Adds logic from the previous fix to the brief patron summary
shown when checking a possible patron duplicate.
Bonus: Also fixes missing patron category description there.
To Test:
- Add 2 patrons
- Add a patron with the same surname and firstname as an
existing patron in order to trigger the duplicate message
- Click "View existing patron"
- Verify display is correct when existing patron is
- an organisation
- not an organisation
- Verify that the patron category description shows
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit a887aeb2dff4e52f35f1f64bfc267867987cbb53) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Katrin Fischer [Thu, 17 Aug 2017 14:51:08 +0000 (14:51 +0000)]
Bug 19129 - Clean up Details tab for Organisation patrons
Problem: A patron category "I" would cause display problems
on the details in the intranet. This is because the templates
confused patron category "I" with patron type "I" (organisation).
Patch:
- Cleans up variable confusion between categorycode and
categorytype.
- The template contained code to change the labels below
the address to 'Organisational phone:" etc., I have removed
this part as it does not match the edit form anymore.
- Initials, date of birth and gender are still hidden for
organisation - matching the edit form.
Bonus:
- The patron category description was missing on the
right and left side of the details tab. Now it displays.
- Fixes some html issues:
- doubled up class attribute in a tag
- doubled up </li></li>
To test:
- Create 3 patrons
- patron category code doesn't matter, but category type organisation
- patron category code 'I', category type NOT organisation
- patron category code NOT I, category type NOT organisaton
- Check details tab in patron account in staff for all 3
- Verify patron category description shows correctly
- Verify information added to the account displays correctly
(phone numbers, emails, ...)
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 82f183c5ea802e3231cb2442cf32474c92bd6ab4) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Thu, 15 Jun 2017 15:07:03 +0000 (11:07 -0400)]
Bug 18812 - SIP Patron status does not respect OverduesBlockCirc
To test:
1 - Set 'OverduesBlockCirc' to block
2 - Find or create a patron with overdues
3 - Perform a SIP patron lookup on that patron
misc/sip_cli_emulator.pl -a 127.0.0.1 -p 6001 -su term1 -sp term1 -l CPL
--patron {userid or cardnumber} --password {pass} -m patron_information
4 - Note the first character of response is a ' '
5 - Apply patch
6 - Restart memcached, apache, and plack
7 - Perform SIP patron lookup
8 - Note the first character of response is 'Y'
9 - prove t/db_dependent/SIP/Patron.t
10 - Test should return green
Signed-off-by: Chris Kirby <chris.kirby@ilsleypubliclibrary.org>
Works as advertised
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ff4f0858950c37eeede38b2f067841602b97d7ba) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Kyle M Hall [Mon, 31 Jul 2017 13:18:15 +0000 (09:18 -0400)]
Bug 19007 - Allow paypal payments via debit or credit card again
A recent change in Paypal has removed the previous default option of paying via debit or credit card without an account. To bring this option back, we need to send an additional parameter to the PayPal API.
Test Plan:
1) Enable paypal for your Koha instance
2) Ensure you are not logged in to PayPal
3) Attempt to pay a fine via PayPal
4) Not the the "Pay with Debit or Credit Card" option is missing
5) Apply this patch
6) Refresh opac-account.pl
7) Attempt to make a payment via PayPal again
8) Note the option "Pay with Debit or Credit Card" is now available
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: George Williams <gwilliams@nekls.org> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 10311769d460a775aa8c8ee8a190836a8f2b1f1e) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marc Véron [Sat, 18 Feb 2017 17:35:39 +0000 (18:35 +0100)]
Bug 14353 - Show 'damaged' and other status on the 'place holds' page in staff
This patch adds status 'Damaged' to 'Information' 'Status' in the items
table on 'Place hold' page.
To test:
- Apply patch
- In staff client, try to place an item level hold for items with 'Damaged'
status.
- Verify that the status 'Damaged' appears in the column 'Information'.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 8d08254b2202353517c16f34172cb92dcdd5befa) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 85b963d11fb5d8674ca6b0ec60821663f9d8cf19) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 18 Sep 2017 17:23:54 +0000 (14:23 -0300)]
Bug 19335: Fix 00-merge-conflict-markers.t when dockerised
This does not make sense, but fix a bug (why?)
Without this patch, the tests failed on po files:
[17:14:26] t/00-merge-conflict-markers.t .. Failed 1/1 subtests
Test Summary Report
-------------------
t/00-merge-conflict-markers.t (Wstat: 9 Tests: 0 Failed: 0)
Non-zero wait status: 9
Parse errors: Bad plan. You planned 1 tests but ran 0.
Result: FAIL
Note that this is not related to bug 19227.
if the ^>>>>>> and ^<<<<<< matches are done on the same line, the test fail
As saw it failed on *-pref.po files
misc/translator/po/kn-Knda-pref.po
misc/translator/po/ja-Jpan-JP-pref.po
misc/translator/po/nl-BE-pref.po
misc/translator/po/sr-Cyrl-pref.po
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0d03f143e25f498de780d2ddd1972c3be7947519) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
shows that 00-merge-conflict-markers.t ran 10,751 tests, 124 less than
the previous run. However 124 files have not been removed from the
codebase!
