David Cook [Mon, 18 Nov 2024 05:15:26 +0000 (05:15 +0000)]
Bug 38470: Add missing double quotes to some Javascript
This change adds some double quotes where quotes were missing,
and replaces single quotes with double quotes, which prevents XSS.
Test plan:
0. Apply the patch
1. Create a subscription
2. Using the ID from the subscription, go to this page:
http://localhost:8081/cgi-bin/koha/serials/subscription-detail.pl?
print_routing_list_issue=1&subscriptionid=<SUBSCRIPTIONID>
3. Note that you're able to generate a print slip
(You may need to allow popups)
4. To check the security vulnerability is fixed, try the proof-of-concepts
attached to the bug report
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
David Cook [Mon, 18 Nov 2024 04:14:37 +0000 (04:14 +0000)]
Bug 38468: Add double quotes to some template strings
This change adds double quotes to some template strings where
quotes are missing all together or single quotes are used incorrectly.
Test plan:
0. Apply the patch
1. Go to http://localhost:8081/cgi-bin/koha/catalogue/search.pl?q=test
2. Click on "Gairm"
3. Use the search result navigation box to go to the next result
On the left of the page. Just bellow the breadcrumb and
left of the record title.
4. Note that everything loads correctly
5. To test that the security hole has been fixed, try some of the
proof-of-concept attacks provided for biblionumber and searchid
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Baptiste Wojtkowski <baptiste.wojtkowski@biblibre.com> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
David Cook [Thu, 17 Oct 2024 05:35:56 +0000 (05:35 +0000)]
Bug 37727: Prevent CSV Formula injection via DataTables
This change prevents CSV Formula injection on DataTables exports
by escaping formula with a single quote prefix as per OWASP recommendations.
Test plan:
0. Apply patch
1. Go to http://localhost:8081/cgi-bin/koha/members/memberentry.pl
?op=edit_form&destination=circ&borrowernumber=51
2. Add the following in a "Circulation note"
=SUM(1+1)
3. Go to http://localhost:8081/cgi-bin/koha/members/member.pl
?quicksearch=1&circsearch=1&searchmember=koha
4. Click "Export" and choose "Excel" and "CSV"
5. Open those downloaded files in Excel
6. Note that the =SUM(1+1) function is prefixed with a single quote,
and is not automatically executed
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised. The problematic "cell" is exported as "'=SUM(1+1)". Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
David Cook [Fri, 14 Jun 2024 04:34:47 +0000 (04:34 +0000)]
Bug 37087: Add TCP keepalive support to SIP server
This change adds the ability to enable and configure TCP keepalive
support for the SIP server using SIPconfig.xml.
For the sake of backwards compatibility, it defaults to disabled
and additional parameters default match typical kernel defaults.
Technical detail can be found in the perldoc for C4/SIP/SIPserver.pm
Test plan:
0. Apply the patch
1. koha-sip --restart kohadev
2. apt-get update && apt-get install tcpdump
3. In one window, run "tcpdump -A -n -v -i any 'port 6001'"
4. In another window, run the following:
echo -e "9300CNterm1|COterm1|CPCPL|\r" | nc 127.0.0.1 6001 -v
5. Note in tcpdump output that after the initial flood of packets,
nothing more is received
6. vi /etc/koha/sites/kohadev/SIPconfig.xml
7. In the "server-params" element, add attributes like the following:
custom_tcp_keepalive='1'
custom_tcp_keepalive_time='10'
custom_tcp_keepalive_intvl='5'
8. koha-sip --restart kohadev
9. In one window, run "tcpdump -A -n -v -i any 'port 6001'"
10. In another window, run the following:
echo -e "9300CNterm1|COterm1|CPCPL|\r" | nc 127.0.0.1 6001 -v
11. Note in tcpdump output that after the initial flood of packets,
ACK packets are sent out every 10+ seconds for the idle connection
Signed-off-by: Tadeusz „tadzik” Sośnierz <tadeusz@sosnierz.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 73c7acd33f005eebe9e1338b263cec95e1099d48) Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
to test:
1- try to save an agreement with 81+ characters in License Info
2- it does not save
3- apply patch, updatedatabase
4- repeat 1, it works!
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2512392b2a8fc5f6485bb64cc90376067446b56e) Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
Bug 37292: Add an index on oauth_access_tokens.expires
This patch adds a needed index to the column.
To test:
1. On a fresh KTD, run:
$ ktd --shell
k$ koha-mysql kohadev
> SHOW CREATE TABLE oauth_access_tokens;
=> FAIL: There's no 'KEY' entry for the `expires` column
2. Apply this patch
3. Run:
k$ updatedatabase
=> SUCCESS: A message tells the index was added
4. Repeat 1
=> SUCCESS: The index was actually added to the DB
5. Run:
k$ reset_all
6. Repeat 1
=> SUCCESS: The index is created at install time too!
7. Run:
k$ updatedatabase
=> SUCCESS: Nothing explodes, no message about index being created
8. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2e63ece6ae9d560302408a4303df882a47791c87) Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Wed, 27 Nov 2024 08:55:23 +0000 (09:55 +0100)]
Bug 38543: Do not include rowGroup asset files
rowGroup plugin is now part of the datatables.min.js bundle. We no
longer need to include its css and js files, and they no longer exist
anyway!
[2024/11/27 08:52:37] [WARN] File not found : lib/jquery/plugins/rowGroup/stylesheets/rowGroup.dataTables.min.css at /kohadevbox/koha/Koha/Template/Plugin/Asset.pm line 107
[2024/11/27 08:52:37] [WARN] File not found : lib/jquery/plugins/rowGroup/dataTables.rowGroup.min.js at /kohadevbox/koha/Koha/Template/Plugin/Asset.pm line 84.
Test plan:
Confirm that the checkouts are grouped "today" and "previous" on the
checkout page.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4b82e00416c73a0e8a1b1e57ed453863d802bf6d) Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
This patch updates the JavaScript on the patrons requesting modification
page in order to make it work following the upgrade to Bootstrap 5. The
automatic panel expansion is broken.
To test, apply the patch and enable, if necessary, the OPACPatronDetails
system preference.
- Log in to the OPAC and submit changes to your personal details.
- Do this again as a different user so that there is more than one
pending request.
- From the staff interface home page, follow the link for "Patrons
requesting modifications"
- Upon loading, the "Update patron records" page should automatically
expand the first panel.
- Locate the patron record for the second of the patrons you requested
updates for.
- From that patron's detail page, follow the "Review pending
modifications" link.
- The panel containing that patron's information should expand by
default.
