Bug 18922: Warning in Biblio::GetCOinSBiblio

Use of uninitialized value in concatenation (.) or string at C4/Biblio.pm line 1456.
Note: In current master this is now line 1370 (Oct 9, 2017).

Test plan:
Enable COinSinOPACResults.
Select a record with leader pos6==a and pos7==a. This triggers genre to be
journalArticle and titletype to be a.
Without this patch, do an opac search that includes this record.
Check the log. You should see the warning.
Apply this patch, search again and check the log. The warning should not be
repeated again.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit a82d54d4b4f5eb7aa7d45afc13dac0a80c86f9ce)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0e1bc5db8202f94aa88cb69905ff0106f2896497)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Merge remote-tracking branch 'kc/16.11.x' into 16.11.x

Release notes for 16.11.15

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Translation updates for Koha 16.11.15

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Merge remote-tracking branch 'bernardo/16.11.15-translate-20180103' into 16.11.x

Translation updates for Koha 16.11.15

Bumping version number for 16.11.15 release

Bug 19796 - Fix doubled up subscription info on OPAC detail page

The info "Subscription from..." is showing twice on the subscription
tab on the OPAC detail page because of a bad merge. This patch removes
the doubled up information.

To test:
- Add a subscription
- Search for the record in the OPAC
- Switch to the subscription tab
- Verify that the 'Subscription from...' line is repeated
- Apply patch
- Verify only one line remains and nothing is missing

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Bug 19614: Fix XSS in members/pay.pl

To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field firstname, surname that contains js
3. Save the page.
4. click on fine tab
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19612: Fix XSS in members/memberentry.pl

To Test
1. Hit the page /cgi-bin/koha/members/memberentry.pl
2. Add a text in the field address, address2, city, state, country,
   zipcode, B_streetnumber, B_city, B_country, B_zipcode that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19611: Fix XSS Flaws in supplier.pl

Test
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field Name that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19319: Only fetch the record if it exists

We already know if the bibliographic record exists (404 redirect),
we can avoid unecessary fetches

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19319: (QA follow-up) Biblionumber leftovers in opac-detail.tt

Correcting a few biblionumber template var leftovers in opac-detail
template. They were combined with url filter instead of html.

Test plan:
[1] Look for [^.;?]biblionumber in opac-detail.tt and verify that these
    occurrences are fine.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19319: Reflected XSS Vulnerability in opac-MARCdetail.pl

Try going to this URL on your site: /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST>

Test Plan:
1) Go to /cgi-bin/koha/opac-MARCdetail.pl?biblionumber=2"><TEST>
2) Note <TEST> is embedded all over the html
3) Apply this patch
4) Refresh the page, note the injection is gone!
5) run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19570: Add autocomplete to opac-main as well

To confirm all the files were modified for opac, typed
this:
$ git grep -i password | grep opac | grep -v "[.]po:" | grep
"opac[^/]*[.]tt:" | cut -f1 -d: | sort -u

The follow output was handled as follows:
    koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt
    koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt
    koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt
    koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-registration-confirmation.tt
These were already done in the first patch.

    koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
This already had the autocomplete modification.

    koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
This was a false-find. There was no modification necessary.

    koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-main.tt
This is the modal login in. This patch amends it.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19570: Add autocomplete='off' for login forms at the opac

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19569: Set X-Frame-Options=SAMEORIGIN - opac-showmarc.ok

Before and after:
wget 'http://catalogue.kohadev.org/cgi-bin/koha/opac-showmarc.pl?id=1&viewas=html'
must be the same

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19568: Escape url params with url filter - opac-opensearch.tt

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19593: follow up to fix tests

Bug 19593 Basketcount correction on Bookseller.pm

To test:
1/ go to /cgi-bin/koha/acqui/booksellers.pl or
/cgi-bin/koha/acqui/supplier.pl
2/ Note that it displays the delete vendor button instead of the
receive shipments button
3/ Apply patch
4/ Reload the page and notice the button is fixed

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19655: Use ->build instead of build_object in 16.11.x

The build_object method of TestBuilder has been added by bug 18182,
which is not in 16.11.x

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Bug 19655: Make To.json escape doesn't escape newlines  to create valid JSON

JSON does not allow real line-breaks. If a field contains them and they are not escaped, a JSON parser will be unable to convert the stringified JSON back into an object.

This is clearly exemplified by the guarantor search, where a multi-line note on the guarantor's record will break the ability to select that guarantor.

Test Plan:
1) Create Patron A with a "Circulation note" that has multiple lines in it
2) Create Patron B
3) Attempt to set Patron A to be the guarantor for Patron B
4) Note selecting the patron does nothing
5) Apply this patch
6) Repeat step 3
7) Selecting the guarantor now works!

