The GetAuthority shim does not check that authority retrieval was
successful, and therefore can call ->record on an undefined value.
This can be reproduced by trying to load an invalid authority record
using bulkmarcimport. There may be other ways to trigger it, but I'm
not sure what they are.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
another way to trigger this error is just forging your URL with a wrong
authid !
Mark Tompsett [Fri, 12 Oct 2012 06:29:59 +0000 (14:29 +0800)]
Bug 8910 - silent warnings triggered in about.pl
In order to detect the apache version, there are multiple
commands used. These may not all exist, which triggers error log
entries. By simply adding " 2> /dev/null", the errors are no
longer generated.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Mark Tompsett [Thu, 27 Sep 2012 06:12:00 +0000 (14:12 +0800)]
Bug 8834 - Call to C4::Context::preference fails to pass $self in Circulation.pm
Changed:
my $circcontrol = C4::Context::preference('CircControl');
To:
my $circcontrol = C4::Context->preference('CircControl');
This will pass $self and 'CircControl' which will then prevent
a "Use of uninitialized value" error log entry.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Magnus Enger [Sun, 30 Sep 2012 07:57:37 +0000 (09:57 +0200)]
Bug 8568 - Fix some errors in docs for scripts provided by the Debian packages
1. Create a page for koha-run-backups
2. Fix the synopsis for koha-foreach
3. Add koha-create and koha-run-backups to koha-common
To test
- Convert the changed xml files to man pages with
$ xsltproc /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl koha-x.xml
- View generated pages with e.g.
$ man -l koha-x.8"
(Replace x with the names of the changed files)
- Check that the changes make sense
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Works as described. I was able to produce the 3 man files, load them with man
command, and see the added information properly formated.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Colin Campbell [Fri, 28 Sep 2012 10:48:18 +0000 (11:48 +0100)]
Bug 8841 Duedate should be set to end of expiry day
When reducing duedate to patron's expiry date
it should be set to end of that day not 00:00
take account of the fact that the borrower
expiry date will have no hours/minutes
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Jonathan Druart [Wed, 19 Sep 2012 07:59:59 +0000 (09:59 +0200)]
But 8787: don't load the page if OpacMaintenance is ON
If the syspref OpacMaintenance is ON, it is useless to loaded the
requested page.
To test:
- switch on the syspref OpacMaintenace
- check in your apache access log, zebra log, etc. the requested page is
not loaded (i.e. on the opac-search.pl page)
Signed-off-by: Marc Veron <veron@veron.ch>
Checked by watching other_vhosts_access.log
Works as expected
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Mark Tompsett [Mon, 1 Oct 2012 08:29:22 +0000 (16:29 +0800)]
Bug 8849 - Error log generated when not a demo system
Changed two lines similar to:
unless (C4::Context->config('demo') == 1) {
into lines similar to:
unless (C4::Context->config('demo')) {
By removing the == 1, undefined = false without an error. The
value of demo is supposedly set by a koha-conf.xml variable,
but there is very little documentation on this "demo mode"
beyond the set it to 1 in koha conf for demo mode. Also, demo
doesn't exist in the default koha-conf.xml file generated.
So anyone who knows to create it, will likely create it the
proper way and with the proper value.
Signed-off-by: wajasu <matted-34813@mypacks.net> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
1. parametars from CGI are not encoded in utf-8, so when they are
compared with utf-8 strings from database every field with
utf-8 characters will be reported in e-mail as changed
2. when sending e-mail, wide characters are passed to Mail::Sendmail
which results in software error if edited field has utf-8 characters
(because of first point, this happend if ANY fields has utf-8 chars)
3. when declaring encoding for outgoing e-mail utf-8 is more correct
than just utf8
Test scenario:
1. open opac-userupdate and edit user which has utf-8 characters in
at least one field (firstname and surname are common examples)
2. edit one of other fields and add utf-8 character to it
3. verify that e-mail with changes arrived with just edited field
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Bug 8890: Koha::Borrower::Files shouldn't use db in BEGIN
This patch removes the usage of the database in Koha::Borrower::Files'
BEGIN block. It also removes the export-related declarations, since
they were unused, and unnecessary in a module called in an object-oriented
fashion.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
C4::Members::Statistics uses the database in its BEGIN {} block,
which breaks the package build process. This patch causes it to be
skipped in the 00-load test.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
This counter-patch moves all database handling code into subroutines
in C4::HoldsQueue. This fixes the test, and is required for persistent
environments like Plack.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Bug 3652: close XSS vulnerabilities in opac-export
The opac-export.pl script had a number of XSS vulnerabilities relating
to its error handling.
To test:
1) Go to /cgi-bin/koha/opac-export.pl?op=export&bib=2&format=<h2>evil</h2>
(substituting a valid biblionumber for the '2')
2) Notice that "evil" is rendered as an h2 heading.
