This patch moves the Emoji picker JS assets out of opac-bottom.inc and
into opac-detail.tt. This prevents the assets from being loaded on every
page of the OPAC when they're only used on opac-detail.
The patch also combines and minifies the 4 JavaScript files used by the
feature. opac-detail.tt now loads only the one file.
To test, apply the patch and make sure the TagsEnabled and
TagsInputOnDetail preferences are enabled.
- Log in to the OPAC and view the detail page for a bibliographic
record.
- Click the "Add tag(s)" link
- Verify that the emoji-picker works for adding emojis
Signed-off-by: David Roberts <david@koha-ptfs.co.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
opac-reportproblem.pl returns a 404 in that case
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
To test:
1) Apply patch, update database, rebuild schema file
2) Restart koha-common and memcached
3) Confirm that your user has an email address.
4) Confirm that your library does NOT have an email address.
5) Confirm that syspref KohaAdminEmailAddress and syspref ReplytoDefault are not filled. Enable the OPACReportProblem syspref.
6) Log into OPAC
7) Click the 'Report a problem' link at the bottom of whatever page
you're on
8) Notice that there is no form is and there is an error message alerting that reports cannot be submitted
9) Add an email address for your library (in either the email field or the replyto field). Refresh the OPAC problem report page. The form should now show, and the recipient field should say 'library'.
10) Complete the form and submit. Check the message_queue in the database and confirm the to_address is correct. Confirm there is a success message.
11) Add an email address for the syspref KohaAdminEmailAddress and refresh the OPAC problem report page again. The recipient field should now be a dropdown. Select the Koha Administrator option.
12) Complete the form and submit. Check the message_queue in the database and confirm the to_address is the value in KohaAdminEmailAddress. Confirm there is a success message.
13) Ensure all details in the message_queue are correct.
14) Log out of the OPAC
15) Click the Report a problem link again and confirm you are forced to log in
Sponsored-by: Catalyst IT
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
And certainly in other sripts as it is in opac-bottom.inc
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch replaces CSS-based background image icons with Font Awesome
icons. This will eliminate the use of sprite.png altogether.
To test, apply the patch and regenerate the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
Because JavaScript events are often triggered by class, the changes made
in this patch require testing of JavaScript-driven behavior as well as
visual confirmation of the changes.
Enable OPAC features to expose them for testing: Login, Holds, Article
requests, Tags, Cart, Search term highlighting.
- Perform a search in the OPAC
- In the header at the top of the search results, check the
'Unhighlight/Highlight' link.
- Select some search results and verify that the multi-item controls
are enabled: Add to cart/Lists; Place hold; Tag. Check that these
controls work correctly.
- Verify that the following links look correct and work correctly:
'Place hold,' 'Request article,' 'Log in to add tags,' 'Add to
cart.'
- Log in to the OPAC and return to the search results page. Check the
'Add tag' and 'Save to lists' links.
- View the lists page
- Test the 'Edit' and 'Delete' controls.
- View the contents of a list. Test the following:
- Controls at the top of the table of results ('New list,'
'Download list,' 'Send list,' 'Print list,' 'Edit list,' and
'Delete list').
- Multi-selection operations: 'Place hold,' 'Tag,' and 'Remove
from list.'
- Controls for each item on the list: 'Place hold,' 'Add tag,'
'Save to another list,' 'Remove from this list,' and 'Add to
cart.'
- View the bibliographic detail page for any search result
- In the right-hand sidebar menu, verify that these controls look
correct and work correctly: 'Place hold,' 'Print,' 'Request
article,' 'Save to your lists,' 'Add to your cart,'
'Unhighlight,' 'Send to device,' 'Save record,' and 'More
searches.'
- Test the shelf browser by clicking 'Browse shelf' under the call
number for any of the holdings.
- Test the 'Next' and 'Previous' controls.
- Check the tabs for switching between 'Normal,' 'MARC,' and 'ISBD'
views and verify that they look correct on each of those pages.
- Add some items to the Cart and open the Cart
- Test the cart controls at the top: 'More details/Brief display,'
'Send,' 'Download,' 'Empty and close,' 'Hide window,' 'Print.'
- Test the multiple-selection controls: 'Remove,' 'Add to list,'
'Place hold,' and 'Tag.'
- Log in to the OPAC as a user who has items checked out which can be
renewed. On the 'Your summary' page, on the 'Checked out' tab, test
the 'Renew selected' and 'Renew all' links.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch upgrades jQuery to 3.4.1, jQuery-UI to 1.12.1, and adds the
jQuery-migrate plugin to ensure backwards-compatibility with existing
jQuery plugins and code. An updated of jquery-ui-rtl.css has been
created by converting the new version of jquery-ui.css.
