This patch modifies the staff client's system preferences templates so
that JavaScript is included in the footer instead of the
header.
To test, apply the patch and test the JavaScript-driven features of
both the standard and local use system preferences:
- WYSIWYG editor
- Confirmation messages
- Table sorting
- Multiple selects (CoceProviders for example)
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client "additional parameters"
administration templates so that JavaScript is included in the footer
instead of the header.
To test, apply the patch and test the JavaScript-driven features of
each page: All button controls, DataTables functionality, tabs, etc.
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client catalog-related administration
templates so that JavaScript is included in the footer instead of the
header.
To test, apply the patch and test the JavaScript-driven features of
each modified template: All button controls, DataTables functionality,
tabs, etc.
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client MARC-related administration
templates so that JavaScript is included in the footer instead of the
header.
To test, apply the patch and test the JavaScript-driven features of the
cart: All button controls, DataTables functionality, tabs, etc.
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the staff client acquisitions-related adminisration
templates so that JavaScript is included in the footer instead of the
header.
To test, apply the patch and test the JavaScript-driven features of the
cart: All button controls, DataTables functionality, tabs, etc.
Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
0) Apply the patch
1) Go to admin/branches.pl
2) In the list of libraries, you should see new column "MARC Organization Code"
3) Insert some codes to some libraries
4) Confirm they are shown in new column
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed capitalization.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes two changes in the script for managing the MARC
frameworks in order to support making the Default authoritative
as for Koha to MARC mappings:
[1] Disable the kohafield select combo. Add a hidden input to save value.
[2] When a new subfield is added, the kohafield is still empty and should
be overwritten with its Default counterpart.
Note: Although we could leave the field empty, since Koha looks at the
Default framework only, it does not cost much to keep these fields in
sync with Default and perhaps catch a bug when someone somewhere looks
in the wrong framework.
Note: The description of Koha to MARC mapping on admin-home has been
adjusted accordingly (removing last two lines).
Test plan:
[1] Add a new tag and subfield in Default.
[2] Map it to a kohafield in koha2marclinks.pl
[3] Add the same tag and subfield in another framework.
Verify that the kohafield is updated after you saved the subfield.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
As requested by Tomas, this patch does:
[1] Add a js alert when you did not type field,subfield
[2] Print a yellow alert div when the field,subfield is not found.
[3] Bonus: Make it little bit more secure by demanding a POST. (Leaving
CSRF etc. for another report.)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This actually refactors koha2marclinks.pl in order to support multiple
mappings per kohafield.
Instead of three separate mapping pages for biblio, biblioitems and items,
the script now lists them together. This gives a complete overview of all
mappings rightaway. Changes are applied immediately across all frameworks.
Note: This report handles the Default mappings just like it did before.
In this script Koha already considered them as authoritative, although
other parts of Koha did not. Follow-up report 19096 makes Default
mappings authoritative throughout all Koha.
On each line two buttons are provided, Add and Remove, in order to add or
remove an individual mapping. We do no longer provide a separate form with
the names of MARC tags. Since this form is targeted for administrators,
it should be enough to ask for a field tag and subfield code.
Note: The mappings for biblionumber, biblioitemnumber and itemnumber are
so vital that this form marks them as readonly. It is not recommended to
change them.
Test plan:
[1] Add a mapping. Verify via Frameworks or mysql command line that the
kohafield is saved to the other frameworks too.
[2] Remove the mapping again. Check Frameworks or mysql cl again.
[3] Test adding a second mapping. Map copyrightdate to 260c and 264c.
And map biblioitems.place to 260a and 264a.
[4] Edit biblio record 1: Put 1980 in 260c. Do not include 264c.
Edit biblio record 2: Put 1990 in 264c. Do not include 260c.
Edit biblio record 3: Put 2000 in both 260c and 264c. Put CityA in 260a
and in 264a.
Edit biblio record 4: Put 2010 in 260c, and 2015 in 264c (which you
should refuse normally). Put CityA in 260a, and CityB in 264a.
[5] Create a report that shows biblioitems.place and biblio.copyrightdate
for those biblio records.
Record 4 should have 2010 in copyrightdate (since TransformMarcToKoha
picks the first year for copyrightdate).
