]> git.koha-community.org Git - koha.git/log
koha.git
7 years agoBug 19198: (QA followup) Fix typo in conditions
Nick Clemens [Wed, 13 Sep 2017 11:59:19 +0000 (11:59 +0000)]
Bug 19198: (QA followup) Fix typo in conditions

'&' should be '&&'

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19198: Renewal as issue causes too many error
Nick Clemens [Tue, 29 Aug 2017 14:25:20 +0000 (14:25 +0000)]
Bug 19198: Renewal as issue causes too many error

This patch moves some code and prevents checking for too many checkouts
when performing a renewal via checkout

To test:
1 - Set a rule to limit checkouts to a single issue, allowing renewal
2 - Issue an item to a patron
3 - Issue the same item
4 - In staff client you get a confirm to renew and a notice of Too Many
checkouts, don't confirm
5 - VIA Sip - you get a renewal response, but in logs the renewal fails
as a 'too
6 - Apply patch
7 - Via staff client you shoudl get renewal confirm with no too many
error
8 - SIP checkout should renew

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19198: Unit tests
Nick Clemens [Tue, 29 Aug 2017 14:10:54 +0000 (14:10 +0000)]
Bug 19198: Unit tests

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19374: CircSidebar overlapping transferred items table
Lari Taskula [Wed, 27 Sep 2017 14:59:55 +0000 (17:59 +0300)]
Bug 19374: CircSidebar overlapping transferred items table

When CircSidebar is activated, "Transferred items" table at
Circulation -> Transfers goes under the sidebar. This patch fixes the issue.

To test:
1. Enable CircSidebar system preference
2. Go to cgi-bin/koha/circ/branchtransfers.pl
3. Enter a barcode and click submit
4. Observe transferred items table under the circulation side bar
5. Apply patch
6. Enter a barcode and click submit
7. Observe transferred items is now correctly displayed
8. Also test with CircSidebar system preference deactivated

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 19374: (follow-up) Remove stray closing div tag

To test:
1. Apply first patch and validate the document e.g. here
   https://validator.w3.org/#validate_by_input
2. Observe "Stray end tag div." error
3. Apply this patch and validate again
4. Observe no errors
5. Go through test plan from first patch to make sure things still look nice

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19135: Restore AllowHoldsOnPatronsPossessions behaviour
Kyle M Hall [Thu, 20 Jul 2017 18:28:20 +0000 (14:28 -0400)]
Bug 19135: Restore AllowHoldsOnPatronsPossessions behaviour

Bug caused by
  commit bc39f0392bbebaad4c083f81308f652a325be042
  Bug 14695 - Add ability to place multiple item holds on a given record per patron

Test Plan:
1) Set AllowHoldsOnPatronsPossessions to "Don't"
2) Check out an item to a patron
3) Place a hold on that item for the same patron
4) Note you are allowed to with no alert
5) Delete the hold
6) Apply this patch
7) Place a hold on that item for the same patron
8) Note you recieve an alert now

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19260: [QA Follow-up] Remove obsolete $dbh
Marcel de Rooy [Fri, 6 Oct 2017 09:05:49 +0000 (11:05 +0200)]
Bug 19260: [QA Follow-up] Remove obsolete $dbh

The variable is no longer used.
Removed a few empty lines on the way.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19260: Holds marked as problems being seen as expired ones and deleted wrongly
Josef Moravec [Thu, 5 Oct 2017 20:37:25 +0000 (20:37 +0000)]
Bug 19260: Holds marked as problems being seen as expired ones and deleted wrongly

Test plan:
0) Apply just the first patch - the one with test
1) Run t/db_dependent/Reserves.t - test for CancelExpiredReserves should
fail
2) Apply the second patch
3) t/db_dependent/Reserves.t should pass now

Followed test plan, patch worked as described. Passes QA test tool

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19260: Add test for CancelExpiredReserves
Josef Moravec [Thu, 5 Oct 2017 20:36:31 +0000 (20:36 +0000)]
Bug 19260: Add test for CancelExpiredReserves

Passes QA test tool
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19388: FIX display item status if item is checked out
Jonathan Druart [Fri, 29 Sep 2017 14:49:30 +0000 (11:49 -0300)]
Bug 19388: FIX display item status if item is checked out

In course reserves, if an item which was added to a course is checked
out, it is not possible to show details for that course on OPAC.
The error says: "Template process failed: undef error - The method
onsite_checkout is not covered by tests! at
/home/koha/src/C4/Templates.pm line 121."

onsite_checkout is an attribute of Koha::Checkout, not Koha::Item

Test plan:
Create a course with 2 items that are checked out (standard and on-site)
At the OPAC, add them to your cart and confirm the status of these 2
items is correct
Confirm that on the detail page of the bib record as well as the detail
of the course.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19122: (bug 18098 follow-up) Fix IncludeSeeFromInSearches behaviour
Jonathan Druart [Mon, 2 Oct 2017 17:11:52 +0000 (14:11 -0300)]
Bug 19122: (bug 18098 follow-up) Fix IncludeSeeFromInSearches behaviour

The IncludeSeeFromInSearches system preference is designed so that 'See from' headings from the authorities are included when you search in the catalog.
That means that you could find an author not only by the name printed on the book, but for example also by their pseudonym or a different spelling of their name.

It was added by bug 7417.