All jQuery assets are now include the version number in the file name
just as we now do in the staff client.
Besides updating file names in the templates, there was only one change
made: opac-results.tt had a typo which has been corrected.
To test, apply the patch and test as many different pages in the OPAC as
possible, including self-checkout and self checkin. Keep the browser
console open and watch for JavaScript errors. All JavaScript-driven
behavior should work correctly. For instance:
- Tabs
- Datepickers
- Select all/none operations
- Cart and lists popups
- Search result highlighting
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
TEST PLAN:
1) Apply the patch with git-bz
2) Run updatedatabase.pl
2.1) Console output should confirm database modification
3) Visit the 'Enhanced Content' tab of admin/syspref
3.1) ressource is /cgi-bin/koha/admin/preferences.pl?tab=enhanced_content
3.2) You should see that the previous preference, Coce, is now CoceOPAC,
and that a new preference was added, CoceIntranet
4) Activate CoceIntranet
5) Do a search for a book for which you have a Coce cover
5.1) The cover image url should now point to a provider you defined in Coce
5.2) Your Coce log should show a query
6) Click on the book's name to visit the detail.pl page
6.1) The book's cover should also be provided by Coce on that page
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch moves untranslatable strings out of overdrive.js and into
opac-bottom.inc where other strings are defined for use in JavaScript
files.
To test you must have OverDrive integration set up, including
OverDriveCirculation. Test the various Overdrive integration features:
- Placing holds
- Cancelling holds
- Checking out
- Checking in
These features should work as expected.
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch coverts the syntax for embedding OpacUserJS in the global
include file so that it uses 'Koha.Preference' syntax. This makes the
data available in templates, like the OPAC maintenance page, to which
the preference data has not been explicitly provided.
To reproduce: Add some JavaScript to the OPACUserJS system preference
which will let you know it's working. For instance:
alert("OPACUserJS!");
Turn on the OPAC maintenance message using the OpacMaintenance system
preference. Navigate to the OPAC. You should see the system maintenance
page but you should not see an alert.
To test, apply the patch and reload the OPAC page. Your alert should
show.
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch undoes a mistake introduced in my patch for Bug 21479. A
"preventDefault()" was added to the search history clear button by
mistake. The "confirmDelete" function only works if the default action
of the link is allowed to complete.
To test you must have the EnableOpacSearchHistory system preference
enabled. Apply the patch and log into the OPAC as a patron who has a
search history.
Click the "X" link in the header next to the "Search history" link.
Confirm that you want to clear your search history. The page should
refresh. Navigate to your account -> Your search history to confirm that
your search history has been cleared.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
To test:
1 - Enable OverDrive and RecordedBooks (you can put anything in the
prefs)
2 - Search on the opac - verify you get results (or search error) on
first page of results'
3 - Go to second page of results - OD and RB are not searched
4 - Apply patch
5 - Verify nothing has changed
If you have valid credentials:
1 - Enable RB prefs
2 - Sign in with an account that has an email matching your registered
account for recordedbooks
3 - Confirm you RB account loads on opac-user.pl
Otherwise:
Read the patches, verify it all makes sense
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch has been generated with the script provided on bug 21576.
It only affects variable used in the href attribute of a link *when*
href it the first attribute of the node (grep "a href")
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch adds local copies of the font files specified in the original
patch. A new JavaScript file has been added, fontfaceobserver.min.js,
which helps gracefully load font assets.
https://github.com/bramstein/fontfaceobserver
Information about the new assets has been added to the about page.
When using web fonts, there can be a delay, while the browser loads the
font files, between the time the page loads and the time the fonts
render. Font Face Observer allows us to specify a default font for the
initial page render, and then apply the web font after it has loaded.
To test, apply the patch and regenerate the OPAC css. View any page in
the OPAC and confirm that the custom font renders properly.
View the About page in the staff client and confirm that the new license
information looks correct.
Patch applies and OPAC and license look good. Looking forward to this.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The 'Items in your cart' message is obsolete with the cart dropdown
box being removed.
Therefore the assignment of this text into the
MSG_IN_YOUR_CART variable (which is done in the opac-bottom.inc), and
the use of the MSG_IN_YOUR_CART variable in the updateBasket() function
(in the OPAC's basket.js) has been removed.
