Emily Lamancusa [Fri, 14 Jun 2024 14:03:22 +0000 (10:03 -0400)]
Bug 37089: cud-delete_confirm should not be cud
Adjust aqbudgets.pl and currency.pl to check for the correct op value
To test:
Part 1 - Delete a fund
1. Go to Acquisitions > Funds
2. Try to delete a fund
--> Confirmation page shows fund name as '' and fund amount as 0.00
3. Click "Yes, delete this fund"
--> The fund is still there
Part 2 - Delete a currency
3. Go to Acquisitions > Currencies
4. Try to delete a currency
--> Confirmation shows empty values for currency and rate
5. Click, "Yes, delete this currency"
--> An error message appears and the currency is not deleted
6. Apply patch and restart_all
7. Repeat steps 1-5
--> Confirmation pages display correct information, and deletions
occur successfully
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Phil Ringnalda [Thu, 13 Jun 2024 02:25:14 +0000 (19:25 -0700)]
Bug 37080: Cannot delete MARC bibliographic frameworks or authority types
The scripts for managing both bib and authority frameworks are now expecting
an op 'cud-delete_confirm' but delete_confirm isn't cud, it's just a GET of a
page asking if you are sure. The scripts just need to expect the op they are
actually getting, delete_confirm.
Test plan:
1. Administration - MARC bibliographic framework - New framework
2. Give the framework any code and description and Submit
3. Actions menu for your new framework - Delete
4. Note the message says 'Confirm deletion of framework '' ()?" rather than
having the code and description included.
5. Click Yes, note that deleting failed
6. Administration - Authority types - New authority type
7. Give the authority type any type and description and Submit
8. Actions menu for your authority type - Delete
9. Note the message again says '' () rather than 'desc' (FOO)
10. Click yes, note that deleting failed
11. Finally! Apply patch, reset_all
12. Repeat steps 1-10, this time noting that you get 'desc' (FOO) rather than
'' (), and that deleting works.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Emily Lamancusa [Fri, 14 Jun 2024 14:16:47 +0000 (10:16 -0400)]
Bug 37090: Correct op parameter in edi_accounts.pl
To test:
1. Go to Acquisitions > EDI Accounts
2. Create an EDI account if one is not already there
3. Try to delete the EDI account
--> Page refreshes and nothing happens
4. Apply patch, restart_all, and refresh the page
5. Try to delete the EDI account again
--> A confirmation page displays with correct information
6. Click "Yes, delete"
--> The EDI account is deleted
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Kyle M Hall [Wed, 12 Jun 2024 13:05:53 +0000 (09:05 -0400)]
Bug 37075: Message queue processor will fail to send any message unless letter_code is passed
For reasons unknown, GetOptions is inserting an empty string into the letter_code list. If you are running the script with a letter code filter, the empty string is added to the OR so it functions. If no letter_code is passed, the search requires the letter code to be an empty string, which will of course fail. Even more perplexing is that this does not happen for the type list which is essentially identical code.
Test Plan:
1) Generate some messages in the message queue
2) Run `process_message_queue.pl -v -c`
3) Note nothing happens
4) Apply this patch
5) Repeat step 2
6) Messages are sent!
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Marcel de Rooy [Thu, 16 May 2024 09:25:34 +0000 (09:25 +0000)]
Bug 36875: (follow-up) Modify query in translated_content
This removes the MySQLism for FIELD(..).
In this case we just want to get the non-default records in
the front. So we can just test lang=default. And prevent inserting
$lang in the expression. And so prevent execution in ORDER BY.
No longer needing the ->quote call too.
Test plan:
Run Koha/AdditionalContents.t again.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Marcel de Rooy [Thu, 16 May 2024 08:41:19 +0000 (08:41 +0000)]
Bug 36875: Unit test
Test plan:
Run Koha/AdditionalContents.t without next patch.
Should fail on the sleep execution.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Marcel de Rooy [Thu, 16 May 2024 07:33:41 +0000 (07:33 +0000)]
Bug 36875: Staff counterpart
Same change.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Marcel de Rooy [Thu, 16 May 2024 07:19:30 +0000 (07:19 +0000)]
Bug 36875: Do not pass unsanitized language to $page->translated_content
Test plan:
Try to access opac-page.pl with a language not in OPACLanguages.
Verify that this 'language' was not passed to sql. Simplest perhaps
by debugging AdditionalContent.pm. Something like:
sub translated_content {
my ( $self, $lang ) = @_;
+warn "L137: $lang";
Now have a public additional_contents page and hit it:
/cgi-bin/koha/opac-page.pl?page_id=5&language=badsql
Check your log and find:
[2024/05/16 07:25:53] [WARN] L137: en at [etc] line 137.
