Martin Renvoize [Mon, 22 Nov 2021 16:30:13 +0000 (16:30 +0000)]
Bug 29495: Unit Tests
Test plan
1. Run updated tests prior to applying new patches.. pass
2. Run updated tests after applying new patches.. pass
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit a052d6752ca641017d3008d56b6638643f9f1651) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug ?????: DBIC schema changes: bug of dbic or forgotten update
Or a bug of DBIC that creates duplicate relationships mappings that
should be harmless. Or a forgotten update but it was not possible to
track down the ticket.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit f9d9e5302aa0ebd3949d8a9d39f0ef937605c4c4) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 24 Nov 2021 16:05:23 +0000 (16:05 +0000)]
Bug 28832: (follow-up) Don't remove false values, only empty strings
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 117d826bf3b10c98a903fd0ed032fc9cb888741d) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Mon, 20 Sep 2021 17:22:46 +0000 (17:22 +0000)]
Bug 28832: (follow-up) Handle regex fields too
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 91289587d3b924b9108ba3438344cdfa356d6988) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Mon, 9 Aug 2021 16:28:16 +0000 (16:28 +0000)]
Bug 28832: Don't batch modify fields that we don't update
In bug 27837 we made sure to always pass through the permanent_location if it was passed in unlike
other fields which are not passed if they have no value.
During batch mod, however, fields that aren't editied have no value, so forcing permanent_location
to pass through forces blanking it.
This patch alters the script to only pass thgouhr for edit the fields that have been updated or
cleared.
To test:
1 - In frameworks add a new subfield to 952, "C" - make it editable in items tab and visible in intranet/editor
2 - In mappings map that subfield to items.permanent_location
3 - Set an item to have differing shelving location and permanent_location
4 - This saves correctly for an individual item
5 - Edit the item using Tools->batch item modification, updating the note field
6 - Note the permanet_location is removed
7 - Check the DB, the field is set to NULL
8 - Apply patch
9 - Repeat
10 - Permanent location is not cleared
11 - Verify that clearing fields works as before, including permanent_location
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Deb Stephenson <dstephen@dubuque.lib.ia.us> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit ba9713ba3a2d8fa5b94211dbc1e6003517079578) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
This patch fixes the duplicate buttons issue.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/Illrequests.t
=> FAIL: Tests fail
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 692804a49a59208b6726f48523bfb82e73671ddc)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 0b9c338f581fc562c94e8f1122b6d5b9bfc715e3) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cbac005968752ce5c473e9efb481183531cb7ddf)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 8a1f2fb600d58f201f2030c943fa71fc40795285) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Colin Campbell [Thu, 25 Feb 2021 10:59:24 +0000 (10:59 +0000)]
Bug 27793: Store FTX free text in vendor note
This is important for proquest ordering to distinguish types of
material.
FTX segment from quote is stored as vendor note.
Contents of vendornote are included in the order FTX segment.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 33c8d6f175bf5c5f2a2f08db9e95d363027c276a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Thu, 9 Dec 2021 13:55:41 +0000 (13:55 +0000)]
Bug 29670: Fix EDI for AcqCreateItem = 'placing on order'
The AcqCreatItem at order time functionality was broken by bug 27708.
This patch resolves that.
Test plan.
1) Run the newly created unit tests that prove both settings work
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
(cherry picked from commit 960372b76ca0b42d8e22dde445402f4c9ba523dc)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit bda8299669d1a34a32fe45f6f765133a0f54f22a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Thu, 9 Dec 2021 16:04:55 +0000 (16:04 +0000)]
Bug 29670: Unit tests
This patch adds unit tests for Koha::Edifact::Order->order_line. We now
check that the message segments are created as expected for both the
'ordering' and not 'ordering' case for acquisitions item creation time.
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
JD amended patch: spelling segement ==> segment
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 1926a207536d38d772a816b0c0179d9201273e04) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 7a87c3ddb33ed561da194f717be49565e85e8af8) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Wed, 17 Nov 2021 16:49:27 +0000 (16:49 +0000)]
Bug 29457: Generic warning at upgrade
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: Adding exec flag and two dots. Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1dec6d946875b7151278fab9d6da65995f37cdab)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit a28dd48b5ee08fea46ead91b0ef1a071dff5e686) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Thu, 11 Nov 2021 10:56:45 +0000 (10:56 +0000)]
Bug 29457: Pass context borrowernumber
This patch updates the call to cancel such that we pass the currently
logged in users borrowernumber instead of their userid.
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0a79d2542178439e6dee39adc669cdeeecf5207e)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 002954a83cb71db137f46c57fb9f944e0c730c0a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug 29736: (QA follow-up) No need to delete all clubs
There's no real need to delete all the existing clubs in the tests.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d4c628f1711f532b6441e9e8244e7e13369af40e)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 4e4a452609e00b12877399a6ac643867d6570ccb) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Without this patch, the list will always display all clubs.
