Test plan:
- Set 1+ patron's attribute(s) mandatory
- Use the self-registration feature and confirm that you cannot selfreg
if the attribute has no value (or empty string)
- Same with the modification form (logged in)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the "opac_option" parameter from opac-basket.pl. It
was included in Bug 25402 because the bug was dependent on 5087.
To test, apply the patch and add some items to the Cart in the OPAC.
Click the Cart button to show the cart. The pop-up window should load
correctly without errors.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a .perlcriticrc (copied from qa-test-tools) and fixes
almost all perlcrictic violations according to this .perlcriticrc
The remaining violations are silenced out by appending a '## no critic'
to the offending lines. They can still be seen by using the --force
option of perlcritic
This patch also modify t/00-testcritic.t to check all Perl files using
the new .perlcriticrc.
I'm not sure if this test script is still useful as it is now equivalent
to `perlcritic --quiet .` and it looks like it is much slower
(approximatively 5 times slower on my machine)
Test plan:
1. Run `perlcritic --quiet .` from the root directory. It should output
nothing
2. Run `perlcritic --quiet --force .`. It should output 7 errors (6
StringyEval, 1 BarewordFileHandles)
3. Run `TEST_QA=1 prove t/00-testcritic.t`
4. Read the patch. Check that all changes make sense and do not
introduce undesired behaviour
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Patron should be allowed to modify this setting without asking a staff
member.
The setting is not configurable and cannot be hidden via a syspref.
Test plan:
- Turn the pref TranslateNotices on
- Install some languages
- Edit your messaging settings at the OPAC
=> Notice the "Preferred language for notices" dropdown list
- Select one
=> Confirm that the value is saved in DB
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the process of downloading a cart so that it doesn't
involve a separate popup window.
To test, apply the patch and add some titles to the cart in the OPAC.
- Open the cart
- The "Download" button should now be a dropdown menu.
- Selecting any of the download options should trigger a download
prompt.
- Test with and without some CSV profiles which have been configured
for use in the OPAC
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If PatronSelfModificationBorrowerUnwantedField contains dateofbirth, all
patron self modification requests will attempt to set dateofbirth to
null instead of ignoring the field.
Test Plan:
1) Add dateofbirth to PatronSelfModificationBorrowerUnwantedField
2) Run a patron self modification
3) Note the request sets dateofbirth to null on the staff side
4) Apply this patch
5) Restart all the things!
6) Run another self-modification
7) Note of the staff side that dateofbirth is unaffected
Signed-off-by: Emmi Takkinen <emmi.takkinen@outlook.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If the pref TagsEnabled is off we should not display the tags at the
OPAC.
There is a message to tell that tags system is disabled, but the tags
are displayed.
We should redirect to 404 like we do in opac-topissues.pl and
opac-suggestions.pl.
Test plan:
- Turn TagsEnabled on
- Add some tags
- Turn TagsEnabled off
- Hit /cgi-bin/koha/opac-tags.pl
=> Without this patch you see a warning messaging saying that the tag
system is disabled, but the tags are displayed
=> With this patch you get a 404 redirect
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There is no need for all the conditions.
From Encode::encode POD:
"If the $string is undef, then undef is returned."
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The cart was outputing ISO2709 MARC records with Latin-1
encoding. Records containing non-latin1 characters were
automatically re-encoded as UTF-8 by browsers, which led to
inconsistent character encodings for downloaded MARC files.
This patch explicitly encodes ISO2709 MARC characters from
the cart download as UTF-8 encoded bytes, which resolves the problem.
Test Plan:
0) Don't apply patch
1) Create bib record with only ASCII characters
2) Add a ü character to the title
3) Save bib record
4) Download bib record from cart (opac and staff client)
5) Using xxd or some other program, note that the ü is
represented by a FC byte (latin-1 encoded)
6) Apply the patch
7) Download bib record from cart (opac and staff client)
8) Using xxd or some other program, note that the ü is
represented by C3 BC bytes (utf-8 encoded)
9) Success
(Note that you could potentially use Notepad++ or some other
program to open the downloaded file and just note the encoding
that it finds. You could also try "chardetect" instead. Lots
of options for figuring out the encoding.)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes use of the 'variables' parameter in XSLTParse4Display
method in the different places that it is used in the OPAC. It does by
passing this parameter with
anonymous_session => 1|0
The value will depend on the output from get_template_and_user (i.e. if
there's a returned borrowernumber).
