Commit graph

5759 commits

Author SHA1 Message Date
Colin Campbell
e2e9916348 Bug 7736: Support Ordering via Edifact EDI messages
Add support for processing incoming Edifact Quotes, Invoices
and order responses and generating and transmission of
Edifact Orders.
Basic workflow is that an incoming quote generates an aquisition
basket in Koha, with each line corresponding to an order record

The user can then generate an edifact order from this (or another)
basket, which is transferred to the vendor's site

The supplier generates an invoice on despatch and this will
result in corresponding invoices being generated in Koha
The orderlines on the invoice are receipted automatically.

We also support order response messages. This may include
simple order acknowledgements, supplier reports/amendments
on availability. Cancellation messages cause the koha order
to be cancelled, other messages are recorded against the order

Which messages are to be supported/processed is specifiable on a
vendor by vendor basis via the admin screens

You can also specify auto order i.e. to generate orders from quotes
without user intervention - This reflects existing
workflows where most work is done on the suppliers website
then generating a dummy quote

Received messages are stored in the edifact_messages table
and the original can be viewed via the online

Database changes are in installer/data/mysql/atomicchanges/edifact.sql
Note new perl dependencies:
    Net::SFTP:Foreign
    Text::Unidecode

Signed-off-by: Paul Johnson <p.johnson@staffs.ac.uk>

Signed-off-by: Sally Healey <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 20:03:17 +00:00
9658085d1e Bug 10612: (QA followup)
Rename not_borrowered_since to not_borrowed_since

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:52:14 +00:00
7f9d5b27ae Bug 10612 - Add ability to delete patrons with batch patron deletion tool
This patch adds the ability to select a patron list for deletetion
when using the Batch patron deletion/anonymization tool. It also adds
buttons to the the patron lists table to access both the batch deletion
and batch modification directly from the lists view.

This is a squash of previous patches but now adds a patron_list_id
parameter to C4::Members::GetBorrowersToExpunge and uses that routine to
fetch patrons from a list.

Test Plan:
1) Apply this patch
2) Create a list of patrons with the new Patron Lists feature
3) Try using the batch edit link form the lists table
4) Try using the batch delete link from the lists table
5) Verify previous functionality has not changed

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Patron batches are correctly passed to the edit and delete pages.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:52:13 +00:00
Nicholas van Oudtshoorn
722a098eac Bug 10988 - Fixes for comments 57 and 58
Test Plan (remains the same):
     0) Back up your database
     1) Apply all these patches
     2) In your mysql client use your Koha database and execute:
        > DELETE FROM systempreferences;
        > SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
        -- Should be no errors.
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see 4 entries.
        > QUIT;
     3) Restore your database
     4) Run ./installer/data/mysql/updatedatabase.pl;
     5) In your mysql client use your Koha database and execute:
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see the same 4 entries.
     6) Log into the staff client
     7) Home -> Koha administration -> Global system preferences
     8) -> OPAC
        -- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
     9) -> Administration
        -- There should be a 'Google OAuth2' section with the ability
           to set those 4 system preferences.
    10) In a new tab, go to https://console.developers.google.com/project
    11) Click 'Create Project'
    12) Type in a project name that won't freak users out, like your
        library name (e.g. South Pole Library).
    13) Click the 'Create' button.
    14) Click the 'APIs & auth' in the left frame.
    15) Click 'Credentials'
    16) Click 'Create new Client ID'
    17) Select 'Web application' and click 'Configure consent screen'.
    18) Select the Email Address.
    19) Put it a meaningful string into the Product Name
        (e.g. South Pole Library Authentication)
    20) Fill in the other fields as desired (or not)
    21) Click 'Save'
    22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
        (http://library.yourDNS.org)
    23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
        googleoauth2 script
        (http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleopenidconnect)
    24) Click 'Create Client ID'
    25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
        system preference.
    26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
        system preference.
    27) Change the GoogleOpenIDConnect preference to 'Use'.
    28) Click 'Save all Administration preferences'
    29) In the OPAC, click 'Log in to your account'.
        -- You should get a confirmation request, if you are
            already logged in, OR a login screen if you are not.
        -- You need to have the primary email address set to one
           authenticated by Google in order to log in.
    30) Run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:35 +00:00
Joonas Kylmälä
85ea73db9d Bug 11807: (follow-up) remove date conversions
To test

1/ Apply both patches

2/ This patch lets you easily configure mappings for categorycode values.
These mapping will be used when updating the user's account after a successful LDAP login.

