]> git.koha-community.org Git - koha.git/log
koha.git
7 years agoTranslation updates for Koha 16.05.12
Mason James [Mon, 3 Apr 2017 16:15:43 +0000 (04:15 +1200)]
Translation updates for Koha 16.05.12

7 years agoBug 15854: Use a READ and WRITE LOCK on message_queue
Jonathan Druart [Thu, 9 Feb 2017 11:44:38 +0000 (12:44 +0100)]
Bug 15854: Use a READ and WRITE LOCK on message_queue

To make sure we will not never get a race conditions for these kinds of
notices, we need to add a LOCK on the message_queue table.

This does not smell the best way to do that, but I faced deadlock issues
when I tried to use "UPDATE FOR"

https://dev.mysql.com/doc/refman/5.7/en/innodb-locking-reads.html
https://dev.mysql.com/doc/refman/5.7/en/lock-tables.html
https://dev.mysql.com/doc/refman/5.7/en/commit.html

To test this patch, or another solution, you need to apply manually this
change:

         my $message = C4::Message->find_last_message($borrower, $type, $mtt);
         unless ( $message ) {
+            sleep(1);
             C4::Message->enqueue($letter, $borrower, $mtt);
         } else {

And repeat the test plan from first patch.
Do not forget to truncate the message_queue table.

Followed test plans, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit be156d9ad9e5bcfadab34d44f90e04fd61e256ad)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 15854: Simplify the code to limit race conditions
Jonathan Druart [Thu, 9 Feb 2017 11:13:07 +0000 (12:13 +0100)]
Bug 15854: Simplify the code to limit race conditions

There is an obvious race condition when CHECKIN and RENEWAL are
generated from circulation.pl calling svc/renew or svc/checkin in AJAX.

The 2 first queries will try to get the id of the last message
(find_last_message) and if it does not exist, they will insert it.
Theorically that could be lead to have several "digest" messages for a
given patron.
I did not recreate more than 2 messages, from the third one at least one
of the two firsts existed in the DB already.

This patch just simplifies the code to make the SELECT and INSERT or
UPDATE closer and limit the race condition possibilities.

Test plan:
0. Set RenewalSendNotice and circ rules to have a lot of renewals available
1. Use batch checkouts (or one by one) to check out several items to a
patron
2. Empty message_queue (at least of this patron)
3. Renew them all at once ("select all" link, "renew or check in"
button)
4. Check the message_queue
Without this patch you have lot of chances to faced a race condition and
get at least 2 messages for the same patron. This is not expected, we
expect 1 digest with all the messages.
With this patch apply you have lot of chances not to face it, but it's
not 100% safe as we do not use a mechanism to lock the table at the DBMS
level.

Tested both patches together, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 607b14516a955c9989e4764c69527edbc1f36ba0)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17605: [STABLE] Add currency to orders generated by quotes
Colin Campbell [Wed, 9 Nov 2016 14:37:33 +0000 (14:37 +0000)]
Bug 17605: [STABLE] Add currency to orders generated by quotes

Sets the vendors currency in the edi generated order
The currency used is agreed between vendor and library
and the value in the quote is optional

Edifact potentially allows the currency to be overwitten
by specifying another currency in the CUX segment but
we know currently of no supplier doing this

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
7 years agoBug 18010: Remove potential exposure from gettemplate
Marcel de Rooy [Sun, 29 Jan 2017 14:40:14 +0000 (15:40 +0100)]
Bug 18010: Remove potential exposure from gettemplate

A similar bad template check from C4::Auth::get_template_and_user
should be applied in C4::Templates::gettemplate.

Before this patch it would be possible to expose files like:
my $template = C4::Templates::gettemplate(
    '/etc/passwd', 'intranet', CGI::new, 1
);
print $template->output;

Note that the is_plugin flag in the above call is the culprit. This patch
provides a quick security fix without touching get_template_and_user, and
can be backported to stable branches.
I will provide an enhanced and centralized check on report 17989, also
removing the is_plugin flag.

Note: We allow .pref here too for use in admin/preferences.pl.

Test plan:
[1] Run t/db_dependent/Auth.t (triggering get_template_and_user and
    gettemplate).
[2] Run t/db_dependent/Templates.t again (see first test plan).
    The tests should no longer fail.
[3] Open a page on opac or intranet.
[4] Open a systempreferences tab.
[5] Add a book to the cart and send it ([opac-]sendbasket uses gettemplate).

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit fbbd4b40f0d71b79194fc186e66f985488be26c6)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18010: Unit test for gettemplate
Marcel de Rooy [Sun, 29 Jan 2017 14:52:22 +0000 (15:52 +0100)]
Bug 18010: Unit test for gettemplate

A trivial test, similar to the ones in Auth.t.
Without the check in gettemplate (added in the second patch), the passwd
file will be exposed and the test fails.

Test plan:
Run t/db_dependent/Templates.t without second patch. The two tests in the
last subtest should fail.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 5508897d5a2b73c30d50fed26a6bfed62bf49398)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Conflicts:
t/db_dependent/Templates.t

7 years agoBug 18028: Remove outdated install_misc directory
Jonathan Druart [Wed, 1 Feb 2017 11:42:43 +0000 (12:42 +0100)]
Bug 18028: Remove outdated install_misc directory

This directory is no longer maintained and contain outdated information
on how to install Koha.
On the Internet there are tutos using them and that can create confusion
to new user (yes it could be confusing as well to execute a file that
does no longer exist).

NOTE: last tweak was mid 2016, but before that 2015. So I agree with
      the deletion.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit a6f50cbcb92c2575eb31e906ea54bf0386654906)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18069: Remove residue of rebuild_zebra -x
Jonathan Druart [Tue, 7 Feb 2017 08:10:42 +0000 (09:10 +0100)]
Bug 18069: Remove residue of rebuild_zebra -x

Bug 17731 removed the -x option of rebuild_zebra but koha-rebuild-zebra
still cals the script with this option.

"Warning: You passed -x which is already the default and is now deprecated"

Test plan:
sudo koha-rebuild-zebra -f
should no longer raise the warning

Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit fe898bc641b6d76d7b869654dce4ec21e219daf8)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18094: Only search in searchable patron attributes if searching in standard fields
Jonathan Druart [Tue, 14 Feb 2017 15:22:40 +0000 (15:22 +0000)]
Bug 18094: Only search in searchable patron attributes if searching in standard fields

Test plan:
- Add a new patron attrbute and mark it searchable
- Populate a new patron with 'potato' in that field
- Add/edit another patron to have email potato@invalidemail.com'
- Perform a patron search with query 'potato' (in standard fields)
=> Both patrons are returned
- Perform a patron search with filters 'Email' and query 'potato'
=> Only 1 patron is returned and you are redirected to the patron detail page.

