]> git.koha-community.org Git - koha.git/log
koha.git
7 years agoBug 19103: Fix Stored XSS in patron-attr-types.pl
Amit Gupta [Tue, 15 Aug 2017 04:37:45 +0000 (10:07 +0530)]
Bug 19103: Fix Stored XSS in patron-attr-types.pl

To Test
1. Hit the page /cgi-bin/koha/admin/patron-attr-types.pl
2. Click on new patron attribute type
2. Add a text in the field Description that contain js.
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19103: Fix Stored XSS in itemtypes.pl
Amit Gupta [Tue, 15 Aug 2017 03:22:40 +0000 (08:52 +0530)]
Bug 19103: Fix Stored XSS in itemtypes.pl

To Test
1. Hit the page /cgi-bin/koha/admin/itemtypes.pl
2. Add a text in the field Description, Checkin message that contains js
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19128: Fix Stored XSS in admin/authorised_values.pl
Jonathan Druart [Tue, 12 Sep 2017 13:35:10 +0000 (10:35 -0300)]
Bug 19128: Fix Stored XSS in admin/authorised_values.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl
Katrin Fischer [Wed, 16 Aug 2017 12:34:17 +0000 (14:34 +0200)]
Bug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl

Preparation:
- Add a branch with script in the branch name
- Add a patron category with script in the category name
- Add a new authorised value cateogory with script
- Add a new authroised value for this category with script
  in all possible fields

- Test editing patron categories
- Test editing patron attribute types
- Test viewing and editing authorised values

Verify that with this script there is no more script executed
and everything works fine.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19125: Fix Stored XSS in members.pl
Katrin Fischer [Wed, 16 Aug 2017 10:05:50 +0000 (12:05 +0200)]
Bug 19125: Fix Stored XSS in members.pl

In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>

To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in subscription-detail.pl
Katrin Fischer [Wed, 16 Aug 2017 11:07:18 +0000 (13:07 +0200)]
Bug 19086: Fix Stored XSS in subscription-detail.pl

Add script to the callnumber field on adding a subscription.

Verify script is executed without this patch, but not with it.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: (follow-up) Fix Stored XSS in supplier.pl
Katrin Fischer [Wed, 16 Aug 2017 10:59:13 +0000 (12:59 +0200)]
Bug 19086: (follow-up) Fix Stored XSS in supplier.pl

In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in subscription-add.pl
Amit Gupta [Mon, 14 Aug 2017 21:14:11 +0000 (02:44 +0530)]
Bug 19086: Fix Stored XSS in subscription-add.pl

To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
   that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in supplier.pl
Amit Gupta [Mon, 14 Aug 2017 21:03:59 +0000 (02:33 +0530)]
Bug 19086: Fix Stored XSS in supplier.pl

1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
   accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in circulation.pl
Chris Cormack [Fri, 11 Aug 2017 19:54:34 +0000 (19:54 +0000)]
Bug 19086: Fix Stored XSS in circulation.pl

1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
  where number is the borrowernumber of the borrower you set the message
  for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in members/member.pl
Chris Cormack [Fri, 11 Aug 2017 19:36:43 +0000 (19:36 +0000)]
Bug 19086: Fix Stored XSS in members/member.pl

To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19385: Fix random t/Calendar.t failure - clear the cache before
Jonathan Druart [Thu, 28 Sep 2017 17:49:11 +0000 (14:49 -0300)]
Bug 19385: Fix random t/Calendar.t failure - clear the cache before

The cache 'exception_holidays' may be populated when we run these tests,
we need to clear it before the tests are run.

Test plan:
  prove t/db_dependent/Circulation/CalcDateDue.t  t/Calendar.t

Without this patch, t/Calendar will fail with:
  #   Failed test 'Exception holiday is not a closed day test'
  #   at t/Calendar.t line 159.
  #          got: '1'
  #     expected: '0'
  # Looks like you failed 1 test of 38.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18282: operationId must be unique
Lari Taskula [Thu, 16 Mar 2017 11:53:44 +0000 (13:53 +0200)]
Bug 18282: operationId must be unique

operationId has the following documentation:
 "Unique string used to identify the operation. The id MUST be unique among all
  operations described in the API."

This patch modifies operationIds to be unique accross our API operations.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18290: Fix t/db_dependent/Koha/Object.t, Mojo::JSON::Bool is a JSON::PP::Boolean :)
Olli-Antti Kivilahti [Fri, 17 Mar 2017 06:09:05 +0000 (08:09 +0200)]
Bug 18290: Fix t/db_dependent/Koha/Object.t, Mojo::JSON::Bool is a JSON::PP::Boolean :)

Mojolicious 7.21 onwards, no longer returns Mojo::JSON::Bool-objects but JSON::PP instead.
Which might be pretty smart.

This version is required by bug 18137 and so this patch for the tests is
needed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Tested along with 18137 and its dependencies (libs).

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (QA followup) Make sure the session exists and is expired on expiration...
Tomas Cohen Arazi [Wed, 9 Aug 2017 14:11:13 +0000 (11:11 -0300)]
Bug 18137: (QA followup) Make sure the session exists and is expired on expiration tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lari Taskula <lari.taskula@jns.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: List Mojolicious::Plugin::OpenAPI and JSON::Validator as dependencies
Lari Taskula [Fri, 17 Feb 2017 11:14:09 +0000 (13:14 +0200)]
Bug 18137: List Mojolicious::Plugin::OpenAPI and JSON::Validator as dependencies

Edit (tcohen): I've changed the version numbers to match those Mirko has already
successfully packaged and are known to work for this patchset.

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (follow-up) Sort definitions.json
Lari Taskula [Thu, 16 Mar 2017 12:24:52 +0000 (14:24 +0200)]
Bug 18137: (follow-up) Sort definitions.json

Before this file grows, we should sort it alphabetically.

