This patch updates and adds help files to 3.20+
To test:
* Visit batch record modification and note that there is a help file
and confirm the text is right
* Visit export data, import borrowers, stage marc for import, and log viewer
* Confirm updated text is right
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This patch updates some of the help files for Admin areas in 3.20+
To test:
* Visit
* Frameworks, add field, add subfield
* Column settings
* Patron attributes
* Circ rules
* Confirm help loads up and is right
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The description of "gist" was:
"Default tax rates are ... (enter in numeric form, 0.12 for 12%.
First is the default. If you want more than 1 value, please
separate with |) "
The doubled use of "default" is confusing here.
With the patch it reads:
Tax rates are ... Enter in numeric form, 0.12 for 12%.
The first item in the list will be selected by default.
For more than one value, separate with | (pipe)
To test:
- Verify that the gist system preference description is
correct.
The use of "default" is confusing here.
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
There is a SQL Injection vulnerability in the
/cgi-bin/koha/opac-tags_subject.pl script.
By manipulating the variable 'number', the database can be accessed
via time-based blind injections.
The following string serves as an example:
/cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
To exploit the vulnerability, no authentication is needed
To test
1/ Turn on mysql query logging
2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
3/ Check the logs notice something like
SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
PROCEDURE ANALYSE
(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
4/ Apply patch
5/ Hit the url again
6/ Notice the log now only has
SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed the problem and the fix for it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
To test:
1/ Hit a url like
/cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh
noes')</script> Where the id is a valid shelf id
2/ Notice the js is executed
3/ Apply patch
4/ Reload page
5/ Notice input is now escaped on display
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Tested in Debian, couldn't reproduce the alert in Iceweasel, but in
Chromium. Patch fixes it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Fix for /cgi-bin/koha/opac-search.pl
To test
1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script
src='http://cst.sba-research.org/x.js'/>&q=a
2/ Notice the js is executed
3/ Apply patch
4/ Reload page, notice it is no longer executed
5/ Test the rss links work still
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed bug and that the patch fixes it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
opac-addbybiblionumber.pl is also vulnerable because it doesn't escape
list names.
To test
1/ Create a malicious list name
2/ Try to add a biblio to the lists
3/ Notice js is excuted
4/ Apply patch
5/ Test again
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
11) Apply patch (3)
12) Log in to staff client
13) Acquisitions
14) Create a basket for two different vendors
15) Place an order in one vendor's basket.
16) Transfer the order to the other vendor's basket.
17) prove -v t/db_dependent/Acquisition/TransferOrder.t
-- This should succeed without intervention.
18) Run koha qa test tools for the last 3 commits.
Signed-off-by: Indranil Das Gupta <indradg@gmail.com>
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Added Atomic Update to fix poorly transferred orders
TEST PLAN
---------
8) Apply patch (2)
9) Run the database updates
$ ./installer/data/mysql/updatedatabase.pl
-- This should run without error
10) prove -v t/db_dependent/Acquisition/TransferOrder.t
-- This should fail, because the transfer function is still
not fixed.
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This adds 2 tests to t/db_dependent/Acquisition/TransferOrder.t
in order to confirm the order's status is properly marked.
TEST PLAN
---------
1) Log into staff client
2) Acquisitions
3) Create a basket for two differing vendors.
4) Place an order in one of the baskets.
5) Transfer the order from one vendor's basket to the others.
6) Apply this patch (1) only
7) prove -v t/db_dependent/Acquisition/TransferOrder.t
-- should fail one test: not marked as 'cancelled'.
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Patch changes 'report files' to 'CSV files' as there are more
options now for downloading and creating CSV files where this
preference is taken into account.
To test:
- Verify the changed system preference description for
'delimiter' is correct.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
When searching for multivolumes titles, UNIMARC 4xx field plugin
displays the title of the biblios (200$a), without giving info about
volumes (200 $h $i). It neither doesn't display $e (subtitle) info which
could greatly help to disambiguate search result.
The displayed title is supposed to link to a biblio record view (MARC /
normal). It doesn't work.
TO TEST:
- On a UNIMARC Koha, add a new biblio record
- Call the 4XX plugin from 461/463 field
- Search for a biblio record which contains 200$e, and/or 200$h and/or
200$i subfields.
