Update release notes for 22.05.19 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Increment version for 22.05.19 release

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Bug 36034: Add test

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 36034: (bug 34893 follow-up) fix capture of return values from checkpw

Adapt code to the change of return value type of checkpw
introduced in bug 34893

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35518: Tidy the moved blocks

This patch just tidies the moved blocks to get us past the QA script
check.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit b577b6567045184adcb5bb55b7e5c70428e124ee)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1f182d45aba607dbfaf63c98f97b8615e5eea09d)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit d44a697788c947b9deb08aafaeb965f0e2b069f0)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit 870c18a6545092de9fd50c187f68dd0d6574b56b)

Bug 35518: Check authentication and set userenv before fetching userenv variables

Currently we get the userenv before we have set it correctly for the session

To test:
 1 - Sign in as a user with fast cataloging permission
 2 - Bring up a patron, type gibberish into barcode field to get a fast cataloging link
 3 - Check the link, it should have your current signed in barcode
 4 - Sign in to a different browser with a different user and at a different branch
 5 - Bring up a aptron in circulation and type gibberish into barcode field to get a fast cataloging link
 6 - It may have your branch, but it may also have the other user's branch from the other window
 7 - Keep entering gibberish to get a link until one user has the correct branch
 8 - Then switch to the other browser, and keep entering gibberish, watch the branchcode change
 9 - Apply patch, restart all
10 - Test switching between browsers. generating fast cataloging links
11 - Users should now consistently have the correct branch

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 90b6f68616e2ba5ca3fcbbd9698c97ef41a45593)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 26722f2a08af99b9e3cb4eb50398df896085f527)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 1460974627a7c094144fe4b834f07a5ee0c5b493)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit 70c86eb8926def78636e69b02d4ad47cecce6323)

Bug 36092: Pass sessionID at the end of get_template_and_user

It seems safer to pass the logged in user and session info at the end of
the sub.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit c50372c0b5c490971e4e336541aa85fbb45033d2)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit 2ba597ea70612aec6880a583e9436da2367b5644)

Bug 36092: Pass the sessionID from checkauth if we hit auth

If we hit the auth page we were not passing sessionID to the template

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0decb260343455caabd4101b0b0e9499723f2951)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit 9580111a206522e90a76d0fbaafdaaca0401d6fd)

Bug 36092: Add test

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 7bc46ea231c3e63e017da2a26a7a8918ed161cab)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit 14cce4e9364792e93c50a1d6bed01d4e85d150d4)

Bug 30524: (QA follow-up) Fix tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 158edb411b32253fae4f068ce416d6ad4d1a67d3)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 38725ed0af95c318077c46f337795054e31c60e4)

Bug 30524: (QA follow-up) Unit tests for GenerateCSRF()

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 60d11ae7251a227fab3977ecd61cb01d0f062f79)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d4187c77eb3b39977b759af7df7641e70cd96358)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 26ab7e0b200ac8e5fe4d88603996d823bf63d8bc)

Bug 30524: (QA follow-up) Only generate CSRF token if it will be used

This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.

Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
  The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ddf1eb6cef14da365675890920ff72f010c59527)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 73ca151686b682aaa2b950ccbc89fcec14514112)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit b1bd7ec29a0febddc210dbdc3bef0a78e37c7719)

Bug 35942: OPAC user can enroll several times to the same club [23.05.x]

Test Plan:

1) Create 3 clubs, 1 limited to library A, 1 limited to library B and one not limited
2) Use a patron with home library A.
3) Go to the opac-user page, "Clubs" tab show 0/2 (the one from library B is not listed)
4) Browse to /cgi-bin/koha/svc/club/enroll?id=1
5) Reload that page a couple times
6) Note the patron is now enrolled in the same club multiple times
7) Delete those enrollments
8) Apply this patch
9) Restart all the things!
10) Repeat steps 2-7, note the lack of duplicate enrollments!
11) Repeat steps 2-10 for the staff interface

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 9bdab108e22768b018b017ed7c0e0016270f2570)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>

Bug 35918: Fix auto library connect (AutoLocation)

This code is a bit weird, its purpose it to auto select the library depending on the IP.
A problem appears if the same IP is used, then the user's choice will
might be overwritten randomly by another library.

