Aleisha Amohia [Thu, 28 Mar 2024 00:09:48 +0000 (00:09 +0000)]
Update release notes for 22.05.20 release
Signed-off-by: Aleisha Amohia <aleisha@catalyst.net.nz>
Wainui Witika-Park [Wed, 27 Mar 2024 23:04:09 +0000 (23:04 +0000)]
Increment version for 22.05.20 release
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Fridolin Somers [Wed, 27 Mar 2024 09:20:03 +0000 (10:20 +0100)]
Bug 24879: (follow-up) Fix test suite
Running cataloguing pluings (in cataloguing/value_builder) now requires
authentification.
This patch adds in failing unit tests a mock of C4::Auth::check_cookie_auth
Test with:
prove t/db_dependent/FrameworkPlugin.t t/db_dependent/Koha/UI/Form/Builder/Biblio.t t/db_dependent/Koha/UI/Form/Builder/Item.t t/db_dependent/Serials.t
(cherry picked from commit
f8a23b8ef46aea60eda9211a3e89af85d650ac26)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
suite
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Wainui Witika-Park [Wed, 27 Mar 2024 01:11:42 +0000 (01:11 +0000)]
Bug 23352: [22.05] (follow-up) change number of tests
Jonathan Druart [Fri, 15 Mar 2024 09:19:16 +0000 (10:19 +0100)]
Bug 24879: Exclude koha_perl_deps.pl
And tidy.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Thu, 14 Mar 2024 15:53:35 +0000 (16:53 +0100)]
Bug 24879: Use perl shebang to list the exec
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Thu, 14 Mar 2024 15:19:06 +0000 (16:19 +0100)]
Bug 24879: Add check_cookie_auth when missing
This can certainly be improved to adjust the permissions, but at least
they are no longer opened to the world..
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Thu, 14 Mar 2024 15:17:55 +0000 (16:17 +0100)]
Bug 24879: Adjust tests
Installer scripts cannot be run from the UI:
debian/templates/apache-shared-intranet.conf:RewriteRule ^/cgi-bin/koha/(C4|debian|etc|installer/data|install_misc|Koha|misc|selenium|t|test|tmp|xt)/|\.PL$ /notfound [PT]
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Thu, 14 Mar 2024 15:14:17 +0000 (16:14 +0100)]
Bug 24879: Remove installer/externalmodules.pl
It is not used, if we need it back it must be moved to misc.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Tue, 17 Mar 2020 10:54:12 +0000 (11:54 +0100)]
Bug 24879: Add new test to catch missing auth statement
in intranet scripts
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Fri, 15 Mar 2024 09:12:41 +0000 (10:12 +0100)]
Bug 31988: Remove reports/itemtypes.plugin
This "plugin system" is only used for the itemtypes report. We can
simply remove the reports/manager.pl script and this plugin in favor of
a dedicated report.
Test plan:
Same behaviour expected before and after this patch
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Thu, 14 Mar 2024 15:42:08 +0000 (16:42 +0100)]
Bug 36322: Redirect docs dir to 404
http://localhost:8081/cgi-bin/koha/docs/CAS/CASProxy/examples/proxy_cas.pl
Test plan:
Hit the link
=> Erk
Copy the apache config to /etc/koha/apache-shared-intranet-git.conf
restart_all
Hit the link
=> 404
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Fridolin Somers [Mon, 18 Mar 2024 15:32:57 +0000 (16:32 +0100)]
Bug 36323: Move koha_perl_deps.pl to misc/devel
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Julian Maurice [Thu, 1 Feb 2024 08:15:23 +0000 (09:15 +0100)]
Bug 35960: Use .val() instead of string concat to prevent potential XSS
Test plan:
1. Log out
2. Go to /cgi-bin/koha/mainpage.pl#somestring"with<html>char
3. Open the brower's inspector and find "auth_forwarded_hash" input
4. Make sure the value attribute is there and corresponds to the URL's
fragment. It should be URI-encoded.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Wainui Witika-Park [Tue, 26 Mar 2024 01:16:03 +0000 (01:16 +0000)]
Bug 36244: DBRev 22.05.19.001
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Kyle M Hall [Thu, 7 Mar 2024 16:10:35 +0000 (11:10 -0500)]
Bug 36244: Add atomic update to check for affected notices
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fixed some typos in bug numbers and text.
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Andreas Jonsson [Thu, 7 Mar 2024 09:12:25 +0000 (09:12 +0000)]
Bug 36244: Do template toolkit processing first
To avoid injection of template toolkit code
from database fields that are controlled by
untrusted sources.
