]>
git.koha-community.org Git - koha.git/log
David Cook [Wed, 21 Feb 2024 06:17:50 +0000 (06:17 +0000)]
Bug 36084: Add CSRF token support to svc/authentication
GET svc/authentication will return a CSRF token in a response header
POST svc/authentication requires a CSRF token which can be sourced
from the response header of GET svc/authentication or some other
place like the meta element on a HTML page
Note: misc/migration_tools/koha-svc.pl is a simple script which
can be used to practically evaluate svc/authentication and svc/bib
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 15:43:51 +0000 (16:43 +0100)]
Bug 36084: svc - clubs
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 14:39:51 +0000 (15:39 +0100)]
Bug 36084: svc - checkout_notes - OPAC
Decided to not use APIClient for OPAC, LATER.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 14:39:21 +0000 (15:39 +0100)]
Bug 36084: svc - checkout_notes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 09:00:11 +0000 (10:00 +0100)]
Bug 36084: Fix is_ajax by setting X-Requested-With header
Some svc scripts (and controllers) are using using is_ajax to guess if
it's an AJAX request.
$.ajax is setting the (non standard) X-Requested-With header, but the
low level JS 'fetch' does not.
This patch set it in http-client.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 19 Feb 2024 15:29:23 +0000 (16:29 +0100)]
Bug 36084: svc - checkin
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 16 Feb 2024 13:56:09 +0000 (14:56 +0100)]
Bug 36084: svc - config/systempreferences
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 16 Feb 2024 12:41:14 +0000 (13:41 +0100)]
Bug 36084: svc - shelfbrowser.pl - Replace with GET
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 14 Feb 2024 15:34:20 +0000 (16:34 +0100)]
Bug 36084: svc - authorised_values - APIClient now global
APIClient is not a global variable, which will make the next changes
much easier!
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 13 Feb 2024 15:32:35 +0000 (16:32 +0100)]
Bug 36084: Do not allow absence of token
Well, this test was silly, I was focussed on propagating an error to the
UI, but we really need to explode in this case.
Note that this requires more work as login is now broken.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 13 Feb 2024 14:16:38 +0000 (15:16 +0100)]
Bug 36084: Add a global #messages div
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 13 Feb 2024 14:11:59 +0000 (15:11 +0100)]
Bug 36084: Add a Dialog class
To display potential errors.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 13 Feb 2024 14:08:25 +0000 (15:08 +0100)]
Bug 36084: Bring fetch for everywhere
We are retrieving the awesome fetch modules from Vue, so that it can be
used in other areas. Here we will use it to inject the CSRF token to the
header of every POST request.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 12 Feb 2024 15:32:40 +0000 (16:32 +0100)]
Bug 36084: svc - article_request - POC
This is a proof of concept
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 12 Feb 2024 16:36:44 +0000 (17:36 +0100)]
Bug 36084: C4::Auth+plack.psgi for svc?
Suggestion to move the CSRF check to CGI->new so that we will check it
for every request, and it will cover svc scripts as well (they are not
using get_template_and_user).
The token will be retrieve from the param list *or the csrf_token
header* (do we want to name it x-koha-csrf-token instead?).
This will be done for *every* request that are not GET: CSRF token is now
required everywhere CGI is used (side-effects possible?).
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 28 Feb 2024 09:06:08 +0000 (10:06 +0100)]
Bug 36102: (follow-up 2) Add cud-login to the login form - fix tests
Bug 36102: [TO SQUASH] (follow-up 2) Add cud-login to the login form - fix tests
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 28 Feb 2024 08:09:05 +0000 (09:09 +0100)]
Bug 36102: Add cud-login to the login form (2FA)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 11:18:06 +0000 (12:18 +0100)]
Bug 36102: (follow-up) Add cud-login to the login form
Previous patch missed opac-auth
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
David Cook [Wed, 21 Feb 2024 01:50:24 +0000 (01:50 +0000)]
Bug 36102: Fix removal of cookie from the installer session on upgrades
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 14:12:23 +0000 (15:12 +0100)]
Bug 36102: Fix expired session on the login page of the installer (?)
I *think* this change fixes a bug when starting the installer with an
expired session. I am no longer able to reproduce the problem however.
