]> git.koha-community.org Git - koha.git/log
koha.git
7 years agoBug 18624: Run time errors when searching authorities with Elastic search 5.3
Nick Clemens [Fri, 16 Jun 2017 13:53:39 +0000 (09:53 -0400)]
Bug 18624: Run time errors when searching authorities with Elastic search 5.3

It seems we have a syntax mismatch - any vs all

all seems to the be list we expect so updating code that way

To test:
1 - Enabled Elasticsearch
2 - Index some authorities
3 - Perform a 'Search entire record' search
4 - Internal server error (
        Invalid marclist field provided: all at
        /usr/local/koha/Koha/SearchEngine/Elasticsearch/QueryBuilder.pm
        line 433.
        )
5 - Run:
    $ sudo koha-shell kohadev
   k$ cd kohaclone
   k$ prove t/db_dependent/Koha/SearchEngine/Elasticsearch/QueryBuilder.t
=> FAIL: Tests fail because 'any is used'
6 - Apply patch
7 - Search should work
8 - Run:
   k$ prove t/db_dependent/Koha/SearchEngine/Elasticsearch/QueryBuilder.t
=> SUCCESS: Tests pass!
9 Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edited the test plan so it mentions the new tests

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit cfb52579ec2f8859226e0e40f66d5a6d7a2ed73f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18624: Regression test for 'any' vs 'all'
Tomas Cohen Arazi [Mon, 7 Aug 2017 19:09:56 +0000 (16:09 -0300)]
Bug 18624: Regression test for 'any' vs 'all'

This test makes it explicit that the only string producing _all as index on build_authorities_query_compat is 'all'.
To test:
- Apply this patch
- Run:
  $ sudo koha-shell kohadev
 k$ cd kohaclone
 k$ prove t/db_dependent/Koha/SearchEngine/Elasticsearch/QueryBuilder.t
=> FAIL: Test fails because the list of valid values is wrong in Koha.

Note: this list has to be in sync with the templates passing the same values. A followup will be added
to fix a discrepancy found between OPAC and Intranet.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit b308b0814bcd149e3f899058e693938d982bb425)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18624: Minor refactoring to ease testing
Tomas Cohen Arazi [Mon, 7 Aug 2017 19:07:40 +0000 (16:07 -0300)]
Bug 18624: Minor refactoring to ease testing

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ff41b87302c1b242f9edd7b2e8c253bd18b57ac1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 16976 - Unit tests
Nick Clemens [Fri, 7 Jul 2017 17:55:50 +0000 (17:55 +0000)]
Bug 16976 - Unit tests

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 07c0d968b70421852ac4915633fa7f3cbd0d18cd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 16976 - Authorities searches with double quotes gives ZOOM error 20003 [Alternate]
Nick Clemens [Fri, 16 Jun 2017 10:36:22 +0000 (06:36 -0400)]
Bug 16976 - Authorities searches with double quotes gives ZOOM error 20003 [Alternate]

I dug into this a little bit, it seems the issue is that we were double
processing the query because of an extra call to
C4::AuthoritiesMarc::SearchAuthorities

I think we can simply remove this call

To test:
1 - Perform an authority search for a value that returns results
2 - Wrap it in quotes and search
3 - 'Internal server error'
4 - Apply patch
5 - Search with quotes succeeds

https://bugs.koha-community.org/show_bug.cgi?id=16796

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9c8a04acb05466356fec8e9d6d13183295719c7d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18331: POST_CHOMP everywhere!
Jonathan Druart [Mon, 14 Aug 2017 13:26:48 +0000 (10:26 -0300)]
Bug 18331: POST_CHOMP everywhere!

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3c6168d37436b7312e130f796d47271ff2de77cf)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18331: Followup - fix path to orders_by_budget csv header
Josef Moravec [Tue, 8 Aug 2017 08:23:57 +0000 (08:23 +0000)]
Bug 18331: Followup - fix path to orders_by_budget csv header

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 14484ba4234fd1cbb925b5f3a4844da863c65d5a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18331: Followup - Fix CSV export (once and for all!)
Lee Jamison [Fri, 4 Aug 2017 19:27:22 +0000 (19:27 +0000)]
Bug 18331: Followup - Fix CSV export (once and for all!)

Follow-up on Comment 21 to correct the empty_line.inc
include in basket.tt

https://bugs.koha-community.org/show_bug.cgi?id=18331

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 2ee4e0ac381ed23fa23b1117725b2f6a0e0db4de)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18331: Force tt to insert newline to empty_line.inc
Marc Véron [Thu, 3 Aug 2017 15:50:30 +0000 (17:50 +0200)]
Bug 18331: Force tt to insert newline to empty_line.inc

See end of comment #4 and IRC:
http://irc.koha-community.org/koha/2017-08-03#i_1958062

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit a10e5383016a5cb4117719ac858cbe02a53e457b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18331: Fix CSV export (once and for all!)
Jonathan Druart [Mon, 12 Jun 2017 20:04:47 +0000 (17:04 -0300)]
Bug 18331: Fix CSV export (once and for all!)

I am going to try and explain the problem here in order to make it a
have-to-read for next changes.

There are several things to test when and most of the time we break
something when we try to fix something else.

You have to test different CSV export, not only one. There are not all
processed the same way. For instance acqui/csv/basket.tt does not
contain any strings to translate and the translate script will copy the
original file as it.
But reports/csv/orders_by_budget.tt will not! Indeed it contains "TOTAL"
which will be translated. The generated tt file for the translated
language will remove all the carriage returns! That's why we cannot rely
on TT for newlines (contrary to bug 16914 assumption).

There are two possible methods:
1/ Fix the translate script
=> Hum... nope
2/ Remove all carriage returns and make them explicit by including an
file that only contains 1 carriage return

This second method is implemented in this patch.

How it works: Use the PRE_CHOMP "[%-" and POST_CHOMP "-%]"
(http://www.template-toolkit.org/docs/manual/Config.html#section_PRE_CHOMP_POST_CHOMP)
to remove all the newlines that could be added by TT in the original
(en) files. Then include the new_line.inc to add a new line.
That way original and translated files will behave the same way.
The BLOCK in the csv_headers avoid to have the newlines added, in any
cases. For instance: by default we will have an empty line at the end of
the headers, but the translated headers will not have it.

