Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
This fixes breaking install on missing subdir.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Fixes the following things:
1. Sanitizes log output to prevent an attacker from using a specially
crafted POST to add extra lines to the log
2. Simplify a regular expression since "..file" cannot be used to
escape the current directory
3. Makes sure directories are consistent
4. Correct logic issues in misc/cronjobs/backup.sh
Thanks to Frere Sebastien Marie for catching these issues.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch builds on work by Lars Wirzenius for the Koha packages.
To date, the only way for a Koha librarian to obtain a complete backup
of their system has been to log into the system via SSH (or FTP) to
download the mysqldump file. This patch makes it possible for
superlibrarians in properly configured systems to download night backups
via the staff client's Export tool.
Recognizing that this is functionality with potentially very grave
security implications, system administrators must manually enable these
features in the koha-conf.xml configuration file.
The following configuration settings have been added to the koha-conf.xml
file:
* backupdir => directory where backups should be stored.
* backup_db_via_tools => whether to allow superlibrarians to download
database backups via the Export tool. The default is disabled, and
there is no way -- by design -- to enable this option without manually
editing koha-conf.xml.
* backup_conf_via_tools => whether to allow superlibrarians to download
configuration backups via the Export tool (this may be applicable to
packages only). The default is disabled, and there is no way -- by
design -- to enable this option without manually editing koha-conf.xml.
This commit modifies the following scripts to make use of the new
backupdir configuration option:
* koha-dump and koha-run-backups in the Debian packages
* The sample backup script misc/cronjobs/backup.sh
Note that for security reasons, superlibrarians will not be allowed
to download files that are not owned by the web server's effective user.
This imposes a de facto dependency on ITK (for Apache) or running the
web server as the Koha user (as is done with Plack).
To test:
1. Apply patch.
2. Go to export page as a superlibrarian. Notice that no additional
export options appear because they have not been enabled.
3. Add <backupdir>$KOHADEV/var/spool</backup> to the <config> section
of your koha-conf.xml (note that you will need to adjust that so that
it is pointing at a logical directory).
4. Create the aforementioned directory.
5. Go to export page as a superlibrarian. Notice that no additional
export options appear because they have not been enabled.
6. Add <backup_db_via_tools>1</backup_db_via_tools> to the <config>
section of your koha-conf.xml
7. Go to the export page as a superlibrarian. Notice the new tab.
8. Go to the export page as a non-superlibrarian. Notice there is no
new tab.
9. Run: mysqldump -u koha -p koha | gzip > $BACKUPDIR/backup.sql.gz
(substituting appropriate user, password, and database name)
10. Go to the export page as a superlibrarian, and look at the "Export
database" tab. If you are running the web server as your Koha user,
and ran the above command as your Koha user, you should now see the
file listed as an option for download.
11. If you *did* see the file listed, change the ownership to something
else: sudo chown root:root $BACKUPDIR/backup.sql.gz
11a. Confirm that you no longer see the file listed when you look at the
"Export database" tab.
12. Change the ownership on the file to your web server (or Koha) user:
sudo chown www-data:www-data backup.sql.gz
13. Go to the export page as a superlibrarian, and look at the "Export
database" tab. You should now see backup.sql.gz listed.
14. Choose to download backup.sql.gz
15. Confirm that the downloaded file is what you were expecting.
If you are interested, you can repeat the above steps but replace
<backup_db_via_tools> with <backup_conf_via_tools>, and instead of
creating an sql file, create a tar file.
To test packaging: run koha-dump, confirm that it still creates a
usable backup.
------
This signoff contains two changes:
10-1. If no backup/conf files were present, then the message telling you
so doesn't appear and the download button does. Made them behave
correctly.
10-2. The test for a file existing required it to be owned by the
webserver UID. This change makes it so it only has to be readable.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Fixes the Save button functionality when YUI is set to be pulled
from Yahoo!'s servers, and adds a copyright statement to the
MARC21slim2MADS.xsl file.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Works now for both yuipaths.
Adds the ability to save individual authority records in MADS, MARCXML, or
binary MARC format to the staff client.
To test:
1. Apply patch
2. View authority record in staff client
3. Try saving record as MADS, MARCXML, and MARC, and confirm that the
resulting files are what you expect
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely, tested different export options on different records.
This allows modules that aren't in the main debian repos to be handled
by the list-deps script when building a control file.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
For the CHECKIN and CHECKOUT notices, any data that is issue specific
does not show. For example, date due.
For CHECKOUT, this is caused not passing in the issues table as part
of the 'table' hash used by C4::Letters::GetPreparedLetter.
For CHECKIN notices, we need the old_issues table instead, as the item
has already been returned.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
passes tests, correct information shows in notices.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Adds the primary key reserve_id to reserves and old_reserves.
Thanks to gmcharlt and jcamins for contributions.
Signed-off-by: MJ Ray <mjr@phonecoop.coop>
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
Updated DBrev to start with 3.09... instead of 3.08...
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Adds the ability to pass a hash to C4::Reports::Guided::get_saved_report
which specifies a name or id to select the report.