To test:
1. prove t/db_dependent/api/v1

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (QA-follow-up) Fix pod fail
Lari Taskula [Tue, 7 Mar 2017 11:31:04 +0000 (13:31 +0200)]
Bug 18137: (QA-follow-up) Fix pod fail

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (follow-up) Fix handling DBIx::Class::Exception messages
Lari Taskula [Tue, 7 Mar 2017 11:37:09 +0000 (13:37 +0200)]
Bug 18137: (follow-up) Fix handling DBIx::Class::Exception messages

- DBIx::Class::Exception should use ->{msg}

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Remove x-mojo-around-action
Lari Taskula [Tue, 21 Feb 2017 17:55:28 +0000 (19:55 +0200)]
Bug 18137: Remove x-mojo-around-action

Mojolicious::Plugin::OpenAPI does not support x-mojo-around action. This patch
removes it from our specification document.

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Make /holds Mojolicious::Plugin::OpenAPI compatible
Lari Taskula [Mon, 20 Feb 2017 18:07:26 +0000 (20:07 +0200)]
Bug 18137: Make /holds Mojolicious::Plugin::OpenAPI compatible

Also
- adding some missing and new response definitions into Swagger spec.
- fixing failing tests due to Bug 17932's change of boolean values

To test:
1. prove t/db_dependent/api/v1/holds.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Make /cities Mojolicious::Plugin::OpenAPI compatible
Lari Taskula [Mon, 20 Feb 2017 17:58:28 +0000 (19:58 +0200)]
Bug 18137: Make /cities Mojolicious::Plugin::OpenAPI compatible

Also:
- adding some missing and new response definitions into Swagger spec.

To test:
1. prove t/db_dependent/api/v1/cities.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Make /patrons Mojolicious::Plugin::OpenAPI compatible
Lari Taskula [Fri, 17 Feb 2017 12:59:24 +0000 (14:59 +0200)]
Bug 18137: Make /patrons Mojolicious::Plugin::OpenAPI compatible

Also:
- adding some missing and new response definitions into Swagger spec.
- fixing failing test due to Bug 17932's change of boolean values

To test:
1. prove t/db_dependent/api/v1/patrons.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Migrate from Swagger2 to Mojolicious::Plugin::OpenAPI
Lari Taskula [Fri, 17 Feb 2017 12:36:36 +0000 (14:36 +0200)]
Bug 18137: Migrate from Swagger2 to Mojolicious::Plugin::OpenAPI

This patch migrates from Swagger2 to Mojolicious::Plugin::OpenAPI as Swagger2 is
no longer actively maintained.

This migration involves some minor changes to our Swagger specification documents
and to controllers. Each operation is migrated in following patches separately.
Please see Mojolicious::Plugin::OpenAPI and its tutorial for more documentation.

The patch also refactors some API authentication -related code by taking advantage
of Koha::Exceptions. Authentication is now handled via Mojolicious's "under->to"
functionality. The actual authentication & authorization checks are moved to
Koha::REST::V1::Auth. Added a HTTP 503 response for when database update is
required, instead of returning an authentication failure as before.

To test:
1. prove t/db_dependent/api/v1/auth.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Add useful Koha::Exceptions
Lari Taskula [Fri, 17 Feb 2017 12:34:42 +0000 (14:34 +0200)]
Bug 18137: Add useful Koha::Exceptions

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19119: Remove definitions.t
Tomas Cohen Arazi [Wed, 20 Sep 2017 15:45:24 +0000 (12:45 -0300)]
Bug 19119: Remove definitions.t

This patch removes t/db_dependent/api/v1/swagger/definitions.t

Its goal is not simple to achieve, and worth moving into the QA tools instead.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 6758)
Tomas Cohen Arazi [Wed, 20 Sep 2017 12:15:42 +0000 (09:15 -0300)]
Bug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 6758)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 18137)
Lari Taskula [Fri, 28 Apr 2017 12:33:33 +0000 (12:33 +0000)]
Bug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 18137)

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19173: Add opac payment and marc conversion plugins to the pulldown filter list
Kyle M Hall [Fri, 25 Aug 2017 10:26:21 +0000 (06:26 -0400)]
Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list

Edit: fixed tab-for-space errors (tcohen).

Signed-off-by: Magnus Enger <magnus@libriotech.no>
New categories are added to the pulldown and work as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19173: Make OPAC online payments pluggable
Kyle M Hall [Thu, 24 Aug 2017 10:55:49 +0000 (06:55 -0400)]
Bug 19173: Make OPAC online payments pluggable

While PayPal is fairly universal, there is a plethora of online
payment system that are far more localized, servicing a single
country ( e.g. Bug 18968 ) or even a single  city! Instead of
adding support for each and every one of these payment options
directly into Koha, it makes more sense to add the ability to
create online payment plugins.

Test Plan:
1) Apply this patch
2) Download and install the Kitchen Sink plugin version 2.1.1 or later
   https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases
3) In the plugin options, enable the opac payments option
4) Create a patron with one or more fines
5) Log into the opac as that patron, note you now have the option
   to pay online via KitchenSink ImaginaryPay
6) Make an online payment
7) Note the payment was processed correctly

Sponsored-by: Washoe County Library System
Signed-off-by: Kyle M Hall <kyle@gmail.com>
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Awesome enhancement! I know we want to add at least one Norwegian
payment service at some point.
I followed the test plan and everything works as advertised. Turning
off the "opac payments option" makes the option dissappear cleanly
from the OPAC. I have *not* looked at the code or done any
considerations about security.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: DBRev 17.05.00.008
Jonathan Druart [Tue, 19 Sep 2017 16:03:50 +0000 (13:03 -0300)]
Bug 6758: DBRev 17.05.00.008

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: DBIC Schema changes
Jonathan Druart [Tue, 19 Sep 2017 16:20:41 +0000 (13:20 -0300)]
Bug 6758: DBIC Schema changes

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: Use 'is' instead of 'ok' in tests
Jonathan Druart [Tue, 19 Sep 2017 16:13:47 +0000 (13:13 -0300)]
Bug 6758: Use 'is' instead of 'ok' in tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: [QA Follow-up] Typo popular vs populate
Marcel de Rooy [Fri, 4 Aug 2017 07:03:43 +0000 (09:03 +0200)]
Bug 6758: [QA Follow-up] Typo popular vs populate

