Jonathan Druart [Fri, 3 Sep 2021 10:01:12 +0000 (12:01 +0200)]
Bug 28947: Prevent OPAC user to create new users
This patch prevents an existing user from exploiting the patron edit form in order to
force create new patrons
To test:
Try all combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail
with and without this patch.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
(cherry picked from commit eab5f18787d5b7b5efc374a7dc87ef4090e5bac0) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Mon, 13 Sep 2021 12:56:30 +0000 (12:56 +0000)]
Bug 28935: (QA follow-up) Use BorrowerUnwantedField on staff client
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug 28935: No filtering on patron's data on member entry pages
Security patch. Follow-up for 28929.
Including correction for gonenoaddress and two others.
Includes unwanted fields too now.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Tue, 31 Aug 2021 15:12:22 +0000 (17:12 +0200)]
Bug 28929: Add selenium tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 28929: (follow-up) Add exec flag to tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Tue, 31 Aug 2021 13:55:15 +0000 (15:55 +0200)]
Bug 28929: Prevent flags to be sent during patron's edition
* selfreg and selfmod for OPAC
* patron's edition on staff
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested OPAC and staff side. Prevents mangling flags column.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Kyle M Hall [Thu, 19 Aug 2021 14:49:34 +0000 (10:49 -0400)]
Bug 28885: Skip invalid biblios for OpacBrowseResults
If a record is deleted from Koha, but is for some reason not deleted from the search indexes, OpacBrowseResults can cause an ISE if the deleted record is in the search results for any given item. OpacBrowseResults loops through the search results, and checks if there is a biblionumber, but does *not* check to see if a result was pulled from the database for that biblionumber. It simply assumes the result must exist.
We should be checking to ensure the biblionumber was valid before operating on the biblio object.
Test Plan:
1) Use zebra for searching
2) Disable koha-indexer
3) Enable OpacBrowseResults
4) Perform a search
5) Delete an item in the search results
6) View on of the remaining items in the search results
7) Note the error
8) Apply this patch
9) Restart plack
10) Reload the page
11) The error should be gone!
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a478eb1b4f52d3fb1fa2e8526511e5eb11df1619) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b6c9ab1197f8f140ac1dbda46b7d520fe4fd6c80) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 18 Aug 2021 14:25:26 +0000 (16:25 +0200)]
Bug 28802: Fix Asset.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit bd572eccc4c5196392a8e4714706306c0d3259aa) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit a4ed8dcd16b4ebbe1123f82866cfe1416fcdf556) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Since the upgrade to Selenium 3 in bug 27055, an additional parameter is
required for get_attribute() to actually work.
https://metacpan.org/pod/Selenium::Remote::WebElement#get_attribute
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit de739259298b323bb881b62b1bc96bc9e3589496) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 04a0e973331c9210ab8324efb9fb7575148081d7) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Wed, 4 Nov 2020 14:53:57 +0000 (14:53 +0000)]
Bug 26847: Add data-categorycode to opac pages
This patch adds the data-categorycode attribute to the loggedinuser span
for all pages in the opac.
Test plan
1/ Apply first patch, varify unit test fails.
2/ Apply second patch, varify unit test now passes.
3/ Navigate to opac and login
4/ Varify that data-categorycode is present in the loggedinuser span in
the client.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit c7e228c60cfe352ccd7f1dee54990dcaa22c0240) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit db6654730e5c14bd8ef6cce15fa1a54cf801273c) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Wed, 4 Nov 2020 14:45:27 +0000 (14:45 +0000)]
Bug 26847: Add UI test for categorycode in masthead
This test adds a regression test for the addition of categorycode
into the masthead of the staff client.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 69bf6e80cf4c35601dbeea871c973c7ce3997e41) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit fac4d77e12b3e843d115fd596bd3923a4918719a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Fridolin Somers [Tue, 3 Aug 2021 08:57:10 +0000 (22:57 -1000)]
Bug 28802: Untranslatable strings in browser.js
File koha-tmpl/intranet-tmpl/js/browser.js is not parsed by translation
process, which uses koha-tmpl/intranet-tmpl/prog/js/**/*.js
We must move it to prog/js.
