Jonathan Druart [Wed, 19 Jun 2019 17:12:15 +0000 (12:12 -0500)]
Bug 23042: Correct shib param escaping
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Thu, 13 Jun 2019 16:02:33 +0000 (17:02 +0100)]
Bug 23042: Only include GET params in return URL for Shibboleth
The shibboleth return target included POST parameters in the URL string,
this meant that a failed local login POST would include the username and
password used in the attemtped login in plaintext in the redirect URL
that is appended to the shibboleth login URL.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Wed, 19 Jun 2019 09:56:30 +0000 (10:56 +0100)]
Bug 23042: Add tests to catch POST params in return URL
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Wed, 30 Oct 2019 12:15:38 +0000 (13:15 +0100)]
Bug 23836: exit after output_error
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick [Thu, 17 Oct 2019 15:26:18 +0000 (15:26 +0000)]
Bug 23836: Don't forward form tracklinks if not tracking
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Thu, 15 Aug 2019 07:54:59 +0000 (08:54 +0100)]
Bug 23329: (RM follow-up) Restore DB after test
Test plan:
1) Dump your DB before the tests is run
2) Run the test
3) Dumper your DB again and compare to the first dump
Success if there are no differences (other than the timestamp of the
dump)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Wed, 14 Aug 2019 18:56:48 +0000 (14:56 -0400)]
Bug 23329: Fix tests
- www.google.com vs https://www.google.com
- Remove transaction otherwise data are not available from webserver
- Use new C4::Output::output_error to avoid 302 (redirect)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Wed, 14 Aug 2019 18:56:46 +0000 (14:56 -0400)]
Bug 23329: Move error page to its own subroutine
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Wed, 14 Aug 2019 10:34:47 +0000 (11:34 +0100)]
Bug 23329: (RM follow-up) Add regression tests
Test plan:
Run the new tests and they should all pass once we've caught all cases
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Marcel de Rooy [Fri, 9 Aug 2019 09:27:18 +0000 (09:27 +0000)]
Bug 23329: (QA follow-up) Resolve warning on wrong biblionumber
Passing a wrong biblionumber generates a warning:
GetMarcUrls called on undefined record at opac/tracklinks.pl line 58.
Test plan:
[1] Try it again with a wrong biblionumber and check the logs.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Marcel de Rooy [Fri, 9 Aug 2019 09:18:13 +0000 (09:18 +0000)]
Bug 23329: (follow-up) Allow item URI with a biblionumber parameter
If you pass a URI with a biblionumber without specifying the itemnumber,
tracklinks did not redirect an item URI.
Test plan:
[1] Add URI in an item.
[2] Pass this URI with the itemnumber to tracklinks. Should pass.
[3] Pass this URI with the biblionumber to tracklinks. Should pass now too.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick Clemens [Wed, 17 Jul 2019 11:01:01 +0000 (11:01 +0000)]
Bug 23329: Only redirect tracklinks.pl to urls contained in records
Bug 19487 limited redirection to urls contained in a record/item if we were tracking.
We should probably limit forwarding if not tracking as well.
Additionally, if we don't have a soucre, let's not forward
To test:
0 - Set TrackClicks syspref to 'Don't track'
1 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com
2 - You get forwarded to google
3 - Set TrackClicks to 'Track anonymously'
4 - You get a 404
5 - Apply patch
6 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com
7 - You get a 404
8 - Set TrackClicks syspref to 'Don't track'
9 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&biblionumber=1
Choose a biblionumber that exists
10 - You get a 404
11 - Add http://www.google.com to the 856$u of the record used above
12 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&biblionumber=1
13 - You are redirected
14 - Confirm redirection and 404 as expected with other settings of TrackClicks
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Magnus Enger [Fri, 6 Sep 2019 07:54:04 +0000 (09:54 +0200)]
Bug 22543: Prevent "back and refresh attack"
To reproduce and test:
- Log into the OPAC, you are taken to /cgi-bin/koha/opac-user.pl
- Log out, you are taken to /cgi-bin/koha/opac-main.pl?logout.x=1
- Click "Back", you are taken to /cgi-bin/koha/opac-user.pl
- Reload the page, you see an error like "Confirm new submission
of form"
- Reload the page again and confirm the submission of the form
- You are now logged in to the OPAC again!
