Jonathan Druart [Thu, 14 Mar 2024 15:17:55 +0000 (16:17 +0100)]
Bug 24879: Adjust tests
Installer scripts cannot be run from the UI:
debian/templates/apache-shared-intranet.conf:RewriteRule ^/cgi-bin/koha/(C4|debian|etc|installer/data|install_misc|Koha|misc|selenium|t|test|tmp|xt)/|\.PL$ /notfound [PT]
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Fri, 15 Mar 2024 09:12:41 +0000 (10:12 +0100)]
Bug 31988: Remove reports/itemtypes.plugin
This "plugin system" is only used for the itemtypes report. We can
simply remove the reports/manager.pl script and this plugin in favor of
a dedicated report.
Test plan:
Same behaviour expected before and after this patch
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Fridolin Somers [Mon, 18 Mar 2024 15:32:57 +0000 (16:32 +0100)]
Bug 36323: Move koha_perl_deps.pl to misc/devel
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Julian Maurice [Thu, 1 Feb 2024 08:15:23 +0000 (09:15 +0100)]
Bug 35960: Use .val() instead of string concat to prevent potential XSS
Test plan:
1. Log out
2. Go to /cgi-bin/koha/mainpage.pl#somestring"with<html>char
3. Open the brower's inspector and find "auth_forwarded_hash" input
4. Make sure the value attribute is there and corresponds to the URL's
fragment. It should be URI-encoded.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Andreas Jonsson [Thu, 7 Mar 2024 09:12:25 +0000 (09:12 +0000)]
Bug 36244: Do template toolkit processing first
To avoid injection of template toolkit code
from database fields that are controlled by
untrusted sources.
Test plan:
* review subtest 'Template toolkit syntax in
parameters' in t/db_dependent/Letters.t
* Run the unit test:
prove t/db_dependent/Letters.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Andreas Jonsson [Thu, 7 Mar 2024 09:07:49 +0000 (09:07 +0000)]
Bug 36244: Unit test for tt syntax in parameters
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Nick Clemens [Fri, 26 Jan 2024 14:10:01 +0000 (14:10 +0000)]
Bug 35518: Check authentication and set userenv before fetching userenv variables
Currently we get the userenv before we have set it correctly for the session
To test:
1 - Sign in as a user with fast cataloging permission
2 - Bring up a patron, type gibberish into barcode field to get a fast cataloging link
3 - Check the link, it should have your current signed in barcode
4 - Sign in to a different browser with a different user and at a different branch
5 - Bring up a aptron in circulation and type gibberish into barcode field to get a fast cataloging link
6 - It may have your branch, but it may also have the other user's branch from the other window
7 - Keep entering gibberish to get a link until one user has the correct branch
8 - Then switch to the other browser, and keep entering gibberish, watch the branchcode change
9 - Apply patch, restart all
10 - Test switching between browsers. generating fast cataloging links
11 - Users should now consistently have the correct branch
Kyle M Hall [Thu, 27 Jul 2023 11:45:57 +0000 (07:45 -0400)]
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used
This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.
Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).
Kyle M Hall [Tue, 30 Jan 2024 15:58:02 +0000 (10:58 -0500)]
Bug 35942: OPAC user can enroll several times to the same club [23.05.x]
Test Plan:
1) Create 3 clubs, 1 limited to library A, 1 limited to library B and one not limited
2) Use a patron with home library A.
3) Go to the opac-user page, "Clubs" tab show 0/2 (the one from library B is not listed)
4) Browse to /cgi-bin/koha/svc/club/enroll?id=1
5) Reload that page a couple times
6) Note the patron is now enrolled in the same club multiple times
7) Delete those enrollments
8) Apply this patch
9) Restart all the things!
10) Repeat steps 2-7, note the lack of duplicate enrollments!