Record 3 should have place CityA; record 4 should have CityA | CityB.
Note: The CityA | CityB example illustrates that we should add some
additional handling in TransformMarcToKoha for multiple 264s.
[6] Add these four biblio records to a new list. Sort by Year.
With OPACXSLTListsDisplay==default, check if the order = 1,2,3,4.
(The order is based on biblio.copyrightdate.)
Note that (RDA) record 2 would be on top without this patch set, since
copyrightdate would have been null.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
* installer/data/mysql/atomicupdate/ill_tables.sql: New file.
* installer/data/mysql/kohastructure.sql: Add tables.
* installer/data/mysql/sysprefs.sql: Add sysprefs.
* installer/data/mysql/userflags.sql: Add userflags.
* koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref:
Add sysprefs to UI.
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Mimicking what does BlockReturnOfWithdrawnItems we can easily add a new
syspref to block return of lost items.
This patch adds BlockReturnOfLostItems, if set to 'Block' a item marked
as lost cannot be checked in.
Test plan:
1/ Set BlockReturnOfLostItems to 'Do not block'
2/ Check an item out to a patron
3/ Edit the item and mark it as lost (*)
4/ Check the item in
=> The item is checked in
5/ Edit the item and remove the lost status
6/ Check the item out again
7/ Edit the item and mark it as lost (*)
8/ Check the item in
=> The item is not checked in
(*) There are 2 ways to mark an item lost:
- From the item list view (/catalogue/moredetail.pl?biblionumber=42)
If you set the lost status from this form, the issue will be returned
Maybe this should be optional (?)
- From the edit items form (/cataloguing/additem.pl?biblionumber=42)
It is the form you must use to not mark the issue returned.
Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Dominic Pichette <dominic@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch fixes an index shift introduced by bug 18857 when it introduced
a new column.
To test:
- On the Circulation and fine rules page
- Empty the value of 'Current on-site checkouts allowed' and save
- Notice 'Unlimited' shows on the saved rule.
- Click edit
=> FAIL: the 'Unlimited' string displays instead of the empty string on the editing row.
- Apply this patch
- Re-open the circ rules page
- Click edit
=> SUCCESS: An empty string fills the 'Unlimited' fields
- Sign off :-D
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
- Adds 'holds' to pref description of intranetreadinghistory
- Fixes typo in link to holds history from patron account
- Changes reserve date to hold date in table heading
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a summary to the OPAC once the user has logged in that
shows the users number of checkouts, overdues, holds pending, holds
waiting and total fines. We also have a syspref OPACUserSummary to turn
this feature on and off. Default is ON.
To test:
1) Apply patch and update database
2) Set up some checkouts, overdues, holds pending AND waiting and fines
for a user
3) Log into OPAC as that user, see summary. Confirm links all work as
expected
4) Confirm that if there are no checkouts / overdues etc that the link
disappears from the summary
5) Turn OPACUserSummary OFF and confirm the summary does not show on the
mainpage.
Sponsored-by: Catalyst IT
Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Message pops up for all instances of cloning now.
Works as expected.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch introduces a Javascript security question which is displayed
to the user when they try to clone a circulation rule to a specific
branch when the rule is a 'Standard rule for all libraries"
The rationale for this patch is when the cloning takes place it
overwrites the existing rules of the destination branch and there is no
notification of this to the user. Therefore by implementing this patch
the user is asked if they want to clone the rule (if the rule is
standard accross all libraries) and are told that it
will overwrite the rules in the destination branch.
Test plan:
1. Create a circulation rule for all libraries
2. Make sure the 'select a library' option is set to 'Standard rules for all
libraries"
3. Click the 'Clone' button and notice that the cloning takes place
without any warning that it will overwrite the rules of the destination
branch
4. Apply patch
5. Return to the circulation and fine rules page
6. Repeat step 2
7. Click the clone button and notice a alert box appears asking if you
are sure you want to clone the standard rule to the destination branch.
Note: The name of the destination branch is included in the alert.