A special case takes place in search results, as the call to
XSLTParse4Display happens in C4::Search::searchResults. So a new
parameter 'xslt_variables' is added to it.
To test:
1. Apply the [DO NOT PUSH] patch
2. Open the OPAC in your browser
3. Try detail pages, search results, tags and lists/shelves pages with
or without an active session
=> FAIL: It always says (somewhere) 'Anonymous session: Yes'
4. Apply this patch, restart_all
5. Repeat 3
=> SUCCESS: It will tell the Yes/No correctly regarding anonymous
sessions!
6. Sign off :-D
Sponsored-by: Universidad ORT Uruguay
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
1- View a record with Materials specified (field 3) data in the opac
2- Apply patch
3- Log in to staff client
4- Home->Administration->Column Settings->OPAC->holdingst
5- Set item_materials visibility
6- Refresh OPAC page
7- Confirm that the materials specified column has been added after the
Call number column.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds a script and a template for showing library information
pages in the OPAC. A "libraries" page lists all the libraries in the
system, linking to individual pages for each library showing more
information..
If there is only one library in the system the page shows all of that
library's information.
To test, apply the patch and rebuild the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Go to /cgi-bin/koha/opac-library.pl in the OPAC.
- Verify that all the correct information is displayed for the
libraries in your system.
- Verify that page title and breadcrumbs look correct.
- Click to view details for a library.
- The details page should show the full contents of
branches.opac_info
- A menu should show links to other libraries' detail pages.
EDIT: This revised patch adds a "Libraries" link to the links under the
search bar; Corrects encoding in the breadcrumb link; Makes the page
title more specific when viewing an individual library.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch modifies the OPAC comments system so that the biblio object
is passed to the template. This allows the biblio-title include to
properly access the title and subtitle information.
Unrelated change: Remove some custom CSS from the page which was
obsolete.
To test, apply the patch and make sure the "reviewson" preference is
enabled.
- Log in to the OPAC and open a bibliographic record's detail page.
- Under the "Comments" tab, click the "Post your comments" link to
trigger the pop-up window.
- In the pop-up window, verify that the item's title is correct in the
page title and the heading. Author should display correctly, if
present.
- Test submitting a comment and editing a comment. Everything should
work correctly.
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the ability for logged-in patrons to add star ratings to
titles in their list of current checkouts and on the reading history
page.
The reading history page previously only showed existing ratings. Now it
will allow the entry of ratings as well.
The JS and markup for the feature are in separate include files to
facilitate re-use. It includes markup for non-js display of ratings and
js-driven ratings controls.
To test, apply the patch and set the OpacStarRatings to all, "results,
details, and user" pages.
- Log in to the OPAC as a user with checkouts.
- On the "your summary" page, test the features of setting star
ratings:
- Any title with existing ratings should show the rating and the
average rating number.
- Set a rating. Confirm that it shows a message with your rating.
- Click the "cancel rating" link, and confirm that your rating is
removed.
- Set a rating and reload the page. Confirm that the rating was
saved.
- Test the "cancel rating" link on the title you set before you
reloaded the page. The rating should be cancelled.
- Test the same functionality on the "your reading history" page.
- Test these pages with the OpacStarRatings preference set to "only
details" or "no." The pages should function correctly.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch cleans opac-showmarc.pl so it doesn't allow retrieving
records from import batches without requiring any permissions in the
OPAC.
it does so by just removing the code portion that does that.
It also cleans the record fetch operation and how the record processor
is initialized to it actually works :-D
To test:
1. Perform a successful Z39.50 search in cataloguing (this fetches 20
records usually)
2. Query your DB for a valid import_record_id:
$ koha-mysql kohadev
> SELECT * FROM import_records LIMIT 1;
3. Notice some of the MARCXML details (title, author, etc), and the
import_record_id
4. Point your browser to the opac-showmarc.pl URL like this:
http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?importid=20
=> FAIL: You get the record! (Bonus: no field/subfield takes place)
5. Hide some obvious subfield on the framework for a known (to you)
biblionumber
6. Point your browser to:
http://kohadev.mydnsname.org:8080/cgi-bin/koha/opac-showmarc.pl?id=<biblionumber_here>
=> FAIL: No filtering takes place
7. Apply this patch
8. Repeat 4
=> SUCCESS: You get an error because you did a bad request (no id param)
9. Repeat 6
=> SUCCESS: Subfield filtering actually works!
10. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1) update database, restart memcached/plack
2) Go to Administration -> System preferences -> OPAC tab. Enable the
new PatronSelfRegistrationConfirmEmail system preference. Enable other
required self registration sysprefs.
3) Go to the OPAC home page. (You may need to log out). Click the
'Register' link so you are redirected to the member entry form.
4) Notice the 'Confirm primary email' field after the 'primary email'
field. Put 'a@a.com' in primary email, and 'b@b.com' in the confirm
field. Scroll to the end of the form and Submit.
5) Confirm the form is not successfully submitted, and an error message
is shown to indicate the email addresses do not match.
6) Confirm you cannot cut, copy or paste in either the primary email or
confirm primary email fields. Confirm the right click menu doesn't work
in these fields.
7) Disable javascript in your browser.
8) Repeat steps 3 and 4.
9) Confirm there is an error message to indicate the email addresses do
not match.
10) Re-enable javascript. Fill in the form correctly with matching email
addresses and confirm it successfully submits.
11) Disable the PatronSelfRegistrationConfirmEmail syspref.
12) Attempt to register an account on the OPAC again. Confirm the
'confirm email address' field is gone and form works as expected.
13) Re-enable the PatronSelfRegistrationConfirmEmail syspref.
14) Log in to the OPAC and go to your personal details
15) Edit the primary email field
16) Confirm you are able to submit your changes (you should not see an
error about emails not matching).
Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: holly <hc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Highlight that we only need this for action="new"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes it so PatronSelfRegistrationLibraryList will only effect the registration from and not the modification form.
TO TEST:
1. Turn on self reg and add some libaries to PatronSelfRegistrationLibraryList.
2. Notice that the libaries that display in the borrower_branchcode dropdown are the ones you selected on both the new registration from and the modification form.
3. Apply patch.
4. Now only the new registration from should show libaries on PatronSelfRegistrationLibraryList.
5. The modifciation dropdown should still show all libraries.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The lack of parenthesis makes the condition evaluated wrong.
Test plan:
- confirm you have a branch with code X
- enter X in PatronSelfRegistrationLibraryList
- go to cgi-bin/koha/opac-memberentry.pl (either as a logged in patron or as a self-reg patron)
- confirm branch dropdown is not empty and contain X
- empty out PatronSelfRegistrationLibraryList
- reload cgi-bin/koha/opac-memberentry.pl and confirm branches show
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
1 - Apply this patch
2 - Run updatedatabase.pl
3 - By default the preferences are blank and do not limit.
4 - Set the limits to 3 in 30 days
5 - Go to purchase suggestion page from OPAC as a logged in patron
6 - Place 3 suggestions and confirm you cannot place any more
7 - Alter one of the suggestions to have been made more than 30 days ago
UPDATE suggestions SET suggesteddate = '2020-01-01' WHERE suggestionid=3;
8 - Confirm you can place another suggestion
9 - Log out of OPAC
10 - Make sure AnonSyggestions is set to 'Allow' and AnonymousPatron is set
11 - Confirm anonymous suggestions are not limited by the syspref
12 - Confirm that a blank value in either MaxTotalSuggestions or NumberOfSuggestionDays does not limit suggestions
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Rhonda Kuiper <rkuiper@roundrocktexas.gov>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We should use Koha::DateUtils instead of Date::Time directly
This patch simplay replaces calls to now() with a call to dt_from_string()
which does effectively the same thing.
Probably reading the code and verifying changes is sufficient but...
To test:
1 - confirm the files all compile
2 - confirm all tests pass
3 - confirm Koha still works
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch deals (hopefully) correctly with encoding and escaping chars.
It also remove OPACBaseURL from the url stored in DB, and readd is on
display, to avoid possible attacks.
