Bug 38342: Pass the value to exception to avoid warnings
This patch makes the exception on bad enum values in Koha::Object->store
not print a warning in the event of stringifying the exception.
To test:
1. Run:
$ ktd --shell
k$ prove t/db_dependent/Koha/Booking.t
=> FAIL: You get this warnings:
```
Use of uninitialized value in sprintf at /kohadevbox/koha/Koha/Exceptions/Object.pm line 84.
```
2. Apply this patch
3. Repeat 1
=> SUCCESS: No more uninitialized values warnings
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Owen Leonard [Fri, 30 Aug 2024 17:35:06 +0000 (17:35 +0000)]
Bug 30699: Fix various HTML validity errors in staff interface templates
This patch fixes several HTML validity issues in various staff
interface templates. Most of these changes won't be visible in the
interface.
- Advanced search:
- Remove stray </a> tags
- Fix duplicate IDs by adding loop.index to repeated dropdown menus
- Circulation
- Fix mismatched label and form field id in checkouts table footer
- Fix mismatched label and form field id claim returned modal
- Remove invalid href attribute from button in claim returned modal
- Wrap relatives' checkouts tab in conditional so that panel doesn't
appear when tab has been hidden
- Fix duplicate id attributes in patron messages-related markup
- Remove redundant class attribute from patron messages-related markup
- Acquisitions -> Vendor -> Basket -> Add to basket -> From staged file
- Remove invalid "size" attribute from hidden form fields
- Circulation -> Holds awaiting pickup
- Fix mismatched label and form field id
- Patron -> Accounting -> Pay fine -> Submit cash amount higher than the
charge
- Remove invalid href attribute from button in confirmation modal
- Fix errors in tab markup WRAPPERs in html_helpers.inc to prevent
mismatched aria-labelledby attributes
- Footer language selector:
- Fix markup to correct errors in aria-controls
- Remove invalid href attribute from cookie consent modal
Sponsored-by: Athens County Public Libraries Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Lari Taskula [Wed, 2 Oct 2024 18:44:27 +0000 (18:44 +0000)]
Bug 35126: Remove onload from opac-addbybiblionumber.pl
To test:
Case a) Adding to a new list
1. Enable virtualshelves system preference
2. Search for any record and click it
3. On the right hand side of record view, click "Save to your lists"
4. A new pop up opens.
5. Under "Add to a new list", give any name to the list
6. Under "Add to a new list", click "Save"
7. Observe popup closing
8. Observe record view page reloading
Case b) Adding to an existing list
1. Enable virtualshelves system preference
2. Search for any record and click it
3. On the right hand side of record view, click "Save to your lists"
4. A new pop up opens.
5. Under "Add to a list", select an existing list
(it can be the same as the one you created in case a, it does not matter here)
6. Under "Add to a list", click "Save"
7. Observe popup closing
8. Unlike case a, observe record view page NOT reloading
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Phil Ringnalda [Fri, 1 Nov 2024 19:33:32 +0000 (12:33 -0700)]
Bug 38329: Remove orphan confirm_deletion() in supplier.tt
The JavaScript function confirm_deletion() in supplier.tt has either
been an unused orphan since bug 28082 two years ago, or since the switch
from YUI to Bootstrap 12 years ago. Doesn't matter which, nothing calls
it, and if it was called, it would fail by trying to GET with
op="delete" rather than POST with op="cud-delete".
Test plan:
1. Acquisitions - New vendor, enter a name and Save
2. Click the name of your new vendor, so your URL is at supplier.pl
3. Click Delete vendor to verify that deleting still works without this
unused code which would fail
Sponsored-by: Chetco Community Public Library Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Ewa Gozd [Tue, 5 Nov 2024 10:31:47 +0000 (10:31 +0000)]
Bug 38283: fixed wrong ending tag in patron search modal
Fixed mis-matched a/button tags on "Close" button.
To test:
- Apply patch
- In staff interface: Go to acquisitions > suggestions
- Create a new suggestion
- Click on "Set to patron"
- Verify the close button in the modal looks correct and works
Signed-off-by: Jan Steinberg <jan.steinberg@gesis.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Bug 37863: Fix checking if a patron is already in the list adding users to a patron card batch
If the patron is already in the card batch it won't add it and it will show an error message
Test plan:
1 Create or edit an patron card batch
2 Try adding twice or more the same patron. It will show a success message everytime and you will end up with the same patron several times in the card batch
3 Apply patch, restart services
4 Repeat step 2. The first time you click on add user, it will do it and show the success message (Patron 'Patron name' added.), but after that it won't add the user and it will display an error message (Patron 'Patron name' is already in the list.)