Sponsored-by: Athens County Public Libraries Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a42686d8910594d674e7bbb8d163351306d3fbb5) Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Tue, 19 Nov 2024 10:15:54 +0000 (11:15 +0100)]
Bug 38476: Make DT 'Configure' button a link
So that we can open in a separate bug using right click.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d53784de3a4adeab7b7c6c097883b6b72e52e9d4) Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
Lucas Gass [Tue, 5 Nov 2024 22:13:32 +0000 (22:13 +0000)]
Bug 38362: Fix printing lists on opac/opac-shelves.pl
To test from the OPAC:
1 - create a list with more than 10 items
2 - print the list -> there is a pagination and that only 10 items
are printed
3 - Apply patch
4 - print the list again -> every items are being printed
Signed-off-by: Sam Sowanick <sam.sowanick@corvallisoregon.gov> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Tidied: added a few spaces. Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8d0e7ff906ae4e6b1367307e7dfdead909676bcb) Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
Michał Kula [Wed, 17 Jul 2024 13:05:02 +0000 (13:05 +0000)]
Bug 37393: fix "In bundle:" link not showing for items in staff interface
The cause was erroneous check `[% IF bundlesEnabled %]` before the parent bundle information is requested+shown. The `bundlesEnabled` variable checks if the current biblio ITSELF is of collection type, so should only be used for whether to show the button to add new items to the bundle items, NOT for querying whether current item is part of a bundle, as the items that make up the bundle aren't of collection type themselves.
The second fixed problem was that `bundle_host` didn't contain `.biblio` subitem (which'd contain the actual host biblio title) as the JavaScript code assumed, and it wasn't possible to request it with the API either.
Test plan: please follow the reproduction instructions from bug and ensure that the described issue is gone.
If you run into an error 400 on the detail page, you need to refresh API definitions, in kts shell you'drun:
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7df4eda9ecb478c5d6dc5672998d2616f14c83f2) Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
Phil Ringnalda [Fri, 6 Sep 2024 00:16:28 +0000 (17:16 -0700)]
Bug 37293: MARC bibliographic framework text for librarians and OPAC limited to 100 characters
The database columns for liblibrarian and libopac in marc_tag_structure and
marc_subfield_structure are 255 characters, but the HTML maxlength in
/koha-tmpl/intranet-tmpl/prog/en/modules/admin/marctagstructure.tt and
/koha-tmpl/intranet-tmpl/prog/en/modules/admin/marc_subfields_structure.tt
limit tags to 100 characters and subfields to 80 characters.
Test plan:
1. Apply patch, restart_all
2. Administration - MARC bibliographic framework - for Default, Actions -
MARC Structure
3. For the 000 tag, Actions - Edit tag
4. In both the "Description in staff interface" and "Description in OPAC"
paste the 255 character string
and click Save changes
5. Verify that the display shows all 255 characters, then Actions - Edit tag
and verify that the two inputs reloaded with all 255 characters, and that
you cannot type a 256th character, then click Cancel
6. For the 000 tag, Actions - Edit subfields
7. Paste the same string in both the staff interface and OPAC inputs, Save
changes, verify that all 255 characters show, click Edit subfields, verify
that all 255 characters reloaded in the inputs, verify that you cannot
type a 256th character
Sponsored-by: Chetco Community Public Library Signed-off-by: Shi Yao Wang <shi-yao.wang@inlibro.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a9044f4b3487d7b3eea7aaec7653edff48463ea3) Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Nick Clemens [Tue, 23 Jul 2024 16:16:57 +0000 (16:16 +0000)]
Bug 37424: Display additional materials note in batch checkout
This patch adds a missing conditional for ADDITIONAL_MATERIALS to the batch checkout table
Test plan:
1. Set a staff member with circ permissions, including FORCE_CHECKOUT
2. Turn on: CircConfirmItemParts, BatchCheckouts, BatchCheckoutsValidCategories (all)
3. Log in as staff member in step 1
4. Attempt to checkout an item with a 952$3 from the batch checkout tab
5. The item with a 952$3 displays, but the copy/text of the materials specified note does not.
6. Do not confirm checkout
7. Apply patch
8. Try again, the materials note should show this time
9. Confirm checkout
10. Success! Item is checked out
Signed-off-by: Catrina Berka <catrina@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 03538b59aaa897375e1839e4260ffadac03890ab) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Wed, 20 Nov 2024 10:51:59 +0000 (11:51 +0100)]
Bug 38437: Auto-show modal on single receive
Might have been broken by the bootstrap 5 upgrade, but not sure.
Not sure why the click does not trigger the modal.
1. Place an order in acquisitions
1.1. Go to Acquisitions
1.2. Click 'Search' next to 'Search vendors'
1.3. Click 'Add to basket' next to 'My basket'
1.4. Search for an existing record (e.g. search for Shakespeare)
1.5. Click 'Add order' next to a result or in the detailed record
1.6. In the item form, choose an item type
1.7. Click 'Add item'
1.8. Choose a fund
1.9. Enter a price in 'Vendor price'
1.10. Click 'Save'
1.11. Click 'Close basket'
1.12. Click 'Yes, close'
2. Receive the order
2.1. Click 'Receive shipments'
2.2. Enter a value in 'Vendor invoice'
2.3. Click 'Next'
2.4. Click 'Receive' next to your order
=> The modal is shown
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu> Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit ef455af3445b824bd97c0db3e60ebe37dc1bdf20) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Wed, 20 Nov 2024 13:55:21 +0000 (13:55 +0000)]
Bug 38495: (follow-up) Add a confirmation message
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT} Added a html filter for qa tools.. Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0be0f03d5267bb13eb28a7cdbfbcdd43cbb830df) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Wed, 20 Nov 2024 13:24:12 +0000 (13:24 +0000)]
Bug 38495: Use JS to submit form to cancel background jobs
This patch adjusts the link to cancel jobs to be submitted as a POST with cud-cancel operation
To test:
1 - Stop your long tasks bacground jobs worker
sudo koha-worker --stop --queue long_tasks kohadev
2 - Stage a file for import
3 - Administration -> Manage jobs
4 - See your new job
5 - Click 'cancel'
6 - It didn't work
7 - Apply patch
8 - Browse to jobs again
9 - Click 'Cancel'
10 - Job is successfully cancelled
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d047776630152a9e2b16c7797aaac600c0dff6e2) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Marcel de Rooy [Fri, 22 Nov 2024 08:28:46 +0000 (08:28 +0000)]
Bug 38513: Fix Biblio.t for Koha_Main_My8
This should do the tric: The test output shows that the second
mapping was not found (field 264); also the expected suspect btw.
So adding that here.