To test:
1. Have two clubs, with enrollemnts:
- Cthulhu fans
- The Shadow Out of Time fans
2. Search for the letter c
=> FAIL: You get both results
3. Apply this patch
4. Repeat 2
=> SUCCESS: Only Cthulhu is returned
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 96012930ee78776af2a2c3e00aaf87a5ff231fac)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 91fd6ddd7cfdd69d33b7742365336a5e42e050e9) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Mon, 20 Dec 2021 14:14:56 +0000 (15:14 +0100)]
Bug 29736: Don't return empty clubs
There is an error when placing a hold for a club without members:
Uncaught TypeError: err.responseJSON.error is undefined
It seems that we should remove clubs without members from the search.
Test plan:
Create 1 club xx with 2 patrons
Create 1 club xxx with 1 patron and cancel their enrolment
Create 1 club xxxx without patron
Place a hold for club "x", only the first one should be returned with
this patch.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b45e67e03eeffdaa006c693e2e6426d452cbb09e)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 4520178095b3bfe1e9ba976b2798721f96635052) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug 29018: Make DELETE /patrons/:patron_id check things
When the route was implemented, the checks were overlooked. This patch
adds checks for:
- Guarantees
- Debts
- Current checkouts
Any of those will block deletion, as it should.
To test:
1. Apply the regression tests patch
2. Run:
$ kshell
k$ prove t/db_dependent/api/v1/patrons.t
=> FAIL: Tests fail, the route misses checks
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! The three conditions prevent deletion!
5. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 4948faacc0807773d4a8540b8bbc02db56d1729f) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 493db07948f0cc4211f916e87273313f4e020638) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Mason James [Tue, 31 Aug 2021 04:05:05 +0000 (16:05 +1200)]
Bug 28926: Update cpanfile for Mojolicious::Plugin::OpenAPI v2.16
to test...
- apply patch
- build package
- confirm in about.pl that minimum versions are updated
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit bfd033c68aa63650f7f78d85054d2d41b697c094)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 81ce0e2db52ff83e023f22c46dd20ed2f62d0190) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
We are loosing the link with the biblio (suggestion.biblionumber)
Test plan:
At the OPAC, go to the detail page of a bibliographic record, click
"Suggest for purchase" and submit the form.
Without this patch the suggestion is created but the link to the
bibliographic record is lost
With this patch applied you should see that suggestions.biblionumber has
correctly been preserved
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 9ae252946da274ef50435a23e3e08cb8cb024f74)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit ad5a157c82ae2d5fac215c4b34d3035feef1957c) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 15 Dec 2021 06:02:08 +0000 (07:02 +0100)]
Bug 29696: Add tests
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 146c1e1d9f8d94e10d189fb601f71f6683963b7d)
Bug 29696: correct number of tests for 21.05.x
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit c467f3facad11655b4c817e88a48a3cb17d6547d) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Test plan:
Create a message, see the "Delete" link, don't click it but copy it
Change logged in library and use the link
If AllowAllMessageDeletion is off you should be redirected to 403
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a2b9a76431a887aad7ebcee7b34fb921159271fd) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 5 Jan 2022 14:56:24 +0000 (15:56 +0100)]
Bug 29542: Prevent access to private list to non authorized users
The catalogue permission is not enough.
Test plan:
Create a private list owned by user A
Login with user B and hit (with XX the shelfid)
/cgi-bin/koha/virtualshelves/sendshelf.pl?shelfid=XX
You should get an error message "You do not have sufficient permission
to continue."
Login with user A
=> You should be able to send the list
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6ca49b550e54a0f1729c5d23838256a0e4542f91) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Mon, 24 Jan 2022 14:19:24 +0000 (14:19 +0000)]
Bug 29914: (QA follow-up) Expand tests to cover failure case before patches
When asking for permissions we get 'failed', without we get 'ok'
Adding explicit checks for not 'ok'
Add a FIXME:
We should cover the case where we return 'failed' after changes, but that is a larger undertaking
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit e956130f8f57d6204637015e57f362563041f984) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Marcel de Rooy [Fri, 21 Jan 2022 10:50:59 +0000 (10:50 +0000)]
Bug 29914: Remove warn on timeout
The value of the system preference 'timeout' is not correct, defaulting to 600.
