Kyle M Hall [Wed, 5 Jun 2024 15:04:31 +0000 (11:04 -0400)]
Bug 37037: touch_all_biblios.pl triggers rebuilding holds for all affected records when RealTimeHoldsQueue is enabled
If RealTimeHoldsQueue is on, touch_all_biblios triggers a update_holds_queue_for_biblios background job for each affected record. This will result in a as many background jobs being queued up as records! It makes far more sense for this script to not do that which gives the administrator the option for running the holds queue builder if the changes would affect holdability, or to not run it at all.
Test Plan:
1) Run touch_all_biblios.pl
3) Note a update_holds_queue_for_biblios background job is queued for each record touched
4) Apply this patch
5) Merge touch_all_biblios.pl again
6) Note that no update_holds_queue_for_biblios jobs were queued
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Tue, 11 Jun 2024 15:13:36 +0000 (16:13 +0100)]
Bug 36207: (RM follow-up) CSRF correction
I think there was a rebase issue here where we split the form into two
forms instead of one. This patch returns us to one form with two
different submit options (one for selected tags and one per tag) that
both trigger the confirmation modal before submitting to the controller.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 34838: Use ->set to avoid method redefinition warnings
This patch silences more warnings. To test
1. Be on 23.11.x
2. Apply the patches before this one
3. Run:
$ ktd --shell
k$ prove t/db_dependent/Illrequests.t
=> FAIL: Lots of warnings like this:
Subroutine Koha::Illrequest::SUPER::status redefined at /kohadevbox/koha/Koha/Object.pm line 955.
Subroutine Koha::Illrequest::SUPER::status_alias redefined at /kohadevbox/koha/Koha/Object.pm line 955.
illrequestattributes is DEPRECATED in favor of extended_attributes at t/db_dependent/Illrequests.t line 1071.
4. Apply this patch
5. Repeat 3
=> SUCCESS: No more warnings!
6. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Sam Lau [Wed, 5 Jun 2024 17:57:10 +0000 (17:57 +0000)]
Bug 35869: Removes the dismiss button from messages on OPAC SCO module
This removes the "Dismiss" button from the SCO module. Currently, the
"Dismiss" button is present, however it does not function properly and
logs the user out if they press it. As noted on previous chats, keeping
the button would require serious changes, thus it's easier just to remove
the functionallity.
To test:
1) Enable WebBasedSelfCheck
2) Add an OPAC mesaage to a patron account
3) Login to self check ( http://localhost:8080/cgi-bin/koha/sco/sco-main.pl )
4) See the OPAC message, click dismiss.
5) Notice you are logged out at redirected to:
( http://localhost:8080/cgi-bin/koha/opac-dismiss-message.pl )
6) Apply patch
7) Log back into the self checkout module
8) Notice that there is no longer a "Dismiss" button for the message.
9) Log into OPAC into the same user's account
10) On the summary page, note that there is still a dismiss button.
11) Ensure this still works properly
12) sign-off
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Emmi Takkinen [Tue, 4 Jun 2024 10:00:05 +0000 (13:00 +0300)]
Bug 37021: Change item_id type as integer in holds endpoint
When one makes a GET call to holds endpoint and hold has
item attached to it, item_id is handled as string not integer
as it should.
To reproduce:
1. Make sure you have hold waiting in your database.
2. Call endpoint api/v1/holds/?q=[{"me.status":"W"}].
=> Note that holds item_id is displayed as item_id: "12345".
3. Apply this patch.
4. Call endpoint again.
=> item_id should now be displayed as 12345.
Also prove t/db_dependent/api/v1/holds.t.
Signed-off-by: Jan Kissig <jkissig@th-wildau.de> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Thu, 29 Feb 2024 18:37:54 +0000 (18:37 +0000)]
Bug 36207: Use confirmation modal when removing tags from titles in the OPAC
This patch changes the process of removing a tag from a title on the
user's tag list. It now uses a confirmation modal dialog instead of a
JavaScript alert.
The patch also makes some minor tweaks to CSS to correct style on
"remove" links.
To test, apply the patch and rebuild the OPAC CSS.
- Log in to the OPAC as a user who has submitted multiple tags or tags
on multiple items.
