Bug 27342: Remove dbh from C4::Auth

We must not pass $dbh but retrieve it when needed instead

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Bug 27342: Improve test for OPAC

We don't need to build allowed_scripts_for_private_opac for staff

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Bug 34893: [22.05] Add a Koha::Patron->update_lastseen method

Without this patch, we get an error trace whe calling AuthenticatePatron

The method Koha::Patron->update_lastseen is not covered by tests!

Bug 34893: Unit tests for C4::Auth::checkpw

This patch introduces some tests on the current (and new) behavior for
the `checkpw` function.

I needed it to better understand if an edge case was actually possible
(it wasn't).

Found a really minor annoyance for the internal check with expired
password not returning the $patron object for consistency with the other
use cases.

I think this method deserves (at least) changing the return value to a
sane data structure. But that's not target for backporting to stable
releases. So a separate bug.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 34893: (QA follow-up) Tidy code for qa script

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 34893: Add checkpw change to REST API

This patch adds the checkpw return value change to the REST API
route for validating user identifiers and password.

Test plan:
0. Apply patch
1. prove t/db_dependent/api/v1/password_validation.t

Bonus points:
1. koha-plack --reload kohadev
2. Enable syspref RESTBasicAuth
3. curl -XPOST -H "Content-Type: application/json" \
-u <staff_userid>:<staff_password> \
-d '{"identifier":"<cardnumber>","password":"<password>"}' \
http://localhost:8081/api/v1/auth/password/validation
4. Validation doesn't fail. It gives you cardnumber, patron_id, userid

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron

Imagine we have a set of users. Some of those users have a NULL userid. We then call AuthenticatePatron from ILS-DI for a patron with a NULL userid, but a valid cardnumber. We call checkpw, which returns the cardnumber and userid. We then call Koha::Patrons->find on the userid *which is null*, meaning the borrowernumber returned is not the correct one, but instead the earliest patron inserted into the database that has a NULL userid.

Test Plan:
1) Give three patrons a userid and a password
2) From the database cli, set all patrons's userid to null
   Run this query: update borrowers set userid = null;
3) Call AuthenticatePatron with username being the 1st patron cardnumber,
   and password being the password you set for that patron
   http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=kohacard&password=koha
4) Note you get back a borrowernumber for a different patron. Refresh the page and the number is correct.
5) Do the same with the 2nd patron. Same issue at 1st and correct number after.
6) Apply this patch
7) Restart all the things!
8) Do the same with the 3rd patron.
9) Note you get the correct borrowernumber! :D
10) prove t/Auth.t t/db_dependent/Auth_with_ldap.t t/Auth_with_shibboleth.t t/db_dependent/Auth_with_cas.t

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 34893: Add unit tests

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Update release notes for the 22.05.17 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Increment version for 22.05.17 releasse

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 35291: (QA follow-up) Tidying script for QA test tools

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 35291: Validate filepaths in linking files

Validate that the files in linking files are contained within the ZIP.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 35291: Don't allow symlinks for link files in cover image ZIP

There's no reason to allow symlinks for link files in cover image
ZIP files. Preventing their use prevents someone from uploading
a symlink pointing to an existing file on the Koha server.

Test plan:
0. Apply patch and restart/reload Koha
1. Create a PNG cover image
2. Create a datalink.txt file that contains something like the
following:
29,Untitled.PNG
3. Turn on "LocalCoverImages" system preference
4. Upload via http://localhost:8081/cgi-bin/koha/tools/upload-cover-image.pl
5. Go to http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=29
6. Note the cover image has been uploaded

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 35291: Prevent leaks from FS

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 35290: (follow-up) Perltidy formatting corrections

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 35290: Sanitize field input on cataloguing/ysearch.pl

This change sanitizies the field input on cataloguing/ysearch.pl

Test plan:
0. Apply the patch and restart/reload Koha
1a. "Add marc21_field_260b.pl plugin to 260$b in the Default framework"
1b. Go to http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?
op=add_form&tagfield=260&frameworkcode=#subbfield
1c. Choose "marc21_field_260b.pl" from the dropdown next to "Plugin"
1d. Click "Save changes"
2a. "Add new record"
2b. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?frameworkcode=
3. Click on tab "2" and scroll down to 260 "b"
4. Type in "Ori" into 260 subfield b
5. Some autocomplete suggestions should appear

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 35174: [22.05] (follow-up) Add a warning to the about page

Bug 35174: update control files for koha-l10n dependency package

 to test...

 - apply patch
 - build koha-common package
 - install koha-common package, and confirm koha-l10n package is installed

Bug 35174: Don't run gulp po commands if po dir is missing

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Add misc/translator/po to .gitignore

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Add a warning to the about page

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Do not explode if po dir does not exist

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Remove .po files from Koha

Bug 35103: Add option to gulp tasks to pass a list of tasks

You can now generate the messages.po for all languages with:
  gulp po:update --task messages

or for only es-ES
  gulp po:update --task messages --lang es-ES

It may be helpful for the "update po" script that will be used on
weblate.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Update yarn.lock

Bug 32978: Replace node-sass with dart-sass

'npm install' fails in ktd on aarch64, giving unsupported architecture error for node-sass.

This patch addresses this by replacing node-sass with dart-sass, updating our gulpfile
accordingly. Some corrections have been made to SCSS to fix warnings
raised during the build process.

Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Works like a charm. Great work oleonard! Tested on Apple M1, e.g. aarch64.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: I removed some useless formatting changes in the gulpfile, and the
yarn.lock changes as well.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Bug 35079: Replace --force-extract by --generate-pot={always,auto,never}

This restores the original behaviour of always building the POT file
in order to not break existing workflows
Option --force-extract is deleted in favor of a new option
--generate-pot that can have 3 values:

* always: always build the POT file. This is the default value
* auto: build the POT file only if it does not exist
* never: never build the POT file

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35079: Rebuild POT files only if necessary or asked explicitely

By default, gulp tasks po:create and po:update won't rebuild the POT
files if they already exist.
Both tasks gained a new option --force-extract to rebuild them
unconditionally

This makes it possible to create/update PO files for multiple languages
sequentially without rebuilding the POT file for each language.
For instance:

    gulp po:update --lang fr-FR
    # do something with the PO files
    gulp po:update --lang en-GB
    # ...

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35043: Do not have \n or \t appear in PO files

This is a trick, so that we won't have to deal with \t in PO files.
\n is not a problem, but it seems consistent to use the same method for
both.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 35043: Use Locale::PO->quote

We have our own "quote_po" sub that is stating that Locale::PO::quote
is buggy because it does not deal with quoting new lines correctly.
However it seems that it is fixed now.

Ideally we could use Locale::PO::quote everywhere, but it does not
escape tab characters:
  $string =~ s/\\(?!t)/\\\\/g;           # \t is a tab

This means the following:
msgid "Tabulation (\\t)"
msgstr "Tabulation (\\t)"
become:
-msgid "Tabulation (\t)"
-msgstr "Tabulation (\t)"

And we are seeing the following on Weblate:
https://snipboard.io/BjQmDC.jpg

Note that Locale::PO has not been updated since 2014...

The real problem behind this is that we have 2 methods to quote strings.
At first glance it seems that Locale::PO::quote was not used before, but
with the introduction of the koha-i18n project we will have scripts that
will use Locale::PO->save_file_fromarray, which uses Locale::PO->quote
=> Those scripts will be used on the translation server for post
processing (security reason, marking potential XSS strings as fuzzy).

Test plan:
0. Do not apply the patch
1. gulp po:update --lang LANG # Replace LANG with your favorite language
   code
2. git commit -a -m"init PO files"
3. Apply this patch
4. Repeate 1.
5. git diff
   => The change is about the "Tabulation" and "New line" strings from
      tools/csv-profiles.tt
6. Translate them (replace the \t and \n with %s) and remove the fuzzy
   flag
7. install the template: cd misc/translator && perl translate install
   LANG
8. Enable the language, use it and go to the "Nouveau profil CSV" view
   => Notice that the \t and \n are correctly displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 35024: Do not wrap translations

PO files wrap differently depending on versions.

Looks like (thanks Julian!) it's coming from libunistring, between 0.9.10 and 1.0 I am seeing a change in how the strings in the PO files are wrapped.

Debian 11 (using libunistring 0.9):
"%s %sPrintemps%s %s %sÉté%s %s %sAutomne%s %s %sHiver%s %s %sPrtps%s %s %sÉté"
"%s %s %sAut%s %s %sHiv%s %s %s %s"

Debian 12, Ubuntu 22.04(using libunistring 1.0)
"%s %sPrintemps%s %s %sÉté%s %s %sAutomne%s %s %sHiver%s %s %sPrtps%s %s "
"%sÉté%s %s %sAut%s %s %sHiv%s %s %s %s"

It *could* come from this changes:
https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=HEAD
   * The functions u*_possible_linebreaks and u*_width_linebreaks now make it
     easier to work with strings that contain CR-LF sequences: In this case,
     in the returned array, it will return UC_BREAK_CR_BEFORE_LF followed by
     UC_BREAK_MANDATORY (instead of twice UC_BREAK_MANDATORY).

The command used is:
% msgmerge --backup=off --quiet -F --update misc/translator/po/fr-FR-staff-prog.po misc/translator/Koha-staff-prog.pot

No matter the value of --width.

One solution is to use --no-wrap, and never wrap :)

I sent an email to the list about this suggestion https://lists.katipo.co.nz/pipermail/koha/2023-October/060143.html

Test plan:
% gulp po:update --lang LANG

And notice that the lines are no wrapped anymore.

Note that in master there were already not wrapped (?)
commit edd378f4d14d79107d662b053c8e6f750326dd23
Translation updates for Koha 23.05.00

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Bug 34959: Sort PO files correctly

The PO files are not sorted when we update them which leads to
unnecessary changes that are commited: hard to see differences and
make git index grow superfluously.

Test plan:
0. Do not apply this patch
1. gulp po:update --lang es-ES
2. git commit -a -m"First PO update"
3. Run again the gulp update command
4. git diff
=> You have a lot of changes generated here, the po:update is not
idempotent.

5. Apply this patch
6. Run the gulp update command
7 git commit -a -m"PO update after 34959"
8. Run the gulp update command
9. git diff
=> No changes are generated

Note that this patch will all the entries by files, and per line
numbers.
It fixes a bug in some condition, where we add information/context about
the string. For instance search for "For the first occurrence" in the
file. Prior to this patch this was not correct, we didn't add info about
the first occurrence (but whichever in the list).

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Bug 34959: Remove unused sub

Nothing special here, this sub is not used and we can remove it.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Bug 26611: Make authority record matching use required match checks

This patch fixes record matching for authorities to correctly apply required match checks.