Caused by previous test. Actually an omission in another sub that
does not seem to support 10x.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit eea32e6c5d39f5ec506b5c6cc81b390fcb6f8c52) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Fri, 21 Jan 2022 08:23:38 +0000 (09:23 +0100)]
Bug 29914: Add tests
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 3af901ae645a380d167fbc7b4e96bea892318d49) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Thu, 20 Jan 2022 09:10:05 +0000 (10:10 +0100)]
Bug 29914: Make check_cookie_auth compare the userid
check_cookie_auth is assuming that the user is authenticated if a cookie exists
and that the login/username exists in the DB.
So basically if you hit the login page, fill the login input with a
valid username, click "login"
=> A cookie will be generated, and the sessions table will contain a
line with this session id.
On the second hit, if the username is in the DB, it will be enough to be
considered authenticated.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7114dc2fb1a1440dd031ee771efee6e50bb86540) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Thu, 2 Dec 2021 08:04:14 +0000 (09:04 +0100)]
Bug 29544: Fix opac-issue-note.pl
We must check if logged in user is trying to modify one of their
checkouts
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Mon, 22 Nov 2021 13:56:58 +0000 (14:56 +0100)]
Bug 29544: Ensure logged in user is allowed to modify checkout note
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Mon, 6 Dec 2021 12:58:25 +0000 (13:58 +0100)]
Bug 29541: Prevent users from another group to access patron's images
We should respect group restrictions here.
Test plan:
Create a patron from another group of libraries and don't let them
access info from patrons outside of this group.
Access the following link and confirm that you can see the image only
for patrons from their group
/cgi-bin/koha/members/patronimage.pl?borrowernumber=XX
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Mon, 22 Nov 2021 14:29:58 +0000 (15:29 +0100)]
Bug 29541: Restrict access to patron's image to borrowers => * and circulate => *
The patron images is displayed on the 'circulation' and 'members'
modules.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Marcel de Rooy [Mon, 22 Nov 2021 07:55:47 +0000 (07:55 +0000)]
Bug 29540: Raise flagsrequired in modrequest
Test plan:
Try modrequest with a user having only 'catalogue' perms and the following URLs:
[1] /cgi-bin/koha/reserve/modrequest.pl?reserve_id=XX&CancelBorrowerNumber=XX&CancelItemnumber=XX&biblionumber=XX
Fill the XXs with correct identifiers for some item level hold.
[2] /cgi-bin/koha/reserve/modrequest_suspendall.pl?suspend=1&suspend_until=2021-12-01&borrowernumber=XX
Fill the XX with borrowernumber for borrower that has pending holds.
You should see: Error: You do not have permission to access this page.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[AMENDED] More consensus for using reserveforothers than circulate_remaining.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 15285ae209f5a98ab2e77c730b0b70ff0b29c283) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
David Cook [Thu, 22 Jul 2021 06:34:20 +0000 (06:34 +0000)]
Bug 28735: Self-checkout users can access opac-user.pl for sco user when not using AutoSelfCheckID
This patch makes the sandboxing of the selfcheckout more robust by
adding a "sco_user" session variable which is turned on when
logging into the self-checkout (either by AutoSelfCheckAllowed or manually).
If a user with this session variable turned on tries to access
other parts of the system (like the rest of the OPAC), it will
"kick out", so that the browser user will lose the authenticated session.
Test plan:
1) Apply the patch
2) koha-plack --restart kohadev
3) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
4) Note that you are logged into the self-checkout
So you see the login screen specific to the self-checkout.
To log with the actual patron. It's a nested auth.
5) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
6) Note that you are not logged into the OPAC
7) Log into the staff interface and disable the
system preference AutoSelfCheckAllowed
8) Log out of the staff interface (this step is very important)
9) Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
10) Note that you are prompted to log into Koha
11) Login using the "koha" user (when using koha-testing-docker)
12) Note that you are logged into the self-checkout
13) Go to http://localhost:8080/cgi-bin/koha/opac-main.pl
14) Note that you are not logged into the OPAC
Without the patch you would still be logged as "koha"
15) Go back to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
16) Note that you will need to log in again as you've lost your
session cookie
Without the patch you will still be logged in the self-checkout
Voila!
