Jonathan Druart [Thu, 9 Jul 2015 09:31:07 +0000 (10:31 +0100)]
Bug 14404: Rename class no-show to noshow for consistency with nosort
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 0183cc0223678f6b3f0885213c7223ddb31acf5d) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Kyle M Hall [Tue, 16 Jun 2015 23:05:10 +0000 (19:05 -0400)]
Bug 14404: Checkouts default sort order for Self Checkout (SCO) confusing for patrons
Libraries are reporting that patrons are very confused during
self-checkout. The problem is they are expecting the list of checkouts
to be in the order they checked out the items ( first checkout on the
bottom, last item checked out on top ). However, the checkouts
table is sorted by title ( ascending ) then due date ( descending ).
This is not intuitive.
Test Plan:
1) Enable Koha's self checkout
2) Use the SCO to check out a random assortment of items,
make sure you don't check them out in alphabetical order
3) Note the order of the items in the list is not based on the order
you checked them out in
4) Apply this patch
5) Refresh the page
6) Note the items are now in the order you checked them out
with the last on top and the first on bottom
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit e9061028c1ba95b310be5e9333b224e735e64f40) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea@gmail.com>
When creating a new notice, warn is triggered "Argument "" isn't numeric in numeric gt (>) at line 400". Same warn is triggered when changing Koha module option to any other module.
To test:
1) Go to Tools, then Notices & Slips
2) Click 'new notice'. Notice warn in intranet-error.log
3) Change Koha module to another module. Notice warn is triggered for every change
4) Apply patch and reload page
5) Change Koha module to another module. Notice there are no longer warns
6) Go back to Notices & Slips and click 'new notice' again. Notice there are no warns
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 7098a36b19c35a06a51361bd381416a1204de38d) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt
Aleisha [Wed, 24 Jun 2015 01:15:32 +0000 (01:15 +0000)]
Bug 14445: Silences warn in letter.pl
When changing Koha module to 'Circulation', there is a warn saying that $code is uninitialized. This patch sets $code to an empty string to silence the warn.
To test:
1) Go to Tools, the Notices & Slips
2) Click 'new notice' (This will trigger warns, but ignore these as they will be corrected in the next patch)
3) Change Koha module to 'Circulation'
4) Notice warn about uninitialized $code variable
5) Apply patch and reload page, change Koha module to 'Circulation'
6) Notice page still works and warns are gone
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit fe3a49e61133e1e66d0075f3300cd3a99e691890) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Bug 14494: Terribly slow checkout caused by DateTime->new in far future
An expiry date like 9999-12-31 in the local timezone will make DateTime
spend a lot of time (maybe 60 seconds) on date calculation. See the
DateTime documention on CPAN.
A calculation in floating (or alternatively in UTC) would only take
a few milliseconds.
This patch makes two changes in this regard:
[1] The compare between expiry date and today in CanBookBeIssued has been
adjusted in Jonathan's patch. I am moving the compare to the floating
timezone (as was done in my original patch). This removes a hardcoded
9999.
[2] If ReturnBeforeExpiry is enabled, CalcDateDue compares the normal due
date with the expiry date. The comparison is now done in the floating
timezone. If the expiry date is before the due date, it is
returned in the user context's timezone.
NOTE: The calls to set_time_zone moving to or from floating do not adjust
the local time.
TEST PLAN:
First without this patch (and the one from Jonathan):
[1] Set expiry date to 9999-12-31 for a patron.
[2] Enable ReturnBeforeExpiry.
[3] Checkout a book to this patron. This will be (very) slow.
Continue now with this patch applied:
[4] Check in the same book.
[5] Check it out again. Should be much faster.
Bonus test:
[6] Set borrower expiry date to today. Change relevant circulation rule
to loan period of 21 hours. Test checking out with a manual due date
/time just before today 23:59 and after that. In the second case the
due date/time should become today 23:59 (note that 23:59 is not
shown on the checkout form).
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 17d04c46190880d3031adbc02553f82234d70fc1) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Jonathan Druart [Thu, 9 Jul 2015 08:52:28 +0000 (09:52 +0100)]
Bug 14494: Prevent slow checkout if the patron does not have an expiry date
If a patron has a expiry date set to 9999-12-31 (for organizations for
instance), the checkouts are very slow.
It's caused by 2 different calls to DateTime in CanBookBeIssued:
1/
DateTime->new( year => 9999, month => 12, day => 31, time_zone => C4::Context->tz );
The time_zone should not be set (as it's done in Koha::DateUtils), set to UTC or floating tz.
2/
DateTime->compare($today, $expiry_dt)
The comparaison of 2 DT with 1 related to 9999 is very slow, as you can
imagine.
For 1/ we need to call Koha::DateUtils::dt_from_string (actually, we
should never call DateTime directly).
For 2/ we just need to test if the date is != 9999, no need to compare
it in this case.
Test plan:
Before this patch, confirm that the checkouts are slow if the patron has a
dateexpiry set to 9999-12-31.
update borrowers set dateexpiry="9999-12-31" where borrowernumber=42;
After this patch, you should not see any regression when checking out
items to an expired patron and to a valid patron.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 8d58acc565c8500d4b9d55cacb3d6d21628a899b) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Kyle M Hall [Fri, 5 Jun 2015 12:06:29 +0000 (08:06 -0400)]
Bug 14338 - Unable to delete patron images [3.16.x]
The call to RmPatronImage is still passing cardnumber as its parameter
instead of borrowernumber.
Test Plan:
1) Upload a patron image
2) Ensure the card number is not the same as the borrower number
3) Attempt to delete patron image
-- Image will remain
4) Apply this patch
5) Attempt to delete patron image
-- Image will be removed
6) run koha qa test tools
NOTE: Deletion worked in 3.16.x, though the message for
debugging differed (cardnumber vs. borrowernumber).
