]> git.koha-community.org Git - koha.git/log
koha.git
7 years agoBug 18778 - Translatability: Get rid of tt directive in translation for item-status.inc
Marc Véron [Mon, 12 Jun 2017 05:48:57 +0000 (07:48 +0200)]
Bug 18778 - Translatability: Get rid of tt directive in translation for item-status.inc

The file opac-tmpl/bootstrap/en/includes/item-status.inc exposes a template directive where translators should not be confronted with.

"%s %s [%%#- This include takes two parameters: an item structure and an "
"optional loan (issue) structure. The issue structure is used by course "
"reserves pages, which do not use an API to fetch items that populates item."
"datedue. -%%] %s %s %s %s "

This patch fixes new lines inside a tt directive (comment).
It is merely a string patch.

To test:
Verify that the code changes make sense.
(Bonus test: create a new language 'aa-AA', verify that line above does not
show up in aa-AA-opac-bootstrap.po)

NOTE: Followed test plan similar to bug 18776 comment 3.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit c8551645d5bdd3e6fb5b7e03280521a2fbaef636)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b9ff28f719cb17d37e5eaecc4fb09b9032cc38e5)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18660: Translatability: Get rid of template directives [%% in translation for...
Marc Véron [Tue, 23 May 2017 15:09:49 +0000 (17:09 +0200)]
Bug 18660: Translatability: Get rid of template directives [%% in translation for patroncards-errors.inc

Translation for koha-tmpl/intranet-tmpl/prog/en/includes/patroncards-errors.inc
contains a lot of (partial) template directives like:
%%]%s %sLayout: [%%

This patch fixes it

To test:
- Verify that code changes make sense
- Apply patch
- Create a translation (cd misc/translator , then: perl translate create aa-AA
- Verify that in po/aa-AA-staff-prog.po contains no fragments like %%] or [%%
  for patroncards-errors.inc
- Try to get an error: Try a link like
  http://[YOUR SERVER]/cgi-bin/koha/patroncards/create-pdf.pl?batch_id=1&template_id=999&layout_id=999&start_card=1
  ...where template_id and layout_id do not exist

(Amended for comment #2 2017-06-05 mv)
(Amended for comment #6 2017-08-02 mv)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7e39bbc61aedd6383f4d6a1b4728711c6922e877)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 036b317c0c0e96b0eb344d767cca7f87da4fb875)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18652: Get rid of tt directive in translation for uncertainprice.tt
Marc Véron [Mon, 22 May 2017 19:09:06 +0000 (21:09 +0200)]
Bug 18652: Get rid of tt directive in translation for uncertainprice.tt

Translation tool shows toe following for ncertainprice.tt
0; url=[% scriptname %]?booksellerid=[% booksellerid %]

This patch fixes it.

To test:
- Apply patch
- Verify that code change makes sense
- Verify that Home > Acquisitions > [vendor] > Uncertain prices for [vendor]
  works as before

- Additional test (for a langunage 'aa-AA')
  perl translate create aa-AA
  verify that line 41 no longer appears in aa-AA-staff-prog.po

Amended to switch from BLOCK to a template variable, see comment #5

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 2ee82801c7a8686523f9c5e95b0f43d44e52e4ab)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4d427740196bb0a9bcfe80787af8cdf769c06b76)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18649: Translatability: Get rid of tt directive in translation for admin/categori...
Marc Véron [Fri, 4 Aug 2017 08:52:13 +0000 (10:52 +0200)]
Bug 18649: Translatability: Get rid of tt directive in translation for admin/categories.tt and onboardingstep2.tt

New patch without trailing IF construction in tt directives as
requested in comment #28

To test: Verify that translation tool no longer shows tt directives as
described in comment #1

New patch, needs SO.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 79338bde3e01708fe331a54745f45c620c121805)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0f9175c0b26e9e8d65bf39dab80d99e5d7455346)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18921: Resolve a few warnings in C4/XSLT.pm
Marcel de Rooy [Mon, 10 Jul 2017 12:15:09 +0000 (14:15 +0200)]
Bug 18921: Resolve a few warnings in C4/XSLT.pm

Resolves warnings like:

Use of uninitialized value in hash element at C4/XSLT.pm line 262.
Use of uninitialized value in numeric eq (==) at C4/XSLT.pm line 267.
Use of uninitialized value $status in concatenation (.) or string at C4/XSLT.pm line 300.

Note: Line numbers are not exactly the same anymore.

Test plan:
[1] Enable XSLT view in OPAC
[2] Without this patch, you will probably have some of these warnings when
    doing some opac searches.
[3] Apply this patch. Check the logs again.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 5f989a81dff29db78620057d70ed864b32486bc0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1c8287632ea36e6d2a8ade922fe129f5f792d6d3)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18996: [16.11.x] use Koha::OldIssues instead of Koha::Old::Checkouts
Jonathan Druart [Mon, 11 Sep 2017 19:08:41 +0000 (16:08 -0300)]
Bug 18996: [16.11.x] use Koha::OldIssues instead of Koha::Old::Checkouts

7 years agoBug 18996: [16.11.x] [QA Follow-up] Remove global variables from Message.t
Marcel de Rooy [Wed, 2 Aug 2017 11:01:47 +0000 (13:01 +0200)]
Bug 18996: [16.11.x] [QA Follow-up] Remove global variables from Message.t

As per request of Colin in comment18, this patch makes the use of global
variables in Message.t no longer needed.
The three subtests are now completely independent and could well be moved
to separate test scripts.

Note: Strictly speaking, the use of global (package) variables could
potentially introduce new bugs (e.g. if the value is modified outside the
script). This seems not to be the case here, but we are safe now.

Test plan:
Run the test again.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Conflicts:
t/db_dependent/SIP/Message.t

7 years agoBug 18996: [16.11.x] Add checkin subtest in SIP/Message.t
Marcel de Rooy [Sat, 29 Jul 2017 11:38:31 +0000 (13:38 +0200)]
Bug 18996: [16.11.x] Add checkin subtest in SIP/Message.t

Variable $branch was not used.
Promoted some global vars to our.
Shared the branchcode between all three subtests now.
The third subtest contains all six cases mentioned in the first patch.