Typo popular resolved.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: Add new patron column for date of renewal
Kyle M Hall [Tue, 25 Apr 2017 17:27:00 +0000 (13:27 -0400)]
Bug 6758: Add new patron column for date of renewal

Test Plan:
1) Apply this patch
2) Run updatedatabase
3) Create a new patron
4) Note the new column date_renewed is NULL
5) Renew the patron
6) Note the date in the column date_renewed is today's date

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19195: Do not explicitely force scalar context when unecessary
Jonathan Druart [Tue, 19 Sep 2017 14:57:10 +0000 (11:57 -0300)]
Bug 19195: Do not explicitely force scalar context when unecessary

These ones are already called in scalar context

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19195: Preventing noisy warns when creating or editing a basket
Aleisha Amohia [Tue, 29 Aug 2017 05:02:29 +0000 (05:02 +0000)]
Bug 19195: Preventing noisy warns when creating or editing a basket

To test:
1) Open the koha intranet error log
2) Go to Acquisitions -> Find or create a vendor
3) Create a new basket, filling all fields
4) Notice warns in error log
5) Edit this basket
6) Notice warns in error log
7) Apply patch
8) Create another basket, confirm warns do not show
9) Edit this basket, confirm warns do not show

Sponsored-by: Catalyst IT
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19332 - Basket grouping PDF and CSV exports empty
Dobrica Pavlinusic [Mon, 18 Sep 2017 15:37:21 +0000 (17:37 +0200)]
Bug 19332 - Basket grouping PDF and CSV exports empty

This bug was introduced in commit 2bf3ce268de6bc8b2386cfb5d768f60b05d75f44
Bug 17196: [QA Follow-up] Additional fix on acqui/basketgroup

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19180: [FOLLOW-UP] Renaming all instances of 'name' variable to 'booksellername'
Aleisha Amohia [Tue, 29 Aug 2017 21:21:00 +0000 (21:21 +0000)]
Bug 19180: [FOLLOW-UP] Renaming all instances of 'name' variable to 'booksellername'

... when referring to the name of the vendor.

To test:
1) Confirm vendor shows on webpage title (tab name)
2) Confirm vendor shows in breadcrumbs
3) Confirm vendor shows in heading when viewing basket ('Basket x (1) for
vendor')

Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19180: Add vendor name to breadcrumbs when closing an order
Aleisha Amohia [Sun, 27 Aug 2017 23:00:15 +0000 (23:00 +0000)]
Bug 19180: Add vendor name to breadcrumbs when closing an order

To test:
1) Go to Acquisitions
2) Find a vendor and a basket
3) Click 'Close basket' button
4) Notice that on confirmation page, breadcrumbs are missing vendor
5) Apply patch and refresh page
6) Vendor name should now show
7) Confirm link to vendor works as expected

Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 16204: Show friendly error message if trying to edit record which no longer exists
Aleisha Amohia [Wed, 30 Aug 2017 04:36:50 +0000 (04:36 +0000)]
Bug 16204: Show friendly error message if trying to edit record which no longer exists

To test:
1) Create a record
2) Click Edit -> Edit record. open this in another tab
3) Delete the record in the original tab
4) Refresh the edit form in the other tab. Notice the software error
5) Apply patch and refresh page
6) There should be a nice error message with the form fields and buttons
hidden. Confirm links work as expected.

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18541: (QA follow-up) Add some POD for draw_guide_grid
Marc Véron [Wed, 6 Sep 2017 15:46:27 +0000 (17:46 +0200)]
Bug 18541: (QA follow-up) Add some POD for draw_guide_grid

Add description to POD for draw_guide_grid

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: Moved the description from draw_guide_box to .._grid.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18541: [QA Follow-up] Add POD to Patroncard.pm
Marcel de Rooy [Wed, 6 Sep 2017 14:14:26 +0000 (16:14 +0200)]
Bug 18541: [QA Follow-up] Add POD to Patroncard.pm

Just adding the POD framework to make qa tools happy. The authors
are encouraged to complete this information.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18541: (QA follow-up) Fix wrong variable name ($layout_xml vs $print_layout_xml)
Marc Véron [Wed, 6 Sep 2017 13:56:55 +0000 (15:56 +0200)]
Bug 18541: (QA follow-up) Fix wrong variable name ($layout_xml vs $print_layout_xml)

This patch changes variable names as mentioned in comments #11 and #13

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18541 - Patron card creator: Add a grid to support layout design
Marc Véron [Thu, 4 May 2017 15:36:24 +0000 (17:36 +0200)]
Bug 18541 - Patron card creator: Add a grid to support layout design

Add a layout grid to patron card creator to figure out the positions of text
fields, barcode and images.

To test:
- Apply on top of patch 18465
- Go to Home > Tools > Patron card creator
- Edit or create a layout
- Turn on new choice 'Guide grid' in section 'General settings'
- Leave 'Units' unchanged
- Crate a PDF using 'Card batches'
- Notice that card is printed with a layout grid that reflects selected unit
  with each 5th and 10th line in different color, unit description displayed
  bottom left, card dimensions displayed top right in small print inside the
  layout grid
- Print PDF. Set printer settings in Adobe Reader or other PDF printing
  software to 'Actual size' to prevent scaling to printer's printable
  region
- Mesure out printed PDF and verify that grid corresponds to selecte unit.
- Go back to layout definition and choose an other unit, repeat steps
  to verify that grid respects selected unit.
- Go back to layout definition, turn grid off, create PDF, verify that grid
  does not display in PDF

Note for testers / QAers: Position of card elements (text, image...) do not
respect the unit, this will be fixed in Bug 18550

Followed test plan and it worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18739 - Add SVG version of staff-home-icons-sprite image
Owen Leonard [Tue, 6 Jun 2017 18:35:07 +0000 (18:35 +0000)]
Bug 18739 - Add SVG version of staff-home-icons-sprite image

Images display correctly. Followed test plan and patch works as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 15644 - City dropdown default selection when modifying a patron matches only...
Owen Leonard [Thu, 8 Jun 2017 16:01:32 +0000 (16:01 +0000)]
Bug 15644 - City dropdown default selection when modifying a patron matches only on city

This patch modifies the include files which contain the form fields for
city, state, zipcode, etc. shown on the patron entry screen. The files
are modified so that the city/state/zip <select> preselects a value
based on city, state, and zipcode matching the values in the
corresponding text fields.