Jonathan Druart [Thu, 31 Oct 2024 14:12:54 +0000 (15:12 +0100)]
Bug 38312: Do not hide patron search form behind the fixed header
On the patron search form (/members/members-home.pl) if you open the
patron search form *from the header search*, part of the form will be
hidden behind the fixed header (the one with the select/clear, actions)
Before: https://snipboard.io/oF2gBA.jpg
After : https://snipboard.io/QqMiRH.jpg
Using z-index: 1000 as the header as 999
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Martin Renvoize [Mon, 17 May 2021 16:14:16 +0000 (17:14 +0100)]
Bug 28294: Remove updateWrongTransfer
This patch removes the last remaining use of updateWrongTransfer and the
method itself.
We replace it with a call to request_transfer that passes the 'replace'
reason of 'WrongTransfer' through to Koha::Item::Transfer->cancel.
Test plan
1/ git grep updateWrongTransfer to confirm there are no more uses of the
method.
2/ Confirm an incorrect transfer still behaves as expected at
circulation returns.
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Tue, 29 Oct 2024 14:01:05 +0000 (14:01 +0000)]
Bug 38287: Add missing rule_value access
Test plan:
1) Access circuation rules:
http://localhost:8081/cgi-bin/koha/admin/smart-rules.pl
2) Scroll down to "Default checkout, hold and return policy". Enter nothing. Hit 'Save'.
3) Notice on page reload there is a Koha:: object on the bookings inputs
4) Save again -> ERROR
5) Apply patch. Repeat.
Signed-off-by: Sam Sowanick <sam.sowanick@corvallisoregon.gov> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Marcel de Rooy [Fri, 4 Oct 2024 09:04:18 +0000 (09:04 +0000)]
Bug 37365: (QA follow-up) Add borrowernumber to referrer url
Since we post to add_message, we need to ensure that the
borrowernumber is added to the referrer url. This 'tric' is
already done there for another form.
Test plan:
See original plan.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Tue, 5 Nov 2024 15:15:46 +0000 (15:15 +0000)]
Bug 38359: Update css class
col-sm-offset-* no longer exists in bootstrap 5 and we should use offset-sm-* instead
Test plan:
1) Enable ILLModule sys pref
2) Attempt to create a new ILL request:
http://localhost:8081/cgi-bin/koha/ill/ill-requests.pl?method=create&backend=Standard
3) Notice there is no left offset (as was before bug 35402
4) After creating the request, see the detail page:
http://localhost:8081/cgi-bin/koha/ill/ill-requests.pl?op=illview&illrequest_id=1
5) Verify same issue happens here.
6) Apply patch. Repeat test plan.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Bug 35987: Fix broken See highlighted items below link
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Test plan with KTD:
- Issue a couple of items to a patron, and make sure one of them is
overdue.
- Make sure "Always show checkouts automatically" is not checked
- Reload the page
- Click on the link in "Overdues: Patron has ITEMS OVERDUE See
highlighted items below"
- Nothing happens
- Apply the patch, restart_all, reload the "Check out" page for the
patron
- Click on the link again, and the active loans should be shown
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Phil Ringnalda [Fri, 1 Nov 2024 16:13:50 +0000 (09:13 -0700)]
Bug 38325: Cannot delete invoice while viewing it
The link to delete while viewing an individual invoice needs to be updated to
use submit-form-link so it can POST with op='cud-delete'.
Test plan:
1. Home - Acquisitions, click Search with an empty Vendor: input
2. Click Receive shipments, enter a number in the Vendor invoice input,
click Next
3. In the left sidebar, click Invoices, click Search without any parameters
4. In the row for your invoice, click the invoice number link
5. Next to the Save button, click the Delete link, click OK in the
confirmation alert
6. You'll see the page reload, and the URL change to include ?op=delete,
but your invoice remains undeleted.
7. Apply patch, reload the page
8. Click Delete, click OK in the confirmation alert
9. Click Search with no parameters, just to make sure the message about
"Sorry, but there are no results for your search" really truly means
that your invoice was deleted and now you don't have any invoices
Sponsored-by: Chetco Community Public Library Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Thu, 31 Oct 2024 13:41:19 +0000 (14:41 +0100)]
Bug 30397: Remove duplicate entry from length menu of patrons search
If you have 20 in PatronsPerPage, there will be two 20 entries in the
length menu of the patrons search.
jQuery.unique is stupid it seems, it requires the array to be sorted (?)
let x = [1, 2, 1, 2]
jQuery.unique(x);
Array(4) [ 1, 2, 1, 2 ]
x = [1, 1, 2, 2]
jQuery.unique(x);
Array [ 1, 2 ]
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Phil Ringnalda [Fri, 1 Nov 2024 02:44:35 +0000 (19:44 -0700)]
Bug 38309: Cannot delete additional fields
Deleting an additional field tries to do a GET of ?op=delete... which no
longer works with CSRF protection. It needs to be a POST with op=cud-delete.
