Phil Ringnalda [Fri, 16 Aug 2024 04:22:12 +0000 (21:22 -0700)]
Bug 37656: XSS in Advanced editor from Z39.50 search results
The Advanced editor inserts data from Z39.50 results into the search results
page without escaping HTML. Whether it's German records with "<<A>> Title"
or someone with a compromised catalog or a book with the title "<em> for
emphasis" it shouldn't.
Test plan:
1. Not a dependency, but you'll avoid getting even more alerts while batch
importing by starting with the patch from bug 37654
2. Without this patch applied, download attachment 170421
3. Administration - set the preference EnableAdvancedCatalogingEditor to
Enable
4. Cataloging - Stage records for import - browse to the downloaded file -
Upload file - Stage for import
5. Once the background job finishes, View batch (getting alerts if you
didn't apply the patch from bug 37654) - Import this batch into the
catalog
6. When the import finishes, Search the catalog for script, on the imported
record Edit record (if you wind up in the basic editor, Settings - Switch
to Advanced editor)
7. In the left sidebar below the search inputs, click Advanced », check
the checkbox for Local catalog and uncheck any others, then search for
the Title script
8. You'll get five alerts, and the word "edition" displayed in huge text
9. Close the search popup, apply patch, shift+reload the advanced editor
page to clear your cache
10. Repeat step 7, but this time you won't get any alerts, and you'll see
the title and the other <script> inclusions.
Sponsored-by: Chetco Community Public Library Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Fri, 16 Aug 2024 02:57:42 +0000 (19:57 -0700)]
Bug 37654: XSS in Batch record import for Citation column
Viewing a staged MARC record batch loads a DataTable from
/tools/batch_records_ajax.pl, and both batch_records_ajax.pl and the
DataTable just trust the author/title/isbn/issn to be free of HTML. They
shouldn't.
Test plan:
1. Without this patch applied, download attachment 170418, then Cataloging
- Stage records for import - Select the downloaded file - Upload file -
Stage for import
2. When the background job completes, View batch - you'll get three alert()s
from the title, author, and ISSN, and the author and ISSN displayed huge
3. Apply patch, restart_all
4. Manage staged records - click HTMLescapingimporttestrecord.mrc - get zero
alerts and no <h2> display
Sponsored-by: Chetco Community Public Library Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Tue, 20 Aug 2024 00:54:38 +0000 (00:54 +0000)]
Bug 37681: Fix XSS in staff interface item URLs on detail page
This patch uses Javascript objects and safe sinks to prevent XSS
in the item URLs on the staff interface detail page.
It also makes sure those URLs don't get double-escaped. Yippee!
Test plan:
0. Apply the patch
1. Add/edit an item with the following URL:
http://prosentient.com.au?q=http%3A%2F%2Fprosentient.com.au
2. Add/edit a different item with the following URLs:
http://prosentient.com.au?q=http%3A%2F%2Fprosentient.com.au |
http://prosentient.com.au?q=http%3A%2F%2Fprosentient.com.au
3. Go to the staff interface detail page
4. Notice that the URLs are not double-encoded!
5. Try out a malicious payload (talk to QA/security about this)
6. Confirm that the malicious payload fails to execute the XSS
7. Celebrate!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 13342: Not logged user can place a review/comment
We are able to comment a notice even when no user is connected
To test
1. Log in to OPAC.
2. Find a Biblio and open the comments tab.
3. Open another tab/window, and log out from the account.
4. Return to the first tab.
5. Click "Post your comments on this title."
--> We are able to post a comment
6. Apply the patch
7. Repeat step 1, 2, 3, 4, 5
--> You should be redirected to the login page.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Bug 13342: Tidy
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Julian Maurice [Tue, 14 May 2024 07:34:31 +0000 (09:34 +0200)]
Bug 36598: Add comments asking to keep both CSRF checks in sync
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Julian Maurice [Tue, 14 May 2024 07:15:50 +0000 (09:15 +0200)]
Bug 36598: Prevent use of unsafe HTTP method with non-cud op parameter
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Julian Maurice [Mon, 13 May 2024 13:06:04 +0000 (15:06 +0200)]
Bug 36598: Improve documentation and error message in CSRF plugin
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Julian Maurice [Fri, 3 May 2024 07:17:37 +0000 (09:17 +0200)]
Bug 36598: Fix CSRF header name (underscore -> hyphen)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Julian Maurice [Mon, 15 Apr 2024 07:08:48 +0000 (09:08 +0200)]
Bug 36598: Prohibit CUD operations with safe HTTP methods (GET/HEAD/...)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Julian Maurice [Fri, 12 Apr 2024 13:08:17 +0000 (15:08 +0200)]
Bug 36598: Enable CSRF protection for Mojolicious apps
Test plan:
1. Run bin/opac daemon -l http://*:3001/
2. Go to http://localhost:3001/cgi-bin/koha/opac-user.pl
3. With browser devtools, locate csrf_token hidden input within the
login form and remove it or modify it
4. Try to submit the form with correct credentials, it should fail
("Wrong CSRF token")
5. Reload the page, try to log in normally without modifying the DOM, it
should succeed
6. Run bin/intranet daemon -l http://*:3002/
7. Go to http://localhost:3002/cgi-bin/koha/mainpage.pl
8. With browser devtools, locate csrf_token hidden input within the
login form and remove it or modify it
9. Try to submit the form with correct credentials, it should fail
("Wrong CSRF token")
10. Reload the page, try to log in normally without modifying the DOM,
it should succeed
11. Run prove t/db_dependent/mojo/csrf.t
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Fri, 30 Aug 2024 12:47:07 +0000 (12:47 +0000)]
Bug 37775: Remove delayed commits from update_totalissues.pl and add progress option
This patch removes setting AutoCommit to 0 and commiting only every X records.
Instead we commit as we go and report progress using a parameter.
Bug 36474 reduced the numebr of changes that are being committed, so this should be a reasonable change. The
use of commits without transactions was causing problems if the library was active while the script ran.
To test:
1 - perl misc/cronjobs/update_totalissues.pl -c
2 - Script runs, but with unknown parameter
3 - perl misc/cronjobs/update_totalissues.pl -p 10
4 - Script runs and reports every 10 records
5 - per; misc/cronjobs/update_totalissues.pl
6 - Script runs and reports every 100 records by default
Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit dba9dd405339691a8671c243518f16cb20f4777f) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Mon, 1 Apr 2024 15:00:34 +0000 (15:00 +0000)]
Bug 36474: Don't update records when total issues has not changed
This patch adds a new check in UpdateTotalIssues to check that we are changing the number
of total issues before calling ModBiblio
To test:
0 - Enable CataloguingLog
1 - Checkout an item
2 - Run : misc/cronjobs/update_totalissues.pl --use-stats --commit=1000 -v
3 - In report, note all biblios were updated
4 - Check action_logs - note a new entry for every biblio
5 - Apply patch
6 - Repeat
7 - Note no biblios reported updated
8 - Note no new cataloguing log entries
9 - Checkout the item again
10 - Run again
11 - Note biblionumber has updated count in verbose output
12 - Note report only rpeort 1 biblio modified, the rest only processed
13 - Only one line added to action_logs
14 - Run it again
15 - Confirm no updates
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit d7b36d7f692420a5b67dee88ce78529ce7509413) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Wed, 28 Aug 2024 13:28:35 +0000 (13:28 +0000)]
Bug 36474: Unit tests
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 1c875b01572d81c8f1fedd73e4399d0535f44f97) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
CJ Lynce [Tue, 10 Sep 2024 18:12:04 +0000 (18:12 +0000)]
Bug 37873: [24.05.x] Unable to delete user from routing list or preview/print routing list slip
This patch restores the ability to delete a recipient from a serials routing list.