Test plan:
Run t/db_dependent/Biblio.t
See also comment28 on bug 19097.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Simulated the above by removing 264c from Koha to MARC mapping. Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 28d24aaa0874844ec8643a9ea19cc0b501013c6a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Mon, 25 Nov 2024 10:57:54 +0000 (11:57 +0100)]
Bug 38526: (bug 36822 follow-up): Improve datetime comparison in tests
17:39:54 koha_1 | # Failed test 'updated_on correctly saved on newly created user'
17:39:54 koha_1 | # at t/db_dependent/Auth_with_shibboleth.t line 319.
17:39:54 koha_1 | # Structures begin differing at:
17:39:54 koha_1 | # $got->[0] = '2024-11-19 16:39:30'
17:39:54 koha_1 | # $expected->[0] = '2024-11-19 16:39:29'
17:39:54 koha_1 | # Looks like you failed 1 test of 54.
We must use t::lib::Dates::compare to compare datetimes in tests.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit ed25a48ccf566bf4a21040a36d25bda8d598c301) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Janusz Kaczmarek [Wed, 23 Oct 2024 13:27:52 +0000 (13:27 +0000)]
Bug 38239: Incorrect number of items to pull (in Holds to pull) with partially filled holds
With a over-sufficient number of items, when more than one patron has
placed hold, and the holds have been partially filled (checked-in =
waiting for pick up), the number of items to pull in the Holds
to pull table shows the total number of holds, including those waiting.
This erroneously suggests to the librarian to pull an excessive number
of items from the shelves.
Test plan:
==========
1. For a bibliographic record with more than two items (in ktd, e.g.
"Lanark a life in four books"), place hold for two patrons.
2. On the Holds to pull page control that there are two items to pull.
3. As a librarian from the library of one of the patrons, Check-in one
item.
4. Note that in Holds to pull table you still see two items to pull,
which is misleading.
5. Apply the patch; restart_all.
6. Now you should see only one item to be pulled.
Sponsored-by: Ignatianum University in Cracow Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit abfba936fb4ffcab5d1234c3fc577ac493865c5e) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
George Veranis [Thu, 7 Nov 2024 13:39:16 +0000 (14:39 +0100)]
Bug 28075: (follow-up) adding all choices and values of 135a
Extend patch of 135a to cover all choices with all possible values as
described by IFLA for 135a.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9a72d3c7576d2c884ea93ae7f065d6836358c3d9) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This patch add more values to selection of 135a in UNIMARC
Test Plan:
1) Add on default framework the field 135a and check the Editor option
2) Set on plugin section the value of unimarc_field_135a.pl
3) Open cataloguing editor and use 135 field tag editor to select a value
4) Apply patch
5) Open cataloguing editor and use 135 field tag editor to select a value,
after patch you have more options to select
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3fa03e2e660de9c0ab12e8281671963f089c3ef9) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Mon, 11 Nov 2024 22:17:58 +0000 (22:17 +0000)]
Bug 38416: Tidy
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8b952b1a343f03c86589f4e696a84e18000525b8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Mon, 11 Nov 2024 04:40:52 +0000 (04:40 +0000)]
Bug 38416: Add unit tests
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a9eaefa3b89d77ff3a43bb560d5bc79b0c7615e5) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Mon, 11 Nov 2024 04:30:06 +0000 (04:30 +0000)]
Bug 38416: Failover to MARCXML if cannot roundtrip USMARC during indexing
This change failsover to MARCXML from USMARC if there are any
warnings generated by MARC::File::USMARC::decode when trying to
roundtrip the record.
Test plan:
0. Apply the patch
1. Setup your koha-testing-docker to use Elasticsearch
2. Create a new record with 15,000 characters in the 500$a field
3. Index that record
(e.g. perl misc/search_tools/rebuild_elasticsearch.pl --biblios -v -v)
4. Note that a warning saying the following appears:
"Warnings encountered while roundtripping a MARC record to/from USMARC.
Failing over to MARCXML"
5. View the "Elasticsearch record" on the detail page and note that the
marc_format is MARCXML
6. Perform a search for the record (the keyword should be something that
brings up other results too)
7. Note that the record appears correctly in the search results
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0d862343ddce4a86a4932b80d747b9574c739e4d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Wed, 13 Nov 2024 05:31:02 +0000 (21:31 -0800)]
Bug 29818: Cannot save subscription frequency without display order
The schema says that subscription_frequencies.displayorder can be null, and
everything else deals with it being null just fine, but if you try to save
a new frequency without specifying display order with strict_sql_modes set,
you get an error.
Test plan:
1. Without the patch, Serials - Manage frequencies - New frequency
2. Description is mandatory, so fill it in, then click Save
3. Boom! Apply patch, restart_all
4. Repeat steps 1-2, and verify that no error is thrown and the new
frequency shows up (at the top of the list since nothing comes before
something)
5. New frequency, fill in Description, try typing something other than a
number in Display order and saving. You should be told to follow the
directions that only numeric characters are allowed
Sponsored-by: Chetco Community Public Library Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 77c003ed544d653345acf4debe968110ea94a1fd) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Emily Lamancusa [Wed, 16 Oct 2024 14:14:51 +0000 (10:14 -0400)]
Bug 38186: Don't initiate transfer when cancelling hold on lost item
To test:
0. In the Circulation Rules, set the default return policy to "item
returns home (default settings have this already)
1. Find an item belonging to a branch other than the logged-in branch
2. Place a hold on that biblio record for pickup at the logged-in branch
3. Check in the item to set the hold to waiting
4. Set the expiration date to a date in the past
To do this in KTD:
ktd --shell
koha-mysql kohadev
UPDATE reserves SET expirationdate = < yesterday's date >;
5. Set a lost status on the item
6. Go to Circulation > Holds awaiting pickup
--> The hold should appear on the "holds waiting past their expiration
date" tab
7. Click the "Cancel and return to <homebranch>" button next to the hold
8. Open the biblio record for the item
--> Note that the lost status is gone and the item shows as in-transit
9. Apply patch
10. Repeat steps 2-8 on the same item
--> This time, the item is still lost and is not in-transit
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org> Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1c3ed6e4dbd2bb01762aa3bbd350c8346b1815b5) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Fri, 6 Sep 2024 01:49:35 +0000 (01:49 +0000)]
Bug 37854: Re-indent HTML (whitespace-only)
This whitespace only change re-indents the HTML
Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f067830305c98c42143a2d5c579e91a0dc9e7147) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Fri, 6 Sep 2024 01:45:27 +0000 (01:45 +0000)]
Bug 37854: Add fieldset.rows so that Javascript works
This change adds a fieldset.rows that the Javascript produced
by C4/Barcodes/ValueBuilder.pm will work here too like it
does for /cgi-bin/koha/cataloguing/additem.pl and
/cgi-bin/koha/acqui/neworderempty.pl
The fieldset.rows element ruins the styling, so we add some context
specific styling to the styling is preserved.
