Bug 17933 - Internal software error when searching patron without birth date
When patrons don't have date of birth (which is not required) patron
search results on moremember page produce internal server error since we
can't convert MySQL invalid date 0000-00-00 to datetime object and
call strfdate on it.
Additionally, since we assign dates to template variables and after
than assign whole $data hash to template, later assigment overrides
previous one, so we see birth date field even for patrons which don't
have one.
This patch fixes both of those problems.
Test:
1. edit patron and remove it's birth date
2. try to search for it, and verify server error
3. apply patch
4. repeat search for patron and verify that it works and doesn't
have enpty birth date field
Signed-off-by: Grace McKenzie <grace.mcky@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Josef Moravec [Wed, 15 Feb 2017 06:52:32 +0000 (06:52 +0000)]
Bug 18119: Fix comment in cataloguing.js
Test plan:
Go to cataloging, and try something which depends on javascript -
collapse/uncollapse fields, open authority search window, ...
-> without patch it is not working
-> with patch it is working correctly
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Oleg Vasylenko [Tue, 24 Jan 2017 15:58:39 +0000 (17:58 +0200)]
Bug 17780 - When choose an author in authority results new window shows a blank screen
Select2 (Bug 13501) introduced divs and inputs that broke some assumptions about the expected HTML structure.
This patch checks if input has name attribute, because some inputs in Select2 have not.
To test:
Try to add info from the authorities to field that has subfield with Select2 (subfield with authorised values on Koha 16.11+)
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Kyle M Hall [Tue, 24 Jan 2017 16:15:35 +0000 (08:15 -0800)]
Bug 15503 - Populate the order prices
Signed-off-by: Benjamin Daeuber <bdaeuber@cityoffargo.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 15503 [QA Followup] - Use Koha::AuthorisedValues and fetch notforloan values.
Signed-off-by: Benjamin Daeuber <bdaeuber@cityoffargo.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Kyle M Hall [Thu, 3 Nov 2016 10:44:56 +0000 (10:44 +0000)]
Bug 15503 [QA Followup] - Set itype and ccode properly
Signed-off-by: Benjamin Daeuber <bdaeuber@cityoffargo.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 15503 [QA Followup] - Display "uneven number of fields" error only in relevant biblios
Signed-off-by: Benjamin Daeuber <bdaeuber@cityoffargo.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 15503 [Followup] - Add replacementprice and itemcallnumber
Signed-off-by: Benjamin Daeuber <bdaeuber@cityoffargo.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Kyle M Hall [Fri, 16 Sep 2016 13:05:41 +0000 (13:05 +0000)]
Bug 15503 [QA Followup] - Remove the use of GetBranchesLoop
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Benjamin Daeuber <bdaeuber@cityoffargo.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 15503 - Fix adding multiple items in multiple biblios.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Benjamin Daeuber <bdaeuber@cityoffargo.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
The goal of this development is to automatically generate items in Koha with
populated information based on a 9XX field and subfield, with the new syspref
MarcItemFieldsToOrder.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Benjamin Daeuber <bdaeuber@cityoffargo.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Marc Véron [Fri, 10 Feb 2017 15:07:13 +0000 (16:07 +0100)]
Bug 18095: Batch item modification: Better message if no item is modified
If no item is modified, the result page of Batch item modification says:
"item(s) modified (with fields modified)."
The message should be: "No items modified"
To reproduce:
- Go to Tools -> Batch item modification
- Put a barcode in and click Continue
- Do not make any changes and/or deselect all item(s)
- Click "Save"
=> Result message reads: "item(s) modified (with fields modified)."
To test:
- Apply patch
- Repeat steps above
- Verify that message makes sense.
NOTE: Also tested positive case with actual field change.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Mark Tompsett [Fri, 20 Jan 2017 17:34:56 +0000 (17:34 +0000)]
Bug 17935: Follow up for C4::Plugin...
TEST PLAN
---------
-- apply first patch
git grep "C4::Plugin"
-- still two references
perldoc Koha::Plugins::Base
perldoc Koha::Plugins::Handler
-- apply this patch
git grep "C4::Plugin"
-- no references
perldoc Koha::Plugins::Base
perldoc Koha::Plugins::Handler
-- should look fixed
Please enter the commit message for your changes. Lines starting
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Wed, 18 Jan 2017 15:56:16 +0000 (16:56 +0100)]
Bug 17935: Adjust some POD lines, fix a few typos
This patch does the following:
[1] Move some POD lines from Cache to Caches.
[2] Correct C4::Plugins to Koha::Plugins in POD line of Koha::Plugins
[3] POD Koha/AuthorisedValue.pm: lib_opac moved to opac_description
[4] The POD in Koha/Patron.pm uses head2 and head3 inconsistently.
Ran s/^=head2/=head3/ on those lines (7 substitutions on 7 lines)
[5] Correct a copied POD line from reports/issues_stats.pl in
reports/reserve_stats.pl.