This regression has been introduced by
  commit 5ef1b6710e7520b844e145e248da0deeee707fde
  Bug 18098: Add an index with the count of not onloan items

-        } elsif ($record_type eq 'biblio' && C4::Context->preference('IncludeSeeFromInSearches')) {
-            my $normalizer = Koha::RecordProcessor->new( { filters => 'EmbedSeeFromHeadings' } );
[...]
+            push @filters, 'IncludeSeeFromInSearches'
+                if C4::Context->preference('IncludeSeeFromInSearches');

Test plan:
- Activate IncludeSeeFromInSearches
- Catalog an authority for a person
  - main heading in 100
  - see from headings in 400
- Catalog a bibliographic record and link it to the authority
- Make sure the record is indexed
- Verify that the record can be found searching for the main heading
- Verify that the record can be found searching for the see from headings

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Yet another reason to get rid of all this functions from this script.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19405: Prevent api/v1/holds.t to fail randomly
Jonathan Druart [Tue, 3 Oct 2017 22:20:18 +0000 (19:20 -0300)]
Bug 19405: Prevent api/v1/holds.t to fail randomly

DBD::mysql::st execute failed: Duplicate entry 'cEMggO40gdPLhcVXbpry8x0izO8lHr8NafFIBJwm0D1HgiXA57YR0a0VVxhQBzvn' for key 'userid' [for Statement "INSERT INTO `borrowers` ( `branchcode`, `categorycode`, `flags`, `surname`, `userid`) VALUES ( ?, ?, ?, ?, ? )" with ParamValues: 0='N2ElsY9', 1='Kk8G', 2=80, 3='Test Surname', 4='cEMggO40gdPLhcVXbpry8x0izO8lHr8NafFIBJwm0D1HgiXA57YR0a0VVxhQBzvnnbgezJqmxqwz'] at /usr/share/perl5/DBIx/Class/Storage/DBI.pm line 1832.
DBIx::Class::Storage::DBI::_dbh_execute(): Duplicate entry 'cEMggO40gdPLhcVXbpry8x0izO8lHr8NafFIBJwm0D1HgiXA57YR0a0VVxhQBzvn' for key 'userid' at /kohadevbox/koha/Koha/Object.pm line 121
[18:52:19] t/db_dependent/api/v1/holds.t

Reading the code I guess it happens if TestBuilder generates a userid with the size of borrowers.userid (75 chars). In that case the following lines are wrong:

$borrower->userid($nopermission->{ userid }."z");
$borrower2->userid($nopermission->{ userid }."x");
$borrower3->userid($nopermission->{ userid }."y");

The 3 patrons will have the same userid.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19403: Prevent Circulation.t to fail randomly
Jonathan Druart [Tue, 3 Oct 2017 17:16:02 +0000 (14:16 -0300)]
Bug 19403: Prevent Circulation.t to fail randomly

Due to the number of test cases handle by CanBookBeIssued, Circulation.t
fails randomly. To prevent that it is better to set some values.
For instance if the patron is a statistical patron (category_type=X),
the subroutine will return a STATS flag.

This patch also adds a subroutine to the test file to display the keys
of $error, $question and $alert set by CanBookBeIssued.
It will be easier to track other random failures.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19403: Add some default values when building patrons for test
Jonathan Druart [Tue, 3 Oct 2017 17:15:47 +0000 (14:15 -0300)]
Bug 19403: Add some default values when building patrons for test

To avoid some tests to fail randomly

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19350: Add tests
Jonathan Druart [Tue, 3 Oct 2017 15:15:30 +0000 (12:15 -0300)]
Bug 19350: Add tests

7 years agoBug 19350 - Holds without link in 773 trigger SQL::Abstract::puke
Dobrica Pavlinusic [Wed, 20 Sep 2017 14:01:16 +0000 (16:01 +0200)]
Bug 19350 - Holds without link in 773 trigger SQL::Abstract::puke

Test:
1. find bibio without items which has something in field 773
   (for us, it's article) but doesn't have 0 or 9 (host item entry)
2. click on hold in left menu
3. verify application error
4. apply patch and verify that it works

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
7 years agoBug 16726: Do not display "You searched for:" if not needed
Jonathan Druart [Tue, 3 Oct 2017 14:03:43 +0000 (11:03 -0300)]
Bug 16726: Do not display "You searched for:" if not needed

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19276: Update the number of tests
Jonathan Druart [Fri, 29 Sep 2017 22:39:34 +0000 (19:39 -0300)]
Bug 19276: Update the number of tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18120: Tidy up
Jonathan Druart [Fri, 29 Sep 2017 20:08:28 +0000 (17:08 -0300)]
Bug 18120: Tidy up

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18120: (QA followup) Add POD to controler class
Tomas Cohen Arazi [Fri, 22 Sep 2017 18:37:41 +0000 (15:37 -0300)]
Bug 18120: (QA followup) Add POD to controler class

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18120: (QA followup) 'vendors_manage' permission fits better than full acq
Tomas Cohen Arazi [Thu, 24 Aug 2017 17:36:07 +0000 (14:36 -0300)]
Bug 18120: (QA followup) 'vendors_manage' permission fits better than full acq

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18120: Update field descriptions
Katrin Fischer [Tue, 15 Aug 2017 21:58:19 +0000 (23:58 +0200)]
Bug 18120: Update field descriptions

Trying to clarify some of the descriptions.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18120: Add '/acquisitions/vendors' endpoint
Tomas Cohen Arazi [Tue, 28 Feb 2017 12:00:07 +0000 (09:00 -0300)]
Bug 18120: Add '/acquisitions/vendors' endpoint

This patch introduces an /acquisitions/vendors endpoint.
To test:
- Apply the patch
- Run:
  $ sudo koha-shell kohadev
 k$ prove t/db_dependent/api/v1/acquisitions_vendors.t
=> SUCCESS: Tests pass
- Sign off :-D

Sponsored-by: ByWater Solutions
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18120: /acquisitions/vendors unit tests
Tomas Cohen Arazi [Mon, 6 Mar 2017 19:40:11 +0000 (16:40 -0300)]
Bug 18120: /acquisitions/vendors unit tests

This patch introduces unit tests that need to be passed by an
/acquisitions/vendors/ REST endpoint.