This effectively removes cardnumber from the URL and
messages for the delete operation.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Mark Tompsett [Sat, 25 Jul 2015 08:24:42 +0000 (04:24 -0400)]
Bug 4925: Remove Smithsonian as a delivered z39.50 target [3.16.x]
Removes the Smithsonian as a target installed with the
sample data during installation.
Also adds the newer LOC authority targets to files where
they were missing.
To test:
- Verify the Smithsonian has been removed from all
translated installers
- Verify the files are still valid SQL and install
correctly
NOTE: There was tiny scope creep which included ensuring
there were two Authority z39.50 servers as well.
Text files properly reflect the removal.
SQL 'source' of SQL files worked properly.
Was able to Z39.50 search for all of the 'en'.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Mason James [Sat, 25 Jul 2015 08:51:52 +0000 (20:51 +1200)]
Bug 14602 - Fix failing t/Creators.t test
to test..
1/ run t/Creators.t test from git repo, get a FAIL
2/ apply patch
3/ repeat step 1, get a PASS
mason@xen1:~/g/k/3.16.x$ sudo koha-shell -c 'export PERL5LIB=/home/mason/g/k/3.16.x ; cd /home/mason/g/k/3.16.x ; prove -v t/Creators.t' k316x1
t/Creators.t ..
1..16
ok 1 - use C4::Creators;
ok 2 - use C4::Creators::PDF;
ok 3 - testing new() works
ok 4 - testing pdf file created
ok 5 - testing Add() works
ok 6 - testing Bookmark() works
ok 7 - testing Compress() works
ok 8 - testing Font() works
ok 9 - testing FontSize() is set to 12 by default
ok 10 - testing FontSize() can be set to a different value
ok 11 - testing Page() works
ok 12 - testing StrWidth() returns correct point width
ok 13 - testing Text() writes from a given x-value
ok 14 - testing Text() writes to the correct x-value
ok 15 - testing End() works
ok 16 - test file /tmp/4YjPQDExeS created OK
ok
All tests successful.
Files=1, Tests=16, 1 wallclock secs ( 0.03 usr 0.01 sys + 0.48 cusr 0.05 csys = 0.57 CPU)
Result: PASS
Bug 12647: PQF QueryParser driver and unit tests fixes
Due to Perl 5.18, QueryParser the default search class is no longer
'keyword' (see bug 12738), and needs to be set manually. This patch
adds a line that does that. The problem that gets fixed is with test
'super simple keyword query'.
The rest of the non-deterministically failing tests are due to the same
problem, keys returning differently sorted keys from hashes.
So this patch sorts keys in the step that concatenates attributes when building
the PQF queries (and tests get adjusted to match the now deterministic result).
I did that (sorting there) under Jared's recommendation. Hopefuly he will step
in and comment/fix any mistake I made. My main concern was a possible loss
in performance. That we agreed it is almost void, because of the tiny size
of the hash.
Sponsored-by: Universidad Nacional de Cordoba Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests are passing now again :) Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Thu, 12 Jun 2014 15:04:03 +0000 (17:04 +0200)]
Bug 12411: Preferences values should be utf8 encoded
Test plan:
Fill OPACMySummaryNote or NoLoginInstructions with something like "éàç"
and verify the display is broken.
Signed-off-by: Paola Rossi <paola.rossi@cineca.it> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
David Cook [Mon, 13 Jul 2015 04:06:46 +0000 (14:06 +1000)]
Bug 14521 - SQL injection in local use system preferences
This patch fixes a SQL injection vulnerability in the local use
system preferences.
_TEST PLAN_
Before applying:
1) Go to Global System Preferences
2) Click on the "Local use" tab
3) Add a new preference with the value "') or '1' = '1' -- "
(be sure to include the space at the end after the comment --).
4) When the page refreshes, you should now see about 99 other system
preferences which shouldn't be showing up.
5) Apply the patch
6) Refresh the page
7) Note that you now only see a system preference for "') or '1' = '1' -- "
and the other actual local use system preferences.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Mon, 13 Jul 2015 14:44:23 +0000 (15:44 +0100)]
Bug 14524: Don't escape query_cgi with uri
According to the doc, we should not escape query_cgi with the uri
filter:
http://www.template-toolkit.org/docs/manual/Filters.html#section_uri
Since query_cgi can contains something like: "idx=kw&q=42", we should
not escape the & char
Test plan:
0/ Don't apply the patch
1/ Go on launch a search at the OPAC
2/ Click on the RSS icon
3/ You should arrive on
opac-search.pl?idx%3Dkw%26q%3D42&count=50&sort_by=acqdate_dsc&format=rss2
The & has been escaped.
4/ Apply the patch
5/ Now you should get result and see an url correctly formatted.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Get notes and subjects from MARC record
ONLY when XSLT is not activated.
It's useless doing it when XSLT is activated,
because XSLT takes care of it by its own.
=> With this patch, we are saving precious
milliseconds
I compared the display of some records in XSLT view with and without patch, was the same (as expected). Signed-off-by: Marc Veron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
On a slower server, I saw a time save of 0.0274 to 0.0908 seconds (with XSLT). Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 14485 - HTML comment disables translation in cataloguing/addbooks.tt
In cataloguing/addbooks.tt, the line :
[% total %] result(s) found in catalog,
is not present in PO files even after an update.
I've found that the cause is the previous HTML comment line.
This patch converts HTML comment into TT comment and adds a div to have a more comprehensive string to translate.
