koha.git
6 years agoBug 14494: Prevent slow checkout if the patron does not have an expiry date
Jonathan Druart [Thu, 9 Jul 2015 08:52:28 +0000 (09:52 +0100)]
Bug 14494: Prevent slow checkout if the patron does not have an expiry date

If a patron has a expiry date set to 9999-12-31 (for organizations for
instance), the checkouts are very slow.

It's caused by 2 different calls to DateTime in CanBookBeIssued:
1/
  DateTime->new( year => 9999, month => 12, day => 31, time_zone => C4::Context->tz );
The time_zone should not be set (as it's done in Koha::DateUtils), set to UTC or floating tz.

2/
  DateTime->compare($today, $expiry_dt)
The comparaison of 2 DT with 1 related to 9999 is very slow, as you can
imagine.

For 1/ we need to call Koha::DateUtils::dt_from_string (actually, we
should never call DateTime directly).
For 2/ we just need to test if the date is != 9999, no need to compare
it in this case.

Test plan:
Before this patch, confirm that the checkouts are slow if the patron has a
dateexpiry set to 9999-12-31.
update borrowers set dateexpiry="9999-12-31" where borrowernumber=42;

After this patch, you should not see any regression when checking out
items to an expired patron and to a valid patron.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14521: SQL injection in local use system preferences
David Cook [Mon, 13 Jul 2015 04:06:46 +0000 (14:06 +1000)]
Bug 14521: SQL injection in local use system preferences

This patch fixes a SQL injection vulnerability in the local use
system preferences.

_TEST PLAN_

Before applying:

1) Go to Global System Preferences
2) Click on the "Local use" tab
3) Add a new preference with the value "') or '1' = '1' -- "
(be sure to include the space at the end after the comment --).
4) When the page refreshes, you should now see about 99 other system
preferences which shouldn't be showing up.

5) Apply the patch

6) Refresh the page
7) Note that you now only see a system preference for "') or '1' = '1' -- "
and the other actual local use system preferences.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14436: Noisy warns in C4/Utils/DataTables/Members.pm
Aleisha [Fri, 10 Jul 2015 14:31:53 +0000 (10:31 -0400)]
Bug 14436: Noisy warns in C4/Utils/DataTables/Members.pm

TEST PLAN
---------
1) Backup the koha intranet error log.
2) Empty the koha intranet error log.
3) In staff client, go to Patrons
   (/cgi-bin/koha/members/members-home.pl)
4) Pick any letter to 'Browse by last name'
   -- koha intranet error log now has warns.
   -- the one of importance is the uninitalized value.
5) Empty the koha intranet error log.
6) apply this patch
7) Repeat steps 3 & 4.
   -- koha intranet error log does not contain the
      uninitialized value error.
8) run koha qa test tools.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 9006: Remove AUTOLOAD in C4::Context
Jonathan Druart [Wed, 1 Apr 2015 11:58:50 +0000 (13:58 +0200)]
Bug 9006: Remove AUTOLOAD in C4::Context

Happily this was only used for intranetdir.
It's time to remove it and replace existing calls.

I used the following commands to catch calls to C4::Context:
git grep 'C4::Context\->' | grep -v 'C4::Context->preference' | grep -v
'C4::Context->config' | grep -v  'C4::Context->userenv' | grep -v
'C4::Context->IsSuperLibrarian' | grep -v 'C4::Context->dbh' | grep -v
'C4::Context->set_preference' | grep -v '_syspref_cache' | grep -v
_userenv | grep -v 'C4::Context->interface' | grep -v
'C4::Context->Zconn' | grep -v 'C4::Context->queryparser' | grep -v
'C4::Context->tz' | grep -v 'C4::Context->boolean_preference' | grep -v
'C4::Context->memcached'

NOTE: I applied 14428, and then did what I suggested in comment #2.
      Only intranetdir references appeared.

      I applied this patch, and repeated.
      Nothing appeared. This means the autoload references are
      properly removed.

      koha qa test tools complained about whitespace, I just fixed
      those. Though, we may wish to perltidy
      auth_fields_substructure.pl on another bug.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14449: Add authentication check on retrieving item info when receiving
Jonathan Druart [Wed, 24 Jun 2015 09:24:14 +0000 (11:24 +0200)]
Bug 14449: Add authentication check on retrieving item info when receiving

The script catalogue/getitem-ajax.pl is called by acqui/orderreceive.pl
when item is receipt.
There is not auth check done, this means anybody can retrieve item info.

Test plan:
With the acquisition => order_receive permission, try to receive an
item.
It should work.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Very easy to test.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14303: Fix item search CSV export - obsolete "by" and display of publication...
Katrin Fischer [Tue, 9 Jun 2015 00:44:48 +0000 (02:44 +0200)]
Bug 14303: Fix item search CSV export - obsolete "by" and display of publication year for MARC21

The exported CSV file from the item search didn't display the publication
year in MARC21 installations and the title always contained 'by'
even if there was no author information to display. Also the by is
not needed by MARC21 as the data should include punctuation.

This basically copies the changes done to the JSON format
on bug 13859 to the CSV include.

To test: Switch from 'Screen' to 'CSV'
- Check publication date always displays (MARC21 and UNIMARC)
- Check that for MARC21 the 'by' has been removed from the title information
- Check that for UNIMARC the 'by' only displays when there is also
  an author to display

Tested for MARC21, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14428: Remove C4::Input
Mark Tompsett [Fri, 10 Jul 2015 05:08:29 +0000 (01:08 -0400)]
Bug 14428: Remove C4::Input

Jonathan Druart agreed that C4::Input is vestigial code that should be removed.
Here is how I checked. First I found where C4::Input was used. Then, I checked
what functions are in the package: just checkdigit. Then, I confirmed that
checkdigit is not used at all in any acquisition, administration, or member
related perl scripts. Lastly, I took a look at our supposed test file for the
package. It was painfully sparse.

As such, this patch removes the test file and the package file, and removes
C4::Input references from these six files:
- acqui/addorderiso2709.pl
- acqui/basketgroup.pl
- acqui/neworderempty.pl
- acqui/uncertainprice.pl
- admin/aqplan.pl
- members/memberentry.pl
NOTE: neworderempty had 3 lines of it?! Didn't anyone see that?!

Here is the output of what I did to confirm this correction:

mtompset@debian:~/kohaclone$ git reset --hard origin/master
HEAD is now at 6e9086f Bug 3206: (QA followup) missing comma on sysprefs.sql
mtompset@debian:~/kohaclone$ git grep C4::Input
C4/Input.pm:package C4::Input; #assumes C4/Input
C4/Input.pm:C4::Input - Miscellaneous sanity checks
C4/Input.pm:  use C4::Input;
acqui/addorderiso2709.pl:use C4::Input;
acqui/basketgroup.pl:use C4::Input;
acqui/neworderempty.pl:use C4::Input;
acqui/neworderempty.pl:use C4::Input;
acqui/neworderempty.pl:use C4::Input;
acqui/uncertainprice.pl:use C4::Input;
admin/aqplan.pl:use C4::Input;
members/memberentry.pl:use C4::Input;
t/Input.t:        use_ok('C4::Input');
mtompset@debian:~/kohaclone$ grep sub C4/Input.pm
sub checkdigit ($;$) {
                my $temp2 = substr($infl,$i,1);
        if ($rem eq substr($infl,8,1)) {
} # sub checkdigit
mtompset@debian:~/kohaclone$ grep checkdigit `find acqui -type f`
mtompset@debian:~/kohaclone$ grep checkdigit `find admin -type f`
mtompset@debian:~/kohaclone$ grep checkdigit `find members -type f`
mtompset@debian:~/kohaclone$ cat t/Input.t

use strict;
use warnings;

use Test::More tests => 1;

BEGIN {
        use_ok('C4::Input');
}

Apply this patch, and the output of git grep C4::Input will be empty.
Run koha qa test tools (kind of overkill)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14496: Improving opac-detail.pl performances
Julian FIOL [Mon, 6 Jul 2015 10:27:08 +0000 (12:27 +0200)]
Bug 14496: Improving opac-detail.pl performances

Get notes and subjects from MARC record
ONLY when XSLT is not activated.