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 5823d4ca6a71404d502eeb7f1bf5dd152fd98e22)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18094: Add tests to highlight the problem
Jonathan Druart [Tue, 14 Feb 2017 15:19:25 +0000 (16:19 +0100)]
Bug 18094: Add tests to highlight the problem

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit f86500351af0a1a4d1593eb2aa689b8ec52bc401)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Conflicts:
t/db_dependent/Utils/Datatables_Members.t

7 years agoBug 18246: Patron card creator: Unit not always displays properly in layouts
Marc Véron [Sat, 11 Mar 2017 18:17:37 +0000 (19:17 +0100)]
Bug 18246: Patron card creator: Unit not always displays properly in layouts

To reproduce:

1) Create a new layout
2) Select an unit in "Units selection"
3) Save
4) Edit layout again
5) Select other unit, e.g. 'SI Centimeter'
6) Save
7) Repeat
8) Edit again
Error: Latest unit seems to stick and can no longer be changed, because
in units drop down, multiple untis are marked as selected.

To test:
1) Apply patch
2) Repeat steps above, verify that value for units always display as expected.

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 37da40b323d8bc012724510fe4839dcb908c2b3b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 8603: Patron card creator - 'Barcode Type' doesn't stick in layouts
Marc Véron [Sat, 11 Mar 2017 16:18:10 +0000 (17:18 +0100)]
Bug 8603: Patron card creator - 'Barcode Type' doesn't stick in layouts

To reproduce:

1. Make a new layout
2. Tick "Print card number as barcode"
3. Change 'Barcode Type' to anything other than Code39
4. Save
5. Edit it again
6. Its back to Code39

To test:
1. Apply patch
2. Repeat steps above
3. Verify that 'Barcode type' is selected as expected

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
https://bugs.koha-community.org/show_bug.cgi?id=18063

https://bugs.koha-community.org/show_bug.cgi?id=8063

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 20ad341eefc555e0cf2b0f2862347e8a48b28935)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18305 - jquery.fixFloat.js breaks advanced MARC editor
David Gustafsson [Mon, 20 Mar 2017 14:13:13 +0000 (15:13 +0100)]
Bug 18305 - jquery.fixFloat.js breaks advanced MARC editor

Remove use of ECMASCRIPT 2015 default parameter syntax in
jquery.fixFloat.js to be compatible
with a wider range of browser versions.

Test plan:
  1. Usa a not so modern browser, for example Chrome/Chromium < 49, any version of IE
  besides Edge, Opera, or Firefox < 15.0.
  2. Edit a bibliographic record in staff client and try switching to
  advanced MARC editor (check console, no errors should appear).

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit a649958315c98500ebe0ea3f91c05a8067d54e58)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoAdd release notes for the 16.05.11 release v16.05.11
Mason James [Fri, 17 Mar 2017 13:27:40 +0000 (02:27 +1300)]
Add release notes for the 16.05.11 release

7 years agoTranslation updates for Koha 16.05.11
Mason James [Fri, 17 Mar 2017 13:17:58 +0000 (02:17 +1300)]
Translation updates for Koha 16.05.11

7 years agoIncrement version for 16.05.11 release
Mason James [Fri, 17 Mar 2017 13:07:00 +0000 (02:07 +1300)]
Increment version for 16.05.11 release

7 years agoBug 18275: Do not rely on CGI param userid to log a user in if auth is not required
Jonathan Druart [Wed, 15 Mar 2017 17:52:49 +0000 (14:52 -0300)]
Bug 18275: Do not rely on CGI param userid to log a user in if auth is not required

From opac/opac-memberentry.pl, authnotrequired is set.
That means a patron can access the page without being logged in. It is
used on this page for the self registration feature.

From C4::Auth::get_template_and_user, we have
  $userid = $q_userid;
$q_userid is previously set to the 'userid' CGI param.

We end up here if authonotrequired is set AND CGISESSID does not exist.

Test plan:
- Run:
  $ prove t/db_dependent/Auth.t
=> FAIL: Regression test for checkauth fails
- Apply this patch
- Run:
  $ prove t/db_dependent/Auth.t
=> SUCCESS: Tests pass.
- Sign off :-D

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18275: Regression test
Tomas Cohen Arazi [Thu, 16 Mar 2017 12:23:24 +0000 (09:23 -0300)]
Bug 18275: Regression test

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 16202: GetIssuingCharges should return a collectable amount
Colin Campbell [Tue, 5 Apr 2016 11:56:24 +0000 (12:56 +0100)]
Bug 16202: GetIssuingCharges should return a collectable amount

Charges should not include elements less than a penny/cent
they are not displayed but can be saved to the database
causing "odd" behaviour down the line

Make the routine round the resultant charge to nearest cent,
so consistent values are returned.
Removed the one case where it was rounded post call.
Although the main danger is values generated by the discount
calculation apply the rounding to all returned charges in case
the item charge is defined using the 3rd or 4th decimal
places.

NOTE: prove -v t/db_dependent/Circulation.t triggers the change.
      Though, all the returned amounts are 0.00 only.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d84ed89557e2c921f261b1c620434d432dcbd3f7)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 7143: Replace Santallan by Santellan
Marcel de Rooy [Thu, 19 Jan 2017 14:43:38 +0000 (15:43 +0100)]
Bug 7143: Replace Santallan by Santellan

Missed one typo in about.tt.
Can go along with the next patch here.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 13de29ad4465b964e37d4f460f5c9145e23939a1)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/about.tt

7 years agoBug 18122 - Audio alerts: Add hint on where to enable sounds
Marc Véron [Wed, 15 Feb 2017 09:24:56 +0000 (10:24 +0100)]
Bug 18122 - Audio alerts: Add hint on where to enable sounds

This patch adds a hint to page Home > Administration > Audio alerts
and related help page about where to enable the sound system
(syspref 'AudioAlerts').

To test:
- Apply patch
- Disable syspref 'AudioAlerts'
- Go to Home > Administration > Audio alerts
- Note hint below title 'Audio alerts'
- Enable syspref 'AudioAlerts'
- Go to  Home > Administration > Audio alerts
- Hint is no longer visible (since audios are enabled)
- Open Help page (top right)
- Verify that hint on help page makes sense.

Amended to add alert class as requested by comment #2 2017-02-21 mv

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b6cb18c4a8292cabe5fd611b349b51d5c79b5fe4)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17840: adding classes to notes in checkouts
Emma Smith [Tue, 17 Jan 2017 03:23:18 +0000 (03:23 +0000)]
Bug 17840: adding classes to notes in checkouts

Test Plan
1) Add an internal and a public note to an item.
2) Check out the item.
3) Verify that both notes are shown in between title and barcode in the
second column of the details table.
4) Verify there is an empty class="" in the HTML source code for each
5) Apply patch and refresh page
6) View page source, confirm that class has been changed

I tested this by first applying the patch for bug 17919 to catch the
check-in software error. Patch working as expected :)

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 257c1793420108f1cb5efdec7bf03649d41940a0)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 13968: Follow up - Clean HTML tags for hints
Mark Tompsett [Tue, 21 Feb 2017 18:13:02 +0000 (13:13 -0500)]
Bug 13968: Follow up - Clean HTML tags for hints

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e9d5615e70056cd887b9471827611a78275016ab)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 13968 - Branch email hints are misleading
Marc Véron [Sat, 18 Feb 2017 16:15:06 +0000 (17:15 +0100)]
Bug 13968 - Branch email hints are misleading

This patch replaces missleading notes with Reply-To and Return-Path fields
to reflect indicate falback values if they are empty (ReplyToDefault and
ReturnpathDefault system prefs).