Test plan :
- without patch
- go into <sources>/misc/translator
- run PO update for example in french : translate update fr-FR
=> the text "result(s) found in catalog" is missing from PO file : fr-FR-staff-prog.po
- restore default PO files
- apply patch
- go into <sources>/misc/translator
- run PO update for example in french : translate update fr-FR
=> You find text "result(s) found in catalog" in PO file : fr-FR-staff-prog.po
Sponsored-by: Universidad de El Salvador Signed-off-by: Hector Eduardo Castro Avalos <hector.hecaxmmx@gmail.com>
Works as advertised. Just one msgid appear with msgid "%s result(s) found in catalog,"
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
David Cook [Tue, 9 Jun 2015 04:25:23 +0000 (14:25 +1000)]
Bug 14366 - Units doesn't get saved usefully for patroncards
This patch causes the "Units" to be saved and displayed correctly
for the "Edit layout" screen in Patroncards.
_TEST PLAN_
Before applying:
0) Create a new layout
1) Edit the layout, change the units, and click Save
2) Edit the layout again, and notice the units are still "PostScript Points"
Apply the patch:
3) Edit the layout again, change the units, and click Save
4) Edit the layout again, note that the units have changed to your
selection
5) Rejoice
Signed-off-by: Nick Clemens <nick@quecheelibrary.org> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Mirko Tietgen [Thu, 25 Jun 2015 13:38:42 +0000 (15:38 +0200)]
Bug 14453: (followup) Fix shipped XSLT files
Make the shipped XSLTs for authorities (MARC21 and UNIMARC) the same as the generated version
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Fridolin Somers [Wed, 24 Jun 2015 14:06:05 +0000 (16:06 +0200)]
Bug 14453: kohaidx is missing for id in authority-koha-indexdefs.xml
In authority-koha-indexdefs.xml, all tags use the namespace "kohaidx" except the tag "id".
When re-generating authority-zebra-indexdefs.xsl, the line :
<xslo:variable name="idfield" select="normalize-space(marc:controlfield[@tag='001'])"/>
is modified :
<xslo:variable name="idfield" select="normalize-space()"/>
This is an error.
This patch adds kohaidx namespace to correct.
Test plan :
- Without patch
- go to etc/zebradb/marc_defs/marc21/authorities/
- run : xslproc xsltproc ../../../xsl/koha-indexdefs-to-zebra.xsl authority-koha-indexdefs.xml > authority-zebra-indexdefs.xsl
- read authority-zebra-indexdefs.xsl
=> the line has changed : <xslo:variable name="idfield" select="normalize-space()"/>
- Apply patch
- go to etc/zebradb/marc_defs/marc21/authorities/
- run : xslproc xsltproc ../../../xsl/koha-indexdefs-to-zebra.xsl authority-koha-indexdefs.xml > authority-zebra-indexdefs.xsl
- read authority-zebra-indexdefs.xsl
=> the line has not changed
(same for unimarc flavor)
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
As Mirko mentioned, the xslt's now generate the facet-processing templates in
the authority xslt's too. They are harmless because we don't define facets
for authority records. If we did, it would be harmless too.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Winona Salesky [Thu, 4 Jun 2015 02:46:23 +0000 (22:46 -0400)]
Bug 14326 - XSLT Syntax error in MARC21slimOPACResults.xsl
Test Plan:
1) Apply this patch
2) Ensure you are using the default XSLT setting for the staff and opac record details
3) Perform an opac search check "Availability" for expected display values.
5) Note this patch corrects invalid syntax in xslt, there should be no visable changes to the results page.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 14135: Adds 'Free' to variabletypes in systempreferences.tt
The 'Local Use' system preference addition/modification template provides the following options against "Variable Type" - Choice, YesNo, Integer, Textarea, Float, Themes, Languages, Upload or ClassSource.
There is no option presented for "Free" which seems to be the most
used variable type out-of-the-box (i.e. INTRAdidyoumean,
OPACdidyoumean, UsageStatsID and UsageStatsLastUpdateTime)
This trivial patch proposes to modify the systempreferences.tt
and add the option 'Free' to the list offered to users.
Test Plan
=========
1/ Go to Home > Administration > System preferences > Local use
2/ Click on 'New preference'.
3/ In the fieldset 'Koha Internal', the variable types offered
are Choice, YesNo, Integer, Textarea, Float, Themes,
Languages, Upload or ClassSources.
4/ Clicking on 'Choice' should set the 'preftype' field as
'Choice'.
5/ Apply this patch.
6/ Refresh the page.
7/ The variable types list should read - "Free, Choice, YesNo,
Integer, Textarea, Float, Themes, Languages, Upload or
ClassSources".
8/ Clicking on 'Free' should set the 'preftype' field as 'Free'.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Discovered that there is no validation on the type field.
However, that is beyond the scope of this bug.
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 9f008a102415c8b71a1f4a976bc15691c2663b5c) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Kyle M Hall [Thu, 25 Jun 2015 20:41:23 +0000 (16:41 -0400)]
Bug 14467 - Security updates break some Koha plugins
The new security updates break previously functioning plugins, most
notably the cover flow plugin and the Ebsco EDS plugin.
Test Plan:
1) Install and configure the cover flow plugin ( http://bywatersolutions.com/koha-plugins/ )
2) Note that attempting to access coverflow.pl from the OPAC results in an error
3) Apply this patch
4) Note that coverflow.pl now output html again
Signed-off-by: Nick Clemens <nick@quecheelibrary.org> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Liz Rea [Tue, 16 Jun 2015 04:12:57 +0000 (16:12 +1200)]
Bug 14389 - Editing a syspref in a textarea does not enable the Save button
Test plan:
1. Navigate to the "opaccredits" syspref (or any other textarea, i.e.,
"Click to Edit", syspref) in the system preferences editor.
2. Change its contents, by either pasting or typing. The field may not
be marked as modified, even after you click outside the box.
3. Apply the patch.
4. Reload the page and try again; either pasting or typing should mark
the field as changed and allow you to save.