Test plan:
At least 2 signoffs will be needed, please test carefully!
You will need to generate CSV with at least 2 entries!
Test with the non-translated interface (en) and with the language you
want. To test with a translated language you will *have to*:
- cd misc/translator
- perl translate update LANG
- manually edit the po file, remove the fuzzy tags, correctly translate
the string (do not forget the additional %s in the headers)
- perl translate install LANG
1/ Export basket and basketgroup as CSV
2/ Export late orders as CSV
3/ Export items (from the item search) as CSV
4/ Export the 2 reports "Orders by fund" and "Cash register" as CSV

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 8403799c7212349bee70090249e3425afd62423b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18996 [QA Followup] - Fix some minor whitespace issues
Kyle M Hall [Fri, 18 Aug 2017 04:45:41 +0000 (04:45 +0000)]
Bug 18996 [QA Followup] - Fix some minor whitespace issues

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1262962a7d22b9c9b712025c5220033356c857e0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18996: [QA Follow-up] Remove global variables from Message.t
Marcel de Rooy [Wed, 2 Aug 2017 11:01:47 +0000 (13:01 +0200)]
Bug 18996: [QA Follow-up] Remove global variables from Message.t

As per request of Colin in comment18, this patch makes the use of global
variables in Message.t no longer needed.
The three subtests are now completely independent and could well be moved
to separate test scripts.

Note: Strictly speaking, the use of global (package) variables could
potentially introduce new bugs (e.g. if the value is modified outside the
script). This seems not to be the case here, but we are safe now.

Test plan:
Run the test again.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 37d07b28ce4089f691631bde3f6e9a2fe7b81b10)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18996: Add checkin subtest in SIP/Message.t
Marcel de Rooy [Sat, 29 Jul 2017 11:38:31 +0000 (13:38 +0200)]
Bug 18996: Add checkin subtest in SIP/Message.t

Variable $branch was not used.
Promoted some global vars to our.
Shared the branchcode between all three subtests now.
The third subtest contains all six cases mentioned in the first patch.

Test plan:
Run t/db_dependent/SIP/Message.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 2490401be149d825108fc9c9f8bf556e64e2323d)

7 years agoBug 18996: Resolve an uninitialized warning from ILS/Item.pm
Marcel de Rooy [Tue, 1 Aug 2017 12:10:56 +0000 (14:10 +0200)]
Bug 18996: Resolve an uninitialized warning from ILS/Item.pm

From the syslog call on line 107/108. The field $item->{title} has not
been initialized. When catching the warns in a test script with Test::Warn,
I got:
    Use of uninitialized value $args[1] in sprintf at /usr/lib/x86_64-linux-gnu/perl/5.20/Sys/Syslog.pm line 423.

This simply resolves the warning. We might have a closer look to this title
field on another report though.

Test plan:
Run Message.t from the next patch without this fix. It will fail since the
additional warning makes warnings_like return false.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 66a7565995c00495fe670c809d9c7cf0c900fc7f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18996: Handle data corruption from old_issues at SIP checkin
Marcel de Rooy [Fri, 28 Jul 2017 08:29:51 +0000 (10:29 +0200)]
Bug 18996: Handle data corruption from old_issues at SIP checkin

As per bug 18966 AddReturn returns false with a DataCorrupted message
when the issue_id at hand already occurs in the old_issues table.
This should be handled when returning an item via SIP too. SIP should
not pretend that the checkin was successful, since this item needs
special care.

The following six different situations are handled:

[1] An attempt to checkin an invalid barcode is handled as before. The
ok flag is false; the screen message shows 'Invalid Item'.
[2] We receive a DataCorrupted message: the alert type is set to the
unused 98 code to indicate this new error condition. The ok flag
is false; the screen message shows 'Checkin failed: data problem'.
[3] The item checked in was not checked out AND the option checked_in_ok
is active. The ok flag is set to true; no screen message.
[4] The item checked in was not checked out AND the option checked_in_ok
is not active. The ok flag is not changed (normally false); the screen
message shows 'Item not checked out'.
[5] (The regular checkin) The item was checked out and AddReturn returned
true. The ok flag is true; no screen message.
[6] ("Otherwise") The item was checked out, but AddReturn returned false.
The ok flag is false; the screen message shows 'Checkin failed'.
Note: Currently this case only refers to the Wrongbranch and withdrawn
messages from AddReturn (where doreturn==0).

Note: Situation 1 and 5 are unchanged. Behavior is slightly changed for
situation 3 and 4; the option is only used when the item was not checked
out. Situation 2 and situation 6 are changed. After bug 18966 SIP
returned OK in case of data corruption (while checkin failed). In the
remaining cases under [6] SIP also returned OK while checkin failed.

Test plan:
[1] Test all six cases listed above. In order to simulate data corruption
insert the issue_id at hand in old_issues before you check in.
In cases 3 and 4 you need to toggle the option in your SIPconfig.xml and
restart the SIP server.
Case 6 can be tested by checking out at branch A, adjusting the value
of pref AllowReturnToBranch and checking in at branch B.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 97ec4ae98c8792835717bf1de19f8782b7cb1994)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoIncrement version for 17.05.03 release v17.05.03
Fridolin Somers [Thu, 24 Aug 2017 07:38:56 +0000 (09:38 +0200)]
Increment version for 17.05.03 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoMerge remote-tracking branch 'translate/17.05.03-translate-20170824' into rm_170503
Fridolin Somers [Thu, 24 Aug 2017 07:34:54 +0000 (09:34 +0200)]
Merge remote-tracking branch 'translate/17.05.03-translate-20170824' into rm_170503

7 years agoTranslation updates for Koha 17.05.03
root [Thu, 24 Aug 2017 07:30:10 +0000 (04:30 -0300)]
Translation updates for Koha 17.05.03

7 years agoUpdate release notes for 17.05.03 release
Fridolin Somers [Thu, 24 Aug 2017 07:23:50 +0000 (09:23 +0200)]
Update release notes for 17.05.03 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoremove html notes of 17.05
Fridolin Somers [Thu, 24 Aug 2017 07:23:21 +0000 (09:23 +0200)]
remove html notes of 17.05

7 years agoBug 19035 - Stored XSS in lists.pl
Amit Gupta [Tue, 15 Aug 2017 03:03:41 +0000 (08:33 +0530)]
Bug 19035 - Stored XSS in lists.pl

To Test
1. Hit the page /cgi-bin/koha/patron_lists/lists.pl
2. Click on new patron list
3. Add a text in the field Name that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed in both the pages list.pl and list.pl?patron_list_id=xx
xx is patronlist id

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 34dcc80055998c7b301de6e2bbcfa20067c8a63c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19114 - Stored XSS in parcels.pl
Amit Gupta [Tue, 15 Aug 2017 15:28:34 +0000 (20:58 +0530)]
Bug 19114 - Stored XSS in parcels.pl