Test plan:
1. Administration - Additional fields, click any table name
2. New field, fill in a name and Save
3. In the row for your field, click Delete
4. You have a blank page
5. Apply patch, click the browser Back button, refresh the page
6. In the row for your undeleted field, click Delete
7. Your field is deleted
Sponsored-by: Chetco Community Public Library Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Thu, 1 Aug 2024 18:01:25 +0000 (18:01 +0000)]
Bug 37550: CheckItemPreSave should run barcodes through barcodedecode
In Koha::Item we run a barcode through barcodedecode before any save.
We should do the same when checking barcodes to avoid a duplicate error
when the barcode is cleaned before it is written to the DB
To test:
1 - Follow previous test plan
2 - Note that after this patch is applied there is no exception
All items are skipped as duplicate barcodes
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Thu, 1 Aug 2024 18:00:57 +0000 (18:00 +0000)]
Bug 37550: Unit test for CheckItemPreSave
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Thu, 1 Aug 2024 17:37:35 +0000 (17:37 +0000)]
Bug 37550: Move item check after error handling
To test:
1 - Grab the sample file on this bug report
2 - perl misc/migration_tools/bulkmarcimport.pl -b --file=spaceditems.pl -v
3 - An exception for 'Duplicate ID' is thrown and script dies
4 - Apply patch
5 - run script again
6 - The script finishes, no items are added, but record is
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
When using a direct link to a news (koha.url/cgi-bin/koha/opac-main.pl?news_id=XXX), the link is broken if the news is expired.
Formerly, a using AdditionalContent->get( id => "my_news_id") on an
expired news was returning a news, and calling get without id was
returning all news but the expired ones.
This patch adds tests to check this behaviour by adding one expired news and performing following new tests:
1 - It may not be returned by AdditionalContent.get()
2 - It must be returned by AdditionalContent.get() using its id
This patch fixes the behaviour by addind the new behaviour or
AdditionalContent.get:
1 - Any news must be returned by AdditionalContent.get() using its id;
TEST PLAN:
1 - Apply patch
2 - Remove the changes made to Koha/AdditionalContents.pm
3 - Run tests -> one test must fail
4 - Create a news with a expired expiration date, notice the id of the
news in the url of the modification panel
5 - Go to "opac.url/cgi-bin/koha/opac-main.pl?news_id=MY_ID" -> notice
it does not work
6 - Reapply the whole patch
7 - Run test -> all test must pass
8 - Go to "opac.url/cgi-bin/koha/opac-main.pl?news_id=MY_ID" -> notice
it does work now
Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch replaces the call to ModItemTransfer in circ/returns.pl with
a call to Koha::Item->request_transfer and
Koha::Item::Transfer->transit.
Test plan
1) Set 'AutomaticItemReturn' to "Don't"
2) Check an item in at a location other than it's 'home' or 'holding'
branch
3) Note you should be asked a about returning the item to another branch
4) Opting to not proceed should NOT result in a row in the
branchtransfers table
5) Option to proceed (either with a print slip or just 'OK') should
result in a branchtransfer from the current checkin branch to the
home or holding branch depending on the circulation rules.
5a) The item should be marked as immediately in transit in, i.e. the
'datesent' set to today.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Emmi Takkinen [Mon, 28 Oct 2024 10:03:26 +0000 (12:03 +0200)]
Bug 38257: Do not use js_includes.inc in two different files
Downloading cart didn't work because js_includes.inc file
was included both in basket.tt and intranet-bottom.inc.
This patch removes related codeline from basket.tt.
To test:
1. Search for items and add one or more search results to your cart.
2. Open cart.
3. Attempt to download items from your cart.
=> Either nothing happens.
4. Apply this patch, restart services if needed.
5. Again attempt to download.
=> Download menu should now work as expected.
Sponsored-by: Koha-Suomi Oy Signed-off-by: Sam Sowanick <sam.sowanick@corvallisoregon.gov> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Emmi Takkinen [Thu, 24 Oct 2024 11:57:46 +0000 (14:57 +0300)]
Bug 38257: Fix cart pop up functionalities
Almost all functionalities in cart pop up were broken
due changes made in bug 37033. Also following errors
were displayed in browsers console:
> Uncaught TypeError: antiClickjack is null
> Uncaught TypeError: $(...).dataTable is not a function
This happens because when 'intranet-bottom.inc' is loaded
after other .inc files in page.