So badsql was caught.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Chris Cormack [Wed, 8 May 2024 22:41:43 +0000 (22:41 +0000)]
Bug: 36818 Escape characters in file names uploaded
To test:
1/ create a file named something like 'execute`curl blog.bigballofwax.co.nz`.zip'
Where the domain is one you can watch the logs from
2/ Upload this file as a cover image
3/ Check /var/lib/koha/sitename/tmp/koha_sitename/ and see unescaped filenames
4/ Choose process, check the logs of the webserver see the connection has been made
5/ Apply the patch
5/ Repeat 2 & 3 and see the filename is now escaped
6/ Choose process and check no errors but no no remote execution occurs
7/ Test uploading actual zip file and images still works
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Chris Cormack [Mon, 13 May 2024 02:26:13 +0000 (02:26 +0000)]
Bug 36520: Sanitize input in opac-sendbasket.pl
To test
1/ Add some items to your cart in the opac
2/ Choose send cart
3/ Open firefox developer tools and switch to the network tab
4/ Send cart
5/ In the network tab, find the post request and choose copy as curl
6/ Edit the curl command to add )+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+- to the bib_list parameter
7/ Run the curl notice it takes a long time to respond, if you want to check run the curl without the above part added
8/ Apply the patch and restart plack
9/ Run the modified curl and notice no longer the slow down
10/ Test in browser and make sure the basket is still sent
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Mon, 13 May 2024 12:47:28 +0000 (14:47 +0200)]
Bug 36520: Prevent SQL injection in GetPreparedLetter
Actually in _get_tt_params
The following query will delay the response
SELECT `me`.`biblionumber`, `me`.`frameworkcode`, `me`.`author`, `me`.`title`, `me`.`medium`, `me`.`subtitle`, `me`.`part_number`, `me`.`part_name`, `me`.`unititle`, `me`.`notes`, `me`.`serial`, `me`.`seriestitle`
, `me`.`copyrightdate`, `me`.`timestamp`, `me`.`datecreated`, `me`.`abstract`
FROM `biblio` `me`
WHERE `biblionumber` = '1) AND (SELECT 1 FROM (SELECT(SLEEP(6)))x)-- -'
ORDER BY field( biblionumber, 1 ) AND (
SELECT 1
FROM
SELECT SLEEP( 6 ) x
) -- - )
To test
1/ Add some items to your cart in the opac
2/ Choose send cart
3/ Open firefox developer tools and switch to the network tab
4/ Send cart
5/ In the network tab, find the post request and choose copy as curl
6/ Edit the curl command to add )+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+- to the bib_list parameter
7/ Run the curl notice it takes a long time to respond, if you want to check run the curl without the above part added
8/ Apply the patch and restart plack
9/ Run the modified curl and notice no longer the slow down
10/ Test in browser and make sure the basket is still sent
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Wed, 15 May 2024 09:25:47 +0000 (11:25 +0200)]
Bug 36520: Add tests
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Bug 36575: (QA follow-up) Shibboleth POD and checkpw_internal call
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Wed, 24 Apr 2024 15:06:22 +0000 (15:06 +0000)]
Bug 36575: Adjust checkpw_internal to return patron
This patch refactors checkpw_internal to remove the SQL code, use patron ojbects, and return the
patron that correctly matches the userid/caerdnumber when auth is successful
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Wed, 24 Apr 2024 14:25:40 +0000 (14:25 +0000)]
Bug 36575: (bug 34893 follow-up) Return patron when autocreating in Shibboleth
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Wed, 24 Apr 2024 14:23:51 +0000 (14:23 +0000)]
Bug 36575: (bug 34893 follow-up) Return patron from LDAP
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Martin Renvoize [Thu, 11 Apr 2024 10:18:30 +0000 (12:18 +0200)]
Bug 36575: (QA follow-up)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Thu, 11 Apr 2024 09:39:03 +0000 (09:39 +0000)]
Bug 36575: Return correct patron when there is a shared userid / cardnumber
This patch moves some patron fetching code in C4/Auth to use to patron returned from the validation
methods and only try to fetch the patron (to check if locked, update attempts, etc) if we didn't authenticate
To test:
1 - Set a user to have userid = BANANA password = Password1
2 - Set a user to have cardnumber = BANANA password = Password2
3 - Hit the patron authentication API:
http://localhost:8080/api/v1/auth/password/validation
with data:
{ "identifier": "BANANA", "password":"Password1" }
and:
{ "identifier": "BANANA", "password":"Password2" }
4 - Note you receive the same response for both
5 - Apply patch, restart all
6 - Repeat the API and confirm you get the correct patron for the password submitted
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Lucas Gass [Wed, 12 Jun 2024 19:40:03 +0000 (19:40 +0000)]
Bug 36459: Do not duplicate duedatespec IDs
To test;
1. Go to circ/circulation.pl and check an item out to a patron.
2. Backdate it to sometime in the past using the "Specify due date
(MM/DD/YYYY) : " input
3. A modal appears to "Please confirm checkout". The date is no longer
populated in that field.