Test
1. Hit the page /cgi-bin/koha/acqui/parcels.pl?booksellerid=xx
   xx is booksellerid
2. Add a text in the field Vendor invoice that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Fixed XSS for parcels.pl/parcel.pl/orderreceive.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit a4ee6ce526cf0b7897badf427c18ae6bfbefe0c5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19112 - Stored XSS in basketheader.pl page
Amit Gupta [Tue, 15 Aug 2017 14:21:48 +0000 (19:51 +0530)]
Bug 19112 - Stored XSS in basketheader.pl page

To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 65c7b505ee56f088f3c475595e53fbe53a77d4a2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19110 - XSS Stored in branches.pl
Amit Gupta [Tue, 15 Aug 2017 09:30:55 +0000 (15:00 +0530)]
Bug 19110 - XSS Stored in branches.pl

To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
   xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0a44868b21c4ec9f3e6a7c4e4f7db8ee22e014b6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19100 - XSS Flaws in memberentry.pl
Amit Gupta [Tue, 15 Aug 2017 17:52:32 +0000 (23:22 +0530)]
Bug 19100 - XSS Flaws in memberentry.pl

1. Hit /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid.
5. Notice it is no longer executed.

NOTE: I had to test in Microsoft Edge, because Chrome was blocking XSS for me.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d42639166c9de0e83b16b04cd8c05146648b03fd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19105 - XSS Stored in holidays.pl
Amit Gupta [Tue, 15 Aug 2017 03:53:13 +0000 (09:23 +0530)]
Bug 19105 - XSS Stored in holidays.pl

To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1ceb4367c6879be812b600487385c53bb005260d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 16069 - XSS issue in basket.pl page
Amit Gupta [Tue, 15 Aug 2017 17:28:02 +0000 (22:58 +0530)]
Bug 16069 - XSS issue in basket.pl page

1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
   xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
   xx - is a basketno.
5. Notice it is no longer executed.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 91711087e93e5da6265bac329791e45afb7d354f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19079 - XSS Flaws in Membership page
Amit Gupta [Fri, 11 Aug 2017 15:38:14 +0000 (21:08 +0530)]
Bug 19079 - XSS Flaws in Membership page

1. Hit /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber
2. Notice the java script is executed.
4. Apply patch.
5. Reload page, and hit the page again /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 4f48532c4f3bede64533af6415e507640e2ed6e0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19033: XSS Flaws in Currencies and exchange page
Amit Gupta [Fri, 4 Aug 2017 04:14:52 +0000 (09:44 +0530)]
Bug 19033: XSS Flaws in Currencies and exchange page

1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the issue, follows common practice on the codebase.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 08fe6c3c3a8b3370ea212b049573a8618cf1e9e3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19034: (followup 2) Fix letters.tt XSS flaw
Jonathan Druart [Tue, 15 Aug 2017 16:26:12 +0000 (13:26 -0300)]
Bug 19034: (followup 2) Fix letters.tt XSS flaw

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9877aa340e75697cdb435eddf825451a93b91eaf)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19034: (followup) Fix letters.tt XSS flaw
Tomas Cohen Arazi [Mon, 7 Aug 2017 14:27:33 +0000 (11:27 -0300)]
Bug 19034: (followup) Fix letters.tt XSS flaw

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d7ffd52dfd46190e630c1f25738e77d8d6ebebc8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19034: XSS Flaws in Z39.50/SRU servers administration
Amit Gupta [Fri, 4 Aug 2017 05:11:49 +0000 (10:41 +0530)]
Bug 19034: XSS Flaws in Z39.50/SRU servers administration

1. Hit /cgi-bin/koha/admin/z3950servers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search Z39.50/SRU servers box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search Z39.50/SRU servers box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit cd0c7ad870f4c2d202e2d6e31c1078bd29da979e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19034: XSS Flaws in Cities
Amit Gupta [Fri, 4 Aug 2017 05:08:12 +0000 (10:38 +0530)]
Bug 19034: XSS Flaws in Cities

1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 8b294c5a4bece7086688fb44c7c45a1ee820247c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19034: XSS Flaws in Patron categories pages
Amit Gupta [Fri, 4 Aug 2017 05:04:19 +0000 (10:34 +0530)]
Bug 19034: XSS Flaws in Patron categories pages

1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 28b9a1246781fb45427a593703542a99600f6d1f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19050 - XSS Flaws in Quick spine label creator
Amit Gupta [Mon, 7 Aug 2017 15:19:56 +0000 (20:49 +0530)]
Bug 19050 - XSS Flaws in Quick spine label creator

1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 18b6e1f5272ee4e2c4c1971a4346c1759df4b3d6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19051 - XSS Flaws in - Batch item modification page
Amit Gupta [Mon, 7 Aug 2017 16:13:56 +0000 (21:43 +0530)]
Bug 19051 - XSS Flaws in - Batch item modification page

1. Hit /cgi-bin/koha/tools/batchMod.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0726c79361a22051b847e9fe8668ab6faf81479a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19051 - XSS Flaws in Batch item deletion page
Amit Gupta [Mon, 7 Aug 2017 15:54:44 +0000 (21:24 +0530)]
Bug 19051 - XSS Flaws in Batch item deletion page

1. Hit /cgi-bin/koha/tools/batchMod.pl?del=1
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 560d5e472ae30d9f0d0984cd6dbf34ca12b0cae1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19051 - XSS Flaws in - Batch record deletion page
Amit Gupta [Mon, 7 Aug 2017 15:38:36 +0000 (21:08 +0530)]
Bug 19051 - XSS Flaws in - Batch record deletion page

1. Hit /cgi-bin/koha/tools/batch_delete_records.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Record number list (one per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Record number list (one per line) text area.
6. Notice it is no longer executed.
7. Fixes for both biblio and authority records.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 63fce3cdb10637a14efa5ac61e9fb21e4b04e364)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19052 - XSS Flaws in - Invoice search page
Amit Gupta [Mon, 7 Aug 2017 16:47:14 +0000 (22:17 +0530)]
Bug 19052 - XSS Flaws in - Invoice search page

1. Hit /cgi-bin/koha/acqui/invoices.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 44c25d74b64ed9f125362e9627c7f9bc5635d369)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19052 - XSS Flaws in vendor search page
Amit Gupta [Mon, 7 Aug 2017 16:34:30 +0000 (22:04 +0530)]
Bug 19052 - XSS Flaws in vendor search page

1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d8b1c8fc7d9ba254b1e71d1501abfae4102e7eea)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19054 - XSS Flaws in Report - Top Most-circulated items
Amit Gupta [Mon, 7 Aug 2017 17:04:05 +0000 (22:34 +0530)]
Bug 19054 - XSS Flaws in Report - Top Most-circulated items

1. Hit /cgi-bin/koha/reports/cat_issues_top.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 755a1fb372b29443b7d128c4c710f7a7ed63f189)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19078 - XSS Flaws in System preferences
Amit Gupta [Thu, 10 Aug 2017 16:21:38 +0000 (21:51 +0530)]
Bug 19078 - XSS Flaws in System preferences

1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit b7bb60d76041bf00f6a28fe3a55ecc2c7912a275)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18726: Fix XSS at the OPAC - biblionumber
Jonathan Druart [Wed, 9 Aug 2017 17:08:24 +0000 (14:08 -0300)]
Bug 18726: Fix XSS at the OPAC - biblionumber

The biblionumber parameter is sent by the user, we must escape all of
them to avoid XSS.