Test plan :
1) Perform a search on staff interface
2) Click on a result
3) Check you see records browser
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8eab53c8baa06cc429267c7d14f7a3919242a5b1) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6cd8819016ebb913ee5ed59f0b42dcb68eafc72c) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Tue, 3 Aug 2021 12:17:02 +0000 (12:17 +0000)]
Bug 28784: [20.05.x] (follow-up) Always make three search boxes
The previous patch removed search_boxes_loop - that's okay, it was always
getting the same three values.
If we don't do something in the template though, we get no boxes
Ultimately this should be a include, and not a hardcoded loop, but keeping changes
small for backporting
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Tue, 3 Aug 2021 08:58:47 +0000 (10:58 +0200)]
Bug 28784: Remove code related to num_paragraph cookie
It could lead to server freeze if set to a big value (we are pushing
into an array and so RAM is being fulfilled, and CPU is looping).
I don't understand the point of this cookie.
var numPar = $("#booleansearch fieldset p").size();
if (numPar > [% search_boxes_count | html %]){
jQuery.cookie("num_paragraph", numPar,{ path: '/'});
}else{
jQuery.removeCookie("num_paragraph", { path: '/'});
}
But "#booleansearch fieldset p" does not exist, it's not 'p' but 'div'
elements.
I've removed the code related to num_paragraph and the "Return to the
last advanced search" feature still works as before.
From this comment:
# determine what to display next to the search boxes (ie, boolean option
# shouldn't appear on the first one, scan indexes should, adding a new
# box should only appear on the last, etc.
The only bit that is not working as described is "adding a new box
should only appear on the last", but it has been working this way for
a long time already I think, and I don't see it as a bug.
Test plan:
Read the code, check that the above is correct.
Search for regression in this "return to last adv search" feature added
by bug 13307.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Sat, 5 Jun 2021 14:08:46 +0000 (16:08 +0200)]
Bug 28518: Display missing inputs for "Return to the last advanced search"
When more than 3 search terms are passed on the advanced search form,
the "Return to the last advanced search" feature does not display them.
Test plan:
Perform an adv search at the OPAC, enter more than 3 terms, launch the
search, click the "Return to the last advanced search" link and confirm
that all the entries are there.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 75d67d46ce3df59c1460df44318439c40c14451b) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit a0bd7d7c5a7b3cb6eddce02facdc0798bd9ce205) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 14 Apr 2021 18:19:40 +0000 (18:19 +0000)]
Bug 28057: Use the biblioitem's biblionumber for checking availability
The loop here gets items from the record, plus analytic items. Because of this
we need to check more than 1 record - we decide to do this via biblioitems.
We need to preserve that, but when checking ItemsAnyAvailableAndNotRestricted we
cannot assume that the biblionumber and biblioitemnumber are the same (they should be
but this may not be the best of all possible worlds)
I simply switch the call here
To test:
1 - Apply patch
2 - Test placing holds on single bibs and multiple bibs
3 - Confirm it works as expected
Signed-off-by: Petro Vashchuk <stalkernoid@gmail.com> Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8258ebe2fbf41ce3c80db08bd0b37b789af01ce0) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f570bae9f1a97c2b8ba1d4ec04f0f9e17a5b7599) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug 27942 has been written for master on top of bug 27251, and the code
differ a lot from what we have in <= 20.11.
This patch is quite ugly but it works, and is certainly the less painful
solution to fix stable branches.