4. You must add the date again here.
5. APPLY PATCH
6. Try again and this time the confimration date should be set
correctly.
7. Follow the test plan from Bug 18885 to make sure on site checkouts
still work correctly.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch moves the 'PlaceHoldsOnOrdersFromSuggestions' system preferences
from the Acquisitions->Printing section to the Circulation->Holds Policy section.
To test:
1) Go to Admin->System Preferences and search for 'PlaceHoldsOnOrdersFromSuggestions'
2) Note that it is located in the Acquisitions prefs, under the Printing subheading
3) Apply patch
4) search for the preferences again
5) Note that it is now located in the Circulation preferences under the Holds Policy subheading
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Magnus Enger [Thu, 6 Jun 2024 13:12:29 +0000 (15:12 +0200)]
Bug 36330: Follow up, change comments in the DB
This patch updates the comments of course_items.location and
course_items.enabled to say "reserve" instead of "reseve".
To test in ktd:
- sudo koha-mysql kohadev
- Run: "SHOW CREATE TABLE course_items;"
- Verify the comments of "location" and "enabled" contains
"reseve" instead of "reserve"
- Make a note of the definitions of these two columns
- Run the atomicupdate: "sudo koha-upgrade-schema kohadev"
- Log into the database again and run the same command as above
- Verify the comments now say "reserve" instead of "reseve"
- Make sure the column definitions are otherwise identical to
the ones you saw before the upgrade. Only the spelling of
"reserve" in the comment should be changed.
Signed-off-by: David Nind <david@davidnind.com>
Removed unnecessary line of debug output. 2024-06-10 Magnus Enger
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Alex Buckley [Thu, 21 Mar 2024 23:49:09 +0000 (23:49 +0000)]
Bug 36330: Change 'reseve' to 'reserve'
Test plan:
1. git grep 'reseve'. Notice there are instances of 'reseve'
2. Apply patch
3. Repeat step 1, there should be no instances of 'reseve'
Sponsored-by: Catalyst IT, New Zealand Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Brendan Lawlor [Thu, 6 Jun 2024 13:14:43 +0000 (13:14 +0000)]
Bug 35294: Fix typos in catalogue code comments
Test plan:
1. git grep -n -E 'barocode|preproccess' to find the files and line # of typos
2. Apply the patch
3. git grep -E 'barocode|proccess'
4. See no results
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
David Nind [Tue, 4 Jun 2024 01:57:37 +0000 (01:57 +0000)]
Bug 25520: Fix the SMS number input hint on the OPAC messaging page
This makes the hint when entering an SMS number on the OPAC messaging
settings page the same as the staff interface hint: "Please enter
numbers only. Prefix the number with + or 00 if including the country
code." For some countries using either +XX or 00XX are accepted,
for example: +49 or 0049.
Test plan:
1. Set the SMSSendDriver system preference to Email
2. View the current hint for entering an SMS number in the staff
interface:
2.1 Go to Patrons > + New patron > Patron.
2.2 Scroll down to the 'Patron messaging preferences' section at the
end of the page.
2.3 Note that the hint is "Please enter numbers only. Prefix the
number with + or 00 if including the country code.".
3. View the current hint for entering an SMS number in the OPAC:
3.1 Go to the OPAC > Your account (log in if required).
3.2 Select the 'Messaging' tab/section.
3.3 Note that the hint is "Please enter numbers only. Prefix the
number with + if including the country code.".
3.4 The difference: "..or 00.." is missing.
4. Apply the patch.
5. Refresh the OPAC messaging page.
6. The hint text for the OPAC is now the same as the staff interface.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Sam Lau <samalau@gmail.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
David Nind [Fri, 31 May 2024 21:19:57 +0000 (21:19 +0000)]
Bug 36922: Patron attributes - update hint text for "Is a date"
The date field for patron attributes is now repeatable (enhancement made
in Koha 24.05 with bug 32610). This updates the hint text to reflect
the change.
