See Comment 8.
Test:
When on first page of results, confirm that the 'First' and 'Previous'
buttons do not show. Confirm they come back on the second page and every
page after.
When on last page of results, confirm that the 'Last' and 'Next' buttons
do not show. Confirm they come back on all previous pages.
Check on both staff side and OPAC.
Sponsored-by: Catalyst IT
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds first and last page buttons to the pagination at the
bottom of a page of catalog search results.
To test:
1) Apply patch
2) Do a number of searches
3) For each search, ensure that the first and last page buttons work as
expected
Sponsored-by: Catalyst IT
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If you hit the renewal limit on the renewal tab, the message gives you a
message like:
"Windows 8 / ( 50610018249545 ) has been renewed the maximum number of
times by Johnny Test ( 12345678 )"
And has a button that reads:
"Ignore and continue"
This button is misleading, as it may be interpreted as "ignore the limit
and continue to renew the item".
Signed-off-by: Dominic Pichette <dominic@inlibro.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1. Place a hold on an item
2. Search for the patron who the hold is associated with
3. View the Hold(s) tab of the Checkouts page and notice there is a
column with the text 'Delete?' and a button below the table with the
text 'Cancel marked holds'
4. Apply patch
5. Notice that the column text described in step 3 now has the text
'Cancel?' and the button text is the same as it was in step 3
Sponsored-By: Catalyst IT
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
After order is deleted we don't have a vendor or basket so we get blank
breadcrumbs, this removes them
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan remains the same.
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Go to Acquisitions -> Find a vendor -> View a basket with orders in
it (or make a new basket and add an order)
2) Click Cancel order
3) Notice incomplete breadcrumbs, and 'Acquisition' typo
4) Apply patch and refresh page
5) Breadcrumbs should be fixed. Confirm links to vendor and basket work
as expected
Sponsored-by: Catalyst IT
Signed-off-by: severine.queune <severine.queune@bulac.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1 - Have a patron with guarantees
2 - Charge some fines to the guarantees
3 - View the patron
4 - Fines are displayed unformatted
5 - Apply patch
6 - Refresh
7 - Fines should now be formatted correctly
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When searching for a patron from the circulation tab, the results table
shows the date of birth unformatted.
Test plan:
Apply this patch, search for patrons in the circ tab and confirm that
the date of birth are correctly formatted according to the dateformat
syspref
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When CircSidebar is activated, "Transferred items" table at
Circulation -> Transfers goes under the sidebar. This patch fixes the issue.
To test:
1. Enable CircSidebar system preference
2. Go to cgi-bin/koha/circ/branchtransfers.pl
3. Enter a barcode and click submit
4. Observe transferred items table under the circulation side bar
5. Apply patch
6. Enter a barcode and click submit
7. Observe transferred items is now correctly displayed
8. Also test with CircSidebar system preference deactivated
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 19374: (follow-up) Remove stray closing div tag
To test:
1. Apply first patch and validate the document e.g. here
https://validator.w3.org/#validate_by_input
2. Observe "Stray end tag div." error
3. Apply this patch and validate again
4. Observe no errors
5. Go through test plan from first patch to make sure things still look nice
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: m23 <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This syspref is going to be used for populating field 008, range 15-17
with a desired default. It is currently hardcoded to 'xxu'. If not set,
it will still fallback to 'xxu'.
Signed-off-by: m23 <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
cataloging.js might not always be loaded with select2.js, so we should
check its availability to prevent JS errors
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Overview:
Repeat tag fails if authority field has select subfield (for example, UNIMARC 700$8, 800$a)
This patch adds Select2 to authority editor
Steps to Reproduce:
In authority editor repeat field that has select subfield
Actual Results:
Field does not repeat (copy is not created).
Console shows a js TypeError in cataloging.js: «$(...).select2 is not a function»
Expected Results:
Field will repeat (copy is created)
Additional Information:
Error happens in version 16.11+ after adding Select2 js functions. The easiest way to fix is to add Select2 to authority editor
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
0) Apply the patch
1) Go to administration -> system preferences -> staff client
2) Read the description by IntranetSlipPrinterJS and confirm it's right
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When created, batch_record_modification.tt has been based on
batch_delete_records.tt
These attributes are not used in the template and not set in the pl
script.
Since bug 18260, biblio is a Koha::Biblio and calling a non-existent
method will raise an error.
This patch get rid of the following error:
batch_record_modification.pl: Template process failed: undef error - The
method itemnumbers is not covered by tests!
Test plan:
Modify bibliographic records with the "Batch record modification" tool.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 7673 introduced SubfieldsToAllowForRestrictedEditing but bug 12176
broke it assuming that only selects were impacted by this feature.
Test plan:
Go back on bug 7673 and confirm that
SubfieldsToAllowForRestrictedEditing is working as expected with this
patch applied.
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
For clarification, the item fields that are entered in
SubfieldsToAllowForRestrictedEditing should EXCLUDE the desired
fields you want to disable.