Signed-off-by: Jesse Weaver <pianohacker@gmail.com>
Confirmed working for normal input, paste and middle-click paste in
Chrome and Firefox in Linux.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 14324: Set "adultborrower" regardless of guarantor status.
Signed-off-by: Jason Robb - SEKLS (jrobb@sekls.org) Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Wed, 1 Apr 2015 14:23:48 +0000 (16:23 +0200)]
Bug 8802: On editing a library group category type is not set
The category type was always set to 'searchdomain', because it's the
first of the dropdown list.
Test plan:
1/ Create or edit a library group
2/ Set the category type to "properties"
3/ Edit it again
4/ Confirm "properties" is correctly selected
Signed-off-by: Nick Clemens <nick@quecheelibrary.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Katrin Fischer [Sun, 7 Jun 2015 23:30:58 +0000 (01:30 +0200)]
Bug 14356: Improvements to the 'Transfers to receive' page
Patch makes several small changes to the template for the
'Transfers to receive page'
1) Show the branch name instead of the branchcode in the
table of incoming transfers.
If there is a hold connected with the transfer:
2) Show the patron's name as 'surname, firstname'
intead of 'surname firstname'
3) Restore broken feature: Show a mailto: link with a
generated subject of 'Hold: <title>'.
The mailto: feature actually existed in the templates, but
was broken to a misnamed database column. I made some small
changes to make the subject translatable (see bug 8330).
To test:
- Create a transfer by placing a hold with pickup at another library
- Craete a transfer manually
- Go to the circulation > transfers to receive
- Check the changes explained above, compare before and after
- Check the mailto: link works as expected
Bonus: Check the Hold: bit in the subject is really translatable now.
Signed-off-by: Nick Clemens <nick@quecheelibrary.org> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Katrin Fischer [Mon, 8 Jun 2015 03:29:16 +0000 (05:29 +0200)]
Bug 13874: 'Rotating collections' are a circulation tool
Moves the entry for 'Rotating collections' from the Catalog
column to the 'Patrons and circulation' column.
To test:
- Verify the entry has been moved on the tools home page
NOTE: I agree that collections makes more sense under the new
column.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Mark Tompsett [Wed, 15 Apr 2015 16:33:29 +0000 (12:33 -0400)]
Bug 14001 - Inventory has bad $_ references
After receiving an error while attempt a simple inventory run,
Two lines were changed from:
...$_->...
to
...$item->...
since the loop variable is $item. And $_ is not set to the
expected hash reference, when there is a loop variable.
This also helps explain the "Why are there blank dates on my
last seen field?" problem that has been mentioned by users.
TEST PLAN
---------
1) Apply this patch after a reset to master.
2) Log in to staff client
3) Add one item via z39.50, setting barcode to a known value (BARCODE1)
4) Wait for the reindex
5) Home -> Tools -> Inventory/Stocktaking
6) Browse for a file with the barcode in it
7) Set the library dropdown to the library branch of the added item.
8) Check 'Compare barcodes list to results:'
9) Click 'Submit'
-- This should not die under plack.
This should not generate blank last seen dates.
The last seen dates should be as expected.
10) run koha qa test tools
11) Confirm the two change point correspond to the two change points
in the patch which shall not be pushed to master.
The test result comply with expected outcome outlined in test plan.
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Katrin Fischer [Wed, 17 Jun 2015 10:28:39 +0000 (12:28 +0200)]
Bug 14401: Zebra index configuration doesn't allow exact search for C.
2 lines in the Zebra configuration files prevent an exact search for C.,
while all other [A-Z]. searches work correctly.
After taking a look at the /etc/zebradb/etc/word-phrase-utf.chr
those 2 lines cause the problem:
map (^c\.) @
map (^C\.) @
I propose to remove them.
To test:
- Catalog a record with an item with callnumber: C.
- Catalog a record with an item with callnumber: B.
- Try seaching for the second using callnum,ext:B. (exact field search)
- Verify search works.
- Try searching for the other with callnum,ext:C.
- Verify no result.
- Apply the patch - copy the zebra config file if necessary into the right spot
- Reindex
- Repeat searches - both should not bring up the correct record.
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Mark Tompsett [Fri, 19 Jun 2015 13:00:33 +0000 (09:00 -0400)]
Bug 14422: Typo in updatedatabase.pl
TEST PLAN
---------
1) backup db
2) git checkout -b my_3.6.x origin/3.6.x
3) drop db and create blank one
4) git reset --hard origin/3.6.x
5) run web installer
6) set HomeorHoldingBranchReturn system preference to 'holdingbranch'.
7) create a Default checkout, hold rule
home -> koha administration -> Circulation and fines rules
-- I put 10 checkouts total and clicked 'Save'
-- there currently is not 'returnbranch' in default_circ_rules.
8) git reset --hard origin/3.20.x
-- or whatever version you apply this to
(3.8.x, 3.10.x, 3.14.x, 3.16.x, 3.18.x, or 3.20.x
-- 3.21.00.008 deletes the systempreference involved)
9) ./installer/data/mysql/updatedatabase.pl
10) check HomeorHoldingBranchReturn systempreference
-- Currently says 'holdingbranch', but
the value of 'returnbranch' in default_circ_rules is
'homebranch'.
11) repeat steps 3-8
12) apply this patch
13) repeat steps 9-10
-- Currently says 'holdingbranch', and
the value of 'returnbranch' in default_circ_rules is
'holdingbranch'.
14) run koha qa test tools
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested using 3.6.x install, updated to 3.8.x
Value is preserved
No errors
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Note: I haven't followed the test plan, but the fix is trivial.
Maybe it could worth to upate 3.21.00.008 and check the value of
HomeOrHoldingBranchReturn before deleting it.