Test plan:
1. Go to add a patron attribute (Administration > Patrons and
circulation > Patron attribute types > + New patron attribute type )
2. Note that the hint for the "Is a date" field says "...Date attributes
cannot be repeatable or linked to an authorised value category.".
3. Apply the patch.
4. Reload the page.
5. Note that the hint now says "...Date attributes are repeatable,
but cannot be linked to an authorised value category."
6. Sign off D:
PA amended: 'are repeatable' -> 'can be repeatable'
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
David Nind [Thu, 16 May 2024 03:59:42 +0000 (03:59 +0000)]
Bug 36338: Update onboarding error message when creating the Koha administrator patron
Update the error message for the web installer onboarding
section when creating the Koha administrator patron (where
the card number or username already exists):
- Fix capitalization
- Use the same label in the error message as used in
the form
Error message before: The patron has not been created!
Card number or Userid may already exist.
Error message after: The patron was not created! The
card number or username already exists.
Test plan:
1. Option 1:
1.1 Review the diff for the patch and make sure that
the updated text makes sense.
. Previous text: The patron has not been created!
Card number or Userid may already exist.
. Updated text: The patron was not created! The
card number or username already exists.
OR
2. Option 2:
2.1 Access the database server:
mysql -uroot -ppassword -hkoha-db-1
2.2 Drop the koha_kohadev database:
drop database koha_kohadev;
2.3 Create the database: create database koha_kohadev;
2.4 Add privileges (for a real installation this would
be limited):
grant all on koha_kohadev.* to koha_kohadev;
2.5 Restart everything (there may be some errors listed):
flush_memcached and then restart_all
2.6 Access the web installer: go to 127.0.0.1:8081
2.7 Use the database user name and password: get from
/etc/koha/sites/kohadev/koha-conf.xml
(default: koha_kohadev, password)
2.8 Continue through the installation process until you
reach 'Selecting default settings':
. Make appropriate selections to use all the sample
data options and settings
2.9 For the 'Onboarding' step - Create Koha
administrator patron:
. Surname: Acevedo
. First name: Henry
. Card number: make up a number that doesn't exist in
the sample date, for example: 741852963
. Library: Centerville
. Patron category: Staff
. Username: 23529000035676 (this is an existing
value already in the sample data)
. Password: a valid password, for example:
KohaCon2024
. Confirm password: repeat password used
. Submit
==> Error message before patch: The patron has not
been created! Card number or Userid may
already exist.
2.10 Apply the patch.
2.11 Repeat step 2.9
2.12 The error message is now: The patron was not created!
The card number or username already exists.
3. Sign off.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Janusz Kaczmarek [Wed, 22 May 2024 21:08:35 +0000 (21:08 +0000)]
Bug 36930: Item search gives irrelevant results when using 2+ added filter criteria
In the Item search the librarian is allowed, in the first step, to define
additional filters like Title, Author, Publisher, Publication date etc.
(in the third fieldset). This works fine but only for one criterion.
If one adds two or more criteria, the filter does not apply at all.
Test plan
=========
1. Make an Item search with the Pulblisher filter. Put
%University of California% as the value.
You should get 5 rows (with standard ktd test data set), three
from 1982, and two from 1988.
2. Edit search -> add the second criterion: AND Publication date is 1982.
You would expect three rows but you get 900+ rows.
3. Apply the patch; restart_all.
4. Repeat p. 2. You should get the expected three rows.
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
David Nind [Tue, 28 May 2024 01:34:41 +0000 (01:34 +0000)]
Bug 36961: Fix typo in opacreadinghistory system preference description
Fix a spelling error in the opacreadinghistory system preference
description - 'itms' to 'items'.
Test plan:
1. In the staff interface view the description for the
opacreadinghistory system preferences (Koha administration >
System preferences > search for opacreadinghistory).
2. Note that it reads "Allow patrons to see what itms they have
checked out in the past."
3. Apply the patch.
4. Refresh the page.
5. Note that 'itms' is now spelt correctly as 'items'.
6. Sign off.
Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Marcel de Rooy [Thu, 23 May 2024 08:47:50 +0000 (08:47 +0000)]
Bug 36940: Resolve two warnings on undefined branchip
If you enabled AutoLocation and have a branch without ip, this
triggers warnings.