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6d022889a2fac79c9148dd5f20c36f926d66065c) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Owen Leonard [Tue, 11 Aug 2020 17:26:18 +0000 (17:26 +0000)]
Bug 26102: Prevent XSS when To.json is used: unimarc_field_4XX.tt
To test, edit a MARC framework to link a subfield to the
unimarc_field_4XX.tt. The process of triggering the plugin and selecting
a search result from the plugin popup should work correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit dbd13593538b8dbba9dfe9ff200b1d472ec0595b) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Owen Leonard [Tue, 11 Aug 2020 15:22:33 +0000 (15:22 +0000)]
Bug 26102: Prevent XSS when To.json is used: subscription-add.tt
Test the process of adding a subscription, entering both a valid vendor
ID and a non-existent vendor ID. The non-existent vendor ID should
trigger a validation alert.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 583aad8e48790443a14ac4b7dfe85fa1bdeb91a2) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Owen Leonard [Tue, 11 Aug 2020 15:05:59 +0000 (15:05 +0000)]
Bug 26102: Prevent XSS when To.json is used: guarantor_search.tt
To test, edit a patron record and go through the process of adding a
guarantor. In the guarantor search results table the address should be
displayed correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 11d0a05eb9f1a13c07f3c56d8e40dbbd1bc43938) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Owen Leonard [Tue, 11 Aug 2020 12:57:48 +0000 (12:57 +0000)]
Bug 26102: Prevent XSS when To.json is used: catalogue/results.tt
To test, perform a search in the catalogue and verify that search term
highlighting works correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0de86fd323545796d57d2e289c10a33970050716) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Owen Leonard [Tue, 11 Aug 2020 12:41:13 +0000 (12:41 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/blinddetail-biblio-search.tt
Test the process of searching for and selecting an authority record for
use in the basic MARC editor.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 57a2a82c504815d5d8e95c20be43611d96abcf13) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Owen Leonard [Tue, 11 Aug 2020 12:34:18 +0000 (12:34 +0000)]
Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt
Check that mandatory tags and subfields are correctly required when
editing an authority record.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d9ae296b23d6897070c6bb788387ab39e7da8f09) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Owen Leonard [Tue, 11 Aug 2020 12:31:26 +0000 (12:31 +0000)]
Bug 26102: Prevent XSS when To.json is used: admin/preferences.tt
Test that preference search term highlighting works correctly.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5df95693f93e1ef95f74eb4a118319e84ed7703e) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 5 Jan 2022 16:06:15 +0000 (16:06 +0000)]
Bug 29543: Set autocomplete off for SCO login fields
Cardnumber already had it set, adding for username and password
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 25856b460e3041c2a825c83d1abf0f48c77a9448) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 5 Jan 2022 15:37:49 +0000 (16:37 +0100)]
Bug 29543: Add Mojo::JWT dependency
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f07a666c2eb6338f1b450db9dcdc75cfb0d76601) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 5 Jan 2022 15:29:41 +0000 (15:29 +0000)]
Bug 29543: (follow-up) Add a warning to SelfCheckoutByLogin
This updates the language to warn users of risk if using cardnumber for login and auto-self-check is enabled
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b32dbaa9cfc43ddd9404a094a2d82c85936c0ba2) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 5 Jan 2022 14:25:48 +0000 (15:25 +0100)]
Bug 29543: Prevent user to checkin or renew items they don't own
Checkin or renew must be restricted to the items they own.
Test plan:
Create an item with barcode bc_1
Check it in to user A
Login to SCO with user B
Get the token using the browser dev tool, from the cookie
Hit (replace $JWT)
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=renew&barcode=bc_1
/cgi-bin/koha/sco/sco-main.pl?jwt=$JWT&op=returnbook&barcode=bc_1
You should see an error message
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 839b7c4a5c8bdba62776fdb74c5f2125622a9ff0) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 5 Jan 2022 11:47:10 +0000 (12:47 +0100)]
Bug 29543: Enforce authentication for self-checkout
The self-checkout feature is assuming a patron is logged in if patronid
is passed. It also assumes that "We're in a controlled environment; we
trust the user", which is terribly wrong!
This patch is suggesting to generate a JSON Web Token (JWT) to store in
a cookie and only allow action (renew, check in/out) is the token is
valid. The token is only generated once the user has been authenticated
And is removed when the user finish the session/logout.
Test plan:
You must know exactly how the self-checkout feature works to test this patch.
The 4 following sysprefs must be tested:
SelfCheckoutByLogin, AutoSelfCheckAllowed, AutoSelfCheckID, AutoSelfCheckPass
Confirm that you can renew, checkin for the items you own, and checkout new items.
Confirm that you are not allowed to access other account's info.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 77e21f30062dc23edb2c79f609d854d553e67f7c) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 5 Jan 2022 11:20:28 +0000 (12:20 +0100)]
Bug 29543: Add JWT token handling
Mojo::JWT is installed already, it's not a new dependency.
We need a way to send the patron a token when it's correctly logged in,
and not assumed it's logged in only if patronid is passed
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d978bf1506d761a6962d949f35b71f1740d0052a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 5 Jan 2022 10:25:12 +0000 (11:25 +0100)]
Bug 29543: Remove inputfocus variable
It's not used in template
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7ea2d7cd68bef8d59807f221a23a680361d24b1a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Jonathan Druart [Wed, 5 Jan 2022 10:24:12 +0000 (11:24 +0100)]
Bug 29543: Remove borrower variable
It's not needed, we have $patron
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4c398daaf5df0522e8c302eb342c1ec30d6a17a9) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug 28698: Fix news for all displays in all locations
Some news are used for custom text with a specific language, for example "opacheader".
