]> git.koha-community.org Git - koha.git/log
koha.git
2 months agoBug 37093: Searching for reports on Mana should use GET
Phil Ringnalda [Thu, 11 Jul 2024 12:13:39 +0000 (05:13 -0700)]
Bug 37093: Searching for reports on Mana should use GET

Searching for reports on Mana currently fails by sending a POST to
svc/mana/search without a CSRF token. There's no reason to POST, it's
just sending a search string.

 1. Enable Mana: Reports - lower right is a blue Knowledgebase box with
    a link to Change your Mana KB settings
 2. Switch Use Mana KB to Yes, click Save, below that give it a name and
    email, Send to Mana KB
 3. Reports - Use saved - New report - New SQL from Mana
 4. Enter any keyword to search, get a 403 forbidden error
 5. Apply patch, restart_all, Shift+Reload the page to clear cache
 6. Enter any keyword likely to return results, like select, get results

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f4d248f076ef7368535beead9689acf4ad98d5f3)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37523: CSRF error when modifying an existing patron record
Owen Leonard [Tue, 30 Jul 2024 12:13:23 +0000 (12:13 +0000)]
Bug 37523: CSRF error when modifying an existing patron record

This patch modifies the patron entry template to avoid a CSRF error when
clicking the "Edit existing record" button after a duplicate patron is
found. The operation should be GET and thus can be a link.

To test, apply the patch and go to Patrons.

- If you aren't using the default testing data you should first locate
  an existing patron record so you can refer to the details.
- Start the process of creating a new patron record.
- Use the existing patron's data to fill out the form.
  - With the default data you can use:
    - Surname: Bennett
    - First name: Pamela
    - Date of birth: 09/16/1946
    - Any random new card number
- When you click "Save" you should get a duplicate patron warning:
  "Duplicate patron record?"
  - Click "It is a duplicate. Edit existing record."
  - You should be taken to the edit form for the existing patron.

Sponsored-by: Athens County Public Libraries
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Johanna Räisä <johanna.raisa@gmail.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2f6226ad695a7092c71ba86d06bd9d7edac8f583)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 35236: Make "Batch description" label match corresponding <input> field
Jennifer Sutton [Thu, 25 Jul 2024 23:11:16 +0000 (23:11 +0000)]
Bug 35236: Make "Batch description" label match corresponding <input> field

To test:
  1. Create a new patron.
  2. Go to Tools -> Patron card creator.
  3. Create a new patron card batch.
  4. On the "Edit patron card batch" page, click the "Batch
     description:" label.
  5. Observe that the corresponding <input> field is selected.

Mentored-by: Catalyst Academy
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 558b900895a42ff33fed06f746f677ac9ea3f51c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 36998: Correctly update the 'Amount paid' displayed on the issue refund modal
Sam Lau [Thu, 25 Jul 2024 16:02:16 +0000 (16:02 +0000)]
Bug 36998: Correctly update the 'Amount paid' displayed on the issue refund modal

To test:
1) Enable the 'EnablePointOfSale' sys pref (also requires the 'UseCashRegisters' pref)
2) In the POS module, configure a cash register and also configure some items for purchase with different costs
3) Make multiple sales
4) View the transactions table by clicking the 'Cash summary for ...' tab and then clicking on your cash register's name.
5) Click on the 'Issue refund' button for one of the sales, this should have the correct 'Amount paid'
6) Close the modal and click issue refund on your other item.
7) Note the 'Amount paid' is incorrect and lists the value from the previous item
8) Apply patch
9) Now when clicking issue refund, it displays the correct 'Amount paid'

Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 47a3c284734c56e095a5945cdbd40f6e50652496)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37476: Fix reserved word error on Serials.pm on MySQL 8
Tomas Cohen Arazi [Thu, 25 Jul 2024 16:29:42 +0000 (13:29 -0300)]
Bug 37476: Fix reserved word error on Serials.pm on MySQL 8

This patch fixes the fact `RANK` become a reserved word in MySQL 8.0.2
[1]

To test:
1. Launch KTD with MySQL 8:
   $ ktd down
   $ DB_IMAGE=mysql:8 ktd up -d
2. Open the logs
   $ ktd --shell
  k$ tail -f /var/log/koha/kohadev/*.log
3. Create a serial, receive an issue and try to create a routing list
4. Click on `+ Add recipients` and look for Henry
5. Click `Add` and then `Close`
=> FAIL: Henry not added
=> FAIL: The logs show an error about wrong SQL syntax
6. Run:
  k$ prove t/db_dependent/Serials.t
=> FAIL: Tests explode with the same kind of error!
6. Apply this patch
7. Restart plack
8. Repeat 3 through 6
=> SUCCESS: Henry added!
=> SUCCESS: No explosion about the SQL syntax in the logs
=> SUCCESS: Tests pass!
9. Sign off :-D

[1] https://dev.mysql.com/doc/refman/8.0/en/keywords.html

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit a4b9dcaf61c657a315e0de16e0d68163ece9ed0e)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37476: Unit tests
Tomas Cohen Arazi [Thu, 25 Jul 2024 16:50:30 +0000 (13:50 -0300)]
Bug 37476: Unit tests

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 3d76ccdf94302b11a61394cc84199ae1b2002473)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 36196: Handling NULL data on ajax call
Thibaud Guillot [Wed, 28 Feb 2024 15:20:10 +0000 (16:20 +0100)]
Bug 36196: Handling NULL data on ajax call

Test plan:

1) Update some data in your cities table, sample for one send:
"UPDATE cities SET city_state=NULL WHERE cityid=<id>"
2) Go on "/cgi-bin/koha/admin/cities.pl" and wait a entire life :)
3) Apply this patch
4) Rebuild your po files if needed
5) Reload the same page and now you get normally the datatable

Sponsored by: BibLibre
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e0856d0db648766ba1d65a4f784983a416ac4a35)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37303: Update yarn.lock after adding new dependency to packages.json
Mason James [Fri, 2 Aug 2024 01:53:01 +0000 (13:53 +1200)]
Bug 37303: Update yarn.lock after adding new dependency to packages.json

 use ./xt/verify-yarnlock.t test in BZ 37490 to confirm

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8ff9e665e4d275ac601ee5165ab4233a14189f2c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37303: Replace po2json with a JS version
Jonathan Druart [Wed, 10 Jul 2024 10:16:55 +0000 (12:16 +0200)]
Bug 37303: Replace po2json with a JS version

When using __() (ie. Gettext.js) we are seeing the translations that are marked as fuzzy.
This is definitely not the expected behaviour.

It happens because (our version of) po2json are old and no longer maintained,
and just embed them.

It seems that the bin we have has been upgraded to a JS version
(different authors).

Test plan:
(replace LANG with your language code)
0. Do not apply this patch
Edit misc/translator/po/LANG-messages-js.po
Mark a string as fuzzy
Edit ./intranet-main.tt and add the following lines inside $(document).ready
  console.log(_("Your string"));
  console.log(__("Your string"));
Replace "Your string" with the string you are actually testing.

Update the templates: `koha-translate --update LANG --dev kohadev && restart_all`

Go to the Koha home page, open the console.

=> Notice that the second log in the console is displaying the fuzzy string.

1. Apply this patch
Install the new version of po2json using `yarn install`
Repeat the previous steps.

=> With this patch applied both logs show the English version of the
string.