11) Repeat steps 2-10 for the staff interface
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 9bdab108e22768b018b017ed7c0e0016270f2570) Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Jonathan Druart [Fri, 26 Jan 2024 07:58:17 +0000 (08:58 +0100)]
Bug 35918: Fix auto library connect (AutoLocation)
This code is a bit weird, its purpose it to auto select the library depending on the IP.
A problem appears if the same IP is used, then the user's choice will
might be overwritten randomly by another library.
To recreate the problem:
Turn on AutoLocation
Use koha/koha @CPL for test
And the following config:
*************************** 1. row ***************************
branchcode: CPL
branchname: Centerville
branchip: 172.18.0.1
*************************** 2. row ***************************
branchcode: FFL
branchname: Fairfield
branchip: 172.18.0.1
*************************** 3. row ***************************
branchcode: FPL
branchname: Fairview
branchip: 172.18.0.4
Connect and select CPL. Randomly FFL will be picked instead.
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Tested this on top of 35890 and 35904 because git bz said they were required dependencies.
Figured out the IP Koha was seeing me as coming from in /var/log/koha/kohadev/plack.log.
Added that IP to the branchip for Centerville, Fairfield and Fairview. Set AutoLocation = Yes.
After this I could recreate the problem: If i left the "Library" field in the login screen
at "My Library" I got logged into a random library selected from the three i had set
branchip for. Applying the patches fixed this, as expected.
Tests pass, with AutoLocation off.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Fri, 26 Jan 2024 07:57:03 +0000 (08:57 +0100)]
Bug 35918: Add test
Signed-off-by: Magnus Enger <magnus@libriotech.no> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Thu, 25 Jan 2024 08:36:01 +0000 (09:36 +0100)]
Bug 35890: Add tests for AutoLocation
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Wed, 24 Jan 2024 15:25:30 +0000 (16:25 +0100)]
Bug 35890: Reject login if IP is not valid
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Wed, 24 Jan 2024 15:24:51 +0000 (16:24 +0100)]
Bug 35890: Remove var loggedin
It is never used and add confusion
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Thu, 25 Jan 2024 09:35:41 +0000 (10:35 +0100)]
Bug 35904: Make C4::Auth::checkauth testable easily
This patch suggests to add a new flag do_not_print to
C4::Auth::checkauth to not print the headers and allow to test this
subroutine more easily.
We do no longer need to mock safe_exit and redirect STDOUT to test its
return values.
There are still 3 left:
1.
733 # checkauth will redirect and safe_exit if not authenticated and not authorized
=> Better to keep this one, not trivial to replace
2.
806 # This will fail on permissions
This should be replaced but testing $template->{VARS}->{nopermission}
fails, I dont' think the comment is better.
3.
828 # Patron does not have the borrowers permission
Same as 2.
2. and 3. should be investigated a bit more.
This patch also move duplicated code to set patron's password to a
subroutine set_weak_password.
Test plan:
Read the code and confirm that everything makes sense.
QA: Do you have a better way for this? Yes it's dirty!
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Bug 29510: (follow-up) Adapt GET /patrons/:patron_id
This patch makes GET /patrons/:patron_id rely on this new behavior from the
objects.find helper.
To test:
1. Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons.t
=> SUCCESS: Tests pass!
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests still pass!
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Bug 29510: Make objects.find call search_limited if present
This patch makes objects.find implicitly update the passed
*$result_set* to use search_limited. This way no object leaks could
happen without noticing.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/REST/Plugin/Objects.t
=> FAIL: Tests fail because search_limited is not used
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! Results are correctly filtered based on userenv!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Kyle M Hall [Tue, 30 Jan 2024 14:32:12 +0000 (14:32 +0000)]
Bug 35941: (QA follow-up) Tidy clubs-tab.pl
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Jonathan Druart [Tue, 30 Jan 2024 13:53:03 +0000 (14:53 +0100)]
Bug 35941: Limit club list to those from the logged in user
clubs-tab get the patron's id from the parameter. At the OPAC we must
use the one from the logged in user, to prevent leak to other users
Test plan:
Have 2 clubs: A, B
Enroll to A with patron borrowernumber=1
Enroll to B with patron borrowernumber=2
Log in with patron 1 and hit:
http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=1
=> OK
Now hit
http://localhost:8080/cgi-bin/koha/clubs/clubs-tab.pl?borrowernumber=2
=> oops
Apply this patch, try again.
