]> git.koha-community.org Git - koha.git/log
koha.git
2 months agoBug 37591: Fix moredetail.tt performance issue
Johanna Räisä [Fri, 9 Aug 2024 05:58:31 +0000 (08:58 +0300)]
Bug 37591: Fix moredetail.tt performance issue

This patch fixes the performance issue in moredetail.tt by removing the
unnecessary call of checkout_renewals table.

To test:
1. Create lot of checkouts and renewals for a record.
2. Open the moredetail page for the record.
3. Check the timing of the page load.
4. Apply the patch and check the timing of the page load again.
5. The page load should be faster after applying the patch.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37382: Report download is empty except for headers if .tab format is selected
CJ Lynce [Fri, 26 Jul 2024 18:53:37 +0000 (18:53 +0000)]
Bug 37382: Report download is empty except for headers if .tab format is selected

When exporting a report in tab delimited format, the downloaded file
    would have the header rows but no data results.
Also, misc files are created on the server file system in koha/reports
    with data that should have been in the .tab file.
This patch fixes both of these issues.

To test:
1. Login to staff client
2. Go to Reports and create a report from SQL - sample report
    SELECT i.barcode, b.title, b.biblionumber, i.itemnumber
FROM items i
LEFT JOIN biblio b on i.biblionumber = b.biblionumber
WHERE i.itemnumber < 50
3. Run the report
4. Click 'Download'->'Tab separated text'
5. Download file
6. Open file in a text editor or favorite spreadsheet app
    File will have headers rows, but no other item data
6a. If able, check the server filesystem in koha/reports
There may be files there related to report data. Remove.
7. Apply Patch
8. Repeat steps 3-6,
    File will now have the table data, hooray!
8a. If able, check the server filesystem in koha/reports
No new files should be created.

Signed-off-by: Laura ONeil <laura@bywatersolutions.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37409: Fix 'Edit' button for items in course reserves list
Sam Lau [Fri, 26 Jul 2024 20:52:19 +0000 (20:52 +0000)]
Bug 37409: Fix 'Edit' button for items in course reserves list

To test:
1) Set the 'UseCourseReserves' sys pref to 'Use'
2) Go to the Course reserves page
3) Create a new course, fill in the required info and make sure the 'Enabled?' is checked
4) Add a reserve to this course
5) From the course details page, select edit on the reserve you just made.
6) Note it brings you back to the add reserves page, and you are required to enter the barcode/biblionumber again to edit
7) Apply patch, restart_all
8) Press the edit button again
9) Now you are directed towards the correct page for editing
10) Make some changes and press save
11) You should be redirected back to the details page and your changes have been made

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37510: Make Koha::Object->delete throw Koha::Exception
Tomas Cohen Arazi [Mon, 29 Jul 2024 12:16:56 +0000 (09:16 -0300)]
Bug 37510: Make Koha::Object->delete throw Koha::Exception

This patch makes Koha::Object->delete wrap DBIC exceptions on FK
constraints and throw a Koha::Exception::Object::FKConstraint exception
instead. This will allow us better handling it from the callers.

To test:
1. Apply the unit tests patch
2. Run:
   $ ktd --shell
  k$ prove t/db_dependent/Koha/Object.t
=> FAIL: A DBIC exception is thrown instead, tests fail
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37510: Unit tests
Tomas Cohen Arazi [Mon, 29 Jul 2024 12:16:11 +0000 (09:16 -0300)]
Bug 37510: Unit tests

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37429: Set default value for global variables
Jonathan Druart [Thu, 15 Aug 2024 10:21:10 +0000 (12:21 +0200)]
Bug 37429: Set default value for global variables

The global variables needs to be assigned with a default value, or the
value from the previous request will be used.

Global variables are persistent from one request to another, in memory.

This patch:
* groups default value for global variables together
* removes $authorised_values_sth from this list (it is not a global var)
* set $changed_framework to 0 (which fix the issue)

Test plan:
1. Open an existing biblio (detail.pl)
2. Click "Edit record"
3. Change the framework (no need to change any details)
4. Change the framework back to the original one (no need to save anything)
5. Go back to the biblio overview page (detail.pl)
=> The form is populated

Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37614: Printing patron cards from patron lists should be a GET
Phil Ringnalda [Fri, 16 Aug 2024 00:44:20 +0000 (17:44 -0700)]
Bug 37614: Printing patron cards from patron lists should be a GET

There's no creating, updating, or deleting about printing patron cards, and
the only time there's a lot of data (selecting individual patrons in a card
creator batch), it doesn't matter if the "Export selected" URL exceeds the
maxlength for Apache since the actual link to create the PDF also will.

Test plan:
 1. Without the patch, Tools - Patron lists - New patron list - Name it and
    Save
 2. Type three characters in the Patron search form (mar works well) to get
    at least three patrons. Click on each of three, then click Add patrons
 3. You can only print cards from the list of lists, so back to Tools -
    Patron lists
 4. In the Actions menu choose Print patron cards, in the popup click Export
 5. Watch the throbber spin around for a while (it will never stop), then
    close the popup, apply the patch, restart_all
 6. Tools - Patron lists - Actions menu - Print patron cards - Export
 7. Click the PDF link, make sure it has all three of your patrons
 8. Tools - Patron card creator - New - Card batch
 9. Without putting anything in the textarea, click Add patrons, in the
    search popup search for your three characters (mar) again, and click
    the checkboxes to the left of three of the names, then Add selected
    patrons, then Close, then Add patrons
10. Click the checkboxes for two of the three patrons, then Export selected
    card(s), then Export in the popup
11. Hover the link to the PDF, verify that it doesn't have stray 'amp;'
    after the & and before label_id= anymore
12. Click the PDF link, verify it has your two patrons
13. Back at the card batch, click Export card batch, then Export
14. Check the PDF to verify it has all three of your patrons
15. Tools - Patron lists - click your list's name to open it
16. Click the card number for a patron, then the Patron lists tab in Checkout
17. Actions menu - Print patron cards - Export, verify the PDF has all three
    patrons

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37308: (QA follow-up) Tidy code
Kyle M Hall [Wed, 14 Aug 2024 14:41:35 +0000 (14:41 +0000)]
Bug 37308: (QA follow-up) Tidy code

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37308: Add user-agent for SUSHI outgoing requests
Pedro Amorim [Wed, 10 Jul 2024 15:07:22 +0000 (15:07 +0000)]
Bug 37308: Add user-agent for SUSHI outgoing requests

Signed-off-by: Belal Ahmadi <belal.ahmadi@uwl.ac.uk>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37543: (follow-up) Tidy
Nick Clemens [Fri, 9 Aug 2024 10:58:23 +0000 (10:58 +0000)]
Bug 37543: (follow-up) Tidy

Tidy the whole thing

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37543: Use CSRF tokens in connexion_import_daemon.pl
Rudolf Byker [Thu, 1 Aug 2024 14:14:29 +0000 (16:14 +0200)]
Bug 37543: Use CSRF tokens in connexion_import_daemon.pl

Since version 24.05, due to the changes mentioned at
https://wiki.koha-community.org/wiki/Koha_/svc/_HTTP_API#Changes_coming_in_Koha_24.05 ,
the `connexion_import_daemon.pl` stopped working. The reason for this is that
it did not use CSRF tokens.