- Open the "Tags" link in the sidebar of the user summary page.
- Click the "Remove tag" link next to one of the titles in the table
of the user's tags.
- You should see a modal confirmation message, "Are you sure you want
to remove the selected tag from this title?" It should show the
title and the tag which will be removed.
- Test both the "Yes, remove tag" and "No, do not remove tag" choices.
- Check the box next to one of the tagged titles and click the
"Remove selected tags" button at the bottom of the table.
- You should see a modal confirmation message, "Are you sure you want
to remove this item from the list?" It should show the title and
the tag which will be removed.
- Test boh the "Yes" and "No" choices.
- Check the box next to multiple tagged titles and click the
"Remove selected tags" button at the bottom of the table.
- You should see a modal confirmation message, "Are you sure you want
to remove the selected tags from these titles" It should show the
titles of all the records you selected and the corresponding tags to be
removed.
- Test both the "Yes" and "No" choices.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 35639: Trim the messages that are too long before sending them via SMS
I created a new system preference, SMSSendMaxChar, which allows you to set a limit for the number of characters in SMS messages to send. When a limit is set, messages that exceed it will be trimed.
TEST PLAN
1) Apply the patch
2) Run prove t/db_dependent/Letters.t
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the following languages into advanced search "Languages" dropdown:
Greenlandic
Karelian
Cornish
Burmese
Punjabi
Pashto
Finnish Kalo
Akkala Sami
Kildin Sami
Ter Sami
Pite Sami
Kemi Sami
Ume Sami
Southern Sami
Northern Sami
Sami languages
Lule Sami
Inari Sami
Skolt Sami
Somali
Sotho
Votic
To test:
1. perl installer/data/mysql/updatedatabase.pl
2. Go to intranet advanced search
3. Click "More options"
4. See "Limits" fieldset, it should have "Language" drop down
5. Observe that the languages provided in this patch are visible in this dropdown
David Nind [Tue, 14 May 2024 07:15:24 +0000 (07:15 +0000)]
Bug 34597: (follow-up) Update system preference description and order of options
Update the note for the BlockExpiredPatronOpacActions system preference to
make it clearer, and to follow the standard convention for notes.
Order of options for 'Block expired patron OPAC actions' when editing the
patron category changed to alpabetical order, to match the system preference
order.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Thu, 28 Mar 2024 12:52:29 +0000 (12:52 +0000)]
Bug 34597: Implementation
New can_patron_place_ill_in_opac method to include all rules
that need checking to determine if a patron is allowed
to place an ILL request on the OPAC or not.
Added effective_BlockExpiredPatronOpacActions_contains rule to
this new method.
Test plan, k-t-d,:
1) Install FreeForm and enable ILLmodule, run:
bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev.sh)
1.5) Checkout FreeForm's reorganize_ILL branch:
cd /kohadevbox/koha/Koha/Illbackends/FreeForm
git checkout reorganize_ILL
koha-plack --restart kohadev
2) Edit a patron category, visit:
<staff_url>/cgi-bin/koha/admin/categories.pl
3) Set 'Placing an ILL request' for the "Block expired patrons" input config
4) Add a new patron of one of the above category, make sure this patron is expired (set an expirydate to the past).
5) Login as that user and visit ILL page in OPAC:
/cgi-bin/koha/opac-illrequests.pl
6) Confirm there is no "Create a new request" button
7) Access the create a new request page url directly:
<opac_url>/cgi-bin/koha/opac-illrequests.pl?op=add_form&backend=FreeForm
8) Confirm you get a 403 page
9) Set the 'Block expired actions' to "Follow system preference BlockExpiredPatronOpacActions"
10) Test different values of the BlockExpiredPatronOpacActions system preference and confirm the behaviour matches what's configured
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Wed, 24 Apr 2024 11:25:19 +0000 (11:25 +0000)]
Bug 36453: (QA follow-up) Update api spec
Access {staff_url}/api/v1/patron_categories and notice all is as expected
Update some patron category's blocked expired patron OPAC actions and access the endpoint again, notice it's okay.