To test, confirm that the bug's steps to reproduce are fixed:

- Enter two cities via Administration -> Patrons and circulation
  -> Cities and towns:
    Springfield, MA 01101
    Springfield, VT 05156
- Edit a patron choosing, Springfield VT, and save.
- Edit the patron again and confirm that the correct city is
  pre-selected.
- Confirm this result with all three different settings of the
  "AddressFormat" system preference.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18149: Move CountUsage calls to Koha namespace
Marcel de Rooy [Thu, 29 Jun 2017 11:03:39 +0000 (13:03 +0200)]
Bug 18149: Move CountUsage calls to Koha namespace

After the introduction of Koha::Authorities->get_usage_count with bug
9988, we can now replace the remaining occurrences of CountUsage.

At the same time we remove CountUsageChildren. This was an empty sub.
The typo get_count_usage in a subtest title is adjusted.

Test plan:
[1] Run t/db_dependent/Koha/Authorities.t
[2] Perform a search on authorities-home.pl and verify that you see
    plausible numbers for 'used in xx records'.
[3] Click on Details for one authority. See the same number?
[4] Do the same as in 2/3 for Authority search on OPAC.
[5] Remember the authid and enter this in the record numbers box on
    tools/batch_delete_records.pl. Select Authorities and click
    Continue. The next form shows a column "Used in". Do you see
    the same count again?
[6] Git grep CountUsage.
    You should see just one hit in a comment that can be kept in
    Koha/Authorities.pm.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: DBRev 17.05.00.007
Jonathan Druart [Tue, 19 Sep 2017 14:46:51 +0000 (11:46 -0300)]
Bug 10132: DBRev 17.05.00.007

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: Simplify code, call the method only once
Jonathan Druart [Tue, 19 Sep 2017 12:59:36 +0000 (09:59 -0300)]
Bug 10132: Simplify code, call the method only once

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: (QA followup) Open LOC URL on a separate window
Tomas Cohen Arazi [Mon, 11 Sep 2017 19:14:41 +0000 (16:14 -0300)]
Bug 10132: (QA followup) Open LOC URL on a separate window

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: (QA followup) Add POD to ->get_effective_marcorgcode
Tomas Cohen Arazi [Mon, 11 Sep 2017 19:08:09 +0000 (16:08 -0300)]
Bug 10132: (QA followup) Add POD to ->get_effective_marcorgcode

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: (QA followup) Organize tests in subtest
Tomas Cohen Arazi [Mon, 11 Sep 2017 19:02:00 +0000 (16:02 -0300)]
Bug 10132: (QA followup) Organize tests in subtest

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: Add ability to set MARC Organization Code at library level
Josef Moravec [Sun, 11 Jun 2017 19:23:41 +0000 (19:23 +0000)]
Bug 10132: Add ability to set MARC Organization Code at library level

Test plan:
0. Apply patches
1. Update database
2. Go to administration -> libraries, try to update some library and
fill in some value into Marc Organization code field
3. Save this library and edit again - the code should be stored
correctly
4. Go to system preferences and fill in some value into MARCOrgCode
preference, note there is enhanced description mentioning the ability to
set organization code on library level
5. Set active library to the one with own org code stored
6. Go to cataloguing, create new empty record and click into field 003 -
there should be the code you filled for that library
7. Set active library to one withou marc org code
8. Go to cataloguing, create new empty record and click into field 003 -
there should be the code from system preference
9. Go to system preferences again and set AutoCreateAuthorities to
'generate' and BiblioAddsAuthorities to 'allow'
10. Go to cataloguing and create some biblio record, fill in any author
in to create its authority record, save the biblio
11. Go to authorities and find this created authority, go to details and
check the fields: 003, 040$a, 040$c, 670$a - there should be used right org code
12. prove t/db_dependent/AuthoritiesMarc.t t/db_dependent/Biblio.t t/db_dependent/Koha/Libraries.t

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: Admin pages changes
Josef Moravec [Sun, 11 Jun 2017 19:22:06 +0000 (19:22 +0000)]
Bug 10132: Admin pages changes

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: Unit tests
Josef Moravec [Sun, 11 Jun 2017 19:48:50 +0000 (19:48 +0000)]
Bug 10132: Unit tests

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: DBIC update
Josef Moravec [Sun, 11 Jun 2017 19:21:16 +0000 (19:21 +0000)]
Bug 10132: DBIC update

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: Database changes
Josef Moravec [Sun, 11 Jun 2017 19:19:38 +0000 (19:19 +0000)]
Bug 10132: Database changes

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18810: Update Font Awesome to 4.7.0
Josef Moravec [Tue, 20 Jun 2017 11:06:47 +0000 (13:06 +0200)]
Bug 18810: Update Font Awesome to 4.7.0

Test plan:

0) Apply the patch
1) Edit a template and use any of the new icons, see
http://fontawesome.io/icons/
2) Verify that the added icon is shown

For alternative test see comment #2. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18742: (QA followup) Fix indentation
Julian Maurice [Fri, 1 Sep 2017 14:07:36 +0000 (16:07 +0200)]
Bug 18742: (QA followup) Fix indentation

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18742: Circulation statistics wizard no longer exports the total row
Nick Clemens [Wed, 7 Jun 2017 14:56:47 +0000 (10:56 -0400)]
Bug 18742: Circulation statistics wizard no longer exports the total row

To test:
- Run the circulation wizard
- Export to csv
- Note there is no total row
- Apply patch
- Export to csv
- Total row totally there!