[6] Correct a test description in t/db_dependent/Koha/Authorities.t.
You should never delete the library :)
[7] Correct typo shouild in a comment of rebuild_zebra.pl
Test plan:
[1] Read the patch. Does it make sense?
[2] Run perldoc Koha/Cache.pm and Koha/Caches.pm
[3] Run t/db_dependent/Koha/Authorities.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Chloe [Thu, 21 Jan 2016 03:20:58 +0000 (03:20 +0000)]
Bug 15584 - Staff client list errors are incorrectly styled
To Test-
1. In the Staff Client, go to Lists
(/cgi-bin/koha/virtualshelves/shelves.pl) and create a new list with
the same name as an existing one. --note that it has some red in it
like an error
2. apply patch
3. In the Staff Client, go to Lists
(/cgi-bin/koha/virtualshelves/shelves.pl) and create a new list with
the same name as an existing one. --note that now it should be just
yellow with black writing as an alert
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Fri, 3 Feb 2017 11:38:53 +0000 (11:38 +0000)]
Bug 18047 - JavaScript error on item search form unless LOC defined
If LOC is not present, the item search form will raise a JS error:
SyntaxError: expected expression, got '}'
This patch fixes it by handling this specific case.
Note that the "Status" column is still displayed.
Test plan:
Remove your LOC authorised values
Go on the item search form
=> You will not get the JS error and the "Shelving location" bloc is no longer
displayed. There is no need to display it if empty.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Tue, 24 Jan 2017 15:39:28 +0000 (16:39 +0100)]
Bug 17982: Fix the use of uniq in sub themelanguage
Doing uniq( \@themes ) is useless. It will just return to you the only
reference you gave it.
List::MoreUtils::uniq requires a list instead of an arrayref.
So it is a trivial fix that makes sub themelanguage return one theme instead
of three themes like [ 'prog', 'prog', 'prog' ].
Note that Template->new inserts one or two include paths to TT for each of
these three identical themes.
Test plan:
[1] Run t/db_dependent/Templates.t (should no longer fail)
[2] Run t/db_dependent/Auth.t (triggering themelanguage)
[3] Open a page on OPAC or intranet. (Did you restart Plack?)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
EDIT (Marcel): Amended test plan for additional unit test.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Thu, 2 Feb 2017 07:40:58 +0000 (08:40 +0100)]
Bug 17982: Expose wrong use of uniq
This test should fail without the patch fixing the uniq calls.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Kyle M Hall [Thu, 9 Feb 2017 11:48:40 +0000 (11:48 +0000)]
Bug 18089 - All XSLT testing singleBranchMode = 0 fails to show even if install has only 1 branch
Due to the way it has been implemented, singleBranchMode is set to an
empty string rather than 0 if there is only one branch. This causes any
block that tests for singleBranchMOde to be 0 to never appear.
Test Plan:
1) Apply this patch set
2) prove t/XSLT.t
Signed-off-by: Jenny Schmidt <jschmidt@switchinc.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Kyle M Hall [Thu, 9 Feb 2017 11:48:08 +0000 (11:48 +0000)]
Bug 18089 - Unit test
Signed-off-by: Jenny Schmidt <jschmidt@switchinc.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Zoe Schoeler [Wed, 18 Jan 2017 00:55:43 +0000 (00:55 +0000)]
Bug 17838 Availability limit broken until an item has been checked out.
TEST PLAN
1. Make sure you have no items checked out.
2. Run sudo koha-rebuild-zebra -f -v kohadev.
3. Go to search the catalog and search.
4. Check items availability and then click on limit to currently
available items.
5. This should return no results.
6. Apply patch and reload.
7. Results should show.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Attribute 14: " Specifies whether un-indexed fields should be ignored. A
zero value (default) throws a diagnostic when an un-indexed field is
specified. A non-zero value makes it return 0 hits."
From http://www.indexdata.com/zebra/doc/querymodel-zebra.html
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Mon, 30 Jan 2017 14:19:35 +0000 (15:19 +0100)]
Bug 18014: AddAuthority should respect AUTO_INCREMENT
Instead of using the MAX(authid)+1 logic, AddAuthority should just save
the record and get the new id. The authid column is an autoincrement.
This eliminates problems where a newly assigned authid also refers to a
previously deleted record. (And it will not cause problems when refining
the dontmerge functionality on report 9988.)
Note: ModAuthority also calls AddAuthority to update an existing record; in
that case we should not create a new record even if the record should not
be found any more (which should be exceptional).
This patch also simplifies handling of 001 in the authority record: in all
cases this field is updated now; no need to check its contents.
Test plan:
[1] Run t/db_dependent/AuthoritiesMarc.t
[2] Add a new authority record via the interface
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Tue, 31 Jan 2017 08:11:05 +0000 (09:11 +0100)]
Bug 18014: Add test to AuthoritiesMarc.t to expose problem in AddAuthority
Since AddAuthority uses max(id)+1 logic to produce the next authid,
authority id's will be reused when you delete the last record. This may
be a source of problems and will be addressed on the next patch.
