Marcel de Rooy [Fri, 27 May 2016 12:02:42 +0000 (14:02 +0200)]
Bug 16609: Catch warning from Koha::Hold in Hold.t
Before this patch, the suspend step triggers a warn from Koha::Hold.
Now we catch it.
Test plan:
Run the test. Do not see the warning about unable to suspend.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
NOTE: Nice clean up!
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fridolin Somers [Fri, 27 May 2016 08:50:00 +0000 (10:50 +0200)]
Bug 16608 - Missing entity nbsp in some XML files
The special character "non breaking space" is not contained in XML syntax by default.
So we add it in the file header :
<!DOCTYPE stylesheet [<!ENTITY nbsp " " >]>
Even if the source code files do no contain this character, it can be that translated files contain it.
French for example "Titre :".
This entity is missing in all files in koha-tmpl/intranet-tmpl/prog/en/data/ and in some files of koha-tmpl/intranet-tmpl/prog/en/xslt.
Test plan :
- generate French templates:
cd misc/translator
./translate install fr-FR
cd ../..
- run test:
prove -v t/00-valid-xml.t
you get failing error message
- apply this patch
- translate again
- run test again: it passes
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works as described following test plan
Tes pass, no errors.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fridolin Somers [Fri, 27 May 2016 08:46:44 +0000 (10:46 +0200)]
Bug 16608 - Add xsd extension to t/00-valid-xml.t
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marc Véron [Sat, 28 May 2016 07:44:40 +0000 (09:44 +0200)]
Bug 16589 - Quote of the day: Fix upload with csv files associated to LibreOffice Calc
To reproduce:
- Install LibreOffice and make sure that csv files are associated to Calc
(Note: tested with Firefox 46.0.1 on Windows 8)
- Go to Home > Tools > Quote editor > Quote uploader
- Try to upload a valid CSV (e.g. Example from Bug 15684)
Result: File can not be uploaded
(Incorrect filetype: application/vnd.sun.xml.calc)
To test:
- Apply patch
- Try to upload again
Expected result: Quotes are imported.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Can't reproduce on a Mac but get it fails on a Windows Box: fixed with this
patch.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Can't recreate on debian but the fix looks safe.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marc Véron [Mon, 23 May 2016 12:16:02 +0000 (14:16 +0200)]
Bug 16560: Translatability: Issues with "The entered " in opac-memberentry.tt
This patch fixes two splitted sentences to avoid translation issues:
The entered <a href="#borrower_cardnumber">card number</a> is the wrong length.
The entered <a href="#borrower_cardnumber">card number</a> is already in use.
To test:
Apply patch and verify that html in the 2 that are changed is correct and that
they are not splitted by a-tags.
Note: I could not figure out under which conditions this code displays in
the OPAC self registration form.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Owen Leonard [Thu, 26 May 2016 16:29:38 +0000 (12:29 -0400)]
Bug 15676 - Actions in pending offline circulation actions are not translatable
This patch modifies the offline circulation transaction processing page
so that English strings describing actions are processed in the template
rather than being output directly from the script.
To test, apply the patch and create an offline circulation file
containing at least one checkout, one check-in, and one payment.
- Upload the file and choose 'Add to offline circulation queue.'
- View pending offline circulation actions
- In the list of pending actions, the actions column should show "Check
out" instead of "issue," "Check in" instead of "return," and "Payment"
instead of "payment."
Strings appear as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 14897 - Header name mismatch in ./modules/catalogue/detail.tt
We changed the detail.tt file for staff interface from Publication details to
"Serial enumeration / chronology" to match the cataloguing editor.
Signed-off-by: Joy Nelson <joy@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 14605 - Corrects the individual fine's description
When paying a fine, the description is built out of the borrower's type and title, instead of the actual fine's description.
STEPS:
1) in the staff, go to a user with a fine to pay.
a) if none, go to a user and Fines>>"Create manual invoice" with a distinctive description.
2) In Fines>>Pay fines, click the "Pay" button on the line of the fine.
3) This will take you a "Pay an individual fine" screen, where the description will look like "Staff Mrs", for the category and title of the borrower.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Kyle M Hall [Tue, 10 May 2016 16:36:03 +0000 (16:36 +0000)]
Bug 16492 - Checkouts ( and possibly checkins and other actions ) will use the patron home branch as the logged in library
Bug 14507 introduced the use of checkpw in C4::SIP::ILS::Patron so that
non-Koha internal authentication processes would be able to function via
SIP ( LDAP et al ).
The problem is that checkpw changes the userenv to that of the patron!
This is not usually an issue in Koha because most of the time that
patron running through checkpw is the one to be logged in.
Aside from SIP2 the only other area where this may be an issue is in SCO
when using SelfCheckoutByLogin.
Test Plan:
1) On master, check out an item to a patron via SIP2
2) Note the checkout lists the item as having been checked out
from the patron's home library not matter which library is was
supposed to be checked out from.