Test plan:
0. Apply the patch
1. Set "autoBarcode" to "generated in the form <branchcode>yymm0001"
2. Create a vendor
3. Create a backet with "Create items when" set to "receiving an order"
4. Add an order (any order)
5. Close the basket
6. Receive the shipment
7. Click in the barcode field
8. Note that you get a barcode like CPL24090001 and not undefined24090001
Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 79b5228116ccfac3fc4aa9366493bfaeb858c1f7) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Thu, 11 Jul 2024 12:03:40 +0000 (12:03 +0000)]
Bug 37326: decode barcode file in inventory tool
This patch ensures that barcodes uploaded as a file into batchMod are run through
any transformations to match the behaviour of barcodes entered in a list
To test:
1 - Edit BarcodeSeparators system preference to remove \s
2 - Install barcode transformer plugin:
https://github.com/bywatersolutions/koha-plugin-barcode-transformer/releases/tag/v1.2.0
3 - Configure the plguin:
item:
-
match: "^[A-Z]* \| "
search: "^[A-Z]* \| "
replace: ""
-
match: " \| .*$"
search: " \| .*$"
replace: ""
4 - Go to Cataloging->Batch item modification
5 - Enter a list of barcodes into the 'Scan one by one' box like:
ERR | 12345 | ERR
FOO | 23456 | FOO
BAR | 34567 | BAR
6 - Click 'Continue'
7 - Note the barcodes not found are:
12345
23456
34567
8 - Save the barcodes with extra text into a file
9 - Perform batch mod, supplying the barcodes via the file
10 - Note the barcodes not found are the original strings
11 - Apply patch, restart all
12 - Perform batch modification using file again
13 - Note the not found barcodes are the transformed version
14 - Sign off!
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d794891005e4a457371bd9ecaaf845e70fe85255) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jan Kissig [Wed, 13 Nov 2024 20:18:26 +0000 (20:18 +0000)]
Bug 23426: (follow-up) Fix failing test to send correct summary flag
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7509681e10fc8f8df71aa98627d1feaee64602e6) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jan Kissig [Thu, 7 Nov 2024 13:32:05 +0000 (13:32 +0000)]
Bug 23426: (follow-up) Enhance sip_cli_emulator.pl for test plan
This follow up enhances the sip_cli_emulator.pl to use start-item and/or end-item as params. With these new params the original test plan can be extended:
Test plan:
a) create several manual invoices for patron 23529000035676 : http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=19
b) run
perl misc/sip_cli_emulator.pl -a 127.0.0.1 -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 -m patron_information -s " Y " --start-item=1 --end-item=2
to get fine 1 and 2 or
perl misc/sip_cli_emulator.pl -a 127.0.0.1 -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 -m patron_information -s " Y " --start-item=3 --end-item=3
to retrieve fine 3
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit cfb841f9e6abc56735f8567ec40f46702cda9786) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jan Kissig [Thu, 7 Nov 2024 12:42:59 +0000 (12:42 +0000)]
Bug 23426: (follow-up) This patch reintroduces the former implementation of fine items
The original implementation of fine items was accidently overwritten with this patch. This follow up reverts these changes but keeps additional improvements that were also part of this patch.
These are:
- Returning the active currency as part of the response (BH)
- Fixing the number of items in the response which are specified in BP and BQ when other items as fine items are requested.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e5bd8aec41cb8f7ade5f7a228bbb34ff40ecea5b) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jan Kissig [Thu, 25 Apr 2024 09:13:55 +0000 (11:13 +0200)]
Bug 23426: Add fine items to patron information response in SIP2
This patch adds fine items (AV) to patron information response in SIP2
In addition the active currency we be part of the response (BH)
This also fixes the number of items in the response which are specified in BP and BQ in the request
to test:
a) create a manual invoice for patron 23529000035676 : http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=19
b) in ktd call: perl /usr/share/koha/bin/sip_cli_emulator.pl -a 127.0.0.1 -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 -m patron_information -s " Y "
c) verify that no |AV field is in response
d) apply patch
e) in ktd call: perl /usr/share/koha/bin/sip_cli_emulator.pl -a 127.0.0.1 -p 6001 -su term1 -sp term1 -l CPL --patron 23529000035676 -m patron_information -s " Y "
f) verify that response includes fields like '|AVManual fee '
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Tidied inline Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1d80470105e709e729a41ff52512dbcfd2992c69) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Hammat Wele [Mon, 12 Aug 2024 19:15:04 +0000 (19:15 +0000)]
Bug 36132: Allow to delete multiple patron lists on any page
Plan test :
1. Apply the patch.
2. Create at least 22 patron lists (Navigate to Tools > Patron lists > New patron list).
3. Select the lists you want to delete on the 2nd page
4. Click the "Delete selected lists" button.
5. Confirm that the selected lists have been deleted.
6. Ensure that the button cannot be used if no list is selected.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 96cc191e104e780f0f2c7527b374311160ad3ff2) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Wed, 6 Nov 2024 08:37:02 +0000 (09:37 +0100)]
Bug 38357: Prevent holidays to be wrongly added
This patch resets @holiday_list to an empty array, to prevent holidays
to be accumulated in worker's memory.
If you added single holidays to library A then others to library B,
holidays from A were also added to B.
Test plan:
Go to /cgi-bin/koha/tools/holidays.pl
Define the holidays for Centerville
Select a date
To: another date (pick only 2 days to ease testing)
Set a title "cpl"
Tick "Holidays on a range"
Save
Define the holidays for Fairview
Select *another* date
To: another date (pick only 2 days to ease testing)
Set a title "fpl"
Tick "Holidays on a range"
Save
=> Without this patch Fairview has 4 days of holidays instead of 2
=> With this patch applied the dates you selected are considered
holidays for Fairview
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 43e22821a99bc9fee50354039f1215f8ff662b5a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Fri, 8 Nov 2024 22:08:18 +0000 (14:08 -0800)]
Bug 38378: Serial frequency deletion needs to be converted to POST from GET
Deleting a serial frequency is (or can be) a two step process. If you are
deleting a frequency which is in use, you get back a page warning you that it
is in use, which the CSRF changes converted to a form POSTing with a CSRF
token and the new op cud-del. However, to get there you have to go through
the step that's the only step if the frequency isn't in use, clicking a link
that still thinks the op is named del rather than cud-del. That link needs to
instead be a form with a CSRF token and a POST of cud-del.
