dcd1f5d48c
Here we go, next step then. As we did not fix the performance issue when autofiltering the variables (see bug 20975), the only solution we have is to add the filters explicitely. This patch has been autogenerated (using add_html_filters.pl, see next pathces) and add the html filter to all the variables displayed in the template. Exceptions are made (using the new 'raw' TT filter) to the variable we already listed in the previous versions of this patch. To test: - Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated data which contain <script> tags - Remove them from borrower_debarments.comments (there are allowed here) update borrower_debarments set comment="html tags possible here"; - From the interface hit page and try to catch alert box. If you find one it means you find a possible XSS. To know where it comes from: * note the exact URL where you found it * note the alert box content * Dump your DB and search for the string in the dump to identify its location (for instance table.field) Next: * Ideally we would like to use the raw filter when it is not necessary to HTML escape the variables (in big loop for instance) * Provide a QA script to catch missing filters (we want html, uri, url or raw, certainly others that I am forgetting now) * Replace the html filters with uri when needed (!) Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
27 lines
1.6 KiB
Text
27 lines
1.6 KiB
Text
[% INCLUDE 'help-top.inc' %]
|
|
|
|
<h1>Batches</h1>
|
|
|
|
<p>Batches are made up of the barcodes you would like to print. Once in this tool you can search for the item records you would like to print out labels for.</p>
|
|
|
|
<h2>Add a Batch</h2>
|
|
|
|
<p>Batches can be created in one of two ways. The first is to click the 'Create Label Batch' link on the 'Staged MARC Management' page</p>
|
|
|
|
<p>The other is to choose to create a new batch from the label creator tool</p>
|
|
|
|
<p>You will be brought to an empty batch with an 'Add item(s)' button at the top of the page. Clicking 'Add item(s)' will open a search window for you to find the items you want to add to the batch.</p>
|
|
|
|
<p>From the search results, click the check box next to the items you want to add to the batch and click the 'Add checked' button. You can also add items one by one by clicking the 'Add' link to the left of each item.</p>
|
|
|
|
<p>Once you have added all of the items click the 'Done' button. The resulting page will list the items you have selected.</p>
|
|
|
|
<p>To print your labels, click the 'Export Batch' button. To print only some of the labels, click the 'Export Item(s)' button. Either way you will be presented with a confirmation screen where you can choose your template and layout.</p>
|
|
|
|
<p>You will then be presented with three download options: PDF, Excel, and CSV.</p>
|
|
|
|
<p>After saving your file, simply print to the blank labels you have in your library.</p>
|
|
|
|
<p><strong>See the full documentation for Label Batches in the <a href="http://koha-community.org/manual/[% helpVersion | html %]/en/html/tools.html#batches">manual</a> (online).</strong></p>
|
|
|
|
[% INCLUDE 'help-bottom.inc' %]
|