This patch adds two sysprefs to allow libraries more fine-grained control over
when fines can and can't be overridden. The two sysprefs are:
* AllFinesNeedOverride - when this syspref is set to "Require" (default) any
fine will require a staffmember to override the fine in order to check out a
book. When set to "Don't require," fines below noissuescharge will not need
any override.
* AllowFineOverride - when this syspref is set to "Allow," staff will be able to
override fines that are above noissuescharge. When set to "Don't allow"
(default), staff will not be able to check out items to patrons with fines
greater than noissuescharge.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Typo fix. Thanks for spotting it Marcel.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
The fix for 3319 overwrote the @branchloop variable with output from GetBranchesLoop,
which forces a selected branch. Removing the extra call, and just measuring the size of
@branchloop as it was build, plus some dereferencing, fixes the issue.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Fix for Bug 5551 overwrote the necessary changes to opac-detail.pl
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
solve comment 10 from nengard: This patch added these types only on upgrade. We need them to be added to new
installs to.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This patch fixes the bug that caused 780s in the staff client details XSLT to
display in progressively smaller fonts. This also corrects the semantics of the
780 ind1.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Small correction of e umlaut. [Something happened with encoding of signed patch; my original patch did not show a wrong character.]
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
If you have a list of holds on a biblio, and one or more are in-transit, then the
array that is fed to modrequest.pl is not fully-populated, lacking the branch on the
in-transit rows. If you then attempt to edit one of the remaining holds' pickup
location, it doesn't modify the one you expect, but ones *above* that. Also, holds
at the bottom of the list get the first pickup library in the list, since they are
getting undef passed in.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Original patch submitted by dswhite42@yahoo.com
Reformatted to apply cleanly.
Changed alert message during check-in to message used
on borrower account checkout page.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This patch addresses both security issues mentioned in the summary of the report
submitted by Frère Sébastien Marie included below.
---------------------------
The problem is here: 'C4/AuthoritiesMarc.pm' in the function 'DelAuthority':
The argument $authid is included directly (not via statement) in the SQL.
For the exploit of this problem, you can use 'authorities/authorities-home.pl'
with authid on the URL and op=delete (something like
"authorities/authorities-home.pl?op=delete&authid=xxx").
This should successfully call DelAuthority, without authentification...
(DelAuthority is call BEFORE get_template_and_user, so before authentification
[This should be an issue also...]).
Please note that the problem isn't only that anyone can delete an authority of
this choose, it is more general: with "authid=1%20or%1=1" (after inclusion sql
will be like: "delete from auth_header where authid=1 or 1=1") you delete all
authorities ; with "authid=1;delete%20from%xxx" it is "delete from auth_header
where authid=1;delete from xxx" and so delete what you want...
SQL-INJECTION is very permissive: you can redirect the output in a file (with
some MySQL function), so write thea file of you choose in the server, in order
to create a backdoor, and compromise the server.
Signed-off-by: Frère Sébastien Marie <semarie-koha@latrappe.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Change to how subfield is derived had not been implemented in
opac-results-grouped causing ARRAY(hexnumber) to follow all titles
Replace template ref to scalar with an array
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Follow up patch. Improvement suggested by Belgian translators (Hans Supply).
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Enhancement for Acquisitions/ordering from external source.
Koha already checked for duplicates, but this patch warns the user. Offers the choice to use existing record, use new record or return without making an order.
The new template is added for this interaction with the user.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
POD was mistakenly telling that NFD was supposed to be the default
encoding. In fact, it is not, it is NFC.
So the variable $nfc to change to the not default encoding was misleading.
Renaming it into $nfd
(written by hdl)
Refactored by Chris Cormack
Signed-off-by: Davi <davi@gnu.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Disabling that part of the calendar JavaScript which hides
<select> form fields when the calendar is displayed. This is at
the expense of IE6.
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
A change was made to MARCdetail.tmpl without making a corresponding
change to MARCdetail.pl. I've reworked the original change so that
both can work together.
0XX --> tab0XX
Apparently TMPL variables can't start with a number now?
MR: Recreated patch file to recover failure to apply.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
The messaging prefs form was hardcoded to use 'transport-$transport_type', rather than
'transport_$transport_type'. The result was an uneditable messaging preferences form.
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