Test plan:
Run t/db_dependent/SIP/Message.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Conflicts:
t/db_dependent/SIP/Message.t

7 years agoBug 18996: [16.11.x] Resolve an uninitialized warning from ILS/Item.pm
Marcel de Rooy [Tue, 1 Aug 2017 12:10:56 +0000 (14:10 +0200)]
Bug 18996: [16.11.x] Resolve an uninitialized warning from ILS/Item.pm

From the syslog call on line 107/108. The field $item->{title} has not
been initialized. When catching the warns in a test script with Test::Warn,
I got:
    Use of uninitialized value $args[1] in sprintf at /usr/lib/x86_64-linux-gnu/perl/5.20/Sys/Syslog.pm line 423.

This simply resolves the warning. We might have a closer look to this title
field on another report though.

Test plan:
Run Message.t from the next patch without this fix. It will fail since the
additional warning makes warnings_like return false.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
7 years agoBug 18996: [16.11.x] Handle data corruption from old_issues at SIP checkin
Marcel de Rooy [Fri, 28 Jul 2017 08:29:51 +0000 (10:29 +0200)]
Bug 18996: [16.11.x] Handle data corruption from old_issues at SIP checkin

As per bug 18966 AddReturn returns false with a DataCorrupted message
when the issue_id at hand already occurs in the old_issues table.
This should be handled when returning an item via SIP too. SIP should
not pretend that the checkin was successful, since this item needs
special care.

The following six different situations are handled:

[1] An attempt to checkin an invalid barcode is handled as before. The
ok flag is false; the screen message shows 'Invalid Item'.
[2] We receive a DataCorrupted message: the alert type is set to the
unused 98 code to indicate this new error condition. The ok flag
is false; the screen message shows 'Checkin failed: data problem'.
[3] The item checked in was not checked out AND the option checked_in_ok
is active. The ok flag is set to true; no screen message.
[4] The item checked in was not checked out AND the option checked_in_ok
is not active. The ok flag is not changed (normally false); the screen
message shows 'Item not checked out'.
[5] (The regular checkin) The item was checked out and AddReturn returned
true. The ok flag is true; no screen message.
[6] ("Otherwise") The item was checked out, but AddReturn returned false.
The ok flag is false; the screen message shows 'Checkin failed'.
Note: Currently this case only refers to the Wrongbranch and withdrawn
messages from AddReturn (where doreturn==0).

Note: Situation 1 and 5 are unchanged. Behavior is slightly changed for
situation 3 and 4; the option is only used when the item was not checked
out. Situation 2 and situation 6 are changed. After bug 18966 SIP
returned OK in case of data corruption (while checkin failed). In the
remaining cases under [6] SIP also returned OK while checkin failed.

Test plan:
[1] Test all six cases listed above. In order to simulate data corruption
insert the issue_id at hand in old_issues before you check in.
In cases 3 and 4 you need to toggle the option in your SIPconfig.xml and
restart the SIP server.
Case 6 can be tested by checking out at branch A, adjusting the value
of pref AllowReturnToBranch and checking in at branch B.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
7 years agoBug 18046: CAS logout infinite redirect
Chris Cormack [Tue, 1 Aug 2017 22:15:10 +0000 (10:15 +1200)]
Bug 18046: CAS logout infinite redirect

To test (You need a CAS server and CAS configured in Koha)

1/ Login using CAS in Koha
2/ Logout in Koha
3/ Notice you get redirected again and again
4/ Apply patch
5/ Login with CAS, then logout
6/ Notice logout works, but no longer infinitely redirected

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Patch has been in production use for several months
on several instances. Fixes a critical bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Looks like a typical workaround, but evidently works.
Not tested with CAS.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 13ca4962068b184f803b6588e53e39209a77f2b6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c87b963818076a58661922116893ff052b2d76a9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18741: Fix loading of SQL files in web installer
Julian Maurice [Wed, 7 Jun 2017 09:29:46 +0000 (11:29 +0200)]
Bug 18741: Fix loading of SQL files in web installer

Test plan:
1. Start a normal install using the web installer
2. When asked to select data to load, verify that
   'message_transport_types' is checked, and check some optional data
   files
3. Continue the install to the end
4. Verify that message_transport_types is not empty, and that the
   optional data you checked is there

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18551 - Hide with CSS dynamic elements in member search
Fridolin Somers [Fri, 5 May 2017 13:00:05 +0000 (15:00 +0200)]
Bug 18551 - Hide with CSS dynamic elements in member search

In member search page, the result table is in Ajax so fully managed by Javascript. There is also a yellow dialog message prepared in HTML.

Thoses elements are hidden by JS code : ie $("#patron_list_dialog").hide().

The problem is that the static page is first loaded an displayed then the JS code runs an hides the elements.
On a low performance computer, this action is visible and looks like there is a blinking yellow message.

I propose to hide with CSS so that thoses elements are not displayed in static page and are there shown in dynamic JS code.

Test plan :
Check display is unchanged :
- Go to home page /cgi-bin/koha/members/members-home.pl
- Perform patron search from header search box
- Perform patron search by clicking on a letter
- Perform patron search from filters (left of results table)
- Select a patron and add it to a list => you see the yellow message

Yellow message does no longer appear with this patch.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Philippe <philippe.audet-fortin@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5cc536c68b221823f4335b5b5db1108521f88a71)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 19053: Keep auto_renew flag if a confirmation is needed
Jonathan Druart [Mon, 7 Aug 2017 16:50:32 +0000 (13:50 -0300)]
Bug 19053: Keep auto_renew flag if a confirmation is needed

If an item is checked out with the auto renewal flag and a confirmation
is needed (holds exist, past due date, etc.) the auto renewal flag will
get lost.

