Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()
This patch corrects opac/opac-ratings.pl
Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()
This patch corrects acqui/updatesupplier.pl
Test plan :
- Apply patch
- Connect to intranet with a user having "vendors_manage" permission
- Go to acquisition module
- Create a new vendor
- Click on "Edit vendor"
- Change some information and save
=> Your change is saved
- Connect to intranet with a user not having "vendors_manage" permission
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
- Disconnect from intranet
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This patch updates the 2 optional sample_notices.sql files for ru-RU and
uk-UA.
Not sure if it is relevant but I don't understand why they are not
up-to-date.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Checked by running them manually.
English installs 27, Russian 27 and Ukrainian 26.
Last language can be updated somewhere else.
This patch adds the new notice for all other languages.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Test plan:
0/ Create a new notice suggestions > TO_PROCESS
You can use the one defined in the other patch.
1/ Create a suggestion and link it to a fund
2/ Add a owner to this fund and make sure this patron has an email
address (the email address used should be the one defined in the
AutoEmailPrimaryAddress syspref).
3/ Execute the cronjob script with the -v and without the -c argument
4/ The output should tell you that an email will be sent
5/ Execute the cronjob script with the -v and with the -c argument
6/ Verify the notice is generated in the message_queue table and it is
correctly formatted.
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
This patch add the new notice suggestion > TO_PROCESS
Others will be added when the patch will be signed off.
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Followup expected :-) It would be nice also to have an updatabase.pl entry to
insert the new TO_PROCESS notification.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When a suggestion is created and linked to a fund, a mail will be
generated, using a cronjob, to notify the budget owner.
A suggestion is considered as "can be treated" if its status is "ASKED".
Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When adding a batch of records to a basket, duplicates are skipped and
an alert is displayed with a link to them so as they could be treated
individually.
Test plan :
You need the 2 test attached files TestFile1.mrc and TestFile2.elc
(TestFile1 includes only the title "Amilec ou La graine d'hommes" that
is also included in TestFile2)
1) go to “Stage MARC records for import” page, upload TestFile1 and
stage it (select iso 5426 encoding).
2) Manage staged record and import the batch.
3) Make sure that the new record is indexed (depending to your indexing
system and test platform).
4) Go back to go to “Stage MARC records for import” page upload
TestFile2 and stage it (select iso 5426 encoding).
5) Go to acquisitions module and create a new basket.
6) From your basket, in the “Add order to basket block” choose 'From a
staged file'.
7) Then click File2 (‘addorder button').
8) Go down the "Import all" block and save.
9) You are redirected to the basket page : a warning is displayed to
tell you that some duplicates have been found and skipped.
There's a link on the warning throughout you can go back to the list of
remaining records and treat them individually if necesary.
10) Click the link : you fall upon the title of TestFile1 (of course as
it's a duplicate).
11) Check that the imported records have been indexed.
11) Go down the "Import all" block and save.
12) A warning is displayed saying that no records have been imported
because they all match an existing record. The “Import all” block is not
any more visible.
Signed-off-by: JA <aloi54@live.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
Click Advanced search in staff client
Click the link for "Go to Item Search" at the top of the page
Do a search, you should get results. Try some combinations and make sure it works like it should.
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
In Bug 14408 first patch, the regexp used needs an escape on dot and does not need an ending "?"
Test plan :
- prove t/db_dependent/Auth.t
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch sort by rfc4646_subtag the languages in the footer.
Same as in the header.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Addresses Katrin's comments in comment# 56
TEST PLAN
---------
1) Back up your DB
2) Ensure you have multiple languages, including
some that have sub-languages (e.g. de-DE, de-CH)
-- cd misc/translator
-- perl translate install {language code}
3) Ensure that you have all the languages enabled
-- Staff client -> Home -> Global system preferences
--> I18N/L10N
Check all the languages in opaclanguages.
Ensure that opaclanguagesdisplay is 'Allow'
4) Open OPAC
-- should only have languages in footer.
Annoyingly below the fold.
5) Drop your koha database, and create a blank one.
6) Apply all patches
7) Reinstall all the known languages, so the templates
are appropriately updated.
8) Go to staff client and do an install of koha, with
all the dummy data.
9) Ensure you have all the languages enabled (see (3))
10) Refresh your OPAC page
-- language selector position should be in both
the footer and at the top as expected.
-- this confirms the sysprefs.sql change.
11) Restore your DB
12) run the updatedatabase.pl script
13) Ensure you have all the languages enabled (see (3))
14) Refresh the OPAC page
-- should still only have languages in the footer.
-- this confirms that upgrade won't change anything.
-- this confirms the atomic update.
15) git diff origin/master
-- the opac-bottom.inc difference should only
have changes around a SET, IF, and END.
This confirms the noprint was fixed.
16) In the staff client, change the OPAC system preference,
OpacLangSelectorMode, to all three values.
For each value, refresh the OPAC page, and confirm the
position of the language selector.
-- should work as expected.
17) run koha qa test tools
NOTE: Tested as a single batch together.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
TEST PLAN
---------
0) Back up your DB
1) open OPAC
-- should only have languages in footer.
Annoyingly below the fold.
2) Drop your koha database, and create a blank one.
3) Apply all patches
4) Go to staff client and do an install of koha, with
all the dummy data.
5) Once installed, refresh your OPAC page
-- language selector position should be in footer
still as expected.
-- this confirms the sysprefs.sql change.
6) Restore your DB
7) run the updatedatabase.pl script
8) Refresh the OPAC page
-- should still only have languages in the footer.
-- this confirms that upgrade won't change anything.