Test plan (updated to test the scenario in the bug Description):
1. Create a patron with only the following permissions:
- catalogue (Required for staff login)
- editcatalogue -> edit_catalogue
- editcatalogue -> edit_items
- editcatalogue -> edit_items_restricted
2. Navigate to Administration -> Global system preferences -> Cataloging
-> Record Structure -> SubfieldsToAllowForRestrictedEditing
3. In the input field for SubfieldsToAllowForRestrictedEditing enter in
all the 952 fields EXCEPT the ones desired to be disabled. In this
case, we want to disallow editing of 952$2, 952$a, 952$b, 952$e, 952$h,
and 952$o so we enter the following into the
SubfieldsToAllowForRestrictedEditing (without quotes) "952$0 952$1
952$3 952$4 952$5 952$7 952$8 952$c 952$d 952$f 952$g 952$i 952$j
952$p 952$t 952$u 952$v 952$w 952$x 952$y 952$z"
4. Click Save all Cataloging preferences
5. Login to the staff client as the created restricted editing patron
6. Edit an item
7. Note that all fields except for the ones excluded from the syspref
are editable
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Prevent software error
Template process failed: undef error - text: filter not found at
/home/vagrant/kohaclone/C4/Templates.pm line 121.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
- Add a framework with script in the description
- Access the Keywords to MARC mapping page
- Add an item search field where both name and label are script
- Try to edit/delete the added mapping
With the patch no script should be executed and everything
should still work ok.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/biblio_framework.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Click on Actions -> MARC structure
6. Apply patch and reload, the js is escaped
Fixed for both the pages biblio_framework.pl and marctagstructure.pl
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/fieldmapping.pl
2. Add a text in the field Field name that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/authtypes.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Fixed for both Classification sources & Classification filing rules
To Test
1. first case classification source: Hit the page
/cgi-bin/koha/admin/classsources.pl?op=add_source
second case classification filing rules:
Hit the page /cgi-bin/koha/admin/classsources.pl?op=add_sort_rule
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Fixed for new and edit page
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/oai_sets.pl
2. Click on New set
3. Add a text in the field setSpec, setName that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/matching-rules.pl
2. Click on new record matching rule
3. Add a text in the field Description that contain js.
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/patron-attr-types.pl
2. Click on new patron attribute type
2. Add a text in the field Description that contain js.
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/itemtypes.pl
2. Add a text in the field Description, Checkin message that contains js
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Preparation:
- Add a branch with script in the branch name
- Add a patron category with script in the category name
- Add a new authorised value cateogory with script
- Add a new authroised value for this category with script
in all possible fields
- Test editing patron categories
- Test editing patron attribute types
- Test viewing and editing authorised values
Verify that with this script there is no more script executed
and everything works fine.
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>
To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Add script to the callnumber field on adding a subscription.
Verify script is executed without this patch, but not with it.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.
1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed
This works in combination with the other patches for XSS
on this bug.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
where number is the borrowernumber of the borrower you set the message
for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Edit: fixed tab-for-space errors (tcohen).
Signed-off-by: Magnus Enger <magnus@libriotech.no>
New categories are added to the pulldown and work as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
... when referring to the name of the vendor.
To test:
1) Confirm vendor shows on webpage title (tab name)
2) Confirm vendor shows in breadcrumbs
3) Confirm vendor shows in heading when viewing basket ('Basket x (1) for
vendor')
Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Create a record
2) Click Edit -> Edit record. open this in another tab
3) Delete the record in the original tab
4) Refresh the edit form in the other tab. Notice the software error
5) Apply patch and refresh page
6) There should be a nice error message with the form fields and buttons
hidden. Confirm links work as expected.
Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Add a layout grid to patron card creator to figure out the positions of text
fields, barcode and images.
To test:
- Apply on top of patch 18465
- Go to Home > Tools > Patron card creator
- Edit or create a layout
- Turn on new choice 'Guide grid' in section 'General settings'
- Leave 'Units' unchanged
- Crate a PDF using 'Card batches'
- Notice that card is printed with a layout grid that reflects selected unit
with each 5th and 10th line in different color, unit description displayed
bottom left, card dimensions displayed top right in small print inside the
layout grid
- Print PDF. Set printer settings in Adobe Reader or other PDF printing
software to 'Actual size' to prevent scaling to printer's printable
region
- Mesure out printed PDF and verify that grid corresponds to selecte unit.
- Go back to layout definition and choose an other unit, repeat steps
to verify that grid respects selected unit.
- Go back to layout definition, turn grid off, create PDF, verify that grid
does not display in PDF
Note for testers / QAers: Position of card elements (text, image...) do not
respect the unit, this will be fixed in Bug 18550
Followed test plan and it worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Images display correctly. Followed test plan and patch works as described.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the include files which contain the form fields for
city, state, zipcode, etc. shown on the patron entry screen. The files
are modified so that the city/state/zip <select> preselects a value
based on city, state, and zipcode matching the values in the
corresponding text fields.
To test, confirm that the bug's steps to reproduce are fixed:
- Enter two cities via Administration -> Patrons and circulation
-> Cities and towns:
Springfield, MA 01101
Springfield, VT 05156
- Edit a patron choosing, Springfield VT, and save.
- Edit the patron again and confirm that the correct city is
pre-selected.
- Confirm this result with all three different settings of the
"AddressFormat" system preference.
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Internal server errors are good, user feedback is better.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tiny change: removed the obsolete 'use Koha::Exceptions'.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the following changes:
[1] Removes Default from the template list. We should not merge with the
Default framework, since it does not have a reporting tag.
[2] Rearranges the error section in the template. It is confusing to have
two error sections in this template. The error CANNOT_MOVE is not used.
The error FRAMEWORK_NOT_SELECTED is replaced by WRONG_FRAMEWORK.
[3] Do not allow to merge a record with itself.
[4] Check if the merge reference record still contains any MARC tags.