To test:
1. Get a Koha instance on 24.05, before applying the patch.
2. Create a plain text file somewhere on the server containing a raw MARC
   record (not XML). Let's call it `marc.txt`.
3. On the server, create a config file like this:
```
host: 0.0.0.0
port: 5500
koha: http://localhost:82  # Where 82 is the port of the Koha staff interface.
user: foo  # A Koha staff user.
password: Fooo1234  # The Koha staff user's password.
import_mode: stage
```
4. Run `./connexion_import_daemon.pl --config the-config-file-path`
5. In another terminal on the same server (or from anywhere that can reach the
   port opened by the `connexion_import_daemon.pl` script,
   run `nc localhost 5500 < marc.txt`
6. Observe in the stderr of the daemon script: `Response: Unsuccessful request`
7. Stop the daemon script.
8. Apply the patch and repeat steps 4 and 5.
9. Observe in the stderr of the daemon script:
   `Response: Success.  Batch number ... - biblio record number HASH(...) added to Koha`
10. Check at /cgi-bin/koha/tools/manage-marc-import.pl for a batch named
    `(webservice)`. It should contain one record now. This is how we know that
    authentication between the daemon and Koha worked, which is what this
    patch tries to address.

Thanks-to: David Cook <dcook@prosentient.com.au>
Sponsored-by: Reformational Study Centre <www.refstudycentre.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37536: Update conditional to check for 'cud-saveitem'
Brendan Lawlor [Wed, 31 Jul 2024 13:46:22 +0000 (13:46 +0000)]
Bug 37536: Update conditional to check for 'cud-saveitem'

In additem.pl and additem.tt all instances of 'saveitem' have been updated to 'cud-saveitem'
The javascript needs to be updated in the same way.

Test plan:
- Make sure acqcreateitem is set to "when placing an order"
- Create a basket with some orders
- Close the basket
- Go to your vendor and receive an order
- On the receive page, try to edit your item
=> Without the patch, the pop up page will open and then close, not allowing the item to be edited.
=> With this patch applied you will see the item edit form. Save and
confirm that the parent window is updated with the new value (actually
it's refreshed)

QA notes:
1. git grep 'saveitem'
2. Notice all instances in additem.pl and additem.tt have been updated to 'cud-saveitem'
3. Notice cataloging_additem.js checks if op != 'saveitem'
4. Check the files and verify the change makes sense

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 36736: Load plugins at the start of background job processing
Nick Clemens [Thu, 11 Jul 2024 18:08:08 +0000 (18:08 +0000)]
Bug 36736: Load plugins at the start of background job processing

This patch adds a call to get_enabled_plugins before processing background jobs to ensure
that all plugin hooks are loaded and cached

To test:
1 - Install a plugin that adds new objects e.g. the Contracts plugin
    https://github.com/bywatersolutions/fs-koha-plugin-contracts
    or the Koha Advent plugin:
    https://gitlab.com/koha-community/koha-advent/koha-plugin-fancyplugin
2 - Restart all
3 - Tail all your logs
4 - Stage and import a file containing items
5 - Note in the logs
    DBI Exception: DBD::mysql::st execute failed: Lock wait timeout exceeded; try restarting transaction
6 - Apply this patch
7 - Restart all
8 - Stage and import again
9 - Success!

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37508: Don't return Internal server error when running report
Nick Clemens [Mon, 12 Aug 2024 12:10:12 +0000 (12:10 +0000)]
Bug 37508: Don't return Internal server error when running report

To test:
1 - Create a report like:
SELECT "a"
FROM borrowers
WHERE <<Test>> != ''
2 - Run report
3 - Enter "password"
4 - Internal server error / stacktrace
5 - Apply patch
6 - Repeat
7 - Get a yellow warning box

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37508: (QA follow-up) Use ->check_columns
Marcel de Rooy [Fri, 9 Aug 2024 09:56:11 +0000 (09:56 +0000)]
Bug 37508: (QA follow-up) Use ->check_columns

Add shebang to Guided.t too.

Test plan:
See also previous commits.
Try sql like:
  select access_token from oauth_access_tokens

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37508: (QA follow-up) Move check to Koha::Report, extend
Marcel de Rooy [Fri, 9 Aug 2024 09:50:44 +0000 (09:50 +0000)]
Bug 37508: (QA follow-up) Move check to Koha::Report, extend

Do not allow password but allow password_expiry_days etc.
Do not allow token, secret and uuid too.

Test plan:
Run t/db_dependent/Koha/Reports.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37508: (follow-up) Don't pass the column or sql containing password
Aleisha Amohia [Thu, 8 Aug 2024 23:53:47 +0000 (23:53 +0000)]
Bug 37508: (follow-up) Don't pass the column or sql containing password

This patch replaces these variables with a non-translatable message.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37508: (follow-up) Throw error is password is in SQL query at all
Aleisha Amohia [Wed, 7 Aug 2024 04:37:25 +0000 (04:37 +0000)]
Bug 37508: (follow-up) Throw error is password is in SQL query at all

Confirm tests pass t/db_dependent/Reports/Guided.t

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37508: Test for errors when returning an aliased password column
David Cook [Wed, 7 Aug 2024 01:15:10 +0000 (01:15 +0000)]
Bug 37508: Test for errors when returning an aliased password column

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37508: Throw error if password column is detected in SQL report
Aleisha Amohia [Mon, 29 Jul 2024 03:53:06 +0000 (03:53 +0000)]
Bug 37508: Throw error if password column is detected in SQL report

This enhancement prevents SQL queries from being run if they would return a password field from the database table.

To test:

1. Run tests and notice they fail t/db_dependent/Reports/Guided.t

2. Apply patch and restart services

3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t

Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37370: Return 400 if OpacExportOptions does not contain the passed format
Tomas Cohen Arazi [Tue, 16 Jul 2024 15:43:39 +0000 (12:43 -0300)]
Bug 37370: Return 400 if OpacExportOptions does not contain the passed format

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a164c51d78f375d9d660e2c079cc7e05d2d1d326)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37466: Add correct filter for sort_by in results.tt
David Cook [Thu, 25 Jul 2024 06:44:37 +0000 (06:44 +0000)]
Bug 37466: Add correct filter for sort_by in results.tt

This patch replaces the $raw filter with the correct uri filter
for the sort_by in results.tt

Test plan:
1. Apply patch
2. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=1
3. Click on "Edit this search"
4. Note that the "Popularity (most to least)" Sort by option is selected
5. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=24y24ty2498294t9824yt9y23
6. Click on "Edit this search"
7. Note that the "Popularity (most to least)" Sort by option is selected

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5148e05d408b43c0eb330683ffa4c26c90faa696)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37464: Validate "type" sent to barcode/svc
David Cook [Thu, 25 Jul 2024 06:56:18 +0000 (06:56 +0000)]
Bug 37464: Validate "type" sent to barcode/svc

This change validates the "type" sent to the barcode/svc. Without this
change, we pass the user input directly to GD::Barcode, which passes
the input into an eval{} block without any validation of its own.

