Katrin Fischer [Wed, 16 Aug 2017 12:34:17 +0000 (14:34 +0200)]
Bug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl
Preparation:
- Add a branch with script in the branch name
- Add a patron category with script in the category name
- Add a new authorised value cateogory with script
- Add a new authroised value for this category with script
in all possible fields
- Test editing patron categories
- Test editing patron attribute types
- Test viewing and editing authorised values
Verify that with this script there is no more script executed
and everything works fine.
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Katrin Fischer [Wed, 16 Aug 2017 10:05:50 +0000 (12:05 +0200)]
Bug 19125: Fix Stored XSS in members.pl
In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>
To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amit Gupta [Mon, 14 Aug 2017 21:14:11 +0000 (02:44 +0530)]
Bug 19086: Fix Stored XSS in subscription-add.pl
To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amit Gupta [Mon, 14 Aug 2017 21:03:59 +0000 (02:33 +0530)]
Bug 19086: Fix Stored XSS in supplier.pl
1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Chris Cormack [Fri, 11 Aug 2017 19:54:34 +0000 (19:54 +0000)]
Bug 19086: Fix Stored XSS in circulation.pl
1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
where number is the borrowernumber of the borrower you set the message
for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Chris Cormack [Fri, 11 Aug 2017 19:36:43 +0000 (19:36 +0000)]
Bug 19086: Fix Stored XSS in members/member.pl
To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 28 Sep 2017 17:49:11 +0000 (14:49 -0300)]
Bug 19385: Fix random t/Calendar.t failure - clear the cache before
The cache 'exception_holidays' may be populated when we run these tests,
we need to clear it before the tests are run.
Test plan:
prove t/db_dependent/Circulation/CalcDateDue.t t/Calendar.t
Without this patch, t/Calendar will fail with:
# Failed test 'Exception holiday is not a closed day test'
# at t/Calendar.t line 159.
# got: '1'
# expected: '0'
# Looks like you failed 1 test of 38.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Lari Taskula [Thu, 16 Mar 2017 11:53:44 +0000 (13:53 +0200)]
Bug 18282: operationId must be unique
operationId has the following documentation:
"Unique string used to identify the operation. The id MUST be unique among all
operations described in the API."
This patch modifies operationIds to be unique accross our API operations.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 18137: (QA followup) Make sure the session exists and is expired on expiration tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Lari Taskula <lari.taskula@jns.fi> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Lari Taskula [Fri, 17 Feb 2017 11:14:09 +0000 (13:14 +0200)]
Bug 18137: List Mojolicious::Plugin::OpenAPI and JSON::Validator as dependencies
Edit (tcohen): I've changed the version numbers to match those Mirko has already
successfully packaged and are known to work for this patchset.
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Lari Taskula [Thu, 16 Mar 2017 12:24:52 +0000 (14:24 +0200)]
Bug 18137: (follow-up) Sort definitions.json
Before this file grows, we should sort it alphabetically.
To test:
1. prove t/db_dependent/api/v1
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Lari Taskula [Tue, 7 Mar 2017 11:31:04 +0000 (13:31 +0200)]
Bug 18137: (QA-follow-up) Fix pod fail
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Lari Taskula [Tue, 21 Feb 2017 17:55:28 +0000 (19:55 +0200)]
Bug 18137: Remove x-mojo-around-action
Mojolicious::Plugin::OpenAPI does not support x-mojo-around action. This patch
removes it from our specification document.
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Lari Taskula [Mon, 20 Feb 2017 18:07:26 +0000 (20:07 +0200)]
Bug 18137: Make /holds Mojolicious::Plugin::OpenAPI compatible
Also
- adding some missing and new response definitions into Swagger spec.
- fixing failing tests due to Bug 17932's change of boolean values
To test:
1. prove t/db_dependent/api/v1/holds.t
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Lari Taskula [Mon, 20 Feb 2017 17:58:28 +0000 (19:58 +0200)]
Bug 18137: Make /cities Mojolicious::Plugin::OpenAPI compatible
Also:
- adding some missing and new response definitions into Swagger spec.
To test:
1. prove t/db_dependent/api/v1/cities.t
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Lari Taskula [Fri, 17 Feb 2017 12:59:24 +0000 (14:59 +0200)]
Bug 18137: Make /patrons Mojolicious::Plugin::OpenAPI compatible
Also:
- adding some missing and new response definitions into Swagger spec.