- Log out again
- Apply this patch
- Log in to the OPAC, you are taken to /cgi-bin/koha/opac-user.pl
- Log out, you are taken to /cgi-bin/koha/opac-main.pl?logout.x=1
- Click back, you are taken to /cgi-bin/koha/opac-user.pl
- No matter how many times you reload /cgi-bin/koha/opac-user.pl,
you should not see anything other than the login form.
- Check that Self Check Out still works as it should, by making
sure you have a user with self_check permissions, then setting
WebBasedSelfCheck, AutoSelfCheckAllowed, AutoSelfCheckID and
AutoSelfCheckPass appropriately. Then visit
/cgi-bin/koha/sco/sco-main.pl and verify everything works as
expected.
The messages and errors pages you see related to resubmitting the
form might differ from the ones described here, depending on what
browser you use. I tested in Chromium 76.0.x.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Wed, 14 Aug 2019 17:39:43 +0000 (13:39 -0400)]
Bug 23451: Fix other similar wrong filterings
Signed-off-by: Liz Rea <wizzyrea@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Wed, 14 Aug 2019 17:31:53 +0000 (13:31 -0400)]
Bug 23451: Prevent XSS vulnerabilities in opac-imageviewer.pl
And certainly in other sripts as it is in opac-bottom.inc
Signed-off-by: Liz Rea <wizzyrea@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Fri, 31 May 2019 16:34:34 +0000 (16:34 +0000)]
Bug 23025: security vulnerability detected in fstream < 1.0.12 defined in yarn.lock
This patch updates the version requirements for modules used by yarn.
Running "yarn upgrade" will upgrade the project's direct dependencies as
listed in package.json. However, the output of "yarn audit" will
identify more vulnerabilities with libraries further down the dependency
tree.
Adding a "resolutions" list in package.json seems to be the way to
include these upgrades in an installation.
After making these changes I ran "yarn install" and "yarn audit" again.
The audit reported no vulnerabilities.
Upgrading yarn.lock should allow for the installation of newer versions
of npm modules in new installations. I believe it is necessary to run
"yarn upgrade" on existing installations in order to bring dependencies
up to versions matching those on existing installations.
To test, run the yarn commands we use to compile SCSS in the staff
client and the opac:
yarn build
yarn build --view opac
They should complete without error.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Wed, 27 Nov 2019 11:16:04 +0000 (11:16 +0000)]
Bug 17168: (RM follow-up) Add Sponsors
Sponsored-by: Sponsored by: Round Rock Public Library [https://www.roundrocktexas.gov/departments/library/] Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Wed, 27 Nov 2019 10:39:36 +0000 (10:39 +0000)]
Bug 14570: (RM follow-up) Add Sponsors
Sponsored-by: Northeast Kansas Library System [http://www.nekls.org] Sponsored-by: Vermont Organization of Koha Automated Libraries [http://gmlc.org/index.php/vokal] Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Mon, 4 Nov 2019 00:38:20 +0000 (19:38 -0500)]
Bug 23958: Use Font Awesome icon to replace "new window" icon image
This patch modifies several templates in order to eliminate the
dependency on an image file for styling certain links which open popups
or new windows. A Font Awesome icon is used instead.
To test, apply the patch and rebuild the staff client CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
Cataloging:
- Create a new MARC record which has the same ISBN as a record in your
catalog.
- When you save the record it should warn you that it is a possible
duplicate. The message should contain an icon-prefixed link to the
existing record.
- Clicking the link should open details about the title in a new
window.
Circulation:
- Enable the itemBarcodeFallbackSearch system preference.
- Open a patron for checkout and enter a word in the "barcode" field
instead of a barcode.
- The page should return a list of titles to choose from. Each title
should be a link with an icon. Clicking the link should open details
about the title in a new window.
Acquisitions:
- Go to Acquistisions -> Vendor -> Basket.
- Choose "Add to basket" -> From an external source.
- Search for and select a record which exists in your catalog.
- You should be taken to a page with a "Duplicate warning" message. The
message should contain an icon-prefixed link to the existing record.
- Clicking this link should open details about the title in a new
window.
- Create a MARC file with two records: One which exists in your catalog
and one which doesn't. Stage that file for import.
- Choose "Add to basket" again and select "From a staged file."
- Select the file you staged.
- You should be taken to a page with a "Duplicate warning" message. The
message should contain an icon-prefixed link to the existing record.
- Clicking the link should open details about the title in a new
window.
Patrons:
- Create a new patron which has the same name and birthday as an
existing patron.