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=bad&barcode=123456
3. Note that a Code39 barcode is provided for an invalid type
4. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=Code39&barcode=123456
5. Note that a Code39 barcode is provided
6. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=UPCE&barcode=123456
7. Note that a non-Code39 barcode is provided (presumably UPCE)

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 73b0c3cf621250008845f22f7a36f90a48e00b06)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37488: Validate paths in datalink.txt/idlink.txt files
David Cook [Fri, 26 Jul 2024 04:01:43 +0000 (04:01 +0000)]
Bug 37488: Validate paths in datalink.txt/idlink.txt files

This change validates the paths in datalink.txt/idlink.txt,
so that only images in the unpacked archive directory are allowed

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Create a datalink.txt file with the following:
42,selfie.jpg
3. Create a jpeg at selfie.jpg
4. ZIP the datalink.txt and selfie.jpg files
5. Upload to the "Upload patron images" tool
(after enabling the "patronimages" system preference)
6. Note that the image uploads correctly

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8fcb767fe2836c90ceacb5b5d8211524571eb8aa)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37323: Tidy
David Cook [Fri, 26 Jul 2024 03:27:22 +0000 (03:27 +0000)]
Bug 37323: Tidy

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 579c28c764257a250c12aa11207772c074c1335e)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37323: Don't allow symlinks in link files in zip and validate filepaths
Chris Cormack [Thu, 18 Jul 2024 23:57:32 +0000 (23:57 +0000)]
Bug 37323: Don't allow symlinks in link files in zip and validate filepaths

Test plan:
0. Apply patch and restart/reload Koha
1. Test that uploading a patron image still works, in single file format and as a zip

Work as suggested

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9bc0521493fbe2f9fe0dde051d0b2f52c8a14a9a)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37323: Escape characters in patron image picture upload
Amit Gupta [Thu, 11 Jul 2024 17:43:06 +0000 (23:13 +0530)]
Bug 37323: Escape characters in patron image picture upload

To Test
1. Create a file name for example: test.zip`curl xxxxtesting.informaticsglobal.com`.zip
   where the domain is one you can watch the logs from.
2. Go to Tools and click on Upload patron images choose option zip file and upload the file.
3. Check /var/log/apache2/access.log and see the curl with the IP
   "xx.xxx.xx.xxx - - [11/Jul/2024:23:10:33 +0530] "GET / HTTP/1.1" 200 267 "-" "curl/7.68.0"
4. Apply the patch
5. Repeat 2 and 3 step and check no error is coming for the Remote execution error.
6. Test uploading actual zip file and images still works.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5c931e00f73e91467581fd29721e5af8d7fa98ab)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37104: (Follow-up) Checks for unitialized value of 'anonymous_patron' system...
Sam Lau [Mon, 8 Jul 2024 14:50:30 +0000 (14:50 +0000)]
Bug 37104: (Follow-up) Checks for unitialized value of 'anonymous_patron' system pref

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
JD Amended patch: replace '==' with 'eq' for consistency with other
occurrences.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37575: Typo 'AutoCreateAuthorites' in about.pl
Fridolin Somers [Tue, 6 Aug 2024 12:12:16 +0000 (14:12 +0200)]
Bug 37575: Typo 'AutoCreateAuthorites' in about.pl

Typo in system preference name 'AutoCreateAuthorites' ->  'AutoCreateAuthorit[i]es'

Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2 months agoBug 37593: Removed all instances of 'this this' in the codebase
PerplexedTheta [Mon, 12 Aug 2024 14:26:13 +0000 (15:26 +0100)]
Bug 37593: Removed all instances of 'this this' in the codebase

To test:
a)  do a grep for 'this this'
    1)  notice that there are five matching files
    2)  notice that all of these instances are in comments, or podfiles
b)  apply this patch
c)  do a grep for 'this this'
    1)  notice now that these instances are gone
d)  apply these changes to schema.koha-community.org
e)  result!

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36758: (follow-up) Fix unit tests
Martin Renvoize [Mon, 12 Aug 2024 09:15:20 +0000 (10:15 +0100)]
Bug 36758: (follow-up) Fix unit tests

We do two things here..

* We're making the improvement to C4::Letters that sets librarian to a
  patron object more resilient by testing for the userenv first.
* We correct the logic in Koha::Ticket such that we always store changes
  when there's a ticket update

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37613: (Follow-up) Change the option and documentation to match terminology guide...
Michael Hafen [Fri, 9 Aug 2024 19:23:36 +0000 (13:23 -0600)]
Bug 37613: (Follow-up) Change the option and documentation to match terminology guidelines

Trivial patch.

Change the --branch and --skip-branch options of the longoverdue cron script
to --library and --skip-library to meet the Terminology Guidelines.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 9596: (QA follow-up) Only find a given patron once
Kyle M Hall [Tue, 23 Jul 2024 10:39:07 +0000 (06:39 -0400)]
Bug 9596: (QA follow-up) Only find a given patron once

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 9596: (QA follow-up) Add some clarifying comments
Kyle M Hall [Tue, 23 Jul 2024 10:07:02 +0000 (06:07 -0400)]
Bug 9596: (QA follow-up) Add some clarifying comments

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 9596: Add branch and skip-branch options to cronjobs/longoverdue.pl
Michael Hafen [Fri, 16 Feb 2024 22:27:01 +0000 (15:27 -0700)]
Bug 9596: Add branch and skip-branch options to cronjobs/longoverdue.pl

This script doesn't seem to be included in cron files by default.
This change is to allow script parameters to effect only certain branches.
This allows the script to be added multiple times to a cron file with
  different settings for different branches.

Test plan:
1. apply patch
2. identify two books at different branches the same number of days overdue.
3. run the longoverdue.pl script specifying one of the branches in the
     --branch command line parameter.
     i.e. koha-shell -c 'misc/cronjobs/longoverdue.pl --branch branch_code --lost 60=2 --maxdays=61 --confirm' instance_name
4. observe that the book at the specified branch has been or would be affected
     by the script while the other book is not.

Signed-off-by: Tadeusz „tadzik” Sośnierz <tadeusz@sosnierz.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37578: Remove the Charges tab from checkout and patron details
Owen Leonard [Tue, 6 Aug 2024 17:09:53 +0000 (17:09 +0000)]
Bug 37578: Remove the Charges tab from checkout and patron details

This patch removes the "Charges" tab from the include file which is used
by the circulation and patron details templates. Information about
charges and credits is already shown at the top of these pages under the
"Attention" heading.

This tab is already hidden on the checkout page
because the script doesn't provide the data to display.

To test, apply the patch locate a patron with charges.

- Check out to the patron. As before, you should see under the
  "Attention" heading at the top, "Charges: Patron has outstanding
  charges of..."
- There should be no "Charges" tab below in the section showing tabs for
  checkouts, holds, etc.
- Check the same details on the patron detai page.
- A patron with credits should be displayed similarly.

Sponsored-by: Athens County Public Libraries
Signed-off-by: Nicolas Hunstein <nicolas.hunstein@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37607: Only default to manual form if we are editing
Matt Blenkinsop [Fri, 9 Aug 2024 16:05:55 +0000 (16:05 +0000)]
Bug 37607: Only default to manual form if we are editing

This patch fixes an issue where the form to add a provder would automatically default to the manual form. This patch prevents this behaviour and restores the intended functionality.