Signed-off-by: Simon Pouchol <simon.pouchol@biblibre.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9cd9240c362336e390eed01acf3630f33e73825f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit efb28c4af16efbe688322415ae06c6a85fd3454b)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Bug 19655: Add tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 6a4b36bc3a186adb07679c2a3549e69974e02c18)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f2a828d5519fb346d6e4d768f80e1ebe3f2ead46)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Add release notes for Koha 16.11.14

Merge remote-tracking branch 'transl/16.11.14-translate-20171121' into 16.11.x

Translation updates for Koha 16.11.14

Increment version for 16.11.14 release

Bug 18884: Advanced search on staff client, Availability limit not properly limiting

Patch applies and functions as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 48be40d1bfaf13a70b6bf4918e885d9158e25f66)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit fa0608bc4c2e66628285f7434749df0a0e690e8b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19487: Refetch the object to get up-to-date values

This has been raised by failures on t/db_dependent/Circulation/issue.t
(thanks tests!)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 850243ee2ec66a4b569d29ed84423f09c0001690)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 9d3b39e94de837cfc08259ae5778fb0372b662ff)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19487: Fix MarkIssueReturned.t

MarkIssueReturned must now return directly if the issue does not exist.
We then check if the anonymous patron configuration is correct.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 60bb936bc28b73f1653207cce36f432dec094017)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 49beda21761e57d1d7b389e6a08f3327a53215b0)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19487: Do not return an item if not checked out

To recreate:
1 - Manually add a lost fine to a ptron and include a barcode
2 - Attempt to write off the fine
3 - Internal server error
4 - Checkout an item and mark lost to checkin and fine
5 - Attempt to write off line
6 - Internal server error

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7b5c1fce5880f8592c5a9dbd40614a760bb2607e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 243009bc9a07f89adbe14a4c8f35df85030f3dab)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18616 - The "Add forgot password link to OPAC" should allow patrons to use their library card number in addition to username

Allow patrons to enter either their library card number or user name in the "Log in" box for password recovery.

Most patrons at our library use their card number to log in and are unaware of what their userid is. However there are some who have set a

customized userid and would prefer to use that. This patch would allow either to be entered for password recovery.

To test:
1. Enable the password recovery feature.
2. In the OPAC, click on "Forgot you password?" link and enter a valid library card number.
3. The error message "No account found with the provided information" appears.
4. Apply the patch.
5. Repeat step 2. The recovery email is now sent.

Note: Moved patch from 16711 back here and re-tested.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit e29163af4cde7ce33060716091726e6fa2eef65e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 17085ea1cb67b8022cd912d0313fc8b3d48530da)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17610 - Allow the number of plack workers and max connections to be set in koha-conf.xml

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Bug 18999 (follow-up) - Fix failing test

Test was using methods not present in 16.11.x,
fixed by rewriting to old API.

Bug 19423: Prevent DecreaseLoanHighHolds.t to fail randomly

CanBookBeIssued returns STATS if categorycode is X

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 090b450a502340e3d03b5ee6a075cc92e647aada)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit fc4ee4aeec28c0f99e8432d4ce7748b7f628d85c)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19193: When displaying the fines of the guarantee on the guarantor account, price is not in correct format

1 - Have a patron with guarantees
2 - Charge some fines to the guarantees
3 - View the patron
4 - Fines are displayed unformatted
5 - Apply patch
6 - Refresh
7 - Fines should now be formatted correctly

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0d124e1bc322e6823c192c51effa0f3eecb2ac1f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 448c1206f82c039fa90c8ad480c384a578f39acb)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17664: Silence non-zebra warnings in t/db_dependent/Search.t

TEST PLAN
---------
0) back up database
1) drop database; create database
2) run web installer
3) prove t/db_dependent/Search.t
   -- the spammy warnings (other than zebra index warnings) may
      already be fixed, but the mocked value was not realistic.
4) apply patch
5) prove t/db_dependent/Search.t
   -- notice only zebra index warnings.
6) run qa test tools

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 5e63a3838102ee1fe8a1bc15640196ab611dbc89)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 23c8acd61590de50bcfa2779afc35fb7d5dd6488)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19345: Add missing error flag to template

Adds a missing error flag to the template->param { } call.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 078eb77451dacd6042b783edf6f89f5ab95732b5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 96143e8d9e62a0565c996d5fd071b7a9d0407019)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19398: Format date of birth in circ patron search

When searching for a patron from the circulation tab, the results table
shows the date of birth unformatted.

Test plan:
Apply this patch, search for patrons in the circ tab and confirm that
the date of birth are correctly formatted according to the dateformat
syspref

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 4edfc7900f6132c6771e4cfc820a5a3dc08d3e13)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7453b2c5d8ed7c570e683b1d71712695d0576dcf)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19386: [QA Follow-up] Remove some default values

In the meantime bug 19403 added default nulls for gonenoaddress, lost
and debarred. So these lines can be removed safely.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 12a754a703bc8f4279bb23aab09c39c0514b0a75)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 3e45ba75e95c8e9ad4d20c0043c5530bbce5f018)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19386: Prevent t/db_dependent/SIP/Patron.t to fail randomly

Depending on the values used by TestBuilder, some tests from t/db_dependent/SIP/Patron.t can fail

    #   Failed test 'Not blocked without overdues when set to 'Don't block''
    #   at t/db_dependent/SIP/Patron.t line 55.
    #          got: '0'
    #     expected: '1'

    #   Failed test 'Not blocked without overdues when set to 'confirmation''
    #   at t/db_dependent/SIP/Patron.t line 61.
    #          got: '0'
    #     expected: '1'

