koha.git
4 years agobug 14504: use C4::Items::DelItemCheck in delete_items.pl
Barton Chittenden [Thu, 22 Oct 2015 21:06:10 +0000 (14:06 -0700)]
bug 14504: use C4::Items::DelItemCheck in delete_items.pl

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agobug 14504: split logic from DelItemCheck() into ItemSafeToDelete()
Barton Chittenden [Thu, 22 Oct 2015 19:24:33 +0000 (12:24 -0700)]
bug 14504: split logic from DelItemCheck() into ItemSafeToDelete()

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14504: (QA followup)
Barton Chittenden [Thu, 15 Oct 2015 20:40:29 +0000 (13:40 -0700)]
Bug 14504: (QA followup)

* Fix POD warning.
* Remove redundant 'use stric' and 'use warnings'
* Remove $VERSION and --version option.
* Remove --dry-run option
* Split test for --help and check for @criteria into two separate pod2usage calls,
    enabling -msg on the latter.
* Fix 'target_tiems' typo.
* Test for holds on items to be deleted.
* Fix whitespace
* Fix test for holds.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14504: Add delete_items.pl: a command line batch deletion tool
Barton Chittenden [Tue, 7 Jul 2015 20:07:52 +0000 (13:07 -0700)]
Bug 14504: Add delete_items.pl: a command line batch deletion tool

http://bugs.koha-community.org/show_bug.cgi?id=14504

Signed-off-by: Heather Braum <hbraum@nekls.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16212 - Generate initial swagger.min.json file
Kyle M Hall [Thu, 25 Aug 2016 12:50:01 +0000 (12:50 +0000)]
Bug 16212 - Generate initial swagger.min.json file

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16212: Use swagger.min.json insted of swagger.json
Lari Taskula [Tue, 14 Jun 2016 13:01:24 +0000 (16:01 +0300)]
Bug 16212: Use swagger.min.json insted of swagger.json

Our current approach with splitting the Swagger specification brings problems.
For example, in swagger.json, if we split the whole "definitions" object with
$ref, validations will fail with online.swagger.io validator.

(See http://online.swagger.io/validator/debug?url=url_to_your_swagger_json)

The problem also occurs with "paths" (Paths Object), because simply $ref to all
paths for example in /paths/index.json does not meet the Swagger2 specification.

The problem is solved by using the minification script and the minified version
of swagger.json after which the swagger.min.json is valid Swagger2 specification,
because the minifier resolves the problematic $refs of swagger.json file in the
minified version.

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
My name is Olli-Antti Kivilahti and I approve this commit.
We have been using the Swagger2.0-driven REST API on Mojolicious for 1 year now
in production and I am certain we have a pretty good idea on how to work with
the limitations of Swagger2.0

Signed-off-by: Johanna Raisa <johanna.raisa@gmail.com>
My name is Johanna Räisä and I approve this commit.
We have been using Swagger2.0-driven REST API in production successfully.

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16212: Add script minifySwagger.pl
Julian Maurice [Wed, 6 Apr 2016 11:16:50 +0000 (13:16 +0200)]
Bug 16212: Add script minifySwagger.pl

This patch introduces the misc/devel/minifySwagger.pl script that
loads the Swagger files, follows references and produces a compact
("minified") version of the swagger file which is suitable for
distribution.

The wiki page should be updated with instructions on how to regenerate
it so the Release Manager does it on each spec upgrade.

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
My name is Olli-Antti Kivilahti and I approve this commit.
We have been using the Swagger2.0-driven REST API on Mojolicious for 1 year now
in production and I am certain we have a pretty good idea on how to work with
the limitations of Swagger2.0

Signed-off-by: Johanna Raisa <johanna.raisa@gmail.com>
My name is Johanna Räisä and I approve this commit.
We have been using Swagger2.0-driven REST API in production successfully.

Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14390: [Follow-up] Only update FU record in UpdateFine
Marcel de Rooy [Tue, 23 Aug 2016 14:33:10 +0000 (16:33 +0200)]
Bug 14390: [Follow-up] Only update FU record in UpdateFine

Exclude O, F and M when outstanding == 0.
Check if the issue_id points to a FU record.

Note: We only warn now when we see a second FU record with this issue id.
That should be a rare exception. As before, we are just counting it in
our total. Added a FIXME.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested fine on overdue. Renewed and backdated for a second fine. The F
and FU can be seen on the Fines tab and are totaled on Check out.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14390: [QA Follow-up] UpdateFine should be passed a hash
Marcel de Rooy [Fri, 19 Aug 2016 07:57:13 +0000 (09:57 +0200)]
Bug 14390: [QA Follow-up] UpdateFine should be passed a hash

Renewing an overdue would not work.
Log shows:
renew: Can't use string ("2144746608") as a HASH ref while "strict refs" in use at C4/Overdues.pm line 508., referer: /cgi-bin/koha/circ/circulation.pl?borrowernumber=1

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14390 [QA Followup] - Fix warning
Kyle M Hall [Tue, 1 Dec 2015 17:59:25 +0000 (17:59 +0000)]
Bug 14390 [QA Followup] - Fix warning

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14390 [QA Followup] - Unit Test
Kyle M Hall [Tue, 1 Dec 2015 16:53:03 +0000 (16:53 +0000)]
Bug 14390 [QA Followup] - Unit Test

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14390 - Fine not updated from 'FU' to 'F' on renewal
Kyle M Hall [Fri, 6 Nov 2015 18:20:56 +0000 (13:20 -0500)]
Bug 14390 - Fine not updated from 'FU' to 'F' on renewal

Test Plan:
1) Find an overdue checkout with a fine
2) Renew item, note fine is not closed out (Account type F)
3) Apply this patch
4) Find another overdue checkout with a fine
5) Renew item, note fine is now correctly closed out
6) Backdate a checkout to be already overdue ( but not have a fine since
    fines.pl hasn't run yet )
7) Renew item, note a closed out fine is created

Signed-off-by: Sean Minkel <sminkel@rcplib.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 15023: (followup) Remove warnings
Tomas Cohen Arazi [Mon, 27 Jun 2016 15:24:15 +0000 (12:24 -0300)]
Bug 15023: (followup) Remove warnings

By setting 'use Modern::Perl' some previously hidden warnings arised.
This patch removes them by testing the variable $balance for undef
before using it in a comparisson.

Sponsored-by: VOKAL
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 15023: Allow patron anonymize/bulk delete tool to be limited by branch
Tomas Cohen Arazi [Mon, 27 Jun 2016 15:12:52 +0000 (12:12 -0300)]
Bug 15023: Allow patron anonymize/bulk delete tool to be limited by branch

This patch makes the bulk patron delete/anonymize functionality be limited
by branch. It does so by adding a branch selection dropdown and using the
already defined APIs for filtering by branch.

It makes use of C4::Branches::onlymine for the IndependentBranches use case
and it adds a way to call it from the Branches template plugin.

