]> git.koha-community.org Git - koha.git/log
koha.git
2 months agoIncrement version for 23.11.08 release
Tomas Cohen Arazi [Tue, 13 Aug 2024 04:32:07 +0000 (01:32 -0300)]
Increment version for 23.11.08 release

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: (QA follow-up) Move sth error check up
Tomas Cohen Arazi [Tue, 13 Aug 2024 04:08:44 +0000 (01:08 -0300)]
Bug 37508: (QA follow-up) Move sth error check up

This patch moves the error check right before the ->check_columns call.
This is how main and 24.05 behave. 23.11 doesn't have bug 35907
backported so things are not exactly the same. With this patch tests
pass and the only difference in behavior is logging.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: Don't return Internal server error when running report
Nick Clemens [Mon, 12 Aug 2024 12:10:12 +0000 (12:10 +0000)]
Bug 37508: Don't return Internal server error when running report

To test:
1 - Create a report like:
SELECT "a"
FROM borrowers
WHERE <<Test>> != ''
2 - Run report
3 - Enter "password"
4 - Internal server error / stacktrace
5 - Apply patch
6 - Repeat
7 - Get a yellow warning box

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: (QA follow-up) Use ->check_columns
Marcel de Rooy [Fri, 9 Aug 2024 09:56:11 +0000 (09:56 +0000)]
Bug 37508: (QA follow-up) Use ->check_columns

Add shebang to Guided.t too.

Test plan:
See also previous commits.
Try sql like:
  select access_token from oauth_access_tokens

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: (QA follow-up) Move check to Koha::Report, extend
Marcel de Rooy [Fri, 9 Aug 2024 09:50:44 +0000 (09:50 +0000)]
Bug 37508: (QA follow-up) Move check to Koha::Report, extend

Do not allow password but allow password_expiry_days etc.
Do not allow token, secret and uuid too.

Test plan:
Run t/db_dependent/Koha/Reports.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: (follow-up) Don't pass the column or sql containing password
Aleisha Amohia [Thu, 8 Aug 2024 23:53:47 +0000 (23:53 +0000)]
Bug 37508: (follow-up) Don't pass the column or sql containing password

This patch replaces these variables with a non-translatable message.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: (follow-up) Throw error is password is in SQL query at all
Aleisha Amohia [Wed, 7 Aug 2024 04:37:25 +0000 (04:37 +0000)]
Bug 37508: (follow-up) Throw error is password is in SQL query at all

Confirm tests pass t/db_dependent/Reports/Guided.t

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: Test for errors when returning an aliased password column
David Cook [Wed, 7 Aug 2024 01:15:10 +0000 (01:15 +0000)]
Bug 37508: Test for errors when returning an aliased password column

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: Throw error if password column is detected in SQL report
Aleisha Amohia [Mon, 29 Jul 2024 03:53:06 +0000 (03:53 +0000)]
Bug 37508: Throw error if password column is detected in SQL report

This enhancement prevents SQL queries from being run if they would return a password field from the database table.

To test:

1. Run tests and notice they fail t/db_dependent/Reports/Guided.t

2. Apply patch and restart services

3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t

Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37370: Return 400 if OpacExportOptions does not contain the passed format
Tomas Cohen Arazi [Tue, 16 Jul 2024 15:43:39 +0000 (12:43 -0300)]
Bug 37370: Return 400 if OpacExportOptions does not contain the passed format

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37466: Add correct filter for sort_by in results.tt
David Cook [Thu, 25 Jul 2024 06:44:37 +0000 (06:44 +0000)]
Bug 37466: Add correct filter for sort_by in results.tt

This patch replaces the $raw filter with the correct uri filter
for the sort_by in results.tt

Test plan:
1. Apply patch
2. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=1
3. Click on "Edit this search"
4. Note that the "Popularity (most to least)" Sort by option is selected
5. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=24y24ty2498294t9824yt9y23
6. Click on "Edit this search"
7. Note that the "Popularity (most to least)" Sort by option is selected

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37464: Validate "type" sent to barcode/svc
David Cook [Thu, 25 Jul 2024 06:56:18 +0000 (06:56 +0000)]
Bug 37464: Validate "type" sent to barcode/svc

This change validates the "type" sent to the barcode/svc. Without this
change, we pass the user input directly to GD::Barcode, which passes
the input into an eval{} block without any validation of its own.

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=bad&barcode=123456
3. Note that a Code39 barcode is provided for an invalid type
4. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=Code39&barcode=123456
5. Note that a Code39 barcode is provided
6. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=UPCE&barcode=123456
7. Note that a non-Code39 barcode is provided (presumably UPCE)

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37488: Validate paths in datalink.txt/idlink.txt files
David Cook [Fri, 26 Jul 2024 04:01:43 +0000 (04:01 +0000)]
Bug 37488: Validate paths in datalink.txt/idlink.txt files

This change validates the paths in datalink.txt/idlink.txt,
so that only images in the unpacked archive directory are allowed

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Create a datalink.txt file with the following:
42,selfie.jpg
3. Create a jpeg at selfie.jpg
4. ZIP the datalink.txt and selfie.jpg files
5. Upload to the "Upload patron images" tool
(after enabling the "patronimages" system preference)
6. Note that the image uploads correctly

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37323: Tidy
David Cook [Fri, 26 Jul 2024 03:27:22 +0000 (03:27 +0000)]
Bug 37323: Tidy

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37323: Don't allow symlinks in link files in zip and validate filepaths
Chris Cormack [Thu, 18 Jul 2024 23:57:32 +0000 (23:57 +0000)]
Bug 37323: Don't allow symlinks in link files in zip and validate filepaths

Test plan:
0. Apply patch and restart/reload Koha
1. Test that uploading a patron image still works, in single file format and as a zip

Work as suggested

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37323: Escape characters in patron image picture upload
Amit Gupta [Thu, 11 Jul 2024 17:43:06 +0000 (23:13 +0530)]
Bug 37323: Escape characters in patron image picture upload

To Test
1. Create a file name for example: test.zip`curl xxxxtesting.informaticsglobal.com`.zip
   where the domain is one you can watch the logs from.
2. Go to Tools and click on Upload patron images choose option zip file and upload the file.
3. Check /var/log/apache2/access.log and see the curl with the IP
   "xx.xxx.xx.xxx - - [11/Jul/2024:23:10:33 +0530] "GET / HTTP/1.1" 200 267 "-" "curl/7.68.0"
4. Apply the patch
5. Repeat 2 and 3 step and check no error is coming for the Remote execution error.
6. Test uploading actual zip file and images still works.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37255: Fix handling of "All" values on waiting hold cancellation policy
Emmi Takkinen [Thu, 4 Jul 2024 11:23:31 +0000 (14:23 +0300)]
Bug 37255: Fix handling of "All" values on waiting hold cancellation policy

If one creates a default waiting hold cancellation policy with
patron categories set as "All" and itemtype set as "All", Koha
breaks on 500 error. This happens because in we try to match
template policy with "All" values either in category or itemtype
with *, not undef. This patch fixes this.

To test:
1. Create a new default waiting hold cancellation policy and
set both patron category and itemtype as "All".
2. Save policy.
=> Error page for error 500 is displayed.
3. Apply this patch.
4. Reload page.
=> Page is displayed and policy listing displays new policy
as it should.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37533: fix query in orderreceive.tt
Andreas Jonsson [Wed, 31 Jul 2024 09:06:02 +0000 (09:06 +0000)]
Bug 37533: fix query in orderreceive.tt

The new validation in the REST API will no longer allow
the operator "in".  Consequently, it has to be replaced
with the allowed "-in".