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19335: Fix 00-merge-conflict-markers.t when dockerised
Jonathan Druart [Mon, 18 Sep 2017 17:23:54 +0000 (14:23 -0300)]
Bug 19335: Fix 00-merge-conflict-markers.t when dockerised

This does not make sense, but fix a bug (why?)
Without this patch, the tests failed on po files:

[17:14:26] t/00-merge-conflict-markers.t .. Failed 1/1 subtests
Test Summary Report
-------------------
t/00-merge-conflict-markers.t (Wstat: 9 Tests: 0 Failed: 0)
  Non-zero wait status: 9
  Parse errors: Bad plan.  You planned 1 tests but ran 0.
Result: FAIL

Note that this is not related to bug 19227.

if the ^>>>>>> and ^<<<<<< matches are done on the same line, the test fail
As saw it failed on *-pref.po files
  misc/translator/po/kn-Knda-pref.po
  misc/translator/po/ja-Jpan-JP-pref.po
  misc/translator/po/nl-BE-pref.po
  misc/translator/po/sr-Cyrl-pref.po

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19337: Make basic_workflow.t configurable through ENV
Tomas Cohen Arazi [Mon, 18 Sep 2017 18:58:15 +0000 (15:58 -0300)]
Bug 19337: Make basic_workflow.t configurable through ENV

This patch makes the basic_workflow.t selenium tests read ENV for the
following vars:

KOHA_USER
KOHA_PASS
KOHA_INTRANET_URL
SELENIUM_ADDR
SELENIUM_PORT

to properly configure the running environment. If absent, all variables
fallback to current behaviour:

KOHA_USER // 'koha'
KOHA_PASS // 'koha'
KOHA_INTRANET_URL (unchanged)
SELENIUM_ADDR // 'localhost'
SELENIUM_PORT // 4444

[*] Selenium defaults are documented on the Selenium::Remote::Driver docs.

Prerequisites:
Make sure you have a working environment for the Selenium tests:
- Run:
  $ sudo apt update
  $ sudo apt install xvfb firefox-esr

To test:
- Run:
  $ sudo koha-shell kohadev
 k$ cd kohaclone
 k$ wget https://selenium-release.storage.googleapis.com/2.53/selenium-server-standalone-2.53.1.jar \
     -O /tmp/selenium.jar
 k$ SELENIUM_PATH=/tmp/selenium.jar
 k$ Xvfb :1 -screen 0 1024x768x24 2>&1 >/dev/null &
 k$ DISPLAY=:1 java -jar $SELENIUM_PATH &
 k$ prove t/db_dependent/selenium/basic_workflow.t
=> SUCCESS: Tests pass
- Apply this patch
- Run:
 k$ prove t/db_dependent/selenium/basic_workflow.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19059: [QA Follow-up] Typo holds for hold
Marcel de Rooy [Thu, 7 Sep 2017 12:34:18 +0000 (14:34 +0200)]
Bug 19059: [QA Follow-up] Typo holds for hold

Resolves:
The method found is not covered by tests at C4/Reserves.pm line 815.

Test plan:
Run t/db_dependent/Holds/CancelReserves.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19059: Fix compilation issues
Jonathan Druart [Fri, 1 Sep 2017 19:50:26 +0000 (16:50 -0300)]
Bug 19059: Fix compilation issues

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19059: Remove CancelReserve
Jonathan Druart [Mon, 7 Aug 2017 18:13:17 +0000 (15:13 -0300)]
Bug 19059: Remove CancelReserve

It's done!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19059: Remove CancelReserve - do not log DELETE
Jonathan Druart [Fri, 4 Aug 2017 13:44:56 +0000 (10:44 -0300)]
Bug 19059: Remove CancelReserve - do not log DELETE

There is something wrong with the DELETE log, it should be replaced with
a FILLED log.
Anyway, here we do not want it to be logged.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19059: Remove CancelReserve - add new tests
Jonathan Druart [Thu, 3 Aug 2017 21:00:22 +0000 (18:00 -0300)]
Bug 19059: Remove CancelReserve - add new tests

This is bonus, let's add new tests

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19059: Remove CancelReserve - move tests
Jonathan Druart [Thu, 3 Aug 2017 18:12:25 +0000 (15:12 -0300)]
Bug 19059: Remove CancelReserve - move tests

Move the existing tests

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19059: Move C4::Reserves::CancelReserve to Koha::Hold->cancel
Jonathan Druart [Wed, 2 Aug 2017 17:00:12 +0000 (14:00 -0300)]
Bug 19059: Move C4::Reserves::CancelReserve to Koha::Hold->cancel

This patch adds a new Koha::Hold->cancel method and replaces the calls
to C4::Reserves::CancelReserve with it.

Test plan:
- Add and cancel holds
- Change priority of holds

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18584 - removed white space in C4/Accounts.pm
Dominic Pichette [Tue, 12 Sep 2017 14:13:58 +0000 (10:13 -0400)]
Bug 18584 - removed white space in C4/Accounts.pm

Test Plan:
    1-go to C4/Accounts.pm
    2-there should not be a trailing space at line 279.

Signed-off-by: Dominic Pichette <dominic@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19068: Add quantity field to the opac suggestions form
Jon Knight [Mon, 21 Aug 2017 15:04:20 +0000 (15:04 +0000)]
Bug 19068: Add quantity field to the opac suggestions form

This enhancement just exposes the quantity field to the OPAC suggestions
form to permit the end user to enter this if they wish.  The librarians
can of course override this quantity when they process the suggestion.

Test Plan (assuming using kohadevbox VM):
1) apply patch and turn on purchase suggestions
2) Go to http://localhost:8080/cgi-bin/koha/opac-suggestions.pl?op=add
and notice that there is now a quantity field available.
3) Make a purchasing suggestion using this form, including a quantity.
4) Log in as a member of library staff and go to Home › Acquisitions ›
Suggestions
5) Confirm that the previously entered suggestion is there, and that the
correct quantity appears in the "Acquisition information" section.
6) Edit the purchasing suggestion, change the quantity, save it and
check that the new quantity appears in the suggestion.

I've popped an ID attribute of "opac-suggestion-quantity" to the
surrounding <li> so that CSS can easily make this optional field
disappear (as suggested by cait on IRC).

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 12346: Display the correct number of pending patron modifications on the patron...
Jonathan Druart [Wed, 6 Sep 2017 14:23:10 +0000 (11:23 -0300)]
Bug 12346: Display the correct number of pending patron modifications on the patron module home page

Due to the way members-home.pl handles the variable $branch, the number
of patron modifications listed on members-home.pl may differ from the
number listed on mainpage.pl. When the librarian clicks this link, he or
she may see a different number than was listed, or none at all!