[5] Additional polishing: Simplify passing frameworks to template. Remove
an unused Koha::Authority::Types->search. Remove obsolete POD header
for functions from the script.
Test plan:
[1] Select two authorities to merge. Verify that you cannot select Default
anymore as framework for the reference record.
[2] Reproduce error WRONG_COUNT by adding another authid=999 in the URL
after you selected two authority records for merging.
[3] Remove the third authid from the URL and change the first or second
authid into an unexisting record id. You should generate an Internal
Server Error. The log should show the exception message.
[4] Merge two authorities. Deselect all MARC tags. Should trigger the
error EMPTY_MARC in the template.
[5] Select the same authority record twice for merging. Should trigger the
error DESTRUCTIVE_MERGE in the template.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Create a budget, add a fund
2) Delete budget. Notice this is successful and triggers no warning
message etc.
3) Go to Funds. Notice the funds appear as if they are not there
4) Go into mysql and view the aqbudgetperiods table - notice the funds
are still there and are now inaccessible.
5) Apply patch
6) Create a budget, add a fund
7) Attempt to delete budget. Notice you can't click Delete button.
Confirm number of funds in hover message is correct.
8) Delete fund
9) Confirm you can now delete budget.
Sponsored-by: Catalyst IT
Signed-off-by: Felix Hemme <felix.hemme@thulb.uni-jena.de>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Some code fixes
See Comment 5. Ready to test.
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Code fix
See comment 10.
Ready for testing.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Prevent deletion from forcing URL
This patch adds a check in the script for existing funds so that the
budget cannot be deleted when forcing the URL and has other small fixes.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Prevent deletion if funds are added after clicking 'Delete' and before confirming delete
Followed test plan and patch works as described.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Followup correcting a typo of previous patch :
name="holdingbranch" options = branche
it is branche[s]
Test plan :
- Look at 'Current location' in item search
=> Without patch you see only 'All libraries'
=> With patch you see 'All libraries' and each existing library, like in 'Home library'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies multiple catalog-related pages in order to move
embedded JavaScript to the footer.
The JavaScript previously embedded in cat-toolbar.inc is moved to a
separate file (catalog.js).
To test, apply the patch and test JavaScript-driven interactions on all
modified pages, including JS which isn't page-specific (menus, help,
etc). The functionality of the catalog toolbar should be tested on each
page.
- Bibliographic detail pages (standard, MARC, labeled MARC, ISBD).
- Advanced search page
- Local cover image viewer
- Item search page
- Item detail page
- Search history page
- Checkout history page
https://bugs.koha-community.org/show_bug.cgi?id=17839
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Enable UseCourseReserves syspref
2) Go to Course Reserves
3) Add a new course if you don't already have one
4) Add an item to the course
5) Click 'remove' to delete the item from the course
6) Notice the item deletes straight away with no confirmation prompt
7) Apply the patch
8) Repeat steps 4 and 5
9) Confirm the confirmation box pops up and works as expected
Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Ensure UseCourseReserves is enabled
2) Go to Course Reserves, create a course
3) Edit course
4) Click Cancel
5) Notice you are returned to the courses home page rather than returned
to the course
6) Apply patch
7) Go to edit course and click cancel again
8) Confirm you are returned to the course and that this feels like the
natural expectation.
Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Go to Tools -> Clubs
2) Create a new club template if you do not already have one
3) Edit the template
4) Notice the URL is incorrect and the page is not found
5) Apply patch and go back to Clubs
6) Click edit button
7) Link should work as expected
Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the circulation template so that
itemBarcodeFallbackSearch results show in a modal window.
To test, enable the itemBarcodeFallbackSearch system preference and open
a patron's account in circulation.
- Submit a string which will return search results. When the page
reloads a modal should display showing a table of title search
results.
- Test the "Check out" button and confirm that the correct item is
submitted.
- Test closing the modal and re-displaying it using the new "Show
matching titles" button.
- Confirm that the "Add record using fast cataloging" button still
works correctly.
- Submit a string which will return no results. No modal window should
display, and only the "Add record" button should appear.
- Confirm that normal checkout works correctly.
- Test with itemBarcodeFallbackSearch disabled, and with a user who
lacks Fast Cataloging permission.
Revision removes a heading which was made redundant by the modal markup.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Same change as the first patch, but for the batch record
modification tool.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Changes the label from 'list of record numbers...' to
'List of biblionumbers or authority ids...' to make it
more clear to the user which kind of input is expected.
To test:
- Go to Tools > Batch record deletion
- Check the new description
- Decide if it's more clear or not
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Fixes misplaced columns introduced by previous patch and adds the "-" for phone
transport type.
To test:
1. Set SMSSendDriver system preference on
2. Go to intranet messaging preferences
3. By default you should see checkboxes for all messages for SMS
4. Ensure columns are not misplaced (pushing one column too much to the right)
5. Delete sms method from one of the messages in message_transports table
6. Observe that "-" is displayed instead of checkbox for that message for SMS
7. Repeat same for TalkingTechItivaPhoneNotification system preference.
By default it may not have transports in message_transports, so make sure
to assign some in order to have the checkboxes visible.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a note to the system preferences autonembernum and
BorrowerMandatoryFields regarding a conflict if automembernum is on
and BorrowerMandatoryFields contains cardnumber.
To reproduce issue: See initial comment.
To test:
- Apply patch
- Verify that in system preferences note appears with both prefs
automembernum and BorrowerMandatoryFields
Followed test plan, works as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch fills the column 'Collection' in item search from the item values.