3) Apply this patch
4) Re-checkout the item
5) The item should now be checked out as if it was checked out from
the library as defined in the SIP configuration file.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 7 Jun 2016 09:20:53 +0000 (10:20 +0100)]
Bug 10459: Add tests for borrowers.updated_on
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Mark Tompsett [Thu, 26 May 2016 01:57:34 +0000 (21:57 -0400)]
Bug 10459 renamed timestamp to updated_on
Signed-off-by: Joy Nelson <joy@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Mon, 10 Nov 2014 13:17:40 +0000 (14:17 +0100)]
Bug 10459: Borrowers should have a timestamp
This patch adds a timestamp column to the borrowers table in kohastructure
and updatedatabase. (And also to the deletedborrowers table.)
A timestamp may be useful in synchronizing with external systems (among other
reasons).
Test plan:
Run updatestructure on an existing database, or install a new one.
Verify that the borrowers table has a timestamp now.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested updatestructure and running kohastructure.sql.
Passed t/db_dependent/Members.t.
updatedatabase.pl did not apply. I edited and then run it. Columns were added as expected. Signed-off-by: Marc Veron <veron@veron.ch> Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com> Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Joy Nelson <joy@bywatersolutions.com>
Bug 10459: Follow up to update to atomic update methodology
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
New column created, no errors.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Joy Nelson <joy@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 8 Jun 2016 13:52:04 +0000 (14:52 +0100)]
Bug 16695: Require Exception::Class 1.38 instead of 1.39
Looking at
http://cpansearch.perl.org/src/DROLSKY/Exception-Class-1.40/Changes
there is no need to require 1.39
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Galen Charlton [Tue, 7 Jun 2016 00:44:07 +0000 (00:44 +0000)]
Bug 16647: update debian/control for 16.*
This patch updates debian/control* to match what
was used for building the 16.05.00 packages, and includes
changes to:
- specify a floor for the Swagger2 version
- add dep on libio-socket-ip-perl, which is needed
for the package to work on Debian Wheezy
- suggest libwww-youtube-download-perl
Signed-off-by: Galen Charlton <gmcharlt@gmail.com> Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Galen Charlton [Tue, 7 Jun 2016 01:42:59 +0000 (01:42 +0000)]
Bug 16675: fix breakage of t/Languages.t
This patch fixes test breakage introduced by the patch for bug 16088,
which added caching of getlanguages(). Upon inspection, it looks like
the patch for 16088 does not introduce a regression on bug 10560,
so this patch adds a couple cache-clearings.
To test
-------
[1] Verify that t/Languages.t passes.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Mark Tompsett [Mon, 30 May 2016 16:16:36 +0000 (12:16 -0400)]
Bug 16618: 00-load.t prematurely stops all testing
Rather than add/remove regular expressions to skip modules (like bug 9054), encapsulate the decision logic into a separate function.
Currently there are three libraries which trigger halts:
Koha::NorwegianDB (which was already there)
Koha::ElasticSearch::Indexer
Koha::SearchEngine::Elasticsearch::Search
TEST PLAN
---------
1) prove t/00-load.t
-- should barf horribly on Catmandu stuff
if not: sudo apt-get remove libcatmandu-marc-perl
then repeat step.
2) apply patch
3) prove t/00-load.t
-- should not barf horribly
4) run koha qa test tools
NOTE: The four optional modules for Koha::NorwegianDB are
listed in the PerlDependencies.pm, while there is
no mention of Catmandu libraries at all there.
This may be another bug which needs fixing.
TECH NOTES (for ideas of how to tinker around):
These three things should trigger the three module cases:
sudo apt-get remove libcatmandu-marc-perl
sudo apt-get remove libcatmandu-store-elasticsearch-perl
sudo apt-get remove libconvert-basen-perl
You probably had koha-perldeps installed before, so the following wil mostly fix:
sudo apt-get install koha-perldeps libcatmandu-marc-perl
And in case you didn't have elastic search stuff installed:
echo deb http://packages.elastic.co/elasticsearch/1.7/debian stable main | sudo tee /etc/apt/sources.list.d/elasticsearch.list
wget -O- https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get update
cd ~
wget http://debian.koha-community.org/koha/otherthings/elasticsearch_deps.tar.gz
tar xvf elasticsearch_deps.tar.gz
cd es_deps
sudo dpkg i lib*
sudo apt-get install -f
Signed-off-by: Srdjan <srdjan@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Galen Charlton <gmcharlt@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 26 May 2016 09:55:09 +0000 (10:55 +0100)]
Bug 16596: Display library and patron category descriptions instead of their code
Test plan:
On circ/circulation-home.pl and reserve/request.pl, search for patrons
The descriptions for the libraries and patron categories should be
displayed.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
On top of Bug 13336
Works as described, now descriptions instead of codes.
