This patch attempts to replace <i> with <em> AND <b> with <strong> in
order to more accessible to screen readers. This patch makes no attempt
to change Font Awesome icons which typically use <i>. I found templates,
includes and XSLT by using 'git grep ‘<b>’
koha-tmpl/opac-tmpl/bootstrap/en/' and git grep ‘<i>’
koha-tmpl/opac-tmpl/bootstrap/en/
TEST PLAN:
There should be no visible difference on the changed pages. The files
changed are:
koha-tmpl/opac-tmpl/bootstrap/en/includes/holds-table.inc
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-note.inc
koha-tmpl/opac-tmpl/bootstrap/en/modules/clubs/enroll.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth-MARCdetail.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-browser.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-course-details.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-downloadshelf.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-messaging.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-opensearch.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-overdrive-search.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-privacy.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results-grouped.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-review.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shareshelf.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt
koha-tmpl/opac-tmpl/bootstrap/en/xslt/MARC21slim2OPACResults.xsl
koha-tmpl/opac-tmpl/bootstrap/en/xslt/NORMARCslim2OPACResults.xsl
koha-tmpl/opac-tmpl/bootstrap/en/xslt/UNIMARCslim2OPACResults.xsl
koha-tmpl/opac-tmpl/xslt/OAI.xslt
Read the changes and make sure everything looks correct, try to visit as
many pages as possible and confirm that everything looks as it should.
grep around for cases of <b> or <i> that I could have missed.
Signed-off-by: Timothy Alexis Vass <timothy_alexis.vass@ub.lu.se>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes 2 changes:
- bug 22702 allowed adding HTML to the circulation note, so this patch
restores that ability.
- display OPAC note and messages as multi-line in OPAC
To test:
- Add a circulation and an OPAC note with line breaks and HTML tags
to the patron account
- Add a message with line breaks to the patron account
- Check line breaks don't show on
- OPAC > patron account > my summary page
- Staff > patron account > details
- Apply patches
- Repeat test
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Display patron messages from OPAC summary page on SCO screen as well.
To test:
- Make sure you have patrons with and without OPAC note and OPAC messages
- Log in to OPAC and go to patrons 'your summary' page to display note
and messages
- Apply patch
- Refresh patrons detail page. Verify that it looks the same as before
- Go to SCO
- Log in as such patron
- Verify that note and messages appear the same as on OPAC summary page
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>