Also note that the user is informed of the consequences of performing
the action, i.e. that it will overwrite the existing rules in the
destination branch
8. Click 'Cancel' and notice that no cloning occurs
9. Click the clone button again and this time click 'OK' and notice
that the cloning takes place
10. Return to the Circulation and fine rules page and set the 'Select a
library' option to the name of an individual branch
11. Click the clone button and notice that the clone action takes place
Sponsored-By: Catalyst IT
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch removes the OPACShowBarcode syspref in favour of the new
columns settings option introduced by bug 16759.
On the upgrade step, it picks the value for OPACShowBarcode and uses it
to populate the columns_settings table.
To test:
- Verify the upgrade process maintains the current behaviour
Regards
Sponsored-by: Dover
Followed test plan and works as expected. Functionality of patch from bug 16759
appears intact too.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a system preference SCOMainUserBlock to display custom HTML
on the self checkout page.
To test:
- Set up self checkout (see section Self Checkout in Circulaton sysprefs )
- Apply patch
- Update db
- Add some HTML system preference SCOMainUserBlock
- Go to sco page
- Verify that HTML displays on page (logged in and not logged in)
New version based on Koha.Preference TT plugin as of comment #7
Depends on Bug 12691
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The idea was to keep the current behaviour, plus adding the option to
display on a separate column.
We need an explanation on the syspref description, stating that it is not enough to
choose 'on a separate column', enabling the colum in the columns
settings is required for it to take effect.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the option to show shelving locations on a separate
column. This is controlled by a new syspref, 'OpacLocationOnDetail',
which replaces 'OpacLocationBranchToDisplayShelving', adding a
conveniente 'column' option.
The new 'Shelving location' column is conveniently added to the columns
configuration entry added by bug 16759 for this purpose.
The current behaviour is preserved.
To test:
- Apply this patches
- Run the upgrade:
$ sudo koha-shell kohadev
k$ cd kohaclone
k$ perl installer/data/mysql/updatedatabase.pl
=> SUCCESS: Upgrade doesn't fail
- Have an item with shelving location set to something not void
- Have the item set home and holding libraries for testing purposes.
- Set 'OpacLocationBranchToDisplay' to 'home and holding libraries' [*]
- Visit the OPAC detail page for the record containing the item
=> SUCCESS: Both home and holding libraries are displayed.
- Loop through all OpacLocationOnDetail options (except from 'column', we leave it for later).
=> SUCCESS: Works as expected.
- Go to Administration > Columns settings
- Make item_shelving_location available in the OPAC section
- Reload the OPAC detail page
=> SUCCESS: No change
- Set OpacLocationOnDetail to 'on a separate column'
- Reload the OPAC detail page
=> SUCCESS: Shelving location is displayed on a separate column
- Sign off :-D
Sponsored-by: Dover
[*] For testing purposes
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the holdings table in the OPAC biblio detail page
configurable using the Columns configuration tools.
This patch:
- Moves the holdingst table from plain DataTable to KohaTable
- Creates a sample yml colvis configuration for this table
containing all the currently available columns
To test:
- Visit some record's detail page in the OPAC
- Apply this patch
- Reload
=> SUCCESS: The page shows the same information
- On the staff interface, go to:
Home > Administration > Columns settings
=> SUCCESS: There's a new OPAC section containing the configuration for
holdingst.
- Choose to hide some fields (both currently displayed and currently hidden).
- Reload the OPAC detail page
=> SUCCESS:
- Required fields are hidden
- It doesn't explode because of trying to hide stuff that is not there to start with
- Sign off :-D
Sponsored-by: DOVER
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Followed test plan, patch worked as described. Also passed QA test tool
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Eivin Giske Skaaren <eivin@sysmystic.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patchset prevents users to enter too leak password, controlled by
a new syspref RequireStrongPassword. If set the staff and patrons will have
to enter a strong password.
The strongness cannot be modified, it has been arbitrarily set (by the
author of this enhancement) to at least 1 lowercase, 1 uppercase and 1
digit. This can be inforce by increasing the value of the existing
minPasswordLength pref.
I decided to turn this feature on, it cannot hurt! For existing installs
it will have to be turned on manually.
Writing these patches I found a lot of inconsistencies all around the
password checks and decided to refactor everything to make things
consistent and more robust.
Now the password validity is check at only one place (subroutine
covered by tests).
