Update release notes for 22.11.16 release

Increment version for 22.11.16 release

Bug 36244: DBRev 22.11.15.001

Merge branch '22.11.x' into 22.11.x-security

Bug 24879: Exclude koha_perl_deps.pl

And tidy.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 171197bf2353c0c415d25be127073ad13a9d86bc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ab6e314da2bf24b2b93ee72e1adb312676321ed4)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 24879: Use perl shebang to list the exec

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit f4a52fbc317067b62881110557aeb2b2cc63c41e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 5d713e293d5e3b28f1f0611855df88ea886de9e1)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 24879: Add check_cookie_auth when missing

This can certainly be improved to adjust the permissions, but at least
they are no longer opened to the world..

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 496c8c4e2d9199a38c796fdd6f63d89d8c6b215d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 309e976765f593d6ec2b857295dc58e57d58900e)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 24879: Adjust tests

Installer scripts cannot be run from the UI:
debian/templates/apache-shared-intranet.conf:RewriteRule ^/cgi-bin/koha/(C4|debian|etc|installer/data|install_misc|Koha|misc|selenium|t|test|tmp|xt)/|\.PL$ /notfound [PT]

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6d61091f1ac8e66d2fdaac9a31530dfc7a7eb5fc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 2cb014d18387eb87387f6a2dae34f5d16d774303)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 24879: Remove installer/externalmodules.pl

It is not used, if we need it back it must be moved to misc.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 90fe13e23976e2de81adc14fbabfb99660320989)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 917889bc77029ee632748e444523047b1aceed03)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 24879: Add new test to catch missing auth statement

in intranet scripts

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8784a7e9ffe9fd5f22be133693d0d301f572e82d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 97ded9347cb21d4016f8d7cc42a360bad22490d7)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 31988: Remove reports/itemtypes.plugin

This "plugin system" is only used for the itemtypes report. We can
simply remove the reports/manager.pl script and this plugin in favor of
a dedicated report.

Test plan:
Same behaviour expected before and after this patch

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 499fe0bea7d995358bd45da2bea7058d803f2b4e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e2c5e7b88bb9bbc2888129a8f782841f6f5fcff9)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 36322: Redirect docs dir to 404

http://localhost:8081/cgi-bin/koha/docs/CAS/CASProxy/examples/proxy_cas.pl

Test plan:
Hit the link
=> Erk
Copy the apache config to /etc/koha/apache-shared-intranet-git.conf
restart_all
Hit the link
=> 404

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0cf08303932eea945d5c90cca0d5ca18fe8923d6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 01f70904548e64c73f0ddd81a5559b5c3c69b620)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 36323: Move koha_perl_deps.pl to misc/devel

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit e865f1e1ae67266e822be2690dc5610b22cdded1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 5aaa696afed47906b3f25e440c9a9243dbc1d489)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 36176: Reject cud- for stable branches

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
(cherry picked from commit 30999e675f1bb9d0088d1fbd355a552e25b42f20)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35960: Use .val() instead of string concat to prevent potential XSS

Test plan:
1. Log out
2. Go to /cgi-bin/koha/mainpage.pl#somestring"with<html>char
3. Open the brower's inspector and find "auth_forwarded_hash" input
4. Make sure the value attribute is there and corresponds to the URL's
   fragment. It should be URI-encoded.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e6f8a4361e2975dfefcd9773fa61ef7d40300086)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 5409e17fb5abe0130f3cb2cd6c3d2a7707a5b251)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 36244: Add atomic update to check for affected notices

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fixed some typos in bug numbers and text.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2e18611b7d8527c7ff9253a7669aad2c13a5afb0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

Bug 36244: Do template toolkit processing first

To avoid injection of template toolkit code
from database fields that are controlled by
untrusted sources.

Test plan:

* review subtest 'Template toolkit syntax in
  parameters' in t/db_dependent/Letters.t
* Run the unit test:
  prove t/db_dependent/Letters.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 07ac3b0b9450f812bb48cfecf7bf3f47f63279b5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 20353e094a952f506b9be7f21740e1001fbdeb69)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 36244: Unit test for tt syntax in parameters

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3f8b7785cd703f89de140108eb9347bf33a0c764)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 285f3093ed594d961c5618ed2b110f86f5467f35)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35942: OPAC user can enroll several times to the same club [23.05.x]

Test Plan:

1) Create 3 clubs, 1 limited to library A, 1 limited to library B and one not limited
2) Use a patron with home library A.
3) Go to the opac-user page, "Clubs" tab show 0/2 (the one from library B is not listed)
4) Browse to /cgi-bin/koha/svc/club/enroll?id=1
5) Reload that page a couple times
6) Note the patron is now enrolled in the same club multiple times
7) Delete those enrollments
8) Apply this patch
9) Restart all the things!
10) Repeat steps 2-7, note the lack of duplicate enrollments!
11) Repeat steps 2-10 for the staff interface

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 9bdab108e22768b018b017ed7c0e0016270f2570)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35942: OPAC user can enroll several times to the same club [23.05.x]

Test Plan:

1) Create 3 clubs, 1 limited to library A, 1 limited to library B and one not limited
2) Use a patron with home library A.
3) Go to the opac-user page, "Clubs" tab show 0/2 (the one from library B is not listed)
4) Browse to /cgi-bin/koha/svc/club/enroll?id=1
5) Reload that page a couple times
6) Note the patron is now enrolled in the same club multiple times
7) Delete those enrollments
8) Apply this patch
9) Restart all the things!
10) Repeat steps 2-7, note the lack of duplicate enrollments!
11) Repeat steps 2-10 for the staff interface

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 9bdab108e22768b018b017ed7c0e0016270f2570)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Update release notes for 22.11.15 release

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Increment version for 22.11.15 release

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35518: Tidy the moved blocks

This patch just tidies the moved blocks to get us past the QA script
check.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit b577b6567045184adcb5bb55b7e5c70428e124ee)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1f182d45aba607dbfaf63c98f97b8615e5eea09d)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35518: Check authentication and set userenv before fetching userenv variables

Currently we get the userenv before we have set it correctly for the session

To test:
 1 - Sign in as a user with fast cataloging permission
 2 - Bring up a patron, type gibberish into barcode field to get a fast cataloging link
 3 - Check the link, it should have your current signed in barcode
 4 - Sign in to a different browser with a different user and at a different branch
 5 - Bring up a aptron in circulation and type gibberish into barcode field to get a fast cataloging link
 6 - It may have your branch, but it may also have the other user's branch from the other window
 7 - Keep entering gibberish to get a link until one user has the correct branch
 8 - Then switch to the other browser, and keep entering gibberish, watch the branchcode change
 9 - Apply patch, restart all
10 - Test switching between browsers. generating fast cataloging links
11 - Users should now consistently have the correct branch

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 90b6f68616e2ba5ca3fcbbd9698c97ef41a45593)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 26722f2a08af99b9e3cb4eb50398df896085f527)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 36034: (bug 34893 follow-up) fix capture of return values from checkpw

Adapt code to the change of return value type of checkpw
introduced in bug 34893

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 3280e5a99de92a3e8d33ccef71d3013bac4add68)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 36034: Add test

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 80822f768978853fd661a53cd721c512aa74add2)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35941: Limit club list to those from the logged in user

clubs-tab get the patron's id from the parameter. At the OPAC we must
use the one from the logged in user, to prevent leak to other users

Test plan:
Have 2 clubs: A, B
Enroll to A with patron borrowernumber=1
Enroll to B with patron borrowernumber=2
Log in with patron 1 and hit:
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=1
=> OK
Now hit
  http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=2
=> oops

Apply this patch, try again.
The "borrowernumber" parameter is no longer used to fetch the club list.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e51ef7ef76a4ee523b302d724d80118185030e60)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

Bug 29510: RMaint fix test count

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 29510: Make objects.find call search_limited if present

This patch makes objects.find implicitly update the passed
*$result_set* to use search_limited. This way no object leaks could
happen without noticing.

To test:
1. Apply the regression tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/REST/Plugin/Objects.t
=> FAIL: Tests fail because search_limited is not used
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Results are correctly filtered based on userenv!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
(cherry picked from commit 1f1f0837cd2058ff8e953e6ae719c7513ad35927)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 36a1b9e4dff208b6b55ea50008984c7ca0fb298f)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 29510: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
(cherry picked from commit fe5dc0bdda78424437331cf83624c7606a3a54b4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit eae197962ed7355df520b87870dc56edebe5392b)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 34623: RMaint follow-up

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 34623: Update jQuery-validate plugin to 1.20.0

This patch updates the jQuery validation plugin in both the staff
interface and the OPAC to the latest version, 1.20.0.

To test, apply the patch and clear your browser cache if necessary.