Remove fuzzy, update the templates and try again.

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 4eb981635453871fa2a33396391f3f75a6baa8b1)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37351: Rework checkbox JS to work with paginating dataTable
Lucas Gass [Wed, 24 Jul 2024 22:44:05 +0000 (22:44 +0000)]
Bug 37351: Rework checkbox JS to work with paginating dataTable

To Test:

1. Log in to staff client
2. Place items on items for borrowers
    2-1 Place enough holds as noted above
    2-2 Trap holds for borrowers
3. Open Circulation->Holds Awaiting Pickup (circ/waitingreserves.pl)
4. Click a checkbox for one or mroe holds
    Note->The 'Cancel selected (0)' button changes to 'Cancel
selected (1)', etc.
5. Cancel selected Holds using the (Cancel selected (#) button)
6. Confirm Cancellation
7. Wait for background processes to complete, then verify holds are cancelled.
8. Return to Open Circulation->Holds Awaiting Pickup (circ/waitingreserves.pl)
9. Ensure button shows "Cancel selected (0)"
10. Click "Next >" to navigate to page 2 of holds
11. Click a checkbox for one or more holds
     Note->The 'Cancel selected (0)' button DOES NOT increase as boxes
are selected.
12. Cancel selected Holds using the (Cancel selected (#) button)
13. Confirm Cancellation
14. Wait for background processes to complete, then verify holds are cancelled.
     Note-> Holds were not cancelled

15. APPLY PATCH
16. Try step 9-14 again. This time the 'Cancel selected (0)' button should update even when you paginate.
17. Make sure you try all the tables, Holds waiting, Holds waiting over X, Holds with cancellation requests.

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit bbd1fa0bfa2604e60eb38072569d7af5ec6808d8)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37378: Tidy
Nick Clemens [Tue, 23 Jul 2024 12:24:25 +0000 (12:24 +0000)]
Bug 37378: Tidy

Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit a0f89e7e98e5adabc3ff6726f1a7e36fd217b9d9)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37378: libraries_where_can_see_things should always return an array
Nick Clemens [Tue, 23 Jul 2024 12:14:44 +0000 (12:14 +0000)]
Bug 37378: libraries_where_can_see_things should always return an array

The subroutine libraries_where_can_see_things stores the list of libraries that things
can be viewed from in an internal variable, so we can return this directly if we have already calculated.

When returning if not cached, we dereference the list and return an array. If cached, we are returning
an arrayref. This patch simply ensures we dereference the array even if already cached.

Before this patch, we were fetching the patrons, then redacting all info as their branches didn't match against
an arrayref, rather than checking against each branch we are allowed to view.

To test:
1. Setup a library group and check the "Limit patron data access by group ." option.
2. Add some libraries to the group. ( IN k-t-d I added CPL and MPL )
3. Create a staff account who has staff access permissions and all of the borrower permissions except "view_borrower_infos_from_any_libraries"
4. Set the home library of that staff member to one of the branches in step 2. ( In my test I choose MPL )
5. Log in as that patron and attempt a patron search that would include users from either library in step 2.
6. See the error:

Something went wrong when loading the table.
500: Internal Server Error.
Expected boolean - got null.
Expected boolean - got null.
Expected string - got null.
Expected string - got null.
Expected string - got null.
Expected integer - got null.
Expected integer - got null.
Expected integer - got null.
Expected boolean - got null.
Expected boolean - got null.
Expected string - got null.

7. Apply patch, restart all
8. Search again, you can see the expected patrons

Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit ebdf121a7de99e7cfaf53d5177621b9cbca7338c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37378: Unit test
Nick Clemens [Tue, 23 Jul 2024 12:12:17 +0000 (12:12 +0000)]
Bug 37378: Unit test

Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit fb768ebbb82bd5f12c53e8d013269df08e5a01bd)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37285: (QA follow-up) Perl Tidy
Laura_Escamilla [Thu, 25 Jul 2024 15:22:00 +0000 (15:22 +0000)]
Bug 37285: (QA follow-up) Perl Tidy

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e7a017e663bd0376c626a692a85cda4dc7e68324)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37285: Printing lists only prints the ten first results
Baptiste Wojtkowski [Tue, 9 Jul 2024 14:08:39 +0000 (16:08 +0200)]
Bug 37285: Printing lists only prints the ten first results

GIVEN koha in a version later than 22.11, a list with more than ten entries
WHEN the user tries to print the list
THEN only the ten first results are printed

EXPECTED THEN all results are printed

It looks like it is an undesired effect of BZ36858. Page remains set
even while printing, therefore, however the number of rows is not set,
default value (10) is used.

TEST PLAN

1 - create a list with more than 10 items
2 - print the list -> there is a pagination and that only 10 items
  are printed
Apply patch
3 - print the list again -> every items are being printed

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 64027daadcea8c44cb73aae71a48ac64d527ed3f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 33455: Fix the size of the patron change password heading
Catalyst Bug Squasher [Thu, 25 Jul 2024 23:06:47 +0000 (23:06 +0000)]
Bug 33455: Fix the size of the patron change password heading

The H1 heading on the patron change password page in the staff
interface is too big and should be outside of the area with
form area with the white background.

Test plan:
1. In the staff interface, click on top right of menu and navigate
   to my account.
2. Click the 'Change password' button.
3. Note that title is now outside the legend and font size is
   comparable to other H1 headings (e.g. Duplicate).

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 3eb461bc9b293aa88a1c60addc5125759b46ff03)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37435: Fixed renew patron from moremember.pl without circulate permissions
Eric Garcia [Tue, 23 Jul 2024 18:04:41 +0000 (18:04 +0000)]
Bug 37435: Fixed renew patron from moremember.pl without circulate permissions

To recreate:
1. Have a staff account with limited permissions:
    -Staff access ( catalouge )
    -Add, modify and view patron information (borrowers)
    -NO circulate permissions
2. Log in as that staff user and find a patron with an expired account.
3. See the warning "Expiration: Patron's card has expired. Renew or Edit details".
4. Try clicking on Renew, you are logged out and see "Error: You do not have permission to access this page."

To test:
1. Apply patch
2. From the expired patron's details page see the warning and click Renew
3. Notice it renews the patron and returns to the patron details page
4. Details -> Edit -> Set the expiration date so that the patron is expired
5. Go back to your staff patron and check 'Check out and check in items' permission
6. In your expired patron's page -> Check out -> See warning -> Renew
7. Notice it renews the patron and returns to the check out page
8. Set the expired patron's expiration date so that it expires soon
9. Uncheck 'Check out and check in items' permission for your staff patron
10. Confirm the warning for your patron now is "Expiration: Patron's card expires on (DATE). Renew or Edit details"
11. Repeat steps 2-7 and notice it returns to the correct pages

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 39ff9705444f8da1ebd82e2093a808c26c503338)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37407: Fix automatic checkout for fast cataloging
Brendan Lawlor [Tue, 23 Jul 2024 12:29:55 +0000 (12:29 +0000)]
Bug 37407: Fix automatic checkout for fast cataloging

This patch adds a check for the referrer to the circulation page.
If the referrer is from the same origin's additem.pl then get the
barcode from the url parameters, fill the form and submit.