Test plan:
1. Without the patch, Serials - Manage frequencies
2. For any frequency, click Delete, click OK in the confirmation popup
3. Nothing happened except your URL changing, the frequency is still there
4. Apply patch, reload Manage frequencies
5. For any frequency, click Delete, click OK in the confirmation popup
6. This time, your frequency was deleted
Sponsored-by: Chetco Community Public Library Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit be6e13b50cd9d4e4b638ddae259a9b5c8ba9c5a7) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Mon, 1 Jul 2024 12:28:56 +0000 (12:28 +0000)]
Bug 24690: Make OPACPopupAuthorsSearch work with search terms containing parenthesis
This patch updates the OPACPopupAuthorsSearch feature so that it wraps
search terms with quotes. This is the behavior we have in place for
author searches outside the context of OPACPopupAuthorisSearch, e.g.
'au:"Criterion Collection (Firm)"'
To test, apply the patch and enable the OPACPopupAuthorsSearch system
preference.
- Search for a record in the OPAC which has author data containing
parentheses (it should not be a field linked to an authority record).
- View the detail page for that record.
- Click on one of the problematic author links.
- This should trigger a modal window with a list of authors and
checkboxes for each.
- With just the single checkbox checked, click "Search."
- The search should return the correct results.
- Test other author searches to confirm that they work too.
Sponsored-by: Athens County Public Libraries Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d7ae20f0cb4bc0850896617aae59ec22fedcc71d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Fri, 30 Aug 2024 11:05:59 +0000 (11:05 +0000)]
Bug 37790: Add skip indexing and holds queue options and verbosity to update localuse script
This patch skips record indexing and real time holds queue updates when updating the localuse field
from statistics. A note is added to the script that the user should reindex if the localuse field is mapped.
Additionally a verbose option is added to the script, and doubled use of GetOptions is removed.
Lastly, a check is added to confirm the items value is being changed before the value is stored.
To test:
1 - Enable the real time holds queue
2 - Enable Elasticsearch
3 - perl misc/maintenance/update_localuse_from_statistics.pl --confirm
4 - Note all items are touched and reported
5 - Check the background jobs table - there are many jobs generated
6 - Apply patch
7 - perl misc/maintenance/update_localuse_from_statistics.pl --confirm
8 - Note 0 items are reported updated, no new background jobs
9 - perl misc/maintenance/update_localuse_from_statistics.pl --confirm --verbose
10 - No items reported
11 - Update some items in the DB
UPDATE items SET localuse = 99 WHERE itemnumber LIKE '%9';
12 - perl misc/maintenance/update_localuse_from_statistics.pl --confirm
13 - Only the number of items changed above reported
14 - UPDATE items SET localuse = 99 WHERE itemnumber LIKE '%9';
15 - perl misc/maintenance/update_localuse_from_statistics.pl --confirm --verbose
16 - Each item changed reported, and the amounts, and the total items updated.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1ba5e028cbedbb84ccf183f1e6888323c5964ea3) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Fri, 15 Nov 2024 22:13:11 +0000 (14:13 -0800)]
Bug 38463: Unnecessary CSRF token in OPAC authority search
Bug 37069 correctly changed OPAC authority searches from a POST to a GET, but
forgot to remove the CSRF token that is only needed for a POST, so now it
clutters up the URL by making the first 107 characters of the query string
meaningless.
Test plan:
1. Without the patch, in the OPAC, go to Authority search
2. Change the dropdowns to non-default values so you have meaningful search
conditions, and search for something that will return results, like
Topical Term/starts with/a/in any heading/Heading descendant
3. Copy the URL of your search results, paste it in an email compose window,
look at what you just pasted and wonder whether that big opaque string is
actually safe to send to a coworker. Go to lunch. Come back and wonder
what you searched for, and look at the URL in the browser to try to tell
4. Apply patch, click the browser back button, reload the page, search again
5. Copy and paste the URL, notice it looks fine to send, just a search. Look
at the URL in the browser address bar, notice that within the limits of
your window size, you can see what you searched for
Sponsored-by: Chetco Community Public Library Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit ddddaf2e3dc052660fd0e220e594407bde8131df) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Nind [Sun, 10 Nov 2024 19:17:02 +0000 (19:17 +0000)]
Bug 38344: Fix typo - space before exclamation mark in "Thank you !"
In English, there should not be a space before an exclamation mark
in a sentence. For example, "Thank you !" is not correct.
Test plan:
1. Search the codebase for "Thank you !": grep -rn "Thank you !" *
2. Result - one occurance:
C4/SIP/ILS.pm:317: return (1, 'Thank you !', '');
3. Apply the patch.
4. Repeat step 1.
5. There should now be no occurances.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1c6dfb5f3558e297626e2f4a4ba361790044d550) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Fri, 1 Nov 2024 18:22:59 +0000 (11:22 -0700)]
Bug 38328: Cannot delete ILL batch statuses
You are permitted to delete ILL batch statuses that you (rather than the
system) add, but the UI didn't get the CSRF memo about delete ops needing to
be POSTs with op="cud-delete", so it still uses a GET of ?op="delete" and
fails.
Test plan:
1. Set the preference ILLModule to 'Enable'
2. Administration - Interlibrary loan batch statuses - New batch status
3. Give it a name, an uppercase code, and Save
4. Click the Delete button to the right of your new status
5. The page is blank, and if you navigate back to Interlibrary loan batch
statuses, you'll see that yours was not deleted
6. Apply patch, reload page
7. Click the Delete button to the right of your new status, verify it is
deleted
Sponsored-by: Chetco Community Public Library Signed-off-by: Sam Sowanick <sam.sowanick@corvallisoregon.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 479df408fc42d6a226ea023c71dead6d7e37caba) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Wed, 13 Nov 2024 09:35:50 +0000 (09:35 +0000)]
Bug 38322: (QA follow-up) Fix spelling
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a9e7e8f14d68be2642394fcafad15c4d7f01ca7d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Fri, 1 Nov 2024 12:54:09 +0000 (12:54 +0000)]
Bug 38322: Adjust tests
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0e899b8882273c9b80fae267398c90bb314ad4dc) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Thu, 7 Nov 2024 10:33:03 +0000 (11:33 +0100)]
Bug 38385: Improve DB update output on error (UI)
When an error occurred during the DB update the UI is not correct.
1. say_success, say_info, etc. show the span tags and are not colored
2. "Everything went okay" shown even if atomic updates failed
3. The same error can be displayed several time (see https://snipboard.io/IGiKgM.jpg)
Test plan:
Create a new db rev and/or atomic update
Have some say_* statement to render messages, and raise an error
For instance:
say_info( $out, "Use blue for further information" );
try {
say_warning( $out, "Use yellow for warning/a call to action" );
$dbh->do(q{});
} catch {
say_failure( $out, "Use red for danger/failure" );
$_->rethrow;
};
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0ab32306eee1572e259567f855a3a7fe8c4976e4) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Mon, 1 Jul 2024 10:30:08 +0000 (10:30 +0000)]
Bug 37178: Disable sorting on comments column
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0ed10ee3da7132388cc422b82ddc284ff6871fbc) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Thu, 7 Nov 2024 12:59:40 +0000 (12:59 +0000)]
Bug 38390: Add subscriptions+count to vendors embed
This patch adds the subscriptions+count option to the embeddable enum
for the /vendors endpoint.