To test:

1) Create a record matching rule:

Threshold: 100
Record type: Authority record

Match point 1
Search index: subject-topical
Score: 100
Tag: 150
Subfields: a

Match check 1
Both source and target record check fields:
Tag: 040
Subfields: a

This rule says we want to match on the topical term heading, then confirm the match with 040$a.

2) Create two topical term authority records

Authority 1:
150$a: Test
040$a: A

Authority 2:
150$a: Test
040$a: B

3) Export authority 2 and save

4) Go to Cataloging -> Stage records for import

5) Upload your downloaded authority 2 file. Change the record type to Authority. Choose your new record matching rule.

6) Stage for import.

7) Confirm that with the record matching rule applied, both authorities 1 and 2 show as possible matches, even though only authority 2 has a matching 040$a.

8) Apply the patch and restart services

9) Change the matching rule to "Do not look for matching records" and apply. This is to essentially refresh the page.

10) Change the matching rule to your new matching rule and apply. Confirm only the matching authority 2 shows and is selected.

Sponsored-by: Waikato Institute of Technology
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 33856898fd2f1cd757aeafe3c165300928f9da61)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 11bce8210a964935ed0d5ec2e480e958d3d75551)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33404: Add unit tests

Test plan:
Run t/db_dependent/Breeding.t
Run t/db_dependent/Breeding_Auth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Amended patch: perltidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e9cab7f1fc7acc0b340d07770c750ac9fed50a58)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit fdcb386548ef8bd0c6f85a17b1fa69ab1f16c298)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit a9b50d6b5722480c04c90196d6e3d81d6fbc351d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33404: Fix serverhost and init $page

The array serverhost is not filled. Should be replaced with values
from servers array.

Test plan:
Nothing exciting here. Read the patch.
Note that we will test in the next patch if the hostname is saved
correctly in the import batch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit eb759719908949bc5f7c388d26d4e9dd28b1e415)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit ba442b1a3b1d77585c8507697c6a5d2755605bb8)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 9b7218373a1dfd3cd49e4bbe2cabf8438678f426)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33404: Z3950SearchAuth: Save in UTF-8 encoding

Test plan:
[1] If you have access to a Z3950 MARC8 auth server, search
    for an authority record and import it.
[2] If you have access to a Z3950 UTF8 auth server, search
    for an authority record and import it.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1233480ffaecb307ae7e9279acee7b516e42776f)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 52a243e3cae0afc9d1cc9cc97f5746ba6384bf01)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit d25ad4d949ecc5fd40bfbe95bcd682e97c13f58c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33848: Enabling Coce in the OPAC breaks cover images on bibliographic detail page

Bug 32412 added an additional "context" parameter to KOHA.coce.getURL.
The code which pulls a Coce image for the "main" cover image slider
needs to include the correct context parameter for the images to load.

This patch also makes a minor correction to CSS in order to make the
cover image slider "dots" change color to highlight the current slide.

To test, apply the patch and rebuild the OPAC CSS.

- Enable multiple cover image sources in the OPAC including Coce, e.g.
  Amazon, Google, OpenLibrary, etc.
- Search for a title which will match multiple cover image sources. In
  the sample data a search for "Perl" will return good results.
- Note the number of cover images loading for a title in the search
  results.
- View the detail page for that title. There should be the same number
  of covers in the cover image slider.
- Clicking the slider navigation dots should work to show each image,
  and the dot should change color to highlight the current image.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit d313f9b963ff0e5187eb19d81ef13231e0add39d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4125aec704464560515fb4f1f083b4cf4705ba30)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit fc3fde11d4e083bf23115d6c3533bca7037fab8b)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33848: Don't remove coce container from template

It's removed from coce.js

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit aa8dc28e97d1971e191d5f7d08802257ae98f378)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6cef886164eb3fd792eacffa6a8451bdcc711cec)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit be76f596a6dd901026d174723aee0324996b996d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Update release notes for 22.05.16 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Increment version for 22.05.16 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34369: Fix 'Did you mean'

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34369: Require CSRF token for updating system preferences

This patch adds the requirements that updating a system preference
requires a CSRF token. (Also, adding and deleting local system preferences.)

0. Apply patch
1. koha-plack --reload kohadev
2. Add local system preference
3. Update local system preference
4. Delete local system preference
5. Update normal system preference
6. Note no errors

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34349: Validate/escape inputs for task scheduler

This change validates and escapes inputs for task scheduler.

Test plan:
0. Apply patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/tools/scheduler.pl
3. Input a time a minute in the future and leave the date blank
4. Choose an existing report and output format
5. Type a malicious string which is also a valid email address
into the Email field
6. Click "Save"
7. Note that the job is added but the Email is wrapped in single
quotes
8. Try using a non-malicious email address with a single quote.
9. Note that the single quote is escaped, so that it will still
be used by runreport.pl

JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Removed pars for $email =~ regex, removed old commented lines.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34513: (QA follow-up) Tidy

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34513: Add checkauth unit test for resetting auth state when changing users

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34513: Add end-to-end test for authorization check after first failed authorization

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34513: Set auth state correctly when changing auth sessions

This patch sets the $auth_state to failed when changing auth sessions,
so that the new login attempt gets processed correctly (instead
of skipping the authorization step).