Test plan:
* review subtest 'Template toolkit syntax in
parameters' in t/db_dependent/Letters.t
* Run the unit test:
prove t/db_dependent/Letters.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Andreas Jonsson [Thu, 7 Mar 2024 09:07:49 +0000 (09:07 +0000)]
Bug 36244: Unit test for tt syntax in parameters
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Lucas Gass [Tue, 26 Mar 2024 20:32:15 +0000 (20:32 +0000)]
Bug 36176: Exclude misc/releases_notes/*
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Wed, 28 Feb 2024 15:28:33 +0000 (16:28 +0100)]
Bug 36176: Reject cud- for stable branches
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Wainui Witika-Park [Wed, 28 Feb 2024 21:50:56 +0000 (21:50 +0000)]
Update release notes for 22.05.19 release
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Aleisha Amohia [Wed, 28 Feb 2024 21:23:38 +0000 (21:23 +0000)]
Increment version for 22.05.19 release
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Jonathan Druart [Wed, 14 Feb 2024 07:49:33 +0000 (08:49 +0100)]
Bug 36034: Add test
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Andreas Jonsson [Thu, 8 Feb 2024 10:57:03 +0000 (11:57 +0100)]
Bug 36034: (bug 34893 follow-up) fix capture of return values from checkpw
Adapt code to the change of return value type of checkpw
introduced in bug 34893
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Thu, 8 Feb 2024 15:55:43 +0000 (15:55 +0000)]
Bug 35518: Tidy the moved blocks
This patch just tidies the moved blocks to get us past the QA script
check.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit
b577b6567045184adcb5bb55b7e5c70428e124ee)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit
1f182d45aba607dbfaf63c98f97b8615e5eea09d)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit
d44a697788c947b9deb08aafaeb965f0e2b069f0)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit
870c18a6545092de9fd50c187f68dd0d6574b56b)
Nick Clemens [Fri, 26 Jan 2024 14:10:01 +0000 (14:10 +0000)]
Bug 35518: Check authentication and set userenv before fetching userenv variables
Currently we get the userenv before we have set it correctly for the session
To test:
1 - Sign in as a user with fast cataloging permission
2 - Bring up a patron, type gibberish into barcode field to get a fast cataloging link
3 - Check the link, it should have your current signed in barcode
4 - Sign in to a different browser with a different user and at a different branch
5 - Bring up a aptron in circulation and type gibberish into barcode field to get a fast cataloging link
6 - It may have your branch, but it may also have the other user's branch from the other window
7 - Keep entering gibberish to get a link until one user has the correct branch
8 - Then switch to the other browser, and keep entering gibberish, watch the branchcode change
9 - Apply patch, restart all
10 - Test switching between browsers. generating fast cataloging links
11 - Users should now consistently have the correct branch
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit
90b6f68616e2ba5ca3fcbbd9698c97ef41a45593)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit
26722f2a08af99b9e3cb4eb50398df896085f527)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit
1460974627a7c094144fe4b834f07a5ee0c5b493)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit
70c86eb8926def78636e69b02d4ad47cecce6323)
Jonathan Druart [Wed, 14 Feb 2024 08:45:45 +0000 (09:45 +0100)]
Bug 36092: Pass sessionID at the end of get_template_and_user
It seems safer to pass the logged in user and session info at the end of
the sub.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit
c50372c0b5c490971e4e336541aa85fbb45033d2)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit
2ba597ea70612aec6880a583e9436da2367b5644)
Jonathan Druart [Wed, 14 Feb 2024 09:33:11 +0000 (10:33 +0100)]
Bug 36092: Pass the sessionID from checkauth if we hit auth
If we hit the auth page we were not passing sessionID to the template
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit
0decb260343455caabd4101b0b0e9499723f2951)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit
9580111a206522e90a76d0fbaafdaaca0401d6fd)
Jonathan Druart [Wed, 14 Feb 2024 09:56:17 +0000 (10:56 +0100)]
Bug 36092: Add test
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit
7bc46ea231c3e63e017da2a26a7a8918ed161cab)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
(cherry picked from commit
14cce4e9364792e93c50a1d6bed01d4e85d150d4)
Tomas Cohen Arazi [Fri, 28 Jul 2023 13:40:28 +0000 (10:40 -0300)]
Bug 30524: (QA follow-up) Fix tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
158edb411b32253fae4f068ce416d6ad4d1a67d3)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit
38725ed0af95c318077c46f337795054e31c60e4)
Tomas Cohen Arazi [Thu, 27 Jul 2023 18:33:55 +0000 (15:33 -0300)]
Bug 30524: (QA follow-up) Unit tests for GenerateCSRF()
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
60d11ae7251a227fab3977ecd61cb01d0f062f79)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit
d4187c77eb3b39977b759af7df7641e70cd96358)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit
26ab7e0b200ac8e5fe4d88603996d823bf63d8bc)
Kyle M Hall [Thu, 27 Jul 2023 11:45:57 +0000 (07:45 -0400)]
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used
This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.
Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
ddf1eb6cef14da365675890920ff72f010c59527)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit
73ca151686b682aaa2b950ccbc89fcec14514112)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit
b1bd7ec29a0febddc210dbdc3bef0a78e37c7719)
Kyle M Hall [Tue, 30 Jan 2024 15:58:02 +0000 (10:58 -0500)]
Bug 35942: OPAC user can enroll several times to the same club [23.05.x]
Test Plan:
1) Create 3 clubs, 1 limited to library A, 1 limited to library B and one not limited
2) Use a patron with home library A.
3) Go to the opac-user page, "Clubs" tab show 0/2 (the one from library B is not listed)
4) Browse to /cgi-bin/koha/svc/club/enroll?id=1
5) Reload that page a couple times
6) Note the patron is now enrolled in the same club multiple times
7) Delete those enrollments
8) Apply this patch
9) Restart all the things!
10) Repeat steps 2-7, note the lack of duplicate enrollments!
11) Repeat steps 2-10 for the staff interface
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit
9bdab108e22768b018b017ed7c0e0016270f2570)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Jonathan Druart [Fri, 26 Jan 2024 07:58:17 +0000 (08:58 +0100)]
Bug 35918: Fix auto library connect (AutoLocation)
This code is a bit weird, its purpose it to auto select the library depending on the IP.
A problem appears if the same IP is used, then the user's choice will
might be overwritten randomly by another library.
To recreate the problem:
Turn on AutoLocation
Use koha/koha @CPL for test
And the following config:
*************************** 1. row ***************************
branchcode: CPL
branchname: Centerville
branchip: 172.18.0.1
*************************** 2. row ***************************
branchcode: FFL
branchname: Fairfield
branchip: 172.18.0.1
*************************** 3. row ***************************
branchcode: FPL
branchname: Fairview
branchip: 172.18.0.4
Connect and select CPL. Randomly FFL will be picked instead.
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Tested this on top of 35890 and 35904 because git bz said they were required dependencies.
Figured out the IP Koha was seeing me as coming from in /var/log/koha/kohadev/plack.log.
Added that IP to the branchip for Centerville, Fairfield and Fairview. Set AutoLocation = Yes.
After this I could recreate the problem: If i left the "Library" field in the login screen
at "My Library" I got logged into a random library selected from the three i had set
branchip for. Applying the patches fixed this, as expected.
Tests pass, with AutoLocation off.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Fri, 26 Jan 2024 07:57:03 +0000 (08:57 +0100)]
Bug 35918: Add test
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Thu, 25 Jan 2024 08:36:01 +0000 (09:36 +0100)]
Bug 35890: Add tests for AutoLocation
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Wed, 24 Jan 2024 15:25:30 +0000 (16:25 +0100)]
Bug 35890: Reject login if IP is not valid
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Wed, 24 Jan 2024 15:24:51 +0000 (16:24 +0100)]
Bug 35890: Remove var loggedin
It is never used and add confusion
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Victor Grousset/tuxayo [Thu, 15 Feb 2024 03:18:37 +0000 (04:18 +0100)]
Bug 35904: (QA follow-up): tidy up code
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Thu, 25 Jan 2024 09:35:41 +0000 (10:35 +0100)]
Bug 35904: Make C4::Auth::checkauth testable easily
This patch suggests to add a new flag do_not_print to
C4::Auth::checkauth to not print the headers and allow to test this
subroutine more easily.
We do no longer need to mock safe_exit and redirect STDOUT to test its
return values.
There are still 3 left:
1.
733 # checkauth will redirect and safe_exit if not authenticated and not authorized
=> Better to keep this one, not trivial to replace
2.
806 # This will fail on permissions
This should be replaced but testing $template->{VARS}->{nopermission}
fails, I dont' think the comment is better.
3.
828 # Patron does not have the borrowers permission
Same as 2.
2. and 3. should be investigated a bit more.
This patch also move duplicated code to set patron's password to a
subroutine set_weak_password.
Test plan:
Read the code and confirm that everything makes sense.
QA: Do you have a better way for this? Yes it's dirty!
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Tomas Cohen Arazi [Wed, 17 Nov 2021 21:09:02 +0000 (18:09 -0300)]
Bug 29510: (follow-up) Adapt GET /patrons/:patron_id
This patch makes GET /patrons/:patron_id rely on this new behavior from the
objects.find helper.
To test:
1. Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests still pass!