To test:
- Go to item search
- Reproduce issue from initial comment
- Apply patch
- Verify that the column 'Collection' is filled
Still to do, but outside of my datatable skills:
Filter by drop down in the column header does a substring search.
Example: Filter for 'Fiction" returns both 'Fiction' and 'Non-fiction' items.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Laurence Rault <laurence.rault@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1. Create a patron category with the dateexpiry value of 29/9/2017
2. Create a patron user from that patron category (which I'll refer to as patron A) with the date
expiry value of 1/10/2017 and submit the form
3. Notice that the manual dateexpiry you have submitted is correctly
displayed
4. Create a duplicate patron with the same firstname and surname and
patron A, and set the date expiry value of 1/10/2017 and submit the form
5. The form displays a duplicate patron message. Notice that the dateexpiry input box is empty now
6. Select the new member (not a duplicate member) option in the
messagebox
7. The form successfully submits and notice that the date expiry value
displayed is that of the patron category (i.e. it is 29/9/2017) not the
dateexpiry value of 1/10/2017 that you manually set for this patron
8. Apply patch
9. Repeat step 4
10. The form displays a duplicate patron message. Notice the dateexpiry input box still
contains the value you entered which is 1/10/2017. Select the new member
(not a duplicate member) option in the messagebox
11. The form successfully submits and notice that the date expiry value
displayed is 1/10/2017 that you manually set for this patron
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Adds logic from the previous fix to the brief patron summary
shown when checking a possible patron duplicate.
Bonus: Also fixes missing patron category description there.
To Test:
- Add 2 patrons
- Add a patron with the same surname and firstname as an
existing patron in order to trigger the duplicate message
- Click "View existing patron"
- Verify display is correct when existing patron is
- an organisation
- not an organisation
- Verify that the patron category description shows
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Problem: A patron category "I" would cause display problems
on the details in the intranet. This is because the templates
confused patron category "I" with patron type "I" (organisation).
Patch:
- Cleans up variable confusion between categorycode and
categorytype.
- The template contained code to change the labels below
the address to 'Organisational phone:" etc., I have removed
this part as it does not match the edit form anymore.
- Initials, date of birth and gender are still hidden for
organisation - matching the edit form.
Bonus:
- The patron category description was missing on the
right and left side of the details tab. Now it displays.
- Fixes some html issues:
- doubled up class attribute in a tag
- doubled up </li></li>
To test:
- Create 3 patrons
- patron category code doesn't matter, but category type organisation
- patron category code 'I', category type NOT organisation
- patron category code NOT I, category type NOT organisaton
- Check details tab in patron account in staff for all 3
- Verify patron category description shows correctly
- Verify information added to the account displays correctly
(phone numbers, emails, ...)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Works as outlined in test plan, search terms now appear at top as h1 as well
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Go to Admin -> search for a system preference
2) Notice your search stays in the search box (this is inconsistent with
search behaviour across Koha)
3) Apply patch and refresh page
4) Make another search
5) Confirm search still works as expected and search terms have been
cleared from search box
6) Confirm search terms show at the top of the results
Sponsored-by: Catalyst IT
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds status 'Damaged' to 'Information' 'Status' in the items
table on 'Place hold' page.
To test:
- Apply patch
- In staff client, try to place an item level hold for items with 'Damaged'
status.
- Verify that the status 'Damaged' appears in the column 'Information'.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The "Pay selected" option on the Fines tab in the borrower account page doesn't work as intended.
The fine on top of the list gets the amount deducted, even if another fine is choosen from the list.
Test Plan:
1) Create two or three fines, using the Create manual invoice function.
2) Choose one of the fines (not the one on the top) and click Pay selected
3) Pay a partial amount
4) Go back to the Pay fines tab an notice that the fine you selected has not changed. Instead, either the top fine or the total (see attachment) has ben affected.
5) Apply this patch
6) Repeat steps 1-3
7) Note the correct fine is paid
Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a language selector menu to the top menu of staff client
similar to the OPAC.
Display of language selectors at top, bottom or both can be configured
with system preference StaffLangSelectorModer. It defaults to bottom.
To test:
- Apply patch
- Udate database
- Restart plack and memchached
- Go to staff client, verify that language selector displays at
the bottom of the page (as before)
- Go to system preferences, verify that there is a new preference
StaffLanguageSelectorMode (name similar to the sypref ror OPAC), and
that it is set to 'footer'
- Change mode for top, both and footer and verify, go to staff client
and verify for each that the language selector displays as appropriate
(Amended for comment #2 2017-06-02 mv)
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Serhij Dubyk {Сергій Дубик} <serhijdubyk@gmail.com>
The "by" after the title was not translatable in the result
lists of the intranet. This patch fixes it by removing
a comment, that caused a problem with the translation
scripts.
To test:
Test:
Before this patch in file en-GB-marc-MARC21.po present next paragraph:
msgid "by "
msgstr " by "
According string "by " in the file MARC21slim2intranetResults.xsl can not be translated (in other languages).
After applying this patch performed next command:
cd /usr/share/koha/misc/translator
sudo env KOHA_CONF=/etc/koha/sites/mykohainstance/koha-conf.xml PERL5LIB=/usr/share/koha/lib perl -I /usr/share/koha/lib "./translate" update
Now in the file en-GB-marc-MARC21.po present the following (modified) paragraph:
msgid "by "
msgstr " by "
https://bugs.koha-community.org/show_bug.cgi?id=17827
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The link is the same as the 'Add patrons' button in Actions dropdown,
but requires one less click, and makes finding the contents of the list
more obvious.