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?tab=&op=search&searchfield=baseurl
3. Log in as an OPAC user with 0 permissions
4. Note the auth screen "Error: You do not have permission to access this page"
5. Click "Log in"
6. Note that you're still shown a login screen (and that you've been logged out of
your previous authenticated session)

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Translation updates for Koha 22.05.16

Bug 34601: [22.05.x] Fix edit/delete links on suggestion.tt

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33132: [22.05.x] Add date_to_rfc3339

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34213: import_patrons.pl - Fix short version of matchpoint option in POD

 44     'c|confirm'                      => \$confirm,

 46     'm|matchpoint=s'                 => \$matchpoint,

The POD is wrong.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2442a4537d4d439bdf27e031116f98d880e47e09)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 5fcaf0aa09bbc76a6b010e9e93a6696308bea9a6)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit 54b530e351d91702ea01c4ded970a9c14c2b6b34)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34316: Add_credit should rethrow an exception correctly

Found while running Items.t on top of 33608.
Another exception was thrown but not rethrown.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fa9750e24de0a6300d683a1316b64e9bed248c4b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 2b1b8884ccd49e28bdf31a3c977a876a0f8c5283)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit b431cd1d14b39651ea259ae06235923c7f33af33)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 28493: Make koha-passwd display the username

to test...

1/ run command
 $ sudo koha-passwd dev1
 Password for dev1: CraZyPa$$WoRD!!
 Press enter to clear the screen...
 ^C

2/ apply patch

3/ run command again, note 'username' section
 $ sudo koha-passwd dev1
 Username for dev1: koha_dev1  <<<<<<<<<<<<
 Password for dev1: CraZyPa$$WoRD!!
 Press enter to clear the screen...
 ^C

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4ce7f8c49378c0e32212493779b07e3ab369dee7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ba51185fbd00591a72af41782ba2d6fd956b731a)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit 3ab7309e6738ab082610c875b3dccb82b3c20642)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34279: Don't enforce overduefinescap unless it is greater than 0

When creating a circ rule, we can set overduefinescap to blank or 0 and no cap is enforced. If we edit that rule, the blank/0 is converted to "0.00" which perl considers true, thus zero-ing out any calculated fine.

Considering we've always ignored an overdue fines cap of 0, we should also ignore 0.00. However, perl is evaluating it as a string which makes it true instead of false as 0 is.

Test Plan:
1) Apply the first patch ( unit tests )
2) prove t/db_dependent/Circulation/CalcFine.t
3) Note the test fails
4) Apply the second patch as well
5) prove t/db_dependent/Circulation/CalcFine.t
6) Note the test passes

Test Plan 2:
1) Create an all/all/all rule with an overduefinescap of 0.00, with a
   daily fine. Enable CalculateFinesOnReturn
2) Backdate a checkout so it is overdue
3) Return this item, note the lack of a fine
4) Apply this patch set
5) Backdate a checkout and return it again
6) Note the fine is generated!

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1763b136d1dcd3348ee26bca8663823b5a05f07c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 662da18be2ec7c6c9348a704d9ad8ac955292862)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit 7cb0a706cc5f69d63eccb735160827acd73cd9d2)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34279: Unit tests

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8096ec9fff44a04c8ff32525499652116d1a8ad0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 3e360c5637c1f910100e10f049823fda01f588d9)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit 0860515897fbcedab332c093cc32193d37bed465)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33992: Only consider the date when auto-expiring problematic recalls

This patch carries this fix into the misc/cronjobs/recalls/expire_recalls.pl cronjob so that recalls are automatically expired when they have been waiting a problematic number of days, not considering hours, as expected.

To test, follow the test plan from the first patch. This will set you up with a waiting problematic recall.

Run the cronjob manually

perl misc/cronjobs/recalls/expire_recalls.pl

Refresh your 'Recalls awaiting pickup' page. Your problematic recall should be gone/expired.

Expiration dates will apply when expiring any 'unfulfilled' recall i.e. newly requested, overdue to be returned, and awaiting pickup.

Sponsored-by: Auckland University of Technology
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0d2052088ec62654f81154be0b9916b8e8630891)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 3a5f4d170117e264ed15c8cf40c799ddfd2f6299)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit 4afe2a2b0a45a672bcae5df445b67ef9b4bb1e65)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34303: Only perlcritic files from git repo

Test plan:
Run t/00-testcritic.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2bc251cfdd1efdf6d0f7f299838ff067744ff17b)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 835bc43d316df60882c09fb201caa75e027af0a3)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit f26621c8c4ba4fbb292af99708d43593ea2e1e15)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34182: Don't set biblio.serial based on biblio.seriestitle in AddBiblio

A misunderstanding of the intention of some dead code that probably wanted
to set biblio.series (which doesn't exist) left us setting biblio.serial
if biblio.seriestitle was set. The only thing series and serial have in
common is the first four letters. We shouldn't set serial on something
with a series (unless someone also sets serial on it, of course).

Test plan:
 1. Administration - MARC bibliographic framework - Actions button next to
    Default framework - MARC structure
 2. In the Search for tag input type 942 and click search
 3. Actions button next to 942 - Edit subfields
 4. Tab s - check the checkbox for Editor, uncheck the checkbox for
    Collapsed - Save changes
 5. Cataloging - New record
 6. Click in the input for 000 and hold down Tab until you get past 008
    to fill in mandatory default values, then type any character in 040
    subfield c
 7. Tab 2 - In 245 subfield a type Series not serial
 8. Tab 4 - In 490 subfield a type any character
 9. Tab 9 - Set the value of subfield c to Books
10. Click save and leave the tab open to keep the biblionumber
11. Cataloging - New record - repeat step 6
12. Tab 2 - In 245 subfield a type Serial not series
13. Tab 9 - Set the value of subfield c to Books - Type 1 in subfield s
14. Click save, the biblionumber should be one higher than the first one
15. Reports - Create from SQL
16. Type something in Report name, paste in the SQL
SELECT biblio.serial, biblio.seriestitle, biblio.title FROM biblio WHERE
biblionumber IN ("","")
    and put your first biblionumber in the first "", your second in the
    second.
17. Save report - Run report
18. Series not serial should have a blank in the serial column and the
   character you typed in the seriestitle column; Serial not series
   should have a 1 in the serial column and a blank in the seriestitle
   column.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 65b7c6731933f4b7d284ac07b9adab0d2ada60ca)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit a25c9e637bbf7f053d5d65d21d9b7f139c316524)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit fe01585fcb31d5d39842bbc13128cbc08b03b4eb)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34184: Add empty option for suggestion "document type"