No errors
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
https://bugs.koha-community.org/show_bug.cgi?id=16455
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 16578: Fix wide character errors in opac-export.pl
This simple patch fixes wide character warning raised by opac-export.pl when
'MARC (Unicode/UTF-8)' and 'MARC (Unicode/UTF-8, Standard)' formats are chosen for downloading records.
To test:
- Have records indexed
- Open your OPAC logs:
$ tail -f /var/log/koha/kohadev/opac-error.log
- Open the detail page in the opac for a record
- Choose Save record > MARC (Unicode/UTF-8)
=> FAIL: opac-export.pl: Wide character in print at /home/vagrant/kohaclone/opac/opac-export.pl line 116., referer: http://localh...
- Choose Save record > MARC (Unicode/UTF-8, Standard)
=> FAILE opac-export.pl: Wide character in print...
- Apply the patch
- Choose Save record > MARC (Unicode/UTF-8)
=> SUCCESS: No warnings raised.
- Choose Save record > MARC (Unicode/UTF-8, Standard)
=> SUCCESS: No warnings raised.
- Sign off :-D
Followed test plan, works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 11 May 2016 12:04:38 +0000 (13:04 +0100)]
Bug 16465: Fix typo issues vs checkouts
Test plan:
Confirm the wording is correct
Signed-off-by: Srdjan <srdjan@catalyst.net.nz> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 11 May 2016 11:57:47 +0000 (12:57 +0100)]
Bug 16465: discharge - Add a title tag at the OPAC
Test plan:
Confirm that the opac-discharge.pl has now a title
Signed-off-by: Srdjan <srdjan@catalyst.net.nz> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 3 May 2016 10:03:52 +0000 (11:03 +0100)]
Bug 16428: Use the biblio framework to know if a field is mapped
The subroutine _build_default_values_for_mod_marc takes the
frameworkcode in parameter, but ModItemFromMarc did not pass it.
It uses it to know if a field is mapped or not to a Koha field
(C4::Koha::IsKohaFieldLinked).
Consequently the default framework ("") was always used.
This bug has been found working on bug 13074 and has been put on a
separate bug report to ease the backport.
Test plan:
Without this change, the tests added by bug 16428 won't pass
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 4 May 2016 18:43:43 +0000 (19:43 +0100)]
Bug 16441: Do not use a package variable to cache C4::Letters::getletter
C4::Letters::getletter use a package variable (%letter) to cache letter
returned by the subroutine.
I have not found any direct issues caused by that but it is safer to
remove it.
It won't be a big deal to hit the DBMS to get a valid letter when
needed.
No test plan here, just confirm that the changes make sense.
Signed-off-by: Srdjan <srdjan@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Confirm that performance loss is just a millisecond or so per
subsequent call of getletter.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jacek Ablewicz [Wed, 8 Jun 2016 08:46:18 +0000 (10:46 +0200)]
Bug 16678: updatedatabase.pl 3.23.00.006 DB upgrade crashes if subscription_numberpatterns.numberingmethod contains parentheses
It seems that if subscription_numberpatterns.numberingmethod contains parentheses, updatedatabase.pl crashes when running the 3.23.00.006 DB upgrade snippet, with the following error:
[Mon Jun 6 09:06:54 2016] updatedatabase.pl: Unmatched ( in regex; marked by <-- HERE in m/ ( <-- HERE / at /home/koha/kohaclone/installer/data/mysql/updatedatabase.pl line 11498.
Steps to reproduce:
1/ Have a Koha DB version<3.23.00.006
2/ Create a subscription numbering with parentheses in it:
ie "Vol. (Month, Year)" with pattern
Vol. {X} ({Y}, {Z})
3/ Add some serials using that numbering method so that serialseq is filled in DB:
ie "Vol. 16 (February, 2015)"
4/ Run the updatedatabase.pl script either from the cli or just start the webinstaller
5/ The error is produced
To test:
1/ apply patch
2/ try to reproduce this issue once again, should be fixed now
3/ have a look at the code, make sure the changes are consistent
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Note: I have not tested the patch, but the diff looks good.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 24 May 2016 18:57:16 +0000 (19:57 +0100)]
Bug 16570: Do not tell all checked-in items are part of a rotating collection
When an item is checked-in a message will tell you it's part of a
rotating collection, even if it's not true.
Test plan:
Make sure the message appears only when needed.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Fri, 10 Jun 2016 09:49:45 +0000 (11:49 +0200)]
Bug 16443: [QA Follow-up] Add two tests for get_fields
Adds t/db_dependent/Members/Statistics.t.
Test plan:
Run the test.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 4 May 2016 19:08:53 +0000 (20:08 +0100)]
Bug 16443: Make C4::Members::Statistics plack safe
If the prefs is updated, the fields won't be.
To make sure we already fetch updated values, we should remove the
package variable and define it in the subroutine.