This patch add a test to expose the problem.
Test plan:
[1] Run t/db_dependent/AuthoritiesMarc.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Tue, 31 Jan 2017 07:59:45 +0000 (08:59 +0100)]
Bug 18014: General update of AuthoritiesMarc.t
Modern::Perl, Koha::Database, etc.
Test plan:
Run t/db_dependent/AuthoritiesMarc.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Magnus Enger [Thu, 10 Nov 2016 14:32:44 +0000 (14:32 +0000)]
Bug 4126 - Exit bulkmarcimport if -a and -b given
Currently it is possible to spceify both --biblios and --authorities
as command line switches to bulkmarcimport.pl. This does not make sense
so we should exit early and explain that these switches are mutually
exclusive.
To test:
- Run one of these and check that there is no complaint about missing
options:
perl misc/migration_tools/bulkmarcimport.pl -a -b
sudo koha-shell -c "perl misc/migration_tools/bulkmarcimport.pl -a -b"
kohadev
- Observe that this displays the perldoc, but does not complain about
mutually exclusive switches.
- Apply the patch
- Rerun the command(s) from earlier.
- Verify that the script is now halted and a small explanation given.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Mason James [Sat, 28 Jan 2017 11:47:20 +0000 (00:47 +1300)]
Bug 18009 - IssueSlip.t test fails if launched between 00:00 and 00:59
to test patch...
1/ set date between 00:00 and 00:59
$ sudo date -s 'Sun Jan 29 00:41:55 NZDT 2017'
2/ run prove, see fail
$ prove -v t/db_dependent/Members/IssueSlip.t
...
t/db_dependent/Members/IssueSlip.t (Wstat: 65280 Tests: 1 Failed: 0)
Result: FAIL
3/ apply patch
4/ run prove, see pass
$ prove -v t/db_dependent/Members/IssueSlip.t
...
All tests successful.
Result: PASS
NOTE: for code obscurity you could have also done a modulus 24. ;)
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 17788: (MARC21) Add $9 fields to Koha-Auth-Number:w index
Looking at the default framework's fields that are linked to authority
records, there's a divergence with the Zebra index definitions.
This yields to authority usage count be incorrect for users searching
for authority records.
MariaDB [koha_kohadev]> SELECT tagfield,tagsubfield,authtypecode FROM
marc_subfield_structure WHERE authtypecode IS NOT NULL AND
authtypecode<>'' AND frameworkcode='' GROUP BY
tagfield,tagsubfield,authtypecode ;
+----------+-------------+--------------+
| tagfield | tagsubfield | authtypecode |
+----------+-------------+--------------+
| 100 | a | PERSO_NAME |
| 110 | a | CORPO_NAME |
| 111 | a | MEETI_NAME |
| 130 | a | UNIF_TITLE |
| 440 | a | UNIF_TITLE |
| 600 | a | PERSO_NAME |
| 610 | a | CORPO_NAME |
| 611 | a | MEETI_NAME |
| 630 | a | UNIF_TITLE |
| 648 | a | CHRON_TERM |
| 650 | a | TOPIC_TERM |
| 651 | a | GEOGR_NAME |
| 654 | a | TOPIC_TERM |
| 655 | a | GENRE/FORM |
| 656 | a | TOPIC_TERM |
| 657 | a | TOPIC_TERM |
| 658 | a | TOPIC_TERM |
| 662 | a | GEOGR_NAME |
| 690 | a | TOPIC_TERM |
| 691 | a | GEOGR_NAME |
| 696 | a | PERSO_NAME |
| 697 | a | CORPO_NAME |
| 698 | a | MEETI_NAME |
| 699 | a | UNIF_TITLE |
| 700 | a | PERSO_NAME |
| 710 | a | CORPO_NAME |
| 711 | a | MEETI_NAME |
| 730 | a | UNIF_TITLE |
| 796 | a | PERSO_NAME |
| 797 | a | CORPO_NAME |
| 798 | a | MEETI_NAME |
| 799 | a | UNIF_TITLE |
| 800 | a | PERSO_NAME |
| 810 | a | CORPO_NAME |
| 811 | a | MEETI_NAME |
| 830 | a | UNIF_TITLE |
| 896 | a | PERSO_NAME |
| 897 | a | CORPO_NAME |
| 898 | a | MEETI_NAME |
| 899 | a | UNIF_TITLE |
+----------+-------------+--------------+
This patch adds the missing ones to the authority number index as it is
done for the rest of the fields.
To test:
- Verify that
etc/zebradb/marc_defs/marc21/biblios/biblio-koha-indexdefs.xml
contains intries pointing the $9 subfield of all the fields in the
'tagfield' column above, to the Koha-Auth-Number:w index.