Test plan:
Check logs in this situation with/without this patch by logging out
and in again on staff.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
David Nind [Tue, 21 Nov 2023 23:11:02 +0000 (23:11 +0000)]
Bug 34573: (follow-up) Additional updates for modify vendor page
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Tue, 21 Nov 2023 13:48:42 +0000 (13:48 +0000)]
Bug 34573: Fix inconsistencies in acquisitions modify vendor title tag
This patch updates the vendor details template so that the title tag
correctly reflects whether the user is viewing the vendor or modifying
it.
To test, apply the patch and go to Acquisitions.
- Locate a vendor and view the details (supplier.pl?booksellerid=X)
- The title should read "Vendor X > Acquisitions > Koha"
- Edit the vendor.
- The title should read "Modify vendor X > Acquisitions > Koha"
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Julian Maurice [Fri, 16 Feb 2024 08:23:13 +0000 (09:23 +0100)]
Bug 34077: Improve documentation and error messages of writeoff_debts.pl
* Change the SYNOPSIS to better describe the different ways to use the
script
* Only show the SYNOPSIS when options used are wrong (unknown option,
no filter options, or neither -c nor -v)
* Show the options details only with --help
* Clarify the fact that -v is required when -c is not supplied in the
description of both options
* Print a specific error message for the following cases:
* no filters options
* neither -c nor -v was supplied
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Matt Blenkinsop [Thu, 23 May 2024 09:23:10 +0000 (09:23 +0000)]
Bug 36937: Remove warning from unit tests
This patch fixes a warning in the unit tests
Test plan:
1) prove t/db_dependent/api/v1/password_validation.t
2) There will be a warning in the output - 'Use of uninitialized value $status in numeric eq (==)'
3) Apply patch
4) Re-run the test
5) The warning will disappear
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Kyle M Hall [Fri, 17 May 2024 12:46:30 +0000 (08:46 -0400)]
Bug 35597: Move modification logging to Koha::Suggestion
Some actions such as archiving a suggestion were not being logged.
By moving the logging to Koha::Suggestion we can ensure more
modifcations will be logged.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Lucas Gass [Fri, 17 May 2024 12:12:57 +0000 (08:12 -0400)]
Bug 35597: Log creation on suggestion from staff or OPAC
To test:
1. Apply patch, restart services, updatedatabase
2. Search for the system preference 'SuggestionsLog', it should be off.
Turn it on.
3. Create a purhase suggestion
4. Go to Tools > Log viewer. In modules check 'Suggestions'
5. You should see your newly created suggestion.
6. Create a suggestion from the OPAC.
7. You should see your newly created OPAC suggestion.
8. Modify the suggestion and check the logs again, the modification
should be logged.
9. Delete the suggestion, the deletion should be logged.
10. Do a purchase suggestion via the OPAC.
11 Check the logs to see the newly created suggestion, the interface
should be OPAC.
12. Turn off SuggestionsLog
13. No changes of any kind should be logged.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Ray Delahunty <lib-systems@arts.ac.uk> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Lucas Gass [Thu, 21 Dec 2023 23:05:19 +0000 (23:05 +0000)]
Bug 35597: logaction when modifying or deleteing suggestions
To test:
1. Apply patch, restart services, updatedatabase
2. Search for the system preference 'SuggestionsLog', it should be off.
Turn it on.
3. Create a purhase suggestion
4. Go to Tools > Log viewer. In modules check 'Suggestions'
5. You should see your newly created suggestion.
6. Modify the suggestion and check the logs again, the modification
should be logged.
7. Delete the suggestion, the deletion should be logged.
8. Do a purchase suggestion via the OPAC.
9. Check the logs to see the newly created suggestion, the interface
should be OPAC.
10. Turn of SuggestionsLog
11. No changes of any kind should be logged.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Ray Delahunty <lib-systems@arts.ac.uk> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
David Nind [Mon, 3 Jun 2024 02:01:30 +0000 (02:01 +0000)]
Bug 30715: Terminology for the log viewer - use 'Staff interface' instead of 'Intranet'
The log viewer (Tools > Additional tools > Log viewer) uses
'Intranet' as:
- an option for filtering what log entries to display.
- a value in the log entries interface column, for log entries.
Koha's terminology guideline is to use 'Staff interface' instead of
'Interface' (https://wiki.koha-community.org/wiki/Terminology#I).
Test plan:
1. Perform some actions that will create log entries when using the
staff interface. For example:
1.1 Enable the UseRecalls system preference.
1.2 Edit the title for a record.
1.3 Add an item for a record.
2. Use the log viewer to view the logged changes:
2.1 Go to Tools > Additional tools > Log viewer.
2.2 Select Submit.
2.3 Log entries are displayed for the changes made.
3. Note that:
3.1 For the log viewer 'Interface' filter options, "All" is
selected by default, and other options are Intranet, OPAC,
SIP, Command-line, REST API, and Cron job.
