Galen Charlton [Thu, 3 Mar 2011 21:54:02 +0000 (16:54 -0500)]
bug 5783: follow-up system preferences tweaks
* add the AuthoritiesLog system preference to all
language installer SQL scripts
* options for a 'YesNo' should be '', not '0'
* fix wording glitch on preferences page
Signed-off-by: Galen Charlton <gmcharlt@gmail.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Ian Walls [Thu, 3 Mar 2011 23:13:26 +0000 (18:13 -0500)]
Bug 5824: Creating a circ rule for a specific library causes anomalies
The variable name for the current branch being edited was the same as the variable used in
cat-search.inc, which passed along the circ-rule library to circulation.pl, and then overriding
the set library from there.
This patch renames the template variable 'current_branch', so that it does not populate the 'branch'
param in cat-search.inc
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Frédéric Demians [Sun, 27 Feb 2011 09:20:33 +0000 (04:20 -0500)]
Bug 4103 In Pro Adv Search, superlibrarian search always all libraries
Now, when 'independantbranches' syspref is activated, 'Individual Libraries'
combo list is set by default to the current user branch. It shouldn't be the
case for superlibrarian user who is supposed to manage all libraries.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Marcel de Rooy [Sun, 27 Feb 2011 08:49:50 +0000 (03:49 -0500)]
Bug 5642: Item field serial enumeration (enumchron) should be longer
Field enumchron in items table is now varchar(80).
We have records that need a much longer field, even up to 400 or 500 chars.
I suggest to change its type to TEXT (variable length with max 64K; tinytext
goes up to 255 chars and is just too short).
Mediumtext or longtext are not needed; as a side note these types are used in
the items table for e.g. booksellerid and more_subfields_xml..
Revised original patch thanks to Ian Walls: update kohatructure.sql. Copied the change in deleteditems as well.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Bug 5811: Add sysprefs to control overriding fines
This patch adds two sysprefs to allow libraries more fine-grained control over
when fines can and can't be overridden. The two sysprefs are:
* AllFinesNeedOverride - when this syspref is set to "Require" (default) any
fine will require a staffmember to override the fine in order to check out a
book. When set to "Don't require," fines below noissuescharge will not need
any override.
* AllowFineOverride - when this syspref is set to "Allow," staff will be able to
override fines that are above noissuescharge. When set to "Don't allow"
(default), staff will not be able to check out items to patrons with fines
greater than noissuescharge.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Ian Walls [Sat, 19 Feb 2011 10:38:32 +0000 (05:38 -0500)]
Bug 3319 Followup: Fix compatibility with fix for bug 4945
The fix for 3319 overwrote the @branchloop variable with output from GetBranchesLoop,
which forces a selected branch. Removing the extra call, and just measuring the size of
@branchloop as it was build, plus some dereferencing, fixes the issue.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This patch fixes the bug that caused 780s in the staff client details XSLT to
display in progressively smaller fonts. This also corrects the semantics of the
780 ind1.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Bug 5805: Having items in-transit can cause derangement of the hold list
If you have a list of holds on a biblio, and one or more are in-transit, then the
array that is fed to modrequest.pl is not fully-populated, lacking the branch on the
in-transit rows. If you then attempt to edit one of the remaining holds' pickup
location, it doesn't modify the one you expect, but ones *above* that. Also, holds
at the bottom of the list get the first pickup library in the list, since they are
getting undef passed in.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Security Bugfix: Bug 1953 Adding Placeholders to SQL To Avoid Potential Injection Attacks
This patch addresses both security issues mentioned in the summary of the report
submitted by Frère Sébastien Marie included below.
---------------------------
The problem is here: 'C4/AuthoritiesMarc.pm' in the function 'DelAuthority':
The argument $authid is included directly (not via statement) in the SQL.
For the exploit of this problem, you can use 'authorities/authorities-home.pl'
with authid on the URL and op=delete (something like
"authorities/authorities-home.pl?op=delete&authid=xxx").
This should successfully call DelAuthority, without authentification...
(DelAuthority is call BEFORE get_template_and_user, so before authentification
[This should be an issue also...]).