It also fixes the slip preview when using the "Save and preview slip", and removes
the koha staff intranet head from the slip when using 'Print list' from the
Serial collection information screen.
To test:
1) Login to the staff client.
2) Open the Serials module.
3) + New subscription to add a new serial.
4) Create a new subscription.
a) Search for a record (I searched for 'dog') and chose that record.
b) Under 'When receiving this serial', select 'Create an item record'
c) Under the 'Item type' dropdown, select anything.
d) Click Next -> (and confirm the popup).
e) Select any 'First issue date'.
f) Select any 'Frequency'.
g) Enter a number larger than 5 in the 'Subscription length'.
h) Select any 'Subscription start date'.
i) Select your favorite numbering pattern.
j) Verify your prediction pattern using "Test prediction pattern".
k) Click "Save subscription".
5) On the 'Subscription details' screen, click "Receive".
6) Under the first volume, click "Add item" then "Save".
7) Repeat step 6 to receive one more issue.
8) On the 'Serial collection information' page click "+ Create routing list"
9) Click "+ Add recipients".
10) Search for and add several recipients.
11) Click "Close" to exit the 'Add recipients' page.
12) Click "Delete" next to any recipient.
*Note that the recipient is not deleted.
13) Click "Save" on the 'Modify routing list for ...' page.
14) Click "Save and preview routing slip" button.
*Note you are redirected to the Subscription details page, but no routing
slip preview appears.
15) Click "Serial collection" from the left-side menu.
16) Click "Print list" on either of the issues you previously received.
*Note the routing slip includes the staff intranet header, menu, etc.
17) Apply patch.
18) Return to the 'Serial collection information' screen for your subscription.
19) Click "Edit routing list".
20) Repeat steps 12-16 and verify the issues are fixed.
-"Delete" button works to remove a recipient from a list.
-"Save and preview routing list" button pops-up a preview before redirecting.
-"Print list" pops-up a vanilla routing list to print.
Sponsored-by: Westlake Porter Public Library Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Julian Maurice [Fri, 6 Sep 2024 09:02:30 +0000 (11:02 +0200)]
Bug 37763: (QA follow-up): Tidy
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0e359a5981f672aa49f5c44ef5e28e4281547347) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
CJ Lynce [Wed, 28 Aug 2024 18:45:24 +0000 (18:45 +0000)]
Bug 37763: Do not show SQL report editor after 'Update and run'
This patch corrects an error where the SQL editor screen would appear
after the report results when using 'Update and run SQL' when editing
reports.
This also corrects a related issue where the saved_sql.id of the report
would be repeatedly appended to SQL code when using 'Update and run
SQL'.
To test:
1) Login to staff client
2) Navigate to Reports -> Create from SQL
3) Create a short report (SELECT * FROM items), name it and SAVE it.
4) On the resulting "Edit SQL report' page, click 'Update and run SQL'
5) See the report runs, but at the 'Edit SQL report' screen shows at the
bottom.
6) Apply Patch
7) Return to Reports -> Saved Reports and Edit the report you created.
8) On "Edit SQL report' page, click 'Update and run SQL'
9) Verify that the report runs, but the 'Edit SQL report' section is
gone.
Sponsored-by: Westlake Porter Public Library Signed-off-by: Sam Sowanick <sam.sowanick@corvallisoregon.gov> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit bd79cbd858cb91a2e696a37922438d74e9c4a4e2) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Tue, 9 Jul 2024 18:40:33 +0000 (18:40 +0000)]
Bug 36276: Fix editing of identity provider and domains
This patch fixes identity_providers.pl to remove the "cud-" prefix for
two operations which are not POSTed: editing identity providers and
editing domains.
To test, apply the patch and restart services.
- Go to Administration -> Identity providers.
- If necessary, create an identity provider and then click "Manage
domains" -> New identity provider domain to create a new domain.
- From the list of domains, click "Edit"
- The edit form should appear with all the correct details prefilled.
- Check that the page title, breadcrumbs, and page header all show the
correct domain.
- Make a change to the domain and confirm that the changes are saved.
- From the list of identity providers, click "Edit"
- This form should also load correctly.
- Submitted changes should be saved correctly.
Sponsored-by: Athens County Public Libraries Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 32578e4f724d56ebb8905f6523b665026eea8e7a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Mon, 26 Aug 2024 20:11:48 +0000 (20:11 +0000)]
Bug 37551: (24.05.x) Only delete price when there is already an itemprice
To test:
1. Have a mrc file with some different prices. In my case I am using the mrc file attached here with different price values in the 975$p and 975$a
2. Set the MarcFieldsToOrder to "price: 975$p" and MarcItemFieldsToOrder to "price: 975$a"
3. In Acquisitions create a new basket > add to basket > from a new file
4. The value from MarcFieldsToOrder (975$p) is always set as the price when it should be the value from MarcItemFieldsToOrder (975$a)
5. APPLY PATCH, restart_all
6. Try steps 1 - 3 again, this time item price should be correctly handled.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Thu, 1 Aug 2024 11:59:58 +0000 (11:59 +0000)]
Bug 37413: Ensure itemnumber is sent
Fix condition to ensure the itemnumber is sent
Signed-off-by: Sam Lau <samalau@gmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 99c5e3bae40122bd8e8721aa186292388db9a7d6) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Brendan Lawlor [Wed, 21 Aug 2024 15:52:24 +0000 (15:52 +0000)]
Bug 37542: Fix patron search when dateofbirth is a DefaultPatronSearchField
This patch updates the call to dayjs to use strict parsing for patron search. See https://day.js.org/docs/en/parse/string-format
To test:
1. Create a patron with dateofbirth 1994-07-27
2. Add dateofbirth to DefaultPatronSearchFields
3. In patron or checkout search, type a cardnumber like '2908800092528'
4. Note the patron with that birth date is found in autocomplete
5. Apply patch and restart_all
6. Repeat step 3 and notice the patron is no longer found
7. In patron or checkout search, try searches using a formatted date
8. Confirm searches for '07/27/1994' and '1994-07-27' find the patron
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 764162cd6dc7c74a7028128d3d94ebc0eb5e90b0) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Thu, 11 Jul 2024 14:37:19 +0000 (16:37 +0200)]
Bug 31921: Include the modal code from acquisitions-toolbar.inc
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8619598d3b9b9b1db68d9f39d2cd84df8fbb0ea8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Sam Lau [Tue, 9 Jul 2024 15:20:57 +0000 (15:20 +0000)]
Bug 31921: Add confirmation modal when deleting a vendor
This patch adds a new modal for confirming vendor deletion. It fixes
the previous functionality, showing a confirmation modal for each
vendor and appropriately handling the response.
To test:
1) Visit Acquisitions home. Under where it says 'Manage orders', click
the search bar to bring up the list of vendors.
2) Add a few vendors by clicking 'New' and 'Vendor'. After this, go back
to the vendor search so that all the vendors are showing.
3) For each vendor, click on 'Delete vendor' and ensure the modal shows
properly.
4) Attempt to delete one of the vendors. Go back to the vendor search
and ensure they are deleted correctly.
5) Click on a vendor's name to go their supplier page. Make sure modal
works properly and attempt to delete a vendor from here.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 81af57344d5efa19eae68acbf110df09b02dcfa2) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
CJ Lynce [Sun, 4 Aug 2024 20:33:51 +0000 (20:33 +0000)]
Bug 37563: Refund, payout, and discount modals in borrower transactions and Point of Sale have broken/bad formatting of values
This patch corrects formatting of amounts in both the POS and member
accounting module Payment, Discount, and Payout modals.
It also corrects an issue where amounts of a previous modal show up
when clicking on the same modal for a different accountline
the member Accounting page.
Finally, it corrects an issue with the member Accounting Discount
modal in that an amount without both decimal places will not
display.