- When you save the record you should be shown a duplicate warning. The
link to the possible duplicate patron should be prefixed with an icon
and should open the patron's details in a popup window.
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Sun, 3 Nov 2019 22:03:46 +0000 (22:03 +0000)]
Bug 23955: Replace famfamfam icon in OPAC holds template
This patch modifies the OPAC holds template so that when an item isn't
available for an item-level hold a Font Awesome icon is displayed
instead of a famfamfam image.
To test, apply the patch and regenerate the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).
- Make sure you have items which can be placed on hold at the item
level.
- Locate a title with more than one item, at least one of which isn't
available to be placed on hold (item is marked withdrawn, for
instance).
- Start the process of placing a hold on the item.
- On the "Confirm holds" scren, click "Show more options" and select "A
specific item."
- In the table of items, any item which isn't available to be put on
hold should be inidicated with a red X. The title attribute of the
icon should show "Cannot be put on hold."
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Mon, 25 Nov 2019 10:53:45 +0000 (11:53 +0100)]
Bug 23927: Do not copy invoiceid for a new duplicated order
When an order is created from an existing one (duplication), then the
invoice should be set to null instead of retrieved.
Test plan:
- receive an order
- in a new basket, add an order "From exisitions orders (copy)"
- search your received order
- duplicate
- go to the bibliographic record "Acquisition details" tab
=> Without this patch you will see that the invoice is the same for the
two orders
=> With this patch the invoice for the new order is not set
Nick Clemens [Tue, 26 Nov 2019 14:12:01 +0000 (14:12 +0000)]
Bug 24120: (follow-up) input_name too
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick Clemens [Tue, 26 Nov 2019 13:19:28 +0000 (13:19 +0000)]
Bug 24120: URI filter search terms in sort dropdowns
To test:
1 - Search for C++
2 - Sort your results
3 - Note search is now for "C "
4 - Apply patch
5 - Search for C++
6 - Reorder results
7 - Still searching for C++
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Kyle M Hall [Tue, 26 Nov 2019 15:23:36 +0000 (10:23 -0500)]
Bug 24113: guarantor info lost when a duplicate is found
When a patron is created with a guarantor but a duplicate is found (or any other warnings I guess) the guarantor's info are lost.
This patch improves on previous functionality by retaining the select guarantor relationship as well.
Test Plan:
1) Create a new child with a name already used, add a guarantor
2) Attempt to save, no the guarantor is not shown when the editor is redisplayed
3) Apply this patch
4) Restart all the things!
5) Repeat 1
6) Note the guarantor is retained and the relationship is as well!
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Wed, 20 Nov 2019 18:11:55 +0000 (18:11 +0000)]
Bug 24076: Remove inline CSS to center patron home library in search results
This patch removes code from the patron search results DataTable
configuration which was designed to add "text-align:center" to the table
cells containing patron home library. I don't think there's a good
reason to centering to that data.
To test, apply the patch and perform a patron search in the staff
client. The "Library" column should contain left-aligned data, matching
almost every other column in the table.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 23452: Multiple select options in system preferences are not translatable
Translate script ignores multiple options in system preferences,
this patch fix that.
To test:
1) Apply the patch
2) Go to misc/translator
cd misc/translator
3) Update your preferred language
perl translate update xx-YY
4) Updated pref file must contain new strings, eg.
egrep "when cataloguing an item" po/xx-YY-pref.po
5) Edit & translate that string
6) Install the updated translation
perl translate install xx-YY
7) Check that the translated pref file has
a) multiple options present
b) the message from 5) is translated
see for example circulation.pref
en: koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/circulation.pref
xx: koha-tmpl/intranet-tmpl/prog/xx-YY/modules/admin/preferences/circulation.pref
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Wed, 20 Nov 2019 13:35:10 +0000 (14:35 +0100)]
Bug 23256: Remove the http:// prefix before OPACBaseURL in OPAC_REG_VERIFY
The title explained everything, compare with
installer/data/mysql/fr-FR/1-Obligatoire/sample_notices.sql and other
notices.
It's certainly due to the fact that fr-CA took time to be integrated and
the change happened in the meanwhile
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Lisette Scheer [Tue, 19 Nov 2019 16:58:45 +0000 (16:58 +0000)]
Bug 21574: Local use system preferences page doesn't have the system preferences menu
The "local use" tab in system preferences is showing the admin menu instead of the
system preferences menu tabs. This patch fixes the menu display.