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Tomas Cohen Arazi [Wed, 17 Nov 2021 21:03:00 +0000 (18:03 -0300)]
Bug 29510: Make objects.find call search_limited if present
This patch makes objects.find implicitly update the passed
*$result_set* to use search_limited. This way no object leaks could
happen without noticing.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/REST/Plugin/Objects.t
=> FAIL: Tests fail because search_limited is not used
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Results are correctly filtered based on userenv!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Tomas Cohen Arazi [Wed, 17 Nov 2021 21:02:17 +0000 (18:02 -0300)]
Bug 29510: Regression tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Kyle M Hall [Tue, 30 Jan 2024 14:32:12 +0000 (14:32 +0000)]
Bug 35941: (QA follow-up) Tidy clubs-tab.pl
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Tue, 30 Jan 2024 13:53:03 +0000 (14:53 +0100)]
Bug 35941: Limit club list to those from the logged in user
clubs-tab get the patron's id from the parameter. At the OPAC we must
use the one from the logged in user, to prevent leak to other users
Test plan:
Have 2 clubs: A, B
Enroll to A with patron borrowernumber=1
Enroll to B with patron borrowernumber=2
Log in with patron 1 and hit:
http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=1
=> OK
Now hit
http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=2
=> oops
Apply this patch, try again.
The "borrowernumber" parameter is no longer used to fetch the club list.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Marcel de Rooy [Tue, 13 Feb 2024 12:36:44 +0000 (12:36 +0000)]
Bug 36072: opac-request-article should check syspref
Note: This is handled now just like opac-reserve.
Test plan:
Disable ArticleRequests and hit the page.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Wainui Witika-Park [Mon, 29 Jan 2024 00:06:42 +0000 (00:06 +0000)]
Update release notes for 22.05.18 release
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
root [Sun, 28 Jan 2024 23:37:54 +0000 (12:37 +1300)]
Increment version for 22.05.18 release
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Martin Renvoize [Tue, 6 Dec 2022 20:07:02 +0000 (17:07 -0300)]
Bug 35343: Add record accessor method to Koha::Authority
Code lifted from bug 31794 to fix already backported bug 26611.
Unit tests included.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit
40115a2c8cba3e081ffd0710899ef4556a3bbb54)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Tomas Cohen Arazi [Wed, 17 Aug 2022 13:33:07 +0000 (10:33 -0300)]
Bug 27342: Fix C4::ILSDI::Services::AuthenticatePatron
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Tomas Cohen Arazi [Tue, 16 Aug 2022 13:50:47 +0000 (10:50 -0300)]
Bug 27342: (QA follow-up) Fix test
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Martin Renvoize [Wed, 10 Aug 2022 07:12:53 +0000 (08:12 +0100)]
Bug 27342: (QA follow-up) Remove dbh from new tests
Jonathan Druart [Tue, 5 Jan 2021 10:28:16 +0000 (11:28 +0100)]
Bug 27342: Remove dbh from C4::Auth
We must not pass $dbh but retrieve it when needed instead
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Tue, 5 Jan 2021 10:18:26 +0000 (11:18 +0100)]
Bug 27342: Improve test for OPAC
We don't need to build allowed_scripts_for_private_opac for staff
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Wainui Witika-Park [Wed, 27 Mar 2024 01:03:49 +0000 (01:03 +0000)]
Bug 34893: [22.05] (follow-up) change number of tests
Aleisha Amohia [Wed, 24 Jan 2024 09:59:43 +0000 (09:59 +0000)]
Bug 34893: [22.05] Add a Koha::Patron->update_lastseen method
Without this patch, we get an error trace whe calling AuthenticatePatron
The method Koha::Patron->update_lastseen is not covered by tests!
Tomas Cohen Arazi [Fri, 15 Dec 2023 13:54:11 +0000 (10:54 -0300)]
Bug 34893: Unit tests for C4::Auth::checkpw
This patch introduces some tests on the current (and new) behavior for
the `checkpw` function.
I needed it to better understand if an edge case was actually possible
(it wasn't).
Found a really minor annoyance for the internal check with expired
password not returning the $patron object for consistency with the other
use cases.
I think this method deserves (at least) changing the return value to a
sane data structure. But that's not target for backporting to stable
releases. So a separate bug.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Kyle M Hall [Fri, 1 Dec 2023 11:29:19 +0000 (06:29 -0500)]
Bug 34893: (QA follow-up) Tidy code for qa script
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
David Cook [Tue, 28 Nov 2023 22:57:39 +0000 (22:57 +0000)]
Bug 34893: Add checkpw change to REST API
This patch adds the checkpw return value change to the REST API
route for validating user identifiers and password.