To test:
1) Go to Tools -> Patron lists
2) Create a patron list if you haven't already
3) Confirm that clicking the name of the list takes you to the correct
list and shows the expected content.
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
if club has no enrolled patrons
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If deleting the last club or template in a table, the row is deleted
from the webpage by ajax so the nice blue bubble message does not show.
This patch forces the page to reload so the blue bubble message shows
instead of the empty table.
To test:
Confirm that the blue message shows when tables are empty. Add a
template and a club, then delete a club. Confirm the page reloads and
the message shows. Test with template
Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch
1) Hides the club templates table if there are no club templates, shows
an appropriate message
2) Hides the clubs table if there are no clubs. Shows an appropriate
message for whether templates exist
3) Puts the actions in one column, or a dropdown menu
Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Translation for koha-tmpl/intranet-tmpl/prog/en/includes/patroncards-errors.inc
contains a lot of (partial) template directives like:
%%]%s %sLayout: [%%
This patch fixes it
To test:
- Verify that code changes make sense
- Apply patch
- Create a translation (cd misc/translator , then: perl translate create aa-AA
- Verify that in po/aa-AA-staff-prog.po contains no fragments like %%] or [%%
for patroncards-errors.inc
- Try to get an error: Try a link like
http://[YOUR SERVER]/cgi-bin/koha/patroncards/create-pdf.pl?batch_id=1&template_id=999&layout_id=999&start_card=1
...where template_id and layout_id do not exist
(Amended for comment #2 2017-06-05 mv)
(Amended for comment #6 2017-08-02 mv)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In manage-marc-import.tt, we have an abbreviation:
<abbr title="Differences between the original biblio and the imported" lang="en">Diff</abbr>
In translations (e.g. German), the line appears as follows:
<abbr title="Unterschiede zwischen Originaltitelsatz und importiertem Titelsatz" lang="en">Diff</abbr>
The lang attribute is wrong here, it is still "en".
The text language is the same as defined at the top of the page - or with other
words, the lang tag is superfluous.
This patch removes it.
To test:
Verify that code change makes sense.
Passes QA test and the change is logical
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes entries like the following in translations of itemsearch.tt:
"[%% INCLUDE form_field_select name=\"homebranch\" options = branches "
"empty_option = \"All libraries\" %%] [%% INCLUDE form_field_select name="
"\"holdingbranch\" options = branches empty_option = \"All libraries\" %%] %s "
"[%% INCLUDE form_field_select name=\"location\" options = locations "
"empty_option = \"All locations\" %%] %s "
New patch on top of Bug 18633 that resolves parts of initial comment.
To test:
- Verify that in itemsearch.tt no tt directives are splitted by new lines
(search for [% INCLUDE )
- Verify that itemsearch.tt works as before
Followed test plan and verified that tt directives are not split by new
lines, the changes to the fieldset tags in comment 3 have been removed
and itemtype.tt still works correctly as before
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Translation tool shows toe following for ncertainprice.tt
0; url=[% scriptname %]?booksellerid=[% booksellerid %]
This patch fixes it.
To test:
- Apply patch
- Verify that code change makes sense
- Verify that Home > Acquisitions > [vendor] > Uncertain prices for [vendor]
works as before
- Additional test (for a langunage 'aa-AA')
perl translate create aa-AA
verify that line 41 no longer appears in aa-AA-staff-prog.po
Amended to switch from BLOCK to a template variable, see comment #5
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
New patch without trailing IF construction in tt directives as
requested in comment #28
To test: Verify that translation tool no longer shows tt directives as
described in comment #1
New patch, needs SO.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Remove
[% BLOCK txt_continue %]Continue to the next step[% END %]
...and restore original text
See comment #19 and comment #20
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The new web installer for 17.05 has a great new design - but it has a lot of
translatability issues. Some strings are not picked for translations,
some expose the content of tt directives, and others are splitted by
html tags, resulting in small text fragments that are not easy to translate.
This patch weeds out such translation problems for step1.tt, step2.tt and
step3.tt
To test:
- Apply patch (on top of Bug 18665 because of html tags inside of
tt directives in step2.tt)
- Prepare a fresh install (drop database, create database)
- Walk through the installation process and verify that it works as before
- Verify that string changes (in English) make sense
- Create a translation( cd misc/translator, then perl translate create aa-AA)
then: vim po/aa-AA-staff-prog.po and search for: /installer\/step
Verify that strings for step1.tt, step2.tt, step3.tt are not fragmented,
do not contain [%%, and are easily translatable (make sense without having
to search in source files for context).
(Amended to remove some superfluous chomps 2017-06-27 mv)
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/patron_lists/lists.pl
2. Click on new patron list
3. Add a text in the field Name that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped
Fixed in both the pages list.pl and list.pl?patron_list_id=xx
xx is patronlist id
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test
1. Hit the page /cgi-bin/koha/acqui/parcels.pl?booksellerid=xx
xx is booksellerid
2. Add a text in the field Vendor invoice that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped
Fixed XSS for parcels.pl/parcel.pl/orderreceive.pl
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.
Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Fixed for js escaped execute for both pages
1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
xx - is a guarantorid
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
xx - is a guarantorid.
5. Notice it is no longer executed.
NOTE: I had to test in Microsoft Edge, because Chrome was blocking XSS for me.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped
Fixed for all holidays
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
xx - is a basketno.