We could raise a warning if HomeOrHoldingBranchReturn ==
'holdingbranch'. Signed-off-by: Mason James <mtj@kohaaloha.com>
Fridolin Somers [Tue, 23 Jun 2015 15:45:30 +0000 (17:45 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)
Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()
This patch corrects opac/opac-ratings.pl
Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit f1acb5615d0cbcba5db5b84e12fbad3d41454347) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
(cherry picked from commit 3d8af819a84847b35ad08e62ba137d3febd878dd)
Katrin Fischer [Tue, 9 Jun 2015 00:32:46 +0000 (02:32 +0200)]
Bug 14215: Change the 'delimiter' syspref description for its wider use
Patch changes 'report files' to 'CSV files' as there are more
options now for downloading and creating CSV files where this
preference is taken into account.
To test:
- Verify the changed system preference description for
'delimiter' is correct.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Wed, 22 Apr 2015 10:14:24 +0000 (12:14 +0200)]
Bug 10866: Hide patron's history if intranetreadinghistory is set to not allow
If set to "not allow", the intranetreadinghistory pref prevent staff
members to access patron's checkout history.
But:
1/ The page is still accessible if you know the url
2/ The history can be consulted on the item history page
Test plan:
0/ Don't apply this patch
1/ Set the intranetreadinghistory to allow
2/ Go on a patron's checkout history page
3/ Open a new tab and go on a item's checkout history page
4/ Set the intranetreadinghistory to not allow
5/ Refresh both pages => no change
6/ Apply this patch
7/ Refresh both page.
On the first page, you should see a warning
On the other one, you should see that the patron column is not displayed
anymore.
Katrin Fischer [Mon, 8 Jun 2015 03:04:56 +0000 (05:04 +0200)]
Bug 13427: jQuery Timepicker is not translated on returns page
The returns page was missing an include with the translated strings.
To test:
- Install an additional language, like de-DE
- Confirm the bug on the returns page
- Make sure SpecifyReturnDate is activated
- Open the datepicker, look at the time settings
- Apply the patch
- Reinstall the language, no update of the po files is needed
- Retest
- Verify, that now the time settings are translated
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Works as expected
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Fridolin Somers [Tue, 23 Jun 2015 15:45:30 +0000 (17:45 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)
Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()
This patch corrects opac/opac-ratings.pl
Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Conflicts:
opac/opac-ratings.pl
Jonathan Druart [Wed, 24 Jun 2015 09:03:22 +0000 (11:03 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (quote*_ajax.pl)
This patch uses check_api_auth instead of get_template_and_user.
Test plan:
Confirm that you are still able to access to the quote editor with the
edit_quotes permission.
Confirm that you are not if you don't have the permission.
wget your_url/cgi-bin/koha/tools/quotes/quotes_ajax.pl
should return "403 : Forbidden."
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Fridolin Somers [Tue, 23 Jun 2015 15:45:30 +0000 (17:45 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)
Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()
This patch corrects opac/opac-ratings.pl
Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Fridolin Somers [Tue, 23 Jun 2015 14:45:21 +0000 (16:45 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl)
Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()
This patch corrects acqui/updatesupplier.pl
Test plan :
- Apply patch
- Connect to intranet with a user having "vendors_manage" permission
- Go to acquisition module
- Create a new vendor
- Click on "Edit vendor"
- Change some information and save
=> Your change is saved
- Connect to intranet with a user not having "vendors_manage" permission
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
- Disconnect from intranet
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Mason James <mtj@kohaaloha.com>
Katrin Fischer [Sun, 7 Jun 2015 21:45:10 +0000 (23:45 +0200)]
Bug 8686: Raise required version of URI::Escape to 3.31
Raises the minimum required version of URI::Escape from
1.36 to 3.31.
TEST PLAN
---------
1) git branch -b bug_8686 origin/master
2) ./koha_perl_deps.pl -a | grep URI
-- it will list 1.36 required
3) git bz apply 8686
4) ./koha_perl_deps.pl -a | grep URI
-- it will list 3.31 required
5) koha qa test tools
NOTE: Also default in Ubuntu 14.04 LTS,
not just Wheezy as noted in comment #15.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signoff based on Nicole's comment (bug 9990 comment 6):
"This stops happening if you upgrade URI::Escape to
3.31. We should make it clear in the Perl Modules page that an upgrade
is needed." Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Thu, 16 Apr 2015 14:39:09 +0000 (16:39 +0200)]
Bug 10355: paramater 'object' lost on the road
Test plan:
1) Go to any detail page in staff
2) Click on the modification log tab
3) Verify, that the object is prefilled with the records biblionumber
and you can also see it as parameter in the url
4) Click a second time on modification log to reset your search
Before this patch, the object parameter was empty.
It now contains the value of the biblionumber.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described, no koha-qa errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
(cherry picked from commit 0002126a2ab0ac38a8d3f144f446dc3ba69dab59) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Conflicts:
tools/viewlog.pl
Marcel de Rooy [Thu, 4 Jun 2015 10:03:42 +0000 (12:03 +0200)]
Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText
The synopsis of this TT plugin contains two example lines:
[% myhtml FILTER html2text(leftmargin => 0, rightmargin => 0) %]
[% myhtmltext | html2text %]
These lines have been copied (without too much thought :) to a few templates. Since we do no use the variables myhtml or myhtmltext in these templates, these lines are useless.
Test plan:
[1] Put some items in your cart. And send it.
[2] Send a shelf.
[3] Git grep on myhtml. Should not have results.
NOTE: Sent carts and lists in Intranet and OPAC successfully.
Though, this does bring into question why the letters
have HTML formatting if it is getting removed. That,
however, is beyond the scope of this bug.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Marcel de Rooy [Tue, 26 May 2015 12:52:07 +0000 (14:52 +0200)]
Bug 14276: Keep highlight on the active item in item editor
The highlight only works on even items.