The bug is that in these locations, news for all (staff and opac) are displayed.
This is because GetNewsToDisplay uses SQL :
opac_news.lang = '' OR opac_news.lang = ?
This patch is a quick fix.
This feature maybe needs a big revamping.
Test plan :
1) Remove any news
2) Create a news with empty 'Display location' and some content
3) Display OPAC interface
4) without patch you see in location of 'opacheader', 'opacnavright' ... the content
of the news
5) With patch you see content of the news only in news table
6) Create a news for opacheader
7) Check it appears in correct language
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 33369d2522c23230e9f755466b19f9c032629365) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Marcel de Rooy [Fri, 19 Nov 2021 07:54:37 +0000 (07:54 +0000)]
Bug 29437: (QA follow-up) Update TODO in Breeding.t
We now have some tests for BreedingSearch.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0b428c36db956965bad008f419047aac0b7608d8) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Marcel de Rooy [Fri, 19 Nov 2021 07:53:26 +0000 (07:53 +0000)]
Bug 29437: (QA follow-up) Remove Business::ISBN from addbooks
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0b02e9ed4cd42d16a1fdd0673e77f15ed8a21c0f) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Mon, 8 Nov 2021 19:24:36 +0000 (19:24 +0000)]
Bug 29437: Search reservoir for term as title, author, or variations of ISBN
The code in the script and the module attempt to determine whether a term is an isbn, or not. Rather
than try to do this, we can simply search it on the three fields: isbn, title, author
Additionally, we should search as any of the ISBN variations to broaden our matches
Note: Curently only an ISBN 10 is stored in import biblios, so for an ISBN13 that doesn't convert
the value will be blank - this is another bug
To test:
1 - Perform a cataloging search for a valid ISBN 13 with no ISBN10 counterpart: 9798200834976
2 - 500 error
3 - Apply patch
4 - Repeat, no results
5 - Import some records
6 - Search by title/author/isbn
7 - Confirm searching works as expected
WNC amended to fix spelling
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
AMENDED: Useless call of ISBNs (plural) when you only pass one parameter.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b422b7af2392440c5a4ca83b0740dceb262b9cd4) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 10 Nov 2021 13:33:41 +0000 (13:33 +0000)]
Bug 29437: Unit tests
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4c2fc8eac541a4eef624e7be88844cf058bad398) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Lucas Gass [Mon, 25 Oct 2021 22:52:22 +0000 (22:52 +0000)]
Bug 29319: Use Business::ISBN to check ISBNs on addbooks.pl/cataloging search
To test:
1. Go to cataloging search and enter something like "7th Heaven".
2. Get an error when searching, Koha thinks you entered an ISBN
3. Apply patch
4. Try the same search, it should be a proper title search now
5. Find some stuff in the catalog with ISBN numbers in them.
6. The search should properly return ISBN13/ISBN10 searches, without with out the '-'.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 14c8d4c230ff96932ab87099f7594f311ffc4562) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Thu, 21 Oct 2021 10:31:18 +0000 (10:31 +0000)]
Bug 29284: (follow-up) Fix code that I copied from too
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c32cca53bdfe07a3ee27ebac36c7aae3d51c68d9) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Thu, 21 Oct 2021 10:26:12 +0000 (10:26 +0000)]
Bug 29284: (follow-up) Improve error logging to prevent warns
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cf29caf39fed2d81262735fe7893a1ac3a8d59b1) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Thu, 21 Oct 2021 10:08:05 +0000 (10:08 +0000)]
Bug 29284: Unit test
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fa56c8b069b3d8e3aa4651d39e98db5f45883de8) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 20 Oct 2021 12:49:42 +0000 (12:49 +0000)]
Bug 29284: Handle the case of an exclamation point in parentheses
This expands the regex to handle this specific case
To test:
1 - Load record created for last patch
2 - Note analytics error
3 - Apply patch
4 - Restart and reload
5 - No more errorm also no Analytics link
6 - Add a 773$t to a record with title used before:
Digger does it all (not really!)
7 - reload the initial record
8 - See 'Show analytics' link
9 - Click the link
10 - You should end up on the record you added the 773 to
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7c74eb91248cbdc383e5b3d0d1c48c4ae5d570a3) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 20 Oct 2021 12:46:07 +0000 (12:46 +0000)]
Bug 29284: Don't die on analytics searching error
This patch adds an eval around the call to search for analytic records
It pases a value to the template on the staff side, but logs the warning on
the opac
This seems similar to 'decoding_error' which is noted on staff side, but absent on OPAC
The eval follows the patter used during searching
To test:
1 - Add a title to catalog, with 245a:
Digger does it all (not really!)