3.2 For the changes viewed in step 2, the value displayed in
the 'Interface' column is 'Intranet'.
4. Apply the patch.
5. Refresh the page.
6. Note that:
5.1 For the interface filter options, 'Intranet' is now changed
to 'Staff interface'.
5.2 In the list of log entries, the value in the interface column
is now 'Staff interface'.
7. Sign off D:
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Lucas Gass [Fri, 31 May 2024 21:30:43 +0000 (21:30 +0000)]
Bug 37005: Fix problem with item_type_description being undefined
To test:
1. Set noItemTypeImages to 'Don't show'
2. Find a record with items and notice the holdings table never loads.
3. APPLY patch, maybe clear borwser cache too.
4. Try again, the holdings table should load.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Fridolin Somers [Fri, 31 May 2024 07:45:27 +0000 (09:45 +0200)]
Bug 36999: Fix 00-strict.t fails to find koha_perl_deps.pl
Since Bug 36323 moved koha_perl_deps.pl it is not needed anymore in 00-strict.t
It fails with :
koha_1 | Can't stat koha_perl_deps.pl: No such file or directory
koha_1 | at /usr/share/perl5/Test/Strict.pm line 151.
Patch remove koha_perl_deps.pl from @dirs.
It contains misc.
Test plan :
prove t/db_dependent/00-strict.t
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Laurae [Tue, 11 Jun 2024 14:04:38 +0000 (14:04 +0000)]
Bug 37071: Updated the purchase suggestions link
To test:
1. Go to a patron account and click on “New purchase suggestion” under the “Purchase Suggestions” tab.
1. Clicking on the button will take you to the suggestions management page.
2. Apply the patch.
3. Go back to the patron account and click on the “New purchase suggestion” link again. This time it will take you to the purchase suggestion form. You are now able to successfully submit a purchase suggestion.
4. Sign off and have an amazing day. :D
Signed-off-by: Sam Lau <samalau@gmail.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Martin Renvoize [Thu, 13 Jun 2024 12:38:57 +0000 (13:38 +0100)]
Bug 37037: (RM follow-up) Add hint at end of script run
This patch adds a hint to the end of the script to notify the end user
that they may need to run the build_holds_queue cronjob if they are
using RealTimeHoldsQueue.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Kyle M Hall [Wed, 5 Jun 2024 15:04:31 +0000 (11:04 -0400)]
Bug 37037: touch_all_biblios.pl triggers rebuilding holds for all affected records when RealTimeHoldsQueue is enabled
If RealTimeHoldsQueue is on, touch_all_biblios triggers a update_holds_queue_for_biblios background job for each affected record. This will result in a as many background jobs being queued up as records! It makes far more sense for this script to not do that which gives the administrator the option for running the holds queue builder if the changes would affect holdability, or to not run it at all.
Test Plan:
1) Run touch_all_biblios.pl
3) Note a update_holds_queue_for_biblios background job is queued for each record touched
4) Apply this patch
5) Merge touch_all_biblios.pl again
6) Note that no update_holds_queue_for_biblios jobs were queued
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Tue, 11 Jun 2024 15:13:36 +0000 (16:13 +0100)]
Bug 36207: (RM follow-up) CSRF correction
I think there was a rebase issue here where we split the form into two
forms instead of one. This patch returns us to one form with two
different submit options (one for selected tags and one per tag) that
both trigger the confirmation modal before submitting to the controller.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 34838: Use ->set to avoid method redefinition warnings
This patch silences more warnings. To test
1. Be on 23.11.x
2. Apply the patches before this one
3. Run:
$ ktd --shell
k$ prove t/db_dependent/Illrequests.t
=> FAIL: Lots of warnings like this:
Subroutine Koha::Illrequest::SUPER::status redefined at /kohadevbox/koha/Koha/Object.pm line 955.
Subroutine Koha::Illrequest::SUPER::status_alias redefined at /kohadevbox/koha/Koha/Object.pm line 955.
illrequestattributes is DEPRECATED in favor of extended_attributes at t/db_dependent/Illrequests.t line 1071.
4. Apply this patch
5. Repeat 3
=> SUCCESS: No more warnings!
6. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Sam Lau [Wed, 5 Jun 2024 17:57:10 +0000 (17:57 +0000)]
Bug 35869: Removes the dismiss button from messages on OPAC SCO module
This removes the "Dismiss" button from the SCO module. Currently, the
"Dismiss" button is present, however it does not function properly and
logs the user out if they press it. As noted on previous chats, keeping
the button would require serious changes, thus it's easier just to remove
the functionallity.