Test plan:
Go to the authority search
fill term with something hacky
<script>alert('booh!')</script>And Ŝ♥m€ E★tr₳
Search
Click the "Report a problem" link
Fill the form and make sure the url is displayed correctly
submit
Check problem_reports.problempage in DB => Should be correctly displayed
Go to staff interface, "OPAC problem reports"
=> Confirm the link is correctly display
Click it
=> Confirm that you are at the OPAC, and the URL is correct
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
On commit 027051c938
Bug 22823: Rename method with ->inbound_email_address
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Use the get_effective_email from Koha::Library to get an appropriate
inbound address for the branch as aposed to using branchemail directly.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds support for using the reply-to field added in bug 10269
and drops 'from_address' as it will get defined at a later stage in the
emailing process anyway.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
As the feature is now turned off without KohaAdminEmailAddress, we only
need to check if the email address of the library if defined.
Not that we should not check for $library->branchreplyto or
ReplytoDefault, but only $library->branchemail, as we do everywhere else
(I think)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Cannot remember why exactly, but it seems that we should not use
HTTP_REFERER directly.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We usually do not specify the from_address on enqueuing the notice, but
when sending it (from _send_message_by_email). That way a) the code is
centralized (as we must use $patron->notice_email_address) and b) the
email used is the one that is in the DB when the letter is effectively
sent.
Here I guess you need to give it when the notice is enqueued as you want
to default to the koha admin address.
I do not think it's a good idea, we should not send an email with "from"
if not really sent by the user.
We have the borrowernumber anyway to know who filled the form.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
And make it a timestamp type column
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1) Apply patch, update database, rebuild schema file
2) Restart koha-common and memcached
3) Confirm that your user has an email address.
4) Confirm that your library does NOT have an email address.
5) Confirm that syspref KohaAdminEmailAddress and syspref ReplytoDefault are not filled. Enable the OPACReportProblem syspref.
6) Log into OPAC
7) Click the 'Report a problem' link at the bottom of whatever page
you're on
8) Notice that there is no form is and there is an error message alerting that reports cannot be submitted
9) Add an email address for your library (in either the email field or the replyto field). Refresh the OPAC problem report page. The form should now show, and the recipient field should say 'library'.
10) Complete the form and submit. Check the message_queue in the database and confirm the to_address is correct. Confirm there is a success message.
11) Add an email address for the syspref KohaAdminEmailAddress and refresh the OPAC problem report page again. The recipient field should now be a dropdown. Select the Koha Administrator option.
12) Complete the form and submit. Check the message_queue in the database and confirm the to_address is the value in KohaAdminEmailAddress. Confirm there is a success message.
13) Ensure all details in the message_queue are correct.
14) Log out of the OPAC
15) Click the Report a problem link again and confirm you are forced to log in
Sponsored-by: Catalyst IT
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the required infrastructure to enable ILL availability
plugins to intercept the request creation process and, using the
supplied metadata, search for and display possible relevant items from
whichever availability plugins are installed.
Currently three availability plugins exist:
z39.50 - Searches any number of the Koha instance's configured Z targets
https://github.com/PTFS-Europe/koha-plugin-ill-avail-z3950
EDS - Searches the EBSCO Discovery Service
https://github.com/PTFS-Europe/koha-plugin-ill-avail-eds
Unpaywall - Searches the Unpaywall API for possible open access versions
of the requested item
https://github.com/PTFS-Europe/koha-plugin-ill-avail-unpaywall
The Unpaywall plugin is intended to serve as a "reference" plugin as the
API it deals with is extremely simple
Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@tudublin.ie>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch uses Net::Netmask to match IPs from ILS-DI:AuthorizedIPs
against $ENV{REMOTE_USER}. By using Net::Netmask, we can use addresses
in a variety of formats. This includes 127.0.0.1, 192.168.1.0/24,
10.0.0, and so on.
To Test:
1. Apply the patch
2. Empty the 'ILS-DI:AuthorizedIPs' system preference
3. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
3b. Note that the request is successful
4. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet including
your IP address (e.g. 192.168.1.0/24)
5. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
5b. Note that the request is successful
6. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet that doesn't include
your IP address (e.g. 1.1.1)
7. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
7b. Note that your request is refused
8. Try a variety of permutations including bad values (e.g. 192.168.1.) or multiple values
(e.g. 10.0.0.0/8,192.168.1.0/24) or multiple values including a mix of good and bad values
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard 2018-03-16 10:47:47 UTC :
<<
I don't think the system preference adds any security. There are already multiple permissions required for working with plugins:
- Configure plugins
- Manage plugins ( install / uninstall )
- Use report plugins
- Use tool plugins
And even with those permissions your server must be configured to allow the use of plugins.
