Commit graph

17 commits

Author SHA1 Message Date
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
ae543d4758 Bug 15975 (QA Followup) Fix colspan for footer
Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-25 15:41:36 +00:00
Jonathan Druart
f91ed3d8bf Bug 14060: Remove readonly attributes on date inputs
In order to remove accessibility issues due to the readonly attributes
on date inputs, this patch will remove them and introduce a javascript
validation on them.

This patch is not perfect for some reason:
I didn't manage to force the user to select a valid date. One solution
would be to reopen the datepicker plugin until a valid date is inserted.
But it could be annoying for users (and for me: I did not manage to
implement this solution).
You will note that input is emptied if the date is not valid. This is a
quick and efficient solution to prevent submitting invalid date and make
Koha explodes. A proper solution would be to implement the check server
side send a friendly message to the user.

Test plan:
For all inputs, try an invalid and a valid date.
 1/ Debar a patron
 2/ On the checkout tables (circulation and moremember), add a renewal
due date (at the bottom of the tables)
 3/ On the checkout page, specify a due date
 4/ On the return page, specify a return date
 5/ On the invoice page (acquisition module), enter a shipment and
billing date
 6/ On the invoice search page (invoices.pl) use filters shipment and
billing dates
 7/ On the offline circ page, specify a due date
 8/ On the edit patron page (memberentry), add a debarment
 9/ On the reserve page (reserve/request.pl), use the date inputs to
suspend until a defined date
10/ Edit patrons in a batch (tools/modborrowers.pl) and use the
registration and expiry date inputs

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 12:04:19 +00:00
Marc Véron
1acc6094be Bug 14948 - Display amounts right aligned in tables on patron pages
This patch set display amounts for charge, fine, price etc. right aligned in tables
on patron pages.

To test, apply patch and verify that amounts appear right aligned on following pages:

- Go to Home > Patrons, perform a search (Column 'Fines')
- Go to a patron with fines and credits
  - Checkout tab (circulation.pl): Columns 'Charge', 'Fine', 'Price'
    (maybe you have to show column with 'Show / hide colums')
  - Fines Tab > Pay fines (pay.pl): Columns 'Amount', 'Amount Outstanding'
  - Fines Tab > Account (boraccount.pl): Columns 'Amount', 'Outstanding'
    Note: Test here 'Filter paid transactions' as well

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2015-12-30 04:25:51 +00:00
Jonathan Druart
d7cfdb45e5 Bug 13492: Add the location column to the checkouts tables
Test plan:
1/ Verify that the location column is correctly displayed on the
checkouts tables (circ/circulation.pl and members/moremember.pl).
2/ Verify that you can hide/show this column (using the admin page
and/or the ColVis DT plugin).

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-24 09:41:23 -03:00
Jonathan Druart
8c324dd2a0 Bug 13492: Add the column configuration for the checkouts table - circulation.pl
Test plan:
1/ Verify that you can show/hide columns on the checkouts table (circulation.pl).
2/ Play with the column configuration admin page (admin/columns_settings.pl),
and confirm the behavior is correct (depends on what you have selected).

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-24 09:41:11 -03:00
Rafal Kopaczka
901be3db53 Bug 9481 - charge not showing fines On 'Check out' and 'Details'.
When looking at the patron record or the checkout screen the checkout
summary is now showing 0 for all the Charges even if the item was
overdue and has accrued fines.
Removed unused(?) footer values in checkouts-table-footer.inc

To test:
1/ Check out items with past due date
2/ Run fines.pl script (ensure finesMode is set to Calculate and Charge)
3/ Verify on Fines->Pay Fines screen that fines where calculated
correct.
4/ Go to Patron record, charge column on Details and Check out
screen
should be 0 or rental charge amount only. But total amount row
display right
number, same as in pay fines screen.
4/ Apply patch.
5/ Now charges on display and check out screen shows all outstanding
fees for each item.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 14:13:53 -03:00
d8ed913059 Bug 12899: Row grouping in checkouts table is alphabetical and depends on translation
The sort order of the "today's checkouts" and "previous checkouts" row
groupings depends on the label, so in English "today's checkouts" comes
first. However, in other languages the reverse alphabetical order is
incorrect resulting in "previous checkouts" coming first.

This patch adds a dummy column with numeric data on which the sorting
can be done. This should make it translation-agnostic.

To test, apply the patch and install or update a translation which will
demostrate the problem (sv-SE for instance).

- Clear your browser cache and switch to the English templates.
- Check out some items to a patron who has checkouts from a previous
  day.
- Confirm that the sorting of the "today's checkouts" and "previous
  checkouts" row groups is correct.
- Switch to the new/updated translation and reload the circulation page
  for that patron. Confirm that the sort remains correct.
- Confirm that the checkouts table looks correct and that other features
  (sorting, checkboxes) still work correctly.

Revision: Corrected the table footer include to correct the colspan
error causing column misalignment.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-09-16 15:20:51 -03:00
82275fa2db Bug 11703 - Convert checkouts table to ajax datatable
When a patron has many checked out items, circulation.pl can take a very
long time to load ( on the order of minutes in some cases ). This is
primarily due to the processing of the previous checkouts list. If we
convert to this table to a datatable that fetches its data via ajax, we
can make circulation.pl far more responsive. The same should be done
with relative's checkouts as well.

Test Plan:
1) Apply this patch
2) Observe that the checkouts and relatives' checkouts tables
   are now loaded asynchronously
3) Observe and verify the renew and return actions are now
   ajax based and function in a manner equivilent to how they
   used to.