Just skip if it does not make sense.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 13:31:04 +0000 (14:31 +0100)]
Bug 36102: If CSRF check fails, try with anonymous
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 13:10:40 +0000 (14:10 +0100)]
Bug 36102: Remove cookie from the installer session
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 13:01:04 +0000 (14:01 +0100)]
Bug 36102: Generate a new sessionID if the existing one is invalid
If the cookie contain an expired sessionID we need to create another
one to correctly generate the CSRF token.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 12:37:21 +0000 (13:37 +0100)]
Bug 36102: Do not repeat op or csrf_token on the login form - staff
Needed for OPAC?
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 10:03:37 +0000 (11:03 +0100)]
Bug 36102: (follow-up) Add cud-login to the login form
Hum this didn't make sense. We are not checking credentials after
checkauth.
This patch is suggesting to rename "userid" and "password" parameters
from login forms to "login_userid" and "login_password" to not interfere
with other parameters with the same name.
This looks quite correct, however I am seeing
"The form submission failed (Wrong CSRF token)."
in the log after a successful login. Which feels wrong, what's
happening?
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 09:09:25 +0000 (10:09 +0100)]
Bug 36102: Do not keep op and csrf_token in param list after login - OPAC
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 15 Feb 2024 13:06:33 +0000 (14:06 +0100)]
Bug 36102: Fix 01-installation.t
Something very weird is happening here.
There is a FIXME already, but the trick does not seem to work anymore
(?)
This patch contains some debug statements and take some screenshots.
We are reaching the cud-selectframeworks step then we are expecting the
form to submit the form with op=cud-addframeworks
BUT it seems that "op" is empty, and there is an unexpected warning from
Starman:
==> /var/log/koha/kohadev/plack-error.log <==
""
Use of uninitialized value in string ne at /usr/share/perl5/Starman/Server.pm line 304.
==> /var/log/koha/kohadev/plack-intranet-error.log <==
[2024/02/15 13:09:34] [WARN] Warning: something's wrong at /kohadevbox/koha/installer/install.pl line 89.
What's going on here??
UPDATE: This is fixed by "Bug 34478: Manual fix - Make Koha::Token use
session id not userenv id"
Bug 36102: [TO SQUASH] Fix 01-installation.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 15 Feb 2024 13:04:46 +0000 (14:04 +0100)]
Bug 36102: Use Koha::Session from C4::InstallAuth
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 14 Feb 2024 13:54:55 +0000 (14:54 +0100)]
Bug 36102: Add cud-login to the login form
TODO This needs to be covered by tests.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 1 Mar 2024 09:46:41 +0000 (10:46 +0100)]
Bug 34478: serials/routing-preview.pl
Not totally done, still need the "save and preview"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 1 Mar 2024 07:27:00 +0000 (07:27 +0000)]
Bug 34478: (follow-up) Move resend link out of form for display reasons
This improves display. This only comes up when you try to reset your
password after you did already.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 28 Feb 2024 12:15:14 +0000 (13:15 +0100)]
Bug 34478: (follow-up) Manual fix - Make Koha::Token use session id not userenv id
See comment 174.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 28 Feb 2024 09:13:08 +0000 (10:13 +0100)]
Bug 34478: Fix www/auth_values_input_www.t
See bug 36189, we need to rewrite this using Selenium.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Tue, 27 Feb 2024 20:05:46 +0000 (15:05 -0500)]
Bug 34478: Manual fix - reopen basket - add cud- - basket.tt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 14:34:40 +0000 (15:34 +0100)]
Bug 34478: Add cud to updatestructure
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 14:00:31 +0000 (15:00 +0100)]
Bug 34478: (follow-up) batchMod
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 13:54:52 +0000 (14:54 +0100)]
Bug 34478: (follow-up) batch_record_modification
Fix Edit > Modify record using template
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 13:48:14 +0000 (14:48 +0100)]
Bug 34478: Fix delete from addbiblio
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 13:42:08 +0000 (14:42 +0100)]
Bug 34478: Fix delallitems for additem
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 13:19:18 +0000 (14:19 +0100)]
Bug 34478: Fix saveitem and delete for additem
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 12:45:11 +0000 (13:45 +0100)]
Bug 34478: Manual fix - adjust op for acqui/cancelorder
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 12:23:09 +0000 (13:23 +0100)]
Bug 34478: Adjust 'op' on serials/subscription-renew
multi_renew now has a validation step
This patch also removes 2 variables that were not used ($mode and $done)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 10:43:22 +0000 (11:43 +0100)]