- Sign off :-D
Signed-off-by: Hugo Agud <hagud@orex.es> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Marcel de Rooy [Thu, 27 Oct 2016 13:07:29 +0000 (15:07 +0200)]
Bug 17512: Improve handling dates in C4::Items
This is a follow-up on the internal server error on 0000-00-00 in the items
column onloan. This patch deals with preventing to have such dates at all
in the date fields of items.
It is accomplished by:
[1] Adding a (private) subroutine _mod_item_dates. It takes an item hash
and replaces date values if needed.
[2] AddItem and ModItem call _koha_new_item resp. koha_modify_item. In these
routines a call to the new _mod_item_dates is inserted.
[3] Although the routine is actually private, I have added some unit tests
to Items.t.
Test plan:
[1] Add a new item. Fill a correct date in dateaccessioned and an invalid
date in Price effective from (=replacementpricedate).
[2] Verify that dateaccessioned is saved correctly and replacementpricedate
is still null (does not contain 0000-00-00).
[3] Edit the item again. Fill some text in dateaccessioned and put a correct
date in replacementpricedate. Verify the results.
[4] Run t/db_dependent/Items.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Oleg Vasylenko [Wed, 25 Jan 2017 10:01:05 +0000 (12:01 +0200)]
Bug 17988 - Select2 prevents correct tag expand/minimize functionality
Overview:
Select2 (Bug 13501) introduced divs and inputs that broke some assumptions about the expected HTML structure.
Because of that, expanding fields to show all hidden subfields does not work properly.
Steps to Reproduce:
1. Open some book in the editor or create new (cataloguing/addbiblio.pl)
2. Try to minimize or expand fields, that have among subfields the following:
— Thesaurus driven subfield → subfield with Select2
— Hidden subfield.
Actual Results:
— some fields become hidden, some not, and vice versa
— in the console, you'll see «Uncaught TypeError: Cannot read property 'match' of null»
Expected Results:
— all subfields should minimize/maximize completely
Additional Information:
This happens because Select2 adds some divs, that do not have ID property.
The following patch adds check for the needed attribute existance.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Emma [Wed, 18 Jan 2017 21:37:23 +0000 (21:37 +0000)]
Bug 17134: Replace item types codes with category in facets (opac)
To test:
-Search in OPAC for two or more items
-Note that item types display category codes rather than names
-Make change to file and test in OPAC
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 22 Nov 2016 09:35:07 +0000 (09:35 +0000)]
Bug 16984: Do not clone the item block for standing orders
If AcqCreateItem is set to ordering and the basket is marked as
"standing orders", when ordering a JS error is raised:
additem.js:176 Uncaught TypeError: window[events[i]] is not a function
The item block should not be displayed in that case.
Test plan:
- Set AcqCreateItem to "ordering"
- Create a basket and tick the "Standing orders" checkbox
- Add an order to this basket
=> Without this patch you get the JS error
=> With this patch applied you will not get it
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 8 Feb 2017 16:49:41 +0000 (17:49 +0100)]
Bug 17940: (follow-up 14695) Fix - Mark holds as waiting when transfer is done
When an item from Library A is reserved and set to be picked up at
Library B, the hold buttons fail to confirm or cancel during check in at
Library B when the item is transferred from Library A.
Test plan:
* Create a hold for item at Library A to be picked up at Library B.
* Check in item at Library A to trigger the transfer.
=> item shows in transit
* Switch to Library B and check in item.
* Confirm the hold.
=> item shows waiting
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Wed, 8 Feb 2017 11:41:37 +0000 (12:41 +0100)]
Bug 18076: Replace holds_to_place_count with an input type=text
From http://www.template-toolkit.org/docs/manual/Directives.html#section_WHILE
"""
The Template Toolkit uses a failsafe counter to prevent runaway WHILE loops which
would otherwise never terminate. If the loop exceeds 1000 iterations then an undef
exception will be thrown, reporting the error:
WHILE loop terminated (> 1000 iterations)
The $Template::Directive::WHILE_MAX variable controls this behaviour and can be set
to a higher value if necessary.
"""
I do not think we want to increase this value, and I do not think we want to display a
dropdown list with 1000 entries.
This patch replaces the dropdown list with an input text.
Test plan:
- Set circulation conditions - holds per record = 999
- Search for record with items
- Go to the holds tab
- Search for a patron
- Verify that when you send your search, the 'internal server error' is not shown
and you see the input text.