There is not test plan, just make sure the changes are consistent.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 5 May 2016 15:58:06 +0000 (16:58 +0100)]
Bug 16455: Remove the "Too late to run INIT block" from C4::Tags
The pref TagsExternalDictionary is used to tell Lingua::Ispell to use an
other dictionary, different from the default one (/usr/bin/ispell).
To do so we need to set $Lingua::Ispell::path to the expected path.
It's currently done in the INIT block.
If you try to use C4::Tags, you will get the famous "Too late to run
INIT block at C4/Tags.pm line 74." warning. Plack use the INIT block to
load functions at run time, when we are using C4::Tags when hitting a pl
script, the compilation phase is finished and it's "too late to run INIT
block" from C4::Tags.
I do not really know if it has an impact on the behavior of
Lingua::Ispell (i.e. is the path redefined?), but I know that this INIT
block is not executed when we want.
Test plan:
under Plack,
- hit /cgi-bin/koha/opac-search.pl and confirm that the warning does no
longer appears
- Use another dictionnary (??), fill TagsExternalDictionary with its
path and confirm that it is used by the tags approval system
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Jonathan Druart [Tue, 17 May 2016 13:38:04 +0000 (14:38 +0100)]
Bug 16508: Updating a syspref requires parameters_remaining_permissions
And not all of parameters flags.
Test plan:
1/ Create a staff user.
2/ Go to details, select more->set permissions.
3/ Set catalogue, Manage Koha system settings (Administration panel),
manage circulation rules, and Remaining system parameters permissions.
4/ Log in as the new staff user, go to administration > system
preferences. Change a syspref and save it... it will save correctly.
5/ Log back in as superlibrarian
6/ On the 'set permissions' screen, un-check 'manage circulation rules'
and save.
7/ Log back in to the new staff user, and try to change the same
systemprefrence and save.
Followed test plan, works as expected. Signed-off-by: Marc Veron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Jonathan Druart [Fri, 13 May 2016 19:46:42 +0000 (20:46 +0100)]
Bug 16518: Fix Plack variable scoping problem in opac-addbybiblionumber.pl
The script opac/opac-addbybiblionumber.pl is not plack safe because the
variable @biblios is declared with our and is not assigned to an empty
array (so not reset).
The issue:
When trying to add items to a list (virtualshelf), the biblionumbers are
added to the @biblios variable and the list is not reset between each
run.
Test plan:
Check from records from the result list and add them
to a list.
Cancel or save and re-add them (or others) to a list (same or
different).
=> Without this patch, the list of records will never stop growing, the
previous items added are still listed when adding new ones.
=> With this patch, the behavior is the one expected.
Rocio Dressler [Sat, 4 Jun 2016 09:24:45 +0000 (02:24 -0700)]
Bug 16537 - Overdue and Status triggers grammar
Test plan:
1) Go to the staff client
2) Click on Tools - Overdue notice/status triggers
3) Confirm that the first sentence reads "a" checkout rather than "an" checkout
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Jonathan Druart [Mon, 9 May 2016 16:27:51 +0000 (17:27 +0100)]
Bug 16088: Introduce Koha::Cache::Memory::Lite to cache the language
The goal of this patch is to avoid unecessary flush of the L1 cache on
creating a new CGI object each time C4::Languages::getlanguage is called
without a CGI object.
The new class Koha::Cache::Memory::Lite must be flushed by the CGI
constructor overide done in the psgi file. This new class will ease
caching of specific stuffs used by running script.
Test plan:
At the OPAC and the intranet interfaces:
Open 2 different browser session to simulate several users
- Clear the cookies of the browsers
- User 1 (U1) an User 2 (U2) should be set to the default language
(depending on the browser settings)
- U1 chooses another language
- U2 refreshes and the language used must be the default one
- U2 chooses a third language
- U1 refreshes and must be still using the one he has choosen.
Try to use a language which is not defined:
Add &language=es-ES (if es-ES is not translated) to the url, you should
not see the Spanish interface.
Jonathan Druart [Wed, 11 May 2016 11:00:01 +0000 (12:00 +0100)]
Bug 16458: Update library when a guarantor is set
If you edit a patron from the Edit link of the patron information block
(step 1 of the memberentry script), the branchcode is not displayed. If
you set a guarantor to a child from this form, a JavaScript error will
be raised:
JavaScript error form.branchcode is undefined
It happens because there is the branchcode is not displayed and there is
no element with a branchcode name.
To avoid this issue, a branchcode hidden input is added to the form and
it will be updated when a guarantor is selected (same behavior as when
you edit a patron using the complete form).
Test plan:
Edit a patron using the Edit link of the patron info block (not the Edit
button in the toolbar)
Set a guarantor
=> Notice that the branchcode of the patron has been updated with the
branchcode of the guarantor
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Owen Leonard [Mon, 16 May 2016 14:52:17 +0000 (10:52 -0400)]
Bug 16529 - Clean up and improve upload template
This patch makes some fixes and improvements to the template for Tools
-> Upload, including markup corrections, removal of 'onclick,' and
conversion of some links to styled buttons.