Here is an example configuration :

<config>
  <ldapserver id="ldapserver>
    <mapping>
      <categorycode is="usertype">STU</categorycode>
      ...
    </mapping>

    <categorycode_mapping>
      <categorycode value="STU">STUDENT</categorycode>
      <categorycode value="EMP">EMPLOYEE</categorycode>
    </categorycode_mapping>
  </ldapserver>
</config>

3/ With this configuration, LDAP users with the usertype value "EMP" on the LDAP server should have the "EMPLOYEE" categorycode in Koha.

Signed-off-by: Chris <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:23:42 +00:00
Frédérick
b3311913b3 Bug 11807 : Add support for categorycode conversions when updating an user using a LDAP server.
To test

1/ Apply both patches

2/ This patch lets you easily configure mappings for categorycode values.
These mapping will be used when updating the user's account after a successful LDAP login.

Here is an example configuration :

<config>
  <ldapserver id="ldapserver>
    <mapping>
      <categorycode is="usertype">STU</categorycode>
      ...
    </mapping>

    <categorycode_mapping>
      <categorycode value="STU">STUDENT</categorycode>
      <categorycode value="EMP">EMPLOYEE</categorycode>
    </categorycode_mapping>
  </ldapserver>
</config>

3/ With this configuration, LDAP users with the usertype value "EMP" on the LDAP server should have the "EMPLOYEE" categorycode in Koha.

Signed-off-by: Chris <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:23:42 +00:00
6e8d24231c Bug 16068: Do not cache overridden prefs
These prefs do not need to be cached, a quick access to $ENV permit to
get the value.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:19:31 +00:00
fcbd81049f Bug 15745: C4::Matcher gets CCL parsing error if term contains ? (question mark)
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Also fixes ! and +
Rebased to master
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
It makes perfect sense and works as expected. This part of the code is too
under-tested so no point requiring a regression test for such a simple change.

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:12:51 +00:00
fc66eedcc4 Bug 16177: Fix tests for ColumnsSsettings.t
This failure has been introduced by
  commit 243b797dd1
    Bug 15285: Update common files

This is because the cannot_be_modified key is not always created by
C4::Utils::DataTables::ColumnsSettings subroutines

Test plan:
  prove t/db_dependent/ColumnsSettings.t
should return green
And you can also test a table where the feature is set and a column
cannot be modified from the admin page.

NOTE: Works as described. I was pondering this potential
      solution when I found it in bugzilla.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:08:23 +00:00
2d961b5ad4 Bug 16056: Do not crash when searching for an authority if zebra's index is not up-to-date
This patch fixes a regression introduced by
commit 7e70202d34
  Bug 15381: Remove GetAuthType and GetAuthTypeCode

This first version will reintroduce the same behavior as before bug
15381: the record will be displayed even if it's no in the DB

Test plan:
Search for authorities
delete one
The zebra's index is not updated yet and the results will contain the
record you have deleted.

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:04:38 +00:00
da052b3d10 Bug 16129: Remove URL::Encode dependency
This patch makes the PayPal integration feature independent from the
URL::Encode library, which is absent in some supported distributions.

It uses the URI package which is already a Koha dependency.

To test:
- Apply the patch
- Notice there are no deps for URL::Encode
- Follow the steps from the original patch
=> SUCCESS: It works as expected
- Sign-off :-D

Note: I deleted the line in which $amount_to_pay was url-encoded, because that's
one of the things query_form does (and the variable is only used as a parameter to it).