It's useless doing it when XSLT is activated,
because XSLT takes care of it by its own.

=> With this patch, we are saving precious
milliseconds

I compared the display of some records in XSLT view with and without patch, was the same (as expected).
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
On a slower server, I saw a time save of 0.0274 to 0.0908 seconds (with XSLT).
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14508: 'New patron' dropdown empty list on circulation.pl
Tomas Cohen Arazi [Wed, 8 Jul 2015 21:25:45 +0000 (18:25 -0300)]
Bug 14508: 'New patron' dropdown empty list on circulation.pl

This patch makes includes/patron-toolbar.inc (the one in charge of
rendering the 'New patron' dropdown) make use of the Categories
Template Toolkit plugin to create the list of categories.

(1) To check the setup is sane:
- Go to the Patrons page
=> SUCCESS: The 'New patron' dropdown is populated
- Click on the [+] symbol on the Patron search on the top
=> SUCCESS: The Categories dropdown is populated

(2) To test the patch:
- On the checkout form, perform a patron search that
  (a) returns more than one result
  (b) returns zero results
- Click the dropdown menu to create a new patron
=> FAIL: Dropdown is empty
- Repeat for (a) or (b)
- Apply the patch and reload
=> SUCCESS: The dropdown is correctly populated
- Repeat (1)
=> SUCCESS: Nothing got broken
- Verify the logs
=> SUCCESS: No new warnings
- Sign off :-D
- Get a cookie
- Smile

Regards

Discussion: we might need a new bug to start cleaning stuff like this:

@categories=C4::Category->all;
if(scalar(@categories) < 1){
    $no_add = 1;
    $template->param(no_categories => 1);
}
else {
    $template->param(categories=>\@categories);
}

but it belongs to a new bug me thinks. Well, suggestions are welcome, but this must
be fixed on stable ASAP so hurry :-D

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14424: Add on site checkouts help for 3.20
Nicole C. Engard [Tue, 23 Jun 2015 19:49:55 +0000 (14:49 -0500)]
Bug 14424: Add on site checkouts help for 3.20

There is no help for the pending on site checkouts report. This patch
adds it.

To test:

* visit pending on site checkouts
* click help
* confirm help is there and correct

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14424: Update Acq Help for 3.20
Nicole C. Engard [Tue, 23 Jun 2015 19:44:11 +0000 (14:44 -0500)]
Bug 14424: Update Acq Help for 3.20

This patch adds the missing order from subscription help and updates basket
help.

To test:

* Visit a basket, review the help
* Click order from a subscrption, review the help

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14424: Update Discharge Help for 3.20
Nicole C. Engard [Tue, 23 Jun 2015 19:31:15 +0000 (14:31 -0500)]
Bug 14424: Update Discharge Help for 3.20

This patch adds the missing discharge help file and updates the moremember file with
info on discharges.

To test:

* Visit a patron
* View and confirm help is right
* Visit the discharge page on the patron
* Confirm help file loads and is right

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14424: Update cataloging help for 3.20
Nicole C. Engard [Tue, 23 Jun 2015 18:00:06 +0000 (13:00 -0500)]
Bug 14424: Update cataloging help for 3.20

This patch updates 3 help files for catalolging in 3.20

To test:

* Visit
 * cataloging home
 * cataloging a new record
 * mergin bib records
* Confirm text is right and visible

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14424: Patron Help Files for 3.20
Nicole C. Engard [Tue, 23 Jun 2015 17:45:17 +0000 (12:45 -0500)]
Bug 14424: Patron Help Files for 3.20

This patch updates the help files for 3.20

To test:

* Visit
 * Main patron page
 * Patron search page
 * Patron permissions page
* Confirm the text is right on all three

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14485: HTML comment disables translation in cataloguing/addbooks.tt
Fridolin Somers [Thu, 2 Jul 2015 08:37:22 +0000 (10:37 +0200)]
Bug 14485: HTML comment disables translation in cataloguing/addbooks.tt

In cataloguing/addbooks.tt, the line :
  [% total %] result(s) found in catalog,
is not present in PO files even after an update.
I've found that the cause is the previous HTML comment line.

This patch converts HTML comment into TT comment and adds a div to have a more comprehensive string to translate.

Test plan :
- without patch
- go into <sources>/misc/translator
- run PO update for example in french : translate update fr-FR
=> the text "result(s) found in catalog" is missing from PO file : fr-FR-staff-prog.po
- restore default PO files
- apply patch
- go into <sources>/misc/translator
- run PO update for example in french : translate update fr-FR
=> You find text "result(s) found in catalog" in PO file : fr-FR-staff-prog.po

Sponsored-by: Universidad de El Salvador
Signed-off-by: Hector Eduardo Castro Avalos <hector.hecaxmmx@gmail.com>
Works as advertised. Just one msgid appear with msgid "%s result(s) found in catalog,"

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 3206: (QA followup) missing comma on sysprefs.sql
Tomas Cohen Arazi [Wed, 8 Jul 2015 21:16:47 +0000 (18:16 -0300)]
Bug 3206: (QA followup) missing comma on sysprefs.sql

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 3206: (RM followup) DBIx updates
Tomas Cohen Arazi [Wed, 8 Jul 2015 18:07:24 +0000 (15:07 -0300)]
Bug 3206: (RM followup) DBIx updates

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 3206: DBRev 3.21.00.014
Tomas Cohen Arazi [Wed, 8 Jul 2015 18:05:13 +0000 (15:05 -0300)]
Bug 3206: DBRev 3.21.00.014

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 3206: (QA followup) OAI repository deleted records support.
Matthias Meusburger [Mon, 8 Jun 2015 13:33:24 +0000 (15:33 +0200)]
Bug 3206: (QA followup) OAI repository deleted records support.

 - Fix QA.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
New pref in right order, new option 'no' on syspref, other
fixes following comment #12
All seems to work
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 3206: OAI repository deleted records support.
Matthias Meusburger [Thu, 28 May 2015 14:23:58 +0000 (16:23 +0200)]
Bug 3206: OAI repository deleted records support.

This patch allows Koha OAI repository to support deleted records.

The OAI-PMH:DeletedRecord syspref is introduced and can be set to:

- persistent (in case Koha's deletedbiblio table will never be emptied
  or truncated)
- transient (in case Koha's deletedbiblio table might be emptied or
  truncated at some point)

Test plan:

- After applying the patch, test that:
   - Deleted records appear in ListRecords and ListIdentifiers requests.
   - Filter parameters (from, until, set and resumptionToken) still work
     and are applied to ListRecords and ListIdentifiers requests.
   - Identify request shows if the repository is considered persistent
     or transient, according to the OAI-PMH:DeletedRecord syspref.
   - Deleted records that used to belong to a set are still displayed in
     those sets and marked as deleted.
   - GetRecord requests work on deleted records, which are marked as deleted.