Test plan:

 * Open an invoice and click "Go to receipt page" and
   on any basket click "receive" and make sure the dialog
   box appears.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
3 months agoBug 36480: (follow-up) Add missing library_id parameter
Martin Renvoize [Mon, 22 Jul 2024 13:52:29 +0000 (14:52 +0100)]
Bug 36480: (follow-up) Add missing library_id parameter

The /libraries/{library_id}/desks endpoint was missing the
library_id parameter definition from the swagger specification.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6aadc4a42308815803ac77c124ac4e778141e349)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 51d15f7ca88fba05266bd6e9d05127dd94d2f313)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 10758: Show title of deleted biblio on basket page
Marcel de Rooy [Mon, 12 Feb 2024 08:01:26 +0000 (08:01 +0000)]
Bug 10758: Show title of deleted biblio on basket page

Test plan:
Find a completed order line and a cancelled one with deleted biblios.
Goto acqui/basket.pl
Check if you see the title if deleted_biblionumber is filled.

Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 62b48bb932a165bf01e7a0d0866ed2d92e90263e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36187: Corrected set data.patron_id in select_suggestor()
Lucas Gass [Fri, 1 Mar 2024 15:46:04 +0000 (15:46 +0000)]
Bug 36187: Corrected set data.patron_id in select_suggestor()

To test:
1. Make a new suggestion in the staff interface and attempt to set the "Created by" patron to someone other than the logged in user.
2. Submit the suggestion.
3. select suggestedby from suggestions where suggestionid = X; ( Where X is the suggestionid )
4. The value is NULL
5. On suggestion/suggestion.pl the "Suggested by" column is blank.
6. APPLY PATCH
7. Try 1 - 3 again. This time the suggestedby should be correctly set.

Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 607b80c5a601f54920a2b3b259896ac4e490e0ab)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoUpdate release notes for 23.11.07 release v23.11.07
Fridolin Somers [Thu, 25 Jul 2024 08:41:40 +0000 (10:41 +0200)]
Update release notes for 23.11.07 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoIncrement version for 23.11.07 release
Fridolin Somers [Thu, 25 Jul 2024 08:04:56 +0000 (10:04 +0200)]
Increment version for 23.11.07 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37210: Properly escape SQL query parameters by using bind values
Julian Maurice [Tue, 2 Jul 2024 14:32:32 +0000 (16:32 +0200)]
Bug 37210: Properly escape SQL query parameters by using bind values

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
3 months agoBug 37210: Escape single quote in search string in overdue.pl
Hammat Wele [Thu, 27 Jun 2024 14:09:04 +0000 (14:09 +0000)]
Bug 37210: Escape single quote in search string in overdue.pl

To Test:
1. Go to /cgi-bin/koha/circ/overdue.pl
2. In the «Name or card number» field, type «Tommy'and(select(0)from(select(sleep(10)))v)and'»
3. Apply the filter
   ==> It takes 10 seconds, sleep(10) is executed
4. Inspect the page, in «Patron category:» field, put «Tommy'and(select(0)from(select(sleep(10)))v)and'» in one of his option's value
5. select the option from the filter and Apply the filter
   ==> It takes 10 seconds, sleep(10) is executed
we can inject SQL to the followin field : borname, itemtype, borcat, holdingbranch, homebranch and branch
6. Apply the patch
7. Repeat step 1,2,3
   ==> it doesn't take 10 seconds, the injected sql is not executed
8. Repeat step 5
==> it doesn't take 10 seconds, the injected sql is not executed
9. Repeat step 5 with the followin field : itemtype, holdingbranch, homebranch and branch
   ==> it doesn't take 10 seconds, the injected sql is not executed

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
3 months agoBug 37018: Add 400 response definition to all routes
Tomas Cohen Arazi [Mon, 8 Jul 2024 20:21:25 +0000 (17:21 -0300)]
Bug 37018: Add 400 response definition to all routes

This patch adds a test for well defined 400 responses on all verbs and
paths on the API spec.

The tests verify:

* Presence of 400 response definition
* The description must start with 'Bad request' (needs coding guideline)
* If DBIC queries are allowed on the route, then `invalid_query` needs
  to be mentioned in the description.

All routes get fixed to make the tests pass.

To test:
1. Apply this patch
2. Run:
   $ ktd --shell
  k$ yarn api:bundle
  k$ prove xt/api.t
=> SUCCESS: Tests pass!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 months agoBug 37018: Clarify operators
Martin Renvoize [Wed, 10 Jul 2024 08:39:33 +0000 (09:39 +0100)]
Bug 37018: Clarify operators

This patch clarifies the list of operators both in the validate routine
and in the swagger descrption block where we document this feature for
the end user.

JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 months agoBug 37018: Silence useless warning
Tomas Cohen Arazi [Mon, 8 Jul 2024 20:30:01 +0000 (17:30 -0300)]
Bug 37018: Silence useless warning

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 months agoBug 37018: Handle exception in unhandled_exception() helper
Tomas Cohen Arazi [Mon, 8 Jul 2024 19:48:01 +0000 (16:48 -0300)]
Bug 37018: Handle exception in unhandled_exception() helper

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 months agoBug 37018: (follow-up) adding some allowed operators
Hammat Wele [Wed, 3 Jul 2024 13:59:48 +0000 (13:59 +0000)]
Bug 37018: (follow-up) adding some allowed operators

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 months agoBug 37018: Use validation in search_rs helper
Martin Renvoize [Wed, 5 Jun 2024 13:20:22 +0000 (14:20 +0100)]
Bug 37018: Use validation in search_rs helper

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 months agoBug 37018: Add validation method to Koha::REST::Plugin::Query.pm
Martin Renvoize [Wed, 5 Jun 2024 13:19:54 +0000 (14:19 +0100)]
Bug 37018: Add validation method to Koha::REST::Plugin::Query.pm

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 months agoBug 37018: Add Koha::Exceptions::REST
Tomas Cohen Arazi [Mon, 8 Jul 2024 17:34:25 +0000 (14:34 -0300)]
Bug 37018: Add Koha::Exceptions::REST

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 months agoBug 37018: Unit tests
Martin Renvoize [Wed, 5 Jun 2024 13:19:06 +0000 (14:19 +0100)]
Bug 37018: Unit tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 months agoBug 37018: Regression tests
Tomas Cohen Arazi [Sat, 6 Jul 2024 13:32:07 +0000 (10:32 -0300)]
Bug 37018: Regression tests

This patch adds regression tests. With the current codebase, the
malicious query returns a 200. It should be caught and a 400 needs to be
returned.

To test:
1. Apply this patch
2. Run:
   $ ktd --shell
  k$ prove t/db_dependent/api/v1/query.t
=> FAIL: It returns a 200
3. Once the rest of the patches are ready, repeat 2
=> SUCCESS: It returns a 400

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
3 months agoBug 37247: Fix display of "closed"
Jonathan Druart [Fri, 5 Jul 2024 12:47:42 +0000 (14:47 +0200)]
Bug 37247: Fix display of "closed"

The subscription was not shown as closed after we closed it.
This is because "closed" is not passed to the template.
It seems more reliable to rely on the subscription object (that is passed to both
serials/serials-collection.tt and serials/subscription-detail.tt, the
others are not showing the Reopen/Close buttons)

Also fetch the subscription object after and reopen/close it to display
accurate values.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
3 months agoBug 37247: Fix subscriptions operation allowed without authentication
Fridolin Somers [Thu, 4 Jul 2024 14:18:17 +0000 (16:18 +0200)]
Bug 37247: Fix subscriptions operation allowed without authentication

Move close and reopen after get_template_and_user().
Also move Koha::Subscriptions->find(), not a good idea to run DB queries
before authentication.

