Commit graph

11 commits

Author SHA1 Message Date
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
c53dfb5562 Bug 26331: Make svc/letters/preview executable
Without this patch, you can't preview letters when running Koha in CGI mode.

To test:
1. Run Koha as CGI (and not Plack)
2. Go to /cgi-bin/koha/tools/letter.pl?op=add_form&branchcode=&module=circulation&code=CHECKIN
3. Try to preview the notice (using a valid barcode)
4. Note in the browser console that svc/letters/preview is generating a 500 error

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 13:40:00 +02:00
638786e719 Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 10:40:35 +02:00
Aleisha Amohia
700b7dfa09 Bug 7862: Preventing warns when creating a notice
To reproduce warns:
1) Go to Tools -> Notices & slips
2) Create a new notice of any module

Notice these warns:
Use of uninitialized value $code in regexp compilation at
/home/vagrant/kohaclone/tools/letter.pl line 265.
Use of uninitialized value $code in regexp compilation at
/home/vagrant/kohaclone/tools/letter.pl line 265.
Use of uninitialized value $code in regexp compilation at
/home/vagrant/kohaclone/tools/letter.pl line 265.

CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_svc_letters_get line 50, this
can lead to vulnerabilities. See the warning in "Fetching the value or
values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_svc_letters_get line 50, this
can lead to vulnerabilities. See the warning in "Fetching the value or
values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

3) Create a new notice of the Circulation module

Notice this additional warn:
Use of uninitialized value $code in pattern match (m//) at
/home/vagrant/kohaclone/tools/letter.pl line 258.

To test:
4) Apply patch and refresh page
5) Run steps 1-3 again and confirm no warns show

Sponsored-by: Catalyst IT
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-05-15 12:10:52 +00:00
39be84754f Bug 17981: (QA follow-up) Fix and update pod in svc/letters/get
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-12 10:51:50 -03:00
c57ecd00ae Bug 17981: Do not crash if the template is already using TT syntax
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-12 10:51:50 -03:00
c9e23381f3 Bug 17981: Better error handling
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-12 10:51:50 -03:00
a236b684fd Bug 17981: Add a preview mode for notice templates
This patch is a first step to provide a preview mode for notice
templates.

CHECKIN, CHECKOUT and HOLD_SLIP are supported so far.
Maybe more, but I have not tested yet and the interface will not allow
you to generate the preview.

The idea is to provide an idea of how will render the messages generated
from a notice template.

A new "Preview" button is added close to each textarea on the editing
notice templates view.
For each notice template code (letter_code), we will need some input
data to produce the preview.

For instance, for CHECKIN we need an barcode. From the barcode we
can guess all the other data.
For CHECKOUT we will need the borrowernumber and the barcode.
Note that the way to enter the data for the preview is not really
user-friendly, for CHECKOUT you will have to fill
'borrowernumber|barcode', but the placeholder will help you to know how
and what to fill.
In the modal window, you will see 4 blocks:
1/ the content of the letter (with the placeholds << >>)
2/ the generated message (with the data filled)
3/ if the letter contained historical syntax markers, the screen will
try to generate a notice template using the TT syntax
4/ the generated message from this TT syntax
=> You will be able to compare the 2 generated messages.

What is the goal of this first patchset:
- Show this first POC and get feedback from other developpers
- Add a way to easily visualise the differences between the 2 syntaxes
- Confort users with the TT syntax and the migration step from the
historical syntax.

I'd like to get opinions before going further.

The possibilities:
- Mock data to get fully working generated messages for any notice
templates. For instance, for CHECKIN and CHECKOUT, the item is not
checked in/out yet. So we cannot access the issue's information.
(I have no idea how to do that)
- Browse the data to get the ones we want to use for the preview (big).

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-12 10:51:50 -03:00
e3f69fc114 Bug 17981: Move svc/letters to svc/letters/get
To allow another script under svc/letters

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-12 10:51:50 -03:00
Jonathan Druart
6f599652b1 Bug 13215: The same letter code can be used for several libraries
This patch fixes a major issue introduced by the
commit 5c4fdcf Bug 11742: A letter code should be unique.

The interface should let the possibility to create a default template
letter and some specific ones, with the same letter code (letter.code).

The patches submitted on bug 11742 tried to fix an issue based on a
(very bad) assumption: letter.code should be considered as a primary key and
should be uniq.

This patch reintroduces this behavior.
Note that the interface will block a letter code used in different
module (this is consistent not to have the same letter code used for different
needs).

This patch is absolutely not perfect, it just tries to change as less
change as possible and to use new tested subroutines.

Test plan:
1/ Verify that the problem raised on bug 11742 does not appears anymore.
2/ Verify there are no regression on adding, editing, copying, deleting
letters.
3/ Verify you are allowed to create a default letter template with a letter
code and to reuse for a specific letter (i.e. for a given library).

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-27 11:42:14 -03:00
Jonathan Druart
5c4fdcf78a Bug 11742: A letter code should be unique.
This patch is a dirty way to fix a design issue on notices.
Currently the code assumes that a letter code is unique. Which is wrong,
the primary key is module, code, branchcode.

Maybe we should add a primary key (id) for the letter table in order to
pass the id to the template and correctly manage the letter code
duplication.

Test plan:
Try to duplicate a letter code using edit, add and copy actions.
If you manage to do it, please describe how you did.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
2014-06-23 15:19:55 -03:00