Commit graph

23877 commits

Author SHA1 Message Date
Tomas Cohen Arazi
ee30fb9004 Bug 9942: DBRev 3.21.00.013
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-07-07 15:16:43 -03:00
efedadebf2 Bug 9942: [QA Followup] - Add test and alert to returns.pl
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-07-07 14:59:00 -03:00
Jonathan Druart
94315f663b Bug 9942: Make Koha fails if privacy is not respected
If a patron has requested anonymity on returning items and the system is
not correctly configured (AnonymousPatron no set or set to an inexistent
patron), the application should take it into account and not fail
quietly.

This patch is quite radical: the script will die loudly if the privacy
is not respected.

To be care of the bad "Software error", some checks are done in the
updatedatabase to be sure the admin will be warned is something is wrong
in the configuration.

Test plan:
1/ Test the updatedatabase entry:
a. Turn on OPACPrivacy and set AnonymousPatron to an existing patron
=> You will get a warning
b. Turn on OPACPrivacy and set AnonymousPatron to 0 or ''
=> You will get a warning
c. Turn on OPACPrivacy and set the privacy to 2 (Never) for at least 1 patron
Turn off OPACPrivacy
=> You will get a warning
d. In all other cases you will get no error

2/ Test the interface
a. Turn on OPACPrivacy and set the privacy to 2 (Never) for a patron
b. Now you can turn off OPACPrivacy or keep it on, behavior should be
the same
c. check an item out the patron
d. Check the item in using the check out table
=> fail
e. Check the item in using the Check in tab
=> fail (not gracefully).

Note that the software error could appear on other pages too.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Updatedatabase works as described
On staff, if don't have correct settings for anonymity it's
impossible to check-in (with OPACPrivacy on)
No errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-07-07 14:52:32 -03:00
Jonathan Druart
ffedc98577 Bug 14431: FIX encoding issues in search (staff client)
Note that this does not appears at the OPAC.

We will need 2 different testers here, the results seem to depend on the
Encode version.

0/ Determine your Encode version (`pmvers Encode`).
If you have 2.60:
1) /cgi-bin/koha/catalogue/search.pl?q=ééé&op=Submit
You should get
" No results match your search for 'kw,wrdl: ���' in my library Catalog."
2) /cgi-bin/koha/catalogue/search.pl?q=ກ
You should get
Cannot decode string with wide characters at
/usr/lib/i386-linux-gnu/perl/5.20/Encode.pm line 215.

If you have <2.60 (? not sure here):
1) /cgi-bin/koha/catalogue/search.pl?q=ééé&op=Submit
You should not get encoding problems.
2) /cgi-bin/koha/catalogue/search.pl?q=ກ
You should not get encoding problems.

Apply this patch, try again 1 and 2.
If the Encode version is >=2.60, the encoding issues should be fixed.
If not, please detail if there are any regression.

NOTE: Tested on Ubuntu 14.04, Debian 8, and Debian 7. See comment #3.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-07-07 14:51:39 -03:00
e0d2bc669e Bug 14467: Security updates break some Koha plugins
The new security updates break previously functioning plugins, most
notably the cover flow plugin and the Ebsco EDS plugin.

Test Plan:
1) Install and configure the cover flow plugin ( http://bywatersolutions.com/koha-plugins/ )
2) Note that attempting to access coverflow.pl from the OPAC results in an error
3) Apply this patch
4) Note that coverflow.pl now output html again

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-07-07 14:50:43 -03:00
Liz Rea
c95e794bd4 Bug 14389: Editing a syspref in a textarea does not enable the Save button
Test plan:
  1. Navigate to the "opaccredits" syspref (or any other textarea, i.e.,
     "Click to Edit", syspref) in the system preferences editor.
  2. Change its contents, by either pasting or typing. The field may not
     be marked as modified, even after you click outside the box.
  3. Apply the patch.
  4. Reload the page and try again; either pasting or typing should mark
     the field as changed and allow you to save.

Signed-off-by: Jesse Weaver <pianohacker@gmail.com>
Confirmed working for normal input, paste and middle-click paste in
Chrome and Firefox in Linux.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-07-07 12:34:41 -03:00
Samanta Tello
d12b4e0b19 Bug 14490: Duplicate armenian translator
This patch fix trivial duplicate
in about page.

