Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/intranet-tmpl/prog/en/modules/help/admin/z3950servers.tt
Jonathan Druart dcd1f5d48c Bug 13618: Add html filters to all the variables 
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00

104 lines
6.2 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[% INCLUDE 'help-top.inc' %]
<h1>Z39.50/SRU Servers</h1>
<p>Z39.50 and SRU are clientserver protocols for searching and retrieving information from remote computer databases, in short tools used for copy cataloging. Using Koha you can connect to any Z39.50/SRU target that is publicly available or that you have the log in information to and copy both bibliographic and/or authority records from that source. (Note that not all SRU targets will offer bibliographic information in MARC format.)</p>
<p>Koha comes with a default list of Z39.50/SRU targets set up that you can add to, edit or delete.</p>
<p>To find additional targets you use IndexData's IRSpy: <a href="http://irspy.indexdata.com/" target="_top">http://irspy.indexdata.com</a>.</p>
<h2>Add a Z39.50/SRU Target</h2>
<p>From the main Z39.50/SRU page, click 'New Z39.50 Server' or 'New SRU server'.</p>
<ul>
<li>'Server name' should be populated with a name that will help you identify the source (such as the library name).</li>
<li>'Hostname' will be the address to the Z39.50 target. For a SRU target, only enter the domain name here. (See example below.)</li>
<li>'Port' tells Koha what port to listen on to get results from this target.</li>
<li>'Database' is the name of the database for Z39.50 targets. For SRU targets enter the path name part of the URL (the local part following domain and port). See also example below.</li>
<li>'Userid' and 'Password' are only required for servers that are password protected.</li>
<li>Check 'Preselected (searched by default)' if you want this target to always be selected by default.</li>
<li>'Rank' lets you enter where in the list you'd like this target to appear. If this is left blank the targets will be in alphabetical order.</li>
<li>'Syntax' is the MARC flavor you use.</li>
<li>'Encoding' tells the system how to read special characters.</li>
<li>'Timeout' is helpful for targets that take a long while. You can set the timeout so that it doesn't keep trying the target if results aren't found in a reasonable amount of time.</li>
<li>'Record type' lets you define if this is a bibliographic or an authority target.</li>
<li>'Additional SRU options': You can enter additional options of the external server here, like sru_version=1.1 or schema=marc21, etc. Note that these options are server dependent.</li>
<li>'SRU Search field mapping': Click on Modify to add or update the mapping from the available fields on the Koha search form to the specific server dependent index names. For instance, a SRU server could use 'cql.anywhere' for the Any field on the Koha form. If you do not enter an index name for a specific search field, the whole record will be searched.</li>
<li>'XSLT file(s)': You can enter here one or more (comma-separated) XSLT file names that you want to apply on the search results.</li>
</ul>
<h2>Using XSLT file(s) to transform the imported records</h2>
<p>When retrieving records from external targets you may wish to automate some
changes to those records. XSLT's allow you to do this. Koha ships with some
sample XSLT files ready for use.</p>
<ul>
<li>Del952.xsl: Remove items (MARC21/NORMARC)</li>
<li>Del995.xsl: Remove items (UNIMARC)</li>
<li>Del9LinksExcept952.xsl: Remove $9 links. Skip item fields (MARC21/NORMARC).</li>
<li>Del9LinksExcept995.xsl: Remove $9 links. Skip item fields (UNIMARC).</li>
</ul>
<h3>Example</h3>
<p>If you want to remove both holdings data and $9 links when importing, you can use:</p>
<table>
<thead><tr>
<th>Syntax</th>
<th>XSLT configuration</th>
</tr></thead>
<tbody>
<tr><td>MARC21/NORMARC</td><td>Del9LinksExcept952.xsl, Del952.xsl</td></tr>
<tr><td>UNIMARC</td><td>Del9LinksExcept995.xsl, Del995.xsl</td></tr>
</tbody>
</table>
<h2>SRU example</h2>
<p>If you want to enter the Library of Congress SRU server, you should at least use the following information. The full URL http://lx2.loc.gov:210/LCDB must be entered as follows:</p>
<table>
<tr><td>Host</td><td>lx2.loc.gov</td></tr>
<tr><td>Port</td><td>210</td></tr>
<tr><td>Database</td><td>LCDB</td></tr>
<tr><td>Syntax</td><td>MARC21/USMARC</td></tr>
<tr><td>Encoding</td><td>utf8</td></tr>
</table>
<p>To further refine your searches, you could add the following index names to the SRU search field mappings. To do this, edit the server and click the Modify button next to this field.</p>
<table>
<tr><td>Title</td><td>dc.title</td></tr>
<tr><td>ISBN</td><td>bath.isbn</td></tr>
<tr><td>Any</td><td>cql.anywhere</td></tr>
<tr><td>Author</td><td>dc.author</td></tr>
<tr><td>ISSN</td><td>bath.issn</td></tr>
<tr><td>Subject</td><td>dc.subject</td></tr>
<tr><td>Standard ID</td><td>bath.standardIdentifier</td></tr>
</table>
<h2>Suggested Bibliographic Z39.50 Targets</h2>
<p>The following targets have been used successfully by other Koha libraries (in the Americas):</p>
<ul>
<li>CUYAHOGA COUNTY PUBLIC webcat.cuyahoga.lib.oh.us:210 INNOPAC</li>
<li>GREATER SUDBURY PUBLIC 216.223.90.51:210 INNOPAC</li>
<li>HALIFAX PUBLIC catalogue.halifaxpubliclibraries.ca:210 horizon</li>
<li>HALTON HILLS PUBLIC cat.hhpl.on.ca:210 halton_hills</li>
<li>LIBRARY OF CONGRESS lx2.loc.gov: 210 LCDB</li>
<li>LONDON PUBLIC LIBRARY catalogue.londonpubliclibrary.ca:210 INNOPAC</li>
<li>MANITOBA PUBLIC library.gov.mb.ca:210 horizon</li>
<li>MILTON PL cat.mpl.on.ca:210 horizon</li>
<li>NATIONAL LIBRARY OF WALES cat.llgc.org.uk:210 default</li>
<li>TORONTO PUBLIC symphony.torontopubliclibrary.ca:2200 unicorn</li>
<li>TRI-UNI 129.97.129.194:7090 voyager</li>
<li>VANCOUVER PUBLIC LIBRARY z3950.vpl.ca:210 Horizon</li>
</ul>
<h2>Suggested Authority Z39.50 Targets</h2>
<p>The following targets have been used successfully by other Koha libraries:</p>
<ul>
<li>LIBRARIESAUSTRALIA AUTHORITIES z3950-test.librariesaustralia.nla.gov.au:210 AuthTraining Userid: ANLEZ / Password: z39.50</li>
<li>LIBRARY OF CONGRESS NAME AUTHORITIES lx2.loc.gov:210 NAF</li>
<li>LIBRARY OF CONGRESS SUBJECT AUTHORITIES lx2.loc.gov:210 SAF</li>
</ul>
<p><strong>See the full documentation for Z39.50/SRU Servers in the <a href="http://koha-community.org/manual/[% helpVersion | html %]/en/html/administration.html#z39.50/sru-servers">manual</a> (online).</strong></p>
[% INCLUDE 'help-bottom.inc' %]
View git blame Copy permalink