Steps to test:
1) Login to staff client
2) Enable the 'EnablePointOfSale' system preference
3) Enable the 'UseCashRegisters' system preference
4) Open POS module and configure a cash register
5) In the POS module -> 'Configure items for purchase', create some
items with different costs (divisible by .10, e.g 25 or 1.10, etc.))
6) Use the POS module to make a few transactions
7) Open POS -> 'Cash Summary for [BRANCH]', and open your configured
register
8) Click 'Issue Refund' and check the formatting of the paid and
returned to patron numbers
*** Issue A) See that numbers are not formatted with two decimal places
9) Pull up the 'Accounting' tab for a borrower
10) Create at least 3 invoices for different amounts (divisible by .10,
e.g 25 or 1.10, etc.)
11) Pay TWO of your invoices then open the 'Transactions' tab
12) Create a manual credit for an amount (divisible by .10, e.g 25 or
1.10, etc.)
13) Click the 'Apply discount' button on one of your invoices
*** Issue B) No 'Amount charged' appears
14) Click 'Issue refund' for one of the paid invoices.
*** Issue C) The 'Return to Patron' line does not have 2 decimal places
15) Click 'Issue refund' for another paid invoice
*** Issue D) The 'Amount Paid' shows the amount from the first modal
16) Click 'Apply discount' for one of the unpaid invoices
*** Issue E) The 'Amount charged' line is blank
*** Issue F) The discount line is also blank, should at least have a
0.00 value
17) Click 'Issue Payout' for your manual credit.
*** Issue G) The 'Return to Patron' line does not have 2 decimal places
18) Apply patch
19) Repeat steps 7 & 8 and check the formatting is correct for issue A
20) Repeat steps 13-17 and check behavior and formatting is correct
for issues B-G
21) Celebrate that you are done with all the steps and looking at
numbers, and that all is right in the Koha payment world (maybe)
Sponsored by: Westlake Porter Public Library Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 538c943faa52f1571814642ab5a05a48b689b083) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Laura_Escamilla [Wed, 7 Aug 2024 13:44:36 +0000 (13:44 +0000)]
Bug 37586: Added aria-label for Login icon
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 57dc65bed597507c9b0433edaed5f535d46b7f0c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Laura_Escamilla [Wed, 7 Aug 2024 13:22:58 +0000 (13:22 +0000)]
Bug 37586: Updated aria-labels for masthead links
Update to my last comment: The Lists aria-label had an accessibility issue as the label did not match the visible text.
New test plan:
Check the OPAC Interface:
* Open the OPAC in a normal-sized browser window.
* You’ll see the text next to the 'Cart', 'Lists', and 'Login' icons clearly.
* Gradually reduce the window size until the text next to these icons disappears.
* Inspect the icon elements. You’ll find that there is no alternative text (like aria-label) provided for 'Cart' and 'Login'. The aria-label for 'Lists' does not match the visible text. It currently says "Show dropdown with detailed list information". This lack of alternative text is an accessibility issue and labels should match visible text.
Apply the Patch:
* Apply the patch
* Restart_all
Verify the Fix:
* Inspect the icons again.
* For the 'Cart' icon, you should see an aria-label attribute with the text "View your shopping cart".
* For the 'Login' icon, you should see an aria-label attribute with the text "Log in to your account".
* For the 'Lists' icon, you should see an updated aria-label attribute with the new text of "Lists".
* These changes will improve accessibility for users relying on screen readers.
Sign Off:
* Sign off and Have an amazing day!
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8318d27a7d08d6c8667adb0eba7662ab6ac545f4) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Fri, 9 Aug 2024 22:43:50 +0000 (15:43 -0700)]
Bug 37612: Batch patron modification should accept both cud-show and show ops
Just like with batch item modification, batch patron modification can accept
either a POST of a lot of data, which might be more than Apache's default
URL length limit, or a GET of a little data. Or at least it could, if both
the op 'cud-show' and the op 'show' were accepted. Show isn't doing any
creation or updating or deleting, it just has to be cud-show because it needs
to be able to accept large POSTs. So when it is only getting a little data, it
should be willing to take a GET with op=show just like batch item
modification does.
Test plan:
1. Without the patch, Tools - Patron lists - New patron list - give it a
name and Save
2. Type enough characters in the Patron search input to find a patron (I
like ace for poor often-used Henry Acevedo) and click on a patron in
the list of results
3. Click Add patrons
4. Click Patron lists, and in the Actions menu for your list, choose
Batch edit patrons. Note that the page that loads doesn't show any patrons
or UI to edit them, only a message about "No patron card numbers or
borrowernumbers given."
5. Apply patch, restart_all
6. Repeat step 4, but this time get a page with your patron listed, and a
form to change things about the patron record.
Sponsored-by: Chetco Community Public Library Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit fc5eed80a30c8562078289e5664d8685211f3597) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Paul Derscheid [Wed, 14 Aug 2024 09:24:49 +0000 (09:24 +0000)]
Bug 37643: Check for NaN instead of truthiness if calendar.inc accepts_time
To test:
1) Go to circulation.pl (checking out to a patron)
2) Click the settings in the barcode input
3) Set any due date with the time set to 00:00
4) Note that the picker resets the time to 23:59
5) Apply the patch
6) Repeat 1-3
7) Note that the time (00:00) stays put
8) Sign off
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e96a334aa830aa7f9aacd705d04ba544fd389e8b) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Matt Blenkinsop [Thu, 15 Aug 2024 09:37:10 +0000 (09:37 +0000)]
Bug 37647: Remove Text::CSV_XS import
There is an unnecessary import that has been left over from when KBART file processing logic was being handled directly in the API controller. This patch removes that import as it is no longer needed
Test plan:
1) Look at the patch diff and confirm that the import for Text::CSV_XS has been removed
Signed-off-by: Jake Deery <jake.deery@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3c94b26c662c76792c36b1b8dd5a95411bf05d03) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Thu, 16 May 2024 11:46:08 +0000 (11:46 +0000)]
Bug 36882: Reapply flatpickr to cloned entry
1) Add a patron attribute type:
http://localhost:8081/cgi-bin/koha/admin/patron-attr-types.pl?op=add_attribute_type
2) Make sure its repeatable + is_date
3) Visit overdues:
http://localhost:8081/cgi-bin/koha/circ/overdue.pl
4) Click the 'add' button under the date custom attribute
5) Click on the newly created input, notice the flatpickr pop up doesnt
show
6) Apply patch. Repeat.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4c3ef3b69d4660843261669f01a53c4d908ab270) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Tue, 21 May 2024 15:09:59 +0000 (15:09 +0000)]
Bug 36907: Add maxlength to OAI set mapping form fields
This patch adds a maxlength attribute to the field, subfield, and value
fields in the OAI set mapping form. This helps prevent an error when the
form data is too long for the database columns.
Unrelated: The patch also adds quotes around two unquoted name
attributes.
To test, apply the patch and go to Administration -> OAI sets.
- If necessary, create a new set.
- Click Actions -> Define mappings.
- Test that each form field is limited correctly:
Field: 3
Subfield: 1
Value: 80
- Test that the form can be submitted successfully with the maximum
number of characters in each field.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit c3f47091def8b03c9d5d4fbf5329d01d743398f5) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit da5aa7fabad0635535a7b1847ad9e8736414d38c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 32696: Recalls can inadvertently extend the due date
If an item is due sooner than the recall due date interval then placing
a recall on it can inadvertently extend the book's due date, possibly
causing the recalling patron to receive the item later than they would
otherwise.
Test plan:
=========
1. Turn on recalls with UseRecalls.
2. In circulation rules, set the recall due date interval to 7 days
or any other arbitrary period.
3. Check out an item to one patron & set the due date to be before the
recall due date interval will have elapsed (e.g. the next day)
4. As a second patron, place a recall on the item in question.
5. See that the item's due date is extended to the current date plus
the recalls due date interval.
