Commit graph

60 commits

Author SHA1 Message Date
9d6d641d1f Bug 17600: Standardize our EXPORT_OK
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.

That way we will need to explicitely define the subroutine we want to
use from a module.

This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests

And a lot of other manual changes.

export.pl is a dirty script that can be found on bug 17600.

"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;

The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules

Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).

EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.

@EXPORT and @EXPORT_OK are the two main variables used during export operation.

@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.

@EXPORT_OK does export of symbols on demand basis.
"""

If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
  - use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-16 08:58:47 +02:00
6f204fdf96 Bug 28591: Don't pass debug to get_template_and_user
There is a "debug" parameter we are passing from the controller scripts
to C4::Auth::get_template_and_user, but it's not actually used!

Test plan:
Confirm the assumption
Review the changes from this patch

Generated with:
perl -p -i -e 's#\s*debug\s*=\>\s*(0|1),?\s*##gms' **/*.pl

git checkout misc/devel/update_dbix_class_files.pl # Wrong catch
+ Manual fix in acqui/neworderempty.pl

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-06-22 12:04:32 +02:00
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
638786e719 Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-03 10:40:35 +02:00
0d33dbcf2e
Bug 24103: Add option to dump search query to templates
To test:
1 - Apply patch, update database
2 - Note new syspref 'DumpSearchQueryTemplate'
3 - Leave it off
4 - Enable DumpTemplateVariablesOpac and Staff
5 - Search on staff and opac
6 - View the source
7 - Search for 'search_query' - you shouldn't find it
8 - Enable the new pref
9 - Repeat, but you should find the query
10 - Test staff/opac search and advanced search, cataloguing search, authority search, authfinder search, adding to a basket form a new biblio
11 - All should work and show the query
12 - This will work under both ES and Zebra

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-19 15:58:41 +00:00
Jasmine Amohia
843c4a4bae Bug 19994: Used Modern::Perl in Authorities perl scripts
Test plan:
1. Review code of the following files and confirm that 'use Modern::Perl;' is used in place of
'use strict; use warnings;'

auth_finder.pl
authorities-home.pl
authorities.pl
blinddetail-biblio-search.pl
detail-biblio-search.pl
detail.pl
export.pl
merge.pl
merge_ajax.pl

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-28 14:58:23 +00:00
b990b953b3 Bug 21993: Display a user-friendly message when the CSRF token is wrong
Instead of dying!

Test plan:
Assuming you have a patron with borrowernumber=51 and another one that
can be deleted with borrowernumber=42

- authorities-home.pl
 * Delete an authority record
 * hit /cgi-bin/koha/authorities/authorities-home.pl?op=delete

- basket/sendbasket.pl
 * Send a basket to someone
 * hit /cgi-bin/koha/basket/sendbasket.pl?email_add=1

- members/apikeys.pl
  * Generate and delete an API key for a patron
  * hit /cgi-bin/koha/members/apikeys.pl?patron_id=51&op=delete

- members/deletemem.pl
  * Delete a patron
  * hit /cgi-bin/koha/members/deletemem.pl?member=42&op=delete_confirmed

- members/mancredit.pl
  * Add a manual credit
  * hit /cgi-bin/koha/members/mancredit.pl?borrowernumber=51&add=1

- members/maninvoice.pl
  * Add a manual invoice
  * hit /cgi-bin/koha/members/maninvoice.pl?borrowernumber=51&add=1

- members/member-flags.pl
  * Change permissions for a patron
  * hit /cgi-bin/koha/members/member-flags.pl?member=51&newflags=1

- members/member-password.pl
  * Change the password for a patron (from the staff interface)
  * hit /cgi-bin/koha/members/member-password.pl?member=51&newpassword=aA1

- members/memberentry.pl
  * Edit some patron's info
  * hit /cgi-bin/koha/members/memberentry.pl?borrowernumber=51&op=save

- members/paycollect.pl
  * Pay an individual fine
  * hit something like /cgi-bin/koha/members/paycollect.pl?borrowernumber=51&pay_individual=1&accounttype=L&amount=1.00&amountoutstanding=1.00&accountlines_id=157&paid=1
  You may need to edit some values