Test various pages in the staff client to confirm that form validation
works as expected:

 - Patron password change form:
   - Password must conform to minPasswordLength
   - Password must not contain leading/trailing spaces
   - Passwords must match

 - Administration -> Add or edit budget:
   - Description, start date, and end date are required
   - Start date must be before end date

 - Administration -> Add or edit Z39.50/SRU server:
   - Server name, hostname, port, and database are required
   - Port, rank, and timeout must be a number

Perform the same check of the "Change password" form in the OPAC.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 8deffec3155f54b7209f1465942fd8fbea23da5e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 8c18a734930aa08823c344107db167c1937dc974)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 36072: opac-request-article should check syspref

Note: This is handled now just like opac-reserve.

Test plan:
Disable ArticleRequests and hit the page.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8afcbe0bbb556cb19ff2e33e56cf3bcb8dd13d11)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c4d348651192eaed83d13df4f7d166b977690e6d)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35918: Fix auto library connect (AutoLocation)

This code is a bit weird, its purpose it to auto select the library depending on the IP.
A problem appears if the same IP is used, then the user's choice will
might be overwritten randomly by another library.

To recreate the problem:
Turn on AutoLocation
Use koha/koha @CPL for test
And the following config:
*************************** 1. row ***************************
branchcode: CPL
branchname: Centerville
  branchip: 172.18.0.1
*************************** 2. row ***************************
branchcode: FFL
branchname: Fairfield
  branchip: 172.18.0.1
*************************** 3. row ***************************
branchcode: FPL
branchname: Fairview
  branchip: 172.18.0.4

Connect and select CPL. Randomly FFL will be picked instead.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Tested this on top of 35890 and 35904 because git bz said they were required dependencies.
Figured out the IP Koha was seeing me as coming from in /var/log/koha/kohadev/plack.log.
Added that IP to the branchip for Centerville, Fairfield and Fairview. Set AutoLocation = Yes.
After this I could recreate the problem: If i left the "Library" field in the login screen
at "My Library" I got logged into a random library selected from the three i had set
branchip for. Applying the patches fixed this, as expected.
Tests pass, with AutoLocation off.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4efe74fe12075298680965db3605f717f1da10d0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35918: Add test

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e00cfb3c7b3954e545ad4b363bff48a8f4345d0a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7073d114577105537d448c49430eb546c0b435a2)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35890: RMaint quick fix to make tests work

Bug 35890: Remove var loggedin

It is never used and add confusion

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0ce8cc4c05bc96503172018775ba574e41b40ecb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 16a7ac0fe71e74e28051cb5374923879c8c5213d)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35890: Reject login if IP is not valid

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 94e570d6af38c0061aeaad2ea25ab26bed2186f5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit bfbe854b6c8943b2afdec9a690a20d9615949962)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35890: Add tests for AutoLocation

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 85717a99c7ba20d3bef8e9ba15df6d0a86f368c6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6e4711d925ae705ecba6dcf78e030dc149c80017)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 34893: (RMaint follow-up) Test plan correction

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Bug 34893: [22.05] Add a Koha::Patron->update_lastseen method

Without this patch, we get an error trace whe calling AuthenticatePatron

The method Koha::Patron->update_lastseen is not covered by tests!

(cherry picked from commit 3417a7052a549bde30f0c5c400c9f228f107308f)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Bug 34893: (RMaint follow-up) Fix test plan

Merge mistake, just a simple correction to the test plan count was
needed.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

[RMaint follow-up] Fix executable permission on 22.11.12

The database updates should be executable.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Update release notes for 22.11.14 release

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Increment version for 22.11.14

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 34893: Unit tests for C4::Auth::checkpw

This patch introduces some tests on the current (and new) behavior for
the `checkpw` function.

I needed it to better understand if an edge case was actually possible
(it wasn't).

Found a really minor annoyance for the internal check with expired
password not returning the $patron object for consistency with the other
use cases.

I think this method deserves (at least) changing the return value to a
sane data structure. But that's not target for backporting to stable
releases. So a separate bug.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5476b18e7ea34e08d9dd163e2c446d5b223cf032)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 76bda46ad5a4916aa907f2eb11f81eaaedf19f37)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 34893: (QA follow-up) Tidy code for qa script

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a19a1d2079e562d62d766aa9f996a7586d73882d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ce00f161ab1c4145260159e5c779386c1f850a0b)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 34893: Add checkpw change to REST API

This patch adds the checkpw return value change to the REST API
route for validating user identifiers and password.