To test:
1) Enable WebBasedSelfCheck
2) Add an OPAC mesaage to a patron account
3) Login to self check ( http://localhost:8080/cgi-bin/koha/sco/sco-main.pl )
4) See the OPAC message, click dismiss.
5) Notice you are logged out at redirected to:
( http://localhost:8080/cgi-bin/koha/opac-dismiss-message.pl )
6) Apply patch
7) Log back into the self checkout module
8) Notice that there is no longer a "Dismiss" button for the message.
9) Log into OPAC into the same user's account
10) On the summary page, note that there is still a dismiss button.
11) Ensure this still works properly
12) sign-off
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Emmi Takkinen [Tue, 4 Jun 2024 10:00:05 +0000 (13:00 +0300)]
Bug 37021: Change item_id type as integer in holds endpoint
When one makes a GET call to holds endpoint and hold has
item attached to it, item_id is handled as string not integer
as it should.
To reproduce:
1. Make sure you have hold waiting in your database.
2. Call endpoint api/v1/holds/?q=[{"me.status":"W"}].
=> Note that holds item_id is displayed as item_id: "12345".
3. Apply this patch.
4. Call endpoint again.
=> item_id should now be displayed as 12345.
Also prove t/db_dependent/api/v1/holds.t.
Signed-off-by: Jan Kissig <jkissig@th-wildau.de> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Thu, 29 Feb 2024 18:37:54 +0000 (18:37 +0000)]
Bug 36207: Use confirmation modal when removing tags from titles in the OPAC
This patch changes the process of removing a tag from a title on the
user's tag list. It now uses a confirmation modal dialog instead of a
JavaScript alert.
The patch also makes some minor tweaks to CSS to correct style on
"remove" links.
To test, apply the patch and rebuild the OPAC CSS.
- Log in to the OPAC as a user who has submitted multiple tags or tags
on multiple items.
- Open the "Tags" link in the sidebar of the user summary page.
- Click the "Remove tag" link next to one of the titles in the table
of the user's tags.
- You should see a modal confirmation message, "Are you sure you want
to remove the selected tag from this title?" It should show the
title and the tag which will be removed.
- Test both the "Yes, remove tag" and "No, do not remove tag" choices.
- Check the box next to one of the tagged titles and click the
"Remove selected tags" button at the bottom of the table.
- You should see a modal confirmation message, "Are you sure you want
to remove this item from the list?" It should show the title and
the tag which will be removed.
- Test boh the "Yes" and "No" choices.
- Check the box next to multiple tagged titles and click the
"Remove selected tags" button at the bottom of the table.
- You should see a modal confirmation message, "Are you sure you want
to remove the selected tags from these titles" It should show the
titles of all the records you selected and the corresponding tags to be
removed.
- Test both the "Yes" and "No" choices.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 35639: Trim the messages that are too long before sending them via SMS
I created a new system preference, SMSSendMaxChar, which allows you to set a limit for the number of characters in SMS messages to send. When a limit is set, messages that exceed it will be trimed.
TEST PLAN
1) Apply the patch
2) Run prove t/db_dependent/Letters.t
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the following languages into advanced search "Languages" dropdown:
Greenlandic
Karelian
Cornish
Burmese
Punjabi
Pashto
Finnish Kalo
Akkala Sami
Kildin Sami
Ter Sami
Pite Sami
Kemi Sami
Ume Sami
Southern Sami
Northern Sami
Sami languages
Lule Sami
Inari Sami
Skolt Sami
Somali
Sotho
Votic
To test:
1. perl installer/data/mysql/updatedatabase.pl
2. Go to intranet advanced search
3. Click "More options"
4. See "Limits" fieldset, it should have "Language" drop down
5. Observe that the languages provided in this patch are visible in this dropdown
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Just noting that the order in this dropdown is hopeless. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
David Nind [Tue, 14 May 2024 07:15:24 +0000 (07:15 +0000)]
Bug 34597: (follow-up) Update system preference description and order of options
Update the note for the BlockExpiredPatronOpacActions system preference to
make it clearer, and to follow the standard convention for notes.
Order of options for 'Block expired patron OPAC actions' when editing the
patron category changed to alpabetical order, to match the system preference
order.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Thu, 28 Mar 2024 12:52:29 +0000 (12:52 +0000)]
Bug 34597: Implementation
New can_patron_place_ill_in_opac method to include all rules
that need checking to determine if a patron is allowed
to place an ILL request on the OPAC or not.
