if QueryAutoTruncate enabled we will have any special operators ruined
for example: "test [6 TO 7]" will be converted to "test* [6* TO* 7]"
so no reason to keep ranges when QueryAutoTruncate set to "enabled"
1) enable QueryAutoTruncate at your sysprefs.
2) perform a search using range, for example: "[1999 TO 2020]",
it shouldn't work the way it's supposed to.
3) apply the patch.
4) perform the same search with range, ensure that it works correctly.
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch ensures that the behavior with
QueryRegexEscapeOptions set to values other than
"Escape" still will works as expected.
It does so by storing the contents of regexes
before escaping special characters and
then restores the contents of regexes back to how
it was before, ensuring that searching with regex is possible.
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Currently having exclamation sign at the end of the query makes ES
search fail, and when you try to search for a book that has exclamation
sign in the tittle (something like "Words! words") won't show results
correctly as it tries to negate everything that is after exclamation
sign, making it impossible to search for books that have in in the title
This patch escapes exclamation signs if it's at the end of the query or
has a space after it, resolving both of the issues listed above.
To reproduce:
1) with ES enabled, search for the book with title that contains
exclamation sight at the end, like "book!", this search should result
in error.
2) do another search, but this time find/prepare beforehand book with a
title that has exclamation sign with a space after it,
e.g "exclamation! sign", it shouldn't find it as ES treats everything
after that exclamation sign as negation.
2) apply the patch.
3) perform searches from the steep one and two again.
Search from step one should no longer fail, while search from the step
two should find that book.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch screens square and curly brackets which have no special
language meaning.
To reproduce:
1) using ES, search for the book with title that contains
square and/or curly brackets, like "book [second edition]", which will
result in error.
2) apply the patch.
3) search for that book again, ensure that it works now.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Currently searches like: "book:", ":book" and "host-item:test:n"
cause internal server errors.
This patch adds additional regexes that remove the colons at the start
and end of the query, and another regex that screens all follow-up
colons that go after the first colon to avoid errors when searching for
"host-item:test:n".
To reproduce:
1) using ES, search for the book with title that contains
semicolon at the start or at the end of the line, separated with spaces,
this should cause internal server error.
2) try doing the same with something like "host-item:test:n", it should
result in error as well.
3) apply the patch.
4) repeat steps 1-2, ensure that it works now.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds a min attribute to the fields on this page and adds
other cost related fields to validator
To test:
1 - Apply patch
2 - Browse to Administration->Item types
3 - Edit or create an item type
4 - Attempt to place a negative or non numeric value in:
Daily rental charge
Hourly rental charge
Default replacement cost
Processing fee
5 - You should not be able to
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
-1 Set the specify due date option to a date, don't check the checkbox
-2 Enter an unknown barcode
-3 Click on fast add
-4 Add a record
-5 Add an item (don't change the barcode!)
-6 The item is checked out to the patron
-7 Verify: The checkbox is "Remember for session" is checked now
-8 APPLY patch
-9 Do steps 1-6 again, this time "Remember for session" should be unchecked
-10 Do steps 1-6 again but this time do check the "Remember for session" checkbox.
-11 It should be properly checked
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Bug 28464: (QA follow-up) Correct test plan
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Use of uninitialized value in subroutine entry at /usr/share/koha/lib/Koha/Plugins/Base.pm line 182.
Test Plan:
1) Install the Kitchen Sink plugin ( it does not have a max versio defined )
2) Note the warning in your logs
3) Apply this patch
4) Restart all the things
5) No warning!
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
In most authentication forms we see :
Fields "Login:" and "Password:" with a submit button "Log in".
In some places submit button contains "Login", which is confusing for translation.
It is not correct according to terminology https://wiki.koha-community.org/wiki/Terminology#L
Also in opac-user.pl ":" is missing, it generates new translation entries.
Test plan:
1) Log out if you are logged in
2) Go to staff interface
3) Check you see button "Log in"
4) Go to OPAC page /cgi-bin/koha/opac-user.pl
5) Check you see fields "Login:" and "Password:"
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Since Bug 23777 added To.json, single quote escaping in value_builder/unimarc_field_4XX.pl is useless.