Test plan:
0. Apply patch
1. prove t/db_dependent/api/v1/password_validation.t

Bonus points:
1. koha-plack --reload kohadev
2. Enable syspref RESTBasicAuth
3. curl -XPOST -H "Content-Type: application/json" \
-u <staff_userid>:<staff_password> \
-d '{"identifier":"<cardnumber>","password":"<password>"}' \
http://localhost:8081/api/v1/auth/password/validation
4. Validation doesn't fail. It gives you cardnumber, patron_id, userid

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fc1ea85ed024a9789827a1c17376bfc18f19cef0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1cb97e995b8386c6f0684c11713ff1ecad12db62)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron

Imagine we have a set of users. Some of those users have a NULL userid. We then call AuthenticatePatron from ILS-DI for a patron with a NULL userid, but a valid cardnumber. We call checkpw, which returns the cardnumber and userid. We then call Koha::Patrons->find on the userid *which is null*, meaning the borrowernumber returned is not the correct one, but instead the earliest patron inserted into the database that has a NULL userid.

Test Plan:
1) Give three patrons a userid and a password
2) From the database cli, set all patrons's userid to null
   Run this query: update borrowers set userid = null;
3) Call AuthenticatePatron with username being the 1st patron cardnumber,
   and password being the password you set for that patron
   http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=kohacard&password=koha
4) Note you get back a borrowernumber for a different patron. Refresh the page and the number is correct.
5) Do the same with the 2nd patron. Same issue at 1st and correct number after.
6) Apply this patch
7) Restart all the things!
8) Do the same with the 3rd patron.
9) Note you get the correct borrowernumber! :D
10) prove t/Auth.t t/db_dependent/Auth_with_ldap.t t/Auth_with_shibboleth.t t/db_dependent/Auth_with_cas.t

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9ba199c2acc33873154c167e73e86a5e786084cb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f6c2bdf2163239eddef379ff34e769dfdaeac9ca)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 34893: Add unit tests

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 29782174570a331c1b9f1ac8196ce06364f8f691)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

Bug 35204: Prevent an expired password from throwing a 500 error

Currently when a patron with an expired password is authenticated via the API a 500 error is returned rather than a 400 "Validation failed" error. This patch catches the return value for an expired password and returns the validation failure before the patron search is attempted.

Test plan:
1) Choose a patron and set their password expiry date to a date in the past
2) Send a request to auth/password/validation as an authenticated user with that patron's details
3) The response should be a 500 error
4) Apply patch
5) Repeat steps 1-3 and this time the response should be a 400 code with an error message of  "Password expired"

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f3bb88505245228d97a4e39612b17a688df64a79)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit df9d4b0f55fa6b4c430a77686d8e00804eed88de)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 24f067b0cf220c035ba5773956d19e0a80a75044)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35204: Add unit tests

prove t/db_dependent/api/v1/password_validation.t

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 711f9a041a706ed3f025afd6da0259879396ea58)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 86be92a6084d4475b004f6ffce2e14fb21917f50)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 1fc5a820bbe99a1be084349ba4c166cca2ccf204)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

HTML release notes version

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Ultra minor fix on release notes

Release notes for 22.11.13 (dec 2023)

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Version 22.11.13 (dec 2023)

Bug 35307: Add a hidden input for expired holds

To test:
 1 - Place 3 holds on a bib, each for a different patron
 2 - IN the db, set the first hold to be expired:
    UPDATE reserves SET expirationdate='2023-01-01' WHERE reserve_id=1;
 3 - Refresh the holds page for the biblio
 4 - Note the first hold now says 'Expired' in the expiration date column
 5 - Set an expiration date for the last hold
 6 - Click 'Update holds'
 7 - Note the date is applied to the second hold
 8 - Delete the holds
 9 - Apply patch
10 - Repeat 1-6
11 - Confirm only the correct hold is updated

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit ca5378cd946fd3c5496dab155ff112f0c245f71b)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Bug 35254: [22.11.x] Add import_record_id to order inputs

This patch follows the logic of bug 32166 and adds specific inputs for each order to avoid any misalignment when some records are not imported

To test:
1 - Find a vendor in acquisitions
2 - Create or find an open basket
3 - Add to basket form a new file
4 - Stage file and add to basket
5 - Select the second record in the list
6 - Enter price info
7 - Save (don't forget, you need to set item type in the second tab)
8 - The order has no price info!
9 - Apply patch
10 - Repeat 3-7 above, staging file fresh
11 - Confirm order has correct prices
12 - Test with a file with many records
13 - Confirm any combination of choosing/skipping records works as expected

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>

Update release notes for 22.11.12 release

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Increment version for 22.11.12 release

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

RMaint fix: Fix Koha version

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35291: (QA follow-up) Tidying script for QA test tools

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35291: Validate filepaths in linking files

Validate that the files in linking files are contained within the ZIP.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35291: Don't allow symlinks for link files in cover image ZIP

There's no reason to allow symlinks for link files in cover image
ZIP files. Preventing their use prevents someone from uploading
a symlink pointing to an existing file on the Koha server.