To recreate the problem:
Turn on AutoLocation
Use koha/koha @CPL for test
And the following config:
*************************** 1. row ***************************
branchcode: CPL
branchname: Centerville
  branchip: 172.18.0.1
*************************** 2. row ***************************
branchcode: FFL
branchname: Fairfield
  branchip: 172.18.0.1
*************************** 3. row ***************************
branchcode: FPL
branchname: Fairview
  branchip: 172.18.0.4

Connect and select CPL. Randomly FFL will be picked instead.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Tested this on top of 35890 and 35904 because git bz said they were required dependencies.
Figured out the IP Koha was seeing me as coming from in /var/log/koha/kohadev/plack.log.
Added that IP to the branchip for Centerville, Fairfield and Fairview. Set AutoLocation = Yes.
After this I could recreate the problem: If i left the "Library" field in the login screen
at "My Library" I got logged into a random library selected from the three i had set
branchip for. Applying the patches fixed this, as expected.
Tests pass, with AutoLocation off.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 35918: Add test

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 35890: Add tests for AutoLocation

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 35890: Reject login if IP is not valid

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 35890: Remove var loggedin

It is never used and add confusion

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 35904: (QA follow-up): tidy up code

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 35904: Make C4::Auth::checkauth testable easily

This patch suggests to add a new flag do_not_print to
C4::Auth::checkauth to not print the headers and allow to test this
subroutine more easily.

We do no longer need to mock safe_exit and redirect STDOUT to test its
return values.

There are still 3 left:
1.
733         # checkauth will redirect and safe_exit if not authenticated and not authorized
=> Better to keep this one, not trivial to replace

2.
806         # This will fail on permissions
This should be replaced but testing $template->{VARS}->{nopermission}
fails, I dont' think the comment is better.

3.
828         # Patron does not have the borrowers permission
Same as 2.

2. and 3. should be investigated a bit more.

This patch also move duplicated code to set patron's password to a
subroutine set_weak_password.

Test plan:
Read the code and confirm that everything makes sense.
QA: Do you have a better way for this? Yes it's dirty!

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 29510: (follow-up) Adapt GET /patrons/:patron_id

This patch makes GET /patrons/:patron_id rely on this new behavior from the
objects.find helper.

To test:
1. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests still pass!
4. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 29510: Make objects.find call search_limited if present

This patch makes objects.find implicitly update the passed
*$result_set* to use search_limited. This way no object leaks could
happen without noticing.

To test:
1. Apply the regression tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/REST/Plugin/Objects.t
=> FAIL: Tests fail because search_limited is not used
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Results are correctly filtered based on userenv!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 29510: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 35941: (QA follow-up) Tidy clubs-tab.pl

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 35941: Limit club list to those from the logged in user

clubs-tab get the patron's id from the parameter. At the OPAC we must
use the one from the logged in user, to prevent leak to other users

Test plan:
Have 2 clubs: A, B
Enroll to A with patron borrowernumber=1
Enroll to B with patron borrowernumber=2
Log in with patron 1 and hit:
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=1
=> OK
Now hit
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=2
=> oops

Apply this patch, try again.
The "borrowernumber" parameter is no longer used to fetch the club list.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 36072: opac-request-article should check syspref

Note: This is handled now just like opac-reserve.

Test plan:
Disable ArticleRequests and hit the page.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Update release notes for 22.05.18 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Increment version for 22.05.18 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Merge remote-tracking branch 'upstream/22.05.x' into HEAD

Bug 27342: Fix C4::ILSDI::Services::AuthenticatePatron

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Bug 27342: (QA follow-up) Fix test

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Bug 27342: (QA follow-up) Remove dbh from new tests

Bug 27342: Remove dbh from C4::Auth

We must not pass $dbh but retrieve it when needed instead

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Bug 27342: Improve test for OPAC

We don't need to build allowed_scripts_for_private_opac for staff

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Bug 34893: [22.05] Add a Koha::Patron->update_lastseen method

Without this patch, we get an error trace whe calling AuthenticatePatron

The method Koha::Patron->update_lastseen is not covered by tests!

Bug 34893: Unit tests for C4::Auth::checkpw

This patch introduces some tests on the current (and new) behavior for
the `checkpw` function.

I needed it to better understand if an edge case was actually possible
(it wasn't).

Found a really minor annoyance for the internal check with expired
password not returning the $patron object for consistency with the other
use cases.