Test plan:
1. Apply patch
2. Enter a barcode not in the system, eg 99999
3. Click '+ Add record using fast cataloging'
4. Fill required bib fields 000, 008 and 245a and click 'Save'
5. Add required item field y - Koha item type and click 'Add item'
6. Notice the barcode is filled and the form is submitted automatically
7. Confirm the item is checked out and the dutedate specified works
8. Add an html customization somewhere else in koha with a link like
   http://localhost:8081/cgi-bin/koha/circ/circulation.pl?borrowernumber=38&barcode=99999&duedatespec=&stickyduedate=
9. Click on the link to simulate a csrf attack
10. Confirm the checkout page is loaded for that patron but no checkout is made

Signed-off-by: Eric Garcia <cubingguy714@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 620dbcde87704ebbd095c24dfa78b9b847235869)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 34147: Load all categories for displaying patron results
Nick Clemens [Tue, 23 Jul 2024 12:51:00 +0000 (12:51 +0000)]
Bug 34147: Load all categories for displaying patron results

Currently we are only loading unlimited categories into the patron search, so when we return
patrons from a category limited to another library we crash because we don't have the descriptions
loaded.

This patch removes the limit from 'categories_map' which is only used for displaying patrons. As patron
visibility is a feature of permissions and groups, I don't think we should enforce if based on category
limitations.

NOTE: the categories for searching are still limited in the left hand filters - but not in the dropdown if you click the options button in the top search form. This is beyond the scope of this bug.

To test:
1. Make sure you are logged in as Centerville
2. Do a patron search for 'Ac' -- there are two patrons: Henry (Staff) and Edna (Patron)
2. Go to Administration > Patron Categories
3. Edit the Patron (PT) category, set the Library limitations to Fairfield only
4. Do the patron search for 'Ac' again - it hangs up with a Processing box
5. Apply patch
6. Reload the page (clear cache) and confirm the results now load

Signed-off-by: Jason Robb <jrobb@sekls.org>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 476776cc5b828c7fad76c584f36855dea591fd3f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 36362: (QA follow-up) Tidy code
Kyle M Hall [Fri, 19 Jul 2024 16:23:43 +0000 (12:23 -0400)]
Bug 36362: (QA follow-up) Tidy code

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit a62d39ea11a9b6986c155f6333ac6e3afde0dd87)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 36362: Only call Koha::Libraries->search() if necessary in Item::pickup_locations
David Gustafsson [Tue, 19 Mar 2024 17:33:18 +0000 (18:33 +0100)]
Bug 36362: Only call Koha::Libraries->search() if necessary in Item::pickup_locations

To test:

1) Make sure the following tests pass:
 - t/db_dependent/Koha/Item.t
 - t/db_dependent/Koha/Biblios.t
 - db_dependent/Koha/Biblio.t

Sponsored-by: Gothenburg University Library
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 2c1e95562188a6d93c22055e30d6a5e9d7e50034)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 36129: Make check on "Hide all columns" persist on item patch modification/deletion
Emmi Takkinen [Mon, 19 Feb 2024 10:55:26 +0000 (12:55 +0200)]
Bug 36129: Make check on "Hide all columns" persist on item patch modification/deletion

On item patch modification/deletion tool, if one checks
"Hide all columns" checkbox and then reloads the page,
checkbox is no longer selected. Columns are hidden as
they should. This patch adds line to batchMod.js which
sets "checked" attribute and class "selected" to checkbox.

To test:
1. Find items to modify/delete and modify/delete them with
corresponding tool.
2. Check checkbox "Hide all columns".
3. Refresh the page.
=> Note that columns are still hidden, but checkbox is now
unselected.
4. Apply this patch.
5. Check checkbox again and refresh page.
=> Checkbox should be still checked.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 1a154f1f0e1fa4d5c7295ba181fc27eaff99fd09)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 36566: Correct eslint errors in OPAC enhanced content JS
Owen Leonard [Wed, 10 Apr 2024 11:30:33 +0000 (11:30 +0000)]
Bug 36566: Correct eslint errors in OPAC enhanced content JS

This patch fixes various eslint errors in enhanced content JS files:

- Consistent indentation
- Remove variables which are declared but not used
- Add missing semicolons
- Add missing "var" declarations

To test, apply the patch and clear your browser cache if necessary.

- Go to Administration -> System preferences and enable these
  preferences:
  - OPACAmazonCoverImages
  - BakerTaylorEnabled
  - GoogleJackets
  - OPACLocalCoverImages
  - OpenLibraryCovers
- Go to the OPAC and confirm that covers from these services appear
  correctly in search results and on detail pages.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 3d82116830ac7fbafe7414e08f155a54b7bb723f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37425: Check for existence of biblio object before fetching cover images
Nick Clemens [Mon, 22 Jul 2024 19:46:33 +0000 (19:46 +0000)]
Bug 37425: Check for existence of biblio object before fetching cover images

This patch simply adds a conditional to ensure the biblio object has been retrieved and assumes no cover images otherwise

To test:
 1 - Enable system preference LocalCoverImages
 2 - Perform a search in staff interface
 3 - Find the biblionumebr for one of the results and delete it via the SQL backend:
     DELETE FROM biblio WHERE biblionumber=3;
 4 - Search again.
 5 - KO!
     Can't call method "cover_images" on an undefined value at /usr/share/koha/intranet/cgi-bin/catalogue/search.pl line 671.
 6 - Reindex, confirm error is gone
 7 - Apply patch
 8 - Search again
 9 - Delete a record from the results via SQL
10 - Reload and confirm no error
11 - Reindex and repeat search and confirm no error

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8fdddccffb2fa165b32e6a9c9b8d6d3dcacd5b08)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37340: Restore sorting on 'Details' column in edifactmsgs
Martin Renvoize [Fri, 12 Jul 2024 09:23:22 +0000 (10:23 +0100)]
Bug 37340: Restore sorting on 'Details' column in edifactmsgs

This patch restores the sorting options on the 'Details' field in the
edifact messages page.

We sort by basket_id followed by type behind the scenes, so the
resulting order for a Descending sort will group by basket id highest to
lowest with Quotes coming before Orders.

This is generally what the end user actually wants to see, even though
it may be somewhat unintuitive intially as it's not a clear alpha sort
for what's displayed in the column in the UI.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Mary Blomley <mary.blomley@uwl.ac.uk>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e828f5f839ae709fd8425a0ee46401cb835b2ce1)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37383: Use libraries_where_can_edit_items to check if items are editable
Lucas Gass [Mon, 22 Jul 2024 23:41:46 +0000 (23:41 +0000)]
Bug 37383: Use libraries_where_can_edit_items to check if items are editable

To test:
1 - have a system with 2+ branches
2 - have a bib with 2+ items, all with holdingbranch=A
3 - set logged in library to A
4 - go to bib details page, confirm each item has an Edit button in the holdings table
5 - edit one item, set holdingbranch=B
6 - reload bib details page
7 - confirm the item now at branch B does not have an edit button
8 - APPLY PATCH and restart_all
9 - Try 1 - 6 again, this time you should see the proper edit buttons
10 - Set up library group:
    * Create a library group for library A + B
    * Action: Limit item editing by group
11 - Set up test user:
    * Create a staff patron with these permissions:
    * catalogue
    * fast_cataloguing
    * edit_items
    * view_borrower_infos_from_any_libraries
    * edit borrowers
* Home library: library A

12 - Set up test items:
    * Create a record with 3 items with different home libraries:
        * A
        * B
        * C

13 - We expect the use to be able to edit A and B, but not C.
14 - With the same user turn OFF the view_borrower_infos_from_any_libraries permission
15 - Behavior should not change, we expect the use to be able to edit A and B, but not C.
16 - Make sure StaffDetailItemSelection still works as expected for all users. With the sys pref on the checkbox should show up for superlibrarians and users with 'tools' permissions.

Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 66c332a78977b97c753bdc0e1acf60b243df9eca)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37029: Remove 'About Koha' from intranet-main
PerplexedTheta [Fri, 19 Jul 2024 09:35:49 +0000 (10:35 +0100)]
Bug 37029: Remove 'About Koha' from intranet-main

This patch removes the 'About Koha' link as a module button, and
instead uses the 'Koha xx.xx.xx' version URL on the mainpage as a
shortcut to the 'About Koha' page.

Additionally, a link to the Koha Community website has been added to
the bottom of the 'About Koha' page, in the same place the 'Koha
xx.xx.xx' version URL appears on the mainpage.

To test:
a)  Log in to Koha's staff client
b)  Notice the 'About Koha' module button, and that the 'Koha xx.xx.xx'
    version URL goes to the Koha Community website.
c)  Notice that on the 'About Koha' page, there is no link to the Koha
    Community website.
d)  --> Apply patch <--
e)  Notice that the About Koha module button is now missing
f)  Notice that the 'Koha xx.xx.xx' version URL now goes to 'About
    Koha'
g)  Notice that on the 'About Koha' page, there is now a link for the
    Koha Community website at the bottom of the page.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 4743e4639ae0296205077bd57c3687be9a0df770)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: (Rmaint follow-up) Adjust number of tests
Lucas Gass [Wed, 28 Aug 2024 20:18:54 +0000 (20:18 +0000)]
Bug 28762: (Rmaint follow-up) Adjust number of tests

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: (QA follow-up): fix number of tests
Victor Grousset/tuxayo [Fri, 19 Jul 2024 01:31:38 +0000 (03:31 +0200)]
Bug 28762: (QA follow-up): fix number of tests

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit a5710c49dbcf7127ed19bb497ab0cf9e48d90b54)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: (follow-up) Fix missed not_for_loan_status rename
Martin Renvoize [Tue, 23 Jul 2024 07:44:35 +0000 (08:44 +0100)]
Bug 28762: (follow-up) Fix missed not_for_loan_status rename

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 56621b992669b0b04e4134dd034cb5a4ac427e5c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: (QA follow-up) Restore protection against unknown itemtypes
Nick Clemens [Mon, 22 Jul 2024 19:02:22 +0000 (19:02 +0000)]
Bug 28762: (QA follow-up) Restore protection against unknown itemtypes

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 5ff47fc40c2e6be3e10eb5aef0a7dfcd8ac03b16)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: Rename not_for_loan as effective_not_for_loan_status
Martin Renvoize [Mon, 22 Jul 2024 15:32:34 +0000 (16:32 +0100)]
Bug 28762: Rename not_for_loan as effective_not_for_loan_status

This patch updates the method name to follow current conventions.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit fdefef14445bc8d680496ae9f52f221983db2ec5)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: Replace is_notforloan with not_for_loan
Martin Renvoize [Mon, 22 Jul 2024 15:14:08 +0000 (16:14 +0100)]
Bug 28762: Replace is_notforloan with not_for_loan

This patch replaces the use of is_notforloan with not_for_loan and
removes the older is_notforloan method and tests

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 4e6d9d13bf879593303eed8188bcfc615111519c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: Confirm return of not_for_loan in boolean context matches is_notforloan
Martin Renvoize [Mon, 22 Jul 2024 15:09:30 +0000 (16:09 +0100)]
Bug 28762: Confirm return of not_for_loan in boolean context matches is_notforloan

This patch is simply here to prove that is_notforloan is just
not_for_loan but in a boolean context.. we'll remove it in the next
patch.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0d5c224cc30a74a0b258bd3e929b82bbd3e2e088)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: (follow-up) Remove warning in tests
Martin Renvoize [Mon, 22 Jul 2024 12:29:06 +0000 (13:29 +0100)]
Bug 28762: (follow-up) Remove warning in tests

Looks like a recent bug introduced a superflous warning, we just clean
that up here whilst we're in the code.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e45a595996c69a980c47ea68102188ffea76c93f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: Unit tests for not_for_loan accessor
Martin Renvoize [Mon, 29 Jan 2024 10:46:07 +0000 (10:46 +0000)]
Bug 28762: Unit tests for not_for_loan accessor

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 99b800620e17f2cbeec2aa472d03e8106d3243af)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: Add test for new 'instructors' accessor
Martin Renvoize [Mon, 29 Jan 2024 09:41:08 +0000 (09:41 +0000)]
Bug 28762: Add test for new 'instructors' accessor

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit fdd6a019320788c47f38bef716ec752befe3d492)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: Move notforloan fallback into object
Martin Renvoize [Fri, 24 Sep 2021 09:25:53 +0000 (10:25 +0100)]
Bug 28762: Move notforloan fallback into object

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 294447d07e1a880e58dc28a458a1229dddf20767)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: Update item-status include
Martin Renvoize [Fri, 24 Sep 2021 07:39:52 +0000 (08:39 +0100)]
Bug 28762: Update item-status include

This patch updates the item-status include so that it expects just an
item object making if simpler and more widely re-usable.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8ff4d3740e92194fb5e3df0739af89d8ac2d4842)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: Use Koha::Course in course-details controller
Martin Renvoize [Thu, 23 Sep 2021 18:06:43 +0000 (19:06 +0100)]
Bug 28762: Use Koha::Course in course-details controller

This patch updates Koha::Course to include the 'instructors' relation
accessor and then update the course-details controller to use the
Koha::Course object and pass it to the template instead of building a
hash using GetCourse.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 7f38c77d091cd4192b039041bcc3a00a05e10583)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: (follow-up) fix template logic with Available
Lucas Gass [Wed, 8 Sep 2021 17:01:03 +0000 (17:01 +0000)]
Bug 28762: (follow-up) fix template logic with Available

Signed-off-by: Hayley Pelham <hayleypelham@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 316c14c1bf75cec6f3fcae61fa29a69223a292c6)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: handle notforloan better
Lucas Gass [Tue, 27 Jul 2021 21:45:12 +0000 (21:45 +0000)]
Bug 28762: handle notforloan better

Signed-off-by: Hayley Pelham <hayleypelham@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit e3e306efdb622f4c4857aa645c72c89320dac63d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 28762: add staff item-status.inc and better handle statues on course-details.tt
Lucas Gass [Tue, 27 Jul 2021 21:17:48 +0000 (21:17 +0000)]
Bug 28762: add staff item-status.inc and better handle statues on course-details.tt

This patch adds an item-status.inc to the staff side much like what is already in place on the OPAC.