Currently when editing a suggestion, the document type will preselect to the
first entry as we don't have an empty entry.
This can lead to data errors easily.

Test plan:
Create a new suggestion
=> Notice that "document type" is empty by default, pick one
Edit it again
=> Notice that the value is kept and empty can be picked, pick empty
Edit again
=> Empty is selected and saved in DB

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6485f244e085fe48b796dd64178659c2f4a5e4ba)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit cb07de6a981eab80c5764beb35c774e2910359ca)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 339e7adfbc8b450505f4db050932a876dff7c964)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33939: Preserve order budget dropdowns and default budget dropdowns seperately

The dropdowns have different hints after bug 22802. We need to preserve those when adding
or hiding inactive budgets

To test:
1 - Add some inactive budgets to Koha
2 - Use the settings and file from bug 22802 to stage a file and begin adding to basket
3 - When adding to basket test the 'Show inactive funds' on both the 'Select to import' tab and the 'Default accounting details' tab
4 - Ensure the dropdown hints/defaults don't change when hiding/showing budgets
5 - Confirm inactive budgets are correctly shown/hidden

Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 80eb5ac35be44afd5547e1fa75da475d88f95612)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit a2a8cb86b0d73f11514158a29e1b0780f89a04a6)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 2ee83ca00a1f1a395970d25480b3b0a9ed9df086)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33727: (QA follow-up) perl tidy whole file

Test plan:
Run prove again. Run qa tools.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit c0f2a47d3ce78a23aa1b6253188108ce3b0047b7)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8ecb70b338d0456a73af92d50baf765bcff4f9a7)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 08741b6426189a74180f25a42bdfe1344df5d154)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33727: Merge both Calendar tests

The old t tests become part of the first subtest.

Test plan:
Run the new t/db_dependent/Calendar.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2eb6c36c4ddec644619486dea5520e89ef9af56b)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6052f0ec174fb313998cbe38d17af4d9390ee319)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 419d3ca563cbfc3cb2bad831cd774f98b4368a79)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33727: Groundwork for Calendar.t

Update test while removing need for Test::DBIx::Class.

Test plan:
Run t/Calendar.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6e736a5d5f342325651944772b74c5ace1b8814f)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit d77d59fcaa5cb9fbbf92777282101a64ef285df7)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 06a85cc89442eeb0f189063ada80c5e8e02c5bd3)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34243: Fix copy/pasted city references in api tests

Two occurrences.
Just comments.

Test plan:
Read the patch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 308d75d05d105a5829c98617b5229fae587c32f3)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit ef77656e85fc959ad7f769a8dbdec8e97cc23c4e)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit d2498373a617fd2ba8f937cfa58850e381021690)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34097: Prevent clicking ellipsis for dateaccessioned plugin from scrolling up

Test plan:
1. Find a record with several items (in ktd "MacLaren's Gaelic
   self-taught" will do nicely
2. Click the Edit button next to one of the items
3. Click the "..." to the right of "d - Date acquired" and verify that the
   page doesn't scroll up to the top, and that the current date is
   inserted in the field
4. Click the "..." to the right of "w - Price effective from" and verify
   that the page doesn't scroll up and the current date is inserted

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 3824547e5c92328ae0bf54939ec0315b1cbfd98f)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 2d24f269f5692ca333d55381e337a5a90a1d1eff)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 9fef2b809d3da374f8b11f3e99a8bed3b4900647)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33808: Add aria-labels in reports-toolbar.inc

This patch adds an aria-label and an aria-haspopup to Download buttons
identified as non-descriptive in accessibility testing

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8fac9067b2494cca29a2b2147b78366c6a53bcf6)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit eba9d136604c6f2e4847d4d71396b08b22e6b4d5)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 1e621efd8c4c6c9c6d8e80b7a03031ff00ffad00)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Update release notes for the 22.05.15 release

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Translation fixes

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Translation updates for Koha 22.05.15

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Increment version for the 22.05.15

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Bug 34023: Prevent HTML injection in "back to results" link from search page

It is possible inject raw HTML into the "Back to search results" link by leading the user to a search with specially crafted URL.

For example, using the demo instance:

1. Visit https://koha.adminkuhn.ch/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1&%22%3Etest%3Ca%20foo=%22

2. Refresh the page (for some reason, "back to results" doesn't appear unless I do that at least once).

3. Click any result.

Note that the result page now contains:

  <a href="opac-search.pl?idx=&amp;q=test&amp;weight_search=1&amp;">test<a foo=%22" title="...

i.e. `">test<a ...` was successfully injected into the HTML.

I'm attaching a quick patch I've used to patch up our instance.  It just indiscriminately URI-escapes all parameter keys.  I didn't decode them back since as far as I understand all valid keys do not contain special characters.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Bug 22990: Add CSRF protection to boraccount, pay and suggestion

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Test plan would have been nioe.
Tested by changing MAX_AGE with suggestions.

