This patch modifies various templates to add or improve coverage of the
Bootstrap grid.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Administration -> Item circulation alerts
- Authorities -> Authorities search -> Merge records
- Catalog -> Bibliographic details -> Rota (StockRotation must be
enabled)
- Tools -> News: Main and add/edit view
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch modifies several administration templates to use the
Bootstrap grid instead of YUI.
This patch also removes obsolete "text/javascript" attributes from
<script> tags in the modified templates.
To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:
- Administration -> Keywords to MARC mapping
- Administration -> Item circulation alerts
- Administration -> Item types
- View and edit item types
- Edit and item type and translate a description
- Administration -> Koha to MARC mapping
- Administration -> MARC frameworks -> MARC structure
- View and edit tags
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client patrons and circulation-related
administration templates so that JavaScript is included in the footer
instead of the header.
To test, apply the patch and test the JavaScript-driven features of
each modified template: All button controls, DataTables functionality,
tabs, etc.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Edit: Rebased
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch is amended to use the sysprefs search on all Administration
pages that do not have their own custom search.
To test:
1) Go to Administration
2) Notice Catalogue search at the top - seems out of place.
3) Apply patch and refresh page.
4) Notice admin / sysprefs search now shows and is more appropriate.
5) Confirm searching for sysprefs still works
This patch affects the following pages:
- admin-home.pl
- audio_alerts.pl
- authtypes.pl
- auth_tag_structure.pl
- authorised_values.pl
- biblio_framework.pl
- marctagstructure.pl
- branch_transfer_limits.pl
- branches.pl
- checkmarc.pl
- classsources.pl
- columns_settings.pl
- didyoumean.pl
- edi_accounts.pl
- edi_ean_accounts.pl
- fieldmapping.pl
- item_circulation_alerts.pl
- items_search_fields.pl
- items_search_field.pl
- item_types.pl
- koha2marklinks.pl
- matching-rules.pl
- oai_sets.pl
- oai_set_mappings.pl
- patron-attr-types.pl
- smart-rules.pl
- transport-cost-matrix.pl
- sms_providers.pl
Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch mainly replaces C4::ItemType->all with
Koha::ItemTypes->search.
Test plan:
At the places where the C4::ItemType module was used, confirm there is
no regression:
- acqui/neworderempty.pl
- catalogue/itemsearch.pl
- admin/item_circulation_alerts.pl
and the 2 cataloguing plugins:
- marc21_linking_section.pl
- unimarc_field_4XX.pl
QA step:
prove t/db_dependent/HoldsQueue.t should return green
Note that the tests were buggy.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Currently translating Javascript strings with variables in them is hard,
because the strings are created from separate parts. For example:
_("Are you sure you want to delete the") + " " + count + " " +
_("attached items?")
This is translated in two different parts, and the translator cannot
affect the place where the count-variable is.
Now, if the javascript strings allowed placeholders, similar to how the
template strings do, the above could be written as:
_("Are you sure you want to delete the %s attached
items?").format(count)
This would make translation much easier.
Attached patch adds a Javascript string formatter, and changes all the
concatenated translatable JS strings used in intranet to use that.
To test:
1) cd misc/translator
2) perl translate update xx-YY
3) grep ^msgid po/xx-YY-i-staff-t-prog-v-3006000.po | sort | uniq >
xx-YY-pre
4) apply patch
5) perl translate update xx-YY
6) grep ^msgid po/xx-YY-i-staff-t-prog-v-3006000.po | sort | uniq >
xx-YY-post
7) compare the files: diff -Nurd xx-YY-pre xx-yy-post | less
should show the javascript strings that changed.
8) Test the UIs where the formatted js strings are used.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I tested *most* of the changed files. There were some instances where it
wasn't clear to me how to trigger the warnings which were modified,
especially tags/review.tt, admin/manage-marc-import.tt, and holidays.tt.
Everything I was able to test worked correctly.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works nicely, no regressions found. Thx!
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I tested most scripts affected by this patch and visually verified
all changes. Functionality is unaffected.
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Current jQuery-driven tabs are done using a very old
version of the tabs plugin. This patch upgrades jQueryUI
to the latest version and adds the tabs widget dependency
to the jqueryui js file and updates the syntax for existing
tabs:
- $("#foo > ul").tabs(); changes to $("#foo").tabs();
- Remove full URL from tab links (use #anchor only).
Pages with "static" tabs (tabs which are built in the
markup rather than generated by the plugin) have been
modified to use their own style. Examples: pay.tt in
the staff client and opac-readingrecord.tt in the OPAC.
Edit: Minor revision to some uncorrected markup
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This is the first patch for bug 7760 and touches all pages in administration.
This adds a unique id "admin_<filename>" and a class "admin" to the body tag of
each page in administration.
Note: aqcontract can only be accessed from the acquisition module, so I made it acq
instead of admin.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