To test, apply the patch and go to Tools -> Upload.
- Confirm that uploading a file works correctly.
- Confirm that clicking 'Cancel' during a file upload works correctly.
- Search existing uploads.
- Confirm that the 'Download' and 'Delete' buttons look correct and
work correctly.
- In Administration -> MARC bibliographic framework, choose a
framework and configure a tag subfield to use the upload plugin.
- Create or edit a bibliographic record using the framework you
modified.
- Click the tag editor icon next to your modified subfield to trigger
the pop-up window with the upload form.
- Confirm that this window has a layout which is adjusted for the size
of the window.
- Confirm that uploading and selecting files from this window works
correctly.
Jonathan Druart [Wed, 4 May 2016 18:53:46 +0000 (19:53 +0100)]
Bug 16442: Make C4::Ris plack safe
C4::Ris incorrectly uses 4 package variables:
- $utf: not used, can be removed
- $intype: set to marcflavour once, but later it assumes that it is
usmarc if not defined
- $marcprint: always 0, so set it to 0
- $protoyear: only used in 1 subroutine, let's define it at this
level
Test plan:
Just make sure the RIS export works as before this patch
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Claire Gravely [Fri, 3 Jun 2016 08:38:25 +0000 (10:38 +0200)]
Bug 16642 - Fix capitalisation for upload patron image
To fix capitalisation on the staff interface when patronimages is turned on.
Test plan:
1. In staff interface. Turn on patronimages sys preference.
2. Go to a patron without an image and check that the "Upload
patron image" box heading now has correct capitalisation.
3. Go to a patron with an image already uploaded and check the
"Manage patron image" box heading has correct capitalisation.
Signed-off-by: Sofia <szapoun@lib.auth.gr> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Jonathan Druart [Mon, 23 May 2016 11:19:46 +0000 (12:19 +0100)]
Bug 16565: Drop additional_fields and additional_field_values before creating them
These 2 tables should be dropped before trying to create them
Test plan:
From the SQL CLI, source the kohastructure.sql file
source it again
=> Without this patch you get 2 warnings
ERROR 1050 (42S01) at line 3580 in file:
'installer/data/mysql/kohastructure.sql': Table
'additional_fields' already exi
sts
ERROR 1050 (42S01) at line 3596 in file:
'installer/data/mysql/kohastructure.sql': Table
'additional_field_values' alrea
dy exists
=> With this patch, you won't get them
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Marc Véron [Fri, 20 May 2016 09:01:18 +0000 (11:01 +0200)]
Bug 9543 - (Follow-up) Show patrons messaging subscription on holds notification
As of comment #19
- Code de-duplicated to a BLOCK statement
- Variable renamed
- Wording slightly changed. I like it that way, but feel free to change it
in a follow-up
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Marc Véron [Thu, 24 Mar 2016 15:06:30 +0000 (16:06 +0100)]
Bug 9543 - Show patrons messaging subscription on holds notification
Display an information about a patron's messaging preferences if an item
is checked in where the patron has put a hold.
To test:
- Apply patch
- Make sure that SMS driver and TalkingTech sysprefs are defined to
enable SMS and Phone preferences for users (SMS driver can be a dummy
value)
- Place a hold for a patron
- Set patron's messaging preferences to different choices (including none)
- Check in the item that is on hold (it has not to be checked out for the
test
- Verify that below the message "Hold found (item is already waiting") an
information appears about the patron's messaging preferences.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Chris Kirby <christopherlawrencekirby@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Aleisha [Thu, 12 May 2016 04:41:09 +0000 (04:41 +0000)]
Bug 12402: Show patron category on pending patron modifications
To test:
1) Go to OPAC and make a modification to user
2) Go to Staff Client and go to pending patron modifications
3) Notice that we have the user's surname, first name, branch and
cardnumber
4) Apply patch and refresh page
5) Notice that patron category now shows after user's name
Sponsored-by: Catalyst IT Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Owen Leonard [Thu, 19 May 2016 16:28:08 +0000 (12:28 -0400)]
Bug 16005 - Standardize use of icons for delete and cancel operations
This patch makes changes to Font Awesome icons in order to make icon
choice consistent for common actions.
<i class="fa fa-trash"></i> where something is deleted, removed, or
emptied.
<i class="fa fa-remove"></i> where an operation is cancelled (also where
selections are cancelled, as in checkboxes).
<i class="fa fa-times-circle"></i> for "close," as in baskets and
windows.
To test, apply the patch and view the following pages to confirm that
the correct icon is used:
- Acquisitions -> Vendor -> Vendor delete button.
- Acquisitions -> Vendor -> Edit -> Delete contact button.
- Acquisitions -> Invoices -> Delete menu item.
