This is a follow-up for bug 17674. Expected and late serials must be
checked by default.
Test plan:
Have some serial collection and notice that the checkboxes are checked
for expected and late serials
/serials/serials-collection.pl?subscriptionid=42
Signed-off-by: Timothy Alexis Vass <timothy_alexis.vass@ub.lu.se>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Content should use the description rather than the code
Test plan
1/ Enable 'UseCashRegisters'
2/ Make some payments against a cash register
3/ Navigate to the cash register summary page via tools > cashup
registers > register name
4/ Note that the payment type you selected at payment time appears as
the code of the authorized value as aposed to the description.
5/ Apply patch
6/ Refresh page
7/ The payment type should now contain the description
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
On the registers page the table has come complex data structures
embedded to allow for all the functionality we bring into the datatable.
We should hide the table on page load and only display it at DataTables
init time once the weird content has been beautified by DataTables.
Test plan
1/ Enable 'UseCashRegisters' and 'EnablePointOfSale'
2/ Add a cash register and make some transactions against it.
3/ Navigate to the 'Register details' page
4/ Note that some 'funky' JSON strings appear in the table briefly
before it is restyled when DataTables loads.
5/ Apply the patch
6/ Rebuild the CSS from the SCSS files
7/ Reload the page (hard reload to get the CSS changes)
8/ Note that the table now only appears once the nice formatting that
DataTables adds is applied.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The assumption on bug 26119 was wrong. We actually store patron's
attributes during self-registration if
PatronSelfRegistrationVerifyByEmail is not enabled.
Test plan:
Test the different combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail
Confirm that the patron's attributes appears during self-registration if
PatronSelfRegistrationVerifyByEmail is not set.
Confirm that the patron's attributes are stored when they are displayed
on the self-registration form
Confirm that you can edit the patron's attributes in any cases (if they
are marked as editable at the OPAC)
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Click event on select element if Firefox does not work as expected, so
this patch changes the event to focus for it to work seamlessly in both
browsers.
https://bugs.koha-community.org/show_bug.cgi?id=26899
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the QA tools happy and follows correct procedures for passing data to
and rendering data from the api
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1 - Place a number of holds on a record
2 - Have different pickup locations for the holds
3 - Have some libraries that are not pickup locations
4 - Load the holds tab for the record and note libraries not pickup locations are not in dropdowns
5 - Apply patch and restart all things
6 - Reload the holds table
7 - Click on a dropdown, note the spinner, should load successfully
8 - Confirm the dropdown matches the options before the patch
9 - Confirm updating the hold location works
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This squashed commit fixes:
- a small error in the checkouts related JS
- GetRenewCount now returns 6 values when a call to it succeeds, a
failed call should also return the same number of values. This commit
adds these additional values.
- Some changes in issue.t had broken the tests for unseen renewals (the
unseen tests were using variables that had been moved out of the tests'
scope).
- Also now using Koha::CirculationRules::set_rules to set circ rules
rather than using SQL queries.
- Fixed expected number of return values from GetRenewCount
- Moved unseen tests in issue.t to the bottom of the file to remove the
risk of interference with other test circ rules.
- There was a real mess in C4/Circulation.pm due to a bad rebase back in
February. Frankly it's a wonder anything worked at all. This commit
fixes that problem and reinstates the correct patch for
C4/Circulation.pm
- Somehow I'd never noticed this before but the columns in smart-rules.tt
were misaligned when UnseenRenewals was turned off. This was due to the
display of a <td> not being conditional when it should have been. This
is now fixed.
- This commit also fixes items 1 & 2 descibed by Katrin in comment #74 ->
comment #76.
- Fixed missing check for too_unseen in opac-user.tt, this test did used
to exist but got lost during sizeable rebase a few weeks ago :-(
- Added test for too_unseen to all AUTO_RENEWAL notice templates apart
from de-DE (as previously requested by Katrin)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
As highlighted by Katrin, the selfcheckin module was not aware of this
work. This commits gives it awareness of the too_unseen renew error and
the "seen" argument that can be passed to AddRenewal
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch implements changes requested by Katrin in QA feedback
(comment #38):
- Fix QA script failures
- Fix alter table column order mismatch
- Use new convention for JS strings
- Fix terminology
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds support for unseen renewals.
Here we retrofit knowledge of unseen renewals and add the display of unseen
renewal counts and warnings, in addition to adding the ability to
specify a renewal as being "unseen".