Bug 34478: Prevent renew if logged in user is not allowed to
This should be on its own bug. Feel free to do it if you have the
energy, I do not.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 10:17:30 +0000 (11:17 +0100)]
Bug 34478: Replace delete links with form - smart-rules
We can certainly do better here (too many duplicated code in on click
functions), but it's good enouh for now...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 14:20:25 +0000 (15:20 +0100)]
Bug 34478: Manual fix - remove cud from members/search
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 13:38:23 +0000 (14:38 +0100)]
Bug 34478: Move to get - reserve/request.tt:248
This form is never sent
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 13:05:54 +0000 (14:05 +0100)]
Bug 34478: Move to get - acqui/uncertainprice
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 11:32:18 +0000 (12:32 +0100)]
Bug 34478: Convert form to link - sci-main
Nothing to POST, we could move to GET, but we do not have parameters. A
link is good here.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 11:05:21 +0000 (12:05 +0100)]
Bug 34478: (follow-up) Fix circ/set-library
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 23 Feb 2024 18:58:16 +0000 (18:58 +0000)]
Bug 34478: Corrections to some serials scripts
This patch updates the serials toolbar and related JS so that delete,
close, and reopen are all POST operations.
The patch also fixes an incorrect op check in the subscription search
popup.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 23 Feb 2024 18:05:16 +0000 (18:05 +0000)]
Bug 34478: Correct op name for list edit confirmation
The 'delete_confirm' op leads to a confirmation page, so it's GET.
The patch also consolidates JS for handling deletions, using the same
class for both the delete button in the toolbar and in the table of
lists.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 23 Feb 2024 16:55:12 +0000 (16:55 +0000)]
Bug 34478: OPAC problem reports template update for messages
The template uses checks on the op value to show messages, so those
checks have to be updated with the new values.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 23 Feb 2024 16:52:05 +0000 (16:52 +0000)]
Bug 34478: Correct op name in CSV profile deletion confirmation step
The 'delete_confirm' op leads to a confirmation page, so it's GET.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 23 Feb 2024 15:47:43 +0000 (15:47 +0000)]
Bug 34478: Correct op name in notice deletion confirmation step
The 'delete_confirm' op leads to a confirmation page, so it's GET.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 23 Feb 2024 15:30:22 +0000 (15:30 +0000)]
Bug 34478: Fixes for MARC modification template management
This patch converts several delete links to POSTed forms and corrects
the op variable names in the script. The patch also simplifies the
deletion click handlers.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 23 Feb 2024 13:15:39 +0000 (13:15 +0000)]
Bug 34478: SQUASH Follow-up to previous batch operations patches
- Get the CSRF token from the pop-up instead of from the parent window,
since that seems to work
- Remove some click handlers which were made obsolete
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 23 Feb 2024 12:26:14 +0000 (13:26 +0100)]
Bug 34478: (follow-up) Changes for opac-password-recovery
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 23 Feb 2024 12:08:50 +0000 (12:08 +0000)]
Bug 34478: SQUASH further changes to batch biblio operations
This patch makes a number of changes to finish incomplete work in
668cd06e1960a3878ec1c976ce7f2e1f93688468
Initial submissions to batch biblio operations have to accommodate
POSTed file data, so this patch makes changes to instances where we were
submitting biblionumbers in a URL.
We could also choose to make a change in tools/batch_delete_records.pl
and tools/batch_record_modification.pl to handle different "list"
operations differently based on the method of submission. This patch
presents only the client-side option.
The cart presented a unique problem in that it requires that data be
passed from the pop-up window to the parent window, something which
can't as easily be done with a form as with a URL. The workaround I came
up with is to dynamically generate the form in the parent page and
trigger the submission from there.
Also changed:
- More updated CSS to handle buttons inside dropdowns inside toolbars.
- Correct op names for the "list" operation in batch modify and delete
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 23 Feb 2024 12:12:02 +0000 (13:12 +0100)]
Bug 34478: Manual fix - serials/subscription-add.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 23 Feb 2024 10:41:02 +0000 (10:41 +0000)]
Bug 34478: import_export_authtype - cud-import, export
Changing action to op.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 23 Feb 2024 10:23:41 +0000 (10:23 +0000)]
Bug 34478: (follow-up) patroncards: FIXMEs for op and missing script
Looks like create-csv never made it.