- fixing failing test due to Bug 17932's change of boolean values
To test:
1. prove t/db_dependent/api/v1/patrons.t
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Lari Taskula [Fri, 17 Feb 2017 12:36:36 +0000 (14:36 +0200)]
Bug 18137: Migrate from Swagger2 to Mojolicious::Plugin::OpenAPI
This patch migrates from Swagger2 to Mojolicious::Plugin::OpenAPI as Swagger2 is
no longer actively maintained.
This migration involves some minor changes to our Swagger specification documents
and to controllers. Each operation is migrated in following patches separately.
Please see Mojolicious::Plugin::OpenAPI and its tutorial for more documentation.
The patch also refactors some API authentication -related code by taking advantage
of Koha::Exceptions. Authentication is now handled via Mojolicious's "under->to"
functionality. The actual authentication & authorization checks are moved to
Koha::REST::V1::Auth. Added a HTTP 503 response for when database update is
required, instead of returning an authentication failure as before.
To test:
1. prove t/db_dependent/api/v1/auth.t
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Lari Taskula [Fri, 17 Feb 2017 12:34:42 +0000 (14:34 +0200)]
Bug 18137: Add useful Koha::Exceptions
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 18137)
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Fri, 25 Aug 2017 10:26:21 +0000 (06:26 -0400)]
Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list
Edit: fixed tab-for-space errors (tcohen).
Signed-off-by: Magnus Enger <magnus@libriotech.no>
New categories are added to the pulldown and work as expected. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Thu, 24 Aug 2017 10:55:49 +0000 (06:55 -0400)]
Bug 19173: Make OPAC online payments pluggable
While PayPal is fairly universal, there is a plethora of online
payment system that are far more localized, servicing a single
country ( e.g. Bug 18968 ) or even a single city! Instead of
adding support for each and every one of these payment options
directly into Koha, it makes more sense to add the ability to
create online payment plugins.
Test Plan:
1) Apply this patch
2) Download and install the Kitchen Sink plugin version 2.1.1 or later
https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases
3) In the plugin options, enable the opac payments option
4) Create a patron with one or more fines
5) Log into the opac as that patron, note you now have the option
to pay online via KitchenSink ImaginaryPay
6) Make an online payment
7) Note the payment was processed correctly
Sponsored-by: Washoe County Library System Signed-off-by: Kyle M Hall <kyle@gmail.com> Signed-off-by: Magnus Enger <magnus@libriotech.no>
Awesome enhancement! I know we want to add at least one Norwegian
payment service at some point.
I followed the test plan and everything works as advertised. Turning
off the "opac payments option" makes the option dissappear cleanly
from the OPAC. I have *not* looked at the code or done any
considerations about security. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Tue, 25 Apr 2017 17:27:00 +0000 (13:27 -0400)]
Bug 6758: Add new patron column for date of renewal
Test Plan:
1) Apply this patch
2) Run updatedatabase
3) Create a new patron
4) Note the new column date_renewed is NULL
5) Renew the patron
6) Note the date in the column date_renewed is today's date
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Aleisha Amohia [Tue, 29 Aug 2017 05:02:29 +0000 (05:02 +0000)]
Bug 19195: Preventing noisy warns when creating or editing a basket
To test:
1) Open the koha intranet error log
2) Go to Acquisitions -> Find or create a vendor
3) Create a new basket, filling all fields
4) Notice warns in error log
5) Edit this basket
6) Notice warns in error log
7) Apply patch
8) Create another basket, confirm warns do not show
9) Edit this basket, confirm warns do not show
Sponsored-by: Catalyst IT Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Lee Jamison <ldjamison@marywood.edu> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Aleisha Amohia [Tue, 29 Aug 2017 21:21:00 +0000 (21:21 +0000)]
Bug 19180: [FOLLOW-UP] Renaming all instances of 'name' variable to 'booksellername'
... when referring to the name of the vendor.