Sponsored-by: ByWater Solutions

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 18:48:18 +00:00
Alex Arnaud
c74678a1d2 Bug 15889: LDAP authentication: Only update mapped attributes
Test plan:

- Update your configuration file to use LDAP authentication and enable update
  (<update>1</update>) option,
- login with an existing user with extended attrbitutes that are not in
LDAP mapping,
- check that all attributes are still here.

Signed-off-by: Chris <chrisc@catalyst.net.nz>

Signed-off-by: Philippe Blouin <philippe.blouin@inlibro.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
2016-03-31 16:33:31 -06:00
Martin Persson
ead5b9c0e2 Bug 14257 - Add show_attributes to GetPatronInfo
This patch adds the ability to query the extended patron
attributes via the ILSDI web service's GetPatronInfo service.

Example: ilsdi.pl?service=GetPatronInfo&patron_id=3&show_attributes=1

A new element <attributes> will be added if there
are any attributes available from the database.

We need to discuss the security implications of showing the
attributes. At present it will allow querying of non-public
(OPAC-visible) information. We might want to change this.

Sponsored-By: Halland County Library

Test plan:

* Configure Koha to make use of extended attributes:
  Under 'Administration' -> 'Global system preferences' ->
  'Patrons' tab -> Set 'ExtendedPatronAttributes' to 'Enable',
  press save and switch to 'Web services' tab.

* Enable the ILS-DI service:
  Under 'Administration' -> 'Global system preferences' ->
  'Web services' tab -> 'ILS-DI' section:
  Set 'ILS-DI' to 'Enable' and save.

* Create an attribute to query:
  Under 'Administration' -> 'Patrons and circulation' ->
  'Patron attribute types' press 'New patron attribute type':
  Enter a type code, like 'DOORCODE', description and assign
  a category that your test patron is a member of, then save.

* Set value for test user:
  Locate the test patron, the new attribute should be listed
  under 'Additional attributes and identifiers'.
  Click 'Edit' and assign a value, like '1337' and save.

* Query the ILS-DI service:
  http://127.0.1.1/cgi-bin/koha/ilsdi.pl?service=GetPatronInfo&patron_id=1&show_attributes=1
  The output XML should have an element named 'attributes'
  containing the data you entered.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-31 20:31:06 +00:00
59266cbd61 Bug 14512 - Add support for AV field to Koha's SIP2 Server
Koha's SIP2 server should have support for the AV field ( field items ).
The biggest problem with this field is that its' contents are not really
defined in SIP2 protocol specification. All it says is "this field
should be sent for each fine item". Due to this, I think the contents of
the field need to be configurable at the login level, so that the
contents can be defined based on the SIP2 devices requirements for the
AV field.

Test Plan:
1) Apply this patch
2) Find a patron with outstanding fines
3) Run a patron information request using misc/sip_cli_emulator.pl using the new -s option with the value "   Y      "
4) Note there is an AV field for each fee containing the description and amount
5) Edit your sip config, add an av_field_template parameter to the login you are using such as
    av_field_template="TEST [% accountline.description %] [% accountline.amountoutstanding | format('%.2f') %]"
6) Restart your SIP server
7) Repeat the patron information request
8) Note your custom AV field is being used!

Signed-off-by: Chris Davis <cgdavis@uintah.utah.gov>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-31 20:29:18 +00:00
038b5f8156 Bug 16004: Replace items.new with items.new_status
The items.new column is badly named, the Koha::Item->new accessor will
never returns this value, but the constructor will be called instead.
This patch renames it with new_status to avoid the ambiguity.

Test plan:
0/ Do not apply this patch
1/ Define some rules in the "Automatic item modifications by age" tool
with at least one items.new field used
2/ Apply this patch
3/ Execute the update DB entry
4/ Reload the tool page and confirm that the changes have been taken
into account

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-31 16:57:13 +00:00
Colin Campbell
6325277c64 Bug 16011 reintroduced VERSION variable needs declaration
$VERSION reintroduced into External/BakerTaylor.pm but was
not declared. Causes tests to fail.
Readd VERSION to the package vars

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-29 22:38:54 +00:00
dda7a0a25f Bug 16044: Use the L1 cache for any objects set in cache
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 19:44:43 +00:00
ea0258be0d Bug 16011: Reintroduce $VERSION for 2 pm
These files should be managed on their own bug reports.