To test:
1. Search for items and add one or more search results to your cart.
2. Open cart.
3. Attempt to use one or more functionalities (download, remove item etc.).
=> Either nothing happens or table is loaded again with no items in
table. However items are still displayed in cart when it's opened again.
4. Apply this patch, restart services if needed.
5. Again attempt to download, remove items, print etc. from cart
=> Everything should now work as expected.
Sponsored-by: Koha-Suomi Oy Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Bug 31224: Adapt GET /public/biblios/:biblio_id controller
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Bug 31224: Expand coded values using metadata_record in Server.pm
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Martin Renvoize [Tue, 18 Oct 2022 15:46:08 +0000 (16:46 +0100)]
Bug 31224: Update instances of metadata->record
We can now call metadata_record directly on the Koha::Biblio object.
This aptch updates all modules and controllers to use
Koha::Biblio->metadata_record directly where appropriate. The
exceptions are where we don't require any filtering or the filtering
makes sense to do after the initial fetch.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Martin Renvoize [Tue, 18 Oct 2022 15:44:39 +0000 (16:44 +0100)]
Bug 31224: Support 'interface' on metadata_record
We replace the 'opac' boolean with an 'interface' param here to allow
for ViewPolicy filtering depending on 'opac', 'intranet' or 'nothing'
being passed.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Martin Renvoize [Tue, 18 Oct 2022 15:25:35 +0000 (16:25 +0100)]
Bug 31224: Convert C4::Record::marcrecord2csv
Update marcrecord2csv to user RecordProcessor directly for embedding
listed items.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Bug 31224: Use metadata_record in opac-MARCdetail.pl
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch introduces a higher-level method for retrieving a 'prepared'
record for using in specific contexts. In particular, I only focused on
embedding item information and OPAC view filtering. But we could add a
way to get the record through the ViewPolicy also for staff.
The virtue of this patch is that it explains better than my words why I
think having the *embed_items* and *opac* parameters in
Koha::Biblio::Metadata->record is not ideal. And makes the other
implementation feel like is done at the wrong level.
I know it's been done like that to act as a drop-in replacement fro GetMarcBiblio,
which was a good first step. But we need to revisit how it is used, in general, to come
up with a more refined and useful design. So we do not port the same
design problems from C4::* into Koha::*.
Try to think how it would be used in contexts like opac-MARCdetail.pl or
any other OPAC controller script.
Thanks!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
David Cook [Tue, 20 Aug 2024 00:12:21 +0000 (00:12 +0000)]
Bug 22223: Add filter to make item URLs safe in template output
This change adds a "safe_url" filter which takes a text input and
returns a Perl URL object which stringifies to a safe URL.
This change is only needed in the OPAC as the staff interface
handles the item URL display using Javascript not Template Toolkit.
0. Apply patch and koha-plack --restart kohadev
1. Create an item for a record using the following URL
https://koha-community.org?url=https%3A%2F%2Fkoha-community.org
2. Go to the OPAC for that record and verify that the URL is
not double-escaped
3. Create a malicious payload (talk to QA/security team for this if necessary)
4. Note that the malicious payload is escaped
5. prove t/Koha/Plugins/SafeURL.t
6. Celebrate!
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Mon, 4 Nov 2024 11:32:34 +0000 (11:32 +0000)]
Bug 36822: (QA follow-up): Fix now time in tests
This is to prevent the scenario of tests failing if they take long to run, e.g.:
# Failed test 'updated_on correctly saved on newly created user'
# at t/db_dependent/Auth_with_shibboleth.t line 317.
# Structures begin differing at:
# ->[0] = '2024-11-04 11:20:13'
# ->[0] = '2024-11-04 11:20:14
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Fri, 25 Oct 2024 14:41:56 +0000 (14:41 +0000)]
Bug 36822: LDAP - Add discard_changes
Test plan:
1) Apply only LDAP rearrangement patch
2) Run that test file (to prove the rearrangement does not break tests):
$ prove t/db_dependent/Auth_with_ldap.t
3) Verify tests pass
4) Apply LDAP test patch on top
5) Run the test file. Notice it fails.
6) Apply this patch. Run LDAP tests again. Verify tests pass.
Co-authored-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Fri, 25 Oct 2024 14:38:09 +0000 (14:38 +0000)]
Bug 36822: LDAP - Rearrange Auth_with_ldap.pm so it picks up on mock config from test file
Without this rearrangement, C4::Context->config('useldapserver') is always 0.