Test plan:
- Check an item out and specify a past due date
- Confirm the checkout on the confirmation screen
=> Without this patch the checkout is not marked as auto renewal
=> With this patch applied the auto renewal flag will be set to the
checkout

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3808dbc1d22b3adc43a09ba7ce00aaca01f95f5a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 8f3a7d800271cb2611de0cb369e907b16c30fb0b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoAdd release notes for Koha 16.05.16 v16.05.16
Mason James [Thu, 24 Aug 2017 06:39:28 +0000 (18:39 +1200)]
Add release notes for Koha 16.05.16

7 years agoIncrement version for 16.05.16 release
Mason James [Thu, 24 Aug 2017 06:18:13 +0000 (18:18 +1200)]
Increment version for 16.05.16 release

7 years agoTranslation updates for Koha 16.05.16
Mason James [Thu, 24 Aug 2017 06:30:51 +0000 (18:30 +1200)]
Translation updates for Koha 16.05.16

7 years agorm test files
Mason James [Thu, 24 Aug 2017 07:22:22 +0000 (19:22 +1200)]
rm test files

7 years agofix merge typo
Mason James [Thu, 24 Aug 2017 06:58:25 +0000 (18:58 +1200)]
fix merge typo

7 years agoBug 19035 - Stored XSS in lists.pl
Amit Gupta [Tue, 15 Aug 2017 03:03:41 +0000 (08:33 +0530)]
Bug 19035 - Stored XSS in lists.pl

To Test
1. Hit the page /cgi-bin/koha/patron_lists/lists.pl
2. Click on new patron list
3. Add a text in the field Name that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed in both the pages list.pl and list.pl?patron_list_id=xx
xx is patronlist id

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19114 - Stored XSS in parcels.pl
Amit Gupta [Tue, 15 Aug 2017 15:28:34 +0000 (20:58 +0530)]
Bug 19114 - Stored XSS in parcels.pl

Test
1. Hit the page /cgi-bin/koha/acqui/parcels.pl?booksellerid=xx
   xx is booksellerid
2. Add a text in the field Vendor invoice that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Fixed XSS for parcels.pl/parcel.pl/orderreceive.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19112 - Stored XSS in basketheader.pl page
Amit Gupta [Tue, 15 Aug 2017 14:21:48 +0000 (19:51 +0530)]
Bug 19112 - Stored XSS in basketheader.pl page

To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19110 - XSS Stored in branches.pl
Amit Gupta [Tue, 15 Aug 2017 09:30:55 +0000 (15:00 +0530)]
Bug 19110 - XSS Stored in branches.pl

To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
   xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19100 - XSS Flaws in memberentry.pl
Amit Gupta [Tue, 15 Aug 2017 17:52:32 +0000 (23:22 +0530)]
Bug 19100 - XSS Flaws in memberentry.pl

1. Hit /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid.
5. Notice it is no longer executed.

NOTE: I had to test in Microsoft Edge, because Chrome was blocking XSS for me.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19105 - XSS Stored in holidays.pl
Amit Gupta [Tue, 15 Aug 2017 03:53:13 +0000 (09:23 +0530)]
Bug 19105 - XSS Stored in holidays.pl

To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 16069 - XSS issue in basket.pl page
Amit Gupta [Sun, 20 Aug 2017 15:23:06 +0000 (20:53 +0530)]
Bug 16069 - XSS issue in basket.pl page

1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
   xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
   xx - is a basketno.
5. Notice it is no longer executed.

Fix for 16.11.x

Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19079 - XSS Flaws in Membership page
Amit Gupta [Fri, 11 Aug 2017 15:38:14 +0000 (21:08 +0530)]
Bug 19079 - XSS Flaws in Membership page

1. Hit /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber
2. Notice the java script is executed.
4. Apply patch.
5. Reload page, and hit the page again /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19033: XSS Flaws in Currencies and exchange page
Amit Gupta [Fri, 4 Aug 2017 04:14:52 +0000 (09:44 +0530)]
Bug 19033: XSS Flaws in Currencies and exchange page

1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the issue, follows common practice on the codebase.
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19034: (followup 2) Fix letters.tt XSS flaw
Jonathan Druart [Tue, 15 Aug 2017 16:26:12 +0000 (13:26 -0300)]
Bug 19034: (followup 2) Fix letters.tt XSS flaw

Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19034: (followup) Fix letters.tt XSS flaw
Tomas Cohen Arazi [Mon, 7 Aug 2017 14:27:33 +0000 (11:27 -0300)]
Bug 19034: (followup) Fix letters.tt XSS flaw

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19034: XSS Flaws in Z39.50/SRU servers administration
Amit Gupta [Fri, 4 Aug 2017 05:11:49 +0000 (10:41 +0530)]
Bug 19034: XSS Flaws in Z39.50/SRU servers administration

1. Hit /cgi-bin/koha/admin/z3950servers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search Z39.50/SRU servers box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search Z39.50/SRU servers box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19034: XSS Flaws in Cities
Amit Gupta [Fri, 4 Aug 2017 05:08:12 +0000 (10:38 +0530)]
Bug 19034: XSS Flaws in Cities

1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19034: XSS Flaws in Patron categories pages
Amit Gupta [Fri, 4 Aug 2017 05:04:19 +0000 (10:34 +0530)]
Bug 19034: XSS Flaws in Patron categories pages

1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19050 - XSS Flaws in Quick spine label creator
Amit Gupta [Mon, 7 Aug 2017 15:19:56 +0000 (20:49 +0530)]
Bug 19050 - XSS Flaws in Quick spine label creator

1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19051 - XSS Flaws in - Batch item modification page
Amit Gupta [Mon, 7 Aug 2017 16:13:56 +0000 (21:43 +0530)]
Bug 19051 - XSS Flaws in - Batch item modification page

1. Hit /cgi-bin/koha/tools/batchMod.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19051 - XSS Flaws in Batch item deletion page
Amit Gupta [Mon, 7 Aug 2017 15:54:44 +0000 (21:24 +0530)]
Bug 19051 - XSS Flaws in Batch item deletion page

1. Hit /cgi-bin/koha/tools/batchMod.pl?del=1
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19051 - XSS Flaws in - Batch record deletion page
Amit Gupta [Mon, 7 Aug 2017 15:38:36 +0000 (21:08 +0530)]
Bug 19051 - XSS Flaws in - Batch record deletion page

1. Hit /cgi-bin/koha/tools/batch_delete_records.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Record number list (one per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Record number list (one per line) text area.
6. Notice it is no longer executed.
7. Fixes for both biblio and authority records.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19052 - XSS Flaws in - Invoice search page
Amit Gupta [Mon, 7 Aug 2017 16:47:14 +0000 (22:17 +0530)]
Bug 19052 - XSS Flaws in - Invoice search page

1. Hit /cgi-bin/koha/acqui/invoices.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19052 - XSS Flaws in vendor search page
Amit Gupta [Mon, 7 Aug 2017 16:34:30 +0000 (22:04 +0530)]
Bug 19052 - XSS Flaws in vendor search page

1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19054 - XSS Flaws in Report - Top Most-circulated items
Amit Gupta [Mon, 7 Aug 2017 17:04:05 +0000 (22:34 +0530)]
Bug 19054 - XSS Flaws in Report - Top Most-circulated items

1. Hit /cgi-bin/koha/reports/cat_issues_top.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19078 - XSS Flaws in System preferences
Amit Gupta [Thu, 10 Aug 2017 16:21:38 +0000 (21:51 +0530)]
Bug 19078 - XSS Flaws in System preferences

1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18726: Fix XSS at the OPAC - biblionumber
Jonathan Druart [Wed, 9 Aug 2017 17:08:24 +0000 (14:08 -0300)]
Bug 18726: Fix XSS at the OPAC - biblionumber

The biblionumber parameter is sent by the user, we must escape all of
them to avoid XSS.