To test:
1) Confirm vendor shows on webpage title (tab name)
2) Confirm vendor shows in breadcrumbs
3) Confirm vendor shows in heading when viewing basket ('Basket x (1) for
vendor')
Sponsored-by: Catalyst IT Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Aleisha Amohia [Sun, 27 Aug 2017 23:00:15 +0000 (23:00 +0000)]
Bug 19180: Add vendor name to breadcrumbs when closing an order
To test:
1) Go to Acquisitions
2) Find a vendor and a basket
3) Click 'Close basket' button
4) Notice that on confirmation page, breadcrumbs are missing vendor
5) Apply patch and refresh page
6) Vendor name should now show
7) Confirm link to vendor works as expected
Sponsored-by: Catalyst IT Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Aleisha Amohia [Wed, 30 Aug 2017 04:36:50 +0000 (04:36 +0000)]
Bug 16204: Show friendly error message if trying to edit record which no longer exists
To test:
1) Create a record
2) Click Edit -> Edit record. open this in another tab
3) Delete the record in the original tab
4) Refresh the edit form in the other tab. Notice the software error
5) Apply patch and refresh page
6) There should be a nice error message with the form fields and buttons
hidden. Confirm links work as expected.
Sponsored-by: Catalyst IT Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marc Véron [Thu, 4 May 2017 15:36:24 +0000 (17:36 +0200)]
Bug 18541 - Patron card creator: Add a grid to support layout design
Add a layout grid to patron card creator to figure out the positions of text
fields, barcode and images.
To test:
- Apply on top of patch 18465
- Go to Home > Tools > Patron card creator
- Edit or create a layout
- Turn on new choice 'Guide grid' in section 'General settings'
- Leave 'Units' unchanged
- Crate a PDF using 'Card batches'
- Notice that card is printed with a layout grid that reflects selected unit
with each 5th and 10th line in different color, unit description displayed
bottom left, card dimensions displayed top right in small print inside the
layout grid
- Print PDF. Set printer settings in Adobe Reader or other PDF printing
software to 'Actual size' to prevent scaling to printer's printable
region
- Mesure out printed PDF and verify that grid corresponds to selecte unit.
- Go back to layout definition and choose an other unit, repeat steps
to verify that grid respects selected unit.
- Go back to layout definition, turn grid off, create PDF, verify that grid
does not display in PDF
Note for testers / QAers: Position of card elements (text, image...) do not
respect the unit, this will be fixed in Bug 18550
Followed test plan and it worked as intended Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Tue, 6 Jun 2017 18:35:07 +0000 (18:35 +0000)]
Bug 18739 - Add SVG version of staff-home-icons-sprite image
Images display correctly. Followed test plan and patch works as described.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Thu, 8 Jun 2017 16:01:32 +0000 (16:01 +0000)]
Bug 15644 - City dropdown default selection when modifying a patron matches only on city
This patch modifies the include files which contain the form fields for
city, state, zipcode, etc. shown on the patron entry screen. The files
are modified so that the city/state/zip <select> preselects a value
based on city, state, and zipcode matching the values in the
corresponding text fields.
To test, confirm that the bug's steps to reproduce are fixed:
- Enter two cities via Administration -> Patrons and circulation
-> Cities and towns:
Springfield, MA 01101
Springfield, VT 05156
- Edit a patron choosing, Springfield VT, and save.
- Edit the patron again and confirm that the correct city is
pre-selected.
- Confirm this result with all three different settings of the
"AddressFormat" system preference.
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Thu, 29 Jun 2017 11:03:39 +0000 (13:03 +0200)]
Bug 18149: Move CountUsage calls to Koha namespace
After the introduction of Koha::Authorities->get_usage_count with bug
9988, we can now replace the remaining occurrences of CountUsage.
At the same time we remove CountUsageChildren. This was an empty sub.
The typo get_count_usage in a subtest title is adjusted.
Test plan:
[1] Run t/db_dependent/Koha/Authorities.t
[2] Perform a search on authorities-home.pl and verify that you see
plausible numbers for 'used in xx records'.
[3] Click on Details for one authority. See the same number?
[4] Do the same as in 2/3 for Authority search on OPAC.
[5] Remember the authid and enter this in the record numbers box on
tools/batch_delete_records.pl. Select Authorities and click
Continue. The next form shows a column "Used in". Do you see
the same count again?
[6] Git grep CountUsage.