The "borrowernumber" parameter is no longer used to fetch the club list.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
This patch introduces some tests on the current (and new) behavior for
the `checkpw` function.
I needed it to better understand if an edge case was actually possible
(it wasn't).
Found a really minor annoyance for the internal check with expired
password not returning the $patron object for consistency with the other
use cases.
I think this method deserves (at least) changing the return value to a
sane data structure. But that's not target for backporting to stable
releases. So a separate bug.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Kyle M Hall [Fri, 1 Dec 2023 11:29:19 +0000 (06:29 -0500)]
Bug 34893: (QA follow-up) Tidy code for qa script
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Kyle M Hall [Fri, 22 Sep 2023 18:20:59 +0000 (14:20 -0400)]
Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron
Imagine we have a set of users. Some of those users have a NULL userid. We then call AuthenticatePatron from ILS-DI for a patron with a NULL userid, but a valid cardnumber. We call checkpw, which returns the cardnumber and userid. We then call Koha::Patrons->find on the userid *which is null*, meaning the borrowernumber returned is not the correct one, but instead the earliest patron inserted into the database that has a NULL userid.
Test Plan:
1) Give three patrons a userid and a password
2) From the database cli, set all patrons's userid to null
Run this query: update borrowers set userid = null;
3) Call AuthenticatePatron with username being the 1st patron cardnumber,
and password being the password you set for that patron
http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=kohacard&password=koha
4) Note you get back a borrowernumber for a different patron. Refresh the page and the number is correct.
5) Do the same with the 2nd patron. Same issue at 1st and correct number after.
6) Apply this patch
7) Restart all the things!
8) Do the same with the 3rd patron.
9) Note you get the correct borrowernumber! :D
10) prove t/Auth.t t/db_dependent/Auth_with_ldap.t t/Auth_with_shibboleth.t t/db_dependent/Auth_with_cas.t
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Kyle M Hall [Wed, 29 Nov 2023 17:18:32 +0000 (17:18 +0000)]
Bug 34893: Add unit tests
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Aleisha Amohia [Thu, 23 Nov 2023 21:08:09 +0000 (21:08 +0000)]
Bug 35291: (QA follow-up) Tidying script for QA test tools
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Thu, 9 Nov 2023 00:49:54 +0000 (00:49 +0000)]
Bug 35291: Validate filepaths in linking files
Validate that the files in linking files are contained within the ZIP.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Thu, 9 Nov 2023 00:23:45 +0000 (00:23 +0000)]
Bug 35291: Don't allow symlinks for link files in cover image ZIP
There's no reason to allow symlinks for link files in cover image
ZIP files. Preventing their use prevents someone from uploading
a symlink pointing to an existing file on the Koha server.
Test plan:
0. Apply patch and restart/reload Koha
1. Create a PNG cover image
2. Create a datalink.txt file that contains something like the
following:
29,Untitled.PNG
3. Turn on "LocalCoverImages" system preference
4. Upload via http://localhost:8081/cgi-bin/koha/tools/upload-cover-image.pl
5. Go to http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=29
6. Note the cover image has been uploaded
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Wed, 8 Nov 2023 16:14:55 +0000 (17:14 +0100)]
Bug 35291: Prevent leaks from FS
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Wed, 8 Nov 2023 23:39:45 +0000 (23:39 +0000)]
Bug 35290: Sanitize field input on cataloguing/ysearch.pl
This change sanitizies the field input on cataloguing/ysearch.pl
Test plan:
0. Apply the patch and restart/reload Koha
1a. "Add marc21_field_260b.pl plugin to 260$b in the Default framework"
1b. Go to http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?