    #   Failed test 'Not blocked without overdues when set to 'Block''
    #   at t/db_dependent/SIP/Patron.t line 67.
    #          got: '0'
    #     expected: '1'

Caused by this check in C4::SIP::ILS::Patron->new
110     for (qw(EXPIRED CHARGES CREDITS GNA LOST DBARRED NOTES)) {
111         ($flags->{$_}) or next;
[...]
115         if ($flags->{$_}->{noissues}) {
116             foreach my $toggle (qw(charge_ok renew_ok recall_ok hold_ok inet)) {
117                 $ilspatron{$toggle} = 0;    # if we get noissues, disable everything
118             }
119         }
120     }

Test plan:
Execute several times (50x?) these tests.
Without this patch they may fail
With this patch they must never fail

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 6545cfe3f30789723b6f3c2e6e13af6e6c8e5fb9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 40c444cc2bd664babd30ca4ed70c4953cfb916d5)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16726: Do not display "You searched for:" if not needed

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9dca694b04d0f5e5e0a307e0d5243ce61fb1ef79)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1a99731640eb9e500221ffb838677f1eb7aa369d)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16726: [FOLLOW-UP] Putting text in h1

Works as outlined in test plan, search terms now appear at top as h1 as well

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit f24e339dd603e015557107048d1a678293cb2e65)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0cad7e54cd20211eb12a642ed4074b0f5b232cac)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16726: Clear text in syspref searchbox after submitting

To test:
1) Go to Admin -> search for a system preference
2) Notice your search stays in the search box (this is inconsistent with
    search behaviour across Koha)
3) Apply patch and refresh page
4) Make another search
5) Confirm search still works as expected and search terms have been
cleared from search box
6) Confirm search terms show at the top of the results

Sponsored-by: Catalyst IT
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit f10f6a19c53beb37e3ee0808ef6bb18bd88bef8a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e6fc2dfc80fad354cba1fa514b9a1c2ca75f2f3b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19392: Clean-up behind auth_values_input_www.t

The two categories created by this test script are not removed

Test plan:
without this patch, the two authorised value categories 学協会μμ and
tòmas are not removed when the script finishes.
Now it does!

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 269c21d984ef451dadcad2e803035cc1cd052825)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 354645ef3005ca41d832aea8548944f6f2366089)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18422: (QA follow-up) Check if select2 is available before using it

cataloging.js might not always be loaded with select2.js, so we should
check its availability to prevent JS errors

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 56a0aabc58a3475912894523cc92757153b967bd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1d450ad13a6bcd8f4f826bae7290a3184564badb)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18422 - Add Select2 to authority editor

Overview:
Repeat tag fails if authority field has select subfield (for example, UNIMARC 700$8, 800$a)
This patch adds Select2 to authority editor

Steps to Reproduce:
In authority editor repeat field that has select subfield

Actual Results:
Field does not repeat (copy is not created).
Console shows a js TypeError in cataloging.js: «$(...).select2 is not a function»

Expected Results:
Field will repeat (copy is created)

Additional Information:
Error happens in version 16.11+ after adding Select2 js functions. The easiest way to fix is to add Select2 to authority editor

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 2f5a319b0a9f93dde7600decae5df989b842ca58)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit de4fd901d3eef7888dfd84cbe46b2da849885430)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19307: Mock the AllowFineOverride preference to ensure expected result

To test:
 1 - Set 'AllowFineOverride' to allow
 2 - prove t/db_dependent/Circulation/NoIssuesChargeGuarantees.t
 3 - 1 test fails
 4 - Apply patch
 5 - prove t/db_dependent/Circulation/NoIssuesChargeGuarantees.t
 6 - All tests pass
 7 - Set 'AllowFineOverride' to 'Don't allow'
 8 - Tests should still pass

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1e2e1247c9bcd15514dc395be891a9a3607e5ea5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 86612541a45f6753b0ad87453a62fe8c9ba3047b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16463: Replace discharge link with error message if user has checked out items

To test:
1) Ensure the useDischarge syspref is enabled
2) Check out an item to a borrower
3) Log in to the OPAC as this borrower
4) Click the 'ask for a discharge' link in the nav
5) Click the 'Ask for a discharge' link
6) Notice you cannot be discharged because you have checkouts
7) Apply the patch, click the 'ask for a discharge' link in the nav
8) Notice the link has been replaced with an appropriate error message
9) Attempt to force the discharge URL:
/cgi-bin/koha/opac-discharge?op=request
10) Notice the message and you cannot be discharged.
11) Confirm that when you check in your item, the discharge link shows
again and works as expected.