Test plan:
0. Apply patch
1. prove t/db_dependent/api/v1/password_validation.t
Bonus points:
1. koha-plack --reload kohadev
2. Enable syspref RESTBasicAuth
3. curl -XPOST -H "Content-Type: application/json" \
-u <staff_userid>:<staff_password> \
-d '{"identifier":"<cardnumber>","password":"<password>"}' \
http://localhost:8081/api/v1/auth/password/validation
4. Validation doesn't fail. It gives you cardnumber, patron_id, userid
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Kyle M Hall [Fri, 22 Sep 2023 18:20:59 +0000 (14:20 -0400)]
Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron
Imagine we have a set of users. Some of those users have a NULL userid. We then call AuthenticatePatron from ILS-DI for a patron with a NULL userid, but a valid cardnumber. We call checkpw, which returns the cardnumber and userid. We then call Koha::Patrons->find on the userid *which is null*, meaning the borrowernumber returned is not the correct one, but instead the earliest patron inserted into the database that has a NULL userid.
Test Plan:
1) Give three patrons a userid and a password
2) From the database cli, set all patrons's userid to null
Run this query: update borrowers set userid = null;
3) Call AuthenticatePatron with username being the 1st patron cardnumber,
and password being the password you set for that patron
http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=kohacard&password=koha
4) Note you get back a borrowernumber for a different patron. Refresh the page and the number is correct.
5) Do the same with the 2nd patron. Same issue at 1st and correct number after.
6) Apply this patch
7) Restart all the things!
8) Do the same with the 3rd patron.
9) Note you get the correct borrowernumber! :D
10) prove t/Auth.t t/db_dependent/Auth_with_ldap.t t/Auth_with_shibboleth.t t/db_dependent/Auth_with_cas.t
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Kyle M Hall [Wed, 29 Nov 2023 17:18:32 +0000 (17:18 +0000)]
Bug 34893: Add unit tests
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Lucas Gass [Tue, 28 Nov 2023 16:05:03 +0000 (16:05 +0000)]
Update release notes for the 22.05.17 release
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Tue, 28 Nov 2023 15:37:05 +0000 (15:37 +0000)]
Increment version for 22.05.17 releasse
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Aleisha Amohia [Thu, 23 Nov 2023 21:08:09 +0000 (21:08 +0000)]
Bug 35291: (QA follow-up) Tidying script for QA test tools
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Thu, 9 Nov 2023 00:49:54 +0000 (00:49 +0000)]
Bug 35291: Validate filepaths in linking files
Validate that the files in linking files are contained within the ZIP.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Thu, 9 Nov 2023 00:23:45 +0000 (00:23 +0000)]
Bug 35291: Don't allow symlinks for link files in cover image ZIP
There's no reason to allow symlinks for link files in cover image
ZIP files. Preventing their use prevents someone from uploading
a symlink pointing to an existing file on the Koha server.
Test plan:
0. Apply patch and restart/reload Koha
1. Create a PNG cover image
2. Create a datalink.txt file that contains something like the
following:
29,Untitled.PNG
3. Turn on "LocalCoverImages" system preference
4. Upload via http://localhost:8081/cgi-bin/koha/tools/upload-cover-image.pl
5. Go to http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=29
6. Note the cover image has been uploaded
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Wed, 8 Nov 2023 16:14:55 +0000 (17:14 +0100)]
Bug 35291: Prevent leaks from FS
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Thu, 9 Nov 2023 19:46:35 +0000 (19:46 +0000)]
Bug 35290: (follow-up) Perltidy formatting corrections
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
David Cook [Wed, 8 Nov 2023 23:39:45 +0000 (23:39 +0000)]
Bug 35290: Sanitize field input on cataloguing/ysearch.pl
This change sanitizies the field input on cataloguing/ysearch.pl
Test plan:
0. Apply the patch and restart/reload Koha
1a. "Add marc21_field_260b.pl plugin to 260$b in the Default framework"
1b. Go to http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?
op=add_form&tagfield=260&frameworkcode=#subbfield
1c. Choose "marc21_field_260b.pl" from the dropdown next to "Plugin"
1d. Click "Save changes"
2a. "Add new record"
2b. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?frameworkcode=
3. Click on tab "2" and scroll down to 260 "b"
4. Type in "Ori" into 260 subfield b
5. Some autocomplete suggestions should appear
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Jonathan Druart [Wed, 22 Nov 2023 08:52:57 +0000 (09:52 +0100)]
Bug 35174: [22.05] (follow-up) Add a warning to the about page
Mason James [Thu, 16 Nov 2023 10:06:27 +0000 (23:06 +1300)]
Bug 35174: update control files for koha-l10n dependency package
to test...