To test:
1) Go to the system preferences in administration.
2) Click the 'Local use' tab.
3) Observe the inncorrect menu.
4) Apply the patch.
5) Repeat steps 1-2
6) Observe the correct menu.
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Kyle M Hall [Mon, 25 Nov 2019 16:50:46 +0000 (11:50 -0500)]
Bug 23905: Button "Search to add" doesn't work on Quick add new patron
This issue is caused by duplicating the patron guarantor fieldset.
The solution is to move it between the two forms insetad.
In addition, this patch moves the guarantor information fieldset to the area below the "Quick add" fieldset, instead of *inside* it. This change preserves the correct styling and layout of the Guarantor information fieldset whilst it is moved back and forth by the "quick add"/"full form" toggle.
Test Plan:
1) Quick add a child patron
2) Attempt to use the "Search to add" button
3) Note it does nothing
4) Apply this patch
5) Repeat steps 1 and 2
6) It works now!
7) Test toggling between the quick add and full form views,
note the "Guarantor information" fieldset shows correctly
in the full form view.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Thu, 21 Nov 2019 17:12:30 +0000 (17:12 +0000)]
Bug 14741: Selecting all child permissions doesn't select the top level check box
This patch modifies the patron flags page so that manually selecting all
the child permissions also checks the checkbox for the parent
permission.
To test, apply the patch, open a patron record, select More -> Set
permissions.
- Expand a set of permissions, for instance "Add, modify, and view
patron information."
- If any boxes are checked, uncheck them.
- Check each of the "child" checkboxes ("Add, modify, and view..." and
"View patron infos..." ).
- When both checkboxes are checked, the "Add, modify, and view" parent
permission should be automatically checked.
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Correct the capitalization of the class name introduced in bug 23788.
Test plan:
1) Prior to patch attempt to 'pay off selected' - Note a server error
2) Apply patch
3) Attempt to 'pay off selected' - Note it now works as expected.
4) Signoff
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Magnus Enger [Wed, 20 Nov 2019 14:15:15 +0000 (15:15 +0100)]
Bug 24072: Typos in advance_notices.pl causes DUEDGST not to be sent
There are two typos in advance_notics.pl that cause DUEDGST messages
not to be sent. See Bugzilla for full details.
If you think the typo is sufficiently obvious, you can just eyeball the
patch and sign off, methinks. Otherwise, testing can be done something
like this:
- Make sure you have enabled enhanced messaging preferences, and a
patron with "Email" and "Digests only" set for "Item due" messages
- Issue an item to this patron, with due date today
- Run something like this to generate advance notices:
$ sudo koha-shell -c "perl \
/home/vagrant/kohaclone/misc/cronjobs/advance_notices.pl -n -c" kohadev
- See that no notices are shown (-n means messages will go to stdout,
instead of into the message queue).
- Apply the patch and run advance_notices.pl again, as before. A DUEDGST
message should now be displayed.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Lari Taskula [Fri, 25 Oct 2019 13:36:11 +0000 (13:36 +0000)]
Bug 23901: Fix sms_input is null in opac-messaging.tt
When sms messaging is disabled, JavaScript breaks in opac-messaging.tt.
Bug introduced in Bug 22862.
To test:
1. Enable EnhancedMessagingPreferences system preference
2. Disable sms messaging by unsetting SMSSendDriver system preference
3. Go to OPAC -> your messaging
4. Observe JavaScript error "sms_input is null" in your browser console
5. Apply patch
6. Refresh page and observe the error is gone
Sponsored-by: Koha-Suomi Oy Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Run the test before and after this patch.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Fri, 22 Nov 2019 18:41:28 +0000 (18:41 +0000)]
Bug 24093: Sorting indicators broken on list contents view
This patch updates the table markup for the lists contents view so that
the table sort state is correctly indicated by arrows in the table
headers. The markup changes allow the standard DataTables CSS to apply
to this table even though it is not a DataTable.
To test, apply the patch, go to Lists, and view any list with multiple
titles attached.
- The list should be sorted by default according to the list's
settings, and the arrow in the header row should correctly reflect
the sorting column and direction.
- Test re-sorting the table by each of the different sortable columns,
confirming each time that the sorting arrows are correct.
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Thu, 21 Nov 2019 18:08:48 +0000 (18:08 +0000)]
Bug 24084: PlainMARC view broken on OPAC if other $.ajax calls produce errors
This patch removes the use of jQuery's ajaxSetup() and load() to get the
"plain" MARC view and replaces it with $.get(). This allows for
error-handling on this specific AJAX request rather than all on the
page.