Bug 22990: Fix for shelves table

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Bug 22990: Fix template toolkit syntax issues in shelves_results.tt

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Bug 22990: (follow-up) Fix suggestion.pl

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Bug 34368: Add CSRF token to Content Management pages

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Bug 30524: Core CSRF checking code

Split out from bug 22990 as requested.

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Bug 30524: Add xt/find-missing-csrf.t

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Bug 30524: (QA follow-up) Polishing xt script

Test plan:
Run it again. Same results?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Bug 30524: Unit tests

Test plan:
Run t/Output.t
Run t/db_dependent/Auth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Bug 33717: Typo in search_for_data_inconsistencies.pl

This patch corrects a typo in the output of
search_for_data_inconsistencies.pl when a bibliographic record has no
title.

The patch also replaces biblio to bibliographic record in the same
sentence for terminology consistency.

To test:
- Have a bibliographic record without a title
- Run misc/maintenance/search_for_data_inconsistencies.pl
- Read output, make sure the sentence is correct

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 27a086b91e2a23a764ca8210b9ac2b8c4ec3457e)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit ed32f9812d7ddebc862360662772505cffbb1aa8)
(cherry picked from commit d54de73bfff2282cf59f16a078b6f924befd2a00)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Update release notes for the 22.05.14 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Increment version for the 22.05.14 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Translation updates for Koha 22.05.14

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33335: (QA follow-up) Polishing and comments

Just send the codes and descriptions only to client.
Adding a few comments to the reduce construction.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 020bc275b05ac74bacf52325ac2933d56e78ce32)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 7eabf447d1df66c31743c1160e3d83b771ea1b54)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33335: Use To.json to serialize

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 706cd01ba264ded1f0b237c74f90e511acf2de81)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 04ce17dde59e4d5994bbe7547465e9b9afbd6e4e)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33335: Fix JavaScript error on the MARC overlay rules page

The "MARC overlay rules" page doesn't display or work correctly
if a patron category code contains a "-".

This happens because of the JavaScript function in
"marc-overlay-rules.tt" line 469. This causes an error
"Uncaught SyntaxError: missing : after property id".

Test plan:
1. Go to Administration > Patron categories.
2. Make sure you don't have a patron category code that contains
   a "-".
3. Go to Administration > Record overlay rules.
4. The table should display correctly, and you can add, edit
   and delete rules.
5. Return to Patron categories.
6. Add a new patron category with a "-" in the patron category code.
7. Return to Record overlay rules page:
   => The page doesn't display and load correctly (see the attached
      image) - the normal DataTables header and footer aren't
      displayed, and you can't add, edit or delete overlay rules.
  => If you turn on web developer tools, an error is displayed in the
     console: "Uncaught SyntaxError: missing : after property id".
8. Apply the patch.
9. Repeat the step 7, the Record overlay rules page should now
   display correctly and you should be able to add, edit and
   delete rules.
10. Sign off.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 351e380a1468562fe579e53d85389ccc9a53418e)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit e528bb87c7375eaecf11f265b258e2b7ec5ce202)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 32129: Use patron category when checking if item can fill recall

This patch uses the patron category of the patron who requested the most
relevant recall to check for more specific circulation rules relating to
recalls. This ensures that patrons who are allowed to place recalls are
able to fill their recalls, especially when recalls are not generally
available for all patron categories.

To test:
1) Go to Administration -> System preferences and enable UseRecalls
2) Go to Administration -> Circulation and fines rules and set a general
All/All rule and a Category A/Itemtype A rule. All values can be set
however you like except for these recalls rules:

All/All rule:
Recalls allowed: 0
Recalls per record: 0
On shelf recalls allowed: if any unavailable

Category A/Itemtype A rule:
Recalls allowed: 5
Recalls per record: 5
On shelf recalls allowed: if any unavailable

3) Find an item of Itemtype A. Check it out to Patron A (any category).
4) Log into the OPAC as Patron B (of Category A). Find the item and
place a recall on the item.
5) Back in the staff interface, check in the item. This should trigger
the recalls process so you can allocate the item to Patron B's recall,
however the pop-up box to confirm the recall does not show. This is the
bug.

6) Apply the patch and restart services

7) Check in the item again. Confirm the pop-up box to confirm the recall
shows and you are able to allocate the item to Patron B's recall.
8) Confirm tests pass t/db_dependent/Koha/Item.t

Sponsored-by: Auckland University of Technology
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6cf8c901f55efa586a3c8b01cbbe4780c0fb028b)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit a104de7094271e1d107754432a37fdc7a12cfca3)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 30687: Allow pickup location to be forced when override is allowed

This is Julian's patch with some extra cleanup to reduce repeated code

If AllowHoldPolicyOverride is enabled and only some pickup locations are
available, you still have the possibility to force one of the others
pickup locations.
But when there are zero pickup locations available, that is not
possible.

This patch change that by always displaying the list of pickup locations
when AllowHoldPolicyOverride is enabled.