Fixes: Cross-site scripting OPAC pages
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0676334968c27337cc1f3a3407ac6eeaef75f201)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18951: Adjust Isbd.t
Marcel de Rooy [Wed, 19 Jul 2017 11:59:45 +0000 (13:59 +0200)]
Bug 18951: Adjust Isbd.t

Add schema calls.
Remove an unneeded AddBiblio call.

Test plan:
Run t/db_dependent/Biblio/Isbd.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 40c719a5248877d200920c2c9a028e273a5f1370)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18951: Create data for TransformKohaToMarc.t
Marcel de Rooy [Wed, 19 Jul 2017 11:48:55 +0000 (13:48 +0200)]
Bug 18951: Create data for TransformKohaToMarc.t

Adding schema and caching statements.
Adjust it so that the Koha to MARC mappings are not assumed to be present,
but are created as needed.
Remove the mock on marcflavour. It is no longer needed.
Resolving a small typo.

Test plan:
Run t/db_dependent/Biblio/TransformKohaToMarc.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit f839955db707415368d23ae81bdb14505dd058ee)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18951: Some t/Biblio tests are database dependent (git mv)
Marcel de Rooy [Wed, 19 Jul 2017 11:33:34 +0000 (13:33 +0200)]
Bug 18951: Some t/Biblio tests are database dependent (git mv)

Move Isbd.t and TransformKohaToMarc.t to db_dependent.
Next patch will add a few adjustments too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 50bc4170cec172de04db2033d464c96348d5a508)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18361: [QA Follow-up] Resolve warning on undef values supplied
Marcel de Rooy [Fri, 16 Jun 2017 05:57:14 +0000 (07:57 +0200)]
Bug 18361: [QA Follow-up] Resolve warning on undef values supplied

The following warning was raised in Letters.t:
DBIx::Class::ResultSource::_minimal_valueset_satisfying_constraint():
NULL/undef values supplied for requested unique constraint 'primary' (NULL
values in column(s): 'id'). This is almost certainly not what you wanted,
though you can set DBIC_NULLABLE_KEY_NOWARN to disable this warning.

This warning is triggered by this line in C4/Letters.pm:
    Koha::SMS::Providers->find( $member->{'sms_provider_id'} );
As you already guessed, the sms_provider_id returns undef.

Resolved in sub find by testing if there are parameters and if so, they
should not be all undefined. (In most cases there will be only one
parameter; but this report is about composite keys.)

Added a trivial test case in Objects.t too.

Test plan:
Run t/db_dependent/Koha/Object.t
Run t/db_dependent/Koha/Objects.t
Run t/db_dependent/Letters.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
(cherry picked from commit e1afa469f8313144c70ae91d7efa356beb8168b8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18361: (QA followup) Add tests for the no params case
Tomas Cohen Arazi [Wed, 19 Apr 2017 14:57:33 +0000 (11:57 -0300)]
Bug 18361: (QA followup) Add tests for the no params case

This patch adds a test for the trivial case in which no param is passed
and the ->find method returns undef.

For completeness purposes.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit e1f943b9992ea1a3c5d4659ca6fa787834d66376)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18361: Additional tests for Koha::Objects->find
Marcel de Rooy [Thu, 13 Apr 2017 11:15:30 +0000 (13:15 +0200)]
Bug 18361: Additional tests for Koha::Objects->find

Adding a subtest find in t/db_dependent/Koha/Objects.t.

Test plan:
Run t/db_dependent/Koha/Objects.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit de74a4e5a0ec0fcf85a42b637d07c2bcd81d63f0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18361: Koha::Objects->find should accept composite primary keys
Marcel de Rooy [Fri, 31 Mar 2017 11:52:15 +0000 (13:52 +0200)]
Bug 18361: Koha::Objects->find should accept composite primary keys

Changes the $id parameter to an array. (IssuingRule has three keys.)
The build_object method in TestBuilder.pm has been adjusted to pass
multiple primary key values to find.

Also adjusted the POD section to show more clearly that we accept
the same parameters as DBIx ResultSet does.

Test plan:
Run t/db_dependent/Koha/Object.t
Run t/db_dependent/Koha/Objects.t
Run t/db_dependent/TestBuilder.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ec288a50def5c4fdcd7b001087fed0b120e4a211)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18539: remove occurrence in ReNewSubscription.t
Jonathan Druart [Thu, 15 Jun 2017 18:46:17 +0000 (15:46 -0300)]
Bug 18539: remove occurrence in ReNewSubscription.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ad7ff09b995e5275f2c6d664b31351321b1674af)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18539: Forbid list context calls for Koha::Objects->find
Jonathan Druart [Tue, 18 Apr 2017 16:49:18 +0000 (13:49 -0300)]
Bug 18539: Forbid list context calls for Koha::Objects->find

Reading https://perlmaven.com/how-to-return-undef-from-a-function
this sound like the more correct behaviour.

Considering:
$template->param(
    stuff => Koha::Stuffs->find( $id ),
    foo   => 1,
);
without this patch, if the $id does not represent any rows in the DB,
stuff will be assigned to 'foo' and $foo will be undef in the template.
That can lead to very bad side-effects.

With this patch we make sure that it will never happen again.