To test:
- Apply patch
- In Home > Administration > Libraties and Groups, edit a library
- Verify that hints display for fields Reply-To and Return-Path, indicating
  their default values.

Amended to remove extra </li> - 2017-02-21 mv

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b2eb6109ff308de7d2bc9338d708ac7fe9b6e3d7)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17260: DBRev 16.05.10.001
Katrin Fischer [Sun, 12 Mar 2017 22:09:39 +0000 (23:09 +0100)]
Bug 17260: DBRev 16.05.10.001

7 years agoBug 17260: updatedatabase.pl fails on invalid entries in ENUM and BOOLEAN columns
Blou [Fri, 27 Jan 2017 16:51:26 +0000 (16:51 +0000)]
Bug 17260: updatedatabase.pl fails on invalid entries in ENUM and BOOLEAN columns

The loading of file admin/searchengine/elasticsearch/mappings.yaml
specifies 'type' as empty, which fails with Mysql 5.7+ which is more
stringent.

Also, forcing an empty value into a boolean also fails.

Both issues arise when updatedatabase.pl hit 3.23.00.050.

NOTE: both issues could also be resolved by actually setting values in
      the load file. This doesn't make this solution incorrect, though.

To Test/reproduce:
-1) Happens with Mysql 5.7.4.  Maybe earlier, but certainly at
    that point. Use a Xenial kohadevbox to more easily test.
0) Find a database on 3.22 or earlier, save it.
    a) place
           sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
       into the [mysqld] section of /etc/mysql/mysql.conf.d/mysqld.cnf
    b) restart you mysql server
    c) drop the db and recreate it
    d) checkout the 3.22.x branch
    e) do a web install
    f) remove the added sql_mode
    g) restart the mysql server
1) Set your code base to master
2) run updatedatabase.pl
3) See the errors on 3.23.00.050
4) Apply the patch
5) Reload the 3.22 db.
   a) repeat steps 0(a)-0(g)
   b) don't forget the caching issues
6) succeed with updatedatabase.pl
7) drop the db and recreate it
8) run the web installer
9) notice no issues either.
10) run koha qa test tools

NOTE: This bug only solved the upgrade portion.
      I added the kohastructure.sql change as well.
      I confirmed that all the code changes were
      triggered with this test plan.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Mehdi Hamidi <mehdi.hamidi@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 77337a2ab537843eab70cc06b8bc2531ad2014dc)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17947: Searching my library first shows the branchcode by the search bar rather...
Aleisha Amohia [Mon, 23 Jan 2017 22:32:39 +0000 (22:32 +0000)]
Bug 17947: Searching my library first shows the branchcode by the search bar rather than branchname

Test Plan
1: Turn on SearchMyLibraryFirst and go into OPAC
2: It should say Search (in <Branch Code> Only)
3: Apply patch and refresh page. It should now say Search (in <Library Name> only)

Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e8420b5d80558a8a74f7f6a1421352dcad2c9c88)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17895: 'Re-set' typo fix
Aleisha Amohia [Fri, 13 Jan 2017 00:19:48 +0000 (00:19 +0000)]
Bug 17895: 'Re-set' typo fix

To test:
1) Log into OPAC and go to change your password
2) Enter current password incorrectly and click Submit changes
3) Observe error message and typo 're-set'
4) Apply patch and refresh page
5) May be asked to resend data - if so, click Resend, if not, repeat
step 2
6) Observe error message and corrected spelling of 'reset'

Sponsored-by: Catalyst IT
Signed-off-by: Caitlin Goodger <caitlingoodger.student@wegc.school.nz>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 86ec263b2d0994ecb53ff283ef246b529d4570e2)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18018 - WWW:CSRF is missing in PerlDependencies.pm v16.05.10
Mirko Tietgen [Tue, 31 Jan 2017 08:09:48 +0000 (09:09 +0100)]
Bug 18018 - WWW:CSRF is missing in PerlDependencies.pm

WWW:CSRF is missing in PerlDependencies.pm and so
libwww-csrf-perl is missing in PerlDependencies.pm
missing in debian/control.

This patch adds both.

NOTE: Tested on top of 17111.
      Checked
      ./koha_perl_deps.pl -m -u
      before and after. Control file eyeballs well.
      git diff origin/master -- debian/control
      does not differ in this change. :)

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17111: Update control file for 16.05
Mirko Tietgen [Tue, 31 Jan 2017 06:44:56 +0000 (07:44 +0100)]
Bug 17111: Update control file for 16.05

https://bugs.koha-community.org/show_bug.cgi?id=17111

NOTE: Correctly adds/removes dependencies in debian/control

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18119: Fix comment in cataloguing.js
Josef Moravec [Wed, 15 Feb 2017 06:52:32 +0000 (06:52 +0000)]
Bug 18119: Fix comment in cataloguing.js

Test plan:
Go to cataloging, and try something which depends on javascript -
collapse/uncollapse fields, open authority search window, ...
    -> without patch it is not working
    -> with patch it is working correctly

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoAdd release notes for the 16.05.10 release
Mason James [Thu, 23 Feb 2017 21:38:28 +0000 (10:38 +1300)]
Add release notes for the 16.05.10 release

7 years agoBug 17913: [16.11.x] followup
Josef Moravec [Wed, 8 Feb 2017 20:45:51 +0000 (20:45 +0000)]
Bug 17913: [16.11.x] followup

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17913: [16.05.x] Authority merge fix
Marcel de Rooy [Mon, 23 Jan 2017 13:06:48 +0000 (14:06 +0100)]
Bug 17913: [16.05.x] Authority merge fix

[PUSHED_17.05]

Squashed into one patch for 16.05.x

Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17782: deletedborrowers.updated_on should be set to current timestamp
Julian Maurice [Thu, 9 Feb 2017 09:51:24 +0000 (10:51 +0100)]
Bug 17782: deletedborrowers.updated_on should be set to current timestamp

Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoIncrement version for 16.05.10 release
Mason James [Wed, 22 Feb 2017 21:37:19 +0000 (10:37 +1300)]
Increment version for 16.05.10 release

7 years agoTranslation updates for Koha 16.05.10
Mason James [Wed, 22 Feb 2017 15:46:59 +0000 (04:46 +1300)]
Translation updates for Koha 16.05.10

Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17852 Follow up.Multiple URLs (856) in list email are broken
Caitlin Goodger [Thu, 19 Jan 2017 00:54:24 +0000 (00:54 +0000)]
Bug 17852 Follow up.Multiple URLs (856) in list email are broken

This is a follow-up to my previous patch. This fixes it on the OPAC and
the previous one was from the intranet
Test Plan
1: Add multiple urls to a biblographic record
2: Add the biblographic record to a list and then email it from the OPAC
3: See that the links are broken and have been merged into one.
4: Apply patch
5: Send the list again and see that the links work

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17852; Multiple URLs (856) in list email are broken.
Caitlin Goodger [Tue, 17 Jan 2017 21:37:49 +0000 (21:37 +0000)]
Bug 17852; Multiple URLs (856) in list email are broken.