You should be able to enter a value > than 999 and < 1
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Josef Moravec [Wed, 8 Feb 2017 08:49:46 +0000 (08:49 +0000)]
Bug 18079: Holds to pull cleanup
Changes made:
- remove obsolete comment in pendingreserves.pl
- use Modern::Perl in circ/pendingreserves.pl
- get rid of unusable param run_report - followup for bug 8454
- get rid of references to hold status - followup for bug 9320
- remove unused data from SQL and reservedata structure
Test plan:
1) Apply patch from bug 18073
2) Apply patch on this bug
3) Enable on shelf hold in administration -> circulation and fines rules
4) Create some holds on avalaible items
5) Confirm that circulation -> holds to pull page works as expected
6) Try to find any regression
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Josef Moravec [Tue, 7 Feb 2017 16:44:12 +0000 (17:44 +0100)]
Bug 18073: Holds to pull table enhancement
Test plan:
0) apply the patch
1) enable on shelf hold in administration -> circulation and fines rules
2) create some holds on avalaible items
3) go to administration -> columns settings and confirm there is new holds-to-pull table in circulation section
4) go to circulation -> holds to pull page and confirm that
4a) that the page does work as before
4b) there is ne "Column visibility" button in datatable toolbar
4c) the column configuration does work as expected
4d) there is new column "First patron" with link to patron which is
first in holds queue for given record
4e) sorting works ax expected
4f) filters (in teh bottom of table) work as expected
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Works nicely!
Jonathan Druart [Sat, 21 Jan 2017 07:48:20 +0000 (08:48 +0100)]
Bug 16115: Remove JS error on item search if NOT_LOAN values do not exist
If NOT_LOAN is not present, the item search form will raise a JS error:
SyntaxError: expected expression, got '}'
This patch fixes it by handling this specific case.
Note that the "Status" column is still displayed.
Test plan:
Remove your NOT_LOAN authorised values
Go on the item search form
=> You will not get the JS error and the "Status" bloc is no longer
displayed. There is no need to display it if empty.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Luke Honiss [Thu, 19 Jan 2017 02:55:31 +0000 (02:55 +0000)]
Bug 11450: Hold Request Confirm Deletion
==TEST PLAN==
1) Go to an item with a hold and click on the holds tab on the
left
2) Click the red 'X'
3) The hold will be deleted immediately
4) Apply patch
5) Return to an item with a hold and click the 'X'
6) There will now be a confirmation dialog
7) Click cancel and the dialog will disappear and the hold will not be
deleted
8) Click OK and the hold will be deleted
Restored indentations - Mark Tompsett
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Lari Taskula [Tue, 16 Aug 2016 10:37:29 +0000 (13:37 +0300)]
Bug 17927: Fix /holds and /patrons data types
This patch changes current Swagger definitions for patrons and holds to have
data types corresponding to column data types in their database tables.
To test:
1. GET http://yourlibrary/api/v1/patrons/YYY where YYY is existing borrowernumber
2. Observe that numbers / integers are in string data type.
3. Apply this patch
4. Repeat step 1.
5. Observe that numbers / integers are now actually numbers / integers.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Nick Clemens [Thu, 15 Dec 2016 14:17:55 +0000 (14:17 +0000)]
Bug 17782 - Patron updated_on field should be set to current timestamp when borrower is deleted
To test:
01 Find a patron
02 Get the updated_on value from the db in borrowers table
03 Delete the patron
04 Get the update_on value from the db on deletedborrowers table
05 Values from 02 and 04 are the same
06 Apply patch
07 Repeat 01-04
08 Values should now be different
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Lari Taskula [Mon, 12 Dec 2016 14:49:44 +0000 (16:49 +0200)]
Bug 16387: Fix default shortened loan period time
When a loan period is shortened due to using decreaseLoanHighHolds* the time is
always set to the current time in X days, even if the original loan period is
given in days and not in hours.
It should default to 23:59 as is normal for loan periods given in days.
As original due date time defaults to 23:59 when given in days, this patch
modifies the hours and minutes of shortened due date to be equal to original due
date.
To test:
1. prove t/db_dependent/DecreaseLoanHighHolds.t
Signed-off-by: Grace McKenzie <grace.mcky@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Josef Moravec [Tue, 24 Jan 2017 07:16:37 +0000 (07:16 +0000)]
Bug 17929 - You can't edit indicators in the cataloging screen
Test plan:
0. Do not apply the patch
1. Edit a biblio record, note you can't edit an indicator (in fact you edit it, but can't see the value)
2. Edit an authority record, note you can't edit an indicator (in fact you edit it, but can't see the value)
3. Apply the patch, you may need clear the browser cache (in Firefox Ctrl+F5 is often enough)
4. Repeat steps 1 and 2 - but now you will be able to edit the indicator
Signed-off-by: J Schmidt <jschmidt@switchinc.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Julian Maurice [Wed, 18 Jan 2017 10:29:57 +0000 (11:29 +0100)]
Bug 17922: Use correct number of digits when replacing date placeholders
This patch also fixes a typo ("<<MM><" should be "<<MM>>")
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Mirko Tietgen [Mon, 30 Jan 2017 14:59:59 +0000 (15:59 +0100)]
Bug 18015 - On shelf holds allowed > "If all unavailable" ignores notforloan
If in the circ rules matrix you set "On shelf holds allowed" to "If all unavailable",
items with status "Not for loan" are considered available and break the functionality.