I think this method deserves (at least) changing the return value to a
sane data structure. But that's not target for backporting to stable
releases. So a separate bug.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 34893: (QA follow-up) Tidy code for qa script

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 34893: Add checkpw change to REST API

This patch adds the checkpw return value change to the REST API
route for validating user identifiers and password.

Test plan:
0. Apply patch
1. prove t/db_dependent/api/v1/password_validation.t

Bonus points:
1. koha-plack --reload kohadev
2. Enable syspref RESTBasicAuth
3. curl -XPOST -H "Content-Type: application/json" \
-u <staff_userid>:<staff_password> \
-d '{"identifier":"<cardnumber>","password":"<password>"}' \
http://localhost:8081/api/v1/auth/password/validation
4. Validation doesn't fail. It gives you cardnumber, patron_id, userid

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron

Imagine we have a set of users. Some of those users have a NULL userid. We then call AuthenticatePatron from ILS-DI for a patron with a NULL userid, but a valid cardnumber. We call checkpw, which returns the cardnumber and userid. We then call Koha::Patrons->find on the userid *which is null*, meaning the borrowernumber returned is not the correct one, but instead the earliest patron inserted into the database that has a NULL userid.

Test Plan:
1) Give three patrons a userid and a password
2) From the database cli, set all patrons's userid to null
   Run this query: update borrowers set userid = null;
3) Call AuthenticatePatron with username being the 1st patron cardnumber,
   and password being the password you set for that patron
   http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=kohacard&password=koha
4) Note you get back a borrowernumber for a different patron. Refresh the page and the number is correct.
5) Do the same with the 2nd patron. Same issue at 1st and correct number after.
6) Apply this patch
7) Restart all the things!
8) Do the same with the 3rd patron.
9) Note you get the correct borrowernumber! :D
10) prove t/Auth.t t/db_dependent/Auth_with_ldap.t t/Auth_with_shibboleth.t t/db_dependent/Auth_with_cas.t

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 34893: Add unit tests

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Bug 35343: Add record accessor method to Koha::Authority

Code lifted from bug 31794 to fix already backported bug 26611.

Unit tests included.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 40115a2c8cba3e081ffd0710899ef4556a3bbb54)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>

Update release notes for the 22.05.17 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Increment version for 22.05.17 releasse

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 35291: (QA follow-up) Tidying script for QA test tools

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 35291: Validate filepaths in linking files

Validate that the files in linking files are contained within the ZIP.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 35291: Don't allow symlinks for link files in cover image ZIP

There's no reason to allow symlinks for link files in cover image
ZIP files. Preventing their use prevents someone from uploading
a symlink pointing to an existing file on the Koha server.

Test plan:
0. Apply patch and restart/reload Koha
1. Create a PNG cover image
2. Create a datalink.txt file that contains something like the
following:
29,Untitled.PNG
3. Turn on "LocalCoverImages" system preference
4. Upload via http://localhost:8081/cgi-bin/koha/tools/upload-cover-image.pl
5. Go to http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=29
6. Note the cover image has been uploaded

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 35291: Prevent leaks from FS

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 35290: (follow-up) Perltidy formatting corrections

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 35290: Sanitize field input on cataloguing/ysearch.pl

This change sanitizies the field input on cataloguing/ysearch.pl

Test plan:
0. Apply the patch and restart/reload Koha
1a. "Add marc21_field_260b.pl plugin to 260$b in the Default framework"
1b. Go to http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?
op=add_form&tagfield=260&frameworkcode=#subbfield
1c. Choose "marc21_field_260b.pl" from the dropdown next to "Plugin"
1d. Click "Save changes"
2a. "Add new record"
2b. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?frameworkcode=
3. Click on tab "2" and scroll down to 260 "b"
4. Type in "Ori" into 260 subfield b
5. Some autocomplete suggestions should appear

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 35174: [22.05] (follow-up) Add a warning to the about page

Bug 35174: update control files for koha-l10n dependency package

 to test...

 - apply patch
 - build koha-common package
 - install koha-common package, and confirm koha-l10n package is installed

Bug 35174: Don't run gulp po commands if po dir is missing

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Add misc/translator/po to .gitignore

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Add a warning to the about page

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Do not explode if po dir does not exist

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Remove .po files from Koha

Bug 35103: Add option to gulp tasks to pass a list of tasks

You can now generate the messages.po for all languages with:
  gulp po:update --task messages

or for only es-ES
  gulp po:update --task messages --lang es-ES

It may be helpful for the "update po" script that will be used on
weblate.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Update yarn.lock

Bug 32978: Replace node-sass with dart-sass

'npm install' fails in ktd on aarch64, giving unsupported architecture error for node-sass.