Fixes: Cross-site scripting OPAC pages
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoRevert "Bug 18551: [16.11.x] followup - hide advanced filters in header, move hidding...
Mason James [Wed, 23 Aug 2017 10:44:48 +0000 (22:44 +1200)]
Revert "Bug 18551: [16.11.x] followup - hide advanced filters in header, move hidding to css file"

This reverts commit 146c103bbf83221a96c5fb289677eb77999384c3.

7 years agoBug 18551: [16.11.x] followup - hide advanced filters in header, move hidding to...
Josef Moravec [Tue, 9 May 2017 13:33:52 +0000 (13:33 +0000)]
Bug 18551: [16.11.x] followup - hide advanced filters in header, move hidding to css file

Test plan:
The same as first patch, but also with advanced search form in header hidden
on page load - see comment 4

Issue with advanced search form is gone.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Philippe <philippe.audet-fortin@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Conflicts:
koha-tmpl/intranet-tmpl/prog/css/staff-global.css

7 years agoBug 18976: [16.11] Add missing use statement
Jonathan Druart [Tue, 1 Aug 2017 11:30:20 +0000 (08:30 -0300)]
Bug 18976: [16.11] Add missing use statement

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18976: (follow-up) Fix t/db_dependent/Search/History.t cleanup
Lari Taskula [Mon, 24 Jul 2017 15:16:25 +0000 (18:16 +0300)]
Bug 18976: (follow-up) Fix t/db_dependent/Search/History.t cleanup

Same problem in t/db_dependent/Search/History.t.

To replicate:
1. Check the row count of borrowers, branches, categories, sessions, sms_providers
   tables
2. prove t/db_dependent/Search/History.t
3. Repeat step 1
4. Observe borrowers the following tables have increased in row count:
   - borrowers
   - branches
   - categories
   - sessions
   - sms_providers

To test:
1. Before applying the patch, go through steps at "To replicate" plan
2. Apply patch
3. Go through steps at "To replicate" plan
4. Observe step 4 no longer applies and those tables have the same number of
   rows as before executing the test.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18976: Fix t/db_dependent/Auth.t cleanup
Lari Taskula [Mon, 24 Jul 2017 13:43:18 +0000 (16:43 +0300)]
Bug 18976: Fix t/db_dependent/Auth.t cleanup

Test t/db_dependent/Auth.t seems to have an ineffective test data cleanup.
Data generated by TestBuilder is left in borrowers, branches, categories,
sms_providers and sessions tables after the test.

To replicate:
1. Check the row count of borrowers, branches and categories tables
2. prove t/db_dependent/Auth.t
3. Repeat step 1
4. Observe borrowers the following tables have increased in row count:
   - borrowers
   - branches
   - categories
   - sessions
   - sms_providers

To test:
1. Before applying the patch, go through steps at "To replicate" plan
2. Apply patch
3. Go through steps at "To replicate" plan
4. Observe step 4 no longer applies and those tables have the same number of
   rows as before executing the test.

This issue has been happening in REST tests as well, and this solution is
directly copy-pasted from t/db_dependent/api/v1/cities.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18632: Remove 'CGI::param called in list context' warnings
Jonathan Druart [Thu, 18 May 2017 20:42:02 +0000 (17:42 -0300)]
Bug 18632: Remove 'CGI::param called in list context' warnings

Once again, after bug 16154 and bug 16259 we need to remove more
occurrence of CGi->param called in list context.
Refer to bug 15809 for more information.

Test plan:
Make sure you do not see the error on the modified scripts.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18685: (bug 18551 follow-up) Fix patron toolbar
Jonathan Druart [Mon, 12 Jun 2017 14:38:59 +0000 (11:38 -0300)]
Bug 18685: (bug 18551 follow-up) Fix patron toolbar

Bug 18551 moves the way the filters are displayed and so the position of
the patron toolbar must be recalculated.

Test plan:
Edit patron's detail
open the filters, scrolldown
close the filters, scrolldown
=> The toolbar must be correctly placed

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18951: Adjust Isbd.t
Marcel de Rooy [Wed, 19 Jul 2017 11:59:45 +0000 (13:59 +0200)]
Bug 18951: Adjust Isbd.t

Add schema calls.
Remove an unneeded AddBiblio call.

Test plan:
Run t/db_dependent/Biblio/Isbd.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18951: Create data for TransformKohaToMarc.t
Marcel de Rooy [Wed, 19 Jul 2017 11:48:55 +0000 (13:48 +0200)]
Bug 18951: Create data for TransformKohaToMarc.t

Adding schema and caching statements.
Adjust it so that the Koha to MARC mappings are not assumed to be present,
but are created as needed.
Remove the mock on marcflavour. It is no longer needed.
Resolving a small typo.

Test plan:
Run t/db_dependent/Biblio/TransformKohaToMarc.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18951: Some t/Biblio tests are database dependent (git mv)
Marcel de Rooy [Wed, 19 Jul 2017 11:33:34 +0000 (13:33 +0200)]
Bug 18951: Some t/Biblio tests are database dependent (git mv)

Move Isbd.t and TransformKohaToMarc.t to db_dependent.
Next patch will add a few adjustments too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18991: Fix cleanup in t/db_dependent/Log.t
Lari Taskula [Thu, 27 Jul 2017 14:56:18 +0000 (14:56 +0000)]
Bug 18991: Fix cleanup in t/db_dependent/Log.t

There is an action_logs entry via logaction() without transaction to be rolled
back in t/db_dependent/Log.t. This leaves an entry in action_logs after
the test is over.