Test plan :
1) Apply patch
2) Authenticate to staff interface
3) Go to an existing open subscription
4) Open a new browser tab and use it to log-out
5) Go to first tab and click on 'Close'
6) You get login page
7) Authenticate
8) Check subscription is not closed
9) Check you can close and reopen subscription

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
3 months agoBug 37146: Add tests
Jonathan Druart [Thu, 11 Jul 2024 09:40:35 +0000 (11:40 +0200)]
Bug 37146: Add tests

3 months agoBug 37146: Prevent path traversal by validating input
David Cook [Fri, 21 Jun 2024 01:45:51 +0000 (01:45 +0000)]
Bug 37146: Prevent path traversal by validating input

This patch validates the plugin_name passed to plugin_launcher.pl
against the base path containing the "value_builder" directory.

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=29
3. Check that the tag editor for leader still works
4. Go to http://localhost:8081/cgi-bin/koha/cataloguing/additem.pl?biblionumber=29
5. Check that the pluginf or "Date acquired" still works

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
3 months agoBug 37183: Batch edit serial subscriptions sets expiration date to today
Chris Cormack [Sat, 29 Jun 2024 22:52:42 +0000 (22:52 +0000)]
Bug 37183: Batch edit serial subscriptions sets expiration date to today

Test plan:

Add some serials:
1) Add a new serial, visit:
   /cgi-bin/koha/serials/subscription-add.pl
2) Put a biblionumber in the 'record' field, e.g. '112'.
   Press 'next' and click 'ok' on the alert box.
3) Fill all the required fields and click 'test prediction'.
4) Fill the Subscription end date (= Expiration Date).
5) Click 'save subscription'.
6) Repeat steps 1-5 to create a second serial.

Batch edit serials:
1) Visit serials and hit the 'Search' button:
   /cgi-bin/koha/serials/serials-home.pl
2) Click the 2 checkboxes for the 2 serials we created
   previously and click the new link that pops up
   'Edit selected serials'.
3) Click 'Save' without changing anything.
4) Go back to either of the serials, notice the value
   for Expiration date is changed to TODAY
   (the date of the batch edit).

Apply the patch and retest the batch editing (before
retesting, change the expiration dates of the two
serials back to the original expiration date).

Note that the expiration date now only changes if you
enter a date in the 'Expiration date' field.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5a07a04fdb23aa13f85df64b1f2a4739397f5f28)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 1955ec2a7dbbe02c0c9351b5ca95a0ba4aea672e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36565: Preservation module API docs fixes (bug 30708 follow-up)
Tomas Cohen Arazi [Wed, 10 Apr 2024 12:04:57 +0000 (14:04 +0200)]
Bug 36565: Preservation module API docs fixes (bug 30708 follow-up)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
3 months agoBug 36565: Biblio merge API docs fixes (bug 33036 follow-up)
Tomas Cohen Arazi [Wed, 10 Apr 2024 12:04:12 +0000 (14:04 +0200)]
Bug 36565: Biblio merge API docs fixes (bug 33036 follow-up)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
3 months agoBug 36565: ILL requests API docs fixes (bug 22440 follow-up)
Tomas Cohen Arazi [Wed, 10 Apr 2024 11:44:28 +0000 (13:44 +0200)]
Bug 36565: ILL requests API docs fixes (bug 22440 follow-up)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
3 months agoBug 36565: Bookings API docs fixes (bug 29002 follow-up)
Tomas Cohen Arazi [Wed, 10 Apr 2024 08:14:18 +0000 (10:14 +0200)]
Bug 36565: Bookings API docs fixes (bug 29002 follow-up)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
3 months agoBug 36565: Unit tests
Tomas Cohen Arazi [Wed, 10 Apr 2024 11:39:55 +0000 (13:39 +0200)]
Bug 36565: Unit tests

This patch introduces tests on the OpenAPI spec so that all tags used in
path definitions have their corresponding entry at the top level 'tags'
section.

This it important for correctly rendering the API documentation.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
3 months agoBug 35536: (follow-up) Fix Plugins.t for D10
Marcel de Rooy [Mon, 25 Mar 2024 11:56:15 +0000 (11:56 +0000)]
Bug 35536: (follow-up) Fix Plugins.t for D10

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 67b8ce9220c0ee265db51104c84471e3d4e42882)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35536: (follow-up) Add missing koha_object(s)_class definitions
Tomas Cohen Arazi [Fri, 22 Mar 2024 13:06:29 +0000 (13:06 +0000)]
Bug 35536: (follow-up) Add missing koha_object(s)_class definitions

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 80bd0a19dd8cd018b595c743df6e7ac5a518e862)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35536: Remove last two references to resultset PluginData
Marcel de Rooy [Tue, 19 Dec 2023 15:29:35 +0000 (15:29 +0000)]
Bug 35536: Remove last two references to resultset PluginData

Test plan:
Run t/db_dependent/Koha/Plugins/Plugins.t

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 34cc0d29dfd6fe9fb8201640a13936cd5fa6b1b4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35536: Silence tests when run from koha-qa.pl
Marcel de Rooy [Tue, 19 Dec 2023 14:59:36 +0000 (14:59 +0000)]
Bug 35536: Silence tests when run from koha-qa.pl

Extending the regex in Plugins::_verbose.

Test plan:
Run qa tools on patch set.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9b9ae27a0e3c5acfb6093c7977a001fcf4857033)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35536: Refine verbose handling in some Koha::Plugins calls
Marcel de Rooy [Mon, 18 Dec 2023 08:52:20 +0000 (08:52 +0000)]
Bug 35536: Refine verbose handling in some Koha::Plugins calls

Three routines in Plugins got the verbose parameter on 35507.
We can refine this a bit further.
The idea here is report when you are installing plugins but not
report when just calling plugins (flooding logs).

[1] GetPlugins: Most callers do not expect (or check) results for
    failing plugins. This patch makes GetPlugins only return
    errors when passing the *errors* flag (in 2 cases).
    [a] The misc/devel script prints warnings now using verbose,
        so does not need the errors flag anymore.
    [b] plugins/plugins-home is the only case left. Tiny adjustment
        to keep current behavior. Fixed colspan in template.
        Does not need verbose in favor of 'errors' (passed to
        template).
    [c] For most calls we do not want verbose. New default is 0.

[2] InstallPlugins
    [a] Disabled verbose in plugin-upload. Not really needed.
        Added a FIXME; we need to improve individual install.
    [b] misc/devel: No warnings anymore when calling InstallPlugins
        after GetPlugins.

[3] get_enabled_plugins
    [a] Plugins->call does not need verbose.
    [b] Plugins->feature_enabled does not need it too.

Test plan:

[1] See previous plan. With TestMR data but without patch, run
misc script and go to plugins-home. Do you see load errors on
commandline or form?

[2] Run plugins/plugins-upload (uploading just some file is good
enough); verify that you do not see TestMR lines in logfile.

[3] Run t/db_dependent/Koha/Plugins/Plugins.t for the additional
test on verbose and errors flag.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d8e04545b80869821057d5b2c3ac46f6e18b1b78)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35536: Reorder rollbacks
Marcel de Rooy [Thu, 14 Dec 2023 07:54:22 +0000 (07:54 +0000)]
Bug 35536: Reorder rollbacks

Time to move all RemovePlugins calls BEFORE rollbacks.
Broken.t did not even include a transaction! Some modules
are removed there as well.