This bug had quite a few followups, so I squashed all of them into one
change so that code is easier to follow. Original commit messages are below:

Bug 11703 - Use the ajax datatables on patron details page

Bug 11703 - Convert holds tables to ajax datatables

Bug 11703 [QA Followup 1] - Center bProcessing message over table

Bug 11703 [QA Followup 2] - Remove icons from checkout and clear buttons

Bug 11703 [QA Followup 3] - Remove references to UseTablesortForCirc

Bug 11703 [QA Followup 4] - Add back in Today's checkouts/Previous checkouts rows

Bug 11703 [QA Followup 5]

Bug 11703 [QA Followup 6] - Move strings to an include file for translation purposes

Bug 11703 [QA Followup 7] - Fix issues spotted by koha-qa.pl

Bug 11703 [QA Followup 8] - Speed up api/checkouts.pl as much as possible

Bug 11703 [QA Followup 9] - Move scripts from api directory to svc directory

Bug 11703 [QA Followup 10] - Fix errors caused by rebase

Bug 11703 [QA Followup 11] - Prevent multiple fetchs from ajax source

Bug 11703 [QA Followup 12] - Fix problem detected by koha-qa.pl

Bug 11703 [QA Followup 13] - Removed uneccessary data from renewal box during renewal

Bug 11703 [QA Followup 14] - Fix table column span

Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
Test plan on bug report:
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11703#c98

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
2014-07-03 11:22:10 -03:00
2a73ced61d Bug 8972 - Due Date set to 100 years ago
In order to prevent submission of dates with ambiguous two-digit
years this patch makes date-due input fields read-only so that
users must use date/time picker.

Other minor fixes:

- Adding missing labels
- Adding common class wrapper to datepicker for checkout and renewal
- Correcting focus handling on "specify due date" field (should
  focus on barcode field after a date has been selected).
- Removing trailing comma from JavaScript (breaks IE)

To test, try typing an invalid number in any of the date due entry
fields: Under 'specify due date,' 'renewal due date,' or the
confirm "invalid" date dialog (after specifying a date in the past).
Manual entry should not work. Choosing a date/time using the
widget should work.

Signed-off-by: Melia Meggs <melia@test.bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-11-08 23:23:25 -05:00
Jonathan Druart
0f3f61e756 Bug 7986: Export issues for patron
In the circulation page, you can now export (as csv or iso2709) a list
of items which are currently checked out by a borrower.

3 export types:
- iso2709 with items: Export the items list in iso2709 format with item
  informations.
- iso2709 without items: Export the items list in iso2709 format without
  item informations.
- CSV: Export the items list based on a csv profil.

2 new system preferences:
- DontExportFields: a list of fields not to be export
- CsvProfileForExport: The Csv profile name used for the csv export

Test plan:
- Fill the CsvProfileForExport syspref
- go on the borrower circulation page containing checkouts
- Select one or more items and export them to the 3 different formats.
- check if the result file is what you expected

- Test there is no regression with the export authority
- Test there is no regression using tools/export.pl with the command
  line interface

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-09-13 17:58:30 +02:00
2b74492d7d Bug 8181 [REVISED] Replace DynArch calendar widget with jQueryUI version
All instances of the old DynArch calendar have been replaced with
jQueryUI versions and the old library files have been removed.

calendar.inc has been modified to include jQueryUI localization
strings and global configuration options. Just add a "datepicker"
class to an input field to trigger a datepicker prompt.

If you would like two fields in one from to limit each other (one
is date from, one is date to), add these classes to each:
"datepickerfrom" and "datepickerto." This will prevent an invalid
entry, e.g. a date in the latter which falls before the former.

jQueryUI is now upgraded to the latest verision, 1.8.21.

Edit: Now with proper translatability, date formatting, first day
of the week handling, and RTL support.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA Comment:  rebased on current master; minor merge conflicts with other patches pushed

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-25 18:26:26 +02:00
Ian Walls
9ee49d65d4 Enh 6887: Add 'checked out from' column to issued items display tables
Adds "checked out from" column to the right of "checked out on" on both
circ/circulation.pl and members/moremembers.pl.  Columns are sortable with tablesort
(though only on circ/circulation.pl if syspref enabled).

The branch name is sourced from issues.branchcode.

EDIT BY Owen Leonard: Adjusting table columns which are sorted by default
to accommodate the new column.

Things look good! Thanks!

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Liz Rea <lrea@nekls.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-09-21 09:44:00 +12:00
Chris Cormack
5884fb1000 Bug 5917 : Swapping templates over 2011-04-10 20:38:30 +12:00
Matthias Meusburger
6b2b62eb57 Bug 5952: Shows member relatives in issues lists
Duplicate of '[PATCH] MT3747: Shows member relatives in issueslists' : Subject was wrong

MT3747, Follow-up: Adds siblings issues

MT3747, Follow-up: Shows member relatives in issues lists

 - Now displays patron's and relatives' issues apart

MT3747, Follow-up: Shows member relatives in issues lists

 - Removes renewal in circulation.pl
 - Adds links to moremember.pl

MT3747, Follow-up: Shows member relatives in issues lists

 - Remove unuseful warn

MT3747, Follow-up: Shows member relatives in issues lists

 - Removes renewal in moremember.pl

MT3747, Follow-up: Shows member relatives in issues lists

 - Adds sorting for circulation.pl

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-04-01 21:03:14 +13:00
Reed Wade
1f0e0c5de1 Bug 5741 - Extra comma causes JavaScript error in Internet Explorer
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-02-20 20:29:07 +13:00
083d3b1a92 Fix for Bug 5051, Renewal due date doesn't always show on patron Checkout tab
Display of the renewal date footer in the template was conditional upon
the existence of checkouts from today.

In order to fix this bug it was necessary to repeat the markup for the
table footer twice in the template, so I created an include file for it.
The same include file can now be used in moremember.tmpl.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2010-11-30 08:38:43 +13:00