This patch addresses this by replacing node-sass with dart-sass, updating our gulpfile
accordingly. Some corrections have been made to SCSS to fix warnings
raised during the build process.

Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Works like a charm. Great work oleonard! Tested on Apple M1, e.g. aarch64.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: I removed some useless formatting changes in the gulpfile, and the
yarn.lock changes as well.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Bug 35079: Replace --force-extract by --generate-pot={always,auto,never}

This restores the original behaviour of always building the POT file
in order to not break existing workflows
Option --force-extract is deleted in favor of a new option
--generate-pot that can have 3 values:

* always: always build the POT file. This is the default value
* auto: build the POT file only if it does not exist
* never: never build the POT file

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35079: Rebuild POT files only if necessary or asked explicitely

By default, gulp tasks po:create and po:update won't rebuild the POT
files if they already exist.
Both tasks gained a new option --force-extract to rebuild them
unconditionally

This makes it possible to create/update PO files for multiple languages
sequentially without rebuilding the POT file for each language.
For instance:

    gulp po:update --lang fr-FR
    # do something with the PO files
    gulp po:update --lang en-GB
    # ...

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35043: Do not have \n or \t appear in PO files

This is a trick, so that we won't have to deal with \t in PO files.
\n is not a problem, but it seems consistent to use the same method for
both.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 35043: Use Locale::PO->quote

We have our own "quote_po" sub that is stating that Locale::PO::quote
is buggy because it does not deal with quoting new lines correctly.
However it seems that it is fixed now.

Ideally we could use Locale::PO::quote everywhere, but it does not
escape tab characters:
  $string =~ s/\\(?!t)/\\\\/g;           # \t is a tab

This means the following:
msgid "Tabulation (\\t)"
msgstr "Tabulation (\\t)"
become:
-msgid "Tabulation (\t)"
-msgstr "Tabulation (\t)"

And we are seeing the following on Weblate:
https://snipboard.io/BjQmDC.jpg

Note that Locale::PO has not been updated since 2014...

The real problem behind this is that we have 2 methods to quote strings.
At first glance it seems that Locale::PO::quote was not used before, but
with the introduction of the koha-i18n project we will have scripts that
will use Locale::PO->save_file_fromarray, which uses Locale::PO->quote
=> Those scripts will be used on the translation server for post
processing (security reason, marking potential XSS strings as fuzzy).

Test plan:
0. Do not apply the patch
1. gulp po:update --lang LANG # Replace LANG with your favorite language
   code
2. git commit -a -m"init PO files"
3. Apply this patch
4. Repeate 1.
5. git diff
   => The change is about the "Tabulation" and "New line" strings from
      tools/csv-profiles.tt
6. Translate them (replace the \t and \n with %s) and remove the fuzzy
   flag
7. install the template: cd misc/translator && perl translate install
   LANG
8. Enable the language, use it and go to the "Nouveau profil CSV" view
   => Notice that the \t and \n are correctly displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 35024: Do not wrap translations

PO files wrap differently depending on versions.

Looks like (thanks Julian!) it's coming from libunistring, between 0.9.10 and 1.0 I am seeing a change in how the strings in the PO files are wrapped.

Debian 11 (using libunistring 0.9):
"%s %sPrintemps%s %s %sÉté%s %s %sAutomne%s %s %sHiver%s %s %sPrtps%s %s %sÉté"
"%s %s %sAut%s %s %sHiv%s %s %s %s"

Debian 12, Ubuntu 22.04(using libunistring 1.0)
"%s %sPrintemps%s %s %sÉté%s %s %sAutomne%s %s %sHiver%s %s %sPrtps%s %s "
"%sÉté%s %s %sAut%s %s %sHiv%s %s %s %s"

It *could* come from this changes:
https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=HEAD
   * The functions u*_possible_linebreaks and u*_width_linebreaks now make it
     easier to work with strings that contain CR-LF sequences: In this case,
     in the returned array, it will return UC_BREAK_CR_BEFORE_LF followed by
     UC_BREAK_MANDATORY (instead of twice UC_BREAK_MANDATORY).