Test plan:
  prove t/db_dependent/Koha/Objects.t
should return green

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 15cbf14f4d4f8039ad7820ce37da202b19e0075d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18367 - (QA Followup) Only warn if doing a lookup and not having an item
Nick Clemens [Fri, 28 Jul 2017 11:38:33 +0000 (11:38 +0000)]
Bug 18367 - (QA Followup) Only warn if doing a lookup and not having an item

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1b73cae6eb4ce7e7ca675d6db84fe8ce0cd2f499)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18367 - Fix untranslatable string from Bug 18264
Nick Clemens [Tue, 11 Apr 2017 20:09:27 +0000 (16:09 -0400)]
Bug 18367 - Fix untranslatable string from Bug 18264

Restore display of message when no barcode found

To test:
1 - Go to course reserves
2 - Add an item to a course
3 - Try adding an invalid barcode - should get an alert
4 - Try force adding an item with itemnumber:
    http://localhost:8081/cgi-bin/koha/course_reserves/add_items.pl?op=lookpup&course_id=11&itemnumber=1234523546
5 - Should recieve an error

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1fc3751804146e92c0d8d85517ffcd6ec338808e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18991: [QA Follow-up] Use schema txn_begin and txn_rollback
Marcel de Rooy [Fri, 28 Jul 2017 09:58:24 +0000 (11:58 +0200)]
Bug 18991: [QA Follow-up] Use schema txn_begin and txn_rollback

We also need just one rollback at the end here.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit e5e5402f36c923775b341bd1900aa6468d42aa9a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18991: Fix cleanup in t/db_dependent/Log.t
Lari Taskula [Thu, 27 Jul 2017 14:56:18 +0000 (14:56 +0000)]
Bug 18991: Fix cleanup in t/db_dependent/Log.t

There is an action_logs entry via logaction() without transaction to be rolled
back in t/db_dependent/Log.t. This leaves an entry in action_logs after
the test is over.

To replicate:
1. prove t/db_dependent/Log.t
2. Observe a new entry in action_logs table

To test:
1. Apply patch
2. prove t/db_dependent/Log.t
3. Observe there are no new entries in action_logs

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit f49f5a67d3512ea75d92cb551ebd79a9de7e53d7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18987 - Added Koha::Account package pragma to Patron.pm
Alex Buckley [Fri, 21 Jul 2017 08:47:48 +0000 (08:47 +0000)]
Bug 18987 - Added Koha::Account package pragma to Patron.pm

Test plan:
1. On an up to date branch go to Patrons and try to browse for a patron
by last name
2. Notice that the page processes indefinately
3. Apply patch
4. Repeat step 1
5. Notice the patron results are displayed

Signed-off-by: David Cook <dcook@prosentient.com.au>
Works as described.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ac8e39d1e742b196677d395dc89d92848560b903)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 19000: Fix typo in closing p tag for items
Marcel de Rooy [Fri, 28 Jul 2017 05:56:21 +0000 (07:56 +0200)]
Bug 19000: Fix typo in closing p tag for items

Close the p tag and add a br tag to visually divide the two sections
Data problems and Warnings regarding system configuration.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Discovered the problem when testing a duplicate key in deleteditems.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3c87b6f387831053e01ecc86b91d61669af9696b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18545: Re-add call to enableCheckboxActions
Jonathan Druart [Mon, 24 Jul 2017 17:25:21 +0000 (14:25 -0300)]
Bug 18545: Re-add call to enableCheckboxActions

This call is used to refresh the page correctly

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 37fc0d817d46d21897015a8e1df754b59ba477a6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18545 [Follow-up] Remove use of onclick from OPAC Cart
Owen Leonard [Fri, 9 Jun 2017 15:50:41 +0000 (15:50 +0000)]
Bug 18545 [Follow-up] Remove use of onclick from OPAC Cart

This patch makes a few corrections:

- Use 'e.preventDefault()' instead of 'return false' in changed
  sections.
- Modify the event handler on checkboxes to successfully handle the
  un-check action as well as the check action. (QA comment 5).

To test, follow the original test plan.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 04a601ef659c64446790758ebbe369a2ce090875)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18545: Remove use of onclick from OPAC cart
Aleisha Amohia [Fri, 5 May 2017 03:58:49 +0000 (03:58 +0000)]
Bug 18545: Remove use of onclick from OPAC cart

To test:
1) Apply patch and add one or more items to your cart
2) Confirm that clicking the following things still works as expected:
 - more details
 - brief display
 - send
 - download
 - print
 - select all
 - clear all
 - selecting by clicking checkbox
 - remove title
 - add title to list
 - place hold
 - add tag
 - empty and close

Sponsored-by: Catalyst IT
Followed test plan, works as expected. Resolves issue with two
print dialogues from Bug 18544.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1b4d4f989b1d6c589a08f21ce19a48dca9072ec7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18605: Remove TRUNCATE from C4/HoldsQueue.pm
Marcel de Rooy [Mon, 15 May 2017 08:38:43 +0000 (10:38 +0200)]
Bug 18605: Remove TRUNCATE from C4/HoldsQueue.pm

Replaces TRUNCATE by DELETE, since truncate implicitly commits. We don't
need to do that here. (Would complicate testing it too.)
Fixes typo disablig.
Add a simple test to HoldsQueue.t.

Test plan:
Run t/db_dependent/HoldsQueue.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit db64c94953be772fb316d508fdfffd374ea1d835)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18965 - branch transfer limits pagination save bug
Fridolin Somers [Thu, 20 Jul 2017 14:08:59 +0000 (16:08 +0200)]
Bug 18965 - branch transfer limits pagination save bug

In branch transfer limits, tables are paginated with 20 rows by default.

The bug is that datatable not only hides rows, they are not in form.
So when submitting form, rows not visible are erased.

Test plan :
Wihout patch :
- Create 22 branches, you can hack the creation form by manualling calling URL : /cgi-bin/koha/admin/branches.pl?op=add_validate&branchcode=Bxx&branchname=Bxx
- Go to Administration > Library transfer limits
- You see table first page : only 20 first rows are shown
- You see all checkboxes are checked
- Go to second page of this table
- Save
=> You see table first page with all checkboxes unchecked
With patch the is no pagination, all checkboxes are shown when you save

Signed-off-by: Axelle Clarisse <axelle.clarisse@univ-amu.fr>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7a306d72ab98f2abf2266716761820f1098ede9b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18977: Rollback branch in t/db_dependent/SIP/Message.t
Lari Taskula [Mon, 24 Jul 2017 15:30:10 +0000 (18:30 +0300)]
Bug 18977: Rollback branch in t/db_dependent/SIP/Message.t

To test:
1. Before applying patch, check the amount of branches in database
2. prove t/db_dependent/SIP/Message.t
3. See that a new branch is stored
4. Apply patch
5. prove t/db_dependent/SIP/Message.t
6. See that a new branch is no longer stored

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 139b66f65611cff0a2551662e0fd5c2e50b4c10f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18976: (follow-up) Fix t/db_dependent/Search/History.t cleanup
Lari Taskula [Mon, 24 Jul 2017 15:16:25 +0000 (18:16 +0300)]
Bug 18976: (follow-up) Fix t/db_dependent/Search/History.t cleanup

Same problem in t/db_dependent/Search/History.t.