op=add_form&tagfield=260&frameworkcode=#subbfield
1c. Choose "marc21_field_260b.pl" from the dropdown next to "Plugin"
1d. Click "Save changes"
2a. "Add new record"
2b. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?frameworkcode=
3. Click on tab "2" and scroll down to 260 "b"
4. Type in "Ori" into 260 subfield b
5. Some autocomplete suggestions should appear
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Owen Leonard [Wed, 15 Feb 2023 17:36:57 +0000 (17:36 +0000)]
Bug 32978: Replace node-sass with dart-sass
'npm install' fails in ktd on aarch64, giving unsupported architecture error for node-sass.
This patch addresses this by replacing node-sass with dart-sass, updating our gulpfile
accordingly. Some corrections have been made to SCSS to fix warnings
raised during the build process.
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Works like a charm. Great work oleonard! Tested on Apple M1, e.g. aarch64.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: I removed some useless formatting changes in the gulpfile, and the
yarn.lock changes as well. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Julian Maurice [Tue, 17 Oct 2023 15:13:55 +0000 (17:13 +0200)]
Bug 35079: Replace --force-extract by --generate-pot={always,auto,never}
This restores the original behaviour of always building the POT file
in order to not break existing workflows
Option --force-extract is deleted in favor of a new option
--generate-pot that can have 3 values:
* always: always build the POT file. This is the default value
* auto: build the POT file only if it does not exist
* never: never build the POT file
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Julian Maurice [Tue, 17 Oct 2023 14:33:37 +0000 (16:33 +0200)]
Bug 35079: Rebuild POT files only if necessary or asked explicitely
By default, gulp tasks po:create and po:update won't rebuild the POT
files if they already exist.
Both tasks gained a new option --force-extract to rebuild them
unconditionally
This makes it possible to create/update PO files for multiple languages
sequentially without rebuilding the POT file for each language.
For instance:
gulp po:update --lang fr-FR
# do something with the PO files
gulp po:update --lang en-GB
# ...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 12 Oct 2023 09:44:16 +0000 (11:44 +0200)]
Bug 35043: Use Locale::PO->quote
We have our own "quote_po" sub that is stating that Locale::PO::quote
is buggy because it does not deal with quoting new lines correctly.
However it seems that it is fixed now.
Ideally we could use Locale::PO::quote everywhere, but it does not
escape tab characters:
$string =~ s/\\(?!t)/\\\\/g; # \t is a tab
This means the following:
msgid "Tabulation (\\t)"
msgstr "Tabulation (\\t)"
become:
-msgid "Tabulation (\t)"
-msgstr "Tabulation (\t)"
And we are seeing the following on Weblate:
https://snipboard.io/BjQmDC.jpg
Note that Locale::PO has not been updated since 2014...
The real problem behind this is that we have 2 methods to quote strings.
At first glance it seems that Locale::PO::quote was not used before, but
with the introduction of the koha-i18n project we will have scripts that
will use Locale::PO->save_file_fromarray, which uses Locale::PO->quote
=> Those scripts will be used on the translation server for post
processing (security reason, marking potential XSS strings as fuzzy).
Test plan:
0. Do not apply the patch
1. gulp po:update --lang LANG # Replace LANG with your favorite language
code
2. git commit -a -m"init PO files"
3. Apply this patch
4. Repeate 1.
5. git diff
=> The change is about the "Tabulation" and "New line" strings from
tools/csv-profiles.tt
6. Translate them (replace the \t and \n with %s) and remove the fuzzy
flag
7. install the template: cd misc/translator && perl translate install
LANG
8. Enable the language, use it and go to the "Nouveau profil CSV" view
=> Notice that the \t and \n are correctly displayed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
It *could* come from this changes:
https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=HEAD
* The functions u*_possible_linebreaks and u*_width_linebreaks now make it
easier to work with strings that contain CR-LF sequences: In this case,
in the returned array, it will return UC_BREAK_CR_BEFORE_LF followed by
UC_BREAK_MANDATORY (instead of twice UC_BREAK_MANDATORY).