Test Plan
1: Add multiple urls to a biblographic record
2: Add the biblographic record to a list and then email it.
3: See that the links are broken and have been merged into one.
4: Apply patch
5: Send the list again and see that the links work

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17865 'If a subscription has no history end date, it shows as expired today in...
Luke Honiss [Tue, 17 Jan 2017 02:27:55 +0000 (02:27 +0000)]
Bug 17865 'If a subscription has no history end date, it shows as expired today in OPAC'

--TEST PLAN--
1) View a subscription with no history end date
2) Search for an item with a subcription in OPAC
3) Under subscription tab click more details
4) The end date will be the current date
5) Apply patch and refresh
6) The end date will not be shown

Signed-off-by: Baptiste Wojtkowski <baptiste.wojtkowski@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18111: Swap framework_name and frameworkcode
Mark Tompsett [Sun, 19 Feb 2017 04:06:16 +0000 (23:06 -0500)]
Bug 18111: Swap framework_name and frameworkcode

With the frameworkcode changed to an empty string, which really
is closer to the physical reality, some javascript somewhere
breaks. This means the spinner does not appear when you confirm
that you wish to import it.

TEST PLAN
----------
1) apply first patch
2) export default framework, doesn't matter format
3) import default framework using that file.
4) answer yes or whatever it is.
   -- spinner does not appear.
5) apply this patch
6) import default framework use the same file.
7) answer yes or whatever it is.
   -- spinner does appear.
8) decide if you wish to find and fix the javascript conditions.
   if yes -- do so, and then obsolete this once you have.
   if not -- sign this off after running koha qa test tools

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18111: Fix import of default framework
Jonathan Druart [Tue, 14 Feb 2017 16:21:45 +0000 (16:21 +0000)]
Bug 18111: Fix import of default framework

Caused by bug 16035.

Recreate the issue:
Go to Home › Administration › MARC frameworks
For the default framework: Actions > import
It will not work

Test plan:
Confirm test plans from bug 16035 and bug 17389 still pass
Confirm that the import for the default framework now works

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18068: ES - Fix location and (home|holding)branch facets
Tomas Cohen Arazi [Mon, 6 Feb 2017 19:22:51 +0000 (16:22 -0300)]
Bug 18068: ES - Fix location and (home|holding)branch facets

This patch makes the 'Locations' facet work as expected (i.e. having the
same behaviour it has for Zebra: picking the 952$c in MARC21 and 995e
for UNIMARC).

It also adds the code to handle holding and home library settings for
facets and makes the facets show the library name instead of the branch
code.

The mappings are updated so the labels match what facets.inc expect to
work properly.

To test:
- On master, do a search that returns biblios with items having
homebranch set.
=> FAIL: Under the 'Locations' label on the facets you will notice
branchcodes are shown.
- Apply the patch
- Restart memcached and plack (just in case, it was tricky)
- Reset your mappings:
  http://localhost:8081/cgi-bin/koha/admin/searchengine/elasticsearch/mappings.pl?op=reset&i_know_what_i_am_doing=1
- Restart memcached and plack (again, not sure if needed)
- Make sure this mappings are set:
  homebranch => HomeLibrary
  holdingbranch => HoldingLibrary
  (Note: it might not be set due to the place the yaml file is being picked)
- Reindex your records:
  $ sudo koha-shell kohadev
 k$ cd kohaclone
 k$ perl misc/search_tools/rebuild_elastic_search.pl -d -v
- Repeat the initial search
=> SUCCESS: 'Location' contains the right stuff, 'Home libraries' and
'Holding libraries' too.
- Run
 k$ prove t/db_dependent/Koha_SearchEngine_Elasticsearch_Search.t
=> SUCCESS: Tests pass!
- Sign off :-D

Note: play with the 'DisplayLibraryFacets' syspref options.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18136: Fix ExportRemoveFields pre-fill behaviour
Jonathan Druart [Fri, 17 Feb 2017 09:59:22 +0000 (10:59 +0100)]
Bug 18136: Fix ExportRemoveFields pre-fill behaviour

Looks like it's caused by bug 13190.
Variable export_remove_fields is not sent to the template, let's
retrieve the syspref's value using the TT plugin.

Test plan:
Fill ExportRemoveFields with something (100a for instance)
Go on a checkout list page
At the bottom, the "do not export fields" input box should be pre-filled
with the content of the syspref

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18025: Simplify logic and avoid 1 call to ValidateBorrowernumber
Jonathan Druart [Wed, 15 Feb 2017 17:14:11 +0000 (17:14 +0000)]
Bug 18025: Simplify logic and avoid 1 call to ValidateBorrowernumber

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
This is fine with me.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18025: Fix test
Jonathan Druart [Wed, 15 Feb 2017 17:13:41 +0000 (17:13 +0000)]
Bug 18025: Fix test

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Seems to work fine

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18025 - Expired password recovery links cause sql crash
Liz Rea [Tue, 31 Jan 2017 21:59:01 +0000 (21:59 +0000)]
Bug 18025 - Expired password recovery links cause sql crash

When a user gets an email, but doesn't act or visit it within two days,
     attempting to create a new one causes a collision. We should just
     delete the old one, assuming they still want to reset their
     password.

To test:
create yourself a borrower with a userid and password.
Attempt a password recovery on the OPAC
update the entry in the database for that user to have an expired token
e.g. update borrower_password_recovery set valid_until = '2017-01-25
03:25:26' where borrowernumber = 12;
Attempt another password recovery operation - should error
apply the patch
Try it again - no error, new token is generated and additional email
with new link is sent.

Issue reproduced - is resolved by patch
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17988: Add a comment to explain the line
Jonathan Druart [Thu, 2 Feb 2017 09:28:21 +0000 (10:28 +0100)]
Bug 17988: Add a comment to explain the line

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
7 years agoBug 17988 - Select2 prevents correct tag expand/minimize functionality
Oleg Vasylenko [Wed, 25 Jan 2017 10:01:05 +0000 (12:01 +0200)]
Bug 17988 - Select2 prevents correct tag expand/minimize functionality

Overview:
Select2 (Bug 13501) introduced divs and inputs that broke some assumptions about the expected HTML structure.
Because of that, expanding fields to show all hidden subfields does not work properly.