To test:
- Apply the patch
1) Have a superlibrarian user
- Go to Tools > Batch patron deletion/anonymization
=> SUCCESS: Verify you can pick a branch (or all of them)
- Try doing some operations
=> SUCCESS: Verify the selection is respected, and carried around all steps
2) Have a user with tools/delete_anonymize_patrons permissions
- Set IndependentBranches on
- Go to Tools > Batch patron deletion/anonymization
=> SUCCESS: It picks the librarian's branch and doesn't let us choose another one
- Try doing some operations
=> SUCCESS: Verify the user's branch is respected, and carried around all steps
- Sign off :-D

Sponsored-by: VOKAL
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17050: (QA followup) Use Mojo::Transaction to get the remote address
Tomas Cohen Arazi [Fri, 19 Aug 2016 17:59:04 +0000 (14:59 -0300)]
Bug 17050: (QA followup) Use Mojo::Transaction to get the remote address

While the original patch fixes the issue, reading at Mojolicious source code, revealed
that Mojo::Transaction already has proper processing for detecting the remote address:

sub remote_address {
  my $self = shift;

  return $self->original_remote_address(@_) if @_;
  return $self->original_remote_address unless $self->req->reverse_proxy;

  # Reverse proxy
  return ($self->req->headers->header('X-Forwarded-For') // '') =~ /([^,\s]+)$/
    ? $1
    : $self->original_remote_address;
}

Without this patch, if there's a request without HTTP_X_FORWARDED_FOR, then the remote
address would be empty. Such would be the case of a dev/standard setup without Plack.

This patch makes Koha::REST::V1::startup use tx->remote_address instead of dealing with the
headers on its own.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17050: Do not kick the session out when accessing the REST API
Jonathan Druart [Fri, 5 Aug 2016 15:03:28 +0000 (15:03 +0000)]
Bug 17050: Do not kick the session out when accessing the REST API

Mojolicious does not set $ENV{REMOTE_ADDR} (neither $ENV{HTTP_*}) as
it may share ENV between different requests.
Fortunately for us, Plack does not!

This is a dirty patch to fix this issue but it seems that there is not
lot of solutions. It adds a remote_addr parameter to
C4::Auth::check_cookie_authin order to send it from
Koha::Rest::V1::startup reading the headers sent by Mojolicious.

Test plan:
Hit /cgi-bin/koha/mainpage.pl
Hit /api/v1/patrons/42
Hit /cgi-bin/koha/mainpage.pl

With this patch applied, everything will be fine and you won't be
logged out.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17023: Repair "cancel" link
Jonathan Druart [Mon, 22 Aug 2016 12:07:54 +0000 (13:07 +0100)]
Bug 17023: Repair "cancel" link

The basketno param has been removed in previous patch.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16960: Delete previous patron modifications
Jonathan Druart [Fri, 19 Aug 2016 12:39:35 +0000 (13:39 +0100)]
Bug 16960: Delete previous patron modifications

If a patron edit his/her details a second time, we need to delete the
first ones to avoid a "duplicate entry for key PRIMARY" error.

Test plan:
Log in at the OPAC
Edit your details
Edit them again
=> Without this patch, Koha will crash
=> With the patch applied, everything should work as expected

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16960: Fix error on validating the registration
Jonathan Druart [Mon, 8 Aug 2016 12:46:43 +0000 (13:46 +0100)]
Bug 16960: Fix error on validating the registration

Followed steps in comment #14, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16960: Update 1 missing occurrence of GetModifications
Jonathan Druart [Fri, 5 Aug 2016 10:43:52 +0000 (11:43 +0100)]
Bug 16960: Update 1 missing occurrence of GetModifications

Signed-off-by: Bob Birchall <bob@calyx.net.au>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16960 - Patron::Modifications should be fixed
Kyle M Hall [Fri, 22 Jul 2016 16:50:50 +0000 (16:50 +0000)]
Bug 16960 - Patron::Modifications should be fixed

The changes from opac-memberentry do not reach the table, since the
Patron::Modifications object does not work well.

Test Plan:
1) Apply this patch
2) Create some patron modification requests
3) Ensure you can approve and deny modifications
4) Ensure patron self registration works

Signed-off-by: Bob Birchall <bob@calyx.net.au>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17106 - DataTables patron search defaulting to 'starts_with' - doc
Fridolin Somers [Thu, 11 Aug 2016 08:39:31 +0000 (10:39 +0200)]
Bug 17106 - DataTables patron search defaulting to 'starts_with' - doc

Bug 15930 modified default value for DataTables patron search.

The doc text should also be modified :
"Can be 'contain' or 'start_with' (default value). Used for the
searchmember parameter."

Test plan :
- install Koha with patch
- look at man page man/man3/C4::Utils::DataTables::Members.3pm

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16741 - Remove dead code "sub itemissues" from C4/Circulation.pm
Marc Véron [Wed, 10 Aug 2016 08:12:55 +0000 (10:12 +0200)]
Bug 16741 - Remove dead code "sub itemissues" from C4/Circulation.pm

To verify:
- git grep itemissues
Result: Appears in C4/Circulation.pm only

To test:
- apply patch
- git grep itemissues
Expected result: No occurences
- prove t/db_dependent/Circulation.t
Expected result: Pass OK

Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17100: Restore previous logic
Jonathan Druart [Mon, 15 Aug 2016 14:11:19 +0000 (15:11 +0100)]
Bug 17100: Restore previous logic

There is no need to change the previous logic here, so let's restore it.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17100: Do not display payments if patron has nothing to pay
Marc Véron [Wed, 10 Aug 2016 09:42:28 +0000 (11:42 +0200)]
Bug 17100: Do not display payments if patron has nothing to pay

This alternative patch moves logic and formatting to the template file.

To test:
* without patch
  1/ find a patron with no lines in accountlines table : print summary shows no "account fines and payments" => OK
  2/ find a patron with some lines in accountlines table and the total amount > 0 : print summary shows a table "account fines and payments" with fines to recover => OK
  3/ find a patron with some lines in accountlines table but the total amount = 0 : print summary shows a table "account fines and payments" with nothing in it => NOK

* with the patch, same cases as before :
  1/ same as without patch
  2/ same as without patch
  3/ print summary does not show "account fines and payments"

- Additionally, verify that formatting follows syspref 'CurrencyFormat'
- Verify that amount column is right-aligned

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17001: fix due date filter on the overdue report
Galen Charlton [Fri, 29 Jul 2016 20:41:19 +0000 (20:41 +0000)]
Bug 17001: fix due date filter on the overdue report

When the TimeFormat system preference is set to "12 hour",
setting a filter on the due date can result in:

- no overdue loans being reported, even if there are some
  that meet the criteria

OR

- overdue loans being omitted from the report if they
  are due on the "until" date in the filter

This patch fixes this by replacing output_pref() with
DateTime::Format::MySQL to format the date filter values
to pass to the SQL query.