Test plan:
1. Apply patch
2. Disable AllowHoldPolicyOverride
3. Create a biblio B with an item I at library A.
4. Configure this library A to not be a pickup location
5. Add a "Default holds policy by item type" for item I type where "Hold
   pickup library match" is "item's home library"
6. Try to place a hold on biblio B
   You should not be able to place a hold because there is no valid
   pickup locations
7. Enable AllowHoldPolicyOverride
8. Try to place a hold on biblio B
   You should now see all valid pickup locations in a dropdown list
   (with an exclamation mark in front of each option) with none selected
   by default
9. Verify you can place a title-level hold and an item-level hold

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ab93008da7eb61b697e4586c679b88c2eebaacd0)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit e3c420ab768f64838daf0dc65afac00fb58aabc5)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 32993: Holds priority changed incorrectly with dropdown selector

Test Plan:
1) Find record with at least 3 holds.
2) Change first holds priority as 2, Priority is changed to 3.
3) Try to change priority back to 1, Priority is changed to 2.
4) Apply this patch
5) Reload the page
2) Change first holds priority as 2, Priority is changed to 2.
3) Try to change priority back to 1, Priority is changed to 1.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Hinemoea Viault <hinemoea.viault@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 7d9e4cf41515234d8d61c369aab3c3e49be1ac3d)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit c15e5068d0f13ed8a8b105ea1ed795030be6c269)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 32995: Pass user agent string for OverDrive fulfillment

This patch simply adds the string Koha/VERSION to the fulfillment
request

TO test:
1 - Have OverDrive credentials for testing
2 - Enable all the overdrive options in system preferences
3 - Sign in to opac with an overdrive user and verify you can checkout
  and download titles
4 - Sign off

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Not tested with OverDrive, but change looks harmless enough.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit d27a3419cce0da8c90d3f57d54d6cf669001f210)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 0e086450109133ac00cbabf4874965b4f4f0216f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33677: Remove verbose option from koha-worker man

Signed-off-by: Magnus Enger <magnus@libriotech.no>
No more mention of verbose.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1bd49fcab8c03ee43aba12cae8661f9488c9bf8d)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 165c945b5eade8ddae60715781fc1a406b95e499)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33642: Fix 'No log found.' in viewlog

It should ease translatability and remove an extra space.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 3ca450dbc97f12f895830e17562a2e118996a439)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 68412485e3eda514b4a5ca4c333dcae357978368)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 32937: Make Zebra ignore the copyright symbol in searches

It's common to catalog the year with the copyright symbol attached
to it. This creates some issues with search that we can fix by
adding the © to the list of characters Zebra ignores in search.

To test:
* Search for any existing publication year with ©, example: ©1951
* Verify your record is not found
* Add the copyright symbol to a record, verify it's now found with ©,
  but not without
* Apply patch
* On ktd:
  * sudo cp -i /kohadevbox/koha/etc/zebradb/etc/word-phrase-utf.chr  /etc/koha/zebradb/etc/word-phrase-utf.chr
  * sudo koha-zebra --restart kohadev
  * sudo koha-mysql kohadev
  * DELETE FROM biblio WHERE biblionumber = 369;
  * The reindex woudl fail for me with this broken record present.
  * sudo koha-rebuild-zebra -f kohadev
* Repeat searches, the records should be found when searching
  with and without ©.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit c39d4ea0b26cfb2448902546115efef1cfe2ca6e)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 42b8f60bf4e61744df794750d2fbef9fb4f1013c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 32627: Calculate expirationdate relative to waitingdate

Hold::set_waiting should calculate the MaxPickupDelay expiration date
based on waitingdate rather than the current date, to avoid resetting
the expirationdate on a hold that was already waiting.

To test:
1. Place a hold and check in the item so the hold will be set to Waiting
2. Confirm that the expiration date is correct based on the
   ReservesMaxPickupDelay setting
3. Adjust your system clock to one day later
4. Check in the item again and confirm the hold
5. Note that the expiration date has changed
7. Apply patch and restart_all
8. Repeat steps 1-4. Confirm that the expiration date is calculated
   correctly, and does not change when the item is checked in again
9. Reset your system clock to the current date
10. Set ExcludeHolidaysFromMaxPickupDelay to Use the Calendar
11. Add an upcoming holiday to the calendar
12. Repeat steps 1-4. Confirm the expiration date correctly accounts for
    the holiday, and does not change when the item is checked in again

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 21bcb6e85520b2963dde71c21ccb5e169c4c5e28)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 276bd9af4b9b64b1c5f870c7b59f33039f7e28fa)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33684: Make mandatory date fields required when editing a patron

Date fields in BorrowerMandatoryField are not required by the validation
form when a new patron is added or modified.

This is because the 'required' prop does not exist on the input element
when the flatpickr instance is created.
We should either add it in the DOM directly (tt), but it will require to
do it "manually" for each date fields, or add it when we add it to the
inputs. This patch implements the second option.

Test plan:
1. Add "dateofbirth" to syspref BorrowerMandatoryField.
2. Add patron and leave date of birth input field empty.
3. Save.
=> Form is not submitted and you are asked to fill in a date of birth

Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
https://bugs.koha-community.org/show_bug.cgi?id=33648
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ae3d6f1876c807aed3efb908f538e83bf6376abe)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 112f27f61e5f1cff42becbe7027df603f1348d5e)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33512: (follow-up) Check item count before adding add/edit button

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 7f1cc03e3e16c4538126d69e43f5d9ff67ecd0b2)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 7c4ac22a4215274115128eb7b2cf3e0ac9cb7adf)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33512: (QA follow-up) Remove 'Click to' from buttons

This is following recommendations from accessibility
guidelines. It being a link or button already indicates
that you need to click it. We don't need to spell it out.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0eec6e9f244f95bf8d6f1bf105f0d706456bb316)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit e82262442d988aa19df600a17ae7edac4bbc4564)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33512: Change text and add button classes on serial-edit page