This patch should resolve it.
Test plan:
Edit biblio with multiple items.
Verify that the highlight is visible on the selected item you edit.
And that there is no highlight for a new item.
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 14173: Paging on 'recent comments' page in OPAC is not displaying correctly
This patch corrects the display of current page on
a multipage recent comments.
To test:
1) Enable OpacShowRecentComments
2) Add multiple comments to multiple records
I used a script to add multiple lines like
"insert into reviews values ($i, 51, $i, 'Comment $i', 1, '2015-06-01 00:00:00')"
to table reviews
3) On OPAC, go to 'Recent comments', verify the bug
4) Apply the patch
5) Reload and check correct display
Can't found missing space near 'by' from description.
Display is correct for me.
Followed test plan, displays as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
If an error occurs in patron batch modification, a message similar to the following is displayed:
Can not update patron with borrowernumber 7055
It would be useful to have the cardnumber as well.
This patch adds the card number to the lists of errors.
It is not easy to trigger an error (see comments).
For testing, I tweaked the sub ModMember in C4/Members.pm to always return false.
TEST PLAN
---------
1) Log in as a superlibrarian and create a test user
2) Change the cardnumber to a number differing from the
borrower number.
3) Home -> Tools -> Batch patron modification
4) Type in the cardnumber of that test user
5) Check the Library checkbox.
6) Click Save
-- nice error, but it is borrower number instead of
the card number which was entered.
7) Apply the patch
8) Repeat steps 3-6
-- nice error, but it is now more informative.
9) run koha qa test tools.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
(cherry picked from commit 3b3f82de377c87f9108bf07dd0d293182e5b9bdc) Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Jonathan Druart [Tue, 26 May 2015 11:05:51 +0000 (13:05 +0200)]
Bug 14266: Trim the email address in the pl script
The original concern of bug 14266 was to provide a compatibility for
<IE9.
But actually we don't need to trim the email address template side.
It will even better to trim it in the perl script, so that the email
will be trimed even if JS is disabled.
Test plan:
1/ Share a list and does not provide any email address
2/ Submit
=> The form is not submited, no alert/message is displayed (same as
before this patch).
3/ Share a list and provide an email address with spaces before and
after
4/ Submit
=> You should receive the email
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Test output compliant with expected test plan outcome.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
David Cook [Mon, 25 May 2015 04:07:27 +0000 (14:07 +1000)]
Replace trim() with $.trim() in opac-shareshelf.tt
This patch replaces trim() with $.trim() which is supported
in versions of IE older than IE9.
Revised test plan
=================
Before applying patch:
0) Use IE 8 or Document Mode 8 in a newer IE using F12 Developer Tools
1) Set OpacAllowSharingPrivateLists to "Allow" in Global System Preferences
2) Create a private list in the OPAC
3) Add a record to the private list
4) Click "Share" or "Share list" on one of the list screens
5) Type in an email address and click "Send"
6) Note the error in the console log
7) The page should submit
Apply the patch:
7) Hold shift + refresh the browser to update any Javascript cache
8) Try to "Share" the list again
9) Note that the form submit after clicking "Send" and
that there are no errors in the console log
Kyle M Hall [Wed, 20 May 2015 15:31:18 +0000 (11:31 -0400)]
Bug 12066: New renew page in staff client doesn't record branch in statistics
Test Plan:
1) Apply this patch
2) Renew an item via circ/renew.pl
3) Note the branch code of your logged in library is set as the
branch in the generated statistic line
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested pre and post patch, now branch is saved
No errors
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Katrin Fischer [Mon, 25 May 2015 09:22:07 +0000 (11:22 +0200)]
Bug 13946: Change order status 'Pending' to 'Ordered'
The order status after closing the basket is 'ordered' in the
database, but displays as 'pending' in the staff interface.
As we use 'pending' when you have to review a suggestion, this
clashes in translations and the meaning is different. The patch
renames 'pending' for the order status to 'Ordered' to be more
clear.
To test:
- Verfiy 'Ordered' shows in the pull down on the acq advanced
search and search still works correctly
- Verify the results table also display 'Ordered' as the status
Signed-off-by: Cédric Vita <cedric.vita@dracenie.com> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 14275: Remove CGI::scrolling_list from guided_reports.pl
Remove an instance of CGI::scrolling_list from this file
To test:
1) Go to Reports, Guided report wizard, New SQL report
2) Create a report with some auth value list, e.g.
SELECT surname,firstname FROM borrowers WHERE branchcode=<<Enter patrons library|branches>>
Save
3) Clic on 'Run this report", look at the dropdown, that will be changed
4) Apply the patch
5) Reload, check dropdown and any regression
Followed test plan, works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
A trivial string patch to update the error message displayed to
user if koha-translate is used to attempt removal of a language
that is not installed.
Test plan
=========
1/ attempt to remove a non-existent language by
<installdir>/debian/scripts/koha-translate --remove <langcode>
2/ it should show "Error: the selected language is not already
installed."
3/ apply patch
4/ repeat step 1; it should show "Error: the selected language is
not installed."
Signed-off-by: Nick Clemens <nick@quecheelibrary.org> Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Aleisha [Tue, 12 May 2015 02:08:17 +0000 (02:08 +0000)]
Bug 14184: Undefined $term causes noisy warns in C4/CourseReserves.pm
This patch sets $term to be an empty string.
Test plan
=========
1/ enable 'UseCourseReserves' syspref in Circulation preferences
2/ in a terminal, run a `tail -f ` on your instance's opac-error.log
3/ go to the opac, click on 'Course reserve' tab to go to
opac-course-reserves.pl
4/ notice the warning - "opac-course-reserves.pl: Use of uninitialized
value $term" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-course-reserves.pl)
7/ page works but the warning in step #4 is no longer logged
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error
Remarks: Testing result match expected test plan output. The QA tests
pass with "OK" for the commit.