Updated API tests to include to_api confirming attributes are rendered correctly:
prove t/db_dependent/api/v1/patron_categories
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Tue, 23 Apr 2024 15:50:19 +0000 (15:50 +0000)]
Bug 36453: (QA follow-up) Cosmetic fixes
This is a squash of several improvements:
- Override weird blue color being applied from MultipleSelect when all options from an optgroup are selected;
- Fix input width depending on selected value. Now it should always be same width regardless;
- Updated the system preference UI wording to reflect new behavior;
- Updated UI labels in the patron category edit page to enforce that the actions being selected are "actions to be blocked"
- Corrected sysprefs.sql entry
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Thu, 28 Mar 2024 10:12:12 +0000 (09:12 -0100)]
Bug 36453: Update tests
Address new new version of system pref
Address new version of categories DB table BlockExpiredPatronOpacActions column
Test plan, k-t-d, BEFORE applying patch:
1) Edit some patron categories, visit:
/cgi-bin/koha/admin/categories.pl
2) Set different values for the "Block expired patrons" input config
Set a category to block
Set a category to don't block
Set a category to follow the syspref
3) Take note of the current value of the BlockExpiredPatronOpacActions sys pref
Apply patch, then run the following commands
- koha-plack --restart kohadev
- yarn css:build
- run updatedatabase
4) Visit the patron categories you edited before, make sure they all have the correct values for the new config type
5) Check the BlockExpiredPatronOpacActions sys pref and make sure the new value is correct according to what was before
6) Add a new patron of one of the above categories, test that:
If 'hold' is a blocked action, patron is unable to place a hold in OPAC
If 'renew' is a blocked action, patron is unable to renew in OPAC
If 'follow sys pref' is the option, check that a patron may place a hold or renew an item according to the BlockExpiredPatronOpacActions sys pref value
Pedro Amorim [Tue, 26 Mar 2024 17:13:51 +0000 (17:13 +0000)]
Bug 36453: Categories admin page:
Account for multiple values param
Input is now multipleselect select
JavaScript
Staff CSS updates to account for multiselect dropdown in categories admin page
Signed-off-by: Arthur Suzuki <arthur.suzuki@biblibre.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Lari Strand [Mon, 3 Jun 2024 11:34:10 +0000 (14:34 +0300)]
Bug 34718: Input field in fund list (Select2) on receive is inactive
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Matt Blenkinsop [Wed, 29 May 2024 11:06:31 +0000 (11:06 +0000)]
Bug 36983: Fix incorrect required class
This patch fixes an error on the B_address2 field which sets it to be
required incorrectly
Test plan:
1) In PatronSelfRegistrationBorrowerMandatoryField, set B_address to be
required.
2) In the OPAC, navigate to the self registration form.
3) In the Alternate address section, fill in the Address field that you
have just set to be required. Ensure that you leave the Address 2
field blank.
4) Fill in all other required fields and submit the form, it should show
you that the Address 2 field is required, even though it shouldn't be
5) Apply patch
6) Refresh the page and repeat steps 1-5, it should allow youto submit
the form
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch fixes the ILL request table to display authors for journal article request types
Test plan:
1) Create an ILL request with the type of Journal Article and add an author in the Article author field
2) Click on the List requests button to see the table
3) The Author field should be blank for the request you created
4) Apply patch
5) Hard refresh the browser to reload the javascript
6) The author field should now be visible
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick Clemens [Thu, 23 May 2024 13:56:51 +0000 (13:56 +0000)]
Bug 36948: Resolve SIP issues in D12
My Koha testing docker SIP started dying repeatedly after launch. After investigation, I
found it was a problem with logging and default ports.
In D12 there is no syslog anymore, everythign uses journal. Four our purposes, lets log SIP issues
to sip.log by default
Attaching a patch to clear things up.
To test:
1 - Open KTD/D12
2 - tail -f /var/log/koha/kohadev/*.log
3 - On another terminal 'restart_all'
4 - Wait a bit, notice SIP dying
5 - Apply patch
6 - Update SIPconfig:
server-params:
log_file='/var/log/koha/kohadev/sip.log'
service with port 8023:
port="127.0.0.1:8023/tcp"
7 - Restart all
8 - Confirm SIP no longer dies
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Emily Lamancusa [Fri, 7 Jun 2024 20:24:26 +0000 (16:24 -0400)]
Bug 37000: (follow-up) Add foreign key last
Certain configurations of MySQL will not allow a column to be changed
from nullable to non-nullable if the column has a foreign key constraint.
