]> git.koha-community.org Git - koha.git/log
koha.git
2 years agoFix translations for Koha 19.11.29
Chris Cormack [Tue, 26 Apr 2022 21:16:40 +0000 (09:16 +1200)]
Fix translations for Koha 19.11.29

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2 years agoTranslation updates for Koha 19.11.29
Koha translators [Tue, 26 Apr 2022 20:25:00 +0000 (17:25 -0300)]
Translation updates for Koha 19.11.29

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2 years agoBug 19169: Add a test to detect unneeded 'atomicupdate' files
Mason James [Sat, 5 Mar 2022 02:30:21 +0000 (15:30 +1300)]
Bug 19169: Add a test to detect unneeded 'atomicupdate' files

to test...

1/ set git repo
    $ git reset --hard v21.11.03

2/ run test
    $ prove ./t
    OK

3/ apply patch

4/ run test again, observe FAIL

    $ prove ./t/00-check-atomic-updates.pl
    ./t/00-check-atomic-updates.pl .. 1/?
    #   Failed test 'check for unhandled atomic updates: bug_29596.pl'
    #   at ./t/00-check-atomic-updates.pl line 34.
    #                   'bug_29596.pl'
    #           matches '(?^u:.*pl$)'
    # Looks like you failed 1 test of 3.
    ./t/00-check-atomic-updates.pl .. Dubious, test returned 1 (wstat 256, 0x100)
    Failed 1/3 subtests

JD Amended patch: fix copyright year
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2 years agoBug 26328: Add test
Jonathan Druart [Mon, 21 Mar 2022 14:56:21 +0000 (15:56 +0100)]
Bug 26328: Add test

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2 years agoBug 26328: Cast barcode from varchar to integer for incremental barcode
David Cook [Fri, 4 Dec 2020 05:36:04 +0000 (05:36 +0000)]
Bug 26328: Cast barcode from varchar to integer for incremental barcode

Without this patch, the incremental barcode generation will
treat 978e0143019375 as having an exponent and interpret it as a very
large number.

With this patch, the incremental barcode generation will first cast
barcode varchar strings to integers before finding a max() value.
In this case 978e0143019375 becomes 978 instead of
1.7976931348623157e308

Test plan:

0. Using koha-testing-docker

Before applying patch:

1. Go to http://localhost:8081/cgi-bin/koha/admin/preferences.pl?op=search&searchfield=autobarcode
2. Set to "generated in the form 1, 2, 3"
3. Go to http://localhost:8081/cgi-bin/koha/cataloguing/additem.pl?biblionumber=1#additema&searchid=scs_1607059974968
4. Add item with barcode 978e0143019375
5. Click "p - Barcode"
6. Note the barcode is "Inf"

After applying patch:
1. Go to http://localhost:8081/cgi-bin/koha/cataloguing/additem.pl?biblionumber=1#additema&searchid=scs_1607059974968
2. Click "p - Barcode"
3. Note the barcode is "39999000019194"

Signed-off-by: Marjorie <marjorie.barry-vila@collecto.ca>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2 years agoBug 28943: (QA follow-up) Fix opac.pref
Fridolin Somers [Sat, 22 Jan 2022 01:57:28 +0000 (15:57 -1000)]
Bug 28943: (QA follow-up) Fix opac.pref

Fix YAML syntax of opac.pref, we must use dash for new lines.

Also removes duplicate text before syspref.
No need to say "code" since it is now a list of categories.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2 years agoBug 28943: Lower the risk of accidental patron deletion
Marcel de Rooy [Tue, 7 Sep 2021 12:22:05 +0000 (12:22 +0000)]
Bug 28943: Lower the risk of accidental patron deletion

If you do not use a temporary self registration patron category,
you should actually make the preference
PatronSelfRegistrationExpireTemporaryAccountsDelay empty.

As the comment in sysprefs.sql already said, we should not let
a zero value in the pref delete patrons too.

The module is changed now, the test adjusted and
the description of both related sysprefs modified.

Test plan:
Run t/db_dependent/Members.t
Check in Administration the two adjusted OPAC pref descriptions.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2 years agoUpdate release notes for 19.11.28 release v19.11.28
Wainui Witika-Park [Wed, 16 Mar 2022 15:48:06 +0000 (15:48 +0000)]
Update release notes for 19.11.28 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoIncrement version for 19.11.28 release
Wainui Witika-Park [Wed, 16 Mar 2022 15:38:30 +0000 (15:38 +0000)]
Increment version for 19.11.28 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoFix translations for Koha 19.11.28
Wainui Witika-Park [Wed, 16 Mar 2022 15:35:38 +0000 (15:35 +0000)]
Fix translations for Koha 19.11.28

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoTranslation updates for Koha 19.11.28
Koha translators [Thu, 24 Mar 2022 00:01:39 +0000 (21:01 -0300)]
Translation updates for Koha 19.11.28

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 30296: [20.11.x] Set path for bibs_selected
Jonathan Druart [Thu, 27 Jan 2022 11:40:45 +0000 (12:40 +0100)]
Bug 30296: [20.11.x] Set path for bibs_selected

Or it does not get cleared. Not that we may want to skip it for master
as bug 29932 is going to replace it with sessionStorage

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
No longer needed too on 21.11 and 21.05.