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Aleisha [Tue, 12 May 2015 03:01:35 +0000 (03:01 +0000)]
Bug 14185: Undefined $limit causes warn in opac/opac-readingrecord.pl
This patch sets $limit to be an empty string.
Test plan
=========
1/ login into the opac using your user account credentials
2/ in a terminal, run a `tail -f ` on your instance's opac-error.log
3/ go back to the opac, click on 'your reading history' tab to go to
opac-readingrecord.pl
4/ notice the warning - "opac-readingrecord.pl: Use of uninitialized
value $limit" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-readingrecord.pl)
7/ page works but the warning in step #4 is no longer logged
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error
Remarks: Testing result match expected test plan output. The QA tests
pass with "OK" for the commit.
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 14186 [QA Followup]: Undefined $reservedfor causes warn in opac-reserve.pl
This is a followup for Bug 14186 that removes the extraneous tab
char on line 470, so that the patch can clear QA tools.
This patch sets $reservedfor to an empty string.
Test plan
=========
1/ in a terminal, run `tail -f ` on your instance's opac-error.log
2/ go to the opac and search from an item that exists on the Koha
instance.
3/ Select the title (if more than one title is returned) and click on
'Place hold' link to go to opac-reserve.pl
4/ notice the warning - "opac-reserve.pl: Use of uninitialized value
$reservedfor" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-reserve.pl)
7/ page works but the warning in step #4 is no longer thrown up
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error
Remarks: Testing result match expected test plan output. The QA tests
pass with "OK" for the commit.
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Aleisha [Tue, 12 May 2015 03:30:46 +0000 (03:30 +0000)]
Bug 14186: Undefined $reservedfor causes warn in opac-reserve.pl
This patch sets $reservedfor to an empty string.
Test plan
=========
1/ in a terminal, run `tail -f ` on your instance's opac-error.log
2/ go to the opac and search from an item that exists on the Koha
instance.
3/ Select the title (if more than one title is returned) and click on
'Place hold' link to go to opac-reserve.pl
4/ notice the warning - "opac-reserve.pl: Use of uninitialized value
$reservedfor" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-reserve.pl)
7/ page works but the warning in step #4 is no longer thrown up
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error
Remarks: The QA test failed - "forbidden pattern: tab char (line 470)".
Marking this as 'FAILED QA'
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Fri, 19 Jun 2015 08:25:30 +0000 (10:25 +0200)]
Bug 14408: Add tests to get_template_and_user
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Chris [Mon, 22 Jun 2015 05:23:52 +0000 (05:23 +0000)]
Bug 14408 Path Traversal error
Counter counter patch
Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt
and not allowing ../etc
Note the previous patch tries to protect against /etc/passwd
but //etc/passwd is now vulnerable. I do think a whitelist is safer than trying to do a blacklist
To test:
1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt
Notice you get a valid JSON response
2/ Hit
/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
(You may have add more ..%2f or remove them to get the correct path)
Notice you can see the contents of the /etc/passwd file
3/ Hit
/cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
4/ Apply patch
5/ Hit the first url again, notice it still works
6/ Hit the second url notice it now errors with a file not found
7/ Hit the third url notice it now errors with a file not found
Repeat for the other script also
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Chris [Sun, 21 Jun 2015 09:35:07 +0000 (09:35 +0000)]
Bug 14423 : Multiple XSS bugs in suggestion.pl
To test
1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to=
2/ Notice alert box(es)
3/ Apply patch
4/ Reload and notice alert is gone
Repeat for
collection_title
copyrightdate
isbn
manageddate_from
manageddate_to
publishercode
suggesteddate_from
suggesteddate_to
Chris [Sun, 21 Jun 2015 09:01:32 +0000 (09:01 +0000)]
Bug 14423 : XSS bugs in catalogue search
To test
1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice alert boxes
3/ Apply patch
4/ Reload url, no alerts
5/ Check search still works
Chris [Sun, 21 Jun 2015 08:46:40 +0000 (08:46 +0000)]
Bug 14423 : XSS issues in marc_subfields_structure
1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice all the alert boxes
3/ Apply patch
4/ Reload page, no more alerts
5/ Test functionality still works
Chris [Sun, 21 Jun 2015 08:33:13 +0000 (08:33 +0000)]
Bug 14423 XSS bug in auth_subfields_structure
1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice a ton of alert boxes pop up
3/ Apply patch
4/ Reload url, no longer get any alerts
5/ Test fuctionality still works
Chris [Sun, 21 Jun 2015 08:18:20 +0000 (08:18 +0000)]
Bug 14423 : XSS bug in lateorders
1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom
2/ Not you get an alert box
3/ Apply patch notice it is fixed
4/ Test functionality still works
Chris [Sun, 21 Jun 2015 08:10:20 +0000 (08:10 +0000)]
Bug 14423 : XSS in authorities-home
To test:
1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice you get 3 alert boxes
3/ Apply patch
4/ Hit the url again, no js
To exploit the vulnerability, no authentication is needed
To test
1/ Turn on mysql query logging
2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
3/ Check the logs notice something like
SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
PROCEDURE ANALYSE
(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
4/ Apply patch
5/ Hit the url again
6/ Notice the log now only has
SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed the problem and the fix for it. Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Fri, 19 Jun 2015 08:25:30 +0000 (10:25 +0200)]
Bug 14408: Add tests to get_template_and_user
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
To test:
1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt
Notice you get a valid JSON response
2/ Hit
/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
(You may have add more ..%2f or remove them to get the correct path)
Notice you can see the contents of the /etc/passwd file
3/ Hit
/cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
4/ Apply patch
5/ Hit the first url again, notice it still works
6/ Hit the second url notice it now errors with a file not found
7/ Hit the third url notice it now errors with a file not found
Repeat for the other script also
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Fri, 19 Jun 2015 09:21:47 +0000 (11:21 +0200)]
Bug 14416: (follow-up) opac addbybilionumber
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Chris Cormack [Thu, 18 Jun 2015 23:26:02 +0000 (11:26 +1200)]
Bug 14416 Stored XSS vulnerability
opac-addbybiblionumber.pl is also vulnerable because it doesn't escape
list names.