Test plan
1) Inspect the change to t/db_dependant/api/v1/acquisitions_vendors.t
and confirm it's testing for the addition of subscriptions_count.
2) Run the above tests and confirm it passes
Note: For the above tests to pass, you will need to ensure your api
bundle is rebuilt after the patches are applied and restart plack.
`yarn build && restart_all` in ktd
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit ce5c7695e24738d23dd658c514517a19ee660f5b) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
[WARN] Use of uninitialized value $op in string eq at /usr/share/koha/intranet/cgi-bin/circ/circulation.pl line 144.
[WARN] Use of uninitialized value $op in string eq at /usr/share/koha/intranet/cgi-bin/circ/returns.pl line 253.
These happen in cases when $op is undef and circulation.pl or returns.pl tries to directly compare it to a string.
To reproduce:
1. Go to "Check Out" and "Check In" circulation pages, or refresh already opened one.
2. Check your logs for "Use of uninitialized value $op" warning.
3. Apply patch.
4. Repeat step 1 and check that no new "Use of uninitialized value $op" error were logged.
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Thomas Klausner <domm@plix.at> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8e2b493d67814ce3411a3882446ac66239e4cbbb) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Tue, 29 Oct 2024 09:24:36 +0000 (09:24 +0000)]
Bug 38284: Add patron check for TrackLastPatronActivityTriggers
If an invalid or empty cardnumber is supplied to patron status request SIP message, SIP dies silently and no 'READ:' exists on the response.
Test plan:
1) Apply tests plan, run tests:
$ prove t/db_dependent/SIP/Message.t
2) Verify tests fail. Apply 2nd patch. Run tests again. Verify they pass.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 87256d7ae3d9400472a86dfe0cebf41345e844c1) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Tue, 29 Oct 2024 09:23:31 +0000 (09:23 +0000)]
Bug 38284: Add tests
Sponsored-by: PTFS Europe <https://ptfs-europe.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5acf88d91d33ce0f5901656e63c263e12bdb823e) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Aleisha Amohia [Thu, 16 Nov 2023 21:38:35 +0000 (21:38 +0000)]
Bug 33348: Tests
prove t/Koha/SearchEngine/Elasticsearch/Search.t
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Thomas Klausner <domm@plix.at> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8e73930408da6aad055016989438f75e718ae2f0) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Aleisha Amohia [Mon, 1 May 2023 22:38:57 +0000 (22:38 +0000)]
Bug 33348: (follow-up) Fix if no 008 defined
And copy fix across to Zebra search as well.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Thomas Klausner <domm@plix.at> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7c40544951701015e251120579082d5c60ddd7d2) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Aleisha Amohia [Tue, 28 Mar 2023 02:10:59 +0000 (02:10 +0000)]
Bug 33348: Show authority heading use with Elasticsearch
This patch ensures the ShowHeadingUse system preference and feature works as expected when using Elasticsearch as the searchengine.
To test, follow the test plan at Bug 29990 Comment 9. Ensure the SearchEngine system preference is set to Elasticsearch.
Sponsored-by: Education Services Australia SCIS Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Thomas Klausner <domm@plix.at> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0fc9f22a935e66ae42a3dc07c4e2bd4c6905f616) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Paul Derscheid [Thu, 7 Nov 2024 11:11:46 +0000 (11:11 +0000)]
Bug 38100: (QA follow-up) Tidy changes in C4/XSLT.pm
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8ee845311810590a7cbb3d2de9ef3c046d9b39b2) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit af270fc2397a49f15795ce9f3839a9fd2b0bf0df) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 38100: Items with damaged status are shown in OPAC results as "Not available" even with AllowHoldsOnDamagedItems
Items with damaged status are shown on the OPAC results page as "Not
available" even with AllowHoldsOnDamagedItems set to 'Allow', which is
misleading for the users. 'other/Damaged' status should be assigned
only if AllowHoldsOnDamagedItems is set to 'Don't allow'.
Test plan:
==========
1. Check that AllowHoldsOnDamagedItems system preference is set to
'Allow'.
2. In librarian interface, change the damaged status of an item by
setting it to 'Damaged'.
3. In OPAC, make a search for the record with this item attached. Use
common words from title to get a list and not a single record.
4. Note that the item in question is labelled as 'Not available'
(Damaged).
5. Apply the patch; restart_all.
6. Repeat p. 3. Note that the item is now labelled as 'available for
loan'.
7. Set AllowHoldsOnDamagedItems system preference is set to 'Don't
allow'.
8. Repeat p. 3. Note that the item is now labelled as 'Not available'.
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit c3dc86286c29661357fb696ec6759b93df4bcc89) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Paul Derscheid [Thu, 7 Nov 2024 11:51:21 +0000 (11:51 +0000)]
Bug 37998: (QA follow-up) Remove excess whitespace in catalogue/itemsearch_item.json.inc
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 48e7aad1f17f3d51f627a0d7604172c8665ad42c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Janusz Kaczmarek [Tue, 24 Sep 2024 21:05:32 +0000 (21:05 +0000)]
Bug 37998: Tabs and backslashes in the data break item search display
If the item data (e.g. callnumber) contains a tab or backslash OR the
title part contains a backslash, the DataTable displaying the item
search results stops throwing an error modal "Something went wrong when
loading the table. 200: OK." and a JS console log: "DataTables warning:
table id=results - Invalid JSON response. For more information about
this error, please see http://datatables.net/tn/1".
Test plan:
==========
1. Make an item search w/o any parameters.
2. From the first result page choose a record and modify the title (245 $a)
to contain " \ " string. Repeat the item search. You should see a modal
"Something went wrong when loading the table. 200: OK.".
3. Remove the " \ " from the title. Verify that the problem no longer occurs.
4. In the same record, insert the string " \ " or a tab (copied from a text
editor) into item data (itemcallnumber, enumchron, barcode etc.).
5. Repeat the item search. You should see again a modal "Something went wrong
when loading the table. 200: OK.".
6. Apply the patch; restart_all.
7. Repeat p. 2, 3, 4, and 5. Verify, that the problem is solved.
Sponsored-by: Ignatianum University in Cracow Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d289ebf0b36dc919f67d9947d6eee862e5362ce5) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Thu, 31 Oct 2024 19:23:08 +0000 (19:23 +0000)]
Bug 37478: Rename strict to skip_bad_records and add POD
Option name changed, POD updated.