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoMerge branch '19.11.x-security' into 19.11.x
Wainui Witika-Park [Mon, 14 Mar 2022 01:03:15 +0000 (01:03 +0000)]
Merge branch '19.11.x-security' into 19.11.x

2 years agoUpdate release notes for 19.11.27 release v19.11.27
Wainui Witika-Park [Wed, 9 Mar 2022 09:20:55 +0000 (09:20 +0000)]
Update release notes for 19.11.27 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoIncrement version for 19.11.27 release
Wainui Witika-Park [Wed, 9 Mar 2022 09:11:47 +0000 (09:11 +0000)]
Increment version for 19.11.27 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29956: Prevent login form to be serialized into cookie
Jonathan Druart [Thu, 27 Jan 2022 13:14:27 +0000 (14:14 +0100)]
Bug 29956: Prevent login form to be serialized into cookie

To recrate:
Logout
Go to /cgi-bin/koha/opac-search.pl
Click "Log in to your account"
Fill in the login form
Submit
Check the 'form_serialized' cookie's value

=> Without this patch it contain login/password
=> With this patch applied the cookie is not created

Confirm that the "Return to the last advanced search" feature still
works as expected.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29931: [21.05.x] Check cookie status before continuing
Marcel de Rooy [Mon, 24 Jan 2022 10:24:08 +0000 (10:24 +0000)]
Bug 29931: [21.05.x] Check cookie status before continuing

Test plan:
Logout from staff.
Try to run plugins-enable (you should have some active plugin).
Like: https://yourserver:staffport/cgi-bin/koha/plugins/plugins-enable.pl?class=Koha::Plugin::Test&method=enable
Replace class and method as appropriate.
Verify that with this patch, you will be redirected to 401 page.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 29931: (follow-up) Similar thing in opac-patron-image.pl

Although less harmful indeed. No borrowernumber, no image.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested: logged in, logged out, prefs toggled. All fine.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 29931: (follow-up) Fix svc/checkouts and return_claims too

Adding the same auth_status check here too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29881: libdbd-sqlite2-perl is unavailable on deb12 (koha-common wont install)
Mason James [Fri, 14 Jan 2022 06:44:24 +0000 (19:44 +1300)]
Bug 29881: libdbd-sqlite2-perl is unavailable on deb12 (koha-common wont install)

to test...

- attempt to install koha-common pkg on deb12

  confirm error...
   The following packages have unmet dependencies:
   koha-common : Depends: libdbd-sqlite2-perl but it is not installable

- apply patch, rebuild new package

- install new koha-common pkg on deb12 successfully

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 382e63cc2da99461dc34fec86dd5014f8cd544c7)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 9a761767103d5881093e9817e4f1de69150b7eb3)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit d43f0b3500e74ec46f977517768b907a3ddd9867)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoUpdate release notes for 19.11.26 release v19.11.26
Wainui Witika-Park [Thu, 24 Feb 2022 22:38:09 +0000 (22:38 +0000)]
Update release notes for 19.11.26 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoIncrement version for 19.11.26 release
Wainui Witika-Park [Thu, 24 Feb 2022 22:22:40 +0000 (22:22 +0000)]
Increment version for 19.11.26 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoFix translations for Koha 19.11.26
Wainui Witika-Park [Thu, 24 Feb 2022 22:19:21 +0000 (22:19 +0000)]
Fix translations for Koha 19.11.26

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoTranslation updates for Koha 19.11.26
Koha translators [Thu, 24 Feb 2022 21:51:17 +0000 (18:51 -0300)]
Translation updates for Koha 19.11.26

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 30045: (bug 29543 follow-up) Fix SCO print slip
Jonathan Druart [Tue, 8 Feb 2022 11:12:22 +0000 (12:12 +0100)]
Bug 30045: (bug 29543 follow-up) Fix SCO print slip

Certainly since bug 29543 and bug 29914.

We should do the same authentication check than sco-main.pl, and also
make sure to generate the checkout history only for the logged in patron
(the OPAC one, not staff member)

Test plan:
Use the different combinations of the SCO config (AutoSelfCheckAllowed,
SelfCheckoutByLogin and WebBasedSelfCheck) and confirm that this patch
fixes the SCO print slip feature.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 72fa33490b71d91658c32493c687b1c5a37dc1df)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 26cbc70d1981a1ee3d1c658a0b96fb504d65e177)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 9416f10fa5f41be46aa794fa112027b37d59267f)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: [19.11] Prevent XSS when To.json is used: unimarc_field_4XX.tt
Owen Leonard [Tue, 11 Aug 2020 17:26:18 +0000 (17:26 +0000)]
Bug 26102: [19.11] Prevent XSS when To.json is used: unimarc_field_4XX.tt

To test, edit a MARC framework to link a subfield to the
unimarc_field_4XX.tt. The process of triggering the plugin and selecting
a search result from the plugin popup should work correctly.

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: [19.11] Prevent XSS when To.json is used: guarantor_search.tt
Owen Leonard [Tue, 11 Aug 2020 15:05:59 +0000 (15:05 +0000)]
Bug 26102: [19.11] Prevent XSS when To.json is used: guarantor_search.tt

To test, edit a patron record and go through the process of adding a
guarantor. In the guarantor search results table the address should be
displayed correctly.

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: [19.11] Prevent XSS when To.json is used: catalogue/results.tt
Owen Leonard [Tue, 11 Aug 2020 12:57:48 +0000 (12:57 +0000)]
Bug 26102: [19.11] Prevent XSS when To.json is used: catalogue/results.tt

To test, perform a search in the catalogue and verify that search term
highlighting works correctly.