Test plan:
- Set "On shelf holds allowed" to "If all unavailable" for your patron and item
category (or everyone and everything)
- Have two items for a record. Check out one
- Set 7 - Not for loan: "Not For Loan" for the second item
- Try to place a hold. Does not work.
- Apply the patch
- Try to place a hold. Should work now.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
David Cook [Tue, 10 Jan 2017 01:36:25 +0000 (12:36 +1100)]
Bug 17871: Remove zebra::snippet to allow access to facets in YAZ 5.8.1+
This patch restores access to zebra facets (or zebra::snippet) with YAZ 5.8.1 or higher.
It was failing due to The <retrieval syntax="xml" name="zebra::*" /> entry in
retrieval-info-bib-dom.xml which IndexData said it wasn't even needed to
get that access.
Edit: I amended the commit message (tcohen)
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I tested on kohadevbox and found no regression or behaviour change. I
will provide a followup for the packages.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Josef Moravec [Wed, 18 Jan 2017 12:36:37 +0000 (12:36 +0000)]
Bug 18005: Re-styled pagination on search results with Bootstrap
Test plan:
0. Don't apply path
1. Make catalogue search in staff client with more then 20 results,
scroll down to see that pagination is broken
2. Apply the patch
3. Make similar search and confirm, the pagination looks OK with new
style
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
SQL expects lists to be comma separated. A trailing comma must also
be avoided.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 17775 - Add new user with LDAP not works under Plack
This patch fixes internal server error:
Undefined subroutine &C4::Auth_with_ldap::AddMember called at /srv/koha_ffzg/C4/Auth_with_ldap.pm line 213.
It occurs only under plack, and it's strange since C4::Members
does EXPORT AddMember and we are importing it into Auth_with_ldap.pm
(and it does work under CGI).
Signed-off-by: Liz Rea <liz@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
I did not test but trust author and signoffer. The change cannot hurt.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 12 Nov 2015 12:28:38 +0000 (12:28 +0000)]
Bug 15030: Add tests
This test will prevent regression on the lost of data when
items.itemcallnumber is linked with a plugin.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Blou [Thu, 22 Oct 2015 20:49:10 +0000 (16:49 -0400)]
Bug 15030 - continue. The enumchron value was overwritten by 'header' even when value supplied
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Blou [Wed, 21 Oct 2015 18:35:18 +0000 (14:35 -0400)]
Bug 15030 - Fixes the serials fields associated with a plugin, to not overwrite the previously saved value
This fixes the remaining fields from serials-edit.pl that were seeing their previously entered values
be oblitarated with each new edit. The fields associated to a plugin (dateaccessioned and barcode) were
always displaying <empty> with each new edit, losing the previous effort.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Blou [Mon, 19 Oct 2015 16:16:05 +0000 (12:16 -0400)]
Bug 15030 - Certain values in serials' items are lost on next edit
When editing serials subscription, we can edit them but some values are not pulled from the DB correctly to be put in the edit box. If not noticed, the value will be overwritten on the next save.
Test:
- Create a subscription
- Edit itemcallnumber (952o?) and make sure to have a different value than the default one.
- Save.
- Edit it again
- The saved value is not there.
This is true for itemcallnumber and a few other fields.
This was caused by calls to ->field($subfield). This would always fail, of course.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 17255 - Upgrade Elastic Search code to work with version 5.1
Builds on top of commit:
Bug 17255 - Upgrade Elastic Search code to work with version 2.4+ - rebased wip
-Fix data type 'string' to 'keyword' and 'text'
-index: not_analyzed deprecated, replaced with type: keyword which is equivalent
-store: yes was deprecated, use store: true
TODO: Installer bindings to both the debian package install and the raw developer install.
A taster in Buug 17851
ZE TEST PLAN
0. Remove existing ES and reinstall ES 5.1
apt-get purge elasticsearch
Follow instruction here:
https://www.elastic.co/guide/en/elasticsearch/reference/current/deb.html
1. Reset Elasticsearch index since facets are hard coded to dynamic search_marc_mappings.
1a. perl -e 'use Koha::SearchEngine::Elasticsearch; Koha::SearchEngine::Elasticsearch->reset_elasticsearch_mappings();'
1b. If you get trouble, simply DELETE FROM [search_fields|search_marc_to_fields|search_marc_mapping];
and retry 1a.
1c. Destroy elasticsearch index
curl -XDELETE localhost:9200/koha_biblios
so it can be recreated
2. Recreate the index:
perl misc/search_tools/rebuild_elastic_search.pl
2a. Add something to index if your koha.biblio-table is empty
3. Fetch all indexed records and the facet for subject__facet
4. Run the included tests:
perl t/db_dependent/Koha_Elasticsearch_Indexer.t
perl t/db_dependent/Koha_Elasticsearch.t
perl t/db_dependent/Koha_SearchEngine_Elasticsearch_Search.t
Have fun with your new ES 5.1 cluster!