To replicate:
1. prove t/db_dependent/Log.t
2. Observe a new entry in action_logs table

To test:
1. Apply patch
2. prove t/db_dependent/Log.t
3. Observe there are no new entries in action_logs

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 19000: Fix typo in closing p tag for items
Marcel de Rooy [Fri, 28 Jul 2017 05:56:21 +0000 (07:56 +0200)]
Bug 19000: Fix typo in closing p tag for items

Close the p tag and add a br tag to visually divide the two sections
Data problems and Warnings regarding system configuration.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Discovered the problem when testing a duplicate key in deleteditems.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3c87b6f387831053e01ecc86b91d61669af9696b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 37097ee7f6f462193eefd4d51d4142b6ce59a8a9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18545: Re-add call to enableCheckboxActions
Jonathan Druart [Mon, 24 Jul 2017 17:25:21 +0000 (14:25 -0300)]
Bug 18545: Re-add call to enableCheckboxActions

This call is used to refresh the page correctly

Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18545 [Follow-up] Remove use of onclick from OPAC Cart
Owen Leonard [Fri, 9 Jun 2017 15:50:41 +0000 (15:50 +0000)]
Bug 18545 [Follow-up] Remove use of onclick from OPAC Cart

This patch makes a few corrections:

- Use 'e.preventDefault()' instead of 'return false' in changed
  sections.
- Modify the event handler on checkboxes to successfully handle the
  un-check action as well as the check action. (QA comment 5).

To test, follow the original test plan.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18545: Remove use of onclick from OPAC cart
Aleisha Amohia [Fri, 5 May 2017 03:58:49 +0000 (03:58 +0000)]
Bug 18545: Remove use of onclick from OPAC cart

To test:
1) Apply patch and add one or more items to your cart
2) Confirm that clicking the following things still works as expected:
 - more details
 - brief display
 - send
 - download
 - print
 - select all
 - clear all
 - selecting by clicking checkbox
 - remove title
 - add title to list
 - place hold
 - add tag
 - empty and close

Sponsored-by: Catalyst IT
Followed test plan, works as expected. Resolves issue with two
print dialogues from Bug 18544.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18605: Remove TRUNCATE from C4/HoldsQueue.pm
Marcel de Rooy [Mon, 15 May 2017 08:38:43 +0000 (10:38 +0200)]
Bug 18605: Remove TRUNCATE from C4/HoldsQueue.pm

Replaces TRUNCATE by DELETE, since truncate implicitly commits. We don't
need to do that here. (Would complicate testing it too.)
Fixes typo disablig.
Add a simple test to HoldsQueue.t.

Test plan:
Run t/db_dependent/HoldsQueue.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit db64c94953be772fb316d508fdfffd374ea1d835)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit bede0cc328f6acff69489fe3139d64c35eb7b589)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18965 - branch transfer limits pagination save bug
Fridolin Somers [Thu, 20 Jul 2017 14:08:59 +0000 (16:08 +0200)]
Bug 18965 - branch transfer limits pagination save bug

In branch transfer limits, tables are paginated with 20 rows by default.

The bug is that datatable not only hides rows, they are not in form.
So when submitting form, rows not visible are erased.

Test plan :
Wihout patch :
- Create 22 branches, you can hack the creation form by manualling calling URL : /cgi-bin/koha/admin/branches.pl?op=add_validate&branchcode=Bxx&branchname=Bxx
- Go to Administration > Library transfer limits
- You see table first page : only 20 first rows are shown
- You see all checkboxes are checked
- Go to second page of this table
- Save
=> You see table first page with all checkboxes unchecked
With patch the is no pagination, all checkboxes are shown when you save

Signed-off-by: Axelle Clarisse <axelle.clarisse@univ-amu.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7a306d72ab98f2abf2266716761820f1098ede9b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ca7f2f5aa48d8d5136029d10d8c15ffacf010103)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18832: Missing space between icon and label in button 'Patron lists'
Marc Véron [Wed, 21 Jun 2017 07:47:13 +0000 (09:47 +0200)]
Bug 18832: Missing space between icon and label in button 'Patron lists'

On page Home > Patrons the button 'Patron lists' misses a space between
icon and text. This patch adds it to make the button display like the other
ones.

To test, apply patch and verify that the button displays as expected.

Signed-off-by: fcouffignal <fcouffignal@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18918: Disable CSV option if no CSV profiles exist
Aleisha Amohia [Mon, 10 Jul 2017 02:31:22 +0000 (02:31 +0000)]
Bug 18918: Disable CSV option if no CSV profiles exist

To test:
1) Confirm you have no MARC CSV profiles (tools -> csv profiles)
2) Go to Tools -> Export data
3) Select the CSV file format for biblios
4) Notice the CSV profile dropdown shows up but the dropdown is empty
5) Click the Export button, notice Koha breaks
6) Go back and apply the patch, refresh
7) Notice the CSV option is now disabled in the file format menu
8) If you hover over CSV, an appropriate message should show explaining
why it is disabled
9) Create a CSV profile for MARC
10) Go back to Export and you should be able to use CSV now without
problem

Sponsored-by: Catalyst IT
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18982: Remove data in the correct order
Jonathan Druart [Wed, 26 Jul 2017 16:50:14 +0000 (13:50 -0300)]
Bug 18982: Remove data in the correct order

To respect FK

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18982: Create a circ rule for the data we created
Jonathan Druart [Tue, 25 Jul 2017 19:49:38 +0000 (16:49 -0300)]
Bug 18982: Create a circ rule for the data we created

No need to have a default circ cule, we create one for the categorycode
and itemtype we are going to use.
The 3 checkouts will not be rejected (5 are allowed)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrei <acovaliov@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18982: Create a specific itemtype for these tests
Jonathan Druart [Tue, 25 Jul 2017 19:48:06 +0000 (16:48 -0300)]
Bug 18982: Create a specific itemtype for these tests

No need to require rentalcharge=0 for all itemtypes, we create our own.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrei <acovaliov@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18982: category.categorycode must be uppercase
Jonathan Druart [Tue, 25 Jul 2017 19:46:08 +0000 (16:46 -0300)]
Bug 18982: category.categorycode must be uppercase

Otherwise it is not selected in the dropdown list and the patron created
does not belong to this category

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrei <acovaliov@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18982: Use KOHA_INTRANET_URL instead of syspref staffClientBaseURL
Jonathan Druart [Tue, 25 Jul 2017 17:37:27 +0000 (14:37 -0300)]
Bug 18982: Use KOHA_INTRANET_URL instead of syspref staffClientBaseURL

That way we do not need to set the syspref, we can define it setting an
env var, like other tests.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Andrei <acovaliov@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 16711: OPAC Password recovery: Handling if multiple accounts have the same mail...
Marc Véron [Sun, 21 May 2017 16:28:48 +0000 (18:28 +0200)]
Bug 16711: OPAC Password recovery: Handling if multiple accounts have the same mail address

To reproduce:
- Create 3 Accounts, login names are test01, test02, test03, Email is the same
for all.
- Go to OPAC -> Password recovery and indicate E-Mail only
- You will get an email for only one of the accounts above.