You should see just one hit in a comment that can be kept in
Koha/Authorities.pm.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Josef Moravec [Sun, 11 Jun 2017 19:23:41 +0000 (19:23 +0000)]
Bug 10132: Add ability to set MARC Organization Code at library level
Test plan:
0. Apply patches
1. Update database
2. Go to administration -> libraries, try to update some library and
fill in some value into Marc Organization code field
3. Save this library and edit again - the code should be stored
correctly
4. Go to system preferences and fill in some value into MARCOrgCode
preference, note there is enhanced description mentioning the ability to
set organization code on library level
5. Set active library to the one with own org code stored
6. Go to cataloguing, create new empty record and click into field 003 -
there should be the code you filled for that library
7. Set active library to one withou marc org code
8. Go to cataloguing, create new empty record and click into field 003 -
there should be the code from system preference
9. Go to system preferences again and set AutoCreateAuthorities to
'generate' and BiblioAddsAuthorities to 'allow'
10. Go to cataloguing and create some biblio record, fill in any author
in to create its authority record, save the biblio
11. Go to authorities and find this created authority, go to details and
check the fields: 003, 040$a, 040$c, 670$a - there should be used right org code
12. prove t/db_dependent/AuthoritiesMarc.t t/db_dependent/Biblio.t t/db_dependent/Koha/Libraries.t
Signed-off-by: Hugo Agud <hagud@orex.es> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Josef Moravec [Sun, 11 Jun 2017 19:22:06 +0000 (19:22 +0000)]
Bug 10132: Admin pages changes
Signed-off-by: Hugo Agud <hagud@orex.es> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Josef Moravec [Sun, 11 Jun 2017 19:48:50 +0000 (19:48 +0000)]
Bug 10132: Unit tests
Signed-off-by: Hugo Agud <hagud@orex.es> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Josef Moravec [Sun, 11 Jun 2017 19:21:16 +0000 (19:21 +0000)]
Bug 10132: DBIC update
Signed-off-by: Hugo Agud <hagud@orex.es> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Josef Moravec [Sun, 11 Jun 2017 19:19:38 +0000 (19:19 +0000)]
Bug 10132: Database changes
Signed-off-by: Hugo Agud <hagud@orex.es> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Josef Moravec [Tue, 20 Jun 2017 11:06:47 +0000 (13:06 +0200)]
Bug 18810: Update Font Awesome to 4.7.0
Test plan:
0) Apply the patch
1) Edit a template and use any of the new icons, see
http://fontawesome.io/icons/
2) Verify that the added icon is shown
For alternative test see comment #2. Works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Wed, 7 Jun 2017 14:56:47 +0000 (10:56 -0400)]
Bug 18742: Circulation statistics wizard no longer exports the total row
To test:
- Run the circulation wizard
- Export to csv
- Note there is no total row
- Apply patch
- Export to csv
- Total row totally there!
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 18 Sep 2017 17:23:54 +0000 (14:23 -0300)]
Bug 19335: Fix 00-merge-conflict-markers.t when dockerised
This does not make sense, but fix a bug (why?)
Without this patch, the tests failed on po files:
[17:14:26] t/00-merge-conflict-markers.t .. Failed 1/1 subtests
Test Summary Report
-------------------
t/00-merge-conflict-markers.t (Wstat: 9 Tests: 0 Failed: 0)
Non-zero wait status: 9
Parse errors: Bad plan. You planned 1 tests but ran 0.
Result: FAIL
Note that this is not related to bug 19227.
if the ^>>>>>> and ^<<<<<< matches are done on the same line, the test fail
As saw it failed on *-pref.po files
misc/translator/po/kn-Knda-pref.po
misc/translator/po/ja-Jpan-JP-pref.po
misc/translator/po/nl-BE-pref.po
misc/translator/po/sr-Cyrl-pref.po
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 7 Aug 2017 18:13:17 +0000 (15:13 -0300)]
Bug 19059: Remove CancelReserve
It's done!
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 4 Aug 2017 13:44:56 +0000 (10:44 -0300)]
Bug 19059: Remove CancelReserve - do not log DELETE
There is something wrong with the DELETE log, it should be replaced with
a FILLED log.
Anyway, here we do not want it to be logged.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 3 Aug 2017 21:00:22 +0000 (18:00 -0300)]
Bug 19059: Remove CancelReserve - add new tests
This is bonus, let's add new tests
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 3 Aug 2017 18:12:25 +0000 (15:12 -0300)]
Bug 19059: Remove CancelReserve - move tests
Move the existing tests
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 2 Aug 2017 17:00:12 +0000 (14:00 -0300)]
Bug 19059: Move C4::Reserves::CancelReserve to Koha::Hold->cancel
This patch adds a new Koha::Hold->cancel method and replaces the calls
to C4::Reserves::CancelReserve with it.