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:45 +00:00
3cfedcf238 Bug 16011: $VERSION - Remove empty BEGIN block
perl -p -i -0 -e 's/BEGIN \{\n?\n?\}\n//' **/*.pm

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:41 +00:00
4c0e309677 Bug 16011: $VERSION - Remove use vars qw();
perl -p -i -e 's/use vars qw\(\s*\);\n//' **/*.pm

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:39 +00:00
798d38e4c7 Bug 16011: $VERSION - Remove comments
perl -p -i -e 's/^.*set the version for version checking.*\n//' **/*.pm

+ manual adjustements

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:29 +00:00
017699c345 Bug 16011: $VERSION - Remove the $VERSION init
Mainly a
  perl -p -i -e 's/^.*3.07.00.049.*\n//' **/*.pm
Then some adjustements

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:28 +00:00
3830d78d46 Bug 16011: $VERSION - remove use vars $VERSION
perl -p -i -e 's/^(use vars .*)\$VERSION\s?(.*)/$1$2/' **/*.pm

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:26 +00:00
92fbb1f3d0 Bug 15741: Fix rounding in total fines calculations
C4::Members::GetMemberAccountRecords wrongly casts float to integer
It's common to use sprintf in Perl to do this job.

% perl -e 'print int(1000*64.60)."\n"';
64599
% perl -e 'print sprintf("%.0f", 1000*64.60)."\n"';
64600

Test plan:
1) Create manual invoice for 64.60 (or 1.14, 1.36, ...)
2) Try to pay it using "Pay amount" or "Pay selected" buttons

Signed-off-by: Sally Healey <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 16:11:09 +00:00
94dde6b48d Bug 15809: Redefine multi_param is CGI < 4.08 is used
On debian Jessie, the CGI version is >= 4.08
Since this version, the param method raise a warning
"CGI::param called in list context".
Indeed, it can cause vulnerability if called in list context

https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-parameter
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/

There is a long journey to get rid of these warnings.
First I suggest to redefine the multi_param method when the CGI version
 installed is < 4.08, it will allow us to move the wrong ->param calls to
 ->multi_param without waiting for everybody to upgrade.

The different ways to call these 2 methods are:

my $foo = $cgi->param('foo'); # OK

my @foo = $cgi->param('foo'); # NOK, will raise the warning
my @foo = $cgi->multi_param('foo'); #OK

$template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning
                                               # and vulnerable
$template->param( foo => scalar $cgi->param('foo') ); # OK

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested a call to multi_param with CGI < 4.08.
With reference to the comments on Bugzilla, this workaround is arguable,
but provides a base to move to multi_param. If we come up with a better
solution, it should be easy to adjust.

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-22 23:23:39 +00:00
charles
db0ecc3cc5 Bug 15585 - Move C4::Passwordrecovery to the new namespace Koha::Patron::Password::Reset
As promised, here is the long-awaited sequel to #8753.

What has changed :

    - The Koha::Patron::Password::Reset is now used in place of C4::Passwordrecovery
    - That ugly shift-grep contraption is no more (goodbye old friend)
    - The generated unique key won't end in a dot anymore

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-22 23:08:21 +00:00
4a3404594f Bug 15163: Do not erase patron attributes if limited to another library
The patron attributes displayed on editing a patron are not displayed if
limited to another library.

C4::Members::Attributes::SetBorrowerAttributes will now only delete attributes
the librarian is editing.
SetBorrowerAttributes takes a new $no_branch_limit parameter. If set,
the branch limitations have not effect and all attributes are deleted
(same behavior as before this patch).