- Cataloging -> Edit record -> Authority search pop-up (triggered from
the tag editor for a tag linked to an authority) -> Clear field button
- Authorities -> Authority detail -> Delete button.
- Tools -> Quotes editor -> Quotes delete button.
- Reports -> View saved report -> Delete button.
- Reports -> Saved reports -> Delete menu item.
- Serials -> Subscription details -> Subscription close button.
- Administration -> Budgets -> Delete menu item.
- Administration -> Item search fields -> Delete button.
- Administration -> Z39.50/SRU servers -> Delete menu item.
- Catalog -> Advanced search -> Clear fields link.
- Cataloging -> Advanced editor -> Macros -> Delete macro button.
- Circulation -> Checkout -> Check out an item which is on hold for
another patron. "Cancel checkout and place hold" button now uses the
icon used elsewhere for holds.
- Course reserves -> Course -> Delete course button.
- Patrons -> Patron lists -> Add patrons -> Remove selected button.
- Acquisitions -> Suggestions -> Suggestion details -> Delete button.
- Lists -> List contents -> Remove selected button.
Followed test plan, works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Owen Leonard [Mon, 25 Apr 2016 13:12:05 +0000 (09:12 -0400)]
Bug 16336 [Revised] UX of holds patron search with long lists of results
Bug 15793 made a change to an interface which is also found in the place
hold template. This patch creates a new include file to be used by both
circulation.tt and request.tt so that these pages do not diverge.
In the process, this patch removes some markup and JavaScript which was
made obsolete by Bug 15793 and should have been removed.
This patch also revises the sorting of the results table so that the
patron name is sortable (Bug 16334) and the default sort is on card
number (matching 3.20.x and 3.22.x).
To test:
In Circulation:
- Perform a search by name for a patron which will
return multiple search results.
- The table of results which displays should look correct and work
correctly, including DataTables sorting.
- Clicking any table row should forward you to the checkout page for
that patron.
In the catalog:
- Locate and place a hold on a title.
- When prompted to select a patron to place the hold for, perform a
search by name which will return multiple results.
- Confirm that the table of patron results looks correct and works
correctly.
- Clicking any table row should forward you to the place hold page for
that patron and the title you selected.
Revision: Although the table row was clickable, you couldn't
middle-click it to open the link in a new tab. The patron name is now a
real link you can middle-click or right-click. The row is still
clickable as well.
Jonathan Druart [Fri, 13 May 2016 14:28:50 +0000 (15:28 +0100)]
Bug 16388: Use existing 'execute' parameter instead of creating a new one
An existing 'execute' parameter is already passed to the template when
we need to display the 'Download' button, so let's use it instead of
creating a new one.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Bug 16388: Move option to download report into reports toolbar
To test:
1) Create a new SQL report or edit a report
2) Ensure that the download option does NOT show in the toolbar
3) Save and run the report
4) Confirm that download option DOES show in toolbar as a dropdown with
the 3 options (csv, tab and ods)
5) Confirm that downloading all 3 file types works as expected
Sponsored-by: Catalyst IT Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Kyle M Hall [Fri, 27 May 2016 12:42:17 +0000 (12:42 +0000)]
Bug 16610 - Regression in SIP2 user password handling
Previous to bug 14507, SIP2 only did internal authentication. A change
to the way we check empty passwords has caused any empty password to
send back a CQ of Y. Previous to that patch set, a CQ of Y would only be
sent back of the patron password column was NULL. Now, an empty AD field
*always* returns a CQ of Y.
Test Plan:
1) Send a patron information request with an empty AD field
Note: You must send the AD field or you won't get back a CQ field
2) Note you get back a CQ of Y
3) Apply this patch
4) Repeat step 1
5) Note you now get back a CQ of N
Marcel de Rooy [Wed, 1 Jun 2016 13:34:56 +0000 (15:34 +0200)]
Bug 16610: [QA Follow-up] Add a test
To verify the original patch, this test shows that before applying
it the Patron Info request did not return CQ==N for an empty
password. Note that the Patron Status did btw.
After applying the original patch, the test passes for patron
info as well as status.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Jonathan Druart [Fri, 13 May 2016 13:43:52 +0000 (14:43 +0100)]
Bug 16504: (follow-up for bug 15163) Do not remove attributes of other patrons
Simple patch for a silly error, this single line is going to fix a
critical bug.
If a patron attribute is limited to a library, all the values for that attributes
for every patrons will be deleted.
Test plan:
Create a patron attribute limited to a library
Set the the attribute for a patron
Set the the attribute for another patron
=> Without this patch applied, the attribute's value for the first
patron is deleted
=> With this patch applied, the 2 values exist in the DB after the
second edition
Owen Leonard [Fri, 25 Mar 2016 17:06:03 +0000 (13:06 -0400)]
Bug 16437 - Automatic item modifications by age needs prettying
This patch makes layout and behavior changes to the automatic item
modifications by age interface, bringing some aspects of it closer into
conformance with established interface patterns.