The command used is:
% msgmerge --backup=off --quiet -F --update misc/translator/po/fr-FR-staff-prog.po misc/translator/Koha-staff-prog.pot
No matter the value of --width.
One solution is to use --no-wrap, and never wrap :)
I sent an email to the list about this suggestion https://lists.katipo.co.nz/pipermail/koha/2023-October/060143.html
Jonathan Druart [Fri, 6 Oct 2023 14:48:57 +0000 (16:48 +0200)]
Bug 34959: Sort PO files correctly
The PO files are not sorted when we update them which leads to
unnecessary changes that are commited: hard to see differences and
make git index grow superfluously.
Test plan:
0. Do not apply this patch
1. gulp po:update --lang es-ES
2. git commit -a -m"First PO update"
3. Run again the gulp update command
4. git diff
=> You have a lot of changes generated here, the po:update is not
idempotent.
5. Apply this patch
6. Run the gulp update command
7 git commit -a -m"PO update after 34959"
8. Run the gulp update command
9. git diff
=> No changes are generated
Note that this patch will all the entries by files, and per line
numbers.
It fixes a bug in some condition, where we add information/context about
the string. For instance search for "For the first occurrence" in the
file. Prior to this patch this was not correct, we didn't add info about
the first occurrence (but whichever in the list).
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Aleisha Amohia [Tue, 23 May 2023 03:32:59 +0000 (03:32 +0000)]
Bug 26611: Make authority record matching use required match checks
This patch fixes record matching for authorities to correctly apply required match checks.
To test:
1) Create a record matching rule:
Threshold: 100
Record type: Authority record
Match point 1
Search index: subject-topical
Score: 100
Tag: 150
Subfields: a
Match check 1
Both source and target record check fields:
Tag: 040
Subfields: a
This rule says we want to match on the topical term heading, then confirm the match with 040$a.
2) Create two topical term authority records
Authority 1:
150$a: Test
040$a: A
Authority 2:
150$a: Test
040$a: B
3) Export authority 2 and save
4) Go to Cataloging -> Stage records for import
5) Upload your downloaded authority 2 file. Change the record type to Authority. Choose your new record matching rule.
6) Stage for import.
7) Confirm that with the record matching rule applied, both authorities 1 and 2 show as possible matches, even though only authority 2 has a matching 040$a.
8) Apply the patch and restart services
9) Change the matching rule to "Do not look for matching records" and apply. This is to essentially refresh the page.
10) Change the matching rule to your new matching rule and apply. Confirm only the matching authority 2 shows and is selected.
Sponsored-by: Waikato Institute of Technology Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 33856898fd2f1cd757aeafe3c165300928f9da61) Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 11bce8210a964935ed0d5ec2e480e958d3d75551) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Marcel de Rooy [Thu, 25 May 2023 07:29:30 +0000 (07:29 +0000)]
Bug 33404: Add unit tests
Test plan:
Run t/db_dependent/Breeding.t
Run t/db_dependent/Breeding_Auth.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Amended patch: perltidy
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e9cab7f1fc7acc0b340d07770c750ac9fed50a58) Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit fdcb386548ef8bd0c6f85a17b1fa69ab1f16c298) Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit a9b50d6b5722480c04c90196d6e3d81d6fbc351d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Marcel de Rooy [Thu, 25 May 2023 06:03:48 +0000 (06:03 +0000)]
Bug 33404: Fix serverhost and init $page
The array serverhost is not filled. Should be replaced with values
from servers array.
Test plan:
Nothing exciting here. Read the patch.