I suggest to count only 1 test for all files.
Moreover files from blib and cover_db are counted, they should be
excluded.
Test plan:
prove t/00-merge-conflict-markers.t
must return green
echo ">>>>>>>" >> mainpage.pl
and run the test again
It should now fail
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit f8502b0d197bab4b4966e9e02253d30f7fcf29f8) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Aleisha Amohia [Wed, 28 Jun 2017 00:40:00 +0000 (00:40 +0000)]
Bug 18871: Make patron list name a link to view contents of list
The link is the same as the 'Add patrons' button in Actions dropdown,
but requires one less click, and makes finding the contents of the list
more obvious.
To test:
1) Go to Tools -> Patron lists
2) Create a patron list if you haven't already
3) Confirm that clicking the name of the list takes you to the correct
list and shows the expected content.
Sponsored-by: Catalyst IT Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d51059807690797aa4d16b0c0dd2932235a3b683) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marc Véron [Mon, 12 Jun 2017 07:07:28 +0000 (09:07 +0200)]
Bug 18781: Translatability: Get rid of exposed tt directives in openlibrary-readapi.inc
The file koha-tmpl/opac-tmpl/bootstrap/en/includes/openlibrary-readapi.inc
exposes template directives to translation. The only string that should
appear in .po from this file is "Open Library: "
To test:
- Apply patch
- Verify that code changes make sense
- Bonus test: create a new language 'aa-AA', verify in aa-AA-opac-bootstrap.po
that there is only the following string for openlibrary-readapi.inc:
msgid "Open Library: "
msgstr ""
NOTE: Followed a test plan similar to bug 18776 comment 3
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 23cc8b39682fea7b0a9150933c65c34ef22d23dd) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To test:
- Apply patch
- Verify that language selector in OPAC (top of the page) works as expected
- Bonus test: create a new language 'aa-AA', verify that line above does not
show up in aa-AA-opac-bootstrap.po
NOTE: Followed a test plan similar to bug 18776 comment 3
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 255cadeb772d63b06f77146c95b8d6e4b31d5836) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marc Véron [Mon, 12 Jun 2017 06:20:56 +0000 (08:20 +0200)]
Bug 18779: Translatability: Get rid of exposed tt directives in authorities-search-results.inc (OPAC)
The file opac-tmpl/bootstrap/en/includes/authorities-search-results.inc
exposes template directives to translation where translators should not
be confronted with.
To test:
- Apply patch
- Verify that Authority search in OPAC works as before
- Bonus test: create a new language 'aa-AA', verify that line above
does not show up in aa-AA-opac-bootstrap.po
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 331320f93a5ef5293c3bcad80b9554ddea0196b0) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marc Véron [Sun, 11 Jun 2017 18:16:46 +0000 (20:16 +0200)]
Bug 18777: Translatability: Get rid of exposed tt directives in opac-memberentry.tt
The file opac-memberentry.tt exposes template directives to translation where
translators should not be confronted with.
Example from po file:
"%s [%% UNLESS hidden.defined('B_address') && hidden.defined('B_address2') && "
"hidden.defined('B_city') && hidden.defined('B_state') && hidden."
"defined('B_zipcode') && hidden.defined('B_country') && hidden."
"defined('B_phone') && hidden.defined('B_email') && hidden."
"defined('contactnote') %%] "
To test:
- Apply patch
- Verify that advanced search in OPAC the page 'your personal details'
behaves as before
- Verify that you can change values and submit an update request
- Create a new translation for a 'language' aa-AA (perl translate create aa-AA)
- Verify that template directives ar no longer exposed in aa-AA-opac-bootstrap.p
NOTE: Followed test plan similar to bug 18776 comment 3.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9ed4bdc87e92506ba4a51f92cc198f3c5ce282eb) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marc Véron [Sun, 11 Jun 2017 14:54:28 +0000 (16:54 +0200)]
Bug 18776: Translatability: Get rid of exposed tt directives in opac-advsearch.tt
The file opac-advsearch.tt exposes template directives to translation where translators should not be confronted with.
Example in po file:
"[%% IF ( ( OpacAdvSearchOptions and OpacAdvSearchOptions.grep('itemtype')."
"size > 0 and not expanded_options ) or ( OpacAdvSearchMoreOptions and "
"OpacAdvSearchMoreOptions.grep('itemtype').size > 0 and expanded_options ) ) "
"%%] "
To test:
- Apply patch
- Verify that advanced search in OPAC behaves as before
- Create a new translation for a 'language' aa-AA (perl translate create aa-AA)
- Verify that template directives ar no longer exposed in aa-AA-opac-bootstrap.po
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ae684fc9491102ba0b560ca6f414a325e763b31a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Fri, 4 Aug 2017 14:44:51 +0000 (16:44 +0200)]
Bug 18754: [QA Follow-up] Tiny corrections
Converted one INCLUDE directive to PROCESS; we are not changing variables here. (The PROCESS directive is slightly faster than INCLUDE because it avoids the need to localise (i.e. copy) the variable stash before processing the template.)