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 17255 - Upgrade Elastic Search code to work with version 2.4+ - rebased wip
-Changed deprecated facets to aggregations
-Fixed boolean datatypes not allowing analyzers to be specified
-Fixed deprecated '_id' to 'es_id'. Now the ES-index has the correct id==biblionumber
ZE TEST PLAN
1. Reset Zebra index since facets are hard coded to dynamic search_marc_mappings.
2. perl misc/search_tools/rebuild_elastic_search.pl
3. Fetch all indexed records and the facet for subject__facet
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Josef Moravec [Wed, 1 Feb 2017 19:48:49 +0000 (20:48 +0100)]
Bug 18033: Remove duplicate code in paycollect.pl
Test plan:
0) apply the patch
1) try to pay individual fee, with full amount and partial amount
it should work the same as before patch
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 2 Feb 2017 08:22:09 +0000 (09:22 +0100)]
Bug 17960: Replace missing occurrences
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 24 Jan 2017 08:14:26 +0000 (09:14 +0100)]
Bug 17960: Add opac_news.content values in tests
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 19 Jan 2017 15:54:50 +0000 (16:54 +0100)]
Bug 17960: DBIC Schema changes for opac_news.content
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 20 Jan 2017 01:31:41 +0000 (02:31 +0100)]
Bug 17960: Update installed files
git grep opac_news.new installer
should not return any occurrences in sql files
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 17 Jan 2017 07:29:23 +0000 (08:29 +0100)]
Bug 17960: Rename opac_news.new with opac_news.content
The field opac_news.new is very confusing and should be renamed.
If you want to access it via Koha::NewsItem you will have trouble:
use Koha::News;
my $news_item = Koha::News->next;
say $news_item->new;
=> Attempt to bless into a reference at /home/vagrant/kohaclone/Koha/Object.pm line 78.
This patchset is going to rename this DB field to opac_news_content instead.
Since the opac_news.new can be used in notice templates, we need to warn the
user during the update DB process that some templates must be updated.
Test plan:
0/ Apply the first patch "Add a test to highlight the issue" and confirm that
the test fail
1/ Apply this second patch
2/ Execute the DB entry
3/ Confirm that you get a warning if at least one of your notice templates is
using opac_news.new
4/ Confirm that the test new pass
5/ Add/update and delete a news
6/ Confirm that the RSS new feed still works as expected
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Sat, 21 Jan 2017 09:49:40 +0000 (10:49 +0100)]
Bug 17960: Add a test to highlight the issue
With only this patch applied, proving t/db_dependent/Koha/News.t
will return
"Attempt to bless into a reference at /home/vagrant/kohaclone/Koha/Object.pm line 78."
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Kyle M Hall [Thu, 10 Nov 2016 19:53:30 +0000 (19:53 +0000)]
Bug 17610 - Allow the number of plack workers and max connections to be set in koha-conf.xml
It would be nice if we could control the number of workers and max
requests on a per instance basis, rather than the numbers being
hardcoded in the plack startup script.
Test Plan:
1) Build a new package of Koha with this patch applied ; )
2) Verify koha-plack still works
3) Add the following to the config section of your koha-conf.xml:
<plack_max_requests>75</plack_max_requests>
<plack_workers>4</plack_workers>
4) Stop plack
5) Start plack
6) Verify the number of works and max requests worked!
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Larry Baerveldt <larry@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Rebased against master and added a description for the new configuration
entries
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Katrin Fischer [Mon, 30 Jan 2017 15:47:23 +0000 (16:47 +0100)]
Bug 17902: Follow-up fixing SQL statement
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The SQL query is not constructed correctly, placeholders must be used.
Subscription id and status list can be provided by the user.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
The SQL query is not constructed correctly, placeholders must be used.
Subscription id and status list can be provided by the user.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 19 Jan 2017 10:46:21 +0000 (11:46 +0100)]
Bug 9569: Security patch for AutoLocation
If a patron is not allowed to access the staff interface because its IP
address in the authorised range of IPs, the cookie should not contain
the CGISESSID.
If it is, the patron is logged in and will be able to access the staff
interface if he reload the page (or hit another one).
Test plan:
Confirm the that AutoLocation feature is now working as expected.
Note: It seems that this feature has never really worked as intended. Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Thu, 19 Jan 2017 09:00:40 +0000 (10:00 +0100)]
Bug 9569: Update warning message
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 16 Aug 2016 13:01:40 +0000 (14:01 +0100)]
Bug 9569: Do not check the IP for login at the OPAC
At the OPAC, the AutoLocation feature should not be taken into account:
login to the OPAC from outside the IP range should work
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 16 Aug 2016 12:56:25 +0000 (13:56 +0100)]
Bug 9569: Remove unused occurrence of AutoLocation
`git grep ManualLocation` does not return any results
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 16 Aug 2016 12:56:19 +0000 (13:56 +0100)]
Bug 9569: AutoLocation should not depend on IndependentBranches
Those 2 prefs can be independent and it does not make sense to consider
AutoLocation only if IndependentBranches is set.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 16 Aug 2016 13:02:58 +0000 (14:02 +0100)]
Bug 9569: Fix AutoLocation - handle .* for subnets
The example in branches.tt is:
Can be entered as a single IP, or a subnet such as 192.168.1.*
But actually the regex in C4::Auth does not handle subnets.