To test:
- Apply the patch
- Run:
  $ sudo koha-shell kohadev
 k$ prove t/db_dependent/api/v1/acquisitions_vendors.t
=> FAIL: The endpoint is not present, should fail.

Sponsored-by: ByWater Solutions
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19392: Clean-up behind auth_values_input_www.t
Jonathan Druart [Fri, 29 Sep 2017 19:28:13 +0000 (16:28 -0300)]
Bug 19392: Clean-up behind auth_values_input_www.t

The two categories created by this test script are not removed

Test plan:
without this patch, the two authorised value categories 学協会μμ and
tòmas are not removed when the script finishes.
Now it does!

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19391: (bug 19128 follow-up) Fix failing tests from auth_values_input_www.t
Jonathan Druart [Fri, 29 Sep 2017 19:16:56 +0000 (16:16 -0300)]
Bug 19391: (bug 19128 follow-up) Fix failing tests from auth_values_input_www.t

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 13912: DBRev 17.05.00.010
Jonathan Druart [Fri, 29 Sep 2017 19:49:06 +0000 (16:49 -0300)]
Bug 13912: DBRev 17.05.00.010

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 13912: (QA followup) Make it explicit that syspref applies to MARC21
Tomas Cohen Arazi [Wed, 20 Sep 2017 13:52:16 +0000 (10:52 -0300)]
Bug 13912: (QA followup) Make it explicit that syspref applies to MARC21

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 13912: (QA followup) Update database
Tomas Cohen Arazi [Thu, 7 Sep 2017 19:18:00 +0000 (16:18 -0300)]
Bug 13912: (QA followup) Update database

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 13912: Fix LOC link
Josef Moravec [Thu, 26 Mar 2015 08:10:13 +0000 (09:10 +0100)]
Bug 13912: Fix LOC link

Signed-off-by: m23 <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 13912: Add DefaultCountryField008 syspref
Josef Moravec [Thu, 26 Mar 2015 07:46:45 +0000 (08:46 +0100)]
Bug 13912: Add DefaultCountryField008 syspref

This syspref is going to be used for populating field 008, range 15-17
with a desired default. It is currently hardcoded to 'xxu'. If not set,
it will still fallback to 'xxu'.

Signed-off-by: m23 <black23@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18422: (QA follow-up) Check if select2 is available before using it
Julian Maurice [Fri, 29 Sep 2017 13:52:50 +0000 (15:52 +0200)]
Bug 18422: (QA follow-up) Check if select2 is available before using it

cataloging.js might not always be loaded with select2.js, so we should
check its availability to prevent JS errors

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18422 - Add Select2 to authority editor
Oleg Vasylenko [Wed, 12 Apr 2017 07:45:48 +0000 (10:45 +0300)]
Bug 18422 - Add Select2 to authority editor

Overview:
Repeat tag fails if authority field has select subfield (for example, UNIMARC 700$8, 800$a)
This patch adds Select2 to authority editor

Steps to Reproduce:
In authority editor repeat field that has select subfield

Actual Results:
Field does not repeat (copy is not created).
Console shows a js TypeError in cataloging.js: «$(...).select2 is not a function»

Expected Results:
Field will repeat (copy is created)

Additional Information:
Error happens in version 16.11+ after adding Select2 js functions. The easiest way to fix is to add Select2 to authority editor

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19307: Mock the AllowFineOverride preference to ensure expected result
Nick Clemens [Wed, 13 Sep 2017 12:06:50 +0000 (12:06 +0000)]
Bug 19307: Mock the AllowFineOverride preference to ensure expected result

To test:
 1 - Set 'AllowFineOverride' to allow
 2 - prove t/db_dependent/Circulation/NoIssuesChargeGuarantees.t
 3 - 1 test fails
 4 - Apply patch
 5 - prove t/db_dependent/Circulation/NoIssuesChargeGuarantees.t
 6 - All tests pass
 7 - Set 'AllowFineOverride' to 'Don't allow'
 8 - Tests should still pass

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19344: DBRev 17.05.00.009
Jonathan Druart [Fri, 29 Sep 2017 19:47:04 +0000 (16:47 -0300)]
Bug 19344: DBRev 17.05.00.009

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19344: Reorder lang and login_attempts in the [deleted]borrowers tables
Jonathan Druart [Tue, 19 Sep 2017 16:32:31 +0000 (13:32 -0300)]
Bug 19344: Reorder lang and login_attempts in the [deleted]borrowers tables

Due to a bad rebase, the borrowers and deletedborrowers table structure
may different from a new install and upgraded install
For new installs, the order was: lang, login_attempts
For upgraded installs, it was lang, last_seen, login_attempts

After this patch, the order must be:
- last_seen
- lang
- login_attempts

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19317: (bug 18966 follow-up) Remove leftover
Jonathan Druart [Thu, 14 Sep 2017 13:57:40 +0000 (10:57 -0300)]
Bug 19317: (bug 18966 follow-up) Remove leftover

Nothing important here, but this line should have been removed by bug
18966:

2177         # Update the fines
2178         $dbh->do(q|UPDATE accountlines SET issue_id = ? WHERE
issue_id = ?|, undef, $old_checkout->issue_id, $issue->issue_id);

The issue_id is now the same when moved from issues to old_issues. We do
not need to update the accountlines table.

No test plan here, you need to understand previous changes to validate
this patch.

Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19276: (bug 17829 follow-up) Fix Statistic patrons behaviour
Jonathan Druart [Fri, 8 Sep 2017 15:47:03 +0000 (12:47 -0300)]
Bug 19276: (bug 17829 follow-up) Fix Statistic patrons behaviour

Bug 17829 must have been handle this specific case: GetMember set
category_type, but now $borrower is a Koha::Patron unblessed and does
not contain the category_type.
The fix is to call ->category->category_type on the Koha::Patron object
to be able to know if they are a statistic patrons.

