No change is expected on this view as the table is not part of the table
settings.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To be nicer with translators.
Update the PO files for whichever languages will show how this is
useful.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Rebased-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This follow-up corrects the markup so that if a value is entered in the
"Remote image" field, the correct tab will be selected upon page load.
The patch also corrrects the input name on the "No image" field so that
the option works correctly.
To test, apply the patch and edit an authorized value.
- Select an icon from an icon set. Save, and then re-edit.
- The correct icon set tab should be activated.
- Select "No image," save, and re-edit.
- The "No image" tab should be selected.
- On the "Remote image" tab, enter a remote image url, e.g.
https://via.placeholder.com/50/FF0000/FFFFFF.png. Save and re-edit.
- The "Remote image" should be selected.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates the authorized values edit interface so that it uses
Bootstrap tabs instead of jQueryUI tabs for displaying icon sets.
Normally Bootstrap tabs don't have to be initiated via JavaScript, but
this page requires some JS to select the first tab as active if no other
tabs are active. Because of the way the template works it's not simple
to do it via template logic, so in this case some JS helps.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Go to Administration -> Authorized values in the staff interface.
- Select a category and then add or edit an authorized value in that
category.
- On the edit page you should see tabs under "Choose an icon."
- Confirm that the tabs look correct and work correctly.
- If you did not previously have any icon selected, the "None" tab
should be active.
- If you had an icon selected, that icon set's tab should be
active.
- Confirm that changing icons works correctly and that the
selected icon's tab is always active when you return to the edit
page.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds the option of using a remote image for an authorized
value, just as you can with item types.
To test, apply the patch and go to Administration -> Authorized values.
- Click "CCODE" to view the collection authorized values.
- Edit a collection code.
- In the form, under "Choose an icon," there should now be a "Remote
image" tab.
- Enter a remote image url, e.g. https://via.placeholder.com/50/FF0000/FFFFFF.png
- Click "Save."
- After the page redirects to the list of collection codes you should
see your image in the table next to the code you edited.
- Test that you can still edit a collection to set "No image" or to
use one of the local image sets.
- Test that remote images can also be added when adding a new
collection.
- Make sure "ccode" is in the "AdvancedSearchTypes" sytem preference.
- Go to the catalog's advanced search page and click the "Collection"
tab.
- You should see your collection image in the list of collections.
- Perform the same check in the OPAC.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
JD amended patch: fix indentation
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds comments to the template to highlight the markup
structure.
This patch should have no effect on the page's appearance or
functionality.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch performs general template cleanup to authorized values
administration: Make indentation consistent, replace tabs with spaces,
and trim trailing whitespace.
To test, apply the patch and go to Administration -> Authorized values.
Test that all functionality works correctly:
- Adding or deleting categories
- Adding, editing, and deleting authorized values.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
On bug 29844 we decided to remove wantarray from Koha::Objects->search.
Reviewing the difference occurrences I found some unnecessary uses of ->as_list,
where iterators should be used instead.
This patch only removes the obvious places, not the tricky ones.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test:
-Go to Administration > Authorized values
-In any category, new or existing, look at an authoized value.
-The description and OPAC description inputs both have a maxlenght of 200 but you cannot see very many characters.
-Apply patch
-Look again, the inputs are much bigger and you can see many more characters.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes minor HTML corrections to several templates, primarily
to wrap form help text in <span class="hint"> or <div class="hint">.
To test, apply the patch and rebuild the staff interface CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
View the following pages to confirm that forms look correct:
- Administration -> Authority types -> Authority type -> Edit.
- Administration -> Authority types -> Authority type -> MARC structure.
-> Subfields -> Edit.
- Administration -> Authorised values -> View category -> New authorized
value.
- Administration -> Credit types -> New credit type.
- Administration -> Debit types -> New debit type.
- Administration -> Item types -> New item type.
Also changed: Added link to ITEMTYPECAT authorized value page for
users with the correct permission.
- Administration -> MARC frameworks -> MARC structure -> Edit subfields.
- Administration -> Patron attribute types -> New patron attribute type.
- Administration -> Share content with Mana KB.
- Administration -> Z39.50/SRU servers -> New Z39.50 server.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This bug adds a cancellation reason authorised values to article requests
To test:
1. apply this patch
2. updatedatabase
3. in staff interface go to /cgi-bin/koha/admin/authorised_values.pl
CHECK => AR_CANCELLATION category should appears
4. place several article requests
5. in staff interface go to /cgi-bin/koha/circ/article-requests.pl
6. select multiple requests, or just one and cancel them
SUCCESS => a modal pops up offering to select a cancellation reason
CHECK => message_queue table has messages with cancellation reason included
7. repeat steps 4 to 6 but for /cgi-bin/koha/circ/request-article.pl
8. cancelling article requests from opac interface should work just as before
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Swapped the order of the page titles to have the unique information
first, i.e. the name of the specific page displays first, and the name of the website (e.g. Koha) displays at the end.