Added effective_BlockExpiredPatronOpacActions_contains rule to
this new method.
Test plan, k-t-d,:
1) Install FreeForm and enable ILLmodule, run:
bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev.sh)
1.5) Checkout FreeForm's reorganize_ILL branch:
cd /kohadevbox/koha/Koha/Illbackends/FreeForm
git checkout reorganize_ILL
koha-plack --restart kohadev
2) Edit a patron category, visit:
<staff_url>/cgi-bin/koha/admin/categories.pl
3) Set 'Placing an ILL request' for the "Block expired patrons" input config
4) Add a new patron of one of the above category, make sure this patron is expired (set an expirydate to the past).
5) Login as that user and visit ILL page in OPAC:
/cgi-bin/koha/opac-illrequests.pl
6) Confirm there is no "Create a new request" button
7) Access the create a new request page url directly:
<opac_url>/cgi-bin/koha/opac-illrequests.pl?op=add_form&backend=FreeForm
8) Confirm you get a 403 page
9) Set the 'Block expired actions' to "Follow system preference BlockExpiredPatronOpacActions"
10) Test different values of the BlockExpiredPatronOpacActions system preference and confirm the behaviour matches what's configured
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Wed, 24 Apr 2024 11:25:19 +0000 (11:25 +0000)]
Bug 36453: (QA follow-up) Update api spec
Access {staff_url}/api/v1/patron_categories and notice all is as expected
Update some patron category's blocked expired patron OPAC actions and access the endpoint again, notice it's okay.
Updated API tests to include to_api confirming attributes are rendered correctly:
prove t/db_dependent/api/v1/patron_categories
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Tue, 23 Apr 2024 15:50:19 +0000 (15:50 +0000)]
Bug 36453: (QA follow-up) Cosmetic fixes
This is a squash of several improvements:
- Override weird blue color being applied from MultipleSelect when all options from an optgroup are selected;
- Fix input width depending on selected value. Now it should always be same width regardless;
- Updated the system preference UI wording to reflect new behavior;
- Updated UI labels in the patron category edit page to enforce that the actions being selected are "actions to be blocked"
- Corrected sysprefs.sql entry
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Thu, 28 Mar 2024 10:12:12 +0000 (09:12 -0100)]
Bug 36453: Update tests
Address new new version of system pref
Address new version of categories DB table BlockExpiredPatronOpacActions column
Test plan, k-t-d, BEFORE applying patch:
1) Edit some patron categories, visit:
/cgi-bin/koha/admin/categories.pl
2) Set different values for the "Block expired patrons" input config
Set a category to block
Set a category to don't block
Set a category to follow the syspref
3) Take note of the current value of the BlockExpiredPatronOpacActions sys pref
Apply patch, then run the following commands
- koha-plack --restart kohadev
- yarn css:build
- run updatedatabase
4) Visit the patron categories you edited before, make sure they all have the correct values for the new config type
5) Check the BlockExpiredPatronOpacActions sys pref and make sure the new value is correct according to what was before
6) Add a new patron of one of the above categories, test that:
If 'hold' is a blocked action, patron is unable to place a hold in OPAC
If 'renew' is a blocked action, patron is unable to renew in OPAC
If 'follow sys pref' is the option, check that a patron may place a hold or renew an item according to the BlockExpiredPatronOpacActions sys pref value
Pedro Amorim [Tue, 26 Mar 2024 17:13:51 +0000 (17:13 +0000)]
Bug 36453: Categories admin page:
Account for multiple values param
Input is now multipleselect select
JavaScript
Staff CSS updates to account for multiselect dropdown in categories admin page
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Lari Strand [Mon, 3 Jun 2024 11:34:10 +0000 (14:34 +0300)]
Bug 34718: Input field in fund list (Select2) on receive is inactive
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Matt Blenkinsop [Wed, 29 May 2024 11:06:31 +0000 (11:06 +0000)]
Bug 36983: Fix incorrect required class
This patch fixes an error on the B_address2 field which sets it to be
required incorrectly
Test plan:
1) In PatronSelfRegistrationBorrowerMandatoryField, set B_address to be
required.
2) In the OPAC, navigate to the self registration form.
3) In the Alternate address section, fill in the Address field that you
have just set to be required. Ensure that you leave the Address 2
field blank.
4) Fill in all other required fields and submit the form, it should show
you that the Address 2 field is required, even though it shouldn't be
5) Apply patch
6) Refresh the page and repeat steps 1-5, it should allow youto submit
the form
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>