Test plan:
Run the tests

Tests pass, as does QA test tool
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18999: (QA followup) ModReceiveOrder expects a hashref
Tomas Cohen Arazi [Fri, 29 Sep 2017 14:29:24 +0000 (11:29 -0300)]
Bug 18999: (QA followup) ModReceiveOrder expects a hashref

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18999: Modified SQL query in GetBudgetSpent() in C4/Budgets.pm
Alex Buckley [Sat, 22 Jul 2017 19:19:44 +0000 (19:19 +0000)]
Bug 18999: Modified SQL query in GetBudgetSpent() in C4/Budgets.pm

Removed the SQL select condition 'AND closedate IS NOT NULL' because
this was not returning shippingcost values and it does not exist in the
SQL query to return the shipping cost in spent.pl

Also removed the retrieval of shipping cost and the associated addition
of item(s) cost and shipping cost in GetBudgetOrdered() in C4/Budgets.pm
to prevent the shipping costs being subtracted off the fund total twice

Test plan:
1. Go to Acquisition and create a currency, budget (make this value of
100), fund ( make this the value of 50), vendor (if
neccessary)

2. Create a basket and click 'Add to basket'

3. Add 2 items with the vendor price of 10

4. Click 'Receive shipment' and write in the shipment cost of 6

5. Click 'Finish receiving' and go back to Acquisitions

6. Notice the spent column value is 0.00 but if you click on the value then
the spent.pl page is displayed and shows that the shipment cost was 6.00

7. On the acquisition page also notice that the ordered column value is 26.00

8. Click on the name of the fund and notice the spent column value is
0.00 in the fund page table

9. Apply patch

10. Refresh acquisition page and notice that 6.00 is the value in the
Spent column and 20.00 is the value in the ordered column. Both of which
match the subtotal of the full-list tables displayed when you click on these
values

11. Also notice the spent value in the fund page table is 6.00

12 Observe the changes to GetBudgetSpent() and GetBudgetOrdered() C4/Budgets.pm and check they make sense

Sponsored-by: Catalyst IT
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18999: (QA followup) Minor fixes for tests
Alex Buckley [Sat, 16 Sep 2017 07:52:25 +0000 (07:52 +0000)]
Bug 18999: (QA followup) Minor fixes for tests

Removed unneccessary declaration of $budget and changed
Koha::Acquisition::Order->new->insert into
Koha::Acquisition::Order->new->store as requested in tester feedback

Test plan:
1. Go into your koha-shell

2. set the PERL5LIB variable

3. Run t/db_dependent/Budgets.t

All tests should pass

Sponsored-by: Catalyst IT
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18999: Add regression tests
Alex Buckley [Fri, 18 Aug 2017 15:16:55 +0000 (15:16 +0000)]
Bug 18999: Add regression tests

Added regression test for GetBudgetSpent() and GetBudgetOrdered() into
the t/db_dependent/Budgets.t

Test plan:
1. Go into your koha-shell

2. set the PERL5LIB variable

3. Run t/db_dependent/Budgets.t

All tests should pass

Sponsored-by: Catalyst IT
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 16463: Replace discharge link with error message if user has checked out items
Aleisha Amohia [Wed, 30 Aug 2017 23:26:38 +0000 (23:26 +0000)]
Bug 16463: Replace discharge link with error message if user has checked out items

To test:
1) Ensure the useDischarge syspref is enabled
2) Check out an item to a borrower
3) Log in to the OPAC as this borrower
4) Click the 'ask for a discharge' link in the nav
5) Click the 'Ask for a discharge' link
6) Notice you cannot be discharged because you have checkouts
7) Apply the patch, click the 'ask for a discharge' link in the nav
8) Notice the link has been replaced with an appropriate error message
9) Attempt to force the discharge URL:
/cgi-bin/koha/opac-discharge?op=request
10) Notice the message and you cannot be discharged.
11) Confirm that when you check in your item, the discharge link shows
again and works as expected.

Sponsored-by: Catalyst IT
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18318: Unicode support for Elasticsearch
Nick Clemens [Sat, 8 Apr 2017 03:09:05 +0000 (23:09 -0400)]
Bug 18318: Unicode support for Elasticsearch

You must install the icu plugin for elasticsearch
https://www.elastic.co/guide/en/elasticsearch/plugins/current/analysis-icu.html

Once installed, apply this patch
Reindex your data, deleting the existing indexes
perl /home/vagrant/kohaclone/misc/search_tools/rebuild_elastic_search.pl
-d
Find (or add) some titles with accented characters
Verify that a search for the exact character or the unaccented version
works

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19120: Leave cancelled ordered items alone when reopening basket
Mark Tompsett [Sat, 2 Sep 2017 01:23:20 +0000 (21:23 -0400)]
Bug 19120: Leave cancelled ordered items alone when reopening basket

TEST PLAN
---------
1) Apply first patch
2) prove t/db_dependent/Acquisition/close_reopen_basket.t
   -- FAILS
3) Apply this patch
4) prove t/db_dependent/Acquisition/close_reopen_basket.t
   -- SUCCESS!
5) run koha qa test tools

Followed test plan, patch worked as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19120: Add tests to reproduce the problem
Mark Tompsett [Sat, 2 Sep 2017 01:21:40 +0000 (21:21 -0400)]
Bug 19120: Add tests to reproduce the problem

TEST PLAN
---------
1) apply this patch
2) prove t/db_dependent/Acquisition/close_reopen_basket.t
   -- FAILS!
   -- This proves the test works.
3) run koha qa test tools

Followed test plan, patch worked as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19329: Update IntranetSlipPrinterJS system preference description.
Josef Moravec [Tue, 19 Sep 2017 07:13:53 +0000 (07:13 +0000)]
Bug 19329: Update IntranetSlipPrinterJS system preference description.