6. Apply the patch, restart_all;
7. Repeat steps 3. and 4. See that the due date has not been extended.
BTW, the calculation of $due_interval has been changed, because with
the current code and empty 'Recall due date interval' $due_interval
is undefined, despite the intention of the author of the code.
(after calling get_effective_rule $recall_due_date_interval is defined, but
$recall_due_date_interval->rule_value is undefined; the patron gets
a message: '... return the item within days, by ...' - no days count).
Sponsored-by: Ignatianum University in Cracow Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e584b9adcb6fafb96ce77fcd84b68f6f697478f4) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Aleisha Amohia [Tue, 13 Aug 2024 03:07:17 +0000 (03:07 +0000)]
Bug 37623: Make t/db_dependent/Letters.t idempotent
The tests should be unaffected by system preference settings, such as EmailFieldPrimary.
To test:
1. Log into the staff interface
2. Go to Koha Administration -> Global system preferences, and search for EmailFieldPrimary
3. Change the EmailFieldPrimary preference to something other than 'primary email' and 'first valid email address', i.e. any of the following:
4. Run tests t/db_dependent/Letters.t and notice they fail
5. Apply the patch
6. Run the tests again t/db_dependent/Letters.t with different settings of EmailFieldPrimary. The tests should always pass.
Sponsored-by: Pymble Ladies' College Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0e61e56e5728fc0ed387e9a53f40a6e77e9bc793) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Matt Blenkinsop [Mon, 19 Aug 2024 13:16:00 +0000 (13:16 +0000)]
Bug 37620: Improve cypress test to reduce random failures
This patch makes some improvements to the Infinite Scroll cypress test to try and prevent random test failures
- Fixes X-Base-Count and X-Total-Count for intercepted requests
- Makes element selection more precise
- Adds an intercepted request returning the requrired result for the filtered search
- Awaits this request before selecting an element from the dropdown
- Awaits all 10 requests triggered by typing "License 50" rather than just the first one
- Ensures that the select dropdown is closed between operations by clicking into another field to remove focus from the select dropdown
Test plan:
1) yarn cypress run --spec t/cypress/integration/InfiniteScrollSelect_spec.ts
or
1) yarn cypress open and select the InfiniteScrollSelect test from the Cypress GUI
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 538868d5f5e6c9c98f73dbdefb93a6ae0a186b84) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Eric Garcia [Mon, 8 Jul 2024 17:11:06 +0000 (17:11 +0000)]
Bug 37186: Fixed deletion of rotating collections
To test:
1. Tools -> Rotating collections
2. Create a rotating collection
3. In new collection Actions -> Delete
4. Notice collection is not deleted
5. Apply patch
6. In new collection Actions -> Delete
7. Notice collection is deleted
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 37cb3f35a324678d7af79c7ad9fa179f62a1bb7d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This patch makes the tests check for the added exception instead of the
generic DBIx::Class::Exception.
A FIXME was set in place proposing we should throw a Koha::Exception
instead, so removing the FIXME as that's what this patch actually did.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8da67cec7217c4519fb0a73d33c65e967ecef529) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Johanna Räisä [Fri, 9 Aug 2024 05:58:31 +0000 (08:58 +0300)]
Bug 37591: Fix moredetail.tt performance issue
This patch fixes the performance issue in moredetail.tt by removing the
unnecessary call of checkout_renewals table.
To test:
1. Create lot of checkouts and renewals for a record.
2. Open the moredetail page for the record.
3. Check the timing of the page load.
4. Apply the patch and check the timing of the page load again.
5. The page load should be faster after applying the patch.
Sponsored-by: Koha-Suomi Oy Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5c41c1c657eba6be37bd8ca4622fdc9eda658fcd) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Sam Lau [Fri, 26 Jul 2024 20:52:19 +0000 (20:52 +0000)]
Bug 37409: Fix 'Edit' button for items in course reserves list
To test:
1) Set the 'UseCourseReserves' sys pref to 'Use'
2) Go to the Course reserves page
3) Create a new course, fill in the required info and make sure the 'Enabled?' is checked
4) Add a reserve to this course
5) From the course details page, select edit on the reserve you just made.
6) Note it brings you back to the add reserves page, and you are required to enter the barcode/biblionumber again to edit
7) Apply patch, restart_all
8) Press the edit button again
9) Now you are directed towards the correct page for editing
10) Make some changes and press save
11) You should be redirected back to the details page and your changes have been made
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0dad564763e190dd59ed44606ca5af56e526d429) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37510: Make Koha::Object->delete throw Koha::Exception
This patch makes Koha::Object->delete wrap DBIC exceptions on FK
constraints and throw a Koha::Exception::Object::FKConstraint exception
instead. This will allow us better handling it from the callers.
To test:
1. Apply the unit tests patch
2. Run:
$ ktd --shell
k$ prove t/db_dependent/Koha/Object.t
=> FAIL: A DBIC exception is thrown instead, tests fail
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 923dc5e078593f653b075813885bde34531c503e) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 30a5baa70623625d2856450293b00ce34a764cd8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Thu, 15 Aug 2024 10:21:10 +0000 (12:21 +0200)]
Bug 37429: Set default value for global variables
The global variables needs to be assigned with a default value, or the
value from the previous request will be used.
Global variables are persistent from one request to another, in memory.
This patch:
* groups default value for global variables together
* removes $authorised_values_sth from this list (it is not a global var)
* set $changed_framework to 0 (which fix the issue)
Test plan:
1. Open an existing biblio (detail.pl)
2. Click "Edit record"
3. Change the framework (no need to change any details)
4. Change the framework back to the original one (no need to save anything)
5. Go back to the biblio overview page (detail.pl)
=> The form is populated
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8aced236e9360ea6186e0d4c79d77ecd272bdc09) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Fri, 16 Aug 2024 00:44:20 +0000 (17:44 -0700)]
Bug 37614: Printing patron cards from patron lists should be a GET
There's no creating, updating, or deleting about printing patron cards, and
the only time there's a lot of data (selecting individual patrons in a card
creator batch), it doesn't matter if the "Export selected" URL exceeds the
maxlength for Apache since the actual link to create the PDF also will.
Test plan:
1. Without the patch, Tools - Patron lists - New patron list - Name it and
Save
2. Type three characters in the Patron search form (mar works well) to get
at least three patrons. Click on each of three, then click Add patrons
3. You can only print cards from the list of lists, so back to Tools -
Patron lists
4. In the Actions menu choose Print patron cards, in the popup click Export
5. Watch the throbber spin around for a while (it will never stop), then
close the popup, apply the patch, restart_all
6. Tools - Patron lists - Actions menu - Print patron cards - Export
7. Click the PDF link, make sure it has all three of your patrons
8. Tools - Patron card creator - New - Card batch
9. Without putting anything in the textarea, click Add patrons, in the
search popup search for your three characters (mar) again, and click
the checkboxes to the left of three of the names, then Add selected
patrons, then Close, then Add patrons
10. Click the checkboxes for two of the three patrons, then Export selected
card(s), then Export in the popup
11. Hover the link to the PDF, verify that it doesn't have stray 'amp;'
after the & and before label_id= anymore
12. Click the PDF link, verify it has your two patrons
13. Back at the card batch, click Export card batch, then Export
14. Check the PDF to verify it has all three of your patrons
15. Tools - Patron lists - click your list's name to open it
16. Click the card number for a patron, then the Patron lists tab in Checkout
17. Actions menu - Print patron cards - Export, verify the PDF has all three
patrons
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0f255728c5101fbc90a1e18f3d6fdda96ed0182a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Kyle M Hall [Wed, 14 Aug 2024 14:41:35 +0000 (14:41 +0000)]
Bug 37308: (QA follow-up) Tidy code
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5a06bd0d73d51bbc87a7e4ff210434b8782b90ec) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Wed, 10 Jul 2024 15:07:22 +0000 (15:07 +0000)]
Bug 37308: Add user-agent for SUSHI outgoing requests
Signed-off-by: Belal Ahmadi <belal.ahmadi@uwl.ac.uk> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8175cccca2f7f28c68445e702ec40c200010211c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Fridolin Somers [Tue, 6 Aug 2024 12:12:16 +0000 (14:12 +0200)]
Bug 37575: Typo 'AutoCreateAuthorites' in about.pl
Typo in system preference name 'AutoCreateAuthorites' -> 'AutoCreateAuthorit[i]es'
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4c5425bd2f2aeaf45e4fa185e1590d845ae6453d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
PerplexedTheta [Mon, 12 Aug 2024 14:26:13 +0000 (15:26 +0100)]
Bug 37593: Removed all instances of 'this this' in the codebase
To test:
a) do a grep for 'this this'
1) notice that there are five matching files
2) notice that all of these instances are in comments, or podfiles
b) apply this patch
c) do a grep for 'this this'
1) notice now that these instances are gone
d) apply these changes to schema.koha-community.org
e) result!