The functionality added here is goverened by the UnseenRenewals syspref.
Signed-off-by: Sally Healey <sally.Healey@cheshirewestandchester.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the ability to set the "Unseen renewals allowed" value
in the circulation rules
Signed-off-by: Sally Healey <sally.Healey@cheshirewestandchester.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds:
- An "UnseenRenewals" circulation syspref that enables/disables the
functionality added in this bug
- Add unseen_renewals_allowed to circulation_rules
- A change to the issues & old_issues table schemas and corresponding
database upgrades to add issues.unseen_renewals &
old_issues.unseen_renewals
Signed-off-by: Sally Healey <sally.Healey@cheshirewestandchester.gov.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch place profile buttons in the bottom of the page, next to "Stage for import"
It removes the "Update profile" button, and changes "Add profile" to "Save profile". Save profile can be used to add and to update a profile.
It also adds feedback when a profile was saved or deleted.
Last, it also replaces input-batch-profile endpoint name for input_batch_profile, which is more aligned with other endpoint names.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Agustin Moyano <agustinmoyano@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the logic and the needed UI elements to be able to pre-load an import profile. It also displays which profile was used to stage an import in staged import manager.
To test:
1. Apply all patches
2. Updatedatabase
3. Go to Stage MARC records for Import tool in admin, and upload a file with MARC records.
CHECK => after uploading, there is a fieldset with the legend “Profile settings”
=> inside the fieldset there is a select labeled “Pre fill values with profile”. The only value it has is “Do not use profile”.
4. Change some settings, and set “profile 1” as profile name and click on “Add profile”
SUCCESS => The select now has the new profile selected
5. Change profile select to “Do not use profile”
SUCCESS => Default values are now displayed in the form
6. Reload the page and upload the file again
SUCCESS => the select still has the profile recently added
7. Select the profile, change some parameter in the form and set the profile name to “profile 2”, and click add profile
SUCCESS => there are two profiles now, and if you toggle between them, the parameter changes
8. Select profile 1, change one parameter and click on update profile
SUCCESS => if you toggle that profile with the other, the new parameter of the value is shown when you select profile 1
9. Select profile 2, change some parameter and click Add profile (leaving the name as profile 2)
SUCCESS => the page complains there is another profile with the same name, and asks if you want to replace it.
10. Click on accept
SUCCESS => profile 2 now has the new value in the parameter
11. Select profile 2 and change the name to profile 1
SUCCESS => the page complains there is another profile with that name, and asks if you want to replace it
12. Click on accept
SUCCESS => in profile select there is only one profile called profile 1 that has the values of profile 2
13. Select profile 1 and click remove profile
SUCCESS => there is no profile in profile select.
14. Create a profile and click on “Stage for import”
15. Go to Staged MARC management page
SUCCESS => Improt should have the name of the profile in profile column, and when you click on the file name, there should be the name of the profile in the details.
16. prove t/db_dependent/ImportBatch.t t/db_dependent/api/v1/import_batch_profiles.t
17. Sign off
Signed-off-by: Abbey Holt <aholt@dubuque.lib.ia.us>
Signed-off-by: Abbey Holt <aholt@dubuque.lib.ia.us>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds patron's hold history in OPAC.
To test:
1. apply this patch
2. Find a patron, place several holds and cancel or fulfill them
3. Go to patron's opac
CHECK => There is no 'your holds history' option in menu
4. In admin preferences enable OPACHoldsHistory
5. Go back to patron's opac
SUCCESS => There is a 'your holds history' menu option
=> Holds history displays all holds
6. Change order, and list limit
SUCCESS => All controls work as expected
7. Sign off.
Signed-off-by: Todd <tgoatley@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Copies the hints on the other email fields highlighting the existing
global pref.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Just branch => library and some ending punctuation.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit implements the feedback from Katrin in comment #103 ->
comment #108:
- Fixed rebase issue mentioned in comment #103
- Fixed ILL notice display mentioned in comment #106
- Fixed bug with metadata display, though not the issue that was
mentioned in comment #107
- Fixed buttons display mentioned in comment #107, in addition to some
more buttons suffering the same issue
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit fixes this bug, it was broken in a number of ways.