Test plan:
Search for wrong order with:
  grep -Pzo "txn_rollback;\n.*RemovePlugins" $(git grep -l RemovePlugins)
  No occurrences left? Think of another grep :)
Check number of records in plugin_data/methods.
Repeat: prove $(git grep -l Koha::Plugin | grep -P "^t\/db")
And check number of records again. Same?

Bonus: Apply TestMR plugin patch (marked DO NOT PUSH).
Run perl -MKoha::Plugins -e"Koha::Plugins->new->InstallPlugins".
Check plugin records in database.
Keep those records but remove last patch from git.
Run previous prove and verify no data changes since last check.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e32174f29ac1b06b60b160a0d37c6aaf767c9126)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35536: Add RemovePlugins calls in plugin unit tests
Marcel de Rooy [Thu, 14 Dec 2023 08:02:01 +0000 (08:02 +0000)]
Bug 35536: Add RemovePlugins calls in plugin unit tests

[1] Replace Methods->delete by RemovePlugins.
    git grep -l "Plugins::Methods->delete" | xargs sed -i -e's/Plugins::Methods->delete/Plugins->RemovePlugins/g'
[2] Replace $schema->resultset('PluginData')->delete by destructive parameter.
[3] Add RemovePlugins too in Handler->delete too. Note that this call
    might be better off with disable? Added a comment.

Test plan:
prove $(git grep -l Koha::Plugin | grep -P "^t\/db")

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9d73d40ea38ac7a1662f5058c22c57b2b7438e40)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35536: Add Koha::Plugins->RemovePlugins class method
Marcel de Rooy [Wed, 13 Dec 2023 15:12:30 +0000 (15:12 +0000)]
Bug 35536: Add Koha::Plugins->RemovePlugins class method

Test plan:
Run t/db_dependent/Koha/Plugins/Plugins.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 950c1e63f864ea1b1a194d685b2d8bd7ae83190d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35536: Add Koha object classes for plugin_data
Marcel de Rooy [Wed, 13 Dec 2023 15:03:39 +0000 (15:03 +0000)]
Bug 35536: Add Koha object classes for plugin_data

Test plan:
Read the patch.
The objects will be used in subsequent patches, and tested there.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5ef6a3fce70efe372733ac5c0a3ff267cd799838)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35536: Reorganize Plugins.t
Marcel de Rooy [Wed, 13 Dec 2023 15:20:19 +0000 (15:20 +0000)]
Bug 35536: Reorganize Plugins.t

Move stuff in the middle into new subtest.
Add transaction around second set of subtests.

Test plan:
t/db_dependent/Koha/Plugins/Plugins.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e30915eb6b9266d5e1caca528d9ff0650b966253)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36741: Skip auto_too_soon issues in auto renew digest
David Cook [Thu, 23 May 2024 00:47:08 +0000 (00:47 +0000)]
Bug 36741: Skip auto_too_soon issues in auto renew digest

This change adds a line to skip auto_too_soon issues/checkouts
in the auto renew digest template.

Since auto_too_soon do not trigger notifications and don't require
any special action, let's skip them in the breakdown of checkouts in
the AUTO_RENEWALS_DGST email.

Test plan:
0. Apply the patch
1. reset_all (in koha-testing-docker)
2. Note the following line in the AUTO_RENEWALS_DGST template:
[% NEXT IF (checkout.auto_renew_error == 'auto_too_soon') %]

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 05432982cf8a407872fd643206a14550c0d0a53a)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 51ae7f9b3b315ab51c071e1eb8d2997c929a5c48)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 28664: (follow-up) Throw exception if debt if VOID
Martin Renvoize [Thu, 27 Jun 2024 15:55:55 +0000 (16:55 +0100)]
Bug 28664: (follow-up) Throw exception if debt if VOID

This patch adds an exception when an attempt is made to refund against a
VOID debit.

Test plan
1) Run the included unit test

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit b18664ec45ffbe761c50b6daca487c3222f8a5e0)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 46dc45e60c6d8a080e0d9f045a1c3f1ace464f9d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 28664: Prevent refunds against void lines
Martin Renvoize [Mon, 5 Jul 2021 18:34:58 +0000 (19:34 +0100)]
Bug 28664: Prevent refunds against void lines

With the introduction of double entry accounting for VOID actions, we
need to add an additional filter to the 'Issue refund' button appearance

Test plan
1/ Add a debt
2/ Pay the debt
3/ Void the payment
4/ Confirm that with the patch applied the 'Issue refund' button doesn
not appear on the 'Void' accountline.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a47474e3d771dff8cb3daa3c4641718796d11381)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 7f2467cd508346935d7e922166c67a32137fc9a8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37044: Added library branch to SCO OPAC message
Sam Lau [Thu, 6 Jun 2024 14:29:54 +0000 (14:29 +0000)]
Bug 37044: Added library branch to SCO OPAC message

This patch simply adds the correct branch at the end of an OPAC message on the SCO page.

To Test:
1) From the staff interface, click on a patron and add an OPAC message
   to their account.
2) Log into the SCO with this patron.
   (http://localhost:8080/cgi-bin/koha/sco/sco-main.pl)
3) Notice how in the "Messages for you" at the top, you will see the
   message, however, at the timestamp, it says something like "Written
   on 06/06/2024 by " w/o listing the library that sent it.
4) Apply patch
5) Log back into SCO module
6) Note that now in the message timestamp, it correctly lists the
   library that sent the message.
7) Sign-off

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4801037abe0f8d294eb03503c2b5a275ed06f62a)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit da490f117af20f4307d2c62e01bc1db7bc0b7695)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37198: Improve GetPreparedLetter documentation
Martin Renvoize [Wed, 26 Jun 2024 14:24:01 +0000 (15:24 +0100)]
Bug 37198: Improve GetPreparedLetter documentation

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 149412cb62a074ccdef1e1c2bbbd2bee35c48498)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 84814bbef33ac9c04b12cb3f063b2a11cfd0b2ce)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36141: Add classes to CAS text on OPAC login page
Fridolin Somers [Wed, 21 Feb 2024 09:09:30 +0000 (10:09 +0100)]
Bug 36141: Add classes to CAS text on OPAC login page

This enhancement makes it easier for libraries to change the CAS-related messages on the OPAC login page.

It moved the invalid CAS login message above the CAS loging heading,
like for Shibboleth login.

Test plan :
1) Enable system preference 'casAuthentication'
2) Restart all caches (restart_all in koha-testing-docker)
3) Go to OPAC, logged out
4) Click on 'Log in to your account'
5) In the staff interface, edit the OPACUserJS system preference. Add the following JS and Save:
   $(".cas_invalid").text("Test changing the invalid CAS login message.");
   $(".cas_title").text("Test changing the CAS login heading.");
   $(".cas_url").text("Test changing the CAS account link text.");
   $(".cas_url").after(' <i class="fa fa-globe" aria-hidden="true"></i>');
6) Refresh the OPAC and confirm the text changes to reflect your JS.

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0e1289d0149d788d7925c2e01f193da7ef3b469a)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 0d343979bd6b842f969597e8ee7c74756559c4a8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36128: (QA follow-up) Add regression test
Martin Renvoize [Thu, 27 Jun 2024 09:01:45 +0000 (10:01 +0100)]
Bug 36128: (QA follow-up) Add regression test

This patch adds a simple regression test to ensure we don't re-introduce
the errant warning.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 18c97c1456b527521624fc9be6f8c3bacaba28f1)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit ed17a680acb74cfd3496ec97c70610fea846f8a9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36128: Use of uninitialized value in string eq at /usr/share/koha/lib/C4/Overdues.pm
Denys Konovalov [Sun, 23 Jun 2024 12:13:35 +0000 (14:13 +0200)]
Bug 36128: Use of uninitialized value in string eq at /usr/share/koha/lib/C4/Overdues.pm

Fixes the following error message when running the overdues check cronjob on a
Koha system without defined overdue rules:

/etc/cron.daily/koha-common:
Use of uninitialized value in string eq at /usr/share/koha/lib/C4/Overdues.pm
line 686.

by checking if the variable is defined before comparing it.