Feel free to provide an alternative patch.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
(cherry picked from commit 7f9fbeb579c516f97d79faca5150a772aa3d9f1a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 28 Jul 2021 10:24:14 +0000 (12:24 +0200)]
Bug 28632: Prevent api/v1/patrons.t to fail on dates comparison
# Failed test 'Returned patron from update matches expected'
# at t/db_dependent/api/v1/patrons.t line 537.
# Structures begin differing at:
# $got->{updated_on} = '2021-07-27T13:33:53+00:00'
# $expected->{updated_on} = '2021-07-27T13:33:52+00:00'
# Looks like you failed 1 test of 42.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5d922670184c66a48de07c0e9683824364b8e0be) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 832f488744339e3c103ab5d0d6dda24c89472ea9) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug 28604: Prevent double encoding of MARC::Record::MiJ->to_mij output
This patch fixes a double-encoding issue with MiJ output.
Mojolicious' *text* renderer encodes the passed information according to
the request context. [1]
MARC::Record::MiJ->to_mij, conveniently encodes the string before
output [2].
This causes double encoding.
So the solution to this situation, is to use the *data* renderer, which
doesn't perform any encoding [3].
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/biblios.t
=> FAIL: Tests contain diacritics and fail!
3. Have a record with diacritics
4. Try the API routes for fetching a biblio:
$ curl --location --request GET 'http://localhost:8080/api/v1/public/biblios/144' \
--header 'Accept: application/marc-in-json'
(replace the record id with the one you've chosen)
=> FAIL: Boo, double encoding
5. Bonus point: you can try it on the non-public route, but you need
more configuration boilerplate (basic auth, permissions). If you look
at the fix, you will understand the tests cover it and no need to
complicate yourself.
6. Apply this patch
7. Repeat 2
=> SUCCESS: Tests pass!
8. Repeat 4 (and maybe 5)
=> SUCCESS: No double encoding! Yay!
9. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cf44929d1ce70daff550a1e803f6bfe396332dbf) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit cec90fb3c2f0ba3e867b68c2c202dc7014e68056) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
This patch introduces regression tests for the encoding issue with MiJ
output.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fc1e15029f617ac18cba8508b99159358c132724) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 083f1133d5c77444eb056c55de0acbb7204beebe) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug 28644: Fix calling borrowernumber on undefined value
If the hold is not found (e.g. already cancelled), we should
return earlier without crashing:
Can't call method "borrowernumber" on an undefined value at /usr/share/koha/C4/Reserves.pm line 521
(Note: line number from 19.11)
Test plan:
Run t/db_dependent/Reserves.t
Add a hold, go to user menu with holds in OPAC.
At the same time, cancel this hold from staff.
Now click the Cancel in OPAC.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 43e7873637c9d235a0c18ebc9ac6656f07b2aa61) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit dada7c1dfbc9ca156b1f7bce15b1230ff104881a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 23 Jun 2021 07:50:55 +0000 (09:50 +0200)]
Bug 28462: Remove line breaks in TT tags
Same as previous patch for other files.
Looks like the problem exists only with IF.
== test plan ==
1. See the problematic strings in a given language
git grep "\bIF\b" misc/translator/po | grep -v '#' | grep '\bzh-Hant-TW'
2. update the language
misc/translator/translate update zh-Hant-TW
3. Recheck the problematic strings, they aren't here anymore
4. Check the diff: git diff
and search the if's with «/-.* IF » to see how the deleted strings
look like and that it makes sense.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1ed9d5529f4f625216f3bcbfa5e8d43e56b3e0e7) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit a67953b635f3511253aee1ceab9d327b9963ab9e) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 26 May 2021 14:24:32 +0000 (16:24 +0200)]
Bug 28462: Remove TT tag on several lines - opac-advsearch.tt
It fixes the translation in case the operators have been translated
Test plan:
1. misc/translator/translate update pt-BR
2. In pt-BR-opac-bootstrap.po , find OpacAdvSearchMoreOptions
3. sabotage the translation part, like replacing IF with something else
4. misc/translator/translate install pt-BR