To test, apply the patch and view a bibliographic record in the OPAC.
- Click the "MARC view" tab.
- Click the "view plain" link.
- The plain-text MARC view should load.
- Clicking "view labeled" should return you to the original view.
To test error handling, edit opac-MARCdetail.tt line 185 and add a typo
to the URL, e.g. "opac-showmark.pl." Repeat the above steps. Clicking
the "view plain" link should trigger an error message: "Sorry, plain
view is temporarily unavailable."
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Fri, 22 Nov 2019 12:31:09 +0000 (12:31 +0000)]
Bug 24075: Backdating a return to the exact due date and time results in the fine not being refunded
When you use the date picker or book drop mode and check in an item that is due on that date, a fine is assessed and not refunded.
For example: item 12345 is due on 11/19/2109 23:59. On 11/20/2019 I check the item in using date picker/book drop setting the check in date to 11/19/2019 23:59, the patron is charged a fine, and the fine is not cleared as would be expected, since the item is being checked in before it is overdue.
Test Plan:
1) Back date a checkout so it is overdue
2) Run fines.pl to generate the fine
3) Return the item, backdating to the same date/time is was due
4) Note the fine was not removed
5) Apply this patch
6) Repeat steps 1-3
7) Fine should be zeroed out now!
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Tue, 19 Nov 2019 16:26:52 +0000 (17:26 +0100)]
Bug 24068: Fix I18 plugin - tnpx must call __npx
Test plan:
Use the following code to test this change
[% PROCESS 'i18n.inc' %]
[% SET nb_stuffs = 1 %]
[% tnpx('context', 'There is one stuff.', 'There are {count} stuffs.', nb_stuffs, { count = nb_stuffs }) | $raw %]
[% SET nb_stuffs = 42 %]
[% tnpx('context', 'There is one stuff.', 'There are {count} stuffs.', nb_stuffs, { count = nb_stuffs }) | $raw %]
Compare with and without the patch
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Lisette Scheer [Wed, 13 Nov 2019 19:41:20 +0000 (19:41 +0000)]
Bug 24034: Capitalization on suggestion edit form: No Status
When editing a purchase suggestion, the "No status"
option in the status pulldown is incorrectly capatalized.
This patch fixes the capitazliation.
To test:
1) Create a purchase suggestion in the acquisitions module.
2) Edit the suggestion. Notice the capitalization in the
status dropdown is incorrect.
3) Apply the patch.
4) Repeat step 2.
5) Note the capitalization has been fixed.
6) Sign off.
Signed-off-by: George Williams <george@nekls.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Mon, 18 Nov 2019 18:55:39 +0000 (18:55 +0000)]
Bug 24058: acquisition table displayed even if no order exist (bib detail)
This patch corrects the template check for existence of acquisitions
data on the bibliographic detail page. Now it will correctly hide the
DataTable when there is no data.
To test, apply the patch and enable the AcquisitionDetails system
preference.
- View the bibliographic detail page for a title which has no
associated Acquisitions data. Under the "Acquisitions details" tab
you should see only a message, "There is no order for this biblio."
- View the detail page for a title which has associated Acquisitions
data. The "Acquisitions details" tab should show the correct
information.