Removed one vim inserted letter i.
Error in [% IF ( XISBN.publicationyear ) _ ', ' _ XISBN.publicationyear %][% END %] The concatenation became part of the condition.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ff591f2c77a2a3c1de4a0e7167ccfeba08c2f128) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
See: [% IF ( nextTitle ) %][% nextTitle |html %][% ELSE %]next biblio[% END "
"%]
To test:
- Apply patch
- Do a search in OPAC that has more than 1 results
- Go to the detail page of one of the items found
- Verify that the details display as before and that you can
browse the results with Previous and Next
- In staff client, change OPACXSLTDetailsDisplay from 'default' to
empty for "no xslt" and repeat steps above
- In staff client, set HTML5MediaEnabled to 'OPAC' or 'OPAC and staff client'
- Verify that media catalogued in field 856 still work
- Create a new translation for a 'language' aa-AA (perl translate create aa-AA)
- Verify that template directives ar no longer exposed in aa-AA-opac-bootstrap.po
Followed test plan which works as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 752aef4593f1aa2d64700bf9738e7e03907eb1cd) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marc Véron [Sun, 28 May 2017 07:34:21 +0000 (09:34 +0200)]
Bug 18687: Translatability: abbr tag should not contain lang attribute
In manage-marc-import.tt, we have an abbreviation:
<abbr title="Differences between the original biblio and the imported" lang="en">Diff</abbr>
In translations (e.g. German), the line appears as follows:
<abbr title="Unterschiede zwischen Originaltitelsatz und importiertem Titelsatz" lang="en">Diff</abbr>
The lang attribute is wrong here, it is still "en".
The text language is the same as defined at the top of the page - or with other
words, the lang tag is superfluous.
This patch removes it.
To test:
Verify that code change makes sense.
Passes QA test and the change is logical Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 03c7f9366c97d6402e1e16182d7a2ddbbe37eccb) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lee Jamison [Fri, 11 Aug 2017 18:58:53 +0000 (18:58 +0000)]
Bug 19088: plugins-upload causes error log noise
After uploading a plugin the error log indicates
use of uninitialized value in $op. This patch
silences the noise.
To test:
1) Set <enable_plugins> to 1 (one) in koha-conf.xml.
2) Set the UseKohaPlugins system preference to 'Enable'.
3) Navigate to Administration -> Manage plugins.
4) Install the test plugin KPZ file attached to this bug.
5) Notice the uninitialized value noise in the error log.
6) Uninstall the plugin (plack restart may be required if plack is
enabled).
7) Apply patch.
8) Install the plugin again.
9) Notice no noise in the error log.
10) Run qa tools.
11) Run prove t/db_dependent/Plugins.t
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1076a0edf32b621da54c53ea71595885f7e14c38) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Tue, 15 Aug 2017 16:51:37 +0000 (22:21 +0530)]
Bug 19118 - Due to wrong variable name passed vendor name is not coming in browser title bar
Test
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?booksellerid=xx
xx is a booksellerid
2. Apply the patch and reload the page.
3. You can see vendor name in browser title bar.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ea886885d0efa0200cfa166453a4495692afc4d4) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Wed, 16 Aug 2017 11:15:19 +0000 (13:15 +0200)]
Bug 19126: Fix Members.t with IndependentBranches set
If you enabled that pref, Members.t fails with:
t/db_dependent/Members.t .. 63/63 # Looks like you failed 15 tests of 63.
The first one is:
t/db_dependent/Members.t .. 32/63
Failed test 'Staff patron not deleted from list'
at t/db_dependent/Members.t line 304.
Bottle neck is GetBorrowersToExpunge. The results of that sub depend on the
state of this preference.
Trivially fixing it here by disabling the pref before the first call.
Test plan:
[1] Do not apply this patch yet. Enable IndependentBranches.
[2] Run Members.t and observe that it fails.
[3] Apply this patch. And run Members.t again. It should pass now.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 44a8fc5b9363eb27223f32e1150fb8fff6f55d08) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 19130: (followup) Controller scripts should preserve behaviour
This patch is a followup to making
Koha::Acquisition::Booksellers->search work as any other Koha::Objects
(DBIC) query instead of having a different behaviour hardcoded.
To achieve it, this patch makes the controller scripts add
wildcard/truncation chars as prefix and sufix for searches, and make the
default sorting for results be by 'name', ascending.
To test:
- Just verify the behaviour remains unchanged by this patchset on the
controller scripts (re. searching).
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit b5d6a1885ed4dcb650e7f9f23733b4ff9ad2b37b) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit bf630b19745df8caea47669a9a76de26eddbfeee) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This followup patch adds a proper file in which add tests for
Koha::Acquisition::Bookseller(s) methods.
All current methods are covered.
To test:
- Run:
$ sudo koha-shell kohadev
k$ cd kohaclone
k$ prove t/db_dependent/Koha/Acquisition/Booksellers.t
=> SUCCESS: Test pass!
- Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3481b7b9dac8935befe631131570591ec2c84cce) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 19130: Remove ->search() overloading and adjust tests
This patch removes the custom ->search() function. Tests are adjusted
so the results from ->search() calls are not expected to return in the
previously hardcoded order.
To test:
- Apply this patch
- Run:
$ sudo koha-shell kohadev
k$ cd kohaclone
k$ prove t/db_dependent/Bookseller.t
=> SUCCESS: Tests pass
- Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7e4ce56b27025b05ee572100529eaa4f28e0933c) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Magnus Enger [Thu, 17 Aug 2017 20:48:07 +0000 (22:48 +0200)]
Bug 19134: C4::SMS falils on long driver name
Code in C4::SMS takes the part of the SMS::Send-driver that comes after
SMS::Send and tries to turn it into part of a path to a YAML file
that can contain additional parameters to SMS::Send. The current
code works for e.g. SMS::Send::A::B, but if there is one or more
extra names, it fails to turn :: into /. So we have:
SMS::Send::A::B -> SMS/Send/A/B
SMS::Send::A::B::C -> SMS/Send/A/B::C
This patch makes sure all occurrences of :: are turned into /, by
adding a "g" modifier at the end of the regex.
Testing:
Testing this preperly would take a whole lot of setup for a very
small change. I would suggest that the following two oneliners
are enough to demonstrate that the change makes sense:
$ perl -e '$x = "a::b::c"; $x =~ s|::|/|; print $x, "\n";'
$ perl -e '$x = "a::b::c"; $x =~ s|::|/|g; print $x, "\n";'
So:
- Check that the output of these oneliners make sense
- Check that the patch changes the code in a similar way to the
change from the first oneliner to the second.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit a4237785d9a2bf2bbf4cf988bc98ac4935842e91) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 9409: (QA followup) Add --dbhost help to koha-create man page
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7efb871fa31869044045ccef0b37be438ba704ff) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Mark Tompsett [Fri, 23 Jun 2017 01:46:50 +0000 (01:46 +0000)]
Bug 9409: Add --dbhost parameter and dbhost field
This allows setting the remote db host correctly for
request-db either with a command-line or passwd file.
Signed-off-by: Lee Jamison <ldjamison@marywood.edu> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit e4573d709936bbd7f454a26f073e2131aa9c8df3) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Fri, 21 Apr 2017 14:08:27 +0000 (10:08 -0400)]
Bug 18469: Suspend all holds when specifying a date to resume hold does not keep date
Name of field had 'datepicker' embedded, this caused variable issue
To test:
1 - Place several holds for a patron
2 - Go to holds tab in circulation
3 - Select a date for suspend all holds until
4 - Suspend all holds
5 - Note date is not used, suspended indefinitely
6 - Apply patch
7 - Resume all suspended holds
8 - Select a date for suspend all holds until
9 - Suspend all holds
10 - Note date is used
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit a58745d9dbbf98c79f4c1a3e7cd40fb45425fc91) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marc Véron [Wed, 2 Aug 2017 16:01:06 +0000 (18:01 +0200)]
Bug 19027 - Circulation rules: Better wording for standard rules for all libraries
In Home > Administration > Circulation and fine rules, the standard value for
"Select a library: All libraries" is confusing and leads to support cases.
Change wording to "Standard rules for all libraries".
To test:
- Apply patch
- Go to Home > Administration > Circulation and fine rules
- Verfiy that text in drop down 'Select a library' makes sense.
Followed test plan which works as intended. I agree with the wording it
is significantly clearer than previously Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit c140b9129124262db27c9ba17f47134ec3232ada) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Fri, 14 Jul 2017 11:25:42 +0000 (11:25 +0000)]
Bug 18941 - C4::Budgets GetBudgetByCode should return active budgets over inactive budgets
To test:
1 - Create an active budget
2 - Create an inactive budget
3 - Ensure they each have a fund with the same code
4 - Set MarcFieldsToOrder to get the budget_code from a marc field
5 - Stage a file using the duplicated code
6 - Add to a basket from the staged file
7 - Add the items
8 - Note funds are encumbered from the inactive budget
9 - Apply patch
10 - Repeat 5-8 with a new basket
11 - Note the active budget is now used
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0e2c823e8806c35673505d0e2a03081cac00190a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Thu, 10 Aug 2017 07:24:08 +0000 (09:24 +0200)]
Bug 19071: Fix Members/IssueSlip.t
Resolve:
DBD::mysql::db do failed: Cannot delete or update a parent row: a foreign key constraint fails (`koha_master`.`clubs`, CONSTRAINT `clubs_ibfk_2` FOREIGN KEY (`branchcode`) REFERENCES `branches` (`branchcode`)) [for Statement "DELETE FROM branches"] at t/db_dependent/Members/IssueSlip.t line 44.
We do not need to delete all branches here.
Note: The test still needs attention for noisy userenv warns, but it should
pass now.