Add the foreign key constraint last to avoid issues from this.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Tue, 4 Jun 2024 10:58:54 +0000 (11:58 +0100)]
Bug 37000: (Bug 36120 follow-up) Improve reliability of database update
This patch adds a series of fallthroughs to ensure pickup_library_id is
always set prior to adding the NOT NULL constraint.
We initially only looked at items.homebranch but as that's a nullable
field itself, we now look at items.holdingbranch before finally
defaulting to the first available branch in the branches table in the
worst case.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Lucas Gass [Tue, 4 Jun 2024 14:29:40 +0000 (14:29 +0000)]
Bug 37026: Fix JS error on sco-main.tt
To test:
1. Have a patron with some checkouts, holds, and charges that can login into the SCO module.
2. To go sco-main.pl and login
3. Try changing tabs and notice the console error:
dataTables is not defined
4. APPLY PATCH
5. Try again, there should be no error.
6. Make sure you can switch the tabs without any issues.
Signed-off-by: Sam Lau <samalau@gmail.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Janusz Kaczmarek [Wed, 10 Apr 2024 19:38:29 +0000 (19:38 +0000)]
Bug 33407: Unit tests
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Thomas Klausner <domm@plix.at> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Bug 33407: With ES and QueryAutoTruncate on, a search containing ISBD punctuation returns no results
With ES and QueryAutoTruncate on, a search with punctuation surrounded
by spaces (like ISBD punctuation copied from other catalogue or
bibliography) returns no results. E.g.: in a search for "Maria Stuart ;
Die Jungfrau von Orleans / Schiller" (coded in record as 245 10 $a Maria
Stuart ; $b Die Jungfrau von Orleans / $c Schiller) -- both semicolon
and slash cause problems. One had to remove them manually to get
results which is not what is desired.
Test plan
=========
1. Use ktd with Elasticsearch and ktd's test data
(http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=1):
2. Make a search for the first ISBD zone taken verbatim from the first record:
E Street shuffle : the glory days of Bruce Springsteen & the E Street Band / Clinton Heylin
There should be no result.
3. Apply teh patch, restart plack.
4. Repeat the search. You should get the record (and onother one).
Sponsored-by: Ignatianum University in Cracow Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Thomas Klausner <domm@plix.at> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Lucas Gass [Wed, 24 Apr 2024 20:00:53 +0000 (20:00 +0000)]
Bug 36679: Prevent SCO login for the AnonymousPatron
1. Make sure AutoSelfCheckAllowed is Allowed and AutoSelfCheckID and AutoSelfCheckPass are in use.
2. Make sure AnonymousPatron is pointed to an account.
3. Set SelfCheckoutByLogin to cardnumber.
4. Verify that if you go to the anonymous patron account in the staff interface, you cannot checkout items.
5. Go to the selfcheck path of the library. It should auto login. Put in the cardnumber for the anonymous user.
6. Proceed to check out items!
7. APPLY PATCH, restart_all
8. Try step 5 again, you should not be able to log in as the AnonymousPatron. Instead you should be redirected to OPAC home page
9. Switch SelfCheckoutByLogin to 'username and pasword'.
10. Again try to log in as the AnonymousPatron, you should not be able to.
11. Make sure you can login as a regular patron when SelfCheckoutByLogin is set to 'cardnumber' and when it is set to 'username and pasword'.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick Clemens [Wed, 7 Feb 2024 17:17:43 +0000 (17:17 +0000)]
Bug 27769: Update default key mapping to copy text
When implemented, the keyboard shortcuts could not use the system clipboard so
Citrl-C was mapped to use the editor clipboard. As this now works with the system clipboard
we should allow standard functionality and remap the Koha shortcut.
This will not affect existing installations, however, they can modify the keyboard shortcut if they
wish by visting:
Administration->Keyboard shortcuts
or
Clicking the 'Redefine shortcuts' link under 'Keyboard shortcuts' in the advanced editor.