Requests examples:
/cgi-bin/koha/oai.pl?verb=ListRecords&metadataPrefix=oai_dc
/cgi-bin/koha/oai.pl?verb=ListRecords&metadataPrefix=oai_dc&from=2015-02-20T11:08:33Z
/cgi-bin/koha/oai.pl?verb=ListRecords&metadataPrefix=oai_dc&set=new_specSet1
/cgi-bin/koha/oai.pl?verb=GetRecord&identifier=KOHA-OAI-TEST:2&metadataPrefix=oai_dc
/cgi-bin/koha/oai.pl?verb=Identify

Signed-off-by: Frederic Demians <f.demians@tamil.fr>
  It works in all situations described in the test plan. Great addition.
  Thanks.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14366: Units doesn't get saved usefully for patroncards
David Cook [Tue, 9 Jun 2015 04:25:23 +0000 (14:25 +1000)]
Bug 14366: Units doesn't get saved usefully for patroncards

This patch causes the "Units" to be saved and displayed correctly
for the "Edit layout" screen in Patroncards.

_TEST PLAN_

Before applying:
0) Create a new layout
1) Edit the layout, change the units, and click Save
2) Edit the layout again, and notice the units are still "PostScript Points"

Apply the patch:
3) Edit the layout again, change the units, and click Save
4) Edit the layout again, note that the units have changed to your
selection

5) Rejoice

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 13950: Sort Item search home library list by branch name
Nick Clemens [Wed, 17 Jun 2015 01:48:18 +0000 (21:48 -0400)]
Bug 13950: Sort Item search home library list by branch name

On the item search form the list of home libraries isn't sorted
alphabetically by their descrption.

To test:
- Ensure that you have libraries whose code/name are sorted in a different alphabetical order (e.g. Aardvark/ZZZ & Zebra/AAA)
- Staff: Advanced search - item search
- See that libraries are sorted in code order
- Apply patch
- Verify selection block for home library is correctly sorted after
  applying the patch.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14163: Acq - receive shipment and order from staged: rename 'Show all' to 'Show...
Katrin Fischer [Sun, 31 May 2015 13:52:26 +0000 (15:52 +0200)]
Bug 14163: Acq - receive shipment and order from staged: rename 'Show all' to 'Show inactive'

'Show all' in acquisition makes the inactive funds in the fund list
box visible. This patch changes the text to 'Show inactive' to be more
clear about the functionality.

Patch changes 2 pages. To test:

1) Order from staged file
- make sure you have uploaded a few records via the tools
- create a new order using the 'From a staged file' option
- select a file to order from - 'Add orders'
- Verify the 'Select to import' tab now displayed the text
  'Show inactive funds' and that it works as expected
- Switch to the 'Default accounting details' tab
- Verify the text there is also changed to 'Show inactive' and
  works like expected.

2) Receive shipment
- receive a new shipment for a vendor with unreceived orders
- Verify the label next to the fund list has changed to
  'Show inactive' and works as expected.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Simple string change, no errors.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14163: Acq order form: rename 'Show all' to 'Show inactive'
Katrin Fischer [Mon, 25 May 2015 08:45:54 +0000 (10:45 +0200)]
Bug 14163: Acq order form: rename 'Show all' to 'Show inactive'

On the order form there is a checkbox next to the fund list labelled
'show all'. Checking the checkbox will result in the inactive funds
showing in the pull down list as well.

The patch renames the label to 'Show inactive' to make the purpose
more clear.

To test:
- Create a new order
- Verify the label has changed as described above
- Decide if the change makes sense

Signed-off-by: tadeasm <tadeas.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14453: (followup) Fix shipped XSLT files
Mirko Tietgen [Thu, 25 Jun 2015 13:38:42 +0000 (15:38 +0200)]
Bug 14453: (followup) Fix shipped XSLT files

Make the shipped XSLTs for authorities (MARC21 and UNIMARC) the same as the generated version

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14453: kohaidx is missing for id in authority-koha-indexdefs.xml
Fridolin Somers [Wed, 24 Jun 2015 14:06:05 +0000 (16:06 +0200)]
Bug 14453: kohaidx is missing for id in authority-koha-indexdefs.xml

In authority-koha-indexdefs.xml, all tags use the namespace "kohaidx" except the tag "id".

When re-generating authority-zebra-indexdefs.xsl, the line :
  <xslo:variable name="idfield" select="normalize-space(marc:controlfield[@tag='001'])"/>
is modified :
  <xslo:variable name="idfield" select="normalize-space()"/>
This is an error.

This patch adds kohaidx namespace to correct.

Test plan :
- Without patch
- go to etc/zebradb/marc_defs/marc21/authorities/
- run : xslproc xsltproc ../../../xsl/koha-indexdefs-to-zebra.xsl authority-koha-indexdefs.xml > authority-zebra-indexdefs.xsl
- read authority-zebra-indexdefs.xsl
=> the line has changed : <xslo:variable name="idfield" select="normalize-space()"/>
- Apply patch
- go to etc/zebradb/marc_defs/marc21/authorities/
- run : xslproc xsltproc ../../../xsl/koha-indexdefs-to-zebra.xsl authority-koha-indexdefs.xml > authority-zebra-indexdefs.xsl
- read authority-zebra-indexdefs.xsl
=> the line has not changed
(same for unimarc flavor)

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
As Mirko mentioned, the xslt's now generate the facet-processing templates in
the authority xslt's too. They are harmless because we don't define facets
for authority records. If we did, it would be harmless too.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14326: XSLT Syntax error in MARC21slimOPACResults.xsl
Winona Salesky [Thu, 4 Jun 2015 02:46:23 +0000 (22:46 -0400)]
Bug 14326: XSLT Syntax error in MARC21slimOPACResults.xsl

Test Plan:
1) Apply this patch
2) Ensure you are using the default XSLT setting for the staff and opac  record details
3) Perform an opac search check "Availability" for expected display values.
5) Note this patch corrects invalid syntax in xslt, there should be no visable changes to the results page.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14189: Use keep_text for the authority header
Jonathan Druart [Tue, 26 May 2015 10:10:50 +0000 (12:10 +0200)]
Bug 14189: Use keep_text for the authority header

includes/authorities-search.inc already used the same behavior but with
another method.
For consistency it's better to have only 1 way to do that.

Test plan:
Go on the authority home page
Fill the input in the header and click on tab 'search all headings' and
'keyword search' and confirm that the text you have filled is kept.

I tested after applying the patch and the text is kept after removing the
part from authorities-search.inc. I also tried applying that jQuery solution
instead of my JS loop but could not get it to work for the other pages with
a reasonable ammount of effort.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Eivin Giske Skaaren <eskaaren@yahoo.no>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14189: Made text persist when clicking the tabs under the searchbox
Eivin Giske Skaaren [Mon, 11 May 2015 18:57:11 +0000 (18:57 +0000)]
Bug 14189: Made text persist when clicking the tabs under the searchbox

To test:
Apply the patch and see that the text now is there in the search
box when clicking the tabs: check in, check out etc..

(More files changed for persistent text in searchbox)

Sponsored-by: Halland County Library
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
This is something I have wanted quite a few times over the years...

Tested by going to every main area of Koha, entering some random
text into the search box and then clicking on all the available tabs
to check that the entered text is carried over to all the boxes.

There are a couple of places where text is not carried over, but I
guess that might be because one of the boxes is structurally
different to the others. These are:
- "Vendor search" and "Orders search" in Acquisitions
- "Search subscriptions" in Serials

I have not looked at how this is implemented, just that it works as
it should.