Steps to Reproduce:
1. Open some book in the editor or create new (cataloguing/addbiblio.pl)
2. Try to minimize or expand fields, that have among subfields the following:
— Thesaurus driven subfield → subfield with Select2
— Hidden subfield.

Actual Results:
 — some fields become hidden, some not, and vice versa
 — in the console, you'll see «Uncaught TypeError: Cannot read property 'match' of null»

Expected Results:
 — all subfields should minimize/maximize completely

Additional Information:
This happens because Select2 adds some divs, that do not have ID property.
The following patch adds check for the needed attribute existance.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17780: Add a comment to explain the line
Jonathan Druart [Wed, 15 Feb 2017 08:11:41 +0000 (08:11 +0000)]
Bug 17780: Add a comment to explain the line

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17780 - When choose an author in authority results new window shows a blank screen
Oleg Vasylenko [Tue, 24 Jan 2017 15:58:39 +0000 (17:58 +0200)]
Bug 17780 - When choose an author in authority results new window shows a blank screen

Select2 (Bug 13501) introduced divs and inputs that broke some assumptions about the expected HTML structure.
This patch checks if input has name attribute, because some inputs in Select2 have not.

To test:
Try to add info from the authorities to field that has subfield with Select2 (subfield with authorised values on Koha 16.11+)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18095: Batch item modification: Better message if no item is modified
Marc Véron [Fri, 10 Feb 2017 15:07:13 +0000 (16:07 +0100)]
Bug 18095: Batch item modification: Better message if no item is modified

If no item is modified, the result page of Batch item modification says:
"item(s) modified (with fields modified)."
The message should be: "No items modified"

To reproduce:
- Go to Tools -> Batch item modification
- Put a barcode in and click Continue
- Do not make any changes and/or deselect all item(s)
- Click "Save"
=> Result message reads: "item(s) modified (with fields modified)."

To test:
- Apply patch
- Repeat steps above
- Verify that message makes sense.

NOTE: Also tested positive case with actual field change.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 15584 - Staff client list errors are incorrectly styled
Chloe [Thu, 21 Jan 2016 03:20:58 +0000 (03:20 +0000)]
Bug 15584 - Staff client list errors are incorrectly styled

To Test-
1. In the Staff Client, go to Lists
   (/cgi-bin/koha/virtualshelves/shelves.pl) and create a new list with
   the same name as an existing one. --note that it has some red in it
   like an error
2. apply patch
3. In the Staff Client, go to Lists
   (/cgi-bin/koha/virtualshelves/shelves.pl) and create a new list with
   the same name as an existing one. --note that now it should be just
   yellow with black writing as an alert

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18047 - JavaScript error on item search form unless LOC defined
Nick Clemens [Fri, 3 Feb 2017 11:38:53 +0000 (11:38 +0000)]
Bug 18047 - JavaScript error on item search form unless LOC defined

If LOC is not present, the item search form will raise a JS error:
SyntaxError: expected expression, got '}'

This patch fixes it by handling this specific case.

Note that the "Status" column is still displayed.

Test plan:
Remove your LOC authorised values
Go on the item search form
=> You will not get the JS error and the "Shelving location" bloc is no longer
displayed. There is no need to display it if empty.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 8306: Patrons statistics, fix for patron activity choice
Adrien Saurat [Thu, 13 Dec 2012 09:13:19 +0000 (10:13 +0100)]
Bug 8306: Patrons statistics, fix for patron activity choice

The "inactive" for "patron activity" choice is now effective.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18089: Remove warnings from tests using DBIx::Class fixtures
Jonathan Druart [Thu, 9 Feb 2017 12:13:50 +0000 (13:13 +0100)]
Bug 18089: Remove warnings from tests using DBIx::Class fixtures

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18089 - All XSLT testing singleBranchMode = 0 fails to show even if install has...
Kyle M Hall [Thu, 9 Feb 2017 11:48:40 +0000 (11:48 +0000)]
Bug 18089 - All XSLT testing singleBranchMode = 0 fails to show even if install has only 1 branch

Due to the way it has been implemented, singleBranchMode is set to an
empty string rather than 0 if there is only one branch. This causes any
block that tests for singleBranchMOde to be 0 to never appear.

Test Plan:
1) Apply this patch set
2) prove t/XSLT.t

Signed-off-by: Jenny Schmidt <jschmidt@switchinc.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18089 - Unit test
Kyle M Hall [Thu, 9 Feb 2017 11:48:08 +0000 (11:48 +0000)]
Bug 18089 - Unit test

Signed-off-by: Jenny Schmidt <jschmidt@switchinc.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17838 Availability limit broken until an item has been checked out.
Zoe Schoeler [Wed, 18 Jan 2017 00:55:43 +0000 (00:55 +0000)]
Bug 17838 Availability limit broken until an item has been checked out.

TEST PLAN

1. Make sure you have no items checked out.
2. Run sudo koha-rebuild-zebra -f -v kohadev.
3. Go to search the catalog and search.
4. Check items availability and then click on limit to currently
available items.
5. This should return no results.
6. Apply patch and reload.
7. Results should show.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Attribute 14: " Specifies whether un-indexed fields should be ignored. A
zero value (default) throws a diagnostic when an un-indexed field is
specified. A non-zero value makes it return 0 hits."
From http://www.indexdata.com/zebra/doc/querymodel-zebra.html
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17788: (MARC21) Add $9 fields to Koha-Auth-Number:w index
Tomas Cohen Arazi [Sat, 17 Dec 2016 12:25:54 +0000 (09:25 -0300)]
Bug 17788: (MARC21) Add $9 fields to Koha-Auth-Number:w index

Looking at the default framework's fields that are linked to authority
records, there's a divergence with the Zebra index definitions.

This yields to authority usage count be incorrect for users searching
for authority records.