5. enable and use pt-BR and hit opac-advsearch.pl
6. Notice the error
Template process failed: file error - parse error - /kohadevbox/koha/koha-tmpl/opac-tmpl/bootstrap/pt-BR/modules/opac-advsearch.tt line 409: unexpected token (e) [% IF (OpacAdvSearchMoreOptions and OpacAdvSearchMoreOptions.size> 0 e extended_options) ou (OpacAdvSearchOptions and OpacAdvSearchOptions.size> 0 e n expandido_options) %] at /kohadevbox/koha/C4/Templates.pm
7. Apply the patch and redo update and install of the language
8. Note that it's now working
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f60efe6e8e647651512a6a4275e7a1ce8a6f5f37) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e2328c015f31de22eceb06ab122be251d7cd8319) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 16 Jun 2021 12:51:08 +0000 (14:51 +0200)]
Bug 28524: Escape 'rank' in cat_issues_top.pl
It's a MySQL 8 keyword
Test plan:
Turn off strict_sql_modes (there are other problems in this script)
Hit Home Reports > Most-circulated items
Submit the form
Without this patch you got:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'RANK, biblio.biblionumber AS ID, itemcallnumber as CALLNUM,
ccode as CCODE, loca' at line 1
With this patch applied you see the report result view
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ea214856d112e262f2ab7df223b6ab9bf673ee67) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit f27cfd734b78c947e60e5603f19055a9204b0ba3) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 16 Jun 2021 12:54:47 +0000 (14:54 +0200)]
Bug 28523: Escape 'rank' in bor_issues_top.pl
It's a MySQL 8 keyword
Test plan:
Turn off strict_sql_modes (there are other problems in this script)
Hit Home Reports > Patrons with the most checkouts
Submit the form
Without this patch you got:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to
use near 'RANK, borrowers.borrowernumber AS ID FROM `old_issues`
With this patch applied you see the report result view
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 3a3537fd9333636aa0e52b06447ad3f74798dace) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
(cherry picked from commit 369c720beb56925871281b4edfd16f81410772cf) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Mason James [Sun, 6 Dec 2020 05:33:58 +0000 (18:33 +1300)]
Bug 28476: Update info in docs/teams.yaml file
to test...
1/ apply patch
2/ view 'about' page to confirm info is updated
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Looks good.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 28476: Update info in docs/teams.yaml file (2)
oops, correct info
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d544d09a3eba15b24836c74e69c298e207921ce6) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 8f2d00d63b97392680c87db0005f45d068e3d163) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
This patch makes the route set the 'updated_by' attribute as well, when
resolving a return claim through the API.
Tests are added for this behavior.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/return_claims.t
=> SUCCESS: Tests pass! updated_by is set correctly!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 343bf361e0417f10f79daff767c38c076d039b23) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ab02ae9c43dbbfda0bc977cbe952ebb01e0a0056) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug 28586: Pass the right parameter to resolve claim
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f0c208bca84033ecfbeb51ca8e5dea75a8f80f2e) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 513a471f1f4ea54ad2af59323802fee8bbb2bebd) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Tue, 25 May 2021 12:59:31 +0000 (13:59 +0100)]
Bug 28442: Fix 'accessibility_advocate' for current release
The accessibility_advocate block was positioned incorrectly so wasn't
appearing properly for the current stable releases, only the
development/maintainter block.
This patch fixes that issue
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3b427d79d69579d78a6bb2784edacc64aa781934) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d7b4067d11d2c2301866ec63c0a94a6ce4845384) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Tue, 25 May 2021 08:29:48 +0000 (09:29 +0100)]
Bug 28442: Update template for new roles
We have multiple accessibility advocates this cycle, so we needed to
adapt the template. I've also added the meeting facilitator as a case
but not added to the team block as a whole.. seeking opinions, perhaps
wait and see if it lasts more than a cycle before adding it fully?