Sponsored-by: Catalyst IT
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 89528af3b089b2d17e3e7b212ea5608478f0ca84)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4ea7a76d2666405ba66a085f4ff1a550c8d7ae6e)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19195: Do not explicitely force scalar context when unecessary

These ones are already called in scalar context

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 8088e3a3379fb8708226cabeadc190f7310d93f4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit bf637d2dae9a2bfe6cec04ca544b75548498f5bd)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19195: Preventing noisy warns when creating or editing a basket

To test:
1) Open the koha intranet error log
2) Go to Acquisitions -> Find or create a vendor
3) Create a new basket, filling all fields
4) Notice warns in error log
5) Edit this basket
6) Notice warns in error log
7) Apply patch
8) Create another basket, confirm warns do not show
9) Edit this basket, confirm warns do not show

Sponsored-by: Catalyst IT
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit e98c178c081d4bb5673e6b04bf817b9c452cba8c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 43279f48e1ad3ebb57d08dd5ec91773f8de2e476)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18999: (17.05.x followup) Koha::Acquisition::Order is not an object yet

(cherry picked from commit 1644708857ea3d3de6683bcf8e1300febc977384)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18999: (QA followup) ModReceiveOrder expects a hashref

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 2b343df13e6d154296cf968cb709aa910c58f336)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 388ced2e7472ccde5e8f3764d37d0d6c18480e34)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18999: Modified SQL query in GetBudgetSpent() in C4/Budgets.pm

Removed the SQL select condition 'AND closedate IS NOT NULL' because
this was not returning shippingcost values and it does not exist in the
SQL query to return the shipping cost in spent.pl

Also removed the retrieval of shipping cost and the associated addition
of item(s) cost and shipping cost in GetBudgetOrdered() in C4/Budgets.pm
to prevent the shipping costs being subtracted off the fund total twice

Test plan:
1. Go to Acquisition and create a currency, budget (make this value of
100), fund ( make this the value of 50), vendor (if
neccessary)

2. Create a basket and click 'Add to basket'

3. Add 2 items with the vendor price of 10

4. Click 'Receive shipment' and write in the shipment cost of 6

5. Click 'Finish receiving' and go back to Acquisitions

6. Notice the spent column value is 0.00 but if you click on the value then
the spent.pl page is displayed and shows that the shipment cost was 6.00

7. On the acquisition page also notice that the ordered column value is 26.00

8. Click on the name of the fund and notice the spent column value is
0.00 in the fund page table

9. Apply patch

10. Refresh acquisition page and notice that 6.00 is the value in the
Spent column and 20.00 is the value in the ordered column. Both of which
match the subtotal of the full-list tables displayed when you click on these
values

11. Also notice the spent value in the fund page table is 6.00

12 Observe the changes to GetBudgetSpent() and GetBudgetOrdered() C4/Budgets.pm and check they make sense

Sponsored-by: Catalyst IT
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit caef98c7f64e02bba996c4da4f862bb55a86171a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 19b3041fb8bee95c320a909afd45f57b707ff2c2)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18999: (QA followup) Minor fixes for tests

Removed unneccessary declaration of $budget and changed
Koha::Acquisition::Order->new->insert into
Koha::Acquisition::Order->new->store as requested in tester feedback

Test plan:
1. Go into your koha-shell

2. set the PERL5LIB variable

3. Run t/db_dependent/Budgets.t

All tests should pass

Sponsored-by: Catalyst IT
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 90c5391b349a339b3f1fea1ebfeb044cfa76c8a6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 8250e0f69a069ae2a43f52135e0a6d4daf259dfc)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18999: Add regression tests

Added regression test for GetBudgetSpent() and GetBudgetOrdered() into
the t/db_dependent/Budgets.t

Test plan:
1. Go into your koha-shell

2. set the PERL5LIB variable

3. Run t/db_dependent/Budgets.t

All tests should pass

Sponsored-by: Catalyst IT
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 776692f31167f32c1621168249a9ebfea2accc96)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 2df9a4c0e0793065ce6787d683a68bef72075ff6)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19135: Restore AllowHoldsOnPatronsPossessions behaviour

Bug caused by
  commit bc39f0392bbebaad4c083f81308f652a325be042
  Bug 14695 - Add ability to place multiple item holds on a given record per patron

Test Plan:
1) Set AllowHoldsOnPatronsPossessions to "Don't"
2) Check out an item to a patron
3) Place a hold on that item for the same patron
4) Note you are allowed to with no alert
5) Delete the hold
6) Apply this patch
7) Place a hold on that item for the same patron
8) Note you recieve an alert now

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 46ff8df19544e3e7c16a4e3f21b3b14bc043dd88)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4d22af870d1051d963cab31169a7f536864e56b0)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19415: FindDuplicateAuthority is searching on biblioserver since 16.05

Commit b4392018bc1f9bf6a2f7dfe70b488856ad3a3897 [Bug 12478: make things using SimpleSearch use the new version] changed sub FindDuplicateAuthority and replaced this call (from 3.22.x) in 16.05 (pushed April 2016):
    my ($error, $results, $total_hits) = C4::Search::SimpleSearch( $query, 0, 1, [ "authorityserver" ] );

The new call does unfortunately not include the authorityserver:
    my ($error, $results, $total_hits) = $searcher->simple_search_compat( $query, 0, 1 );
Simple_search_compat redirects to C4/Search/SimpleSearch and SimpleSearch assumes a biblioserver if no server is passed.

This effectively makes FindDuplicateAuthority useless since we will no longer find duplicates and we could see an error like this in the log:
    16:51:42-04/10 zebrasrv(51) [request] Search biblios ERROR 114 1 1+0 RPN @attrset Bib-1 @and @attr 1=authtype PERSO_NAME @attr 1=Heading Moerenhout

The fix is obviously trivial.