It seems that because its inside a BEGIN block, the mock coming from .t file does not get picked up
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Fri, 25 Oct 2024 14:36:23 +0000 (14:36 +0000)]
Bug 36822: Shibboleth - Add discard_changes
Test plan:
1) Apply only Shibboleth tests patch
2) Run that test file:
$ prove t/db_dependent/Auth_with_shibboleth.t
3) Verify tests fail with the updated_on error message.
4) Apply this patch. Repeat 2) Verify tests now pass.
Co-authored-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Tue, 29 Oct 2024 11:12:04 +0000 (11:12 +0000)]
Bug 37872: Consider enable_plugins = 0 when fetching plugin backends
This patch builds on top of Andreas patch checking for Koha::Plugins->new() instead as the enable_plugins is already done there.
It also adds a check in reply to Joubu's observation, which is indeed an additional bug.
Test plan:
1) Apply tests patch. Run the tests. Notice it fails
2) Apply the remaining patches. Run the tests. Notice they pass.
Additional (and better) tests can be written, but for now I think this is good enough.
Additional tests should be written on top of bug 36197 (which adds a dummy ILL backend plugin for testing), at:
https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=36197&attachment=171371
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Andreas Jonsson [Mon, 9 Sep 2024 16:51:10 +0000 (16:51 +0000)]
Bug 37872: Add guards for enable_plugins
There are ILL-backends that are not implemented as
Koha plugins and does not require plugins to be enabled.
The 'new' method in Koha::Plugins returns undefined if
plugins are disabled. Therefore, calls to this method
must be guarded by a check that plugins actually are enabled.
Testplan for koha-testing-docker:
- Edit /etc/koha/sites/kohadev/koha-conf.xml and disable plugins by
setting <enable_plugins>0</enable_plugins>
- sudo koha-mysql kohadev -e "UPDATE systempreferences SET value='1' WHERE variable='ILLModule';"
- Run restart_all.
- In staff interface, go to About koha -> System information. The page
should load normally (as opposed to returning 500 internal server
error).
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Owen Leonard [Wed, 30 Oct 2024 17:41:45 +0000 (17:41 +0000)]
Bug 38305: Can't delete or archive suggestions
This patch corrects JS on the suggestions page so that the delete,
archive, and unarchive controls work.
The patch also modifies the markup of the "Delete" button so that it is
consisten with other pages.
To test, apply the patch and go to the suggestions page in the staff
interface.
- Log in to the staff interface as a user with "suggestions_manage"
permission.
- If necessary, create a few suggestions to test with.
- From the table of suggestions, click the secondary menu on the "Edit"
button for one of the suggestions.
- Choose "Delete." You should get a confirmation dialog. Both the "OK"
and "Cancel" options should work as expected.
- Choose "Archive." There won't be a confirmation, and the title
should disappear from the list.
- To test whether the suggestion was archived, search for it using
the sidebar form, checking the "Include archived" checkbox. The
suggestion should show up in the list with an "Archived" label.
- Clicking the "Edit" secondary menu on the archived suggestion
should trigger a menu with an "Unarchive" option. Click that
and confirm that the suggestion is no longer archived.
- Now log in as a user with only "suggestions_delete" permission but not
"suggestions_manage"
- In the list of suggestions each title should have a "delete" button.
- Clicking the delete button should trigger a confirmation dialog.
Both the "OK" and "Cancel" options should work as expected.
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch acknowledges the fact this patchset changed the called method
`libraries_where_can_see_patrons` for `libraries_where_can_see_things`.
And as such the mock was not working.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Nick Clemens [Fri, 1 Nov 2024 11:35:04 +0000 (11:35 +0000)]
Bug 37392: (follow-up) Limit a borrower not in a group and fix tests
The previous patches took into account all the groups for a patron, but missed the case where a patron
didn't have permission to see outside their library, and their library is not in a group.
Code updated and a test added.
Other tests adjusted to ensure the feature to limit patrons was set in those groups.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Lucas Gass [Tue, 17 Sep 2024 17:35:46 +0000 (17:35 +0000)]
Bug 33462: DBIC schema update
Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sam Lau [Fri, 7 Jun 2024 19:26:51 +0000 (19:26 +0000)]
Bug 33462: (Follow up) Fix Perl Tidy
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sam Lau [Fri, 7 Jun 2024 18:44:54 +0000 (18:44 +0000)]
Bug 33462: Add ability to force password change for new patrons entered by staff
This patch attempts to force a password change for new staff created patrons.
This is done by setting the password_expiration_date to an expired date when
adding a new patron. This patch adds a new system preference
'ForcePasswordResetWhenSetByStaff' and a new column to the categories table
'force_password_reset_when_set_by_staff.
To test:
1) Apply patch, restart_all, updatedatabase, and also be sure to update schema.
