Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/help/admin/branches.tt
Jonathan Druart dcd1f5d48c Bug 13618: Add html filters to all the variables 
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00

82 lines
3.9 KiB
Text
Raw Blame History

[% INCLUDE 'help-top.inc' %]
<h1>Libraries &amp; Groups</h1>
<p>When setting up your Koha system you will want to add information for every library that will be sharing your system. This data is used in several areas of Koha.</p>
<p>When visiting this page you are presented with a list of the libraries and groups that have already been added to the system.</p>
<h2>Adding a Library</h2>
<p>To add a new library:</p>
<ul>
<li>Click 'New Library'</li>
<li>The top of the form asks for some basics about the library
<ul>
<li>The library code should not contain any spaces and be 10 or fewer characters. This code will be used as a unique identifier in the database.</li>
<li>The name will be displayed on the OPAC wherever the library name displays to the public and should be a name that makes sense to your patrons.</li>
<li>If you have groups set up you can choose what group this library belongs to after entering in the code and name</li>
</ul>
</li>
<li>Next you can enter basic contact info about the branch
<ul>
<li>The address and contact fields can be used to make notices custom for each library</li>
<li>The email address field is not required, but it should be filled for every library in your system
<ul>
<li style="color: #990000;">Important: Be sure to enter a library email address to make sure that notices are sent to and from the right address</li>
</ul>
</li>
<li>If you'd like you can enter a different 'Reply-To' email address. This is the email address that all replies will go to.
<ul>
<li>Tip: If you do not fill in this value Koha will use the address in the ReplytoDefault preference</li>
</ul>
</li>
<li>If you'd like you can also enter a different 'Return-Path' email address. This is the email address that all bounced messages will go to.
<ul>
<li>Tip: If you do not fill in this value Koha will use the address in the ReturnpathDefault preference</li>
</ul>
</li>
<li>If the URL field is populated then the library name will be linked in the holdings table on the OPAC</li>
<li>The OPAC Info box is for you to put information about the library that will appear in the OPAC when the branch name is moused over in the holdings table</li>
<li>IP Address does not have be filled in unless you plan on limiting access to your staff client to a specific IP Address
<ul>
<li style="color: #990000;">Important: An IP address is required if you have enabled AutoLocation</li>
</ul>
</li>
<li>Finally, if you have any notes you can put them here. These will not show in the OPAC</li>
</ul>
</li>
</ul>
<p style="background-color: #ffe599;">Tip: Of the fields listed, only 'Library code' and 'Name' are required</p>
<h2>Editing/Deleting a Library</h2>
<p>You will be unable to delete any library that has patrons or items attached to it.</p>
<p>Each library will have an 'Edit' link to the right of it. Click this link to edit/alter details associated with the library in question.</p>
<p>You will be unable to edit the 'Library code'</p>
<h2>Adding a group</h2>
<p>To add a Search Domain or Library Property Group click the 'New Group' button at the top of the screen.</p>
<p>Of the fields on the group form, 'Category code' and 'Name' are the only required fields</p>
<h2>Search Domain Groups</h2>
<p>Search Domain Groups allow you to search a group of libraries at the same time instead of searching just one library or all libraries.</p>
<p>To see Search Domain Groups in action visit the staff client advanced search page in your Koha system</p>
<h2>Library Property Groups</h2>
<p>You can assign specific categories to your libraries by adding groups for them.</p>
<p>Properties are then applied to libraries via the add or edit library form.</p>
<p><strong>See the full documentation for Libraries &amp; Groups in the <a href="http://koha-community.org/manual/[% helpVersion | html %]/en/html/administration.html#libraries-&-groups">manual</a> (online).</strong></p>
[% INCLUDE 'help-bottom.inc' %]
View git blame Copy permalink