To test:
1. create a course in course reserves, add an item to it.
2. confirm your item shows Available for its status on course-details.pl
3. edit your item to be withdrawn, lost, damaged, notforloan, and restricted use
4. reload course-details.pl, confirm it still shows available
5. apply patch
6. repeat step 3 with each of the statuses and make sure it correctly shows on course-details.pl

Signed-off-by: Hayley Pelham <hayleypelham@catalyst.net.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 38427cc357de46d60114ca308329c89f3220a9dd)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37374: (follow-up) Add csrf token and op to form
Martin Renvoize [Thu, 25 Jul 2024 09:54:36 +0000 (10:54 +0100)]
Bug 37374: (follow-up) Add csrf token and op to form

This patch adds a hidden op input and csrf token to the clubs hold
request form.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 83966f4273093dc2d31f13a81ed563c2d5b16dd6)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37374: Fix functionality of 'Place hold' button for club holds
Sam Lau [Mon, 22 Jul 2024 15:48:01 +0000 (15:48 +0000)]
Bug 37374: Fix functionality of 'Place hold' button for club holds

To test:
1) create a club
2) put 1 patron in your club
3) find a bib
4) Click Holds, then Clubs
5) search for your club, confirm hold detail
6) click Place Hold
7) nothing happens
8) Apply patch
9) Refresh page and click 'Place hold' again
10) Hold is properly placed

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0f7d3fab6cef893b3fa7c0bdb8e71c8f5b960b55)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 26866: Sort items table on additem by cn_cort
Brendan Lawlor [Mon, 22 Jul 2024 18:11:11 +0000 (18:11 +0000)]
Bug 26866: Sort items table on additem by cn_cort

This patch changes the data-order attribute for the item callnumber column
to use the item's cn_sort instead of the callnumber value.

Test plan:
1. Create a bib
2. Add three items with source of classification LLC
    call numbers:
    JC43 .G6 1890
    JC330 .F74 2000
    JC480 .R63 2006
4. On additem.pl sor the items table by 'Full call number'
5. Confirm the items are now ordered correctly by cn_sort
6. Confirm the other columns still sort correctly

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 033e9abc302d14b8edf83051af5b8f07c4314a61)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37302: (follow-up) Update yarn.lock
Martin Renvoize [Wed, 24 Jul 2024 06:49:18 +0000 (07:49 +0100)]
Bug 37302: (follow-up) Update yarn.lock

We were having some issues with package building because we missed the
update to the yarn.lock file here.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 5c8baafc6111d34c4804dbd5094d000215d14d88)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37302: Add swagger-cli to devDependancies
Martin Renvoize [Wed, 10 Jul 2024 10:26:09 +0000 (11:26 +0100)]
Bug 37302: Add swagger-cli to devDependancies

This patch adds swagger-cli 4.0.4+ to the devDependancies section of
package.json. This should ensure it gets installed when appropriate

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 86938e11fbdd3d9d3475d30a986aaef8912ea9c8)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37302: Set test to failed if swagger-cli missing
Martin Renvoize [Wed, 10 Jul 2024 10:12:56 +0000 (11:12 +0100)]
Bug 37302: Set test to failed if swagger-cli missing

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit be3924a70f1a610330c631175f01ac8f2cfd8f49)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37400 - In returns.pl don't search for a patron unless needed
Kyle M Hall [Thu, 18 Jul 2024 11:27:47 +0000 (07:27 -0400)]
Bug 37400 - In returns.pl don't search for a patron unless needed

In returns.pl we find a patron, then use it in an if statement.

Test Plan:
Cancel a hold with other holds remaining on the record.
No change should be noted.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 82535a488764be5437c47d38953eb0aea81ce4ee)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 36885: Fix Bootstrap tooltip on budget planning page
Owen Leonard [Thu, 16 May 2024 13:57:11 +0000 (13:57 +0000)]
Bug 36885: Fix Bootstrap tooltip on budget planning page

This patch finishes the process of adding a Bootstrap tooltip to the
listing of funds which are locked.

To test, apply the patch and go to Administration -> Budgets.

- Edit a budget and make it locked: Check the "Lock budget" checkbox and
  save.
- View the budget you locked.
- From the toolbar, click Planning -> Plan by months.
- In the table of funds, hover your mouse over a fund.
- You should see a Bootstrap-styled tooltip, "Fund locked."

Signed-off-by: David Nind <david@davidnind.com>
Bug 36885: (follow-up) Correct popup hint

Bug 36885: (follow-up) Remove tooltip from unlocked budgets (copy-paste error)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit deb9bf78b8197eeb90e2c9c9088104a0b91d498b)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37324: Self registration complete login form won't login user
Jan Kissig [Mon, 15 Jul 2024 11:01:39 +0000 (13:01 +0200)]
Bug 37324: Self registration complete login form won't login user

This patch fixes the self registration complete login form which appears after a complete self registration process.

To test:
a) open http://localhost:8081/cgi-bin/koha/admin/preferences.pl?op=search&searchfield=PatronSelfRegistrationDefaultCategory
b) set PatronSelfRegistration to allow
c) set PatronSelfRegistrationDefaultCategory to Self registration
d) logout or open a private tab
e) http://localhost:8080/cgi-bin/koha/opac-memberentry.pl and enter required fields
f) Registration complete! appears with a prefilled login form. Click Log in.
g) Check you are not logged in

apply patch and redo steps e-f and check that login worked.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0988be4a599209d4b8a72659c39198b060d28e6f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 29509: DBRev 24.05.03.002
Lucas Gass [Wed, 28 Aug 2024 19:57:42 +0000 (19:57 +0000)]
Bug 29509: DBRev 24.05.03.002

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 29509: (QA follow-up) Tidy atomic update
Kyle M Hall [Fri, 19 Jul 2024 13:54:44 +0000 (09:54 -0400)]
Bug 29509: (QA follow-up) Tidy atomic update

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0505531cde2e0513a2c8fbc3c91d18f9ae3a3a89)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 29509: (QA follow-up) Check top level permissions too
Martin Renvoize [Tue, 7 May 2024 13:18:04 +0000 (14:18 +0100)]
Bug 29509: (QA follow-up) Check top level permissions too

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 56c7c3782b2ceacbbd2777ec0f3fa9955e877d2c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 29509: Update swagger specification and add permissions to users
Martin Renvoize [Mon, 22 Jan 2024 16:49:56 +0000 (16:49 +0000)]
Bug 29509: Update swagger specification and add permissions to users

This patch removes the 'edit_borrowers', 'manage_bookings',
'lable_creator', 'routing' and 'order_manage' permissions from the list
of options in the patrons list endpoint.

We then assign the new 'list_borrowers' permission to any users who have
those removed permissions

Test plan
1) Apply patch and run the database update
2) Users with any of the permissions listed above should now also have
   the 'list_borrowers' permission too.
3) Check that patron searching continues to work from the various
   locations in the UI for the above affected users

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Incorporated second patch and removed 1<<4. 16 reads much better :)

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 85ea79c45b6f95baee9ec955c6c09046808771b5)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37399: Fix showing itemtype on holdings table
Emmi Takkinen [Thu, 18 Jul 2024 09:34:12 +0000 (12:34 +0300)]
Bug 37399: Fix showing itemtype on holdings table

If syspref "noItemTypeImages" is disabled, holdings table won't display
itemtype column. This patch fixes this.