Some op's look like GET to me. Creating a pdf is just downloading.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 23 Feb 2024 10:02:16 +0000 (10:02 +0000)]
Bug 34478: (follow-up) patroncards: cud-delete from edit-batch and manage
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 23 Feb 2024 09:18:54 +0000 (09:18 +0000)]
Bug 34478: (follow-up) patron-cards/edit-batch: op cud-remove, cud-dedup
This is about the links for Remove selected patrons, and Remove duplicates.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 23 Feb 2024 08:36:37 +0000 (08:36 +0000)]
Bug 34478: patroncards/edit-batch: Fix for removing patrons
Added a form for delete link from patron table.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 23 Feb 2024 07:55:02 +0000 (07:55 +0000)]
Bug 34478: (follow-up) audio_alerts: Correct duplicate form id's
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 23 Feb 2024 07:16:02 +0000 (07:16 +0000)]
Bug 34478: (follow-up) upload-cover-image.pl: Remove bitwise-and from condition
Add one character and we should be fine :)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 15:21:21 +0000 (16:21 +0100)]
Bug 34478: Manual fix - tools/batchMod-del
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 15:12:44 +0000 (16:12 +0100)]
Bug 34478: Manual fix - admin/systempreferences
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 15:07:40 +0000 (16:07 +0100)]
Bug 34478: Manual fix - admin/patron-attr-types
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 15:03:10 +0000 (16:03 +0100)]
Bug 34478: Manual fix - admin/matching-rules
Bug 34478: [TO SQUASH] Manual fix - admin/matching-rules
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 15:01:01 +0000 (16:01 +0100)]
Bug 34478: Manual fix - acqui/basket.pl - export
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 14:59:01 +0000 (15:59 +0100)]
Bug 34478: Manual fix - acqui/duplicate_orders.tt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 14:50:51 +0000 (15:50 +0100)]
Bug 34478: Manual fix - acqui/vendor_issues.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Thu, 22 Feb 2024 12:46:52 +0000 (12:46 +0000)]
Bug 34478: Correct check of list op in batch record modification
The "list" step (previewing records to be modified) is a post operation
so the op must be cud-list.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Thu, 22 Feb 2024 12:39:06 +0000 (07:39 -0500)]
Bug 34478: Manual fix - add cud- op for checkouts - circulation.tt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Thu, 22 Feb 2024 12:10:16 +0000 (12:10 +0000)]
Bug 34478: Fix style and markup of forms within dropdowns
This patch adds some CSS for handling the style of form buttons inside
Bootstrap dropdowns and corrects related markup in two places: Authority
search results and Suggestion management.
Buttons should look correct if we avoid using <fieldset> inside
dropdowns and make sure the button has "btn btn-default" classes.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 10:05:20 +0000 (11:05 +0100)]
Bug 34478: Fix selenium/administration_tasks.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Wed, 21 Feb 2024 19:56:41 +0000 (14:56 -0500)]
Bug 34478: Manual fix - add cud- op - alert-subscriptions.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Wed, 21 Feb 2024 19:24:35 +0000 (14:24 -0500)]
Bug 34478: Manual fix - remove csrf - histsearch.tt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Wed, 21 Feb 2024 19:14:57 +0000 (14:14 -0500)]
Bug 34478: Manual fix - add cud- ops or remove form submit - returns.tt / checkin-search-box.inc
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 21 Feb 2024 13:04:50 +0000 (14:04 +0100)]
Bug 34478: Remove warnings from members/memberentry.pl
Use of uninitialized value $op in string eq at /kohadevbox/koha/members/memberentry.pl line 86.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
David Cook [Thu, 15 Feb 2024 03:06:00 +0000 (03:06 +0000)]
Bug 34478: Manual fix - Make Koha::Token use session id not userenv id
Bug 34478: [TO SQUASH] Manual fix - Make Koha::Token use session id not userenv id
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
David Cook [Tue, 20 Feb 2024 23:06:08 +0000 (23:06 +0000)]
Bug 34478: Fix sco-patron-image.pl access control regression
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Tue, 20 Feb 2024 19:38:34 +0000 (19:38 +0000)]
Bug 34478: Update numbering patterns modification and deletion
The numbering patterns script has been update to look for "cud-modify"
to load the edit form, but that's a GET operation and can stay "modify."