Test plan:
[1] Go to Authorities.
[2] Add a new authority PERSO_NAME with 100a Moerenhout.
[3] Repeat step 2. Verify that you get the duplicate authority warning.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 56500e8e676782155c5717e8db9786af394252d8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 2ffe76350ee6373dc27ba8ac098a468875c2f4fb)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 15173: Restore SubfieldsToAllowForRestrictedEditing

Bug 7673 introduced SubfieldsToAllowForRestrictedEditing but bug 12176
broke it assuming that only selects were impacted by this feature.

Test plan:
Go back on bug 7673 and confirm that
SubfieldsToAllowForRestrictedEditing is working as expected with this
patch applied.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
For clarification, the item fields that are entered in
SubfieldsToAllowForRestrictedEditing should EXCLUDE the desired
fields you want to disable.

Test plan (updated to test the scenario in the bug Description):
1. Create a patron with only the following permissions:
    - catalogue (Required for staff login)
    - editcatalogue -> edit_catalogue
    - editcatalogue -> edit_items
    - editcatalogue -> edit_items_restricted
2. Navigate to Administration -> Global system preferences -> Cataloging
    -> Record Structure -> SubfieldsToAllowForRestrictedEditing
3. In the input field for SubfieldsToAllowForRestrictedEditing enter in
    all the 952 fields EXCEPT the ones desired to be disabled. In this
    case, we want to disallow editing of 952$2, 952$a, 952$b, 952$e, 952$h,
    and 952$o so we enter the following into the
    SubfieldsToAllowForRestrictedEditing (without quotes) "952$0 952$1
    952$3 952$4 952$5 952$7 952$8 952$c 952$d 952$f 952$g 952$i 952$j
    952$p 952$t 952$u 952$v 952$w 952$x 952$y 952$z"
4. Click Save all Cataloging preferences
5. Login to the staff client as the created restricted editing patron
6. Edit an item
7. Note that all fields except for the ones excluded from the syspref
    are editable

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit c84d03c582976cb590c62b25d59505b982a71d97)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b7140dcd50a69396856cd5f66d9fcd74c579407d)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16204: Show friendly error message if trying to edit record which no longer exists

To test:
1) Create a record
2) Click Edit -> Edit record. open this in another tab
3) Delete the record in the original tab
4) Refresh the edit form in the other tab. Notice the software error
5) Apply patch and refresh page
6) There should be a nice error message with the form fields and buttons
hidden. Confirm links work as expected.

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 17c5b76597b9a356bc215a3682d7293e307fcc46)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1766d21389a104948aba639921d987674cba3d6b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 15644 - City dropdown default selection when modifying a patron matches only on city

This patch modifies the include files which contain the form fields for
city, state, zipcode, etc. shown on the patron entry screen. The files
are modified so that the city/state/zip <select> preselects a value
based on city, state, and zipcode matching the values in the
corresponding text fields.

To test, confirm that the bug's steps to reproduce are fixed:

- Enter two cities via Administration -> Patrons and circulation
  -> Cities and towns:
    Springfield, MA 01101
    Springfield, VT 05156
- Edit a patron choosing, Springfield VT, and save.
- Edit the patron again and confirm that the correct city is
  pre-selected.
- Confirm this result with all three different settings of the
  "AddressFormat" system preference.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 83704cb1fab33feb0262fdab99bccf0052243d14)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 8cd8df19480a3765e54c3dcfb4948b097e7ea5ad)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18742: (QA followup) Fix indentation

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0ae70349809d51552e4297625db1382aa4e26dc5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b3884ec092cd80268fa2f484ab95984d434f1c78)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18742: Circulation statistics wizard no longer exports the total row

To test:
- Run the circulation wizard
- Export to csv
- Note there is no total row
- Apply patch
- Export to csv
- Total row totally there!

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ff22cb46a5f6a1f75422c2a90e1f80ccb05c30b9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 30811a653eb2f5e6ab089094bbb9936756aa9a16)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19337: Make basic_workflow.t configurable through ENV

This patch makes the basic_workflow.t selenium tests read ENV for the
following vars:

KOHA_USER
KOHA_PASS
KOHA_INTRANET_URL
SELENIUM_ADDR
SELENIUM_PORT

to properly configure the running environment. If absent, all variables
fallback to current behaviour:

KOHA_USER // 'koha'
KOHA_PASS // 'koha'
KOHA_INTRANET_URL (unchanged)
SELENIUM_ADDR // 'localhost'
SELENIUM_PORT // 4444

[*] Selenium defaults are documented on the Selenium::Remote::Driver docs.

Prerequisites:
Make sure you have a working environment for the Selenium tests:
- Run:
  $ sudo apt update
  $ sudo apt install xvfb firefox-esr

To test:
- Run:
  $ sudo koha-shell kohadev
 k$ cd kohaclone
 k$ wget https://selenium-release.storage.googleapis.com/2.53/selenium-server-standalone-2.53.1.jar \
     -O /tmp/selenium.jar
 k$ SELENIUM_PATH=/tmp/selenium.jar
 k$ Xvfb :1 -screen 0 1024x768x24 2>&1 >/dev/null &
 k$ DISPLAY=:1 java -jar $SELENIUM_PATH &
 k$ prove t/db_dependent/selenium/basic_workflow.t
=> SUCCESS: Tests pass
- Apply this patch
- Run:
 k$ prove t/db_dependent/selenium/basic_workflow.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 5bb19808bb23a01a257a0970bd7e2ae43fb5b3d6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f2b53042bd94ae4427ad08f5c55944974458ded4)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18584 - removed white space in C4/Accounts.pm

Test Plan:
    1-go to C4/Accounts.pm
    2-there should not be a trailing space at line 279.