5. Notice it is no longer executed.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the issue, follows common practice on the codebase.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/admin/z3950servers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search Z39.50/SRU servers box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search Z39.50/SRU servers box.
6. Notice it is no longer executed.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/tools/batchMod.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/tools/batchMod.pl?del=1
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/tools/batch_delete_records.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Record number list (one per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Record number list (one per line) text area.
6. Notice it is no longer executed.
7. Fixes for both biblio and authority records.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/acqui/invoices.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Invoiceno,
ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Invoiceno,
ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
6. Notice it is no longer executed.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/reports/cat_issues_top.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box.
6. Notice it is no longer executed.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?booksellerid=xx
xx is a booksellerid
2. Apply the patch and reload the page.
3. You can see vendor name in browser title bar.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This line was added by bug 12342 but seems to have stopped working.
These patches set default so this specific case should not be needed.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes 2 changes:
1 - Global datepicker defaulted to c-100:c+10
2 - Dateofbirth datepicker defaulted to c-100:c
To test:
1 - Open some date pickers (patron entry, subscriptions, anywhere really)
- Make sure to check some dateofbirth datepickers
2 - Note that default is 10 years in either direction, updated when you
select
3 - Apply patch
4 - Note we now get -100 years / +10 years from current selection
5 - Now find a dateofbirth datepicker and note default is -100:+0
6 - Sign off
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This is a recurrent bug we have over the last years. When a script is
called with non-existent borrowernumber it will crashes.
We need to handle this gracefully instead of letting the script crashes.
On bug 18403 a new subroutine is added to the codebase
(output_and_exit_if_error) to handle this kind of errors correctly.
Since it is not pushed yet, I propose to just redirect to a script that
handle it correctly (circulation.pl) instead of adding this message to
all these scripts.
Test plan:
Hit different scripts from the members module and pass a non-existent
borrowernumber.
You must be redirected to circulation.pl with a friendly message.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the table of suggestions in the staff client, moving
the edit link to the standard last column and styling it correctly. A
delete button is added as well.
Unrelated change: I removed the column containing suggestionid because I
don't think it's human-relevant information.
To test, apply the patch and go to Acquisitions -> Suggestions.
- In each tab, the table of suggestions should have an unsorted last
column containing "edit" and "delete" links which should be styled
correctly and working correctly.
- On the detailed view of a suggestion, the "delete" button in the
toolbar should still work correctly.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Remove line:
var now = new Date(); from both subfields
Also fix 18 positions (00-17) for default data in 006 field
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Don't default char 5 (is undefined in some forms)
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bad formatted data in 007 field. Fixed
To test follow the previous commit.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
Open advanced cataloging editor
Experiment with 006 and 007 fields and ensure helpers function for all
material types
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
10988 added the ability to log into the OPAC authenticating with
Google Open ID Connect. This extends it, by allowing an
unregistered patron to have an account automatically created
with default category code and branch.
This is accomplished by adding 3 system preferences.
- GoogleOpenIDConnectAutoRegister
whether it will attempt to auto-register the patron.
- GoogleOpenIDConnectDefaultCategory
This category code will be used to create Google OpenID Connect patrons.
- GoogleOpenIDConnectDefaultBranch'
This branch code will be used to create Google OpenID Connect patrons.
Sponsored-by: Tulong Aklatan
Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Without the anchor it is not possible to retrieve the html page, so
these occurrences have been updated manually (and yes it was painful)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I generate a mapping files (old anchor > new anchor) from the doc files.
Here are the links that have been updated automatically
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Corrected the manual url in the help screen for 17.05 onward.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
- values of the option fields are now correctly loaded
TEST PLAN:
go to domain/cgi-bin/koha/reports/cash_register_stats.pl
1 - Make a report for all branches => it works
2 - Make a report for any branch => you will get the same or no result
3 - apply patch
4 - Repeat 2 => it should work
Followed test plan worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds display of subtitles to the staff client cart.
To test you should have some values mapped to subtitle in Administration
-> Keyword to MARC Mapping.
1. Apply the patch.
2. Add some records to the staff client cart which have subtitles.
3. Open the cart and onfirm that subtitles display correctly in both the
brief and "More details" view.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Restore datepicker class
Use Koha.Preference
Copy changes to moremember
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Name of field had 'datepicker' embedded, this caused variable issue
To test:
1 - Place several holds for a patron
2 - Go to holds tab in circulation
3 - Select a date for suspend all holds until
4 - Suspend all holds
5 - Note date is not used, suspended indefinitely
6 - Apply patch
7 - Resume all suspended holds
8 - Select a date for suspend all holds until
9 - Suspend all holds
10 - Note date is used
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 12412 added the use of to_marc plugins allowing arbitrary file formats
in stage-marc-import (as long as the plugins can handle them). The feature
was not very visible in the code, and when bug 10407 added the marcxml
format, it made some changes that broke the use of to_marc.
This patch restores the functionality by:
[1] Adding a sub RecordsFromMarcPlugin to ImportBatch.pm, specifically
addressing the conversion from arbitrary formats to MARC::Record.
The original to_marc interface is used: pass it the file contents,
and it returns a string consisting of a number of MARC blobs separated
by \x1D.
Consequently, the call of to_marc is removed from routine
BatchStageMarcRecords where it did not belong. The to_marc_plugin
parameter is removed and two calls are adjusted accordingly.