- tools/import_borrowers.pl
  * Import some patrons
  * hit /cgi-bin/koha/tools/import_borrowers.pl?uploadborrowers=1

- tools/picture-upload.pl
  * Upload an image for a patron
  * You will need to edit the html content
  hit Home › Tools › Upload patron images
  then locate the csrf_token input and modify its value

Note for QA:
- Opac is not done as blocking_errors.inc does not exist for this
interface
- ill/ill-requests.pl
I did not manage to replace this occurrence

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-25 20:38:32 +00:00
06e6378899 Bug 21405: Fix authorities pagination for Zebra and ES
Bug 20261 introduced an error because search_auth_compat responded
differently for ES and Zebra, now bug 19365 fixed the underlying
difference. This patch restores previous code to fix pagination.

Additionally we add a fix for 10000+ results in ES and remove a double
import of C4::Auth

To test:
 1 - Perform an authorities search with 1+ pages using Zebra
 2 - Page through results, note you are only offseeting by 1 each time
 3 - Perform an authorities search with 10,000+ results in ES
 4 - Click on the last page and get an error
 5 - Apply patch
 6 - Retry Zebra search
 7 - Results should paginate correctly
 8 - Clicking on last page should return last results
 9 - Retry ES results
10 - Results should paginate correct
11 - Clicking on last page should return last results

Signed-off-by: Ere Maijala <ere.maijala@helsinki.fi>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-12-11 19:14:54 +00:00
fe5f6c8efd Bug 20047: (follow-up) Retrieve only biblio/authority servers as appropriate
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-20 13:34:41 -03:00
23d4233658 Bug 20047: Add Koha::Z3950Server Oject and use it to get server count
To test:
1 - prove t/db_dependent/Koha/Z3950Servers.t
2 - Load cataloging and authority home pages
3 - Verify you can add form z395 on each page
4 - Delete all z3950 servers
5 - Viery option to add from Z3950 is removed on both pages

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-20 13:34:41 -03:00
Alex Arnaud
0bfad6106a Bug 20261: Fix pagination of the results in authority search
Test plan:

  - apply this patch,
  - do a search that return more than 20 results,
  - click on page 2,
  - check that you get results,
  - check other pages if possible

Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-05 14:17:30 -03:00
d9ce37ff3e Bug 20430: (See also bug 19436) Button display depends on wrong server count
This is a QA follow-up of bug 19436, submitted separately for ease of
backporting it. (The bug was not raised by 19436.)

Obviously, the number of authority servers not biblio servers should
be the key factor for showing or hiding the button for new authority
records via Z39.50/SRU.

Trivial fix.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-19 13:55:08 -03:00
Grace Smyth
01af3bb7dd Bug 19987: If no z39.50/SRU servers the button should not show
Test plan:
[1.] Load the patch and make sure you have some Z39.50/SRU servers
     (Administration => Z39.50/SRU servers administration)
[2.] Then go to authorities and notice that the 'New from
     Z39.50/SRU' button is there
[3.] Next go to cataloging and notice that the 'New from Z39.50/SRU'
     button is there too
[4.] Now make sure you have no Z39.50/SRU servers (remove the
     servers)
     (Administration => Z39.50/SRU servers administration)
[5.] Go to authorities and notice that the 'New from Z39.50/SRU'
     button is not there
[6.] Lastly go to cataloging and notice that the 'New from Z39.50/SRU'
     button is not there too

:)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I added a missing [% END %] during signoff. Hope no one minds!

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-19 15:13:32 -03:00
4c762ba69c Bug 9988: Merge should have a parameter hash
We will need a few additional parameters for merge later on. This patch
puts the original parameters in a parameter hash.
For the same reason DelAuthority gets a parameter hash here.

Note: We remove the second parameter from the DelAuthority call in
authorities/authorities-home.pl here. It was not used and could have
presented problems in the future.

