Andrew Moore [Tue, 29 Jul 2008 16:42:46 +0000 (11:42 -0500)]
Bug 1953 [2/6]: refactoring SQL in C4::Koha::displayServers to use placeholders.
The SQL call in displayServers was not using placeholders, leaving itself open
to potential SQL injection attacks. I've rewritten it to use placeholders.
kohabug 2404 This patch removes Image::Magick and adds GD
This patch removes Image::Magick as a dependency and replaces it with
the (much) lighter GD. Functionality of patronimage code has not changed with
this conversion.
Adding errorhandling for corrupted image file and link to return to moremember.pl when called from there
Andrew Moore [Fri, 25 Jul 2008 20:31:11 +0000 (15:31 -0500)]
Bug 1953: refactoring C4::Koha::get_itemtypeinfos_of to eliminate potential SQL injection
C4::Koha::get_itemtypeinfos_of was not using plceholders, opening itself up to
potential SQL injection attacks. This patch refactors it to use placeholders to
bind parameters.
I also had to extend C4::koha::get_infos_of to allow us to pass bind parameters into it.
I'm including a test module for C4::Koha::get_itemtypeinfos_of.
Andrew Moore [Fri, 25 Jul 2008 16:55:13 +0000 (11:55 -0500)]
Bug 1953 [3/3]: documentation changes for C4::items::GetItemsForInventory
This patch corrects what appears to me to be a few defficiencies in the documentation
for C4::items::GetItemsForInventory. I noticed them while writing test methods for this sub.
Andrew Moore [Fri, 25 Jul 2008 16:55:12 +0000 (11:55 -0500)]
Bug 1953 [2/3]: refactoring SQL in C4::Items::GetItemsForInventory to use placeholders
The SQL in C4::Items::GetItemsForInventory wasn't using placeholders and
bind parameters, possibly leaving itself open ot SQL injection attacks. This
patch changes that.
I've also incliuded a test module for C4::items::GetItemsForInventory.
If a new order was created and no fund selected, a db error was thrown due to the
'bookfundid' field being set to NULL. This patch sets the first fund retrieved from
available funds as the default selection in the scrolling list.
A further enhancement might be to allow the library to choose which fund is the
default fund.
kohabug 2219 Corrects inconsistent use of subscription.serialsadditems column
From the bug report:
The serialsadditems syspref was ostensibly removed in DB rev 071
(http://git.koha.org/cgi-bin/gitweb.cgi?p=Koha;a=commit;h=5c41ae54e68866f9661e853376537059f4d83f70)
in favor of a new serialsadditems column in the subscription table.
However, this removal was incomplete. It is still created for new installations by:
Since the system preference was not removed from the sample data scripts, it
is necessary to add another DB rev to remove it - a user may have made a
fresh install of Koha after DB rev 071.
The current serialitems table structure does not provide for a *:1 relationship with
the serial table. This causes a problem when attempting to add multiple items to a given
serial. The db throws an error when attempting to INSERT in serialitems due to serialid.serialitems
being a unique key. A further side effect is that the marc record is updated with the
item inspite of the error. The mods to the serialitems table structure in this patch
drop serialid.serialitems as a key and make itemnumber.serialitems the primary key
creating a *:1 relationship with the serial table. This patch also makes serialid.serialitems
a foreign key referencing serialid.serial to maintain referential integrity.
Ryan Higgins [Fri, 25 Jul 2008 14:04:07 +0000 (09:04 -0500)]
BUG 2351 : Add duplicate barcode check prior to receiving multiple items. This patch adds a javascript form check for duplicates in-form, and returns an error if there are duplicates in the catalog.
Joe Atzberger [Thu, 24 Jul 2008 21:11:17 +0000 (16:11 -0500)]
TZ - multiple timezone support
Support multiple timezones via Apache SetEnv. See the perldoc for
admin/env_tz_test.pl on how to configure and test. Minimal changes
to Context itself.
This patch fixes the OPAC view and holdability of items:
1. restores a check to itemtype.notforloan to set the norequests flag
2. changes improper boolean OR with AND for checking conditions of setting norequests
3. displays 'Not for loan' for item-level itypes when the itemtype is set to notforloan
4. restores items.notforloan values < 0 allowing holds (ordered items for instance)
We still need a notforhold flag set at the itemtype, and items level
kohabug 2154 Modifying form input controls to accomodate translations
Due to the logic of the underlying picture-upload.pl depending upon the "value" of the
form input controls and this value being translated, the script then failed to function.
This patch changes the input controls so that this should not be an issue.
This issue should be kept in mind, though, so that it can be avoided in the future.
Fix for bug 2398: Source of Classification - Add item or Edit item in
staff client is defaulting to the ASNCR code instead of the blank above
For some reason the loop used to build the list of values was
setting the first value to the $value variable if $value wasn't
set already, and the default_value was inside rather than outside
the loop. I've removed the setting inside the loop and placed
the default value outide the loop. It's possible I just don't
understand what the original intention was.
kohabug 2224 Corrects display descrepancies when applying filters
This patch corrects display descrepancies when filters are applied to the
acquisitions report. It also corrects a number of other issues with this
report.