- The intial view is now a standard table of information about existing
rules, or a message dialog saying there are no rules.
- If there are no rules, a toolbar button reads "Add rules."
- If there are existing rules, the toolbar button reads "Edit rules."
- Clicking the button leads to the rules edit interface, which now has
a floating toolbar with "Add rule," "Save," and "Cancel" buttons.
- Clicking the "Add rule" button displays a blank rule block.
- If you are adding a rule to existing rules, the new block is
appended at the bottom, and the page scrolls to the new rule.
- As you add or remove rule blocks, the legend containing the rule
count updates so that the numbers are sequential.
- In each rule block, "age" and "substitutions" are now required.
The age field is now validated to require a number.
- The add/remove condition/substitution links now have more
descriptive text labels.
- The control to remove a rule is now a link in the <legend> element
associated with each rule.
- Most JavaScript for this page is now in a separate file.
- Breadcrumbs are updated to be a little more specific.
To test, apply the patch and clear your browser cache if necessary.
- Go to Tools -> Automatic item modifications by age.
- Test adding and removing rules.
- Test removing all rules.
- Test adding and removing conditions and substitutions within rules.
- Test submitting the form without filling in required fields.
Followed test plan, works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Owen Leonard [Wed, 4 May 2016 13:34:46 +0000 (09:34 -0400)]
Bug 16450 - Remove the use of "onclick" from guarantor search template
This patch updates the guarantor search template so that event
definition is done in the script rather than in an onclick attribute.
This patch also increases the size of the popup window to help prevent
the need for horizontal scrolling and adds Bootstrap style to the
"select" button.
To test, apply the patch and clear your browser cache if necessary.
- Go to Patrons and add a patron with a "child" category type.
- In the "Guarantor information" section, click the "Set to patron"
button.
- In the pop-up window, search for a patron.
- Click the "Select" button next to a patron.
- The window should close, and the patron you selected should now appear
as the guarantor. The guarantor's address information should be added
to the "Main address" section.
Tested on top of Bug 13041 and Bug 16386, works as expected, however see
Bug 16458 Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Aleisha [Fri, 13 May 2016 00:46:40 +0000 (00:46 +0000)]
Bug 16511: Making contracts actions buttons
To test:
1) Go to Acqui -> find a vendor
2) On Vendor details page (supplier.pl) confirm that Contracts table now
has one column called Actions
3) Confirm that Edit and Delete show as buttons
4) Confirm that buttons don't wrap on a narrower browser
5) Click Contracts tab
6) Confirm Actions column, Edit and Delete buttons, and button's don't
wrap
Sponsored-by: Catalyst IT Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Aleisha [Tue, 17 May 2016 00:22:09 +0000 (00:22 +0000)]
Bug 16524: Use floating toolbar on item search
To test:
1) Go to item search
2) Confirm toolbar at top of page with Search button, goes down page as
you scroll
3) Confirm search button has been removed from final output fieldset
4) Confirm everything works as expected
Sponsored-by: Catalyst IT Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Aleisha [Mon, 16 May 2016 01:10:43 +0000 (01:10 +0000)]
Bug 16525: Have cancel button when adding new aq budget
At the moment you only see the cancel button on the form if editing an
existing budget. This patch adds a cancel button to the form which adds
a budget. Also changes the wording of the save button from 'Save
changes' to just 'Save' so it makes more sense when adding a new budget
To test:
1) Go to Admin -> Budgets -> New budget
2) Notice 'Save changes' button and no cancel
3) Apply patch and refresh page
4) Notice 'Save' button and 'cancel' link
5) Click 'cancel' - should be taken to Budgets administration page
6) Edit an existing budget
7) Click 'cancel' - should be taken to the funds page for that budget
Sponsored-by: Catalyst IT Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Sabine Liebmann <Liebmann@dipf.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Still an issue: If edit a budget fron aqbudgets.pl, then cancel, you get
aqbudgets.pl?budget_period_id=XX. But existed before this patch.
Aleisha [Tue, 17 May 2016 05:04:08 +0000 (05:04 +0000)]
Bug 16532: Groups showing empty tables if no groups defined
EDIT: Same change for libraries
To test:
1) Go to Admin -> Libraries and Groups
2) Notice empty tables if nothing defined
3) Apply patch and refresh page
4) Empty tables should not show
5) Add a new group
6) Confirm table shows correctly
Sponsored-by: Catalyst IT Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Lari Taskula [Tue, 17 May 2016 11:44:45 +0000 (14:44 +0300)]
Bug 16200: Convert all existing expired holds accounttype to HE
Before Bug 16200 expired holds have used accounttype F which is also used by
other type of fines. This patch updates all existing expired holds to new
accounttype HE (Hold Expired).