[2] Instead of a separate combo with plugins, the format combo contains
MARC, MARCXML and optionally some plugin formats.
[3] The code in stage-marc-import.pl now clearly shows the three main
format types: MARC, MARCXML or plugin based.
Note: This patch restores more or less the situation after bug 12412, but
I would actually recommend to have the to_marc plugins return MARC::Record
objects instead of large text strings. In the second example I added a
to_marc plugin that actually converts MARC record objects to string format,
while RecordsFromMarcPlugin reconverts them to MARC::Records.
Test plan:
See second patch.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Follow-up on Comment 21 to correct the empty_line.inc
include in basket.tt
https://bugs.koha-community.org/show_bug.cgi?id=18331
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
See end of comment #4 and IRC:
http://irc.koha-community.org/koha/2017-08-03#i_1958062
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I am going to try and explain the problem here in order to make it a
have-to-read for next changes.
There are several things to test when and most of the time we break
something when we try to fix something else.
You have to test different CSV export, not only one. There are not all
processed the same way. For instance acqui/csv/basket.tt does not
contain any strings to translate and the translate script will copy the
original file as it.
But reports/csv/orders_by_budget.tt will not! Indeed it contains "TOTAL"
which will be translated. The generated tt file for the translated
language will remove all the carriage returns! That's why we cannot rely
on TT for newlines (contrary to bug 16914 assumption).
There are two possible methods:
1/ Fix the translate script
=> Hum... nope
2/ Remove all carriage returns and make them explicit by including an
file that only contains 1 carriage return
This second method is implemented in this patch.
How it works: Use the PRE_CHOMP "[%-" and POST_CHOMP "-%]"
(http://www.template-toolkit.org/docs/manual/Config.html#section_PRE_CHOMP_POST_CHOMP)
to remove all the newlines that could be added by TT in the original
(en) files. Then include the new_line.inc to add a new line.
That way original and translated files will behave the same way.
The BLOCK in the csv_headers avoid to have the newlines added, in any
cases. For instance: by default we will have an empty line at the end of
the headers, but the translated headers will not have it.
Test plan:
At least 2 signoffs will be needed, please test carefully!
You will need to generate CSV with at least 2 entries!
Test with the non-translated interface (en) and with the language you
want. To test with a translated language you will *have to*:
- cd misc/translator
- perl translate update LANG
- manually edit the po file, remove the fuzzy tags, correctly translate
the string (do not forget the additional %s in the headers)
- perl translate install LANG
1/ Export basket and basketgroup as CSV
2/ Export late orders as CSV
3/ Export items (from the item search) as CSV
4/ Export the 2 reports "Orders by fund" and "Cash register" as CSV
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If an item is checked out with the auto renewal flag and a confirmation
is needed (holds exist, past due date, etc.) the auto renewal flag will
get lost.
Test plan:
- Check an item out and specify a past due date
- Confirm the checkout on the confirmation screen
=> Without this patch the checkout is not marked as auto renewal
=> With this patch applied the auto renewal flag will be set to the
checkout
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
In Home > Administration > Circulation and fine rules, the standard value for
"Select a library: All libraries" is confusing and leads to support cases.
Change wording to "Standard rules for all libraries".
To test:
- Apply patch
- Go to Home > Administration > Circulation and fine rules
- Verfiy that text in drop down 'Select a library' makes sense.
Followed test plan which works as intended. I agree with the wording it
is significantly clearer than previously
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch alters the DataTables configuration of the SQL reports list
so that date columns are identified via class rather than position.
To test, apply the patch and go to Reports -> Use saved.
Test the re-ordering of the creation date, last edit, and last run
columns. Each should sort correctly based on the date.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
* tools/modborrowers.pl (GetBorrowerInfos): Fix setting of patron
category description.
* koha-tmpl/intranet-tmpl/prog/en/modules/tools/modborrowers.tt: Use
it.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Create a patron list from imported patrons to be used for printing patron
cards and other patron list related actions.
To test:
- Apply patch
- Go to Home > Tools > Import patrons
- Select a file to import and check new checkbox 'Create patron list'
- Import file
- Verify that in import results you see the time stamped name of the
patronlist containig the imported patrons (if any patrons were imported)
- Go to Home > Tools > Patron lists
- Verify that the list shows up and contains the imported patrons
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes changes to the tag moderation template and JavaScript
to fix handling of tags with double or single quotes. This patch also
moves the tags moderation JavaScript out of the template and into a
separate JS file.
To test you should have multiple tags awaiting moderation, including
tags which contain double and single quotes.
- Go to Tools -> Tags.
- In the list of tags pending approval, test approving and rejecting
tags, including those containing single or double quotes.
- The state of the "Approve" or "Reject" buttons should correctly
change according to the action you chose.
- The label in the status column should update correctly.
- In the "Check lists" form, submitting approved, rejected, and
unclassified terms should result in the correct message.
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Works correctly based on test plan. Tested using single- and
double-quoted tags. Passes QA Tools.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Just as we show this distinction in OPAC, this patch adds a type column
in the Your lists tab that displays Private or Shared. It always contains
Public in the other tab.
Test plan:
[1] Check if you see Shared for a private lists with shares in staff.
[2] Run t/db_dependent/Utils/Datatables_Virtualshelves.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If we we move from Private to Public or vice versa, this should reflect
on the Anyone remark from the first patch.
If we go back to a private list without shares, we should show it.
Handled in a js sub AdjustRemark, triggered by onchange of the category
combo or the permission combo.
