::check_cookie_auth
Test with:
prove t/db_dependent/FrameworkPlugin.t t/db_dependent/Koha/UI/Form/Builder/Biblio.t t/db_dependent/Koha/UI/Form/Builder/Item.t t/db_dependent/Serials.t
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This can certainly be improved to adjust the permissions, but at least
they are no longer opened to the world..
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Installer scripts cannot be run from the UI:
debian/templates/apache-shared-intranet.conf:RewriteRule ^/cgi-bin/koha/(C4|debian|etc|installer/data|install_misc|Koha|misc|selenium|t|test|tmp|xt)/|\.PL$ /notfound [PT]
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
It is not used, if we need it back it must be moved to misc.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
http://localhost:8081/cgi-bin/koha/docs/CAS/CASProxy/examples/proxy_cas.pl
Test plan:
Hit the link
=> Erk
Copy the apache config to /etc/koha/apache-shared-intranet-git.conf
restart_all
Hit the link
=> 404
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This "plugin system" is only used for the itemtypes report. We can
simply remove the reports/manager.pl script and this plugin in favor of
a dedicated report.
Test plan:
Same behaviour expected before and after this patch
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fixed some typos in bug numbers and text.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
To avoid injection of template toolkit code
from database fields that are controlled by
untrusted sources.
Test plan:
* review subtest 'Template toolkit syntax in
parameters' in t/db_dependent/Letters.t
* Run the unit test:
prove t/db_dependent/Letters.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Test plan:
1. Log out
2. Go to /cgi-bin/koha/mainpage.pl#somestring"with<html>char
3. Open the brower's inspector and find "auth_forwarded_hash" input
4. Make sure the value attribute is there and corresponds to the URL's
fragment. It should be URI-encoded.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
