Lucas Gass [Wed, 24 Jul 2024 22:44:05 +0000 (22:44 +0000)]
Bug 37351: Rework checkbox JS to work with paginating dataTable
To Test:
1. Log in to staff client
2. Place items on items for borrowers
2-1 Place enough holds as noted above
2-2 Trap holds for borrowers
3. Open Circulation->Holds Awaiting Pickup (circ/waitingreserves.pl)
4. Click a checkbox for one or mroe holds
Note->The 'Cancel selected (0)' button changes to 'Cancel
selected (1)', etc.
5. Cancel selected Holds using the (Cancel selected (#) button)
6. Confirm Cancellation
7. Wait for background processes to complete, then verify holds are cancelled.
8. Return to Open Circulation->Holds Awaiting Pickup (circ/waitingreserves.pl)
9. Ensure button shows "Cancel selected (0)"
10. Click "Next >" to navigate to page 2 of holds
11. Click a checkbox for one or more holds
Note->The 'Cancel selected (0)' button DOES NOT increase as boxes
are selected.
12. Cancel selected Holds using the (Cancel selected (#) button)
13. Confirm Cancellation
14. Wait for background processes to complete, then verify holds are cancelled.
Note-> Holds were not cancelled
15. APPLY PATCH
16. Try step 9-14 again. This time the 'Cancel selected (0)' button should update even when you paginate.
17. Make sure you try all the tables, Holds waiting, Holds waiting over X, Holds with cancellation requests.
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit bbd1fa0bfa2604e60eb38072569d7af5ec6808d8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit ca43567e86220d1a5ef645d23b500ef4a6362169) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Tue, 23 Jul 2024 12:14:44 +0000 (12:14 +0000)]
Bug 37378: libraries_where_can_see_things should always return an array
The subroutine libraries_where_can_see_things stores the list of libraries that things
can be viewed from in an internal variable, so we can return this directly if we have already calculated.
When returning if not cached, we dereference the list and return an array. If cached, we are returning
an arrayref. This patch simply ensures we dereference the array even if already cached.
Before this patch, we were fetching the patrons, then redacting all info as their branches didn't match against
an arrayref, rather than checking against each branch we are allowed to view.
To test:
1. Setup a library group and check the "Limit patron data access by group ." option.
2. Add some libraries to the group. ( IN k-t-d I added CPL and MPL )
3. Create a staff account who has staff access permissions and all of the borrower permissions except "view_borrower_infos_from_any_libraries"
4. Set the home library of that staff member to one of the branches in step 2. ( In my test I choose MPL )
5. Log in as that patron and attempt a patron search that would include users from either library in step 2.
6. See the error:
Bug 37285: Printing lists only prints the ten first results
GIVEN koha in a version later than 22.11, a list with more than ten entries
WHEN the user tries to print the list
THEN only the ten first results are printed
EXPECTED THEN all results are printed
It looks like it is an undesired effect of BZ36858. Page remains set
even while printing, therefore, however the number of rows is not set,
default value (10) is used.
TEST PLAN
1 - create a list with more than 10 items
2 - print the list -> there is a pagination and that only 10 items
are printed
Apply patch
3 - print the list again -> every items are being printed
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 64027daadcea8c44cb73aae71a48ac64d527ed3f) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 0f8f20a01fede0991500bff529d540959fea6251) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 33455: Fix the size of the patron change password heading
The H1 heading on the patron change password page in the staff
interface is too big and should be outside of the area with
form area with the white background.
Test plan:
1. In the staff interface, click on top right of menu and navigate
to my account.
2. Click the 'Change password' button.
3. Note that title is now outside the legend and font size is
comparable to other H1 headings (e.g. Duplicate).
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 3eb461bc9b293aa88a1c60addc5125759b46ff03) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 59d8f236ad818c58e26f5dc43f59d000b51895cf) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Eric Garcia [Tue, 23 Jul 2024 18:04:41 +0000 (18:04 +0000)]
Bug 37435: Fixed renew patron from moremember.pl without circulate permissions
To recreate:
1. Have a staff account with limited permissions:
-Staff access ( catalouge )
-Add, modify and view patron information (borrowers)