Test plan:
0) Apply the patch
1) Go to administration -> system preferences -> staff client
2) Read the description by IntranetSlipPrinterJS and confirm it's right

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19372: (bug 15801 follow-up) pass selected frameworkcode to the template
Jonathan Druart [Wed, 27 Sep 2017 15:54:18 +0000 (12:54 -0300)]
Bug 19372: (bug 15801 follow-up) pass selected frameworkcode to the template

Bug 15801 removes the 2 lines that were necessary to retrieve the
framework selected by the user and pass it to the template.
All bibliographic records created when adding an order to the basket
using an external source used the default framework.

Test plan:
Add an order to a basket from an external source
Select another framework than the default one
=> Without this patch, whatever the framework you picked, the default
one is used
=> With this patch applied the framework code you will pick will be used

Signed-off-by: Marijana Glavica <mglavica@ffzg.hr>
Signed-off-by: Marijana Glavica <mglavica@ffzg.hr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19366: Do not block patron's detail update if EmailMustBeUnique
Jonathan Druart [Wed, 27 Sep 2017 16:44:00 +0000 (13:44 -0300)]
Bug 19366: Do not block patron's detail update if EmailMustBeUnique

If the pref PatronSelfRegistrationEmailMustBeUnique is set ("consider"),
a patron is not allowed to register with an existing email address.
The existing code is wrong and reject a patron that is updating their
personal details with "This email address already exists in our
database.", even if the patron did not modify their email address.

This is caused by the query we made, we must search for patron with this
email address but who is not the current patron.

Test plan:
- Set PatronSelfRegistrationEmailMustBeUnique to "consider"
- Register a new patron with an existing email address
=> you should not be allowed
- Use a non-existent email address
=> You should be allowed
- Edit your patron details
- Modify some infos
=> Should pass
- Modify your email address with an existing one
=> You should not be allowed to do that

Followed test plan, patches worked as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19357: (bug 18260 follow-up) Remove non-relevant attributes
Jonathan Druart [Thu, 21 Sep 2017 14:09:57 +0000 (11:09 -0300)]
Bug 19357: (bug 18260 follow-up) Remove non-relevant attributes

When created, batch_record_modification.tt has been based on
batch_delete_records.tt
These attributes are not used in the template and not set in the pl
script.
Since bug 18260, biblio is a Koha::Biblio and calling a non-existent
method will raise an error.

This patch get rid of the following error:
batch_record_modification.pl: Template process failed: undef error - The
method itemnumbers is not covered by tests!

Test plan:
Modify bibliographic records with the "Batch record modification" tool.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 15173: Restore SubfieldsToAllowForRestrictedEditing
Jonathan Druart [Tue, 16 Aug 2016 14:12:07 +0000 (15:12 +0100)]
Bug 15173: Restore SubfieldsToAllowForRestrictedEditing

Bug 7673 introduced SubfieldsToAllowForRestrictedEditing but bug 12176
broke it assuming that only selects were impacted by this feature.

Test plan:
Go back on bug 7673 and confirm that
SubfieldsToAllowForRestrictedEditing is working as expected with this
patch applied.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
For clarification, the item fields that are entered in
SubfieldsToAllowForRestrictedEditing should EXCLUDE the desired
fields you want to disable.

Test plan (updated to test the scenario in the bug Description):
1. Create a patron with only the following permissions:
    - catalogue (Required for staff login)
    - editcatalogue -> edit_catalogue
    - editcatalogue -> edit_items
    - editcatalogue -> edit_items_restricted
2. Navigate to Administration -> Global system preferences -> Cataloging
    -> Record Structure -> SubfieldsToAllowForRestrictedEditing
3. In the input field for SubfieldsToAllowForRestrictedEditing enter in
    all the 952 fields EXCEPT the ones desired to be disabled. In this
    case, we want to disallow editing of 952$2, 952$a, 952$b, 952$e, 952$h,
    and 952$o so we enter the following into the
    SubfieldsToAllowForRestrictedEditing (without quotes) "952$0 952$1
    952$3 952$4 952$5 952$7 952$8 952$c 952$d 952$f 952$g 952$i 952$j
    952$p 952$t 952$u 952$v 952$w 952$x 952$y 952$z"
4. Click Save all Cataloging preferences
5. Login to the staff client as the created restricted editing patron
6. Edit an item
7. Note that all fields except for the ones excluded from the syspref
    are editable

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19323: subscription edit permission issue
Fridolin Somers [Fri, 15 Sep 2017 09:12:01 +0000 (11:12 +0200)]
Bug 19323: subscription edit permission issue

If a librarian has edit_subscription but not create_subscription :
When trying to edit a subscription, after saving permission is denied.

This is because permissions in serials/subscription-add.pl depends on arg 'op' and on edit this arg starts with 'modify' but changes to 'modsubscription' when saving.

Test plan :
- Create a user with staff access
- Define its permissions on serials : only edit_subscription
- Edit a subscription
- Click 'Next'
- Click 'Test prediction pattern'
- Click 'Save subscription'
=> Without patch you get to page serials/subscription-add.pl with permission denied
=> With patch subscription is saved and you get to subscription details page

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19334: Circulation history doesn't set biblionumber so left navigation is broken
Dobrica Pavlinusic [Mon, 18 Sep 2017 17:17:35 +0000 (19:17 +0200)]
Bug 19334: Circulation history doesn't set biblionumber so left navigation is broken

Navigation on the left (Normal, MARC, etc...) needs biblionumber in
template variables to work.