To test:
- Apply patch, restart memcached and plack
- Go to db, delete from borrower_password_recovery;
- Try steps above to reproduce. You will get an error message:
    Account identification with this email address only is ambiguous.
    Please use the field 'Login' as well.
- Verify that other cases work as before (provide valid / invalid login only,
  provide valid email for an existing account, provide unknown email, provide
  both login and email with all combinations of valid / invalid)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 16711: (QA-followup) Use count directly

See comment # 13

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3829020c2664ec531354f78f0c04d00f5dd6795d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 739a0f4b9b6bfba236d297608001180f4cb38af3)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoAdd release notes for Koha 16.05.15 v16.05.15
Mason James [Sun, 30 Jul 2017 16:10:22 +0000 (04:10 +1200)]
Add release notes for Koha 16.05.15

7 years agoRevert "Bug 18613: Add unit tests for getletter"
Mason James [Sun, 30 Jul 2017 16:04:35 +0000 (04:04 +1200)]
Revert "Bug 18613: Add unit tests for getletter"

This reverts commit 212d3bd9b9e07ddd76d7fbb72ae7b70c762fc058.

7 years agoRevert "Bug 18613: Remove letter rule correctly as superlibrarian"
Mason James [Sun, 30 Jul 2017 16:04:25 +0000 (04:04 +1200)]
Revert "Bug 18613: Remove letter rule correctly as superlibrarian"

This reverts commit ab019faecad351dc7f2df55db9487fdbbbb6c59f.

7 years agoTranslation updates for Koha 16.05.15
Mason James [Sun, 30 Jul 2017 13:16:35 +0000 (01:16 +1200)]
Translation updates for Koha 16.05.15

7 years agoIncrement version for 16.05.15 release
Mason James [Sun, 30 Jul 2017 13:04:17 +0000 (01:04 +1200)]
Increment version for 16.05.15 release

7 years agoBug 18572: Remove AddRenewal parameter
Jonathan Druart [Mon, 24 Jul 2017 17:04:06 +0000 (14:04 -0300)]
Bug 18572: Remove AddRenewal parameter

7 years agoBug 18572 - QA Followup
Nick Clemens [Wed, 19 Jul 2017 18:26:07 +0000 (18:26 +0000)]
Bug 18572 - QA Followup

7 years agoBug 18572 - Improper branchcode set during OPAC renewal
Nick Clemens [Fri, 23 Jun 2017 12:27:19 +0000 (12:27 +0000)]
Bug 18572 - Improper branchcode set during OPAC renewal

To test:
1 - Set 'OpacRenewalBranch' to various settings
2 - Renew an item for a ptron under each setting
3 - Confirm action_log entries reflect the correct branch for each
secnario
4 - prove t/db_dependent/Circulation/issue.t

Signed-off-by: David Kuhn <techservspec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18955 - autocomplete is on in OPAC password recovery
Fridolin Somers [Wed, 19 Jul 2017 07:48:04 +0000 (09:48 +0200)]
Bug 18955 - autocomplete is on in OPAC password recovery

In OPAC password recovery form autocomplete is not disabled.
So when login or email is entered, it is saved in browser input history for autocomplete.
This is a major issue for OPAC on computers with public access.

This patch adds autocomplete off on forms.

Test :
- Enable system preferences OpacPasswordChange and OpacResetPassword
- Go to OPAC
- Be sure to not be logged in
- Click on "Forgot your password?"
- Enter a loggin and email and Submit
=> Without patch there is an autocompletion with values you entered
=> With patch there is no autocompletion

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18613: Add unit tests for getletter
Baptiste Wojtkowski [Tue, 11 Jul 2017 09:12:37 +0000 (09:12 +0000)]
Bug 18613: Add unit tests for getletter

Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18613: Remove letter rule correctly as superlibrarian
Baptiste Wojtkowski [Fri, 19 May 2017 09:23:17 +0000 (09:23 +0000)]
Bug 18613: Remove letter rule correctly as superlibrarian

TEST PLAN

(reproducing bug)
1 - Set 'IndependantBranches' to enable
2 - Log in as Superlibrarian.
3 - Create 3 rules
    - 1 for all librairies (1)
    - 1 for the library of the superlibrarian (2)
    - 1 for another library (3)
4 - Try to delete them and see them and see that (3) isn't the good one

(checking patch)
5 - Apply patch
6 - Try again 3-
7 - Connect as not superlibrarian
8 - Try again 3-

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18901: [QA Follow-up] Do not translate zzpref either
Marcel de Rooy [Wed, 12 Jul 2017 11:33:51 +0000 (13:33 +0200)]
Bug 18901: [QA Follow-up] Do not translate zzpref either

Adding one backslash makes a difference :)
We need to escape the dot in the regex to exclude a file like zzpref
from translation too. Perfect_regexes++

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18901: Sysprefs translation: translate only *.pref files (not *.pref*)
Julian Maurice [Thu, 6 Jul 2017 12:39:20 +0000 (14:39 +0200)]
Bug 18901: Sysprefs translation: translate only *.pref files (not *.pref*)

Text editors can create temporary files in this folder and this can
confuse the translator.
For instance, vim can create a file named '.opac.pref.swp' which will
make the translator dies with the following error message:

Can't use string ("b0VIM 8.0") as a HASH ref while "strict refs" in use
at LangInstaller.pm line 248.

Test plan:
1. echo 'Oops' > .../en/modules/admin/preferences/whatever.pref.whatever
2. cd misc/translator && ./translate update fr-FR
3. Verify that you have the error message mentioned above
4. Apply patch
5. cd misc/translator && ./translate update fr-FR
6. No more errors!