- You get a result list, with two issues:
1. $a, $h & $i aren't displayed
2. Biblio title is not a link
- Apply the patch, and repeat previous steps.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
I got a link on fulltitle, but in 'ahie' order (not aehi)
Fixed some tabs.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This pref does not work at all, the interface let the user choose to
list all suggestions, but whatever he chooses the suggestion list is the
same.
This patch cleans a bit the suggestedby management.
There are a lot of cases to test, because linked to 2 prefs:
AnonSuggestions and OPACViewOthersSuggestions.
1/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 0
- A non logged in user is not able to make a suggestion.
- A logged in user is not able to see suggestions made by someone else.
2/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 1
- A non logged in user is not able to make a suggestion.
- A logged in user is able to see suggestions made by someone else.
3/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 0
- A non logged in user is able to make a suggestion.
The suggestedby field will be filled with the AnonymousPatron pref value.
He is not able to see suggestions, even the ones made by AnonymousPatron.
- A logged in user is not able to see suggestions made by someone else.
4/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 1
- A non logged in user is able to make a suggestion.
He is able to see all suggestions.
- A logged in user is able to see suggestions made by someone else.
In all cases a logged in user should be able to search for suggestions
(except if he is not able to see them).
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
All use cases tested, work as expected
No errors
Only comment is perhaps (in the future) a gracefull failure
when AnonymousPatron is not set, or has '0' value
Message is DBIx::Class::ResultSet::create(): Column 'suggestedby' cannot be null at ...
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
If set to "not allow", the intranetreadinghistory pref prevent staff
members to access patron's checkout history.
But:
1/ The page is still accessible if you know the url
2/ The history can be consulted on the item history page
Test plan:
0/ Don't apply this patch
1/ Set the intranetreadinghistory to allow
2/ Go on a patron's checkout history page
3/ Open a new tab and go on a item's checkout history page
4/ Set the intranetreadinghistory to not allow
5/ Refresh both pages => no change
6/ Apply this patch
7/ Refresh both page.
On the first page, you should see a warning
On the other one, you should see that the patron column is not displayed
anymore.
Followed test plan, results were as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
http://bugs.koha-community.org/show_bug.cgi?id=10886
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nice addition!
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Line 99 has an unconditional warn, left over from development:
warn "$combined_username => $combined_password";
This patch deletes the line i question.
To test:
No testing needed, just have a look at the diff and see that
it makes sense to delete the warn.
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The returns page was missing an include with the translated strings.
To test:
- Install an additional language, like de-DE
- Confirm the bug on the returns page
- Make sure SpecifyReturnDate is activated
- Open the datepicker, look at the time settings
- Apply the patch
- Reinstall the language, no update of the po files is needed
- Retest
- Verify, that now the time settings are translated
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Works as expected
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Patch marks several strings in the Javascript on the OPAC detail
and result page for translation.
1) IDreamBooks*
- Activate the 3 IDreamBooks* system preferences
- Check the 'cloud' and additional content shows up correctly on
the detail and result pages
- Verify everything works as expected and the same as without the patch
2) OpacBrowseResults
- Activate OpacBrowseResults
- Do various searches
- Verify the nex, previous, browse result list features still
work the same as without the patch
Bonus: Check new strings appear in the .po files by updating one
language with the patch applied (perl translate update de-DE)
NOTE: Really should have read the test plan more closely.
I couldn't find the 'Go to detail:' section, until I clicked
'Browse results'.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Using 'in the complete record' rather than 'in keyword'. I think this fits well as it seems that this means the search looks anywhere in the record.
To test:
1) In the OPAC, click on Authority Search
2) Notice that in the drop-down menu for the 'Where:' field, there is an 'in keyword' option.
3) Apply patch
4) Now says 'in the complete record'
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Raises the minimum required version of URI::Escape from
1.36 to 3.31.
TEST PLAN
---------
1) git branch -b bug_8686 origin/master
2) ./koha_perl_deps.pl -a | grep URI
-- it will list 1.36 required
3) git bz apply 8686
4) ./koha_perl_deps.pl -a | grep URI
-- it will list 3.31 required
5) koha qa test tools
NOTE: Also default in Ubuntu 14.04 LTS,
not just Wheezy as noted in comment #15.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signoff based on Nicole's comment (bug 9990 comment 6):
"This stops happening if you upgrade URI::Escape to
3.31. We should make it clear in the Perl Modules page that an upgrade
is needed."