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 16abe0f5321bc7165c1bf7051d6fa53f7608e0ec) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 8d13b6bdfcf24b5ad2236ab53d5dd488f63bf6d1) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Eden Bacani [Wed, 20 Jan 2021 22:24:05 +0000 (22:24 +0000)]
Bug 27495: Added Accessibility advocate role in team page
Test Plan
1. Click on 'About Koha' from the home page
2.Check on the Koha Team page that the role Accessibility advocate is
listed under the Koha release teams and that the name of the person with
the role appears.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 638f5106352fc1c5a758af06061a68f65264b791) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b9f51b4ced6e4e9ff9237fdc95410c8f966d629d) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
David Cook [Fri, 21 May 2021 06:52:25 +0000 (06:52 +0000)]
Bug 28409: Comprehensively validate category in opac-shelves.pl
Default to a category of 1 (ie Private). Only allow input of 1
or 2 (ie Public)
== Test plan ==
1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}()
2. Note that you are redirected to another website
3. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?op=add&shelfname=foo&category=9
4. Note that you can't see this list in the Lists (but it has been added to the database)
5. Apply the patch & restart services
6. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}()
7. Note that you are not redirected to another website
8. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?op=add&shelfname=bar&category=9
9. Note that "bar" has been added as a Private list
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Tue, 25 May 2021 12:59:31 +0000 (13:59 +0100)]
Bug 28442: Fix 'accessibility_advocate' for current release
The accessibility_advocate block was positioned incorrectly so wasn't
appearing properly for the current stable releases, only the
development/maintainter block.
This patch fixes that issue
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3b427d79d69579d78a6bb2784edacc64aa781934) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d7b4067d11d2c2301866ec63c0a94a6ce4845384) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Tue, 25 May 2021 08:29:48 +0000 (09:29 +0100)]
Bug 28442: Update template for new roles
We have multiple accessibility advocates this cycle, so we needed to
adapt the template. I've also added the meeting facilitator as a case
but not added to the team block as a whole.. seeking opinions, perhaps
wait and see if it lasts more than a cycle before adding it fully?
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 16abe0f5321bc7165c1bf7051d6fa53f7608e0ec) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 8d13b6bdfcf24b5ad2236ab53d5dd488f63bf6d1) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Eden Bacani [Wed, 20 Jan 2021 22:24:05 +0000 (22:24 +0000)]
Bug 27495: Added Accessibility advocate role in team page
Test Plan
1. Click on 'About Koha' from the home page
2.Check on the Koha Team page that the role Accessibility advocate is
listed under the Koha release teams and that the name of the person with
the role appears.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 638f5106352fc1c5a758af06061a68f65264b791) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b9f51b4ced6e4e9ff9237fdc95410c8f966d629d) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 19 May 2021 09:10:25 +0000 (11:10 +0200)]
Bug 28386: Add history_notes
The "developer" lines of history.txt will be regenerated using the git
history so we need to add this as a separate info.
See the release_tools changes for more info
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d7a6bd08ba4288b9d203a33d4201c4d85477524c) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d2a95e92a4e28d4a7e56cc84de9c1509e0ec2d9a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 19 May 2021 06:09:45 +0000 (08:09 +0200)]
Bug 28386: Remove unknown authors
Those 3 authors are not in the git history, we should remove them from
the author list.