Test:
1. go to checkout history for any biblio
2. verify that normal, MARC, etc links on the left no longer work
   due to missing biblionumber in URL
3. apply patch and test it again

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19116: Hold not set to waiting after transfer
Josef Moravec [Tue, 22 Aug 2017 08:58:11 +0000 (08:58 +0000)]
Bug 19116: Hold not set to waiting after transfer

Test plan:

0) Do not apply the patch
1) Place hold on item from another branch
2) Switch to that branch
3) Check them in at the other branch to set them into transport status (T)
4) Switch back to your homebranch
5) Check items in again, use the different confirm buttons and
    compare: Only "confirm and print" will be set to waiting, "confirm"
    remains in transport.
6) Apply the patch
7) Repeat 1-5 - now should work as expected - the hold is marked waiting
on "confirm" button too
8) Check the hold from the same branch, to make sure this doesn't add
regression

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19116: (followup) Add tests to highlight the problem in CheckReserves
Josef Moravec [Fri, 22 Sep 2017 08:40:56 +0000 (08:40 +0000)]
Bug 19116: (followup) Add tests to highlight the problem in CheckReserves

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19116: Unit tests
Jonathan Druart [Mon, 4 Sep 2017 17:14:31 +0000 (14:14 -0300)]
Bug 19116: Unit tests

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19127: (follow-up) Fix Stored XSS in csv-profiles.pl
Jonathan Druart [Tue, 12 Sep 2017 14:21:27 +0000 (11:21 -0300)]
Bug 19127: (follow-up) Fix Stored XSS in csv-profiles.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19127: Fix Stored XSS in csv-profiles.pl
Amit Gupta [Wed, 16 Aug 2017 12:26:17 +0000 (17:56 +0530)]
Bug 19127: Fix Stored XSS in csv-profiles.pl

To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
   and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: (follow-up) Fix Stored XSS in biblio_framework.pl
Jonathan Druart [Tue, 12 Sep 2017 14:06:11 +0000 (11:06 -0300)]
Bug 19108: (follow-up) Fix Stored XSS in biblio_framework.pl

Prevent software error
Template process failed: undef error - text: filter not found at
/home/vagrant/kohaclone/C4/Templates.pm line 121.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: (follow-up) Fix Stored XSS in fieldmapping.pl and items_search_fields.pl
Katrin Fischer [Wed, 16 Aug 2017 11:52:07 +0000 (13:52 +0200)]
Bug 19108: (follow-up) Fix Stored XSS in fieldmapping.pl and items_search_fields.pl

To test:
- Add a framework with script in the description
- Access the Keywords to MARC mapping page
- Add an item search field where both name and label are script
- Try to edit/delete the added mapping

With the patch no script should be executed and everything
should still work ok.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl
Amit Gupta [Tue, 15 Aug 2017 09:07:50 +0000 (14:37 +0530)]
Bug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl

To Test
1. Hit the page /cgi-bin/koha/admin/biblio_framework.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Click on Actions -> MARC structure
6. Apply patch and reload, the js is escaped

Fixed for both the pages biblio_framework.pl and marctagstructure.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in fieldmapping.pl
Amit Gupta [Tue, 15 Aug 2017 08:40:43 +0000 (14:10 +0530)]
Bug 19108: Fix Stored XSS in fieldmapping.pl

To Test
1. Hit the page /cgi-bin/koha/admin/fieldmapping.pl
2. Add a text in the field Field name that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in authtypes.pl
Amit Gupta [Tue, 15 Aug 2017 08:36:47 +0000 (14:06 +0530)]
Bug 19108: Fix Stored XSS in authtypes.pl

To Test
1. Hit the page /cgi-bin/koha/admin/authtypes.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in classsources.pl
Amit Gupta [Tue, 15 Aug 2017 08:25:45 +0000 (13:55 +0530)]
Bug 19108: Fix Stored XSS in classsources.pl

Fixed for both Classification sources & Classification filing rules

To Test
1. first case classification source: Hit the page
   /cgi-bin/koha/admin/classsources.pl?op=add_source
   second case classification filing rules:
   Hit the page /cgi-bin/koha/admin/classsources.pl?op=add_sort_rule
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in items_search_fields.pl
Amit Gupta [Tue, 15 Aug 2017 08:19:10 +0000 (13:49 +0530)]
Bug 19108: Fix Stored XSS in items_search_fields.pl

To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in oai_sets.pl
Amit Gupta [Tue, 15 Aug 2017 08:03:57 +0000 (13:33 +0530)]
Bug 19108: Fix Stored XSS in oai_sets.pl

To Test
1. Hit the page /cgi-bin/koha/admin/oai_sets.pl
2. Click on New set
3. Add a text in the field setSpec, setName that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19103: (follow-up) Fix Stored XSS in itemtypes.pl
Jonathan Druart [Tue, 12 Sep 2017 13:58:24 +0000 (10:58 -0300)]
Bug 19103: (follow-up) Fix Stored XSS in itemtypes.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19103: Fix Stored XSS in matching-rules.pl
Amit Gupta [Tue, 15 Aug 2017 04:45:54 +0000 (10:15 +0530)]
Bug 19103: Fix Stored XSS in matching-rules.pl

To Test
1. Hit the page /cgi-bin/koha/admin/matching-rules.pl
2. Click on new record matching rule
3. Add a text in the field Description that contain js.
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19103: Fix Stored XSS in patron-attr-types.pl
Amit Gupta [Tue, 15 Aug 2017 04:37:45 +0000 (10:07 +0530)]
Bug 19103: Fix Stored XSS in patron-attr-types.pl