2 - Set searchEngine preference to: Elasticsearch
3 - The record does not load
4 - Apply patch
5 - The record loads, there is a note about analytics at the top fo the record
6 - View record in opac, no note
7 - Check logs on intranet and opac, searching error is logged
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ab13f33eaee2599beb376366524d92afa79df034) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Wed, 1 Sep 2021 14:58:04 +0000 (15:58 +0100)]
Bug 28316: (QA follow-up) Make clean_search_term public
With all the work that's gone into improving the internal
_clean_search_term method I feel we should expose it publically as it's
going to be more widely helpful
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 641e8e4096b8d55afb534d593743154807f77221) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Mon, 6 Sep 2021 13:46:45 +0000 (16:46 +0300)]
Bug 28316: escape ES ranges if QueryAutoTruncate is enabled
if QueryAutoTruncate enabled we will have any special operators ruined
for example: "test [6 TO 7]" will be converted to "test* [6* TO* 7]"
so no reason to keep ranges when QueryAutoTruncate set to "enabled"
1) enable QueryAutoTruncate at your sysprefs.
2) perform a search using range, for example: "[1999 TO 2020]",
it shouldn't work the way it's supposed to.
3) apply the patch.
4) perform the same search with range, ensure that it works correctly.
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e84759dfee9a4323a17146b88aba9d717ca0bb75) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Mon, 14 Jun 2021 13:38:51 +0000 (16:38 +0300)]
Bug 28316: avoid messing up regexes in the search queries
This patch ensures that the behavior with
QueryRegexEscapeOptions set to values other than
"Escape" still will works as expected.
It does so by storing the contents of regexes
before escaping special characters and
then restores the contents of regexes back to how
it was before, ensuring that searching with regex is possible.
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 59c26ce5f35f3f18830090b048d0cd6c2a1eb6fc) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Fri, 18 Jun 2021 07:44:56 +0000 (10:44 +0300)]
Bug 28316: escape exclamation signs in the query
Currently having exclamation sign at the end of the query makes ES
search fail, and when you try to search for a book that has exclamation
sign in the tittle (something like "Words! words") won't show results
correctly as it tries to negate everything that is after exclamation
sign, making it impossible to search for books that have in in the title
This patch escapes exclamation signs if it's at the end of the query or
has a space after it, resolving both of the issues listed above.
To reproduce:
1) with ES enabled, search for the book with title that contains
exclamation sight at the end, like "book!", this search should result
in error.
2) do another search, but this time find/prepare beforehand book with a
title that has exclamation sign with a space after it,
e.g "exclamation! sign", it shouldn't find it as ES treats everything
after that exclamation sign as negation.
2) apply the patch.
3) perform searches from the steep one and two again.
Search from step one should no longer fail, while search from the step
two should find that book.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cb156ac13224f03db8ce0bd1373335b7d4052437) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Tue, 13 Jul 2021 09:13:03 +0000 (12:13 +0300)]
Bug 28316: escape brackets in the search query
This patch screens square and curly brackets which have no special
language meaning.
To reproduce:
1) using ES, search for the book with title that contains
square and/or curly brackets, like "book [second edition]", which will
result in error.
2) apply the patch.
3) search for that book again, ensure that it works now.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 952b5a6a469460e926905d6582688dd903988aad) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Fri, 18 Jun 2021 07:43:14 +0000 (10:43 +0300)]
Bug 28316: screen unquoted semicolons and all followup colons
Currently searches like: "book:", ":book" and "host-item:test:n"
cause internal server errors.
This patch adds additional regexes that remove the colons at the start
and end of the query, and another regex that screens all follow-up
colons that go after the first colon to avoid errors when searching for
"host-item:test:n".
To reproduce:
1) using ES, search for the book with title that contains
semicolon at the start or at the end of the line, separated with spaces,
this should cause internal server error.
2) try doing the same with something like "host-item:test:n", it should
result in error as well.
3) apply the patch.
4) repeat steps 1-2, ensure that it works now.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5b4b14e493fef9f8f84060b6b5d83fbdcccfc65e) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Tue, 15 Jun 2021 07:40:27 +0000 (10:40 +0300)]
Bug 28316: add tests
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 405812b407f77de2d60c8f4534728399068789d8) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Fri, 3 Dec 2021 15:29:00 +0000 (15:29 +0000)]
Bug 27801: Fix javascript price calculations
This patch ensures we're formatting the price values consistently for
the table total and the amount to pay input field.
Test plan
1) Add an item to charge at 0.10.