Test plan:
1/ Create 2 patron attributes, without branch limitations.
2/ Edit a patron and set a value for these attributes
3/ Limit a patron attributes to a library (one you are not logged in
with).
4/ Edit again the patron.
=> You should not see the limited attributes
5/ Edit the patron attributes and remove the branch limitation
=> Without this patch, it has been removed from the database and is not
displayed anymore.
=> With this patch, you should see it.

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-21 16:56:37 +00:00
47fbbb7cf5 Bug 11998: Add a L1 cache for sysprefs
Accessing to the cache for each call to C4::Context->preference might
have an impact on performances.
To avoid that this patch introduces a L1 cache (simple hashref). It will
be populated by accessing the L2 cache (Koha::Cache).
If a pref is retrieved 10x, the first one will get the value from the L2
cache, then the L1 cache will be check.
To do so we will need to clear the L1 cache every time a page is loaded.

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-15 07:08:29 +00:00
56a782c666 Bug 11998: Use t::lib::Mocks::mock_preference in tests
Unless in t/db_dependent/Context.t where we want to test the cache
behaviors.

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-15 07:08:28 +00:00
9820f9dfbd Bug 11998: Use Koha::Cache to cache sysprefs
At the moment, the sysprefs are only cache in the thread memory
executing the processus
When using Plack, that means we need to clear the syspref cache on each
page.
To avoid that, we can use Koha::Cache to cache the sysprefs correctly.

A big part of the authorship of this patch goes to Robin Sheat.

Test plan:
1/ Add/Update/Delete local use prefs
2/ Update pref values and confirm that the changes are correctly taken
into account

Signed-off-by: Chris <chrisc@catalyst.net.nz>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Tested with plack with syspref cache enabled, there is some time between setting the syspref and applying it, but it takes just one reload of page, it shouldn't be problem, should it?
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Tested with CGI and CGI + memcache; some small issues still remain,
but it would be better to deal with them in separate bug reports
if necessary

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-15 07:08:28 +00:00
fb167c0e4b Bug 15111: Change X-Frame-Options with SAMEORIGIN
There are some places where frames are used, the greybox JS plugin for
instance.

We need either to allow them from Koha or replace this plugin.
The easier for now is to switch the value from DENY with SAMEORIGIN.

Test plan:
- modify a record in a batch (tools/batch_record_modification.pl)
- click on preview marc
=> With only the previous patch you will get a blank page.
=> With this patch apply, it will work as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-03-14 16:30:08 +00:00
dc03bca76c Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks
Web pages that can be embedded in frames are vulnerable to cross-frame
scripting attacks. Cross-frame scripting is a type of phishing attack
that involves instructions to an unsuspecting user to follow a specific
link to update confidential information in an online application.
Because the link leads to a legitimate page from the online application
that is embedded in a frame hosted by the attackers' server, the
attackers can capture all the information that the user enters.

https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-03-14 16:30:08 +00:00
aa73c96aed Bug 15656: Move guarantor/guarantees code - GetMemberRelatives
Note:
QA question: Does the Koha::Patron->siblings method should return undef
if there is no guarantor?
It would avoid the weird  != undef, = $borrowernumber conditions.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-12 23:40:10 +00:00
bff0ca0b0b Bug 15656: Move guarantor/guarantees code - GetGuarantees
2 subroutines of C4::Members deal with guarantor/guarantees:
GetGuarantees and GetMemberRelatives.
Since we already have a Koha::Patron->guarantor method, it makes sense
to move these 2 subroutines to this module.

This first patch deals with GetGuarantees.