Test plan:
1. Go to Tools - Overdue notice/status triggers and verify that for every single
   patron type for both Default and every individual library, you have no value
   set for Delay, so that you will never send anyone an overdue notice
2. Run the cron job which creates and sends overdue notices
3. Confirm the above mentioned error no longer appears

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4c8586270af07d4281215d060cef004e33999972)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 319f954c2194c9f6c090a9def9f6b04eaeb81035)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35240: Add missing IDs to input
Eric Garcia [Tue, 25 Jun 2024 17:18:13 +0000 (17:18 +0000)]
Bug 35240: Add missing IDs to input

1. Tools -> Rotating collections -> Edit collection
2. Use browser dev tools to notice that the inputs don't have matching
   IDs
3. Apply patch
4. Do step 2 again and notice IDs are no longer missing.
5. Sign off :)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 21a66bf17c867734271e57c9f06b0b3e619d9ff0)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 27cbe1d0cf85a79ac57505452189d025f5841437)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 30372: Fix value->attribute
Pedro Amorim [Fri, 24 May 2024 16:10:44 +0000 (16:10 +0000)]
Bug 30372: Fix value->attribute

Test plan:
- Activate patron self registration without email verification
- Create several patron attributes as visible and editable in the OPAC, make one mandatory
- Register as a new patron from the OPAC
- Fill in all required fields but the extended attribute
- Fill in at least one of the non-required extended attributes
- Submit
- Verify that the contents of the other extended attribute fields are still present.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4616ddc8ab4b7b570f9444f999c2b50a463df6d4)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 519aa84d2b6fd5e19bd14dde18d12ba7e10ca06c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37157: Fix Malformed UTF-8 character in JSON string before decode_json
Hammat Wele [Fri, 21 Jun 2024 17:07:47 +0000 (17:07 +0000)]
Bug 37157: Fix Malformed UTF-8 character in JSON string before decode_json

When we add a new identity provider and put some special characters in the Config or Mapping field, we got 500 error when we list the identity providers

To test:
1. Apply this patch.
2. Add a new identity provider
    2.1. fill the form
    2.2. click on «Add default Oauth configuration» and on «Add default Oauth mapping»
    2.3. put some special characters in Configuration and Mapping field
3. Save the form
=> Confirm the identity providers list is shown correctly

Also prove t/db_dependent/api/v1/provider.t.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 55b892dca46b1acdda0e962695699e4bf82d5de6)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 5193b6d5706cb9dac51b9af802939b926820c031)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37016: Invalid due date in SIP renew response
Andreas Jonsson [Thu, 13 Jun 2024 15:00:31 +0000 (17:00 +0200)]
Bug 37016: Invalid due date in SIP renew response

Test plan using koha-testing-docker:

1) Make sure SIP is running.  You may need to edit
   /etc/koha/sites/SIPconfig.xml and remove the 8023 connector and
   restart the SIP-server (koha-sip --restart kohadev)
2) Find a patron, say 23529000197047
3) Set a password by selecting "change password", set it to
   "Password1234"
4) Find a book, say 39999000000856
5) Issue book to patron with sip-client:
   sudo koha-shell -c "/usr/share/koha/bin/sip_cli_emulator.pl \
                      --address localhost --port 6001 -t cr \
                      --su term1 --sp term1 --message checkout \
                      --location CPL --item 39999000000856 \
                      --patron 23529000197047 --password Password1234"\
                      kohadev
6) Note the AH-header in the response which for example:
   'AH20240619    235900'
7) Make a renewal with:
   sudo koha-shell -c "/usr/share/koha/bin/sip_cli_emulator.pl \
                      --address localhost --port 6001 -t cr \
                      --su term1 --sp term1 --message renew \
                      --location CPL --item 39999000000856 \
                      --patron 23529000197047 --password Password1234"\
                      kohadev
8) Make sure the AH-header in the response is different from the
   response to the checkout, for example: 'AH20240624 235900'

Signed-off-by: Tadeusz „tadzik” Sośnierz <tadeusz@sosnierz.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3295fd52279728c222ef6504766ab9d573561e0f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 82f15de4fbdcb7a117a4c158741b927beb01f20e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37016: Unit tests
Nick Clemens [Wed, 26 Jun 2024 14:44:34 +0000 (14:44 +0000)]
Bug 37016: Unit tests

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 6aa2198965b1f98eda1d877c39af860c86b208a8)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 707fd46925024a5080d467742704d59e3bd0fe0d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36819: (RMaint follow-up) fix DBRev syntax
Fridolin Somers [Mon, 22 Jul 2024 09:39:26 +0000 (11:39 +0200)]
Bug 36819: (RMaint follow-up) fix DBRev syntax

3 months agoBug 37345: Only toggle_onsite_checkout() if OnSiteCheckoutAutoCheck is enabled
Lucas Gass [Mon, 15 Jul 2024 16:20:15 +0000 (16:20 +0000)]
Bug 37345: Only toggle_onsite_checkout() if OnSiteCheckoutAutoCheck is enabled

To test:
1. Find an item to checkout and a patron to check out to.
2. Set a due manually: "Specify due date (MM/DD/YYYY):"
3. Before checking out click the "Remember for session:" checkbox.
4. Check the item out.
5. The specific due date is not retained.
6. APPLY PATCH
7. Try 1 -4 again, now the date should be sticking.
8. Turn on the OnSiteCheckouts system pref and make sure it still works
9. Turn on the  OnSiteCheckoutAutoCheck system pref and make sure the on-site checkbox is still checked after doing an on-site checkout.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3276e0fa0c9931bab75c50b59c66c44f89c459b3)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 75a77a3c82c0f51d7ead49e6670aef7bd4029242)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36527: Patron category or item type not changing when editing another circulation...
Phan Tung Bui [Thu, 11 Apr 2024 20:02:27 +0000 (16:02 -0400)]
Bug 36527: Patron category or item type not changing when editing another circulation rule

Plan test :
1. Go to Administration > Circulation and fine rules
2. Add a couple of rules with various patron category/item type
   combinations
3. Click on "Edit" next to one of the rules
   --> The line should become highlighted in yellow and the values
       should be copied in the very last row
4. Click on "Edit" next to another rule
5. Click OK in the browser dialog box to confirm you want to edit
   another rule
   --> Depending on the rules, the values for the patron category
       and/or item type might not change in the editing row
6. Repeat steps 4 and 5
   --> The patron category and item type do not always change
7. Apply the batch
8. Redo step from 3 to 6
9. Observe that category and item type change accordingly

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7e8502e087abb1adee1900380b1a67885aeb7fa0)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit fe29c2551ffb9cd01d6f0f30ea9143a29d7c4b73)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36982: Collections facet does not get alphabetized based on collection descriptions
Lari Strand [Wed, 29 May 2024 10:53:22 +0000 (13:53 +0300)]
Bug 36982: Collections facet does not get alphabetized based on collection descriptions

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 83762f6feec027cf6acff2022c9eb528ac1507d8)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 5d059209f7e936500d706901d7057e287a90a85a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37163: Fix the redirect after deleting a tag from an authority framework to load...
Phil Ringnalda [Sat, 22 Jun 2024 00:43:22 +0000 (17:43 -0700)]
Bug 37163: Fix the redirect after deleting a tag from an authority framework to load the right page

When you delete a tag from an authority framework, we intend to redirect you
right back to where you were, on the same page of tags, but because we pick
the wrong variable to set searchfield in the URL, we send you to the first
page instead.