Test Plan:
0) Set IndependentBranchesPatronModifications = Yes
1) Create a number of modification request for BranchA
2) Log into the staff intranet with a patron without superlibrarian
permissions and set your branch to BranchB
3) Note the modifications alert to does not display on mainpage.pl
4) Click the "Patrons" link to take you to members-home.pl
5) Note the modifictions alert does display on this page
6) Apply this patch
7) Reload members-home.pl, note the alert no longer displays

QA notes: What was the point of the branch variable?

Followed test plan, patch worked as described. Also passed QA test tool
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17380: [QA Follow-up] Report error to user instead of throwing exception
Nick Clemens [Fri, 1 Sep 2017 14:39:25 +0000 (14:39 +0000)]
Bug 17380: [QA Follow-up] Report error to user instead of throwing exception

Internal server errors are good, user feedback is better.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tiny change: removed the obsolete 'use Koha::Exceptions'.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17380: (QA followup) Fix parameter in tests
Nick Clemens [Fri, 1 Sep 2017 14:39:03 +0000 (14:39 +0000)]
Bug 17380: (QA followup) Fix parameter in tests

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17380: Do not allow Default template in merge form
Marcel de Rooy [Mon, 26 Jun 2017 10:51:59 +0000 (12:51 +0200)]
Bug 17380: Do not allow Default template in merge form

This patch makes the following changes:
[1] Removes Default from the template list. We should not merge with the
    Default framework, since it does not have a reporting tag.
[2] Rearranges the error section in the template. It is confusing to have
    two error sections in this template. The error CANNOT_MOVE is not used.
    The error FRAMEWORK_NOT_SELECTED is replaced by WRONG_FRAMEWORK.
[3] Do not allow to merge a record with itself.
[4] Check if the merge reference record still contains any MARC tags.
[5] Additional polishing: Simplify passing frameworks to template. Remove
    an unused Koha::Authority::Types->search. Remove obsolete POD header
    for functions from the script.

Test plan:
[1] Select two authorities to merge. Verify that you cannot select Default
    anymore as framework for the reference record.
[2] Reproduce error WRONG_COUNT by adding another authid=999 in the URL
    after you selected two authority records for merging.
[3] Remove the third authid from the URL and change the first or second
    authid into an unexisting record id. You should generate an Internal
    Server Error. The log should show the exception message.
[4] Merge two authorities. Deselect all MARC tags. Should trigger the
    error EMPTY_MARC in the template.
[5] Select the same authority record twice for merging. Should trigger the
    error DESTRUCTIVE_MERGE in the template.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17380: Graceful resolution of missing reporting tag in merge
Marcel de Rooy [Tue, 4 Jul 2017 12:31:21 +0000 (14:31 +0200)]
Bug 17380: Graceful resolution of missing reporting tag in merge

Altough this patch deals with a mostly hypothetical case and this report
makes it practically impossible anymore to merge with records in the
Default framework (having no reporting tag), we can make the code of
sub merge still a bit more robust here.

If you would merge biblio records from one authtype to another and the new
framework would not have a reporting tag, before this patch the result would
be data loss. Merge would handle this request as a delete. This patch makes
merge handle it differently: instead of clearing the biblio records, it
keeps $a and $9 in order to make a future corrective merge possible.

Note: The additional condition on line 1468 for $tags_using_authtype
makes sure that we do not select all fields when the authtype should
unexpectedly be empty string (Default). This prevents crashing on
a "Control fields do not have subfields" error.

Test plan:
[1] Run t/db_dependent/Authorities/Merge.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17380: Do not use GuessAuthTypeCode in MetadataRecord::Authority
Marcel de Rooy [Mon, 26 Jun 2017 11:41:56 +0000 (13:41 +0200)]
Bug 17380: Do not use GuessAuthTypeCode in MetadataRecord::Authority

If we got an authtypecode from the database and this value is not NULL
since the table column does not allow it, there is no need to call
GuessAuthTypeCode for empty string (read: Default framework) in the
sub get_from_authid.

Furthermore, we remove three Koha::MetadataRecord::Authority->new calls.
They are useless, since we do not pass a record. It just generates:
  No record passed at authorities/merge.pl line 96.
  Can't bless non-reference value at Koha/MetadataRecord/Authority.pm line 66.
Instead we throw an ObjectNotFound exception.

Test plan:
[1] Run t/db_dependent/Koha_Authority.t
[2] Interface will be tested in the following patches.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17380: Add some checks around Authorities::Types->find
Marcel de Rooy [Thu, 23 Feb 2017 09:02:57 +0000 (10:02 +0100)]
Bug 17380: Add some checks around Authorities::Types->find

Resolves:
Use of uninitialized value $biblio_fields in scalar chop at authorities/detail.pl line 212.
Can't call method "authtypetext" on an undefined value at authorities/detail.pl line 216.
Can't call method "authtypecode" on an undefined value at authorities/detail.pl line 180.

NOTE: Some of these problems have actually been resolved now by bugs 18801
and 18811, but it is still better imo to have these checks.

Test plan:
[1] Verify unchanged behavior. Search for some authorities on authorities.pl
    and click on the details of a record.
[2] Open an authorities detail page and change the authid in the URL to a
    not existing number. Instead of an internal server error, you should see
    a message like "The authority record you requested does not exist".

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18811: DBRev 17.05.00.006
Jonathan Druart [Tue, 12 Sep 2017 15:04:50 +0000 (12:04 -0300)]
Bug 18811: DBRev 17.05.00.006

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18811: [QA Follow-up] Resolved POD warnings
Marcel de Rooy [Mon, 4 Sep 2017 07:27:09 +0000 (09:27 +0200)]
Bug 18811: [QA Follow-up] Resolved POD warnings

Trivial changes to silence qa tools on POD warnings for Subfields and Tags.