-NO circulate permissions
2. Log in as that staff user and find a patron with an expired account.
3. See the warning "Expiration: Patron's card has expired. Renew or Edit details".
4. Try clicking on Renew, you are logged out and see "Error: You do not have permission to access this page."
To test:
1. Apply patch
2. From the expired patron's details page see the warning and click Renew
3. Notice it renews the patron and returns to the patron details page
4. Details -> Edit -> Set the expiration date so that the patron is expired
5. Go back to your staff patron and check 'Check out and check in items' permission
6. In your expired patron's page -> Check out -> See warning -> Renew
7. Notice it renews the patron and returns to the check out page
8. Set the expired patron's expiration date so that it expires soon
9. Uncheck 'Check out and check in items' permission for your staff patron
10. Confirm the warning for your patron now is "Expiration: Patron's card expires on (DATE). Renew or Edit details"
11. Repeat steps 2-7 and notice it returns to the correct pages
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 39ff9705444f8da1ebd82e2093a808c26c503338) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 012fd3d0c1ba3a324a264d4d83c7d822ac301857) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Kyle M Hall [Fri, 19 Jul 2024 16:23:43 +0000 (12:23 -0400)]
Bug 36362: (QA follow-up) Tidy code
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit a62d39ea11a9b6986c155f6333ac6e3afde0dd87) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit b507aad0cb1876abcea6476035ed7a7570ad0860) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
David Gustafsson [Tue, 19 Mar 2024 17:33:18 +0000 (18:33 +0100)]
Bug 36362: Only call Koha::Libraries->search() if necessary in Item::pickup_locations
To test:
1) Make sure the following tests pass:
- t/db_dependent/Koha/Item.t
- t/db_dependent/Koha/Biblios.t
- db_dependent/Koha/Biblio.t
Sponsored-by: Gothenburg University Library Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 2c1e95562188a6d93c22055e30d6a5e9d7e50034) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit a409b16d5b3bd871a04f9bcdc8f01f6aed653f3b) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Emmi Takkinen [Mon, 19 Feb 2024 10:55:26 +0000 (12:55 +0200)]
Bug 36129: Make check on "Hide all columns" persist on item patch modification/deletion
On item patch modification/deletion tool, if one checks
"Hide all columns" checkbox and then reloads the page,
checkbox is no longer selected. Columns are hidden as
they should. This patch adds line to batchMod.js which
sets "checked" attribute and class "selected" to checkbox.
To test:
1. Find items to modify/delete and modify/delete them with
corresponding tool.
2. Check checkbox "Hide all columns".
3. Refresh the page.
=> Note that columns are still hidden, but checkbox is now
unselected.
4. Apply this patch.
5. Check checkbox again and refresh page.
=> Checkbox should be still checked.
Sponsored-by: Koha-Suomi Oy Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 1a154f1f0e1fa4d5c7295ba181fc27eaff99fd09) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 909987cd4db25088e68b5ca75404f25dab6b3fba) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Wed, 10 Apr 2024 11:30:33 +0000 (11:30 +0000)]
Bug 36566: Correct eslint errors in OPAC enhanced content JS
This patch fixes various eslint errors in enhanced content JS files:
- Consistent indentation
- Remove variables which are declared but not used
- Add missing semicolons
- Add missing "var" declarations
To test, apply the patch and clear your browser cache if necessary.
- Go to Administration -> System preferences and enable these
preferences:
- OPACAmazonCoverImages
- BakerTaylorEnabled
- GoogleJackets
- OPACLocalCoverImages
- OpenLibraryCovers
- Go to the OPAC and confirm that covers from these services appear
correctly in search results and on detail pages.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 3d82116830ac7fbafe7414e08f155a54b7bb723f) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 19dd5221f3686c37a54aba97121f578d74228f9e) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Mon, 22 Jul 2024 19:46:33 +0000 (19:46 +0000)]
Bug 37425: Check for existence of biblio object before fetching cover images
This patch simply adds a conditional to ensure the biblio object has been retrieved and assumes no cover images otherwise
To test:
1 - Enable system preference LocalCoverImages
2 - Perform a search in staff interface
3 - Find the biblionumebr for one of the results and delete it via the SQL backend:
DELETE FROM biblio WHERE biblionumber=3;
4 - Search again.
5 - KO!
Can't call method "cover_images" on an undefined value at /usr/share/koha/intranet/cgi-bin/catalogue/search.pl line 671.
6 - Reindex, confirm error is gone
7 - Apply patch
8 - Search again
9 - Delete a record from the results via SQL
10 - Reload and confirm no error
11 - Reindex and repeat search and confirm no error
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8fdddccffb2fa165b32e6a9c9b8d6d3dcacd5b08) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 4d141a6bb7210b1d4136bed3dcc38e408f148554) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Thu, 16 May 2024 13:57:11 +0000 (13:57 +0000)]
Bug 36885: Fix Bootstrap tooltip on budget planning page
This patch finishes the process of adding a Bootstrap tooltip to the
listing of funds which are locked.
To test, apply the patch and go to Administration -> Budgets.
- Edit a budget and make it locked: Check the "Lock budget" checkbox and
save.
- View the budget you locked.
- From the toolbar, click Planning -> Plan by months.
- In the table of funds, hover your mouse over a fund.
- You should see a Bootstrap-styled tooltip, "Fund locked."