To replicate:
1. Check the row count of borrowers, branches, categories, sessions, sms_providers
   tables
2. prove t/db_dependent/Search/History.t
3. Repeat step 1
4. Observe borrowers the following tables have increased in row count:
   - borrowers
   - branches
   - categories
   - sessions
   - sms_providers

To test:
1. Before applying the patch, go through steps at "To replicate" plan
2. Apply patch
3. Go through steps at "To replicate" plan
4. Observe step 4 no longer applies and those tables have the same number of
   rows as before executing the test.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 6d8b26b01f505771fe0d359d29fff8bc963e5291)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18976: Fix t/db_dependent/Auth.t cleanup
Lari Taskula [Mon, 24 Jul 2017 13:43:18 +0000 (16:43 +0300)]
Bug 18976: Fix t/db_dependent/Auth.t cleanup

Test t/db_dependent/Auth.t seems to have an ineffective test data cleanup.
Data generated by TestBuilder is left in borrowers, branches, categories,
sms_providers and sessions tables after the test.

To replicate:
1. Check the row count of borrowers, branches and categories tables
2. prove t/db_dependent/Auth.t
3. Repeat step 1
4. Observe borrowers the following tables have increased in row count:
   - borrowers
   - branches
   - categories
   - sessions
   - sms_providers

To test:
1. Before applying the patch, go through steps at "To replicate" plan
2. Apply patch
3. Go through steps at "To replicate" plan
4. Observe step 4 no longer applies and those tables have the same number of
   rows as before executing the test.

This issue has been happening in REST tests as well, and this solution is
directly copy-pasted from t/db_dependent/api/v1/cities.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 99d18bf0f3f729261b6560f0dd3c5d757aba3a19)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18832: Missing space between icon and label in button 'Patron lists'
Marc Véron [Wed, 21 Jun 2017 07:47:13 +0000 (09:47 +0200)]
Bug 18832: Missing space between icon and label in button 'Patron lists'

On page Home > Patrons the button 'Patron lists' misses a space between
icon and text. This patch adds it to make the button display like the other
ones.

To test, apply patch and verify that the button displays as expected.

Signed-off-by: fcouffignal <fcouffignal@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 85b895c2dfdf9499fdb12bd108c740144597c89e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18839: Suggestion.pl spelling mistake
Chris Kirby [Wed, 21 Jun 2017 18:27:21 +0000 (18:27 +0000)]
Bug 18839: Suggestion.pl spelling mistake

On the suggestion management page, 'unknown' is spelled 'unkown'

This patch corrects this spelling mistake in

suggestion/suggestion.pl

koha-tmpl/intranet-tmpl/prog/en/include/strings.inc

koha-tmpl/intranet-tmpl/prog/en/include/search_indexes.inc

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: sonia BOUIS <sonia.bouis@univ-lyon3.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit afddf4145fbbfd978e4c5cd22f0ae2cbbef70560)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18918: Disable CSV option if no CSV profiles exist
Aleisha Amohia [Mon, 10 Jul 2017 02:31:22 +0000 (02:31 +0000)]
Bug 18918: Disable CSV option if no CSV profiles exist

To test:
1) Confirm you have no MARC CSV profiles (tools -> csv profiles)
2) Go to Tools -> Export data
3) Select the CSV file format for biblios
4) Notice the CSV profile dropdown shows up but the dropdown is empty
5) Click the Export button, notice Koha breaks
6) Go back and apply the patch, refresh
7) Notice the CSV option is now disabled in the file format menu
8) If you hover over CSV, an appropriate message should show explaining
why it is disabled
9) Create a CSV profile for MARC
10) Go back to Export and you should be able to use CSV now without
problem

Sponsored-by: Catalyst IT
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7723ffdd130996ec946d5b9149f90cb0cdc447fc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18982: Remove data in the correct order
Jonathan Druart [Wed, 26 Jul 2017 16:50:14 +0000 (13:50 -0300)]
Bug 18982: Remove data in the correct order

To respect FK

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 6cb3abcbd95fe673d5b0426f5f8c23a0c7683e65)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18982: Create a circ rule for the data we created
Jonathan Druart [Tue, 25 Jul 2017 19:49:38 +0000 (16:49 -0300)]
Bug 18982: Create a circ rule for the data we created

No need to have a default circ cule, we create one for the categorycode
and itemtype we are going to use.
The 3 checkouts will not be rejected (5 are allowed)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 5b84987f28b43f0c92eeff9ed1067ed61f822a4b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18982: Create a specific itemtype for these tests
Jonathan Druart [Tue, 25 Jul 2017 19:48:06 +0000 (16:48 -0300)]
Bug 18982: Create a specific itemtype for these tests

No need to require rentalcharge=0 for all itemtypes, we create our own.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ca0568f58393cff3fce6b362e59e90daa1b1524a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18982: category.categorycode must be uppercase
Jonathan Druart [Tue, 25 Jul 2017 19:46:08 +0000 (16:46 -0300)]
Bug 18982: category.categorycode must be uppercase

Otherwise it is not selected in the dropdown list and the patron created
does not belong to this category

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 60478e6544ddfd37dc82829f684c3837b534d146)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18982: Use KOHA_INTRANET_URL instead of syspref staffClientBaseURL
Jonathan Druart [Tue, 25 Jul 2017 17:37:27 +0000 (14:37 -0300)]
Bug 18982: Use KOHA_INTRANET_URL instead of syspref staffClientBaseURL

That way we do not need to set the syspref, we can define it setting an
env var, like other tests.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 78d77163af407dc639764cdf1b8936b8f0f715d6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoIncrement version for 17.05.02 release v17.05.02
Fridolin Somers [Thu, 27 Jul 2017 12:10:29 +0000 (14:10 +0200)]
Increment version for 17.05.02 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoMerge remote-tracking branch 'translate/17.05.02-translate-20170727' into 17.05.x
Fridolin Somers [Thu, 27 Jul 2017 12:04:18 +0000 (14:04 +0200)]
Merge remote-tracking branch 'translate/17.05.02-translate-20170727' into 17.05.x

7 years agoUpdate release notes for 17.05.02 release
Fridolin Somers [Thu, 27 Jul 2017 11:58:22 +0000 (13:58 +0200)]
Update release notes for 17.05.02 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoTranslation updates for Koha 17.05.02
root [Thu, 27 Jul 2017 11:44:56 +0000 (08:44 -0300)]
Translation updates for Koha 17.05.02

7 years agoBug 18572: Remove AddRenewal parameter
Jonathan Druart [Mon, 24 Jul 2017 17:04:06 +0000 (14:04 -0300)]
Bug 18572: Remove AddRenewal parameter

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 51e8b7bbc9d4fe1d560b65eef3285ec3c0b74e71)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18572 - QA Followup
Nick Clemens [Wed, 19 Jul 2017 18:26:07 +0000 (18:26 +0000)]
Bug 18572 - QA Followup