Signed-off-by: Dominic Pichette <dominic@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 5400795a6651adc021801052fa0186747983b587)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d3f3512d3f480e3a7a36c3917e6748fef825d34f)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 12346: Display the correct number of pending patron modifications on the patron module home page

Due to the way members-home.pl handles the variable $branch, the number
of patron modifications listed on members-home.pl may differ from the
number listed on mainpage.pl. When the librarian clicks this link, he or
she may see a different number than was listed, or none at all!

Test Plan:
0) Set IndependentBranchesPatronModifications = Yes
1) Create a number of modification request for BranchA
2) Log into the staff intranet with a patron without superlibrarian
permissions and set your branch to BranchB
3) Note the modifications alert to does not display on mainpage.pl
4) Click the "Patrons" link to take you to members-home.pl
5) Note the modifictions alert does display on this page
6) Apply this patch
7) Reload members-home.pl, note the alert no longer displays

QA notes: What was the point of the branch variable?

Followed test plan, patch worked as described. Also passed QA test tool
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 4efe251f353cb9eddd302b6214e1f4392620b395)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4f2dede23fe09d68f94276d8e26b58091c590c9e)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18801: DBRev 16.11.13.001

Bug 18801: [Follow-up] Dbrev to repair bad auth type codes

Test plan
Run updatedatabase.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit aa03981e79a10bd5a032f13533d93f0b87bd37f7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ed45e76bf928a5c929525b8f2795524ada217a1e)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18801 - Merging authorities has an invalid 'Default' type in the merge framework selector

To test:
1 - Find two authorities and start a merge
2 - Leave the dropdown at 'Default'
3 - Merge records and note you get an error and can no longer view the
new record
4 - Check DB value of record authtypecode = 'Default'
5 - Apply patch
6 - Find two other authorities
7 - Merge leaving selector at default
8 - Success
9 - Check DB value of record authtypecode = ''

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit c1112236f908626b273f7dc950807ce2e085db2d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c7b47b3dfa689e8b746d188c648ad257feb678b6)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19262: Remove xt/author/pod_spell.t

If you run `prove xt/author/pod_spell.t` without having Test::Spelling installed, it will skip the tests.

If you install the lib-test-spelling-perl, the test will fail:
xt/author/pod_spell.t .. You said to run 0 tests at xt/author/pod_spell.t line 21.
xt/author/pod_spell.t .. Dubious, test returned 25 (wstat 6400, 0x1900)
No subtests run

This is because the call to all_pod_files_spelling_ok is expecting a path

If we try to fix it with adding "." as parameter, the tests will raise tone of errors.

Let's remove this file

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 35e3de845c591958d66c6602940453f2a803a7ee)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d8e09eaec4b7bcbeb66a4e33fbe1adb2fc976fcf)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Add release notes for Koha 16.11.13

Merge remote-tracking branch 'transl/16.11.13-translate-20171022' into 16.11.x

Translation updates for Koha 16.11.13

Increment version for 16.11.13 release

Bug 19117: Add CSRF protection to paycollect.pl

Security bug, trivial changes, no need to provide procedure for script
kiddies.

Test plan:
Pay fines using the different options from the "Pay fines" tab.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19333: Fix XSS in opac-shelves

category is send back to the template, it must be escaped

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18956: Fix empty to in message queue

Follow the test plan in comment #20.
Also tweaked string, because it was really 'or' before too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended text in added comment.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18956: [QA Follow-up] Resolve a CGI::Param in list context warn

From the plack-error.log:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_masterclone_opac_opac_2dpassword_2drecovery_2epl line 129, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 18956: Prevent leaking during password recovery

TEST PLAN
---------

It is assumed you have set the OpacResetPassword to 'allowed',
and likely in combination with OpacPasswordChange to 'Allowed'.

You will have two patrons: one with and another without
any email address entered. You will want to test this test plan
with both patrons.

$ git checkout -b bug_18956 origin/master

Prepend the following as understood between step sections:
opac -> forgot password and then enter...

correct login/cardnumber, it will email
delete from borrower_password_recovery;

correct email, it will email
delete from borrower_password_recovery;

correct login/cardnumber && correct email, it will email
delete from borrower_password_recovery;

wrong login/cardnumber && correct email, error page as expected
delete from borrower_password_recovery;

correct login/cardnumber && wrong email, error page as expected
delete from borrower_password_recovery;

wrong login/cardnumber && wrong email, error page as expected
delete from borrower_password_recovery;

submit empty -- INTERNAL SERVER ERROR?!
delete from borrower_password_recovery;

-- None of the above step sections displayed email.

correct login/cardnumber, it will email

correct login/cardnumber again, but it leaks email address!
delete from borrower_password_recovery;

correct email, it will email

correct email again, but it leaks login/cardnumber!
delete from borrower_password_recovery;

$ git bz apply 18956
-- choose interactive, and choose this counter patch.

repeat the same test set again
-- no leaks will occur, error message pages returned should
   be reasonable, code should read reasonably.

run koha qa test tools.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19372: (bug 15801 follow-up) pass selected frameworkcode to the template

Bug 15801 removes the 2 lines that were necessary to retrieve the
framework selected by the user and pass it to the template.
All bibliographic records created when adding an order to the basket
using an external source used the default framework.