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
On saving a letter, if the title or the content of a template is not
defined, a JS alert is raised. But the form is submitted anyway.
This patch prevent the form to be submitted.
Test plan:
- Create or edit a letter
- Fill the title for a template, not the content
- Save
- Confirm you get the alert and that the form is not submitted
http://bugs.koha-community.org/show_bug.cgi?id=14070
Signed-off-by: Indranil Das Gupta <indradg@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Reformats given-when to if-elsif-else in opac-search.pl
to remove the experimental feature and with it a lot
of warnings from the logs.
To test:
- Do several different advanced searches with and
without expanded search options
- Verify the link back to the search appears above
the results list and works correctly
See also: test plan on bug 13307
NOTE: Even installed firefox plug in to edit cookies to
trigger else case. :)
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Reported by Jonathan on bug 11401:
DROP TABLE IF EXISTS borrower_sync;
is missing in installer/data/mysql/kohastructure.sql
To test:
- Run the web installer and confirm all tables are
created correctly
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Currently, when generating a discharge letter, branches fields are not translated in the letter (<<branches.branchname>>, <<branches.branchaddress1>>, etc.)
This patch fixes that.
How I tested:
- Set syspref 'useDischarge' to 'allow'
- Go to Home > Tools > Notices & Slips
- Edit DISCHARGE, add to 'Email message':
<p><<branches.branchname>><br />
<<branches.branchaddress1>><br />
<<branches.branchaddress2>><br />
<<branches.branchaddress3>><br />
<<branches.zip>> <<branches.city>><br />
</p>
- Go to detail page of a patron > discharge
- Click 'Generate discharge'
- Verify that the PDF contains the information above.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Patch adds a 'clear' link next to the 'Apply filters' button to
empty out the form fields.
To test:
- go to the reports module
- make sure you have some saved reports
- search your saved reports using the author, keyword and date filters
- verify searching works as expected
- verify the new 'clear' link works as expected
Tested couner patch, followed test plan, works as expected. QA tools ok.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Some librarians have expressed that it would be very helpful to have the
hours displayed in the date column for a patron's circulation history.
The time an action took place can be vital to tracking down which
librarians were working at the time a given circulation action took
place.
Test Plan:
1) View a patron's circulation history
2) Note the Date column has no hour/minute
3) Apply this patch
4) Reload the page
5) Note the hour and minutes now display
Signed-off-by: David Roberts <david.roberts@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The parameter was lost in previous commit.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
- Fix updatedatabase, moving the update entry into the right spot
- Fix some tabs
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Note that homebranchname is never used in the template.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
This patch removes HomeOrHoldingBranchReturn syspref and makes circ/returns.pl respect branch
circulation rules from C4::Circulation::GetBranchItemRule. Also transfer slip notice should reflect this.
Default should always be to return item to home branch.
Test plan:
- make sure syspref 'AutomaticItemReturn' is set to 'false'
- unset 'Default checkout, hold and return policy' or set 'Return policy' to 'Item returns home'
- checkout an item and do a checkin from different branch than items homebranch
- verify that you're prompted with a transfer message to item's home branch and that print slip matches
- set 'Return policy' to 'Item returns to issuing library'
- do a checkout and a checkin from branch different than item's home branch
- verify that you're not prompted with a transfer message and that holding library is your current branch
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Follow-up:
- Added 3 tests in t/db_dependent/Circulation_Branches.t to test AddReturn
policies
- Removed HomeOrHoldingBranchReturn from sysprefs.sql
- Added notice on removing syspref in updatedatabase
QA edits:
- removed trailing whitespace in tests
- moved branchname lookup from returns.pl to template
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
The patron lists are only accessible from the tools module, which is not
easily accessible when you are in the patron module.
Test plan:
Go on the patron home page.
In the toolbar, you should see a link to the patron lists.