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9b92d79817c359635f463fd5a1e5715affe96356)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18572 - Improper branchcode set during OPAC renewal
Nick Clemens [Fri, 23 Jun 2017 12:27:19 +0000 (12:27 +0000)]
Bug 18572 - Improper branchcode set during OPAC renewal

To test:
1 - Set 'OpacRenewalBranch' to various settings
2 - Renew an item for a ptron under each setting
3 - Confirm action_log entries reflect the correct branch for each
secnario
4 - prove t/db_dependent/Circulation/issue.t

Signed-off-by: David Kuhn <techservspec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit e9374dcf6308256f4597e1c83920559d2673b90c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18826 - (QA Followup) Add mock SessionStorage to patrons.t
Nick Clemens [Fri, 21 Jul 2017 12:07:19 +0000 (12:07 +0000)]
Bug 18826 - (QA Followup) Add mock SessionStorage to patrons.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit a696843f82dc026ab6545f18b113af8efc753715)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18826: rollback transaction for api tests
Jonathan Druart [Wed, 12 Jul 2017 20:24:24 +0000 (17:24 -0300)]
Bug 18826: rollback transaction for api tests

The holds.t tests for the REST api do no rollback properly and modify
the DB (no cleanup).
This comes from a bug caused by SessionStorage = mysql (default)

The error is:
    "rollback ineffective with AutoCommit enabled"

Test plan:
  select count(*) from borrowers;
  prove t/db_dependent/api/v1/holds.t
  select count(*) from borrowers;
=> The number of entry must be the same before and after the tests have
been executed

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d5dc473382ccfa118e78e91507384245ce0dcfcb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18955 - autocomplete is on in OPAC password recovery
Fridolin Somers [Wed, 19 Jul 2017 07:48:04 +0000 (09:48 +0200)]
Bug 18955 - autocomplete is on in OPAC password recovery

In OPAC password recovery form autocomplete is not disabled.
So when login or email is entered, it is saved in browser input history for autocomplete.
This is a major issue for OPAC on computers with public access.

This patch adds autocomplete off on forms.

Test :
- Enable system preferences OpacPasswordChange and OpacResetPassword
- Go to OPAC
- Be sure to not be logged in
- Click on "Forgot your password?"
- Enter a loggin and email and Submit
=> Without patch there is an autocompletion with values you entered
=> With patch there is no autocompletion

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 214a0e61021934c7e6deee5a24cf11606a57199b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18910: Revert "Bug 18152 : fix unimarc label in SetMarcUnicodeFlag"
Jonathan Druart [Mon, 17 Jul 2017 18:58:49 +0000 (15:58 -0300)]
Bug 18910: Revert "Bug 18152 : fix unimarc label in SetMarcUnicodeFlag"

This reverts commit bf551a07222a7b9beffd7ca6cba38c675aa3ab28.

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 8e0bb409aef75ac0f18a50d3a34a749f4e87da84)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18910: Revert "Bug 18152: Add tests"
Jonathan Druart [Mon, 17 Jul 2017 18:58:33 +0000 (15:58 -0300)]
Bug 18910: Revert "Bug 18152: Add tests"

This reverts commit a807d7199ea025aa507e0ca7e3ff2330902844f8.

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit dd60cd9635fd51073d01ec5a24340564f61cd5e7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years ago(17.05.x) Bug 18966: Do not deal with duplicate issue_id on checkin
Jonathan Druart [Thu, 20 Jul 2017 16:39:43 +0000 (13:39 -0300)]
(17.05.x) Bug 18966: Do not deal with duplicate issue_id on checkin

Koha suffers of big bugs due to its history: When data are deleted, they are moved to another tables.
For instance issues and old_issues: when a checkin is done, it is moved to the old_issues table.
That leads to a main problem that is described on https://wiki.koha-community.org/wiki/DBMS_auto_increment_fix

However we tried first to fix the problem (for issues/old_issues) at code level on bug 18242.
The goal was to prevent data lost.
Data lost may happens in this case:
Check an item out (issue_id = 1)
Check an item in (issue_id = 1)
Restart MySQL (reset auto increment for issue_id to 1)
Check an item out (issue_id = 1)
Check an item in => BOOM, the issue_id is a PK in old_issues and the move fails.
Before bug 18242 the data were lost, we inserted the value into old_issues, which fails silently (because of RaiseError set to 0 in Koha::Database), then delete the row from issues.
That has been fixed using a transaction.

This patch introduced a regression we tried to fix on bug 18651 comment 0, the patron was charged even if the checkin was rejected.
A good way to fix that would have been to LOCK the tables:
1- Start a transaction
2- LOCK the table to make sure nobody will read id and avoid race conditions
3- Move the content from one table to the other, dealing with ids
4- UNLOCK the table
5- Commit the transaction
But there were problems using LOCK and DBIx::Class (See commit 905572910b3a - Do no LOCK/UNLOCK the table).

Finally the solution implemented is not acceptable for several reasons:
- batch checkins may fail
- issue_id will always stay out of sync (between issues and old_issues)
See 18651 comment 66.

Since the next stable releases are very soon, and we absolutely need to fix this problem, I am suggesting to:
1- Execute the move in a transaction to avoid data lost and reject the checkin if we face IDs dup
=> It will only reject 1 checkin (max is 1 * MySQL restart), no need to deal with race conditions,
2- Display a warning on the checkin page and link to a solution/explanation
3- Communicate as much as we can on the proper fix: Update auto increment values when the DBMS is restarted - https://wiki.koha-community.org/wiki/DBMS_auto_increment_fix
4- Display a warning on the about page for corrupted data (see bug 18931)
5- Write and make available a maintenance script to fix corrupted data (TODO LATER)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18931 - Follow up - Typo fix in template for holds
Mason James [Wed, 26 Jul 2017 06:42:19 +0000 (18:42 +1200)]
Bug 18931 - Follow up - Typo fix in template for holds

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 45ff2ef129ea8a52ad7d08a531aad6b3e1e665f3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18931: (followup) Tidy text
Tomas Cohen Arazi [Tue, 25 Jul 2017 17:37:55 +0000 (14:37 -0300)]
Bug 18931: (followup) Tidy text

Some minor style and idiomatic issues.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit f5988bb3d233fa29f2af649748bbca611c99b739)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18931 - Follow up - Typo fix in SQL statement
Katrin Fischer [Mon, 24 Jul 2017 21:26:04 +0000 (23:26 +0200)]
Bug 18931 - Follow up - Typo fix in SQL statement