- apply patch
- build koha-common package
- install koha-common package, and confirm koha-l10n package is installed
Jonathan Druart [Thu, 16 Nov 2023 07:45:15 +0000 (08:45 +0100)]
Bug 35174: Don't run gulp po commands if po dir is missing
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 16 Nov 2023 07:44:56 +0000 (08:44 +0100)]
Bug 35174: Add misc/translator/po to .gitignore
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 16 Nov 2023 07:43:43 +0000 (08:43 +0100)]
Bug 35174: Add a warning to the about page
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 16 Nov 2023 07:27:10 +0000 (08:27 +0100)]
Bug 35174: Do not explode if po dir does not exist
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Koha translators [Wed, 22 Nov 2023 08:38:13 +0000 (09:38 +0100)]
Bug 35174: Remove .po files from Koha
Jonathan Druart [Thu, 19 Oct 2023 07:41:03 +0000 (09:41 +0200)]
Bug 35103: Add option to gulp tasks to pass a list of tasks
You can now generate the messages.po for all languages with:
gulp po:update --task messages
or for only es-ES
gulp po:update --task messages --lang es-ES
It may be helpful for the "update po" script that will be used on
weblate.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 8 Nov 2023 13:07:23 +0000 (14:07 +0100)]
Update yarn.lock
Owen Leonard [Wed, 15 Feb 2023 17:36:57 +0000 (17:36 +0000)]
Bug 32978: Replace node-sass with dart-sass
'npm install' fails in ktd on aarch64, giving unsupported architecture error for node-sass.
This patch addresses this by replacing node-sass with dart-sass, updating our gulpfile
accordingly. Some corrections have been made to SCSS to fix warnings
raised during the build process.
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Works like a charm. Great work oleonard! Tested on Apple M1, e.g. aarch64.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: I removed some useless formatting changes in the gulpfile, and the
yarn.lock changes as well.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Julian Maurice [Tue, 17 Oct 2023 15:13:55 +0000 (17:13 +0200)]
Bug 35079: Replace --force-extract by --generate-pot={always,auto,never}
This restores the original behaviour of always building the POT file
in order to not break existing workflows
Option --force-extract is deleted in favor of a new option
--generate-pot that can have 3 values:
* always: always build the POT file. This is the default value
* auto: build the POT file only if it does not exist
* never: never build the POT file
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Julian Maurice [Tue, 17 Oct 2023 14:33:37 +0000 (16:33 +0200)]
Bug 35079: Rebuild POT files only if necessary or asked explicitely
By default, gulp tasks po:create and po:update won't rebuild the POT
files if they already exist.
Both tasks gained a new option --force-extract to rebuild them
unconditionally
This makes it possible to create/update PO files for multiple languages
sequentially without rebuilding the POT file for each language.
For instance:
gulp po:update --lang fr-FR
# do something with the PO files
gulp po:update --lang en-GB
# ...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 12 Oct 2023 10:35:12 +0000 (12:35 +0200)]
Bug 35043: Do not have \n or \t appear in PO files
This is a trick, so that we won't have to deal with \t in PO files.
\n is not a problem, but it seems consistent to use the same method for
both.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Jonathan Druart [Thu, 12 Oct 2023 09:44:16 +0000 (11:44 +0200)]
Bug 35043: Use Locale::PO->quote
We have our own "quote_po" sub that is stating that Locale::PO::quote
is buggy because it does not deal with quoting new lines correctly.
However it seems that it is fixed now.
Ideally we could use Locale::PO::quote everywhere, but it does not
escape tab characters:
$string =~ s/\\(?!t)/\\\\/g; # \t is a tab
This means the following:
msgid "Tabulation (\\t)"
msgstr "Tabulation (\\t)"
become:
-msgid "Tabulation (\t)"
-msgstr "Tabulation (\t)"
And we are seeing the following on Weblate:
https://snipboard.io/BjQmDC.jpg
Note that Locale::PO has not been updated since 2014...
The real problem behind this is that we have 2 methods to quote strings.
At first glance it seems that Locale::PO::quote was not used before, but
with the introduction of the koha-i18n project we will have scripts that
will use Locale::PO->save_file_fromarray, which uses Locale::PO->quote
=> Those scripts will be used on the translation server for post
processing (security reason, marking potential XSS strings as fuzzy).
Test plan:
0. Do not apply the patch
1. gulp po:update --lang LANG # Replace LANG with your favorite language
code
2. git commit -a -m"init PO files"
3. Apply this patch
4. Repeate 1.
5. git diff
=> The change is about the "Tabulation" and "New line" strings from
tools/csv-profiles.tt
6. Translate them (replace the \t and \n with %s) and remove the fuzzy
flag
7. install the template: cd misc/translator && perl translate install
LANG
8. Enable the language, use it and go to the "Nouveau profil CSV" view
=> Notice that the \t and \n are correctly displayed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Jonathan Druart [Wed, 11 Oct 2023 09:35:41 +0000 (11:35 +0200)]
Bug 35024: Do not wrap translations
PO files wrap differently depending on versions.