Sponsored-By: Toi Ohomai Institute of Technology, New Zealand
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch changes the way biblionumbers are passed to the cart script
for adding and removing single items. The title's biblionumber is now
stored in a data-attribute on the links for adding and removing. This
should be a more robust, unified way to handle these single-item
operations.
To test, apply the patch and enable the opacbookbag system preference.
Test adding and removing items from the cart from various pages using
various methods:
- By clicking an "Add to your cart" / "Remove" link in search results
- By clicking an "Add to your cart" / "Remove" link on a detail page
- By checking boxes in search results and adding via the dropdown
Each operation should work correctly.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
RM update: Remove accidental tabs from updatedatabase.pl
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch removes references to a form_serialized_itype cookie which
appears in the code as part of the process of storing information used
in the generation of the "Return to the last advanced search" link.
To test, apply the patch and perform an advanced search in the OPAC
using several search options including a limit by item type. From the
search results page, follow the "Return to the last advanced search"
link. The advanced search form should appear with all the search options
you submitted before.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch is a reimplementation of the original from Indranil Das Gupta
and the QA follow-up from Julian Maurice. Original test plan:
Conformance rules for HTML5 is generating warnings for <script> element
with type="text/javascript" attribute when the OPAC page is checked
with W3C Validator. This patch removes the cause of these warnings.
Test plan
=========
1/ Paste the URL to your OPAC page (if it is hosted) to W3C Validator
and watch about 10+ warnings being generated by the validator.
2/ Apply patch and re-submit the page to the Validator. The warnings
would be gone.
Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
mechanism, it will be tedious
This patch:
- adds a Template::Toolkit plugin that generates <script> and
<link> tags for JS and CSS files, and inserts automatically the Koha
version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable
Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
checking your browser's dev tools (there should be no 404 for JS and
CSS files, and the Koha version should appear in filenames) and the
server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
A number of Koha plugins have been written that enhance Koha's public catalog. These plugins often make due to adding css and javascript to the various opac system preferences. It would be nice if the plugin system had hooks so plugin developers could add code the the head block and the area where we include javascript in the opac template.
Test Plan:
1) Apply this patch
2) Download and install the Kitchen Sink plugin ( v2.1.12 or later )
https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases/download/v2.1.12/koha-plugin-kitchen-sink-v2.1.12.kpz
3) Install the plugin
4) Restart all the things if you can ( restart_all if you are using kohadevbox )
This will ensure the plugin takes effect right away, it should be
necessary but it won't hurt anything!
5) Load the opac, notice you get an alert message and the background
for your opac is now orange ( assuming you've not customized the
opac in any way )
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch introduces an emoji picker int othe OPAC's tag entry form.
It relies on the emoji-picker library [1]
To test:
- Apply the patches
- Restart all services (just in case some caching is taking place):
$ restart_all
- Log into the OPAC
- Do a search, pick a record
- On the detail page for the record, click on 'Add tags'
=> SUCCESS: An input form is displayed, with an emoji picker on the
right.
=> SUCCESS: Choosing an emoji populates the input with it
- Set 'TagsModeration' and retry
=> SUCCESS: Proposed tags are displayed correctly on the staff interface
for tag moderation
- Sign off :-D
Sponsored-by: Hotchkiss School
[1] https://github.com/OneSignal/emoji-picker
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The biblionumber parameter is sent by the user, we must escape all of
them to avoid XSS.
Fixes: Cross-site scripting OPAC pages
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1) Add more than one library, at least two in total is needed. Make note
of which is your current user's home branch.
2) Go to Tools -> News and add one global ("All") news item and one
specific for each branch.
3) Apply the patches.
4) Perform database upgrades when you log in.
5) Go to OPAC main, it should work as before: Showing global news as
well as the news for your home branch once logged in.
6) Go to System Preferences -> OPAC and set 'OPACNewsBranchSelect' to
yes.
7) Go to OPAC main, you should see the global news item plus any items
for your home branch for the current user if logged in.
8) Above the news, you will see a dropdown that lists the branches.
Select one, and click "Change library."
9) You should now see global news and the news for the selected branch,
regardless of whether logged in or not.
Sponsored-By: Halland County Library
Fixes QA comments:
* Keep the current selected branch selected
* Change OPACNewsBranchSelect -> OPACNewsLibrarySelect
* fix 'system wide only' view for logged in user. We still show system
wide even when a library is selected.
* Removed the "change library" link
* Added a label to the field.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Zeno Tajoli <z.tajoli@cineca.it>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Persona never really took off, and although many browsers currently
support it, very few services actually implement it.