To test:
1 - Apply this patch
2 - Reset all
3 - Confirm Ctrl-Alt-C is the command to 'Copy current field' in Keyboard shortcuts in the advanced editor
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
George Veranis [Thu, 14 Sep 2023 06:24:07 +0000 (08:24 +0200)]
Bug 29539: UNIMARC: authority number in $9 displays for thesaurus controlled fields instead of content of $a
When you try to dislpay a bibliographic record on unimarc that has subjects
linked with authorities then only the $9 is displayed as link instead of the
content of $a and it's subdivisions, if any.
To test:
1) You will need to have a bibliographic record with at least one subject
autority connected in unimarc framework.
2) View that record on OPAC on detail display. The subject will display as
a number ( $9 ) and you cannot see the text/term of the subject ( $a )
3) Apply patch
4) Repeat step 2
5) The subject display in a normal way based on content $a - or more subfields
Sponsored-by: National Library of Greece Signed-off-by: David Nind <david@davidnind.com>
Bug 29539: (follow-up) remove tag_onesubject template
Also:
Restores the <span class="value">
Replaces "not(position()=last())" with the more used "position() != last()"
Removes unecessary change in <xsl:param name="spanclass" />
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Wed, 5 Jun 2024 18:06:04 +0000 (18:06 +0000)]
Bug 37039: Update discharge request with CSRF token
The OPAC discharge page used a link with a GET parameter, but the script
expects a POST request. This patch converts the link to a form with CSRF
token included.
To test, apply the patch and enable the useDischarge system preference
if necessary.
- Log in to the OPAC as a user with no checkouts or outstanding fees.
- Click the "Ask for discharge" tab in the sidebar of the user summary
page.
- Click the "Ask for a discharge" button.
- You should be redirected to a page that says "Your discharge request
has been sent."
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Tue, 26 Sep 2023 09:42:27 +0000 (09:42 +0000)]
Bug 34838: Tidy
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Tue, 26 Sep 2023 09:35:01 +0000 (09:35 +0000)]
Bug 34838: Only check for status in status graph if request has a status
This check is required because when the existing_statuses method checks for the existing status_alias, it'll leave out the status from the query, so the status will be NULL for those particular query results when calling strings_map, throwing a warning
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Tue, 26 Sep 2023 09:33:08 +0000 (09:33 +0000)]
Bug 34838: Only call strings_map if status_alias is not undef in status_alias cycle
Because its highly likely that at least one request will have status_alias null in the database, the select MAX query will always return at least one result with NULL status_alias, throwing a warning, so we skip that
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Pedro Amorim [Mon, 25 Sep 2023 15:07:37 +0000 (15:07 +0000)]
Bug 34838: Replace SUPER::AUTOLOAD with get_column
I'm not 100% happy with this but I'm out of ideas.
I think the problem warning happens because there is no method status or status_alias directly defined in Object.pm so it tries to define it, but it has already been defined by AUTOLOAD previously.
Test plan:
prove t/db_dependent/Koha/Illbackend.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
David Cook [Thu, 6 Jun 2024 01:34:23 +0000 (01:34 +0000)]
Bug 37040: Prevent ErrorDocument subrequests from activating CSRF
This change improves the mechanism for preventing the CSRF middleware
being activated by ErrorDocument subrequests.
This change was necessary due to a subtle issue identified by
Bug 37041.
Test plan:
0. Apply the patch
1. Restart Koha
koha-plack --restart kohadev
2. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=9908
3. Log in
4. Note that you get a pretty 403 and not an ugly plain text error
5. Go to http://localhost:8081
6. Fill in the login details, but use the HTML inspector to delete
the csrf_token from the hidden inputs
7. Submit the login
8. Note a pretty 403 page
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Tue, 4 Jun 2024 11:51:45 +0000 (12:51 +0100)]
Bug 36978: (Bug 34029 follow-up) Make update idempotent
The update wasn't checking for index pre-existance and as such could
fail in certain cases.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Thu, 30 May 2024 18:07:27 +0000 (18:07 +0000)]
Bug 36995: Correct parameter name for library EAN deletion
This patches removes the "cud-" prefix from the "delete_confirm"
parameter check in Library EAN management. The confirm step is a GET
operation.
To test, apply the patch and restart services;
- Go to Administration -> Library EANs.
- Add an entry if necessary, then click "Delete."