Signed-off-by: David Nind <david@davidnind.com>
Bug 36885: (follow-up) Correct popup hint
Bug 36885: (follow-up) Remove tooltip from unlocked budgets (copy-paste error)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit deb9bf78b8197eeb90e2c9c9088104a0b91d498b) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit c20fede430654dc3c6830d6227e9e954859ec993) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Kyle M Hall [Fri, 19 Jul 2024 13:54:44 +0000 (09:54 -0400)]
Bug 29509: (QA follow-up) Tidy atomic update
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0505531cde2e0513a2c8fbc3c91d18f9ae3a3a89) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 95082c34db25156fef12dba6ab44956d54aab20d) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Tue, 7 May 2024 13:18:04 +0000 (14:18 +0100)]
Bug 29509: (QA follow-up) Check top level permissions too
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 56c7c3782b2ceacbbd2777ec0f3fa9955e877d2c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit b33b9b5f615a5e99a309b016148ca5dde6c0e5b9) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Mon, 22 Jan 2024 16:49:56 +0000 (16:49 +0000)]
Bug 29509: Update swagger specification and add permissions to users
This patch removes the 'edit_borrowers', 'manage_bookings',
'lable_creator', 'routing' and 'order_manage' permissions from the list
of options in the patrons list endpoint.
We then assign the new 'list_borrowers' permission to any users who have
those removed permissions
Test plan
1) Apply patch and run the database update
2) Users with any of the permissions listed above should now also have
the 'list_borrowers' permission too.
3) Check that patron searching continues to work from the various
locations in the UI for the above affected users
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Incorporated second patch and removed 1<<4. 16 reads much better :)
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 85ea79c45b6f95baee9ec955c6c09046808771b5) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 435211adbc230514f4c0c370bbe8002dafa595af) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Andreas Roussos [Mon, 1 Jul 2024 14:27:42 +0000 (14:27 +0000)]
Bug 37226: append a random number to the `id` attribute of each <li>
When you view the authority details page for a term that contains more
than one terms with broader relationship, clicking on the expand/collapse
arrows next to the top-level terms in the hierarchy tree will not work
properly, i.e. *only one* broader term will show the narrower term under
it at any given time.
This is affecting both the OPAC and the Staff interface.
This is happening because in the HTML source of the page the individual
<li> elements associated with each node do not have unique `id` values,
which confuses the JavaScript library (jsTree) responsible for rendering
the hierarchy tree.
This patch fixes that by appending a random number to each `id` attribute.
Test plan:
0) Enable the AuthDisplayHierarchy System Preference (set to 'Show').
1) Copy the provided MARC21 Authority sample data (sample-data.mrc)
to your KTD Koha container (it must have MARC21 marc flavour):
2) Import the provided authorities (the sample file contains three
Geographic Name records):
WARNING! the --delete switch is passed to bulkmarcimport.pl
WARNING! this will erase any authority data you have in your instance!
(this is done to retain the broader/narrower authid associations)
In the authority hierarchy tree, click the arrows next to 'Europe'
and 'Greece' to expand and show the narrower term: notice how only
one item works at any given time.
4) Apply the patch.
5) Repeat step 3) (refresh the pages) -- this time you should be able
to view 'Athens' as a narrower term of both 'Europe' and 'Greece'
at the same time.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 24e54b1fd4b241a0d5723ff7ec97b2fe9645d577) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 8add61d7f379b966c1dafc30a499a9267a567fd7) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch moves the error check right before the ->check_columns call.
This is how main and 24.05 behave. 23.11 doesn't have bug 35907
backported so things are not exactly the same. With this patch tests
pass and the only difference in behavior is logging.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Nick Clemens [Mon, 12 Aug 2024 12:10:12 +0000 (12:10 +0000)]
Bug 37508: Don't return Internal server error when running report
To test:
1 - Create a report like:
SELECT "a"
FROM borrowers
WHERE <<Test>> != ''
2 - Run report
3 - Enter "password"
4 - Internal server error / stacktrace
5 - Apply patch
6 - Repeat
7 - Get a yellow warning box
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
David Cook [Wed, 7 Aug 2024 01:15:10 +0000 (01:15 +0000)]
Bug 37508: Test for errors when returning an aliased password column
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 37508: Throw error if password column is detected in SQL report
This enhancement prevents SQL queries from being run if they would return a password field from the database table.
To test:
1. Run tests and notice they fail t/db_dependent/Reports/Guided.t
2. Apply patch and restart services
3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t
Sponsored-by: Reserve Bank of New Zealand Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 37370: Return 400 if OpacExportOptions does not contain the passed format
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
David Cook [Thu, 25 Jul 2024 06:44:37 +0000 (06:44 +0000)]
Bug 37466: Add correct filter for sort_by in results.tt
This patch replaces the $raw filter with the correct uri filter
for the sort_by in results.tt
Test plan:
1. Apply patch
2. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=1
3. Click on "Edit this search"
4. Note that the "Popularity (most to least)" Sort by option is selected
5. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=24y24ty2498294t9824yt9y23
6. Click on "Edit this search"
7. Note that the "Popularity (most to least)" Sort by option is selected
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
David Cook [Thu, 25 Jul 2024 06:56:18 +0000 (06:56 +0000)]
Bug 37464: Validate "type" sent to barcode/svc
This change validates the "type" sent to the barcode/svc. Without this
change, we pass the user input directly to GD::Barcode, which passes
the input into an eval{} block without any validation of its own.
Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=bad&barcode=123456
3. Note that a Code39 barcode is provided for an invalid type
4. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=Code39&barcode=123456
5. Note that a Code39 barcode is provided
6. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=UPCE&barcode=123456
7. Note that a non-Code39 barcode is provided (presumably UPCE)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
David Cook [Fri, 26 Jul 2024 04:01:43 +0000 (04:01 +0000)]
Bug 37488: Validate paths in datalink.txt/idlink.txt files
This change validates the paths in datalink.txt/idlink.txt,
so that only images in the unpacked archive directory are allowed
Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Create a datalink.txt file with the following:
42,selfie.jpg
3. Create a jpeg at selfie.jpg
4. ZIP the datalink.txt and selfie.jpg files
5. Upload to the "Upload patron images" tool
(after enabling the "patronimages" system preference)
6. Note that the image uploads correctly
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
David Cook [Fri, 26 Jul 2024 03:27:22 +0000 (03:27 +0000)]
Bug 37323: Tidy
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Chris Cormack [Thu, 18 Jul 2024 23:57:32 +0000 (23:57 +0000)]
Bug 37323: Don't allow symlinks in link files in zip and validate filepaths
Test plan:
0. Apply patch and restart/reload Koha
1. Test that uploading a patron image still works, in single file format and as a zip
Work as suggested
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Amit Gupta [Thu, 11 Jul 2024 17:43:06 +0000 (23:13 +0530)]
Bug 37323: Escape characters in patron image picture upload
To Test
1. Create a file name for example: test.zip`curl xxxxtesting.informaticsglobal.com`.zip
where the domain is one you can watch the logs from.
2. Go to Tools and click on Upload patron images choose option zip file and upload the file.
3. Check /var/log/apache2/access.log and see the curl with the IP
"xx.xxx.xx.xxx - - [11/Jul/2024:23:10:33 +0530] "GET / HTTP/1.1" 200 267 "-" "curl/7.68.0"
4. Apply the patch
5. Repeat 2 and 3 step and check no error is coming for the Remote execution error.
6. Test uploading actual zip file and images still works.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 37255: Fix handling of "All" values on waiting hold cancellation policy
If one creates a default waiting hold cancellation policy with
patron categories set as "All" and itemtype set as "All", Koha
breaks on 500 error. This happens because in we try to match
template policy with "All" values either in category or itemtype
with *, not undef. This patch fixes this.
To test:
1. Create a new default waiting hold cancellation policy and
set both patron category and itemtype as "All".
2. Save policy.
=> Error page for error 500 is displayed.
3. Apply this patch.
4. Reload page.
=> Page is displayed and policy listing displays new policy
as it should.
Sponsored-by: Koha-Suomi Oy Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Andreas Jonsson [Wed, 31 Jul 2024 09:06:02 +0000 (09:06 +0000)]
Bug 37533: fix query in orderreceive.tt
The new validation in the REST API will no longer allow
the operator "in". Consequently, it has to be replaced
with the allowed "-in".
Test plan:
* Open an invoice and click "Go to receipt page" and
on any basket click "receive" and make sure the dialog
box appears.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Marcel de Rooy [Mon, 12 Feb 2024 08:01:26 +0000 (08:01 +0000)]
Bug 10758: Show title of deleted biblio on basket page
Test plan:
Find a completed order line and a cancelled one with deleted biblios.
Goto acqui/basket.pl
Check if you see the title if deleted_biblionumber is filled.
Lucas Gass [Fri, 1 Mar 2024 15:46:04 +0000 (15:46 +0000)]
Bug 36187: Corrected set data.patron_id in select_suggestor()
To test:
1. Make a new suggestion in the staff interface and attempt to set the "Created by" patron to someone other than the logged in user.
2. Submit the suggestion.
3. select suggestedby from suggestions where suggestionid = X; ( Where X is the suggestionid )
4. The value is NULL
5. On suggestion/suggestion.pl the "Suggested by" column is blank.
6. APPLY PATCH
7. Try 1 - 3 again. This time the suggestedby should be correctly set.
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 607b80c5a601f54920a2b3b259896ac4e490e0ab) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Hammat Wele [Thu, 27 Jun 2024 14:09:04 +0000 (14:09 +0000)]
Bug 37210: Escape single quote in search string in overdue.pl
To Test:
1. Go to /cgi-bin/koha/circ/overdue.pl
2. In the «Name or card number» field, type «Tommy'and(select(0)from(select(sleep(10)))v)and'»
3. Apply the filter
==> It takes 10 seconds, sleep(10) is executed
4. Inspect the page, in «Patron category:» field, put «Tommy'and(select(0)from(select(sleep(10)))v)and'» in one of his option's value
5. select the option from the filter and Apply the filter
==> It takes 10 seconds, sleep(10) is executed
we can inject SQL to the followin field : borname, itemtype, borcat, holdingbranch, homebranch and branch
6. Apply the patch
7. Repeat step 1,2,3
==> it doesn't take 10 seconds, the injected sql is not executed
8. Repeat step 5
==> it doesn't take 10 seconds, the injected sql is not executed
9. Repeat step 5 with the followin field : itemtype, holdingbranch, homebranch and branch
==> it doesn't take 10 seconds, the injected sql is not executed
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Bug 37018: Add 400 response definition to all routes
This patch adds a test for well defined 400 responses on all verbs and
paths on the API spec.