Test plan for the entire patch set:
1/ Create 5 patrons A (adult), B (child), C (child), D (child), E
(child), F (adult)
2/ Add relation between them: A is father of B, C and D.
E does not have a guarantor
F does not have guarantees
3/ Check some items out for all of these patrons
4/ On the "Check out" and "Details" tabs, you should not see any
differences with these patch applied : The "Relatives' checkouts" tabs
should list all of the guarantor/guarantee/siblings checkouts

Note:
$template->param('C' => 1);
I have not found any reference of this 'C' in the template.
It seems it's an old c/p from members/memberentrygen.tt

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-12 23:40:10 +00:00
186f630407 Bug 15653: Remove unused C4::Members::UpdateGuarantees subroutine
Looking at the code, there is some broken with the guarantees code.
It seems that the expected behavior would be to update address, fax,
B_city, mobile, city and phone info of the guarantees when a guarantor
is modified.
But the code in C4::Members::ModMember is broken:

 668         my $borrowercategory= GetBorrowercategory(
$data{'category_type'} );
 669         if ( exists  $borrowercategory->{'category_type'} &&
$borrowercategory->{'category_type'} eq ('A' || 'S') ) {
 670             # is adult check guarantees;
 671             UpdateGuarantees(%data);
 672         }

First, GetBorrowerCategory expects a categorycode, not a category_type.
Then UpdateGuarantees retrieves the param like:

 989 sub UpdateGuarantees {
 990     my %data = shift;

Which means that %data will always be something like ( a_key => undef )
And nothing more.

The updateguarantees subroutine (It has been renamed) has been introduced by

commit 56825e415f
Date:   Mon Aug 30 13:48:58 2004 +0000
    modularizing (with Members.pm) members management
    (beginning of...)

And the `%data = shift` already existed...

This code has never worked and could be removed.

See http://lists.koha-community.org/pipermail/koha-devel/2016-January/042241.html

Test plan:
Confirm the previous assertions.

Note that I have found this bug working on bug 15631, see patch "Bug
15631: Koha::Cities - remove getidcity and GetCities"

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-12 23:39:09 +00:00
Nicole C Engard
39f9b9ddb0 Bug 15694: Add aliases for date/time last modified
This patch will add indexes for Date/time-last-modified.

To test:

1. apply patch
2. reindex
3. search for dtlm:DATE and date-time-last-modified:DATE
4. confirm that you get results

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
  I confirm Hector signing-off. A simple Zebra server restart suffice to get
  working the searches on date-time-last-modified and dtlm.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-11 21:56:50 +00:00
Zeno Tajoli
69cf2d9451 Bug 15955: Tuning function 'New child record' for Unimarc 205$a -> 461$e
Now the sYstem tries to insert value of 205$a into 461$a when a child is
created from the father record.  In UNIMARC 46x tags there is not
present a subfield for ediction value (205$a in UNIMARC).

To Test:
1) Check to have EasyAnalyticalRecords on 'off'
2) Check to use UNIMARC
3) Create a record with data in 200$a (title), 205$a (ediction), 700
   (author) 215$a(Place), 215$d(date)
4) From those record create a child using 'New'->'New child record'
5) See the values in 461 tag: You can see that in 461$a there is the
   value of 205$a from father This is wrong, you need to have the value
   of 700 $a and $b from father record, and 205$a in 461$e.
6) Appy the patch
7) Redo 4-5
8) Now 461 is good

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I have not checked the doc but trusting author and signoffer.

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-11 21:55:24 +00:00
0391709c28 Bug 16009: fix GetMember() search on NULL/undef values
This patch fixes a bug whereby GetMember(searchfield => undef)
(i.e., searching for patron records where 'searchfield' is NULL)
would crash.

This fixes a regression introduced by bug 15344 that in turn
exposed a long-standing bug in GetMember().

To test:

[1] Import some offline circulation transactions that include at
    least one return.
[2] Attempt to view the list of pending transactions; a crash
    will occur.
[3] Apply the patch and view the list of pending transactions again;
    this time, it should work.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-11 15:23:37 +00:00
ffbb575061 Bug 14306: Follow-up for URLs in 555$u
This patch removes the code for inserting the <a> anchor tags around
URLs in GetMarcNotes (as added originally).
The URLs are placed in separate array elements; the template should take
care of further handling.
The unit test has been adjusted accordingly.