To test:
1) Go to about page > translations
2) Check duplicate entry for Armenian
first in 4th line, second before indonesian
3) Apply patch
4) Reload page and check again

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Trivial string patch. The restults are the expected.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Double checked :-P
2015-07-03 12:59:57 -03:00
Tomas Cohen Arazi
936d452ffa Bug 11882: (QA followup) fix capitalization errors
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-26 15:10:55 -03:00
simith
8e04ea7282 Bug 11882: Add a new button to the checkout confirmation dialog when checking out a reserved item
This patch adds a "Don't Check Out and Print Slip" button to the dialog that appears
        when trying to checkout a reserved item.

Test case :
* Put a hold on an item for User A.
* Try to check out it item with User B.
* The "Please confirm checkout" box should appear. The "Don't Check Out and Print Slip" button should appear in this box.
* Click on the "Don't Check Out and Print Slip" button.
* A print popup will appear

Signed-off-by: Nick <Nick@quechelibrary.org>

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-26 15:07:32 -03:00
Jonathan Druart
f194bca268 Bug 14002: Display readonly values as plain text
There is no need to display the cardnumber and expiration date values in
a disabled input.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-25 14:48:10 -03:00
Katrin Fischer
69baa022a5 Bug 14002: Show patron expiry date in OPAC
This patch makes it possible to show the expiration date
of a patron account in the OPAC on the details tab in the
patron account.

Extras:
- Makes it possible to hide cardnumber with
  PatronSelfRegistrationBorrowerUnwantedField

To test:
- Toggle OPACPatronDetails and test date expiry always shows
- Check PatronSelfRegistrationBorrowerUnwantedField for dateexpiry
  and cardnumber
- Verify a patron address modification request still works
  as expected

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-25 14:48:10 -03:00
Jonathan Druart
08871a324f Bug 14440: get_template_and_user can not have an empty template_name (quote*_ajax.pl)
This patch uses check_api_auth instead of get_template_and_user.

Test plan:
Confirm that you are still able to access to the quote editor with the
edit_quotes permission.
Confirm that you are not if you don't have the permission.

wget your_url/cgi-bin/koha/tools/quotes/quotes_ajax.pl
should return "403 : Forbidden."

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-25 14:41:27 -03:00
f1acb5615d Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)
Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects opac/opac-ratings.pl

Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-25 14:41:21 -03:00
015c26a5e3 Bug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl)
Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects acqui/updatesupplier.pl

Test plan :
- Apply patch
- Connect to intranet with a user having "vendors_manage" permission
- Go to acquisition module
- Create a new vendor
- Click on "Edit vendor"
- Change some information and save
=> Your change is saved
- Connect to intranet with a user not having "vendors_manage" permission
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
- Disconnect from intranet
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-25 10:29:53 -03:00
186b635a75 Bug 13014: (QA followup) have new warnings tested
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-24 14:54:36 -03:00
0b0699bdfb Bug 13014: DBRev 3.21.00.012
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-24 14:40:01 -03:00
fdbd5ebabe Bug 13014: [QA Follow-up] Few typos in cronjob
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2015-06-24 11:49:13 -03:00
Jonathan Druart
0ae0d37f7b Bug 13014: (follow-up 2) Notify budget owner on new suggestion - sample notices
This patch updates the 2 optional sample_notices.sql files for ru-RU and
uk-UA.
Not sure if it is relevant but I don't understand why they are not
up-to-date.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Checked by running them manually.
English installs 27, Russian 27 and Ukrainian 26.
Last language can be updated somewhere else.
2015-06-24 11:49:12 -03:00
Jonathan Druart
1bb828f61e Bug 13014: (follow-up) Notify budget owner on new suggestion - sample notices
This patch adds the new notice for all other languages.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2015-06-24 11:49:07 -03:00
Jonathan Druart
7ae328cb6f Bug 13014: Notify budget owner on new suggestion - cronjob
Test plan:
0/ Create a new notice suggestions > TO_PROCESS
You can use the one defined in the other patch.
1/ Create a suggestion and link it to a fund
2/ Add a owner to this fund and make sure this patron has an email
address (the email address used should be the one defined in the
AutoEmailPrimaryAddress syspref).
3/ Execute the cronjob script with the -v and without the -c argument
4/ The output should tell you that an email will be sent
5/ Execute the cronjob script with the -v and with the -c argument
6/ Verify the notice is generated in the message_queue table and it is
correctly formatted.

Signed-off-by: Frederic Demians <f.demians@tamil.fr>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2015-06-24 11:41:43 -03:00
Jonathan Druart
cff47199c4 Bug 13014: Notify budget owner on new suggestion - sample notices
This patch add the new notice suggestion > TO_PROCESS

Others will be added when the patch will be signed off.