To test
-------
[1] Run the overdue report (circ/overdue.pl) and set a filter
    on due date, using values that should bring up one or
    more overdue loans.
[2] Note that zero overdue loans are returned (if using MySQL
    5.5, 5.6, or 5.7 or MariaDB 5) or that loans due on the
    "until" date are omitted (if using MarioDB 10).
[3] Apply the patch and repeat step 1. This time, the correct
    set of overdue loans should be reported.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Jason Robb <jrobb@sekls.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17107 - Add ident and Identifier-standard to known indexes
Fridolin Somers [Thu, 11 Aug 2016 08:58:40 +0000 (10:58 +0200)]
Bug 17107 - Add ident and Identifier-standard to known indexes

Add ident and Identifier-standard to known indexes in C4::Search::getIndexes().
Those indexes can be very useful, for example for IdRef feature.

Test plan :
- Make sure some records have a field indexed with Identifier-standard, ISBN=1234 for example
- Perform a search /cgi-bin/koha/opac-search.pl?idx=ident,phr&q=1234
=> you find the record
- Perform a search /cgi-bin/koha/opac-search.pl?q=ident:1234
=> Without patch : you get no results
=> With patch    : you find the record
Idem for 'Identifier-standard'

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17095: (bug 16849 follow-up) Fix regression if patron does not exist
Jonathan Druart [Tue, 9 Aug 2016 19:08:54 +0000 (20:08 +0100)]
Bug 17095: (bug 16849 follow-up) Fix regression if patron does not exist

Bug 16082, 'Display a friendly "patron does not exist" message if that's the
case - circulation.pl' changed the behavior of the checkout page so that if
you hit that page with a borrowernumber which doesn't exist a nice message will
tell you so.

Now when you do that you get an error message:
  Can't call method "is_debarred" on an undefined value at /circ/circulation.pl line 300.

Test plan:
confirm that the friendly message is back :)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17009: Speed up the framework duplication
Jonathan Druart [Mon, 1 Aug 2016 12:46:49 +0000 (13:46 +0100)]
Bug 17009: Speed up the framework duplication

To duplicate frameworks, the code retrieve all the subfields, then
execute 1 insert per subfield.
It's unnecessary slow, we can use the DBMS to do it.

Test plan:
Create a new framework and duplicate the structure of another framework.

Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17117: Patron personal details not displayed unless branch update request is...
Jacek Ablewicz [Fri, 12 Aug 2016 14:19:52 +0000 (16:19 +0200)]
Bug 17117: Patron personal details not displayed unless branch update request is enabled

In patron acount ("your personal details" tab, which serves as a form
for submitting update requests as well) it's not possible to display
some account details like expiration date etc., without enabling
the field for branch / library update requests too.

To reproduce:

1) set OPACPatronDetails to "Allow"
2) clear PatronSelfModificationBorrowerUnwantedField preference
- all possible fields in the update requests form are visible
in patron account, including some extra details (card number,
expiration date, category) in the "Library" section on top
3) put 'branchcode' in PatronSelfModificationBorrowerUnwantedField preference
4) the whole 'Library' section disappears

To test:

1) apply patch
2) put 'branchcode' in PatronSelfModificationBorrowerUnwantedField,
'Library' section should remain visible (sans branch selection option)
3) put 'branchcode|cardnumber|datexpiry|categorycode' in the same
preference, 'Library' section should now disappear

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17124: Fix tests in DecreaseLoanHighHolds.t
Jonathan Druart [Mon, 15 Aug 2016 08:26:16 +0000 (09:26 +0100)]
Bug 17124: Fix tests in DecreaseLoanHighHolds.t

One test of DecreaseLoanHighHolds.t does not pass,
A hashref representing a patron has a 'borrower' key defined, instead of
'borrowernumber'.

Test plan:
  prove t/db_dependent/DecreaseLoanHighHolds.t
must return green

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17097: [QA Follow-up] Exit after redirect
Marcel de Rooy [Fri, 12 Aug 2016 07:15:01 +0000 (09:15 +0200)]
Bug 17097: [QA Follow-up] Exit after redirect

Adds one exit statement, and some whitespace.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Verified deleting a patron again.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17097: here the var is 'member', not 'borrowernumber'
Jonathan Druart [Wed, 10 Aug 2016 11:18:04 +0000 (12:18 +0100)]
Bug 17097: here the var is 'member', not 'borrowernumber'

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17097: Fix CSRF in deletemem.pl
Jonathan Druart [Tue, 9 Aug 2016 21:29:25 +0000 (22:29 +0100)]
Bug 17097: Fix CSRF in deletemem.pl

If an attacker can get an authenticated Koha user to visit their page
with the url below, they can delete patrons details.

  /members/deletemem.pl?member=42

Test plan:

0/ Do not apply any patches
1/ Adapt and hit the url above
=> The patron will be deleted without confirmation
2/ Apply first patch
3/ Hit the url
=> you will get a confirmation page
4/ Hit /members/deletemem.pl?member=42&delete_confirmed=1
=> The patron will be deleted without confirmation
5/ Apply the second patch (this one)
6/ Hit /members/deletemem.pl?member=42&delete_confirmed=1
=> you will get a crash "Wrong CSRF token" (no need to stylish)
7/ Delete a patron from the detail page and confirm the deletion
=> you will be redirected to the patron module home page and the patron
has been deleted

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17097: Add a confirmation page when deleting a patron
Jonathan Druart [Tue, 9 Aug 2016 21:18:14 +0000 (22:18 +0100)]
Bug 17097: Add a confirmation page when deleting a patron

It won't hurt to have a confirmation page when deleting a patron.
Moreover it's the more easy way to protect against CSRF attacks :)

Test plan:
Make sure you get a confirmation page when deleting a patron
Confirm that approving or denying the confirmation work as expected

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16955: Do not clear from cache when adding a new framework
Jonathan Druart [Tue, 2 Aug 2016 08:43:01 +0000 (09:43 +0100)]
Bug 16955: Do not clear from cache when adding a new framework

There are several issues with these lines:
1/ $cache is not defined correctly and it not visible inside
duplicate_framework
2/ $frameworkcode is a wrong c/p, it should be $newframeworkcode
3/ these calls are not needed. As we are creating a new framework, the cache
should be empty...

This patch will simply remove these calls

Test plan:
Duplicate a framework and confirm that you do not get any error in your
logs.

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16996: (follow-up) Do not explode if mandatory fields are missing
Jonathan Druart [Mon, 8 Aug 2016 14:11:56 +0000 (15:11 +0100)]
Bug 16996: (follow-up) Do not explode if mandatory fields are missing

When registering a new patron, if something went wrong, the form is
resent to the template but without the categorycode (not a dropdown list
anymore, but just displayed as a readonly value # TODO LATER).

Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16996: Do not explode if mandatory fields are missing
Jonathan Druart [Wed, 3 Aug 2016 15:28:24 +0000 (16:28 +0100)]
Bug 16996: Do not explode if mandatory fields are missing

At the OPAC, if a patron modify his/her information and at least 1
mandatory field is missing, Koha will crash with
  Template process failed: undef error - Can't call method "description"

It is raised by Koha::Template::Plugin::Categories::GetName called with
an undefined categorycode.
The problem is that the values sent originaly are not sent back to the
template if the user missed something.
This patch makes that all info are resent to the template in order to
show the same form to the user.