The tests verify:
* Presence of 400 response definition
* The description must start with 'Bad request' (needs coding guideline)
* If DBIC queries are allowed on the route, then `invalid_query` needs
to be mentioned in the description.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Wed, 10 Jul 2024 08:39:33 +0000 (09:39 +0100)]
Bug 37018: Clarify operators
This patch clarifies the list of operators both in the validate routine
and in the swagger descrption block where we document this feature for
the end user.
JD amended patch: tidy
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 37018: Handle exception in unhandled_exception() helper
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 37018: (follow-up) adding some allowed operators
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Wed, 5 Jun 2024 13:20:22 +0000 (14:20 +0100)]
Bug 37018: Use validation in search_rs helper
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Wed, 5 Jun 2024 13:19:54 +0000 (14:19 +0100)]
Bug 37018: Add validation method to Koha::REST::Plugin::Query.pm
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Wed, 5 Jun 2024 13:19:06 +0000 (14:19 +0100)]
Bug 37018: Unit tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds regression tests. With the current codebase, the
malicious query returns a 200. It should be caught and a 400 needs to be
returned.
To test:
1. Apply this patch
2. Run:
$ ktd --shell
k$ prove t/db_dependent/api/v1/query.t
=> FAIL: It returns a 200
3. Once the rest of the patches are ready, repeat 2
=> SUCCESS: It returns a 400
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 5 Jul 2024 12:47:42 +0000 (14:47 +0200)]
Bug 37247: Fix display of "closed"
The subscription was not shown as closed after we closed it.
This is because "closed" is not passed to the template.
It seems more reliable to rely on the subscription object (that is passed to both
serials/serials-collection.tt and serials/subscription-detail.tt, the
others are not showing the Reopen/Close buttons)
Also fetch the subscription object after and reopen/close it to display
accurate values.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 37247: Fix subscriptions operation allowed without authentication
Move close and reopen after get_template_and_user().
Also move Koha::Subscriptions->find(), not a good idea to run DB queries
before authentication.
Test plan :
1) Apply patch
2) Authenticate to staff interface
3) Go to an existing open subscription
4) Open a new browser tab and use it to log-out
5) Go to first tab and click on 'Close'
6) You get login page
7) Authenticate
8) Check subscription is not closed
9) Check you can close and reopen subscription
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
David Cook [Fri, 21 Jun 2024 01:45:51 +0000 (01:45 +0000)]
Bug 37146: Prevent path traversal by validating input
This patch validates the plugin_name passed to plugin_launcher.pl
against the base path containing the "value_builder" directory.
Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=29
3. Check that the tag editor for leader still works
4. Go to http://localhost:8081/cgi-bin/koha/cataloguing/additem.pl?biblionumber=29
5. Check that the pluginf or "Date acquired" still works
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Chris Cormack [Sat, 29 Jun 2024 22:52:42 +0000 (22:52 +0000)]
Bug 37183: Batch edit serial subscriptions sets expiration date to today
Test plan:
Add some serials:
1) Add a new serial, visit:
/cgi-bin/koha/serials/subscription-add.pl
2) Put a biblionumber in the 'record' field, e.g. '112'.
Press 'next' and click 'ok' on the alert box.
3) Fill all the required fields and click 'test prediction'.
4) Fill the Subscription end date (= Expiration Date).
5) Click 'save subscription'.
6) Repeat steps 1-5 to create a second serial.
Batch edit serials:
1) Visit serials and hit the 'Search' button:
/cgi-bin/koha/serials/serials-home.pl
2) Click the 2 checkboxes for the 2 serials we created
previously and click the new link that pops up
'Edit selected serials'.
3) Click 'Save' without changing anything.
4) Go back to either of the serials, notice the value
for Expiration date is changed to TODAY
(the date of the batch edit).
Apply the patch and retest the batch editing (before
retesting, change the expiration dates of the two
serials back to the original expiration date).
Note that the expiration date now only changes if you
enter a date in the 'Expiration date' field.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5a07a04fdb23aa13f85df64b1f2a4739397f5f28) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 1955ec2a7dbbe02c0c9351b5ca95a0ba4aea672e) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 36565: Preservation module API docs fixes (bug 30708 follow-up)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 36565: Biblio merge API docs fixes (bug 33036 follow-up)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 36565: ILL requests API docs fixes (bug 22440 follow-up)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 36565: Bookings API docs fixes (bug 29002 follow-up)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch introduces tests on the OpenAPI spec so that all tags used in
path definitions have their corresponding entry at the top level 'tags'
section.