To test:
1. Create a subscription
2. Make sure that you choose "Create an item record" when receiving the serial and associate it with a record.
3. Fill out the numbering pattern stuff and save the subscription.
4. Receive and change the status to arrived. Doing so will make the item subfields appear for editing.
5. Add some stuff, like a barcode, and Save.
6. Now, if you have made a mistake, you may want to edit the serial/item. Check the edit box and click 'Edit serials '
7. For your issue that has already arrived click 'Click to add item'. The item record from before appears.
8. Apply patch.
9. Try 6 & 7 again. The existing items should now read 'Click to edit item'

Signed-off-by: Andrew Auld <andrew.auld@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit f04de4636aaf04582a20e7848da0773d0a045c30)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 42bb21540207a1df252fbc493a838b0d39f64892)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33302: (QA follow-up) Rephrase errors to be more user friendly

These error message will show within the patron account. The goal
of this patch is to make them a little more user friendly avoiding
'patron' and 'hold group' terminology :)

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4e599c790fa0a2e5909916b4f3335d2a7b2a20a9)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit ddae00994002fa79c2f766ab714cc0b0d48f450a)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33302: Send and display errors when a hold cannot be placed on the OPAC

This patch changes opac-reserve.pl to return the error(s) when placing
a hold as a pipe delimited list which is then translated to a message for the
user

To test:
1 - Find a record with items available on the opac
2 - Click 'place hold' and set things up, but do not confirm
3 - In staff client, do something to make hold invalid:
    - Make item damaged
    - Make library not a pickup location
    - Place other holds for patron up to limit
    - etc.
4 - Confirm hold on OPAC
5 - You are sent to patron's account, hold is not placed
6 - There is little or no message to explain why
7 - Apply patch
8 - Repeat
9 - Now errors are clear

Signed-off-by: Andrew Auld <andrew.auld@ptfs-europe.com>
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ee318d20f5506e9b4c955633f0e9eddc9c171f29)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 28db837abbf781dfd9ad096f070f32771bfac457)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33206: Unit test

Signed-off-by: Nick <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 82eb5d7d262a686ad6d3573e3e86a57e051c4f4c)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit be7df5dc0db7d02597ddeec2899a17fb63613536)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33206: Bad title__sort made of multifield 245

In MARC 21, having title search field defined in mappings.yaml as 245abp
(more than one subfield), the Koha generated title__sort will have not
only $a, but also other subfields cut by ind2 characters, i.e.:

245 04 $a Die Renaissance : $b Architektur, Plastik, Malerei, Illustrationen, Zeichnungen

becomes as title__sort:

Renaissance : itektur, Plastik, Malerei, Illustrationen, Zeichnungen

instead of:

Renaissance : Architektur, Plastik, Malerei, Illustrationen, Zeichnungen

This is because copying an array of pointers in Perl causes you to
point to the same (anonymous) element.  Therefore, the intended
modification only for subfield "a"
(Koha/SearchEngine/Elasticsearch.pm, ~line 1157) causes in fact
modification for all the subfields sharing the same mapping
definition and introduction of the nonfiling_characters_indicator to
all subfields 245 when processing 245abp.  And this is obviously not
what is intended and results (in some cases) with bad sort order
when sorting by titles.

Test plan
=========
1. Have a standard Koha ES installation. In mappings.yaml
   you should have 245abp for title search field.

2. Insert / download / modify a record with 245 $b or $p,
    an article at the beginning of the title, and correctly
    set 2nd indicator. For instance:

245 04 $a Die Renaissance : $b Architektur, Plastik, Malerei, Illustrationen, Zeichnungen

3. In ES, with Kibana or culr, control the content of
   title__sort field for the related document.  It will be:

Renaissance : itektur, Plastik, Malerei, Illustrationen, Zeichnungen

4. Apply the patch, full reindex ES (--rebuild -r -d -a -b)

5. In ES, with Kibana or culr, control the content of
   title__sort field for the related document.  It should
   be now correct, i.e.:

Renaissance : Architektur, Plastik, Malerei, Illustrationen, Zeichnungen

Signed-off-by: Nick <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1330bd7c8d2ac256c93e38b95a6040c3fda3db92)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit d210a26306eb43869f5115b65072182c1b6a4127)

Bug 33586: Fix sequence of fields for memberresultst in table configuration

The sequence of options actually matters, not the name.
Library and category were switched, this patch fixes it and
now it should all hide/show as expected:

* Go to administration > table configuration
* Hide library in memberresultst
* Go to patron search and search
* Verify that category was hidden instead
* Apply patch
* Verify now label and columns for library and category
  match with configuration.

Signed-off-by: Lisette Scheer <lisette.scheer@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2ef95d91424d8c45228a1ffb30ed1388a086ca84)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 61ba63a52c1a0550f390d22122ce8cc90f1079ad)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 28315: Remove duplicate function definition

This patch removes the unnecessary second definition of the JS function PopupMARCFieldDoc from addbiblio.tt.
To test:
1. Apply the patch
2. Check that addbiblio.tt contains only one function definition for PopupMARCFieldDoc
3. Navigate to "Cataloging" -> "Add MARC record"
4. Check that after clicking on the question mark symbol next to any MARC field, the loc description of that MARC field is opened in a new tab

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a2b880e57bb1ccd4b8270ec8bfdcdc86e18a2e48)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 4a9be2cbe3da28bb73b1268f27d6ea0c7710f3fe)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>