Test plan:
1) Don't apply the patch
2) In ERM, click to add a new provider
3) Type something in the provider name search box
4) The input will change from a select to a text input and the button next to it will now say "Create from registry"
5) Apply patch
6) Yarn build and hard refresh the browser
7) Repeat steps 1-3, the form should work as intended and return results in the select box

Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36169: (QA follow-up) Tidy tests
Kyle M Hall [Fri, 19 Jul 2024 17:23:10 +0000 (13:23 -0400)]
Bug 36169: (QA follow-up) Tidy tests

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36169: Patron categories with type='Staff' should be able to have guarantees
Alex Buckley [Tue, 27 Feb 2024 02:31:09 +0000 (02:31 +0000)]
Bug 36169: Patron categories with type='Staff' should be able to have guarantees

Library staff - whose patron category has a type='Staff' should be able to have guarantees added.

Test plan:
1) Create a 'Library staff' patron category with 'Category type' = 'Staff'

2) Create a patron account using the 'Library staff' patron category

3) Notice the '+ Add guarantee' button is not displayed in the members toolbar for the 'Library staff' patron you created

4) Apply patches and restart services

5) Refresh your browser window

6) Notice the '+ Add guarantee' button is now displaying for the 'Library staff' patron

7) Confirm you can successfully add a guarantee

8) Run unit test t/db_dependent/Koha/Patrons.t

Sponsored-By: Waitaki District Council, New Zealand
Signed-off-by: Tadeusz „tadzik” Sośnierz <tadeusz@sosnierz.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36770: (QA follow-up) Tidy export_records.pl
Kyle M Hall [Fri, 19 Jul 2024 16:08:42 +0000 (12:08 -0400)]
Bug 36770: (QA follow-up) Tidy export_records.pl

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36770: Export records using a report
Alex Buckley [Thu, 2 May 2024 23:40:09 +0000 (23:40 +0000)]
Bug 36770: Export records using a report

Enable the export_records.pl script use a report output to export biblios or authorities

Test plan:
1. Apply patches and restart services
2. Create a SQL report (id=1)
    SELECT biblionumber
    FROM biblio
3. Create a SQL report (id=2) and set an item as notforloan = -1
    SELECT title, author, biblio.biblionumber
    FROM biblio
    LEFT JOIN items USING (biblionumber)
    WHERE items.notforloan = <<Not for loan|NOT_LOAN>>
4. Create a SQL report (id=3)
    SELECT title, author
    FROM biblio
5. Create a SQL report (id=4)
    SELECT authid
    FROM auth_header
6. Run export_records.pl using report id=1 and confirm a koha.mrc file is created in the misc directory:
cd misc
./export_records.pl --report_id=1

7. Delete the koha.mrc file

8. Run export_records.pl using report id=2
./export_records.pl --report_id=2

9. Notice you are prompted to supply a parameter

10. Re-run report id=2 supplying a parameter. Confirm the koha.mrc file is created and contains bib data
./export_records.pl --report_id=2 --report_param=-1

11. Run export_records.pl using report id=3
./export_records.pl --report_id=3

12. Notice you get the message: The --report_id you specified does not fetch a biblionumber

13. Delete the koha.mrc file

14. Run export_records.pl using report id=4
./export_records.pl --report_id=4

15. Notice you get a message 'The --report_id you specified does not fetch a biblionumber'

16. Re-run export_records.pl setting the record-type=auths
./export_records.pl --record-type=auths --report_id=4

17. Notice the koha.mrc file is generated and contains auth data

Sponsored-by: Horowhenua Libraries, Toi Ohomai Institute of Technology, Plant and Food Research Limited, Waitaki District Council, South Taranaki District Council New Zealand
Signed-off-by: Alexandre Noel <alexandre.noel@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36758: (QA follow-up) Tidy Ticket.t
Katrin Fischer [Fri, 9 Aug 2024 15:55:37 +0000 (15:55 +0000)]
Bug 36758: (QA follow-up) Tidy Ticket.t

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36758: (QA follow-up) Fix some typos
Katrin Fischer [Fri, 9 Aug 2024 15:48:11 +0000 (15:48 +0000)]
Bug 36758: (QA follow-up) Fix some typos

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36758: DBRev 24.06.00.023
Katrin Fischer [Fri, 9 Aug 2024 15:47:39 +0000 (15:47 +0000)]
Bug 36758: DBRev 24.06.00.023

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36758: Add trigger for assignee notification trigger
Martin Renvoize [Tue, 7 May 2024 16:17:23 +0000 (17:17 +0100)]
Bug 36758: Add trigger for assignee notification trigger

This patch adds a new notice trigger to allow notifying assigned staff
that they have been assigned a new catalog concern to action.

Test plan
1) Enable catalog concerns (either via staff or opac interfaces)
2) Report a new concern (either via staff or opac interfaces)
3) As a staff user, assign the concern to another staff user
4) Check that the new 'TICKET_ASSIGNED' notice has be queued for that
   staff user.
5) Re-assign the catalog concern to yourself
6) Note that you do not see a 'TICKET_ASSIGNED@ notice queued as you
   self-assigned.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36758: Unit tests for assignee notification trigger
Martin Renvoize [Tue, 7 May 2024 16:16:57 +0000 (17:16 +0100)]
Bug 36758: Unit tests for assignee notification trigger

This patch adds unit tests for the TICKET_ASSIGNED trigger being
introduced with this patchset.

Test plan
1) Run the unit tests prior to the next patch and confirm they fail
2) Apply the next patch and confirm the unit tests now pass

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36758: Add librarian object
Martin Renvoize [Tue, 7 May 2024 16:48:24 +0000 (17:48 +0100)]
Bug 36758: Add librarian object

This patch adds a 'librarian' object fetch to
C4::Letters::GetPreparedLetter when a called passes the 'want_librarian'
flag.

This allows for the notice to take full advantage of the patron object
for that librarian rather than requireing old non-TT syntax for this
feature.

Test plan
1) We use the 'librarian' object in the new TICKET_ASSIGNED default
   notice, use the next patch to test that the librarian title is
   correctly substituted into the notice.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36758: Add TICKET_ASSIGNED notice
Martin Renvoize [Tue, 7 May 2024 16:45:08 +0000 (17:45 +0100)]
Bug 36758: Add TICKET_ASSIGNED notice

This patch adds a new default TICKET_ASSIGNED notice to be used with
catalog concerns to notice the assigned staff user when a ticket has
been assigned to them.

Test plan
1) Run the database update and confirm that the new notice has been
   added to the database (If on the sandboxes, skip to the next patch)

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37450: Fix 'Close basket' button from list of baskets
Sam Lau [Wed, 24 Jul 2024 16:53:25 +0000 (16:53 +0000)]
Bug 37450: Fix 'Close basket' button from list of baskets

To test:
1) In acquisitions, have a vendor with an item (or items) in their basket. Search for this vendor.
2) From the actions column, select the arrow and then press 'Close this basket'
3) Clicking on this option will not close the basket and brings us to the wrong page
4) Apply patch
5) Try to close the basket again, and this time, it is closed successfully

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37254: Fix clearing of dropdown values on circulation rules
Emmi Takkinen [Thu, 4 Jul 2024 12:04:42 +0000 (15:04 +0300)]
Bug 37254: Fix clearing of dropdown values on circulation rules

When one tries to clear the rule they are editing in circulation
rules page via "Clear" button, dropdown selectors aren't populated
with default value (first on the list).