Test plan:
Run the unit test.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:58:33 +00:00
caae161a4e Bug 14306: Show URL from MARC21 field 555$u under Title Notes/Descriptions
This patch includes:
[1] Add some logic to GetMarcNotes to embed the contents of MARC21 field
    555$u in a html anchor tag.
[2] Add a unit test for GetMarcNotes in Biblio.t
[3] Remove calls to GetMarcNotes from sendbasket.pl (opac and staff).
    A closer look revealed that the data was not used; the notes in the
    mail of sendbasket are taken from GetBiblioData.

Test plan:
[1] Edit a record. Add one or two URLS in 555$u. Add something in 500$a too.
[2] Check if you can click the URLs in opac and staff detail tab Notes or
    Descriptions.
[3] Run the unit test t/db../Biblio.t
[4] Add something in the cart. Click More Details and send the cart.
    Verify that you have something in Notes (from 500$a).

Signed-off-by: Marc Veron <veron@veron.ch>
Followed test plan. Works as expected. QA tools OK.

Tested with all patches together, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:58:32 +00:00
f2dd831542 Bug 14694 - Make decreaseloanHighHolds more flexible
This patch allows for more flexibility for determining when the number
of holds a record has should trigger the reduction of the loan length
for items on that record.

This patch adds a new system preference decreaseLoanHighHoldsControl,
which defaults to 'static', the original behavior of the feature.
It also has a new behavior 'dynamic' which makes the feature only
decrease the loan length if the number of holds on the record exceeds
the number of holdable items + decreaseLoanHighHoldsValue.

It also allows items to be filtered from the list of items based
on the damaged, lost, not for loan, and withdrawn values even if
those values would have allowed holds ( i.e. values < 0 )

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Set decreaseLoanHighHolds to Enable
4) Set decreaseLoanHighHoldsControl to "over the number of items on the record"
5) Set decreaseLoanHighHoldsDuration to 1
6) Set decreaseLoanHighHoldsValue to 3
7) Create a record with 5 items
8) Please 8 or more holds on the record
9) Check out one of the items to a patron
10) Note the loan length is reduced to 1 day
11) Set decreaseLoanHighHoldsValue to 3 to 2
12) Check out one of the items to a patron
13) Note the loan length is *not* reduced
14) Enbale all the filters possible in decreaseLoanHighHoldsIgnoreStatuses
15) Set one item to be damaged
16) Note the loan length is reduced
17) Unset the damaged status
18) Repeat steps 15 - 17 for lost, not for loan, and withdrawn

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:48:51 +00:00
1307f26bd1 Bug 5404: Move the test to a new IsMarcStructureInternal sub
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:30:09 +00:00
2237e0f871 Bug 5404: C4::Koha - remove subfield_is_koha_internal_p
The commit b5ecefd485
Date:   Mon Feb 3 18:46:00 2003 +0000

had a funny description:
Added function to check if a MARC subfield name is "koha-internal"
(instead of checking it for 'lib' and 'tag' everywhere); temporarily
added to Koha.pm

"Temporarily", since 2003, everything is relative, isn't it? :)

The thing is that GetMarcStructure returns hash like

field_200 => {
    subfield_a => {
        %attributes_of_subfield_a
    },
    %attributes_of_field_200
}

The attributes for field_200 can be 'repeatable', 'mandatory', 'tag', 'lib'.
We don't want to loop on these values when looping on subfields.
Since there are just { k => v } with v is a scalar (string), it's easier
to test if we are processing a subfield testing the reference.

At some places, we don't need to test that, we are looping on values
from MARC::Field->subfields which are always valid subfields.

Test plan:
1/ Edit items using the batch item mod tool
2/ display and edit items via the cataloguing module.

You should not see any changes between before and after the patch
applied.

Tech notes:
We need to check what we are processing when we loop on 'subfields' from
GetMarcStructure, not from MARC::Field->subfields.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:30:09 +00:00
617b72a54e Bug 13871: [QA Follow-up] Add $server for FID_SCREEN_MSG
When you are ready, you still see that small detail.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:22:21 +00:00
b02aa7c421 Bug 13871: [QA Follow-up] Adjust Patron Info Request
Conform QA comment, Patron Info request is slightly adjusted to be
consistent with changes to Patron Status request.