The reason not to do this by default is that it is an extra record conversion
to check the validity, so may slow down the import.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit cfb72ca7fac22e5ee6a92ac03fdad4fc9dca559c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Thu, 22 Aug 2024 11:26:52 +0000 (11:26 +0000)]
Bug 37478: (follow-up) Add MARC::Lint to cpanfile
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 43fd84508d8017979d203363c7f3b6231562666d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Thu, 25 Jul 2024 16:37:17 +0000 (16:37 +0000)]
Bug 37478: Add strict mode to bulkmarcimport
This patch adds a conversion from MARC -> XML -> MARC to catch any parsing errors.
If errors are found, we then lint the record to catch any problems, output the
warnings, and skip the record.
To test:
1 - Download the sample records from this bug report
2 - perl misc/migration_tools/bulkmarcimport.pl -b --file=520_nosubfield.mrc -v
fails!
3 - perl misc/migration_tools/bulkmarcimport.pl -b --file=003_subfielda.mrc -v
fails!
4 - Apply patch
5 - Repeat 2 & 3 - no change
6 - Add -st switch to the commands:
perl misc/migration_tools/bulkmarcimport.pl -b --file=520_nosubfield.mrc -v -st
perl misc/migration_tools/bulkmarcimport.pl -b --file=003_subfielda.mrc -v -st
7 - The records are now skipped, and the script completes
8 - Confirm the warnings generated are useful
9 - Sign off!
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0306281e417ffe8f3f7e3ff033f58a0872ce980d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Fri, 1 Nov 2024 19:33:32 +0000 (12:33 -0700)]
Bug 38329: Remove orphan confirm_deletion() in supplier.tt
The JavaScript function confirm_deletion() in supplier.tt has either
been an unused orphan since bug 28082 two years ago, or since the switch
from YUI to Bootstrap 12 years ago. Doesn't matter which, nothing calls
it, and if it was called, it would fail by trying to GET with
op="delete" rather than POST with op="cud-delete".
Test plan:
1. Acquisitions - New vendor, enter a name and Save
2. Click the name of your new vendor, so your URL is at supplier.pl
3. Click Delete vendor to verify that deleting still works without this
unused code which would fail
Sponsored-by: Chetco Community Public Library Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit c70946a0bef61297a0d31893d47a0fe7c98c39ce) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37863: Fix checking if a patron is already in the list adding users to a patron card batch
If the patron is already in the card batch it won't add it and it will show an error message
Test plan:
1 Create or edit an patron card batch
2 Try adding twice or more the same patron. It will show a success message everytime and you will end up with the same patron several times in the card batch
3 Apply patch, restart services
4 Repeat step 2. The first time you click on add user, it will do it and show the success message (Patron 'Patron name' added.), but after that it won't add the user and it will display an error message (Patron 'Patron name' is already in the list.)
Signed-off-by: Sukhmandeep Benipal <sukhmandeep.benipal@inLibro.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 293afd3de6a7f88d6da4311026fd294e49eb6b96) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lari Taskula [Wed, 2 Oct 2024 18:44:27 +0000 (18:44 +0000)]
Bug 35126: Remove onload from opac-addbybiblionumber.pl
To test:
Case a) Adding to a new list
1. Enable virtualshelves system preference
2. Search for any record and click it
3. On the right hand side of record view, click "Save to your lists"
4. A new pop up opens.
5. Under "Add to a new list", give any name to the list
6. Under "Add to a new list", click "Save"
7. Observe popup closing
8. Observe record view page reloading
Case b) Adding to an existing list
1. Enable virtualshelves system preference
2. Search for any record and click it
3. On the right hand side of record view, click "Save to your lists"
4. A new pop up opens.
5. Under "Add to a list", select an existing list
(it can be the same as the one you created in case a, it does not matter here)
6. Under "Add to a list", click "Save"
7. Observe popup closing
8. Unlike case a, observe record view page NOT reloading
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8cfce49d14ec38ff0fb053b0051391d55a9a341a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Fri, 1 Nov 2024 16:13:50 +0000 (09:13 -0700)]
Bug 38325: Cannot delete invoice while viewing it
The link to delete while viewing an individual invoice needs to be updated to
use submit-form-link so it can POST with op='cud-delete'.
Test plan:
1. Home - Acquisitions, click Search with an empty Vendor: input
2. Click Receive shipments, enter a number in the Vendor invoice input,
click Next
3. In the left sidebar, click Invoices, click Search without any parameters
4. In the row for your invoice, click the invoice number link
5. Next to the Save button, click the Delete link, click OK in the
confirmation alert
6. You'll see the page reload, and the URL change to include ?op=delete,
but your invoice remains undeleted.
7. Apply patch, reload the page
8. Click Delete, click OK in the confirmation alert
9. Click Search with no parameters, just to make sure the message about
"Sorry, but there are no results for your search" really truly means
that your invoice was deleted and now you don't have any invoices
Sponsored-by: Chetco Community Public Library Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f9bfb4d0ca279909398dc1501469ca2625f6c6ac) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Fri, 1 Nov 2024 02:44:35 +0000 (19:44 -0700)]
Bug 38309: Cannot delete additional fields
Deleting an additional field tries to do a GET of ?op=delete... which no
longer works with CSRF protection. It needs to be a POST with op=cud-delete.
Test plan:
1. Administration - Additional fields, click any table name
2. New field, fill in a name and Save
3. In the row for your field, click Delete
4. You have a blank page
5. Apply patch, click the browser Back button, refresh the page
6. In the row for your undeleted field, click Delete
7. Your field is deleted
Sponsored-by: Chetco Community Public Library Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d5fbb1e87c6964b27b7d9829ca41e40f49869009) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Emmi Takkinen [Mon, 28 Oct 2024 10:03:26 +0000 (12:03 +0200)]
Bug 38257: Do not use js_includes.inc in two different files
Downloading cart didn't work because js_includes.inc file
was included both in basket.tt and intranet-bottom.inc.
This patch removes related codeline from basket.tt.
To test:
1. Search for items and add one or more search results to your cart.
2. Open cart.
3. Attempt to download items from your cart.
=> Either nothing happens.
4. Apply this patch, restart services if needed.
5. Again attempt to download.
=> Download menu should now work as expected.