To test:
-1. Make sure you translated the string in previous patch of this buug
1. Find a Patron with "Hold waiting too long" fines and go to his Fines tab
2. Change Koha's language to some other than English
3. Observe that "Hold waiting too long" is still in English
4. Apply patch and run database update
5. Go back to Patron's Fines tab
6. Observe that "Hold waiting too long" is now translated
Lari Taskula [Tue, 17 May 2016 11:33:57 +0000 (14:33 +0300)]
Bug 16200: Make 'Hold waiting too long' translatable and give it an unique accounttype
Holds that have expired have been untranslatable in Patron's Fines-tab. Also, they are
mixed with other type of fines with accounttype "F". This patch gives expired holds an
own accounttype "HE" (Hold Expired) and modifies the boraccount to recognize this new
accounttype in order to make it translatable.
To test:
1. Make a hold and let it expire
2. Go to Patron's Fines tab
3. Change Koha's language to some other than English
4. Observe that there is a "Hold waiting too long" fine described in English
5. Apply patch
6. Make another hold and let it expire
7. Update translations
8. Find "Hold waiting too long" from your .po file
9. Translate it and install translations
10. Go back to Fines tab and observe that the new expired hold is translated
Owen Leonard [Wed, 18 May 2016 23:45:27 +0000 (19:45 -0400)]
Bug 16548 - All libraries selected on Tools -> Export Data screen
This patch adds "select all" and "select none" links to the display of
libraries in the export bibliographic records form.
Also modified: call number range and accession date fields have been
grouped in their own fieldsets in the hopes that this is more readable.
Page title and breadcrumbs have been corrected to read "Export data"
instead of "MARC export," matching menu items.
To test, apply the patch and go to Tools -> Export data.
- Test the select all/select none links and confirm that they work as
expected.
- Confirm that the structural changes to the form look okay.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Post sign-off revision: Use the standard "Clear all" instead of "Select
none."
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Kyle M Hall [Mon, 23 May 2016 14:28:10 +0000 (14:28 +0000)]
Bug 16569 - Message box for "too many checked out" is empty if AllowTooManyOverride is not enabled
If the limit for number of items checked out is reached, the message box
shows up but is empty.
Test Plan:
1) Disable AllowTooManyOverride
2) Check out items to a patron until the patron has reached the limit
of checkouts he or she can have
3) Try to check out one more item
4) Note the empty message box
5) Apply this patch
6) Try to check out one more item again
7) Note the message is now visible
Signed-off-by: Nicolas Legrand <nicolas.legrand@bulac.fr> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Chris Cormack [Thu, 26 May 2016 09:33:33 +0000 (21:33 +1200)]
Bug 16597: Fix XSS in opac-shareshelf
To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone
Reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Chris Cormack [Thu, 26 May 2016 09:06:18 +0000 (21:06 +1200)]
Bug 16597: Fix XSS in opac-shelves.pl
To test
1/ Hit /cgi-bin/koha/opac-shelves.pl?shelfnumber=5&category=1&op=edit_form&referer="><script>alert('XSS')</SCRIPT>
2/ Notice JS is executed
3/ Apply patch
4/ Notice it's fixed
This bug reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Jonathan Druart [Thu, 26 May 2016 11:03:55 +0000 (12:03 +0100)]
Bug 16599: Fix XSS in opac-shareshelf.pl
Test plan:
- Create a list with the name "<script>alert(1)</script>"
- On the shelf list, click on share
=> Without this patch you will see the JS alert
=> With this patch applied you won't see it
Reported by Kaybee at Dionach
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Jonathan Druart [Wed, 25 May 2016 16:05:58 +0000 (17:05 +0100)]
Bug 16587: Same fixes for the staff interface
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Chris Cormack [Wed, 25 May 2016 14:06:28 +0000 (14:06 +0000)]
Bug 16587 opac-sendshelf.pl is vulnerable to XSS
To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendshelf.pl?email=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&shelfid=4
2/ Notice you get a js alert
3/ Apply patch
4/ Notice the js is now escaped
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Chris Cormack [Wed, 25 May 2016 14:01:41 +0000 (14:01 +0000)]
Bug 16587 - opac-sendbasket.pl is open to XSS
To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendbasket.pl?email_add=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&bib_list=3
Where bib_list is a valid basket number
2/ Notice you get a javascript alert showing
3/ Apply patch
4/ Notice the text is now escaped
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Nick Clemens [Fri, 13 May 2016 18:03:37 +0000 (14:03 -0400)]
Bug 15878 - C4::Barcodes::hbyymmincr inccorectly calculates max and should warn when no branchcode present
Test plan:
1 - prove t/db_dependent/Barcodes.t
2 - All should pass
3 - Apply first patch (unit tests update)
4 - Tests should fail on values and warnings
5 - Apply second patch
6 - All tests should now pass
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described
Removed tab on line 47 of C4/Barcodes/hbyymmincr.pm
No more qa errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>