NOTE: Tweaked button to a to get the click to work.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Adds missing test for getletter() when called from overdue_notices.pl
Test plan
=========
1/ apply this patch
2/ run prove -v t/db_dependent/Letters.t
all tests should pass, especially test #40 which tests call from
overdue_notices.pl
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
C4::Letters::getletter() is called in tools/letter.pl by the function
delete_confirm() to display the selected notice for deletion. Due to
current implementation of getletter(), a notice that does not use
the 'email' template (but uses any/all of the other templates - sms,
print or phone) can't be deleted from the staff client.
This patch adds deletion capability for notices that do not use email
template, but uses any/all of the other templates i.e. sms, print or
phone. This also adds 2 tests to t/db_dependent/Letters.t for testing
both conditions - a) when message_transport_type is specified b) when
it is not.
Test plan
=========
1/ Go to Tools -> Notices & Slips. Add a new notice only for print,
leave 'Library' and 'Koha module' options as default selections.
Enter 'KOHA_14206' and 'Koha Test 14206' against Code and Name
respectively, and 'Test' and 'Test Message' for subject and body.
Leave the Email, Phone and SMS tabs blank. Save the notice.
2/ On the notices listing page the new notice will be listed. Try to
delete it. It will load the 'Delete notice' dialog form, but the
table will not show any data under <th>s - 'Library', 'Module',
'Code' or 'Name'.
3/ Click the "Yes, delete" button. The page will be submitted and the
Notices listing reloaded. The print-only KOHA_14206 notice should
continue to exist. This is *wrong*.
4/ Apply this patch
5/ Reload the listings page and click on the 'Delete' link for Notice
KOHA_14206. This time, it should show the data under 'Module',
'Code' or 'Name' at least.
6/ Click on 'Yes, delete'. The page should submit and the listing page
reload. This time KOHA_14206 will be gone.
7/ Run prove -v t/db_dependent/Letters.t
All tests should PASS without any error.
Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Working on bug 13497 and bug 9314, I run into some Koha vestiges.
The category_type parameter should not be passed to memberentry.
On creating a new patron, the categorycode should be passed, and on
editing, it's useless. We can work with the borrowernumber and retrieve
these values.
Details of the changes:
- members-toolbar.inc: Remove the category_type parameter passed to
memberentry.pl
- memberentrygen.tt: Just remove the useless category_type parameter on
editing a patron. Also remove the unused one passed to
guarantor_search.pl.
- tables/members_results.tt: the borrowernumber is enough to edit a
patron.
- memberentry.pl: check_categorytype is never used in the template, all
the process to calculate/retrieve it is unnecessary.
- members/nl-search.tt: The borrowernumber is enough to edit a patron.
Test plan:
Try to create and edit patrons and verify that
- the guarantor search still work
- the form (memberentry) behave as before
Edit a patron from the nl-search.pl script (Magnus?)
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of 9314 (13497 already pushed)
No evident regressions found, add/edit patron works,
search/set guarantor works.
Cant test nl-patron.pl save for exec it.
prove -v t/NorwegianPatronDB.t runs
No koha-qa errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Since the pref AddPatronLists has been removed in bug 13497, the code
related to type_only and category_type in memberentry.pl is useless.
Test plan:
Confirm you don't the information message.
You can also confirm that the message was wrong and nothing was saved.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Dead code removed, no errors
Think that bug description can be updated to commit message
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The call to RmPatronImage is still passing cardnumber as its parameter
instead of borrowernumber.
Test Plan:
1) Upload a patron image
2) Ensure the card number is not the same as the borrower number
3) Attempt to delete patron image
-- Image will remain
4) Apply this patch
5) Attempt to delete patron image
-- Image will be removed
6) run koha qa test tools
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This is a counter patch.
The idea is to provide a permanent solution for the cookie length issue
we occurred on storing the searches (intranet side).
Test plan:
Launch as many searches as you can (don't forget to sleep).
You should not get any error.
Confirm there is no regression using the results browser.
Tested with 6 parralel searches in different tabs (with alternatively browising up and down). No problems found.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To test:
1) Create a list in the OPAC, name it: <script>alert('Hello');</script>
2) Delete the list
3) Confirm deletion
4) See the alert say 'Hello'
5) Apply patch
6) Recreate list with same name
7) Delete list
8) Confirm deletion and alert no longer pops up
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert.
To test:
1) Go to URL such as ... /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
2) Notice pop-up box with alert
3) Apply patch, refresh page
4) Notice alert is gone
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The current code uses
$barcode = <fh>;
logic. This reads until \n, as far as I can tell.