Nick Clemens [Tue, 19 Nov 2019 13:01:56 +0000 (13:01 +0000)]
Bug 24065: Fail shib login if multiple users matched
Ideally you could test against active shib, but is a small code change and
covered by tests and should be readable
To test:
prove -v t/Auth_with_shibboleth.t
Signed-off-by: Liz Rea <wizzyrea@gmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick Clemens [Mon, 4 Nov 2019 12:45:16 +0000 (12:45 +0000)]
Bug 23184: Don't select branches for export by default
This patch changes the include to require passing "selectall=1" to select all items
This include is only used in this page, so changes should not have side effects
git grep "branch-selector\.inc"
This patch also corrects a mismatch in the class names
To test:
1 - Browse to Tools->Export data
2 - Note all branches are selected
3 - Note this will exclude records wiuthout items if you click 'Export bibiographic records'
4 - Apply patch
5 - Visit page again
6 - Note no branches are selected by default
7 - Confirm 'Select all/Clear all' still work
8 - Note record with no items are exported by default now
Signed-off-by: Myka Kennedy Stephens <mkstephens@lancasterseminary.edu> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Mon, 11 Nov 2019 08:42:42 +0000 (09:42 +0100)]
Bug 23964: Clarify and expand tests
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick Clemens [Wed, 6 Nov 2019 14:59:03 +0000 (14:59 +0000)]
Bug 23964: (follow-up) Add comments and improve readability
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick Clemens [Mon, 4 Nov 2019 16:06:15 +0000 (16:06 +0000)]
Bug 23964: ReservesNeedReturn should only apply to available items
To test:
1 - Checkout an item to a patron
2 - Make sure 'ReservesNeedReturn' is set to 'Automatically'
3 - Place an item level hold on the checked out item
4 - Note the hold is marked waiting
5 - Delete the hold
6 - Apply patch
7 - Place a new hold
8 - Hold is not marked waiting
9 - Please a hold on a different item
10 - Note it is marked waiting
11 - Test when item is damaged and hold not allowed on damaged items
12 - Test when item is in transit
13 - Test when item has another hold
14 - Only in the case where none of the above are true should the hold be marked waiting
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick Clemens [Mon, 4 Nov 2019 16:06:02 +0000 (16:06 +0000)]
Bug 23964: Unit tests
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Wed, 20 Nov 2019 10:17:27 +0000 (10:17 +0000)]
Bug 23805: (RM follow-up) Add credit_type relation to Koha::Account::Line
The credit_type relation was missing when I pushed this patchset
originally; It is already referenced in the account description include
files and as such should be added
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Tue, 19 Nov 2019 09:14:31 +0000 (10:14 +0100)]
Bug 24062: Make sure TestBuilder will stop generate X or other invalid category's types
To make sure this kind of random failures will not appear in a future we
are going to fix it at TestBuilder level.
Test plan:
prove t/db_dependent/TestBuilder.t
and confirm it returns green
You could also only apply the tests against master, run them several
times and confirm that they fail most of the time.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Tue, 19 Nov 2019 08:40:07 +0000 (09:40 +0100)]
Bug 24062: Fix the failing test
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Magnus Enger [Mon, 18 Nov 2019 20:41:45 +0000 (21:41 +0100)]
Bug 24064: DUEDGST typoed as DUEGST
Bug 20478 introduced a typo where the letter code DUEDGST was changed
to DUEGST. This patch fixes it.
To test:
- Run "grep -r DUEDGST *" on the Koha git repo. Notice that this letter
code is used in e.g. sample notices.
- Run "grep -r DUEGST *" and notice that this code only occurs twice,
in misc/cronjobs/advance_notices.pl.
- Aply this patch.
- Run "grep -r DUEGST *" again, and notice there are no more occurences
of this typo.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
A report like:
SELECT * FROM issues JOIN borrowers USING (borrowernumber)
will have two borrowernumber columns - SQL will give us there rsults,
but if we try to wrap them in a SELECT COUNT(*) FROM (report) it throws
a duplicated column error.
This patch suggests to execute the query the old way if the derived
table optimization failed.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Tue, 22 Oct 2019 09:10:59 +0000 (11:10 +0200)]
Bug 23854: Fix failure on dates when editing a suggestion
- Watch plack-error-log
- Change an accepted suggestion to 'No Status'
- Verify error in the logs (use strict mode, depending on DBMS version)
- Status changed was not saved
- Apply patch
- Verify the error is gone, change is saved now.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Thu, 24 Oct 2019 10:51:19 +0000 (12:51 +0200)]
Bug 23825: Add tests
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT]
Changed 'is' to 'like' with regex since we also have the db name. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Marcel de Rooy [Fri, 18 Oct 2019 09:31:10 +0000 (09:31 +0000)]
Bug 23825: Koha/Object.t might fail on a backtick
If the SQL error message contains a backtick instead of a regular quote,
the regex for throwing an exception did not work.
Example:
Incorrect datetime value: 'wrong_value' for column `koha_master`.`borrowers`.`lastseen`
Note the backtics where the regex contains a regular quote.
This patch makes it more flexible: it allows one \W character before the
column name, even optional.
Test plan:
Run Koha/Object.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Mon, 11 Nov 2019 11:35:30 +0000 (12:35 +0100)]
Bug 23822: Fix deletion of patrons with credit
There are bugs in both master and 19.05, but different.
Anyway we should have this check to make sure a negative value will have
the same behavior: trigger the confirmation message (instead of a blank
page).