This has lead to it's founders, Mozilla, to end the project. In their
own words:
=============================================================================
Persona is no longer actively developed by Mozilla. Mozilla has
committed to operational and security support of the persona.org
services until November 30th, 2016.
On November 30th, 2016, Mozilla will shut down the persona.org services.
Persona.org and related domains will be taken offline.
If you run a website that relies on Persona, you need to implement an
alternative login solution for your users before this date.
For more information, see this guide to migrating your site away from
Persona:
https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers
=============================================================================
Given the above, and that the Persona authentication methods as a whole
are no longer being actively maintained by anyone anywhere to ensure
ongoing security, we should deprecate the option from koha.
Test plan:
Apply this patch and make sure you do not find any references of Persona
Have a look at patches from bug 9587 and confirm that everything has
been reverted
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Code looks good to me.
Also ran several tests including: Auth.t, Auth_with_shibboleth.t.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
There are two instances which use onclick in the OPAC masthead: clearing
search history, and logging out.
To test:
Confirm that clearing search history using the 'x' in the masthead, and
logging out by clicking 'Log out' in the masthead, work the same before
and after the patch.
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
On bug 17210, the selector .addtoshelf should not have caught the
.addtoshelf nodes from the result list.
To fix this, we just need to make the selector more specific (and cannot
reuse it without more changes, the biblionumber variable is not the same
- vs SEARCH_RESULT.biblionumber).
Test plan:
Make sure the 2 links (from detail and search result) "Save to lists"
and "Save to your lists" work as expected.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Four instances of onclick here:
1) Print
2) Save to your lists
3) Add to your cart
4) Remove from cart
To test:
Find a biblio detail page in OPAC and confirm all four events above work
as expected before and after the patch.
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch replaces the hardcoded protocol ("http") from the URI with
https since that is what Google defacto uses to serve JS resources
Prevents MIXED CONTENT failure, allowing GoogleIndicTransliteration
to function correctly when used in SSLized OPACs.
Test plan
---------
1/ Make sure your OPAC is being served both over HTTP and HTTPS
2/ Set GoogleIndicTransliteration syspref to "Show"
3/ Access the OPAC over http, Google transliteration element will
show up in masthead searchbox.
4/ Access the OPAC over https. The element will not show. Console
will show MIXED CONTENT error and failure of google loader.
5/ Apply patch. Repeat steps #3 and #4 again. Now in both cases
GoogleIndicTransliteration will work.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
MSG_NO_RECORD_SELECTED declared two times
To test: Go to cart and list (virtual shelves) in OPAC and
verify if those pages work as expected
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Insert SCOUserCSS/JS 'after' OPACUserCSS/JS rather than 'instead of'
i.e. Remove IF/ELSE and use 2 IF
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
Currently if not logged in when browsing to
http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl
You are redirected to opac-auth.tt and SCOUserCSS and SCOUserJS are not
loaded. This page passes through a parameter to the template to indicate
this is an SCO login and appropriate CSS and JS should be loaded.
Additionally this patch ensure that when loggin in using the form you
are redirected to the sco-main.pl instead of the patron account page for
the user.
To test:
1 - Verify that normal login works on both staff and opac
2 - Verify that SCO link goes to login page if AutoSelfCheckAllowed is
set to "Don't allow"
3 - Enter changes into SCOUserJS and SCOUserCSS and observe these are
present on SCO log in page with AutoSelfCheck disabled
4 - Verify that a logged in opac user without permissions cannot access
the self-checkout module
5 - Verify that AutoSelfCheckAllowed and associated system preferences
function as expected
6 - Verify the AutoSelfCheck user is logged out if they attempt to visit
another page
Followed test plan.
If I go to http://YOURCATALOG/cgi-bin/koha/sco/sco-main.pl, CSS and JS trigger already on
the login form, I suppose that is intended.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
Revert "DBRev to make notes of the XSS patches and the new important dependency."
This reverts commit e140603a59.
Revert "Bug 13618: Specific for branches.opac_info"
This reverts commit 06e4a50f00.
Revert "Bug 13618: (follow-up) Specific for other prefs"
This reverts commit d6475a111f.
Revert "Bug 13618: Fix for debarredcomment and patron messages"
This reverts commit dd98c9df92.
Revert "Bug 13618: Do not display html tags in patron's notices"
This reverts commit a065b243fe.
Revert "Bug 13618: Do not display and html tags in item fields content"
This reverts commit baeeaffbf8.
Revert "Bug 13618: Fix for system preference description"
This reverts commit a967a09261.