2) Add this same item 8 or 9 times (Do not use the 'quantity')
3) Note that the table total and the 'Amount paid' values do not match
4) Apply the patch and repeat the above steps.. the values should now
match.
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7e72a7dde5a73ed6177b321d29fca0df13f08f2c)
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
(cherry picked from commit 9e16f33b37aaf107ff3293df0cd3da5f94563c81) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Thu, 21 Oct 2021 10:31:18 +0000 (10:31 +0000)]
Bug 29284: (follow-up) Fix code that I copied from too
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c32cca53bdfe07a3ee27ebac36c7aae3d51c68d9) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Thu, 21 Oct 2021 10:26:12 +0000 (10:26 +0000)]
Bug 29284: (follow-up) Improve error logging to prevent warns
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cf29caf39fed2d81262735fe7893a1ac3a8d59b1) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 20 Oct 2021 12:49:42 +0000 (12:49 +0000)]
Bug 29284: Handle the case of an exclamation point in parentheses
This expands the regex to handle this specific case
To test:
1 - Load record created for last patch
2 - Note analytics error
3 - Apply patch
4 - Restart and reload
5 - No more errorm also no Analytics link
6 - Add a 773$t to a record with title used before:
Digger does it all (not really!)
7 - reload the initial record
8 - See 'Show analytics' link
9 - Click the link
10 - You should end up on the record you added the 773 to
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7c74eb91248cbdc383e5b3d0d1c48c4ae5d570a3) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Thu, 21 Oct 2021 10:08:05 +0000 (10:08 +0000)]
Bug 29284: Unit test
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fa56c8b069b3d8e3aa4651d39e98db5f45883de8) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Nick Clemens [Wed, 20 Oct 2021 12:46:07 +0000 (12:46 +0000)]
Bug 29284: Don't die on analytics searching error
This patch adds an eval around the call to search for analytic records
It pases a value to the template on the staff side, but logs the warning on
the opac
This seems similar to 'decoding_error' which is noted on staff side, but absent on OPAC
The eval follows the patter used during searching
To test:
1 - Add a title to catalog, with 245a:
Digger does it all (not really!)
2 - Set searchEngine preference to: Elasticsearch
3 - The record does not load
4 - Apply patch
5 - The record loads, there is a note about analytics at the top fo the record
6 - View record in opac, no note
7 - Check logs on intranet and opac, searching error is logged
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ab13f33eaee2599beb376366524d92afa79df034) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Martin Renvoize [Wed, 1 Sep 2021 14:58:04 +0000 (15:58 +0100)]
Bug 28316: (QA follow-up) Make clean_search_term public
With all the work that's gone into improving the internal
_clean_search_term method I feel we should expose it publically as it's
going to be more widely helpful
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 641e8e4096b8d55afb534d593743154807f77221) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Mon, 6 Sep 2021 13:46:45 +0000 (16:46 +0300)]
Bug 28316: escape ES ranges if QueryAutoTruncate is enabled
if QueryAutoTruncate enabled we will have any special operators ruined
for example: "test [6 TO 7]" will be converted to "test* [6* TO* 7]"
so no reason to keep ranges when QueryAutoTruncate set to "enabled"
1) enable QueryAutoTruncate at your sysprefs.
2) perform a search using range, for example: "[1999 TO 2020]",
it shouldn't work the way it's supposed to.
3) apply the patch.
4) perform the same search with range, ensure that it works correctly.
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e84759dfee9a4323a17146b88aba9d717ca0bb75) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Mon, 14 Jun 2021 13:38:51 +0000 (16:38 +0300)]
Bug 28316: avoid messing up regexes in the search queries
This patch ensures that the behavior with
QueryRegexEscapeOptions set to values other than
"Escape" still will works as expected.
It does so by storing the contents of regexes
before escaping special characters and
then restores the contents of regexes back to how
it was before, ensuring that searching with regex is possible.
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 59c26ce5f35f3f18830090b048d0cd6c2a1eb6fc) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Fri, 18 Jun 2021 07:44:56 +0000 (10:44 +0300)]
Bug 28316: escape exclamation signs in the query
Currently having exclamation sign at the end of the query makes ES
search fail, and when you try to search for a book that has exclamation
sign in the tittle (something like "Words! words") won't show results
correctly as it tries to negate everything that is after exclamation
sign, making it impossible to search for books that have in in the title
This patch escapes exclamation signs if it's at the end of the query or
has a space after it, resolving both of the issues listed above.
To reproduce:
1) with ES enabled, search for the book with title that contains
exclamation sight at the end, like "book!", this search should result
in error.
2) do another search, but this time find/prepare beforehand book with a
title that has exclamation sign with a space after it,
e.g "exclamation! sign", it shouldn't find it as ES treats everything
after that exclamation sign as negation.
2) apply the patch.