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: [19.11] Prevent XSS when To.json is used: authorities/blinddetail-biblio...
Owen Leonard [Tue, 11 Aug 2020 12:41:13 +0000 (12:41 +0000)]
Bug 26102: [19.11] Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt

Test the process of searching for and selecting an authority record for
use in the basic MARC editor.

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: [19.11] Prevent XSS when To.json is used: authorities/authorities.tt
Owen Leonard [Tue, 11 Aug 2020 12:34:18 +0000 (12:34 +0000)]
Bug 26102: [19.11] Prevent XSS when To.json is used: authorities/authorities.tt

Check that mandatory tags and subfields are correctly required when
editing an authority record.

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: [19.11] Prevent XSS when To.json is used: admin/preferences.tt
Owen Leonard [Tue, 11 Aug 2020 12:31:26 +0000 (12:31 +0000)]
Bug 26102: [19.11] Prevent XSS when To.json is used: admin/preferences.tt

Test that preference search term highlighting works correctly.

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoRevert "Bug 26102: Prevent XSS when To.json is used: admin/preferences.tt"
Wainui Witika-Park [Mon, 21 Feb 2022 04:58:10 +0000 (04:58 +0000)]
Revert "Bug 26102: Prevent XSS when To.json is used: admin/preferences.tt"

This reverts commit f2063ecd9ff72537408c30516a4e0a8651f6c5d2.

2 years agoRevert "Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt"
Wainui Witika-Park [Mon, 21 Feb 2022 04:58:03 +0000 (04:58 +0000)]
Revert "Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt"

This reverts commit 711848f856ebf0215055184a6dd8afa3bd7f688f.

2 years agoRevert "Bug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio...
Wainui Witika-Park [Mon, 21 Feb 2022 04:57:56 +0000 (04:57 +0000)]
Revert "Bug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt"

This reverts commit 9179e5b707673d8c9b16f842dc3abffede36b1be.

2 years agoRevert "Bug 26102: Prevent XSS when To.json is used: catalogue/results.tt"
Wainui Witika-Park [Mon, 21 Feb 2022 04:57:49 +0000 (04:57 +0000)]
Revert "Bug 26102: Prevent XSS when To.json is used: catalogue/results.tt"

This reverts commit 55c003f4afb0d32c4b5e320c728eae7c566cd82d.

2 years agoRevert "Bug 26102: Prevent XSS when To.json is used: guarantor_search.tt"
Wainui Witika-Park [Mon, 21 Feb 2022 04:57:40 +0000 (04:57 +0000)]
Revert "Bug 26102: Prevent XSS when To.json is used: guarantor_search.tt"

This reverts commit 2b332eb5bf0857b43256f8854af88bf4f10df1a9.

2 years agoRevert "Bug 26102: Prevent XSS when To.json is used: subscription-add.tt"
Wainui Witika-Park [Mon, 21 Feb 2022 04:57:32 +0000 (04:57 +0000)]
Revert "Bug 26102: Prevent XSS when To.json is used: subscription-add.tt"

This reverts commit 1048a5935b3f032719b10d9763df16dcd5041c64.

2 years agoRevert "Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt"
Wainui Witika-Park [Mon, 21 Feb 2022 04:57:23 +0000 (04:57 +0000)]
Revert "Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt"

This reverts commit 155aa985a83f47c1c565002303cd4b3eb8b00483.

2 years agoRevert "Bug 28926: Update cpanfile for Mojolicious::Plugin::OpenAPI v2.16"
Wainui Witika-Park [Mon, 21 Feb 2022 03:51:37 +0000 (03:51 +0000)]
Revert "Bug 28926: Update cpanfile for Mojolicious::Plugin::OpenAPI v2.16"

This reverts commit 6696cef07de8d565fa76651a2ed2e3b0864aaab4.

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 28926: Update cpanfile for Mojolicious::Plugin::OpenAPI v2.16
Mason James [Tue, 31 Aug 2021 04:05:05 +0000 (16:05 +1200)]
Bug 28926: Update cpanfile for Mojolicious::Plugin::OpenAPI v2.16

to test...
 - apply patch
 - build package
 - confirm in about.pl that minimum versions are updated

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit bfd033c68aa63650f7f78d85054d2d41b697c094)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 81ce0e2db52ff83e023f22c46dd20ed2f62d0190)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 2b19368e1c4620e8836f88d288bb6b4ecf7a8d30)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoUpdate release notes for 19.11.25 release v19.11.25
Wainui Witika-Park [Mon, 31 Jan 2022 03:38:43 +0000 (03:38 +0000)]
Update release notes for 19.11.25 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoIncrement version for 19.11.25 release
Wainui Witika-Park [Mon, 31 Jan 2022 03:14:36 +0000 (03:14 +0000)]
Increment version for 19.11.25 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoFix translations for Koha 19.11.25
Wainui Witika-Park [Mon, 31 Jan 2022 03:12:22 +0000 (03:12 +0000)]
Fix translations for Koha 19.11.25

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoMerge remote-tracking branch 'translate/19.11.25-translate-20220131' into 19.11.25
Wainui Witika-Park [Mon, 31 Jan 2022 02:55:03 +0000 (02:55 +0000)]
Merge remote-tracking branch 'translate/19.11.25-translate-20220131' into 19.11.25

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoTranslation updates for Koha 19.11.25
Koha translators [Mon, 31 Jan 2022 06:29:26 +0000 (03:29 -0300)]
Translation updates for Koha 19.11.25

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29903: Prevent messages to be deleted from unauthorised users
Jonathan Druart [Wed, 19 Jan 2022 10:21:54 +0000 (11:21 +0100)]
Bug 29903: Prevent messages to be deleted from unauthorised users

The "Delete" link is hidden but the controller does not do the necessary checks.