- You should be taken to a confirmation page: "Confirm deletion of
EAN..."
- Confirm deletion and verify that the EAN was deleted.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick Clemens [Wed, 8 May 2024 13:22:58 +0000 (13:22 +0000)]
Bug 34444: Correct handling of sort1 and sort2 values
Removed extraneous sort_1 data elements
Update selectors to use field names for statistics field
Updated code to set the value after finding the correct selector
To test:
* Make sure you have at least 2 funds with different stat settings, using AV and not
* Create a basket with an order line
* Close it and receive shipment
* Create an invoice and receive the order line
* Finish receiving
* Click "Modify fund"
* Switch fund, verify the stat fields are updated accordingly
* Change values for statistical values
* Update fund
* Edit fund again, pull downs are correct
* Change values in form and close, do not update
* Click 'Modify fund' - confrim form is filled with the saved values
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Nick Clemens [Wed, 29 May 2024 13:54:52 +0000 (13:54 +0000)]
Bug 35989: (QA follow-up) Add test and limit variable scope
Before this patch if a record had a 751 and a 781 you could have fields repeated.
This patch reduces the scope of the fields to subdivision variable as it is only used in processing 7xx
fields and should not be shared between fields.
I also add unit tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Currently when searching for a geographic authority record the search will fail if the record has a heading in a 78X field. The system tries to do a regex match against an undefined variable causing an error. This patch makes that regex match conditional on the variable being defined to allow the search to succeed.
Test plan:
1) Navigate to Authorities
2) In the search bar at the top of the page, click on the dropdown options and in the 'Authority type' field, select 'Geographic Name'
3) Click search
4) You should have a list of authorities
5) Click on any authority record and then click edit and select to edit the record
6) Click on the "7" button
7) Click on the green text next to the '781' field to get the list of fields
8) In field 'v' enter any string you like
9) Click save
10) Repeat steps 1-3, this time it should display an error message for an Unmatched [ in regex
11) Apply patch
12) restart_all
13) Refresh the page, the results should show and the string you entered in the 'v' field should display on the record you edited
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Thu, 6 Jun 2024 06:30:37 +0000 (07:30 +0100)]
Bug 36986: (follow-up) Ensure idempotency
MySQL/MariaDB checks the primary key/unique constraint before WHERE
clause when performing an UPDATE. As such, the lack of AutoLocation
existing will not prevent a failure on a second run of the update.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Martin Renvoize [Wed, 5 Jun 2024 17:10:33 +0000 (18:10 +0100)]
Bug 36986L (follow-up) Ensure idempotency
MySQL/MariaDB checks the primary key/unique constraint before WHERE
clause when performing an UPDATE. As such, the lack of AutoLocation
existing will not prevent a failure on a second run of the update.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Emmi Takkinen [Fri, 31 May 2024 09:39:57 +0000 (12:39 +0300)]
Bug 36993: Upgrade fails at 23.12.00.023 [Bug 32132]
Database update fails on some databases because of
foreign key constraint error. This comes from attempt
to make column aqbudgets.budget_period_id not accept
NULL values. Update also fails if there are rows where
column aqbudgets.budget_period_id doesn't match any
values in aqbudgetperiods.budget_period_id.
To test:
1. Remove changes made in bug 32132 and downgrade your database:
- ALTER TABLE aqbudgets MODIFY COLUMN `budget_period_id` INT(11) NULL;
- UPDATE aqbudgets SET budget_period_id = NULL
WHERE budget_period_id IN(SELECT budget_period_id FROM aqbudgetperiods
WHERE budget_period_description = "Budget for funds without budget");
- DELETE FROM aqbudgetperiods
WHERE budget_period_description = "Budget for funds without budget";
- UPDATE systempreferences SET value="23.1200022" WHERE variable = "Version;
2. Upgrade your database (e.g. running installer/data/mysql/updatedatabase.pl)
=> Update fails on foreign key constraint error.