To test:
1) Apply patch
2) Ensure each of the files in the admin folder are swapped around to display the most unique information first, and the website name is at the end
3) Ensure the pages displayed on the Staff Client that correspond to these files also display the changes
Sponsored-by: Catalyst IT
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Henry Bolshaw <bolshawh@parliament.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the "size" attribute from <select> tags where the
value of the attribute is 1. The attribute is unnecessary because the
default value when the attribute is undefined is 1.
This will allow for more careful sizing of <select> tags without a size
attribute while preserving the desired behavior of <select> tags which
have a size greater than 1.
The patch modifies 83 files but makes the same minor corrections to
each. I think examining the diff is sufficent, or testing a
representative set of pages:
- Administration -> MARC frameworks -> MARC structure -> Edit tag:
The "Authorized value" select.
- Patrons -> New patron: The "Library" select.
- Reports -> Patrons with no checkouts: The "Into an
application" selects.
If anyone would like help testing any particular template I can
follow-up.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I think the "breadcrumbs" ID is worth saving for past and future CSS
customization reasons.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes some indentation changes to make things (in my opinion)
more consistent. Diffing while ignoring whitespace should show no
changes except to acqui/basket.tt where some lines were broken up.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Modified breadcrumbs to be accessible, in particular for a
screen-reader.
Made the block of breadcrumbs be a <nav aria label="Breadcrumb"
class="breadcrumb"> with an ordered list inside. The last breadcrumbs
also has aria-current="page" to specify that it is the current page.
To test:
1) Apply patch
2) Build scss file
3) Ensure each of the files in the admin folder has breadcrumbs that are
in a <nav aria label="Breadcrumb" class="breadcrumb"> block
4) Ensure that there is an ordered list in the block of breadcrumbs
5) Ensure that the last breadcrumb has aria-current="page"
6) Ensure that the breadcrumbs on each page of the staff client
belonging to these files look the same as before, but the '>' symbol
is replaced with '/' and the last breadcrumb has bold text
7) Ensure that when the last breadcrumb is clicked it takes you to the
page you are currently on
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test:
- go to a category with at least one value, see the complete breadcrumb "Home › Administration › Authorized values › Authorized values for category" with link on the 3 first menus
- create a new category / go to an empty category ; see the incomplete breadcrumb "Home › Administration › Authorized values" with link only on the 2 first menus
- Apply patch
- go to category with at least one value, breadcrumbs should look like Home › Administration › Authorized values › Authorized values for category CATEGORY
- got to category with no values, breadcrumbs should look the same as category with values
Signed-off-by: Amit Gupta <amitddng135@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch corrects a parameter in the authorized values template so
that the right value is passed for displaying the description of an
authorized value category.
To test, apply the patch and go to Administration -> Authorized values.
- In the table of authorized values, click on one which has a
description in the "Description" column.
- On the page titled "Authorized values for category XXX," you should
see that description under the heading.
- Use the "Show category" dropdown to try some other categories.
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Duplicate element IDs on the authorized values page are invalid and
cause a problem with the JavaScript intended to submit the form when the
category select field changes.
This patch changes the ID of the label and the field and makes the
corresponding change to the JavaScript.
To test, apply the patch and go to Administration -> Authorized values.
- Click an authorized value category to view its contents.
- Using mouse or keyboard, make a selection from the "Show category"
dropdown menu.
- The form should submit automatically and direct you to the
corresponding category.
- Validate the HTML of the page and confirm that there are no errors.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This follow-up makes two additions:
- The UPLOAD category is added to auth_val_cat.sql for new
installations.
- A description of the category is added to the authorized values
template.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We have different classes we can use to set specific behaviours on
table columns: title-string, string-sort, anti-the and NoSort.
We should not need to pass them to the DataTable constructor, we could
teach it that we always want to apply them.
It will avoid bug like bug 26233
The goal is to define them in a centralised place
(columns_settings.inc) then only use the class on the th
Test plan:
Different behaviour and tables must be tested to confirm it works
correctly. Focus must be put on table when aoColumnsDefs is passed from
the template and confirm that this will add more info to aoColumnsDefs
and not remove the existing ones.
Note that this only work when KohaTable is used.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This new patch set is adding a new DB field is_system to distinguish
internal categories.
The list of internal categories is in the patch "DB changes - set
is_system for categories" and can be discussed/extended.
Test plan:
0.
- Apply patch
- updatedabase
1.