However we could re-add them to the contributor list with a note saying
for instance they were part of the Catalyst Academy (need to double
check that first)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 6a701b363fe807389c49358c43bc33d61282e685) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 47dd9f1cedf74f3973b3445c5c2ab67c81782743) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1e677a8755dfa4b5df3ff8df8f2644aedf388eb3) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e98c8cb707d7a23d6b61cfa3f3960b2fc3b5a026) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 2 Jun 2021 15:20:08 +0000 (15:20 +0000)]
Bug 28503: Compare item homebranch to patron branch when hold policy set to 'from_home_library'
This fixes an issue in the way we calculate the check for hold policy 'from_home_library'
Currently we change the comparison based on ReservesControlBranch, however, that should
only control the rule we fetch, not how we compare
When ReservesControlBranch is set to "patron's home library" we compare the patron's branch to
the patron's branch, this is useless and means we pass the check for all branches all of the time
We should instead compare the patron's branch to the item's branch, and only fetch the rule using ReservesControlBranch
To test:
1 - Have a record with an item from library A and library B
2 - Set the 'Default checkout, hold and return policy'->Hold policy->From home library for all libraries
and ensure you have no branch specific/itemtype specific rules set
3 - Attempt to place a hold on the record for a patron from library B
4 - Note that only the library B item is holdable - place a title level hold (do not choose an item)
5 - Check in the item from library A
6 - It fills the hold - This is incorrect - ignore the hold
7 - Apply patch
8 - Restart all the things
9 - Check in the item from library A
10 - No hold found
11 - Check in the item from library B
12 - Hold found, correctly
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 28503: Clarify what ReservesControlBranch controls
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 19660a25fa9421373a41fb6aba71215d71c541be) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6413921700f5b2929aff7de092dfb9d5523754df) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 2 Jun 2021 15:05:08 +0000 (15:05 +0000)]
Bug 28503: Unit tests
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a4cdeaae3f82ea47fe3fba5e79f419e6911fb524) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 77515dbb4db68dd40b058834b2293ad704b5e2bc) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 9 Jun 2021 17:59:59 +0000 (17:59 +0000)]
Bug 28538: Insert formatted date if valid
This patch restores the setting of the date from bug 27937 and adds a parsing of the date to
ensure the correct format
To test:
1 - Follow test plan from bug 27937 - it fails
2 - Follow test plan from bug 28351 - it succeeds
3 - Apply patch
4 - Repeat 1-2
5 - both plans pass now
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c43047968c31a918923aa4ef89fd56be2fcf54ec) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit a00bb70c9848179d41945a91f020ed39d8468186) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Fri, 4 Jun 2021 10:19:18 +0000 (12:19 +0200)]
Bug 28487: Fallback to default template in overdue_notices
There is no fallback to the "default" language if there is no
language-specific template for the lang of the patron.
I am not really sure why we are not using GetPreparredLetter here (which
defaults), but this needs to be backported into all stable branches and
so as small as possible.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 09fcc66ab89dd2c084dfe20d4b4dc43a5335b86a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0f9066903e64aa9eb6214beade0921962bd8d6db) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Fri, 28 May 2021 12:02:19 +0000 (12:02 +0000)]
Bug 28482: Refresh line from DB to get stored value
Before checking if the amount is 0 we get the stored value from the DB. This
ensures any amounts beyond the 6 digit precision we store will be removed.
To test:
1 - Add a processing fee of 15 to an itemtype
2 - Add an item of that type, set the replacement fee to 12.63
3 - Set MarkLostItemsAsReturned to 'On payment' only
4 - Set WhenLostChargeReplacementFee to 'Charge'
5 - Checkout the item to a patron
6 - Mark the item lost
7 - Reload patron and confirm they are charged 27.63
8 - Go to accounting, pay amount, pay 27.63
9 - Item is still lost and not returned
10 - Apply patch
11 - Checkin the item
12 - Checkout to another patron
13 - Mark lost
14 - Patron charged 27.63
15 - Pay amount, 27.63
16 - Item returned!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c4e2f4c7180a1c4c287d11d2f2d8c635de81df38) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1739543148e910a8c8d9a488a1d2b8ed304d67f0) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Fri, 28 May 2021 12:02:09 +0000 (12:02 +0000)]
Bug 28482: Unit test
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1df303de77bbaa555b9dc8c0349fae8fb2990c4f) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c832ac3cae416c7bb6fdd19b18735e06d13afb19) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
JD Amended patch
<p>The included <a href="https://github.com/OAI/OpenAPI-Specification/blob/master/schemas/v2.0/schema.json">api/swagger-v2-schema.json</a> file is licensed under the[-the-] <a href="https://github.com/OAI/OpenAPI-Specification/tree/master/schemas/v2.0">Apache License, Version 2.0</a>, by the <a href="https://www.openapis.org/about">OpenAPI Initiative [-(OAI)</a></p>-]{+(OAI)</a>.</p>+}
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9e4eb6cbd19342cb1b64c00175d646b29558fe71) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Mon, 10 Aug 2020 08:59:46 +0000 (10:59 +0200)]
Bug 23653: Remove uneeded cond test
rel_file returns the path anyway
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 58a30f1b44c700f461a9f5028dfab2d7f7048375) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
David Cook [Wed, 1 Jul 2020 02:26:01 +0000 (02:26 +0000)]
Bug 23653: use local copy of swagger v2 schema
By default, JSON::Validator::OpenAPI tries to fetch the
swagger v2 schema from http://swagger.io/v2/schema.json.