/cgi-bin/koha/circ/del_message.pl?message_id=1&borrowernumber=5&from=moremember

Test plan:
Create a message, see the "Delete" link, don't click it but copy it
Change logged in library and use the link
If AllowAllMessageDeletion is off you should be redirected to 403

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a2b9a76431a887aad7ebcee7b34fb921159271fd)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 5f9b8321ae6b2f5adc9e0c21dcd9f780b59c47d5)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29542: Prevent access to private list to non authorized users
Jonathan Druart [Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)]
Bug 29542: Prevent access to private list to non authorized users

The catalogue permission is not enough.

Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
  /cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX

You should get an error message "You do not have sufficient permission
to continue."

Login with user A
=> You should be able to send the list

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6ca49b550e54a0f1729c5d23838256a0e4542f91)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 2c41540b3bca62f8194b8392a283325411780ace)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29914: Remove 'Use of uninitialized value ' warnings
Jonathan Druart [Tue, 25 Jan 2022 10:57:01 +0000 (11:57 +0100)]
Bug 29914: Remove 'Use of uninitialized value ' warnings

(cherry picked from commit 68c11c517907912dd27bc9bd1fd3bcf699bb6f82)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 7d4fb54aead7133cdfd7400d3d5c8c06ad3d7034)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29914: (QA follow-up) Add comment to explain last case
Nick Clemens [Mon, 24 Jan 2022 14:23:29 +0000 (14:23 +0000)]
Bug 29914: (QA follow-up) Add comment to explain last case

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
JD amended patch: remove ref to line number

(cherry picked from commit a866722ae620f435c3c5e1933a83f7b82927c108)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 0886a2f1e607272feb2fa101f7616343a02223be)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29914: (QA follow-up) Expand tests to cover failure case before patches
Nick Clemens [Mon, 24 Jan 2022 14:19:24 +0000 (14:19 +0000)]
Bug 29914: (QA follow-up) Expand tests to cover failure case before patches

When asking for permissions we get 'failed', without we get 'ok'
Adding explicit checks for not 'ok'

Add a FIXME:
We should cover the case where we return 'failed' after changes, but that is a larger undertaking

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit e956130f8f57d6204637015e57f362563041f984)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 723928fbc84b1552814e8111372e5fb1f850364e)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29914: Remove warn on timeout
Marcel de Rooy [Fri, 21 Jan 2022 10:50:59 +0000 (10:50 +0000)]
Bug 29914: Remove warn on timeout

The value of the system preference 'timeout' is not correct, defaulting to 600.

Caused by previous test. Actually an omission in another sub that
does not seem to support 10x.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit eea32e6c5d39f5ec506b5c6cc81b390fcb6f8c52)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 5653dabab18ac8ef0029fc3e486b26ada2ca8bbd)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29914: Add tests
Jonathan Druart [Fri, 21 Jan 2022 08:23:38 +0000 (09:23 +0100)]
Bug 29914: Add tests

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 3af901ae645a380d167fbc7b4e96bea892318d49)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 86abecb3c2690745035c6703681505e825a8eb9a)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29914: Make check_cookie_auth compare the userid
Jonathan Druart [Thu, 20 Jan 2022 09:10:05 +0000 (10:10 +0100)]
Bug 29914: Make check_cookie_auth compare the userid

check_cookie_auth is assuming that the user is authenticated if a cookie exists
and that the login/username exists in the DB.

So basically if you hit the login page, fill the login input with a
valid username, click "login"
=> A cookie will be generated, and the sessions table will contain a
line with this session id.
On the second hit, if the username is in the DB, it will be enough to be
considered authenticated.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7114dc2fb1a1440dd031ee771efee6e50bb86540)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit be18dc19b8e84919416eab5cd43f4ed345fc280a)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29544: (QA follow-up) Simplify code
Tomas Cohen Arazi [Wed, 12 Jan 2022 12:43:48 +0000 (09:43 -0300)]
Bug 29544: (QA follow-up) Simplify code

I think this is a better approach for the same thing. Posting it just in
case it helps.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 191cf52da7e2829cba1206612f2dcfc21366a986)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29544: Fix opac-issue-note.pl
Jonathan Druart [Thu, 2 Dec 2021 08:04:14 +0000 (09:04 +0100)]
Bug 29544: Fix opac-issue-note.pl

We must check if logged in user is trying to modify one of their
checkouts

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit b8b4328ffddfbb03a4a9f0647bd0df6a79c4badd)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29544: Ensure logged in user is allowed to modify checkout note
Jonathan Druart [Mon, 22 Nov 2021 13:56:58 +0000 (14:56 +0100)]
Bug 29544: Ensure logged in user is allowed to modify checkout note

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 22d733e277a82ee6e707a5dd023d0317b15322a3)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29541: Prevent users from another group to access patron's images
Jonathan Druart [Mon, 6 Dec 2021 12:58:25 +0000 (13:58 +0100)]
Bug 29541: Prevent users from another group to access patron's images

We should respect group restrictions here.

