Follow up for Bug 3326: previous fix broke searches when
This fix ensures that searches will still work when -x is not used when
reindexing Zebra.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Magnus Enger <magnus@bibkat.no> Signed-off-by: Jane Wagner <jwagner@ptfs.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Bug 3595 (partial): Items seen at checkin are not filling holds well
In Liz's second comment on this bug, she points out that local-only
holds (and also no-holds) items are being used to fill the first hold
in the queue, no matter where located, transitting if necessary. If
all the items on a biblio are set to no-holds types, this problem
would never arise, as no holds could be *placed*. But if you have
one or more unlimitedor local-hold items, then holds are getting
filled by the first item to cross a scanner, no matter what.
This patch will check during C4::Reserves::CheckReserves to make sure
that the hold being handed back to AddReturn is actually fillable by
the item just scanned. One caveat: If CircControl is set to "the library
you are logged in at", this will cause items checked in at
other-than-their-home-library to fill local holds at the library where
scanned. This is, however, an edge case!
Signed-off-by: Liz Rea <lrea@nekls.org> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Bug 3326: Work around Zebra's handling of & entities
When using XSLT mode, the OPAC results display will show "&" instead of "&"
when Zebra is indexing in XML mode. This patch works around this by replacing
"&" with "&" and then extends the previous fix to apply to all occurrences
of "& " instead of just the first.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Stéphane Delaune [Mon, 14 Mar 2011 06:13:03 +0000 (07:13 +0100)]
Bug 5750: (MT #4095) add exact matching filter for categorycode and branchcode fields in search members's result
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
No searching borrowers by categorycode or branchcode will only bring up
exact matches. Before searches for Staff (S) would also bring up
Students and Schools (SC, ST). Same for branchcodes. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Owen Leonard [Tue, 15 Mar 2011 02:08:57 +0000 (21:08 -0500)]
Fix for Bug 3659, Add place hold option from patron checkout tab
Adds a button on patron-related pages, "Search to hold"
Clicking search to hold sets a cookie with the patron's
borrowernumber and sends the user to the search page.
On subsequent search results pages the user will have
the option to place holds specifically for the remembered
patron. This works on the search results page (single
and multiple hold) and on the detail page.
The saved cookie will time out after 10 minutes or
be erased when a new patron is loaded by circulation.pl
New jQuery plugin added: jquery.cookie.min.js
Revision fixes some markup and corrects an error that would lead
to the hold being initiated for the remembered patron when this
was not intended.
Signed-off-by: Liz Rea <lrea@nekls.org> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Janusz Kaczmarek [Mon, 14 Mar 2011 06:21:47 +0000 (07:21 +0100)]
Bug 5819 : No toolbar in record view when quotes present in title - fix
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Was able to reproduce problem by surrounding 245$a with "".
Patch fixed the problem. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This is a followup :
When editing a budget, the check for the total allocation would take into account the budget itself.
Showing an improper error message
The problem was solved when adding a child budget but not when editing the same budget.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Jane Wagner [Sat, 12 Mar 2011 19:35:50 +0000 (14:35 -0500)]
Bug 5810 revision to fix author search link
Signed-off-by: Jane Wagner <jwagner@ptfs.com> Signed-off-by: Jared Camins-Esakov <jcamins@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This patch adds the syspref TraceCompleteSubfields. When TraceCompleteSubfields
is set to "force," clicking on links in non-authority controlled subject
tracings will only find other records where the entire subfields match. Leaving
it at "don't force" keeps the current behavior of doing a keyword search of the
subject indexes.
This patch implements complete-subfield subject tracings in MARC21 XSLTs (OPAC
and Staff) and all Normal mode interfaces. UNIMARC XSLTs have not been updated.
This patch also adds the syspref UseAuthoritiesForTracings. When set to "Do not"
tracings in the XSLT detail displays will never generate links using authority
numbers, but rather use the heading strings (NB: the tracings currently use only
subfield 'a' for generating links).