Test plan:
- Add and cancel holds
- Change priority of holds
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jon Knight [Mon, 21 Aug 2017 15:04:20 +0000 (15:04 +0000)]
Bug 19068: Add quantity field to the opac suggestions form
This enhancement just exposes the quantity field to the OPAC suggestions
form to permit the end user to enter this if they wish. The librarians
can of course override this quantity when they process the suggestion.
Test Plan (assuming using kohadevbox VM):
1) apply patch and turn on purchase suggestions
2) Go to http://localhost:8080/cgi-bin/koha/opac-suggestions.pl?op=add
and notice that there is now a quantity field available.
3) Make a purchasing suggestion using this form, including a quantity.
4) Log in as a member of library staff and go to Home › Acquisitions ›
Suggestions
5) Confirm that the previously entered suggestion is there, and that the
correct quantity appears in the "Acquisition information" section.
6) Edit the purchasing suggestion, change the quantity, save it and
check that the new quantity appears in the suggestion.
I've popped an ID attribute of "opac-suggestion-quantity" to the
surrounding <li> so that CSS can easily make this optional field
disappear (as suggested by cait on IRC).
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 6 Sep 2017 14:23:10 +0000 (11:23 -0300)]
Bug 12346: Display the correct number of pending patron modifications on the patron module home page
Due to the way members-home.pl handles the variable $branch, the number
of patron modifications listed on members-home.pl may differ from the
number listed on mainpage.pl. When the librarian clicks this link, he or
she may see a different number than was listed, or none at all!
Test Plan:
0) Set IndependentBranchesPatronModifications = Yes
1) Create a number of modification request for BranchA
2) Log into the staff intranet with a patron without superlibrarian
permissions and set your branch to BranchB
3) Note the modifications alert to does not display on mainpage.pl
4) Click the "Patrons" link to take you to members-home.pl
5) Note the modifictions alert does display on this page
6) Apply this patch
7) Reload members-home.pl, note the alert no longer displays
QA notes: What was the point of the branch variable?
Followed test plan, patch worked as described. Also passed QA test tool Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Mon, 26 Jun 2017 10:51:59 +0000 (12:51 +0200)]
Bug 17380: Do not allow Default template in merge form
This patch makes the following changes:
[1] Removes Default from the template list. We should not merge with the
Default framework, since it does not have a reporting tag.
[2] Rearranges the error section in the template. It is confusing to have
two error sections in this template. The error CANNOT_MOVE is not used.
The error FRAMEWORK_NOT_SELECTED is replaced by WRONG_FRAMEWORK.
[3] Do not allow to merge a record with itself.
[4] Check if the merge reference record still contains any MARC tags.
[5] Additional polishing: Simplify passing frameworks to template. Remove
an unused Koha::Authority::Types->search. Remove obsolete POD header
for functions from the script.
Test plan:
[1] Select two authorities to merge. Verify that you cannot select Default
anymore as framework for the reference record.
[2] Reproduce error WRONG_COUNT by adding another authid=999 in the URL
after you selected two authority records for merging.
[3] Remove the third authid from the URL and change the first or second
authid into an unexisting record id. You should generate an Internal
Server Error. The log should show the exception message.
[4] Merge two authorities. Deselect all MARC tags. Should trigger the
error EMPTY_MARC in the template.
[5] Select the same authority record twice for merging. Should trigger the
error DESTRUCTIVE_MERGE in the template.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 17380: Graceful resolution of missing reporting tag in merge
Altough this patch deals with a mostly hypothetical case and this report
makes it practically impossible anymore to merge with records in the
Default framework (having no reporting tag), we can make the code of
sub merge still a bit more robust here.
If you would merge biblio records from one authtype to another and the new
framework would not have a reporting tag, before this patch the result would
be data loss. Merge would handle this request as a delete. This patch makes
merge handle it differently: instead of clearing the biblio records, it
keeps $a and $9 in order to make a future corrective merge possible.
Note: The additional condition on line 1468 for $tags_using_authtype
makes sure that we do not select all fields when the authtype should
unexpectedly be empty string (Default). This prevents crashing on
a "Control fields do not have subfields" error.
Test plan:
[1] Run t/db_dependent/Authorities/Merge.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Mon, 26 Jun 2017 11:41:56 +0000 (13:41 +0200)]
Bug 17380: Do not use GuessAuthTypeCode in MetadataRecord::Authority
If we got an authtypecode from the database and this value is not NULL
since the table column does not allow it, there is no need to call
GuessAuthTypeCode for empty string (read: Default framework) in the
sub get_from_authid.