Some documentation changes may be in order based on report filters that
were only partially implimented, but are now available.
Ryan Higgins [Thu, 24 Jul 2008 01:02:21 +0000 (20:02 -0500)]
Remove 'Cash Refund' from manual invoice, as it calls a deprecated function. Change the code for 'forgiven' from 'F' to 'FOR', since 'F' is used for 'Fine' elsewhere in the code. Mark other subroutines as deprecated that utilize the accountoffsets table, since that functionality was lost somewhere in the 2.2 series, and half-using it breaks things.
Ryan Higgins [Wed, 23 Jul 2008 20:04:37 +0000 (15:04 -0500)]
Combine 'publication details' and volume columns in display to work with mixed serial data (i.e. some issues linked to serials module, some not). Cleans up display after patch to update sorting with enumchron based on biblio.serial.
Andrew Moore [Wed, 23 Jul 2008 19:27:55 +0000 (14:27 -0500)]
bug 1953 [1/2]: fixing SQL injection problem in C4::Context->preference
C4::Context->preference was not using placeholders and was potentially vulnerable to
a SQL injectin attack. This patch refactors the method to use placeholders.
Andrew Moore [Wed, 23 Jul 2008 18:19:57 +0000 (13:19 -0500)]
bug 2386: adding newline between items in overdue notices
The lines for each item in the overdue notices were not separated by newlines. This cause them to
all be smashed together. I'm putting a newline between them.
UTF-8 to ASCII MAPPINGS -- WARNING: REINDEX REQUIRED
You've been warned :-). This patch contains a more
complete mapping of UTF-8 to ASCII. The mappings are
based on those compiled by Richard Mahoney on the
Zebra list: http://lists.indexdata.dk/pipermail/zebralist/2007-August/001707.html
Note to documentation team: we need an area in the
documentation that discusses how Koha handles searches
and indexing for words that contain diacritics, such
as E-ACUTE (vs E without an acute). If you can paste
this list of mappings from this patch directly into
the docs and it preserves the encoding that would be
great.
NOTE: I don't think this patch addresses issues of
combining vs non-combining forms, and may require
a refactor to address that.
kohabug 2374 Corrects autoBarcode behavior in additem.pl
There should be a documenation change at least for 3.0 to the effect that on systems
not running JavaScript, 'incremental' is the only option available for autoBarcode
although other options appear. A fix for this will hopefully appear in 3.2.
kohabug 2150 Correcting (somewhat) the inconsistent use of autoBarcode syspref
This patch corrects somewhat the inconsistent use of the autoBarcode syspref in serials-edit.pl
It does not impliment all the possibilities currently available in the autoBarcode syspref as
there is currently no support for the js plug-in/drop-in feature in serials-edit.pl. So in this
sense, the autoBarcode syspref is still used inconsistantly here. The fix for this is recommended
for rel_3_2
kohabug 2159 Improving "Lists" button list refreshes after adding/changing lists/shelves
Adding code to refresh "Lists" button lists display in OPAC masthead.inc
Adding javascript to force refresh of parent window to update "Lists" button menu
Adding query limits and ability to specify row count and offset in queries related to Virtualshelves.
Also added the ability to return total record counts for specified virtualshelves.
Adding C4::VirtualShelves::GetRecentShelves which returns a list of the most recently modified shelves for
a given set of parameters. This allows the user to be offered active private and open lists to add books
to in drop down menus while also allowing drop down menus to be limited to a reasonable length.
This also limits the shelves stored in the user's session to a fixed number. A further enhancement might
be to add a syspref to enable a staff member to define the limit. Currently it is hardcoded at 10 per
list type (private/public-open).
Adding pagination to list/shelf related screens
Moving refresh shelves code into C4::VirtualShelves::RefreshShelvesSummary and tidying up a bit
Correcting several inconsistancies in the shelves templates as well as handling shelf management on
the intranet side correctly.
Correcting "Add To:" drop-down list to show only lists the patron has permission to add to
Correcting a few C4::VirtualShelves::GetShelvesSummary API calls
Modifications for template consistancy
Breaking up a 1367 char line of javascript in opac-results.tmpl
At client request, I added code for a rowtitle_display and coltitle_display. This
allows the script to substitute human-readable lables into the table instead of just
the literal hashkeys. For this client with dozens of numerical patron categorycodes
having a row titled "29" was not very useful.
I cleaned up the templates and a lot of the report code. It is of the same style as
the other copy/paste reports and still need further cleanup. Added sql and debug
feedback (default styled to hidden), as I have for other reports.