- Create a new AV category
- Create an authorised value
- List the AVs for this category
- Remove all the AVs for this category
=> You see 2 buttons "Add a new authorised value" and "Delete category
'XXX'"
- Click the delete button
=> You get a popup
- Accept
=> The category is deleted
2.
- List the AV for Asort1 (internal category)
/cgi-bin/koha/admin/authorised_values.pl?searchfield=Asort1
- Delete the AVs for this category (if there is any)
=> You do not see the "Delete category" button
3.
- Create a new AV category 'foo'
- Create an authorised value
- Hit /admin/authorised_values.pl?op=delete_category&categor_name=foo
=> You get an error message (expected because the category cannot be
deleted if it has AV linked)
=> message text:
=> An error occurred when deleting this authorized value category. Check the logs.
4.
- Hit /admin/authorised_values.pl?op=delete_category&categor_name=Asort1
=> You get an error message (expected because the category Asort1 cannot
be deleted, it's an internal category.
=> message text:
=> An error occurred when deleting this authorized value category. Check the logs.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
We now display the descriptions everywhere, so we should drop the
'code' from labels.
This changes text in a lot of playes in Koha, including:
- The relatives checkouts table when displayed for the guarantor
- The new order and order receive forms in acquisitoins (item creation)
- The description of CCODE in the authorised values table
- The column description on results in item search
- The branch tranfers page
- Course reserves: add reserve items (one and in batch)
- Patron account > statistics tab
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Try to create 2 AV with the same code for the same category.
You should see a warning
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lari Taskula <lari.taskula@hypernova.fi>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch corrects the Bsort1 typo in authorised_values.tt and changes the Bsort2 description to match Bsort1's.
To test:
1- Go to Administration > Authorised values
2- Make sure descriptions for Bsort1 and Bsort2 match their category and are the same (except for 1 and 2)
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds a missing "noExport" class to ensure that the "actions"
column isn't included in export and print views.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
The DataTable configuration wasn't working on the table showing an
individual category's authorized values because of a mismatch in the
table id. This patch corrects it.
To test, apply the patch and view the "Authorized values" page.
The initial list of categories should be displayed as a DataTable. Click
through to see the values defined for any category. The resulting table
of values should also be a functioning DataTable.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch changes the authorized values DataTables configuration to add
export options.
To test apply the patch and go to Administration -> Authorized values.
Test the "Export" button and confirm that the data is exported correctly
with each option.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch corrects the terminology and also updates the tooltip to use
the current bootstrap tooltip library.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch upgrades DataTables and makes some style changes to the
default DataTables toolbar style. DataTables assets are now combined and
minified using their download customizer, bundling together these
elements:
- JSZip 2.5.0
- pdfmake 0.1.36
- DataTables 1.10.18
- Buttons 1.5.6
- Column visibility 1.5.6
- HTML5 export 1.5.6
- Print view 1.5.6
- FixedHeader 3.1.4
DataTables assets have been moved from lib/jquery/plugins to
lib/datatables. The global header and footer include files are updated
correspondingly.
This patch removes the custom "four_button" pagination configuration and
updates pages which used it to use the built-in "full" type instead.
This is done for the sake of consistency and upgradability. This change
touches a lot of files.
Table-specific CSS has been moved from staff-global.scss to a new
include, _tables.scss. A second common include, _mixins.scss has some
variable definitions used in both files.
Many images have been made obsolete by this change and have been
removed.
To test, apply the patch and regenerate the staff client CSS. View
various pages in the staff client with tables:
- Not formatted by DataTables:
- Reports -> Most circulated items
- Catalog -> Search results
- Formatted by DataTables without column configuration
- Acquisitions -> Vendor search
- Lists
- Formatted by DataTables with column configuration
- Administration -> Libraries
- Administration -> Item types
- Reports -> Saved SQL reports
- Non-standard DataTables configurations:
- Circulation -> Checkouts
- Administration -> System preferences
- Reports -> Lost items
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch makes a number of changes in order to improve the way the
staff client's header menu adjusts at narrower browser widths:
- Updated version of Bootstrap 3.3.7 which includes the "collapse"
JavaScript plugin.
- Modified default Bootstrap CSS using Bootstrap's customization tool.
These changes facilitate the removal of some custom CSS (overriding
Bootstrap) from staff-global.scss.
- Added Bootstrap config file for loading customizations at
https://getbootstrap.com/docs/3.3/customize/
- Revised button classes for buttons in Bootstrap-styled toolbars.
The modified default CSS resets the base font size in Bootstrap to
better match our global CSS. A side-effect of this is that toolbar
buttons ended up looking smaller than they should. Changing the
button class solves this.
- Restructure the header menu in order to allow different rules to
govern the appearance of the navigational part of the menu
(Circulation, Search, etc) and the user menu (Set library, My
account, Log out).