Bug 14189 refactor after failed QA.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Amended patch: replace tabs with spaces

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14345: broken isbn logic prevents display of idreambooks image
Mark Tompsett [Fri, 5 Jun 2015 16:24:22 +0000 (12:24 -0400)]
Bug 14345: broken isbn logic prevents display of idreambooks image

TEST PLAN
---------
1) Ensure you have a book that would pull up an idreambooks image
   (e.g. The road to character / David Brooks.)
   -- I imported from the Library of Congress via z39.50
2) Ensure your system preferences for idreambook stuff is set.
3) Ensure you have multiple 020$a's for your book, and
   the first one must just be an ISBN number!
   -- I removed the '(hardcover: acidfree paper)' from the first.
   -- I took the second 020 field and changed 020$z to 020$a
4) Search for that book in OPAC and go to details.
   -- There should be a readometer image, but it will be broken.
   -- Notice the ISBN line has "#############; ..."
      This could also be attained by just putting two semi-colon
      separated ISBN's on the first 020$a.
5) Apply this patch
6) Refresh page
   -- readometer image appears. YAY!
7) run koha qa test tools

NOTE: Only changed test plan, so leaving sign-off on.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14207: Improving circulation performance
Julian FIOL [Tue, 26 May 2015 12:49:20 +0000 (14:49 +0200)]
Bug 14207: Improving circulation performance

by caching yaml file This patch improve circulation performance by caching yaml file With this patch we saved between 300ms and 500ms on circulation page.

Following Comment #3 :
No useless warn
No tidy

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Less lines, same result.
Comments were useful on testing :)
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14135: Adds 'Free' to variabletypes in systempreferences.tt
Indranil Das Gupta [Mon, 4 May 2015 13:25:15 +0000 (18:55 +0530)]
Bug 14135: Adds 'Free' to variabletypes in systempreferences.tt

The 'Local Use' system preference addition/modification template provides the following options against "Variable Type" - Choice, YesNo, Integer, Textarea, Float, Themes, Languages, Upload or ClassSource.

There is no option presented for "Free" which seems to be the most
used variable type out-of-the-box (i.e. INTRAdidyoumean,
OPACdidyoumean, UsageStatsID and UsageStatsLastUpdateTime)

This trivial patch proposes to modify the systempreferences.tt
and add the option 'Free' to the list offered to users.

Test Plan
=========

1/ Go to Home > Administration > System preferences > Local use
2/ Click on 'New preference'.
3/ In the fieldset 'Koha Internal', the variable types offered
   are Choice, YesNo, Integer, Textarea, Float, Themes,
   Languages, Upload or ClassSources.
4/ Clicking on 'Choice' should set the 'preftype' field as
   'Choice'.
5/ Apply this patch.
6/ Refresh the page.
7/ The variable types list should read - "Free, Choice, YesNo,
   Integer, Textarea, Float, Themes, Languages, Upload or
   ClassSources".
8/ Clicking on 'Free' should set the 'preftype' field as 'Free'.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Discovered that there is no validation on the type field.
      However, that is beyond the scope of this bug.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14382: [QA Follow-up] Bad regex alarm
Marcel de Rooy [Fri, 3 Jul 2015 09:02:22 +0000 (11:02 +0200)]
Bug 14382: [QA Follow-up] Bad regex alarm

The regex /|date>>/ will match much more than you like :)
The unescaped pipe is bad, but you also need to remove the >> because
the split a few lines above it removes them already.

This allows you to recover from an error like this one, running another
report with a string parameter:
The given date (india%) does not match the date format (us) at
Koha/DateUtils.pm line 144.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended for possible spaces around the word date.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14382: Non-ISO Date parameters generate empty reports.
Mark Tompsett [Wed, 24 Jun 2015 16:13:46 +0000 (12:13 -0400)]
Bug 14382: Non-ISO Date parameters generate empty reports.

The issue is that SQL expects ISO dates, but the user may wish to view dates according to the dateformat system preference.

By detecting a date preference, the non-ISO dates can be converted to ISO dates before being stuffed back into the SQL query to be executed.

TEST PLAN
---------
1) Add a report with date parameters.
   -- I used 'Holds placed in date range' from
      http://wiki.koha-community.org/wiki/SQL_Reports_Library
2) Set your dateformat to YYYY-MM-DD
3) Run the report
   -- Note the SQL reads
      "... BETWEEN '{date formatted in YYYY-MM-DD}'..."
   -- If there is supposed to be data, there is some.
4) Set your dateformat to MM/DD/YYYY
5) Run the report
   -- Note the SQL reads
      "... BETWEEN '{date formatted in MM/DD/YYYY}'..."
   -- If there is supposed to be data, there is none.
6) Apply patch
7) Repeat steps 2-5
   -- The SQL will always read YYYY-MM-DD (ISO) format.
   -- The report will have data, if there is some.
8) koha qa test tools.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Adding a QA follow-up.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14427: Use Koha::version instead of C4::Context->KOHAVERSION
Mark Tompsett [Fri, 19 Jun 2015 18:00:13 +0000 (14:00 -0400)]
Bug 14427: Use Koha::version instead of C4::Context->KOHAVERSION

While testing bug 9006, I discovered this gem in
installer/install.pl

TEST PLAN
---------
 1) back up DB
 2) drop db and create db
 3) git reset --hard origin/3.20.x
 4) run web installer and all sample data
 5) git reset --hard origin/master
 6) empty your koha intranet error log
 7) run web installer to upgrade
    -- there will be warnings regarding regex around
       installer/install.pl line 328 or so.
       grep "\$kohaversion" ~/koha-dev/var/logs/koha-error_log
 8) repeat steps 2-6
 9) apply this patch
10) run web installer to upgrade
    -- no regex warnings.
       grep "\$kohaversion" ~/koha-dev/var/logs/koha-error_log
11) koha qa test tools

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 9942: DBRev 3.21.00.013
Tomas Cohen Arazi [Tue, 7 Jul 2015 18:15:01 +0000 (15:15 -0300)]
Bug 9942: DBRev 3.21.00.013

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 9942: [QA Followup] - Add test and alert to returns.pl
Kyle M Hall [Thu, 25 Jun 2015 21:22:25 +0000 (17:22 -0400)]
Bug 9942: [QA Followup] - Add test and alert to returns.pl

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 9942: Make Koha fails if privacy is not respected
Jonathan Druart [Thu, 9 Apr 2015 11:07:05 +0000 (13:07 +0200)]
Bug 9942: Make Koha fails if privacy is not respected

If a patron has requested anonymity on returning items and the system is
not correctly configured (AnonymousPatron no set or set to an inexistent
patron), the application should take it into account and not fail
quietly.

This patch is quite radical: the script will die loudly if the privacy
is not respected.

To be care of the bad "Software error", some checks are done in the
updatedatabase to be sure the admin will be warned is something is wrong
in the configuration.

Test plan:
1/ Test the updatedatabase entry:
a. Turn on OPACPrivacy and set AnonymousPatron to an existing patron
=> You will get a warning
b. Turn on OPACPrivacy and set AnonymousPatron to 0 or ''
=> You will get a warning
c. Turn on OPACPrivacy and set the privacy to 2 (Never) for at least 1 patron
Turn off OPACPrivacy
=> You will get a warning
d. In all other cases you will get no error

2/ Test the interface
a. Turn on OPACPrivacy and set the privacy to 2 (Never) for a patron
b. Now you can turn off OPACPrivacy or keep it on, behavior should be
the same
c. check an item out the patron
d. Check the item in using the check out table
=> fail
e. Check the item in using the Check in tab
=> fail (not gracefully).

Note that the software error could appear on other pages too.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Updatedatabase works as described
On staff, if don't have correct settings for anonymity it's
impossible to check-in (with OPACPrivacy on)
No errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14431: FIX encoding issues in search (staff client)
Jonathan Druart [Mon, 22 Jun 2015 10:45:50 +0000 (12:45 +0200)]
Bug 14431: FIX encoding issues in search (staff client)

Note that this does not appears at the OPAC.