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18854: Protect few other occurrences of offset
Jonathan Druart [Mon, 10 Jul 2017 14:56:46 +0000 (11:56 -0300)]
Bug 18854: Protect few other occurrences of offset

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18854: Make sure offset will not be < 0 - protect from DoS
Jonathan Druart [Wed, 5 Jul 2017 13:44:55 +0000 (10:44 -0300)]
Bug 18854: Make sure offset will not be < 0 - protect from DoS

There was a bug that meant a very large offset in the search params
will cause the search script to run forever (or long enough to crash
the machine)

To test

1/ Get ready with sudo top so you can kill the thread before it causes
your machine to OOM
2/ Hit a page like yourdomain.com/cgi-bin/koha/opac-search.pl?q=1&offset=-9999999999999999999
3/ Notice the process runs for a long time
4/ Kill the process
5/ Apply the patch
6/ Hit the page again, notice the it loads (offset is set to zero)
7/ Do the same to search in the staff client

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18854 - Protect from DOS
Chris Cormack [Sun, 25 Jun 2017 05:34:12 +0000 (17:34 +1200)]
Bug 18854 - Protect from DOS

There was a bug that meant a very large offset in the search params
will cause the search script to run forever (or long enough to crash
the machine)

To test

1/ Get ready with sudo top so you can kill the thread before it causes
your machine to OOM
2/ Hit a page like yourdomain.com/cgi-bin/koha/opac-search.pl?q=1&offset=-9999999999999999999
3/ Notice the process runs for a long time
4/ Kill the process
5/ Apply the patch
6/ Hit the page again, notice the it loads (offset is set to zero)
7/ Do the same to search in the staff client

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: changed -2 to 0 in opac-search.pl.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17639 - Remove white filling inside of Koha logo
Owen Leonard [Tue, 6 Jun 2017 15:50:19 +0000 (15:50 +0000)]
Bug 17639 - Remove white filling inside of Koha logo

This patch modifies the Koha logo SVG file to remove the fill from two
letters. This patch also optimizes the file and converts the text object
to paths for better cross-platform portability.

To test you could:

- Open the file in an editor and confirm that the change is correct
  - or -
- Open the file in a browser and use the code inspector to add a
  background-color attribute to the top-level <svg> tag. The logo should
  appear transparent, with no white fills.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 068db9aaabb0694b4d12404bda16525efad0fde7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit cffb4a26b3264137130d7a1a3c287d1f17c05b77)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18934: Preventing warns in Admin -> SMS providers
Aleisha Amohia [Thu, 13 Jul 2017 05:16:53 +0000 (05:16 +0000)]
Bug 18934: Preventing warns in Admin -> SMS providers

This patch initialises the $op variable to prevent the warns

To test:
1) Go to admin -> sms providers
2) Notice warns in error log
3) Apply patch and refresh page
4) Notice warns are gone

Sponsored-by: Catalyst IT
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 88ab0ef5791d2b428399690c505ac42aba4616df)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit adbd961d82fa6aebcc3f93f2dec6af1c8127aab9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18858: Prevent warn when deleting a borrower debarment
Aleisha Amohia [Tue, 27 Jun 2017 01:40:48 +0000 (01:40 +0000)]
Bug 18858: Prevent warn when deleting a borrower debarment

To test:
1) Look at intranet log
2) Go to delete a debarment on a borrower
3) Notice warn
4) Apply patch
5) Add a new debarment
6) Delete this debarment
7) Notice warn is gone

Sponsored-by: Catalyst IT
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7ed66a6c8ae1c3c824e496c2d312e23db1dd8e41)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7d2bd0482033ac106434aca59bab6b201a592fef)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18554: Adjust a few typos including responsability
Marcel de Rooy [Mon, 8 May 2017 10:08:43 +0000 (12:08 +0200)]
Bug 18554: Adjust a few typos including responsability

typo responsability
typo defautl in authorities.pref
typo reveived in t/db_dependent/Acquisition.t
typo ;; in advance_notices.pl
typo Stopping in restart_indexer (koha-indexer)
typo instutitional in moremember.pl
typo Corretly (Biblio.t)
typo periodicy in help serials

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18400 - Noisy warns in opac-search.pl during itemtype sorting (16.11)
apirak [Thu, 29 Jun 2017 10:42:23 +0000 (17:42 +0700)]
Bug 18400 - Noisy warns in opac-search.pl during itemtype sorting (16.11)

7 years agoBug 18830: Fix phrasing of screen message
Colin Campbell [Tue, 20 Jun 2017 15:35:35 +0000 (16:35 +0100)]
Bug 18830: Fix phrasing of screen message

Verb should be plural in this message

Signed-off-by: Israelex A Veleña for KohaCon17 <israelex19@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 8a0ecda6c4ff368b9ff7a18593d7bdf4fc07e541)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 5bbb863147959471a1a11e019eb18007c5c78583)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 14572 - insert_single_holiday() forces a value on an AUTO_INCREMENT column, durin...
Rodrigo Santellan [Wed, 21 Jun 2017 18:40:43 +0000 (15:40 -0300)]
Bug 14572 - insert_single_holiday() forces a value on an AUTO_INCREMENT column, during an INSERT

Removing all the id from the columns on the inserts and removing the
parameter '' of the values for the id.

Test plan:
1) Go to tools -> calendar
2) Add a Holiday only on this day.
3) Add a Holiday repeated every same day of the week.
4) Add a Holiday repeated yearly on the same date.
5) Add a Holidays on a range.
6) Add a Holidays repeated yearly on a range.
7) You should have the five calendars displayed.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit b94b16f67963b03fd17170d2c2f2efa581c12c0f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 9efe6332901e081cb7f7fc0a510449b697da4ce4)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18755: Allow empty passwords in Patron Info to return OK
Colin Campbell [Thu, 8 Jun 2017 11:59:55 +0000 (12:59 +0100)]
Bug 18755: Allow empty passwords in Patron Info to return OK

With this patch a parameter 'allow_empty_passwords="1" can be added to a
login in the SIP configuration file to allow the behaviour as was normal
before the patch for bug 16610 was applied. Some sip clients rely on
this behaviour sending an empty password field when they wish to
validate to user but do not have the password.
If a password is supplied it will be validated

A test has been added to Message.t to confirm this behaviour

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ebb887e5c93c96c6fc51d95b76de6a221ba4463e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 459c144f2a54f4b1ddeb9e7595030107e821d2b2)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18771: CGI.pm: Subroutine multi_param redefined
Mark Tompsett [Fri, 9 Jun 2017 17:01:14 +0000 (13:01 -0400)]
Bug 18771: CGI.pm: Subroutine multi_param redefined

The commands in the test plan are examples, and may need varying
depending on your installation. This was created as a result
of attempting to clean the installation process up. However,
I believe the redefine might exist normally too. I just didn't
check. This is tested on a Debian 8 box sudo apt-get update'd
fully.