Furthermore, we remove three Koha::MetadataRecord::Authority->new calls.
They are useless, since we do not pass a record. It just generates:
No record passed at authorities/merge.pl line 96.
Can't bless non-reference value at Koha/MetadataRecord/Authority.pm line 66.
Instead we throw an ObjectNotFound exception.
Test plan:
[1] Run t/db_dependent/Koha_Authority.t
[2] Interface will be tested in the following patches.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Thu, 23 Feb 2017 09:02:57 +0000 (10:02 +0100)]
Bug 17380: Add some checks around Authorities::Types->find
Resolves:
Use of uninitialized value $biblio_fields in scalar chop at authorities/detail.pl line 212.
Can't call method "authtypetext" on an undefined value at authorities/detail.pl line 216.
Can't call method "authtypecode" on an undefined value at authorities/detail.pl line 180.
NOTE: Some of these problems have actually been resolved now by bugs 18801
and 18811, but it is still better imo to have these checks.
Test plan:
[1] Verify unchanged behavior. Search for some authorities on authorities.pl
and click on the details of a record.
[2] Open an authorities detail page and change the authid in the URL to a
not existing number. Instead of an internal server error, you should see
a message like "The authority record you requested does not exist".
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Trivial changes to silence qa tools on POD warnings for Subfields and Tags.
Note: Since Subfield and Tag only contain one sub which is considered as
private by Pod::Coverage, these modules are listed as unrated (no public
symbols defined) and trigger a FAIL on pod coverage in qa tools. This fail
can be ignored.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 23 Jun 2017 05:59:04 +0000 (07:59 +0200)]
Bug 18811: Atomic update to print warning at upgrade time
The warning encourages people to run the auth_show_hidden_data script
to check for data in hidden fields and adjust their frameworks.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Thu, 22 Jun 2017 13:39:41 +0000 (15:39 +0200)]
Bug 18811: Add a script for checking authority data in hidden fields
If you edit an authority record while having data in hidden fields or
subfields, that data will be lost now.
This script can help you to unhide some fields and prevent data loss.
Test plan:
[1] Add a PERSO_NAME record. Fill e.g. 100b.
[2] Hide 100b in the PERSO_NAME framework.
[3] Run auth_show_hidden_data.pl and verify that it reports 100b in
the PERSO_NAME framework.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Thu, 22 Jun 2017 11:42:38 +0000 (13:42 +0200)]
Bug 18811: Add Koha Objects for authority tags and subfields
Trivial copy and paste activity.
Will be used in a later patch.
No test plan needed.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Thu, 15 Jun 2017 10:30:27 +0000 (12:30 +0200)]
Bug 18811: Change visibility checks in authorities.pl
The check is now <=-4 or >=5, but the framework uses 0 for Show all and
-5 for Hide all. (Note that sql installer scripts also use 8.)
When modifying an authority, the script also showed hidden fields when
filled, since it did not check the hidden field but only the tab field.
NOTE: The proposed solution restores consistency, but will remove hidden
fields from the MARC record.
Test plan:
[1] Set field 942a to Show all in an authority framework.
[2] Open a new record in this framework and verify that you see 942a.
[3] Edit an existing record in this framework and verify again.
[4] Set field 942a now to Hide all in this framework.
[5] Open a new record in this framework and verify that 942a is hidden.
[6] Edit an existing record in this framework and verify again.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 6 Sep 2017 13:42:28 +0000 (10:42 -0300)]
Bug 19262: Remove xt/author/pod_spell.t
If you run `prove xt/author/pod_spell.t` without having Test::Spelling installed, it will skip the tests.
If you install the lib-test-spelling-perl, the test will fail:
xt/author/pod_spell.t .. You said to run 0 tests at xt/author/pod_spell.t line 21.
xt/author/pod_spell.t .. Dubious, test returned 25 (wstat 6400, 0x1900)
No subtests run
This is because the call to all_pod_files_spelling_ok is expecting a path
If we try to fix it with adding "." as parameter, the tests will raise tone of errors.
Let's remove this file
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
shows that 00-merge-conflict-markers.t ran 10,751 tests, 124 less than
the previous run. However 124 files have not been removed from the
codebase!
I suggest to count only 1 test for all files.