We will need 2 different testers here, the results seem to depend on the
Encode version.

0/ Determine your Encode version (`pmvers Encode`).
If you have 2.60:
1) /cgi-bin/koha/catalogue/search.pl?q=ééé&op=Submit
You should get
" No results match your search for 'kw,wrdl: ���' in my library Catalog."
2) /cgi-bin/koha/catalogue/search.pl?q=ກ
You should get
Cannot decode string with wide characters at
/usr/lib/i386-linux-gnu/perl/5.20/Encode.pm line 215.

If you have <2.60 (? not sure here):
1) /cgi-bin/koha/catalogue/search.pl?q=ééé&op=Submit
You should not get encoding problems.
2) /cgi-bin/koha/catalogue/search.pl?q=ກ
You should not get encoding problems.

Apply this patch, try again 1 and 2.
If the Encode version is >=2.60, the encoding issues should be fixed.
If not, please detail if there are any regression.

NOTE: Tested on Ubuntu 14.04, Debian 8, and Debian 7. See comment #3.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14467: Security updates break some Koha plugins
Kyle M Hall [Thu, 25 Jun 2015 20:41:23 +0000 (16:41 -0400)]
Bug 14467: Security updates break some Koha plugins

The new security updates break previously functioning plugins, most
notably the cover flow plugin and the Ebsco EDS plugin.

Test Plan:
1) Install and configure the cover flow plugin ( http://bywatersolutions.com/koha-plugins/ )
2) Note that attempting to access coverflow.pl from the OPAC results in an error
3) Apply this patch
4) Note that coverflow.pl now output html again

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14389: Editing a syspref in a textarea does not enable the Save button
Liz Rea [Tue, 16 Jun 2015 04:12:57 +0000 (16:12 +1200)]
Bug 14389: Editing a syspref in a textarea does not enable the Save button

Test plan:
  1. Navigate to the "opaccredits" syspref (or any other textarea, i.e.,
     "Click to Edit", syspref) in the system preferences editor.
  2. Change its contents, by either pasting or typing. The field may not
     be marked as modified, even after you click outside the box.
  3. Apply the patch.
  4. Reload the page and try again; either pasting or typing should mark
     the field as changed and allow you to save.

Signed-off-by: Jesse Weaver <pianohacker@gmail.com>
Confirmed working for normal input, paste and middle-click paste in
Chrome and Firefox in Linux.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14490: Duplicate armenian translator
Samanta Tello [Fri, 3 Jul 2015 14:12:05 +0000 (11:12 -0300)]
Bug 14490: Duplicate armenian translator

This patch fix trivial duplicate
in about page.

To test:
1) Go to about page > translations
2) Check duplicate entry for Armenian
first in 4th line, second before indonesian
3) Apply patch
4) Reload page and check again

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Trivial string patch. The restults are the expected.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Double checked :-P

6 years agoBug 11882: (QA followup) fix capitalization errors
Tomas Cohen Arazi [Fri, 26 Jun 2015 18:10:55 +0000 (15:10 -0300)]
Bug 11882: (QA followup) fix capitalization errors

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 11882: Add a new button to the checkout confirmation dialog when checking out...
simith [Thu, 26 Feb 2015 18:21:21 +0000 (13:21 -0500)]
Bug 11882: Add a new button to the checkout confirmation dialog when checking out a reserved item

This patch adds a "Don't Check Out and Print Slip" button to the dialog that appears
        when trying to checkout a reserved item.

Test case :
* Put a hold on an item for User A.
* Try to check out it item with User B.
* The "Please confirm checkout" box should appear. The "Don't Check Out and Print Slip" button should appear in this box.
* Click on the "Don't Check Out and Print Slip" button.
* A print popup will appear

Signed-off-by: Nick <Nick@quechelibrary.org>
Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14002: Display readonly values as plain text
Jonathan Druart [Tue, 16 Jun 2015 17:25:58 +0000 (19:25 +0200)]
Bug 14002: Display readonly values as plain text

There is no need to display the cardnumber and expiration date values in
a disabled input.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14002: Show patron expiry date in OPAC
Katrin Fischer [Tue, 9 Jun 2015 22:52:39 +0000 (00:52 +0200)]
Bug 14002: Show patron expiry date in OPAC

This patch makes it possible to show the expiration date
of a patron account in the OPAC on the details tab in the
patron account.

Extras:
- Makes it possible to hide cardnumber with
  PatronSelfRegistrationBorrowerUnwantedField

To test:
- Toggle OPACPatronDetails and test date expiry always shows
- Check PatronSelfRegistrationBorrowerUnwantedField for dateexpiry
  and cardnumber
- Verify a patron address modification request still works
  as expected

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14440: get_template_and_user can not have an empty template_name (quote*_ajax.pl)
Jonathan Druart [Wed, 24 Jun 2015 09:03:22 +0000 (11:03 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (quote*_ajax.pl)

This patch uses check_api_auth instead of get_template_and_user.

Test plan:
Confirm that you are still able to access to the quote editor with the
edit_quotes permission.
Confirm that you are not if you don't have the permission.

wget your_url/cgi-bin/koha/tools/quotes/quotes_ajax.pl
should return "403 : Forbidden."

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)
Fridolin Somers [Tue, 23 Jun 2015 15:45:30 +0000 (17:45 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects opac/opac-ratings.pl

Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl)
Fridolin Somers [Tue, 23 Jun 2015 14:45:21 +0000 (16:45 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects acqui/updatesupplier.pl

Test plan :
- Apply patch
- Connect to intranet with a user having "vendors_manage" permission
- Go to acquisition module
- Create a new vendor
- Click on "Edit vendor"
- Change some information and save
=> Your change is saved
- Connect to intranet with a user not having "vendors_manage" permission
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
- Disconnect from intranet
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
6 years agoBug 13014: (QA followup) have new warnings tested
Tomas Cohen Arazi [Wed, 24 Jun 2015 17:54:36 +0000 (14:54 -0300)]
Bug 13014: (QA followup) have new warnings tested

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 13014: DBRev 3.21.00.012
Tomas Cohen Arazi [Wed, 24 Jun 2015 17:40:01 +0000 (14:40 -0300)]
Bug 13014: DBRev 3.21.00.012

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 13014: [QA Follow-up] Few typos in cronjob
Marcel de Rooy [Fri, 17 Apr 2015 09:48:02 +0000 (11:48 +0200)]
Bug 13014: [QA Follow-up] Few typos in cronjob

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
6 years agoBug 13014: (follow-up 2) Notify budget owner on new suggestion - sample notices
Jonathan Druart [Thu, 6 Nov 2014 09:21:48 +0000 (10:21 +0100)]
Bug 13014: (follow-up 2) Notify budget owner on new suggestion - sample notices

This patch updates the 2 optional sample_notices.sql files for ru-RU and
uk-UA.
Not sure if it is relevant but I don't understand why they are not
up-to-date.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Checked by running them manually.
English installs 27, Russian 27 and Ukrainian 26.
Last language can be updated somewhere else.