To reproduce:
1. Enable syspref "noItemTypeImages".
2. Find biblio with items.
   => Note that itemtype column is displayed on holdings table.
3. Disable syspref "noItemTypeImages".
   => Itemtype column is no longer displayed on holdings table.
4. Apply this patch.
   => Now column should be displayed correctly.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 313f7e86b8b9bb063d07be292dd352c2f889fa99)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37226: append a random number to the `id` attribute of each <li>
Andreas Roussos [Mon, 1 Jul 2024 14:27:42 +0000 (14:27 +0000)]
Bug 37226: append a random number to the `id` attribute of each <li>

When you view the authority details page for a term that contains more
than one terms with broader relationship, clicking on the expand/collapse
arrows next to the top-level terms in the hierarchy tree will not work
properly, i.e. *only one* broader term will show the narrower term under
it at any given time.

This is affecting both the OPAC and the Staff interface.

This is happening because in the HTML source of the page the individual
<li> elements associated with each node do not have unique `id` values,
which confuses the JavaScript library (jsTree) responsible for rendering
the hierarchy tree.

This patch fixes that by appending a random number to each `id` attribute.

Test plan:

0) Enable the AuthDisplayHierarchy System Preference (set to 'Show').

1) Copy the provided MARC21 Authority sample data (sample-data.mrc)
   to your KTD Koha container (it must have MARC21 marc flavour):

   docker cp sample-data.mrc koha-koha-1:/kohadevbox/

2) Import the provided authorities (the sample file contains three
   Geographic Name records):

   WARNING! the --delete switch is passed to bulkmarcimport.pl
   WARNING! this will erase any authority data you have in your instance!
   (this is done to retain the broader/narrower authid associations)

   misc/migration_tools/bulkmarcimport.pl --authorities --file=/kohadevbox/sample-data.mrc --verbose -c=MARC21 --delete -m=ISO2709

3) Visit the authority details page for 'Athens' in OPAC/Staff:

   http://localhost:8080/cgi-bin/koha/opac-authoritiesdetail.pl?authid=3
   http://localhost:8081/cgi-bin/koha/authorities/detail.pl?authid=3

   In the authority hierarchy tree, click the arrows next to 'Europe'
   and 'Greece' to expand and show the narrower term: notice how only
   one item works at any given time.

4) Apply the patch.

5) Repeat step 3) (refresh the pages) -- this time you should be able
   to view 'Athens' as a narrower term of both 'Europe' and 'Greece'
   at the same time.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 24e54b1fd4b241a0d5723ff7ec97b2fe9645d577)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37343: Fixed search for vendors when transferring an item in acquistions
Eric Garcia [Tue, 16 Jul 2024 17:00:43 +0000 (17:00 +0000)]
Bug 37343: Fixed search for vendors when transferring an item in acquistions

To test:
1. Have several vendors in acquistions
2. Add a basket and click "+Add to basket"
3. I used an mrc file to add an order from a new file
4. Stage for import -> add staged files to basket
5. Select the items and choose an item type
6. In the Orders table click 'Transfer' under the 'Modify' column
7. Try searching for vendors, nothing happens.
8. Apply patch restart_all
9. Click 'Transfer' again and try searching for vendors.
10. Notice vendors appear

NOTE:
Vendor search is a GET operation not POST. Use 'do_search' instead of 'cud-do_search'.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 54575f3c30f6eab9adf2078ffcb92cee05a987dc)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 29087: (QA follow-up): Fix QA tests
Matt Blenkinsop [Fri, 28 Jun 2024 13:53:10 +0000 (13:53 +0000)]
Bug 29087: (QA follow-up): Fix QA tests

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Conform BZ comment31
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 7f5e1fac86bf7eaa3f217a8e41cc4522e7fe9c3c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 29087: Add unit tests
Matt Blenkinsop [Tue, 16 Apr 2024 12:47:16 +0000 (12:47 +0000)]
Bug 29087: Add unit tests

prove t/db_dependent/Koha/Items.t

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 44d3762a6921a323443ca56996fc55d5e96cc9b8)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 29087: Prevent filter_by_for_hold to crash if default holdallowed is not_allowed
Jonathan Druart [Fri, 19 Nov 2021 12:27:44 +0000 (13:27 +0100)]
Bug 29087: Prevent filter_by_for_hold to crash if default holdallowed is not_allowed

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8c804c17493ecc9cb993c5434644c1b2a860bae3)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37260: Check message broker for both 'about' and 'sysinfo' tabs
Pedro Amorim [Fri, 5 Jul 2024 13:28:24 +0000 (13:28 +0000)]
Bug 37260: Check message broker for both 'about' and 'sysinfo' tabs

Test plan:
1) Apply test patch only
2) Visit <staff_url>/cgi-bin/koha/about.pl
3) Notice it shows 'Using RabbitMQ' (it should show 'Using SQL polling')
4) Apply this patch, repeat 3)
5) Notice it now shows 'Using SQL polling'
6) Remove test patch. Notice it shows 'Using RabbitMQ' again.
7) Repeat test plan but for /cgi-bin/koha/about.pl?tab=sysinfo tab

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6a321c6ee44413e1e3601d1d9fcd727788e2bb3f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37111: Fix renew link on opac-user.tt
Lucas Gass [Tue, 18 Jun 2024 19:34:52 +0000 (19:34 +0000)]
Bug 37111: Fix renew link on opac-user.tt

To test:
1. Check some items out to a patron
2. Set the username and apssword for the patron so that you can log in as that patron.
3. Log in to the OAPC as that patron.
4. Go to Your account > Summary (the default landing page after you log in).
5. Click "Renew" for one of the items.
6. You get the error as above.
7. APPLY PATCH
8. Try steps 1 -5 again, you should not get an error.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Alexander Wagner <alexander.wagner@desy.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 58838fc263ecc9a843c94520e373030c77fc4eed)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37111: Add submit-form asset to OPAC assets
Lucas Gass [Tue, 18 Jun 2024 19:34:24 +0000 (19:34 +0000)]
Bug 37111: Add submit-form asset to OPAC assets

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Alexander Wagner <alexander.wagner@desy.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6c56d3d90b92a4ca6f7120a187adb35d3e6fd914)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37371: Move Maskito instantiation to onReady ( OPAC )
Lucas Gass [Wed, 17 Jul 2024 15:10:24 +0000 (15:10 +0000)]
Bug 37371: Move Maskito instantiation to onReady ( OPAC )

To test:
1. Find a any date picker in Koha, like DOB in the patron record.
2. Add a date, either manually or using the date picker.
3. Once there is a date like 07/15/2024 try to edit only part of the
   date, or the '15'.
4. The date easily becomes malformed.
5. APPLY PATCHSET, maybe clear your browser cache too
6. Try directly inputing dates. I would suggest the following places:

-Patron record DOB
-Specify due date on circ/circulation.pl as this includes time
-Add item screen, this is the dateaccessioned plugin
-OPAC self reg/self modify

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit bae3203f700cdac634b5bd3c65e02902c8ae50bf)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37371: Move Maskito init to onReady in dateaccessioned.pl
Lucas Gass [Wed, 17 Jul 2024 14:58:14 +0000 (14:58 +0000)]
Bug 37371: Move Maskito init to onReady in dateaccessioned.pl

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit f723c33d480dbd1883fa32dc85e6cc0bd8a5c0a0)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37371: Set overwrite mode to replace
Lucas Gass [Wed, 17 Jul 2024 14:50:42 +0000 (14:50 +0000)]
Bug 37371: Set overwrite mode to replace