Sponsored-by: Koha-Suomi Oy Signed-off-by: Sam Sowanick <sam.sowanick@corvallisoregon.gov> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f8e20489134d5b865b931c0db481dbbcb0382cf1) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Emmi Takkinen [Thu, 24 Oct 2024 11:57:46 +0000 (14:57 +0300)]
Bug 38257: Fix cart pop up functionalities
Almost all functionalities in cart pop up were broken
due changes made in bug 37033. Also following errors
were displayed in browsers console:
> Uncaught TypeError: antiClickjack is null
> Uncaught TypeError: $(...).dataTable is not a function
This happens because when 'intranet-bottom.inc' is loaded
after other .inc files in page.
To test:
1. Search for items and add one or more search results to your cart.
2. Open cart.
3. Attempt to use one or more functionalities (download, remove item etc.).
=> Either nothing happens or table is loaded again with no items in
table. However items are still displayed in cart when it's opened again.
4. Apply this patch, restart services if needed.
5. Again attempt to download, remove items, print etc. from cart
=> Everything should now work as expected.
Sponsored-by: Koha-Suomi Oy Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9cae91c7da4c429350584dd394282be9d01e79da) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
When using a direct link to a news (koha.url/cgi-bin/koha/opac-main.pl?news_id=XXX), the link is broken if the news is expired.
Formerly, a using AdditionalContent->get( id => "my_news_id") on an
expired news was returning a news, and calling get without id was
returning all news but the expired ones.
This patch adds tests to check this behaviour by adding one expired news and performing following new tests:
1 - It may not be returned by AdditionalContent.get()
2 - It must be returned by AdditionalContent.get() using its id
This patch fixes the behaviour by addind the new behaviour or
AdditionalContent.get:
1 - Any news must be returned by AdditionalContent.get() using its id;
TEST PLAN:
1 - Apply patch
2 - Remove the changes made to Koha/AdditionalContents.pm
3 - Run tests -> one test must fail
4 - Create a news with a expired expiration date, notice the id of the
news in the url of the modification panel
5 - Go to "opac.url/cgi-bin/koha/opac-main.pl?news_id=MY_ID" -> notice
it does not work
6 - Reapply the whole patch
7 - Run test -> all test must pass
8 - Go to "opac.url/cgi-bin/koha/opac-main.pl?news_id=MY_ID" -> notice
it does work now
Signed-off-by: Olivier V <olivier.vezina@inLibro.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4ad5cbdb9708774e91a198e5e9a04d548a4503a7) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Thu, 1 Aug 2024 18:01:25 +0000 (18:01 +0000)]
Bug 37550: CheckItemPreSave should run barcodes through barcodedecode
In Koha::Item we run a barcode through barcodedecode before any save.
We should do the same when checking barcodes to avoid a duplicate error
when the barcode is cleaned before it is written to the DB
To test:
1 - Follow previous test plan
2 - Note that after this patch is applied there is no exception
All items are skipped as duplicate barcodes
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a262ffbdfa2adf54f36774547fd95c30b83ed8c6) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Thu, 1 Aug 2024 18:00:57 +0000 (18:00 +0000)]
Bug 37550: Unit test for CheckItemPreSave
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5cab218d91cae9088cf043917cdd00c22574a089) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Thu, 1 Aug 2024 17:37:35 +0000 (17:37 +0000)]
Bug 37550: Move item check after error handling
To test:
1 - Grab the sample file on this bug report
2 - perl misc/migration_tools/bulkmarcimport.pl -b --file=spaceditems.pl -v
3 - An exception for 'Duplicate ID' is thrown and script dies
4 - Apply patch
5 - run script again
6 - The script finishes, no items are added, but record is
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5e15ede505b413b46f36fe428c8e87e5c8217ae4) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Marcel de Rooy [Fri, 4 Oct 2024 09:04:18 +0000 (09:04 +0000)]
Bug 37365: (QA follow-up) Add borrowernumber to referrer url
Since we post to add_message, we need to ensure that the
borrowernumber is added to the referrer url. This 'tric' is
already done there for another form.
Test plan:
See original plan.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit fbc2e2e9333fbdd61a744297e36a6752106c1977) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Thu, 31 Oct 2024 13:41:19 +0000 (14:41 +0100)]
Bug 30397: Remove duplicate entry from length menu of patrons search
If you have 20 in PatronsPerPage, there will be two 20 entries in the
length menu of the patrons search.
jQuery.unique is stupid it seems, it requires the array to be sorted (?)
let x = [1, 2, 1, 2]
jQuery.unique(x);
Array(4) [ 1, 2, 1, 2 ]
x = [1, 1, 2, 2]
jQuery.unique(x);
Array [ 1, 2 ]
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 60249a979cdf14f78c4d0a777a8f9f536272aa29) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 35987: Fix broken See highlighted items below link
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Test plan with KTD:
- Issue a couple of items to a patron, and make sure one of them is
overdue.
- Make sure "Always show checkouts automatically" is not checked
- Reload the page
- Click on the link in "Overdues: Patron has ITEMS OVERDUE See
highlighted items below"
- Nothing happens
- Apply the patch, restart_all, reload the "Check out" page for the
patron
- Click on the link again, and the active loans should be shown
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4716b6a43d2eaa82f966e79ab937badac7da3ec3) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit fe495d19dfc138fc99f7c77e41a33c77521cb738) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Tue, 20 Aug 2024 00:12:21 +0000 (00:12 +0000)]
Bug 22223: Add filter to make item URLs safe in template output
This change adds a "safe_url" filter which takes a text input and
returns a Perl URL object which stringifies to a safe URL.
This change is only needed in the OPAC as the staff interface
handles the item URL display using Javascript not Template Toolkit.
0. Apply patch and koha-plack --restart kohadev
1. Create an item for a record using the following URL
https://koha-community.org?url=https%3A%2F%2Fkoha-community.org
2. Go to the OPAC for that record and verify that the URL is
not double-escaped
3. Create a malicious payload (talk to QA/security team for this if necessary)
4. Note that the malicious payload is escaped
5. prove t/Koha/Plugins/SafeURL.t
6. Celebrate!
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e8e00cfeb30391009391849c0194a0ff0603d78c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Tue, 29 Oct 2024 11:12:04 +0000 (11:12 +0000)]
Bug 37872: Consider enable_plugins = 0 when fetching plugin backends
This patch builds on top of Andreas patch checking for Koha::Plugins->new() instead as the enable_plugins is already done there.
It also adds a check in reply to Joubu's observation, which is indeed an additional bug.
Test plan:
1) Apply tests patch. Run the tests. Notice it fails
2) Apply the remaining patches. Run the tests. Notice they pass.
Additional (and better) tests can be written, but for now I think this is good enough.
Additional tests should be written on top of bug 36197 (which adds a dummy ILL backend plugin for testing), at:
https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=36197&attachment=171371
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7e336006c27e6747b7c0b92b23eea95be4946e82) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
projects / koha.git / log