Please note that the problem isn't only that anyone can delete an authority of
this choose, it is more general: with "authid=1%20or%1=1" (after inclusion sql
will be like: "delete from auth_header where authid=1 or 1=1") you delete all
authorities ; with "authid=1;delete%20from%xxx" it is "delete from auth_header
where authid=1;delete from xxx" and so delete what you want...
SQL-INJECTION is very permissive: you can redirect the output in a file (with
some MySQL function), so write thea file of you choose in the server, in order
to create a backdoor, and compromise the server.
Signed-off-by: Frère Sébastien Marie <semarie-koha@latrappe.fr> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Colin Campbell [Mon, 21 Feb 2011 16:18:59 +0000 (16:18 +0000)]
Bug 3550 : Display changes needed in opac-results-grouped too
Change to how subfield is derived had not been implemented in
opac-results-grouped causing ARRAY(hexnumber) to follow all titles
Replace template ref to scalar with an array
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Marcel de Rooy [Sat, 19 Feb 2011 06:51:17 +0000 (01:51 -0500)]
Bug 5782: Add warning when ordering a duplicate record from external source
Enhancement for Acquisitions/ordering from external source.
Koha already checked for duplicates, but this patch warns the user. Offers the choice to use existing record, use new record or return without making an order.
The new template is added for this interaction with the user.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Paul Poulain [Wed, 15 Dec 2010 19:29:50 +0000 (20:29 +0100)]
NormalizeString POD Fixing and variable renaming
POD was mistakenly telling that NFD was supposed to be the default
encoding. In fact, it is not, it is NFC.
So the variable $nfc to change to the not default encoding was misleading.
Renaming it into $nfd
(written by hdl)
Refactored by Chris Cormack
Signed-off-by: Davi <davi@gnu.org> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Owen Leonard [Mon, 14 Feb 2011 07:49:07 +0000 (07:49 +0000)]
Follow-up fix for Bug 5462, Fix variable names so we dont break template::toolkit
A change was made to MARCdetail.tmpl without making a corresponding
change to MARCdetail.pl. I've reworked the original change so that
both can work together.
0XX --> tab0XX
Apparently TMPL variables can't start with a number now?
MR: Recreated patch file to recover failure to apply.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Ian Walls [Sat, 12 Feb 2011 22:19:23 +0000 (17:19 -0500)]
Follow up on Bug 5462: fixing variable names breaks messaging preference form
The messaging prefs form was hardcoded to use 'transport-$transport_type', rather than
'transport_$transport_type'. The result was an uneditable messaging preferences form.
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Owen Leonard [Sun, 13 Feb 2011 01:55:09 +0000 (20:55 -0500)]
Follow-up fix for Bug 5760 - Add the jquery table sorter to reading record
- Removing option to show 50 items/show all from script and template
- Adding parser to exclude articles in title sort (en only, see Bug 5766)
- Setting default sort to 'date due descending' as it was previously
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Owen Leonard [Fri, 11 Feb 2011 04:52:26 +0000 (23:52 -0500)]
Follow-up fix for Bug 2170 - Adding 'edititems' user-permission
Save button and duplicate confirmation redirects must respect
the edititems permission: Users without permission to edit items
should not be redirected to the edit items screen.
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Marcel de Rooy [Thu, 10 Feb 2011 17:12:17 +0000 (17:12 +0000)]
Bug 5736: Fixing some zebra configuration errors in marc21/biblios/record.abs
Lines like melm 999 should ALWAYS follow the lines for subfields 999a, 999b etc.
This is currently not the case for 410 411 490 611 710 785 and 800.
Found this since I could not find back the contents of 710$9 fields.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
D Ruth Bavousett [Fri, 11 Feb 2011 01:22:27 +0000 (20:22 -0500)]
Bug 5230: Call number ranges in export don't give expected results.
If you entered low number and high number, you got only items that *exactly* matched either entry (if any).
If you enter only a low number, you got everying *lower* than that.
If you enter only a high number, you get everything *higher* than that.
This was a greater-than-less-than problem.
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>