Note: Since Subfield and Tag only contain one sub which is considered as
private by Pod::Coverage, these modules are listed as unrated (no public
symbols defined) and trigger a FAIL on pod coverage in qa tools. This fail
can be ignored.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18811: [QA Follow-up] Add tests for Koha::Authority::Subfields/Tags
Marcel de Rooy [Mon, 4 Sep 2017 07:19:01 +0000 (09:19 +0200)]
Bug 18811: [QA Follow-up] Add tests for Koha::Authority::Subfields/Tags

Renaming t/db_dependent/Authorities to Authority
Adding Subfields.t and Tags.t

Test plan:
[1] prove t/db_dependent/Authority

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18811: Atomic update to print warning at upgrade time
Marcel de Rooy [Fri, 23 Jun 2017 05:59:04 +0000 (07:59 +0200)]
Bug 18811: Atomic update to print warning at upgrade time

The warning encourages people to run the auth_show_hidden_data script
to check for data in hidden fields and adjust their frameworks.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18811: Add a script for checking authority data in hidden fields
Marcel de Rooy [Thu, 22 Jun 2017 13:39:41 +0000 (15:39 +0200)]
Bug 18811: Add a script for checking authority data in hidden fields

If you edit an authority record while having data in hidden fields or
subfields, that data will be lost now.
This script can help you to unhide some fields and prevent data loss.

Test plan:
[1] Add a PERSO_NAME record. Fill e.g. 100b.
[2] Hide 100b in the PERSO_NAME framework.
[3] Run auth_show_hidden_data.pl and verify that it reports 100b in
    the PERSO_NAME framework.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18811: Add Koha Objects for authority tags and subfields
Marcel de Rooy [Thu, 22 Jun 2017 11:42:38 +0000 (13:42 +0200)]
Bug 18811: Add Koha Objects for authority tags and subfields

Trivial copy and paste activity.
Will be used in a later patch.

No test plan needed.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18811: Change visibility checks in authorities.pl
Marcel de Rooy [Thu, 15 Jun 2017 10:30:27 +0000 (12:30 +0200)]
Bug 18811: Change visibility checks in authorities.pl

The check is now <=-4 or >=5, but the framework uses 0 for Show all and
-5 for Hide all. (Note that sql installer scripts also use 8.)
When modifying an authority, the script also showed hidden fields when
filled, since it did not check the hidden field but only the tab field.

NOTE: The proposed solution restores consistency, but will remove hidden
fields from the MARC record.

Test plan:
[1] Set field 942a to Show all in an authority framework.
[2] Open a new record in this framework and verify that you see 942a.
[3] Edit an existing record in this framework and verify again.
[4] Set field 942a now to Hide all in this framework.
[5] Open a new record in this framework and verify that 942a is hidden.
[6] Edit an existing record in this framework and verify again.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19262: Remove xt/author/pod_spell.t
Jonathan Druart [Wed, 6 Sep 2017 13:42:28 +0000 (10:42 -0300)]
Bug 19262: Remove xt/author/pod_spell.t

If you run `prove xt/author/pod_spell.t` without having Test::Spelling installed, it will skip the tests.

If you install the lib-test-spelling-perl, the test will fail:
xt/author/pod_spell.t .. You said to run 0 tests at xt/author/pod_spell.t line 21.
xt/author/pod_spell.t .. Dubious, test returned 25 (wstat 6400, 0x1900)
No subtests run

This is because the call to all_pod_files_spelling_ok is expecting a path

If we try to fix it with adding "." as parameter, the tests will raise tone of errors.

Let's remove this file

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19227: Reduce the number of tests run by 00-merge-conflict-markers.t
Jonathan Druart [Thu, 31 Aug 2017 14:47:11 +0000 (11:47 -0300)]
Bug 19227: Reduce the number of tests run by 00-merge-conflict-markers.t

The number of tests on jenkins is sometimes confusing:

https://jenkins.koha-community.org/job/Koha_Master_D8/lastCompletedBuild/testReport/(root)/t_00_merge_conflict_markers_t/

shows that 00-merge-conflict-markers.t ran 10,751 tests, 124 less than
the previous run. However 124 files have not been removed from the
codebase!

I suggest to count only 1 test for all files.

Moreover files from blib and cover_db are counted, they should be
excluded.

Test plan:
  prove t/00-merge-conflict-markers.t
must return green

echo ">>>>>>>" >> mainpage.pl
and run the test again
It should now fail

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19235: Password entry visible in OPAC Self-registration
Mark Tompsett [Fri, 1 Sep 2017 17:16:43 +0000 (13:16 -0400)]
Bug 19235: Password entry visible in OPAC Self-registration

The HTML code was "text" instead of "password".

TEST PLAN
----------
1) 'Allow' PatronSelfRegistration system preference
2) Define the PatronSelfRegistrationDefaultCategory system preference (e.g. PT)
3) Open OPAC
4) Click 'Register here' on the right.  (/cgi-bin/koha/opac-memberentry.pl)
5) Scroll to bottom
6) enter some passwords
   -- visible
7) apply this patch
8) refresh page
9) repeat 5-6 as needed
   -- passwords should not be visible while entering
10) run koha qa test tools

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19277: Make sure the tests will pass even if they are slow
Jonathan Druart [Fri, 8 Sep 2017 12:41:21 +0000 (09:41 -0300)]
Bug 19277: Make sure the tests will pass even if they are slow

This patch was my first attempt to fix the issue.
I think it is good to have it, if issue.timestamp and issue.issuedate are the same,
the result will be orderd by issue_id.
The tests highlight the fact that checkouts must be displayed in the
correct order.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19277: TT syntax - Display ordered data
Jonathan Druart [Fri, 8 Sep 2017 12:38:28 +0000 (09:38 -0300)]
Bug 19277: TT syntax - Display ordered data

This issue has been highlighted by a failing test: ISSUESLIP displays checkouts in random order

I thought it was because of dates comparison, but it comes from the following line in C4::Letters::_get_tt_params
  my $objects = $module->search( { $key => { -in => $values } } );

The DBMS will return data like there is ordered in the DB.
For instance:
  select borrowernumber from borrowers where borrowernumber in (5, 3, 1);
or
  select borrowernumber from borrowers where borrowernumber=5 or borrowernumber=3 or borrowernumber=1;

will return 1, 3, 5

I did not find a generic way to do that, so used "ORDER BY FIELD" which will not be portable.