EOL is indicated by \n, \r, and \r\n depending on OS and software.
So, to this end, rather than File::Slurp (which is a potential
memory hog, which is already an issue with no filters), a loop
to pre-read the barcodes was written.
This loop includes:
$barcode =~ s/\r/\n/g;
$barcode =~ s/\n\n/\n/g;
my @data = split(/\n/, $barcode);
push @uploadedbarcodes,@data;
So, that means that lines ending in \n would have it stripped
and pushed into the uploaded barcodes array.
Lines ending in \r would likely be read as one giant block,
have everything converted to single \n's and then using a split,
the set of barcodes are pushed into the uploaded barcodes array.
Lines ending in \r\n would get that stripped and pushed into the
uploaded barcodes array.
It is then the uploaded barcodes array that is looped over for
validating the barcodes.
TEST PLAN
---------
1) Back up your database
2) Download the three sample files (or create your own)
3) Log in to staff client
4) Create a branch with no inventory.
5) Home -> Tools -> Inventory/Stocktaking
6) Browse for your '\r' test file.
7) Limit to just that branch
8) Click 'Submit'
-- Confirm expected errors
9) Repeat steps 5-8 with the '\n' test file.
10) Repeat steps 5-8 with the '\r\n' test file.
-- one of these repetitions should have problems.
11) Apply patch
12) Repeat steps 5-8 for each of the 3 test files.
-- there should be no issues.
13) run koha qa test tools.
Note: This is a tweak based on Jonathan Druart's comment #16
I have reset it to needs sign off again.
Followed test plan. Works as expected. qa OK.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The builder contains js functions with a parameter like subfield_managed
or i or something similar. This parameter contains the html id of the
field corresponding with the plugin.
With the functionality of Koha::FrameworkPlugin in place, we can eliminate
one js function call and get the same id via the event passed in. Note
that this actually makes the function a 'real' event handler.
Also note that in many cases this parameter was not used but the id
was borrowed from a perl variable like $params->{id}. If the field is not
cloned, this is not a problem. But some fields can be cloned and should
not use the static perl value but should get it from the event.
Test plan:
Look for js errors when loading the marc editor.
Since the Focus or Click event code has been touched for most marc21
plugins, move your cursor into the field or click on the tag editor
button. Verify that the focus event updates the correct field or the
click event correctly launches the plugin AND the value comes back into
the right field.
Bonus: Attach a plugin with popup (like leader) to 040$d. Clone this field.
Verify that the two launch buttons operate on the correct value.
(This resolves a current bug.)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Checked all 15 plugins.
Plugin marc21_linking_section seems to work, but I could not get it to pass
back something useful into my field. (Same without this patch.)
Tested the clone button with leader on 040d.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
All seems to work, no errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch converts marc21 plugins to new style by making the following
modifications:
[1] Replace use strict with use Modern::Perl. This implies that we now
re-enabled warnings. There are no redefine warnings anymore, but note that
we need to silence some warnings from individual plugins that were covered
by disabling the warnings pragma until now. Silencing these individual
warnings is outside the scope of this report.
[2] Sub plugin_javascript is replaced by an anonymous subroutine $builder.
[3] The parameters of $builder are combined in a params hashref. In most
cases we only need $params->{id} for the function name.
[4] Javascript function Clicxxx is renamed to Clickxxx.
[5] The builder does no longer return function_name.
[6] Sub plugin is replaced by subroutine $launcher.
[7] The parameters of $launcher are combined in a params hashref. We only
use $params->{cgi}. Mostly we save that to $input. One exception: $query.
[8] The plugins returns a hash with $builder and/or $launcher.
Test plan:
[1] Run t/db_dependent/FrameworkPlugin.t -incl cataloguing/value_builder/
marc21*.pl. This should catch compile errors and general problems when
building or launching these plugins.
NOTE: You will see several initialize warnings from individual plugins that
were hidden until now by disabling warnings. This is fine; we will be
able to address these warnings now on new reports.
[2] Check behavior of several plugins in the marc editor.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Checked all marc21 plugins. Attached unused plugins to some field.
Some plugins (unused by default) may need some further attention, but
also outside the scope of this report.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
New warnigs, but all seems to work.
No errors.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