Looks like (thanks Julian!) it's coming from libunistring, between 0.9.10 and 1.0 I am seeing a change in how the strings in the PO files are wrapped.
Debian 11 (using libunistring 0.9):
"%s %sPrintemps%s %s %sÉté%s %s %sAutomne%s %s %sHiver%s %s %sPrtps%s %s %sÉté"
"%s %s %sAut%s %s %sHiv%s %s %s %s"
Debian 12, Ubuntu 22.04(using libunistring 1.0)
"%s %sPrintemps%s %s %sÉté%s %s %sAutomne%s %s %sHiver%s %s %sPrtps%s %s "
"%sÉté%s %s %sAut%s %s %sHiv%s %s %s %s"
It *could* come from this changes:
https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=
5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=HEAD
* The functions u*_possible_linebreaks and u*_width_linebreaks now make it
easier to work with strings that contain CR-LF sequences: In this case,
in the returned array, it will return UC_BREAK_CR_BEFORE_LF followed by
UC_BREAK_MANDATORY (instead of twice UC_BREAK_MANDATORY).
The command used is:
% msgmerge --backup=off --quiet -F --update misc/translator/po/fr-FR-staff-prog.po misc/translator/Koha-staff-prog.pot
No matter the value of --width.
One solution is to use --no-wrap, and never wrap :)
I sent an email to the list about this suggestion https://lists.katipo.co.nz/pipermail/koha/2023-October/060143.html
Test plan:
% gulp po:update --lang LANG
And notice that the lines are no wrapped anymore.
Note that in master there were already not wrapped (?)
commit
edd378f4d14d79107d662b053c8e6f750326dd23
Translation updates for Koha 23.05.00
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Fri, 6 Oct 2023 14:48:57 +0000 (16:48 +0200)]
Bug 34959: Sort PO files correctly
The PO files are not sorted when we update them which leads to
unnecessary changes that are commited: hard to see differences and
make git index grow superfluously.
Test plan:
0. Do not apply this patch
1. gulp po:update --lang es-ES
2. git commit -a -m"First PO update"
3. Run again the gulp update command
4. git diff
=> You have a lot of changes generated here, the po:update is not
idempotent.
5. Apply this patch
6. Run the gulp update command
7 git commit -a -m"PO update after 34959"
8. Run the gulp update command
9. git diff
=> No changes are generated
Note that this patch will all the entries by files, and per line
numbers.
It fixes a bug in some condition, where we add information/context about
the string. For instance search for "For the first occurrence" in the
file. Prior to this patch this was not correct, we didn't add info about
the first occurrence (but whichever in the list).
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 6 Oct 2023 15:17:51 +0000 (17:17 +0200)]
Bug 34959: Remove unused sub
Nothing special here, this sub is not used and we can remove it.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Aleisha Amohia [Tue, 23 May 2023 03:32:59 +0000 (03:32 +0000)]
Bug 26611: Make authority record matching use required match checks
This patch fixes record matching for authorities to correctly apply required match checks.
To test:
1) Create a record matching rule:
Threshold: 100
Record type: Authority record
Match point 1
Search index: subject-topical
Score: 100
Tag: 150
Subfields: a
Match check 1
Both source and target record check fields:
Tag: 040
Subfields: a
This rule says we want to match on the topical term heading, then confirm the match with 040$a.
2) Create two topical term authority records
Authority 1:
150$a: Test
040$a: A
Authority 2:
150$a: Test
040$a: B
3) Export authority 2 and save
4) Go to Cataloging -> Stage records for import
5) Upload your downloaded authority 2 file. Change the record type to Authority. Choose your new record matching rule.
6) Stage for import.
7) Confirm that with the record matching rule applied, both authorities 1 and 2 show as possible matches, even though only authority 2 has a matching 040$a.
8) Apply the patch and restart services
9) Change the matching rule to "Do not look for matching records" and apply. This is to essentially refresh the page.
10) Change the matching rule to your new matching rule and apply. Confirm only the matching authority 2 shows and is selected.
Sponsored-by: Waikato Institute of Technology
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
33856898fd2f1cd757aeafe3c165300928f9da61)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit
11bce8210a964935ed0d5ec2e480e958d3d75551)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Marcel de Rooy [Thu, 25 May 2023 07:29:30 +0000 (07:29 +0000)]
Bug 33404: Add unit tests
Test plan:
Run t/db_dependent/Breeding.t
Run t/db_dependent/Breeding_Auth.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Amended patch: perltidy
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
e9cab7f1fc7acc0b340d07770c750ac9fed50a58)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit
fdcb386548ef8bd0c6f85a17b1fa69ab1f16c298)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit
a9b50d6b5722480c04c90196d6e3d81d6fbc351d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Marcel de Rooy [Thu, 25 May 2023 06:03:48 +0000 (06:03 +0000)]
Bug 33404: Fix serverhost and init $page
The array serverhost is not filled. Should be replaced with values
from servers array.