Test plan:
1. Without the patch, Administration - Authority types - in the row for
   CHRON_TERM Actions menu, MARC Structure
2. In the Search for tag: input, type 092 and hit Enter
3. In the row for 092, Actions menu, Delete, in the page that loads click
   Yes, delete
4. In the page you are redirected to, note that you are at Tag 000, and the
   URL is ?searchfield=&authtypecode=CHRON_TERM
5. Apply patch, restart_all
6. Type 092 and hit Enter, Actions menu for the 093 row, Delete, Yes, delete
7. Note that now you have gone to the page where 093 used to be, because
   the URL is ?searchfield=092&authtypecode=CHRON_TERM and you can just
   keep deleting 09x tags one after another

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d3401535b5c2e66537abe6e0f997e34c91d8e273)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 4085efac2345f5edef264cccfb7091ffb374fd0b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37162: Remove the [% IF ( delete_confirmed ) %] stuff in auth_tag_structure.tt
Phil Ringnalda [Sat, 22 Jun 2024 22:57:01 +0000 (15:57 -0700)]
Bug 37162: Remove the [% IF ( delete_confirmed ) %] stuff in auth_tag_structure.tt

Since auth_tag_structure.pl redirects after deleting when the op is
delete_confirmed (which is actually cud-delete_confirmed) rather than loading
the template, there's no reason to have dead code for IF ( delete_confirmed )
which is both never set, and is never called when anything like it is set.

Test plan:
1. With the patch applied, Administration - Authority types - Chronological
   Term row - Actions menu - MARC Structure
2. You've already verified that auth_tag_structure.tt isn't malformed, but for
   extra fun choose a tag, Actions menu - Delete - Yes, delete and verify that
   it was deleted

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f9e602ce984fe92378604d596ce579226f6f5dc1)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit f18a07967d09b32fa41d5a6228d2717fe3c2e0ef)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36891: Restore returning 404 from svc/bib when the bib number doesn't exist
Phil Ringnalda [Fri, 17 May 2024 00:01:54 +0000 (17:01 -0700)]
Bug 36891: Restore returning 404 from svc/bib when the bib number doesn't exist

Changing from GetMarcBiblio to Biblios->find plus metadata->record lost the
way that svc/bib used to return 404 when the bib number wasn't found. This
patch restores that by checking for undef after the Biblios->find step.

Test plan:
1. Load e.g. http://127.0.0.1:8081/cgi-bin/koha/svc/bib/289 which returns an
   XML bib record
2. Load http://127.0.0.1:8081/cgi-bin/koha/svc/bib/99999999 and get a 500 error
2. Appply patch, restart_all
4. Reload http://127.0.0.1:8081/cgi-bin/koha/svc/bib/289 and get the bib again
5. Reload http://127.0.0.1:8081/cgi-bin/koha/svc/bib/99999999 and get a 404

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3d1b38b0ade54dae8d565e2195e2e97f4826a0b6)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit d3383fed5cb0e23dbcf4bab5422940ab8b0770a7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 25387: (follow-up) Slightly change wording of alert
Katrin Fischer [Thu, 27 Jun 2024 07:03:20 +0000 (07:03 +0000)]
Bug 25387: (follow-up) Slightly change wording of alert

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1004d47d0093bd5a7547fb7d943837df895ae3eb)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 3dc5bd07d50bb3ab892407888a4b6e28e8519df4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 25387: (QA follow-up) Tidy
Nick Clemens [Tue, 25 Jun 2024 21:12:39 +0000 (21:12 +0000)]
Bug 25387: (QA follow-up) Tidy

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4c677600f2a3f8b019d54676dcd95faac1784532)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 39449c76c46325391e20a169d595094554c8c4a8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 25387: Warn when merging different authority types
Marion Durand [Wed, 6 Oct 2021 12:49:58 +0000 (14:49 +0200)]
Bug 25387: Warn when merging different authority types

Merging two different authorities types can result in the loss of some
field. This patch adds a warning when merging different type of
authorities and add more display of authorities types during merge.

To test:
1- Find two authorities you what to merge. Be sure that these
authorities have different type
2- Search for these authorities (be sure to have both results on the
results page)
3- For the first authority click on "Actions" then on "Merge", same for
the second one
4- Check that koha is asking you to choose a framework and that
authority types are not displayed
5- Choose a framework, then click on next
6- Check that the authority type is not displayed in the tabs and that
no warning appear
7- Apply the patch
8- Repeat step 1 to 3 again
9- Check that authority type is now displayed next to their ID
10- Repeate setp 5 again
11- Check that the authority types is now displayed in the tabs next to
their ID and that a warning appear

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit b2ae5380b0741e1d2277a58f264df88f243ecadb)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 8e7ea9baafcba3e02a4c13ba707b4f45abf5c695)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 33563: Add comments for Elasticsearch security config
David Cook [Wed, 22 May 2024 23:49:35 +0000 (23:49 +0000)]
Bug 33563: Add comments for Elasticsearch security config

This patch adds some commented Elasticsearch security configuration,
which shows how to use username/password with HTTPS.

Test plan:
0. Apply patch
1. cp debian/templates/koha-conf-site.xml.in /etc/koha/koha-conf-site.xml.in
2. koha-create --create-db test
3. vi /etc/koha/sites/test/koha-conf.xml
4. Note that the comments for userinfo and use_https are in the koha-conf.xml

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit ce90d65603dbffd2c6b8a18468f09f2e66df34c4)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 591da06a39083981f1076dc82d9dd25a978444e2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 32313: Update guided reports column descriptions for items and biblioitems tables
David Nind [Sun, 19 May 2024 02:56:56 +0000 (02:56 +0000)]
Bug 32313: Update guided reports column descriptions for items and biblioitems tables

This adds missing column descriptions to the items and biblioitems
tables (used in guided reports for the Circulation, Catalog,
Acquisitions, and Serials modules).

It also updates some existing descriptions for consistency, removes
biblioitems columns that no longer exist, and sorts items and statistics
descriptions in the source file in alphabetical order.