If the cardnumber is ok and the password is wrong, BL=N is reported but
also add 'Invalid password' in AF.
Additionally, an invalid card number is reported in AF.

Test plan:
[1] Send patron info request for invalid card.
[2] Idem for valid card, no password.
[3] Idem for valid card, good password.
[4] Idem for valid card, wrong password.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Verified by telnetting SIP server.
And tested additionally with the new unit test of bug 15956.

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:22:21 +00:00
a32a5c4e08 Bug 13871: [QA Follow-up] Adjust Patron Status Request
Conform QA comment on Bugzilla, we do this:

[1] Attribute for overdrive mode/invalid credentials is not really needed.
    We can always pass a screen message that card or password is invalid.
[2] If the cardnumber is correct and the password is wrong, we should
    still honour the request. The bad password is recognized by BLN and
    an additional message in AF.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Verified by telnetting SIP server.
And tested additionally with the new unit test of bug 15956.

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:22:20 +00:00
8637627dc9 Bug 13871 - OverDrive message when user authentication fails
NOTE: apply this patch after the additional perltidy patch

this patch is basically a small work-around to fix some confusing login text,
when users enter incorrect auth details via Overdrive's website

with this option disabled (default) there is no change to SIP's behaviour

to test...

1/ configure your overdrive account to talk to your Koha's SIP service

2/ start Koha's SIP

3/ enter a correct username and correct password in overdrive
see overdrive display '(1) Greetings from Koha' (good)

4/ enter a correct username and *incorrect* password in overdrive
see overdrive display '(1) Greetings from Koha' (bad)

5/ enter an incorrect username in overdrive
see overdrive display '(1)' (badder)

6/ apply patch, enable 'overdrive-mode' in Koha's SIPConfig.xml

example...
---------------------
<accounts>
<login id="kohasip" password="xxxxx" delimiter="|"
error-detect="enabled" institution="YYY" overdrive-mode="1" />
</accounts>
---------------------

7/ restart SIP

8/ enter a correct username and correct password
see overdrive display '(1) Greetings from Koha'

9/ enter a correct username and *incorrect* password
see overdrive display '(1) Invalid patron or patron password'

10/ enter an incorrect username and incorrect password
see overdrive display '(1) Invalid patron or patron password'

http://bugs.koha-community.org/show_bug.cgi?id=1387

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:22:20 +00:00
42e731857d Bug 13871: [TITLE_AMENDED] Additional changes
The original perltidy patch from Mason has been amended.

The perltidy itself has been moved to a separate patch with the current
perltidyrc applied.

As noted on Bugzilla, the original perltidy patch included some extra
changes:
[1] You prefix timestamp with Sip
    This is not actually needed (it is imported), but if we should prefix it,
    we should prefix now with C4::SIP::Sip. But you only changed two
    occurrences (out of 26). So I remove these two changes.
[2] You remove the $server parameter from two calls of maybe_add:
    A closer look at the remaining code tells me that $server is always
    passed to maybe_add for FID_SCREEN_MSG. So this only left me the
    current whitespace change.
But at least we documented what we did or did not, and why..

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:22:19 +00:00
a5babb0eff Bug 13871: Adjusted perl tidy on MsgType.pm
Run perltidy pro=xt/perltidyrc on the file.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:22:19 +00:00
9be221b14e Bug 15968: Unnecessary loop in C4::Templates
From C4::Templates::output

     # add variables set via param to $vars for processing
     for my $k ( keys %{ $self->{VARS} } ) {
         $vars->{$k} = $self->{VARS}->{$k};
     }

This loop is not necessary, we could do the same with

     $vars = { %$vars, %{ $self->{VARS} } };

After a quick benchmark, it gains 100 microseconds when we pass 170 vars
to the template.

Test plan:
Do some clicks on the interface, everything should be ok.

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
  Perl idiosyncratic way of merging hash, clearer, if not quicker (not
  verified)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:20:00 +00:00