Fixes the table alias in the SQL statement for items and
adds items to the if clause for showing data problems.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit c3dca8c24b53aa63838687f536a5509855ccc21c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18931: Add items/deleteditems tables
Jonathan Druart [Mon, 24 Jul 2017 20:46:27 +0000 (17:46 -0300)]
Bug 18931: Add items/deleteditems tables

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 193ecb0a2bb397bf67488f6342f02adda0328031)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18931: Add a "data corrupted" section on the about page - MySQL AI
Jonathan Druart [Wed, 12 Jul 2017 18:52:19 +0000 (15:52 -0300)]
Bug 18931: Add a "data corrupted" section on the about page - MySQL AI

See the following wiki page for more information
https://wiki.koha-community.org/wiki/DBMS_auto_increment_fix

Test plan:
Create (at least) a patron, a checkout, a biblio and a hold
Then fill the old_* or deleted* tables with:
 INSERT INTO deletedborrowers SELECT * from borrowers WHERE  borrowernumber=XXX;
 INSERT INTO deletedbiblio SELECT * from biblio WHERE biblionumber=XXX;
 INSERT INTO old_issues SELECT * from issues WHERE issue_id=XXX;
 INSERT INTO old_reserves SELECT * from reserves WHERE reserve_id=XXX;

Go to the about page, 'System information' tab. You should see a new
"Data problems" section with the list of the ids that are wrong

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1d1d6ddc9d1e4929d9eb232e0745bcf31749cfdb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 16711: OPAC Password recovery: Handling if multiple accounts have the same mail...
Marc Véron [Sun, 21 May 2017 16:28:48 +0000 (18:28 +0200)]
Bug 16711: OPAC Password recovery: Handling if multiple accounts have the same mail address

To reproduce:
- Create 3 Accounts, login names are test01, test02, test03, Email is the same
for all.
- Go to OPAC -> Password recovery and indicate E-Mail only
- You will get an email for only one of the accounts above.

To test:
- Apply patch, restart memcached and plack
- Go to db, delete from borrower_password_recovery;
- Try steps above to reproduce. You will get an error message:
    Account identification with this email address only is ambiguous.
    Please use the field 'Login' as well.
- Verify that other cases work as before (provide valid / invalid login only,
  provide valid email for an existing account, provide unknown email, provide
  both login and email with all combinations of valid / invalid)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 16711: (QA-followup) Use count directly

See comment # 13

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3829020c2664ec531354f78f0c04d00f5dd6795d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18613: Add unit tests for getletter
Baptiste Wojtkowski [Tue, 11 Jul 2017 09:12:37 +0000 (09:12 +0000)]
Bug 18613: Add unit tests for getletter

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ad367a47003f341e1c517c6fbcc96246cbf21609)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18613: Remove letter rule correctly as superlibrarian
Baptiste Wojtkowski [Fri, 19 May 2017 09:23:17 +0000 (09:23 +0000)]
Bug 18613: Remove letter rule correctly as superlibrarian

TEST PLAN

(reproducing bug)
1 - Set 'IndependantBranches' to enable
2 - Log in as Superlibrarian.
3 - Create 3 rules
    - 1 for all librairies (1)
    - 1 for the library of the superlibrarian (2)
    - 1 for another library (3)
4 - Try to delete them and see them and see that (3) isn't the good one

(checking patch)
5 - Apply patch
6 - Try again 3-
7 - Connect as not superlibrarian
8 - Try again 3-

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 648e2a2b808efac22a8b88545d53b05112a1f6f0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18901: [QA Follow-up] Do not translate zzpref either
Marcel de Rooy [Wed, 12 Jul 2017 11:33:51 +0000 (13:33 +0200)]
Bug 18901: [QA Follow-up] Do not translate zzpref either

Adding one backslash makes a difference :)
We need to escape the dot in the regex to exclude a file like zzpref
from translation too. Perfect_regexes++

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit a2c9513b1c3449a34f942d8fa53f8ce1fe374e3f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18901: Sysprefs translation: translate only *.pref files (not *.pref*)
Julian Maurice [Thu, 6 Jul 2017 12:39:20 +0000 (14:39 +0200)]
Bug 18901: Sysprefs translation: translate only *.pref files (not *.pref*)

Text editors can create temporary files in this folder and this can
confuse the translator.
For instance, vim can create a file named '.opac.pref.swp' which will
make the translator dies with the following error message:

Can't use string ("b0VIM 8.0") as a HASH ref while "strict refs" in use
at LangInstaller.pm line 248.

Test plan:
1. echo 'Oops' > .../en/modules/admin/preferences/whatever.pref.whatever
2. cd misc/translator && ./translate update fr-FR
3. Verify that you have the error message mentioned above
4. Apply patch
5. cd misc/translator && ./translate update fr-FR
6. No more errors!

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ec51335e9cc4e090ef80f592cc0cc7a0786661f8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoBug 18748: Noisy t/db_dependent/AuthorisedValues.t
Mark Tompsett [Wed, 7 Jun 2017 16:53:52 +0000 (12:53 -0400)]
Bug 18748: Noisy t/db_dependent/AuthorisedValues.t

This noise is from a failure. This patch expands the delete
to 952$c for the ACQ framework as per comment #5.

TEST PLAN
---------

insert into marc_subfield_structure (tagfield,tagsubfield,liblibrarian, libopac, repeatable, mandatory, kohafield,tab,authorised_value,authtypecode,value_builder,isurl,hidden,frameworkcode,seealso,link,defaultvalue,maxlength) values (952,'c','Shelving location','Shelving location',0,0,'items.location',10,'LOC','','',0,0,'ACQ','','',null,9999);
-- this makes sure you have a pre-existing 952$c ACQ record.

prove t/db_dependent/AuthorisedValues.t
-- should have ugly message like in comment #0
apply patch
prove t/db_dependent/AuthorisedValues.t
-- should be green
run koha qa test tools

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 441f6fac33975f7e0f7c96b262bc0c0ee3b0c82e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 years agoRevert "Bug 18938: (bug 17829 follow-up) Replace 2 occurrences of GetMember left...
Fridolin Somers [Tue, 18 Jul 2017 14:38:23 +0000 (16:38 +0200)]
Revert "Bug 18938: (bug 17829 follow-up) Replace 2 occurrences of GetMember left behind"

This reverts commit 8af64fe6128d20917ca413613ce387a3ef196632.

7 years agoBug 18938: (bug 17829 follow-up) Replace 2 occurrences of GetMember left behind
Jonathan Druart [Fri, 14 Jul 2017 15:19:13 +0000 (12:19 -0300)]
Bug 18938: (bug 17829 follow-up) Replace 2 occurrences of GetMember left behind

Between patch submission and push, 2 new occurrences appeared in the
codebase.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 2f1a1fc4b96a91fc054646f91643d8ff46456055)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>