Fixes include:
- Added necessary config block in C4::Letters to enable the TT notice
syntax introduced in an earlier commit to work
- Changed template variables to refer to singular objects rather than
multiple e.g. borrowers -> borrower
- Fixed missing / misnamed variables
This commit also implements the additional syspref checks suggested by
Katrin in comment #87
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the ability for ILL to send notices, both triggered by
staff and triggered by events.
Staff can trigger notices to patrons from the "Manage ILL request" screen:
- ILL request ready for pickup
- ILL request unavailable
- Place request with partners
The following notices to staff are triggered automatically:
- Request has been modified by patron
- Request has been cancelled by patron
Branches can now specify an "ILL email" address to which notices
intended to inform staff of changes to requests by patrons can be sent.
The sending of notices is controlled by a few new sysprefs:
- "ILLDefaultStaffEmail" - Fallback email address for staff ILL notices
to be sent to in the absence of a branch address
- "ILLSendStaffNotices" - To specify which staff notices should be sent
automatically when requests are manipulated by patrons
Patron notices are also controlled by the patron's messaging
preferences
Sponsored-by: PTFS Europe
Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@it-tallaght.ie>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Here we're just adding ILL notices to the existing "letters"
infrastructure so notices can be displayed and edited
Sponsored-by: PTFS Europe
Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@it-tallaght.ie>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds two new sysprefs. 'ILLDefaultEmail', 'ILLSendStaffNotices' and a new column to the
branches table called 'branchillemail'. It also adds five ILL related
notices.
Here we are providing the ability for a branch to have a dedicated email
address for it's ILL staff, the idea being that any notices sent by ILL
to staff need to go to specific staff, rather than the general branch
email address. If no branch specific address is defined, the address
specified in the ILLDefaultEmail syspref is used.
We're also providing a syspref 'ILLSendStaffNotices' to allow the user to specify which
notices should be sent to staff upon certain events.
We are also providing patron messaging preferences for the two patron
bound notices
We are also providing five notices for various ILL related events.
Sponsored-by: PTFS Europe
Signed-off-by: Niamh Walker-Headon <Niamh.Walker-Headon@it-tallaght.ie>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit makes the changes suggested by Katrin in comment #50:
- Changed syspref from RecordIssuer to RecordStaffUserOnCheckout
- Changed terminology from "issue" to "check out" and variations
- Fixed name display to use patron-title.inc
- Made issuer column DEFAULT NULL consistently between issues and
old_issues and between the DB update and kohastructure.sql
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the recording and display of the item issuer. This
behaviour is governed by the RecordIssuer syspref, if disabled (the
default), no recording or display of issuer will take place.
Signed-off-by: Ben Veasey <B.T.Veasey@lboro.ac.uk>
Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the "RecordIssuer" syspref, which is disabled by default
Signed-off-by: Ben Veasey <B.T.Veasey@lboro.ac.uk>
Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan - Regression
1/ Login to the OPAC as a user with various account charges and payments.
2/ Navigate to the 'Your charges' page.
3/ Compare the display of the table before and after applying the
patchset. They should match.
Test plan - Sync
1/ Compare koha-tmpl/intranet-tmpl/prog/en/includes/accounts.inc with
koha-tmpl/opac-tmpl/bootstrap/en/includes/accounts.inc.
2/ They files should match after the patch is applied.
Test plan - Translation
1) ./translate update fr-CA
2) Open fr-CA-opac-bootstrap.po and translated this part
msgid ""
"%s %s %sPayment %sWriteoff %sForgiven %sCredit %sLost item fee refund "
"%sRefund %s%s %s %s %s %sAccount creation fee %sAccount renewal fee
%sLost "
"item %sManual fee %sNew card %sFine %sLost item processing fee %sRental
fee "
"%sDaily rental fee %sRenewal of rental item %sRenewal of daily rental
item "
"%sHold fee %sHold waiting too long %s%s %s %s %s "
3) ./translate install fr-CA
4) Login to the OPAC as a patron with various charges
5) Check 'My charges' (in fr-CA) to confirm the translations have been
picked up.
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Adding the new offset type and credit type to the include so it can be translated.
Also suggest shortening the db description a bit.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=24063
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the logic to create a cancellation accountline and
apply it to the charge line so we correction record the transaction in
terms of double entry accounting standards.