To reproduce:
1. Select a rule to edit.
2. Press "Clear" button to return edit rows values back to default values.
=> Values in dropdowns aren't set back as default, instead they have
same values as rule you edited before pressing "Clear".
3. Apply this patch.
4. Select rule to edit, then press "Clear".
=> Dropdowns now have default values.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36217: Fix background jobs page's include_last_hour filter
Johanna Räisä [Tue, 25 Apr 2023 10:00:24 +0000 (13:00 +0300)]
Bug 36217: Fix background jobs page's include_last_hour filter

Test plan:
1) Create a background job
2) Go to the background jobs page
3) See your job listed
4) Unselect "include_last_hour" from the filter
5) Verify that the job is not listed
6) Apply the patch
7) perl build-resources.PL
8) Repeat steps 1-3
9) Verify that the job is now listed
10) prove t/db_dependent/Koha/BackgroundJobs.t
11) Verify that the tests pass

Sponsored-by: Koha-Suomi Oy
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37444: Fix filter for Pickup Location
Petro Vashchuk [Wed, 24 Jul 2024 04:30:43 +0000 (07:30 +0300)]
Bug 37444: Fix filter for Pickup Location

When trying to filter holds to pull using the dropdown filter for Pickup Location, the dropdown has "None" as the only available option because of incorrect column index in ppendingreserves.tt

To reproduce:
1. Place a hold and go to Circulation -> Holds to pull.
2. Use a dropdown filter for Pickup Location, see that only "None" is available to pick, meaning you can't use the filter.
3. Apply the patch.
4. Do the step 2 again and ensure that there's also an option for that hold's pickup location.

Signed-off-by: Eric Garcia <cubingguy714@gmail.com>
Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37373: (follow-up) Add id and adjust tests
Nick Clemens [Wed, 7 Aug 2024 17:31:46 +0000 (17:31 +0000)]
Bug 37373: (follow-up) Add id and adjust tests

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoRevert "Bug 36132: Allow to delete multiple patron lists on any page"
Katrin Fischer [Wed, 7 Aug 2024 13:50:37 +0000 (13:50 +0000)]
Revert "Bug 36132: Allow to delete multiple patron lists on any page"

This reverts commit e1031b88f0172f1db4d43cf05d33d221d347c7bb.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37303: Update yarn.lock after adding new dependency to packages.json
Mason James [Fri, 2 Aug 2024 01:53:01 +0000 (13:53 +1200)]
Bug 37303: Update yarn.lock after adding new dependency to packages.json

 use ./xt/verify-yarnlock.t test in BZ 37490 to confirm

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36132: Allow to delete multiple patron lists on any page
Phan Tung Bui [Mon, 19 Feb 2024 19:17:42 +0000 (14:17 -0500)]
Bug 36132: Allow to delete multiple patron lists on any page

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36515: (QA follow-up) Tidy code
Kyle M Hall [Fri, 19 Jul 2024 12:57:54 +0000 (08:57 -0400)]
Bug 36515: (QA follow-up) Tidy code

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36515: Add unit tests
Alex Buckley [Tue, 30 Apr 2024 18:59:24 +0000 (18:59 +0000)]
Bug 36515: Add unit tests

Test plan:
1. Run unit tests
ktd --shell
prove t/SimpleMARC.t

Sponsored-by: Education Services Australia SCIS
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36515: Amend MARC modification templates so control fields can be copied to subfields
Alex Buckley [Tue, 30 Apr 2024 18:41:00 +0000 (06:41 +1200)]
Bug 36515: Amend MARC modification templates so control fields can be copied to subfields

Test plan:
1. Apply patch and restart services
2. Create a MARC modification template with the action:
 Copy and replace field 001 to 099$a unless 099$a exists
3. Perform a Batch record modification using your MARC modification template from #2
4. Confirm that the template has successfully moved the 001 control field value to the 099$a subfield

Sponsored-by: Education Services Australia SCIS
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 35978: Add 'sections' to Course Reserves
Martin Renvoize [Wed, 18 Aug 2021 13:17:44 +0000 (14:17 +0100)]
Bug 35978: Add 'sections' to Course Reserves

We use Section to distinguish Residential from ETF Open University;

This patch adds Section to the breadcrumb and title where appropriate.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36595: Added email address field to the holds queue table
Laura_Escamilla [Wed, 24 Jul 2024 19:28:29 +0000 (19:28 +0000)]
Bug 36595: Added email address field to the holds queue table

To test:
1. Make sure that the system preference ‘HidePatronName’ is set to
   ‘Show’
2. Select a patron that has a primary email address set in their
   contact information.
    1. Place a hold for that patron
3. Build the holds queue: perl /kohadevbox/koha/misc/cronjobs/holds/build_holds_queue.pl
4. Check the holds queue and notice that the patron column includes the
   patron’s email
5. Click on the hyperlinked email. It will open a new email with the
   subject of "Hold item: (your biblio title)"
6. Disable the ‘HidePatronName’ system preference
    1. Check the holds queue again and notice that no contact
       information can be seen for the patron
7. Sign off and have an amazing day :D

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 36879: Spurious warning in QueryBuilder
Andreas Jonsson [Thu, 16 May 2024 07:38:09 +0000 (09:38 +0200)]
Bug 36879: Spurious warning in QueryBuilder

Test plan:

With ElasticSearch enabled,
* Perform a search using the default  sort order
  (i.e. 'relevance').
* Verify that no warnings are generated in
  plack-intranet-error.log

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37461: Typo in SMSSendAdditionalOptions description
Caroline Cyr La Rose [Thu, 25 Jul 2024 16:15:22 +0000 (12:15 -0400)]
Bug 37461: Typo in SMSSendAdditionalOptions description

This patch correct a typo in the SMSSendAdditionalOptions system
preference description.

To test:
1. Apply patch
2. Go to Administration > System preferences
3. Search for SMSSendAdditionalOptions
4. Read the description, make sure there are no spelling or grammar
   error

Signed-off-by: Laura_Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 35792: Use of uninitialized value $sub6
Catalyst Bug Squasher [Thu, 25 Jul 2024 22:41:58 +0000 (22:41 +0000)]
Bug 35792: Use of uninitialized value $sub6

Test plan:

1. Apply patch
2. Rerun and make sure the error "Use of uninitialized value $sub6 in pattern match (m//) at /usr/share/koha/lib/Koha/SearchEngine/Elastricsearch.pm" is no longer present.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Initial testing done, it works well, needs an additional sign off from an external party

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37030: Use template wrapper for breadcrumbs: Cash register stats
Owen Leonard [Tue, 4 Jun 2024 17:17:33 +0000 (17:17 +0000)]
Bug 37030: Use template wrapper for breadcrumbs: Cash register stats

This patch updates the cash register statistics template so that they
use the new WRAPPER for displaying breadcrumbs.

To test, apply the patch and test page and its variations.
Breadcrumbs should look correct, and each link should be correct.