Note that we will test in the next patch if the hostname is saved
correctly in the import batch.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit eb759719908949bc5f7c388d26d4e9dd28b1e415) Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit ba442b1a3b1d77585c8507697c6a5d2755605bb8) Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit 9b7218373a1dfd3cd49e4bbe2cabf8438678f426) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Marcel de Rooy [Wed, 24 May 2023 14:57:46 +0000 (14:57 +0000)]
Bug 33404: Z3950SearchAuth: Save in UTF-8 encoding
Test plan:
[1] If you have access to a Z3950 MARC8 auth server, search
for an authority record and import it.
[2] If you have access to a Z3950 UTF8 auth server, search
for an authority record and import it.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1233480ffaecb307ae7e9279acee7b516e42776f) Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 52a243e3cae0afc9d1cc9cc97f5746ba6384bf01) Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit d25ad4d949ecc5fd40bfbe95bcd682e97c13f58c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Fri, 26 May 2023 17:28:50 +0000 (17:28 +0000)]
Bug 33848: Enabling Coce in the OPAC breaks cover images on bibliographic detail page
Bug 32412 added an additional "context" parameter to KOHA.coce.getURL.
The code which pulls a Coce image for the "main" cover image slider
needs to include the correct context parameter for the images to load.
This patch also makes a minor correction to CSS in order to make the
cover image slider "dots" change color to highlight the current slide.
To test, apply the patch and rebuild the OPAC CSS.
- Enable multiple cover image sources in the OPAC including Coce, e.g.
Amazon, Google, OpenLibrary, etc.
- Search for a title which will match multiple cover image sources. In
the sample data a search for "Perl" will return good results.
- Note the number of cover images loading for a title in the search
results.
- View the detail page for that title. There should be the same number
of covers in the cover image slider.
- Clicking the slider navigation dots should work to show each image,
and the dot should change color to highlight the current image.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit d313f9b963ff0e5187eb19d81ef13231e0add39d) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4125aec704464560515fb4f1f083b4cf4705ba30) Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit fc3fde11d4e083bf23115d6c3533bca7037fab8b) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Wed, 31 May 2023 11:41:26 +0000 (13:41 +0200)]
Bug 33848: Don't remove coce container from template
It's removed from coce.js
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit aa8dc28e97d1971e191d5f7d08802257ae98f378) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6cef886164eb3fd792eacffa6a8451bdcc711cec) Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
(cherry picked from commit be76f596a6dd901026d174723aee0324996b996d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Thu, 3 Aug 2023 08:01:32 +0000 (10:01 +0200)]
Bug 34369: Fix 'Did you mean'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Tue, 1 Aug 2023 06:56:23 +0000 (06:56 +0000)]
Bug 34369: Require CSRF token for updating system preferences
This patch adds the requirements that updating a system preference
requires a CSRF token. (Also, adding and deleting local system preferences.)
0. Apply patch
1. koha-plack --reload kohadev
2. Add local system preference
3. Update local system preference
4. Delete local system preference
5. Update normal system preference
6. Note no errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Mon, 24 Jul 2023 04:31:15 +0000 (04:31 +0000)]
Bug 34349: Validate/escape inputs for task scheduler
This change validates and escapes inputs for task scheduler.
Test plan:
0. Apply patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/tools/scheduler.pl
3. Input a time a minute in the future and leave the date blank
4. Choose an existing report and output format
5. Type a malicious string which is also a valid email address
into the Email field
6. Click "Save"
7. Note that the job is added but the Email is wrapped in single
quotes
8. Try using a non-malicious email address with a single quote.
9. Note that the single quote is escaped, so that it will still
be used by runreport.pl
JD amended patch: tidy
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Removed pars for $email =~ regex, removed old commented lines. Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Wed, 16 Aug 2023 02:51:43 +0000 (02:51 +0000)]
Bug 34513: Add checkauth unit test for resetting auth state when changing users
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>