To test
1/ Create a malicious list name
2/ Try to add a biblio to the lists
3/ Notice js is excuted
4/ Apply patch
5/ Test again
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Chris Cormack [Thu, 18 Jun 2015 23:41:45 +0000 (11:41 +1200)]
Bug 14418 : More XSS vulnerabilities in opac-shelves.pl
To test:
1/ Hit a url like
/cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh
noes')</script> Where the id is a valid shelf id
2/ Notice the js is executed
3/ Apply patch
4/ Reload page
5/ Notice input is now escaped on display
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Tested in Debian, couldn't reproduce the alert in Iceweasel, but in
Chromium. Patch fixes it.
Chris Cormack [Thu, 18 Jun 2015 23:30:22 +0000 (11:30 +1200)]
Bug 14418 : XSS flaw in opac-shelves.pl
To test:
1/ Create a list and add at least one item to it
2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
Where the shelf id is the number of the list you created, notice the js is executed
3/ Apply the patch
4/ Reload the page notice the js is now escaped
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Chris Cormack [Thu, 18 Jun 2015 21:25:22 +0000 (09:25 +1200)]
Bug 14418 XSS Vulnerabilities
Fix for /cgi-bin/koha/opac-search.pl
To test
1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script
src='http://cst.sba-research.org/x.js'/>&q=a
2/ Notice the js is executed
3/ Apply patch
4/ Reload page, notice it is no longer executed
5/ Test the rss links work still
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed bug and that the patch fixes it. Signed-off-by: Mason James <mtj@kohaaloha.com>
Aleisha [Tue, 9 Jun 2015 02:02:55 +0000 (02:02 +0000)]
Bug 14360: Unescaped variable causes alert pop-up
To test:
1) Create a list in the OPAC, name it: <script>alert('Hello');</script>
2) Delete the list
3) Confirm deletion
4) See the alert say 'Hello'
5) Apply patch
6) Recreate list with same name
7) Delete list
8) Confirm deletion and alert no longer pops up
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Aleisha [Mon, 8 Jun 2015 02:30:23 +0000 (02:30 +0000)]
Bug 14360: Unescaped variable causes alert
Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert.
To test:
1) Go to URL such as ... /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
2) Notice pop-up box with alert
3) Apply patch, refresh page
4) Notice alert is gone
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Robin Sheat [Tue, 28 Apr 2015 03:19:30 +0000 (15:19 +1200)]
Bug 14068: fix preinst for fresh package installs
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Works as expected. Tested both upgrading and on a new install. Signed-off-by: Mason James <mtj@kohaaloha.com>
Robin Sheat [Fri, 24 Apr 2015 02:48:53 +0000 (14:48 +1200)]
Bug 14055: remove symlink that breaks upgrades
Old versions of koha-common would put in a symlink to the system YUI
libraries. This causes upgrade problems, so we look out for that and zap
it if it's there.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 14006: about.pl checks the wrong zebra index mode
When setting zebra_bib_index_mode to grs1 I get two warnings when not applying the patch:
"The <zebra_bib_index_mode> entry is set to grs1. GRS-1 support is now deprecated and will be removed in future releases. Please use DOM instead by setting <zebra_bib_index_mode> to dom (full reindex required)."
"You have set <use_zebra_facets> but the <zebra_bib_index_mode> is not set to dom. Falling back to legacy facet calculation."
When applying the patch a third warning appears in addition to the two previous ones:
"The <zebra_bib_index_mode> entry is set to dom, but your system still appears to be set up for grs1 indexing."
Seems like the patch does what it should to me regarding the configuration mismatch warning.
Signed-off-by: Eivin Giske Skaaren <eskaaren@yahoo.no> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 14075: Undefined value creates noisy warns in C4::AuthoritiesMarc
This match sets $sortby (previously undefined value) as an empty string to get rid of the warns.
To test:
1) Go to a URL such as http://localhost:8080/cgi-bin/koha/opac-authorities-home.pl?op=do_search&type=opac&operator=contains&value=a&marclist=any&and_or=and
2) Notice the warns in the error log
3) Apply patch
4) Reload URL
5) Notice page still works but no warns in error log
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: I would have done $sortby //= '';
But this works too. :)
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
TEST PLAN
---------
1) Apply first patch
2) prove -v t/db_dependent/Labels/t_Batch.t
-- YUCK! No meaningful messages on a lot of the ok's.
3) Apply this patch
4) prove -v t/db_dependent/Labels/t_Batch.t
-- YAY! Meaningful test results
5) koha qa test tools
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com> Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Nick Clemens [Thu, 14 May 2015 19:56:43 +0000 (19:56 +0000)]
Bug 14204: Fix t/db_dependent/Labels/t_Batch.t failing test from Bug 12991
This patch updaes the batch_id variable after items are added to test batch
To test:
1. prove t/db_dependent/Labels/t_Batch.t and see two tests fail
2. apply patch
3. prove again, tests pass!
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: The $batch->add_item() call to C4::Creators::Batch::add_item
triggers the change of the batch_id so this line is necessary! Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com> Signed-off-by: Mason James <mtj@kohaaloha.com>