MariaDB [koha_kohadev]> SELECT tagfield,tagsubfield,authtypecode FROM
marc_subfield_structure WHERE authtypecode IS NOT NULL AND
authtypecode<>'' AND frameworkcode='' GROUP BY
tagfield,tagsubfield,authtypecode ;
+----------+-------------+--------------+
| tagfield | tagsubfield | authtypecode |
+----------+-------------+--------------+
| 100      | a           | PERSO_NAME   |
| 110      | a           | CORPO_NAME   |
| 111      | a           | MEETI_NAME   |
| 130      | a           | UNIF_TITLE   |
| 440      | a           | UNIF_TITLE   |
| 600      | a           | PERSO_NAME   |
| 610      | a           | CORPO_NAME   |
| 611      | a           | MEETI_NAME   |
| 630      | a           | UNIF_TITLE   |
| 648      | a           | CHRON_TERM   |
| 650      | a           | TOPIC_TERM   |
| 651      | a           | GEOGR_NAME   |
| 654      | a           | TOPIC_TERM   |
| 655      | a           | GENRE/FORM   |
| 656      | a           | TOPIC_TERM   |
| 657      | a           | TOPIC_TERM   |
| 658      | a           | TOPIC_TERM   |
| 662      | a           | GEOGR_NAME   |
| 690      | a           | TOPIC_TERM   |
| 691      | a           | GEOGR_NAME   |
| 696      | a           | PERSO_NAME   |
| 697      | a           | CORPO_NAME   |
| 698      | a           | MEETI_NAME   |
| 699      | a           | UNIF_TITLE   |
| 700      | a           | PERSO_NAME   |
| 710      | a           | CORPO_NAME   |
| 711      | a           | MEETI_NAME   |
| 730      | a           | UNIF_TITLE   |
| 796      | a           | PERSO_NAME   |
| 797      | a           | CORPO_NAME   |
| 798      | a           | MEETI_NAME   |
| 799      | a           | UNIF_TITLE   |
| 800      | a           | PERSO_NAME   |
| 810      | a           | CORPO_NAME   |
| 811      | a           | MEETI_NAME   |
| 830      | a           | UNIF_TITLE   |
| 896      | a           | PERSO_NAME   |
| 897      | a           | CORPO_NAME   |
| 898      | a           | MEETI_NAME   |
| 899      | a           | UNIF_TITLE   |
+----------+-------------+--------------+

This patch adds the missing ones to the authority number index as it is
done for the rest of the fields.

To test:
- Verify that
etc/zebradb/marc_defs/marc21/biblios/biblio-koha-indexdefs.xml
contains intries pointing the $9 subfield of all the fields in the
'tagfield' column above, to the Koha-Auth-Number:w index.
- Sign off :-D

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17512: Improve handling dates in C4::Items
Marcel de Rooy [Thu, 27 Oct 2016 13:07:29 +0000 (15:07 +0200)]
Bug 17512: Improve handling dates in C4::Items

This is a follow-up on the internal server error on 0000-00-00 in the items
column onloan. This patch deals with preventing to have such dates at all
in the date fields of items.

It is accomplished by:
[1] Adding a (private) subroutine _mod_item_dates. It takes an item hash
    and replaces date values if needed.
[2] AddItem and ModItem call _koha_new_item resp. koha_modify_item. In these
    routines a call to the new _mod_item_dates is inserted.
[3] Although the routine is actually private, I have added some unit tests
    to Items.t.

Test plan:
[1] Add a new item. Fill a correct date in dateaccessioned and an invalid
    date in Price effective from (=replacementpricedate).
[2] Verify that dateaccessioned is saved correctly and replacementpricedate
    is still null (does not contain 0000-00-00).
[3] Edit the item again. Fill some text in dateaccessioned and put a correct
    date in replacementpricedate. Verify the results.
[4] Run t/db_dependent/Items.t

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17988: Add a comment to explain the line
Jonathan Druart [Thu, 2 Feb 2017 09:28:21 +0000 (10:28 +0100)]
Bug 17988: Add a comment to explain the line

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17988 - Select2 prevents correct tag expand/minimize functionality
Oleg Vasylenko [Wed, 25 Jan 2017 10:01:05 +0000 (12:01 +0200)]
Bug 17988 - Select2 prevents correct tag expand/minimize functionality

Overview:
Select2 (Bug 13501) introduced divs and inputs that broke some assumptions about the expected HTML structure.
Because of that, expanding fields to show all hidden subfields does not work properly.

Steps to Reproduce:
1. Open some book in the editor or create new (cataloguing/addbiblio.pl)
2. Try to minimize or expand fields, that have among subfields the following:
— Thesaurus driven subfield → subfield with Select2
— Hidden subfield.

Actual Results:
 — some fields become hidden, some not, and vice versa
 — in the console, you'll see «Uncaught TypeError: Cannot read property 'match' of null»

Expected Results:
 — all subfields should minimize/maximize completely

Additional Information:
This happens because Select2 adds some divs, that do not have ID property.
The following patch adds check for the needed attribute existance.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 16984: Do not clone the item block for standing orders
Jonathan Druart [Tue, 22 Nov 2016 09:35:07 +0000 (09:35 +0000)]
Bug 16984: Do not clone the item block for standing orders

If AcqCreateItem is set to ordering and the basket is marked as
"standing orders", when ordering a JS error is raised:
additem.js:176 Uncaught TypeError: window[events[i]] is not a function

The item block should not be displayed in that case.

Test plan:
- Set AcqCreateItem to "ordering"
- Create a basket and tick the "Standing orders" checkbox
- Add an order to this basket
=> Without this patch you get the JS error
=> With this patch applied you will not get it

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 16115: Remove JS error on item search if NOT_LOAN values do not exist
Jonathan Druart [Sat, 21 Jan 2017 07:48:20 +0000 (08:48 +0100)]
Bug 16115: Remove JS error on item search if NOT_LOAN values do not exist

If NOT_LOAN is not present, the item search form will raise a JS error:
SyntaxError: expected expression, got '}'

This patch fixes it by handling this specific case.

Note that the "Status" column is still displayed.

Test plan:
Remove your NOT_LOAN authorised values
Go on the item search form
=> You will not get the JS error and the "Status" bloc is no longer
displayed. There is no need to display it if empty.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 27a4149625252e4c28dc97df998d82fd6f2652b8)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 11450: Hold Request Confirm Deletion
Luke Honiss [Thu, 19 Jan 2017 02:55:31 +0000 (02:55 +0000)]
Bug 11450: Hold Request Confirm Deletion

==TEST PLAN==
1) Go to an item with a hold and click on the holds tab on the
left
2) Click the red 'X'
3) The hold will be deleted immediately
4) Apply patch
5) Return to an item with a hold and click the 'X'
6) There will now be a confirmation dialog
7) Click cancel and the dialog will disappear and the hold will not be
deleted
8) Click OK and the hold will be deleted

Restored indentations - Mark Tompsett

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17922: Use correct number of digits when replacing date placeholders
Julian Maurice [Wed, 18 Jan 2017 10:29:57 +0000 (11:29 +0100)]
Bug 17922: Use correct number of digits when replacing date placeholders

This patch also fixes a typo ("<<MM><" should be "<<MM>>")

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 95e94766af653de4bc721af64981140cacecf567)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18015 - On shelf holds allowed > "If all unavailable" ignores notforloan
Mirko Tietgen [Mon, 30 Jan 2017 14:59:59 +0000 (15:59 +0100)]
Bug 18015 - On shelf holds allowed > "If all unavailable" ignores notforloan

If in the circ rules matrix you set "On shelf holds allowed" to "If all unavailable",
items with status "Not for loan" are considered available and break the functionality.

Test plan:

- Set "On shelf holds allowed" to "If all unavailable" for your patron and item
  category (or everyone and everything)
- Have two items for a record. Check out one
- Set 7 - Not for loan: "Not For Loan" for the second item
- Try to place a hold. Does not work.