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2cc520cdeb6782f9370356f1c7a1bb7f78ea1057) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Matt Blenkinsop [Fri, 9 Aug 2024 16:05:55 +0000 (16:05 +0000)]
Bug 37607: Only default to manual form if we are editing
This patch fixes an issue where the form to add a provder would automatically default to the manual form. This patch prevents this behaviour and restores the intended functionality.
Test plan:
1) Don't apply the patch
2) In ERM, click to add a new provider
3) Type something in the provider name search box
4) The input will change from a select to a text input and the button next to it will now say "Create from registry"
5) Apply patch
6) Yarn build and hard refresh the browser
7) Repeat steps 1-3, the form should work as intended and return results in the select box
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a73cafda2daf020d41a86e8e80c5da50307ff277) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Sam Lau [Wed, 24 Jul 2024 16:53:25 +0000 (16:53 +0000)]
Bug 37450: Fix 'Close basket' button from list of baskets
To test:
1) In acquisitions, have a vendor with an item (or items) in their basket. Search for this vendor.
2) From the actions column, select the arrow and then press 'Close this basket'
3) Clicking on this option will not close the basket and brings us to the wrong page
4) Apply patch
5) Try to close the basket again, and this time, it is closed successfully
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a55e20e8c1eda4d5545eb7792f08cae26ab72bbf) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37254: Fix clearing of dropdown values on circulation rules
When one tries to clear the rule they are editing in circulation
rules page via "Clear" button, dropdown selectors aren't populated
with default value (first on the list).
To reproduce:
1. Select a rule to edit.
2. Press "Clear" button to return edit rows values back to default values.
=> Values in dropdowns aren't set back as default, instead they have
same values as rule you edited before pressing "Clear".
3. Apply this patch.
4. Select rule to edit, then press "Clear".
=> Dropdowns now have default values.
Sponsored-by: Koha-Suomi Oy Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f1f08f92c52dc92eed71110f1c4d7711148c8b5c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Andreas Jonsson [Thu, 16 May 2024 07:38:09 +0000 (09:38 +0200)]
Bug 36879: Spurious warning in QueryBuilder
Test plan:
With ElasticSearch enabled,
* Perform a search using the default sort order
(i.e. 'relevance').
* Verify that no warnings are generated in
plack-intranet-error.log
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 347291727dd63cdba508b84336bed4d12efee57d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37461: Typo in SMSSendAdditionalOptions description
This patch correct a typo in the SMSSendAdditionalOptions system
preference description.
To test:
1. Apply patch
2. Go to Administration > System preferences
3. Search for SMSSendAdditionalOptions
4. Read the description, make sure there are no spelling or grammar
error
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 41c455fd5837aef89364100c5e495d2c2019de21) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
1. Apply patch
2. Rerun and make sure the error "Use of uninitialized value $sub6 in pattern match (m//) at /usr/share/koha/lib/Koha/SearchEngine/Elastricsearch.pm" is no longer present.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Initial testing done, it works well, needs an additional sign off from an external party
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit b8049af6b1e2c7de954ffc08e22acc08031fd290) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Tue, 4 Jun 2024 17:17:33 +0000 (17:17 +0000)]
Bug 37030: Use template wrapper for breadcrumbs: Cash register stats
This patch updates the cash register statistics template so that they
use the new WRAPPER for displaying breadcrumbs.
To test, apply the patch and test page and its variations.
Breadcrumbs should look correct, and each link should be correct.
- Reports ->
- Cash register statistics
- Results
Sponsored-By: Athens County Public Libraries Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 938053b1cf35e90827354d731704a26b2c3f86c8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 35235: Make "Koha module" label match the corresponding <select>
Test Plan
1. Go to Tools -> Notices and slips -> New notice
2. Select Acquisition
3. Click on the Koha module label
4. The corresponding drop down field should activate (greyed)
Signed-off-by: Sam Lau <samalau@gmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9ba523f6b68ea1b7fcc0b9a52bba0518535f698d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Fri, 2 Aug 2024 02:02:10 +0000 (02:02 +0000)]
Bug 37553: Tidy to make QA tools happy
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1a747ddcb7645b7eb3bdb042175ff798339e7135) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Fri, 2 Aug 2024 01:49:06 +0000 (01:49 +0000)]
Bug 37553: Consistently send Csrf-Token in request header
This change consistently sends the Csrf-Token in the request header.
Previously, one POST sent it in the request body, while the other POST
sent it in the request header. Since we're using an API, it's best
for us to always send it in the request header
Test plan:
0. Apply the patch
1. perl ./misc/migration_tools/koha-svc.pl \
http://localhost:8081/cgi-bin/koha/svc koha koha 29 > bib-29.xml
2. perl ./misc/migration_tools/koha-svc.pl \
http://localhost:8081/cgi-bin/koha/svc koha koha 29 bib-29.xml
3. Note that the following appears in STDOUT and there is no 403 error:
"update 29 from bib-29.xml"
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit bf427a2947113f73186c5de5f85479306e49daf5) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Fri, 2 Aug 2024 01:37:40 +0000 (01:37 +0000)]
Bug 37553: Use CSRF token for authenicated session for POSTing
This change fixes the Koha::SVC to store the CSRF token for
the authenticated session for further POSTing.
Test plan:
0. Apply the patch
1. perl ./misc/migration_tools/koha-svc.pl \
http://localhost:8081/cgi-bin/koha/svc koha koha 29 > bib-29.xml
2. perl ./misc/migration_tools/koha-svc.pl \
http://localhost:8081/cgi-bin/koha/svc koha koha 29 bib-29.xml
3. Note that the following appears in STDOUT and there is no 403 error:
"update 29 from bib-29.xml"
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit eabd792ee93ce4dd84b36f143ee2ccaa184ed147) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Brendan Lawlor [Fri, 14 Jun 2024 19:11:56 +0000 (19:11 +0000)]
Bug 37077: Fix report mutli-select for zero and single selections
This patch updates the javascript overriding the form submission when reports have multi select parameters.
When there are more than one multi selects, and the user selcts one value from each, it skips updating the value of the select, so it doens't send duplicate parameters anymore.
If there are no selections made it will pass '%' for all values. This allows the multi select to be optional in the report. If no selections are made it is assumed that you are not using that parameter to limit the report.
Test plan:
1. Go to Reports and create a report from SQL
select *
from items
where
homebranch in <<Libraries|branches:in>>
and
itype in <<Item type|itemtypes:in>>
3. Run the report but pick only 1 library and 1 item type
4. Click the "Show SQL code"
5. Notice that the two parameters were filled correctly
6. Run the report again with zero selections
7. Click the "Show SQL code"
8. Notice that the '%' is used for the parameter
9. Run the report again with combinations of single, multiple and zero selections
10. confirm the SQL code is generated as you would expect.