Test plan:
1) Use UNIMARC database
2) Define value builder unimarc_field_4XX on 463$t
3) Create a record B1 with 200$a : L'avion
4) Create a record B2
5) Click on value builder in 463$t
6) Search for record B1
7) Click on "Choose"
=> Without patch 463$t contains : L\'avion
=> With patch 463$t contains : L'avion
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds an extra unit test, to cover the case where the
UpdateItemLocationOnCheckin System Preference is set to "_ALL_: CART"
and the item being returned has no shelving location set.
Test plan:
1) Apply the patch provided earlier
2) prove -v t/db_dependent/Circulation/issue.t
...and sign off if all tests pass.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
JD amended patch: use 'is' instead of 'ok'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The UpdateItemLocationOnCheckin System Preference can be set to update the
location of ALL items during check in, regardless of their shelving location.
However, this does not currently work 100% as it is excluding items with no
shelving location (i.e. value of NULL in the corresponding database field).
This patch, based on the comment made by Nick Clemens, fixes that.
Test plan (based on the original Bug Description by Andrew Fuerste-Henry):
1) Have a shelving location CART
2) In UpdateItemLocationOnCheckin, enter "_ALL_: CART" (without the quotes)
3) Check in an item that has a shelving location, confirm it changes to CART
4) Check in an item with a NULL shelving location, confirm it doesn't go to CART
5) Apply this patch
6) Repeat step 4): this time the item should move to the CART shelving location
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch updates the JS comparison code to remove the '(All)' hint before comparing
to the current value
To test:
1 - Go to Administration -> Item types
2 - Edit a type to have a parent of another type
3 - Go to Administration -> Circulation and fines rules
4 - Add a rule for all categories for the child itemtype
5 - Add a rule for all categories for the parent itemtype
6 - Click edit on child type, note itemtype dropdown in editor correctly selected
7 - Click edit on parent type - note itemtype dropdown menu refers to 'All' itemtypes
8 - Apply patch
9 - Reload page and edit parent type rule
10 - Itemtype dropdown is correctly populated
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1 - Add to OPAC virtual host in apache conf:
SetEnv OPAC_SEARCH_LIMIT branch:multibranch-1
SetEnv OPAC_LIMIT_OVERRIDE 1
RequestHeader add X-Koha-SetEnv "OPAC_SEARCH_LIMIT branch:multibranchlimit-1"
RequestHeader add X-Koha-SetEnv "OPAC_LIMIT_OVERRIDE 1"
2 - Enable system preference OpacAddMastheadLibraryPulldown
3 - Create a library group enabled as OPAC search group (or make sure existing group 1 is an OPAC search group)
4 - Load the opac - dropdown does not pree-select the search group
5 - Apply patch
6 - Relaod opac - group is pre-selected!
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
We use match_count to determine if a new authority record should be created, however,
we were not adding this count to the cache, so if a record returned too many matches on first
lookup, we would create a new record on the second lookup
To test:
1 - Set Linker Module to 'Default'
2 - Enable AutoCreateAuthorities and BiblioAddsAuthorities and CatalogModuleRelink and LinkerRelink
3 - Add two copies of a single authority via Z39
4 - Add two headings for that authority to a bib record (e.g. a 610 and 710)
5 - Save the record and note a new authority is generated
6 - Repeat and see another is generated
7 - Apply patch
8 - Restart all the things
9 - Save the record again, no new authority created
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds get_column to ensure we are returning a string value of
a field rather than accidentally triggering a relationship accessor.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
commit f6e0b04f48
Bug 23271: Replace search_limited with search_with_library_limits
We were modifying the occurrences of:
Koha::Patron::Categories->search_limited;
with:
Koha::Patron::Categories->search_with_library_limits;
But between the patch submission and the push, another occurrence has
been added by bug 23590.