Test plan:
1. Go to Reports > Guided reports > Create guided report.
2. Choose 'Catalog' for the module to report on, and then select
   'Next'.
3. Choose 'Tabular' for the type of report and select 'Next'.
4. Note that there are no descriptions for these column names
   (proposed column names shown in brackets):
   - items.itemnumber (Koha item number (autogenerated))
   - items.biblionumber (Biblio number (internal))
   - items.bookable (Bookable)
   - items.localuse (Total local uses)
   - biblioitems.ean (EAN)
   - biblioitems.collectiontitle (Series statement)
   - biblioitems.collectionissn (Series ISSN)
   - biblioitems.collectionvolume (Series volume)
   - biblioitems.editionstatement (Edition statement)
   - biblioitems.editionresponsibility (Edition responsibility)
   - biblioitems.cn_source (Source of classification or shelving scheme)
   - biblioitems.cn_class (Classification part)
   - biblioitems.cn_item (Item part)
   - biblioitems.cn_suffix (Call number suffix)
   - biblioitems.cn_sort (Koha normalized classification for sorting)
   - biblioitems.totalissues (Koha issues (borrowed), all copies)
5. Apply the patch.
6. Restart all the things (restart_all).
7. Reload the page.
8. Note that there are now descriptions for the columns in step 4.
9. Note that the descriptions for these columns are changed (for
   consistency with other tables, or clarification):
   - items.itype => Koha item type (previously Koha itemtype)
   - items.timestamp => Modification date (previously Timestamp)
   - biblioitems.timestamp => Modification date (previously Timestamp)
   - biblioitems.illus => Other physical details (previously
     Illustrations)
   - biblioitems.biblioitemnumber => Biblio item number (internal)
     (previously Biblioitem number)
   - biblioitems.biblionumber (and also acqorders.biblionumber and
     biblio.biblionumber) => Biblio number (internal)
     (previously Biblio number)
10. Sign off :D

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Eric Garcia <cubingguy714@gmail.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 50035288b02ff3884d7645092d340e6fbaa772e4)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 58e831ce6329e4b2f64ef0890f4da2ffe3108ed7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37003: (follow-up) Amend 22.11 RMaint
Martin Renvoize [Tue, 25 Jun 2024 13:14:46 +0000 (14:14 +0100)]
Bug 37003: (follow-up) Amend 22.11 RMaint

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 16e35d5f107031e9573f5f565dedfb428b9c5696)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 5e69aef19d71c62681a5ebeeab6a0df2fb14fa4e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37003: Add the 24.11 release team
Martin Renvoize [Thu, 6 Jun 2024 10:27:33 +0000 (11:27 +0100)]
Bug 37003: Add the 24.11 release team

This patch updates the teams.yaml to include the voted in 24.11
release team.

Test plan
1/ Check against https://wiki.koha-community.org/wiki/Release_Teams

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a2ebd5ad2833a84c67ecf8dbbd8820065013f2e9)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit a7b870fdfd0245e5b572d94ab11f377d2c26fe5b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 34706: Fix capitalization - Cas to CAS
David Nind [Sat, 15 Jun 2024 10:10:36 +0000 (10:10 +0000)]
Bug 34706: Fix capitalization - Cas to CAS

CAS is an abbreviation and should use capital letters.

Test plan:
1. Enable the casAuthentication system preference.
2. Logout and view the login form.
3. Note that it says "Cas login".
4. Apply the patch.
5. Refresh the login page.
6. Note that it now says "CAS login".
7. Sign off.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 18e8f95bc5c533e27558bb004c7c131f5aef9fb3)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 4f2748b72c4d19be3ccf4baddc9764de523572bb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 37036: Pass along the branches table for auto renewals
Lucas Gass [Wed, 5 Jun 2024 15:48:43 +0000 (15:48 +0000)]
Bug 37036: Pass along the branches table for auto renewals

To test:
1. Set up autorenewals bu adjusting circulation rules:
'Automatic renewal' -> 'Yes'
'No automatic renewal before' -> 5

2. Set 'AutoRenewalNotices' to 'according to patron messaging preferences'.
3. Set an  AUTO_RENEWALS and  AUTO_RENEWALS_DGST notice to include branch info. I am using this to test:

Branchcode: [% branch.branchcode %]
Branch name: [% branch.branchname %]
Branch address: [% branch.branchaddress1 %]
Branch address2: [% IF branch.branchaddress2 %][% branch.branchaddress2 %][% END %]
Branch city: [% branch.branchcity %], [% branch.branchstate %] [% branch.branchzip %]

4. Make sure your branch has the proper infro. filled out in Libraries administration.
5. Find a patron and adjust the messaging preferences so they receive automatic renewal notices. Also make sure the patron has an email.
5. Check out some items and make them due with the next 5 days.
6. Run the automatic_renewal cron job:

perl /kohadevbox/koha/misc/cronjobs/automatic_renewals.pl -c -v

7. Notice no branch information displays.
8. APPLY PATCH
9. Checkout items from multiple issuing branches to a single patron.
10. Make sure the patron's messaging prefs are set to revieve NON-digestable notices.
11. Run the automatic renewal job, each notice should include the branch information from the issuing library.
12. Change the patron's messageing preferences to receieve digestable notices.
13. Run the job without the --digest-per-branch flag. You should get a single notice with the branch info. coming from the patron's home branch.
14. Run the job with the --digest-per-branch flag. You should get seperate digested notices with the branch info. coming from the issueing library branch.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit b793b24f98112a740e8a373752e1a8cae61dec7d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 98eef1d2bfc641557b169b20ce206be6cd624326)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 30493: (QA follow-up) Fix for the only_my_library case as well
Emily Lamancusa [Fri, 14 Jun 2024 19:10:24 +0000 (15:10 -0400)]
Bug 30493: (QA follow-up) Fix for the only_my_library case as well

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 94e1d8ed0c4742f48d23dc0241c0d04f058ee316)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit bcb520d69e4e65e5278fc8c57d04817d8b816db7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 30493: Pending archived suggestions appear on intranet home page
Baptiste Wojtkowski [Thu, 13 Jun 2024 13:36:18 +0000 (15:36 +0200)]
Bug 30493: Pending archived suggestions appear on intranet home page

If suggestions are archived before their status is changed to something other than "Pending", they still appear on the intranet home page and the acquisitions home page as suggestions to be managed.

WITHOUT PATCH:
1. Go to Acquisitions > Suggestions
2. Click on New purchase suggestion
3. Fill in the form (title only is fine)
4. Click on Submit your suggestion
5. Go to the home page (click the Koha logo)
   --> Notice it says that there is 1 pending suggestion
6. Go to Acquisitions
   --> Notice it says that there is 1 pending suggestion
7. Go to Suggestions
8. Click on the up arrow to the right of the Edit button and choose Archive
   --> There are no more pending suggestions
9. Go to the home page (click the Koha logo)
   --> Notice it says that there is 1 pending suggestion
10. Go to Acquisitions
   --> Notice it says that there is 1 pending suggestion

The search function was fetching suggestions without considering the
"archived" field. I now pick only suggestion that are pending AND not
archived.

WITH PATCH:
9. Go to the home page (click the Koha logo)
   --> Notice it says that there is no pending suggestion
10. Go to Acquisitions
   --> Notice it says that there is no pending suggestion

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e87f4cd550e60d7955551abf44f4dd9c1fd332d5)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 5db98bbd65bc0498bbb916c148076b258e5135ad)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36819: DBIC schema update
Katrin Fischer [Fri, 24 May 2024 13:11:32 +0000 (13:11 +0000)]
Bug 36819: DBIC schema update

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 09d2c0ac102f54b6f65ca7d4b92e218f8d64196d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36819: DBRev 23.11.06.001
Katrin Fischer [Wed, 22 May 2024 13:44:03 +0000 (13:44 +0000)]
Bug 36819: DBRev 23.11.06.001

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4da0f36f2faf9a1a5c8b54258a5abfc69ca57bb5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36819: (QA follow-up) Improve update output
Martin Renvoize [Tue, 21 May 2024 15:17:36 +0000 (16:17 +0100)]
Bug 36819: (QA follow-up) Improve update output

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 142a5ba2a72026591cec2d0bcb10061833efbb31)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36819: (follow-up) Updatedatabase to correct wrong value
Caroline Cyr La Rose [Tue, 21 May 2024 13:37:38 +0000 (09:37 -0400)]
Bug 36819: (follow-up) Updatedatabase to correct wrong value

This patch adds an update to correct the value of scale_width to
0.800000 IF it is 0.080000. It should not change the value if it
is anything else than 0.080000.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 83095ebc4ea72f08dfbb573476fa81357f63c8f6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36819: Default layout data prints squished barcodes
Caroline Cyr La Rose [Wed, 8 May 2024 21:01:08 +0000 (17:01 -0400)]
Bug 36819: Default layout data prints squished barcodes

This patch changes the default layout data for the barcode
width.