Test plan:
1. Create a report (or choose an existing one), and mark it public
2. Run the report using the web service: [IntranetBaseURL]/cgi-bin/koha/svc/report?id=whatever
3. Confirm you get the expected results
4. Run the report by name using the web service: [IntranetBaseURL]/cgi-bin/koha/svc/report?name=[Report name] (keep spaces in the name)
5. Confirm you get the same results
6. Run the report using the public web service: [OPACBaseURL]/cgi-bin/koha/svc/report?id=whatever
7. Confirm you get the same results
8. Run the report by name using the public web service: [OPACBaseURL]/cgi-bin/koha/svc/report?name=[Report name] (keep spaces in the name)
9. Confirm you get the same results
10. Sign off
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
- Adding, editing and deleting reports works
- id parameter works
- new name parameter works
- public and non-public works
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
To minimize support questions regarding common mistakes, the About
page should have an additional tab that displays warnings if depractated
and/or mutual excluding system preferences are used.
To test patch use values as displayed on screenshot attached.
New: Shows error message in Tab Server Information if Zebra server is not started
(...and changes added...)
Suggestions for other values to add are welcome.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch adds t/db_dependent/00-strict.pl which tests that all Perl
scripts compile. I chose to use Test::Strict so that in the future we
can also have the test check that "use strict" and "use warnings" are
enabled.
To test:
1. Run t/db_dependent/00-strict.pl.
2. Run around waving your arms in the air that we have a couple of
scripts that don't compile.
3. Actually, that's about it. You could test my patch for bug 8384 next.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Moved test to t/db_dependent
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Fix syntax errors preventing the scripts misc/translator/text-extract2.pl
and misc/cronjobs/thirdparty/TalkingTech_itiva_inbound.pl from compiling.
Remove misc/migration_tools/build6xx.pl entirely since it refers to
columns that no longer exist in the Koha database, and has seemingly
had broken encoding since Koha switched from CVS to git (or before!).
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
SIPServer.pm requires that C4/SIP is added to its lib
path This has been done by passing this directory
to it via -I. By using FindBin it can set the path
for itself correctly. This will also work if the C4/SIP
directory tree is moved to a non-standard location
Removed the now redundant -I. from sip_run.sh
Added a variable to sip_run.sh for the koha tree to
highlight a problem with the script if you have multiple
directories in the PERL5LIB environment variable
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Small script that checks if each bibliorecord in the DB is properly indexed
use -h to learn more
(MT #6389)
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Marc Veron <veron@veron.ch>
Works as expected.
Caveat: If you edit the list in Opac, change the sort and then klick 'Save',
the List always is displayed in title order. This is du to the fact that
save calls opac-shelves.pl?viewshelf=4 without the sort parameter (defaults
to 'title').
If you go back to lists, choose the list from List name, the param is
correct and the list displays in expected order.
It took quite a time to track that down, I first thought that opac-shelves.pl
was broken.
However, current bug 8323 is not affected, signing off.
Marc
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Be liberal in what we accept, but strict in what we send:
Never exit the server process, but send a SC_RESEND message (96)
to the client if we received anything we don't understand.
This is consistent with SIP server implementations of other ILSs.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Complete rewrite of rebuild_zebra_sliced.zsh (renamed to .sh). Main
improvements are:
- both biblio and authority records are handled
- records are exported only once
It also add an option --skip-index to rebuild_zebra.pl that permit to
use rebuild_zebra.pl as an 'export only' script.
Description:
Index Koha records by chunks. It is useful when some record causes
errors and stop the indexation process. With this script, if indexation
of one chunk fails, chunk is splitted in 2 (or 3) chunks, and
indexation continue on these chunks.
rebuild_zebra.pl is called only once to export records.
Splitting and indexing is handled by this script (using yaz-marcdump and
zebraidx).
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
modified: Koha.t
$ prove -v ./Koha.t
1..5
ok 1 - use C4::Koha;
ok 2 - use C4::Members;
1..6
ok 1 - Insert data in database
ok 2 - GetAuthorisedValueByCode
ok 3 - GetKohaImageurlFromAuthorisedValues
ok 4 - lost and paid works
ok 5 - Child area works
ok 6 - Withdrawn works
ok 3 - Authorized Values Tests
1..4
ok 1 - C4::Koha->can('GetDailyQuote')
ok 2 - Got a quote based on id.
ok 3 - Got a random quote.
ok 4 - Got a quote based on today's date.
ok 4 - Daily Quotes Test
1..7
ok 1 - slashifyDate
ok 2 - xml_escape() returns empty string on undef input
ok 3 - xml_escape() works as expected
ok 4 - ... and does not change input in place
ok 5 - _isbn_cleanup removes hyphens
ok 6 - _isbn_cleanup removes parenthetical
ok 7 - _isbn_cleanup converts ISBN-13 to ISBN-10
ok 5 - Date and ISBN tests
ok
All tests successful.
Files=1, Tests=5, 1 wallclock secs ( 0.02 usr 0.01 sys + 0.48 cusr 0.06 csys = 0.57 CPU)
Result: PASS
http://bugs.koha-community.org/show_bug.cgi?id=5327
http://bugs.koha-community.org/show_bug.cgi?id=5327
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Test passes.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Most units require or tolerate CRLF as the terminator
Using only \r causes many including 3M units to signal errors
due to delay this resets CRLF to be default but adds a single
constant variable and explanation so that if you have a
"strictly conforming" unit (the 'Baby' is the only I have encountered
you know where to make the change
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>