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 6c6982b983381bc6344fff1b7fb6a39bd9af157c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Mon, 29 Jul 2024 11:23:51 +0000 (11:23 +0000)]
Bug 37509: Check Elasticsearch info for both 'about' and 'sysinfo' tabs
1) Notice 'Elasticsearch:' entry at http://localhost:8081/cgi-bin/koha/about.pl?tab=about is empty
2) Apply patch + restart plack
3) Repeat step 1) Notice it now shows elasticsearch info as expected.
4) Verify that Elasticsearch warning http://localhost:8081/cgi-bin/koha/about.pl?tab=sysinfo is the same before and applying patch.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 63e560a4323d0695853d4031053a057aa27f6394) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Fri, 9 Aug 2024 10:58:23 +0000 (10:58 +0000)]
Bug 37543: (follow-up) Tidy
Tidy the whole thing
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit cf315751cf52aa5e13304dc7bcf99975b1d1acdc) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Rudolf Byker [Thu, 1 Aug 2024 14:14:29 +0000 (16:14 +0200)]
Bug 37543: Use CSRF tokens in connexion_import_daemon.pl
Since version 24.05, due to the changes mentioned at
https://wiki.koha-community.org/wiki/Koha_/svc/_HTTP_API#Changes_coming_in_Koha_24.05 ,
the `connexion_import_daemon.pl` stopped working. The reason for this is that
it did not use CSRF tokens.
To test:
1. Get a Koha instance on 24.05, before applying the patch.
2. Create a plain text file somewhere on the server containing a raw MARC
record (not XML). Let's call it `marc.txt`.
3. On the server, create a config file like this:
```
host: 0.0.0.0
port: 5500
koha: http://localhost:82 # Where 82 is the port of the Koha staff interface.
user: foo # A Koha staff user.
password: Fooo1234 # The Koha staff user's password.
import_mode: stage
```
4. Run `./connexion_import_daemon.pl --config the-config-file-path`
5. In another terminal on the same server (or from anywhere that can reach the
port opened by the `connexion_import_daemon.pl` script,
run `nc localhost 5500 < marc.txt`
6. Observe in the stderr of the daemon script: `Response: Unsuccessful request`
7. Stop the daemon script.
8. Apply the patch and repeat steps 4 and 5.
9. Observe in the stderr of the daemon script:
`Response: Success. Batch number ... - biblio record number HASH(...) added to Koha`
10. Check at /cgi-bin/koha/tools/manage-marc-import.pl for a batch named
`(webservice)`. It should contain one record now. This is how we know that
authentication between the daemon and Koha worked, which is what this
patch tries to address.
Thanks-to: David Cook <dcook@prosentient.com.au> Sponsored-by: Reformational Study Centre <www.refstudycentre.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0e9ea3c9f5570addf666f2e0b103c09a85d89a72) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
CJ Lynce [Fri, 26 Jul 2024 18:53:37 +0000 (18:53 +0000)]
Bug 37382: Report download is empty except for headers if .tab format is selected
When exporting a report in tab delimited format, the downloaded file
would have the header rows but no data results.
Also, misc files are created on the server file system in koha/reports
with data that should have been in the .tab file.
This patch fixes both of these issues.
To test:
1. Login to staff client
2. Go to Reports and create a report from SQL - sample report
SELECT i.barcode, b.title, b.biblionumber, i.itemnumber
FROM items i
LEFT JOIN biblio b on i.biblionumber = b.biblionumber
WHERE i.itemnumber < 50
3. Run the report
4. Click 'Download'->'Tab separated text'
5. Download file
6. Open file in a text editor or favorite spreadsheet app
File will have headers rows, but no other item data
6a. If able, check the server filesystem in koha/reports
There may be files there related to report data. Remove.
7. Apply Patch
8. Repeat steps 3-6,
File will now have the table data, hooray!
8a. If able, check the server filesystem in koha/reports
No new files should be created.
Signed-off-by: Laura ONeil <laura@bywatersolutions.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7d0563e1c568609559dab399535641e167a0795c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Thu, 11 Jul 2024 22:11:35 +0000 (22:11 +0000)]
Bug 37337: Pass the save $op when biblio_exists
To test:
1. Go to suggestions in the staff interface and enter a new suggestion.
2. Enter a title that matches something already in the catalog. In k-t-d I used "Lanark".
3. Submit the suggestion.
4. Get a blank page.
5. APPLY PATCH and restart_all
6. Now after step 3 you should get a page that shows the 'Click on "Confirm your suggestion" to ignore this message." warning, the form, and a Confirm your suggestion button.
Signed-off-by: Jake Deery <jake.deery@ptfs-europe.com> Signed-off-by: Jan Kissig <jkissig@th-wildau.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8e7208d7104bef61f45f10e2a3324e445d177094) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Thu, 11 Jul 2024 16:12:29 +0000 (16:12 +0000)]
Bug 37192: Adjust template for additem.tt
Test plan:
1. Search the catalog for something that will return results, like Perl
2. On any bib that has at least one item, click Edit items
3. In the Actions menu to the left of any item, choose Print label
4. That opened a popup with a 500 error rather than a label batch editor
5. Apply patch, restart_all
6. Repeat step 3, but this time you'll get a label batch editor with your
item in it.
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e1b78e1e2bf8badb27556eb749fe17c262a654bf) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Thu, 11 Jul 2024 16:11:43 +0000 (16:11 +0000)]
Bug 37192: Add ability to pass data-new_tab to form-submit.js and open in new tab
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4c244df82afa679bd8aa6ce3558e7516b77267cf) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37496: Restore parameter to limit to details of one item
To test:
1. Find a bib record with more than one item
2. Click on the barcode of an item to show the item details page
--> The item details page shows the details of all items, though it does
jump to the correct item
3. Apply patch
4. Reload the bib record, and click the barcode again
--> The item details page shows only the chosen item, with a link above
to show all items
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 34ac823619f78b61bef718a0467a5d2ca173f617) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Tue, 9 Jul 2024 20:19:05 +0000 (20:19 +0000)]
Bug 37294: Add modal to generate next
To test:
1. Serials -> Create or find a subscription
2. Receive the subscription
3. Save
4. Click 'Generate next'
5. Nothing happens
6. APPLY PATCH
7. Try again, now the "Generate next" button should work as expected.
Signed-off-by: Kelly <kelly@bywatersoutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 56cbc1f09295fe84dd67a93f73870e4d0fbeaae4) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Fri, 12 Jul 2024 12:40:08 +0000 (12:40 +0000)]
Bug 37342: Use get for launching authority popup
This patch simply switches to a GET as the operation is not cud
To test:
1 - Go to cataloging -> new record
2 - If not in basic editor, switch
3 - Go to tab 100
4 - Enter a name that has no authority in your system: McNotExist, Falsy
5 - Click 'Link authorities automatically'
6 - subfield 9 should turn red, and have an X and a + button
7 - Click the green +
8 - Boom
9 - Apply patch
10 - Reload page and repeat (clear cache so js reloads)
11 - Success! Authority window launches
Signed-off-by: Jake Deery <jake.deery@ptfs-europe.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d4f4190f91f567b4432c88e5ff8603e8302b0e4d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 897f4f319b7b855cee2056eaa82d28fedce9006d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Thu, 25 Jul 2024 15:28:37 +0000 (15:28 +0000)]
Bug 37389: ExtendedAttributes mixin
This is what we're doing here:
- Creating a new mixin called ExtendedAttributes.pm
- Moving the extended_attributes 'join' logic out of REST/Plugin/Query and instead applying it to the aforementioned Mixin. Moving this to this level allows for this consistent behavior to happen on all search queries including, but not limited to, search queries happening on the REST API.