Test plan:
Create a patron from another group of libraries and don't let them
access info from patrons outside of this group.
Access the following link and confirm that you can see the image only
for patrons from their group
  /cgi-bin/koha/members/patronimage.pl?borrowernumber=XX

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 09cb5e02e6fad7b0dd3137d925646d714444a704)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29541: Restrict access to patron's image to borrowers => * and circulate => *
Jonathan Druart [Mon, 22 Nov 2021 14:29:58 +0000 (15:29 +0100)]
Bug 29541: Restrict access to patron's image to borrowers => * and circulate => *

The patron images is displayed on the 'circulation' and 'members'
modules.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit cd08058b196da18728cd78fd234bbb87194dc748)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29540: Raise flagsrequired in modrequest
Marcel de Rooy [Mon, 22 Nov 2021 07:55:47 +0000 (07:55 +0000)]
Bug 29540: Raise flagsrequired in modrequest

Test plan:
Try modrequest with a user having only 'catalogue' perms and the following URLs:
[1] /cgi-bin/koha/reserve/modrequest.pl?reserve_id=XX&CancelBorrowerNumber=XX&CancelItemnumber=XX&biblionumber=XX
    Fill the XXs with correct identifiers for some item level hold.
[2] /cgi-bin/koha/reserve/modrequest_suspendall.pl?suspend=1&suspend_until=2021-12-01&borrowernumber=XX
    Fill the XX with borrowernumber for borrower that has pending holds.
You should see: Error: You do not have permission to access this page.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[AMENDED] More consensus for using reserveforothers than circulate_remaining.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 15285ae209f5a98ab2e77c730b0b70ff0b29c283)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 906228266b05fa660476d1f5b9320ac79241db82)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 28735: Self-checkout users can access opac-user.pl for sco user when not using...
David Cook [Thu, 22 Jul 2021 06:34:20 +0000 (06:34 +0000)]
Bug 28735: Self-checkout users can access opac-user.pl for sco user when not using AutoSelfCheckID

This patch makes the sandboxing of the selfcheckout more robust by
adding a "sco_user" session variable which is turned on when
logging into the self-checkout (either by AutoSelfCheckAllowed or manually).

If a user with this session variable turned on tries to access
other parts of the system (like the rest of the OPAC), it will
"kick out", so that the browser user will lose the authenticated session.

Test plan:
1) Apply the patch
2) koha-plack --restart kohadev
3) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
4) Note that you are logged into the self-checkout
     So you see the login screen specific to the self-checkout.
     To log with the actual patron. It's a nested auth.
5) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
6) Note that you are not logged into the OPAC
7) Log into the staff interface and disable the
system preference AutoSelfCheckAllowed
8) Log out of the staff interface (this step is very important)
9) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
10) Note that you are prompted to log into Koha
11) Login using the "koha" user (when using koha-testing-docker)
12) Note that you are logged into the self-checkout
13) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
14) Note that you are not logged into the OPAC
      Without the patch you would still be logged as "koha"
15) Go back to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
16) Note that you will need to log in again as you've lost your
session cookie
      Without the patch you will still be logged in the self-checkout
Voila!

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt
Owen Leonard [Tue, 11 Aug 2020 17:26:18 +0000 (17:26 +0000)]
Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt

To test, edit a MARC framework to link a subfield to the
unimarc_field_4XX.tt. The process of triggering the plugin and selecting
a search result from the plugin popup should work correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit dbd13593538b8dbba9dfe9ff200b1d472ec0595b)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit f424ae7dd89a1dfe1b2ab5a054a4388fabe03c37)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: Prevent XSS when To.json is used: subscription-add.tt
Owen Leonard [Tue, 11 Aug 2020 15:22:33 +0000 (15:22 +0000)]
Bug 26102: Prevent XSS when To.json is used: subscription-add.tt

Test the process of adding a subscription, entering both a valid vendor
ID and a non-existent vendor ID. The non-existent vendor ID should
trigger a validation alert.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 583aad8e48790443a14ac4b7dfe85fa1bdeb91a2)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit c971585ab03bf0686d68ad2c73f02006684bc3ed)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: Prevent XSS when To.json is used: guarantor_search.tt
Owen Leonard [Tue, 11 Aug 2020 15:05:59 +0000 (15:05 +0000)]
Bug 26102: Prevent XSS when To.json is used: guarantor_search.tt

To test, edit a patron record and go through the process of adding a
guarantor. In the guarantor search results table the address should be
displayed correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 11d0a05eb9f1a13c07f3c56d8e40dbbd1bc43938)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 82e76c4aeefa11a43cdb53ba566bb1de912e0f67)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: Prevent XSS when To.json is used: catalogue/results.tt
Owen Leonard [Tue, 11 Aug 2020 12:57:48 +0000 (12:57 +0000)]
Bug 26102: Prevent XSS when To.json is used: catalogue/results.tt

To test, perform a search in the catalogue and verify that search term
highlighting works correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0de86fd323545796d57d2e289c10a33970050716)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 2a56d56f434c777b017c300cb906964ae15f52f4)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt
Owen Leonard [Tue, 11 Aug 2020 12:41:13 +0000 (12:41 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt

Test the process of searching for and selecting an authority record for
use in the basic MARC editor.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 57a2a82c504815d5d8e95c20be43611d96abcf13)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 2631c0bcb7a90beaf62ce1401769c4c64f78c0b5)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: Prevent XSS when To.json is used: authorities/authorities.tt
Owen Leonard [Tue, 11 Aug 2020 12:34:18 +0000 (12:34 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt

Check that mandatory tags and subfields are correctly required when
editing an authority record.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d9ae296b23d6897070c6bb788387ab39e7da8f09)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 3cb5340c89f5c609f9154e2f3eb14ba0e195e0f2)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 26102: Prevent XSS when To.json is used: admin/preferences.tt
Owen Leonard [Tue, 11 Aug 2020 12:31:26 +0000 (12:31 +0000)]
Bug 26102: Prevent XSS when To.json is used: admin/preferences.tt

Test that preference search term highlighting works correctly.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5df95693f93e1ef95f74eb4a118319e84ed7703e)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit b4b87a3091a38985d13f2a6d2eb243589ec8b7dd)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 29543: [19.11] Enforce authentication for self-checkout
Jonathan Druart [Wed, 5 Jan 2022 10:24:12 +0000 (11:24 +0100)]
Bug 29543: [19.11] Enforce authentication for self-checkout

The self-checkout feature is assuming a patron is logged in if patronid
is passed. It also assumes that "We're in a controlled environment; we
trust the user", which is terribly wrong!

This patch is suggesting to generate a JSON Web Token (JWT) to store in
a cookie and only allow action (renew, check in/out) is the token is
valid. The token is only generated once the user has been authenticated
And is removed when the user finish the session/logout.

Test plan:
You must know exactly how the self-checkout feature works to test this patch.
The 4 following sysprefs must be tested:
 SelfCheckoutByLogin, AutoSelfCheckAllowed, AutoSelfCheckID, AutoSelfCheckPass
Confirm that you can renew, checkin for the items you own, and checkout new items.
Confirm that you are not allowed to access other account's info.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 29543: Remove borrower variable

It's not needed, we have $patron

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 29543: Remove inputfocus variable

It's not used in template

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 29543: Add JWT token handling

Mojo::JWT is installed already, it's not a new dependency.
We need a way to send the patron a token when it's correctly logged in,
and not assumed it's logged in only if patronid is passed

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 29543: Prevent user to checkin or renew items they don't own

Checkin or renew must be restricted to the items they own.

Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
    /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
    /cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1

You should see an error message

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 29543: (follow-up) Add a warning to SelfCheckoutByLogin

This updates the language to warn users of risk if using cardnumber for login and auto-self-check is enabled

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Bug 29543: Add Mojo::JWT dependency

Bug 29543: Set autocomplete off for SCO login fields

Cardnumber already had it set, adding for username and password

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoUpdate release notes for 19.11.24 release v19.11.24
Wainui Witika-Park [Tue, 4 Jan 2022 05:44:14 +0000 (05:44 +0000)]
Update release notes for 19.11.24 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoIncrement version for 19.11.24 release
Wainui Witika-Park [Tue, 4 Jan 2022 04:32:38 +0000 (04:32 +0000)]
Increment version for 19.11.24 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoFix translations for Koha 19.11.24
Wainui Witika-Park [Tue, 4 Jan 2022 04:29:38 +0000 (04:29 +0000)]
Fix translations for Koha 19.11.24

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoTranslation updates for Koha 19.11.24
Koha translators [Tue, 4 Jan 2022 03:51:30 +0000 (00:51 -0300)]
Translation updates for Koha 19.11.24

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
2 years agoBug 28904: Fix typo and display
Martin Renvoize [Mon, 1 Nov 2021 09:52:26 +0000 (09:52 +0000)]
Bug 28904: Fix typo and display

Fix typo in template: Newletter => Newsletter
Fix latest newsletter editor definition.. it's a has not an array.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ded631f39e82352a713a252af714b4e2907c4c2f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f0695c74201fa4d2a8ddd22b7eddf91d1a72d6d8)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 95257f7f5c5713d34f15152fe3a25f7b4de45e96)
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit 95257f7f5c5713d34f15152fe3a25f7b4de45e96)

2 years agoBug 28904: Update team list to include newsletter editors
Martin Renvoize [Wed, 27 Oct 2021 14:37:07 +0000 (15:37 +0100)]
Bug 28904: Update team list to include newsletter editors

It seems we stopped recording the newsletter editor as part of the team
for a while :(.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6c85c1eac7b77665269e2baa33643854e5108853)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ceeec5155dc77113d2113d877947202c562344e4)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 19d68212b8c24da17972c9cf6203f9ab525771ee)
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit 19d68212b8c24da17972c9cf6203f9ab525771ee)

2 years agoBug 28904: Add newsletter editor to about page display
Martin Renvoize [Wed, 27 Oct 2021 14:27:45 +0000 (15:27 +0100)]
Bug 28904: Add newsletter editor to about page display

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 77448b618d1865a21815d434f071a223d706f21b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 86282f26d1ecbaeec00d2a97f4578914dede4bdd)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 9d9a981fafff59fe3566aaa1313d568ff9353a75)
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit 9d9a981fafff59fe3566aaa1313d568ff9353a75)

2 years agoBug 29300: Add 22.05 release team to teams.yaml
Martin Renvoize [Thu, 21 Oct 2021 12:10:35 +0000 (13:10 +0100)]
Bug 29300: Add 22.05 release team to teams.yaml

Add the 22.05 release team.