Signed-off-by: Frederic Demians <f.demians@tamil.fr>

Followup expected :-) It would be nice also to have an updatabase.pl entry to
insert the new TO_PROCESS notification.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-24 11:41:36 -03:00
Jonathan Druart
734a6805c8 Bug 13014: Notify budget owner on new suggestion - UT
When a suggestion is created and linked to a fund, a mail will be
generated, using a cronjob, to notify the budget owner.

A suggestion is considered as "can be treated" if its status is "ASKED".

Signed-off-by: Frederic Demians <f.demians@tamil.fr>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-24 11:39:40 -03:00
Lyon3 Team
bf9bff898f Bug 12074: Filter duplicates when adding a batch from a staged file
When adding a batch of records to a basket, duplicates are skipped and
an alert is displayed with a link to them so as they could be treated
individually.

Test plan :

You need the 2 test attached files TestFile1.mrc and TestFile2.elc
(TestFile1 includes only the title "Amilec ou La graine d'hommes" that
is also included in TestFile2)

1) go to “Stage MARC records for import” page, upload TestFile1 and
stage it (select iso 5426 encoding).
2) Manage staged record and import the batch.
3) Make sure that the new record is indexed (depending to your indexing
system and test platform).
4) Go back to go to “Stage MARC records for import” page upload
TestFile2 and stage it (select iso 5426 encoding).
5) Go to acquisitions module and create a new basket.
6) From your basket, in the “Add order to basket block”  choose  'From a
staged file'.
7) Then click File2 (‘addorder button').
8) Go down the "Import all" block and save.
9) You are redirected to the basket page : a warning is displayed to
tell you that some duplicates have been found and skipped.
There's a link on the warning throughout you can go back to the list of
remaining records and treat them individually if necesary.
10) Click the link : you fall upon the title of TestFile1 (of course as
it's a duplicate).
11) Check that the imported records have been indexed.
11) Go down the "Import all" block and save.
12) A warning is displayed saying that no records have been imported
because they all match an existing record. The “Import all” block is not
any more visible.

Signed-off-by: JA <aloi54@live.fr>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-24 11:32:30 -03:00
Liz
f900ea03bf Bug 14450: itemsearch no longer working
To test:
Click Advanced search in staff client
Click the link for "Go to Item Search" at the top of the page
Do a search, you should get results. Try some combinations and make sure it works like it should.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-24 10:54:10 -03:00
Jonathan Druart
cbf3c9aa40 Bug 14439: Add test - template path should finish by .tt
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-24 10:53:25 -03:00
cb44a8de3a Bug 14439: Typo in Bug 14408 regexp
In Bug 14408 first patch, the regexp used needs an escape on dot and does not need an ending "?"

Test plan :
  - prove t/db_dependent/Auth.t

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-24 10:53:25 -03:00
d27af7a3c5 Bug 14252: DBRev 3.21.00.011
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-24 10:34:51 -03:00
Jonathan Druart
7e449548e8 Bug 14252: Add sort by rfc4646_subtag in footer
This patch sort by rfc4646_subtag the languages in the footer.
Same as in the header.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:24:47 -03:00
Indranil Das Gupta
3a179e7a2b Bug 14252: (followup) addresses the QA Manager comments
Addresses Katrin's comments in comment# 56

TEST PLAN
---------
 1) Back up your DB
 2) Ensure you have multiple languages, including
    some that have sub-languages (e.g. de-DE, de-CH)
    -- cd misc/translator
    -- perl translate install {language code}
 3) Ensure that you have all the languages enabled
    -- Staff client -> Home -> Global system preferences
       --> I18N/L10N
       Check all the languages in opaclanguages.
       Ensure that opaclanguagesdisplay is 'Allow'
 4) Open OPAC
    -- should only have languages in footer.
       Annoyingly below the fold.
 5) Drop your koha database, and create a blank one.
 6) Apply all patches
 7) Reinstall all the known languages, so the templates
    are appropriately updated.
 8) Go to staff client and do an install of koha, with
    all the dummy data.
 9) Ensure you have all the languages enabled (see (3))
10) Refresh your OPAC page
    -- language selector position should be in both
       the footer and at the top as expected.
    -- this confirms the sysprefs.sql change.
11) Restore your DB
12) run the updatedatabase.pl script
13) Ensure you have all the languages enabled (see (3))
14) Refresh the OPAC page
    -- should still only have languages in the footer.
    -- this confirms that upgrade won't change anything.
    -- this confirms the atomic update.
15) git diff origin/master
    -- the opac-bottom.inc difference should only
       have changes around a SET, IF, and END.
       This confirms the noprint was fixed.
16) In the staff client, change the OPAC system preference,
    OpacLangSelectorMode, to all three values.
    For each value, refresh the OPAC page, and confirm the
    position of the language selector.
    -- should work as expected.
17) run koha qa test tools