- Applying this Mixin to Patrons and ILL::Requests (we don't apply it to AdditionalFields.pm here yet because no AdditionalFields supporting classes have the extended_attributes accessor yet, I'll tackle this when rebasing 35287)
- The aforementioned mixin does the following:
-- Generates dynamic accessors for extended_attributes e.g. if there is a borrower attribute with code 'height', the 'extended_attributes_height' accessor is generated dynamically if a search with 'prefetch'=>'extended_attributes' AND the extended_attribute.code = 'height' is performed.
-- Rewrites the 'join' entries in the query to have the aliases as above.
-- Rewrites the WHERE conditions to match the above ruleset.
SELECT
`me`.`borrowernumber`
FROM
`borrowers` `me`
LEFT JOIN `borrower_attributes` `extended_attributes_CODE_1` ON (
`extended_attributes_CODE_1`.`borrowernumber` = `me`.`borrowernumber`
AND `extended_attributes_CODE_1`.`code` = ?
)
LEFT JOIN `borrower_attributes` `extended_attributes_CODE_2` ON (
`extended_attributes_CODE_2`.`borrowernumber` = `me`.`borrowernumber`
AND `extended_attributes_CODE_2`.`code` = ?
)
WHERE
(
(
(
`extended_attributes_CODE_1`.`attribute` LIKE ?
AND `extended_attributes_CODE_1`.`code` = ?
)
AND (
`extended_attributes_CODE_2`.`attribute` LIKE ?
AND `extended_attributes_CODE_2`.`code` = ?
)
)
)
What fixes the performance issue that originated this work is the 'AND `extended_attributes_CODE_1`.`code` = ?' that was missing on the LEFT JOIN.
All of the above is explained using Borrowers and Borrower attributes, but it all also applies to ILL::Requests and ILL::Request::Attributes.
Co-authored-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3b613fb73f0522c61c7e8941afdb4a3ee366064f) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Co-authored-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit bbf52b754fc6782e8c2ab28fb597d1392fde6567) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 33453: Change the button class of the record cashup modal to btn-primary
To test:
1. Go to System Preferences > find and enable "Use cash registers"
2. Go to Administration > "Cash registers" and create a new cash register
3. Go to Tools > "Transaction history for" > "Record cashup"
4. Click "Record cashup"
5. Modal with change: "Confirm" should be yellow and primary.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3a3d367922233c2422ffc5d216344c717170b64a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Wed, 7 Aug 2024 17:31:46 +0000 (17:31 +0000)]
Bug 37373: (follow-up) Add id and adjust tests
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d5f0191bda908aa071d4207dbf2f30018cb7db53) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Fri, 26 Jul 2024 16:32:12 +0000 (16:32 +0000)]
Bug 37373: Combine duplicate class attributes
This patch corrects two instances in patron-search.inc where there were
two class attributes on one input. Combining the two class names under
one class attribute seems to fix the focus problem.
The patch also updates the global JS giving focus to elements with a
"focus" class so that it only targets elements which are visible. This
prevents the browser from trying to put focus on a field in a hidden
modal.
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d56226d7378f627d46012a8f2dcf196c1d99c002) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Eric Garcia [Wed, 31 Jul 2024 18:31:53 +0000 (18:31 +0000)]
Bug 37411: Fixed exporting to CSV file
To test:
1. Acquistions -> Budgets -> Funds -> Planning, select any option
2. In the toolbar see Export, and click Submit and see a 500 error
3. Apply patch, restart_all
4. Repeat steps 1-2
5. Notice the 500 error is gone and the CSV is exported properly
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 94890a1e55735504b2f405c4b82793e3a2e44fc3) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Eric Garcia [Mon, 29 Jul 2024 15:21:59 +0000 (15:21 +0000)]
Bug 37411: Fixed 500 error when exporting budget planning
To test:
1. Acquistions -> Budgets -> Funds -> Planning, select any option
2. In the toolbar see Export, and click Submit and see a 500 error
3. Apply patch, restart_all
4. Repeat steps 1-2
5. Notice the 500 error is gone and the CSV is exported properly
Notes:
Is there a reason we call exit(1) after exporting the csv?
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7367b114c916aab9bebd06135fe889cf2a8883d4) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Sam Lau [Fri, 26 Jul 2024 16:17:56 +0000 (16:17 +0000)]
Bug 37489: Separate forms for uploading and deleting a patron image
This patch creats a new form for image deletion that is submitted via the 'Delete' button on the modal.
To test:
1) Turon on the 'patronimages' sys pref
2) Visit a patron page, you should see an image module on the left.
3) Click on the image to edit it. Upload a new image.
4) Edit the image again, press delete and confirm the popup.
5) Note that it will not let you delete because of the required file.
6) Apply patch
7) Attempt to delete again, this time it is successful.
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2263d9f3b0aef977642eaffa38fb5bddae16bc0e) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Matt Blenkinsop [Mon, 29 Jul 2024 08:52:39 +0000 (08:52 +0000)]
Bug 37288: Allow manual providers to be edited
There is a bug preventing manually created providers from being edited. This patch fixes that issue and allows providers to be edited if they have been created manually
Test plan:
1) Create a data provider in the ERM manually using the Create manually option
2) Click to edit that provider
3) The form will not load
4) Apply patch and run yarn build
5) Hard refresh the browser
6) The form should now load correctly
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8872aa91e35a77951eb60037bc1f709fe093f00a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Matt Blenkinsop [Wed, 17 Jul 2024 08:36:16 +0000 (08:36 +0000)]
Bug 37288: Improve display of data provider edit form
This patch makes some improvements to the edit form for data providers. It delays page display until the counter registry has responded and also improves the display of the "create manually" and "Create from registry" buttons
Test plan:
1) Create a Data provider in the ERM module
2) Click to edit that new provider
3) The page will load and there will be a slight delay before the Data provider name input is populated
4) The "Create manually" button will also be visible
5) Apply patch and yarn build
6) Hard refresh the browser and repeat steps 1 and 2
7) This time when the page loads the provider name should be prepopulated and no manual creation button will be visible
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit b646d8ab651e32067367a8ba781fc4256b9eec68) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37419: Update FK constraint on record sources to avoid data loss
Without this patch, deleting a record source will delete the associated
biblio_metadata rows, which is a severe data loss.
This patch makes the constraint restrict this action.
To test:
1. Add a record source
2. Set the record source to some records
$ koha-mysql kohadev
> UPDATE biblio_metadata SET record_source_id='your source id' WHERE
biblionumber=1;
3. Delete the record source
=> FAIL: Record metadata deleted
4. Apply this patch
5, Run:
$ ktd --shell
k$ updatedatabase
=> SUCCESS: DB update goes well
6. Repeat 1~3 with another record
=> SUCCESS: Source cannot be deleted if there are linked records
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Janusz Kaczmarek <januszop@gmail.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8754458775da37acfc2513cc0c1b2523740fe79b) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Thu, 11 Jul 2024 12:13:39 +0000 (05:13 -0700)]
Bug 37093: Searching for reports on Mana should use GET
Searching for reports on Mana currently fails by sending a POST to
svc/mana/search without a CSRF token. There's no reason to POST, it's
just sending a search string.
1. Enable Mana: Reports - lower right is a blue Knowledgebase box with
a link to Change your Mana KB settings
2. Switch Use Mana KB to Yes, click Save, below that give it a name and
email, Send to Mana KB
3. Reports - Use saved - New report - New SQL from Mana
4. Enter any keyword to search, get a 403 forbidden error
5. Apply patch, restart_all, Shift+Reload the page to clear cache
6. Enter any keyword likely to return results, like select, get results
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f4d248f076ef7368535beead9689acf4ad98d5f3) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Tue, 30 Jul 2024 12:13:23 +0000 (12:13 +0000)]
Bug 37523: CSRF error when modifying an existing patron record
This patch modifies the patron entry template to avoid a CSRF error when
clicking the "Edit existing record" button after a duplicate patron is
found. The operation should be GET and thus can be a link.