Test plan:
We have several places where a password can be change/created:
a. Editing a patron (members/memberentry.pl)
b. Changing the password of a patron (members/member-password.pl)
c. Changing your own password at the opac (opac/opac-passwd.pl).
OpacPasswordChange needs to be set
d. Reseting your own password at the opac
(opac/opac-password-recovery.pl). OpacResetPassword needs to be set,
see "Forgot your password?" link when you are not logged in
e. Self registration feature, PatronSelfRegistration needs to be set.
You will also need to add 'password' to PatronSelfRegistrationBorrowerMandatoryField.
Note that '****' is considered by Koha internally that the password is
not changed (existing behavior).
To fully test this patch you will need to test the different
combinations of RequireStrongPassword and minPasswordLength.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The SelfCheckoutByLogin lists 'Barcode' as an option, but this should be
Cardnumber. Especially since more and more libraries are using chip
cards instead of barcodes.
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This adds a new basket attribute (create_items) that can optionally be
set to override AcqCreateItem.
The following have been modified to reflect this (with the value of
create_items that causes them to behave differently in parentheses):
* Cancelling receipt of an order (receiving)
* Creating an order by hand or from MARC (ordering)
* Receiving an order (receiving)
* Showing orders with uncertain price (ordering)
* Showing orders (receiving)
* Showing acquisition details in the OPAC (ordering)
Test plan:
1) Create baskets with "Create items when:" set to ordering,
receiving, cataloging and unset.
2) Test each of the above for each of these baskets, verifying that
the basket-specific attribute overrides AcqCreateItem if set and
falls back to the syspref otherwise.
NOTE: A check of AcqCreateItem in opac-detail.tt was removed because it
was redundant; the code path in question cannot be triggered unless
create_items/AcqCreateItems is set to the correct value anyway.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Barbara Fondren <bfondren@roundrocktexas.gov>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
1) Insert some value to staffBaseURL preference, without starting http://
2) Apply the patch
3) Update database
4) Go to system preferences adminsitration, find the staffBaseURL
preference, the inserted value should be prepended with 'http://' and
the comment should be "This should be a complete URL, starting with
http:// or https://. Do not include a trailing slash in the URL. (This
must be filled in correctly for CAS, svc, and load_testing to work.)"
5) prove t/db_dependent/Auth_with_cas.t
6) prove t/db_dependent/selenium/basic_workflow.t
7) prove t/db_dependent/check_sysprefs.t
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: m23 <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This syspref is going to be used for populating field 008, range 15-17
with a desired default. It is currently hardcoded to 'xxu'. If not set,
it will still fallback to 'xxu'.
Signed-off-by: m23 <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
0) Apply the patch
1) Go to administration -> system preferences -> staff client
2) Read the description by IntranetSlipPrinterJS and confirm it's right
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Prevent software error
Template process failed: undef error - text: filter not found at
/home/vagrant/kohaclone/C4/Templates.pm line 121.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
- Add a framework with script in the description
- Access the Keywords to MARC mapping page
- Add an item search field where both name and label are script
- Try to edit/delete the added mapping
With the patch no script should be executed and everything
should still work ok.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/biblio_framework.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Click on Actions -> MARC structure
6. Apply patch and reload, the js is escaped
Fixed for both the pages biblio_framework.pl and marctagstructure.pl
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/fieldmapping.pl
2. Add a text in the field Field name that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/authtypes.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Fixed for both Classification sources & Classification filing rules
To Test
1. first case classification source: Hit the page
/cgi-bin/koha/admin/classsources.pl?op=add_source
second case classification filing rules:
Hit the page /cgi-bin/koha/admin/classsources.pl?op=add_sort_rule
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Fixed for new and edit page
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/oai_sets.pl
2. Click on New set
3. Add a text in the field setSpec, setName that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/matching-rules.pl
2. Click on new record matching rule
3. Add a text in the field Description that contain js.
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/patron-attr-types.pl
2. Click on new patron attribute type
2. Add a text in the field Description that contain js.
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To Test
1. Hit the page /cgi-bin/koha/admin/itemtypes.pl
2. Add a text in the field Description, Checkin message that contains js
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