The command used is:
% msgmerge --backup=off --quiet -F --update misc/translator/po/fr-FR-staff-prog.po misc/translator/Koha-staff-prog.pot

No matter the value of --width.

One solution is to use --no-wrap, and never wrap :)

I sent an email to the list about this suggestion https://lists.katipo.co.nz/pipermail/koha/2023-October/060143.html

Test plan:
% gulp po:update --lang LANG

And notice that the lines are no wrapped anymore.

Note that in master there were already not wrapped (?)
commit edd378f4d14d79107d662b053c8e6f750326dd23
Translation updates for Koha 23.05.00

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Bug 34959: Sort PO files correctly

The PO files are not sorted when we update them which leads to
unnecessary changes that are commited: hard to see differences and
make git index grow superfluously.

Test plan:
0. Do not apply this patch
1. gulp po:update --lang es-ES
2. git commit -a -m"First PO update"
3. Run again the gulp update command
4. git diff
=> You have a lot of changes generated here, the po:update is not
idempotent.

5. Apply this patch
6. Run the gulp update command
7 git commit -a -m"PO update after 34959"
8. Run the gulp update command
9. git diff
=> No changes are generated

Note that this patch will all the entries by files, and per line
numbers.
It fixes a bug in some condition, where we add information/context about
the string. For instance search for "For the first occurrence" in the
file. Prior to this patch this was not correct, we didn't add info about
the first occurrence (but whichever in the list).

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Bug 34959: Remove unused sub

Nothing special here, this sub is not used and we can remove it.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Bug 26611: Make authority record matching use required match checks

This patch fixes record matching for authorities to correctly apply required match checks.

To test:

1) Create a record matching rule:

Threshold: 100
Record type: Authority record

Match point 1
Search index: subject-topical
Score: 100
Tag: 150
Subfields: a

Match check 1
Both source and target record check fields:
Tag: 040
Subfields: a

This rule says we want to match on the topical term heading, then confirm the match with 040$a.

2) Create two topical term authority records

Authority 1:
150$a: Test
040$a: A

Authority 2:
150$a: Test
040$a: B

3) Export authority 2 and save

4) Go to Cataloging -> Stage records for import

5) Upload your downloaded authority 2 file. Change the record type to Authority. Choose your new record matching rule.

6) Stage for import.

7) Confirm that with the record matching rule applied, both authorities 1 and 2 show as possible matches, even though only authority 2 has a matching 040$a.

8) Apply the patch and restart services

9) Change the matching rule to "Do not look for matching records" and apply. This is to essentially refresh the page.

10) Change the matching rule to your new matching rule and apply. Confirm only the matching authority 2 shows and is selected.

Sponsored-by: Waikato Institute of Technology
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 33856898fd2f1cd757aeafe3c165300928f9da61)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 11bce8210a964935ed0d5ec2e480e958d3d75551)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33404: Add unit tests

Test plan:
Run t/db_dependent/Breeding.t
Run t/db_dependent/Breeding_Auth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Amended patch: perltidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e9cab7f1fc7acc0b340d07770c750ac9fed50a58)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit fdcb386548ef8bd0c6f85a17b1fa69ab1f16c298)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit a9b50d6b5722480c04c90196d6e3d81d6fbc351d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33404: Fix serverhost and init $page

The array serverhost is not filled. Should be replaced with values
from servers array.

Test plan:
Nothing exciting here. Read the patch.
Note that we will test in the next patch if the hostname is saved
correctly in the import batch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit eb759719908949bc5f7c388d26d4e9dd28b1e415)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit ba442b1a3b1d77585c8507697c6a5d2755605bb8)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 9b7218373a1dfd3cd49e4bbe2cabf8438678f426)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33404: Z3950SearchAuth: Save in UTF-8 encoding

Test plan:
[1] If you have access to a Z3950 MARC8 auth server, search
    for an authority record and import it.
[2] If you have access to a Z3950 UTF8 auth server, search
    for an authority record and import it.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1233480ffaecb307ae7e9279acee7b516e42776f)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 52a243e3cae0afc9d1cc9cc97f5746ba6384bf01)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit d25ad4d949ecc5fd40bfbe95bcd682e97c13f58c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33848: Enabling Coce in the OPAC breaks cover images on bibliographic detail page

Bug 32412 added an additional "context" parameter to KOHA.coce.getURL.
The code which pulls a Coce image for the "main" cover image slider
needs to include the correct context parameter for the images to load.