Test plan:
0. Apply patch and restart/reload Koha
1. Create a PNG cover image
2. Create a datalink.txt file that contains something like the
following:
29,Untitled.PNG
3. Turn on "LocalCoverImages" system preference
4. Upload via http://localhost:8081/cgi-bin/koha/tools/upload-cover-image.pl
5. Go to http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=29
6. Note the cover image has been uploaded

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35291: Prevent leaks from FS

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35290: (follow-up) Perltidy formatting corrections

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35290: Sanitize field input on cataloguing/ysearch.pl

This change sanitizies the field input on cataloguing/ysearch.pl

Test plan:
0. Apply the patch and restart/reload Koha
1a. "Add marc21_field_260b.pl plugin to 260$b in the Default framework"
1b. Go to http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?
op=add_form&tagfield=260&frameworkcode=#subbfield
1c. Choose "marc21_field_260b.pl" from the dropdown next to "Plugin"
1d. Click "Save changes"
2a. "Add new record"
2b. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?frameworkcode=
3. Click on tab "2" and scroll down to 260 "b"
4. Type in "Ori" into 260 subfield b
5. Some autocomplete suggestions should appear

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35174: update control files for koha-l10n dependency package

 to test...

 - apply patch
 - build koha-common package
 - install koha-common package, and confirm koha-l10n package is installed

Bug 35174: Don't run gulp po commands if po dir is missing

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Add misc/translator/po to .gitignore

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Add a warning to the about page

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Do not explode if po dir does not exist

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 35174: Remove .po files from Koha

Bug 35012: Apply change to all events

We should not just look at Click.

Test plan:
[1] Apply the example patch for a Blur action in barcode.pl.
[2] Check that barcode.pl is active in your framework and that
    autoBarcode is not disabled.
[3] Open the browser dev console.
[4] Tab a few times through barcode in the neworderempty form of
    Acquisition. If you leave the field, the Blur event fires.
    => Without this patch you will see two console lines (FF may
    show a little '2' icon at the right side) added. With this
    patch just one.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jan Kissig <jkissig@th-wildau.de>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e9326f0e86881f95fd79b2dd7a2e9578ab517116)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c8685d088aa03b0e64b073b2db001a2df5335819)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>

Bug 35012: Prevent Click handler firing twice

test plan:
a) build a new basket + order line using "item create on placing an order"
b) in the item creation dialog (neworderempty.pl) please use the webbrowsers dev tools to analyze the [...] button next to subfield d (Date acquired) and inspect the events that get fired by clicking
c) notice the Clicktag_952_subfield_d_* event gets fired twice.
d) apply patch and reload page
e) there should be only 1 click handler left (besides the jquery one), which points to the Clicktag_952_subfield_* function

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
See also bug 35298. You may have seen that the Focus event of dateaccessioned
did not fire. But that is related to use of Flatpickr in this plugin.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ec3fe5d41e03d969b876f0948e81389b0a20df4c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f846ee85ecbe7f75e9ba842a7cae905813c909d4)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>

Bug 35276: Remove authentication params from suggestion hash

These would be forwarded to Koha::Objects->as_list and crash on
unknown column.

Test plan:
Logout from staff.
Enter URL /suggestion/suggestion.pl
Without this patch, it crashes. Now it does not.

Note: The crash may show auth_forwarded_hash but I also saw
koha_login_context passing by. Same issue.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e2821c7962ca7594f029f4c7fdb0c2f70028eb9b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 898e0d79793e8ff9450242e8e6b2f1f97e2873f8)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>

Bug 35298: Remove focus handler from dateaccessioned plugin.

Test plan:
Verify that setting focus to date acquired field in items editor
fills date of today when field is empty but does not replace existing
date.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0583deac95b35f1ad96493262e922d7ac3eef102)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 5ca56bf8b380644ddc35d5f72c8f14707489efdc)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>

Bug 35343: Add record accessor method to Koha::Authority

Code lifted from bug 31794 to fix already backported bug 26611.