Test plan:
Add an order to a basket from an external source
Select another framework than the default one
=> Without this patch, whatever the framework you picked, the default
one is used
=> With this patch applied the framework code you will pick will be used

Signed-off-by: Marijana Glavica <mglavica@ffzg.hr>
Signed-off-by: Marijana Glavica <mglavica@ffzg.hr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 60a17c1b2b8582620fc94ab9eadd7e8336a5d1fa)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 13f9359dc3da8be011370327b20d9cd4f05ee490)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19366: Do not block patron's detail update if EmailMustBeUnique

If the pref PatronSelfRegistrationEmailMustBeUnique is set ("consider"),
a patron is not allowed to register with an existing email address.
The existing code is wrong and reject a patron that is updating their
personal details with "This email address already exists in our
database.", even if the patron did not modify their email address.

This is caused by the query we made, we must search for patron with this
email address but who is not the current patron.

Test plan:
- Set PatronSelfRegistrationEmailMustBeUnique to "consider"
- Register a new patron with an existing email address
=> you should not be allowed
- Use a non-existent email address
=> You should be allowed
- Edit your patron details
- Modify some infos
=> Should pass
- Modify your email address with an existing one
=> You should not be allowed to do that

Followed test plan, patches worked as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ae02cf97e469a17d3bdc9d5c7db702960fd620c8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e23822b869ea66f63ce6c6027e418c79e3c7ba04)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19323: subscription edit permission issue

If a librarian has edit_subscription but not create_subscription :
When trying to edit a subscription, after saving permission is denied.

This is because permissions in serials/subscription-add.pl depends on arg 'op' and on edit this arg starts with 'modify' but changes to 'modsubscription' when saving.

Test plan :
- Create a user with staff access
- Define its permissions on serials : only edit_subscription
- Edit a subscription
- Click 'Next'
- Click 'Test prediction pattern'
- Click 'Save subscription'
=> Without patch you get to page serials/subscription-add.pl with permission denied
=> With patch subscription is saved and you get to subscription details page

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 12bd6358cfe6c9348cb111d22f04097f7911babf)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit fe386c172496159198b34383c3080185de7ae0af)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19120: Leave cancelled ordered items alone when reopening basket

TEST PLAN
---------
1) Apply first patch
2) prove t/db_dependent/Acquisition/close_reopen_basket.t
   -- FAILS
3) Apply this patch
4) prove t/db_dependent/Acquisition/close_reopen_basket.t
   -- SUCCESS!
5) run koha qa test tools

Followed test plan, patch worked as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 632e2ad51d2510a412224ded5e51a9f991d566b4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 47223f0cad47913c15f4c9dacfbc0ed4682a8e2d)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19120: Add tests to reproduce the problem

TEST PLAN
---------
1) apply this patch
2) prove t/db_dependent/Acquisition/close_reopen_basket.t
   -- FAILS!
   -- This proves the test works.
3) run koha qa test tools

Followed test plan, patch worked as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d34fae94995977b730e4bbfc11bdecaa3ce310a8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1b8e2f600a51047191fca14bdaa19bca612887c9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19418: (bug 12833 follow-up) Add missing use statement

Patron search fail on calling svc/members/search. This script
return a 500 error and the search stay on "Processing..."

Test plan:
  - Enable ExtendedPatronAttributes system preference,
  - make a standard search (search fields),
  - check the search works and it doesn't stick on "Processing..."

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I do not recreate the issue, but the change make sense and the issue has
been raised by several people

(cherry picked from commit 9c208a44313ed1f4bd12f8c9d3b45c5f2d386c5b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 2d04c80b37cb2f37f9709b8bcfc6b9a4e4eaaae9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19350: Add tests

(cherry picked from commit a2cc68e8b7a33dd7983c2125e32ba269777b8ace)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4ba051fd6eb54bbc3abf94d8f60b5543009cb32c)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19350 - Holds without link in 773 trigger SQL::Abstract::puke

Test:
1. find bibio without items which has something in field 773
   (for us, it's article) but doesn't have 0 or 9 (host item entry)
2. click on hold in left menu
3. verify application error
4. apply patch and verify that it works

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
(cherry picked from commit 5c873a408f40fd1660d0b09c6de8c1ca2e252d11)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit a2fd973b644c9956ce7c35bdc2fcdb7b0e71e45e)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19440: Existing calls need to be done in scalar context

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit fed86d50420dcb3fb468c5743a1e370d075bc5e0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c4112a744f38f2ae78db1828c20d98d512d6efb9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19440: Identify overlimit problems in XISBN tests

This patch makes C4::XISBN::get_xisbns() return an errors hashref
including information of the failing fetches from xisbn services.

It tackles the situation of XISBN, which in some cases returns 'overlimit'
errors.