Revert "Bug 13618: Remove html filters for newly pushed code"
This reverts commit 0e98662b10.
Revert "Bug 13618: (follow-up) add missing lines for opac-shelves"
This reverts commit fc2fb605e5.
Revert "Bug 13618: (follow-up) Specific for ColumnsSettings"
This reverts commit bc308fdd9c.
Revert "Bug 13618: Fix for edit biblios and items"
This reverts commit 811c4e8402.
Revert "Bug 13618: followup to remove tabs"
This reverts commit ca8e8c397c.
Revert "Bug 13618: Fix last occurrences recently introduced to master"
This reverts commit bb417b256b.
Revert "Bug 13618: Fix for news"
This reverts commit ae5b98020a.
Revert "Bug 13618: Fix escape on sending baskets or shelves by email"
This reverts commit a7731ffe25.
Revert "Bug 13618: Specific for XSLTBloc"
This reverts commit 11fa38dc29.
Revert "Bug 13618: Specific for Salutation on editing a patron"
This reverts commit 36c07ad6d3.
Revert "Bug 13618: Specific for other prefs"
This reverts commit e6ea281a3b.
Revert "Bug 13618 - memberentrygen.tt errors Not a GLOB reference"
This reverts commit 7824874557.
Revert "Bug 13618: Specific for ColumnsSettings"
This reverts commit 1834da3da3.
Revert "Bug 13618: Specific for IntranetUser* and OPACUser* prefs"
This reverts commit 21ae62b253.
Revert "Bug 13618: Fix error 'Not a GLOB reference'"
This reverts commit 602bdbab4c.
Revert "Bug 13618: Specific for the ISBD view"
This reverts commit d254362435.
Revert "Bug 13618: Specific for pagination_bar"
This reverts commit 8837a8ae68.
Revert "Bug 13618: Specific places where we don't need to escape variables - intra"
This reverts commit 00eff140b3.
Revert "Bug 13618: Remove html filters at the intranet"
This reverts commit 7db851ff03.
Revert "Bug 13618: Specific places where we don't need to escape variables"
This reverts commit 49a3738b8d.
Revert "Bug 13618: Remove html filters at the OPAC"
This reverts commit cedaa0e23e.
Revert "Bug 13618: Use Template::Stash::AutoEscaping to use the html filter"
This reverts commit 01b38d3b13.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
To test:
1) Apply patch
2) Go to a record (ie opac-detail.pl) and add tags that already exist with that record
3) Confirm new error message
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Rewording Ok for common patrons
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
It seems to be the way to fix that
https://stackoverflow.com/questions/13649459/twitter-bootstrap-multiple-modal-error
Test plan:
1 - Place a hold through the opac
2 - View your account->Holds
3 - Click suspend hold
4 - You should be able to select a date using the arrows and dropdowns
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
This patch makes a few changes to the way errors are handled in the
OPAC:
- The validation plugin has been moved from the global include file to
the template itself. Since we aren't doing form validation on any
other page yet it doesn't make sense to include it globally at this
time.
- The error message which appears if you have JavaScript disabled and
have submitted invalid emails was styled in a non-standard way.
- I have added in-page links to the error message which appears if you
have JavaScript disabled so that you can click to jump to the field
which contains the error.
- I have modified the error message language slightly to make it (I
hope) read better.
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds server-side & client-side validation for email
form fields in the members/memberentry -view and in the
opac/memberentry-view (bootstrap).
I recently added simple validation for phone number and email address fields
for our in-house koha and saw this old bug: I'm open to any ideas on how
to do this better. Validation for phone numbers would be easy to add on
top of this but I left it out since this bug is only about the email
fields.
To test:
1) Select a member and go to any of the edit forms with email fields
(Primary info, "Library use", "Alternate address", "Alternative
contact").
2) Disable javascript in the browser in order to test server-side
validation and try to input invalid emails in each of the email form
fields.
3) Confirm that an invalid address is catched from any of the email
fields, an alert shown for each invalid address and that the member's
information was not updated with invalid data.
4) Enable javascript in the browser.
5) Confirm that the jquery validation plugin caches invalid addresses
from any of the email fields and that you cannot send the form before
correcting the problem.
6) Perform the same tests for the opac-memberentry-view.
Note: as the jQuery validation plugin doesn't exist in the bootstrap
folder, I just copied it over from the staff-client folder -how to deal
with this?
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I have undone the changes to opac.css so that they can be submitted as a
separate patch. I have some other follow-ups to make as well.
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