Test plan:
[1] Edit a private list without shares in OPAC. Toggle category and/or
permissions. Is the remark shown or hidden accordingly?
Note: Include a test with OpacAllowPublicListCreation enabled.
[2] Edit a shared list or public list in staff. Toggle category/permissions.
You should never see the remark.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This is a follow-up of report 18228 that simplifies the permissions for
lists. It reapplies the idea behind bug 10865 by adding a remark next to
the Anyone permission if it is not actually effective. A next patch will
make it behave dynamically.
Note: The Anyone permission is not relevant if it is a private list that
has no shares. Note that looking at the prefs OpacAllowPublicListCreation
and/or OpacAllowSharingPrivateLists is not decisive. You should look at
list permissions and shares in the database; turning off the Sharing pref
does not automatically remove all shares in the system. It only blocks
creating new shares.
We only need changes in opac-shelves.tt and virtualshelves/shelves.tt.
Test plan:
[1] Verify that you see the remark now in OPAC and staff.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
* Apply this patch
* Define some rules in the interface using the left hand buttons
* Define some rules in the interface using the right hand buttons (scroll to see)
* Delete some rules in the interface using the left hand buttons
* Delete some rules in the interface using the right hand buttons (scroll to see)
* Choose a rule to edit using the left hand buttons
* Edit the rule, saving using the left hand button
* Edit a rule, but clear the values using the left hand buttons
* Choose a rule to edit using the right hand buttons (scroll to see)
* Edit the rule, saving using the right hand buttons (scroll to see)
* Edit a rule, but clear the values using the right hand buttons (scroll to see)
Signed-off-by: Guillaume <guillaume_lair@ville-limoges.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
From
commit 0492fcf87f
Bug 17855: Onboarding tool
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/intranet-main.tt
@@ -1,5 +1,3 @@
-[% USE Koha %]
-[% SET footerjs = 1 %]
+[% USE Koha %] has been re-added by
commit 151cdcd133
Bug 18673: News author does not display on staff client home page
But not the footerjs = 1
Test plan:
From the main page of the staff interface, delete a news item
Without this patch applied you will not get a JS confirmation message
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Trivial fix.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Close the p tag and add a br tag to visually divide the two sections
Data problems and Warnings regarding system configuration.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Discovered the problem when testing a duplicate key in deleteditems.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Zebra doesn't care about cases, but ES does and default mapping is
'control-number'
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
See MARC specification.
Note that we have a preceding text before all 776s too.
Test plan:
[1] Set field 776 ind2 to 8. And add text in $i.
[2] Look for this text on OPAC detail and staff detail.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Felix Hemme <felix.hemme@thulb.uni-jena.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Adds code to opac and staff detail XSLT in order to show 776$t (or $a) and
a link based on 776$w (record control number). $w should be in the form:
(MARCOrgCode)Record-number
For instance: (NL-AmRIJ)12345
Note: You should have enabled default opac/intranet XSLT view.
Test plan:
[1] Add two 776s (one with $t and $w and one with $t only)
[2] Verify that you see "Additional physical formats" on opac-detail. Does
the link for $w work?
[3] Check intranet detail too.
[4] Empty 776$t and put text in $a. Check detail page again.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Felix Hemme <felix.hemme@thulb.uni-jena.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Koha suffers of big bugs due to its history: When data are deleted, they
are moved to another tables.
For instance issues and old_issues: when a checkin is done, it is moved
to the old_issues table.
That leads to a main problem that is described on
https://wiki.koha-community.org/wiki/DBMS_auto_increment_fix
However we tried first to fix the problem (for issues/old_issues) at
code level on bug 18242.
The goal was to prevent data lost.
Data lost may happens in this case:
Check an item out (issue_id = 1)
Check an item in (issue_id = 1)
Restart MySQL (reset auto increment for issue_id to 1)
Check an item out (issue_id = 1)
Check an item in => BOOM, the issue_id is a PK in old_issues and the
move fails.
Before bug 18242 the data were lost, we inserted the value into
old_issues, which fails silently (because of RaiseError set to 0 in
Koha::Database), then delete the row from issues.
That has been fixed using a transaction.
This patch introduced a regression we tried to fix on bug 18651 comment
0, the patron was charged even if the checkin was rejected.
A good way to fix that would have been to LOCK the tables:
1- Start a transaction
2- LOCK the table to make sure nobody will read id and avoid race
conditions
3- Move the content from one table to the other, dealing with ids
4- UNLOCK the table
5- Commit the transaction
But there were problems using LOCK and DBIx::Class (See commit
905572910b - Do no LOCK/UNLOCK the table).
Finally the solution implemented is not acceptable for several reasons:
- batch checkins may fail
- issue_id will always stay out of sync (between issues and old_issues)
See 18651 comment 66.
Since the next stable releases are very soon, and we absolutely need to
fix this problem, I am suggesting to:
1- Execute the move in a transaction to avoid data lost and reject the
checkin if we face IDs dup
=> It will only reject 1 checkin (max is 1 * MySQL restart), no need to
deal with race conditions,
2- Display a warning on the checkin page and link to a
solution/explanation
3- Communicate as much as we can on the proper fix: Update auto
increment values when the DBMS is restarted -
https://wiki.koha-community.org/wiki/DBMS_auto_increment_fix
4- Display a warning on the about page for corrupted data (see bug
18931)
5- Write and make available a maintenance script to fix corrupted data
(TODO LATER)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Some minor style and idiomatic issues.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