To test:
**On a fresh db**
1. Go to Cataloging > Label creator
2. Click New > Label batch
3. Enter the following barcodes in the text field (or enter your own)

39999000010114
39999000010138
39999000010152
39999000011333
39999000002331
39999000002355

4. Click Add items
5. Click Export full batch
6. Choose the following
   - Template: Avery 5160 | 1 x 2-5/8
   - Layout: Label test
7. Click Export
8. Click Download as PDF
9. Open the PDF
   --> Note the squished barcodes
10. Apply patch and reset_all
11. Redo steps 1 to 9
    --> Note the barcodes now look OK

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 98f69862f344630a1d6991c6e58d08e84b873e37)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36503: (follow-up) Fix tests count
Tomas Cohen Arazi [Fri, 10 May 2024 12:03:46 +0000 (09:03 -0300)]
Bug 36503: (follow-up) Fix tests count

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 22376af40137107d2f2e3aca9842823b9e42fac6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36503: Move and update unit test
Martin Renvoize [Fri, 3 May 2024 11:34:33 +0000 (12:34 +0100)]
Bug 36503: Move and update unit test

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3c07553b3674788f219e4e9e4bfc474ada424654)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36503: Fix unit tests
Martin Renvoize [Fri, 3 May 2024 10:19:42 +0000 (11:19 +0100)]
Bug 36503: Fix unit tests

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4417811d9a5d2c72e4af9096d2aa7901201bc272)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36503: (follow-up) Use the call method of Koha::Plugins
Raphael Straub [Thu, 2 May 2024 09:19:32 +0000 (09:19 +0000)]
Bug 36503: (follow-up) Use the call method of Koha::Plugins

This removes the option to call multiple plugins in a prioritized order,
but this is not needed if there is only one plugin that uses this hook.

Sponsored-by: Karlsruhe Institute of Technology (KIT)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3c6280f4a2fcfa1dd7da5c215854ea840c9a09f0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36503: (follow-up) Move the plugin hook to include the domain
Raphael Straub [Wed, 24 Apr 2024 13:48:37 +0000 (13:48 +0000)]
Bug 36503: (follow-up) Move the plugin hook to include the domain

This allows the plugin to read/change the domain.

Sponsored-by: Karlsruhe Institute of Technology (KIT)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 356d3226f9ce1a7ba2f2dce005480fdef6b1ae75)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36503: Add a plugin hook after user authentication
Raphael Straub [Thu, 28 Mar 2024 12:31:15 +0000 (12:31 +0000)]
Bug 36503: Add a plugin hook after user authentication

This plugin hook allows to change patron data or define the patron
based on the authenticated user.

To test: Run
prove t/db_dependent/Koha/Auth/Client.t

Sponsored-by: Karlsruhe Institute of Technology (KIT)
Signed-off-by: Thomas Klausner <domm@plix.at>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 911342ffec8f900e2b4e36fcb0208a7560bfd49c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 35294: Fix typos in catalogue code comments
Brendan Lawlor [Thu, 6 Jun 2024 13:14:43 +0000 (13:14 +0000)]
Bug 35294: Fix typos in catalogue code comments

Test plan:
1. git grep -n -E 'barocode|preproccess' to find the files and line # of typos
2. Apply the patch
3. git grep -E 'barocode|proccess'
4. See no results

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e8ef0f9417588345d6c9f7e2e5986e4e53986f52)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 96097d8058f6de34036fc4b26dec83c485ed08d9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 25520: Fix the SMS number input hint on the OPAC messaging page
David Nind [Tue, 4 Jun 2024 01:57:37 +0000 (01:57 +0000)]
Bug 25520: Fix the SMS number input hint on the OPAC messaging page

This makes the hint when entering an SMS number on the OPAC messaging
settings page the same as the staff interface hint: "Please enter
numbers only. Prefix the number with + or 00 if including the country
code." For some countries using either +XX or 00XX are accepted,
for example: +49 or 0049.

Test plan:
1. Set the SMSSendDriver system preference to Email
2. View the current hint for entering an SMS number in the staff
   interface:
   2.1 Go to Patrons > + New patron > Patron.
   2.2 Scroll down to the 'Patron messaging preferences' section at the
       end of the page.
   2.3 Note that the hint is "Please enter numbers only. Prefix the
       number with + or 00 if including the country code.".
3. View the current hint for entering an SMS number in the OPAC:
   3.1 Go to the OPAC > Your account (log in if required).
   3.2 Select the 'Messaging' tab/section.
   3.3 Note that the hint is "Please enter numbers only. Prefix the
       number with + if including the country code.".
   3.4 The difference: "..or 00.." is missing.
4. Apply the patch.
5. Refresh the OPAC messaging page.
6. The hint text for the OPAC is now the same as the staff interface.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 313cf37a53b8ff97387a4bd630635d4784bb7a36)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit a0d5b813d5d623773a657f10367ee6ec94a5cb94)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
3 months agoBug 36338: Update onboarding error message when creating the Koha administrator patron
David Nind [Thu, 16 May 2024 03:59:42 +0000 (03:59 +0000)]
Bug 36338: Update onboarding error message when creating the Koha administrator patron

Update the error message for the web installer onboarding
section when creating the Koha administrator patron (where
the card number or username already exists):
- Fix capitalization
- Use the same label in the error message as used in
  the form

Error message before: The patron has not been created!
Card number or Userid may already exist.

Error message after: The patron was not created! The
card number or username already exists.

Test plan:
1. Option 1:
   1.1 Review the diff for the patch and make sure that
       the updated text makes sense.
       . Previous text: The patron has not been created!
         Card number or Userid may already exist.
       . Updated text: The patron was not created! The
         card number or username already exists.
OR
2. Option 2:
   2.1 Access the database server:
       mysql -uroot -ppassword -hkoha-db-1
   2.2 Drop the koha_kohadev database:
       drop database koha_kohadev;
   2.3 Create the database: create database koha_kohadev;
   2.4 Add privileges (for a real installation this would
       be limited):
       grant all on koha_kohadev.* to koha_kohadev;
   2.5 Restart everything (there may be some errors listed):
       flush_memcached and then restart_all
   2.6 Access the web installer: go to 127.0.0.1:8081
   2.7 Use the database user name and password: get from
       /etc/koha/sites/kohadev/koha-conf.xml
       (default: koha_kohadev, password)
   2.8 Continue through the installation process until you
       reach 'Selecting default settings':
      . Make appropriate selections to use all the sample
        data options and settings
   2.9 For the 'Onboarding' step - Create Koha
       administrator patron:
       . Surname: Acevedo
       . First name: Henry
       . Card number: make up a number that doesn't exist in
         the sample date, for example: 741852963
       . Library: Centerville
       . Patron category: Staff
       . Username: 23529000035676 (this is an existing
         value already in the sample data)
       . Password: a valid password, for example:
         KohaCon2024
       . Confirm password: repeat password used
       . Submit
         ==> Error message before patch: The patron has not
             been created! Card number or Userid may
             already exist.
   2.10 Apply the patch.
   2.11 Repeat step 2.9
   2.12 The error message is now: The patron was not created!
        The card number or username already exists.

3. Sign off.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit bd195784a0a2d039e825d4dd86ff8b4734b4dd13)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit cbc0d4161bf9c813f0b84e395002d9471fa38134)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>