Test plan:
0. Apply patch

1. Make sure that the categorycode is not hidden in the OPAC in:
     PatronSelfRegistrationBorrowerUnwantedField or PatronSelfModificationBorrowerUnwantedField

2. Add a required field in PatronSelfRegistrationBorrowerMandatoryField, for example email.

3. Go to Your Personal Details in the OPAC (opac-memberentry.pl) and leave blank the required field of point 2

4. Press "Submit update request"

There should be no software error.

NOTE: The warns will be floody on the logs.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16615: Update OPACSearchForTitleIn to access openlibrary.org via https
Jonathan Druart [Mon, 15 Aug 2016 12:15:22 +0000 (13:15 +0100)]
Bug 16615: Update OPACSearchForTitleIn to access openlibrary.org via https

Note that we could also update the syspref for existing installs

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16615: Follow up - missed a spot
Mark Tompsett [Sun, 14 Aug 2016 17:01:47 +0000 (13:01 -0400)]
Bug 16615: Follow up - missed a spot

Also, it is recommended to apply bug 17103 before this.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Oliver Bock <oliver.bock@aei.mpg.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16615: Open Library API fails for full-site-SSL
Oliver Bock [Mon, 30 May 2016 07:35:26 +0000 (07:35 +0000)]
Bug 16615: Open Library API fails for full-site-SSL

When running Koha in a full-site-SSL configuration accessing
external resouces like Open Library cover images via HTTP
doesn't work (mixed SSL/non-SSL content). It thus breaks a
core feature of Koha. Referencing such resources always via
HTTPS resolves the problem and also enhances privacy as a
side-effect.

Previous tickets took care of Amazon resources. This ticket
is supposed to address the remaining external resource providers,
starting with Open Library.

TEST PLAN
---------
1) Over https access your OPAC with the Enhanced Content system
   preferences 'OpenLibraryCovers' set to 'Add', and
   'OpenLibrarySearch' set to 'Show'.
2) Search for something (e.g. Mo Willems)
   -- Your browser console log will show messages about
      mixed content.
3) Apply the patch
4) Making sure to reload the java script, attempt steps 1 & 2
   again.
   -- no mixed content messages should be given
5) run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14642 - DBRev 16.06.00.015
Kyle M Hall [Wed, 17 Aug 2016 18:40:27 +0000 (18:40 +0000)]
Bug 14642 - DBRev 16.06.00.015

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14642: Make sure the log will be written only if the hold has been deleted
Jonathan Druart [Tue, 9 Aug 2016 09:14:44 +0000 (10:14 +0100)]
Bug 14642: Make sure the log will be written only if the hold has been deleted

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14642: (QA followup) Add tests for Koha::Hold->delete
Tomas Cohen Arazi [Tue, 9 Aug 2016 02:46:48 +0000 (23:46 -0300)]
Bug 14642: (QA followup) Add tests for Koha::Hold->delete

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14642: (QA followup) Make HoldsLog default to 0
Tomas Cohen Arazi [Tue, 26 Jul 2016 19:04:16 +0000 (16:04 -0300)]
Bug 14642: (QA followup) Make HoldsLog default to 0

After a couple comments regarding the default value I picked for the
new syspref, I've decided to set it 0, as libraries interested on the
fetarue will just enable it.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14642: Add logging for Holds
Tomas Cohen Arazi [Wed, 15 Jun 2016 17:48:57 +0000 (14:48 -0300)]
Bug 14642: Add logging for Holds

This patch adds logging for several holds actions. Specifically for:

- CREATE
- CANCEL
- DELETE
- RESUME
- SUSPEND
- MODIFY

To test:
- Enable the HoldsLog syspref
- Add a hold on a record/item
=> SUCCESS: The log view shows the CREATE action
- Click on the <Suspend> button
=> SUCCESS: The log view shows the SUSPEND action
- Click on the <Unsuspend> button
=> SUCCESS: The log view shows the RESUME action
- Click on the red cross, to delete the hold
=> SUCCESS: The log view shows the CANCEL action

Note: The DELETE action is logged when DelMember is called, with bug 16819 patches applied.

Sponsored-by: NEKLS
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
I also wonder about this going in defaulted on, but since the other logs are as well it seems ok to me.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14642: Add HoldsLog syspref
Tomas Cohen Arazi [Fri, 24 Jun 2016 14:34:01 +0000 (11:34 -0300)]
Bug 14642: Add HoldsLog syspref

This patch introduces a new syspref 'HoldsLog' which is to be used for controlling
holds actions logs.

Sponsored-by: NEKLS
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16829 - DBRev 16.06.00.014
Kyle M Hall [Wed, 17 Aug 2016 18:03:50 +0000 (18:03 +0000)]
Bug 16829 - DBRev 16.06.00.014

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16829: Unit tests for logaction's 'interface parameter'
Tomas Cohen Arazi [Fri, 1 Jul 2016 21:53:00 +0000 (18:53 -0300)]
Bug 16829: Unit tests for logaction's 'interface parameter'

This patch introduces tests for the new 'interface' parameter for the
C4::Log::logaction and C4::Log::GetLogs functions.

In logaction, it falls back to C4::Context->interface if ommited.

To test:
- Run
  $ prove t/db_dependent/Log.t
=> SUCCESS: Tests pass
- Sign off

Sponsored-by: NEKLS
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16829: DBIx update
Tomas Cohen Arazi [Fri, 1 Jul 2016 21:33:15 +0000 (18:33 -0300)]
Bug 16829: DBIx update

Sponsored-by: NEKLS
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16829: Add 'interface' to the log viewer
Tomas Cohen Arazi [Fri, 1 Jul 2016 21:27:03 +0000 (18:27 -0300)]
Bug 16829: Add 'interface' to the log viewer

This patch introduces the 'interface' filter to the log viewer.

To test:
- Apply the patch
- Open the log viewer
=> SUCCESS: As default, 'All' interfaces are chosen. OPAC, Intranet and SIP are presented
- Do a lot of log searches, verify that the interface column shows what is expected.
=> SUCCESS: The chosen 'interfaces' are kept when rendering results.

Sponsored-by: NEKLS
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16829: make logaction and GetLogs aware of the interface column
Tomas Cohen Arazi [Fri, 1 Jul 2016 21:26:13 +0000 (18:26 -0300)]
Bug 16829: make logaction and GetLogs aware of the interface column

This patch changes the logaction API so it accepts a new 'interface' param.
Current code calling logaction is not changed, and this parameter can be ommited
in most contexts, and it will correctly fall-back to C4::Context->interface.

Unit tests are provided on a different patch.

GetLogs gets patched as well, so it can be required to filter by 'interface' param.

Sponsored-by: NEKLS
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16829: Add 'interface' column to action_logs
Tomas Cohen Arazi [Fri, 1 Jul 2016 20:48:37 +0000 (17:48 -0300)]
Bug 16829: Add 'interface' column to action_logs

This patch introduces a new column for the action_logs table. It is
called 'interface' and it is intended to store the interface in which
the action was performed.