The patch makes the relevant functions check if the response->{stat} string
is 'ok' and returns the string in $errors otherwise.

This only happens when in list context. This allows to fix the randomly failing
tests while keeping the current behaviour.

All this code should be rewritten. It does the job bug doesn't have problems handling
or reoprting. This is just a band aid.

To test:
- Make sure
 k$ prove t/db_dependent/XISBN.t
=> SUCCESS :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit e90874241808354777cc1c27ad3ad106ffdc7cd4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit aaf0d3dc474def89ffbb69548ebaf830109143b0)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19165 - When adding from a staged file order discounts are not passed into C4::Acquisitions::populate_order_with_prices

Signed-off-by: Your Name <david.bourgault@inlibro.com>

Bug 18996: (followup) Fix tests count [16.11.x]

This patch fixes a wrong tests count introduced on merging.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Bug 18351: Able to delete budget with funds

To test:
1) Create a budget, add a fund
2) Delete budget. Notice this is successful and triggers no warning
message etc.
3) Go to Funds. Notice the funds appear as if they are not there
4) Go into mysql and view the aqbudgetperiods table - notice the funds
are still there and are now inaccessible.
5) Apply patch
6) Create a budget, add a fund
7) Attempt to delete budget. Notice you can't click Delete button.
Confirm number of funds in hover message is correct.
8) Delete fund
9) Confirm you can now delete budget.

Sponsored-by: Catalyst IT
Signed-off-by: Felix Hemme <felix.hemme@thulb.uni-jena.de>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Some code fixes

See Comment 5. Ready to test.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Code fix

See comment 10.
Ready for testing.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Prevent deletion from forcing URL

This patch adds a check in the script for existing funds so that the
budget cannot be deleted when forcing the URL and has other small fixes.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Prevent deletion if funds are added after clicking 'Delete' and before confirming delete

Followed test plan and patch works as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0ed469525fe16e36663c1f5266568beb5e27672d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 2a9dc2e595d916e4fb94948871f665df06b7088b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19257: Prevent warn when reopening a basket

To test:
1) Go to Acquisitions, find a vendor and a basket (create if you don't
have either)
2) Close the basket
3) View the basket and reopen it
4) Notice the warn
5) Apply the patch and repeat steps 1-3
6) Notice the warn no longer shows and the basket is reopened as
expected

Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 6ed1513e5fe91772c1720963006bf8f04452416d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f1677e56ecf1ea5f0ce2a408f1f11e931639e1d5)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19228: Trigger confirm delete when removing item from course

To test:
1) Enable UseCourseReserves syspref
2) Go to Course Reserves
3) Add a new course if you don't already have one
4) Add an item to the course
5) Click 'remove' to delete the item from the course
6) Notice the item deletes straight away with no confirmation prompt
7) Apply the patch
8) Repeat steps 4 and 5
9) Confirm the confirmation box pops up and works as expected

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7aef2f3298b0348c2a3994e344e32e5bc41f1f07)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 870f562e58c8327565b52d3b10f5a8ed2a000706)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19229: Return to course when cancelling out of edit form

To test:
1) Ensure UseCourseReserves is enabled
2) Go to Course Reserves, create a course
3) Edit course
4) Click Cancel
5) Notice you are returned to the courses home page rather than returned
to the course
6) Apply patch
7) Go to edit course and click cancel again
8) Confirm you are returned to the course and that this feels like the
natural expectation.

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit f55af2fc078a7d6a05238232bc276e6924307179)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ae405f61c8d4c04361267b500347a496a2ce7d58)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17834: Make translation easier

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0c6538f033f43cde33d186561a93a197467bd9a1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 11b73c1fa06c870a62640ffa8fd8f8610df5df18)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17834: Change library news text for single-branch libraries

To test:
1) Log into OPAC, go to home page
2) Confirm that the text shows as 'RSS feed for (branchname) library
news' if single-branch library
3) Confirm text shows as normal for libraries with more than one branch

Sponsored-by: Catalyst IT
Signed-off-by: maricris <mlabancia@gmail.com>
Signed-off-by: anafe <anafeazuela@yahoo.com>
Signed-off-by: iflora <iflora@unimas.my>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1417f83e8b8a57e70e9120244a36204cf4acb3c2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e25bb0548d4ee69b9d79567a626fe91487386b71)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19081: Do not list plugins that have been uninstalled

Under plack, can_load should not check if a package is in cache, but
reload it. Otherwise plugins that have been uninstalled will still get
listed.
The error raised by can_load must only be displayed if the plugin has
been removed.

Test plan:
1/ Upload a plugin
2/ Note the plugin is listed as installed
3/ Modify the package of the plugin to add a compilation error (use
'Foo' for instance)
4/ Reload the page
5/ The plugin is not listed and a warning appear in the logs
6/ Remove the compilation error and uninstall the plugin
7/ The plugin is no longer listed and no warning appear in the logs

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 19081: Remove useless $plugin_file variable

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d928038a523b7ef44257ddfe97c405173c9b3b2e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 53c84ea289e73fa2f56711dd8dd8e7ebac591ae7)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 19343: [16.11.X] Remove private lists with edit permission from search results

If the list is not shared, it should not be listed. We only need to remove
the allow_add line.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Bug 19343: [16.11.X] Add tests