Martin Renvoize [Tue, 11 May 2021 08:39:42 +0000 (09:39 +0100)]
Bug 28264: (QA follow-up) Impliment fix for debit_type_code
The fix for the debit_type line was also missing.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2fd517ee415cc7a147812c25975ee46fba77152f) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Ivan Dziuba [Thu, 6 May 2021 19:33:02 +0000 (15:33 -0400)]
Bug 28264: Transaction type is empty is cash register statistics wizard report
To test:
1) Go into a patron file and add some manual fees and pay them
2) Go to Reports > Statistics wizards > Cash register
3) In the form, choose Transaction type: All transactions
4) Click "Submit"
5) Note that the Transaction type column is empty
6) In the form, choose Output: To a file
7) Click "Submit"
8) Open the file in a spreadsheet software (I use LibreOffice)
9) The Transaction type column IS NOT empty
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 168866bb82affc3314daf2a74ae4cca0a0c9e794) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 7 Jan 2021 09:55:35 +0000 (10:55 +0100)]
Bug 27348: Fix test on ALTERNATE_INDEXER_DAEMON in koha-indexer
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4ff743727a9903280d6c00b35113a3f7812ae458) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
David Cook [Thu, 7 Jan 2021 00:22:03 +0000 (00:22 +0000)]
Bug 27348: Fix test on INDEXER_PARAMS in koha-indexer
koha-indexer doesn't test INDEXER_PARAMS correctly which causes errors
to display when stopping/starting the daemon.
This patch fixes the test so that the variable is tested as a string,
so that no errors are created and the params are passed correctly.
Test plan:
0. Apply patch
1. vi /etc/default/koha-common
2. Add the following to the bottom of the file:
INDEXER_PARAMS="-daemon -sleep 6"
3. cp debian/scripts/koha-indexer /usr/sbin/koha-indexer
4. koha-indexer --stop kohadev
5. Note no errors
6. koha-indexer --start kohadev
7. Note no errors
8. ps -efww | grep "indexer"
9. Note that rebuild_zebra.pl has the arguments "-daemon -sleep 6"
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 93bbacc541e6df581ff6c2d4670d706f9013f6c4) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 16 Jun 2021 12:51:08 +0000 (14:51 +0200)]
Bug 28524: Escape 'rank' in cat_issues_top.pl
It's a MySQL 8 keyword
Test plan:
Turn off strict_sql_modes (there are other problems in this script)
Hit Home Reports > Most-circulated items
Submit the form
Without this patch you got:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'RANK, biblio.biblionumber AS ID, itemcallnumber as CALLNUM,
ccode as CCODE, loca' at line 1
With this patch applied you see the report result view
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ea214856d112e262f2ab7df223b6ab9bf673ee67) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 16 Jun 2021 12:54:47 +0000 (14:54 +0200)]
Bug 28523: Escape 'rank' in bor_issues_top.pl
It's a MySQL 8 keyword
Test plan:
Turn off strict_sql_modes (there are other problems in this script)
Hit Home Reports > Patrons with the most checkouts
Submit the form
Without this patch you got:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to
use near 'RANK, borrowers.borrowernumber AS ID FROM `old_issues`
With this patch applied you see the report result view
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 3a3537fd9333636aa0e52b06447ad3f74798dace) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Mason James [Sun, 6 Dec 2020 05:33:58 +0000 (18:33 +1300)]
Bug 28476: Update info in docs/teams.yaml file
to test...
1/ apply patch
2/ view 'about' page to confirm info is updated
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Looks good.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 28476: Update info in docs/teams.yaml file (2)
oops, correct info
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d544d09a3eba15b24836c74e69c298e207921ce6) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
To Test:
1- create an item type with a 'Default replacement cost' and a
'Processing fee (when lost)'
2- numbers are displayed with 6 decimals.
4- apply patch
5- numbers are displayed with 2 decimals.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c7428325ac9f84f891cd17494dbde940b68134cc) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Mon, 7 Jun 2021 12:26:02 +0000 (12:26 +0000)]
Bug 28522: Correct eslint errors in staff-global.js
This patch makes minor corrections to staff-global.js in order to quiet
warnings from ESLint. This includes:
- Remove unused variables
- Declare undeclared variables
- Update list of global and exported variables and functions
- Correct whitespace
- Remove an unused function (paramOfUrl)
To test, apply the patch and clear your browser cache if necessary.
- Confirm that the first search header form field has focus when
switching bewteen pages.
- Confirm that text entered in any search header form field persists
when you switch search header form tabs, e.g. a word typed into the
"Check out" tab is copied to the "Check in" form when you switch to
that tab.
- Perform a search from the "Search the catalog" tab in the header. On
the search results page and any following detail page your search term
should remain in the header search form.
- From a bibliographic detail page, confirm that selecting a list from
the "Add to list" button menu correctly triggers a popup window.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 69108a4605d2dac3e38fb914d5a0f4f55b7463c1) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Mon, 24 May 2021 10:24:59 +0000 (10:24 +0000)]
Bug 28427: Terminology: Shelf should be list
This patch corrects the title element on the download list page in the
staff interface.
The affected page should never be seen by the user because other
error-handling should take precedence. In order to see it you have to
set up such an error:
- Log into the staff client as a user with existing lists.
- Open the Lists page.
- Open one of your lists in a new tab.
- In the original tab, delete the list you opened.
- In the tab showing the contents of the list, click the "Download" menu
button and select an option.
- You should be redirected to a page with an error message at the top.
- The title of this page should be correct: "Download list."
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b5a328d38b07bbf92741cc434c064cbc2bbd997e) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Fri, 21 May 2021 17:11:09 +0000 (17:11 +0000)]
Bug 28423: JavaScript error on MARC modifications page
This patch makes a minor change to the MARC modifications template so
that the "mmtas" variable isn't defined if there is no JSON to be
assigned as its value.
To test, apply the patch and go to Administration -> MARC modification
templates.
- If necessary, add a template with at least one action.
- Check the browser console, there should be no errors.
- Click the "Edit" button corresponding to one of the template actions.
- The details of the action should load correctly in the edit form and
there should be no errors in the console.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2454b2f58a99b59a51849aa9edbf6295bfa0c31b) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Thu, 17 Jun 2021 09:38:15 +0000 (09:38 +0000)]
Bug 28582: Fix hashref in a warning message
Can't enqueue letter HASH(0x55edf1806850)
Test plan:
If you cancel an article request when there is no email address
(no branch email, no KohaAdminEmailAddress), Koha warns.
Verify that the warning now contains the letter code.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e0a09413e86a795f5775c291c6f02747db8bd69a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Marcel de Rooy [Thu, 10 Jun 2021 14:02:16 +0000 (14:02 +0000)]
Bug 28545: Noisy uninitialized warn at opac-MARCdetail.pl line 313
Test plan:
You do not even need a NULL value in a authorised value controlled
item field, a zero in damaged or withdrawn is enough to trigger the
warnings. (Because only the 1 is linked to an authvalue.)
Check your plack-opac-error.log before and after applying this change.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Without the patch I had at least four warnings per item: withdrawn,
lost, damaged and notforloan.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 5d6a1380760ce1fa4a0b7b27ab523b831c3c7bae) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Joonas Kylmälä [Fri, 28 May 2021 10:33:24 +0000 (13:33 +0300)]
Bug 28479: Use primary keys to check object existence in TestBuilder
The TestBuilder::build_object function used any foreign keys to check
whether an object already exists or not. This brought incorrectly
results of unrelated objects because using any other keys other than
primary keys don't guarantee our results to point to one single
object. For example, as is put here in the unit test, if you created
two items with the same biblionumber and then tried to create a hold
using build_object() we were using the biblionumber to check whether
an item was linked to the hold already. Thus, we were checking whether
a random item was already linked to the hold instead of the one we
wanted either by passing it explicitly to build_object() or the one
build_object() created implicitly. This also resulted in following
warnings when there were more than one match:
DBIx::Class::Storage::DBI::select_single(): Query returned more than
one row. SQL that returns multiple rows is DEPRECATED for ->find and
->single at /kohadevbox/koha/t/lib/TestBuilder.pm line 235
To test:
$ prove t/db_dependent
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 188479881fdafb6ef77d9e7278738dba372f15c2) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Fri, 21 May 2021 07:37:54 +0000 (09:37 +0200)]
Bug 28388: Preserve "Browse results" when "view plain" is clicked
This patch modifies the way search sessions are preserved in the OPAC so
that viewing the "plain MARC" view will not cause the search context to
be lost.
To test, apply the patch and make sure OpacBrowseResults is enabled.
- Perform a search in the OPAC which will return multiple search
results.
- View the details of one of the search results.
- You should see a "Browse results" box in the right-hand sidebar.
- Click the "MARC view" link.
- If you click back to the "Normal view" now, the results browser
should still appear.
- From the MARC view, click the "view plain" link.
- Return to the "Normal view."
- Before the patch: The results browser is gone.
- After the patch: The results browser is still there.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 839f61cf9783594e1be26db97dde3d278030ee4a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Mon, 24 May 2021 15:55:43 +0000 (15:55 +0000)]
Bug 28422: OPAC MARC detail view doesn't correctly evaluate holdability
This patch modifies the MARC detail view in the OPAC so that it
evaluates whether a title can be placed on hold in the same way it is
done on the "normal" detail page and the ISBD detail page. This allows
for consistency in the display of the "Place hold" link.
To test, apply the patch and log into the OPAC.
- Perform a search which will return results, at least one of which can
be placed on hold.
- View the detail page, the MARC detail page, and the ISBD detail page.
In each case the "Place hold" link should appear in the sidebar.
- View the same pages for a record which cannot be placed on hold to
confirm that the link doesn't appear. For instance:
- All items are not for loan.
- All items are lost.
- There are no items attached.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b542c9971eebc62af5435cdf1a85b89ddf6fcfbd) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Mon, 24 May 2021 13:13:10 +0000 (13:13 +0000)]
Bug 21286: Add Corporate-name as phrase to zebra indexes
When using Zebra for searching, Koha performs a number of searches in order
to improve relevancy. This means that even for 'wordlist' search, we perform a phrase search.
When selecting 'Corporate-name' as an index, this expansion of the search causes errors and fails
the search
We can fix this for 'Corporate-name' searches by adding a phrase index
To test:
1 - Edit koha-conf.xml and uncomment the zebra debug line and add 'request' to the list
2 - Restart all
3 - tail -f /var/log/koha/kohadev/zebra-output.log
4 - Edit a record to add a 110 field e.g. 'House plants'
5 - Enable syspref IntranetCatalogSearchPulldown
6 - Search for 'Corporate name' and term 'House plants'
7 - No results
8 - View the log, see 'ERROR' and full search terms listed
9 - Apply patch
10 - copy the zebra files to the production instance:
cp etc/zebradb/marc_defs/marc21/biblios/biblio-koha-indexdefs.xml /etc/koha/zebradb/marc_defs/marc21/biblios/biblio-koha-indexdefs.xml
cp etc/zebradb/marc_defs/marc21/biblios/biblio-zebra-indexdefs.xsl /etc/koha/zebradb/marc_defs/marc21/biblios/biblio-zebra-indexdefs.xsl
11 - restart all
12 - rebuild: sudo koha-rebuild-zebra -v -f kohadev
13 - Repeat search
14 - Success!
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ac593159a29cf9f6cd45ea1051e0023044088e7f) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Thu, 13 May 2021 10:25:36 +0000 (11:25 +0100)]
Bug 28344: Restore ability to issue refund against older payments
When implimenting the refund features into the point of sale system, it
appears that at some point we lost the ability to apply refunds against
accountlines in the historic transactions table. This patch restores
that ability.
Test plan:
1/ Add some transations via the point of sale system
2/ Navigate to the 'register details' page and note that you have the
option to refund some of the lines.
3/ Use the Cashup option to make the transactions historic
4/ Refresh the page and then select a past date to see the historic
transactions in the second datatable
5/ Note that the option to refund has not dissapeared from all lines
6/ Apply patch
7/ Refresh and note the refund option now appears as expected.
Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a5d1614da6931eca76d511f1f2f989bba31faccc) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Katrin Fischer [Thu, 3 Jun 2021 23:33:11 +0000 (23:33 +0000)]
Bug 28191: Upate wording on batch patron deletion
This adds another point to the list of things that prevent patron
deletion:
<li>They have permissions assigned to them.</li>
In order to test:
- Go to tools > patron deletion and anonymization
- Verify the new condition shows at the top of the page.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c6caf8822fdc5d543d26fac5cadaf35d58149164) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Fri, 11 Jun 2021 17:44:01 +0000 (17:44 +0000)]
Bug 27929: (QA follow-up) Hide tag editor on regex
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a2f8ba3112699f589e21582a13061d1b7bf7c131) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 11 Mar 2021 15:22:13 +0000 (16:22 +0100)]
Bug 27929: Allow regex for subfield linked with cataloguing plugin
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6f3b78d60915bfe8ac8b1599d6dfdb0991317b7a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Fridolin Somers [Thu, 10 Jun 2021 13:05:51 +0000 (15:05 +0200)]
Bug 28542: Move new authority from Z39.50/SRU to a button
Actually in authority tools bar, 'New from Z39.50/SRU' is inside 'New autority' menu.
This is different from biblio cataloguing toolbar, and adds a click to access it.
I propose to move this to its own button.
Test plan :
1) Create a Z39.50/SRU server connexion for authorities
2) Go to authorities home page
3) Check you see buttons 'New autority' and 'New from Z39.50/SRU'
4) Click on 'New autority'
5) Check you only see autority types
6) Click on 'New from Z39.50/SRU'
7) Check you go to Z39.50/SRU popup
8) Delete Z39.50/SRU server connexion for authorities
9) Go to authorities home page
10) Check you dont see 'New from Z39.50/SRU'
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c2e164891dbaa9427fca641a20fb95a518356698) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch makes the route set the 'updated_by' attribute as well, when
resolving a return claim through the API.
Tests are added for this behavior.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/return_claims.t
=> SUCCESS: Tests pass! updated_by is set correctly!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 343bf361e0417f10f79daff767c38c076d039b23) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 28586: Pass the right parameter to resolve claim
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f0c208bca84033ecfbeb51ca8e5dea75a8f80f2e) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Joonas Kylmälä [Fri, 4 Jun 2021 11:06:53 +0000 (14:06 +0300)]
Bug 28513: Fix analytics search links so they don't match unrelated biblios
At least when using Searchengine=Elasticsearch what happened was that
without () parenthese included the search for Host-item field was done
only to the first token, the subsequent ones matched any
fields. Adding the parentheses restrict the search to Host-item search
field only.
To test:
1) Set Searchengine = elasticsearch
2) Make a biblio with 245a = "biológica paranaense." and 773a = "Acta"
3) Go to a biblio with 245a = "Acta biológica paranaense" (in
kohadevbox or create one if you need).
4) Notice that the "Acta biológica paranaense" biblio's detail page link "Show
analytics" takes to the "biológica paranaense" incorrectly just
because the 773a has "Acta" and the words "biológica" and "paranaense"
appear elsewhere in the biblio.
5) Apply patch and notice the link is now not created at all
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cfe712367943da16e00ea0bee35b75d31d4f943c) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 24 Jun 2021 07:55:23 +0000 (09:55 +0200)]
Bug 28409: Adjust regression test
We are no longer expecting an URI escaped value but a corrected category
value, either 1 or 2.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit bf9c50c1502d202731beedfcfc8185322ab25a28) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Fri, 21 May 2021 07:09:53 +0000 (09:09 +0200)]
Bug 28409: Simplify data validation
Simplify the affectation then trust it.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
JD Amended patch: remove duplicate comma
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 50db7afeb43171bdde2e2f4e421acc45771ec378) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
David Cook [Fri, 21 May 2021 06:52:25 +0000 (06:52 +0000)]
Bug 28409: Comprehensively validate category in opac-shelves.pl
Default to a category of 1 (ie Private). Only allow input of 1
or 2 (ie Public)
== Test plan ==
1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}()
2. Note that you are redirected to another website
3. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?op=add&shelfname=foo&category=9
4. Note that you can't see this list in the Lists (but it has been added to the database)
5. Apply the patch & restart services
6. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}()
7. Note that you are not redirected to another website
8. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?op=add&shelfname=bar&category=9
9. Note that "bar" has been added as a Private list
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0ccf5fe83b4716472f4139735780c659c891719a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Tue, 25 May 2021 12:59:31 +0000 (13:59 +0100)]
Bug 28442: Fix 'accessibility_advocate' for current release
The accessibility_advocate block was positioned incorrectly so wasn't
appearing properly for the current stable releases, only the
development/maintainter block.
This patch fixes that issue
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3b427d79d69579d78a6bb2784edacc64aa781934) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Martin Renvoize [Tue, 25 May 2021 08:29:48 +0000 (09:29 +0100)]
Bug 28442: Update template for new roles
We have multiple accessibility advocates this cycle, so we needed to
adapt the template. I've also added the meeting facilitator as a case
but not added to the team block as a whole.. seeking opinions, perhaps
wait and see if it lasts more than a cycle before adding it fully?
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 16abe0f5321bc7165c1bf7051d6fa53f7608e0ec) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Eden Bacani [Wed, 20 Jan 2021 22:24:05 +0000 (22:24 +0000)]
Bug 27495: Added Accessibility advocate role in team page
Test Plan
1. Click on 'About Koha' from the home page
2.Check on the Koha Team page that the role Accessibility advocate is
listed under the Koha release teams and that the name of the person with
the role appears.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 638f5106352fc1c5a758af06061a68f65264b791) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 19 May 2021 09:10:25 +0000 (11:10 +0200)]
Bug 28386: Add history_notes
The "developer" lines of history.txt will be regenerated using the git
history so we need to add this as a separate info.
See the release_tools changes for more info
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit d7a6bd08ba4288b9d203a33d4201c4d85477524c) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Wed, 19 May 2021 06:09:45 +0000 (08:09 +0200)]
Bug 28386: Remove unknown authors
Those 3 authors are not in the git history, we should remove them from
the author list.
However we could re-add them to the contributor list with a note saying
for instance they were part of the Catalyst Academy (need to double
check that first)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 6a701b363fe807389c49358c43bc33d61282e685) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1e677a8755dfa4b5df3ff8df8f2644aedf388eb3) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Wed, 2 Jun 2021 15:20:08 +0000 (15:20 +0000)]
Bug 28503: Compare item homebranch to patron branch when hold policy set to 'from_home_library'
This fixes an issue in the way we calculate the check for hold policy 'from_home_library'
Currently we change the comparison based on ReservesControlBranch, however, that should
only control the rule we fetch, not how we compare
When ReservesControlBranch is set to "patron's home library" we compare the patron's branch to
the patron's branch, this is useless and means we pass the check for all branches all of the time
We should instead compare the patron's branch to the item's branch, and only fetch the rule using ReservesControlBranch
To test:
1 - Have a record with an item from library A and library B
2 - Set the 'Default checkout, hold and return policy'->Hold policy->From home library for all libraries
and ensure you have no branch specific/itemtype specific rules set
3 - Attempt to place a hold on the record for a patron from library B
4 - Note that only the library B item is holdable - place a title level hold (do not choose an item)
5 - Check in the item from library A
6 - It fills the hold - This is incorrect - ignore the hold
7 - Apply patch
8 - Restart all the things
9 - Check in the item from library A
10 - No hold found
11 - Check in the item from library B
12 - Hold found, correctly
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 28503: Clarify what ReservesControlBranch controls
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 19660a25fa9421373a41fb6aba71215d71c541be) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Wed, 2 Jun 2021 15:05:08 +0000 (15:05 +0000)]
Bug 28503: Unit tests
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a4cdeaae3f82ea47fe3fba5e79f419e6911fb524) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Mon, 7 Jun 2021 16:02:35 +0000 (16:02 +0000)]
Bug 28488: Javascript error in self-checkout (__ is not defined)
This patch adds inclusion of the internationalization JavaScript which
is required by the newest version of the DataTables include. It
references the double-underscore function provided by i18n.js.
To test, apply the patch and log into the self-checkout system as a user
with checkouts. The table of checkouts should display correctly and
there should be no JavaScript errors in the console.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 191a63111a6aa3d8a219dd5102fe80e68b5ff0ca) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Sat, 5 Jun 2021 14:08:46 +0000 (16:08 +0200)]
Bug 28518: Display missing inputs for "Return to the last advanced search"
When more than 3 search terms are passed on the advanced search form,
the "Return to the last advanced search" feature does not display them.
Test plan:
Perform an adv search at the OPAC, enter more than 3 terms, launch the
search, click the "Return to the last advanced search" link and confirm
that all the entries are there.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 75d67d46ce3df59c1460df44318439c40c14451b) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Fri, 11 Jun 2021 11:25:57 +0000 (13:25 +0200)]
Bug 28383: Fix itemsearch when accessed from the login form
There are params here (credentials), we need to test for the existence of $format.
Test plan:
logout
access /cgi-bin/koha/catalogue/itemsearch.pl
Login
=> Without this patch you get a 500 (because we hit the exit statement)
=> With this patch you see the items search form.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c95e406e68fef354f1e65aa34cd6d257b8dc1c48) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Alexis Ripetti [Thu, 13 May 2021 15:09:05 +0000 (11:09 -0400)]
Bug 28350: Fix borrowernotes sorting for patron search
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 9f508a351fed899299dc18199c6e6e8bbaf90ae4) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Wed, 9 Jun 2021 17:59:59 +0000 (17:59 +0000)]
Bug 28538: Insert formatted date if valid
This patch restores the setting of the date from bug 27937 and adds a parsing of the date to
ensure the correct format
To test:
1 - Follow test plan from bug 27937 - it fails
2 - Follow test plan from bug 28351 - it succeeds
3 - Apply patch
4 - Repeat 1-2
5 - both plans pass now
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c43047968c31a918923aa4ef89fd56be2fcf54ec) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Fri, 4 Jun 2021 10:19:18 +0000 (12:19 +0200)]
Bug 28487: Fallback to default template in overdue_notices
There is no fallback to the "default" language if there is no
language-specific template for the lang of the patron.
I am not really sure why we are not using GetPreparredLetter here (which
defaults), but this needs to be backported into all stable branches and
so as small as possible.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 09fcc66ab89dd2c084dfe20d4b4dc43a5335b86a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Tue, 18 May 2021 07:41:40 +0000 (09:41 +0200)]
Bug 28353: Display a list of items that cannot be deleted
We used to display a list of items that cannot be deleted (checked out
or on hold) on the Batch item deletion tool.
With bug 8132 we improve the error handling, but the info is spread in
the table.
This patch adds, at the top of the page, the list of items (barcode)
that cannot be removed.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7de5d06abd8c3d6d1e5fc13e51ee3ce8074efe1d) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Fri, 28 May 2021 12:02:19 +0000 (12:02 +0000)]
Bug 28482: Refresh line from DB to get stored value
Before checking if the amount is 0 we get the stored value from the DB. This
ensures any amounts beyond the 6 digit precision we store will be removed.
To test:
1 - Add a processing fee of 15 to an itemtype
2 - Add an item of that type, set the replacement fee to 12.63
3 - Set MarkLostItemsAsReturned to 'On payment' only
4 - Set WhenLostChargeReplacementFee to 'Charge'
5 - Checkout the item to a patron
6 - Mark the item lost
7 - Reload patron and confirm they are charged 27.63
8 - Go to accounting, pay amount, pay 27.63
9 - Item is still lost and not returned
10 - Apply patch
11 - Checkin the item
12 - Checkout to another patron
13 - Mark lost
14 - Patron charged 27.63
15 - Pay amount, 27.63
16 - Item returned!
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c4e2f4c7180a1c4c287d11d2f2d8c635de81df38) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Nick Clemens [Fri, 28 May 2021 12:02:09 +0000 (12:02 +0000)]
Bug 28482: Unit test
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1df303de77bbaa555b9dc8c0349fae8fb2990c4f) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch fixes the value of a hidden input that was mistakenly
changed and prevents search all headings from working.
To test:
1. Open the authorities section in the OPAC
2. Choose the 'Search all headings' tab
3. Search for 'a'
=> FAIL: No results
4. Empty the search box, and make sure 'Search all headings' is selected
=> SUCCESS: There are authority records
5. Apply this patch
6. Reload the page
7. Retry 3 and 4
=> SUCCESS: Searching is back!
8. Sign off :-D
Sponsored-by: Asociación Latinoamericana de Integración Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 69fb1be22d42bdfe1421b4e23ea783c858ec23d2) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Bug 28364: Make log4perl.conf belong to the instance user
This patch makes koha-create generate the log4perl.conf file for the
instance, belonging to the instance user. This is done in order to have
the z3950 responder work.
My original idea was to make the responder accept a '-g' parameter but
that is not supported by Net::Z3950::Responder. Also, as the library
insists on handling the PID file on its own, it wont' work to handle the
responsability to start-stop-daemon. The only solution I found was
making the fiel be owned by the instance user.
1. Create a Koha instance:
$ koha-create --create-db test
2. Initiate all the things
3. Enable and start the z3950 responder
$ koha-z3950-responder --enable test
$ koha-z3950-responder --start test
4. Try doing some search:
$ yaz-client localhost:2100
=> FAIL: you get:
Connecting...OK.
Sent initrequest.
Target closed connection
Z> quit
See you later, alligator.
=> FAIL: No warning or anything on the logs
5. Stop the daemon
$ koha-z3950-responder --stop test
6. Run it manually:
$ PERL5LIB=/usr/share/koha/lib KOHA_CONF=/etc/koha/sites/test/koha-conf.xml \
/usr/bin/perl /usr/share/koha/bin/z3950_responder.pl \
-c /etc/koha/sites/test/z3950 -u test-koha \
-p /var/run/koha/test/z3950-responder.pid -d test-koha-z3950
7. Repeat the 4, on a separate terminal (no daemon mode this time)
=> FAIL: You get:
Cannot open /etc/koha/sites/test/log4perl.conf (Permission denied) at /usr/share/perl5/Log/Log4perl/Config/BaseConfigurator.pm line 51.
8. Change the file owner:
$ chown test-koha /etc/koha/sites/test/log4perl.conf
9. Repeat 6, and 4
=> SUCCESS: It doesn't break anymore!
10. Apply this patch
11. Create a new instance, with the patched koha-create:
$ debian/scripts/koha-create --create-db test1
12: Check the generated files permissions:
$ ls -l /etc/koha/sites/test2
=> SUCCESS: You get:
-rw-r----- 1 root test2-koha 19720 May 17 13:26 koha-conf.xml
-rw-r----- 1 test2-koha test2-koha 2825 May 17 13:26 log4perl.conf
-rw-r----- 1 root test2-koha 2014 May 17 13:26 zebra-authorities-dom.cfg
-rw-r----- 1 root test2-koha 2279 May 17 13:26 zebra-biblios-dom.cfg
-rw-r----- 1 root test2-koha 26 May 17 13:26 zebra.passwd
13. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Ere Maijala <ere.maijala@helsinki.fi> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 79fe1a6ab9fe8720f1be3d3a7edb4162adae7ffe) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Owen Leonard [Mon, 15 Mar 2021 14:07:26 +0000 (14:07 +0000)]
Bug 27899: Missing description for libraryNotPickupLocation on request.pl
This patch adds text to the holds template in the staff client so that
if a particular item is at a library which isn't a hold location the
error message is descriptive.
To test, apply the patch and go to Administration -> Libraries.
- Change one of your libraries so that "Pickup location" is set to
"No."
- Locate a title in the catalog which has an item at that location.
- The "pick up at" list will exclude the library so and additional steps
must be taken to get the message
- Select a patron and set their library to the one we can't pick up at.
- Start the process of placing a hold on the title.
- After selecting the patron to place the hold for, look at the table of
items under "Place a hold on a specific item."
- The item located at the library you modified should show an error
message in the "Hold" column, "Library is not a pickup location."
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 9cc6fca618707898117363971460833ed3684539) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Kyle M Hall [Fri, 7 May 2021 18:02:35 +0000 (14:02 -0400)]
Bug 28091: Only show for logged in users
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 3ec1b978e0715cbf52964176fe527ffb1cdfde1a) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Lucas Gass [Mon, 5 Apr 2021 17:58:28 +0000 (17:58 +0000)]
Bug 28091: add meta content with Koha version to staff client pages
TO test:
-apply patch
-go to the Koha staff client and inspect the page, look at the HTML <head>
-there should be a line that looks like this:
<meta name="generator" content="Koha 20.12.00">
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 52b4908dd386f05aae91134332e54fb6c390a70c) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Tue, 25 May 2021 07:20:45 +0000 (09:20 +0200)]
Bug 28158: Remove additional backgroundjob related code
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 48e5171214378ce5e4fcbae6d41aa89e02a50d26) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Mon, 24 May 2021 14:53:48 +0000 (16:53 +0200)]
Bug 28158: Remove backgroundjob from batchMod
== Test plan ==
1 - In the default framework make sure the 952$1 is visible in opac & catalog & editor
2 - Set WhenLostChargeReplacementFee to charge
3 - Set MarkLostitemsAsReturned to return from batch modification
4 - Find/edit an item with a replacement cost
5 - Check out the item to a patron
6 - Batch modify the item
7 - Set the lost status
8 - Item is not returned or charged
9 - with the patch, it is
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 41551dfda72df88ed6056301872a37c921154f69) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Jonathan Druart [Thu, 20 May 2021 06:34:48 +0000 (08:34 +0200)]
Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl
== Test plan ==
1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}()
2. Note that you are redirected to another website
3. Apply the patch & restart services
4. Repeat the above and you are not redirected
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: David Cook <dcook@prosentient.com.au>
Nick Clemens [Thu, 17 Sep 2020 18:34:21 +0000 (18:34 +0000)]
Bug 15720: Add connexion user and password options to connexion daemon
Currently the connexion daemon does not utilize the user and password passed in the requests, it expects a
user and password to be defined in the config file and for that user to be a valid Koha user with
cataloging permissions.
With that user in place all requests to the daemon are authorized.
As the connections are over TCP we allow defining a new connexion user and password to protect Koha account information.
If not defined current behaviour is preserved. Connexion user and password must both be set it either is set.
To test:
1 - Create connexion file and save on the Koha serve
2 - perl misc/bin/connexion_import_daemon.pl -c /kohadevbox/koha/connexion.cnf
3 - Ensure the user specified above (connexuser) exists and has edit catalogue permissions
4 - In another terminal make a request to the server:
echo -en 'U6turtleA9connexionP5shell00024 a62clear00024 4500' | nc -v localhost 8888
5 - The request should succeed and record added to batch (probably the import fails, but not important)
6 - Add to config file
connexion_user:conuser
7 - Stop and restart the daemon - it should fail on missing connexion_password
8 - Comment out connexion_user and add
connexion_password:conpass
9 - Stop and restart daemon, it fails on missing connexion_user
10 - Uncomment the user and restart
11 - Make another request
echo -en 'U6turtleA9connexionP5shell00024 a62clear00024 4500' | nc -v localhost 8888
12 - It fails 'Unauthorized request'
13 - Make another request
echo -en 'U7conuserA9connexionP7conpass00024 a62clear00024 4500' | nc -v localhost 8888
14 - It succeeds!
Signed-off-by: Allison Blanning <ablanning@hotchkiss.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>