Sponsored-by: NEKLS
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 14844: Corrupted storable string. When adding/editing an Item, cookie LastCreated...
Olli-Antti Kivilahti [Thu, 17 Sep 2015 10:23:49 +0000 (13:23 +0300)]
Bug 14844: Corrupted storable string. When adding/editing an Item, cookie LastCreatedItem might be corrupted.

No idea how to replicate this issue but we have been getting several reports
about the following error:

Software error:

Corrupted storable string (binary v2.9) at /usr/lib/perl/5.18/Storable.pm line
417, at /home/koha/kohaclone/cataloguing/additem.pl line 375.

TEST PLAN:
1. Add or modify an Item.
2. No observed changes.
?. We don't know what causes this but we know that add/modify Item occasionally
   crashes due to failure of a cookie thawing.

This patch prevents the whole program from dying, because this error is not
critical enough to warrant dying.
Also there is no centralized mechanism in Koha for showing messages to the
user, so there is no easy and convenient way to warn the user that the:
'LastCreatedItem'-cookie or the systempreference 'PrefillItem' is
malfunctioning.

So we instead just warn to the server logs with the malfunctioning cookie in
hopes of nailing down what causes the issues.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17103 - Google API Loader jsapi called over http
Indranil Das Gupta (L2C2 Technologies) [Sat, 13 Aug 2016 00:25:14 +0000 (05:55 +0530)]
Bug 17103 - Google API Loader jsapi called over http

This patch replaces the hardcoded protocol ("http") from the URI with
https since that is what Google defacto uses to serve JS resources
Prevents MIXED CONTENT failure, allowing GoogleIndicTransliteration
to function correctly when used in SSLized OPACs.

Test plan
---------

1/ Make sure your OPAC is being served both over HTTP and HTTPS
2/ Set GoogleIndicTransliteration syspref to "Show"
3/ Access the OPAC over http, Google transliteration element will
   show up in masthead searchbox.
4/ Access the OPAC over https. The element will not show. Console
   will show MIXED CONTENT error and failure of google loader.
5/ Apply patch. Repeat steps #3 and #4 again. Now in both cases
   GoogleIndicTransliteration will work.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17084 - Automatic debian/control updates (master)
Mirko Tietgen [Thu, 11 Aug 2016 04:35:47 +0000 (06:35 +0200)]
Bug 17084 - Automatic debian/control updates (master)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16974: Make koha-plack should check and fix log files permissions
Tomas Cohen Arazi [Mon, 25 Jul 2016 18:08:00 +0000 (15:08 -0300)]
Bug 16974: Make koha-plack should check and fix log files permissions

This patch adds a function to the koha-plack script so it checks for log file
existence and its permissions. This function is called from the start_plack function.

If some of this conditions are not fulfilled, it solves the situation by either
touching and/or changing the permissions accordingly for the instances' plack log files.

To test:
- Run (on kohadevbox):
  $ cd kohaclone
  $ debian/scripts/koha-plack --start kohadev
  $ debian/scripts/koha-plack --stop  kohadev
  $ ls /var/log/koha/kohadev/plack*
- Verify ownership of the created files (they might belong to the root user)
- Apply the patch
- Run:
  $ chown root:root /var/log/koha/kohadev/plack*
  $ debian/scripts/koha-plack --start kohadev
  $ ls /var/log/koha/kohadev/plack*
=> SUCCESS: Files belong to kohadev-koha:kohadev-koha
- Run:
  $ debian/scripts/koha-plack --stop  kohadev
  $ rm /var/log/koha/kohadev/plack*
  $ debian/scripts/koha-plack --start kohadev
  $ ls /var/log/koha/kohadev/plack*
=> SUCCESS: Files are created and belong to kohadev-koha:kohadev-koha
- Sign off :-D

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16885: koha-stop-zebra should be more sure of stopping zebrasrv
Mark Tompsett [Wed, 3 Aug 2016 03:26:03 +0000 (23:26 -0400)]
Bug 16885: koha-stop-zebra should be more sure of stopping zebrasrv

This patch follows Galen's suggestion in comment #7.

TEST PLAN
---------
1) Back up your koha logs as desired.
2) add something to /var/log/koha/{instance name}/intranet-error.log
3) ps aux | grep zebra
4) logrotate -f /etc/logrotate.d/koha-common
5) ps aux | grep zebra
   -- the zebrasrv and daemon process for zebra indexing
      didn't restart.
6) apply this patch against /usr/sbin/koha-stop-zebra
7) sudo koha-start-zebra {instance name}
8) ps aux | grep zebra
   -- the processes should have started up again.
9) add different junk to /var/log/koha/{instance name}/intranet-error.log
10) ps aux | grep zebra
11) logrotate -f /etc/logrotate.d/koha-common
12) ps aux | grep zebra
    -- the process ids for the zebrasrv and daemon processes should
       be different, but the number of processes is the same as before.
13) sign off, because its less ugly than comment #3

Sponsored-by: Tulong Aklatan
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Works as expected, no regressions found.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 15200 - t/Creators.t fails when using build-git-snapshot
Mirko Tietgen [Tue, 9 Aug 2016 09:52:15 +0000 (11:52 +0200)]
Bug 15200 - t/Creators.t fails when using build-git-snapshot

ttf-dejavu was missing from the build dependencies.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 7741 - DBRev 16.06.00.013 - Add IGNORE to insert in case of backporting
Kyle M Hall [Wed, 10 Aug 2016 14:20:06 +0000 (14:20 +0000)]
Bug 7741 - DBRev 16.06.00.013 - Add IGNORE to insert in case of backporting

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16944: Add "email" and "url" classes when edit or create a vendor
Hector Castro [Tue, 19 Jul 2016 20:58:58 +0000 (14:58 -0600)]
Bug 16944: Add "email" and "url" classes when edit or create a vendor

When edit or create a new vendor the two fields "email" and "website" don't test
if the data provided is right. When you add a direction like
"koha-community.org" without the protocol "https" the program redirect to an
404 error.

To reproduce the issue:
1-Go to Acquisition and create a new Vendor
2-Fill the field Website with koha-community.org
3-Use an email without at sing (@)
4-Notice that there is no error
5-Save
6-Go to the vendor created (/cgi-bin/koha/acqui/supplier.pl?booksellerid=1)
7-Click in Website: koha-community.org -> redirect to an 404 error
8-Notice the bad mailto:

To test:
-Apply patch
-Reproduce step 1 to 8 with the same vendor or create a new one
-Enter multiple wrong and valid urls
-Enter urls with and without protocols http, https, ftp
-Enter wrong and valid emails

NOTE: The classes used are taken from 'branches.tt'
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
no longer allows entering of improper website urls or incomplete email addresses.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16953: Acquisitions home: Remove trailing &rsaquo; from breadcrumbs
Marc [Thu, 21 Jul 2016 09:42:42 +0000 (11:42 +0200)]
Bug 16953: Acquisitions home: Remove trailing &rsaquo; from breadcrumbs

The breadcrumb on the Acquisition's home page reads: Home > Acquisitions >
This tiny patch removes the trailing > (&rsaquo;)

Amended: Remove the link on 'Acquisitions' as well...
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16964: Fix capitalization for "Report Plugins" in reports-home.tt
Hector Castro [Fri, 22 Jul 2016 16:04:48 +0000 (10:04 -0600)]
Bug 16964: Fix capitalization for "Report Plugins" in reports-home.tt

Fix capitalization for "Report Plugins" in reports-home.tt according with
Coding Guidelines <https://wiki.koha-community.org/wiki/Coding_Guidelines#HTML4:_Upper_and_lower_cases_in_strings>

Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16989 - Advanced search form does not display translated itemtype
Marc [Wed, 27 Jul 2016 19:19:16 +0000 (21:19 +0200)]
Bug 16989 - Advanced search form does not display translated itemtype

In Staff client, the advanced serach form does not display the
translations of item types.

