A Perl boolean value is on the server side converted
to a JS string (resulting in the values '0' or '1).
Since the string '0' is a truthy value in JS this
incorrectly triggers window.close() on the client
in many instances, for example when adding a new item.
To test:
1. Go to a bibliographic record in the staff client.
2. Expand the "New" menu and open "New item" in new tab.
3. The new tab will immediately close.
4. Apply the patch.
5. Perform steps 1-2 again.
6. The tab should now remain open.
Sponsored-by: Gothenburg University Library
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch moves several English strings out of members-menu.js and into
str/members-menu.inc where they can be picked up by the translation
process. The following strings are affected:
"Are you sure you want to renew this patron's registration?"
"Are you sure you want to update this child to an Adult category? This
cannot be undone."
"Dates of birth should be entered in the format 'MM/DD/YYYY'"
"Dates of birth should be entered in the format 'YYYY-MM-DD'"
"Dates of birth should be entered in the format 'DD/MM/YYYY'"
"Dates of birth should be entered in the format 'DD.MM.YYYY'"
This patch also makes a correction to members-toolbar.inc in order to
enable the presence of the "Update child to Adult" menu item.
To test:
- Install and update a language.
- Check the po-file for that language. You should find no msgid for
the strings listed above.
- Apply the patch.
- Update the language you installed.
- You should find entries for all the strings above.
- Translate those messages and update the translated templates.
- Reinstall the translation.
In the staff client:
- Select your updated translation.
- Open an expired patron's account and choose "Renew patron" from the
"More" button in the toolbar. You should be prompted for confirmation
using the translation you provided.
- To test the "Update child" confirmation you should have only one
patron category in the "Adult" category.
- Open a patron record with a child category and choose "Update
child" from the "More" menu in the toolbar. You should be prompted
for confirmation using the translation you provided.
- To test the date format messages: From the patrons home page, expand
the advanced search options in the header search form. Select "Date
of birth" under "Search fields." A correctly-translated tooltip
should appear above the search field.
Signed-off-by: Michal Denar <black23@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Since
commit 1253975389
Bug 21091: Move add item template JavaScript to a separate file
items cannot longer be edited when receiving an order.
When moving the code to the JS file, the JS variable "opisadd" was
always set to "true":
var opisadd = '[% opisadd | html %]';
Even if the TT variable is 0, opisadd will be "0", which is evaluated to
true in Javascript
To clean the situation it is easier to remove this variable and use "op"
instead.
Test plan:
- Make sure acqcreateitem is set to "when placing an order"
- Create a basket with some orders
- Close the basket
- Go to your vendor and receive an order
- On the receive page, try to edit your item
=> Without the patch, the pop up page will open and then close, not allowing the item to be edited.
=> With this patch applied you will see the item edit form. Save and
confirm that the parent window is updated with the new value (actually
it's refreshed)
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch moves the JavaScript in the add item template to separate
files: 1 JS file and 1 include file containing translatable strings.
While moving the JS to cataloging_additem.js I have made some changes to
quiet ESLint warnings (spacing, variable definition).
To test, apply the patch and open the add item page for an existing
record. Test the various JS-driven functionalities:
- Table sorting
- Table column configuration
- Table searching
- Table inline edit/delete links (click anywhere in the table row)
- Add multiple item form show/hide
- Add multiple item warning when adding 100+ items
Signed-off-by: Jose-Mario Monteiro-Santos <jose-mario.monteiro-santos@inLibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This follow-up modifies JavaScript so that the confirmation dialog is
triggered when deleting a patron image from the modal window.
The CSS is modified to improve the alignment of patron image and edit
button.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 11401 introduced code to support Norwegian national library card.
This code is too specific to be part of Koha as it, it should be a
plugin instead.
Moreover nobody uses it, but a modified version (see comment 3).
Test plan:
Add/edit/delete patron and make sure there are no regressions introduced
by these patches
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Code and variables to deal with the update child feature are not
centralized but copied/pasted in several scripts. Which leads to issues
obsviously (bug 20805 for instance).
Moreover the strings used by the templates are also in several template
files (or .inc)
To deal with that this patch introduces the idea to create 1 .inc file
per .js file
Here we have members-menu.inc for members-menu.js
Test plan:
- Remove all your adult categories (categories.category_type='A')
- Create a patron with a child category
- Try to update to adult category
=> The entry does no longer appears! (This is a change in the behaviour)
- Create one adult category
- Update to adult category
=> There is a JS confirmation message, if you accept the patron will
be updated to the adult category
- Create (at least) another adult category
- Create another child
- Update to adult category
=> No more confirmation message but a popup to select the adult category
- Pick one
=> The patron has been updated to the adult category
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>