Test plan:
Nothing exciting here. Read the patch.
Note that we will test in the next patch if the hostname is saved
correctly in the import batch.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
eb759719908949bc5f7c388d26d4e9dd28b1e415)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit
ba442b1a3b1d77585c8507697c6a5d2755605bb8)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit
9b7218373a1dfd3cd49e4bbe2cabf8438678f426)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Marcel de Rooy [Wed, 24 May 2023 14:57:46 +0000 (14:57 +0000)]
Bug 33404: Z3950SearchAuth: Save in UTF-8 encoding
Test plan:
[1] If you have access to a Z3950 MARC8 auth server, search
for an authority record and import it.
[2] If you have access to a Z3950 UTF8 auth server, search
for an authority record and import it.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
1233480ffaecb307ae7e9279acee7b516e42776f)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit
52a243e3cae0afc9d1cc9cc97f5746ba6384bf01)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit
d25ad4d949ecc5fd40bfbe95bcd682e97c13f58c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Fri, 26 May 2023 17:28:50 +0000 (17:28 +0000)]
Bug 33848: Enabling Coce in the OPAC breaks cover images on bibliographic detail page
Bug 32412 added an additional "context" parameter to KOHA.coce.getURL.
The code which pulls a Coce image for the "main" cover image slider
needs to include the correct context parameter for the images to load.
This patch also makes a minor correction to CSS in order to make the
cover image slider "dots" change color to highlight the current slide.
To test, apply the patch and rebuild the OPAC CSS.
- Enable multiple cover image sources in the OPAC including Coce, e.g.
Amazon, Google, OpenLibrary, etc.
- Search for a title which will match multiple cover image sources. In
the sample data a search for "Perl" will return good results.
- Note the number of cover images loading for a title in the search
results.
- View the detail page for that title. There should be the same number
of covers in the cover image slider.
- Clicking the slider navigation dots should work to show each image,
and the dot should change color to highlight the current image.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
d313f9b963ff0e5187eb19d81ef13231e0add39d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit
4125aec704464560515fb4f1f083b4cf4705ba30)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit
fc3fde11d4e083bf23115d6c3533bca7037fab8b)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Wed, 31 May 2023 11:41:26 +0000 (13:41 +0200)]
Bug 33848: Don't remove coce container from template
It's removed from coce.js
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
aa8dc28e97d1971e191d5f7d08802257ae98f378)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit
6cef886164eb3fd792eacffa6a8451bdcc711cec)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit
be76f596a6dd901026d174723aee0324996b996d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Thu, 28 Sep 2023 16:41:13 +0000 (16:41 +0000)]
Update release notes for 22.05.16 release
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Thu, 28 Sep 2023 16:26:29 +0000 (16:26 +0000)]
Increment version for 22.05.16 release
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Thu, 3 Aug 2023 08:01:32 +0000 (10:01 +0200)]
Bug 34369: Fix 'Did you mean'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Tue, 1 Aug 2023 06:56:23 +0000 (06:56 +0000)]
Bug 34369: Require CSRF token for updating system preferences
This patch adds the requirements that updating a system preference
requires a CSRF token. (Also, adding and deleting local system preferences.)
0. Apply patch
1. koha-plack --reload kohadev
2. Add local system preference
3. Update local system preference
4. Delete local system preference
5. Update normal system preference
6. Note no errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Mon, 24 Jul 2023 04:31:15 +0000 (04:31 +0000)]
Bug 34349: Validate/escape inputs for task scheduler
This change validates and escapes inputs for task scheduler.
Test plan:
0. Apply patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/tools/scheduler.pl
3. Input a time a minute in the future and leave the date blank
4. Choose an existing report and output format
5. Type a malicious string which is also a valid email address
into the Email field
6. Click "Save"
7. Note that the job is added but the Email is wrapped in single
quotes
8. Try using a non-malicious email address with a single quote.
9. Note that the single quote is escaped, so that it will still
be used by runreport.pl
JD amended patch: tidy
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Removed pars for $email =~ regex, removed old commented lines.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Thu, 24 Aug 2023 18:19:37 +0000 (18:19 +0000)]
Bug 34513: (QA follow-up) Tidy
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Wed, 16 Aug 2023 02:51:43 +0000 (02:51 +0000)]
Bug 34513: Add checkauth unit test for resetting auth state when changing users
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Wed, 16 Aug 2023 02:21:40 +0000 (02:21 +0000)]
Bug 34513: Add end-to-end test for authorization check after first failed authorization
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>