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Jane Wagner <jwagner@ptfs.com> Signed-off-by: Jared Camins-Esakov <jcamins@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Frédéric Demians [Thu, 10 Mar 2011 17:29:11 +0000 (11:29 -0600)]
Bug 4072 Lost items aren't hidden on OPAC result page
When hidelostitems system preference is enabled, lost items are hidden on OPAC
detail page but are shown on result page. This patch modify MARC21/UNIMARC XSL
in order to take into account hidelostitems syspref on OPAC result page.
Signed-off-by: Liz Rea <lrea@nekls.org> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Bug 5595: (MT #5757)adding additional attributes support on patrons's search
Restores ability to search on extended borrower attributes that are configured to be searchable
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com> Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Colin Campbell [Tue, 8 Mar 2011 02:41:13 +0000 (21:41 -0500)]
bug_5064 Rework data retrieval in booksellers.pl
loops were slightly illogical and db accesss was excessive
and repetitive. caused it not to scale well on large datasets
Routines in Acquisition.pm seem to have inconsistent views
of the data.
rework logic to utilize db and processing better
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Colin Campbell [Tue, 8 Mar 2011 02:30:25 +0000 (21:30 -0500)]
Bug5063: C4::Bookseller Changes
Merge unfao changes to C4::Bookseller
Enable warnings in Bookseller.pm
Some cleanups in Bookseller code
Do not export everything by default
Display vendors more rationally
Was displaying by id make it name as the searchstring is for all
embedded substrings
Have removed "if mysql" logic as we want to deal with this by
abstracting the DB interaction and it makes cleaner code until then
Sponsered by UN FAO, Rome
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Bug 3013 - Value builder for 006 and 008 need choices for all format types
Modification of the intranet cataloguing plugin for 006/008 fields to allow
select a type of material and change the positions available to enter the data.
Data are hard stored in xml files to allow easy translation and processing through
Javascript and JQuery-AJAX.
Bug 3013 - Fix selection of combo and trailing whitespace
Bug 3013 - Fix selection of combo
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Galen Charlton [Thu, 3 Mar 2011 21:54:02 +0000 (16:54 -0500)]
bug 5783: follow-up system preferences tweaks
* add the AuthoritiesLog system preference to all
language installer SQL scripts
* options for a 'YesNo' should be '', not '0'
* fix wording glitch on preferences page
Signed-off-by: Galen Charlton <gmcharlt@gmail.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Galen Charlton [Thu, 3 Mar 2011 19:52:46 +0000 (14:52 -0500)]
bug 2975: fix calculation of due dates by offline circ
Offline circ no longer tries to calculate the due date
directly, instead relying on the AddIssue and AddRenewal
APIs to do so. This corrects a bug where the due date
would be calculated incorrectly if the item-level_itypes
system preference is turned on.
This change also has the effect of causing the issue date
for loans uploaded via offline circulation to be set
to the time stamp recorded by the offline circulation client.
Test plan:
* Turn on item-level_itypes
* Create an example item whose loan policy per
the item's item type would be different from
the default policy based on the bib-level type.
* Create a test KOC file with a loan of the test
item and the checkout date artificially set
to yesterday.
* Upload the file:
- Before the fix, the due date would be set
to the default due date. Also, the issue date
will be set to the date of the upload.
- After the fix, the due date would be calculated
correctly based on the item's item type. Also,
the issue date will be set to the date recorded
by the offline circulation client.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Ian Walls [Thu, 3 Mar 2011 23:13:26 +0000 (18:13 -0500)]
Bug 5824: Creating a circ rule for a specific library causes anomalies
The variable name for the current branch being edited was the same as the variable used in
cat-search.inc, which passed along the circ-rule library to circulation.pl, and then overriding
the set library from there.