Test plan:
Run t/db_dependent/Members/IssueSlip.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 8651016ce8e959b5b6ca19ccddbb3f5342b5d456) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Thu, 10 Aug 2017 07:13:44 +0000 (09:13 +0200)]
Bug 19071: Fix Circulation/issue.t
Resolve:
DBD::mysql::db do failed: Cannot delete or update a parent row: a foreign key constraint fails (`koha_master`.`clubs`, CONSTRAINT `clubs_ibfk_2` FOREIGN KEY (`branchcode`) REFERENCES `branches` (`branchcode`)) [for Statement "DELETE FROM branches"] at t/db_dependent/Circulation/issue.t line 65.
Cause:
See also bug 19070.
We do not need to delete all branches here.
Test plan:
Run t/db_dependent/Circulation/issue.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit b80704aa1b763c7a29c3b95c162dfb12ded8faa2) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Thu, 10 Aug 2017 07:04:16 +0000 (09:04 +0200)]
Bug 19070: Fix Circulation/Branch.t
Resolve:
DBD::mysql::db do failed: Cannot delete or update a parent row: a foreign key constraint fails (`koha_master`.`clubs`, CONSTRAINT `clubs_ibfk_2` FOREIGN KEY (`branchcode`) REFERENCES `branches` (`branchcode`)) [for Statement "DELETE FROM branches"] at t/db_dependent/Circulation/Branch.t line 49.
Resolve:
not ok 14 - AddReturn respects branch item return policy - noreturn
Failed test 'AddReturn respects branch item return policy - noreturn'
at t/db_dependent/Circulation/Branch.t line 279.
got: 'yqiKrIkX'
expected: undef
Cause:
There is a record in clubs. The constraint in clubs on branchcode does not
include a cascaded delete. The test deletes all branches.
Test 14 depends on item-level_itypes==1. When you set it to Biblio, it fails.
Test plan:
Run t/db_dependent/Circulation/Branch.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d2cceb95b47983b28242819c95e57439958b0da5) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Mon, 7 Aug 2017 06:44:43 +0000 (08:44 +0200)]
Bug 19047: Fix AddBiblio call in Reserves.t
AddBiblio does not return a title; the biblioitemnumber is stored in the
title variable.
The variables for biblioitemnumber are not used and can be removed.
Test plan:
Run t/db_dependent/Reserves.t
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit c6f8cf69d3943599fa6a0c250ae0e8221ead44ff) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
TEST PLAN
---------
prove t/db_dependent/Letters.t
-- there will be a message: "C4::Context->userenv not defined!"
apply this patch
prove t/db_dependent/Letters.t
-- there will no longer be that message.
run qa test tools
Signed-off-by: Lee Jamison <ldjamison@marywood.edu> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d01ce104a7711814152e4f8228064f79c8a7f68c) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Fri, 9 Jun 2017 12:29:58 +0000 (12:29 +0000)]
Bug 5471 - Quotes in tags fail
This patch makes changes to the tag moderation template and JavaScript
to fix handling of tags with double or single quotes. This patch also
moves the tags moderation JavaScript out of the template and into a
separate JS file.
To test you should have multiple tags awaiting moderation, including
tags which contain double and single quotes.
- Go to Tools -> Tags.
- In the list of tags pending approval, test approving and rejecting
tags, including those containing single or double quotes.
- The state of the "Approve" or "Reject" buttons should correctly
change according to the action you chose.
- The label in the status column should update correctly.
- In the "Check lists" form, submitting approved, rejected, and
unclassified terms should result in the correct message.
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Works correctly based on test plan. Tested using single- and
double-quoted tags. Passes QA Tools.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ee6f8e186bc93df9d7943ea38f05615b2e8a813f) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 19003: Add a TestBuilder default for borrowers.login_attempts
Bug 18314 causes t/db/SIP/Message.t to fail (quite often) since
TestBuilder fills login_attempts with a random number. (Note: Only
when FailedLoginAttempts is non-zero.)
Trivial fix: TestBuilder should have a zero default for login_attempts.
Test plan:
Do not yet apply this patch.
Set pref FailedLoginAttempts to say 3.
Run t/db_dependent/SIP/Message.t. Might fail on the password test (CQ).
Apply this patch.