This it important for correctly rendering the API documentation.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 80bd0a19dd8cd018b595c743df6e7ac5a518e862) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Tue, 19 Dec 2023 15:29:35 +0000 (15:29 +0000)]
Bug 35536: Remove last two references to resultset PluginData
Test plan:
Run t/db_dependent/Koha/Plugins/Plugins.t
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 34cc0d29dfd6fe9fb8201640a13936cd5fa6b1b4) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Tue, 19 Dec 2023 14:59:36 +0000 (14:59 +0000)]
Bug 35536: Silence tests when run from koha-qa.pl
Extending the regex in Plugins::_verbose.
Test plan:
Run qa tools on patch set.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9b9ae27a0e3c5acfb6093c7977a001fcf4857033) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Mon, 18 Dec 2023 08:52:20 +0000 (08:52 +0000)]
Bug 35536: Refine verbose handling in some Koha::Plugins calls
Three routines in Plugins got the verbose parameter on 35507.
We can refine this a bit further.
The idea here is report when you are installing plugins but not
report when just calling plugins (flooding logs).
[1] GetPlugins: Most callers do not expect (or check) results for
failing plugins. This patch makes GetPlugins only return
errors when passing the *errors* flag (in 2 cases).
[a] The misc/devel script prints warnings now using verbose,
so does not need the errors flag anymore.
[b] plugins/plugins-home is the only case left. Tiny adjustment
to keep current behavior. Fixed colspan in template.
Does not need verbose in favor of 'errors' (passed to
template).
[c] For most calls we do not want verbose. New default is 0.
[2] InstallPlugins
[a] Disabled verbose in plugin-upload. Not really needed.
Added a FIXME; we need to improve individual install.
[b] misc/devel: No warnings anymore when calling InstallPlugins
after GetPlugins.
[3] get_enabled_plugins
[a] Plugins->call does not need verbose.
[b] Plugins->feature_enabled does not need it too.
Test plan:
[1] See previous plan. With TestMR data but without patch, run
misc script and go to plugins-home. Do you see load errors on
commandline or form?
[2] Run plugins/plugins-upload (uploading just some file is good
enough); verify that you do not see TestMR lines in logfile.
[3] Run t/db_dependent/Koha/Plugins/Plugins.t for the additional
test on verbose and errors flag.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d8e04545b80869821057d5b2c3ac46f6e18b1b78) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Thu, 14 Dec 2023 07:54:22 +0000 (07:54 +0000)]
Bug 35536: Reorder rollbacks
Time to move all RemovePlugins calls BEFORE rollbacks.
Broken.t did not even include a transaction! Some modules
are removed there as well.
Test plan:
Search for wrong order with:
grep -Pzo "txn_rollback;\n.*RemovePlugins" $(git grep -l RemovePlugins)
No occurrences left? Think of another grep :)
Check number of records in plugin_data/methods.
Repeat: prove $(git grep -l Koha::Plugin | grep -P "^t\/db")
And check number of records again. Same?
Bonus: Apply TestMR plugin patch (marked DO NOT PUSH).
Run perl -MKoha::Plugins -e"Koha::Plugins->new->InstallPlugins".
Check plugin records in database.
Keep those records but remove last patch from git.
Run previous prove and verify no data changes since last check.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e32174f29ac1b06b60b160a0d37c6aaf767c9126) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Thu, 14 Dec 2023 08:02:01 +0000 (08:02 +0000)]
Bug 35536: Add RemovePlugins calls in plugin unit tests
[1] Replace Methods->delete by RemovePlugins.
git grep -l "Plugins::Methods->delete" | xargs sed -i -e's/Plugins::Methods->delete/Plugins->RemovePlugins/g'
[2] Replace $schema->resultset('PluginData')->delete by destructive parameter.
[3] Add RemovePlugins too in Handler->delete too. Note that this call
might be better off with disable? Added a comment.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9d73d40ea38ac7a1662f5058c22c57b2b7438e40) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Wed, 13 Dec 2023 15:12:30 +0000 (15:12 +0000)]
Bug 35536: Add Koha::Plugins->RemovePlugins class method
Test plan:
Run t/db_dependent/Koha/Plugins/Plugins.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 950c1e63f864ea1b1a194d685b2d8bd7ae83190d) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Wed, 13 Dec 2023 15:03:39 +0000 (15:03 +0000)]
Bug 35536: Add Koha object classes for plugin_data
Test plan:
Read the patch.
The objects will be used in subsequent patches, and tested there.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5ef6a3fce70efe372733ac5c0a3ff267cd799838) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Wed, 13 Dec 2023 15:20:19 +0000 (15:20 +0000)]
Bug 35536: Reorganize Plugins.t
Move stuff in the middle into new subtest.
Add transaction around second set of subtests.
Test plan:
t/db_dependent/Koha/Plugins/Plugins.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e30915eb6b9266d5e1caca528d9ff0650b966253) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
David Cook [Thu, 23 May 2024 00:47:08 +0000 (00:47 +0000)]
Bug 36741: Skip auto_too_soon issues in auto renew digest
This change adds a line to skip auto_too_soon issues/checkouts
in the auto renew digest template.
