There is a security hole in 2 scripts that are used by the UI to edit
holidays.
To test:
1) Go to Tools -> Calendar, for Centerville
Check no holiday for 30/4/2020
2) To add a new holiday without login execute
a curl command with necessary parameters
3) Reload page from 1), verify the new holiday
edit and delete the holiday
4) Apply the patch
5) Do 2) again, this time you get a lengthy output,
with the magic words:
<title>Koha ›
Log in to Koha
</title>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Check that the following files don't contain use strict; use warnings;
and have use Modern::Perl instead.
background-job-progress.pl
batchMod.pl
copy-holidays.pl
exceptionHolidays.pl
holidays.pl
import_borrowers.pl
koha-news.pl
letter.pl
manage-marc-import.pl
newHolidays.pl
overduerules.pl
quotes-upload.pl
quotes.pl
quotes/quotes-upload_ajax.pl
quotes/quotes_ajax.pl
scheduler.pl
stage-marc-import.pl
upload-cover-image.pl
Also the credits have been added to newHolidays.pl
Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
s/Koha::Cache->get_instance/Koha::Caches->get_instance
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
https://bugs.koha-community.org/show_bug.cgi?id=11921
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch removes C4::Dates from:
Remove C4::Dates from:
- tools/exceptionHolidays.pl
- tools/holidays.pl
- tools/newHolidays.pl
- C4/Calendar.pm
To test:
- Go to Home > Tools > Calendar
- Add, edit, delete the different types of holidays and exceptions
- git grep 'C4::Calendar' and test such files
- prove t/Calendar.t
(Amended following comments #3 and #4 / mv)
(Amended following comment #7 / 25.10.2015 / mv
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
http://bugs.koha-community.org/show_bug.cgi?id=14945
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
this patch adds Koha::Cache functionality to the 'single_holidays' table
it is a performance patch for the problem described in BZ14315, only
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14315
it replaces slooow DateTime holiday objects with simple Ymd strings (19991230), then stores the strings in an @array using Koha::Cache
it does not attempt to add caching to all holiday tables - just the single_holidays table (at this stage
on my test (master-cd9a827); nytprof showed a time reduction of the single_holidays() sub - from 61.7s to 587ms
here are some before/after nytprof runs, (really on master-cd9a827, not 3.20)
http://x1.kohaaloha.com/i/nyt-bz14522-before/home-mason-g-k-3-20-x-Koha-Calendar-pm-1485-line.html#237http://x1.kohaaloha.com/i/nyt-bz14522-after/home-mason-g-k-3-20-x-Koha-Calendar-pm-1485-line.html#280
to test...
1/ add a bunch of single_holidays to your test koha, (my table has 400 holiday rows)
2/ add a loong circ rule for an itemtype (my rule has 140 days)
3/ checkout an item to a user (took me 67 secs)
apply patch...
4/ return item
5/ repeats steps 1..3, (took me 6 secs)
6/ add/change/delete some various single_holidays, via Home->Tools->Calendar
ensure that your various changes have indeed saved correctly
for extra points...
7/ run tests t/Calendar.t and t/db_dependent/Holidays.t, with all tests pass OK
sudo koha-shell -c ' export PERL5LIB=/home/mason/g/k/master ; \
cd /home/mason/g/k/master ; perl t/Calendar.t ; perl t/db_dependent/Holidays.t ' testkoha
8/ run QA tool, with all tests pass OK
sudo koha-shell -c ' \
export KOHA_CONF=/etc/koha/sites/mayo2/koha-conf.xml \
export PERL5LIB=/home/mason/g/k/master:/home/mason/qa-test-tools/ ; \
cd /home/mason/g/k/master ; perl /home/mason/qa-test-tools/koha-qa.pl -c 1 ' testkoha
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
the internal sub add_holiday uses some variables that are defined in the main script, usual fix
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Four new options, one for single holidays, one for the repeatable holidays.
One to create exceptions on a range of dates, one to delete exceptions in a range of dates.
Note that the exceptions are not deleted if you delete a range of repeatable dates.
But if you delete a range of single holidays the exeptions inside will be deleted.
Signed-off-by: Stephane Delaye <stephane.delaye@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Allow to select a range between 2 dates and in one "submit" creates holidays only on these days.
I have added also Holidays repeated yearly on a range.
On suggestions I have added a datepicker for "To Date".
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch adds a select box to the new holiday form that allows the user to copy the holiday to all branches. If a holiday for a particular location already exists for a location, that holiday and location is not changed.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
If a user adds or edits a holiday, the calendar will now return to the month in which the user was working. Also after an add or an edit, if the user selects another location, the calendar remains in the same month for which the add or edit took place. The user sees a 'calendardate' parameter in the URL in the format that is chosen as the system preference. If an invalid date is entered in the url, the current date is used.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.
Contrib from Tmer Garip (from Turkey) :
* holiday :
in /tools/ the holiday.pl script let you define holidays (days where the library is closed), branch by branch. You can define 3 types of holidays :
- single day : only this day is closed
- repet weekly (like "sunday") : the day is holiday every week
- repet yearly (like "July, 4") : this day is closed every year.
You can also put exception :
- sunday is holiday, but "2006 March, 5th" the library will be open
The holidays are used for return date calculation : the return date is set to the next date where the library is open. A systempreference (useDaysMode) set ON (Calendar) or OFF (Normal) the calendar calculation.