Run t/db_dependent/SIP/Message.t again. Does not fail anymore.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 5bb56bf336187cde38e1a3b89c792ee6dc231acf) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 31 Jul 2017 14:30:00 +0000 (11:30 -0300)]
Bug 17699: Add test descriptions
Test plan:
prove -v t/db_dependent/Koha/Patrons.t
Subtest: renew_account
1..30
ok 1 - 2016-02-29T00:00:00 + 12 months must be 2017-02-28T00:00:00
ok 2 - 2016-02-29T00:00:00 + 12 months must be 2017-02-28T00:00:00
ok 3 - With BorrowerLogs, Koha::Patron->renew_account should have logged
ok 4 - today + 12 months must be 2017-03-31T00:00:00
ok 5 - today + 12 months must be 2017-03-31T00:00:00
ok 6 - Without BorrowerLogs, Koha::Patron->renew_account should not have logged
ok 7 - today + 12 months must be 2017-03-31T00:00:00
ok 8 - today + 12 months must be 2017-03-31T00:00:00
ok 9 - 2016-04-30T00:00:00 + 12 months must be 2017-04-30T00:00:00
ok 10 - 2016-04-30T00:00:00 + 12 months must be 2017-04-30T00:00:00
ok 11 - 2016-10-30T00:00:00 + 12 months must be 2017-10-30T00:00:00
ok 12 - 2016-10-30T00:00:00 + 12 months must be 2017-10-30T00:00:00
ok 13 - With BorrowerLogs, Koha::Patron->renew_account should have logged
ok 14 - today + 12 months must be 2017-11-30T00:00:00
ok 15 - today + 12 months must be 2017-11-30T00:00:00
ok 16 - Without BorrowerLogs, Koha::Patron->renew_account should not have logged
ok 17 - today + 12 months must be 2017-11-30T00:00:00
ok 18 - today + 12 months must be 2017-11-30T00:00:00
ok 19 - 2016-12-30T00:00:00 + 12 months must be 2017-12-30T00:00:00
ok 20 - 2016-12-30T00:00:00 + 12 months must be 2017-12-30T00:00:00
ok 21 - 2017-06-30T00:00:00 + 12 months must be 2018-06-30T00:00:00
ok 22 - 2017-06-30T00:00:00 + 12 months must be 2018-06-30T00:00:00
ok 23 - With BorrowerLogs, Koha::Patron->renew_account should have logged
ok 24 - today + 12 months must be 2018-07-31T00:00:00
ok 25 - today + 12 months must be 2018-07-31T00:00:00
ok 26 - Without BorrowerLogs, Koha::Patron->renew_account should not have logged
ok 27 - today + 12 months must be 2018-07-31T00:00:00
ok 28 - today + 12 months must be 2018-07-31T00:00:00
ok 29 - 2017-08-31T00:00:00 + 12 months must be 2018-08-31T00:00:00
ok 30 - 2017-08-31T00:00:00 + 12 months must be 2018-08-31T00:00:00
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ec9b691de934f82c50057c15fb7d3a1b32717b72) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 31 Jul 2017 14:03:37 +0000 (11:03 -0300)]
Bug 17699: Use limit as end_of_month
From DateTime::Duration pod:
""
For positive durations, the "end_of_month" parameter defaults to wrap.
For negative durations, the default is "limit". This should match how
most people "intuitively" expect datetime math to work.
""""
We need end_of_month => limit for positive durations as well.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 24b4006ecbc0a258b09500bdd8f639c7018067c0) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 31 Jul 2017 14:18:23 +0000 (11:18 -0300)]
Bug 19009: Fix random failures from Circulation.t
From jenkins output:
Subtest: CanBookBeIssued + Koha::Patron->is_debarred<7c>has_overdues
1..8
not ok 1
[SKIP]
I executed it several times and display the different $error, $alerts and question keys.
GNA and RESTRICTED were sometimes set, which block the issue.
Reading the code it seems that some patron's attributes must be removed to avoid the checkin rejection.
Test plan:
Execute the tests several times and notice that it fails randomly
With this patch they should always pass.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 4bbec5c382590f881e6d2af62b2608fe9cf9e051) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 14 Jun 2017 14:32:30 +0000 (11:32 -0300)]
Bug 18802: Fix Circulation.t if finesMode ne 'production'
If finesMode is not set to production, only 1 fine will be created (the renewal
one will not). This is what assumes the tests.
If set to 'production', the tests will fail because the fines will not
be deleted (because of the DBIx::Class) warning.
Now we mock the value before charging.
prove t/db_dependent/Circulation.t
t/db_dependent/Circulation.t .. 16/95 DBIx::Class::Storage::DBI::select_single(): Query returned more than one row. SQL that returns multiple rows is DEPRECATED for ->find and ->single at t/db_dependent/Circulation.t line 491
t/db_dependent/Circulation.t .. 56/95
# Failed test 'Can auto renew, OPACFineNoRenewals=10, patron has 10'
# at t/db_dependent/Circulation.t line 670.
# got: 'auto_too_much_oweing'
# expected: 'auto_renew'
# Looks like you failed 1 test of 6.
Test plan:
prove t/db_dependent/Circulation.t
should return green whatever the value of finesMode
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ae5f5c479929cbfad3193c6ce9471a406a2a41f3)
Bug 19013: (QA followup) Set guarantorid to NULL patron sample data
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 0bcf6a79427297c332588317dde749e923c7bbdc) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Mark Tompsett [Fri, 1 Sep 2017 17:16:43 +0000 (13:16 -0400)]
Bug 19235: Password entry visible in OPAC Self-registration
The HTML code was "text" instead of "password".
TEST PLAN
----------
1) 'Allow' PatronSelfRegistration system preference
2) Define the PatronSelfRegistrationDefaultCategory system preference (e.g. PT)
3) Open OPAC
4) Click 'Register here' on the right. (/cgi-bin/koha/opac-memberentry.pl)
5) Scroll to bottom
6) enter some passwords
-- visible
7) apply this patch
8) refresh page
9) repeat 5-6 as needed
-- passwords should not be visible while entering
10) run koha qa test tools
Signed-off-by: Lee Jamison <ldjamison@marywood.edu> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 99e691feee5ef29bbc9d24a916fc4aa2fab6bba6) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 15438: [QA Follow-up] Moving POD statement for CanBookBeIssued
The statement for head3 NB ('nota bene'?) looks like a hash key
in the list of possible return values for $needsconfirmation.