Since auto_too_soon do not trigger notifications and don't require
any special action, let's skip them in the breakdown of checkouts in
the AUTO_RENEWALS_DGST email.
Test plan:
0. Apply the patch
1. reset_all (in koha-testing-docker)
2. Note the following line in the AUTO_RENEWALS_DGST template:
[% NEXT IF (checkout.auto_renew_error == 'auto_too_soon') %]
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 05432982cf8a407872fd643206a14550c0d0a53a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 51ae7f9b3b315ab51c071e1eb8d2997c929a5c48) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Mon, 5 Jul 2021 18:34:58 +0000 (19:34 +0100)]
Bug 28664: Prevent refunds against void lines
With the introduction of double entry accounting for VOID actions, we
need to add an additional filter to the 'Issue refund' button appearance
Test plan
1/ Add a debt
2/ Pay the debt
3/ Void the payment
4/ Confirm that with the patch applied the 'Issue refund' button doesn
not appear on the 'Void' accountline.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a47474e3d771dff8cb3daa3c4641718796d11381) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 7f2467cd508346935d7e922166c67a32137fc9a8) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Sam Lau [Thu, 6 Jun 2024 14:29:54 +0000 (14:29 +0000)]
Bug 37044: Added library branch to SCO OPAC message
This patch simply adds the correct branch at the end of an OPAC message on the SCO page.
To Test:
1) From the staff interface, click on a patron and add an OPAC message
to their account.
2) Log into the SCO with this patron.
(http://localhost:8080/cgi-bin/koha/sco/sco-main.pl)
3) Notice how in the "Messages for you" at the top, you will see the
message, however, at the timestamp, it says something like "Written
on 06/06/2024 by " w/o listing the library that sent it.
4) Apply patch
5) Log back into SCO module
6) Note that now in the message timestamp, it correctly lists the
library that sent the message.
7) Sign-off
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4801037abe0f8d294eb03503c2b5a275ed06f62a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit da490f117af20f4307d2c62e01bc1db7bc0b7695) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Fridolin Somers [Wed, 21 Feb 2024 09:09:30 +0000 (10:09 +0100)]
Bug 36141: Add classes to CAS text on OPAC login page
This enhancement makes it easier for libraries to change the CAS-related messages on the OPAC login page.
It moved the invalid CAS login message above the CAS loging heading,
like for Shibboleth login.
Test plan :
1) Enable system preference 'casAuthentication'
2) Restart all caches (restart_all in koha-testing-docker)
3) Go to OPAC, logged out
4) Click on 'Log in to your account'
5) In the staff interface, edit the OPACUserJS system preference. Add the following JS and Save:
$(".cas_invalid").text("Test changing the invalid CAS login message.");
$(".cas_title").text("Test changing the CAS login heading.");
$(".cas_url").text("Test changing the CAS account link text.");
$(".cas_url").after(' <i class="fa fa-globe" aria-hidden="true"></i>');
6) Refresh the OPAC and confirm the text changes to reflect your JS.
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0e1289d0149d788d7925c2e01f193da7ef3b469a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 0d343979bd6b842f969597e8ee7c74756559c4a8) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Denys Konovalov [Sun, 23 Jun 2024 12:13:35 +0000 (14:13 +0200)]
Bug 36128: Use of uninitialized value in string eq at /usr/share/koha/lib/C4/Overdues.pm
Fixes the following error message when running the overdues check cronjob on a
Koha system without defined overdue rules:
/etc/cron.daily/koha-common:
Use of uninitialized value in string eq at /usr/share/koha/lib/C4/Overdues.pm
line 686.
by checking if the variable is defined before comparing it.
Test plan:
1. Go to Tools - Overdue notice/status triggers and verify that for every single
patron type for both Default and every individual library, you have no value
set for Delay, so that you will never send anyone an overdue notice
2. Run the cron job which creates and sends overdue notices
3. Confirm the above mentioned error no longer appears
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4c8586270af07d4281215d060cef004e33999972) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 319f954c2194c9f6c090a9def9f6b04eaeb81035) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Eric Garcia [Tue, 25 Jun 2024 17:18:13 +0000 (17:18 +0000)]