- Reports ->
  - Cash register statistics
    - Results

Sponsored-By: Athens County Public Libraries
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 35235: Make "Koha module" label match the corresponding <select>
Catalyst Bug Squasher [Thu, 25 Jul 2024 23:30:42 +0000 (23:30 +0000)]
Bug 35235: Make "Koha module" label match the corresponding <select>

Test Plan
1. Go to Tools -> Notices and slips -> New notice
2. Select Acquisition
3. Click on the Koha module label
4. The corresponding drop down field should activate (greyed)

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37553: Tidy to make QA tools happy
David Cook [Fri, 2 Aug 2024 02:02:10 +0000 (02:02 +0000)]
Bug 37553: Tidy to make QA tools happy

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37553: Consistently send Csrf-Token in request header
David Cook [Fri, 2 Aug 2024 01:49:06 +0000 (01:49 +0000)]
Bug 37553: Consistently send Csrf-Token in request header

This change consistently sends the Csrf-Token in the request header.
Previously, one POST sent it in the request body, while the other POST
sent it in the request header. Since we're using an API, it's best
for us to always send it in the request header

Test plan:
0. Apply the patch
1. perl ./misc/migration_tools/koha-svc.pl \
http://localhost:8081/cgi-bin/koha/svc koha koha 29 > bib-29.xml
2. perl ./misc/migration_tools/koha-svc.pl \
http://localhost:8081/cgi-bin/koha/svc koha koha 29 bib-29.xml
3. Note that the following appears in STDOUT and there is no 403 error:
"update 29 from bib-29.xml"

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37553: Use CSRF token for authenicated session for POSTing
David Cook [Fri, 2 Aug 2024 01:37:40 +0000 (01:37 +0000)]
Bug 37553: Use CSRF token for authenicated session for POSTing

This change fixes the Koha::SVC to store the CSRF token for
the authenticated session for further POSTing.

Test plan:
0. Apply the patch
1. perl ./misc/migration_tools/koha-svc.pl \
    http://localhost:8081/cgi-bin/koha/svc koha koha 29 > bib-29.xml
2. perl ./misc/migration_tools/koha-svc.pl \
    http://localhost:8081/cgi-bin/koha/svc koha koha 29 bib-29.xml
3. Note that the following appears in STDOUT and there is no 403 error:
"update 29 from bib-29.xml"

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37077: Fix report mutli-select for zero and single selections
Brendan Lawlor [Fri, 14 Jun 2024 19:11:56 +0000 (19:11 +0000)]
Bug 37077: Fix report mutli-select for zero and single selections

This patch updates the javascript overriding the form submission when reports have multi select parameters.

When there are more than one multi selects, and the user selcts one value from each, it skips updating the value of the select, so it doens't send duplicate parameters anymore.

If there are no selections made it will pass '%' for all values. This allows the multi select to be optional in the report. If no selections are made it is assumed that you are not using that parameter to limit the report.

Test plan:
1. Go to Reports and create a report from SQL
   select *
   from items
   where
   homebranch in <<Libraries|branches:in>>
   and
   itype in <<Item type|itemtypes:in>>
3. Run the report but pick only 1 library and 1 item type
4. Click the "Show SQL code"
5. Notice that the two parameters were filled correctly
6. Run the report again with zero selections
7. Click the "Show SQL code"
8. Notice that the '%' is used for the parameter
9. Run the report again with combinations of single, multiple and zero selections
10. confirm the SQL code is generated as you would expect.

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37496: Restore parameter to limit to details of one item
Emily Lamancusa [Fri, 26 Jul 2024 15:36:22 +0000 (11:36 -0400)]
Bug 37496: Restore parameter to limit to details of one item

To test:
1. Find a bib record with more than one item
2. Click on the barcode of an item to show the item details page
--> The item details page shows the details of all items, though it does
    jump to the correct item
3. Apply patch
4. Reload the bib record, and click the barcode again
--> The item details page shows only the chosen item, with a link above
    to show all items

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37263: Fix deletion of 'All' patron category in Default article request fees
Pedro Amorim [Mon, 8 Jul 2024 15:12:56 +0000 (15:12 +0000)]
Bug 37263: Fix deletion of 'All' patron category in Default article request fees

Follow same test plan as before, but attempt to delete a 'All' entry in 'Default article request fees'.
Notice it blows up before this patch. It works as expected after the patch.

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37263: Fix URL param retrieval
Pedro Amorim [Mon, 8 Jul 2024 12:45:13 +0000 (12:45 +0000)]
Bug 37263: Fix URL param retrieval

This was introduced by bug 34478.
To test:
Follow the test plan as before, but test for several different patron categories

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37263: Fix handling of 'All' values on 'default article request fees'
Pedro Amorim [Fri, 5 Jul 2024 14:42:18 +0000 (14:42 +0000)]
Bug 37263: Fix handling of 'All' values on 'default article request fees'

To test:
1. Enable ArticleRequests sys pref
2. Visit <staff_url>/cgi-bin/koha/admin/smart-rules.pl
3. Under 'Default article request fees' on 'Patron category' select 'All' and input a numeric Free
4. Click 'Add'. Notice it blows up.
5. Apply patch. Repeat.

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Emmi Takkinen <emmi.takkinen@koha-suomi.fi>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37389: (QA follow-up) Tidy
Tomas Cohen Arazi [Thu, 1 Aug 2024 12:21:12 +0000 (09:21 -0300)]
Bug 37389: (QA follow-up) Tidy

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37389: ExtendedAttributes mixin
Pedro Amorim [Thu, 25 Jul 2024 15:28:37 +0000 (15:28 +0000)]
Bug 37389: ExtendedAttributes mixin

This is what we're doing here:

- Creating a new mixin called ExtendedAttributes.pm
- Moving the extended_attributes 'join' logic out of REST/Plugin/Query and instead applying it to the aforementioned Mixin. Moving this to this level allows for this consistent behavior to happen on all search queries including, but not limited to, search queries happening on the REST API.
- Applying this Mixin to Patrons and ILL::Requests (we don't apply it to AdditionalFields.pm here yet because no AdditionalFields supporting classes have the extended_attributes accessor yet, I'll tackle this when rebasing 35287)

- The aforementioned mixin does the following:
-- Generates dynamic accessors for extended_attributes e.g. if there is a borrower attribute with code 'height', the 'extended_attributes_height' accessor is generated dynamically if a search with 'prefetch'=>'extended_attributes' AND the extended_attribute.code = 'height' is performed.
-- Rewrites the 'join' entries in the query to have the aliases as above.
-- Rewrites the WHERE conditions to match the above ruleset.

Example:

A DBIX search query as follows:

[
        {
            '-and' => [
                [
                    {
                        'extended_attributes.attribute' => { 'like' => 'abc%' },
                        'extended_attributes.code'      => 'CODE_1'
                    }
                ],
                [
                    {
                        'extended_attributes.code'      => 'CODE_2',
                        'extended_attributes.attribute' => { 'like' => '123%' }
                    }
                ]
            ]
        }
    ]

Results in the following SQL:

    SELECT
      `me`.`borrowernumber`
    FROM
      `borrowers` `me`
      LEFT JOIN `borrower_attributes` `extended_attributes_CODE_1` ON (
        `extended_attributes_CODE_1`.`borrowernumber` = `me`.`borrowernumber`
        AND `extended_attributes_CODE_1`.`code` = ?
      )
      LEFT JOIN `borrower_attributes` `extended_attributes_CODE_2` ON (
        `extended_attributes_CODE_2`.`borrowernumber` = `me`.`borrowernumber`
        AND `extended_attributes_CODE_2`.`code` = ?
      )
    WHERE
      (
        (
          (
            `extended_attributes_CODE_1`.`attribute` LIKE ?
            AND `extended_attributes_CODE_1`.`code` = ?
          )
          AND (
            `extended_attributes_CODE_2`.`attribute` LIKE ?
            AND `extended_attributes_CODE_2`.`code` = ?
          )
        )
      )

What fixes the performance issue that originated this work is the 'AND `extended_attributes_CODE_1`.`code` = ?' that was missing on the LEFT JOIN.