Moved it up and prefixed it with IMPORTANT.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 133e25c56ac79e0b88b89e3b749df338e63a93d0) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Colin Campbell [Wed, 24 Aug 2016 12:52:52 +0000 (13:52 +0100)]
Bug 15438 - Checking out an on-hold item sends holder's borrowernumber in AF (screen message) field.
The returns from C4::Circulation::CanBookBeIssued used
to be structured as a hashref of entries like
REASON => {
data => 'foo',
moredata => 'bar',
};
Some entries still are. But many are now
REASON => 1,
data => 'foo',
moredata => 'bar',
The sip Checkout routine still assumed the former, as it
reports any causes it was not aware of (to maintain support for
a changing api) The data fields could leak into the screen message
field of the response. e.g. the borrowernumber or surname of the
borrower who has a hold on an issued title. Some real messages were
getting obscured by this
This patch sanatizes the return from from CanBookBeIssued
by removing keys which are not all uppercase
It also fixes a case where the key's data element was used
for the screen message when we should use the key itself
Updated the documentation of CanBookBeIssued to flag up
the assumption re case and the fact that 3 elements rather
than two may be returned
The loop through the returned keys was a bit bogus
so we now explicitly jump out if noerror is unset
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested quite extensively. Test results put on Bugzilla.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 4d223bdc6156fab0667867f3990854fddfab5684) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Wed, 16 Aug 2017 12:26:17 +0000 (17:56 +0530)]
Bug 19127 - Stored XSS in csv-profiles.pl
To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 7a3ee2dd8cb233d083d8a7b8636eca7c6d518b8b) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Katrin Fischer [Wed, 16 Aug 2017 11:52:07 +0000 (13:52 +0200)]
Bug 19108 - Follow-up - fieldmapping.tt and items_search_fields.tt
To test:
- Add a framework with script in the description
- Access the Keywords to MARC mapping page
- Add an item search field where both name and label are script
- Try to edit/delete the added mapping
With the patch no script should be executed and everything
should still work ok.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 1649be1e9f510543f85b9e3a22af88ae8c6bfb9c) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Tue, 15 Aug 2017 09:07:50 +0000 (14:37 +0530)]
Bug 19108 - Stored XSS in biblio_framework.pl and marctagstructure.pl
To Test
1. Hit the page /cgi-bin/koha/admin/biblio_framework.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Click on Actions -> MARC structure
6. Apply patch and reload, the js is escaped
Fixed for both the pages biblio_framework.pl and marctagstructure.pl
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 29ab5517f5c8cfbc86b98c3197846d005007cc12) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Tue, 15 Aug 2017 08:40:43 +0000 (14:10 +0530)]
Bug 19108 - Stored XSS in fieldmapping.pl
To Test
1. Hit the page /cgi-bin/koha/admin/fieldmapping.pl
2. Add a text in the field Field name that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 77ddae74d661fb589d74bd85f5561fdd4131af70) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Tue, 15 Aug 2017 08:36:47 +0000 (14:06 +0530)]
Bug 19108 - Stored XSS in authtypes.pl
To Test
1. Hit the page /cgi-bin/koha/admin/authtypes.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit bc780f588bc908f8b1d0da8987b20914996d942c) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Tue, 15 Aug 2017 08:25:45 +0000 (13:55 +0530)]
Bug 19108 - Stored XSS in classsources.pl
Fixed for both Classification sources & Classification filing rules
To Test
1. first case classification source: Hit the page
/cgi-bin/koha/admin/classsources.pl?op=add_source
second case classification filing rules:
Hit the page /cgi-bin/koha/admin/classsources.pl?op=add_sort_rule
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 940c8634914b50940cfaf73af3611e6282d5803f) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Tue, 15 Aug 2017 08:19:10 +0000 (13:49 +0530)]
Bug 19108 - Stored XSS in items_search_fields.pl
To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped
Fixed for new and edit page
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 063fd5e1b9e086c57987fae408b4ce6e51fec2b9) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Tue, 15 Aug 2017 08:03:57 +0000 (13:33 +0530)]
Bug 19108 - Stored XSS in oai_sets.pl
To Test
1. Hit the page /cgi-bin/koha/admin/oai_sets.pl
2. Click on New set
3. Add a text in the field setSpec, setName that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 10d3a8c212f8a45e40cd2644f94d555566a10018) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Tue, 15 Aug 2017 04:45:54 +0000 (10:15 +0530)]