Unit tests included.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 40115a2c8cba3e081ffd0710899ef4556a3bbb54)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>

Rmaint fix: Revert bug 35148 as it needs 31453 not in 22.11.x

Rmaint fix: Same as 7e9866a

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35284: Fix tests

This fix patrons_search.t but other selenium tests certainly need
adjustements

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Rmaint fix: Remove Koha::Tickets import from 35019 rebase

Bug 35284: Add throttling to column filters

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 35284: Fix Vue tables

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 35284: Add DT delay to kohaTable

To test:
* When a specific initComplete exists (general patron search)
* When no specific initComplete exists (cities)

=> KO
* ERM tables display twice the "show X entries" dropdown list
* Column filters are not affected

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 35187: [23.05] (follow-up) Fix missing line breaks in WELCOME notice

yaml was broken because of extra space

(cherry picked from commit e867c7207bd16fb018052945cb83a146fa3192a1)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35144: Update style of 'Required' label for OPAC patron attributes

This patch makes some changes to style and markup of the part of the
OPAC patron entry form which displays patron attribute entry fields.

To test, apply the patch and rebuild the OPAC CSS.

- Create at least two patron attributes which have both "Display in
  OPAC" and "Editable in OPAC" checked: One which is linked to an
  authorized value, one which isn't. At least one attribute should be
  mandatory. At least one attribute should be repeatable.
- Test the form using either patron self-registration or by logging in
  to the OPAC and clicking the "Personal details" link in the sidebar.
- Check the appearance of required fields in the form, including the
  mandatory patron attributes.
- Confirm that the "Clear" and "New" controls look good and work
  correctly, including fields cloned with the "New" button.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit dd70e43b66fc2a887c5a5d6afc165ebf20469354)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e1dc14bb68d1a27447f6c09979dd75b184ff467a)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35283: Add missing subfield h to action note 583 in OPAC detail page

$x is nonpublic note, so it makes sense to only display it in staff, but
$h is Jurisdiction and we should show it in OPAC and staff alike.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 653dc1b2214d0ebb291766406354c69cfa57c7e1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 916f7d9127e4bd1f679b1f1a0c54802a1869f1e7)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35283: Add missing subfields h and x to field 583 for staff XSLT

This change adds the missing subfields h and x to field 583 for
the detail XSLT in the staff interface.

Test plan:
0. Apply the patch and koha-plack --reload kohadev
1. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=29
2. Click on tab "5"
3. Scroll down to 583 and click on "ACTION NOTE" to expand subfields
4. Fill in using the following example:
   583 0#$adowngraded$c19910110$hJoe Smith$otitle$xfrom secret FRD to confidential NSI
5. Click "Save"
6. Note that the "Action note" now shows "Joe Smith" and "from secret
   FRD to confidentail NSI"

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit d74a89e2dabe355f05c4c45b6b39e581509e1c16)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ba9a11341041bc6fed3fb8c0ef7bf1f54d51c954)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 33164: Do not prevent processing of all error messages

This follow-up patch removes the use of $exit_required_p completely. The sysprefs BlockReturnOfLostItems and BlockReturnOfWithdrawnItems are handled in other scripts, and should not prevent the processing of all returns error messages when enabled.

Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 64460e4f4e01d8cb84a8037f444e5f7739a6bd40)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 53370581fdfedd8232bd7bd3f4f9c81f7c56ad34)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 33164: Ensure return claim message shows if lost item return blocked

This fix ensures that a return claim confirmation always shows, even if
the return of lost items has been blocked by BlockReturnOfLostItems
being enabled.

To test:

1. Set BlockReturnOfLostItems system preference to Block
2. Check out an item to a patron
3. Go to the patrons page and claim a return on the item
4. Check in the item and keep checking in the item. Notice the message
"Item is lost, cannot be checked in." shows every time, but the return
claim message only shows sometimes.

5. Apply the patch and restart services

6. Check in the item and keep checking in the item. Confirm both the
lost message shows and the return claim message shows every time.
7. Confirm the return of the item is still blocked.

Sponsored-by: Pymble Ladies' College
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1f56880812323a003d3d9d043c10c3142d397ac4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 93276f59f14a293fdd639a6185577287693cd50c)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35278: Fix warn from column_settings.pl

We need to add scalar to the calls. These parameters are not meant
to be used as multi_param.