3) perform searches from the steep one and two again.
Search from step one should no longer fail, while search from the step
two should find that book.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cb156ac13224f03db8ce0bd1373335b7d4052437) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Tue, 13 Jul 2021 09:13:03 +0000 (12:13 +0300)]
Bug 28316: escape brackets in the search query
This patch screens square and curly brackets which have no special
language meaning.
To reproduce:
1) using ES, search for the book with title that contains
square and/or curly brackets, like "book [second edition]", which will
result in error.
2) apply the patch.
3) search for that book again, ensure that it works now.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 952b5a6a469460e926905d6582688dd903988aad) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Fri, 18 Jun 2021 07:43:14 +0000 (10:43 +0300)]
Bug 28316: screen unquoted semicolons and all followup colons
Currently searches like: "book:", ":book" and "host-item:test:n"
cause internal server errors.
This patch adds additional regexes that remove the colons at the start
and end of the query, and another regex that screens all follow-up
colons that go after the first colon to avoid errors when searching for
"host-item:test:n".
To reproduce:
1) using ES, search for the book with title that contains
semicolon at the start or at the end of the line, separated with spaces,
this should cause internal server error.
2) try doing the same with something like "host-item:test:n", it should
result in error as well.
3) apply the patch.
4) repeat steps 1-2, ensure that it works now.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5b4b14e493fef9f8f84060b6b5d83fbdcccfc65e) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Petro Vashchuk [Tue, 15 Jun 2021 07:40:27 +0000 (10:40 +0300)]
Bug 28316: add tests
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 405812b407f77de2d60c8f4534728399068789d8) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Marcel de Rooy [Fri, 12 Nov 2021 08:55:42 +0000 (08:55 +0000)]
Bug 29330: (QA follow-up) Change to message/rfc822
This content-type might be more appropriated to use as a temporary
label for the serialized email message with attachments.
WARNING: perl -cw tells you that the constant is redefined. This has
to do with an already existing module dependency loop of Letters.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 53127abc0377bc3f04364c4183baacef3d4c95c4) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: tidied.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6c961026789ef1dfdd3ebd4ed18469fef7bd649b) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Bug 29330: Restore handling of serialized MIME messages in message_queue
This patch changes how multipart MIME messages are handled on the
message_queue table.
The email, with the required attachments, is now generated using
Koha::Email, and serialized using Koha::Email->as_string.
This bug also adds Koha::Email->new_from_string which is used to read
that data from the DB, and produce a Koha::Email object, that can be
further augmented/modified using regular Koha::Email methods.
This implementation should be considered a middle ground, with
backportability in mind. higher-level methods should encapsulate setting
the default headers and addresses, to clean the area a bit further.
Preparation:
- You need a valid SMTP configuration in koha-conf.xml. If you use Gmail
you can generate an 'app password' and set things like this:
<smtp_server>
<host>smtp.gmail.com</host>
<port>587</port>
<timeout>5</timeout>
<ssl_mode>STARTTLS</ssl_mode>
<user_name>youraddress@gmail.com</user_name>
<password>youpassword</password>
<debug>1</debug>
</smtp_server>
- Set KohaAdminAddress to your address.
To test:
1. Pick a patron. Make sure it doesn't have any email address (Acevedo?)
2. Set an overdue notice trigger for its category
3. Check something out, with due date in the past to force an overdue
4. Run:
$ kshell
k$ misc/cronjobs/overdue_notices.pl -v
k$ exit
$ koha-mysql kohadev
> SELECT * FROM message_queue WHERE borrowernumber=the_borrowernumber;
=> SUCCESS: A notice has been created
5. Run:
$ kshell
k$ misc/cronjobs/process_message_queue.pl --verbose
=> SUCCESS: SMTP is ok => Email is sent
=> FAIL: Your inbox shows an email with weird content
6. Apply this patches
7. Run:
$ koha-mysql kohadev
> DELETE FROM message_queue;
8. Repeat 4 and 5
=> SUCCESS: You got an email with an attachment!
=> SUCCESS: The attachment contains an email that couldn't be delivered!
9. Try all the things that enqueue messages :-D
=> SUCCESS: No behavior change
10. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Edited the POD, restoring a few lines that describe the needed hash
keys of the attachments.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 54546da3f07380375470bc130f15a33830419ac8) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
This patch introduces a new method to Koha::Email. This method allows us
to parse a MIME email to initialize the Koha::Email object. This is
particularly important when we are restoring emails from the DB. i.e.
from the *message_queue* table.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/Koha/Email.t
=> SUCCESS: Tests pass! Koha::Email->new_from_string is the correct
counterpart for Koha::Email->as_string!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2d6a189e89cc81eff50cdd3a71f7eacc34287b3a) Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>