Test plan:
0/ Apply all the patches
1/ Switch AutoLocation on
2/ Define a subnet (192.168.0.* if your ip is like 192.168.0.X) in the IP
range of your library
3/ Log in on the staff interface
=> Should work
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 13 Jan 2017 15:19:45 +0000 (16:19 +0100)]
Bug 17905: FIX CSRF in member-flags
If an attacker can get an authenticated Koha user to visit their page
with the url below, privilege escalation is possible
The exploit can be simulated triggering
/cgi-bin/koha/members/member-flags.pl?member=42&newflags=1&flag=superlibrarian
Test plan:
Trigger the url above
=> Without this patch, 42 is now superlibrarian
=> With this patch, you will get the "Wrong CSRF token" error.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 13 Jan 2017 15:46:51 +0000 (16:46 +0100)]
Bug 17904: Fix possible SQL injection in late orders
To recreate:
/cgi-bin/koha/acqui/lateorders.plop=send_alert&ordernumber=1)and%20(select*from(select(sleep(20)))a)--%20&letter_code=0
Notice the delay.
The SQL query is not constructed correctly, placeholders must be used.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 13 Jan 2017 15:40:59 +0000 (16:40 +0100)]
Bug 17903: Fix possible SQL injection in serial claims
To recreate:
/cgi-bin/koha/serials/claims.pl?serialid=1)and%20(select*from(select(sleep(20)))a)--%20&letter_code=0
Notice the delay.
The SQL query is not constructed correctly, placeholders must be used.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 13 Jan 2017 16:07:34 +0000 (17:07 +0100)]
Bug 17901: Force context to scalar
See bug 15809 for more references.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 13 Jan 2017 16:03:41 +0000 (17:03 +0100)]
Bug 17901: Fix possible SQL injection in shelf editing
It has been reported that
/cgi-bin/koha/opac-shelves.pl?op=edit&referer=view&shelfnumber=146&owner=4&shelfname=testX&sortfield=titleaaaaaa\`&category=1
Could lead to SQL injection
Actually it explodes because the generated SQL query is not correctly formated.
However it would be good to limit the possible values for sortfield.
This vulnerability has been reported by MDSec.
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Fri, 13 Jan 2017 16:43:25 +0000 (17:43 +0100)]
Bug 17900: Fix possible SQL injection in patron cards template editing
To recreate:
/cgi-bin/koha/patroncards/edit-template.pl?op=edit&element_id=23%20and%201%3d2+union+all+select+1,user(),@@version+--%20
Look at the Profile dropdown list.
To fix this problem and to make sure it does not appears anywhere else
in the label and patroncards modules, I have refactored the way the
queries are built in C4::Creators::Lib
Now all of the subroutine takes a hashref in parameters with a 'fields'
and 'filters' parameters.
From these 2 parameters the new internal subroutine _build_query will
build the query and use placeholders.
Test plan:
1/ Make sure you do not recreate the vulnerability with this patch
applied.
2/ With decent data in the labels and patroncards modules, compare all
the different view (undef the New and Manage button groups) with and
without this patch applied.
=> You should not see any differences.
This vulnerability has been reported by MDSec.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
David Cook [Tue, 24 Jan 2017 22:58:40 +0000 (09:58 +1100)]
Bug 17986: Perl dependency evaluation incorrect
It looks like I made a copy/paste error in a previous patch.
While the fix was working when you pass the param "module" to
version_info, it wasn't populating the version correctly
for the "all" param, which causes koha_perl_deps.pl to
think all OK modules actually need an upgrade.
TEST PLAN
0) Be on a system where you know your Koha Perl dependencies are
mostly up-to-date
1) Run ./koha_perl_deps.pl -a -c
2) Note that most modules say they need an upgrade even when
the installed version is the same as the minimum version
3) Apply patch
4) Run ./koha_perl_deps.pl -a -c
5) Note that most moduls say they're OK, especially when the
installed version is the same or greater than the minimum version
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Running koha_perl_deps.pl -u convinced me.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 27 Dec 2016 08:05:18 +0000 (09:05 +0100)]
Bug 17588: ->get_issues has been replaced with ->checkouts
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Jonathan Druart [Tue, 6 Dec 2016 08:22:11 +0000 (09:22 +0100)]
Bug 17588: get_account_lines->get_balance has been replace with account->balance
On previous bugs
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>