- Apply the patch
- Try to place a hold. Should work now.

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 844cf7a748c2b4f567bec2e5088665a9edf94468)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17871: (followup) Remove zebra::* from the packages templates
Tomas Cohen Arazi [Tue, 24 Jan 2017 11:34:44 +0000 (08:34 -0300)]
Bug 17871: (followup) Remove zebra::* from the packages templates

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 58e7a0a5d510de6a035329ea86a130996dda5849)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17871: Remove zebra::snippet to allow access to facets in YAZ 5.8.1+
David Cook [Tue, 10 Jan 2017 01:36:25 +0000 (12:36 +1100)]
Bug 17871: Remove zebra::snippet to allow access to facets in YAZ 5.8.1+

This patch restores access to zebra facets (or zebra::snippet) with YAZ 5.8.1 or higher.

It was failing due to The <retrieval syntax="xml" name="zebra::*" /> entry in
retrieval-info-bib-dom.xml which IndexData said it wasn't even needed to
get that access.

Edit: I amended the commit message (tcohen)

Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
I tested on kohadevbox and found no regression or behaviour change. I
will provide a followup for the packages.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0eb5d8491ebbf44f213d0cbe05695521dafc6dd9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17775 - Add new user with LDAP not works under Plack
Dobrica Pavlinusic [Mon, 30 Jan 2017 11:42:09 +0000 (12:42 +0100)]
Bug 17775 - Add new user with LDAP not works under Plack

This patch fixes internal server error:

Undefined subroutine &C4::Auth_with_ldap::AddMember called at /srv/koha_ffzg/C4/Auth_with_ldap.pm line 213.

It occurs only under plack, and it's strange since C4::Members
does EXPORT AddMember and we are importing it into Auth_with_ldap.pm
(and it does work under CGI).

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
I did not test but trust author and signoffer. The change cannot hurt.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4740438b41573d24c6e83d182e2ce1cf6fc54545)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 15030: Add tests
Jonathan Druart [Thu, 12 Nov 2015 12:28:38 +0000 (12:28 +0000)]
Bug 15030: Add tests

This test will prevent regression on the lost of data when
items.itemcallnumber is linked with a plugin.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit eee1f23bc49d233bca6c8a8004dd6e79e2425484)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 15030 - Fixes the serials fields associated with a plugin, to not overwrite the...
Blou [Wed, 21 Oct 2015 18:35:18 +0000 (14:35 -0400)]
Bug 15030 - Fixes the serials fields associated with a plugin, to not overwrite the previously saved value

This fixes the remaining fields from serials-edit.pl that were seeing their previously entered values
be oblitarated with each new edit.  The fields associated to a plugin (dateaccessioned and barcode) were
always displaying <empty> with each new edit, losing the previous effort.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1017edad1c27d2624fb8ed6f8fb0018985b33295)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 15030 - Certain values in serials' items are lost on next edit
Blou [Mon, 19 Oct 2015 16:16:05 +0000 (12:16 -0400)]
Bug 15030 - Certain values in serials' items are lost on next edit

When editing serials subscription, we can edit them but some values are not pulled from the DB correctly to be put in the edit box.  If not noticed, the value will be overwritten on the next save.

Test:
- Create a subscription
- Edit itemcallnumber (952o?) and make sure to have a different value than the default one.
- Save.
- Edit it again
- The saved value is not there.

This is true for itemcallnumber and a few other fields.

This was caused by calls to ->field($subfield).  This would always fail, of course.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4cdcdb3cb5ebefedcb44766745078a949227f0a5)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 7533: Add a warning to the about page if template_cache_dir is not set
Jonathan Druart [Wed, 28 Dec 2016 13:51:17 +0000 (13:51 +0000)]
Bug 7533: Add a warning to the about page if template_cache_dir is not set

We need to tell the administrators that it would be great for them to
set this config entry.

Test plan:
- Do not set template_cache_dir and confirm that you see the warning
- Set template_cache_dir and confirm that you do not see the warning

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Both templates for koha-conf.xml are updated. After applying the
patach a warning was correctly displayed. After adding
template_cache_dir to koha-conf.xml and restarting memcached it
went away.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
7 years agoBug 7533: Add the template_cache_dir entry to koha-conf.xml
Jonathan Druart [Wed, 28 Dec 2016 13:49:59 +0000 (13:49 +0000)]
Bug 7533: Add the template_cache_dir entry to koha-conf.xml

And comment it, as we don't know what are the sysop's preferences

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17487: Styling moved from style attribute into staff-global.css
radiuscz [Sun, 23 Oct 2016 22:57:03 +0000 (00:57 +0200)]
Bug 17487: Styling moved from style attribute into staff-global.css

Test plan:
1) Apply patch
2) Display Z39.50 search dialogs:
   - cataloguing / new from Z39.50
   - authorities / new from Z39.50
   - acquisition / new from an external source
3) Select all / Clear all should be placed below "Search targets" header
4) [Optionally] Set some style in IntranetUserCSS for class z3950checks

https://bugs.koha-community.org/show_bug.cgi?id=17487

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit aaf6b6724f5c7c6e29433600d55b9f1e8836a77b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17487: Links to "select/clear all" moved below the header tag
radiuscz [Sun, 23 Oct 2016 00:51:53 +0000 (02:51 +0200)]
Bug 17487: Links to "select/clear all" moved below the header tag

Test plan:
1) Apply patch
2) Display Z39.50 search dialogs:
   - cataloguing / new from Z39.50
   - authorities / new from Z39.50
   - acquisition / new from an external source
3) Select all / Clear all should be placed below "Search targets" header

https://bugs.koha-community.org/show_bug.cgi?id=17487

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f05b2986da26717f70134b07020c509821aeb3f7)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17726: [QA Follow-up] Add test descriptions
Marcel de Rooy [Tue, 13 Dec 2016 13:10:45 +0000 (14:10 +0100)]
Bug 17726: [QA Follow-up] Add test descriptions

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ddf1d9bcdde4790b713eca8040f0c9fce8fdcf6a)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17726: TestBuilder - Add default values
Jonathan Druart [Mon, 12 Dec 2016 22:38:40 +0000 (22:38 +0000)]
Bug 17726: TestBuilder - Add default values

The items.more_subfields_xml is set to random data (generated by
TestBuilder), and so GetMarcBiblio does not manage to embed items (if
needed).

The error is:
  :1: parser error : Start tag expected, '<' not found

More precisely it explodes in
C4::Items::_parse_unlinked_item_subfields_from_xml when
MARC::Record->new_from_xml is called with an invalid xml

This patch adds a default values mechanism to TestBuilder to avoid
modifying all the existing calls.