6 years agoBug 13014: (follow-up) Notify budget owner on new suggestion - sample notices
Jonathan Druart [Thu, 6 Nov 2014 09:21:01 +0000 (10:21 +0100)]
Bug 13014: (follow-up) Notify budget owner on new suggestion - sample notices

This patch adds the new notice for all other languages.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
6 years agoBug 13014: Notify budget owner on new suggestion - cronjob
Jonathan Druart [Tue, 30 Sep 2014 14:59:50 +0000 (16:59 +0200)]
Bug 13014: Notify budget owner on new suggestion - cronjob

Test plan:
0/ Create a new notice suggestions > TO_PROCESS
You can use the one defined in the other patch.
1/ Create a suggestion and link it to a fund
2/ Add a owner to this fund and make sure this patron has an email
address (the email address used should be the one defined in the
AutoEmailPrimaryAddress syspref).
3/ Execute the cronjob script with the -v and without the -c argument
4/ The output should tell you that an email will be sent
5/ Execute the cronjob script with the -v and with the -c argument
6/ Verify the notice is generated in the message_queue table and it is
correctly formatted.

Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
6 years agoBug 13014: Notify budget owner on new suggestion - sample notices
Jonathan Druart [Tue, 30 Sep 2014 14:58:48 +0000 (16:58 +0200)]
Bug 13014: Notify budget owner on new suggestion - sample notices

This patch add the new notice suggestion > TO_PROCESS

Others will be added when the patch will be signed off.

Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Followup expected :-) It would be nice also to have an updatabase.pl entry to
insert the new TO_PROCESS notification.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 13014: Notify budget owner on new suggestion - UT
Jonathan Druart [Tue, 30 Sep 2014 14:56:46 +0000 (16:56 +0200)]
Bug 13014: Notify budget owner on new suggestion - UT

When a suggestion is created and linked to a fund, a mail will be
generated, using a cronjob, to notify the budget owner.

A suggestion is considered as "can be treated" if its status is "ASKED".

Signed-off-by: Frederic Demians <f.demians@tamil.fr>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 12074: Filter duplicates when adding a batch from a staged file
Lyon3 Team [Tue, 24 Feb 2015 14:50:49 +0000 (15:50 +0100)]
Bug 12074: Filter duplicates when adding a batch from a staged file

When adding a batch of records to a basket, duplicates are skipped and
an alert is displayed with a link to them so as they could be treated
individually.

Test plan :

You need the 2 test attached files TestFile1.mrc and TestFile2.elc
(TestFile1 includes only the title "Amilec ou La graine d'hommes" that
is also included in TestFile2)

1) go to “Stage MARC records for import” page, upload TestFile1 and
stage it (select iso 5426 encoding).
2) Manage staged record and import the batch.
3) Make sure that the new record is indexed (depending to your indexing
system and test platform).
4) Go back to go to “Stage MARC records for import” page upload
TestFile2 and stage it (select iso 5426 encoding).
5) Go to acquisitions module and create a new basket.
6) From your basket, in the “Add order to basket block”  choose  'From a
staged file'.
7) Then click File2 (‘addorder button').
8) Go down the "Import all" block and save.
9) You are redirected to the basket page : a warning is displayed to
tell you that some duplicates have been found and skipped.
There's a link on the warning throughout you can go back to the list of
remaining records and treat them individually if necesary.
10) Click the link : you fall upon the title of TestFile1 (of course as
it's a duplicate).
11) Check that the imported records have been indexed.
11) Go down the "Import all" block and save.
12) A warning is displayed saying that no records have been imported
because they all match an existing record. The “Import all” block is not
any more visible.

Signed-off-by: JA <aloi54@live.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14450: itemsearch no longer working
Liz [Wed, 24 Jun 2015 09:52:05 +0000 (09:52 +0000)]
Bug 14450: itemsearch no longer working

To test:
Click Advanced search in staff client
Click the link for "Go to Item Search" at the top of the page
Do a search, you should get results. Try some combinations and make sure it works like it should.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14439: Add test - template path should finish by .tt
Jonathan Druart [Tue, 23 Jun 2015 14:10:22 +0000 (16:10 +0200)]
Bug 14439: Add test - template path should finish by .tt

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14439: Typo in Bug 14408 regexp
Fridolin Somers [Tue, 23 Jun 2015 13:50:39 +0000 (15:50 +0200)]
Bug 14439: Typo in Bug 14408 regexp

In Bug 14408 first patch, the regexp used needs an escape on dot and does not need an ending "?"

Test plan :
  - prove t/db_dependent/Auth.t

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14252: DBRev 3.21.00.011
Tomas Cohen Arazi [Wed, 24 Jun 2015 13:34:51 +0000 (10:34 -0300)]
Bug 14252: DBRev 3.21.00.011

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14252: Add sort by rfc4646_subtag in footer
Jonathan Druart [Thu, 4 Jun 2015 14:02:19 +0000 (16:02 +0200)]
Bug 14252: Add sort by rfc4646_subtag in footer

This patch sort by rfc4646_subtag the languages in the footer.
Same as in the header.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14252: (followup) addresses the QA Manager comments
Indranil Das Gupta [Mon, 1 Jun 2015 13:52:29 +0000 (19:22 +0530)]
Bug 14252: (followup) addresses the QA Manager comments

Addresses Katrin's comments in comment# 56

TEST PLAN
---------
 1) Back up your DB
 2) Ensure you have multiple languages, including
    some that have sub-languages (e.g. de-DE, de-CH)
    -- cd misc/translator
    -- perl translate install {language code}
 3) Ensure that you have all the languages enabled
    -- Staff client -> Home -> Global system preferences
       --> I18N/L10N
       Check all the languages in opaclanguages.
       Ensure that opaclanguagesdisplay is 'Allow'
 4) Open OPAC
    -- should only have languages in footer.
       Annoyingly below the fold.
 5) Drop your koha database, and create a blank one.
 6) Apply all patches
 7) Reinstall all the known languages, so the templates
    are appropriately updated.
 8) Go to staff client and do an install of koha, with
    all the dummy data.
 9) Ensure you have all the languages enabled (see (3))
10) Refresh your OPAC page
    -- language selector position should be in both
       the footer and at the top as expected.
    -- this confirms the sysprefs.sql change.
11) Restore your DB
12) run the updatedatabase.pl script
13) Ensure you have all the languages enabled (see (3))
14) Refresh the OPAC page
    -- should still only have languages in the footer.
    -- this confirms that upgrade won't change anything.
    -- this confirms the atomic update.
15) git diff origin/master
    -- the opac-bottom.inc difference should only
       have changes around a SET, IF, and END.
       This confirms the noprint was fixed.
16) In the staff client, change the OPAC system preference,
    OpacLangSelectorMode, to all three values.
    For each value, refresh the OPAC page, and confirm the
    position of the language selector.
    -- should work as expected.
17) run koha qa test tools

NOTE: Tested as a single batch together.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14252: Follow up noprint and default values
Mark Tompsett [Mon, 1 Jun 2015 03:16:17 +0000 (23:16 -0400)]
Bug 14252: Follow up noprint and default values

TEST PLAN
---------
0) Back up your DB
1) open OPAC
   -- should only have languages in footer.
      Annoyingly below the fold.
2) Drop your koha database, and create a blank one.
3) Apply all patches
4) Go to staff client and do an install of koha, with
   all the dummy data.
5) Once installed, refresh your OPAC page
   -- language selector position should be in footer
      still as expected.
   -- this confirms the sysprefs.sql change.
6) Restore your DB
7) run the updatedatabase.pl script
8) Refresh the OPAC page
   -- should still only have languages in the footer.
   -- this confirms that upgrade won't change anything.
   -- this confirms the atomic update.
9) git diff origin/master
   -- the opac-bottom.inc difference should only
      have changes around a SET, IF, and END.
      This confirms the noprint was fixed.
10) In the staff client, change the OPAC system preference,
    OpacLangSelectorMode, to all three values.
    For each value, refresh the OPAC page, and confirm the
    position of the language selector.
    -- should work as expected.
11) run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14252: (fix) address the indentation for the lang loop
Indranil Das Gupta [Mon, 1 Jun 2015 00:16:30 +0000 (05:46 +0530)]
Bug 14252: (fix) address the indentation for the lang loop

tidy the indentation for that lang selector loop code.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14252: (Followup) Fixed issues pointed to in comment #40
Indranil Das Gupta [Sun, 31 May 2015 23:56:31 +0000 (05:26 +0530)]
Bug 14252: (Followup) Fixed issues pointed to in comment #40