2) Visit Administration->Sytem Preferences and search for 'EnableExpiredPasswordReset'.
Make sure this is set to enable. Now search for 'ForcePasswordResetWhenSetByStaff'.
This should be defaulted to 'Don't force'.
3) Keep that tab open and visit Administration->Patron categories. Click on edit
on the Board category. Noitce that there is a now a 'Force new patron password reset'
section. Notice that the by default, this is set to follow the
ForcePasswordResetWhenSetByStaff system preference (currently set to don't force).
Click on the dropdown and change it to 'Force'. Save changes
4) Click on the Patrons tab to visit members-home.pl and then click 'New Patron'.
Select on Patron. Fill in the required information and also enter a password.
5) Submit this form and notice that the patron's password expiration date is set
to never. This should be the case because the default for 'Force new patron
password reset' follows the sys. pref. which is still set to 'Don't force' (You
could have some expiry date in this step, but it should at least be set to a
date that is not expired. this depends on whether or not you have a defalut
password expiration date set in patron categories )
6) Log into the OPAC with this patron and notice it works as expected and log in
was successful.
7) Go back to the patron home page and click to add a new patron. This time select
'Board'. Once again fill out the required info, enter a password, and then save
the form.
8) Notice that for this patron, the password expiration date is set for today's
date. This is because we changed the setting for the 'Board' patron category to
force.
9) Log into the OPAC with this patron. You should be redirected to a page with an
error that says: "It's your first login! You need to reset your password." Click
on the reset password link below this message.
10) You should be sent to a page where you can reset your password. Fill in the
form and click 'Update password'. Attempt to sign into the OPAC with this new
password. Everything works as expected.
11) Go back to the staff interface and view this patron's detail page. Notice the
password expiration date is now set to what the default is in the patron
category.
12) Edit this patrons information and set their password expiration date to
yesterday. Go back to the OPAC and try to sign in with this patron again. Note
that this time, you are also redirected but the message says "Error: Your
password has expired!"
13) Go back to the staff interface and visit the sys. pref tab we left open. Set
it to the 'Force' option and save changes.
14) Visit the patron home page and click add patron, now select the patron
category again. Fill in required info and enter password. Submit form and note
that the patron's password expiration date is set to today. Try to login to
the OPAC with this patron, you should be redirected to the page with the error
that says "Error: It's your first login! You need to reset your password."
15) Sign-off :)
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sam Lau [Fri, 21 Jun 2024 17:51:56 +0000 (17:51 +0000)]
Bug 33462: Manual Schema Changes (define as boolean)
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Sam Lau [Thu, 6 Jun 2024 18:52:13 +0000 (18:52 +0000)]
Bug 33462: DB Updates
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
"$marc_isbn" is declared but not used at line 1179, column 5. Unused variables clutter code and make it harder to read.
"$marc_author" is declared but not used at line 1180, column 5. Unused variables clutter code and make it harder to read.
"$marc_title" is declared but not used at line 1181, column 5. Unused variables clutter code and make it harder to read.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Lucas Gass [Mon, 17 Jun 2024 16:41:37 +0000 (16:41 +0000)]
Bug 29079: Add author and publication details columns to holds queue
To test:
1. Apply patch, restart_all
2. Add some holds and run the holds queue builder.
3. Go to the holds queue.
4. You should see less information in the 'Title' field.
5. You should see an 'Author' column, make sure it is sortable and the data is correct.
6. You should see a 'Publication details' column, that should also be sortable. Make sure the data is correct.
7. Each column, and all other in the holds queue table, should be column configurable via Table Settings.
8. Make sure you hide/show columns via Table settings.
9. Make sure the data can be exported correctly via tha Export button.
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Tue, 29 Oct 2024 14:37:52 +0000 (14:37 +0000)]
Bug 38288: Fallback to Standard if FreeForm
A regular openURL works fine:
http://localhost:8080/cgi-bin/koha/opac-illrequests.pl?backend=Standard&title=Koha%20is%20cool&method=create&genre=article&openurl=1
Problem is existing third-party systems may be linking to Koha using FreeForm, not Standard
Test plan:
1) Access the OPAC URL from above.
2) Notice it works.
3) Replace the word 'Standard' with 'FreeForm'. It no longer works.