This patch also makes a minor correction to CSS in order to make the
cover image slider "dots" change color to highlight the current slide.

To test, apply the patch and rebuild the OPAC CSS.

- Enable multiple cover image sources in the OPAC including Coce, e.g.
  Amazon, Google, OpenLibrary, etc.
- Search for a title which will match multiple cover image sources. In
  the sample data a search for "Perl" will return good results.
- Note the number of cover images loading for a title in the search
  results.
- View the detail page for that title. There should be the same number
  of covers in the cover image slider.
- Clicking the slider navigation dots should work to show each image,
  and the dot should change color to highlight the current image.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit d313f9b963ff0e5187eb19d81ef13231e0add39d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4125aec704464560515fb4f1f083b4cf4705ba30)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit fc3fde11d4e083bf23115d6c3533bca7037fab8b)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33848: Don't remove coce container from template

It's removed from coce.js

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit aa8dc28e97d1971e191d5f7d08802257ae98f378)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6cef886164eb3fd792eacffa6a8451bdcc711cec)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit be76f596a6dd901026d174723aee0324996b996d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Update release notes for 22.05.16 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Increment version for 22.05.16 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34369: Fix 'Did you mean'

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34369: Require CSRF token for updating system preferences

This patch adds the requirements that updating a system preference
requires a CSRF token. (Also, adding and deleting local system preferences.)

0. Apply patch
1. koha-plack --reload kohadev
2. Add local system preference
3. Update local system preference
4. Delete local system preference
5. Update normal system preference
6. Note no errors

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34349: Validate/escape inputs for task scheduler

This change validates and escapes inputs for task scheduler.

Test plan:
0. Apply patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/tools/scheduler.pl
3. Input a time a minute in the future and leave the date blank
4. Choose an existing report and output format
5. Type a malicious string which is also a valid email address
into the Email field
6. Click "Save"
7. Note that the job is added but the Email is wrapped in single
quotes
8. Try using a non-malicious email address with a single quote.
9. Note that the single quote is escaped, so that it will still
be used by runreport.pl

JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Removed pars for $email =~ regex, removed old commented lines.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34513: (QA follow-up) Tidy

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34513: Add checkauth unit test for resetting auth state when changing users

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34513: Add end-to-end test for authorization check after first failed authorization

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34513: Set auth state correctly when changing auth sessions

This patch sets the $auth_state to failed when changing auth sessions,
so that the new login attempt gets processed correctly (instead
of skipping the authorization step).

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?tab=&op=search&searchfield=baseurl
3. Log in as an OPAC user with 0 permissions
4. Note the auth screen "Error: You do not have permission to access this page"
5. Click "Log in"
6. Note that you're still shown a login screen (and that you've been logged out of
your previous authenticated session)

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Translation updates for Koha 22.05.16

Bug 34601: [22.05.x] Fix edit/delete links on suggestion.tt

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33132: [22.05.x] Add date_to_rfc3339

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34213: import_patrons.pl - Fix short version of matchpoint option in POD

 44     'c|confirm'                      => \$confirm,

 46     'm|matchpoint=s'                 => \$matchpoint,

The POD is wrong.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2442a4537d4d439bdf27e031116f98d880e47e09)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 5fcaf0aa09bbc76a6b010e9e93a6696308bea9a6)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit 54b530e351d91702ea01c4ded970a9c14c2b6b34)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34316: Add_credit should rethrow an exception correctly

Found while running Items.t on top of 33608.
Another exception was thrown but not rethrown.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fa9750e24de0a6300d683a1316b64e9bed248c4b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 2b1b8884ccd49e28bdf31a3c977a876a0f8c5283)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit b431cd1d14b39651ea259ae06235923c7f33af33)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 28493: Make koha-passwd display the username

to test...

1/ run command
 $ sudo koha-passwd dev1
 Password for dev1: CraZyPa$$WoRD!!
 Press enter to clear the screen...
 ^C

2/ apply patch

3/ run command again, note 'username' section
 $ sudo koha-passwd dev1
 Username for dev1: koha_dev1  <<<<<<<<<<<<
 Password for dev1: CraZyPa$$WoRD!!
 Press enter to clear the screen...
 ^C

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4ce7f8c49378c0e32212493779b07e3ab369dee7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ba51185fbd00591a72af41782ba2d6fd956b731a)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit 3ab7309e6738ab082610c875b3dccb82b3c20642)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34279: Don't enforce overduefinescap unless it is greater than 0

When creating a circ rule, we can set overduefinescap to blank or 0 and no cap is enforced. If we edit that rule, the blank/0 is converted to "0.00" which perl considers true, thus zero-ing out any calculated fine.