To Test
1. Hit the page /cgi-bin/koha/admin/patron-attr-types.pl
2. Click on new patron attribute type
2. Add a text in the field Description that contain js.
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19103: Fix Stored XSS in itemtypes.pl
Amit Gupta [Tue, 15 Aug 2017 03:22:40 +0000 (08:52 +0530)]
Bug 19103: Fix Stored XSS in itemtypes.pl

To Test
1. Hit the page /cgi-bin/koha/admin/itemtypes.pl
2. Add a text in the field Description, Checkin message that contains js
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19128: Fix Stored XSS in admin/authorised_values.pl
Jonathan Druart [Tue, 12 Sep 2017 13:35:10 +0000 (10:35 -0300)]
Bug 19128: Fix Stored XSS in admin/authorised_values.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl
Katrin Fischer [Wed, 16 Aug 2017 12:34:17 +0000 (14:34 +0200)]
Bug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl

Preparation:
- Add a branch with script in the branch name
- Add a patron category with script in the category name
- Add a new authorised value cateogory with script
- Add a new authroised value for this category with script
  in all possible fields

- Test editing patron categories
- Test editing patron attribute types
- Test viewing and editing authorised values

Verify that with this script there is no more script executed
and everything works fine.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19125: Fix Stored XSS in members.pl
Katrin Fischer [Wed, 16 Aug 2017 10:05:50 +0000 (12:05 +0200)]
Bug 19125: Fix Stored XSS in members.pl

In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>

To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in subscription-detail.pl
Katrin Fischer [Wed, 16 Aug 2017 11:07:18 +0000 (13:07 +0200)]
Bug 19086: Fix Stored XSS in subscription-detail.pl

Add script to the callnumber field on adding a subscription.

Verify script is executed without this patch, but not with it.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: (follow-up) Fix Stored XSS in supplier.pl
Katrin Fischer [Wed, 16 Aug 2017 10:59:13 +0000 (12:59 +0200)]
Bug 19086: (follow-up) Fix Stored XSS in supplier.pl

In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in subscription-add.pl
Amit Gupta [Mon, 14 Aug 2017 21:14:11 +0000 (02:44 +0530)]
Bug 19086: Fix Stored XSS in subscription-add.pl

To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
   that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in supplier.pl
Amit Gupta [Mon, 14 Aug 2017 21:03:59 +0000 (02:33 +0530)]
Bug 19086: Fix Stored XSS in supplier.pl

1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
   accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in circulation.pl
Chris Cormack [Fri, 11 Aug 2017 19:54:34 +0000 (19:54 +0000)]
Bug 19086: Fix Stored XSS in circulation.pl

1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
  where number is the borrowernumber of the borrower you set the message
  for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in members/member.pl
Chris Cormack [Fri, 11 Aug 2017 19:36:43 +0000 (19:36 +0000)]
Bug 19086: Fix Stored XSS in members/member.pl

To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19385: Fix random t/Calendar.t failure - clear the cache before
Jonathan Druart [Thu, 28 Sep 2017 17:49:11 +0000 (14:49 -0300)]
Bug 19385: Fix random t/Calendar.t failure - clear the cache before

The cache 'exception_holidays' may be populated when we run these tests,
we need to clear it before the tests are run.

Test plan:
  prove t/db_dependent/Circulation/CalcDateDue.t  t/Calendar.t

Without this patch, t/Calendar will fail with:
  #   Failed test 'Exception holiday is not a closed day test'
  #   at t/Calendar.t line 159.
  #          got: '1'
  #     expected: '0'
  # Looks like you failed 1 test of 38.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18282: operationId must be unique
Lari Taskula [Thu, 16 Mar 2017 11:53:44 +0000 (13:53 +0200)]
Bug 18282: operationId must be unique

operationId has the following documentation:
 "Unique string used to identify the operation. The id MUST be unique among all
  operations described in the API."

This patch modifies operationIds to be unique accross our API operations.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18290: Fix t/db_dependent/Koha/Object.t, Mojo::JSON::Bool is a JSON::PP::Boolean :)
Olli-Antti Kivilahti [Fri, 17 Mar 2017 06:09:05 +0000 (08:09 +0200)]
Bug 18290: Fix t/db_dependent/Koha/Object.t, Mojo::JSON::Bool is a JSON::PP::Boolean :)

Mojolicious 7.21 onwards, no longer returns Mojo::JSON::Bool-objects but JSON::PP instead.
Which might be pretty smart.

This version is required by bug 18137 and so this patch for the tests is
needed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Tested along with 18137 and its dependencies (libs).

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (QA followup) Make sure the session exists and is expired on expiration...
Tomas Cohen Arazi [Wed, 9 Aug 2017 14:11:13 +0000 (11:11 -0300)]
Bug 18137: (QA followup) Make sure the session exists and is expired on expiration tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lari Taskula <lari.taskula@jns.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: List Mojolicious::Plugin::OpenAPI and JSON::Validator as dependencies
Lari Taskula [Fri, 17 Feb 2017 11:14:09 +0000 (13:14 +0200)]
Bug 18137: List Mojolicious::Plugin::OpenAPI and JSON::Validator as dependencies

Edit (tcohen): I've changed the version numbers to match those Mirko has already
successfully packaged and are known to work for this patchset.

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (follow-up) Sort definitions.json
Lari Taskula [Thu, 16 Mar 2017 12:24:52 +0000 (14:24 +0200)]
Bug 18137: (follow-up) Sort definitions.json

Before this file grows, we should sort it alphabetically.