4) Apply patch. Repeat.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Fri, 25 Oct 2024 15:54:49 +0000 (15:54 +0000)]
Bug 38276: Add DOI to openURL
Test plan:
1) Enable ILLModule
2) Login on OPAC (if you haven't already)
3) Access the following openURL link:
localhost:8080/cgi-bin/koha/opac-illrequests.pl?atitle=Music%20in%20an%20Emergent%20History%20of%20Psychology.&aulast=Klempe%20SH&backend=Standard&cardnumber=kohaadmin&custom_field=example1&date=2024&doi=10.1007%2Fs12124-023-09778-9&genre=article&issn=19363567&issue=1&custom_field2=example2&method=create&opac=1&openurl=1&pages=1-11&spage=1&title=Integrative%20psychological%20%26%20behavioral%20science&volume=58
4) Notice the DOI is considered a custom field, and the actual DOI native field is not populated.
5) Apply patch. Repeat 4. Notice the native field is populated and is no longer a custom field entry.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Mon, 8 Jan 2024 16:56:06 +0000 (16:56 +0000)]
Bug 35725: Fix 'Create' button enabled/disabled
The previous patch fixed what it stated, but uncovered a new issue:
If you input a cardnumber + a branchcode and then change type, the 'Create' button becomes disabled
This happens because the trigger for it is on change only, the current patch updates this to also happen
on DOMContentLoaded.
Test plan:
1) Apply previous patch
2) Do steps from previous patch plan up to and including step 5)
3) Click 'Create'. Notice it doesn't submit (nothing happens).
4) Apply this patch and do a hard reload (clearing browser js cache)
5) Repeat steps 1) to 3). Notice it now submits correctly.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Mon, 8 Jan 2024 14:43:43 +0000 (14:43 +0000)]
Bug 35725: Keep cardnumber and library data when changing request type
Test plan:
1) Apply 35570
2) Enable ILLModule sys pref through UI, or run:
echo "update systempreferences set value = 1 where variable = \"ILLModule\";" | koha-mysql kohadev
3) Create a new Standard request, visit:
http://localhost:8081/cgi-bin/koha/ill/ill-requests.pl?method=create&backend=Standard
4) Input a cardnumber and/or set a library at the bottom under "Patron options".
5) Change the type (top of the form). Notice the data from step 4) is gone.
6) Apply patch. Repeat test plan and notice data is kept when changing request type.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Yanjun Li [Thu, 24 Oct 2024 20:51:12 +0000 (20:51 +0000)]
Bug 38020: Change form to submit link
To test:
1. Create a list in the staff interface
2. Go to lists
3. View the list
4. Click the Edit dropdown
5. Notice the two dropdown options for Edit list and Delete list have different formatting and look different
6. Apply patch
7. Try steps 1 through 4 again
8. The delete list button form looks right, and delete function works
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Matt Blenkinsop [Wed, 9 Oct 2024 15:00:33 +0000 (15:00 +0000)]
Bug 38132: Add data-isbn to shelfbrowser
This patch adds a data-isbn attribute to the shelfbrowser_cover container for use in plugins
Test plan
1) View the patch diff and confirm that the attribute has been correctly added
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Matt Blenkinsop [Wed, 30 Oct 2024 11:46:05 +0000 (11:46 +0000)]
Bug 38297: Add a permissions check to the New vendor button
Test plan:
1) Choose a staff patron and make sure they have permissions to log
into the staff interface
2) Ensure that the patron does not have the vendors_manage permission
but give them one other acquisitions permission so that they can see
the link on the homepage (e.g. budget_manage)
3) In an incognito browser, log in with that patron and go to the
acquisitions homepage
4) The New vendor button will be visible
5) Click on it and fill in the required fields. Submit the form and it
will error for lack of permissions
6) Apply patch
7) Return to the acquisitions page and the New vendor button should no
longer be visible
8) Back in your main browser, give the patron the vendors_manage
permission and then refresh the incognito window - the button should
be visible
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Wed, 30 Oct 2024 15:37:36 +0000 (16:37 +0100)]
Bug 38303: Set item's replacement price to defaultreplacecost if 0.00
No idea if this is a real bug. This code is fixing the following test
failure:
t/db_dependent/Circulation/CalcFine.t .. 1/7
# Failed test 'Amount is calculated correctly'
# at t/db_dependent/Circulation/CalcFine.t line 271.
# got: '0'
# expected: '6'
# Looks like you failed 1 test of 2.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Wed, 30 Oct 2024 15:55:34 +0000 (16:55 +0100)]
Bug 38304: Remove SaveState options for OPAC tables
On /admin/columns_settings.pl you can select the two options related to SaveState for the OPAC tables, but those tables do not show the filters and column filters. Also the work on bug 33484 is not implemented at the OPAC
Save configuration state on page change:
Save search state on page change:
We could remove those options for those tables to remove ambiguity.
Test plan:
Go the the table settings and open the "OPAC" tab.