All of the above is explained using Borrowers and Borrower attributes, but it all also applies to ILL::Requests and ILL::Request::Attributes.

Co-authored-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37389: Add tests
Pedro Amorim [Thu, 25 Jul 2024 15:27:42 +0000 (15:27 +0000)]
Bug 37389: Add tests

prove t/Koha/REST/Plugin/Query.t
prove t/db_dependent/Koha/Objects/Mixin/ExtendedAttributes.t

Co-authored-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37535: Adding a debit via API will show the belated patron as the librarian that...
Jan Kissig [Wed, 31 Jul 2024 12:40:16 +0000 (14:40 +0200)]
Bug 37535: Adding a debit via API will show the belated patron as the librarian that caused the debit

This patch fixes the addPatronDebit route so that the librarian that caused the debit is taken from either the requests payload user_id or if not set from the api user.

Test plan:

 a) enable system preference RESTBasicAuth
 b) use a REST client to send a POST request with the following JSON body to http://localhost:8081/api/v1/patrons/5/account/debits

{
  "amount": 1.23,
  "description": "some description",
  "internal_note": "internal_note",
  "type": "MANUAL"
}

 Authentication username and password is "koha"
 c) verify that "user_id" is the same as patron_id in response.
 d) send a different request including user_id to the same endpoint
{
  "amount": 1.23,
  "description": "some description",
  "internal_note": "internal_note",
  "type": "MANUAL",
  "user_id": 19
}

 e) verify that "user_id" is the same as patron_id in response.
 f) apply patch and repeat step b) and d)
 e) verify that user_id in b) is now 51 (which is the borrowernumber of koha user)
 f) verify that user_id in d) is now 19 as defined in request
 g) recheck on http://localhost:8081/cgi-bin/koha/members/accountline-details.pl?accountlines_id=<account_line_id> (from response) that column Librarian now says the user from user_id

 h) sign off :)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37535: Regression tests
Tomas Cohen Arazi [Wed, 31 Jul 2024 16:20:47 +0000 (16:20 +0000)]
Bug 37535: Regression tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 33453: Change the button class of the record cashup modal to btn-primary
Vicki McKay [Thu, 25 Jul 2024 22:12:49 +0000 (22:12 +0000)]
Bug 33453: Change the button class of the record cashup modal to btn-primary

To test:

1. Go to System Preferences > find and enable "Use cash registers"
2. Go to Administration > "Cash registers" and create a new cash register
3. Go to Tools > "Transaction history for" > "Record cashup"
4. Click "Record cashup"
5. Modal with change: "Confirm" should be yellow and primary.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37373: Combine duplicate class attributes
Owen Leonard [Fri, 26 Jul 2024 16:32:12 +0000 (16:32 +0000)]
Bug 37373: Combine duplicate class attributes

This patch corrects two instances in patron-search.inc where there were
two class attributes on one input. Combining the two class names under
one class attribute seems to fix the focus problem.

The patch also updates the global JS giving focus to elements with a
"focus" class so that it only targets elements which are visible. This
prevents the browser from trying to put focus on a field in a hidden
modal.

Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37411: Fixed exporting to CSV file
Eric Garcia [Wed, 31 Jul 2024 18:31:53 +0000 (18:31 +0000)]
Bug 37411: Fixed exporting to CSV file

To test:
1. Acquistions -> Budgets -> Funds -> Planning, select any option
2. In the toolbar see Export, and click Submit and see a 500 error
3. Apply patch, restart_all
4. Repeat steps 1-2
5. Notice the 500 error is gone and the CSV is exported properly

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37411: Fixed 500 error when exporting budget planning
Eric Garcia [Mon, 29 Jul 2024 15:21:59 +0000 (15:21 +0000)]
Bug 37411: Fixed 500 error when exporting budget planning

To test:
1. Acquistions -> Budgets -> Funds -> Planning, select any option
2. In the toolbar see Export, and click Submit and see a 500 error
3. Apply patch, restart_all
4. Repeat steps 1-2
5. Notice the 500 error is gone and the CSV is exported properly

Notes:
Is there a reason we call exit(1) after exporting the csv?

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37188: Allow batch modification of borrowers from reports with cardnumber or...
Nick Clemens [Thu, 25 Jul 2024 17:52:03 +0000 (17:52 +0000)]
Bug 37188: Allow batch modification of borrowers from reports with cardnumber or borrowernumber

Some libraries do not use cardnumbers for their patrons, but would still like to be able to batch
modify patrons from reports.

Borrowernumber is going to be authoritative - every borrower will have one - so if this column is
included in the results we should offer batch modification. If we have cardnumber, we can use that.
If we have both, we should use borrowernumber

To test:
 1 - Write a report like:
    SELECT cardnumber FROM borrowers ORDER BY rand() LIMIT 35
 2 - Run report
 3 - Click "Batch operations.." -> "Batch patron modification"
 4 - Confirm it works
 5 - Edit report:
    SELECT borrowernumber FROM borrowers ORDER BY rand() LIMIT 35
 6 - Run report
 7 - No option for batch modifying patrons
 8 - Apply patch
 9 - Run report
10 - The option for batch modificatoin now shows
11 - Confirm both batch operation types work from report
12 - Edit report:
   SELECT cardnumber,borrowernumber FROM borrowers ORDER BY rand() LIMIT 35
13 - Run report
14 - Confirm both batch operations work

Signed-off-by: Laura ONeil <laura@bywatersolutions.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37489: Separate forms for uploading and deleting a patron image
Sam Lau [Fri, 26 Jul 2024 16:17:56 +0000 (16:17 +0000)]
Bug 37489: Separate forms for uploading and deleting a patron image

This patch creats a new form for image deletion that is submitted via the 'Delete' button on the modal.

To test:
1) Turon on the 'patronimages' sys pref
2) Visit a patron page, you should see an image module on the left.
3) Click on the image to edit it. Upload a new image.
4) Edit the image again, press delete and confirm the popup.
5) Note that it will not let you delete because of the required file.
6) Apply patch
7) Attempt to delete again, this time it is successful.

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37288: Allow manual providers to be edited
Matt Blenkinsop [Mon, 29 Jul 2024 08:52:39 +0000 (08:52 +0000)]
Bug 37288: Allow manual providers to be edited

There is a bug preventing manually created providers from being edited. This patch fixes that issue and allows providers to be edited if they have been created manually

Test plan:
1) Create a data provider in the ERM manually using the Create manually option
2) Click to edit that provider
3) The form will not load
4) Apply patch and run yarn build
5) Hard refresh the browser
6) The form should now load correctly

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37288: Improve display of data provider edit form
Matt Blenkinsop [Wed, 17 Jul 2024 08:36:16 +0000 (08:36 +0000)]
Bug 37288: Improve display of data provider edit form

This patch makes some improvements to the edit form for data providers. It delays page display until the counter registry has responded and also improves the display of the "create manually" and "Create from registry" buttons

Test plan:
1) Create a Data provider in the ERM module
2) Click to edit that new provider
3) The page will load and there will be a slight delay before the Data provider name input is populated
4) The "Create manually" button will also be visible
5) Apply patch and yarn build
6) Hard refresh the browser and repeat steps 1 and 2
7) This time when the page loads the provider name should be prepopulated and no manual creation button will be visible

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37419: DBIC schema update
Katrin Fischer [Thu, 1 Aug 2024 15:59:37 +0000 (15:59 +0000)]
Bug 37419: DBIC schema update

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37419: DBRev 24.06.00.022
Katrin Fischer [Thu, 1 Aug 2024 15:56:09 +0000 (15:56 +0000)]
Bug 37419: DBRev 24.06.00.022

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37419: Update FK constraint on record sources to avoid data loss
Tomas Cohen Arazi [Mon, 29 Jul 2024 11:12:56 +0000 (08:12 -0300)]
Bug 37419: Update FK constraint on record sources to avoid data loss

Without this patch, deleting a record source will delete the associated
biblio_metadata rows, which is a severe data loss.