Test plan:
Try With and without this patch on staff:

Try: /cgi-bin/koha/admin/columns_settings.pl
=> WITHOUT: No warnings
=> WITH: Same. No change.
Try: /cgi-bin/koha/admin/columns_settings.pl?module=acqui&page=basket
=> WITHOUT: Opens module, scrolls down. CGI::param called in list context in logfile
=> WITH: Opens module, scrolls down.
Try: /cgi-bin/koha/admin/columns_settings.pl?module=acqui&page=basket&table=orders
=> WITHOUT: Opens module, scrolls down. CGI::param called in list context in logfile
=> WITH: Opens module, scrolls down.

Try: /cgi-bin/koha/admin/columns_settings.pl?module=acqui&module=admin
* Hash like: panel => acqui, admin => page, undef  => table, undef => modules, $modules (SHIFTED)
=> WITHOUT: Acqui expanded showing: There is no page using the table configuration in this module.
=> CGI::param warning in log.
=> And: Problem = a value of table has been passed to param without key
=> And: Problem = a value of modules has been passed to param without key
=> WITH: Only the first module (Acqui) should be expanded.

Try: /cgi-bin/koha/admin/columns_settings.pl?module=acqui&module=admin&page=basket&table=orders
* Hash like: panel => acqui, admin => page, basket => table, orders => modules, $modules hash (SHIFTED)
=> WITHOUT: Acqui expanded showing: There is no page using the table configuration in this module.
=> And: CGI param log warning.
=> WITH:: Opens Acqui. Second module ignored. Scrolling.

Try: /cgi-bin/koha/admin/columns_settings.pl?module=admin&module=acqui&page=basket&table=orders
* Hash like: panel => admin, acqui=> page, basket => table, orders => modules, $modules hash (SHIFTED)
=> WITHOUT: Admin expanded showing: There is no page using the table configuration in this module.
=> And: CGI param log warning.
=> WITH: Admin should be expanded (page and table ignored, not in Admin). No scroll.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1b11de87b991ddae4d31861c9cdc321ce45d229d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit dbc24ece694b2bc1a56e32ff663765b1f1dd5d1b)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 34413: Fix style of Flatpickr in iOS mobile view

This patch updates Flatpickr CSS in the OPAC and staff interface so that
date fields are displayed correctly in iOS mobile views.

To test, apply the patch and rebuild the OPAC and staff interface CSS.

- In the OPAC, click "Create new account"
- In the account entry form, confirm that the date of birth field looks
  correct and that the date-picker works as it should.
- In the staff client, go to Patrons -> New patron.
- Check the date of birth field in this form too.

This patch has been tested in the Xcode iOS device simulator with iOS
17. While I wasn't able to reproduce the problem in Firefox, I was able
to use the developer tools' responsive design mode to trigger the mobile
view and thus be able to see the styles which are being applied:

- In the OPAC, on the "Create new account" screen, open the Web
  Developer Tools panel (Tools -> Browser tools -> Web Developer Tools).
- Click the "Responsive Design Mode" button in the upper-right corner of
  the developer tools panel (it looks like a phone and tablet together).
- The main browser window will now how some settings at the top.
- In the first dropdown, choose an iPhone model.
- The date of birth field should now be styled differently because of
  the addition of a "flatpickr-mobile" style.
- Right-click the field and choose "Inspect." In the developer console
  you can see the styles which are being applied to the field. One of
  those should be ".flatpickr-input.flatpickr-mobile"

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9e9fa64d5a9f8966c45a923b258c994df70ac35f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0b468bd4139b1d35e87e0ff44b6f5e48ca26641d)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35295: Move JS asset in returns.tt

To Test:
1. Place a hold
2. Check-in an item of the held record
3. No hold modal 😱
4. APPLY PATCH
5. Hold modal!!!

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 771334218acc2a5eb97bac1eab38a53543084444)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6abfcbecd878bb634b129df59c345f2c80c4955f)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35262: Improve OPAC self registration confirmation page

This patch corrects logic in the OPAC self registration confirmation
template so that the right column markup is shown when various
combinations of OpacNav, OpacNavBottom, and OpacNavRight are displayed.

To test, apply the patch and enable the PatronSelfRegistration system
preference, and deactivate the PatronSelfRegistrationVerifyByEmail
preference.