If you've installed from CPAN, JSON::Validator::OpenAPI will
come with a cached copy, so it won't try to fetch it over HTTP.
However, if you've installed from libjson-validator-perl
from Debian/Ubuntu, the Debian package excludes the cached copy,
so JSON::Validator::OpenAPI tries to fetch it over HTTP.
Unfortunately, today and other days in the past, the file at
http://swagger.io/v2/schema.json has been unavailable, and this causes
Koha to crash in a perpetual loop.
This patch includes a copy of the swagger v2 schema, and it loads
it locally rather than fetching over HTTP.
The changes to Koha/REST/Plugin/PluginRoutes.pm are not required,
since the validator isn't currently called there, but I've added
a patch to future proof it.
To Test:
0a) Remove /usr/share/perl5/JSON/Validator/cache/36d1bd12eeed51e86c8695bd8876a9df
if it exists
0b) Block external access to http://swagger.io/v2/schema.json or
test during an outage when it's unavailable
0c) Do not apply patch
1) koha-plack --restart kohadev
2) Note that it crashes in a loop and is unavailable in web browser
3) Apply patch
4) koha-plack --restart kohadev
5) Note that Koha comes up and there are no errors in the Plack logs
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit e0a4bad3fccb67b9459b0e245d4f9647c2b3b428) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Tue, 6 Oct 2020 15:56:16 +0000 (17:56 +0200)]
Bug 26621: Adjust .mailmap to reduce the number of invalid authors
This file is a nightmare, really. We should simplify it and order it correctly.
Letting it here for now, I'd like to run the gitstats command on it to double check the output.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
JD: Amended patch: remove dup occurrences for Brendan
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 122a2c58ff61c831b9de633ed01a6986fabaa7b0) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Fri, 4 Sep 2020 16:25:45 +0000 (18:25 +0200)]
Bug 26394: Update .mailmap
The .mailmap file used to generate the stats is different from the one we have in our repo. It's much more complete and should be integrated into Koha.
Test plan:
Confirm that the different mappings are correct
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 51fd1db1cf8ee39d74be436d4bab83955a3c8a18) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug 28364: Make log4perl.conf belong to the instance user
This patch makes koha-create generate the log4perl.conf file for the
instance, belonging to the instance user. This is done in order to have
the z3950 responder work.
My original idea was to make the responder accept a '-g' parameter but
that is not supported by Net::Z3950::Responder. Also, as the library
insists on handling the PID file on its own, it wont' work to handle the
responsability to start-stop-daemon. The only solution I found was
making the fiel be owned by the instance user.
1. Create a Koha instance:
$ koha-create --create-db test
2. Initiate all the things
3. Enable and start the z3950 responder
$ koha-z3950-responder --enable test
$ koha-z3950-responder --start test
4. Try doing some search:
$ yaz-client localhost:2100
=> FAIL: you get:
Connecting...OK.
Sent initrequest.
Target closed connection
Z> quit
See you later, alligator.
=> FAIL: No warning or anything on the logs
5. Stop the daemon
$ koha-z3950-responder --stop test
6. Run it manually:
$ PERL5LIB=/usr/share/koha/lib KOHA_CONF=/etc/koha/sites/test/koha-conf.xml \
/usr/bin/perl /usr/share/koha/bin/z3950_responder.pl \
-c /etc/koha/sites/test/z3950 -u test-koha \
-p /var/run/koha/test/z3950-responder.pid -d test-koha-z3950
7. Repeat the 4, on a separate terminal (no daemon mode this time)
=> FAIL: You get:
Cannot open /etc/koha/sites/test/log4perl.conf (Permission denied) at /usr/share/perl5/Log/Log4perl/Config/BaseConfigurator.pm line 51.