Based on Mark's inputs in comment #40 -

[1] selected 'mast' (short of 'masthead') and updated :
   (a) bug_14252-OpacLangSelectorMode_syspref.sql
   (b) sysprefs.sql
   (c) opac.pref
[2] Reduced the calls to Koha.Preference() from :
   (a) masthead.inc
   (b) opac-bottom.inc

After applying this patch, update the database once for it to pick
up the new option values -'both|mast|foot'.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14252: (followup) Adds OpacLangSelectorMode syspref
Indranil Das Gupta [Wed, 27 May 2015 22:48:44 +0000 (04:18 +0530)]
Bug 14252: (followup) Adds OpacLangSelectorMode syspref

Based on discussion, this followup does the following:

1/ brings back the switcher on opac-bottom.inc
2/ adds a syspref OpacLangSelectorMode to toggle between the three
   modes:
     (a) show switcher both on masthead and footer (default)
     (b) footer only
     (b) masthead only

Test plan
=========

1/ apply earlier patches attached to this bug in their correct order
2/ apply this followup patch
3/ run updatedatabase.pl to add in the atomic update
4/ goto admin/preferences.pl?tab=opac
5/ look up OpacLangSelectorMode, it should be set with default value
   "both masthead and footer"
6/ check OPAC to see if both locations show the selectors
7/ change OpacLangSelectorMode to 'only header' and 'only footer' at
   each iteration, and check if the selection has correctly toggled
   the selectors. It should

Note: make sure you do not have the patch 11057 applied on the branch
      from before, otherwise merge conflict might happen.

http://bugs.koha-community.org/show_bug.cgi?id=14252

Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14252: (followup) fix lang chooser for sublanguages
Bernardo Gonzalez Kriegel [Sat, 23 May 2015 17:40:52 +0000 (14:40 -0300)]
Bug 14252: (followup) fix lang chooser for sublanguages

This quick fix disables sublanguages dropdown,
show all sublanguages on same level.

To test:
1) Apply both patches
2) Translate to have sublanguages (en-NZ, de-DE, de-CH)
3) Go to opac, confirm you can select any lang/sublang
4) Check on movil device

4th version.
Removed rfc4646 subtag on sublanguages, think it's cleaner.
Currently on master all translated languages/regions have
valid description ('en' at least)
Added language sort using rfc4646 subtag

Signed-off-by: Indranil Das Gupta <indradg@gmail.com>
Followup fixes the issue with lang group dropdowns. Works well
across standard desktop as well as mobile device with small screens
(checked on 4.3" / 4.7" / 5")

Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14252: Move OPAC lang switcher to masthead navbar
Indranil Das Gupta [Fri, 22 May 2015 21:41:48 +0000 (03:11 +0530)]
Bug 14252: Move OPAC lang switcher to masthead navbar

The OPAC language switcher takes up a lot of space at the bottom of the
browser. It also has issues of being not always visible.
This patch adds the switcher to the masthead navbar and removes from the
opac-bottom.inc navbar.

Test plan
=========

1/ Apply patch
2/ Set opaclanguagesdisplay syspref to 'show'.
3/ Add a few languages i.e. es-ES, fr-FR and de-DE
     $ cd misc/translator
     $ perl translate <langcode>
4/ Enable installed languages for OPAC use by checking on 'opaclanguages'
   under I18N/L10N sysprefs
5/ Go to the OPAC, you should have a "Languages" dropdown on the masthead
   navbar, the opac-bottom.inc navbar should no longer be there.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works, no koha-qa errors.
Followup fix language chooser for sublanguages

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 13962: Add link to the vendor detail page
Jonathan Druart [Tue, 16 Jun 2015 16:16:27 +0000 (18:16 +0200)]
Bug 13962: Add link to the vendor detail page

This patch 1/ uses the class of the th to filter the columns and 2/ adds
a link on the vendor name to the vendor detail page.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 13962: Add vendor to acq details tab in staff
Katrin Fischer [Tue, 9 Jun 2015 22:34:50 +0000 (00:34 +0200)]
Bug 13962: Add vendor to acq details tab in staff

Implementing some feedback from our user meeting:
The acquisition details tab on the detail page
in staff should also show the vendor of the
order.

To test:
- Make sure AcquisitionDetails is active.
- Create an order or look up an order in the
  acqusition module.
- Go to the ordered record and check the
  'Acquisition details' tab
- Verify the vendor shows up there as first
  column now
- Check that sorting and display of the other
  columns are still working correctly

Note: Also fixes a </th> that should be a </td>
Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14324: Display "Add Child" for Organisations on circ/circulation.pl
Jonathan Druart [Tue, 23 Jun 2015 08:40:15 +0000 (10:40 +0200)]
Bug 14324: Display "Add Child" for Organisations on circ/circulation.pl

On moremember, the button is displayed for Organisations.
To be consistent, it should be displayed on the circulation page too.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14324: Set "adultborrower" regardless of guarantor status.
Barton Chittenden [Thu, 18 Jun 2015 20:31:28 +0000 (13:31 -0700)]
Bug 14324: Set "adultborrower" regardless of guarantor status.

Signed-off-by: Jason Robb - SEKLS (jrobb@sekls.org)
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 8802: On editing a library group category type is not set
Jonathan Druart [Wed, 1 Apr 2015 14:23:48 +0000 (16:23 +0200)]
Bug 8802: On editing a library group category type is not set

The category type was always set to 'searchdomain', because it's the
first of the dropdown list.

Test plan:
1/ Create or edit a library group
2/ Set the category type to "properties"
3/ Edit it again
4/ Confirm "properties" is correctly selected

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14423: tab characters in auth_subfields_structure
Liz Rea [Tue, 23 Jun 2015 00:37:09 +0000 (12:37 +1200)]
Bug 14423: tab characters in auth_subfields_structure

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14423: Multiple XSS bugs in suggestion.pl
Chris [Sun, 21 Jun 2015 09:35:07 +0000 (09:35 +0000)]
Bug 14423: Multiple XSS bugs in suggestion.pl

To test
1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to=
2/ Notice alert box(es)
3/ Apply patch
4/ Reload and notice alert is gone

Repeat for
collection_title
copyrightdate
isbn
manageddate_from
manageddate_to
publishercode
suggesteddate_from
suggesteddate_to

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14423: Multiple XSS vulnerabilities in serials-search
Chris [Sun, 21 Jun 2015 09:20:51 +0000 (09:20 +0000)]
Bug 14423: Multiple XSS vulnerabilities in serials-search

To test

1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter=
2/ Notice alert boxes
3/ Apply patch
4/ Reload, notice fixed

Repeat for
callnumber_filter
EAN_filter
ISSN_filter
publisher_filter
title_filter

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14423: XSS bugs in catalogue search
Chris [Sun, 21 Jun 2015 09:01:32 +0000 (09:01 +0000)]
Bug 14423: XSS bugs in catalogue search

To test

1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice alert boxes
3/ Apply patch
4/ Reload url, no alerts
5/ Check search still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14423: XSS issues in marc_subfields_structure
Chris [Sun, 21 Jun 2015 08:46:40 +0000 (08:46 +0000)]
Bug 14423: XSS issues in marc_subfields_structure