Moreover files from blib and cover_db are counted, they should be
excluded.
Test plan:
prove t/00-merge-conflict-markers.t
must return green
echo ">>>>>>>" >> mainpage.pl
and run the test again
It should now fail
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Works as advertised. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Mark Tompsett [Fri, 1 Sep 2017 17:16:43 +0000 (13:16 -0400)]
Bug 19235: Password entry visible in OPAC Self-registration
The HTML code was "text" instead of "password".
TEST PLAN
----------
1) 'Allow' PatronSelfRegistration system preference
2) Define the PatronSelfRegistrationDefaultCategory system preference (e.g. PT)
3) Open OPAC
4) Click 'Register here' on the right. (/cgi-bin/koha/opac-memberentry.pl)
5) Scroll to bottom
6) enter some passwords
-- visible
7) apply this patch
8) refresh page
9) repeat 5-6 as needed
-- passwords should not be visible while entering
10) run koha qa test tools
Signed-off-by: Lee Jamison <ldjamison@marywood.edu> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 8 Sep 2017 12:41:21 +0000 (09:41 -0300)]
Bug 19277: Make sure the tests will pass even if they are slow
This patch was my first attempt to fix the issue.
I think it is good to have it, if issue.timestamp and issue.issuedate are the same,
the result will be orderd by issue_id.
The tests highlight the fact that checkouts must be displayed in the
correct order.
Signed-off-by: Lee Jamison <ldjamison@marywood.edu> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 8 Sep 2017 12:38:28 +0000 (09:38 -0300)]
Bug 19277: TT syntax - Display ordered data
This issue has been highlighted by a failing test: ISSUESLIP displays checkouts in random order
I thought it was because of dates comparison, but it comes from the following line in C4::Letters::_get_tt_params
my $objects = $module->search( { $key => { -in => $values } } );
The DBMS will return data like there is ordered in the DB.
For instance:
select borrowernumber from borrowers where borrowernumber in (5, 3, 1);
or
select borrowernumber from borrowers where borrowernumber=5 or borrowernumber=3 or borrowernumber=1;
will return 1, 3, 5
I did not find a generic way to do that, so used "ORDER BY FIELD" which will not be portable.
Test plan:
If you do not apply this patch, the tests will sometime fail
Signed-off-by: Lee Jamison <ldjamison@marywood.edu> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Aleisha Amohia [Thu, 30 Mar 2017 04:15:54 +0000 (04:15 +0000)]
Bug 18351: Able to delete budget with funds
To test:
1) Create a budget, add a fund
2) Delete budget. Notice this is successful and triggers no warning
message etc.
3) Go to Funds. Notice the funds appear as if they are not there
4) Go into mysql and view the aqbudgetperiods table - notice the funds
are still there and are now inaccessible.
5) Apply patch
6) Create a budget, add a fund
7) Attempt to delete budget. Notice you can't click Delete button.
Confirm number of funds in hover message is correct.
8) Delete fund
9) Confirm you can now delete budget.
Sponsored-by: Catalyst IT Signed-off-by: Felix Hemme <felix.hemme@thulb.uni-jena.de> Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Some code fixes
See Comment 5. Ready to test.
Signed-off-by: Lee Jamison <ldjamison@marywood.edu> Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Code fix
See comment 10.
Ready for testing.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Prevent deletion from forcing URL
This patch adds a check in the script for existing funds so that the
budget cannot be deleted when forcing the URL and has other small fixes.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Bug 18351: [FOLLOW-UP] Prevent deletion if funds are added after clicking 'Delete' and before confirming delete
Followed test plan and patch works as described.
Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 15438: [QA Follow-up] Moving POD statement for CanBookBeIssued
The statement for head3 NB ('nota bene'?) looks like a hash key
in the list of possible return values for $needsconfirmation.
Moved it up and prefixed it with IMPORTANT.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Colin Campbell [Wed, 24 Aug 2016 12:52:52 +0000 (13:52 +0100)]
Bug 15438 - Checking out an on-hold item sends holder's borrowernumber in AF (screen message) field.