4. Apply this patch.
5. Try to update your database again.
=> Database should now be upgraded succesfully.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Fridolin Somers [Wed, 29 May 2024 15:29:21 +0000 (17:29 +0200)]
Bug 36986: (Bug 26176 follow-up) Fix rename StaffLoginBranchBasedOnIP in BDRev
Test by running upgrade from 23.11.00 to main
Check you see :
Upgrade to 23.12.00.061 [15:34:36]: Bug 26176 - Rename AutoLocation and StaffLoginBranchBasedOnIP system preferences
Renamed system preference 'AutoLocation' to 'StaffLoginRestrictLibraryByIP'
Renamed system preference 'StaffLoginBranchBasedOnIP' to 'StaffLoginLibraryBasedOnIP'
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Owen Leonard [Thu, 23 May 2024 13:13:06 +0000 (13:13 +0000)]
Bug 36946: Fix cud- error when processing offline circulations
This patch fixes a CSRF token error when processing offline
circulations. The form needed both the token parameter and to be sent as
POST.
To test, apply the patch and go to Circulation.
- Go to Upload offline circulation file (.koc)
- Upload a .koc file, add to offline circulation queue.
- View pending offline circulation actions.
- Check one or more transactions and click "Process" at the bottom of
the page.
- The process should complete without any JS errors, and the
checkboxes should be replaced with the text "Success."
- Perform the same test with the "Delete" button.
Sponsored-By: Athens County Public Libraries Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Thu, 23 May 2024 07:50:59 +0000 (09:50 +0200)]
Bug 36939: Remove a warning from Serials.t
t/db_dependent/Serials.t .. 2/57 Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Serials.pm line 2029.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Wed, 22 May 2024 12:01:28 +0000 (14:01 +0200)]
Bug 36923: Remove warnings from Holds/LocalHoldsPriority.t
t/db_dependent/Holds/LocalHoldsPriority.t .. 1/7 Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Reserves.pm line 866.
t/db_dependent/Holds/LocalHoldsPriority.t .. 2/7 Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Reserves.pm line 866.
Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Reserves.pm line 866.
Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Reserves.pm line 866.
t/db_dependent/Holds/LocalHoldsPriority.t .. 5/7 Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Reserves.pm line 866.
t/db_dependent/Holds/LocalHoldsPriority.t .. ok
All tests successful.
We didn't have the default values generated by the DBMS
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
David Cook [Thu, 23 May 2024 06:43:40 +0000 (06:43 +0000)]
Bug 36931: Fix label-item-search.pl by removing CSRF requirement
This change converts a stateless POST into a GET, so that the paging
of the label-item-search.pl results works again.
Test plan:
0. Apply the patch and restart Koha
1. Go to http://localhost:8081/cgi-bin/koha/labels/label-edit-batch.pl?op=new
2. Click "Add item(s)"
3. Add '05/01/2000' in "Added on or after date:" and click "Search"
4. Page through the results
5. Rejoice
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Wed, 22 May 2024 08:08:30 +0000 (10:08 +0200)]
Bug 36816: Remove warning
Use of uninitialized value in string eq at /kohadevbox/koha/opac/opac-memberentry.pl line 629.
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
1) Add a new patron attribute type, visit:
<staff_url>/cgi-bin/koha/admin/patron-attr-types.pl?op=add_attribute_type
2) Add a code and a description (whatever) - Make it 'Display in OPAC' and 'Editable in OPAC'
3) Access OPAC patron personal details page, visit:
<opac_url>/cgi-bin/koha/opac-memberentry.pl
4) Scroll down and add some info to 'whatever'. Click 'Submit update request'.
5) Visit the INTRA 'update patron requests from opac' page:
<staff_url>/cgi-bin/koha/members/members-update.pl
6) Notice the entry is there. Select 'approve' and click "Submit"
7) Repeat 3)
8) Scroll down and notice the approved value is there. Clear that data and "Submit update request" (as if you're requesting for that data to be removed/cleared)
9) Repeat 5)
10) Notice there's an entry, and it is not empty. Select 'approve' and click "Submit"
11) Repeat 3)
12) Scroll down and notice the request to update (clear) that field did go through, i.e. the data is not there anymore.
Also test self-registration and mandatory attributes
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Wed, 22 May 2024 08:31:29 +0000 (10:31 +0200)]
Bug 36916: Do not generate invalid JS or CSS from TestBuilder
TestBuilder generates random strings for branches.opacuserjs and branches.opacusercss which produces invalid JS and CSS.