-- this confirms the atomic update.
9) git diff origin/master
-- the opac-bottom.inc difference should only
have changes around a SET, IF, and END.
This confirms the noprint was fixed.
10) In the staff client, change the OPAC system preference,
OpacLangSelectorMode, to all three values.
For each value, refresh the OPAC page, and confirm the
position of the language selector.
-- should work as expected.
11) run koha qa test tools
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
tidy the indentation for that lang selector loop code.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Based on Mark's inputs in comment #40 -
[1] selected 'mast' (short of 'masthead') and updated :
(a) bug_14252-OpacLangSelectorMode_syspref.sql
(b) sysprefs.sql
(c) opac.pref
[2] Reduced the calls to Koha.Preference() from :
(a) masthead.inc
(b) opac-bottom.inc
After applying this patch, update the database once for it to pick
up the new option values -'both|mast|foot'.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Based on discussion, this followup does the following:
1/ brings back the switcher on opac-bottom.inc
2/ adds a syspref OpacLangSelectorMode to toggle between the three
modes:
(a) show switcher both on masthead and footer (default)
(b) footer only
(b) masthead only
Test plan
=========
1/ apply earlier patches attached to this bug in their correct order
2/ apply this followup patch
3/ run updatedatabase.pl to add in the atomic update
4/ goto admin/preferences.pl?tab=opac
5/ look up OpacLangSelectorMode, it should be set with default value
"both masthead and footer"
6/ check OPAC to see if both locations show the selectors
7/ change OpacLangSelectorMode to 'only header' and 'only footer' at
each iteration, and check if the selection has correctly toggled
the selectors. It should
Note: make sure you do not have the patch 11057 applied on the branch
from before, otherwise merge conflict might happen.
http://bugs.koha-community.org/show_bug.cgi?id=14252
Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This quick fix disables sublanguages dropdown,
show all sublanguages on same level.
To test:
1) Apply both patches
2) Translate to have sublanguages (en-NZ, de-DE, de-CH)
3) Go to opac, confirm you can select any lang/sublang
4) Check on movil device
4th version.
Removed rfc4646 subtag on sublanguages, think it's cleaner.
Currently on master all translated languages/regions have
valid description ('en' at least)
Added language sort using rfc4646 subtag
Signed-off-by: Indranil Das Gupta <indradg@gmail.com>
Followup fixes the issue with lang group dropdowns. Works well
across standard desktop as well as mobile device with small screens
(checked on 4.3" / 4.7" / 5")
Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The OPAC language switcher takes up a lot of space at the bottom of the
browser. It also has issues of being not always visible.
This patch adds the switcher to the masthead navbar and removes from the
opac-bottom.inc navbar.
Test plan
=========
1/ Apply patch
2/ Set opaclanguagesdisplay syspref to 'show'.
3/ Add a few languages i.e. es-ES, fr-FR and de-DE
$ cd misc/translator
$ perl translate <langcode>
4/ Enable installed languages for OPAC use by checking on 'opaclanguages'
under I18N/L10N sysprefs
5/ Go to the OPAC, you should have a "Languages" dropdown on the masthead
navbar, the opac-bottom.inc navbar should no longer be there.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works, no koha-qa errors.
Followup fix language chooser for sublanguages
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch 1/ uses the class of the th to filter the columns and 2/ adds
a link on the vendor name to the vendor detail page.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Implementing some feedback from our user meeting:
The acquisition details tab on the detail page
in staff should also show the vendor of the
order.
To test:
- Make sure AcquisitionDetails is active.
- Create an order or look up an order in the
acqusition module.
- Go to the ordered record and check the
'Acquisition details' tab
- Verify the vendor shows up there as first
column now
- Check that sorting and display of the other
columns are still working correctly
Note: Also fixes a </th> that should be a </td>
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
On moremember, the button is displayed for Organisations.
To be consistent, it should be displayed on the circulation page too.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jason Robb - SEKLS (jrobb@sekls.org)
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The category type was always set to 'searchdomain', because it's the
first of the dropdown list.
Test plan:
1/ Create or edit a library group
2/ Set the category type to "properties"
3/ Edit it again
4/ Confirm "properties" is correctly selected
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom
2/ Not you get an alert box
3/ Apply patch notice it is fixed
4/ Test functionality still works
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Counter counter patch
Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt
and not allowing ../etc
Note the previous patch tries to protect against /etc/passwd
but //etc/passwd is now vulnerable. I do think a whitelist is safer than trying to do a blacklist
/cgi-bin/koha/svc/virtualshelves/search
/cgi-bin/koha/svc/members/search
Are vulnerable
To test:
1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt
Notice you get a valid JSON response
2/ Hit
/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
(You may have add more ..%2f or remove them to get the correct path)
Notice you can see the contents of the /etc/passwd file
3/ Hit
/cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
4/ Apply patch
5/ Hit the first url again, notice it still works
6/ Hit the second url notice it now errors with a file not found
7/ Hit the third url notice it now errors with a file not found
Repeat for the other script also
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
perl -e "use Pod::Checker;podchecker('C4/Ratings.pm');"
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
All of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
All of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Most of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Most of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
http://bugs.koha-community.org/show_bug.cgi?id=14383
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Most of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
http://bugs.koha-community.org/show_bug.cgi?id=14383
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Most of them were found and fixed using codespell.
Fix also some related grammar issues.
In C4/Serials.pm a variable was renamed to make future codespelling
checks easier.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
http://bugs.koha-community.org/show_bug.cgi?id=14383
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Most of them were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
They were found and fixed using codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