(Note: It is not necessary to have translations installed to verify
this bug.)

Prerequisites:
- Go to Home > Administration > Item types administration
- Edit e.g. item type "BK" (Book)
- Near "Description", click link "Translate into other languages
- If you have other languaes installed, add translatons for those
- If you have an Englis only installation, add a "translation" for
  English, make sure that you can identify it while testing (I
  used "BOOOOOOOOOOOOKS")

Verify:
- Go to Home › Advanced search
- Verify near "Limit to any of the following" that the description for
  itemtype BK reads "Book" instead of "BOOOOOOOOOOOOKS"

Test:
- Apply patch
- Verify that the item type description now reads ""BOOOOOOOOOOOOKS"
- If you have a multi language installaton, verify that item types
  you translated display as appropriate

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17052: Display patron category description in the sidebar of paycollect
Jonathan Druart [Thu, 4 Aug 2016 16:19:37 +0000 (17:19 +0100)]
Bug 17052: Display patron category description in the sidebar of paycollect

The patron category description is not passed to the template in
paycollect.pl

Note: The Categories TT plugin should be used here...

Test plan:
Go on paycollect.pl and confirm that the patron category description is
now displayed in the sidebar.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Brendon Ford <brendon.ford@manhattan.edu>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17055 - Add classes to different note types to allow for styling on checkins...
Kyle M Hall [Fri, 5 Aug 2016 13:56:52 +0000 (13:56 +0000)]
Bug 17055 - Add classes to different note types to allow for styling on checkins page

Returned items may have 3 kinds of notes, patron, item public, and item
non-public. However, the html markup for them does not allow us to
distinguish which type we are seeing. It would be good to add classes
for each of these note types.

Test Plan:
1) Check out an item to a patron
2) Add a patron note, a public item note, and a non-public item note
   to the patron and item you used
3) Check in the item and instead the html, note the each note span
   now has a class to distinguish which type of note is being displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17078 - Format fines on opac-account.pl
Marc [Mon, 8 Aug 2016 12:04:44 +0000 (14:04 +0200)]
Bug 17078 - Format fines on opac-account.pl

To verify:
- Log in to OPAC as a user who has fines or credits
- Go to page "your fines"
- Verify that values for "Fine amount", "Amount outstanding"
  and "Total due" are not formatted as defined in syspref CurrencyFormat
  (e.g. for FR)

To test:
- Apply patch
- Repeat steps above
- Verify that values are formatted as appropriate with different
  settings for syspref CurrencyFormat

Note: This patch does not force text alignment to the right.
      Text alignement can be done using syspref OPACUserCSS
      (td.sum, td.credit, td.debit)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17076 - Format fines in patron search results table
Marc [Mon, 8 Aug 2016 09:33:50 +0000 (11:33 +0200)]
Bug 17076 - Format fines in patron search results table

Format the values in patron search results following syspref CurrencyFormat.

To verify:
- Search for patrons who have fines or credits
- In result table, column 'Fines' does not respect syspref CurrencyFormat
  (e.g. for FR)

To test:
- Apply patch
- Repeat steps above, verify that fines display as appropriate
- Change syspref Currencyformat, verify display

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17081 Incorrect comparison operator used in edifactmsgs.pl
Colin Campbell [Mon, 8 Aug 2016 15:13:37 +0000 (16:13 +0100)]
Bug 17081 Incorrect comparison operator used in edifactmsgs.pl

Numeric comparison operator is used where string comparison required,
resulting in the following warning in the log: 'Argument "delete" isn't
numeric in numeric eq (==).'

This patch corrects it to use 'eq' not '==' to compare strings.

To test, apply the patch and go to Acquisitions -> EDIFACT messages.

Delete an EDIFACT message. There should be no error in the error log.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16969 cgi->param used in list context in opac-memberentry.pl
Chris Cormack [Sun, 24 Jul 2016 07:18:51 +0000 (19:18 +1200)]
Bug 16969 cgi->param used in list context in opac-memberentry.pl

To test
1/ Hit the page, notice the warning in the log
2/ Apply patch
3/ Hit page, notice no warning in the log
4/ Test functionality all still works

Works as expected. (Note: See Bug 16960 for updating patron details).
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17040: Fix translation on context menu when editing items
Jonathan Druart [Wed, 3 Aug 2016 14:48:42 +0000 (15:48 +0100)]
Bug 17040: Fix translation on context menu when editing items

Test plan:
update and install translated language files
On the item list (cataloguing/additem.pl) the context menu should be
translated (Edit item/Delete item)

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17020: Do no pass findborrower to the template
Jonathan Druart [Thu, 28 Jul 2016 11:58:30 +0000 (12:58 +0100)]
Bug 17020: Do no pass findborrower to the template

Indeed, it's not used!

Test plan:
  git grep '\[% findborrower'
should not return any result.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16894: Regression - Display email on patron search results
Jonathan Druart [Wed, 3 Aug 2016 15:41:48 +0000 (16:41 +0100)]
Bug 16894: Regression - Display email on patron search results

Bug 10318 added the email to the patron search results but it has been
removed later.
This patch reintroduced it where it was (no new column).

Test plan:
Search for patrons and confirm that the emails are displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16806: no error message for 'too_soon' renewal
phette23 [Thu, 23 Jun 2016 23:06:59 +0000 (16:06 -0700)]
Bug 16806: no error message for 'too_soon' renewal

To test:
-  for a particular item type & patron category, configure a non-zero
"no renewal before" date so items can't be immediately renewed
- sign in as a patron in aforementioned patron category
- check out an item of aforementioned item type
- go to your renewals page in OPAC /cgi-bin/koha/opac-user.pl
- an error messages appears in the div.alert.dialog up top

Sponsored-by: California College of the Arts
Signed-off-by: Brendon Ford <brendon.ford@manhattan.edu>
Signed-off-by: Irma Birchall <irma@calyx.net.au>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16776: Do not forget external language choice in language switcher
Jonathan Druart [Mon, 25 Jul 2016 15:37:03 +0000 (16:37 +0100)]
Bug 16776: Do not forget external language choice in language switcher

If language is set by external link language switcher does not work

To reproduce:

- Have a multilingual koha installation, let's say en, de-CH, fr-FR and it-IT
- Create external links e.g. from your multilingual library website to each language variant of OPAC:

...cgi-bin/koha/opac-main.pl?language=en
...cgi-bin/koha/opac-main.pl?language=de-CH
...cgi-bin/koha/opac-main.pl?language=fr-FR
...cgi-bin/koha/opac-main.pl?language=it-IT

Each link opens fine displaying the language as appropriate.