Notice that the options are no longer displayed (but they are still for
the other tabs)
Modify some settings
Save and confirm the settings have been correctly saved.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
David Cook [Tue, 29 Oct 2024 23:10:22 +0000 (23:10 +0000)]
Bug 38293: (alternate) Fix setting branch-level JS and CSS
Test plan:
1. Apply the patch
2. Go to http://localhost:8081/cgi-bin/koha/admin/branches.pl?op=add_form&branchcode=CPL
3. Scroll to bottom of the page and click "Edit" then "Collapse" next
to Specific OPAC JS and Specific OPAC CSS
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Tue, 29 Oct 2024 13:41:19 +0000 (14:41 +0100)]
Bug 33188: Remove warning from Koha::Item->hidden_in_opac
"Use of uninitialized value in string eq"
Test plan:
prove t/db_dependent/Koha/Item.t
should return green
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: tidied the tests (tcohen) Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Wed, 16 Oct 2024 10:45:51 +0000 (10:45 +0000)]
Bug 35570: (QA follow-up): Update UNIMARC author to 200$f
Reworked the logic here a bit to ensure the following scenario for UNIMARC:
If both title and author exist, the result is:
200$aTitle$fAuthor
In the previous logic, it would become:
200$aTitle
200$fAuthor
I'm assuming the desired result is the former and not the latter.
Test following the same test plan, but try having only author, or only title, and verify that the resulted MARC data is as expected.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Wed, 16 Oct 2024 09:56:20 +0000 (09:56 +0000)]
Bug 35570: (QA follow-up): Fix DVD type
I've added some DVD specific fields: language, format, genre, studio.
Happy to have this discussed and/or updated but hoping this is good enough for now.
To test:
1) Create an ILL request of 'DVD' type on both OPAC and Staff
2) Verify the form is shown without issues
3) Fill all fields and verify all fields are stored and shown correctly on both OPAC and STaff
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch reverts making core field descriptions translatable. It was
an obvious move and a needed one. But it turns out our core templates
are using those keys ('Author' and 'Title' in particular) and as such
translating them would break display (at least in the OPAC). Without
this patch, the ILL requests table in the OPAC doesn't display the title
and author columns values (i.e. displays 'N/A' instead)
Added a FIXME in the code, and will file a bug soo we fix this properly.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Mon, 30 Sep 2024 10:08:44 +0000 (10:08 +0000)]
Bug 35570: (QA follow-up): Standard backend: Biblio creation: Add UNIMARC support
Add FreeForm UNIMARC enhancement from https://github.com/PTFS-Europe/koha-ill-freeform/commit/5d07c68f8058a9a1f35e3193699605240741ff0c into this work.
This is to keep this work up to date with latest FreeForm's work.
To test, k-t-d:
1) (Skip if using sandboxes) Start off by ensuring this is a UNIMARC installation, run:
$ reset_all_unimarc
2) (Skip if using sandboxes) Apply this bug 35570
3) Create a new Standard ILL request:
<staff_url>/cgi-bin/koha/ill/ill-requests.pl?method=create&backend=FreeForm
4) Select type: book, input different values for title+author+isbn (the remaining fields are optional
for this test)
5) Put in a cardnumber ('42' is kohaadmin if k-t-d/sandboxes). Select any library.
Click 'Create'.
6) You should now see the ILL request details page. Click on the
'Bibliographic record ID' link.
7) Ensure the newly created biblio record has the title+author+isbn from
the metadata originally submitted.
Raised by Sonia Bouis at KohaCon's 2024 ILL workshop
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Thu, 7 Mar 2024 11:19:39 +0000 (11:19 +0000)]
Bug 35570: (QA follow-up): Standard backend: Fix OPAC CSRF
Add FreeForm CSRF fix from https://github.com/PTFS-Europe/koha-ill-freeform/commit/6a37ce0daba8aab13130dacd055c9ca5876b7df4 into this work.
This is to keep this work up to date with latest FreeForm's fixes.
The test plan to demonstrate the issue this patch fixes:
Test plan, k-t-d:
1) Install FreeForm, enable ILL module, run:
bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev.sh)
2) You'll have to switch the FreeForm branch to the one compatible with this work, i.e.:
cd /kohadevbox/koha/Koha/Illbackends/FreeForm
git checkout b_36243
3) Restart plack:
koha-plack --restart kohadev
4) Go to OPAC ILL requests, login and visit:
<opac_url>/cgi-bin/koha/opac-illrequests.pl
5) Click "Create new request"
6) Change the 'type'. Notice you get a 403 error. Logs say:
Programming error - op 'add_form' must start with 'cud-' for POST
7) Apply patch. Restart plack. Repeat 6)
8) Notice the change type works as expected. Click "Create".
9) Notice the request is created as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
projects / koha.git / log