To test, apply the patch and go to Patrons.
- If you aren't using the default testing data you should first locate
an existing patron record so you can refer to the details.
- Start the process of creating a new patron record.
- Use the existing patron's data to fill out the form.
- With the default data you can use:
- Surname: Bennett
- First name: Pamela
- Date of birth: 09/16/1946
- Any random new card number
- When you click "Save" you should get a duplicate patron warning:
"Duplicate patron record?"
- Click "It is a duplicate. Edit existing record."
- You should be taken to the edit form for the existing patron.
Sponsored-by: Athens County Public Libraries Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Johanna Räisä <johanna.raisa@gmail.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2f6226ad695a7092c71ba86d06bd9d7edac8f583) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jennifer Sutton [Thu, 25 Jul 2024 23:11:16 +0000 (23:11 +0000)]
Bug 35236: Make "Batch description" label match corresponding <input> field
To test:
1. Create a new patron.
2. Go to Tools -> Patron card creator.
3. Create a new patron card batch.
4. On the "Edit patron card batch" page, click the "Batch
description:" label.
5. Observe that the corresponding <input> field is selected.
Mentored-by: Catalyst Academy Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 558b900895a42ff33fed06f746f677ac9ea3f51c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Sam Lau [Thu, 25 Jul 2024 16:02:16 +0000 (16:02 +0000)]
Bug 36998: Correctly update the 'Amount paid' displayed on the issue refund modal
To test:
1) Enable the 'EnablePointOfSale' sys pref (also requires the 'UseCashRegisters' pref)
2) In the POS module, configure a cash register and also configure some items for purchase with different costs
3) Make multiple sales
4) View the transactions table by clicking the 'Cash summary for ...' tab and then clicking on your cash register's name.
5) Click on the 'Issue refund' button for one of the sales, this should have the correct 'Amount paid'
6) Close the modal and click issue refund on your other item.
7) Note the 'Amount paid' is incorrect and lists the value from the previous item
8) Apply patch
9) Now when clicking issue refund, it displays the correct 'Amount paid'
Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 47a3c284734c56e095a5945cdbd40f6e50652496) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37476: Fix reserved word error on Serials.pm on MySQL 8
This patch fixes the fact `RANK` become a reserved word in MySQL 8.0.2
[1]
To test:
1. Launch KTD with MySQL 8:
$ ktd down
$ DB_IMAGE=mysql:8 ktd up -d
2. Open the logs
$ ktd --shell
k$ tail -f /var/log/koha/kohadev/*.log
3. Create a serial, receive an issue and try to create a routing list
4. Click on `+ Add recipients` and look for Henry
5. Click `Add` and then `Close`
=> FAIL: Henry not added
=> FAIL: The logs show an error about wrong SQL syntax
6. Run:
k$ prove t/db_dependent/Serials.t
=> FAIL: Tests explode with the same kind of error!
6. Apply this patch
7. Restart plack
8. Repeat 3 through 6
=> SUCCESS: Henry added!
=> SUCCESS: No explosion about the SQL syntax in the logs
=> SUCCESS: Tests pass!
9. Sign off :-D
Thibaud Guillot [Wed, 28 Feb 2024 15:20:10 +0000 (16:20 +0100)]
Bug 36196: Handling NULL data on ajax call
Test plan:
1) Update some data in your cities table, sample for one send:
"UPDATE cities SET city_state=NULL WHERE cityid=<id>"
2) Go on "/cgi-bin/koha/admin/cities.pl" and wait a entire life :)
3) Apply this patch
4) Rebuild your po files if needed
5) Reload the same page and now you get normally the datatable
Sponsored by: BibLibre Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e0856d0db648766ba1d65a4f784983a416ac4a35) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Mason James [Fri, 2 Aug 2024 01:53:01 +0000 (13:53 +1200)]
Bug 37303: Update yarn.lock after adding new dependency to packages.json
use ./xt/verify-yarnlock.t test in BZ 37490 to confirm
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8ff9e665e4d275ac601ee5165ab4233a14189f2c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Wed, 10 Jul 2024 10:16:55 +0000 (12:16 +0200)]
Bug 37303: Replace po2json with a JS version
When using __() (ie. Gettext.js) we are seeing the translations that are marked as fuzzy.
This is definitely not the expected behaviour.
It happens because (our version of) po2json are old and no longer maintained,
and just embed them.
It seems that the bin we have has been upgraded to a JS version
(different authors).
Test plan:
(replace LANG with your language code)
0. Do not apply this patch
Edit misc/translator/po/LANG-messages-js.po
Mark a string as fuzzy
Edit ./intranet-main.tt and add the following lines inside $(document).ready
console.log(_("Your string"));
console.log(__("Your string"));
Replace "Your string" with the string you are actually testing.
Update the templates: `koha-translate --update LANG --dev kohadev && restart_all`
Go to the Koha home page, open the console.
=> Notice that the second log in the console is displaying the fuzzy string.
1. Apply this patch
Install the new version of po2json using `yarn install`
Repeat the previous steps.
=> With this patch applied both logs show the English version of the
string.
Remove fuzzy, update the templates and try again.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 4eb981635453871fa2a33396391f3f75a6baa8b1) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Wed, 24 Jul 2024 22:44:05 +0000 (22:44 +0000)]
Bug 37351: Rework checkbox JS to work with paginating dataTable
To Test:
1. Log in to staff client
2. Place items on items for borrowers
2-1 Place enough holds as noted above
2-2 Trap holds for borrowers
3. Open Circulation->Holds Awaiting Pickup (circ/waitingreserves.pl)
4. Click a checkbox for one or mroe holds
Note->The 'Cancel selected (0)' button changes to 'Cancel
selected (1)', etc.
5. Cancel selected Holds using the (Cancel selected (#) button)
6. Confirm Cancellation
7. Wait for background processes to complete, then verify holds are cancelled.
8. Return to Open Circulation->Holds Awaiting Pickup (circ/waitingreserves.pl)
9. Ensure button shows "Cancel selected (0)"
10. Click "Next >" to navigate to page 2 of holds
11. Click a checkbox for one or more holds
Note->The 'Cancel selected (0)' button DOES NOT increase as boxes
are selected.
12. Cancel selected Holds using the (Cancel selected (#) button)
13. Confirm Cancellation
14. Wait for background processes to complete, then verify holds are cancelled.
Note-> Holds were not cancelled
15. APPLY PATCH
16. Try step 9-14 again. This time the 'Cancel selected (0)' button should update even when you paginate.
17. Make sure you try all the tables, Holds waiting, Holds waiting over X, Holds with cancellation requests.
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit bbd1fa0bfa2604e60eb38072569d7af5ec6808d8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Tue, 23 Jul 2024 12:14:44 +0000 (12:14 +0000)]
Bug 37378: libraries_where_can_see_things should always return an array
The subroutine libraries_where_can_see_things stores the list of libraries that things
can be viewed from in an internal variable, so we can return this directly if we have already calculated.
When returning if not cached, we dereference the list and return an array. If cached, we are returning
an arrayref. This patch simply ensures we dereference the array even if already cached.
Before this patch, we were fetching the patrons, then redacting all info as their branches didn't match against
an arrayref, rather than checking against each branch we are allowed to view.
To test:
1. Setup a library group and check the "Limit patron data access by group ." option.
2. Add some libraries to the group. ( IN k-t-d I added CPL and MPL )
3. Create a staff account who has staff access permissions and all of the borrower permissions except "view_borrower_infos_from_any_libraries"
4. Set the home library of that staff member to one of the branches in step 2. ( In my test I choose MPL )
5. Log in as that patron and attempt a patron search that would include users from either library in step 2.
6. See the error: