]> git.koha-community.org Git - koha.git/log
koha.git
5 months agoBug 31286: (QA follow-up): tidy up code
Victor Grousset/tuxayo [Thu, 8 Feb 2024 03:56:47 +0000 (04:56 +0100)]
Bug 31286: (QA follow-up): tidy up code

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2172c37837c72024d6f8481b434779ebf56a98fc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 31286: Embed see-from headings into bibliographic records export
Fridolin Somers [Wed, 3 Aug 2022 01:17:25 +0000 (15:17 -1000)]
Bug 31286: Embed see-from headings into bibliographic records export

In misc/export_records.pl add an option to add see-from headings (from authorities 4xx) into bibliographic records export.
Like it is done during record indexing.

Test plan :
1) Choose a biblio record having a field (for example 650) linked to an authority with a see-form.
2) Export this record without see-from headings :
   misc/export_records.pl --starting_biblionumber=X --ending_biblionumber=X --filename /tmp/record_without.xml --format xml
3) Export this record with see-from headings :
   misc/export_records.pl --starting_biblionumber=X --ending_biblionumber=X --filename /tmp/record_with.xml --format xml --embed_see_from_headings
4) Compare /tmp/record_without.xml and /tmp/record_with.xml
=> you should see two 650, one with main heading and one with see-from heading

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit fd70ee6a9411d9f320c6f609415d74dd38a0116f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 35457: Move SerialsDefaultEMailAddress and SerialsDefaultReplyTo to serials prefe...
Caroline Cyr La Rose [Fri, 26 Jan 2024 14:48:34 +0000 (09:48 -0500)]
Bug 35457: Move SerialsDefaultEMailAddress and SerialsDefaultReplyTo to serials preferences

This patch moved the SerialsDefaultEMailAddress system preference and
the SerialsDefaultReplyTo system preference to the Serials preferences.

To test:
1. Apply patch
2. Go to Administration > System preferences > Acquisitions
   --> SerialsDefaultEMailAddress and SerialsDefaultReplyTo should not
   be there
3. Go to Administration > System preferences > Serials
   --> There should be a new section called "Notifications" with
   the two system preferences

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e5d1fb041dd6012eb76a2a2fefb98a2f28f425ee)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36030: acqui/basket: Do not place hold on deleted biblio
Marcel de Rooy [Thu, 8 Feb 2024 10:42:53 +0000 (10:42 +0000)]
Bug 36030: acqui/basket: Do not place hold on deleted biblio

Trivial fix.

Test plan:
Find a deleted biblio record in ACQ (in active orders part) and
verify that there is no Place hold option on that row.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit faee93aef666fa04956e14969b069da8874d23c8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 34663: Errors in UNIMARC default framework
Caroline Cyr La Rose [Wed, 21 Feb 2024 20:02:17 +0000 (15:02 -0500)]
Bug 34663: Errors in UNIMARC default framework

This patch corrects the default UNIMARC bibliographic framework to
place all the 4XX subfields in tab 4.

To test:
1. Go to Administration > MARC Bibliographic framework test
   --> There should be errors indicating subfields from 4XX fields
       are in tabs 3 and 4
2. Apply patch and reset_all
3. Redo step 1
   --> It should now say that all subfields for each tag are in the
       same tab (or ignored)

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 49a7950f38729c54196fbb839a170ce1f958ae6d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36371: Check if patron attribute is defined in circ-menu.inc
Brendan Lawlor [Fri, 22 Mar 2024 17:25:20 +0000 (17:25 +0000)]
Bug 36371: Check if patron attribute is defined in circ-menu.inc

This patch changes the conditional that determines if a patron attribute is displayed in the patron brief info. Instead of checking the value of the attribute we should check if the attribute is defined.

To test:
1. Create a patron attribute, eg. party_mode, check 'display in patron's brief info' and tie to the YES_NO authorised value.
2. Find a patron and set your attribute to Yes
3. Confirm you see the attribute and its value both in the "Additional attributes and identifiers" section of the patron detail page and in the patron brief info area
4. Set your attribute to No
5. Confirm you see the attribute and its value in "Additional attributes and identifiers" but it no longer shows in the brief info
6. Apply patch and restart_all
7. Notice that your attribute now displays in the brief info, such as Party mode: No
8. Set the attribute to the first empty option
9. Check the patron record brief info to confirm that the attribute does not display when the value is empty.

Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 93d3b0b0f75e1d7377ea31c72118ea1376f67b96)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 30554: Embelished MARC21 XSLT example
Martin Renvoize [Fri, 26 Jan 2024 12:44:21 +0000 (12:44 +0000)]
Bug 30554: Embelished MARC21 XSLT example

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2ad4c93cdcfb5605bee4165b7d6037f8587c7d7c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 30554: Use XSLT (if enabled) in authority search cataloguing plugin
jeremy breuillard [Fri, 15 Apr 2022 14:51:14 +0000 (16:51 +0200)]
Bug 30554: Use XSLT (if enabled) in authority search cataloguing plugin

Test plan:
1. Set AuthorityXSLTResultsDisplay to a valid XSL file (see bug 30554
   attachments, there is an example XSL file)
2. Go to the bibliographic record editor (edit an existing one or create
   a new one)
3. Find a field linked to authorities and open the plugin
4. Start a search and verify that the results are displayed using the
   XSLT output (if using the example file it should be a link saying
   "Authority #<authid>")

Sponsored-by: Écoles nationales supérieure d'architecture (ENSA)
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 01e2a6d983c272120ec0579536e23eed2b046a62)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 35621: Map ÿ to y for searching (Non-ICU)
Nick Clemens [Wed, 20 Dec 2023 19:06:57 +0000 (19:06 +0000)]
Bug 35621: Map ÿ to y for searching (Non-ICU)

To test:
1 - Find or add a record with title: Chevilly-Larue, L'Haÿ-les-Roses, Fresnes, Rungis [par] Sté éditions et de publicité L.F.B.
2 - Search for 'L'Hay-les-Roses'
3 - No results
4 - Apply patch, copy the file:
    sudo cp /kohadevbox/koha/etc/zebradb/etc/word-phrase-utf.chr /etc/koha/zebradb/etc/word-phrase-utf.chr
5 - Restart all, Reindex
    restart_all
    sudo koha-rebuild-zebra -v -f kohadev
6 - Search again
7 - Success!

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1412f6c65b011ef79f955f75c812e3f7f1a9fce0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 35034: Add parameter that links titles to their records
Laura Escamilla [Tue, 5 Dec 2023 14:57:58 +0000 (14:57 +0000)]
Bug 35034: Add parameter that links titles to their records

To recreate:
1.  Select two items from the catalog and begin a merge.
2. Notice that the title of the items, their biblionumber and a
   hyperlink to their MARC record is available.
3. Apply the patch and refresh the page. The biblionumber for each title
   is now hyperlinked and leads to the item’s bib records.
4. Sign off and have a great day :)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit fcbb5fceb8d759eecfbc13b88397c205f3a66eb3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 35444: Add hidden span with information about the loggedinuser categorycode
Lucas Gass [Wed, 29 Nov 2023 23:19:12 +0000 (23:19 +0000)]
Bug 35444: Add hidden span with information about the loggedinuser categorycode

To test:
1. APPLY PATCH
2. Log into the staff interface and use the browser's dev tools to look
   for the HTML class 'loggedincategorycode'. It should match the
   current logged in user's categorycode.
3. You could also use a console.log like so:

console.log( $('.loggedincategorycode').text() );

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4a4032745293af7a3fec97c44c61b11c94e0edf7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36790: List table columns for 230600052 queries
Jonathan Druart [Mon, 6 May 2024 10:58:33 +0000 (12:58 +0200)]
Bug 36790: List table columns for 230600052 queries

We must list the columns, or the db rev will fail when a new column is
added. It happened here when 33478 added 'style'

Also remove id and dates

To test:
1. On current main, run:
   $ ktd --shell
  k$ perl /kohadevbox/misc4dev/run_tests.pl --koha-dir=. --run-db-upgrade-only
=> FAIL: Tests explode for DB query issues
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests pass!
4. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit ff183612043b8f37d74fbbd9c306a54c48329d99)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 35531: Add context for translating gender option "Other"
Katrin Fischer [Sun, 10 Dec 2023 15:45:28 +0000 (15:45 +0000)]
Bug 35531: Add context for translating gender option "Other"

To test:
* Apply patch
* Verify the option "Other" for gender is correctly displayed when:
  * Editing a patron record in the staff interface
  * Viewing the 'Details' tab of a patron in staff interface
  * Triggering a "duplicate" patron warning and looking at the details
    of the existing patron record
  * Self registering a patron in the OPAC
  * Viewing 'Personal details' tab in the OPAC for a registered patron
* If you are using ktd, run: gulp po:update --lang de-DE
* Verify string "gender" appears with the occurences of "Other"and
  "Other:" in
  misc/translator/Koha-messages.pot

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5f6c0f0c3e896f72c086bfacec1501ee3d72fbe0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 35943: Fix group/subgroup filtering of saved reports
Julian Maurice [Tue, 30 Jan 2024 14:13:47 +0000 (15:13 +0100)]
Bug 35943: Fix group/subgroup filtering of saved reports

Use code instead of name for filtering and escape regexp special
characters.

This patch also disables datatables' smart filtering as it is not
recommended to use with regexp filtering

https://datatables.net/reference/api/search()

Test plan:
1. Create a report in a group named "Foo + Bar" and in a subgroup named
   "Baz + Quux"
2. Create other reports in group "Foo + Bar" but in other subgroups, as
   well as in other groups. This is useful to see the effect of
   filtering
3. Go to the saved reports page and verify that navigating between tabs
   have the desired result. Same for the subgroup select

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit de91b2e5d9dbff8c43a5090828397583bd397dc1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 35768: Show 'Used in' records link for results in cataloguing authority plugin...
Aleisha Amohia [Fri, 5 Mar 2021 01:05:09 +0000 (14:05 +1300)]
Bug 35768: Show 'Used in' records link for results in cataloguing authority plugin search

To test:

1. Edit a biblio record
2. Go to the 100 tab and click the plugin launcher icon for an author
   tag i.e. next to 100$a
3. Search for an authority and observe the results
4. Notice that the number of times this authority has been "Used" in a
   record is now a link, and clicking it does a search showing those
   records.

Sponsored-by: Education Services Australia SCIS
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 553126e5a3fc59c988185a26562ab02fc2c84619)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 35857: Update authority search pop-up windows with consistent footer markup
Owen Leonard [Fri, 26 Jan 2024 18:35:50 +0000 (18:35 +0000)]
Bug 35857: Update authority search pop-up windows with consistent footer markup

This patch updates the cataloging authority finder template in order to
style submission and close buttons in a fixed footer at the bottom of
the pop-up window, with markup consistent with other pop-up windows.

Some inline CSS has been removed in favor of styling the "Clear" button
like a default button. Unrelated, "No results found" message has been
wrapped in a "dialog message" div for consistency's sake.

To test, apply the patch and go to Cataloging -> New record.

- In the "Add MARC record" form, locate a tag which is linked to an
  authority type, e.g. 100$a.
- Click the icon to the right of the field to trigger the authority
  search window.
- There should be a fixed footer in the pop-up window with buttons for
  "Submit," "Clear form," and "Close window." Test that each behave
  correctly.
  - The search results view should have the same footer.
  - Clicking "Choose" from the search results should close the window
    and populate the MARC tag with the correct authority data.

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f49f76d60a7ee7dfd370aca53f76a867aa142f29)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36494: Flatpickr error on checkout page if the patron is blocked from checking out
Owen Leonard [Tue, 2 Apr 2024 17:03:21 +0000 (17:03 +0000)]
Bug 36494: Flatpickr error on checkout page if the patron is blocked from checking out

This patch add some error-handling to the recent change to
circulation.tt where we handle dates and on-site checkouts. This
prevents an error in the console when the patron is blocked and the
"specify due date" field is hidden.

To test, apply the patch and make sure OnSiteCheckouts is enabled.

- Go to Circulation and check out to a patron.
- Under the restrictions tab, add a manual restriction.
- When the page reloads and the checkout form is no longer visible,
  confirm that there is no error in the browser console.

Confirm that the Bug 18885 test plan still works.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit cc15deb0011fe2e816428451e442a10f144974e1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 18885: Specify due date behavior according to on-site checkbox
Thibaud Guillot [Tue, 31 Oct 2023 12:57:00 +0000 (13:57 +0100)]
Bug 18885: Specify due date behavior according to on-site checkbox

When a on-site checkout is performed a date is automatically added but
if you unchecked the date remains. Even with OnSiteCheckoutAutoCheck
syspref

Test plan:
1) Do an on-site checkout by clicking on checkbox and see date added
2) Unchecked and see that the date remains on input
3) Do another test with OnSiteCheckoutAutoCheck enabled
4) Apply this patch and repeat actions

Normally now its works correctly

Signed-off-by: tuxayo <victor@tuxayo.net>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit ec8897377e4179461b8d0495f1495fccbd0820db)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36033: DBRev 23.11.05.001
Katrin Fischer [Fri, 22 Mar 2024 08:55:09 +0000 (08:55 +0000)]
Bug 36033: DBRev 23.11.05.001

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 6a6db6aa7c1ae2c7338043a31d2df04acb06f341)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36033: Add more indexes to table pseudonymized_transactions
Fridolin Somers [Thu, 8 Feb 2024 09:25:12 +0000 (10:25 +0100)]
Bug 36033: Add more indexes to table pseudonymized_transactions

Table pseudonymized_transactions contains :
  KEY `pseudonymized_transactions_ibfk_1` (`categorycode`),
  KEY `pseudonymized_transactions_borrowers_ibfk_2` (`branchcode`),
  KEY `pseudonymized_transactions_borrowers_ibfk_3` (`transaction_branchcode`)

To improve SQL queries performance, it needs more indexes, specially on itemnumber.

Looking at table statistics :
  KEY `timeidx` (`datetime`),
  KEY `branch_idx` (`branch`),
  KEY `type_idx` (`type`),
  KEY `itemnumber_idx` (`itemnumber`),

So index is need on pseudonymized_transactions columns :
itemnumber => For join with table items
transaction_type => For filter on type issue, return ...
datetime => For filter on date, this will help cleanup script

Test plan :
1) Run updatedatabase.pl
2) Check indexes are created in table pseudonymized_transactions
3) Run SQL query :
   describe select * from pseudonymized_transactions join items using(itemnumber)
   where transaction_type='issue' and datetime < date_sub(curdate(), INTERVAL 30 DAY)
=> You see the 3 new indexes used in 'possible_keys'.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0573d01eaa2da7e0b53fd24054e5a3d4e0c2b056)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36321: Problem when dateexpiry in BorrowerUnwantedField
Fridolin Somers [Thu, 14 Mar 2024 15:37:21 +0000 (16:37 +0100)]
Bug 36321: Problem when dateexpiry in BorrowerUnwantedField

hen dateexpiry is in BorrowerUnwantedField it is hidden in patron edition form.
The problem is when editing an existing patron the value is re-computed with category settings, as if it where empty.

This comes from all fields in BorrowerUnwantedField beeing removed from %newdata in memberentry.pl.
Whe must skip dateexpiry.

Test plan :
1) Be sure dateexpiry is not in BorrowerUnwantedField
2) Define a patron category with enrollment period 12 month
3) Create a new patron in this category
4) Its expiration date is in now + 12 month
5) Edit the patron category to set enrollment period 6 month
6) Add dateexpiry in BorrowerUnwantedField
7) Edit the patron and save
=> Without patch the expiration date is changed to now + 6 month
=> With patch the exporation date is unchanged

Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Perl-tidied.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 571521ba13eccdd9f309d4d9a2c49c353be86fda)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36708: Fix column index for processing No automatic renewal after
Lucas Gass [Mon, 29 Apr 2024 15:18:26 +0000 (15:18 +0000)]
Bug 36708: Fix column index for processing No automatic renewal after

To test:
1- Find or create a circulation rule with a 'Holds allowed (total)' limit of 3 (or another number) and no value in 'No automatic renewal after (hard limit)'
2- Select to edit the rule, and note that 'No automatic renewal after (hard limit)' box in the editing line is now populated with a date
3- Note also that 'Holds allowed (total)' is empty in your editing line
4- If you save your edits without clearing the new 'No automatic renewal after (hard limit)' date, it will save as part of the rule. Also, 'Holds allowed (total)' will save as Unlimited unless you re-add your numerical value.
5- APPLY PATCH
6- Try again, the values should save corrected and not erroneously fill the No automatic renewal after (hard limit) column.

Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
5 months agoBug 36612: (QA follow-up) Add 'source' to public_read_list
Martin Renvoize [Tue, 7 May 2024 12:07:53 +0000 (13:07 +0100)]
Bug 36612: (QA follow-up) Add 'source' to public_read_list

This patch adds the required 'source' field to the public_read_list for
tickets.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a464e20091e0662bed82bfe308af69c8710614aa)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36612: Add public_read_list to Koha::Ticket
Martin Renvoize [Tue, 16 Apr 2024 17:22:41 +0000 (18:22 +0100)]
Bug 36612: Add public_read_list to Koha::Ticket

Without the public_read_list to define which fields should be accessible
from the public endpoints we will always return a 500 from the API on
otherwise successfull additions of tickets via the OPAC.

Test plan
1) Enable OPACCatalogConcerns
2) Login to the OPAC and "Report a concern"
3) Note the error message in the UI "There was an error when submitting
   your concern, please contact a librarian."
4) Confirm that the concern is actually created regardless
5) Apply the patch here and restart plack
6) Submit another 'Report a concern' and now note the success message
   "Your concern was successfully submitted."

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 834fc10650779c71b6608ab01ef0e54bd9dd4746)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36612: Unit test for public ticket add
Martin Renvoize [Tue, 16 Apr 2024 17:49:19 +0000 (18:49 +0100)]
Bug 36612: Unit test for public ticket add

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit af0422ccabb21521c8aff14a10a874f100ee1f0a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36832: (bug 36791 follow-up) Allow authid=0
Emily Lamancusa [Fri, 10 May 2024 18:01:59 +0000 (14:01 -0400)]
Bug 36832: (bug 36791 follow-up) Allow authid=0

To test:
1. Go to the Authorities module and do a Z39.50 search that will return
   results (e.g. a general subject heading)
2. Import an authority record from the results
--> Confirm that the record is imported into the editor
3. Authorities > New, replace it via Z39.50, confirm it's imported
4. Authorities > New, fill the required fields, confirm it saves
5. Edit an existing authority, replace it via Z39.50, confirm it saves
6. Edit an existing authority, replace authid=nn in the URL with a
   number that doesn't exist like 1000000, confirm you get a 404 page

Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Janusz Kaczmarek <januszop@gmail.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1aba01adb4ff61c6af77af6b42f13d29d55df4f2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36791: (QA follow-up) Simplify conditional
Emily Lamancusa [Thu, 9 May 2024 15:26:52 +0000 (11:26 -0400)]
Bug 36791: (QA follow-up) Simplify conditional

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 37bda5d1300aa8262917be6f36172348244b7c73)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36791: Koha explodes when trying to edit an authority rec. with an invalid authid
Janusz Kaczmarek [Mon, 6 May 2024 11:44:26 +0000 (11:44 +0000)]
Bug 36791: Koha explodes when trying to edit an authority rec. with an invalid authid

When trying to open the authority editor with authid=<invalid_authid>
(e.g. a deleted authid) Koha explodes with a message:
Can't call method "authtypecode" on an undefined value at
/kohadevbox/koha/authorities/authorities.pl line 556

This this because authtypecode method is called on the result of
->find without verifying that it was succesful.

Test plan:
==========
1. Try to edit an auth rec. giving as a authid (in URL) a non-existing
   authid, e.g. in ktd, with standard ktd test data:
   http://your_ktd:8081/cgi-bin/koha/authorities/authorities.pl?authid=100000
   Koha should explode with the message:
   Can't call method "authtypecode" on an undefined value at
   /kohadevbox/koha/authorities/authorities.pl line 556
2. Apply the patch; restart_all.
3. Repeat p. 1.  You should get the 404 error page.

Sponsored-by: Ignatianum University in Cracow
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 18843cabdb1697fda2eb2d9c3c7f96b58f277813)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 34972: (QA follow-up) Remove second transfer from Circulation.t
Marcel de Rooy [Fri, 3 May 2024 09:07:17 +0000 (09:07 +0000)]
Bug 34972: (QA follow-up) Remove second transfer from Circulation.t

Removing the manual transfer and rightaway doing the Reserve
transfer. One test description was misleading too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7f22156b8fea3766f893d28fc17ebe8561d5e7cc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 34972: (QA follow-up) Remove some ModReserveCancelAll imports
Marcel de Rooy [Fri, 3 May 2024 08:07:24 +0000 (08:07 +0000)]
Bug 34972: (QA follow-up) Remove some ModReserveCancelAll imports

Not used? Dont import.
Which actually only leaves circ/waitingreserves.pl as the only
'real' caller.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 87c1759dd789cb2a91bff8e6609847811c05f984)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 34972: Remove GetOtherReserves
Emily Lamancusa [Tue, 19 Mar 2024 18:14:27 +0000 (14:14 -0400)]
Bug 34972: Remove GetOtherReserves

GetOtherReserves attempts to set the waiting/transit status for the next
hold on the list when applicable, but in practice it either leaves the
hold state unchanged, or sets the itemnumber without setting the found
status (erroneously converting bib-level holds to item-level holds).

The latter situation only occurs when the user has been prompted to
confirm, cancel, or revert the hold, and is able to ignore the prompt.
In those situations, the hold's state should not change.

GetOtherReserves does not need to change the hold state, and it does not
do so correctly. Besides that, it does not do much other than call
CheckReserves, and is only used in 3 places.

This patch removes GetOtherReserves, and refactors returns.pl and
C4::Reserves::ModReserveCancelAll to call CheckReserves directly instead.

To test:
1. Place 2 bib-level holds for 2 different patrons (Patron A and Patron
    B) on the same record, both for pickup at the logged-in library
2. Check in an item from that record to fill Patron A's hold
3. Set the hold's expiration date to yesterday by accessing the database
    in the command line:
    - In a ktd shell prompt, open the db client with koha-mysql kohadev
    - UPDATE reserves
        SET expirationdate = DATE_SUB(CURDATE(), INTERVAL 1 DAY)
        WHERE borrowernumber = <Patron A's borrowernumber>
4. Go to Circulation > Holds Awaiting Pickup, and find the hold in the
    "holds waiting past their expiration date" tab
5. Click the "Cancel hold" button in the Actions column next to the hold
   (do not check in the book)
6. Return to the bib record and look at Patron B's hold
--> Note that Patron B's hold is now an item-level hold and does not
    have a waiting status

7. Cancel Patron B's hold
8. Place 2 new holds on the record: one for Patron A at the logged-in
    library, and one for Patron B at a different library
9. Check in an item to fill Patron A's hold
10. Repeat steps 3-5 to expire and cancel Patron A's hold
11. Return to the Holds tab of the bib record and look at Patron B's hold
--> Note that Patron B's hold is now an item-level hold, and there is no
    "Revert transit status" button

12. Place 2 bib-level holds for 2 different patrons (Patron A and Patron
    B) on the same record, both for pickup at the logged-in library
13. Check in an item from that record to fill Patron A's hold
14. Check in the same item again. A modal will pop up, saying that the
    hold is already waiting
15. In the modal, choose a cancellation reason and click "Cancel hold"
--> A new modal will pop up to fill Patron B's hold
16. Click "Ignore" on the modal for Patron B's hold
17. Return to the bib record and look at Patron B's hold
--> Note that Patron B's hold is now an item-level hold and does not
    have a waiting status

18. Apply patch
19. Repeat steps 1-6
--> Note that Patron B's hold is still a bib-level/"next available" hold
20. Repeat steps 7-11
--> Note that Patron B's hold is still a bib-level/"next available" hold
21. Repeat steps 12-17
--> Note that Patron B's hold is still a bib-level/"next available" hold

Make sure correct behavior is unchanged:

22. Cancel Patron B's hold
23. Place 2 new holds on the record: one for Patron A at the logged-in
    library, and one for Patron B at a different library
24. Check in an item from that record to fill Patron A's hold
25. Check in the same item again. A modal will pop up, saying that the
    hold is already waiting
26. In the modal, choose a cancellation reason and click "Cancel hold"
--> A new modal will pop up to fill Patron B's hold
27. Click "Print slip, transfer, and confirm" on the modal for Patron B's hold
--> Confirm that the information on the slip is correct
--> Confirm that the hold is correctly put in transit

22. Set HoldsAutoFill and HoldsAutoFillPrintSlip to "Do"

23. Place a bib-level hold for the logged-in library
24. Check in an item from that bib
--> Confirm the information on the slip is correct
--> Confirm the hold is correctly assigned and set to waiting
25. Place a bib-level hold for a different library
26. Check in an item from that bib
--> Confirm the information on the slip is correct
--> Confirm the hold is correctly put in transit
27. Change the logged-in branch to match the hold pickup location
28. Check the item in
--> Confirm the information on the slip is correct
--> Confirm the hold is correctly assigned and set to waiting

29. Repeat steps 22-26
--> Confirm a correct hold slip pops up for Patron B's hold
--> Confirm that Patron B's hold is correctly put in transit
30. Cancel Patron B's hold
31. Place 2 bib-level holds for 2 different patrons (Patron A and Patron
    B) on the same record, both for pickup at the logged-in library
33. Repeat steps 24-26
--> Confirm a correct hold slip pops up for Patron B's hold
--> Confirm Patron B's hold is correctly set to Waiting

34. Prove t/db_dependent/Circulation.t
35. Prove t/db_dependent/Koha/Holds.t
--> Tests pass

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit dc00e55a322c2c5279e4c42d516125d4e98cff4e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 34972: Add tests for ModReservesCancelAll
Emily Lamancusa [Wed, 3 Apr 2024 20:24:38 +0000 (16:24 -0400)]
Bug 34972: Add tests for ModReservesCancelAll

To test:
1. Apply this patch only
2. prove t/db_dependent/Koha/Holds.t
--> Tests pass
3. Apply the other patch
4. prove t/db_dependent/Koha/Holds.test
--> Tests still pass

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d71f5272021b54849e5854d3a7b8ecb1f30d9414)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36508: Refresh patron object when updating category
Nick Clemens [Wed, 3 Apr 2024 20:35:46 +0000 (20:35 +0000)]
Bug 36508: Refresh patron object when updating category

To test:
1 - Find a ptron, I sued #45 in KTD, note their category
2 - Update them from one category to another using finesunder:
    perl misc/cronjobs/update_patrons_category.pl -f ST -t S --finesunder=5.00 --where "me.borrowernumber=45" -v -c
3 - Check their modification log (I told you to enabled BorrowersLog,
    right?)
4 - See many fields reported changed
5 - Apply patch
6 - Repeat, but change the to and from options
    perl misc/cronjobs/update_patrons_category.pl -f S -t ST --finesunder=5.00 --where "me.borrowernumber=45" -v -c
7 - Note only one column changed in the logs
8 - Ask for unit tests

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit cae2efd69d8ad63822914377733f9819889a0ec1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36508: Unit tests
Nick Clemens [Thu, 25 Apr 2024 16:20:53 +0000 (16:20 +0000)]
Bug 36508: Unit tests

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8f359aa72c46eaa493e817d4d099b6548846edf0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36563: Turn into array only if required
Pedro Amorim [Thu, 11 Apr 2024 10:40:16 +0000 (10:40 +0000)]
Bug 36563: Turn into array only if required

Test plan, apply first patch:
1- Visit item search:
   http://localhost:8081/cgi-bin/koha/catalogue/itemsearch.pl
2- Set "Home library" -> "is not" -> "Centerville". Notice you get items
   from Centerville.
3- Apply second patch, repeat step 2, notice you now don't get items
   from Centervile.
4- Test other use cases, like 'is' and 'is not' for multiple choices

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit eae74ed6d9935ee7247ccd85f9a1d502755ca338)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36563: Dirty fix
Jonathan Druart [Wed, 10 Apr 2024 10:04:18 +0000 (12:04 +0200)]
Bug 36563: Dirty fix

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 492d7be2ccba07f47771184fd5cc903383abb63b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 36313: Fix Undefined subroutine &C4::Circulation::CheckReserves error
Emmi Takkinen [Thu, 11 Apr 2024 10:12:58 +0000 (13:12 +0300)]
Bug 36313: Fix Undefined subroutine &C4::Circulation::CheckReserves error

On (at least) git installations of Koha checkouts and checkins fail on
error 500. Logs have following error:

Undefined subroutine &C4::Circulation::CheckReserves called...

Error happens also when one tries to open patrons checkouts from detail page.
Koha doesn't die but table just keeps loading. Solution is to add C4::Reserves
before CheckReserves when it's called from Circulation.pm.

To test:
1. Apply this patch.
2. Try to check out and check in item.
=> Confirm both operations are succesfull.
3. Attempt to open patrons checkouts from patron detail and checkout page.
=> Table should load

Also prove t/db_dependent/Circulation.t.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: BabaJaga <babajagawgoglach@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 80beaf875b3645034f5dda37bfadf51a038859cc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
5 months agoBug 33832: Allow updating username without changing password on member-password.pl
Brendan Lawlor [Fri, 12 Apr 2024 15:29:37 +0000 (15:29 +0000)]
Bug 33832: Allow updating username without changing password on member-password.pl

This patch updates the change password page on the staff interface to
allow for changing the patron's username without changing the password.
If the new password is an empty string we can skip setting the patron's
password and sending the new password to the template.

Test plan:
1. From a patron record tool bar click 'Change password'
2. Notice that if you try to change the user's name without also
   changing the password the page just reloads and nothing happens
3. Apply patch and restart_all
4. From the patron record click 'Change password' again
5. Set the user's new username and  password eg. '1234Abc' and click
   'Save'
6. Confirm that you can log in to the OPAC with the user
7. Return to the patron record and click 'Change password' again
8. This time change just the 'New username field' and click 'Save'
6. Notice that the username is updated
7. Confirm you can log into the OPAC with the new username and the
   original password '1234Abcd'
8. Make sure that the change password form still validates passwords
   for length and matching errors etc

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e26fc0a3d5a83a7b22f0c3907a98d470b0e2443d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoUpdate release notes for 23.11.05 release v23.11.05
Fridolin Somers [Fri, 3 May 2024 13:15:02 +0000 (15:15 +0200)]
Update release notes for 23.11.05 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoIncrement version for 23.11.05 release
Fridolin Somers [Fri, 3 May 2024 13:02:02 +0000 (15:02 +0200)]
Increment version for 23.11.05 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36149: Add userenv middleware to app.psgi
Julian Maurice [Tue, 9 Apr 2024 12:45:39 +0000 (14:45 +0200)]
Bug 36149: Add userenv middleware to app.psgi

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5cca1bdcd67a1a8fc8b0bb2aa6c666cccdb49fbb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36149: (follow-up) POD and tidy
Nick Clemens [Fri, 29 Mar 2024 18:09:30 +0000 (18:09 +0000)]
Bug 36149: (follow-up) POD and tidy

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 31943a5781aaaa9803ca87247eb7a663fb999fc5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36149: Unset userenv from middleware
Jonathan Druart [Fri, 8 Mar 2024 15:06:11 +0000 (16:06 +0100)]
Bug 36149: Unset userenv from middleware

The userenv (logged in user's info) are stored in
$C4::Context->context->{activeuser}, which persists in plack worker's
memory.
It's really bad in theory as we are not cleaning it before or after the
HTTP request, but only when set_userenv is called (what we are doing
commonly in C4::Auth::get_template_and_user).
If C4::Context->userenv is called before set_userenv we should get undef,
not the userenv from the previous request!
In practice this should not be a problem, but well... who really knows?

This patch suggests to have a middleware to deal with removing the
userenv at the beginning of each request (maybe it should be after, right? - FIXME).

To test:
1 - Edit /etc/koha/sites/kohadev/koha-conf.xml to set <plack_workers>1</plack_workers>
2 - Edit about.pl  and add a line after: CGI->new:
    warn Data::Dumper::Dumper( C4::Cointext->userenv() );
3 - tail -f /var/log/koha/kohadev/*.log
4 - View about.pl in staff interface, should get a "somethign's wrong" warning
5 - Reload, you get current user info
6 - Open an incognito tab, sign in as a different user and click some stuff
7 - Reload about.pl in other window
8 - You get the opac user info
9 - Apply patch
10 - Edit /etc/koha/sites/kohadev/plack.psgi and add the middleware after "RealIP":
     enable "+Koha::Middleware::UserEnv";
11 - Restart all
12 - Reload about.pl - you get a "Something's wrong" warning
13 - Click things in opac on incognito window
14 - Reload about.pl  - only "Something's wrong" - you no longer see any user info

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 576e7e09fdca703f76c0d10ae55eebf12ee1fdf4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 19613: Use the 'note' profile
Jonathan Druart [Wed, 20 Mar 2024 07:35:29 +0000 (08:35 +0100)]
Bug 19613: Use the 'note' profile

WNC amended patch: tidied

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 3cb586b72165bcbd029948f46407359be9d5e9a8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 19613: Scrub borrowers fields: borrowernotes opacnote
Jonathan Druart [Fri, 15 Mar 2024 10:37:43 +0000 (11:37 +0100)]
Bug 19613: Scrub borrowers fields: borrowernotes opacnote

To prevent XSS

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 83db8696ca7a83aba224a0ab645f03447a96887b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36328: (QA follow-up) Expand tests and reorder elements to clarify differences
Nick Clemens [Mon, 1 Apr 2024 16:03:37 +0000 (16:03 +0000)]
Bug 36328: (QA follow-up) Expand tests and reorder elements to clarify differences

Also tidy

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 42d388c80fcdd98c2594ad7b111b8e40c991388a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36328: Add a separate 'note' profile
Jonathan Druart [Wed, 20 Mar 2024 07:34:09 +0000 (08:34 +0100)]
Bug 36328: Add a separate 'note' profile

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 7a626d8d870039330889d6e48c3ae5ba848d85e9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36328: Add test
Jonathan Druart [Fri, 15 Mar 2024 10:40:57 +0000 (11:40 +0100)]
Bug 36328: Add test

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit b315c0f2630ccd738fc811e13d1e95b11d3c8df1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36328: Add p span div to Scrubber
Jonathan Druart [Fri, 15 Mar 2024 10:39:33 +0000 (11:39 +0100)]
Bug 36328: Add p span div to Scrubber

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit ca64e4f6f30b172d86184c61134f5f29713863d2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36532: Protect opac-dismiss-message.pl from malicious usages
Jonathan Druart [Fri, 5 Apr 2024 06:58:06 +0000 (08:58 +0200)]
Bug 36532: Protect opac-dismiss-message.pl from malicious usages

Really bad design, NEVER retrieve the logged in user from the CGI
param!

See comment 1 for more info

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: David Cook <dcook@prosentient.com.au>
(cherry picked from commit a40e1fd62c7320ad5f7b8514ba2bd129aad2d10f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36382: (QA follow-up) Don't escape quotes in escapeHtml
Kyle M Hall [Fri, 29 Mar 2024 11:07:54 +0000 (07:07 -0400)]
Bug 36382: (QA follow-up) Don't escape quotes in escapeHtml

6 months agoBug 36382: XSS in showLastPatron dropdown
Kyle M Hall [Thu, 21 Mar 2024 13:30:26 +0000 (09:30 -0400)]
Bug 36382: XSS in showLastPatron dropdown

1) Set borrower surname to:
    <script>alert("here comes trouble");</script>
2) Save, nothing happens
3) Enable showLastPatron
4) Reload patron
5) Note the alert popup
6) Apply this patch
7) Reload patron
8) No alert!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
6 months agoBug 36139: Bug 35518 Follow-up to fix AutoSwitchPatron - clear variables
Michael Hafen [Tue, 20 Feb 2024 21:18:59 +0000 (14:18 -0700)]
Bug 36139: Bug 35518 Follow-up to fix AutoSwitchPatron - clear variables

Bug 35518 moved some code blocks to after the call to
get_user_and_template() so that userenv would be populated before it
was needed.  This caused a couple variables to be set before the
AutoSwitchPatron block could prevent them from being set.  Which broke
AutoSwitchPatron functionality.  This clears two variable so that
AuthSwitchPatron works again.

The AutoSwitchPatron clears the $borrowernumber variable to switch
patrons. With the AuthSwitchPatron block moved, the $patron variable
still gets set, and the patron doesn't get switched.  The clears the
$patron variable too.

Also clear the barcode list.
The AutoSwitchPatron block got moved, and now the @$barcodes variable
gets filled and not cleared.  Leading to a 'Barcode not found' error
when the patron is auto switched.

Test plan:
1. Ensure AutoSwitchPatron is turned on.
2. Select the card number of two patron accounts.
3. Find the first patron in circulation.
4. Enter the second patron's card number in the item barcode field to
   switch patrons.
5. Observe the error about item barcode not existing, and the patron did
   not switch.
6. Apply patch and restart services.
7. Enter the second patron's card number in the item barcode field
   again.
8. Observe that the patron was switched with no error about an invalid
   barcode.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4d351d2c6d2452462732a2cce71565ba45ec3c05)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36053: Correct input name for item replacement fields
Nick Clemens [Thu, 8 Feb 2024 20:27:14 +0000 (20:27 +0000)]
Bug 36053: Correct input name for item replacement fields

To test:
1 - Follow test plan and use sample record from bug 35912 ( or similar)
2 - Confirm that when the order is saved the replacement price is $0.00
3 - Apply patch, restart_all
4 - Delete previous orders, and stage and add to basket again
5 - Confirm that upon adding orders to basket the replacement price is saved correctly

Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 94da493d0eaaec80e42258ec421eb7c5ca1a0dd2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 35980: Check for CAN_user_borrowers_edit_borrowers in patron-toolbar.inc
Brendan Lawlor [Thu, 4 Apr 2024 18:29:07 +0000 (18:29 +0000)]
Bug 35980: Check for CAN_user_borrowers_edit_borrowers in patron-toolbar.inc

This patch removes the 'New patron' and 'Quick add new patron' buttons from the patron tool bar that's included on members-home.pl

To test:
1. Log in with a user with only 'catalogue', 'list_borrowers' and 'manage_patron_lists' permissions
2. From the main page click on Patrons
3. Notice there are 'New patron' and 'Quick add new patron' buttons in the members-home.pl page that lead to permissions errors
4. Apply patch, restart all, reload the page
5. Notice the buttons to add new patrons are gone, but the button to manage patron lists is still there

Signed-off-by: Esther <esther@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0b4bb48f2c8826e1837abe4b1218b89fd3ec3dd8)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 35980: Check for CAN_user_borrowers_edit_borrowers in more-member.tt
Brendan Lawlor [Thu, 4 Apr 2024 17:22:08 +0000 (17:22 +0000)]
Bug 35980: Check for CAN_user_borrowers_edit_borrowers in more-member.tt

This patch removes edit buttons and add buttons from the more member page if the user does not have CAN_user_borrowers_edit_borrowers

To test:
1. Log in with a user with only 'catalogue' and 'list_borrowers' permissions
2. Search for a patron
3. Notice there are edit and add (pecil and plus icon) buttons in the patron details page
4. You may have to enable some system prefereences like HouseboundModule to fully test
5. Test that things like Additional attributes and identifiers are still displayed
3. Apply patch, restart all, reload the page
4. Notice the edit and add buttons in the patron details page are gone

Signed-off-by: Esther <esther@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 33c7c8730bede4f84a9dc60a2c50170622295da9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 35980: Check for CAN_user_borrowers_edit_borrowers in members-toolbar.inc
Brendan Lawlor [Thu, 4 Apr 2024 16:35:58 +0000 (16:35 +0000)]
Bug 35980: Check for CAN_user_borrowers_edit_borrowers in members-toolbar.inc

This patch removes the message button and more links from the members toolbar if the user does not have CAN_user_borrowers_edit_borrowers

To test:
1. Log in with a user with only 'catalogue' and 'list_borrowers' permissions
2. Search for a patron
3. Notice the 'Add message' and 'More' buttons in the toolbar only link to permissions errors
3. Apply patch, restart all, reload the page
4. Notice the buttons in the toolbar are gone

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 962290a27df7f46a3ed48537fc0639f4711aecfc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36447: Circ rules slow to load when many itemtypes and categories
Kyle M Hall [Thu, 28 Mar 2024 14:55:05 +0000 (10:55 -0400)]
Bug 36447: Circ rules slow to load when many itemtypes and categories

It seems that we loop all categories and item types to build the circ
matrix. We should only loop over values that have actually been used
in circulation rules.

Test Plan:
1) Create 1000 itemtypes and category codes. You can use the following
   script:

   use t::lib::TestBuilder;
   my $builder = t::lib::TestBuilder->new();
   $builder->build( { source => 'Category' } ) for 0..1000;
   $builder->build( { source => 'Itemtype' } ) for 0..1000;

2) Note the lengthy load time for smart-rules.pl
3) Apply this patch
4) Restart all the things!
5) Reload the page
6) Note the much faster load time!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4e04ff28b61b76e188e929c2e2814ff2190853b3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36159: (QA follow-up) Tidy code
Kyle M Hall [Fri, 29 Mar 2024 11:21:20 +0000 (07:21 -0400)]
Bug 36159: (QA follow-up) Tidy code

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f44134a1ffa2de0500c22603aa85bc97df9bc25d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36159: Add unit test
Kyle M Hall [Thu, 28 Mar 2024 10:36:25 +0000 (06:36 -0400)]
Bug 36159: Add unit test

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9c731a75a9c3ef60dad69dc2aa0b1d615cee2899)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36159: (QA follow-up): Simplify code to supress warnings
Kyle M Hall [Thu, 28 Mar 2024 10:20:29 +0000 (06:20 -0400)]
Bug 36159: (QA follow-up): Simplify code to supress warnings

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 22d51cdd07cc26fc25e5a2166ef59ad3f2cb00db)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36159: Patron imports record a change for non-text columns that are not in the...
Kyle M Hall [Fri, 1 Mar 2024 14:50:07 +0000 (09:50 -0500)]
Bug 36159: Patron imports record a change for non-text columns that are not in the import file

When importing patrons we assume a default of '' for borrower columns not supplied in the file.

When saving we compare the new object we built to the one form the database - for columns are that are not text type we get undef from the db and '' in the object we make. This means we see a difference and log into the BorrowersLog:

   "date_renewed" : {
      "after" : "",
      "before" : null
   },
   "dateofbirth" : {
      "after" : "",
      "before" : null
   },
   "debarred" : {
      "after" : "",
      "before" : null
   },
   "flags" : {
      "after" : "",
      "before" : null
   },
   "gonenoaddress" : {
      "after" : "",
      "before" : null
   },
   "lost" : {
      "after" : "",
      "before" : null
   },
   "password_expiration_date" : {
      "after" : "",
      "before" : null
   },
   "sms_provider_id" : {
      "after" : "",
      "before" : null
   }
}

This can mean a lot of useless logging in sites that do automated imports

Test Plan:
1) Enable 'BorrowersLog' system preference
2) Import the borrowers file attach do this bug report file, matchig on cardnuber, and overwriting
   Contents of the borrowers file are :
surname,firstname,branchcode,categorycode,cardnumber,dateenrolled,patron_attributes,lastseen
Acosta,Ednb,CPL,PT,23529001000463,02/01/2013,,
3) Check the logs, note the modification of columns that have no date
4) Import the file again with the same settings
5) Note the new action log
6) Apply this patch
7) Restart all the things!
8) Import the file again with the same settings
9) Note no new action log was created!

Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 67680d5d6a782ff81ba21b6910318e6d5d32afd0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 34886: Comment failing tests
Pedro Amorim [Fri, 9 Feb 2024 09:55:35 +0000 (08:55 -0100)]
Bug 34886: Comment failing tests

These tests highlight the fact that the 'place hold' button visibility in the
search results page **does not** match the 'place hold' button visibility in
the detail page, given the same conditions.
Since that this is a known behavior, these tests should be commented out as they
are failing by design.

prove t/db_dependent/selenium/opac_holds.t

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f8665c8d55b4526f6f21f3b7b9c80c8e7ca4e624)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 34886: (QA follow-up) chmod, remove POD
Marcel de Rooy [Fri, 22 Mar 2024 10:23:15 +0000 (10:23 +0000)]
Bug 34886: (QA follow-up) chmod, remove POD

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit ae44fd188951d1710b26554f4aa9a492b03a2aa2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 34886: Add selenium tests
Pedro Amorim [Thu, 1 Feb 2024 15:42:12 +0000 (14:42 -0100)]
Bug 34886: Add selenium tests

Tests added to cover different use cases and combinations of circulation rules values for authenticated and unauthenticated users
At the moment, 2 tests are failing, documented on the [DO NOT PUSH] commit.
These 2 failing tests fail for the search results page but pass on the detail page counterpart. Ideally they should match, for consistency sake.
But this may be the use case "details page should be more correct, results page is always an approximation" mentioned by Nick.

More test combinations may be added in the future.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3758a8c05e05b14360560a3e351439e2c4c0364c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 34886: Adjust other opac detail scripts
Nick Clemens [Thu, 28 Sep 2023 13:14:54 +0000 (13:14 +0000)]
Bug 34886: Adjust other opac detail scripts

Same chanegs as before, but for MARC and ISBD details pages

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d134dbf4f11f8ed091c80eeae70d696f741c7376)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 34886: Adjust holdability checks on opac details page
Nick Clemens [Thu, 28 Sep 2023 12:27:21 +0000 (12:27 +0000)]
Bug 34886: Adjust holdability checks on opac details page

This patch tries to simplify some of the logic here to match that on the search results. When we don't have a patron, we fallback to determining if an item can be held buy determining whether there are any items that don't have holds disallowed at the all libraries level. We also remove items with non-holdable statuses like withdrawn etc (and check some system preferences)

If we don't have a patron, then we are done, however, if we do, then we need to check each item against the policies related to that patron.

This patch also removes two checks at the end:
CountItemsIssued($biblionumber)
$biblio->has_items_waiting_or_intransit

These seem to be from bug 4319 - however, those rules are checked by IsAvailableForItemLevelRequest and are only relevant when we have a patron. These checks essentially assumed 'onshelfholds' policy of 'If any unavailable' For consistency sake I think we should follow the same logic as the results page.

To test:
1 - Find a record with two items, of different types, set a 'Default checkout, hold and return policy' of 'No holds allowed'
2 - Search opac, not logged in, and verify neither the results page or details page shows the place hold button
3 - Delete that rule, make both items withdrawn
4 - Search opac, not logged in, and verify neither the results page or details page shows the place hold button
5 - Mark one item as not withdrawn
6 - Search opac, not logged in, and verify both the results page or details page shows the place hold button
7 - Log in to opac
8 - Search opac, logged in, and verify both the results page or details page shows the place hold button
9 - Place an 'On shelf holds policy' rule for that patron category of 'If any unavailable'
10 - Search opac, logged in, and verify the results and details page shows the place hold button
11 - Set the other item to not withdrawn
12 - Search opac, logged in, and verify the results page shows the place hold button, but details does not
13 - Try various other scenarios - details page should be more correct, results page is always an approximation

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0d4f520761cead905357892f54fa33a8cb24b827)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36036: Fix misnamed location field
Matt Blenkinsop [Thu, 8 Feb 2024 11:11:24 +0000 (11:11 +0000)]
Bug 36036: Fix misnamed location field

This patch fixes a hash reference in the template to allow the location field to display properly

Test plan:
1) In system preferences, click Search and then select the Acquisitions option from the left hand menu
2) Paste the following into MarcFieldsToOrder
price: 975$p
quantity: 975$q
budget_code: 975$h
3) Paste the following into MarcItemFieldsToOrder
homebranch: 949$a
holdingbranch: 949$b
itype: 949$y
nonpublic_note: 949$x
public_note: 949$z
loc: 949$c
ccode: 949$8
notforloan: 949$7
uri: 949$u
copyno: 949$t
price: 949$g
replacementprice: 949$v
itemcallnumber: 949$o
quantity: 949$k
budget_code: 949$l
Now save the sysprefs
4) Navigate to acquisitions and go into a basket
5) Click Add to basket and select “From a new file”
6) Download the file attached to this bug
7) Import the file and when the job is complete click “Add staged files to basket”
8) Click the checkbox next to the record to display the items
9) Inspect the value for the "loc" field - the value of "AV" from the file has not been selected
10) Apply patch and refresh the page
11) On inspection the value should now be properly selected

Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit c1cd6a980a7c6f862cb678aa81533b1fadc60afb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36035: Wrong text colour in addorderiso2709.pl
Owen Leonard [Thu, 8 Feb 2024 13:57:30 +0000 (13:57 +0000)]
Bug 36035: Wrong text colour in addorderiso2709.pl

This patch updates the "Order staged MARC records" page so that the
class which is added upon selection is more unique to avoid a collision
with some default DataTables styles. These classes are used in
JavaScript selectors, not for visual style.

The patch also adds some custom CSS variables to global.scss to override
the defaults for the DataTables "selected" style, in case this issue
crops up again.

To test, apply the patch and rebuild the staff interface CSS. Follow the
test plan from the bug report:

1) In system preferences, click Search and then select the Acquisitions
   option from the left hand menu
2) Paste the following into MarcFieldsToOrder

price: 975$p
quantity: 975$q
budget_code: 975$h

3) Paste the following into MarcItemFieldsToOrder

homebranch: 949$a
holdingbranch: 949$b
itype: 949$y
nonpublic_note: 949$x
public_note: 949$z
loc: 949$c
ccode: 949$8
notforloan: 949$7
uri: 949$u
copyno: 949$t
price: 949$g
replacementprice: 949$v
itemcallnumber: 949$o
quantity: 949$k
budget_code: 949$l

4) Save the sysprefs
5) Navigate to acquisitions and go into a basket
6) Click "Add to basket" and select "From a new file"
7) Download the file attached to this bug
8) Import the file and when the job is complete click "Add staged files
   to basket"
9) Click the checkbox next to the record to display the items.
   - The expanded form should look correct.
10) Add one or more items to the order and confirm that submitting the
    form works correctly.

To test the new default "selected" DataTables style, view a page with a
DataTable, e.g. Administration -> Libraries.

- Right-click on one of the table rows and choose "Inspect"
- Click the table row element, e.g. '<tr class="odd">'
- Double-click the class name and replace it with "selected."
- The row you inspected should now have a pale green background and text
  colors should remain the same.

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 27a651388dacc6faedef2c7463cfb580f0a79bbe)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36331: (follow-up) Ignore non_priority holds when checking renewability
Nick Clemens [Fri, 22 Mar 2024 13:54:03 +0000 (13:54 +0000)]
Bug 36331: (follow-up) Ignore non_priority holds when checking renewability

When changing the fetch of holds, the check for non-priority was lost - added a loop to pull those out
so the totals and checks are correct

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Tidied (tcohen)
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit b7ad3364cbf8778507f7d0dbd2a0199cbe7c0cdd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 36331: Don't check reserves that an item cannot fill when checking if it can...
Nick Clemens [Fri, 15 Mar 2024 13:45:58 +0000 (13:45 +0000)]
Bug 36331: Don't check reserves that an item cannot fill when checking if it can be renewed

Before this patch we get all holds on a record and see if we can fill them with available items.
This means we check to fill holds that the item in questoion may not be able to fill, especially
in the case where no holds are allowed on the item type, this is wrong

To test:
1 - Find or create a biblio with two items of different item types
2 - Make sure one item type allows holds, and the other has:
    "Default holds policy by item type"
    Set to "No holds allowed"
3 - Set system preference "AllowRenewalIfOtherItemsAvailable" to "Don't allow"
4 - Check out the unholdable item to a patron
5 - Set a hold for a different patron on the next available item
6 - Confirm the checked out item can be renewed (don't renew, just view the checkouts page)
7 - Checkout the other item to a third patron
8 - Confirm the first item can still be renewed
9 - Set system preference "AllowRenewalIfOtherItemsAvailable" to "Allow"
10 - Confirm the item cannot be renewed now
11 - Apply patch, restart all
12 - Confirm the item can be renewed
13 - Set the item type to a type that allows holds
14 - Confirm the item can no longer be renewed
15 - Restore the item type
16 - Set system preference "AllowRenewalIfOtherItemsAvailable" to "Don't allow"
17 - Confirm the item can be renewed
18 - Check in the item from the third patron
19 - Confirm the item can still be renewed
20 - prove -v t/db_dependent/Circulation.t - test still pass

Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9cc622be1fb267efe5202f24450f9c5acee77fd2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 35944: (QA follow-up) Tidy
Nick Clemens [Fri, 15 Mar 2024 11:37:54 +0000 (11:37 +0000)]
Bug 35944: (QA follow-up) Tidy

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit bf4b39cb3b4a4142e5d9cae4fc59677280df8c8a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 35944: (QA follow-up) Check if there are bookings before other calculations
Nick Clemens [Fri, 15 Mar 2024 11:35:38 +0000 (11:35 +0000)]
Bug 35944: (QA follow-up) Check if there are bookings before other calculations

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 48f9867203e01830a5c5643c5add4a44faff70cd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 35944: Add link to 'booked' biblio in checkouts table
Martin Renvoize [Mon, 26 Feb 2024 09:27:27 +0000 (09:27 +0000)]
Bug 35944: Add link to 'booked' biblio in checkouts table

This patch updates the checkouts table so handle 'booked' items
including linking to the biblio booking details page.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2cbf17489760a37012f02107b3590821eb9f95dc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 35944: Add message to SIP renewal attempt
Martin Renvoize [Mon, 26 Feb 2024 08:15:50 +0000 (08:15 +0000)]
Bug 35944: Add message to SIP renewal attempt

This patch adds a replacement for 'booked' to the SIP renewal handling
so we can display 'Item is booked for another borrower'.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit c5522bc81e5b3c16702450ce61c25d1ccbef173a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 35944: Add booking handling to CanBookBeRenewed
Martin Renvoize [Mon, 19 Feb 2024 12:31:07 +0000 (12:31 +0000)]
Bug 35944: Add booking handling to CanBookBeRenewed

This patch adds a bookings check to CanBookBeRenewed

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 59afaf533b5f8a092f0442f9a8e004bc3db644c5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
6 months agoBug 35944: Unit tests
Martin Renvoize [Tue, 20 Feb 2024 18:04:49 +0000 (18:04 +0000)]
Bug 35944: Unit tests

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e9c541506a49c6d6a10250f091d9fafdae675234)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 36511: Some scripts missing a dependency following Bug 24879 v23.11.04-4
Owen Leonard [Tue, 9 Apr 2024 15:55:57 +0000 (15:55 +0000)]
Bug 36511: Some scripts missing a dependency following Bug 24879

These files needed the addition of 'use C4::Auth qw( check_cookie_auth
);'.

To test, apply the patch and restart services.

- If necessary, enable the LocalCoverImages system preference.
- Open the browser console and then the "Network" tab. You can click
  "Images" to filter for the correct kind of request.
- Perform a catalog search. After the search has loaded, check that
  there are no 500 errors in the Network tab.

- Go to Cataloging -> Label creator.
- If necessary, create a label batch and add some items.
- Export your batch and test both the "Download as CSV" and "Download as
  XML" links. Both should trigger the correct download.

- Go to Serials -> Claims, and select a vendor with late issues.
- Select all late issues and click "Download selected claims" at the
  bottom of the page.
- Your CSV file should download correctly.

The file acqui/check_uniqueness.pl has been corrected as well but I'm
not sure how to test it!

Signed-off-by: danyonsewell <danyonsewell@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 747f5132311ea51ea6babbfc92a775ac0c67f93a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoUpdate release notes for 22.11.04 release v23.11.04
Fridolin Somers [Mon, 25 Mar 2024 10:04:06 +0000 (11:04 +0100)]
Update release notes for 22.11.04 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoIncrement version for 23.11.04 release
Fridolin Somers [Mon, 25 Mar 2024 09:39:30 +0000 (10:39 +0100)]
Increment version for 23.11.04 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 24879: (follow-up) Fix test suite
Fridolin Somers [Wed, 27 Mar 2024 09:20:03 +0000 (10:20 +0100)]
Bug 24879: (follow-up) Fix test suite

Running cataloguing pluings (in cataloguing/value_builder) now requires
authentification.

This patch adds in failing unit tests a mock of C4::Auth::check_cookie_auth

Test with:
prove t/db_dependent/FrameworkPlugin.t t/db_dependent/Koha/UI/Form/Builder/Biblio.t t/db_dependent/Koha/UI/Form/Builder/Item.t t/db_dependent/Serials.t

7 months agoBug 36244: DBRev 23.11.03.001
Fridolin Somers [Mon, 25 Mar 2024 09:43:27 +0000 (10:43 +0100)]
Bug 36244: DBRev 23.11.03.001

7 months agoBug 31988: Remove reports/itemtypes.plugin
Jonathan Druart [Fri, 15 Mar 2024 09:12:41 +0000 (10:12 +0100)]
Bug 31988: Remove reports/itemtypes.plugin

This "plugin system" is only used for the itemtypes report. We can
simply remove the reports/manager.pl script and this plugin in favor of
a dedicated report.

Test plan:
Same behaviour expected before and after this patch

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 499fe0bea7d995358bd45da2bea7058d803f2b4e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 36323: Move koha_perl_deps.pl to misc/devel
Fridolin Somers [Mon, 18 Mar 2024 15:32:57 +0000 (16:32 +0100)]
Bug 36323: Move koha_perl_deps.pl to misc/devel

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit e865f1e1ae67266e822be2690dc5610b22cdded1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 24879: Exclude koha_perl_deps.pl
Jonathan Druart [Fri, 15 Mar 2024 09:19:16 +0000 (10:19 +0100)]
Bug 24879: Exclude koha_perl_deps.pl

And tidy.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 171197bf2353c0c415d25be127073ad13a9d86bc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 24879: Use perl shebang to list the exec
Jonathan Druart [Thu, 14 Mar 2024 15:53:35 +0000 (16:53 +0100)]
Bug 24879: Use perl shebang to list the exec

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit f4a52fbc317067b62881110557aeb2b2cc63c41e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 24879: Add check_cookie_auth when missing
Jonathan Druart [Thu, 14 Mar 2024 15:19:06 +0000 (16:19 +0100)]
Bug 24879: Add check_cookie_auth when missing

This can certainly be improved to adjust the permissions, but at least
they are no longer opened to the world..

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 496c8c4e2d9199a38c796fdd6f63d89d8c6b215d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 24879: Adjust tests
Jonathan Druart [Thu, 14 Mar 2024 15:17:55 +0000 (16:17 +0100)]
Bug 24879: Adjust tests

Installer scripts cannot be run from the UI:
debian/templates/apache-shared-intranet.conf:RewriteRule ^/cgi-bin/koha/(C4|debian|etc|installer/data|install_misc|Koha|misc|selenium|t|test|tmp|xt)/|\.PL$ /notfound [PT]

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6d61091f1ac8e66d2fdaac9a31530dfc7a7eb5fc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 24879: Remove installer/externalmodules.pl
Jonathan Druart [Thu, 14 Mar 2024 15:14:17 +0000 (16:14 +0100)]
Bug 24879: Remove installer/externalmodules.pl

It is not used, if we need it back it must be moved to misc.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 90fe13e23976e2de81adc14fbabfb99660320989)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 24879: Add new test to catch missing auth statement
Jonathan Druart [Tue, 17 Mar 2020 10:54:12 +0000 (11:54 +0100)]
Bug 24879: Add new test to catch missing auth statement

in intranet scripts

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8784a7e9ffe9fd5f22be133693d0d301f572e82d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 36322: Redirect docs dir to 404
Jonathan Druart [Thu, 14 Mar 2024 15:42:08 +0000 (16:42 +0100)]
Bug 36322: Redirect docs dir to 404

http://localhost:8081/cgi-bin/koha/docs/CAS/CASProxy/examples/proxy_cas.pl

Test plan:
Hit the link
=> Erk
Copy the apache config to /etc/koha/apache-shared-intranet-git.conf
restart_all
Hit the link
=> 404

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0cf08303932eea945d5c90cca0d5ca18fe8923d6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 35960: Use .val() instead of string concat to prevent potential XSS
Julian Maurice [Thu, 1 Feb 2024 08:15:23 +0000 (09:15 +0100)]
Bug 35960: Use .val() instead of string concat to prevent potential XSS

Test plan:
1. Log out
2. Go to /cgi-bin/koha/mainpage.pl#somestring"with<html>char
3. Open the brower's inspector and find "auth_forwarded_hash" input
4. Make sure the value attribute is there and corresponds to the URL's
   fragment. It should be URI-encoded.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e6f8a4361e2975dfefcd9773fa61ef7d40300086)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 36244: Add atomic update to check for affected notices
Kyle M Hall [Thu, 7 Mar 2024 16:10:35 +0000 (11:10 -0500)]
Bug 36244: Add atomic update to check for affected notices

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fixed some typos in bug numbers and text.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 2e18611b7d8527c7ff9253a7669aad2c13a5afb0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 36244: Do template toolkit processing first
Andreas Jonsson [Thu, 7 Mar 2024 09:12:25 +0000 (09:12 +0000)]
Bug 36244: Do template toolkit processing first

To avoid injection of template toolkit code
from database fields that are controlled by
untrusted sources.

Test plan:

* review subtest 'Template toolkit syntax in
  parameters' in t/db_dependent/Letters.t
* Run the unit test:
  prove t/db_dependent/Letters.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 07ac3b0b9450f812bb48cfecf7bf3f47f63279b5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 36244: Unit test for tt syntax in parameters
Andreas Jonsson [Thu, 7 Mar 2024 09:07:49 +0000 (09:07 +0000)]
Bug 36244: Unit test for tt syntax in parameters

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3f8b7785cd703f89de140108eb9347bf33a0c764)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 36176: Exclude misc/releases_notes/*
Lucas Gass [Tue, 26 Mar 2024 20:32:15 +0000 (20:32 +0000)]
Bug 36176: Exclude misc/releases_notes/*

7 months agoBug 35388: Add comment to 'Transfers to send'
Marcel de Rooy [Thu, 23 Nov 2023 09:00:59 +0000 (09:00 +0000)]
Bug 35388: Add comment to 'Transfers to send'

Test plan:
Read the patch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit c6fa96eecae4a0f0de95977d8cf032cb9ee941bf)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 36329: (follow-up) Fix error message comparisson in testes
Tomas Cohen Arazi [Tue, 19 Mar 2024 15:11:54 +0000 (12:11 -0300)]
Bug 36329: (follow-up) Fix error message comparisson in testes

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5f7a9db93672c14efdba861373c2d330b8aee6c4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 36329: Make POST /transfer_limits/batch honor BranchTransferLimitsType
Tomas Cohen Arazi [Fri, 15 Mar 2024 12:56:22 +0000 (09:56 -0300)]
Bug 36329: Make POST /transfer_limits/batch honor BranchTransferLimitsType

This patch adds tests for the different cases of `BranchTransferLimitsType`.
It also adds tests for the situation of the consumer sending both limit
criterias on the request.

The controller gets adjusted for this new behavior and the spec gets
documentation added about this.

Bonus: tests are added the right guidelines code, and
BranchTransferLimitsType gets mocked to avoid failures due to existing
data.

To test:
1. Apply this patches
2. Run:
   $ ktd --shell
  k$ qa
=> SUCCESS: All green, and tests pass!
3. Sign off :-D

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Fixed a typo in one of the return messages

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e846641eddb98d63f2fb9b78b7fe5fce00cd8569)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
7 months agoBug 36329: Miscelaneous spec fixes
Tomas Cohen Arazi [Fri, 15 Mar 2024 12:55:34 +0000 (09:55 -0300)]
Bug 36329: Miscelaneous spec fixes

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 9760f066dd3488fe166015959aa8b526bb98daa6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>