Test plan:
1. Go to a patron's accounting section
2. Create a manual invoice
3. In Transactions tab, you should see a 'Cancel charge' button. Click
on it. It should now be marked as cancelled
4. A cancellation line should be associated with the original charge.
5. Create another manual invoice
6. Pay it (partially or fully)
7. Notice that the 'Cancel charge' button is not available
8. Void the payment
9. 'Cancel charge' button is available again. Click on it and verify
that it still works
10. prove t/db_dependent/Koha/Account/Lines.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=24063
Bug 24603: Fix number of unit tests
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=24063
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
There is already a button to void a payment. It should be possible to
cancel a charge too.
This patch adds a button in patron's accounting section (Transactions
tab) that allow to cancel charges.
Charges that have been fully or partially paid cannot be cancelled.
It also fixes Koha::Account::Line::is_credit by looking at
credit_type_code instead of amount (amount can be 0 for voided payments)
It also fixes the tests for Koha::Account::Line::void when database does
not contain the borrowernumber 51 (the default in
t::lib::Mocks::mock_userenv)
Test plan:
1. Go to a patron's accounting section
2. Create a manual invoice
3. In Transactions tab, you should see a 'Cancel charge' button. Click
on it. It should now be marked as cancelled
4. Create another manual invoice
5. Pay it (partially or fully)
6. Notice that the 'Cancel charge' button is not available
7. Void the payment
8. 'Cancel charge' button is available again. Click on it and verify
that it still works
9. prove t/db_dependent/Koha/Account/Lines.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Adds a hint about the new configuration option to the existing
system preference sectoin.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Apply patch, update database, restart services
2) Enable decreaseLoanHighHolds sysprefs if not already active
3) Go to circulation rules and set a value under 'Decrease loan holds
(day)' that is DIFFERENT from decreaseLoanHighHoldsDuration
4) Check out an item with holds and confirm that the value from the rule
is used instead of the system preference
5) Confirm tests pass before and after the patch
t/db_dependent/DecreaseLoanHighHolds.t
Sponsored-by: Catalyst IT
Signed-off-by: Lisette Scheer <lisetteslatah@gmail.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds handling for the display of the two new messages added
by this patchset in the returns screen.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds handing for the new values available for the lostreturn
policy settings.
* undef - Do nothing, leave fees and fines as they were at the point of
lose.
* refund - Refund the lost item fee only
* charge - Refund the lost item fee and charge a fresh overdue fine
dated for a return on the date the item is 'found'
* restore - Refund the lost item fee and restore the original overdue
fine (dated for a 'return' on the date the item was 'lost'
Test plan
1/ apply patch
2/ updatedatabase, restart_all
3/ verify finesmode and CalculateFinesOnReturn and WhenLostChargeReplacementFee are on
4/ verify WhenLostForgiveFine is set to "Forgive"
5/ verify circ rules include fines
6/ set Default lost item fee refund on return policy to "Refund lost item charge"
7/ create 4 overdue checkouts that will incur fines
8/ run fines.pl
9/ confirm 4 items checked out with accruing fines
10/ confirm all 4 items have a replacement price
Item 1
11/ mark the first item lost
12/ verify that fine is gone and lost fee has been charged
13/ check item in
14/ verify that lost fee is gone and overdue charge has not returned
Item 2
15/ set Default lost item fee refund on return policy to "Refund lost item charge and charge new overdue fine"
16/ mark second item lost
17/ verify that fine is gone and lost fee has been charged
18/ check item in
19/ verify that lost fee is gone and a new overdue charge has been made
Item 3
20/ set Default lost item fee refund on return policy to "Refund lost item charge and restore overdue fine"
21/ mark third item lost
22/ verify that fine is gone and lost fee has been charged
23/ check item in
24/ verify that lost fee is gone and the old overdue charge has been restored
Item 4
25/ set Default lost item fee refund on return policy to "Leave lost item charge"
26/ mark fourth item lost
27/ verify that fine is gone and lost fee has been charged
28/ check item in
29/ verify that lost fee remains and the overdue charge is still gone
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Some js variables are not properly escaped and can be executed if
containing javascript.
1. have some waiting reserve attached to a desk
2. change this desk name to : <script>alert("❤");</script>
3. go to user's checkout page (circulation.pl) and click on the
Hold(s) tab
4. you should see some popup with a ❤ in it.
5. apply patch and refresh page
6. now you should see the desk name printed properly in the page:
<script>alert("❤");</script>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
forgot to update two pages when I wrote Hold->desk to replace
Desks.GetName.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
fix obvious problems:
1. qa -c 8 -v 2
2. should be green
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