Now try to switch language on the page you just opened via the external link.

It won't work, it will always stay on the language defined by the external link.

To test:
- Apply patch
- Repeat steps above
- Verify that the language switcher works
- Verify in browser address field that after switching language, the param 'language= 'has vanished from url string
- Try links with multiple params and with params containing 'language', e.g.
  ...cgi-bin/koha/opac-search.pl?language=fr-FR&q=language&mylanguage=test
- Verify that only the parameter 'language=' vanishes

Tested counter patch, works as well.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17082: Translatability: Fix sentence splitting in member.tt
Marc [Mon, 8 Aug 2016 15:47:31 +0000 (17:47 +0200)]
Bug 17082: Translatability: Fix sentence splitting in member.tt

This patch fixes sentences splitting in file
koha-tmpl/intranet-tmpl/prog/en/modules/members/member.tt

Fix is done with a new .inc file because the code is the same as in
koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt

To test:
- Carefully review code changes
- Test on a fresh install without example data (or save database
  and test with empty tables 'branches' and 'categories')
- Go to Home > Patrons (members-home.pl)
- Verify that a warnings appears aubout missing libraries and patron
  categories
- Try to add a new patron (memberentry.pl)
- Verify that the same messages are triggered
- Verify that messages disappear as appropriate as soon as a library and
  a patron category are defined.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Note: Filed Bug 17093 for JS error on patron entry form.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16848: Prevent invalid warning to be carped from output_pref
Jonathan Druart [Mon, 4 Jul 2016 10:53:39 +0000 (11:53 +0100)]
Bug 16848: Prevent invalid warning to be carped from output_pref

From Koha::DateUtils::output_pref:

   $dt = eval { dt_from_string( $str ) } if $str;
   carp "Invalid date '$str' passed to output_pref\n" if $@;

This second line is wrong: if $str does not exist, the first line is not evaluated and $@ could be filled with previous error.

To reproduce:

Then:
  prove t/DateUtils.t
will display:
t/DateUtils.t .. 20/60 Use of uninitialized value $str in concatenation (.) or string at Koha/DateUtils.pm line 217.
Invalid date '' passed to output_pref
 at t/DateUtils.t line 233.
t/DateUtils.t .. ok
All tests successful.
Files=1, Tests=60,  2 wallclock secs ( 0.02 usr  0.00 sys +  1.40 cusr  0.00 csys =  1.42 CPU)
Result: PASS

Test plan:
Without this patch, you should not see the carp

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17074: Follow-up: fixing encoding issues with multiple search terms
Katrin Fischer [Sun, 7 Aug 2016 23:15:23 +0000 (01:15 +0200)]
Bug 17074: Follow-up: fixing encoding issues with multiple search terms

If there was more than one search term you could see that that it
was url encoded. Also problems with search terms with umlauts and
other diacritics.

Patch should fix that.

https://bugs.koha-community.org/show_bug.cgi?id=17074
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17074: Fix links in result list of 'scan indexes' and keep search term visible
Katrin Fischer [Sun, 7 Aug 2016 14:03:13 +0000 (16:03 +0200)]
Bug 17074: Fix links in result list of 'scan indexes' and keep search term visible

The 'scan indexes' search that can be reached from the
advanced search has 2 problems to begin with:

- The search term you searched for is not displayed
  in the input field.
- The links in the result list are missing the index
  and because of that, are not giving the correct results.

To test:
- Go to the advanced search, select an index to search in
- Enter a search term and check 'scan indexes'
- Submit search
- Check if the search term is visible in the input box
- Check if the result links contain your selected index
  and give you correct results (count and the number of
  results should match)

Tested both patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17053 Clearing search term in Reports
Frédéric Demians [Sat, 6 Aug 2016 08:13:18 +0000 (10:13 +0200)]
Bug 17053 Clearing search term in Reports

If you click the clear button to clear the search term it does take the search
term away. However, the next time you click on "Saved reports" the search term
is still there.

TO TEST:

1. Reports > Use saved
2. Filter on anything (date/author/keyword). Let say "foo" in keyword.
3. Click the Clear link on the Filter form. You can see that "foo" is removed
   from keyword, and all the saved reports are displayed.
4. Click "Saved Reports" on the left. You can see that "foo" reappears in
   keyword filter.
5. Apply the patch, and repeat steps 2-4.

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16992: FIX CSRF in member-password.pl
Jonathan Druart [Thu, 28 Jul 2016 10:54:11 +0000 (11:54 +0100)]
Bug 16992: FIX CSRF in member-password.pl

If an attacker can get an authenticated Koha user to visit their page with the
url below, they can change patrons' passwords
/members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked

Test plan:

Trigger
/members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked

=> Without this patch, the password will be updated
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16992: [QA Follow-up] Member-password should pass an userid
Marcel de Rooy [Fri, 29 Jul 2016 11:16:40 +0000 (13:16 +0200)]
Bug 16992: [QA Follow-up] Member-password should pass an userid

If we do not fill a new userid, we should keep the old one.
Script member-password should pass that to Koha::Patron.
Otherwise things go wrong.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Without this patch, you could effectively disable a login.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
4 years agoBug 7441 - DBRev 16.06.00.013
Kyle M Hall [Wed, 10 Aug 2016 13:28:20 +0000 (13:28 +0000)]
Bug 7441 - DBRev 16.06.00.013

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure
Marcel de Rooy [Fri, 29 Jul 2016 10:35:22 +0000 (12:35 +0200)]
Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16929: [QA Follow-up] Shortcut methods and use statements
Marcel de Rooy [Thu, 21 Jul 2016 06:48:01 +0000 (08:48 +0200)]
Bug 16929: [QA Follow-up] Shortcut methods and use statements

Resolves the following comments:

I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16929: Prevent opac-memberentry waiting for random chars
Marcel de Rooy [Fri, 15 Jul 2016 12:16:07 +0000 (14:16 +0200)]
Bug 16929: Prevent opac-memberentry waiting for random chars

Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
    take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

Tested all 3 patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 16993: Fix CSRF in memberentry.pl
Jonathan Druart [Thu, 28 Jul 2016 11:55:43 +0000 (12:55 +0100)]
Bug 16993: Fix CSRF in memberentry.pl

If an attacker can get an authenticated Koha user to visit their page
with the url below, they can change patrons' passwords or other
patrons'details

members/memberentry.pl?op=save&destination=circ&borrowernumber=3435&password=ZZZ&password2=ZZZ&nodouble=1

Test plan:

Trigger
members/memberentry.pl?op=save&destination=circ&borrowernumber=42&password=ZZZ&password2=ZZZ&nodouble=1

=> Without this patch, the password will be updated
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: removed the commented use Digest::MD5-line.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17087 - Set Test::WWW::Mechanize version to 1.42
Mirko Tietgen [Tue, 9 Aug 2016 12:55:43 +0000 (14:55 +0200)]
Bug 17087 - Set Test::WWW::Mechanize version to 1.42

This was set to a version that is not available in Wheezy or Jessie.
The version is not required, the only change to 1.42 (packaged for
Wheezy and Jessie) is a fix for Windows, see
http://cpansearch.perl.org/src/PETDANCE/Test-WWW-Mechanize-1.44/Changes

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 10148: Marc21 field 007 builder improper reload values
Mark Tompsett [Mon, 11 Apr 2016 03:18:26 +0000 (23:18 -0400)]
Bug 10148: Marc21 field 007 builder improper reload values

The more correct solution is fix that template file.
However, in the mean time, this works.