This patch makes the constraint restrict this action.

To test:
1. Add a record source
2. Set the record source to some records
   $ koha-mysql kohadev
   > UPDATE biblio_metadata SET record_source_id='your source id' WHERE
biblionumber=1;
3. Delete the record source
=> FAIL: Record metadata deleted
4. Apply this patch
5, Run:
   $ ktd --shell
  k$ updatedatabase
=> SUCCESS: DB update goes well
6. Repeat 1~3 with another record
=> SUCCESS: Source cannot be deleted if there are linked records

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Janusz Kaczmarek <januszop@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37093: Searching for reports on Mana should use GET
Phil Ringnalda [Thu, 11 Jul 2024 12:13:39 +0000 (05:13 -0700)]
Bug 37093: Searching for reports on Mana should use GET

Searching for reports on Mana currently fails by sending a POST to
svc/mana/search without a CSRF token. There's no reason to POST, it's
just sending a search string.

 1. Enable Mana: Reports - lower right is a blue Knowledgebase box with
    a link to Change your Mana KB settings
 2. Switch Use Mana KB to Yes, click Save, below that give it a name and
    email, Send to Mana KB
 3. Reports - Use saved - New report - New SQL from Mana
 4. Enter any keyword to search, get a 403 forbidden error
 5. Apply patch, restart_all, Shift+Reload the page to clear cache
 6. Enter any keyword likely to return results, like select, get results

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37523: CSRF error when modifying an existing patron record
Owen Leonard [Tue, 30 Jul 2024 12:13:23 +0000 (12:13 +0000)]
Bug 37523: CSRF error when modifying an existing patron record

This patch modifies the patron entry template to avoid a CSRF error when
clicking the "Edit existing record" button after a duplicate patron is
found. The operation should be GET and thus can be a link.

To test, apply the patch and go to Patrons.

- If you aren't using the default testing data you should first locate
  an existing patron record so you can refer to the details.
- Start the process of creating a new patron record.
- Use the existing patron's data to fill out the form.
  - With the default data you can use:
    - Surname: Bennett
    - First name: Pamela
    - Date of birth: 09/16/1946
    - Any random new card number
- When you click "Save" you should get a duplicate patron warning:
  "Duplicate patron record?"
  - Click "It is a duplicate. Edit existing record."
  - You should be taken to the edit form for the existing patron.

Sponsored-by: Athens County Public Libraries
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Johanna Räisä <johanna.raisa@gmail.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37533: Fix query in orderreceive.tt
Andreas Jonsson [Wed, 31 Jul 2024 09:06:02 +0000 (09:06 +0000)]
Bug 37533: Fix query in orderreceive.tt

The new validation in the REST API will no longer allow
the operator "in".  Consequently, it has to be replaced
with the allowed "-in".

Test plan:

 * Open an invoice and click "Go to receipt page" and
   on any basket click "receive" and make sure the dialog
   box appears.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37540: Ensure datetime is a string before enqueueing pseudonymization
Nick Clemens [Wed, 31 Jul 2024 17:23:50 +0000 (17:23 +0000)]
Bug 37540: Ensure datetime is a string before enqueueing pseudonymization

To test:
1 - Enable Pseudonymization in system preferences
    NOTE: See bug 28911 for bcrypt setup
2 - Issue an item to a patron
3 - View the patrons checkouts
4 - Check the box under 'Renew'
5 - Renew selected items
6 - Internal server error
7 - Apply patch
8 - Restart all
9 - Repeat 4&5
10 - Success!

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37210: Properly escape SQL query parameters by using bind values
Julian Maurice [Tue, 2 Jul 2024 14:32:32 +0000 (16:32 +0200)]
Bug 37210: Properly escape SQL query parameters by using bind values

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Rebased-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37210: Escape single quote in search string in overdue.pl
Hammat Wele [Thu, 27 Jun 2024 14:09:04 +0000 (14:09 +0000)]
Bug 37210: Escape single quote in search string in overdue.pl

To Test:
1. Go to /cgi-bin/koha/circ/overdue.pl
2. In the «Name or card number» field, type «Tommy'and(select(0)from(select(sleep(10)))v)and'»
3. Apply the filter
   ==> It takes 10 seconds, sleep(10) is executed
4. Inspect the page, in «Patron category:» field, put «Tommy'and(select(0)from(select(sleep(10)))v)and'» in one of his option's value
5. select the option from the filter and Apply the filter
   ==> It takes 10 seconds, sleep(10) is executed
we can inject SQL to the followin field : borname, itemtype, borcat, holdingbranch, homebranch and branch
6. Apply the patch
7. Repeat step 1,2,3
   ==> it doesn't take 10 seconds, the injected sql is not executed
8. Repeat step 5
==> it doesn't take 10 seconds, the injected sql is not executed
9. Repeat step 5 with the followin field : itemtype, holdingbranch, homebranch and branch
   ==> it doesn't take 10 seconds, the injected sql is not executed

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37018: Clarify operators
Martin Renvoize [Wed, 10 Jul 2024 08:39:33 +0000 (09:39 +0100)]
Bug 37018: Clarify operators

This patch clarifies the list of operators both in the validate routine
and in the swagger descrption block where we document this feature for
the end user.

JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37018: Add 400 response definition to all routes
Tomas Cohen Arazi [Mon, 8 Jul 2024 20:21:25 +0000 (17:21 -0300)]
Bug 37018: Add 400 response definition to all routes

This patch adds a test for well defined 400 responses on all verbs and
paths on the API spec.

The tests verify:

* Presence of 400 response definition
* The description must start with 'Bad request' (needs coding guideline)
* If DBIC queries are allowed on the route, then `invalid_query` needs
  to be mentioned in the description.

All routes get fixed to make the tests pass.

To test:
1. Apply this patch
2. Run:
   $ ktd --shell
  k$ yarn api:bundle
  k$ prove xt/api.t
=> SUCCESS: Tests pass!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37018: Silence useless warning
Tomas Cohen Arazi [Mon, 8 Jul 2024 20:30:01 +0000 (17:30 -0300)]
Bug 37018: Silence useless warning

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
3 months agoBug 37018: Handle exception in unhandled_exception() helper
Tomas Cohen Arazi [Mon, 8 Jul 2024 19:48:01 +0000 (16:48 -0300)]
Bug 37018: Handle exception in unhandled_exception() helper

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>