To test:
1. prove t/db_dependent/api/v1

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (QA-follow-up) Fix pod fail
Lari Taskula [Tue, 7 Mar 2017 11:31:04 +0000 (13:31 +0200)]
Bug 18137: (QA-follow-up) Fix pod fail

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (follow-up) Fix handling DBIx::Class::Exception messages
Lari Taskula [Tue, 7 Mar 2017 11:37:09 +0000 (13:37 +0200)]
Bug 18137: (follow-up) Fix handling DBIx::Class::Exception messages

- DBIx::Class::Exception should use ->{msg}

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Remove x-mojo-around-action
Lari Taskula [Tue, 21 Feb 2017 17:55:28 +0000 (19:55 +0200)]
Bug 18137: Remove x-mojo-around-action

Mojolicious::Plugin::OpenAPI does not support x-mojo-around action. This patch
removes it from our specification document.

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Make /holds Mojolicious::Plugin::OpenAPI compatible
Lari Taskula [Mon, 20 Feb 2017 18:07:26 +0000 (20:07 +0200)]
Bug 18137: Make /holds Mojolicious::Plugin::OpenAPI compatible

Also
- adding some missing and new response definitions into Swagger spec.
- fixing failing tests due to Bug 17932's change of boolean values

To test:
1. prove t/db_dependent/api/v1/holds.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Make /cities Mojolicious::Plugin::OpenAPI compatible
Lari Taskula [Mon, 20 Feb 2017 17:58:28 +0000 (19:58 +0200)]
Bug 18137: Make /cities Mojolicious::Plugin::OpenAPI compatible

Also:
- adding some missing and new response definitions into Swagger spec.

To test:
1. prove t/db_dependent/api/v1/cities.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Make /patrons Mojolicious::Plugin::OpenAPI compatible
Lari Taskula [Fri, 17 Feb 2017 12:59:24 +0000 (14:59 +0200)]
Bug 18137: Make /patrons Mojolicious::Plugin::OpenAPI compatible

Also:
- adding some missing and new response definitions into Swagger spec.
- fixing failing test due to Bug 17932's change of boolean values

To test:
1. prove t/db_dependent/api/v1/patrons.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Migrate from Swagger2 to Mojolicious::Plugin::OpenAPI
Lari Taskula [Fri, 17 Feb 2017 12:36:36 +0000 (14:36 +0200)]
Bug 18137: Migrate from Swagger2 to Mojolicious::Plugin::OpenAPI

This patch migrates from Swagger2 to Mojolicious::Plugin::OpenAPI as Swagger2 is
no longer actively maintained.

This migration involves some minor changes to our Swagger specification documents
and to controllers. Each operation is migrated in following patches separately.
Please see Mojolicious::Plugin::OpenAPI and its tutorial for more documentation.

The patch also refactors some API authentication -related code by taking advantage
of Koha::Exceptions. Authentication is now handled via Mojolicious's "under->to"
functionality. The actual authentication & authorization checks are moved to
Koha::REST::V1::Auth. Added a HTTP 503 response for when database update is
required, instead of returning an authentication failure as before.

To test:
1. prove t/db_dependent/api/v1/auth.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Add useful Koha::Exceptions
Lari Taskula [Fri, 17 Feb 2017 12:34:42 +0000 (14:34 +0200)]
Bug 18137: Add useful Koha::Exceptions

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19119: Remove definitions.t
Tomas Cohen Arazi [Wed, 20 Sep 2017 15:45:24 +0000 (12:45 -0300)]
Bug 19119: Remove definitions.t

This patch removes t/db_dependent/api/v1/swagger/definitions.t

Its goal is not simple to achieve, and worth moving into the QA tools instead.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 6758)
Tomas Cohen Arazi [Wed, 20 Sep 2017 12:15:42 +0000 (09:15 -0300)]
Bug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 6758)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 18137)
Lari Taskula [Fri, 28 Apr 2017 12:33:33 +0000 (12:33 +0000)]
Bug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 18137)

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19173: Add opac payment and marc conversion plugins to the pulldown filter list
Kyle M Hall [Fri, 25 Aug 2017 10:26:21 +0000 (06:26 -0400)]
Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list

Edit: fixed tab-for-space errors (tcohen).

Signed-off-by: Magnus Enger <magnus@libriotech.no>
New categories are added to the pulldown and work as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19173: Make OPAC online payments pluggable
Kyle M Hall [Thu, 24 Aug 2017 10:55:49 +0000 (06:55 -0400)]
Bug 19173: Make OPAC online payments pluggable

While PayPal is fairly universal, there is a plethora of online
payment system that are far more localized, servicing a single
country ( e.g. Bug 18968 ) or even a single  city! Instead of
adding support for each and every one of these payment options
directly into Koha, it makes more sense to add the ability to
create online payment plugins.

Test Plan:
1) Apply this patch
2) Download and install the Kitchen Sink plugin version 2.1.1 or later
   https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases
3) In the plugin options, enable the opac payments option
4) Create a patron with one or more fines
5) Log into the opac as that patron, note you now have the option
   to pay online via KitchenSink ImaginaryPay
6) Make an online payment
7) Note the payment was processed correctly

Sponsored-by: Washoe County Library System
Signed-off-by: Kyle M Hall <kyle@gmail.com>
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Awesome enhancement! I know we want to add at least one Norwegian
payment service at some point.
I followed the test plan and everything works as advertised. Turning
off the "opac payments option" makes the option dissappear cleanly
from the OPAC. I have *not* looked at the code or done any
considerations about security.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: DBRev 17.05.00.008
Jonathan Druart [Tue, 19 Sep 2017 16:03:50 +0000 (13:03 -0300)]
Bug 6758: DBRev 17.05.00.008

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: DBIC Schema changes
Jonathan Druart [Tue, 19 Sep 2017 16:20:41 +0000 (13:20 -0300)]
Bug 6758: DBIC Schema changes

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: Use 'is' instead of 'ok' in tests
Jonathan Druart [Tue, 19 Sep 2017 16:13:47 +0000 (13:13 -0300)]
Bug 6758: Use 'is' instead of 'ok' in tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>