TEST PLAN
---------
 1) find a record
 2) edit record
 3) click value builder for 007
 4) change everything to pipes as much as possible.
    (use Motion Picture to get all 00-22 values)
 5) save
    -- should save just fine.
 6) click the value builder again
    -- OOPS! Bad reload.
 7) prove t/db_dependent/FrameworkPlugin.t
    -- NOISY 007 messages.
 8) apply patch
 9) click the value builder again
    -- good reload
10) prove t/db_dependent/FrameworkPlugin.t
    -- No noise related to 007.
11) run koha qa test tools.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17038: Fix XSS in catalogue/search.pl
Jonathan Druart [Wed, 3 Aug 2016 12:57:43 +0000 (13:57 +0100)]
Bug 17038: Fix XSS in catalogue/search.pl

Test plan:
Search for something like:
  \";alert(1)//135

=> Without this patch you will see the alert
=> With this patch, no more alert

Note that this fix the parameters idx, q and op

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17036: Fix XSS in circulation.pl
Jonathan Druart [Wed, 3 Aug 2016 07:49:10 +0000 (08:49 +0100)]
Bug 17036: Fix XSS in circulation.pl

Test plan:
Enter the following in the "Check out" tab:
"><script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17021: Fix XSS in circ/returns.pl
Jonathan Druart [Thu, 28 Jul 2016 12:01:43 +0000 (13:01 +0100)]
Bug 17021: Fix XSS in circ/returns.pl

Test plan:
Enter the following in the barcode input:
<script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17025: Fix XSS in serials-search.pl
Jonathan Druart [Tue, 2 Aug 2016 13:46:11 +0000 (14:46 +0100)]
Bug 17025: Fix XSS in serials-search.pl

Test plan:
Hit
  /serials/serials-search.pl?ISSN_filter="%2F><script>alert('XSS')<%2Fscript>&searched=1
  /serials/serials-search.pl?title_filter="%2F><script>alert('XSS')<%2Fscript>&searched=1

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17029: Fix XSS in catalogue/*detail.pl
Jonathan Druart [Tue, 2 Aug 2016 14:46:06 +0000 (15:46 +0100)]
Bug 17029: Fix XSS in catalogue/*detail.pl

Hit
  /cgi-bin/koha/catalogue/detail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/ISBDdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/moredetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/labeledMARCdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 7441: QA follow-up - Add note about missing NORMARC support
Katrin Fischer [Wed, 10 Aug 2016 05:15:03 +0000 (07:15 +0200)]
Bug 7441: QA follow-up - Add note about missing NORMARC support

Adds a note about missing support for NORMARC (only supports
MARC21 and UNIMARC) to the system preference text.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 7441 - Followup search results showing wrong branch [UNIMARC]
Jonathan Druart [Fri, 24 Jun 2016 15:08:23 +0000 (16:08 +0100)]
Bug 7441 - Followup search results showing wrong branch [UNIMARC]

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
  Playing with OPACResultsLibrary syspref, biblio with items having different
  home/holding library are displayed properly.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 7441 - search results showing wrong branch?
Kyle M Hall [Thu, 2 Jun 2016 14:01:56 +0000 (14:01 +0000)]
Bug 7441 - search results showing wrong branch?

When you search in the OPAC it shows you the HOME branch on the location
in XSLT, but if you click through to the detail page it shows you the
CURRENT BRANCH in the holdings table which is very confusing to patrons.
I don't know what's the right solution - home or holding branch, but they
should be the same in both places for the patron's sake. If you do the same
search in the staff client you see the right branch info on the search results
and on the detail page.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Search the catalog, you search should include results with items
   that have different home and holding libraries.
4) The results should look the same as before the patch
5) Change the system preference OPACResultsLibrary to "current location"
6) Refresh your page of search results
7) The results show now show the holding library instead of the home library

Signed-off-by: Barbara Walters <bwalters@ncrl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 17069: Koha::Patron::Category->store must default checkprevcheckout to 'inherit'
Jonathan Druart [Mon, 8 Aug 2016 09:48:36 +0000 (10:48 +0100)]
Bug 17069: Koha::Patron::Category->store must default checkprevcheckout to 'inherit'

Creating a new patron category raises an error "An error occurred when updating
this patron category. Perhaps it already exists."
DBIx::Class does not default to the value defined at the DB devel if the
key checkprevcheckout has been passed to the constructor.
We may need to provide a global fix for this kind of issue: if a column
is defined as "not null" but has a default value, the constructor
(Koha::Object->new) should not pass it to the DBIx::Class constructor
(even if assuming that null means default is a terrible mysqlism).

Test plan:
Create a new patron category.

Works as expected.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 6499: [QA Follow-up] Trivial adjustments
Marcel de Rooy [Thu, 20 Aug 2015 09:29:01 +0000 (11:29 +0200)]
Bug 6499: [QA Follow-up] Trivial adjustments

Removes commented line from bib1.att.
Adjust OCLC-number to Other-control-number in comment of ccl properties.
No need to explicitly add 035$a and $z if you index 035 completely in
record.abs as well as biblio-koha-indexdefs.xml.
Rerun koha-indexdefs-to-zebra.xsl on index defs.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
4 years agoBug 6499: Add Zebra index "Other-control-number" covering MARC21 035$a, 035$z and...
Barton Chittenden [Thu, 10 Jul 2014 13:54:56 +0000 (09:54 -0400)]
Bug 6499: Add Zebra index "Other-control-number" covering MARC21 035$a, 035$z and 035 (entire tag)

1) Apply patch
2) Make sure that you have a bib that has MARC21 035$a (and possibly also 035$z) populated.

pre 3) Replace all modified zebra files and restart zebra server

3) Rebuild zebra: misc/migration_tools/rebuild_zebra.pl -x -b -z
4) Add the following to the intranetuserjs syspref:

$(document).ready(function(){
    // Add Other Control Number to advanced search
    if (window.location.href.indexOf("catalogue/search.pl") > -1) {
        $(".advsearch").append('<option value="Other-control-number">Other Control Number</option>');
    }
});

5) Do an advanced search, select "Other Control Number" from the search menu, then add the Other Control Number in 035$a for the bib specified in step 1.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works, no koha-qa errors

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>