8. Change the file owner:
$ chown test-koha /etc/koha/sites/test/log4perl.conf
9. Repeat 6, and 4
=> SUCCESS: It doesn't break anymore!
10. Apply this patch
11. Create a new instance, with the patched koha-create:
$ debian/scripts/koha-create --create-db test1
12: Check the generated files permissions:
$ ls -l /etc/koha/sites/test2
=> SUCCESS: You get:
-rw-r----- 1 root test2-koha 19720 May 17 13:26 koha-conf.xml
-rw-r----- 1 test2-koha test2-koha 2825 May 17 13:26 log4perl.conf
-rw-r----- 1 root test2-koha 2014 May 17 13:26 zebra-authorities-dom.cfg
-rw-r----- 1 root test2-koha 2279 May 17 13:26 zebra-biblios-dom.cfg
-rw-r----- 1 root test2-koha 26 May 17 13:26 zebra.passwd
13. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Ere Maijala <ere.maijala@helsinki.fi> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 79fe1a6ab9fe8720f1be3d3a7edb4162adae7ffe) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit c29595d4fdfcb87f70792b35dfd3d38db5167fe7) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
This patch fixes the value of a hidden input that was mistakenly
changed and prevents search all headings from working.
To test:
1. Open the authorities section in the OPAC
2. Choose the 'Search all headings' tab
3. Search for 'a'
=> FAIL: No results
4. Empty the search box, and make sure 'Search all headings' is selected
=> SUCCESS: There are authority records
5. Apply this patch
6. Reload the page
7. Retry 3 and 4
=> SUCCESS: Searching is back!
8. Sign off :-D
Sponsored-by: Asociación Latinoamericana de Integración Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 69fb1be22d42bdfe1421b4e23ea783c858ec23d2) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0f89e7023b27eb34883fd874c331f985953460ca) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Thu, 20 May 2021 06:34:48 +0000 (08:34 +0200)]
Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl
== Test plan ==
1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}()
2. Note that you are redirected to another website
3. Apply the patch & restart services
4. Repeat the above and you are not redirected
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Nick Clemens [Thu, 17 Sep 2020 18:34:21 +0000 (18:34 +0000)]
Bug 15720: Add connexion user and password options to connexion daemon
Currently the connexion daemon does not utilize the user and password passed in the requests, it expects a
user and password to be defined in the config file and for that user to be a valid Koha user with
cataloging permissions.
With that user in place all requests to the daemon are authorized.
As the connections are over TCP we allow defining a new connexion user and password to protect Koha account information.
If not defined current behaviour is preserved. Connexion user and password must both be set it either is set.
To test:
1 - Create connexion file and save on the Koha serve
2 - perl misc/bin/connexion_import_daemon.pl -c /kohadevbox/koha/connexion.cnf
3 - Ensure the user specified above (connexuser) exists and has edit catalogue permissions
4 - In another terminal make a request to the server:
echo -en 'U6turtleA9connexionP5shell00024 a62clear00024 4500' | nc -v localhost 8888
5 - The request should succeed and record added to batch (probably the import fails, but not important)
6 - Add to config file
connexion_user:conuser
7 - Stop and restart the daemon - it should fail on missing connexion_password
8 - Comment out connexion_user and add
connexion_password:conpass
9 - Stop and restart daemon, it fails on missing connexion_user
10 - Uncomment the user and restart
11 - Make another request
echo -en 'U6turtleA9connexionP5shell00024 a62clear00024 4500' | nc -v localhost 8888
12 - It fails 'Unauthorized request'
13 - Make another request
echo -en 'U7conuserA9connexionP7conpass00024 a62clear00024 4500' | nc -v localhost 8888
14 - It succeeds!
Signed-off-by: Allison Blanning <ablanning@hotchkiss.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>