3) Apply patch.
4) Notice that you now see the h2 tags, and they are not rendered by
the browser.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Bug 3652: close XSS vulnerabilities on biblionumber and authid
Previously we did not sanitize biblionumber and authids passed in by
the user.
To test:
1) Go to /cgi-bin/koha/opac-detail.pl?biblionumber=2hi (substituting a
valid biblionumber for the 2).
2) Notice the presence of "2hi" on this page, and also on the ISBD and
MARC views.
3) Go to /cgi-bin/koha/opac-authoritiesdetail.pl?authid=2bye
(substituting a valid authid for the 2).
4) Notice the presence of "2bye" on this page.
3) Apply patch.
4) Notice that "2hi" and "2bye" strings are gone.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Owen Leonard [Wed, 17 Oct 2012 16:35:28 +0000 (12:35 -0400)]
Bug 8935 - transport cost matrix could be prettier
Correcting the template so that it follows established
interface patterns and coding guidelines:
- Form contents in a fieldset
- Submit button in a fieldset with class "action" and
with a "Cancel" link.
- Errors displayed in a <div class="dialog alert">
(no custom error classes necessary).
- Valid markup.
- No JavaScript errors (to that end, the patch removes a
call to a non-existent function, show_transport_cost_matrix)
http://bugs.koha-community.org/show_bug.cgi?id=8936 Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
still works as expected and is much more visually appealing.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Bug 8870 UNIMARC authorities search doesn't display information properly
- Note field (3xx) are not displayed on search result page. We get
'HASH()' text.
- Parallel/Other forms (7xx) are not displayed, with language name in front of
heading, both on result and detail page.
- Note are not displayed.
- On result page, seealso form are displayed, but end with a superfluous '--'
- Style the result page, with condensed block, and space between them.
- Done both on OPAC/staff
To be applied on 3.8.x after bug 8523.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Nicole C. Engard [Sat, 13 Oct 2012 11:11:10 +0000 (07:11 -0400)]
Bug 8933: Update transport cost matrix styles
The transport cost matrix is capitlized wrong (based on our
rules). This patch fixes capitalization errors and adds the
matrix to the admin menu where it was missing before.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Mathieu Saby [Sat, 13 Oct 2012 08:36:37 +0000 (10:36 +0200)]
Bug 8916: Hide Curriculum index in advanced search if marcflavor = unimarc
This patch hides curriculum option value in koha-tmpl/intranet-tmpl/prog/en/includes/search_indexes.inc and koha-tmpl/opac-tmpl/prog/en/modules/opac-advsearch.tt if marcflavor = UNIMARC
To test
- set marcflavour to UNIMARC, this option should be hidden in the index list in opac and staff interface advanced search
- set marcflavour to MARC21, this option should be visible, as before
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Bug 8724 - Upgrade from NoZebra installs is broken
Properly set the relevant NoZebra and QueryRemoveStopwords sysprefs to 0 to fix issues on upgrades.
Also removes the sysprefs from preferences/searching.pref
Regards
To+
Sponsored-by: Universidad Nacional de Córdoba Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Bug 3087 Fix Z39.50 server to return the correct record syntax
Modify Makefile.PL and Zebra configuration files in order to parametrized
biblio record type returned by Zebra Z39.50 server.
How to test:
- Test with a MARC21 and a UNIMARC DB
- Do a new installation
- Search from OPAC
- Search from a Z39.50 client like yaz-client: syntax = MARC21/UNIMARC must be
choosed
- It was working for MARC21: it continues to work
- It wasn't working for UNIMARC: it works now, both in OPAC and from a Z39.50
client
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Works fine for MARC21. Frederic looked at UNIMARC. Magnus looked at NORMARC.
GRS1 works okay for me. I still have issues with DOM, but they are not directly related to changes in this patch.
A followup is still needed for packaging (debian/templates).
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Nicole C. Engard [Sat, 13 Oct 2012 06:48:01 +0000 (02:48 -0400)]
Bug 7986 Follow Up: Fix ExportRemoveFields
This preference was in the code as a choice but should be a list
of fields to exclude. This patch makes that change and updates
the description to fit more with the standard set by other
preferences.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Nicole C. Engard [Fri, 12 Oct 2012 20:55:54 +0000 (16:55 -0400)]
Bug 7986 Follow Up: Update ExportWithCsvProfile
The ExportWithCsvProfile preference was on its own file
(tools.pref) when in reality it belonged on the circulation
tab. This patch removes the tools.pref file and moves the
ExportWithCsvProfile preference and updates the text
around it to make it clearer.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Bug 1963 Problem with deleted biblio in a virtual shelf
This bug reappear in HEAD/3.8. When trying to display a virtual shelf
(list) containing a deleted biblio, this error message is displayed:
Software error:
Can't call method "field" on an undefined value at ....C4/Koha.pm line
1231.
This fix modify SQL query retrieving biblios, just skipping records from
virtual shelf table with no linked record in biblio table: LEFT JOIN
replace with JOIN.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Katrin Fischer [Mon, 15 Oct 2012 07:07:50 +0000 (09:07 +0200)]
Bug 3652: [SIGNED-OFF] XSS fixes - follow up
Fixes a typo in the html filter that causes a problem when using the
paging in the OPAC result lists.
(forgot to commit my change when testing the original XSS patches)
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
I triggered the error with this query string:
/cgi-bin/koha/opac-search.pl?idx=kw&q=o'reilly&offset=40&sort_by=author_az
After applying the patch the error is gone.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Nicole C. Engard [Fri, 12 Oct 2012 01:23:48 +0000 (21:23 -0400)]
Follow up to Bug 8585: add missing word to preference
The preference added in this bug is missing the word
'day(s)'. This patch adds it in.
http://bugs.koha-community.org/show_bug.cgi?id=4118 Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Nicole C. Engard [Thu, 11 Oct 2012 23:52:21 +0000 (19:52 -0400)]
:x
The preference used to read 'loan period by' but it's
actually reducing the checkout period 'to' the number
of days entered in the preference. This patch changes
'by' to 'to'.
Signed-off-by: Marc Veron <veron@veron.ch>
Tiny patch, text change only, text apears as expected.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Bug 8791: OPAC UNIMARC XSLT details: subject with subfield 3
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
I can reproduce the bug, and confirm that this patch fix it. The issue arises
when $9 come first, and then $3, which is not that usual.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Magnus Enger [Sun, 23 Sep 2012 10:28:49 +0000 (12:28 +0200)]
Bug 8793 - Fix materialTypeCode/typeOf008 icons for NORMARC XSLT
This patch fixes some issues with icons related to materialtypes in NORMARC:
Remove references to opac-tmpl in the *intranet* NORMARC XSLT files.
Add two new icons to koha-tmpl/intranet-tmpl/prog/img/famfamfam/ and
koha-tmpl/opac-tmpl/lib/famfamfam/
GR.png - Graphical materials
TD.png - Three dimentional objects
Copy PR.png from koha-tmpl/intranet-tmpl/prog/img/famfamfam/ to
koha-tmpl/opac-tmpl/lib/famfamfam/
Rename the XSLT variable materialTypeCode to typeOf008 for increased consistency
between stylesheets.
Make sure the XSLT uses icons that are actually available.
To test:
- No use testing all the different permutations of leader pos. 06 and 019b, I think.
- Set marcflavour = NORMARC and turn on default XSLT for OPAC and Intranet, details
and results.
- Make sure you have a record with something relevant in leader position 6, like
g for movies or c for music
- Check that the icon turns up in results and details, in the OPAC and Intranet
- Toggle DisplayOPACiconsXSLT and check that the results in the OPAC are as expected
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
It works: (1) merging's still effective, and (2) two new error messages appear
in staff .po file after update it.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Kyle M Hall [Wed, 3 Oct 2012 14:49:13 +0000 (10:49 -0400)]
Bug 8869 - Duplicate member check doesn't disable submit button on bottom.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
I confirm that after applying this patch, the submit button is removed from
patron edit page, avoiding accidentaly clicking on it, without responding to
the question about possible duplicate patron?
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Fridolyn SOMERS [Tue, 2 Oct 2012 14:30:48 +0000 (16:30 +0200)]
Bug 8863: When clearing a patron attribute, they are all cleared
Signed-off-by: Marc Veron <veron@veron.ch>
Tested with a set of 2 additional patron attributes. Cleard both before applying the patch.
Cleared as expected after applying the patch.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Owen Leonard [Tue, 2 Oct 2012 18:25:26 +0000 (14:25 -0400)]
Bug 8851 - strange blue bar above serials results
Bug 5357 (Subscription search and displays) added an advanced
search form which adds a new interface featured: a collapsible
fieldset with the search form inside. Bug 8851 was filed
because it is not immediately obvious that the search form
is hidden and can be shown by clicking the fieldset's legend.
I contend that this new behavior is unnecessary: In many other
places we put a similar search form in the left-hand sidebar.
This patch amends the template to show the search form in the
main body of the page if no search has been performed. After
searching the form is moved to the sidebar. This keeps the page
consistent with other interfaces and eliminates the confusion
about the collapsed form.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Mark Tompsett [Sun, 2 Sep 2012 12:46:03 +0000 (20:46 +0800)]
Bug 8175 - check logs error or displays incorrectly in details.pl
Changed "$item->{'materials'} ne ''" to
"defined($item->{'materials'}) && $item->{'materials'} =~ /\S/"
in if condition to prevent error when it is NULL, and to
properly capture the intent of printing if there is something
visible.