Test plan:
[1] Run t/db_dependent/AuthoritiesMarc.t.
[2] Run t/db_dependent/Authorities/Merge.t.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-13 08:53:46 -04:00
5a7dc0749f Bug 18019: Add CSRF protection to authorities-home.pl (op==delete)
Without this patch, it is possible to delete authority records with URL
manipulation.
Like: /cgi-bin/koha/authorities/authorities-home.pl?op=delete&authid=[XXX]

Test plan:
[1] Go to Authorities. Search for some authorities (without links).
[2] Delete an authority. Should work.
[3] Apply patch.
[4] Construct an URL like above to delete another authority. Should fail.
    Under Plack this results in an internal server error, the log tells
    you: Wrong CSRF token.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Amended the test plan.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 13:08:24 +00:00
bff08b9962 Bug 17048: Fix pagination offset for authority searches
At the intranet, the pagination has been broken by bug 12478 (Elastic
Search). There was a confusion between the offset and the page number.

At the OPAC, it is broken since bug 2735 which has mimicked the intranet
script.

Test plan:
Search for a term which will return more than 1 page of results.
Click on the second page
=> Without this patch, the first result of the second page is the second
result of the first page
=> With this patch applied, the offset will be corrected

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-02 13:49:51 +00:00
Robin Sheat
2e79ea0f74 Bug 12478: allow more granular sorting configuration
This allows sorting to be configured within a field. For example, while
many values are included for search on author, sorting should only be
done on the main entry values. This permits that by have a sort value,
which can be true, false, or null. true and null are pretty much the
same, but false means that a field isn't available for sorting on. By
default (null), fields can be sorted on.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:08 +00:00
Robin Sheat
cd9946f0d4 Bug 12478: auth search works in the staff client
Some issues with sort order though.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:06 +00:00
Robin Sheat
2a73cf100b Bug 12478: starting authority search in staff client
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-04-26 20:20:06 +00:00
2237e0f871 Bug 5404: C4::Koha - remove subfield_is_koha_internal_p
The commit b5ecefd485
Date:   Mon Feb 3 18:46:00 2003 +0000

had a funny description:
Added function to check if a MARC subfield name is "koha-internal"
(instead of checking it for 'lib' and 'tag' everywhere); temporarily
added to Koha.pm

"Temporarily", since 2003, everything is relative, isn't it? :)

The thing is that GetMarcStructure returns hash like

field_200 => {
    subfield_a => {
        %attributes_of_subfield_a
    },
    %attributes_of_field_200
}

The attributes for field_200 can be 'repeatable', 'mandatory', 'tag', 'lib'.
We don't want to loop on these values when looping on subfields.
Since there are just { k => v } with v is a scalar (string), it's easier
to test if we are processing a subfield testing the reference.

At some places, we don't need to test that, we are looping on values
from MARC::Field->subfields which are always valid subfields.

Test plan:
1/ Edit items using the batch item mod tool
2/ display and edit items via the cataloguing module.

You should not see any changes between before and after the patch
applied.

Tech notes:
We need to check what we are processing when we loop on 'subfields' from
GetMarcStructure, not from MARC::Field->subfields.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-07 17:30:09 +00:00
7283069a9d Bug 15381: Remove getauthtypes and getauthtype
These 2 subroutines are now not necessary anymore, we can use
Koha::Authority::Types to retrieve the authority types.

This patch won't be easy to test. Indeed, a lot of file are updated.
To test it I would suggest to focus on the merge authority

You should also confirm that the authtypecode and the authtypetext
values are correctly displayed when navigating in the authority module.

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2015-12-31 18:59:02 +00:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
Jonathan Druart
3d59fc384d Bug 11944: replace uri_escape with uri_escape_utf8 everywhere
To reproduce, edit, index notice with utf-8 char and search for it

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:01 -03:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
Jonathan Druart
a6a954efa8 Bug 10862: Add search history to the intranet interface
Like OPAC, the search history is now available for intranet.  This
is controlled by the EnableSearchHistory system preference.