The delete buttons have been updated to be a POSTed form.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Tue, 20 Feb 2024 19:26:56 +0000 (19:26 +0000)]
Bug 34478: Comment deletion should be POSTed form
This patch updates the "Delete" button on the comments moderation page
to convert the GET link to a posted form.
Unrelated: The JavaScript has also been modified so that it asks for
confirmation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Tue, 20 Feb 2024 19:19:24 +0000 (19:19 +0000)]
Bug 34478: Item removal deletion should be POSTed form
This patch updates the "Remove" button from items which are in a
rotating collection (in the "Manage items" stage). A GET link is
converted to a posted form.
Unrelated: The JavaScript has also been modified so that it asks for
confirmation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Tue, 20 Feb 2024 17:16:04 +0000 (17:16 +0000)]
Bug 34478: Fix name of CGI variable
'$query->param' in this script should be '$input->param'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Tue, 20 Feb 2024 15:49:41 +0000 (15:49 +0000)]
Bug 34478: Convert patron file delete link to a posted form
This patch modifies the patron file template to convert the "Delete"
link to a form which includes the CSRF token. The script has already
been modified to check for the "op" value updated in the template.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Tue, 20 Feb 2024 15:37:42 +0000 (15:37 +0000)]
Bug 34478: Fix various parameters on housebound details page
This patch converts the delivery delete buttons to a form and changes
the corresponding op check in the script.
The patch also fixes an error in the form markup and corrects the op
parameter name in several links.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 16 Feb 2024 17:00:27 +0000 (17:00 +0000)]
Bug 34478: Correct value of "op" when loading the edit form.
The op doesn't need "cud-" because it's a GET operation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 16 Feb 2024 16:51:31 +0000 (16:51 +0000)]
Bug 34478: Correct op value for SMS provider deletion
The op value is set in the JavaScript, where it hasn't been updated to
match the "cud-delete" value checked in the script.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 16 Feb 2024 14:18:06 +0000 (14:18 +0000)]
Bug 34478: Corrections to add and delete of OAI sets
This patch makes two changes: The first changes the name of the op value
matched in the script when editing a set. The "mod" step is a GET
operation to load the edit form.
The second change is a workaround for the fact that a submit
button looks bad in a Bootstrap dropdown. The patch creates a hidden
form for deletion operations. Clicking a "delete" link in a dropdown
fills the hidden form with the OAI set id to be deleted and submits it.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 16 Feb 2024 13:32:30 +0000 (13:32 +0000)]
Bug 34478: Item type deletion - correct delete_confirm and delete_confirmed
"delete_confirm" is a GET operation leading to a confirmation page,
where "cud-delete_confirmed" should submit a POST to delete.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 16 Feb 2024 13:21:38 +0000 (13:21 +0000)]
Bug 34478: Convert item search field delete to POST form
This patch converts the delete link on the item search field page to a
form with a POST operation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 16 Feb 2024 13:06:55 +0000 (13:06 +0000)]
Bug 34478: Fix op variable in item circulation alerts
The AJAX call in the template still used "action" instead of
"op".
The patch also fixes references to "action" in the POD and corrects
"toggle" to "cud-toggle".
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Fri, 16 Feb 2024 12:29:11 +0000 (12:29 +0000)]
Bug 34478: Add notes to pay.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Fri, 16 Feb 2024 12:21:25 +0000 (12:21 +0000)]
Bug 34478: Add cud-pay and cud-writeoff to paycollect
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Fri, 16 Feb 2024 09:32:57 +0000 (09:32 +0000)]
Bug 34478: Add op to pay_individual
I also move the writeoff handling out of it's own block in into the rest
of the x_individual handling.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Thu, 15 Feb 2024 17:10:00 +0000 (17:10 +0000)]
Bug 34478: Move writeoff-individual to paycollect.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 16 Feb 2024 11:46:50 +0000 (11:46 +0000)]
Bug 34478: Fix op check in table settings admin
The "action" hidden field was renamed to "op", but "action" was still
being looked for in the script.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>