Selenium has several warnings related to this:
koha-selenium-1 | JavaScript error: http://koha:8080/cgi-bin/koha/opac-user.pl, line 1744: ReferenceError: CLYxPjQ152 is not defined
koha-selenium-1 | JavaScript error: http://koha:8080/cgi-bin/koha/opac-search.pl, line 2069: ReferenceError: CLYxPjQ152 is not defined
koha-selenium-1 | JavaScript error: http://koha:8080/cgi-bin/koha/opac-reserve.pl, line 1351: ReferenceError: CLYxPjQ152 is not defined
Because of the following in the DOM
<script>
CLYxPjQ152
</script>
This patch suggests to set to an empty string by default, to prevent random failure or inconsistent behaviours when testing the UI.
Test plan:
Run t/db_dependent/selenium/authentication.t and watch the selenium
output.
With this patch applied you will not see the "JavaScript error" lines
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Phil Ringnalda [Thu, 16 May 2024 20:54:41 +0000 (13:54 -0700)]
Bug 36589: Advanced cataloging - restore the correct height of the clipboard
A simple direct fix for the height of the advanced editor's clipboard,
which is a <select size="10"> that's currently cut down to the height of
one thick line by CSS intended for non-multiple, non-sized selects with
dropdown menus.
Test plan:
1. Set the pref EnableAdvancedCatalogingEditor to Enable
2. Cataloging -> Advanced editor
3. Note the Clipboard is a single line tall
4. Apply patch, shift+reload Advanced editor
5. Note the Clipboard is ten lines tall
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Wed, 22 May 2024 11:58:35 +0000 (11:58 +0000)]
Bug 36917: (follow-up) Add FIXME for marcflavour
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Wed, 22 May 2024 11:52:53 +0000 (11:52 +0000)]
Bug 36917: (follow-up) Remove Elasticsearch warnings and tidy
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Jonathan Druart [Wed, 22 May 2024 08:56:10 +0000 (10:56 +0200)]
Bug 36917: Remove some warnings from t/db_dependent/Authority/Merge.t
Cannot determine authority type for record: 1709 at /kohadevbox/koha/Koha/SearchEngine/Elasticsearch.pm line 589.
Use of uninitialized value $subfields in pattern match (m//) at /kohadevbox/koha/C4/Heading/MARC21.pm line 412.
Use of uninitialized value $subfields in pattern match (m//) at /kohadevbox/koha/C4/Heading/MARC21.pm line 448.
This change removes the 2 "Use of uninitialized value $subfields in
pattern match (m//)" warnings
The warnings are gnerated because the subfields for headings are hardcoded variables in C4::Heading::MARC21
for any genuine authority record we should receive the correct list of subfields. The tests in this case are
mocking a new authtype, and so do not find the correct subfields. Skipping the generation here silences the
warnings and will prevent user defined types from throwing errors as well.
NOTE: Koha allows the user to define their own authority types, however, we have various features hardcoded
that will prevent them from working as expected
WNC amended commit message
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Pedro Amorim [Tue, 21 May 2024 09:13:49 +0000 (09:13 +0000)]
Bug 36904: Fix batch->ill_batch
This was missed when renaming follow-ups were added to bug 30719
1) Enable ILL, install FreeForm and checkout the current compatible branch with main
bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev.sh)
cd /kohadevbox/koha/Koha/Illbackends/FreeForm
git checkout reorganize_ILL
2) Visit ILL module:
http://localhost:8081/cgi-bin/koha/ill/ill-requests.pl
3) Type whatever search in the tiny 'Search' input box directly above the table
4) Notice you get an error. Apply patch. Repeat.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Nick Clemens [Tue, 21 May 2024 13:44:47 +0000 (13:44 +0000)]
Bug 26176: Rename AutoLocation to StaffLoginRestrictBranchByIP
This patch sets AutoLocation to be called StaffLoginRestrictBranchByIP.
The new name is chosen to reflect the new pref StaffLoginBranchBasedOnIP.
Also this patch corrects the order of sysprefs in installer file.
To test:
Follow test plans on bug 36665 and bug 35890 and confirm that the preferences
continue to work as expected
Confirm the descriptions of the prefs in the staff interface match the behaviors expected
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>