In our case I think overwriteMode needs to be set to replace:

https://maskito.dev/core-concepts/overwrite-mode
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0f04c9a26afe02824e1c3b213a4c0f8ad212278c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37371: Move Maskito instantiation to onReady
Martin Renvoize [Wed, 17 Jul 2024 14:08:58 +0000 (15:08 +0100)]
Bug 37371: Move Maskito instantiation to onReady

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 7e1de5b5574bf09cdc9c4f83f6f0acd916c6d6cf)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37216: DBRev 24.05.03.001
Lucas Gass [Wed, 28 Aug 2024 19:25:41 +0000 (19:25 +0000)]
Bug 37216: DBRev 24.05.03.001

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37216: (follow-up) Clear invalid value
Emily Lamancusa [Fri, 28 Jun 2024 21:02:50 +0000 (17:02 -0400)]
Bug 37216: (follow-up) Clear invalid value

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 37683ffd695f6cc0c356325e8b9f2c2a516e1477)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37216: (QA follow-up) Add update to set existing options
Martin Renvoize [Fri, 28 Jun 2024 15:03:03 +0000 (16:03 +0100)]
Bug 37216: (QA follow-up) Add update to set existing options

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit fbcdce5e0a00da4eb8884a7786ead92db966ad16)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoBug 37216: Fix SQL for EmailFieldSelection
Emily Lamancusa [Thu, 27 Jun 2024 20:27:37 +0000 (16:27 -0400)]
Bug 37216: Fix SQL for EmailFieldSelection

Test plan:
Part A: New installation
1. Start a fresh test instance
2. Set EmailFieldPrimary to "selected addresses", and do not touch
    EmailFieldSelection
3. Edit a patron to ensure the following fields are set:
   - Primary email
   - Secondary email
   - Alternate email
   - Enable email notices for item checkout
4. Attempt to check an item out to that patron
--> Koha explodes!
5. Apply patch
6. reset_all
7. Repeat steps 2-4
--> Checkout succeeds!
8. Ensure test plan for bug 12802 still passes

Part B: Upgraded installation
1. Start a fresh test instance at version 23.11
2. Switch to main
3. Install database update
4. Set EmailFieldPrimary to "selected addresses", and do not touch
    EmailFieldSelection
5. Edit a patron to ensure the following fields are set:
   - Primary email
   - Secondary email
   - Alternate email
   - Enable email notices for item checkout
6. Attempt to check an item out to that patron
--> Koha explodes!
7. Go back to 23.11 and reset_all
8. Switch to main and apply patch
9. Repeat steps 4-6
--> Checkout succeeds!
10. Ensure test plan for bug 12802 still passes

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 89a0c62da407e5981f7bc30b12691f0a1546905d)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 months agoUpdate release notes for 24.05.03 release v24.05.03
Tomas Cohen Arazi [Mon, 12 Aug 2024 18:28:19 +0000 (15:28 -0300)]
Update release notes for 24.05.03 release

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoIncrement version for 24.05.03 release
Tomas Cohen Arazi [Mon, 12 Aug 2024 18:18:08 +0000 (15:18 -0300)]
Increment version for 24.05.03 release

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: Don't return Internal server error when running report
Nick Clemens [Mon, 12 Aug 2024 12:10:12 +0000 (12:10 +0000)]
Bug 37508: Don't return Internal server error when running report

To test:
1 - Create a report like:
SELECT "a"
FROM borrowers
WHERE <<Test>> != ''
2 - Run report
3 - Enter "password"
4 - Internal server error / stacktrace
5 - Apply patch
6 - Repeat
7 - Get a yellow warning box

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: (QA follow-up) Use ->check_columns
Marcel de Rooy [Fri, 9 Aug 2024 09:56:11 +0000 (09:56 +0000)]
Bug 37508: (QA follow-up) Use ->check_columns

Add shebang to Guided.t too.

Test plan:
See also previous commits.
Try sql like:
  select access_token from oauth_access_tokens

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: (QA follow-up) Move check to Koha::Report, extend
Marcel de Rooy [Fri, 9 Aug 2024 09:50:44 +0000 (09:50 +0000)]
Bug 37508: (QA follow-up) Move check to Koha::Report, extend

Do not allow password but allow password_expiry_days etc.
Do not allow token, secret and uuid too.

Test plan:
Run t/db_dependent/Koha/Reports.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: (follow-up) Don't pass the column or sql containing password
Aleisha Amohia [Thu, 8 Aug 2024 23:53:47 +0000 (23:53 +0000)]
Bug 37508: (follow-up) Don't pass the column or sql containing password

This patch replaces these variables with a non-translatable message.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: (follow-up) Throw error is password is in SQL query at all
Aleisha Amohia [Wed, 7 Aug 2024 04:37:25 +0000 (04:37 +0000)]
Bug 37508: (follow-up) Throw error is password is in SQL query at all

Confirm tests pass t/db_dependent/Reports/Guided.t

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: Test for errors when returning an aliased password column
David Cook [Wed, 7 Aug 2024 01:15:10 +0000 (01:15 +0000)]
Bug 37508: Test for errors when returning an aliased password column

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: Throw error if password column is detected in SQL report
Aleisha Amohia [Mon, 29 Jul 2024 03:53:06 +0000 (03:53 +0000)]
Bug 37508: Throw error if password column is detected in SQL report

This enhancement prevents SQL queries from being run if they would return a password field from the database table.

To test:

1. Run tests and notice they fail t/db_dependent/Reports/Guided.t

2. Apply patch and restart services

3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t

Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37370: Return 400 if OpacExportOptions does not contain the passed format
Tomas Cohen Arazi [Tue, 16 Jul 2024 15:43:39 +0000 (12:43 -0300)]
Bug 37370: Return 400 if OpacExportOptions does not contain the passed format

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a164c51d78f375d9d660e2c079cc7e05d2d1d326)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37466: Add correct filter for sort_by in results.tt
David Cook [Thu, 25 Jul 2024 06:44:37 +0000 (06:44 +0000)]
Bug 37466: Add correct filter for sort_by in results.tt

This patch replaces the $raw filter with the correct uri filter
for the sort_by in results.tt

Test plan:
1. Apply patch
2. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=1
3. Click on "Edit this search"
4. Note that the "Popularity (most to least)" Sort by option is selected
5. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=24y24ty2498294t9824yt9y23
6. Click on "Edit this search"
7. Note that the "Popularity (most to least)" Sort by option is selected

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5148e05d408b43c0eb330683ffa4c26c90faa696)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37464: Validate "type" sent to barcode/svc
David Cook [Thu, 25 Jul 2024 06:56:18 +0000 (06:56 +0000)]
Bug 37464: Validate "type" sent to barcode/svc

This change validates the "type" sent to the barcode/svc. Without this
change, we pass the user input directly to GD::Barcode, which passes
the input into an eval{} block without any validation of its own.