Owen Leonard [Mon, 21 Jul 2008 16:23:12 +0000 (11:23 -0500)]
Fix for Bug 2373 ("Tags missing from the left menu"). Also doing some cleanup and reformatting on review.tmpl. Fixing some capitalization--I hope that's not a translation problem.
Fix a bug where the 008 field got replaced if you
inadvertantly clicked in the field and it wasn't empty.
This patch prevents the field from being replaced unless
it's empty.
Koha supports modifying the output of your MARC records for public-facing
Z39.50 and SRU servers. You can set up custom mappings to convert fields such
as 952 (Koha items) to 852 (MARC21 location fields). For example here would
be a popular mapping:
Name: Koha Field Mapping in MARC21
---------------------------
Location: 952 $b => 852 $b
Barcode: 952 $p => 852 $p
Price: 952 $v => 852 $r
Item type: 952 $y => 852 $w
Notes: 952 $z => 852 $z
This would make the output from the SRU server suitable for a
resource sharing network that used the above convention for location
information. To add this configuration to your Zebra, add the following
block of code in the koha-conf.xml in the <retrievalinfo> area:
The retrieval set name (in this case, marc21location) is arbitrary and
should be set as required by your resource sharing network, so long as it won't
conflict with internal usage within Koha itself. It's the retrieval set name
that is used to trigger the server to respond and parse the record through the
stylesheet and apply the mappings.
This patch resolves a few MARC21 Framework issues for
a default installation:
1. Re-names several of the item fields to make more sense to catalogers and patrons
2. Remove links Non-public note from items.paidfor
3. Changes Non-public note to be hidden in the OPAC view
Fixes issues with the 'hidden' field in the framework, specifically:
1. the editor obeys the rules of possible values for hidden (>4, or <-4)
2. the OPAC MARC display obeys the rules of positive values meaning 'hidden in OPAC'
3. the staff MARC display now obeys the rules specified in the hidden values description
Added error catching for bad user input on number of days. I.E., if you
try to filter by "bAd", you now get an error message prompting for valid
digits. Also I updated highlighting to use loop_context_vars.
Fixed filtering to work on either days, vendor or both. Previously, if
you selected a number of days, you had to select a vendor or else got
empty results. DOCUMENTATION NOTE: this supplies the expected behavior,
so specifying vendor is no longer required.
fix for bug 2359: Returning an item from moremember.pl...
Adds a 'forgive fines' checkbox to moremember.pl that defaults to off, and removes the hardcoded $exemptfine = 1 argument to AddReturn in reserves/renewscript.pl. Also, cleans up a little inline CSS.
fix for bug 2221: Problems with Guarantor Fields...
This patch corrects this problem, by, when a patron record is linked as a guarantor, showing that and not allowing the name to be edited. It still allows manual entry of a guarantor. It also untabifies a few places in the affected files and fixes some inconsistent names.
projects / koha.git / log
![16 years agoBug 1953 [6/6]: adding pod documentation for C4::Koha::displayServers](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=a7118d4f4844662ab2175daff577c157225eb8a2){kind=link}
![16 years agoBug 1953 [5/6]: whitespace changes: perltidy.](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=e674bbed0e86a0b7d46b4b67b6abfff1b66e9c61){kind=link}
![16 years agoBug 1953 [4/6]: removing dead code from C4::Koha::displayServers](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=7d6eddf1ec3cc375468e9bc977190db9f998c0df){kind=link}
![16 years agoBug 1953 [3/6]: refactoring to remove superfluous where clause.](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=00ad2d7e6978c776e87a3ddbf204d783cffd4bf1){kind=link}
![16 years agoBug 1953 [2/6]: refactoring SQL in C4::Koha::displayServers to use placeholders.](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=9ecd632001b994a45a48e78b2dd7fcb7ff9dd088){kind=link}
![16 years agoBug 1953 [1/6]: adding test module for C4::Koha::displayServers](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=4a4850b3cce45391b667fce8fa5228c703f7627a){kind=link}
![16 years agoBug 1953 [3/3]: documentation changes for C4::items::GetItemsForInventory](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=f64f8f98bb713afbc93162b05c22cbf0a19a9cdd){kind=link}
![16 years agoBug 1953 [2/3]: refactoring SQL in C4::Items::GetItemsForInventory to use placeholders](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=22d9133268b90ceabffa51fca072fd2828de9e25){kind=link}
![16 years agoBug 1953 [1/3]: test suite improvements](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=362e1025c9c59b482c0c61fa519f539ec0a955f4){kind=link}
![16 years agobug 1953 [2/2]: whitespace and documentation changes](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=e78c7a55842d30424dd9fd569e1d7b48d1775ffd){kind=link}
![16 years agobug 1953 [1/2]: fixing SQL injection problem in C4::Context->preference](/gitweb/Members/js/jscripts/bar_r.gif?p=koha.git;a=commit;h=551b95284ef1cc49016b2f5ebdf8c6e3993a7f2c){kind=link}