If we want to reject the deletion of a patron with credit we should
handle it on a separate bug report (behavior change)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Tue, 12 Nov 2019 17:00:02 +0000 (18:00 +0100)]
Bug 23985: (bug 21206 follow-up) Fix checkout list when "Hold pickup library match" not set
This patch restores the behavior prior to bug 21206.
If "Hold pickup library match" is "Not set", then
hold_fulfillment_policy equals an empty string.
Test plan:
1. Go to "Circulation and fines rules"
2. Under "Default checkout, hold and return policy", unset "Hold pickup
library match" and Save
3. Place a hold on one item for one patron
4. Try to checkout the same item with another patron
=> Without this patch you the checkout list do not show, and the logs
contain "The method Koha::Item-> is not covered by tests!"
=> With this patch applied you see the checkout list
QA will take care of comparing the statement with the one before bug 21206
and make sure they are equivalent
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Thu, 7 Nov 2019 10:41:29 +0000 (11:41 +0100)]
Bug 23765: Do not display localized templates if TranslateNotices is off
To test:
1. Enable multi-languages
2. Set the preference 'TranslateNotices' on 'Allow'
3. Go to: tools==>Notices & slips==>Edit, make sure it has multilingual
email templates.
4. Set the preference TranslateNotices on 'Don't allow'.
5. Go to: tools==>Notices & slips==>Edit, the template shows several tab
for the same transport type.
6. Apply the patch.
7. Repeat the steps 4 and 5
8. Success. It only shows the default template when TranslateNotices is
'Dont allow'.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Wed, 13 Nov 2019 10:09:37 +0000 (11:09 +0100)]
Bug 24030: Fix GetItemsForInventory under MySQL 8
t/db_dependent/Items/GetItemsForInventory.t .. 1/9 DBD::mysql::st execute failed: Expression #1 of ORDER BY clause is not in SELECT list, references column 'koha_kohadev.items.cn_sort' which is not in SELECT list; this is incompatible with DISTINCT [for Statement "
SELECT DISTINCT(items.itemnumber), barcode, itemcallnumber, title, author, biblio.biblionumber, biblio.frameworkcode, datelastseen, homebranch, location, notforloan, damaged, itemlost, withdrawn, stocknumber
FROM items
LEFT JOIN biblio ON items.biblionumber = biblio.biblionumber
LEFT JOIN biblioitems on items.biblionumber = biblioitems.biblionumber
ORDER BY items.cn_sort, itemcallnumber, title"] at /kohadevbox/koha/C4/Items.pm line 838.
We simply follow what the error says, and add items.cn_sort to the SELECT list
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Wed, 13 Nov 2019 10:09:43 +0000 (11:09 +0100)]
Bug 24030: Remove OldWay comparaison from GetItemsForInventory.t
This has been introduced to make sure there were no regression at a
given point. But now we are fixing the "old way" so it does not make
sense to keep it any longer
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Tue, 12 Nov 2019 16:34:42 +0000 (17:34 +0100)]
Bug 24022: Try to fix 'connect failed'
I am assuming that the tests fail on Jenkins's nodes because they are
too slow. The server is not setup yet when we are trying to access it.
Just a guess...
Note that sleep is usually a bad idea...
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 23983: Contextualization of 'Order' (verb) vs 'Order' (noun)
This patch adds context (word class, either verb or noun) to the word
'Order' when it is displayed alone in the acquisitions module.
The following files have been modified:
basket.tt
neworderbiblio.tt
newordersubscription.tt
newordersuggestion.tt
ordered.tt
parcel.tt
spent.tt
transferorder.tt
uncertainprice.tt
z3950_search.tt
To test, check all those pages in English to make sure there is
no change.