Cases tested include NULL, '0', '', ' ', and 'blah' by using
UPDATE items SET materials=NULL where biblionumber=19158;
where the biblionumber was chosen randomly, because only NULL
was in the items.materials field. The NULL case triggers an
error, but it does display correctly.
The ' ' case displays an apparently empty column, which does not
seem to be the intent of the flag that is being set. This is why
a simple $var check is not sufficient.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Owen Leonard [Fri, 28 Sep 2012 14:48:16 +0000 (10:48 -0400)]
Bug 8843 - Cannot export bibliographic records by call number
When building the query for exports by call number the script
has the logic reversed. It tries to select records with call
numbers less than the starting call number and greater than
the ending call number. This should be reversed.
To test, test an export in an unpatched system. An export by
call number will return an empty file. After applying the patch
an export by call number should give valid results.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Works as expected.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Owen Leonard [Mon, 24 Sep 2012 19:56:05 +0000 (15:56 -0400)]
Bug 8766 - OPACBaseURL still called as OPACBaseurl in many files
This patch fixes incorrect capitalization of the OPACBaseURL
variable in three templates. The fix can be confirmed in
opac-results.tt by inspecting the link attached to the RSS
icon on the OPAC's search results screen. The same fix is included
in opac-opensearch.tt and search/results.tt but I'm not sure
how you confirm that this change fixes anything, if it does.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Ivan Brown [Tue, 25 Sep 2012 14:57:43 +0000 (15:57 +0100)]
Bug 7643 - Can't upload and import zipped file of patron images
Fixed problem with re-declaration of $filesuffix
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
patch pushed onto master directly, doesn't merge properly from
new/bug_7643 branch
This patch merges the three preferences in to one sentence
to make it clear that they are all linked together and to
eliminate confusion that can come by having them as
individual preferences.
Chris Cormack [Tue, 9 Oct 2012 01:19:18 +0000 (14:19 +1300)]
Bug 3652 XSS vulnerability in facets
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed bug with test plan on the bug and checked that
problem is fixed after applying the patch and that facets
still work.
Chris Cormack [Tue, 9 Oct 2012 01:11:10 +0000 (14:11 +1300)]
Bug 3652: XSS vulnerability in page numbering
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed the problem with test plan on the bug and checked that
paging works correctly after the patch.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Works as advertised. After applying the patch, <blink>fish</blink>
is displayed on the page, but no blinking occurs.
Signed-off-by: Magnus Enger <magnus@enger.priv.no> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Kyle M Hall [Wed, 29 Aug 2012 12:44:26 +0000 (08:44 -0400)]
Bug 8700 - RESERVESLIP fields not being replaced correctly
The slip RESERVESLIP is not replacing fields correctly.
C4::Reserves::ReserveSlip calls C4::Letters::GetPreparedLetter,
and passes the $reserve hashref to it for each table except branches
( which is passed the branchcode ). The problem is, if you pass a
hashref for a table, it uses that hashref for the replacing, rather
than looking up the data from the database.
Fixed by passing the correct keys for each of the tables requested.
Signed-off-by: Marc Veron <veron@veron.ch>
Tested following the test plan.
Could reproduce the bug.
After applying the patch slip printed as expected.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Owen Leonard [Tue, 25 Sep 2012 18:28:42 +0000 (14:28 -0400)]
Bug 8820 - Don't show orders table if there are no orders
This page removes the "basket empty" message in favor of
hiding the orders table altogether when a basket has no
orders. This patch also moves the "Show all details"
checkbox under the "Orders" heading to associate it more
closely with the area it affects.
Other textual changes:
- Correcting capitalization according to coding guidelines
- Correcting terminology (basket group instead of basketgroup)
- Replacing the "Order Details" heading with the more
succinct "Orders"
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Julian Maurice [Fri, 21 Sep 2012 10:05:19 +0000 (12:05 +0200)]
Bug 8801: Add menu entry to delete items in batch
In catalogue/detail.pl you can now select "Delete items in batch" in
"Edit" menu. You are redirected to batchMod.pl for chosing which items
have to be deleted.
You need to have 'tools.items_batchdel' permission to see this menu
entry.
Signed-off-by: Marc Veron <veron@veron.ch>
Works as expected.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Mark Tompsett [Tue, 11 Sep 2012 17:25:59 +0000 (01:25 +0800)]
Bug 8742 - Example uses perl 5.8 in Makefile.PL
Changed hardcoded path for a programmatic one. Basing it on:
grep /\/usr\/share\/perl\//, @INC;
And doing a:
push @version, ('/usr/share/perl/5.10') if !$version[0];
For a reasonable default otherwise. No more references to
/usr/share/perl/5.8
hardcoded into the output.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>