1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice all the alert boxes
3/ Apply patch
4/ Reload page, no more alerts
5/ Test functionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14423: XSS bug in auth_subfields_structure
Chris [Sun, 21 Jun 2015 08:33:13 +0000 (08:33 +0000)]
Bug 14423: XSS bug in auth_subfields_structure

1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice a ton of alert boxes pop up
3/ Apply patch
4/ Reload url, no longer get any alerts
5/ Test fuctionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14423: XSS bug in lateorders
Chris [Sun, 21 Jun 2015 08:18:20 +0000 (08:18 +0000)]
Bug 14423: XSS bug in lateorders

1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom
2/ Not you get an alert box
3/ Apply patch notice it is fixed
4/ Test functionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14423: XSS in authorities-home
Chris [Sun, 21 Jun 2015 08:10:20 +0000 (08:10 +0000)]
Bug 14423: XSS in authorities-home

To test:
1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice you get 3 alert boxes
3/ Apply patch
4/ Hit the url again, no js

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14426: Escape or use placeholders for sql parameters
Jonathan Druart [Mon, 22 Jun 2015 08:56:26 +0000 (10:56 +0200)]
Bug 14426: Escape or use placeholders for sql parameters

Does this patch enough to prevent sql injection in borrowers_out.pl?

====================================================================
1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil')
====================================================================

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')"
| nc testbox 9002

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')"
| nc testbox 9002

====================================================================
2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b
====================================================================

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='a"
| nc testbox 9002

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='b"
| nc testbox 9002

====================================================================

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14408: Allow integers in template paths
Jonathan Druart [Mon, 22 Jun 2015 08:24:51 +0000 (10:24 +0200)]
Bug 14408: Allow integers in template paths

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14408: Add tests to get_template_and_user
Jonathan Druart [Fri, 19 Jun 2015 08:25:30 +0000 (10:25 +0200)]
Bug 14408: Add tests to get_template_and_user

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14408: Path Traversal error
Chris [Mon, 22 Jun 2015 05:23:52 +0000 (05:23 +0000)]
Bug 14408: Path Traversal error

Counter counter patch
Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt
and not allowing ../etc

Note the previous patch tries to protect against /etc/passwd
but //etc/passwd is now vulnerable.  I do think a whitelist is safer than trying to do a blacklist

/cgi-bin/koha/svc/virtualshelves/search
/cgi-bin/koha/svc/members/search

Are vulnerable

To test:
1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt
  Notice you get a valid JSON response
2/ Hit
/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
  (You may have add more ..%2f or remove them to get the correct path)
  Notice you can see the contents of the /etc/passwd file
3/ Hit
/cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
4/ Apply patch
5/ Hit the first url again, notice it still works
6/ Hit the second url notice it now errors with a file not found
7/ Hit the third url notice it now errors with a file not found

Repeat for the other script also

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14383: (QA followup) missing POD fix in C4/Branch.pm
Tomas Cohen Arazi [Mon, 22 Jun 2015 20:43:21 +0000 (17:43 -0300)]
Bug 14383: (QA followup) missing POD fix in C4/Branch.pm

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14383: Fix POD error in C4/Ratings.pm
Jonathan Druart [Thu, 18 Jun 2015 13:19:25 +0000 (15:19 +0200)]
Bug 14383: Fix POD error in C4/Ratings.pm

perl -e "use Pod::Checker;podchecker('C4/Ratings.pm');"

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14383: etc/zebradb: Fix some typos in documentation and Bib-1 attribute set
Stefan Weil [Mon, 15 Jun 2015 19:57:13 +0000 (21:57 +0200)]
Bug 14383: etc/zebradb: Fix some typos in documentation and Bib-1 attribute set

All of them were found and fixed using codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14383: docs: Fix some typos in documentation
Stefan Weil [Mon, 15 Jun 2015 19:55:50 +0000 (21:55 +0200)]
Bug 14383: docs: Fix some typos in documentation

All of them were found and fixed using codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14383: admin: Fix some typos in comments and documentation
Stefan Weil [Mon, 15 Jun 2015 19:50:14 +0000 (21:50 +0200)]
Bug 14383: admin: Fix some typos in comments and documentation

Most of them were found and fixed using codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14383: acqui: Fix some typos in comments and documentation
Stefan Weil [Mon, 15 Jun 2015 14:51:51 +0000 (16:51 +0200)]
Bug 14383: acqui: Fix some typos in comments and documentation

Most of them were found and fixed using codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
http://bugs.koha-community.org/show_bug.cgi?id=14383
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14383: Fix some typos in comments and documentation
Stefan Weil [Mon, 15 Jun 2015 14:49:47 +0000 (16:49 +0200)]
Bug 14383: Fix some typos in comments and documentation

Most of them were found and fixed using codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
http://bugs.koha-community.org/show_bug.cgi?id=14383
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14383: C4: Fix some typos (mostly in comments and documentation)
Stefan Weil [Mon, 15 Jun 2015 05:47:18 +0000 (07:47 +0200)]
Bug 14383: C4: Fix some typos (mostly in comments and documentation)

Most of them were found and fixed using codespell.
Fix also some related grammar issues.

In C4/Serials.pm a variable was renamed to make future codespelling
checks easier.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
http://bugs.koha-community.org/show_bug.cgi?id=14383
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14383: misc: Fix some typos in comments and documentation
Stefan Weil [Sun, 14 Jun 2015 20:42:57 +0000 (22:42 +0200)]
Bug 14383: misc: Fix some typos in comments and documentation

Most of them were found and fixed using codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14383: debian: Fix some trivial typos
Stefan Weil [Sun, 14 Jun 2015 20:30:12 +0000 (22:30 +0200)]
Bug 14383: debian: Fix some trivial typos

They were found and fixed using codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14356: Improvements to the 'Transfers to receive' page
Katrin Fischer [Sun, 7 Jun 2015 23:30:58 +0000 (01:30 +0200)]
Bug 14356: Improvements to the 'Transfers to receive' page

Patch makes several small changes to the template for the
'Transfers to receive page'

1) Show the branch name instead of the branchcode in the
   table of incoming transfers.

If there is a hold connected with the transfer:
2) Show the patron's name as 'surname, firstname'
   intead of 'surname  firstname'
3) Restore broken feature: Show a mailto: link with a
   generated subject of 'Hold: <title>'.

The mailto: feature actually existed in the templates, but
was broken to a misnamed database column. I made some small
changes to make the subject translatable (see bug 8330).

To test:
- Create a transfer by placing a hold with pickup at another library
- Craete a transfer manually
- Go to the circulation > transfers to receive
- Check the changes explained above, compare before and after
- Check the mailto: link works as expected

Bonus: Check the Hold: bit in the subject is really translatable now.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14253: (follow-up) Same fix for the basket page
Jonathan Druart [Tue, 16 Jun 2015 15:39:16 +0000 (17:39 +0200)]
Bug 14253: (follow-up) Same fix for the basket page

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
6 years agoBug 14253: Acq - notify borrowers popup needs to allow scrolling
Katrin Fischer [Tue, 9 Jun 2015 01:01:08 +0000 (03:01 +0200)]
Bug 14253: Acq - notify borrowers popup needs to allow scrolling

The 'notify on receiving' patron search on the new order form
in acquisitions didn't allow you to scroll, so there was no
way to select users from the bottom of a longer result list.

To test:
- Create a new order in acquisitions
- On the order form, use the 'Add user' button to open
  the popup
- Perform a patron research with a lot of results
- Verify that with the patch you can scroll, but
  that you couldn't without it

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
without patch: no scroll bar in Firefox 38
with patch: scrolling works fine

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>