- Modify the cart JS to so that the popup works well at narrow widths.
To test, apply the patch, regenerate the staff client CSS, and clear
your browser cache.
- Log in to the staff client and observe the layout of the header menu
as you adjust the browser to various widths.
- Confirm that sections of the menu "collapse" as the window gets
narrower.
- Confirm that dropdown menus behave correctly and that links work.
- Confirm that the Cart link works as expected when the cart empty
and when it has items.
- Install and enable multiple translations, including at least one
set of sub-languages (e.g. fr-FR and fr-CA).
- Test the appearance of the language menus in the footer at
various browser widths.
- View pages with button toolbars and confirm that they appear unchanged
(e.g. biblio detail page, patron detail page).
NOTE: While this patch is intended to make improvements to staff client
responsiveness, it does so within a limited scope. There are still many
pages which do not work well at narrower browser widths.
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
DataTables are used on enough pages in the staff client that it
doesn't make sense to put inclusion of the CSS into each template
where it is needed. This patch moves includes of datatables.css from
individual templates into the global header file.
To test, apply the patch and view various pages which have DataTables.
View various styles of DataTables, e.g.
- Full pagination, like item search results
- Four-button, like Saved SQL reports
Everything should look the same as it was.
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch redesigns the authorized values management interface. The
primary change is that the initial view of authorized values is now a
table listing all authorized values categories and their descriptions.
Descriptions have been added or updated according to the text of the
manual.
To test, apply the patch and go to Administration -> Authorized values.
- You should see a table of authorized values displayed in a
DataTables-formatted table.
- Click a category. You should be taken to the list of authorized
values for that category. If there are none defined you should see
a message saying so, including a button to add one.
- Click the "Add" button next to an authorized value category. It
should take you to the form for adding an authorized value to that
category.
Signed-off-by: Pierre-Marc Thibault <pierre-marc.thibault@inLibro.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Why? Because we must filter the variables when we display them.
If we escape them on assignement, they will be double escaped:
[% XXX = "<span>pouet</span>" | html %]
[% XXX | html %]
=> <span>pouet</span>
Also it will bring trouble if we are assigning a structure (see bug
21663 for instance).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several acquisitions templates to use the Bootstrap
grid instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags in the modified templates.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Administration -> Budgets
- View budgets list, view and edit budgets
- View budget -> Planning -> Plan by months
- Administration -> Funds
- View funds list, view and edit funds
- Acquisitions -> Vendor -> Contracts
- View contracts list, view and edit contracts
- Administration -> Audio alerts
- Administration -> Authorized values
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client catalog-related administration
templates so that JavaScript is included in the footer instead of the
header.
To test, apply the patch and test the JavaScript-driven features of
each modified template: All button controls, DataTables functionality,
tabs, etc.
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Edit: Rebased on Bug 19560
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Preparation:
- Add a branch with script in the branch name
- Add a patron category with script in the category name
- Add a new authorised value cateogory with script
- Add a new authroised value for this category with script
in all possible fields
- Test editing patron categories
- Test editing patron attribute types
- Test viewing and editing authorised values
Verify that with this script there is no more script executed
and everything works fine.
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch is amended to use the sysprefs search on all Administration
pages that do not have their own custom search.
To test:
1) Go to Administration
2) Notice Catalogue search at the top - seems out of place.
3) Apply patch and refresh page.
4) Notice admin / sysprefs search now shows and is more appropriate.
5) Confirm searching for sysprefs still works
This patch affects the following pages:
- admin-home.pl
- audio_alerts.pl
- authtypes.pl
- auth_tag_structure.pl
- authorised_values.pl
- biblio_framework.pl
- marctagstructure.pl
- branch_transfer_limits.pl
- branches.pl
- checkmarc.pl
- classsources.pl
- columns_settings.pl
- didyoumean.pl
- edi_accounts.pl
- edi_ean_accounts.pl
- fieldmapping.pl
- item_circulation_alerts.pl
- items_search_fields.pl
- items_search_field.pl
- item_types.pl
- koha2marklinks.pl
- matching-rules.pl
- oai_sets.pl
- oai_set_mappings.pl
- patron-attr-types.pl
- smart-rules.pl
- transport-cost-matrix.pl
- sms_providers.pl
Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch modifies the form for adding an authorized value so that
the category is a required fields.
Previously a new authorized value category could be saved with no data.
To test, apply the patch and go to Administration -> Authorized values.
- Click the "New category" button.
- Click the save button without filling in the category.
You should be prevented from submitting the form.
- Verify that filling in the required field allows the form to be
submitted.
- Perform the same test when editing an existing authorized value.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Follow-up for QA: Allow a blank authorised value to be created.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Amended test plan.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