This patch renames the template variable 'current_branch', so that it does not populate the 'branch'
param in cat-search.inc
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Frédéric Demians [Sun, 27 Feb 2011 09:20:33 +0000 (04:20 -0500)]
Bug 4103 In Pro Adv Search, superlibrarian search always all libraries
Now, when 'independantbranches' syspref is activated, 'Individual Libraries'
combo list is set by default to the current user branch. It shouldn't be the
case for superlibrarian user who is supposed to manage all libraries.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Marcel de Rooy [Sun, 27 Feb 2011 08:49:50 +0000 (03:49 -0500)]
Bug 5642: Item field serial enumeration (enumchron) should be longer
Field enumchron in items table is now varchar(80).
We have records that need a much longer field, even up to 400 or 500 chars.
I suggest to change its type to TEXT (variable length with max 64K; tinytext
goes up to 255 chars and is just too short).
Mediumtext or longtext are not needed; as a side note these types are used in
the items table for e.g. booksellerid and more_subfields_xml..
Revised original patch thanks to Ian Walls: update kohatructure.sql. Copied the change in deleteditems as well.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Bug 5811: Add sysprefs to control overriding fines
This patch adds two sysprefs to allow libraries more fine-grained control over
when fines can and can't be overridden. The two sysprefs are:
* AllFinesNeedOverride - when this syspref is set to "Require" (default) any
fine will require a staffmember to override the fine in order to check out a
book. When set to "Don't require," fines below noissuescharge will not need
any override.
* AllowFineOverride - when this syspref is set to "Allow," staff will be able to
override fines that are above noissuescharge. When set to "Don't allow"
(default), staff will not be able to check out items to patrons with fines
greater than noissuescharge.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Ian Walls [Sat, 19 Feb 2011 10:38:32 +0000 (05:38 -0500)]
Bug 3319 Followup: Fix compatibility with fix for bug 4945
The fix for 3319 overwrote the @branchloop variable with output from GetBranchesLoop,
which forces a selected branch. Removing the extra call, and just measuring the size of
@branchloop as it was build, plus some dereferencing, fixes the issue.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This patch fixes the bug that caused 780s in the staff client details XSLT to
display in progressively smaller fonts. This also corrects the semantics of the
780 ind1.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Bug 5805: Having items in-transit can cause derangement of the hold list
If you have a list of holds on a biblio, and one or more are in-transit, then the
array that is fed to modrequest.pl is not fully-populated, lacking the branch on the
in-transit rows. If you then attempt to edit one of the remaining holds' pickup
location, it doesn't modify the one you expect, but ones *above* that. Also, holds
at the bottom of the list get the first pickup library in the list, since they are
getting undef passed in.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Security Bugfix: Bug 1953 Adding Placeholders to SQL To Avoid Potential Injection Attacks
This patch addresses both security issues mentioned in the summary of the report
submitted by Frère Sébastien Marie included below.
---------------------------
The problem is here: 'C4/AuthoritiesMarc.pm' in the function 'DelAuthority':
The argument $authid is included directly (not via statement) in the SQL.
For the exploit of this problem, you can use 'authorities/authorities-home.pl'
with authid on the URL and op=delete (something like
"authorities/authorities-home.pl?op=delete&authid=xxx").
This should successfully call DelAuthority, without authentification...
(DelAuthority is call BEFORE get_template_and_user, so before authentification
[This should be an issue also...]).
Please note that the problem isn't only that anyone can delete an authority of
this choose, it is more general: with "authid=1%20or%1=1" (after inclusion sql
will be like: "delete from auth_header where authid=1 or 1=1") you delete all
authorities ; with "authid=1;delete%20from%xxx" it is "delete from auth_header
where authid=1;delete from xxx" and so delete what you want...
SQL-INJECTION is very permissive: you can redirect the output in a file (with
some MySQL function), so write thea file of you choose in the server, in order
to create a backdoor, and compromise the server.
Signed-off-by: Frère Sébastien Marie <semarie-koha@latrappe.fr> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>