- Go to the OPAC and start the process of registering online.
- Fill in the form and submit it.
- On the registration confirmation page, check that the layout looks
  correct.
- Test with the presence of various combinations of OpacNav,
  OpacNavBottom, and OpacNavRight HTML customizations.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 64edb692458262133818553c4cbfa86ca3612260)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4e34b92112df0e97d7a4fcc72c5bd95ca7c202dd)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35206: Adjust style of add button on curbside pickups administration

This patch adds Bootstrap classes to the "Add" button on the curbside
administration page, in the "Curbside pickup hours" section. This makes
it consistent with the markup of similar buttons in the interface and
makes it slightly smaller so that it fits better in the form.

To test, apply the patch and make sure the "CurbsidePickup" preference
is enabled.

- Go to Administration -> Curbside pickups.
- Fill out the form, including the "New slot" fields in the "Curbside
  pickup hours" section.
  - Confirm that the corresponding "Add" button looks correct, and that
    it works to add your new slot.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit cc70e17f5d07ad8988a1a4a02e0049abc7428547)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b7cb356363d09c1bb1839165cbc4d090c47317ea)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35198: Sort database column names alphabetically on automatic item modification page

This patch modifies the automatic item modification by age page so that
the rule entry form sorts <select>s alphabetically, making it easier to
find the entry you need.

The [% FOR field IN... %] directives now include the "sort" method, e.g.

    [% FOR field IN agefields.sort %]

To test, apply the patch and go to Cataloging -> Item modifications by
age

- Click the "Add rules" button, then the "Add rule" button.
- Check the "Age field," "Conditions," and "Substitutions" dropdowns to
  confirm that the choices are listed alphabetically.
- Fill in the form and save the rule.
- Go back and edit the rule you created. Check that the dropdowns are
  still correct.

Signed-off-by: Andrew Auld <andrew.auld@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fd258280482e0c84bf6baf61d7054b1c628e53f7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 2872ebe3d49e3425077b58ce6829a34e954b80c0)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 34704: Remove regex for adding additional line breaks to print templates

This makes sure that we don't change the line breaking for either
HTML nor plain text print notices.
For plain text, the <pre> is used to keep the line breaks as defined
in the notices template.
For HTML we require on the line breaks added by block elements in the
HTML notice, not adding any additional ones like before.
This gives the full control of the formatting to the notice editor.

To test:
* Make sure your patron doesn't have an email address
* Make sure to check the hold filled notice in messaging preferences
* Place a old on any item
* Checkin the item
* Confirm hold
* Verify notices tab shows the Hold (print) notice
* ./misc/cronjobs/gather_print_notices.pl ./ --html
* Verify the generated file has the HTML output wrapped in pre.
* Reformat the HOLD print notice to be HTML by setting the checkbox.
  Mmake sure to add some empty lines for (they should not print later)
  and some <br>, <p>, <div>  - They should be reflected in the notice later.
* Repeat test.
* All should be well :)

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4c15ad658d59d7f63d27fe61dc102ecd4c22a03d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e0eb511d59093321b7df638a654a93b8010ddb10)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35187: Fix missing line breaks in WELCOME notice

When a notices is marked as HTML, we need to use block elements
(p, div, li, etc.) or explicit line breaks.
This adds the line breaks where required.

To test:

WELCOME
* Without patch
* Make sure your Koha can send email (set up SMTP server, KohaAdminLibraryAddress)
* Make sure your patron has an email set
* In patron account, use "More > Welcome email"
* Verify all text is on one line
* Apply patch
* reset_all to install new sample notice templates
* Repeat test, verify welcome notice is now nice

(cherry picked from commit d60fe27ea4bda16efcd0db096d756e8a54552056)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>

Bug 35280: Fix patron attributes "clear" link in OPAC patron entry form

This patch makes a minor correction to the JavaScript controlling the
behavior of the "clear" link which appears on the patron entry form next
to patron attribute <select>s or <textarea>s which are editable in the
OPAC.

To test, apply the patch and create patron attributes
which have both "Display in OPAC" and "Editable in OPAC" checked.

- Create one which is tied to an authorized value, and one which isn't.
- Log in to the OPAC and click the "Personal details" tab.
- In the entry form, find the patron attribute fields under the
  Additional information" heading..
- Select a value in the dropdown, and enter text in the textarea.
- Confirm that clicking the corresponding "Clear" link for each works as
  expected.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 3a027a0da974ecc72d2144f2b503d3013257c8a7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f49e438ed9a8fcc99854fac60869e19e75f4d0f1)
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>