Test plan:
 1/ Switch on the 'EnableSearchHistory' syspref.
 3/ Launch some biblio and authority searches.
 4/ Go on your search history page (top right, under "Set library").
 5/ Check that all yours searches are displayed.
 6/ Click on some links and check that results are consistent.
 7/ Delete your biblio history searches.
 8/ Delete your authority searches history searches.
 9/ Launch some biblio and authority searches
10/ Play with the 4 delete links (current / previous and biblio /
authority).

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 03:06:33 +00:00
Galen Charlton
a7eb34f2c8 Revert "Bug 6554 - make Koha internally utf-8 clean"
This reverts commit d542740ab8.

Rolling back bug 6554 work until we have more comprehensive tests.

Conflicts:

	opac/opac-search.pl
2013-04-29 15:12:32 -07:00
Dobrica Pavlinusic
d542740ab8 Bug 6554 - make Koha internally utf-8 clean
In current implementation (mostly commented out in this patch)
uses heuristic to guess which strings need decoding from utf-8
to binary representation and doesn't support utf-8 characters
in templates and has problems with utf-8 data from database.

With this changes, Koha perl code always uses utf-8 encoding
correctly. All incomming data from database is allready
correctly marked as utf-8, and decoding of utf8 is required
only from Zebra and XSLT transfers which don't set utf-8 flag
correctly.

For output, standard perl :encoding(utf8) handler is used
so it also removes various "wide character" warnings as side-effect.

Test scenario:
1. make sure that you have utf-8 characters in your biblio
   records, patrons, categories etc.
2. try to search records on intranet and opac which contain
   utf-8 characters
3. install language which has utf-8 characters, e.g. uk-UA
   dpavlin@koha-dev:/srv/koha/misc/translator(bug_6554) $
   PERL5LIB=/srv/koha/ perl translate install uk-UA
4. switch language to uk-UA and verify that templates
   display correctly
5. test search and Z39.50 search and verify that caracters
   are correct

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I followed the test plan, adding utf-8 characters to library names,
patron categories, titles, and authorized values. I tried the uk-UA
translation and everything looked good.

When performing Z39.50 searches for titles containing utf-8 characters I
got results which were still occasionally contaminated with dummy
characters [?] but I assume this is Z39.50's fault not the patch's.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Already signed, add mine.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-04-01 18:51:49 -04:00
Fridolyn SOMERS
dd2de85892 Bug 8692: Authorities search form does not correspond to current search query
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
The correct tab is now visible on load. The problem with authtypecode
showing up in the search box is specific to UNIMARC, so I could not
check that it was gone, but I am comfortable signing off on this.

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-09-20 14:06:41 +02:00
90db8c0e22 Bug 4198 - Followup - PerlTidy authorities-home.pl
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-08-02 15:43:11 +02:00
1000599eaa Bug 4198 - deleting an authority refreshes the page
Makes clicking a Delete link refresh the search that
was performed so that the results are still on the screen.

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Works as advertised. Very usefull. Still the issue that indexing being
not in real time, the search result displays the just deleted authority.
But there is no way to do better.
2012-08-02 15:43:08 +02:00
Jared Camins-Esakov
7bc4a6025b Bug 5910: [SIGNED-OFF] only add "All authority types" for UNIMARC
UNIMARC is the only marcflavour that does not already have an option
for searching all authority types, so check that the marcflavour is
UNIMARC before displaying the additional "All authority types" option.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-20 22:22:25 +02:00
Chris Nighswonger
b0f60221f4 Security Bugfix: Bug 1953 Adding Placeholders to SQL To Avoid Potential Injection Attacks
This patch addresses both security issues mentioned in the summary of the report
submitted by Frère Sébastien Marie included below.

---------------------------
The problem is here: 'C4/AuthoritiesMarc.pm' in the function 'DelAuthority':
The argument $authid is included directly (not via statement) in the SQL.

For the exploit of this problem, you can use 'authorities/authorities-home.pl'
with authid on the URL and op=delete (something like
"authorities/authorities-home.pl?op=delete&authid=xxx").