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=bad&barcode=123456
3. Note that a Code39 barcode is provided for an invalid type
4. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=Code39&barcode=123456
5. Note that a Code39 barcode is provided
6. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=UPCE&barcode=123456
7. Note that a non-Code39 barcode is provided (presumably UPCE)

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 73b0c3cf621250008845f22f7a36f90a48e00b06)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37488: Validate paths in datalink.txt/idlink.txt files
David Cook [Fri, 26 Jul 2024 04:01:43 +0000 (04:01 +0000)]
Bug 37488: Validate paths in datalink.txt/idlink.txt files

This change validates the paths in datalink.txt/idlink.txt,
so that only images in the unpacked archive directory are allowed

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Create a datalink.txt file with the following:
42,selfie.jpg
3. Create a jpeg at selfie.jpg
4. ZIP the datalink.txt and selfie.jpg files
5. Upload to the "Upload patron images" tool
(after enabling the "patronimages" system preference)
6. Note that the image uploads correctly

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8fcb767fe2836c90ceacb5b5d8211524571eb8aa)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37323: Tidy
David Cook [Fri, 26 Jul 2024 03:27:22 +0000 (03:27 +0000)]
Bug 37323: Tidy

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 579c28c764257a250c12aa11207772c074c1335e)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37323: Don't allow symlinks in link files in zip and validate filepaths
Chris Cormack [Thu, 18 Jul 2024 23:57:32 +0000 (23:57 +0000)]
Bug 37323: Don't allow symlinks in link files in zip and validate filepaths

Test plan:
0. Apply patch and restart/reload Koha
1. Test that uploading a patron image still works, in single file format and as a zip

Work as suggested

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9bc0521493fbe2f9fe0dde051d0b2f52c8a14a9a)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37323: Escape characters in patron image picture upload
Amit Gupta [Thu, 11 Jul 2024 17:43:06 +0000 (23:13 +0530)]
Bug 37323: Escape characters in patron image picture upload

To Test
1. Create a file name for example: test.zip`curl xxxxtesting.informaticsglobal.com`.zip
   where the domain is one you can watch the logs from.
2. Go to Tools and click on Upload patron images choose option zip file and upload the file.
3. Check /var/log/apache2/access.log and see the curl with the IP
   "xx.xxx.xx.xxx - - [11/Jul/2024:23:10:33 +0530] "GET / HTTP/1.1" 200 267 "-" "curl/7.68.0"
4. Apply the patch
5. Repeat 2 and 3 step and check no error is coming for the Remote execution error.
6. Test uploading actual zip file and images still works.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5c931e00f73e91467581fd29721e5af8d7fa98ab)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37255: Fix handling of "All" values on waiting hold cancellation policy
Emmi Takkinen [Thu, 4 Jul 2024 11:23:31 +0000 (14:23 +0300)]
Bug 37255: Fix handling of "All" values on waiting hold cancellation policy

If one creates a default waiting hold cancellation policy with
patron categories set as "All" and itemtype set as "All", Koha
breaks on 500 error. This happens because in we try to match
template policy with "All" values either in category or itemtype
with *, not undef. This patch fixes this.

To test:
1. Create a new default waiting hold cancellation policy and
set both patron category and itemtype as "All".
2. Save policy.
=> Error page for error 500 is displayed.
3. Apply this patch.
4. Reload page.
=> Page is displayed and policy listing displays new policy
as it should.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37533: Fix query in orderreceive.tt
Andreas Jonsson [Wed, 31 Jul 2024 09:06:02 +0000 (09:06 +0000)]
Bug 37533: Fix query in orderreceive.tt

The new validation in the REST API will no longer allow
the operator "in".  Consequently, it has to be replaced
with the allowed "-in".

Test plan:

 * Open an invoice and click "Go to receipt page" and
   on any basket click "receive" and make sure the dialog
   box appears.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
3 months agoGenerate release notes for 24.05.02 release v24.05.02
Lucas Gass [Thu, 25 Jul 2024 17:32:03 +0000 (17:32 +0000)]
Generate release notes for 24.05.02 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
3 months agoIncrement version for the 24.05.02 release
Lucas Gass [Thu, 25 Jul 2024 17:09:20 +0000 (17:09 +0000)]
Increment version for the 24.05.02 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
3 months agoBug 37210: Properly escape SQL query parameters by using bind values
Julian Maurice [Tue, 2 Jul 2024 14:32:32 +0000 (16:32 +0200)]
Bug 37210: Properly escape SQL query parameters by using bind values

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
3 months agoBug 37210: Escape single quote in search string in overdue.pl
Hammat Wele [Thu, 27 Jun 2024 14:09:04 +0000 (14:09 +0000)]
Bug 37210: Escape single quote in search string in overdue.pl

To Test:
1. Go to /cgi-bin/koha/circ/overdue.pl
2. In the «Name or card number» field, type «Tommy'and(select(0)from(select(sleep(10)))v)and'»
3. Apply the filter
   ==> It takes 10 seconds, sleep(10) is executed
4. Inspect the page, in «Patron category:» field, put «Tommy'and(select(0)from(select(sleep(10)))v)and'» in one of his option's value
5. select the option from the filter and Apply the filter
   ==> It takes 10 seconds, sleep(10) is executed
we can inject SQL to the followin field : borname, itemtype, borcat, holdingbranch, homebranch and branch
6. Apply the patch
7. Repeat step 1,2,3
   ==> it doesn't take 10 seconds, the injected sql is not executed
8. Repeat step 5
==> it doesn't take 10 seconds, the injected sql is not executed
9. Repeat step 5 with the followin field : itemtype, holdingbranch, homebranch and branch
   ==> it doesn't take 10 seconds, the injected sql is not executed

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
3 months agoBug 36481: (follow-up) Add missing library_id parameter
Martin Renvoize [Mon, 22 Jul 2024 13:49:31 +0000 (14:49 +0100)]
Bug 36481: (follow-up) Add missing library_id parameter

The /libraries/{library_id}/cash_registers endpoint was missing the
library_id parameter definition from the swagger specification.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 466d38f18d43e968f3b69562c1ee018177953681)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
3 months agoBug 36480: (follow-up) Add missing library_id parameter
Martin Renvoize [Mon, 22 Jul 2024 13:52:29 +0000 (14:52 +0100)]
Bug 36480: (follow-up) Add missing library_id parameter

The /libraries/{library_id}/desks endpoint was missing the
library_id parameter definition from the swagger specification.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6aadc4a42308815803ac77c124ac4e778141e349)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
3 months agoBug 37018: Add 400 response definition to all routes
Tomas Cohen Arazi [Mon, 8 Jul 2024 20:21:25 +0000 (17:21 -0300)]
Bug 37018: Add 400 response definition to all routes

This patch adds a test for well defined 400 responses on all verbs and
paths on the API spec.

The tests verify:

* Presence of 400 response definition
* The description must start with 'Bad request' (needs coding guideline)
* If DBIC queries are allowed on the route, then `invalid_query` needs
  to be mentioned in the description.

All routes get fixed to make the tests pass.

To test:
1. Apply this patch
2. Run:
   $ ktd --shell
  k$ yarn api:bundle
  k$ prove xt/api.t
=> SUCCESS: Tests pass!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
3 months agoBug 37018: Clarify operators
Martin Renvoize [Wed, 10 Jul 2024 08:39:33 +0000 (09:39 +0100)]
Bug 37018: Clarify operators

This patch clarifies the list of operators both in the validate routine
and in the swagger descrption block where we document this feature for
the end user.

JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
3 months agoBug 37018: Silence useless warning
Tomas Cohen Arazi [Mon, 8 Jul 2024 20:30:01 +0000 (17:30 -0300)]
Bug 37018: Silence useless warning

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>