The returns from C4::Circulation::CanBookBeIssued used
to be structured as a hashref of entries like
REASON => {
data => 'foo',
moredata => 'bar',
};
Some entries still are. But many are now
REASON => 1,
data => 'foo',
moredata => 'bar',
The sip Checkout routine still assumed the former, as it
reports any causes it was not aware of (to maintain support for
a changing api) The data fields could leak into the screen message
field of the response. e.g. the borrowernumber or surname of the
borrower who has a hold on an issued title. Some real messages were
getting obscured by this
This patch sanatizes the return from from CanBookBeIssued
by removing keys which are not all uppercase
It also fixes a case where the key's data element was used
for the screen message when we should use the key itself
Updated the documentation of CanBookBeIssued to flag up
the assumption re case and the fact that 3 elements rather
than two may be returned
The loop through the returned keys was a bit bogus
so we now explicitly jump out if noerror is unset
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested quite extensively. Test results put on Bugzilla.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt
Followup correcting a typo of previous patch :
name="holdingbranch" options = branche
it is branche[s]
Test plan :
- Look at 'Current location' in item search
=> Without patch you see only 'All libraries'
=> With patch you see 'All libraries' and each existing library, like in 'Home library'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Kyle M Hall [Wed, 6 Sep 2017 14:15:55 +0000 (10:15 -0400)]
Bug 19256: (QA followup) Remove warn from unit test
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 5 Sep 2017 13:15:59 +0000 (10:15 -0300)]
Bug 19256: Make Koha::Acq::Order using Koha::Object
At the moment we have 2 different modules for acquisition orders:
Koha::Tmp::Order[s] and Koha::Acquisition::Order
The later has been added before the creation of Koha::Object.
Koha::Tmp::Order[s] has been created to make the TT syntax for notices
works with acquisition order data.
This patch removes the temporary packages Koha::Tmp::Order[s] and adapt
the code of Koha::Acquisition::Order[s] to be based on Koha::Object[s].
It also overloads Koha::Object->new to add the trick that was done in
Koha::Acquisition::Order->insert. This is needed because acqui/addorder.pl
is called from several places and CGI->Vars is used to retrieved order's
attributes (and so much more). To avoid regression, the easiest (but not
cleanest) way to do is to filter on aqorders column's names.
This is *not* a pattern to follow!
Test plan:
Create basket and add orders from different ways, then continue a whole
acquisition process
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The following warn is triggered when I click the Reverse button next to
an individual payment on the Account tab:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_boraccount_2epl line
63, this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at /usr/share/perl5/CGI.pm
line 436.
To test:
1) Go to a members detail page in staff side, create a manual invoice,
pay it
2) Go to the Account tab, click Reverse next to the payment you just
made
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone
Sponsored-by: Catalyst IT Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 19258: Preventing warns when paying a fine or charge from Pay selected button
The following warns are triggered when I click the Pay selected button:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line 267,
this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at
usr/share/perl5/CGI.pm line 436.
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line
273, this can lead to vulnerabilities. See the warning in "Fetching
the value or values of a single named parameter" at
/usr/share/perl5/CGI.pm line 436.
To test:
1) Go to a members detail page in staff side and create a manual
invoice
2) Go to the pay fines tab, select the fine you just created and click
Pay selected
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone
Sponsored-by: Catalyst IT Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 19258: Prevent warns when writing off an individual fine
The following warns are triggered when I click the Write Off button next
to an individual fine or charge:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line 171,
this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at
/usr/share/perl5/CGI.pm line 436. (this shows many times)
Use of uninitialized value in subroutine entry at
/usr/share/perl5/URI/Escape.pm line 184.
To test:
1) Go to a members detail page in staff side and create a manual
invoice
2) Go to the pay fines tab, click the Write off button next to the
invoice you just created
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone
Sponsored-by: Catalyst IT Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 19258: Prevent warn when paying a fine or charge
To test:
1) Go to a members detail page in staff client
2) Select the Fines tab in the left pane
3) Select the Create manual invoice tab below the button menu bar
4) Create a fine and click save (e.g. Type: Fine, Amount: 5.00)
5) Select the Pay fines tab below the button menu bar
6) Click Pay on the item
7) Blank the staff error log
8) click confirm
-- staff error log has message
9) apply this first patch
10) repeat steps 3-8
-- staff error log is blank
11) run koha qa test tools
Sponsored-by: Catalyst IT Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To test:
1) Go to Acquisitions, find a vendor and a basket (create if you don't
have either)
2) Close the basket
3) View the basket and reopen it
4) Notice the warn
5) Apply the patch and repeat steps 1-3
6) Notice the warn no longer shows and the basket is reopened as
expected
Sponsored-by: Catalyst IT Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>