Test plan:
Create a new suggestion from staff and click "select manager"
Without the patch, notice the error:
The method Koha::Patron::Categories->search_limited is not covered by tests!
With the patch applied everything is working correctly
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Koha::ApiKeys is no longer the simple object we need to test
Koha::Object->store, let use Koha::Library::Groups
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the Koha::OAuth library use the new validation method
To test:
1. In master, enable RESTOAuth2ClientCredentials and have your
superlibrarian patron a client_id/secret pair generated
2. Use Postman to gain an access token with the client_id/secret pair
=> SUCCESS: This works in Koha
3. Use the access token to GET /api/v1/patrons
=> SUCCESS: It works
4. Apply this patchset up to the regression tests
5. Run:
$ updatedatabase
$ koha-plack --restart kohadev
=> SUCCESS: All good
6. Repeat 2
=> FAIL: You get an error trying to acquire an access token. Boo
7. Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail!
8. Apply this patch
9. Run:
$ koha-plack --restart kohadev
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
10. Repeat 2
=> SUCCESS: Your original client_id/secret pair works!
11. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove tt/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
https://bugs.koha-community.org/show_bug.cgi?id=28772
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes the apikeys.pl display the generated API secret once,
when generated. After that, it won't be displayed by the UI.
To test:
1. Generate a new API key
=> FAIL: The secret is displayed in the API keys table
2. Visit some other page, and go back to the API keys page
=> FAIL: The API key secret is there
3. Apply this patch
4. Go to More > Manage API keys
=> SUCCESS: It no longer displays the secret
5. Generate a new API key
=> SUCCESS: The API key details (including the secret) are displayed.
=> SUCCESS: A message telling to copy the secret because it won't be
displayed again is shown.
6. Repeat 4
=> SUCCESS: The secret is no longer displayed
7. Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch refactors the Koha::ApiKey class so:
- It encrypts the generated secret
- Allows accessing the plain text secret only immediately after the key
creation (this implies that it won't be accessible if the key is
fetched from the DB).
- It implements an allow list for attributes, that are not read only.
Changing any other of them will make ->store throw an exception.
- A method for validating plain text secrets against the encrypted one
is added.
- A method for accessing the plain text secret is added. Returns undef
if the object is not 'fresh'.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/ApiKey.t
=> SUCCESS: Tests pass! Expected behavior is confirmed
3. Sign off :-D
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch limits the accessibility for "Manage API keys" section only
to superlibrarians and the owner of that said API key account.
The way it does it is by checking if user is superlibrarian or if
logged-in user is the same as a patron id/borrower number is the same
as logged-in user number both in template and apikeys.pl and making sure
the link is inaccessible or redirects to the 403 page if user tries to
go there directly.
To reproduce:
1) create/pick existing patron, set Staff access, allows viewing
of catalogue in staff interface (catalogue)" and "Add, modify and
iew patron information (borrowers)" permissions on;
2) enable "RESTOAuth2ClientCredentials" in sysprefs;
3) login with that user into staff interface;
4) check any other patron, go to the "More"->"Manage API keys" and
check that you can see, add delete their API keys;
5) apply patch;
6) with that same user try to access "Manage API keys" page again.
Ensure that you can't access that page of other patrons but can
access your own page and manage your own API keys.
7) log in with superlibrarian now and ensure that you can access every
"Manage API keys" page of every patron and apply changes there.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Remove fields from OPACSuggestionUnwantedFields before creating the
suggestion
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
JD amended patch: remove useless sort
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The following sequence is bad:
46 my $suggestion = $input->Vars;
181 &NewSuggestion($suggestion);
All columns can be set when we insert the suggestion into the DB
We definitely want to avoid the following fields to be set by the final
user: acceptedby, accepteddate, STATUS, etc...
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch prevents an existing user from exploiting the patron edit form in order to
force create new patrons
To test:
Try all combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail
with and without this patch.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Security patch. Follow-up for 28929.
Including correction for gonenoaddress and two others.
Includes unwanted fields too now.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 28929: (follow-up) Add exec flag to tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