This should successfully call DelAuthority, without authentification...
(DelAuthority is call BEFORE get_template_and_user, so before authentification
[This should be an issue also...]).

Please note that the problem isn't only that anyone can delete an authority of
this choose, it is more general: with "authid=1%20or%1=1" (after inclusion sql
will be like: "delete from auth_header where authid=1 or 1=1") you delete all
authorities ; with "authid=1;delete%20from%xxx" it is "delete from auth_header
where authid=1;delete from xxx" and so delete what you want...

SQL-INJECTION is very permissive: you can redirect the output in a file (with
some MySQL function), so write thea file of you choose in the server, in order
to create a backdoor, and compromise the server.

Signed-off-by: Frère Sébastien Marie <semarie-koha@latrappe.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-02-25 07:08:39 +13:00
Colin Campbell
9e5366734b Bug 5315: Remove references to obsolete variable nbstatements
Trying to see the wood from the trees

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-10-26 08:39:18 -04:00
Lars Wirzenius
f49cdbf199 Fix FSF address in directory authorities/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:49 -04:00
Colin Campbell
bcde53b5ba Bug 2505 Enabled warnings in authorities/*
Fixed obvious warnings generators in scripts
with mismatched comparisons or undefined variables
removed temporary variable selected while ensuring the
comparison it represented was between two defined variables

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-02-08 21:47:53 -05:00
Galen Charlton
4bf76c2d77 bug 2615: remove unneeded 'require Exporter'
Most Perl scripts (as opposed to modules) do
not need to require Exporter.

No user-visible or documentation changes.

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
2008-09-26 09:05:08 -05:00
Galen Charlton
b50d23fa99 removed 'AddStatement' op from authorities search
The AddStatement op is an archaism from 2.2 that
has not been used in the templates for at least a
year.

No documentation changes.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2008-06-05 22:47:39 -05:00
Henri-Damien LAURENT
65295e5e22 authorities result lists where badly paged.
finalresult contained the whole list and not only the useful results.
resultlist contained only 19 elements. adding one
parameters passed through pages contained also empty parameters deleting them.
Conflicts:

	C4/AuthoritiesMarc.pm

Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
2007-12-13 18:25:52 -06:00
Paul POULAIN
30fbc40061 BUGFIX (minor)
authority list ordering was bugguy

Signed-off-by: Chris Cormack <crc@liblime.com>
2007-09-30 16:03:35 -05:00
toins
d81440c91e reindenting + removing unused syspref. 2007-07-26 15:20:22 +00:00
hdl
100e6a9808 functions that were in C4::Interface::CGI::Output are now in C4::Output.
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.
2007-04-24 13:54:28 +00:00
hdl
b767f50c8f Code Cleaning : AuthoritiesMARC. 2007-04-06 14:48:45 +00:00
hdl
1ab5cdfd44 removing $dbh as a parameter in AuthoritiesMarc functions
And reporting all differences into the scripts taht relies on those functions.
2007-03-28 10:39:16 +00:00
tipaul
2ffd5b7228 rel_3_0 moved to HEAD 2007-03-09 14:28:54 +00:00
tgarip1957
7e52a5665c Clean up before final commits 2006-09-06 16:21:03 +00:00
toins
400bd1dfba Add a call to C4::Biblio.pm 2006-08-10 13:33:57 +00:00
toins
cc9524a875 Head & rel_2_2 merged 2006-07-04 14:36:51 +00:00
plg
e0090dcdaa new: authorities in prog/en template, only partial import from default/en
template.

improved: C4::Output::pagination_bar builds an HTML pagination bar with no
language dependency. This function hugely simplifies templates and offers a
standard pagination method. This function also improves preformances.
2006-04-04 10:05:48 +00:00
tipaul
d5938493d7 synch'ing head and rel_2_2 (from 2.2.5, including npl templates)
Seems not to break too many things, but i'm probably wrong here.
at least, new features/bugfixes from 2.2.5 are here (tested on some features on my head local copy)

- removing useless directories (koha-html and koha-plucene)
2006-01-06 16:39:37 +00:00