Test plan
1/ Check against
   https://wiki.koha-community.org/wiki/Release_Teams

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cc8a49d2e3519efedb178412669a998ffe629225)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c4654df6735c596fe78ff448bb41ef768ff9ac17)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit ffeb0b619172922bd94ab472b2b6a4b0eca65bd1)
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit ffeb0b619172922bd94ab472b2b6a4b0eca65bd1)

2 years agoBug 29524: (bug 28935 follow-up) Restore modification of some patron's attributes
Jonathan Druart [Mon, 22 Nov 2021 13:24:40 +0000 (14:24 +0100)]
Bug 29524: (bug 28935 follow-up) Restore modification of some patron's attributes

On
  commit 5f37d8d2f496ce3c9fd6dfd5a2efa7a9fe435af3
  Bug 28935: No filtering on patron's data on member entry pages
we restricted the list of the columns from the borrowers table that can
be modified from the patron edit view.
We were too restrictive, the following 3 attributes can be edited from
this form: privacy_guarantor_fines, privacy_guarantor_checkouts,
checkprevcheckout and lang

Test plan:
Turn on the following prefs:
- AllowStaffToSetFinesVisibilityForGuarantor
- AllowStaffToSetCheckoutsVisibilityForGuarantor
- CheckPrevCheckout (set to 'unless overridden *')
- TranslateNotices
Edit a patron and see the 4 different options are now displayed.
Change their value, save, edit again
Confirm that the values have been saved

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0ca1419b26be84f7670f60446e621cfd878f6580)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 04df6726ab9b9a14d7d0f2353c3b8cdc1d28b63e)
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit 04df6726ab9b9a14d7d0f2353c3b8cdc1d28b63e)

2 years agoBug 28772: DBRev 19.11.23.001
Jonathan Druart [Tue, 23 Nov 2021 11:12:02 +0000 (12:12 +0100)]
Bug 28772: DBRev 19.11.23.001

Note that this added back the following patch: "Bug 28772: Do not hash secrets twice"

https://bugs.koha-community.org/show_bug.cgi?id=29132
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoUpdate release notes for 19.11.23 release v19.11.23
Wainui Witika-Park [Wed, 27 Oct 2021 04:10:48 +0000 (04:10 +0000)]
Update release notes for 19.11.23 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoIncrement version for 19.11.23 release
Wainui Witika-Park [Wed, 27 Oct 2021 03:57:37 +0000 (03:57 +0000)]
Increment version for 19.11.23 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoTranslation updates for Koha 19.11.23
Koha translators [Wed, 27 Oct 2021 21:54:20 +0000 (18:54 -0300)]
Translation updates for Koha 19.11.23

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoBug 29032: Pre-load ILL backends to speed up response
Tomas Cohen Arazi [Wed, 15 Sep 2021 15:12:33 +0000 (12:12 -0300)]
Bug 29032: Pre-load ILL backends to speed up response

Bug 22440 will rewrite the route and make it even more efficient by
prefetching the related data instead of performing several queries in
loops.

In the meantime, we can make this controller perform better with a
simple intervention: load backends once, and use the
$request->_backend() setter to pre-set it before using the objects.

To test:
1. Perform any usual ILL requests listing, try having several
=> FAIL: Notice it takes a weird amount of time to load
2. Apply this patch
3. Restart all
4. Repeat 1
=> SUCCESS: It feels fast enough!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7b1dc9d5f977aeb606cd2f766f3c3b8043d7a3f6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit fa84d0704f85381cd7026d1c51cb832ade4ca870)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit be277cd4c6c348fe963f2f0debd2ca06a3dd3129)
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit be277cd4c6c348fe963f2f0debd2ca06a3dd3129)

3 years agoBug 28676: Cache and retrieve match_count when searching a cached heading
Nick Clemens [Wed, 7 Jul 2021 15:39:43 +0000 (15:39 +0000)]
Bug 28676: Cache and retrieve match_count when searching a cached heading

We use match_count to determine if a new authority record should be created, however,
we were not adding this count to the cache, so if a record returned too many matches on first
lookup, we would create a new record on the second lookup

To test:
1 - Set Linker Module to 'Default'
2 - Enable  AutoCreateAuthorities  and  BiblioAddsAuthorities and  CatalogModuleRelink and LinkerRelink
3 - Add two copies of a single authority via Z39
4 - Add two headings for that authority to a bib record (e.g. a 610 and 710)
5 - Save the record and note a new authority is generated
6 - Repeat and see another is generated
7 - Apply patch
8 - Restart all the things
9 - Save the record again, no new authority created

Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c46cefb7c505e31bf3c0683f1f5ce3e08a1cd6f4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 9d5150e4cd82b05bf0e7a62a5964d678fc363086)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 848ac85dcc5b35f3d71952f58efa33d3761047f8)
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit 848ac85dcc5b35f3d71952f58efa33d3761047f8)

3 years agoBug 28676: Unit test
Nick Clemens [Wed, 7 Jul 2021 15:39:21 +0000 (15:39 +0000)]
Bug 28676: Unit test

Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 869f1c758cb78454c48e180f1533893b5dcb5d11)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 97dcf5ded6fa6602ee645f3f6431b52b843bc8b9)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit e30c1a5c08900a148d8799f3ec4c02126e865ffa)
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit e30c1a5c08900a148d8799f3ec4c02126e865ffa)

3 years agoBug 28960: Explicitly call get_column
Martin Renvoize [Tue, 7 Sep 2021 11:14:03 +0000 (12:14 +0100)]
Bug 28960: Explicitly call get_column