Bug 35240: Add missing IDs to input
1. Tools -> Rotating collections -> Edit collection
2. Use browser dev tools to notice that the inputs don't have matching
IDs
3. Apply patch
4. Do step 2 again and notice IDs are no longer missing.
5. Sign off :)
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 21a66bf17c867734271e57c9f06b0b3e619d9ff0) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 27cbe1d0cf85a79ac57505452189d025f5841437) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Pedro Amorim [Fri, 24 May 2024 16:10:44 +0000 (16:10 +0000)]
Bug 30372: Fix value->attribute
Test plan:
- Activate patron self registration without email verification
- Create several patron attributes as visible and editable in the OPAC, make one mandatory
- Register as a new patron from the OPAC
- Fill in all required fields but the extended attribute
- Fill in at least one of the non-required extended attributes
- Submit
- Verify that the contents of the other extended attribute fields are still present.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4616ddc8ab4b7b570f9444f999c2b50a463df6d4) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 519aa84d2b6fd5e19bd14dde18d12ba7e10ca06c) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Hammat Wele [Fri, 21 Jun 2024 17:07:47 +0000 (17:07 +0000)]
Bug 37157: Fix Malformed UTF-8 character in JSON string before decode_json
When we add a new identity provider and put some special characters in the Config or Mapping field, we got 500 error when we list the identity providers
To test:
1. Apply this patch.
2. Add a new identity provider
2.1. fill the form
2.2. click on «Add default Oauth configuration» and on «Add default Oauth mapping»
2.3. put some special characters in Configuration and Mapping field
3. Save the form
=> Confirm the identity providers list is shown correctly
Also prove t/db_dependent/api/v1/provider.t.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 55b892dca46b1acdda0e962695699e4bf82d5de6) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 5193b6d5706cb9dac51b9af802939b926820c031) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Andreas Jonsson [Thu, 13 Jun 2024 15:00:31 +0000 (17:00 +0200)]
Bug 37016: Invalid due date in SIP renew response
Test plan using koha-testing-docker:
1) Make sure SIP is running. You may need to edit
/etc/koha/sites/SIPconfig.xml and remove the 8023 connector and
restart the SIP-server (koha-sip --restart kohadev)
2) Find a patron, say 23529000197047
3) Set a password by selecting "change password", set it to
"Password1234"
4) Find a book, say 39999000000856
5) Issue book to patron with sip-client:
sudo koha-shell -c "/usr/share/koha/bin/sip_cli_emulator.pl \
--address localhost --port 6001 -t cr \
--su term1 --sp term1 --message checkout \
--location CPL --item 39999000000856 \
--patron 23529000197047 --password Password1234"\
kohadev
6) Note the AH-header in the response which for example:
'AH20240619 235900'
7) Make a renewal with:
sudo koha-shell -c "/usr/share/koha/bin/sip_cli_emulator.pl \
--address localhost --port 6001 -t cr \
--su term1 --sp term1 --message renew \
--location CPL --item 39999000000856 \
--patron 23529000197047 --password Password1234"\
kohadev
8) Make sure the AH-header in the response is different from the
response to the checkout, for example: 'AH20240624 235900'
Signed-off-by: Tadeusz „tadzik” Sośnierz <tadeusz@sosnierz.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3295fd52279728c222ef6504766ab9d573561e0f) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 82f15de4fbdcb7a117a4c158741b927beb01f20e) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Wed, 26 Jun 2024 14:44:34 +0000 (14:44 +0000)]
Bug 37016: Unit tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 6aa2198965b1f98eda1d877c39af860c86b208a8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 707fd46925024a5080d467742704d59e3bd0fe0d) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lucas Gass [Mon, 15 Jul 2024 16:20:15 +0000 (16:20 +0000)]
Bug 37345: Only toggle_onsite_checkout() if OnSiteCheckoutAutoCheck is enabled
To test:
1. Find an item to checkout and a patron to check out to.
2. Set a due manually: "Specify due date (MM/DD/YYYY):"
3. Before checking out click the "Remember for session:" checkbox.
4. Check the item out.
5. The specific due date is not retained.
6. APPLY PATCH
7. Try 1 -4 again, now the date should be sticking.
8. Turn on the OnSiteCheckouts system pref and make sure it still works
9. Turn on the OnSiteCheckoutAutoCheck system pref and make sure the on-site checkbox is still checked after doing an on-site checkout.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3276e0fa0c9931bab75c50b59c66c44f89c459b3) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 75a77a3c82c0f51d7ead49e6670aef7bd4029242) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 36527: Patron category or item type not changing when editing another circulation rule
Plan test :
1. Go to Administration > Circulation and fine rules
2. Add a couple of rules with various patron category/item type
combinations
3. Click on "Edit" next to one of the rules
--> The line should become highlighted in yellow and the values
should be copied in the very last row
4. Click on "Edit" next to another rule
5. Click OK in the browser dialog box to confirm you want to edit
another rule
--> Depending on the rules, the values for the patron category
and/or item type might not change in the editing row
6. Repeat steps 4 and 5
--> The patron category and item type do not always change
7. Apply the batch
8. Redo step from 3 to 6
9. Observe that category and item type change accordingly
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7e8502e087abb1adee1900380b1a67885aeb7fa0) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit fe29c2551ffb9cd01d6f0f30ea9143a29d7c4b73) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lari Strand [Wed, 29 May 2024 10:53:22 +0000 (13:53 +0300)]
Bug 36982: Collections facet does not get alphabetized based on collection descriptions
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 83762f6feec027cf6acff2022c9eb528ac1507d8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 5d059209f7e936500d706901d7057e287a90a85a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
projects / koha.git / log