TEST PLAN
---------
empty error log
$ echo > ~/koha-dev/var/log/koha-error_log

drop and recreate and empty db
> drop database koha_library;
> create database koha_library;
> quit

run the web installer, but DO NOT LOG IN!
*opening chrome to Staff Client URL*

check the error log
$ less ~/koha-dev/var/log/koha-error_log
...
[Fri Jun 09 13:08:52.793627 2017] [cgi:error] [pid 5802] [client 192.168.71.101:58169] AH01215: [Fri Jun  9 13:08:52 2017] CGI.pm: Subroutine multi_param redefined at /usr/share/perl5/CGI.pm line 419.
...

apply patch

empty error log
$ echo > ~/koha-dev/var/log/koha-error_log

refresh the installation login page

recheck the error log
$ less ~/koha-dev/var/log/koha-error_log

notice no reference to "Subroutine multi_param redefined"

run koha qa test tools

Notice that it is just a require CGI; and comment added.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18634: Handle colliding translation for preference sections
Marcel de Rooy [Wed, 14 Jun 2017 13:37:55 +0000 (15:37 +0200)]
Bug 18634: Handle colliding translation for preference sections

Problem on this report was caused by translating the tabs Privacy
and Payments by the same string. This caused overwriting a hash entry.

This patch tests if the key already exists and if so, it merges the
entries instead of overwriting the old contents.

Test plan:
[1] Make sure that e.g. Privacy and Payments translate to e.g Vie privee.
[2] Run translate install fr-CA (or the language you altered)
[3] Without this patch you should loose preferences from either Privacy or
    Payments. With this patch, they should be merged.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested with fr-CA.

Signed-off-by: Blou <philippe.blouin@inlibro.com>
Reset the .po files, reproduced the problem.  Applied the patch and suddenly 'paypal' appeared.

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0d98089ec701bc96893e68408ce2dedad36f7235)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7bcad818744b11180b2b2c31a5dda8d51552b862)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18756 - add Unit Test
Fridolin Somers [Wed, 14 Jun 2017 10:33:25 +0000 (12:33 +0200)]
Bug 18756 - add Unit Test

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18756: Users can view aq.baskets even if they are not allowed
Christophe Croullebois [Thu, 8 Jun 2017 13:17:56 +0000 (13:17 +0000)]
Bug 18756: Users can view aq.baskets even if they are not allowed

Due to bad use of grep syntax if there is one or more Basket Users the result of grep is not equal to 0 and the borrower is allowed.

Test plan :
1- select system preference 'AcqViewBaskets' on 'user'
2- create 2 borrowers (A, B) with only permissions on acquisition :
group_manage
order_manage
order_receive
staff
3- login with A and create a basket
4- add a basquet manager other than B
5- relog with account B
6- you can see the basket

Apply the patch.
The basket is no longer visible.
1- relog with A
2- add basquet manager B
3- relog with B
5- you must see the basket

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18214: Add check for shared or public list
Marcel de Rooy [Thu, 22 Jun 2017 06:55:16 +0000 (08:55 +0200)]
Bug 18214: Add check for shared or public list

Following the idea behind bug 10865, we are only showing the permissions
when the list is shared or public.
Adding a simple test in opac-shelves here.

Note 1: Since the owner can always add or delete entries, the permissions
will not be relevant anymore for a strictly private list.

Note 2: Staff view always shows the permissions. This could have been
changed here too, but that change is far less urgent (bug 10865 did not
touch staff view and bug 18228 will rearrange permissions anyway).

Test plan:
[1] Verify on OPAC that you see the permissions for a private list with
    shares or a public list. And you do not see them for a private list
    without shares.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18214: Cannot edit list permissions of a private list
Marcel de Rooy [Mon, 6 Mar 2017 08:44:48 +0000 (09:44 +0100)]
Bug 18214: Cannot edit list permissions of a private list

If you have disabled the pref OpacAllowPublicListCreation, your users are
not able to edit the list permissions for private/shared lists.
For a private list they may only be theoretically relevant, but for a shared
list they are relevant.
Since we do not always know the history of a list (has it been public or
shared, does it contains entries from other users) and therefore permissions
are even relevant for a currently private list, we should just allow editing
these permissions.

Test plan:
[1] Do not yet apply this patch.
[2] Disable OpacAllowPublicListCreation.
[3] Create a private list in OPAC. Edit the list. Verify that you do not
    see the permission combo boxes.
[4] Apply this patch. Edit the list again. Do they appear now?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised.
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoUpdate mailmap - Jonathan Druart
Jonathan Druart [Wed, 21 Jun 2017 15:41:22 +0000 (12:41 -0300)]
Update mailmap - Jonathan Druart

I do not longer work at biblibre

(cherry picked from commit 2702b4688e31e62fb6851b7979dc56011d38ce89)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit bb14ce9d657f2a30621a0a6465809cef1f820f3c)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18800: Patron card images: Add some more explanation to upload page and fix small...
Marc Véron [Wed, 14 Jun 2017 09:10:56 +0000 (11:10 +0200)]
Bug 18800: Patron card images: Add some more explanation to upload page and fix small translatabiity issue

The file
koha-tmpl/intranet-tmpl/prog/en/modules/help/patroncards/image-manage.tt
has a small translatability issue (sentence splitting by html tags).

This patch fixes it and adds a little bit more explanation about
uploading, using and replacing such images.

To test:
- Verify that text changes make sense
- Apply patch
- Go to Home > Tools > Patron card creator > Images and verify
  that the page displays properly

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 053fbaf9267cce79ba80d23389b26f46a91111f8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e5ad6741bac0996d635c61ea2b3aee403c46954e)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18697: Final polishing
Marcel de Rooy [Wed, 31 May 2017 14:19:35 +0000 (16:19 +0200)]
Bug 18697: Final polishing

GetFictiveIssueNumber:
Returns undef instead of 0 for irregular frequencies. Also added to POD.
Removed unused variable $wkno.
Adding a return makes the if(unit) unneeded.
Replaced (a+b)/b by 1+a/b.

_delta_units:
Added a comment about its parameters.

GetFictiveIssueNumber.t:
Adjusted the tests for irregular frequencies accordingly.

Test plan:
[1] Run t/db_dependent/Serials/GetFictiveIssueNumber.t
[2] Run t/db_dependent/Serials/GetNextDate.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>