This patch adds get_column to ensure we are returning a string value of
a field rather than accidentally triggering a relationship accessor.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c3ef810a546ac35557484e12d7c2ff10c471b62d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 9dbf469605a3e97e66cb079961da65f7240e0cef)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit be4fbeff29ebe35a1dddd72ae94736e9c73388e8)
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit be4fbeff29ebe35a1dddd72ae94736e9c73388e8)

3 years agoUpdate release notes for 19.11.22 release v19.11.22
Wainui Witika-Park [Mon, 20 Sep 2021 12:26:14 +0000 (12:26 +0000)]
Update release notes for 19.11.22 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoIncrement version for 19.11.22 release
Wainui Witika-Park [Mon, 20 Sep 2021 12:12:47 +0000 (12:12 +0000)]
Increment version for 19.11.22 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoMerge remote-tracking branch 'translate/19.11.22-translate-20210922' into 19.11.22sec...
Wainui Witika-Park [Mon, 20 Sep 2021 12:05:43 +0000 (12:05 +0000)]
Merge remote-tracking branch 'translate/19.11.22-translate-20210922' into 19.11.22security

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoTranslation updates for Koha 19.11.22
Koha translators [Thu, 23 Sep 2021 00:47:40 +0000 (21:47 -0300)]
Translation updates for Koha 19.11.22

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoMerge branch 'rmaint_19.11.x' into 19.11.22security
Wainui Witika-Park [Mon, 20 Sep 2021 11:05:50 +0000 (11:05 +0000)]
Merge branch 'rmaint_19.11.x' into 19.11.22security

3 years agoBug 28772: [19.11.x] Fix Koha/Object.t
Jonathan Druart [Tue, 21 Sep 2021 08:59:22 +0000 (10:59 +0200)]
Bug 28772: [19.11.x] Fix Koha/Object.t

Koha::ApiKeys is no longer the simple object we need to test
Koha::Object->store, let use Koha::Library::Groups

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoRevert "Bug 28772: Fix Koha/Object.t"
Wainui Witika-Park [Mon, 20 Sep 2021 10:58:35 +0000 (10:58 +0000)]
Revert "Bug 28772: Fix Koha/Object.t"

This reverts commit 711bde5f5729c9adaa0e61bc6776835511c3441d.

3 years agoBug 28772: Fix Koha/Object.t
Jonathan Druart [Tue, 21 Sep 2021 08:59:22 +0000 (10:59 +0200)]
Bug 28772: Fix Koha/Object.t

Koha::ApiKeys is no longer the simple object we need to test
Koha::Object->store, let use Koha::Library::Groups
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 5c22a4ca6109d3c70ed8775168f9d19fd234b284)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit 5c22a4ca6109d3c70ed8775168f9d19fd234b284)

3 years agoBug 28772: Fix auth_authenticate_api_request.t
Tomas Cohen Arazi [Tue, 21 Sep 2021 16:18:52 +0000 (13:18 -0300)]
Bug 28772: Fix auth_authenticate_api_request.t

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 17b2477d65cc2c0f0716556de65fd0e95ae6a590)

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit 17b2477d65cc2c0f0716556de65fd0e95ae6a590)

3 years agoRevert "Bug 28772: Update existing keys [STABLE]"
Wainui Witika-Park [Mon, 20 Sep 2021 09:02:26 +0000 (09:02 +0000)]
Revert "Bug 28772: Update existing keys [STABLE]"

This reverts commit e5c4127e8e42e71a25f20cf228eda821505a95fd.

3 years agoRevert "Bug 28772: Do not hash secrets twice"
Wainui Witika-Park [Mon, 20 Sep 2021 09:01:41 +0000 (09:01 +0000)]
Revert "Bug 28772: Do not hash secrets twice"

This reverts commit 9e087c7c8efefb84fedc650ef28959540a5c64dc.

3 years agoRevert "Bug 28604: Prevent double encoding of MARC::Record::MiJ->to_mij output"
Wainui Witika-Park [Mon, 20 Sep 2021 08:27:48 +0000 (08:27 +0000)]
Revert "Bug 28604: Prevent double encoding of MARC::Record::MiJ->to_mij output"

This reverts commit 5c89018abd5b209ae48ec853bad599f0d670c328.

3 years agoRevert "Bug 28604: Regression tests"
Wainui Witika-Park [Mon, 20 Sep 2021 08:27:24 +0000 (08:27 +0000)]
Revert "Bug 28604: Regression tests"

This reverts commit c1a76b0d80b2d16bfb9160003cefe9f82557e832.

3 years agoBug 28772: Make validate_secret return 1|0
Jonathan Druart [Fri, 10 Sep 2021 08:34:41 +0000 (10:34 +0200)]
Bug 28772: Make validate_secret return 1|0

Not an empty string

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoBug 28772: (QA follow-up) Apply change to other dbrev too [STABLE]
Marcel de Rooy [Thu, 9 Sep 2021 12:42:01 +0000 (12:42 +0000)]
Bug 28772: (QA follow-up) Apply change to other dbrev too [STABLE]

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoBug 28772: Update existing keys [STABLE]
Tomas Cohen Arazi [Mon, 30 Aug 2021 14:08:30 +0000 (11:08 -0300)]
Bug 28772: Update existing keys [STABLE]

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 years agoBug 28772: (QA follow-up) Fix wrong message
Tomas Cohen Arazi [Thu, 9 Sep 2021 11:53:07 +0000 (08:53 -0300)]
Bug 28772: (QA follow-up) Fix wrong message

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>