Considering we've always ignored an overdue fines cap of 0, we should also ignore 0.00. However, perl is evaluating it as a string which makes it true instead of false as 0 is.

Test Plan:
1) Apply the first patch ( unit tests )
2) prove t/db_dependent/Circulation/CalcFine.t
3) Note the test fails
4) Apply the second patch as well
5) prove t/db_dependent/Circulation/CalcFine.t
6) Note the test passes

Test Plan 2:
1) Create an all/all/all rule with an overduefinescap of 0.00, with a
   daily fine. Enable CalculateFinesOnReturn
2) Backdate a checkout so it is overdue
3) Return this item, note the lack of a fine
4) Apply this patch set
5) Backdate a checkout and return it again
6) Note the fine is generated!

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1763b136d1dcd3348ee26bca8663823b5a05f07c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 662da18be2ec7c6c9348a704d9ad8ac955292862)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit 7cb0a706cc5f69d63eccb735160827acd73cd9d2)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34279: Unit tests

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8096ec9fff44a04c8ff32525499652116d1a8ad0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 3e360c5637c1f910100e10f049823fda01f588d9)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit 0860515897fbcedab332c093cc32193d37bed465)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33992: Only consider the date when auto-expiring problematic recalls

This patch carries this fix into the misc/cronjobs/recalls/expire_recalls.pl cronjob so that recalls are automatically expired when they have been waiting a problematic number of days, not considering hours, as expected.

To test, follow the test plan from the first patch. This will set you up with a waiting problematic recall.

Run the cronjob manually

perl misc/cronjobs/recalls/expire_recalls.pl

Refresh your 'Recalls awaiting pickup' page. Your problematic recall should be gone/expired.

Expiration dates will apply when expiring any 'unfulfilled' recall i.e. newly requested, overdue to be returned, and awaiting pickup.

Sponsored-by: Auckland University of Technology
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0d2052088ec62654f81154be0b9916b8e8630891)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 3a5f4d170117e264ed15c8cf40c799ddfd2f6299)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit 4afe2a2b0a45a672bcae5df445b67ef9b4bb1e65)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34303: Only perlcritic files from git repo

Test plan:
Run t/00-testcritic.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2bc251cfdd1efdf6d0f7f299838ff067744ff17b)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 835bc43d316df60882c09fb201caa75e027af0a3)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit f26621c8c4ba4fbb292af99708d43593ea2e1e15)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34182: Don't set biblio.serial based on biblio.seriestitle in AddBiblio

A misunderstanding of the intention of some dead code that probably wanted
to set biblio.series (which doesn't exist) left us setting biblio.serial
if biblio.seriestitle was set. The only thing series and serial have in
common is the first four letters. We shouldn't set serial on something
with a series (unless someone also sets serial on it, of course).

Test plan:
 1. Administration - MARC bibliographic framework - Actions button next to
    Default framework - MARC structure
 2. In the Search for tag input type 942 and click search
 3. Actions button next to 942 - Edit subfields
 4. Tab s - check the checkbox for Editor, uncheck the checkbox for
    Collapsed - Save changes
 5. Cataloging - New record
 6. Click in the input for 000 and hold down Tab until you get past 008
    to fill in mandatory default values, then type any character in 040
    subfield c
 7. Tab 2 - In 245 subfield a type Series not serial
 8. Tab 4 - In 490 subfield a type any character
 9. Tab 9 - Set the value of subfield c to Books
10. Click save and leave the tab open to keep the biblionumber
11. Cataloging - New record - repeat step 6
12. Tab 2 - In 245 subfield a type Serial not series
13. Tab 9 - Set the value of subfield c to Books - Type 1 in subfield s
14. Click save, the biblionumber should be one higher than the first one
15. Reports - Create from SQL
16. Type something in Report name, paste in the SQL
SELECT biblio.serial, biblio.seriestitle, biblio.title FROM biblio WHERE
biblionumber IN ("","")
    and put your first biblionumber in the first "", your second in the
    second.
17. Save report - Run report
18. Series not serial should have a blank in the serial column and the
   character you typed in the seriestitle column; Serial not series
   should have a 1 in the serial column and a blank in the seriestitle
   column.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 65b7c6731933f4b7d284ac07b9adab0d2ada60ca)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit a25c9e637bbf7f053d5d65d21d9b7f139c316524)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit fe01585fcb31d5d39842bbc13128cbc08b03b4eb)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34184: Add empty option for suggestion "document type"