>>
Test plan :
1) Install kitchen sink plugin https://github.com/bywatersolutions/koha-plugin-kitchen-sink
2) Run misc/devel/install_plugins.pl
3) Set config enable_plugins=1
4) Check all parts of the plugin are working
5) Set config enable_plugins=0
6) Check all parts of the plugin are disabled
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds CSRF token support to opac-messaging.pl,
which allows users to manually update their messaging preferences,
but prevents bad actors from tricking people into updating their
preferences from cross-site requests.
Test plan:
0. Set SMSSendDriver global system preference to "Test" if unset
1. Log into the OPAC
2. Navigate to a URL in your browser like the following:
http://localhost:8080/cgi-bin/koha/opac-messaging.pl?modify=yes
&1=email&digest=1&2-DAYS=5&2=email&digest=2&4=email&SMSnumber=0444444444
3. Observe that the preference and SMS number update
4. Apply the patch
5. Navigate to a URL in your browser like the following:
http://localhost:8080/cgi-bin/koha/opac-messaging.pl?modify=yes
&1=email&digest=1&2-DAYS=5&2=email&digest=2&4=email&SMSnumber=0444444444
6. Observe that you get an error message of "Wrong CSRF token" instead
of the previous behaviour
7. Navigate to a URL in your browser like the following:
http://localhost:8080/cgi-bin/koha/opac-messaging.pl
8. Update "Advance notice" to 3 and update "SMS number" to 61111111111
9. Observe that the "Advance notice" and "SMS number" fields update
correctly
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Currently ILSDI scripts do not have a userenv set. This affects both
action_logs and statistics.
For action_logs we either get no user or, if there is an active session, we use that one. This can have unintended consequences and we should explicitly set the env so that system user (0) is recorded
For statistics we need to specify a branch to record for actions like renewals. With bug 24759 we add an items method for this. We should take advantage of this method and use the 'opac' interface as the ilsdi scripts live there.
To test:
1 - Enable ILSDI in systempreferences
2 - Checkout an item to a patron
3 - Enable Renewal logs
4 - Ensure you will be able to renew the item several times
5 - Open an incognito/private browser
6 - Renew item via ilsdi:
http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=RenewLoan&patron_id=5&item_id=1128
7 - Check action logs, interface may be random, user should be 0, if not make sure the user in step 9 is a different one
8 - In private browser open a new tab
9 - Sign in to staff client
10 - Return to other tab
11 - Refresh page to repeat renewal
12 - Check action_logs
13 - The second renewal indicates it was renewed via intranet by logged in staff member
14 - Apply patch
15 - restart_all
16 - Ensure staff client still signed in
17 - Repeate renewal again
18 - Check logs, renewal now indicates opac again (as it should), user is 0 even if logged in on other tab
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patchset moves all code to calculate the correct renewal branch into Koha::Item.pm
When interface is opac we follow the syspref, otherwise we use the current userenv, or pass through
a defined branch
To test:
1 - Check out an item to a patron
2 - Set allowed renewals in the circ rules to 100 (just so you can keep testing)
3 - Renew the item in staff interface, confirm it is recorded correctly in statistics table (as signed in branch)
4 - Renew via the opac, testing with each setting of OpacRenewalbranch
5 - prove -v t/db_dependent/Koha/Item.t
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Should be XSLT::Base now.
Removes old XSLT_Handler stub too (from bug 23290).
Result of a git grep | sed statement.
Test plan:
Run qa tools (so modules compile).
Run t/db_dependent/Breeding.t
Run t/db_dependent/Koha/XSLT/Base.t (This test fails when only this patch
has been applied; see subsequent patch.)
Enable XSLT use on results and details display. Check search results and
detail view on OPAC and staff.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The IDreamBooks service has not seen updates in a long time, so
we should remove the service from Koha as it's no longer operational.
To test:
- Apply patch and run the database update
- Verify that the IDreamBooks related system preferences are gone
- Verify that opac detail pages and result lists still work
as expected
- Run t/db_dependent/UsageStats.t
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