Test plan:
Set SearchEngine to ElasticSearch
prove t/db_dependent/Circulation.pl
should return green with this patch

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 41358176e1d276e47d3034a37bd089b7e6c7e846)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 8361 (QA Followup) Add warnings
Nick Clemens [Fri, 13 Jan 2017 18:06:34 +0000 (18:06 +0000)]
Bug 8361 (QA Followup) Add warnings

 - Added message to circulation.tt to warn if rule undefined for
patron/itemtype combination

To test:
1 - Remove all circ rules
2 - Add one rule
3 - Checkout to patron an itemtype that is outside of rule
defined above
4 - Note explanation that no rule is defined

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 63f7cbc777521c33f8ada3e1068be01b98da9050)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 8361: Do not allow checkouts if no rules are defined
Jonathan Druart [Tue, 22 Nov 2016 11:23:23 +0000 (11:23 +0000)]
Bug 8361: Do not allow checkouts if no rules are defined

We should require a circulation rule to allow checkouts and reject them
if no rules are defined.

Test plan:
- Delete all issuing rules
- Check an item out
=> Without this patch the checkout is allowed
=> With this patch applied it is rejected

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 11dfb2e0b2d32c313f556b623ee8522b4342af26)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17823: Add label for MARC 583 - Action note
Karen Jen [Tue, 17 Jan 2017 22:46:02 +0000 (22:46 +0000)]
Bug 17823: Add label for MARC 583 - Action note

test plan
Edit a record
Edit field 583a to add an action note
Save the record and confirm that the note does not show up in staff
client or opac
Apply patch and refresh page
Action note should now show up in staff client and opac

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 16dcea233008c0560c5a9783a3e6dd60470b06b1)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 18044: Add a test
Jonathan Druart [Mon, 6 Feb 2017 08:18:29 +0000 (09:18 +0100)]
Bug 18044: Add a test

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18044: Label Batches not displaying
Chris Nighswonger [Sun, 5 Feb 2017 21:11:30 +0000 (16:11 -0500)]
Bug 18044: Label Batches not displaying

SQL expects lists to be comma separated. A trailing comma must also
be avoided.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 18026 - URL to database columns link in system
Mason James [Mon, 13 Feb 2017 06:28:54 +0000 (19:28 +1300)]
Bug 18026 - URL to database columns link in system

Here's a patch for the 16.05 series, and the command I used to do the search/replace

grep -irl 'schema.koha-community.org/tables' ./* | grep -v .git | xargs perl -pi -e 's^koha-community.org/tables^koha-community.org/16_05/tables^'

7 years agoFix notes typo
Mason James [Tue, 31 Jan 2017 03:44:56 +0000 (16:44 +1300)]
Fix notes typo

Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoIncrement version for 16.05.9 security release v16.05.09
Mason James [Mon, 30 Jan 2017 22:58:53 +0000 (11:58 +1300)]
Increment version for 16.05.9 security release

7 years agoAdd release notes for the 16.05.09 security release
Mason James [Tue, 31 Jan 2017 03:11:37 +0000 (16:11 +1300)]
Add release notes for the 16.05.09 security release

Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure
Marcel de Rooy [Fri, 29 Jul 2016 10:35:22 +0000 (12:35 +0200)]
Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 16929: [QA Follow-up] Shortcut methods and use statements
Marcel de Rooy [Thu, 21 Jul 2016 06:48:01 +0000 (08:48 +0200)]
Bug 16929: [QA Follow-up] Shortcut methods and use statements

Resolves the following comments:

I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 16929: Prevent opac-memberentry waiting for random chars
Marcel de Rooy [Fri, 15 Jul 2016 12:16:07 +0000 (14:16 +0200)]
Bug 16929: Prevent opac-memberentry waiting for random chars

Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
    take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

Tested all 3 patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 17902: Follow-up fixing SQL statement
Katrin Fischer [Mon, 30 Jan 2017 15:47:23 +0000 (16:47 +0100)]
Bug 17902: Follow-up fixing SQL statement

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 40cb8e3b7579987d0d461e8da6e350228722727c)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 17902: Fix possible SQL injection in serials editing
Jonathan Druart [Tue, 10 Jan 2017 17:06:51 +0000 (18:06 +0100)]
Bug 17902: Fix possible SQL injection in serials editing

/cgi-bin/koha/serials/serials-edit.pl?serstatus=*/+,2,3,'2016-12-12','2016-12-12',6,'jjj7','jjj8'%20--%20-&subscriptionid=1+and+1%3d2+Union+all+select+111+/*

The SQL query is not constructed correctly, placeholders must be used.
Subscription id and status list can be provided by the user.

This vulnerability has been reported by MDSec.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f42dbd67d1b960906fd2b98560e7e3724452bce9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
7 years agoBug 9569: Security patch for AutoLocation
Jonathan Druart [Thu, 19 Jan 2017 10:46:21 +0000 (11:46 +0100)]
Bug 9569: Security patch for AutoLocation

If a patron is not allowed to access the staff interface because its IP
address in the authorised range of IPs, the cookie should not contain
the CGISESSID.
If it is, the patron is logged in and will be able to access the staff
interface if he reload the page (or hit another one).

Test plan:
Confirm the that AutoLocation feature is now working as expected.

Note: It seems that this feature has never really worked as intended.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
7 years agoBug 9569: Update warning message
Jonathan Druart [Thu, 19 Jan 2017 09:00:40 +0000 (10:00 +0100)]
Bug 9569: Update warning message

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
7 years agoBug 9569: Do not check the IP for login at the OPAC
Jonathan Druart [Tue, 16 Aug 2016 13:01:40 +0000 (14:01 +0100)]
Bug 9569: Do not check the IP for login at the OPAC

At the OPAC, the AutoLocation feature should not be taken into account:
login to the OPAC from outside the IP range should work

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
7 years agoBug 9569: Remove unused occurrence of AutoLocation
Jonathan Druart [Tue, 16 Aug 2016 12:56:25 +0000 (13:56 +0100)]
Bug 9569: Remove unused occurrence of AutoLocation

`git grep ManualLocation` does not return any results

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
7 years agoBug 9569: AutoLocation should not depend on IndependentBranches
Jonathan Druart [Tue, 16 Aug 2016 12:56:19 +0000 (13:56 +0100)]
Bug 9569: AutoLocation should not depend on IndependentBranches

Those 2 prefs can be independent and it does not make sense to consider
AutoLocation only if IndependentBranches is set.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
7 years agoBug 9569: Fix AutoLocation - handle .* for subnets
Jonathan Druart [Tue, 16 Aug 2016 13:02:58 +0000 (14:02 +0100)]
Bug 9569: Fix AutoLocation - handle .* for subnets

The example in branches.tt is:
  Can be entered as a single IP, or a subnet such as 192.168.1.*

But actually the regex in C4::Auth does not handle subnets.

Test plan:
0/ Apply all the patches
1/ Switch AutoLocation on
2/ Define a subnet (192.168.0.* if your ip is like 192.168.0.X) in the IP
range of your library
3/ Log in on the staff interface
=> Should work

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>