NOTE: Tested as a single batch together.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:24:46 -03:00
Mark Tompsett
c446a4da4e Bug 14252: Follow up noprint and default values
TEST PLAN
---------
0) Back up your DB
1) open OPAC
   -- should only have languages in footer.
      Annoyingly below the fold.
2) Drop your koha database, and create a blank one.
3) Apply all patches
4) Go to staff client and do an install of koha, with
   all the dummy data.
5) Once installed, refresh your OPAC page
   -- language selector position should be in footer
      still as expected.
   -- this confirms the sysprefs.sql change.
6) Restore your DB
7) run the updatedatabase.pl script
8) Refresh the OPAC page
   -- should still only have languages in the footer.
   -- this confirms that upgrade won't change anything.
   -- this confirms the atomic update.
9) git diff origin/master
   -- the opac-bottom.inc difference should only
      have changes around a SET, IF, and END.
      This confirms the noprint was fixed.
10) In the staff client, change the OPAC system preference,
    OpacLangSelectorMode, to all three values.
    For each value, refresh the OPAC page, and confirm the
    position of the language selector.
    -- should work as expected.
11) run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:24:46 -03:00
Indranil Das Gupta
abbd51fb00 Bug 14252: (fix) address the indentation for the lang loop
tidy the indentation for that lang selector loop code.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:24:46 -03:00
Indranil Das Gupta
8da9d099c6 Bug 14252: (Followup) Fixed issues pointed to in comment #40
Based on Mark's inputs in comment #40 -

[1] selected 'mast' (short of 'masthead') and updated :
   (a) bug_14252-OpacLangSelectorMode_syspref.sql
   (b) sysprefs.sql
   (c) opac.pref
[2] Reduced the calls to Koha.Preference() from :
   (a) masthead.inc
   (b) opac-bottom.inc

After applying this patch, update the database once for it to pick
up the new option values -'both|mast|foot'.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:24:46 -03:00
Indranil Das Gupta
a2478a708b Bug 14252: (followup) Adds OpacLangSelectorMode syspref
Based on discussion, this followup does the following:

1/ brings back the switcher on opac-bottom.inc
2/ adds a syspref OpacLangSelectorMode to toggle between the three
   modes:
     (a) show switcher both on masthead and footer (default)
     (b) footer only
     (b) masthead only

Test plan
=========

1/ apply earlier patches attached to this bug in their correct order
2/ apply this followup patch
3/ run updatedatabase.pl to add in the atomic update
4/ goto admin/preferences.pl?tab=opac
5/ look up OpacLangSelectorMode, it should be set with default value
   "both masthead and footer"
6/ check OPAC to see if both locations show the selectors
7/ change OpacLangSelectorMode to 'only header' and 'only footer' at
   each iteration, and check if the selection has correctly toggled
   the selectors. It should

Note: make sure you do not have the patch 11057 applied on the branch
      from before, otherwise merge conflict might happen.

http://bugs.koha-community.org/show_bug.cgi?id=14252

Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:24:46 -03:00
Bernardo Gonzalez Kriegel
36e68aaaa9 Bug 14252: (followup) fix lang chooser for sublanguages
This quick fix disables sublanguages dropdown,
show all sublanguages on same level.

To test:
1) Apply both patches
2) Translate to have sublanguages (en-NZ, de-DE, de-CH)
3) Go to opac, confirm you can select any lang/sublang
4) Check on movil device

4th version.
Removed rfc4646 subtag on sublanguages, think it's cleaner.
Currently on master all translated languages/regions have
valid description ('en' at least)
Added language sort using rfc4646 subtag

Signed-off-by: Indranil Das Gupta <indradg@gmail.com>
Followup fixes the issue with lang group dropdowns. Works well
across standard desktop as well as mobile device with small screens
(checked on 4.3" / 4.7" / 5")

Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:24:46 -03:00
Indranil Das Gupta
2845fb2423 Bug 14252: Move OPAC lang switcher to masthead navbar
The OPAC language switcher takes up a lot of space at the bottom of the
browser. It also has issues of being not always visible.
This patch adds the switcher to the masthead navbar and removes from the
opac-bottom.inc navbar.