Currently when editing a suggestion, the document type will preselect to the
first entry as we don't have an empty entry.
This can lead to data errors easily.

Test plan:
Create a new suggestion
=> Notice that "document type" is empty by default, pick one
Edit it again
=> Notice that the value is kept and empty can be picked, pick empty
Edit again
=> Empty is selected and saved in DB

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6485f244e085fe48b796dd64178659c2f4a5e4ba)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit cb07de6a981eab80c5764beb35c774e2910359ca)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 339e7adfbc8b450505f4db050932a876dff7c964)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33939: Preserve order budget dropdowns and default budget dropdowns seperately

The dropdowns have different hints after bug 22802. We need to preserve those when adding
or hiding inactive budgets

To test:
1 - Add some inactive budgets to Koha
2 - Use the settings and file from bug 22802 to stage a file and begin adding to basket
3 - When adding to basket test the 'Show inactive funds' on both the 'Select to import' tab and the 'Default accounting details' tab
4 - Ensure the dropdown hints/defaults don't change when hiding/showing budgets
5 - Confirm inactive budgets are correctly shown/hidden

Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 80eb5ac35be44afd5547e1fa75da475d88f95612)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit a2a8cb86b0d73f11514158a29e1b0780f89a04a6)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 2ee83ca00a1f1a395970d25480b3b0a9ed9df086)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33727: (QA follow-up) perl tidy whole file

Test plan:
Run prove again. Run qa tools.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit c0f2a47d3ce78a23aa1b6253188108ce3b0047b7)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8ecb70b338d0456a73af92d50baf765bcff4f9a7)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 08741b6426189a74180f25a42bdfe1344df5d154)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33727: Merge both Calendar tests

The old t tests become part of the first subtest.

Test plan:
Run the new t/db_dependent/Calendar.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2eb6c36c4ddec644619486dea5520e89ef9af56b)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6052f0ec174fb313998cbe38d17af4d9390ee319)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 419d3ca563cbfc3cb2bad831cd774f98b4368a79)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33727: Groundwork for Calendar.t

Update test while removing need for Test::DBIx::Class.

Test plan:
Run t/Calendar.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6e736a5d5f342325651944772b74c5ace1b8814f)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit d77d59fcaa5cb9fbbf92777282101a64ef285df7)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 06a85cc89442eeb0f189063ada80c5e8e02c5bd3)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34243: Fix copy/pasted city references in api tests

Two occurrences.
Just comments.

Test plan:
Read the patch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 308d75d05d105a5829c98617b5229fae587c32f3)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit ef77656e85fc959ad7f769a8dbdec8e97cc23c4e)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit d2498373a617fd2ba8f937cfa58850e381021690)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 34097: Prevent clicking ellipsis for dateaccessioned plugin from scrolling up

Test plan:
1. Find a record with several items (in ktd "MacLaren's Gaelic
   self-taught" will do nicely
2. Click the Edit button next to one of the items
3. Click the "..." to the right of "d - Date acquired" and verify that the
   page doesn't scroll up to the top, and that the current date is
   inserted in the field
4. Click the "..." to the right of "w - Price effective from" and verify
   that the page doesn't scroll up and the current date is inserted

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 3824547e5c92328ae0bf54939ec0315b1cbfd98f)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 2d24f269f5692ca333d55381e337a5a90a1d1eff)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 9fef2b809d3da374f8b11f3e99a8bed3b4900647)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Bug 33808: Add aria-labels in reports-toolbar.inc

This patch adds an aria-label and an aria-haspopup to Download buttons
identified as non-descriptive in accessibility testing

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8fac9067b2494cca29a2b2147b78366c6a53bcf6)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit eba9d136604c6f2e4847d4d71396b08b22e6b4d5)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 1e621efd8c4c6c9c6d8e80b7a03031ff00ffad00)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>