1- Go to Acquisitions
2- Create a basket
3- Add to basket from an existing record (neworderbiblio)
4- Add to basket from a subscription (newordersubscription)
5- Add to basket from a suggestion (newordersuggestion)
6- Add to basket from an external source (z3950_search)
7- In one of the orders, check the uncertain price box
8- Check the basket display table (basket)
9- Click transfer on one of the orders (transferorder)
10- Go to the vendor page and click on 'Uncertain prices' (uncertainprice)
11- Click on 'Receive parcel' (parcel)
12- Go to the Acquisitions home page and click on the
amount for 'ordered' (ordered)
13- Go to the Acquisitions home page and click on the
amount for 'spent' (spent)
Next, install a new language (fr-CA used as example)
1- translate create fr-CA
2- open fr-CA-messages.po and add a translation for Order
(verb) and Order (noun) (it doesn't have to be real, just
write something different for each)
3- translate install fr-CA
4- in the system preferences, enable the french language in
'language'
5- change interface language to french
Redo the tests above to make sure the word you put in the translation
for the verb is in the places where 'Order' should be a verb and that
the translation you put in for the noun is in the places where 'Order'
should be a noun
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 23932: Typo on 'aqinvoice_adjustments.encumber_open' description in Koha Schema
Correct a typo in Koha Schema comment. finds --> funds
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Tue, 12 Nov 2019 10:15:46 +0000 (11:15 +0100)]
Bug 23846: Add a check to the data inconsistencies script
This may be quite long for big catalogue, but I think it is a good one
to have.
Test plan:
Same as first patch, then execute search_for_data_inconsistencies.pl
Notice the error.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Tue, 12 Nov 2019 10:04:42 +0000 (11:04 +0100)]
Bug 23846: Display degraded view when MARCXML is invalid (staff detail)
When an invalid bibliographic record is imported into the catalogue
there is not warning or error. However the bibliographic record detail
page will explode (Koha::Biblio::Metadata->record will raise an
exception).
This patch proposes to catch the exception on this view and display a
warning about the situation.
Note that editing/saving the record will fix the MARCXML data and so
removes the warning (some black magic we should get rid of I suspect).
Test plan:
- Import a bibliographic record with invalid XML, you can add non
printable characters, like 0x1F (CTRL-V 1F with vim)
- Go to the detail page
=> Without this patch you get a 500
=> With this patch applied you get a "degraded view" with a warning
message, telling you what the error is.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Jonathan Druart [Fri, 8 Nov 2019 13:49:48 +0000 (14:49 +0100)]
Bug 24002: Incorrect DATE value: '' in C4/Acquisition.pm
DBD::mysql::st execute failed: Incorrect DATE value: '' [for Statement "
SELECT aqbasket.basketno,
aqorders.ordernumber,
DATE(aqbasket.closedate) AS orderdate,
aqbasket.basketname AS basketname,
aqbasket.basketgroupid AS basketgroupid,
aqbasketgroups.name AS basketgroupname,
aqorders.rrp AS unitpricesupplier,
aqorders.ecost AS unitpricelib,
aqorders.claims_count AS claims_count,
aqorders.claimed_date AS claimed_date,
aqbudgets.budget_name AS budget,
borrowers.branchcode AS branch,
aqbooksellers.name AS supplier,
aqbooksellers.id AS supplierid,
biblio.author, biblio.title,
biblioitems.publishercode AS publisher,
biblioitems.publicationyear,
ADDDATE(aqbasket.closedate, INTERVAL aqbooksellers.deliverytime DAY) AS estimateddeliverydate,
aqorders.quantity - COALESCE(aqorders.quantityreceived,0) AS quantity,
(aqorders.quantity - COALESCE(aqorders.quantityreceived,0)) * aqorders.rrp AS subtotal,
DATEDIFF(CAST(now() AS date),closedate) AS latesince
FROM
aqorders LEFT JOIN biblio ON biblio.biblionumber = aqorders.biblionumber
LEFT JOIN biblioitems ON biblioitems.biblionumber = biblio.biblionumber
LEFT JOIN aqbudgets ON aqorders.budget_id = aqbudgets.budget_id,
aqbasket LEFT JOIN borrowers ON aqbasket.authorisedby = borrowers.borrowernumber
LEFT JOIN aqbooksellers ON aqbasket.booksellerid = aqbooksellers.id
LEFT JOIN aqbasketgroups ON aqbasket.basketgroupid = aqbasketgroups.id
WHERE aqorders.basketno = aqbasket.basketno
AND ( datereceived = ''
OR datereceived IS NULL
OR aqorders.quantityreceived < aqorders.quantity
)
AND aqbasket.closedate IS NOT NULL
AND aqorders.datecancellationprinted IS NULL
AND (closedate <= DATE_SUB(CAST(now() AS date),INTERVAL ? DAY)) AND aqorders.quantity - COALESCE(aqorders.quantityreceived,0) <> 0 AND orderstatus <> 'cancelled'
ORDER BY latesince, basketno, borrowers.branchcode, supplier" with ParamValues: 0=0] at /kohadevbox/koha/C4/Acquisition.pm line 2248.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>