Test plan
=========

1/ Apply patch
2/ Set opaclanguagesdisplay syspref to 'show'.
3/ Add a few languages i.e. es-ES, fr-FR and de-DE
     $ cd misc/translator
     $ perl translate <langcode>
4/ Enable installed languages for OPAC use by checking on 'opaclanguages'
   under I18N/L10N sysprefs
5/ Go to the OPAC, you should have a "Languages" dropdown on the masthead
   navbar, the opac-bottom.inc navbar should no longer be there.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works, no koha-qa errors.
Followup fix language chooser for sublanguages

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:24:37 -03:00
Jonathan Druart
cad134cd17 Bug 13962: Add link to the vendor detail page
This patch 1/ uses the class of the th to filter the columns and 2/ adds
a link on the vendor name to the vendor detail page.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:20:34 -03:00
Katrin Fischer
55103ad860 Bug 13962: Add vendor to acq details tab in staff
Implementing some feedback from our user meeting:
The acquisition details tab on the detail page
in staff should also show the vendor of the
order.

To test:
- Make sure AcquisitionDetails is active.
- Create an order or look up an order in the
  acqusition module.
- Go to the ordered record and check the
  'Acquisition details' tab
- Verify the vendor shows up there as first
  column now
- Check that sorting and display of the other
  columns are still working correctly

Note: Also fixes a </th> that should be a </td>
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:20:34 -03:00
Jonathan Druart
198e6669ee Bug 14324: Display "Add Child" for Organisations on circ/circulation.pl
On moremember, the button is displayed for Organisations.
To be consistent, it should be displayed on the circulation page too.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:19:35 -03:00
Barton Chittenden
f05931e051 Bug 14324: Set "adultborrower" regardless of guarantor status.
Signed-off-by: Jason Robb - SEKLS (jrobb@sekls.org)

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:19:35 -03:00
Jonathan Druart
fc6789c206 Bug 8802: On editing a library group category type is not set
The category type was always set to 'searchdomain', because it's the
first of the dropdown list.

Test plan:
1/ Create or edit a library group
2/ Set the category type to "properties"
3/ Edit it again
4/ Confirm "properties" is correctly selected

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:14:13 -03:00
Liz Rea
887bb6d510 Bug 14423: tab characters in auth_subfields_structure
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:12:39 -03:00
603a111d3a Bug 14423: Multiple XSS bugs in suggestion.pl
To test
1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to=
2/ Notice alert box(es)
3/ Apply patch
4/ Reload and notice alert is gone

Repeat for
collection_title
copyrightdate
isbn
manageddate_from
manageddate_to
publishercode
suggesteddate_from
suggesteddate_to

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:12:33 -03:00
d87b8a5cf3 Bug 14423: Multiple XSS vulnerabilities in serials-search
To test

1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter=
2/ Notice alert boxes
3/ Apply patch
4/ Reload, notice fixed

Repeat for
callnumber_filter
EAN_filter
ISSN_filter
publisher_filter
title_filter

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:12:26 -03:00
a5489d9936 Bug 14423: XSS bugs in catalogue search
To test

1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice alert boxes
3/ Apply patch
4/ Reload url, no alerts
5/ Check search still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:12:18 -03:00
91a8584aa8 Bug 14423: XSS issues in marc_subfields_structure
1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice all the alert boxes
3/ Apply patch
4/ Reload page, no more alerts
5/ Test functionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:12:11 -03:00
c08063d037 Bug 14423: XSS bug in auth_subfields_structure
1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice a ton of alert boxes pop up
3/ Apply patch
4/ Reload url, no longer get any alerts
5/ Test fuctionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:12:03 -03:00
3601c6fb1b Bug 14423: XSS bug in lateorders
1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom
2/ Not you get an alert box
3/ Apply patch notice it is fixed
4/ Test functionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:11:57 -03:00
98901d27be Bug 14423: XSS in authorities-home
To test:
1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice you get 3 alert boxes
3/ Apply patch
4/ Hit the url again, no js

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:11:49 -03:00
Jonathan Druart
d8bccd6126 Bug 14426: Escape or use placeholders for sql parameters
Does this patch enough to prevent sql injection in borrowers_out.pl?

====================================================================
1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil')
====================================================================

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')"
| nc testbox 9002

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')"
| nc testbox 9002

====================================================================
2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b
====================================================================

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='a"
| nc testbox 9002

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='b"
| nc testbox 9002

====================================================================

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-23 10:11:40 -03:00
Jonathan Druart
64e47c63dc Bug 14408: Allow integers in template paths
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-22 17:44:58 -03:00