Test plan:
If you do not apply this patch, the tests will sometime fail

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18351: Able to delete budget with funds
Aleisha Amohia [Thu, 30 Mar 2017 04:15:54 +0000 (04:15 +0000)]
Bug 18351: Able to delete budget with funds

To test:
1) Create a budget, add a fund
2) Delete budget. Notice this is successful and triggers no warning
message etc.
3) Go to Funds. Notice the funds appear as if they are not there
4) Go into mysql and view the aqbudgetperiods table - notice the funds
are still there and are now inaccessible.
5) Apply patch
6) Create a budget, add a fund
7) Attempt to delete budget. Notice you can't click Delete button.
Confirm number of funds in hover message is correct.
8) Delete fund
9) Confirm you can now delete budget.

Sponsored-by: Catalyst IT
Signed-off-by: Felix Hemme <felix.hemme@thulb.uni-jena.de>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Some code fixes

See Comment 5. Ready to test.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Code fix

See comment 10.
Ready for testing.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Prevent deletion from forcing URL

This patch adds a check in the script for existing funds so that the
budget cannot be deleted when forcing the URL and has other small fixes.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Prevent deletion if funds are added after clicking 'Delete' and before confirming delete

Followed test plan and patch works as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 15438: [QA Follow-up] Moving POD statement for CanBookBeIssued
Marcel de Rooy [Fri, 8 Sep 2017 08:14:10 +0000 (10:14 +0200)]
Bug 15438: [QA Follow-up] Moving POD statement for CanBookBeIssued

The statement for head3 NB ('nota bene'?) looks like a hash key
in the list of possible return values for $needsconfirmation.
Moved it up and prefixed it with IMPORTANT.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 15438 - Checking out an on-hold item sends holder's borrowernumber in AF (screen...
Colin Campbell [Wed, 24 Aug 2016 12:52:52 +0000 (13:52 +0100)]
Bug 15438 - Checking out an on-hold item sends holder's borrowernumber in AF (screen message) field.

The returns from C4::Circulation::CanBookBeIssued used
to be structured as a hashref of entries like
   REASON => {
       data => 'foo',
       moredata => 'bar',
   };
Some entries still are. But many are now
   REASON => 1,
   data   => 'foo',
   moredata => 'bar',

The sip Checkout routine still assumed the former, as it
reports any causes it was not aware of (to maintain support for
a changing api) The data fields could leak into the screen message
field of the response. e.g. the borrowernumber or surname of the
borrower who has a hold on an issued title. Some real messages were
getting obscured by this

This patch sanatizes the return from from CanBookBeIssued
by removing keys which are not all uppercase
It also fixes a case where the key's data element was used
for the screen message when we should use the key itself

Updated the documentation of CanBookBeIssued to flag up
the assumption re case and the fact that 3 elements rather
than two may be returned

The loop through the returned keys was a bit bogus
so we now explicitly jump out if noerror is unset

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested quite extensively. Test results put on Bugzilla.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18654 - Translatability: Get rid of tt directives starting with [%% in translatio...
Fridolin Somers [Tue, 12 Sep 2017 12:57:25 +0000 (14:57 +0200)]
Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt

Followup correcting a typo of previous patch :
  name="holdingbranch" options = branche
it is branche[s]

Test plan :
- Look at 'Current location' in item search
=> Without patch you see only 'All libraries'
=> With patch you see 'All libraries' and each existing library, like in 'Home library'

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19256: (QA followup) Add missing POD
Tomas Cohen Arazi [Wed, 6 Sep 2017 17:45:00 +0000 (14:45 -0300)]
Bug 19256: (QA followup) Add missing POD

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19256: (QA followup) Remove warn from unit test
Kyle M Hall [Wed, 6 Sep 2017 14:15:55 +0000 (10:15 -0400)]
Bug 19256: (QA followup) Remove warn from unit test

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19256: Make Koha::Acq::Order using Koha::Object
Jonathan Druart [Tue, 5 Sep 2017 13:15:59 +0000 (10:15 -0300)]
Bug 19256: Make Koha::Acq::Order using Koha::Object

At the moment we have 2 different modules for acquisition orders:
Koha::Tmp::Order[s] and Koha::Acquisition::Order
The later has been added before the creation of Koha::Object.
Koha::Tmp::Order[s] has been created to make the TT syntax for notices
works with acquisition order data.

This patch removes the temporary packages Koha::Tmp::Order[s] and adapt
the code of Koha::Acquisition::Order[s] to be based on Koha::Object[s].

It also overloads Koha::Object->new to add the trick that was done in
Koha::Acquisition::Order->insert. This is needed because acqui/addorder.pl
is called from several places and CGI->Vars is used to retrieved order's
attributes (and so much more). To avoid regression, the easiest (but not
cleanest) way to do is to filter on aqorders column's names.
This is *not* a pattern to follow!

Test plan:
Create basket and add orders from different ways, then continue a whole
acquisition process

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19258: Prevent warn when reversing a payment
Aleisha Amohia [Tue, 5 Sep 2017 22:42:14 +0000 (22:42 +0000)]
Bug 19258: Prevent warn when reversing a payment

The following warn is triggered when I click the Reverse button next to
an individual payment on the Account tab:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_boraccount_2epl line
63, this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at /usr/share/perl5/CGI.pm
line 436.

To test:
1) Go to a members detail page in staff side, create a manual invoice,
pay it
2) Go to the Account tab, click Reverse next to the payment you just
made
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone

Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19258: Preventing warns when paying a fine or charge from Pay selected button
Aleisha Amohia [Tue, 5 Sep 2017 22:38:12 +0000 (22:38 +0000)]
Bug 19258: Preventing warns when paying a fine or charge from Pay selected button

The following warns are triggered when I click the Pay selected button:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line 267,
this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at
usr/share/perl5/CGI.pm line 436.
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line
273, this can lead to vulnerabilities. See the warning in "Fetching
the value or values of a single named parameter" at
/usr/share/perl5/CGI.pm line 436.

To test:
1) Go to a members detail page in staff side and create a manual
invoice
2) Go to the pay fines tab, select the fine you just created and click
Pay selected
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone

Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>