Bug 19103 - Stored XSS in matching-rules.pl
To Test
1. Hit the page /cgi-bin/koha/admin/matching-rules.pl
2. Click on new record matching rule
3. Add a text in the field Description that contain js.
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9222cd77d282affffba43a40a9ff2f768647501e) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Tue, 15 Aug 2017 04:37:45 +0000 (10:07 +0530)]
Bug 19103 - Stored XSS in patron-attr-types.pl
To Test
1. Hit the page /cgi-bin/koha/admin/patron-attr-types.pl
2. Click on new patron attribute type
2. Add a text in the field Description that contain js.
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit cb0c3da4b6cec991194ce91e6412cf9d50562044) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Tue, 15 Aug 2017 03:22:40 +0000 (08:52 +0530)]
Bug 19103 - Stored XSS in itemtypes.pl
To Test
1. Hit the page /cgi-bin/koha/admin/itemtypes.pl
2. Add a text in the field Description, Checkin message that contains js
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 18b5d4f1ababf560ff02a258de389f8c34cff9e4) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Katrin Fischer [Wed, 16 Aug 2017 12:34:17 +0000 (14:34 +0200)]
Bug 19128 - XSS - patron-attr-types.tt, authorised_values.tt and categories.tt
Preparation:
- Add a branch with script in the branch name
- Add a patron category with script in the category name
- Add a new authorised value cateogory with script
- Add a new authroised value for this category with script
in all possible fields
- Test editing patron categories
- Test editing patron attribute types
- Test viewing and editing authorised values
Verify that with this script there is no more script executed
and everything works fine.
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 6b7ad77fffd7a6c4b69bce5bf666c6ff4be76c5b) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Katrin Fischer [Wed, 16 Aug 2017 10:05:50 +0000 (12:05 +0200)]
Bug 19125 - XSS - members.pl
In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>
To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 849eaf73fc419b9a635a1ba4b69ef46a7544e55a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Mon, 14 Aug 2017 21:14:11 +0000 (02:44 +0530)]
Bug 19086 Stored XSS in subscription-add.pl
To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ebf781afc133508eddcb8dc8fb6d7429a72db99b) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Amit Gupta [Mon, 14 Aug 2017 21:03:59 +0000 (02:33 +0530)]
Bug 19086 Stored XSS in supplier.pl
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9d0bbf5fa7455e0eb64288652802b0836cf22690) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Chris Cormack [Fri, 11 Aug 2017 19:54:34 +0000 (19:54 +0000)]
Bug 19086 Stored XSS in circulation.pl
1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
where number is the borrowernumber of the borrower you set the message
for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 80c93d3499b11f3574fbafe756f94c534b746d5a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Chris Cormack [Fri, 11 Aug 2017 19:36:43 +0000 (19:36 +0000)]
Bug 19086 XSS in members/member.pl
To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 5ae18484b5a47e8a00ce8f1a0fd8b3db471947eb) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt
Followup correcting a typo of previous patch :
name="holdingbranch" options = branche
it is branche[s]
Test plan :
- Look at 'Current location' in item search
=> Without patch you see only 'All libraries'
=> With patch you see 'All libraries' and each existing library, like in 'Home library'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 889fabe9f28f3b6ef35fc36e73b12652f258510c) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marc Véron [Thu, 29 Jun 2017 13:22:54 +0000 (15:22 +0200)]
Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt
This patch removes entries like the following in translations of itemsearch.tt:
"[%% INCLUDE form_field_select name=\"homebranch\" options = branches "
"empty_option = \"All libraries\" %%] [%% INCLUDE form_field_select name="
"\"holdingbranch\" options = branches empty_option = \"All libraries\" %%] %s "
"[%% INCLUDE form_field_select name=\"location\" options = locations "
"empty_option = \"All locations\" %%] %s "
New patch on top of Bug 18633 that resolves parts of initial comment.
To test:
- Verify that in itemsearch.tt no tt directives are splitted by new lines
(search for [% INCLUDE )
- Verify that itemsearch.tt works as before
Followed test plan and verified that tt directives are not split by new
lines, the changes to the fieldset tags in comment 3 have been removed
and itemtype.tt still works correctly as before
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 25fa02272d16c98d49a6020e867f60bc0510d960) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Fridolin Somers [Wed, 2 Aug 2017 09:21:58 +0000 (11:21 +0200)]
Bug 19023 - inventory tool performance
Inventory tool performance seems to be worst since 16.11.
I think it is because of authorized values computing changed by Bug 17249.
For each subfield of each item, we try to get the authorized value description with Koha::AuthorisedValues->search_by_marc_field.
But this method does not use cache like Koha::AuthorisedValues->get_description_by_koha_field.
I propose to use Koha::AuthorisedValues->get_description_by_koha_field and also to look for authorized value description only for item fields used in TT : location, notforloan, itemlost, damaged, withdrawn.
I have experimented inventory time on 100 items from 5s to 1s.
Test plan :
- Without patch
- Perform inventory with barcode file
- Check results and mesure execution time
- Apply patch
- Reperform inventory with same barcode file
- Check results is the same
- Compare execution time
- Run prove t/db_dependent/Items/GetItemsForInventory.t
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 95f1844e6c46ff51de9f95f99fcdf3369c756fd4) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
projects / koha.git / log